From 2a5d231074efd71281a8d722519b69fda0748a7e Mon Sep 17 00:00:00 2001
From: "Dmitry V. Levin" <ldv@altlinux.org>
Date: Wed, 20 Nov 2013 15:55:40 +0000
Subject: pam_access: fix debug level logging (ticket #19)

* modules/pam_access/pam_access.c (group_match): Log the group token
passed to the function, not an uninitialized data on the stack.
---
 modules/pam_access/pam_access.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/pam_access/pam_access.c')

diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
index a9cce510..87626e73 100644
--- a/modules/pam_access/pam_access.c
+++ b/modules/pam_access/pam_access.c
@@ -573,7 +573,7 @@ group_match (pam_handle_t *pamh, const char *tok, const char* usr,
 
     if (debug)
         pam_syslog (pamh, LOG_DEBUG,
-		    "group_match: grp=%s, user=%s", grptok, usr);
+		    "group_match: grp=%s, user=%s", tok, usr);
 
     if (strlen(tok) < 3)
         return NO;
-- 
cgit v1.2.3


From 8f7f6da06091153702f38e283d8f34778ccf9eb2 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Wed, 13 Aug 2014 14:45:05 +0200
Subject: pam_access: Avoid uninitialized access of line.

* modules/pam_access/pam_access.c (login_access): Reorder condition
so line is not accessed when uninitialized.
---
 modules/pam_access/pam_access.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'modules/pam_access/pam_access.c')

diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
index 87626e73..b32a966b 100644
--- a/modules/pam_access/pam_access.c
+++ b/modules/pam_access/pam_access.c
@@ -412,8 +412,8 @@ login_access (pam_handle_t *pamh, struct login_info *item)
 	return NO;
     }
 #ifdef HAVE_LIBAUDIT
-    if (!item->noaudit && line[0] == '-' && (match == YES || (match == ALL &&
-	nonall_match == YES))) {
+    if (!item->noaudit && (match == YES || (match == ALL &&
+	nonall_match == YES)) && line[0] == '-') {
 	pam_modutil_audit_write(pamh, AUDIT_ANOM_LOGIN_LOCATION,
 	    "pam_access", 0);
     }
-- 
cgit v1.2.3


From a64de52d1621ac3d3dd03f66742b48bef0101043 Mon Sep 17 00:00:00 2001
From: Thorsten Kukuk <kukuk@thkukuk.de>
Date: Wed, 23 Mar 2016 11:16:55 +0100
Subject: Remove YP dependencies from pam_access, they were never used and such
 not needed.

* modules/pam_access/Makefile.am: Remove NIS_CFLAGS and NIS_LIBS
* modules/pam_access/pam_access.c: Remove yp_get_default_domain case,
  it will never be used.
---
 modules/pam_access/pam_access.c | 8 --------
 1 file changed, 8 deletions(-)

(limited to 'modules/pam_access/pam_access.c')

diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
index b32a966b..d4c847a0 100644
--- a/modules/pam_access/pam_access.c
+++ b/modules/pam_access/pam_access.c
@@ -44,9 +44,6 @@
 #include <arpa/inet.h>
 #include <netdb.h>
 #include <sys/socket.h>
-#ifdef HAVE_RPCSVC_YPCLNT_H
-#include <rpcsvc/ypclnt.h>
-#endif
 #ifdef HAVE_LIBAUDIT
 #include <libaudit.h>
 #endif
@@ -470,8 +467,6 @@ netgroup_match (pam_handle_t *pamh, const char *netgroup,
 {
   int retval;
   char *mydomain = NULL;
-
-#if defined(HAVE_GETDOMAINNAME)
   char domainname_res[256];
 
   if (getdomainname (domainname_res, sizeof (domainname_res)) == 0)
@@ -481,9 +476,6 @@ netgroup_match (pam_handle_t *pamh, const char *netgroup,
           mydomain = domainname_res;
         }
     }
-#elif defined(HAVE_YP_GET_DEFAULT_DOMAIN)
-  yp_get_default_domain(&mydomain);
-#endif
 
 #ifdef HAVE_INNETGR
   retval = innetgr (netgroup, machine, user, mydomain);
-- 
cgit v1.2.3


From a684595c0bbd88df71285f43fb27630e3829121e Mon Sep 17 00:00:00 2001
From: Thorsten Kukuk <kukuk@thkukuk.de>
Date: Tue, 29 Mar 2016 14:14:03 +0200
Subject: Remove "--enable-static-modules" option and support from  Linux-PAM.
 It was never official supported and was broken since years.

* configure.ac: Remove --enable-static-modules option.
* doc/man/pam_sm_acct_mgmt.3.xml: Remove PAM_EXTERN.
* doc/man/pam_sm_authenticate.3.xml: Likewise.
* doc/man/pam_sm_chauthtok.3.xml: Likewise.
* doc/man/pam_sm_close_session.3.xml: Likewise.
* doc/man/pam_sm_open_session.3.xml: Likewise.
* doc/man/pam_sm_setcred.3.xml: Likewise.
* libpam/Makefile.am: Remove STATIC_MODULES cases.
* libpam/include/security/pam_modules.h: Remove PAM_STATIC parts.
* libpam/pam_dynamic.c: Likewise.
* libpam/pam_handlers.c: Likewise.
* libpam/pam_private.h: Likewise.
* libpam/pam_static.c: Remove file.
* libpam/pam_static_modules.h: Remove header file.
* modules/pam_access/pam_access.c: Remove PAM_EXTERN and PAM_STATIC parts.
* modules/pam_cracklib/pam_cracklib.c: Likewise.
* modules/pam_debug/pam_debug.c: Likewise.
* modules/pam_deny/pam_deny.c: Likewise.
* modules/pam_echo/pam_echo.c: Likewise.
* modules/pam_env/pam_env.c: Likewise.
* modules/pam_exec/pam_exec.c: Likewise.
* modules/pam_faildelay/pam_faildelay.c: Likewise.
* modules/pam_filter/pam_filter.c: Likewise.
* modules/pam_ftp/pam_ftp.c: Likewise.
* modules/pam_group/pam_group.c: Likewise.
* modules/pam_issue/pam_issue.c: Likewise.
* modules/pam_keyinit/pam_keyinit.c: Likewise.
* modules/pam_lastlog/pam_lastlog.c: Likewise.
* modules/pam_limits/pam_limits.c: Likewise.
* modules/pam_listfile/pam_listfile.c: Likewise.
* modules/pam_localuser/pam_localuser.c: Likewise.
* modules/pam_loginuid/pam_loginuid.c: Likewise.
* modules/pam_mail/pam_mail.c: Likewise.
* modules/pam_mkhomedir/pam_mkhomedir.c: Likewise.
* modules/pam_motd/pam_motd.c: Likewise.
* modules/pam_namespace/pam_namespace.c: Likewise.
* modules/pam_nologin/pam_nologin.c: Likewise.
* modules/pam_permit/pam_permit.c: Likewise.
* modules/pam_pwhistory/pam_pwhistory.c: Likewise.
* modules/pam_rhosts/pam_rhosts.c: Likewise.
* modules/pam_rootok/pam_rootok.c: Likewise.
* modules/pam_securetty/pam_securetty.c: Likewise.
* modules/pam_selinux/pam_selinux.c: Likewise.
* modules/pam_sepermit/pam_sepermit.c: Likewise.
* modules/pam_shells/pam_shells.c: Likewise.
* modules/pam_stress/pam_stress.c: Likewise.
* modules/pam_succeed_if/pam_succeed_if.c: Likewise.
* modules/pam_tally/pam_tally.c: Likewise.
* modules/pam_tally2/pam_tally2.c: Likewise.
* modules/pam_time/pam_time.c: Likewise.
* modules/pam_timestamp/pam_timestamp.c: Likewise.
* modules/pam_tty_audit/pam_tty_audit.c: Likewise.
* modules/pam_umask/pam_umask.c: Likewise.
* modules/pam_userdb/pam_userdb.c: Likewise.
* modules/pam_warn/pam_warn.c: Likewise.
* modules/pam_wheel/pam_wheel.c: Likewise.
* modules/pam_xauth/pam_xauth.c: Likewise.
* modules/pam_unix/Makefile.am: Remove STATIC_MODULES part.
* modules/pam_unix/pam_unix_acct.c: Remove PAM_STATIC part.
* modules/pam_unix/pam_unix_auth.c: Likewise.
* modules/pam_unix/pam_unix_passwd.c: Likewise.
* modules/pam_unix/pam_unix_sess.c: Likewise.
* modules/pam_unix/pam_unix_static.c: Removed.
* modules/pam_unix/pam_unix_static.h: Removed.
* po/POTFILES.in: Remove removed files.
* tests/tst-dlopen.c: Remove PAM_STATIC part.
---
 modules/pam_access/pam_access.c | 27 ++++++---------------------
 1 file changed, 6 insertions(+), 21 deletions(-)

(limited to 'modules/pam_access/pam_access.c')

diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
index d4c847a0..3ac1ad00 100644
--- a/modules/pam_access/pam_access.c
+++ b/modules/pam_access/pam_access.c
@@ -792,7 +792,7 @@ network_netmask_match (pam_handle_t *pamh,
 
 /* --- public PAM management functions --- */
 
-PAM_EXTERN int
+int
 pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
 		     int argc, const char **argv)
 {
@@ -904,35 +904,35 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
     }
 }
 
-PAM_EXTERN int
+int
 pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED,
 		int argc UNUSED, const char **argv UNUSED)
 {
   return PAM_IGNORE;
 }
 
-PAM_EXTERN int
+int
 pam_sm_acct_mgmt (pam_handle_t *pamh, int flags,
 		  int argc, const char **argv)
 {
   return pam_sm_authenticate (pamh, flags, argc, argv);
 }
 
-PAM_EXTERN int
+int
 pam_sm_open_session(pam_handle_t *pamh, int flags,
 		    int argc, const char **argv)
 {
   return pam_sm_authenticate(pamh, flags, argc, argv);
 }
 
-PAM_EXTERN int
+int
 pam_sm_close_session(pam_handle_t *pamh, int flags,
 		     int argc, const char **argv)
 {
   return pam_sm_authenticate(pamh, flags, argc, argv);
 }
 
-PAM_EXTERN int
+int
 pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 		 int argc, const char **argv)
 {
@@ -940,18 +940,3 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 }
 
 /* end of module definition */
-
-#ifdef PAM_STATIC
-
-/* static module data */
-
-struct pam_module _pam_access_modstruct = {
-    "pam_access",
-    pam_sm_authenticate,
-    pam_sm_setcred,
-    pam_sm_acct_mgmt,
-    pam_sm_open_session,
-    pam_sm_close_session,
-    pam_sm_chauthtok
-};
-#endif
-- 
cgit v1.2.3