summaryrefslogtreecommitdiff
path: root/modules
Commit message (Collapse)AuthorAge
...
| * modules/pam_namespace/Makefile.am: add dist_ prefix to secureconf_SCRIPTSDmitry V. Levin2020-05-03
| | | | | | | | | | | | | | ... and remove $(SCRIPTS) from EXTRA_DIST. * modules/pam_namespace/Makefile.am (EXTRA_DIST): Remove $(SCRIPTS). (secureconf_SCRIPTS): Rename to dist_secureconf_SCRIPTS.
| * pam_faillock: Correct the grammar of translated stringsTomas Mraz2020-04-30
| | | | | | | | Also make the message the same as in pam_tally2.
| * pam_faillock: Add conf option to use a different config fileTomas Mraz2020-04-30
| |
| * pam_faillock: New module for locking after multiple auth failuresTomas Mraz2020-04-30
| |
| * build: rework vendordir substitutionDmitry V. Levin2020-04-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since Make.xml.rules is the only place where XSLTPROC_CUSTOM was used, remove stereotypic definitions from other Makefiles, this way we no longer have to worry about vendordir being used somewhere else in documentation files. Likewise, define VENDORDIR in config.h and remove stereotypic -DVENDORDIR= additions from other Makefiles, this way we no longer have to worry about VENDORDIR being used somewhere else in the code. * configure.ac (AM_CONDITIONAL): Remove HAVE_VENDORDIR. (AC_DEFINE_UNQUOTED): Add VENDORDIR. (AC_SUBST): Remove VENDORDIR, add STRINGPARAM_VENDORDIR. * Make.xml.rules.in: Replace $(XSLTPROC_CUSTOM) with @STRINGPARAM_VENDORDIR@. * doc/man/Makefile.am (XSLTPROC_CUSTOM): Remove. * libpam/Makefile.am [HAVE_VENDORDIR]: Remove. * modules/pam_securetty/Makefile.am [HAVE_VENDORDIR]: Remove. (XSLTPROC_CUSTOM): Remove. * modules/pam_securetty/pam_securetty.c: Move definitions of local macros after config.h to benefit from macros defined there.
| * pam_namespace: replace namespace.init with $(SCRIPTS) in EXTRA_DISTDmitry V. Levin2020-04-27
| | | | | | | | | | | | | | | | As namespace.init is listed in secureconf_SCRIPTS which is part of generated SCRIPTS variable. * modules/pam_namespace/Makefile.am (EXTRA_DIST): Replace namespace.init with $(SCRIPTS).
| * pam_env: remove environment from EXTRA_DISTDmitry V. Levin2020-04-27
| | | | | | | | | | | | * modules/pam_env/Makefile.am (EXTRA_DIST): Remove environment as it is listed in sysconf_DATA which is part of DATA which is already listed in EXTRA_DIST.
| * modules/*/Makefile.am: remove $(secureconf_DATA) from EXTRA_DISTDmitry V. Levin2020-04-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Since the whole $(DATA) is listed in EXTRA_DIST, $(secureconf_DATA) can be safely de-listed. * modules/pam_access/Makefile.am (EXTRA_DIST): Remove $(secureconf_DATA). * modules/pam_env/Makefile.am: Likewise. * modules/pam_group/Makefile.am: Likewise. * modules/pam_limits/Makefile.am: Likewise. * modules/pam_namespace/Makefile.am: Likewise. * modules/pam_sepermit/Makefile.am: Likewise. * modules/pam_time/Makefile.am: Likewise.
| * modules/*/Makefile.am: replace README with $(DATA) in EXTRA_DISTDmitry V. Levin2020-04-27
| | | | | | | | | | | | | | | | | | | | | | | | Since the GNU Automake distributes README files by default, the only reason why README had to be listed in EXTRA_DIST was to make these README files generated. Since README is also listed in noinst_DATA, we can safely replace README in EXTRA_DIST with $(DATA), this also opens the way for further EXTRA_DIST cleanup. * modules/*/Makefile.am (EXTRA_DIST): Replace README with $(DATA).
| * modules/*/Makefile.am: reorder lines to promote uniformityDmitry V. Levin2020-04-27
| | | | | | | | | | This is essentially a no-op change that makes modules/*/Makefile.am files less divergent.
| * build: move README prerequisites rule from modules/*/Makefile.am to ↵Dmitry V. Levin2020-04-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make.xml.rules As the rule is now the same in every modules/*/Makefile.am file, move it to Make.xml.rules. * Make.xml.rules (README): New prerequisites rule. * modules/pam_access/Makefile.am (README): Remove rule. * modules/pam_cracklib/Makefile.am (README): Likewise. * modules/pam_debug/Makefile.am (README): Likewise. * modules/pam_deny/Makefile.am (README): Likewise. * modules/pam_echo/Makefile.am (README): Likewise. * modules/pam_env/Makefile.am (README): Likewise. * modules/pam_exec/Makefile.am (README): Likewise. * modules/pam_faildelay/Makefile.am (README): Likewise. * modules/pam_filter/Makefile.am (README): Likewise. * modules/pam_ftp/Makefile.am (README): Likewise. * modules/pam_group/Makefile.am (README): Likewise. * modules/pam_issue/Makefile.am (README): Likewise. * modules/pam_keyinit/Makefile.am (README): Likewise. * modules/pam_lastlog/Makefile.am (README): Likewise. * modules/pam_limits/Makefile.am (README): Likewise. * modules/pam_listfile/Makefile.am (README): Likewise. * modules/pam_localuser/Makefile.am (README): Likewise. * modules/pam_loginuid/Makefile.am (README): Likewise. * modules/pam_mail/Makefile.am (README): Likewise. * modules/pam_mkhomedir/Makefile.am (README): Likewise. * modules/pam_motd/Makefile.am (README): Likewise. * modules/pam_namespace/Makefile.am (README): Likewise. * modules/pam_nologin/Makefile.am (README): Likewise. * modules/pam_permit/Makefile.am (README): Likewise. * modules/pam_pwhistory/Makefile.am (README): Likewise. * modules/pam_rhosts/Makefile.am (README): Likewise. * modules/pam_rootok/Makefile.am (README): Likewise. * modules/pam_securetty/Makefile.am (README): Likewise. * modules/pam_selinux/Makefile.am (README): Likewise. * modules/pam_sepermit/Makefile.am (README): Likewise. * modules/pam_setquota/Makefile.am (README): Likewise. * modules/pam_shells/Makefile.am (README): Likewise. * modules/pam_succeed_if/Makefile.am (README): Likewise. * modules/pam_tally/Makefile.am (README): Likewise. * modules/pam_tally2/Makefile.am (README): Likewise. * modules/pam_time/Makefile.am (README): Likewise. * modules/pam_timestamp/Makefile.am (README): Likewise. * modules/pam_tty_audit/Makefile.am (README): Likewise. * modules/pam_umask/Makefile.am (README): Likewise. * modules/pam_unix/Makefile.am (README): Likewise. * modules/pam_userdb/Makefile.am (README): Likewise. * modules/pam_usertype/Makefile.am (README): Likewise. * modules/pam_warn/Makefile.am (README): Likewise. * modules/pam_wheel/Makefile.am (README): Likewise. * modules/pam_xauth/Makefile.am (README): Likewise.
| * modules/*/Makefile.am: list prerequisites of README target uniformlyDmitry V. Levin2020-04-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is no need to list prerequisites of README targets manually as all README targets depend on $(XMLS). The change is performed automatically using the following script: sed -i 's/^README: pam_.*/README: $(XMLS)/' modules/*/Makefile.am * modules/pam_access/Makefile.am (README): Replace pam_access.8.xml and access.conf.5.xml with $(XMLS). * modules/pam_cracklib/Makefile.am (README): Replace pam_cracklib.8.xml with $(XMLS). * modules/pam_debug/Makefile.am (README): Replace pam_debug.8.xml with $(XMLS). * modules/pam_deny/Makefile.am (README): Replace pam_deny.8.xml with $(XMLS). * modules/pam_echo/Makefile.am (README): Replace pam_echo.8.xml with $(XMLS). * modules/pam_env/Makefile.am (README): Replace pam_env.8.xml and pam_env.conf.5.xml with $(XMLS). * modules/pam_exec/Makefile.am (README): Replace pam_exec.8.xml with $(XMLS). * modules/pam_faildelay/Makefile.am (README): Replace pam_faildelay.8.xml with $(XMLS). * modules/pam_filter/Makefile.am (README): Replace pam_filter.8.xml with $(XMLS). * modules/pam_ftp/Makefile.am (README): Replace pam_ftp.8.xml with $(XMLS). * modules/pam_group/Makefile.am (README): Replace pam_group.8.xml and group.conf.5.xml with $(XMLS). * modules/pam_issue/Makefile.am (README): Replace pam_issue.8.xml with $(XMLS). * modules/pam_keyinit/Makefile.am (README): Replace pam_keyinit.8.xml with $(XMLS). * modules/pam_lastlog/Makefile.am (README): Replace pam_lastlog.8.xml with $(XMLS). * modules/pam_limits/Makefile.am (README): Replace pam_limits.8.xml and limits.conf.5.xml with $(XMLS). * modules/pam_listfile/Makefile.am (README): Replace pam_listfile.8.xml with $(XMLS). * modules/pam_localuser/Makefile.am (README): Replace pam_localuser.8.xml with $(XMLS). * modules/pam_loginuid/Makefile.am (README): Replace pam_loginuid.8.xml with $(XMLS). * modules/pam_mail/Makefile.am (README): Replace pam_mail.8.xml with $(XMLS). * modules/pam_mkhomedir/Makefile.am (README): Replace pam_mkhomedir.8.xml with $(XMLS). * modules/pam_motd/Makefile.am (README): Replace pam_motd.8.xml with $(XMLS). * modules/pam_namespace/Makefile.am (README): Replace pam_namespace.8.xml, namespace.conf.5.xml, and pam_namespace_helper.8.xml with $(XMLS). * modules/pam_nologin/Makefile.am (README): Replace pam_nologin.8.xml with $(XMLS). * modules/pam_permit/Makefile.am (README): Replace pam_permit.8.xml with $(XMLS). * modules/pam_pwhistory/Makefile.am (README): Replace pam_pwhistory.8.xml with $(XMLS). * modules/pam_rhosts/Makefile.am (README): Replace pam_rhosts.8.xml with $(XMLS). * modules/pam_rootok/Makefile.am (README): Replace pam_rootok.8.xml with $(XMLS). * modules/pam_securetty/Makefile.am (README): Replace pam_securetty.8.xml with $(XMLS). * modules/pam_selinux/Makefile.am (README): Replace pam_selinux.8.xml with $(XMLS). * modules/pam_sepermit/Makefile.am (README): Replace pam_sepermit.8.xml with $(XMLS). * modules/pam_setquota/Makefile.am (README): Replace pam_setquota.8.xml with $(XMLS). * modules/pam_shells/Makefile.am (README): Replace pam_shells.8.xml with $(XMLS). * modules/pam_succeed_if/Makefile.am (README): Replace pam_succeed_if.8.xml with $(XMLS). * modules/pam_tally/Makefile.am (README): Replace pam_tally.8.xml with $(XMLS). * modules/pam_tally2/Makefile.am (README): Replace pam_tally2.8.xml with $(XMLS). * modules/pam_time/Makefile.am (README): Replace pam_time.8.xml and time.conf.5.xml with $(XMLS). * modules/pam_timestamp/Makefile.am (README): Replace pam_timestamp.8.xml with $(XMLS). * modules/pam_tty_audit/Makefile.am (README): Replace pam_tty_audit.8.xml with $(XMLS). * modules/pam_umask/Makefile.am (README): Replace pam_umask.8.xml with $(XMLS). * modules/pam_unix/Makefile.am (README): Replace pam_unix.8.xml with $(XMLS). * modules/pam_userdb/Makefile.am (README): Replace pam_userdb.8.xml with $(XMLS). * modules/pam_usertype/Makefile.am (README): Replace pam_usertype.8.xml with $(XMLS). * modules/pam_warn/Makefile.am (README): Replace pam_warn.8.xml with $(XMLS). * modules/pam_wheel/Makefile.am (README): Replace pam_wheel.8.xml with $(XMLS). * modules/pam_xauth/Makefile.am (README): Replace pam_xauth.8.xml with $(XMLS).
| * modules/*/Makefile.am: list secureconf_DATA files in EXTRA_DIST uniformlyDmitry V. Levin2020-04-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The change was prepared using the following script: git grep -l secureconf_DATA modules/*/Makefile.am |while read m; do t="$(sed '/^secureconf_DATA = /!d;s///;q' -- "$m")" sed -i "/^EXTRA_DIST =/ s/\\<$t\\>/\$(secureconf_DATA)/" -- "$m" done * modules/pam_access/Makefile.am (EXTRA_DIST): Replace access.conf with $(secureconf_DATA). * modules/pam_env/Makefile.am (EXTRA_DIST): Replace pam_env.conf with $(secureconf_DATA). * modules/pam_group/Makefile.am (EXTRA_DIST): Replace group.conf with $(secureconf_DATA). * modules/pam_limits/Makefile.am (EXTRA_DIST): Replace limits.conf with $(secureconf_DATA). * modules/pam_namespace/Makefile.am (EXTRA_DIST): Replace namespace.conf with $(secureconf_DATA). * modules/pam_sepermit/Makefile.am (EXTRA_DIST): Replace sepermit.conf with $(secureconf_DATA). * modules/pam_time/Makefile.am (EXTRA_DIST): Replace time.conf with $(secureconf_DATA).
| * modules/*/Makefile.am: list manual pages in EXTRA_DIST uniformlyDmitry V. Levin2020-04-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | List in EXTRA_DIST those manual pages that are listed in man_MANS as $(MANS). * modules/pam_cracklib/Makefile.am (EXTRA_DIST): Replace pam_cracklib.8 with $(MANS). * modules/pam_keyinit/Makefile.am (EXTRA_DIST): Replace pam_keyinit.8 with $(MANS). * modules/pam_selinux/Makefile.am (EXTRA_DIST): Replace pam_selinux.8 with $(MANS). * modules/pam_sepermit/Makefile.am (EXTRA_DIST): Replace pam_sepermit.8 and sepermit.conf.5 with $(MANS). * modules/pam_tty_audit/Makefile.am (EXTRA_DIST): Replace pam_tty_audit.8 with $(MANS). * modules/pam_userdb/Makefile.am (EXTRA_DIST): Replace pam_userdb.8 with $(MANS).
| * modules/*/Makefile.am: list tests in EXTRA_DIST uniformlyDmitry V. Levin2020-04-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The change was prepared using the following script: git grep -l '^TESTS = tst-pam_' modules/ |while read m; do t="$(sed '/^TESTS = tst-pam_/!d;s/^TESTS = //;q' -- "$m")" sed -i "/^EXTRA_DIST =/ s/$t\\>/\$(TESTS)/" -- "$m" done * modules/pam_access/Makefile.am (EXTRA_DIST): Replace tst-pam_access with $(TESTS). * modules/pam_cracklib/Makefile.am (EXTRA_DIST): Replace tst-pam_cracklib with $(TESTS). * modules/pam_debug/Makefile.am (EXTRA_DIST): Replace tst-pam_debug with $(TESTS). * modules/pam_deny/Makefile.am (EXTRA_DIST): Replace tst-pam_deny with $(TESTS). * modules/pam_echo/Makefile.am (EXTRA_DIST): Replace tst-pam_echo with $(TESTS). * modules/pam_env/Makefile.am (EXTRA_DIST): Replace tst-pam_env with $(TESTS). * modules/pam_exec/Makefile.am (EXTRA_DIST): Replace tst-pam_exec with $(TESTS). * modules/pam_faildelay/Makefile.am (EXTRA_DIST): Replace tst-pam_faildelay with $(TESTS). * modules/pam_filter/Makefile.am (EXTRA_DIST): Replace tst-pam_filter with $(TESTS). * modules/pam_ftp/Makefile.am (EXTRA_DIST): Replace tst-pam_ftp with $(TESTS). * modules/pam_group/Makefile.am (EXTRA_DIST): Replace tst-pam_group with $(TESTS). * modules/pam_issue/Makefile.am (EXTRA_DIST): Replace tst-pam_issue with $(TESTS). * modules/pam_keyinit/Makefile.am (EXTRA_DIST): Replace tst-pam_keyinit with $(TESTS). * modules/pam_lastlog/Makefile.am (EXTRA_DIST): Replace tst-pam_lastlog with $(TESTS). * modules/pam_limits/Makefile.am (EXTRA_DIST): Replace tst-pam_limits with $(TESTS). * modules/pam_listfile/Makefile.am (EXTRA_DIST): Replace tst-pam_listfile with $(TESTS). * modules/pam_localuser/Makefile.am (EXTRA_DIST): Replace tst-pam_localuser with $(TESTS). * modules/pam_loginuid/Makefile.am (EXTRA_DIST): Replace tst-pam_loginuid with $(TESTS). * modules/pam_mail/Makefile.am (EXTRA_DIST): Replace tst-pam_mail with $(TESTS). * modules/pam_mkhomedir/Makefile.am (EXTRA_DIST): Replace tst-pam_mkhomedir with $(TESTS). * modules/pam_motd/Makefile.am (EXTRA_DIST): Replace tst-pam_motd with $(TESTS). * modules/pam_namespace/Makefile.am (EXTRA_DIST): Replace tst-pam_namespace with $(TESTS). * modules/pam_nologin/Makefile.am (EXTRA_DIST): Replace tst-pam_nologin with $(TESTS). * modules/pam_permit/Makefile.am (EXTRA_DIST): Replace tst-pam_permit with $(TESTS). * modules/pam_pwhistory/Makefile.am (EXTRA_DIST): Replace tst-pam_pwhistory with $(TESTS). * modules/pam_rhosts/Makefile.am (EXTRA_DIST): Replace tst-pam_rhosts with $(TESTS). * modules/pam_rootok/Makefile.am (EXTRA_DIST): Replace tst-pam_rootok with $(TESTS). * modules/pam_securetty/Makefile.am (EXTRA_DIST): Replace tst-pam_securetty with $(TESTS). * modules/pam_sepermit/Makefile.am (EXTRA_DIST): Replace tst-pam_sepermit with $(TESTS). * modules/pam_setquota/Makefile.am (EXTRA_DIST): Replace tst-pam_setquota with $(TESTS). * modules/pam_shells/Makefile.am (EXTRA_DIST): Replace tst-pam_shells with $(TESTS). * modules/pam_stress/Makefile.am (EXTRA_DIST): Replace tst-pam_stress with $(TESTS). * modules/pam_succeed_if/Makefile.am (EXTRA_DIST): Replace tst-pam_succeed_if with $(TESTS). * modules/pam_tally/Makefile.am (EXTRA_DIST): Replace tst-pam_tally with $(TESTS). * modules/pam_tally2/Makefile.am (EXTRA_DIST): Replace tst-pam_tally2 with $(TESTS). * modules/pam_time/Makefile.am (EXTRA_DIST): Replace tst-pam_time with $(TESTS). * modules/pam_tty_audit/Makefile.am (EXTRA_DIST): Replace tst-pam_tty_audit with $(TESTS). * modules/pam_umask/Makefile.am (EXTRA_DIST): Replace tst-pam_umask with $(TESTS). * modules/pam_userdb/Makefile.am (EXTRA_DIST): Replace tst-pam_userdb with $(TESTS). * modules/pam_usertype/Makefile.am (EXTRA_DIST): Replace tst-pam_usertype with $(TESTS). * modules/pam_warn/Makefile.am (EXTRA_DIST): Replace tst-pam_warn with $(TESTS). * modules/pam_wheel/Makefile.am (EXTRA_DIST): Replace tst-pam_wheel with $(TESTS). * modules/pam_xauth/Makefile.am (EXTRA_DIST): Replace tst-pam_xauth with $(TESTS).
| * pam_namespace: simplify distribution of manual pagesDmitry V. Levin2020-04-27
| | | | | | | | * modules/pam_namespace/Makefile.am: Merge MAN5 and MAN8 into man_MANS.
| * modules/*/Makefile.am: remove manual pages from noinst_DATADmitry V. Levin2020-04-27
| | | | | | | | | | | | | | | | | | | | | | Manual pages already belong to man_MANS, listing them also in noinst_DATA does not help in any way. * modules/pam_cracklib/Makefile.am (noinst_DATA): Remove pam_cracklib.8. * modules/pam_selinux/Makefile.am (noinst_DATA): Remove pam_selinux.8. * modules/pam_sepermit/Makefile.am (noinst_DATA): Remove pam_sepermit.8 and sepermit.conf.5. * modules/pam_userdb/Makefile.am (noinst_DATA): Remove pam_userdb.8.
| * configure: add --disable-tally and --disable-tally2 optionsDmitry V. Levin2020-04-27
| | | | | | | | | | | | | | | | | | * configure.ac (AC_ARG_ENABLE): Add tally and tally2. (AM_CONDITIONAL): Add COND_BUILD_PAM_TALLY and COND_BUILD_PAM_TALLY2. * modules/Makefile.am [COND_BUILD_PAM_TALLY] (MAYBE_PAM_TALLY): Define. [COND_BUILD_PAM_TALLY2] (MAYBE_PAM_TALLY2): Likewise. (SUBDIRS): Replace pam_tally with $(COND_BUILD_PAM_TALLY), pam_tally2 with $(COND_BUILD_PAM_TALLY2).
| * build: move pam_selinux and pam_sepermit build conditions to modules/Makefile.amDmitry V. Levin2020-04-26
| | | | | | | | | | | | | | | | | | | | | | | | * configure.ac (AM_CONDITIONAL): Replace HAVE_LIBSELINUX with COND_BUILD_PAM_SELINUX and COND_BUILD_PAM_SEPERMIT. * modules/Makefile.am [COND_BUILD_PAM_SELINUX] (MAYBE_PAM_SELINUX): Define. [COND_BUILD_PAM_SEPERMIT] (MAYBE_PAM_SEPERMIT): Likewise. (SUBDIRS): Replace pam_selinux with $(MAYBE_PAM_SELINUX), pam_sepermit with MAYBE_PAM_SEPERMIT. * modules/pam_selinux/Makefile.am: Assume HAVE_LIBSELINUX. * modules/pam_sepermit/Makefile.am: Likewise.
| * build: move pam_namespace build condition to modules/Makefile.amDmitry V. Levin2020-04-26
| | | | | | | | | | | | | | | | | | * configure.ac (AM_CONDITIONAL): Replace HAVE_UNSHARE with COND_BUILD_PAM_NAMESPACE. * modules/Makefile.am [COND_BUILD_PAM_NAMESPACE] (MAYBE_PAM_NAMESPACE): Define. (SUBDIRS): Replace pam_namespace with $(MAYBE_PAM_NAMESPACE). * modules/pam_namespace/Makefile.am: Assume HAVE_UNSHARE.
| * build: move pam_userdb build condition to modules/Makefile.amDmitry V. Levin2020-04-26
| | | | | | | | | | | | | | | | | | * configure.ac (AM_CONDITIONAL): Replace HAVE_LIBDB with COND_BUILD_PAM_USERDB. * modules/Makefile.am [COND_BUILD_PAM_USERDB] (MAYBE_PAM_USERDB): Define. (SUBDIRS): Replace pam_userdb with $(MAYBE_PAM_USERDB). * modules/pam_userdb/Makefile.am: Assume HAVE_LIBDB.
| * build: move pam_cracklib build condition to modules/Makefile.amDmitry V. Levin2020-04-26
| | | | | | | | | | | | | | | | | | * configure.ac (AM_CONDITIONAL): Replace HAVE_LIBCRACK with COND_BUILD_PAM_CRACKLIB. * modules/Makefile.am [COND_BUILD_PAM_CRACKLIB] (MAYBE_PAM_CRACKLIB): Define. (SUBDIRS): Replace pam_cracklib with $(MAYBE_PAM_CRACKLIB). * modules/pam_cracklib/Makefile.am: Assume HAVE_LIBCRACK.
| * build: move pam_keyinit build condition to modules/Makefile.amDmitry V. Levin2020-04-26
| | | | | | | | | | | | | | | | | | * configure.ac (AM_CONDITIONAL): Replace HAVE_KEY_MANAGEMENT with COND_BUILD_PAM_KEYINIT. * modules/Makefile.am [COND_BUILD_PAM_KEYINIT] (MAYBE_PAM_KEYINIT): Define. (SUBDIRS): Replace pam_keyinit with $(MAYBE_PAM_KEYINIT). * modules/pam_keyinit/Makefile.am: Assume HAVE_KEY_MANAGEMENT.
| * build: move pam_tty_audit build condition to modules/Makefile.amDmitry V. Levin2020-04-26
| | | | | | | | | | | | | | | | | | * configure.ac (AM_CONDITIONAL): Replace HAVE_AUDIT_TTY_STATUS with COND_BUILD_PAM_TTY_AUDIT. * modules/Makefile.am [COND_BUILD_PAM_TTY_AUDIT] (MAYBE_PAM_TTY_AUDIT): Define. (SUBDIRS): Replace pam_tty_audit with $(MAYBE_PAM_TTY_AUDIT). * modules/pam_tty_audit/Makefile.am: Assume HAVE_AUDIT_TTY_STATUS.
| * modules/Makefile.am: sort SUBDIRSDmitry V. Levin2020-04-26
| | | | | | | | | | | | Also list one element of SUBDIRS per line for the ease of maintenance. * modules/Makefile.am (SUBDIRS): List one per line, sort.
| * pam_issue: fix potential read out of boundsDmitry V. Levin2020-04-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reported by gcc-10 -Warray-bounds: In file included from /usr/include/string.h:494, from modules/pam_issue/pam_issue.c:19: In function 'strncat', inlined from 'read_issue_quoted' at modules/pam_issue/pam_issue.c:197:3: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:136:10: error: '__builtin___strncat_chk' offset [260, 389] from the object at 'uts' is out of the bounds of referenced subobject 'version' with type 'char[65]' at offset 195 [-Werror=array-bounds] 136 | return __builtin___strncat_chk (__dest, __src, __len, __bos (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from modules/pam_issue/pam_issue.c:26: modules/pam_issue/pam_issue.c: In function 'read_issue_quoted': /usr/include/x86_64-linux-gnu/sys/utsname.h:59:10: note: subobject 'version' declared here 59 | char version[_UTSNAME_VERSION_LENGTH]; | ^~~~~~~ In file included from /usr/include/string.h:494, from modules/pam_issue/pam_issue.c:19: In function 'strncat', inlined from 'read_issue_quoted' at modules/pam_issue/pam_issue.c:188:3: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:136:10: error: '__builtin___strncat_chk' offset [65, 389] from the object at 'uts' is out of the bounds of referenced subobject 'sysname' with type 'char[65]' at offset 0 [-Werror=array-bounds] 136 | return __builtin___strncat_chk (__dest, __src, __len, __bos (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from modules/pam_issue/pam_issue.c:26: modules/pam_issue/pam_issue.c: In function 'read_issue_quoted': /usr/include/x86_64-linux-gnu/sys/utsname.h:51:10: note: subobject 'sysname' declared here 51 | char sysname[_UTSNAME_SYSNAME_LENGTH]; | ^~~~~~~ In file included from /usr/include/string.h:494, from modules/pam_issue/pam_issue.c:19: In function 'strncat', inlined from 'read_issue_quoted' at modules/pam_issue/pam_issue.c:194:3: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:136:10: error: '__builtin___strncat_chk' offset [195, 389] from the object at 'uts' is out of the bounds of referenced subobject 'release' with type 'char[65]' at offset 130 [-Werror=array-bounds] 136 | return __builtin___strncat_chk (__dest, __src, __len, __bos (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from modules/pam_issue/pam_issue.c:26: modules/pam_issue/pam_issue.c: In function 'read_issue_quoted': /usr/include/x86_64-linux-gnu/sys/utsname.h:57:10: note: subobject 'release' declared here 57 | char release[_UTSNAME_RELEASE_LENGTH]; | ^~~~~~~ In file included from /usr/include/string.h:494, from modules/pam_issue/pam_issue.c:19: In function 'strncat', inlined from 'read_issue_quoted' at modules/pam_issue/pam_issue.c:191:3: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:136:10: error: '__builtin___strncat_chk' offset [130, 389] from the object at 'uts' is out of the bounds of referenced subobject 'nodename' with type 'char[65]' at offset 65 [-Werror=array-bounds] 136 | return __builtin___strncat_chk (__dest, __src, __len, __bos (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from modules/pam_issue/pam_issue.c:26: modules/pam_issue/pam_issue.c: In function 'read_issue_quoted': /usr/include/x86_64-linux-gnu/sys/utsname.h:54:10: note: subobject 'nodename' declared here 54 | char nodename[_UTSNAME_NODENAME_LENGTH]; | ^~~~~~~~ In file included from /usr/include/string.h:494, from modules/pam_issue/pam_issue.c:19: In function 'strncat', inlined from 'read_issue_quoted' at modules/pam_issue/pam_issue.c:200:3: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:136:10: error: '__builtin___strncat_chk' offset [325, 389] from the object at 'uts' is out of the bounds of referenced subobject 'machine' with type 'char[65]' at offset 260 [-Werror=array-bounds] 136 | return __builtin___strncat_chk (__dest, __src, __len, __bos (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from modules/pam_issue/pam_issue.c:26: modules/pam_issue/pam_issue.c: In function 'read_issue_quoted': /usr/include/x86_64-linux-gnu/sys/utsname.h:62:10: note: subobject 'machine' declared here 62 | char machine[_UTSNAME_MACHINE_LENGTH]; | ^~~~~~~ * modules/pam_issue/pam_issue.c (read_issue_quoted): Rewrite to avoid strncat from potentially not null-terminated string buffer fields of struct utsname.
| * pam_motd: fix NULL dereference when at least one of motd directories is not ↵Dmitry V. Levin2020-04-26
| | | | | | | | | | | | | | | | | | | | | | available * modules/pam_motd/pam_motd.c (try_to_display_directories_with_overrides): Do not assign -1U to dirscans_sizes[i] when scandir(motd_dir_path_split[i]) returns an error. Resolves: https://bugzilla.altlinux.org/38389 Fixes: d57ab221 ("pam_motd: Cleanup the code and avoid unnecessary logging")
| * pam_motd: cleanup calloc invocationsDmitry V. Levin2020-04-26
| | | | | | | | | | | | | | | | | | | | Apply the following calloc invocation idiom: ptr = calloc(nmemb, sizeof(*ptr)); * modules/pam_motd/pam_motd.c (pam_split_string, try_to_display_directories_with_overrides): Cleanup calloc invocations. Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)")
| * pam_motd: fix NULL dereference on error pathDmitry V. Levin2020-04-26
| | | | | | | | | | | | | | | | | | * modules/pam_motd/pam_motd.c (try_to_display_directories_with_overrides): Do not access elements of dirscans_sizes array if dirscans_sizes == NULL due to an earlier memory allocation error. Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)")
| * pam_motd: remove redundant return statementDmitry V. Levin2020-04-26
| | | | | | | | | | | | | | | | * modules/pam_motd/pam_motd.c (try_to_display_directories_with_overrides): Remove return statement at the end of the function returning void. Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)")
| * pam_motd: remove redundant prefix from syslog messagesDmitry V. Levin2020-04-26
| | | | | | | | | | | | | | | | | | | | pam_syslog already does all the prefixing we need. * modules/pam_motd/pam_motd.c (pam_split_string, try_to_display_directories_with_overrides): Remove "pam_motd: " prefix from strings passed to pam_syslog. Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)")
| * pam_motd: fix memory leakDmitry V. Levin2020-04-26
| | | | | | | | | | | | | | | | | | | | pam_motd used to leak memory allocated for each motd file successfully opened in try_to_display_directories_with_overrides. * modules/pam_motd/pam_motd.c (try_to_display_directories_with_overrides): Free abs_path. Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)")
| * pam_motd: fix misleading error diagnosticsDmitry V. Levin2020-04-26
| | | | | | | | | | | | | | | | | | | | | | | | Do not invoke calloc with the first argument equal to zero as the return value can be NULL which is undistinguishable from memory allocation error. * modules/pam_motd/pam_motd.c (try_to_display_directories_with_overrides): Skip if there are no directory entries (dirscans_size_total == 0). Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)")
| * pam_motd: do not zero the memory allocated by callocDmitry V. Levin2020-04-26
| | | | | | | | | | | | | | | | | | | | As dirnames_all is allocated with calloc, zeroing it out is pointless. * modules/pam_motd/pam_motd.c (try_to_display_directories_with_overrides): Remove redundant zeroing of dirnames_all. Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)")
| * build: cleanup: do not add -DWITH_SELINUX to CFLAGSDmitry V. Levin2020-04-26
| | | | | | | | | | | | | | | | | | | | As WITH_SELINUX is already AC_DEFINE'd in configure.ac, there is no point in adding -DWITH_SELINUX to CFLAGS. * libpam/Makefile.am [HAVE_LIBSELINUX] (AM_CFLAGS): Do not add -DWITH_SELINUX. * modules/pam_rootok/Makefile.am: Likewise. * modules/pam_unix/Makefile.am: Likewise.
| * pam_filter: fix potential off-by-one heap buffer overflowDmitry V. Levin2020-04-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reported by gcc-10 -Wstringop-overflow: In file included from /usr/include/string.h:494, from modules/pam_filter/pam_filter.c:14: In function 'strcpy', inlined from 'process_args' at modules/pam_filter/pam_filter.c:137:2, inlined from 'need_a_filter.isra' at modules/pam_filter/pam_filter.c:618:12: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:90:10: warning: '__builtin_memcpy' writing 6 bytes into a region of size 5 [-Wstringop-overflow=] 90 | return __builtin___strcpy_chk (__dest, __src, __bos (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ modules/pam_filter/pam_filter.c: In function 'need_a_filter.isra': modules/pam_filter/pam_filter.c:128:21: note: at offset 0 to an object with size 5 allocated by 'malloc' here 128 | levp[0] = (char *) malloc(size); | ^~~~~~~~~~~~ * modules/pam_filter/pam_filter.c (process_args): Fix off-by-one heap buffer overflow in case of a filter without arguments (argc == 0).
| * pam_setquota: remove PAM_EXTERN and PAM_STATIC partsDmitry V. Levin2020-04-24
| | | | | | | | | | | | | | In other modules they were removed by commit Linux-PAM-1.3.0~14. * modules/pam_setquota/pam_setquota.c: Remove PAM_EXTERN and PAM_STATIC parts.
| * pam_setquota: fix more harmless compilation warningsDmitry V. Levin2020-04-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | On ppc64le the compiler complains with the following diagnostics: pam_setquota.c: In function 'debug': pam_setquota.c:48:59: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 6 has type '__u64' {aka 'const long unsigned int'} [-Wformat=] 48 | pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu " | ~~~^ | | | long long unsigned int | %lu ...... 51 | p->dqb_bsoftlimit, p->dqb_bhardlimit, | ~~~~~~~~~~~~~~~~~ | | | __u64 {aka const long unsigned int} pam_setquota.c:48:75: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 7 has type '__u64' {aka 'const long unsigned int'} [-Wformat=] 48 | pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu " | ~~~^ | | | long long unsigned int | %lu ...... 51 | p->dqb_bsoftlimit, p->dqb_bhardlimit, | ~~~~~~~~~~~~~~~~~ | | | __u64 {aka const long unsigned int} pam_setquota.c:48:31: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 8 has type '__u64' {aka 'const long unsigned int'} [-Wformat=] 48 | pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu " | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ...... 52 | p->dqb_isoftlimit, p->dqb_ihardlimit, | ~~~~~~~~~~~~~~~~~ | | | __u64 {aka const long unsigned int} pam_setquota.c:49:46: note: format string is defined here 49 | "isoftlimit=%llu ihardlimit=%llu btime=%llu itime=%llu", | ~~~^ | | | long long unsigned int | %lu pam_setquota.c:48:31: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 9 has type '__u64' {aka 'const long unsigned int'} [-Wformat=] 48 | pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu " | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ...... 52 | p->dqb_isoftlimit, p->dqb_ihardlimit, | ~~~~~~~~~~~~~~~~~ | | | __u64 {aka const long unsigned int} pam_setquota.c:49:62: note: format string is defined here 49 | "isoftlimit=%llu ihardlimit=%llu btime=%llu itime=%llu", | ~~~^ | | | long long unsigned int | %lu pam_setquota.c:48:31: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 10 has type '__u64' {aka 'const long unsigned int'} [-Wformat=] 48 | pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu " | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ...... 53 | p->dqb_btime, p->dqb_itime); | ~~~~~~~~~~~~ | | | __u64 {aka const long unsigned int} pam_setquota.c:49:73: note: format string is defined here 49 | "isoftlimit=%llu ihardlimit=%llu btime=%llu itime=%llu", | ~~~^ | | | long long unsigned int | %lu pam_setquota.c:48:31: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 11 has type '__u64' {aka 'const long unsigned int'} [-Wformat=] 48 | pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu " | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ...... 53 | p->dqb_btime, p->dqb_itime); | ~~~~~~~~~~~~ | | | __u64 {aka const long unsigned int} pam_setquota.c:49:84: note: format string is defined here 49 | "isoftlimit=%llu ihardlimit=%llu btime=%llu itime=%llu", | ~~~^ | | | long long unsigned int | %lu * modules/pam_setquota/pam_setquota.c (debug): Cast fields of type __u64 to unsigned long long.
| * pam_timestamp: include "config.h" in hmacsha1.c as the first headerDmitry V. Levin2020-04-24
| | | | | | | | | | | | | | | | | | This ensures "config.h" is included before any system header which fixes the following bug reported by ALT diagnostics: verify-elf: ERROR: ./lib/security/pam_timestamp.so: uses non-LFS functions: __fxstat open * modules/pam_timestamp/hmacsha1.c: Include "config.h".
| * pam_setquota: apply WARN_CFLAGSDmitry V. Levin2020-04-24
| | | | | | | | | | | | All other modules already build with WARN_CFLAGS. * modules/pam_setquota/Makefile.am (AM_CFLAGS): Add $(WARN_CFLAGS).
| * pam_setquota: fix harmless compilation warningsDmitry V. Levin2020-04-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix -Wunused-variable compilation warnings: pam_setquota.c: In function 'pam_sm_open_session': pam_setquota.c:173:9: warning: unused variable 'ep' [-Wunused-variable] 173 | char *ep, *val, *mntdevice = NULL; | ^~ pam_setquota.c:172:17: warning: unused variable 'ul' [-Wunused-variable] 172 | unsigned long ul; | ^~ Fix -Wunused-parameter compilation warnings: pam_setquota.c: In function 'pam_sm_open_session': pam_setquota.c:169:60: warning: unused parameter 'flags' [-Wunused-parameter] 169 | PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, | ~~~~^~~~~ pam_setquota.c: In function 'pam_sm_close_session': pam_setquota.c:382:40: warning: unused parameter 'pamh' [-Wunused-parameter] 382 | int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, | ~~~~~~~~~~~~~~^~~~ pam_setquota.c:382:50: warning: unused parameter 'flags' [-Wunused-parameter] 382 | int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, | ~~~~^~~~~ pam_setquota.c:382:61: warning: unused parameter 'argc' [-Wunused-parameter] 382 | int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, | ~~~~^~~~ pam_setquota.c:383:39: warning: unused parameter 'argv' [-Wunused-parameter] 383 | const char **argv) { | ~~~~~~~~~~~~~^~~~ * modules/pam_setquota/pam_setquota.c (pam_sm_open_session): Mark 'flags' parameter as unused. Remove unused 'ep' and 'ul' variables. (pam_sm_close_session): Mark all parameters as unused.
| * pam_setquota: new module to set or modify disk quotas on session startSven Hartge2020-04-17
| | | | | | | | | | | | | | This makes disk quotas usable with central user databases, such as MySQL or LDAP. Resolves: https://github.com/linux-pam/linux-pam/issues/92
| * pam_access, pam_issue: do not assume that getdomainname always existsDmitry V. Levin2020-04-15
| | | | | | | | | | | | | | | | * modules/pam_access/pam_access.c (netgroup_match): Place the code that calls getdomainname under HAVE_GETDOMAINNAME guard. * modules/pam_issue/pam_issue.c (read_issue_quoted): Likewise. Resolves: https://github.com/linux-pam/linux-pam/issues/43
| * pam_unix: modernize example in manual pageTopi Miettinen2020-04-12
| | | | | | | | | | | | | | According to crypt(5), md5 should not be used for new hashes. Let's give a modern example with yescrypt. Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
| * pam_access: add an example of using groups in access.conf to permit accessLucas Ramage2020-04-07
| | | | | | | | | | Resolves: https://github.com/linux-pam/linux-pam/issues/65 Resolves: https://github.com/linux-pam/linux-pam/pull/199
| * pam_timestamp: Fix // in TIMESTAMPDIRPetr Lautrbach2020-03-31
| | | | | | | | | | | | | | | | | | _PATH_VARRUN already provides trailing slash for building paths Fixes: $ strings /usr/lib64/security/pam_timestamp.so | grep /run/ /var/run//pam_timestamp /var/run//pam_timestamp/_pam_timestamp_key
| * pam_unix: Return PAM_AUTHINFO_UNAVAIL when appropriate.James Ralston2020-03-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The pam_unix.so will never return PAM_AUTHINFO_UNAVAIL on systems that use the unix_chkpwd helper. The reason is that in unix_chkpwd.c, towards the end of main(), if helper_verify_password() does not return PAM_SUCCESS, main() ignores the actual error that helper_verify_password() returned and instead returns PAM_AUTH_ERR. This commit corrects this behavior. Specifically, if helper_verify_password() returns PAM_USER_UNKNOWN, which it does when /etc/passwd entry indicates that shadow information is present but the /etc/shadow entry is missing, the unix_chkpwd now exits with PAM_AUTHINFO_UNAVAIL. For any other error from helper_verify_password(), unix_chkpwd continues to exit with PAM_AUTH_ERR. * modules/pam_unix/unix_chkpwd.c (main): Return PAM_AUTHINFO_UNAVAIL when helper_verify_password() returns PAM_USER_UNKNOWN.
| * Fix various typos found using codespell toolDmitry V. Levin2020-03-28
| |
| * pam_time: add conffile option to specify an alternative configuration fileblueskycs2c2020-03-24
| | | | | | | | | | Resolves: https://github.com/linux-pam/linux-pam/pull/163 Resolves: https://github.com/linux-pam/linux-pam/pull/191
| * pam_exec: require user name to be ready for the commandAlexander Zubkov2020-03-23
| | | | | | | | | | | | | | | | | | | | pam_exec module can be called when a user name has not been prompted yet. And thus the command is called without a user name available. This fix asks PAM for the user name to ensure it is ready or to force the prompt. Resolves: https://github.com/linux-pam/linux-pam/issues/131 Resolves: https://github.com/linux-pam/linux-pam/pull/195