| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| |
|
|
|
|
|
|
|
| |
* modules/pam_motd/pam_motd.c
(try_to_display_directories_with_overrides): Do not access
elements of dirscans_sizes array if dirscans_sizes == NULL
due to an earlier memory allocation error.
Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)")
|
| |
|
|
|
|
|
|
| |
* modules/pam_motd/pam_motd.c
(try_to_display_directories_with_overrides): Remove return statement
at the end of the function returning void.
Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)")
|
| |
|
|
|
|
|
|
|
|
| |
pam_syslog already does all the prefixing we need.
* modules/pam_motd/pam_motd.c (pam_split_string,
try_to_display_directories_with_overrides): Remove "pam_motd: " prefix
from strings passed to pam_syslog.
Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)")
|
| |
|
|
|
|
|
|
|
|
| |
pam_motd used to leak memory allocated for each motd file
successfully opened in try_to_display_directories_with_overrides.
* modules/pam_motd/pam_motd.c
(try_to_display_directories_with_overrides): Free abs_path.
Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)")
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Do not invoke calloc with the first argument equal to zero as the return
value can be NULL which is undistinguishable from memory allocation
error.
* modules/pam_motd/pam_motd.c
(try_to_display_directories_with_overrides): Skip if there are no
directory entries (dirscans_size_total == 0).
Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)")
|
| |
|
|
|
|
|
|
|
|
| |
As dirnames_all is allocated with calloc, zeroing it out is pointless.
* modules/pam_motd/pam_motd.c
(try_to_display_directories_with_overrides): Remove redundant zeroing
of dirnames_all.
Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)")
|
| |
|
|
|
|
|
|
|
|
| |
As WITH_SELINUX is already AC_DEFINE'd in configure.ac,
there is no point in adding -DWITH_SELINUX to CFLAGS.
* libpam/Makefile.am [HAVE_LIBSELINUX] (AM_CFLAGS): Do not add
-DWITH_SELINUX.
* modules/pam_rootok/Makefile.am: Likewise.
* modules/pam_unix/Makefile.am: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reported by gcc-10 -Wstringop-overflow:
In file included from /usr/include/string.h:494,
from modules/pam_filter/pam_filter.c:14:
In function 'strcpy',
inlined from 'process_args' at modules/pam_filter/pam_filter.c:137:2,
inlined from 'need_a_filter.isra' at modules/pam_filter/pam_filter.c:618:12:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:90:10: warning: '__builtin_memcpy' writing 6 bytes into a region of size 5 [-Wstringop-overflow=]
90 | return __builtin___strcpy_chk (__dest, __src, __bos (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
modules/pam_filter/pam_filter.c: In function 'need_a_filter.isra':
modules/pam_filter/pam_filter.c:128:21: note: at offset 0 to an object with size 5 allocated by 'malloc' here
128 | levp[0] = (char *) malloc(size);
| ^~~~~~~~~~~~
* modules/pam_filter/pam_filter.c (process_args): Fix off-by-one heap
buffer overflow in case of a filter without arguments (argc == 0).
|
| |
|
|
|
|
|
| |
In other modules they were removed by commit Linux-PAM-1.3.0~14.
* modules/pam_setquota/pam_setquota.c: Remove PAM_EXTERN and PAM_STATIC
parts.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On ppc64le the compiler complains with the following diagnostics:
pam_setquota.c: In function 'debug':
pam_setquota.c:48:59: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 6 has type '__u64' {aka 'const long unsigned int'} [-Wformat=]
48 | pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu "
| ~~~^
| |
| long long unsigned int
| %lu
......
51 | p->dqb_bsoftlimit, p->dqb_bhardlimit,
| ~~~~~~~~~~~~~~~~~
| |
| __u64 {aka const long unsigned int}
pam_setquota.c:48:75: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 7 has type '__u64' {aka 'const long unsigned int'} [-Wformat=]
48 | pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu "
| ~~~^
| |
| long long unsigned int
| %lu
......
51 | p->dqb_bsoftlimit, p->dqb_bhardlimit,
| ~~~~~~~~~~~~~~~~~
| |
| __u64 {aka const long unsigned int}
pam_setquota.c:48:31: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 8 has type '__u64' {aka 'const long unsigned int'} [-Wformat=]
48 | pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu "
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
......
52 | p->dqb_isoftlimit, p->dqb_ihardlimit,
| ~~~~~~~~~~~~~~~~~
| |
| __u64 {aka const long unsigned int}
pam_setquota.c:49:46: note: format string is defined here
49 | "isoftlimit=%llu ihardlimit=%llu btime=%llu itime=%llu",
| ~~~^
| |
| long long unsigned int
| %lu
pam_setquota.c:48:31: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 9 has type '__u64' {aka 'const long unsigned int'} [-Wformat=]
48 | pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu "
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
......
52 | p->dqb_isoftlimit, p->dqb_ihardlimit,
| ~~~~~~~~~~~~~~~~~
| |
| __u64 {aka const long unsigned int}
pam_setquota.c:49:62: note: format string is defined here
49 | "isoftlimit=%llu ihardlimit=%llu btime=%llu itime=%llu",
| ~~~^
| |
| long long unsigned int
| %lu
pam_setquota.c:48:31: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 10 has type '__u64' {aka 'const long unsigned int'} [-Wformat=]
48 | pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu "
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
......
53 | p->dqb_btime, p->dqb_itime);
| ~~~~~~~~~~~~
| |
| __u64 {aka const long unsigned int}
pam_setquota.c:49:73: note: format string is defined here
49 | "isoftlimit=%llu ihardlimit=%llu btime=%llu itime=%llu",
| ~~~^
| |
| long long unsigned int
| %lu
pam_setquota.c:48:31: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 11 has type '__u64' {aka 'const long unsigned int'} [-Wformat=]
48 | pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu "
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
......
53 | p->dqb_btime, p->dqb_itime);
| ~~~~~~~~~~~~
| |
| __u64 {aka const long unsigned int}
pam_setquota.c:49:84: note: format string is defined here
49 | "isoftlimit=%llu ihardlimit=%llu btime=%llu itime=%llu",
| ~~~^
| |
| long long unsigned int
| %lu
* modules/pam_setquota/pam_setquota.c (debug): Cast fields of type __u64
to unsigned long long.
|
| |
|
|
|
|
|
|
|
| |
This ensures "config.h" is included before any system header
which fixes the following bug reported by ALT diagnostics:
verify-elf: ERROR: ./lib/security/pam_timestamp.so: uses non-LFS functions: __fxstat open
* modules/pam_timestamp/hmacsha1.c: Include "config.h".
|
| |
|
|
|
|
| |
All other modules already build with WARN_CFLAGS.
* modules/pam_setquota/Makefile.am (AM_CFLAGS): Add $(WARN_CFLAGS).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix -Wunused-variable compilation warnings:
pam_setquota.c: In function 'pam_sm_open_session':
pam_setquota.c:173:9: warning: unused variable 'ep' [-Wunused-variable]
173 | char *ep, *val, *mntdevice = NULL;
| ^~
pam_setquota.c:172:17: warning: unused variable 'ul' [-Wunused-variable]
172 | unsigned long ul;
| ^~
Fix -Wunused-parameter compilation warnings:
pam_setquota.c: In function 'pam_sm_open_session':
pam_setquota.c:169:60: warning: unused parameter 'flags' [-Wunused-parameter]
169 | PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc,
| ~~~~^~~~~
pam_setquota.c: In function 'pam_sm_close_session':
pam_setquota.c:382:40: warning: unused parameter 'pamh' [-Wunused-parameter]
382 | int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc,
| ~~~~~~~~~~~~~~^~~~
pam_setquota.c:382:50: warning: unused parameter 'flags' [-Wunused-parameter]
382 | int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc,
| ~~~~^~~~~
pam_setquota.c:382:61: warning: unused parameter 'argc' [-Wunused-parameter]
382 | int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc,
| ~~~~^~~~
pam_setquota.c:383:39: warning: unused parameter 'argv' [-Wunused-parameter]
383 | const char **argv) {
| ~~~~~~~~~~~~~^~~~
* modules/pam_setquota/pam_setquota.c (pam_sm_open_session): Mark
'flags' parameter as unused. Remove unused 'ep' and 'ul' variables.
(pam_sm_close_session): Mark all parameters as unused.
|
| |
|
|
|
|
|
| |
This makes disk quotas usable with central user databases, such as MySQL or
LDAP.
Resolves: https://github.com/linux-pam/linux-pam/issues/92
|
| |
|
|
|
|
|
|
| |
* modules/pam_access/pam_access.c (netgroup_match): Place the code
that calls getdomainname under HAVE_GETDOMAINNAME guard.
* modules/pam_issue/pam_issue.c (read_issue_quoted): Likewise.
Resolves: https://github.com/linux-pam/linux-pam/issues/43
|
| |
|
|
|
|
|
| |
According to crypt(5), md5 should not be used for new hashes. Let's
give a modern example with yescrypt.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
| |
|
|
|
| |
Resolves: https://github.com/linux-pam/linux-pam/issues/65
Resolves: https://github.com/linux-pam/linux-pam/pull/199
|
| |
|
|
|
|
|
|
|
| |
_PATH_VARRUN already provides trailing slash for building paths
Fixes:
$ strings /usr/lib64/security/pam_timestamp.so | grep /run/
/var/run//pam_timestamp
/var/run//pam_timestamp/_pam_timestamp_key
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The pam_unix.so will never return PAM_AUTHINFO_UNAVAIL on systems
that use the unix_chkpwd helper.
The reason is that in unix_chkpwd.c, towards the end of main(), if
helper_verify_password() does not return PAM_SUCCESS, main() ignores
the actual error that helper_verify_password() returned and instead
returns PAM_AUTH_ERR.
This commit corrects this behavior. Specifically, if
helper_verify_password() returns PAM_USER_UNKNOWN, which it does
when /etc/passwd entry indicates that shadow information is present
but the /etc/shadow entry is missing, the unix_chkpwd now exits
with PAM_AUTHINFO_UNAVAIL. For any other error from
helper_verify_password(), unix_chkpwd continues to exit with
PAM_AUTH_ERR.
* modules/pam_unix/unix_chkpwd.c (main): Return PAM_AUTHINFO_UNAVAIL
when helper_verify_password() returns PAM_USER_UNKNOWN.
|
| | |
|
| |
|
|
|
| |
Resolves: https://github.com/linux-pam/linux-pam/pull/163
Resolves: https://github.com/linux-pam/linux-pam/pull/191
|
| |
|
|
|
|
|
|
|
|
| |
pam_exec module can be called when a user name has not been prompted
yet. And thus the command is called without a user name available.
This fix asks PAM for the user name to ensure it is ready or to force
the prompt.
Resolves: https://github.com/linux-pam/linux-pam/issues/131
Resolves: https://github.com/linux-pam/linux-pam/pull/195
|
| |
|
|
| |
Resolves: https://github.com/linux-pam/linux-pam/pull/194
|
| | |
|
| | |
|
| |
|
|
|
| |
The result is nowhere checked and other logging functions like
pam_syslog are also not checked.
|
| | |
|
| |
|
|
|
|
|
|
| |
`security_context_t` is a legacy typedef to `char *`, substitute all usage.
See
https://github.com/SELinuxProject/selinux/commit/9eb9c9327563014ad6a807814e7975424642d5b9
https://github.com/SELinuxProject/selinux/blob/f8c110c8a615eb640510eab39640a0957a6ba19c/libselinux/include/selinux/selinux.h#L16
|
| |
|
|
|
|
| |
* modules/pam_userdb/pam_userdb.c: Include "pam_inline.h".
(_pam_parse, user_lookup): Use pam_str_skip_icase_prefix
instead of ugly strncasecmp invocations.
|
| |
|
|
|
|
| |
* modules/pam_umask/pam_umask.c: Include "pam_inline.h".
(parse_option, setup_limits_from_gecos): Use pam_str_skip_icase_prefix
instead of ugly strncasecmp invocations.
|
| |
|
|
|
|
| |
* modules/pam_pwhistory/pam_pwhistory.c: Include "pam_inline.h".
(parse_option): Use pam_str_skip_icase_prefix instead of ugly
strncasecmp invocations.
|
| |
|
|
|
| |
* modules/pam_exec/pam_exec.c (call_exec): Use pam_str_skip_icase_prefix
instead of ugly strncasecmp invocations.
|
| |
|
|
|
|
| |
* modules/pam_xauth/pam_xauth.c: Include "pam_inline.h".
(pam_sm_open_session, pam_sm_close_session): Use pam_str_skip_prefix
instead of ugly strncmp invocations.
|
| |
|
|
|
|
| |
* modules/pam_wheel/pam_wheel.c: Include "pam_inline.h".
(_pam_parse): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* modules/pam_unix/passverify.c: Include "pam_inline.h".
(verify_pwd_hash): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
* modules/pam_unix/support.c: Include "pam_inline.h".
(_set_ctrl): Use pam_str_skip_prefix_len instead of hardcoding string
lengths.
* modules/pam_unix/md5_crypt.c: Include "pam_inline.h".
(crypt_md5): Use pam_str_skip_prefix_len.
squash! modules/pam_unix: use pam_str_skip_prefix and pam_str_skip_prefix_len
|
| |
|
|
|
|
| |
* modules/pam_tty_audit/pam_tty_audit.c: Include "pam_inline.h".
(pam_sm_open_session): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
|
| |
|
|
|
|
| |
* modules/pam_timestamp/pam_timestamp.c: Include "pam_inline.h".
(check_tty, get_timestamp_name, pam_sm_authenticate): Use
pam_str_skip_prefix instead of ugly strncmp invocations.
|
| |
|
|
|
|
| |
* modules/pam_tally/pam_tally.c: Include "pam_inline.h".
(tally_parse_args, getopts): Use pam_str_skip_prefix instead of ugly
strncmp invocations.
|
| |
|
|
|
|
| |
* modules/pam_tally2/pam_tally2.c: Include "pam_inline.h".
(tally_parse_args, getopts): Use pam_str_skip_prefix instead of ugly
strncmp invocations.
|
| |
|
|
|
|
| |
* modules/pam_selinux/pam_selinux.c: Include "pam_inline.h".
(compute_exec_context, compute_tty_context): Use pam_str_skip_prefix
instead of ugly strncmp invocations.
|
| |
|
|
|
|
| |
* modules/pam_securetty/pam_securetty.c: Include "pam_inline.h".
(securetty_perform_check): Use pam_str_skip_prefix and
pam_str_skip_prefix_len instead of ugly strncmp invocations.
|
| |
|
|
|
|
| |
* modules/pam_rhosts/pam_rhosts.c: Include "pam_inline.h".
(pam_sm_authenticate): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
|
| |
|
|
|
|
| |
* modules/pam_nologin/pam_nologin.c: Include "pam_inline.h".
(parse_args): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
|
| |
|
|
|
| |
* modules/pam_namespace/pam_namespace.c (root_shared): Use
pam_str_skip_prefix instead of ugly strncmp invocations.
|
| |
|
|
|
|
| |
* modules/pam_motd/pam_motd.c: Include "pam_inline.h".
(pam_sm_open_session): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
|
| |
|
|
|
|
| |
* modules/pam_mkhomedir/pam_mkhomedir.c: Include "pam_inline.h".
(_pam_parse): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
|
| |
|
|
|
|
| |
* modules/pam_mail/pam_mail.c: Include "pam_inline.h".
(_pam_parse): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
|
| |
|
|
|
|
| |
* modules/pam_localuser/pam_localuser.c: Include "pam_inline.h".
(pam_sm_authenticate): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
|
| |
|
|
|
|
| |
* modules/pam_listfile/pam_listfile.c: Include "pam_inline.h".
(pam_sm_authenticate): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
|
| |
|
|
|
|
| |
* modules/pam_limits/pam_limits.c: Include "pam_inline.h".
(_pam_parse, parse_kernel_limits): Use pam_str_skip_prefix instead of
ugly strncmp invocations.
|
