From f9c9c72121eada731e010ab3620762bcf63db08f Mon Sep 17 00:00:00 2001 From: Robert Fairley Date: Mon, 19 Nov 2018 03:00:16 -0500 Subject: pam_motd: Support multiple motd paths specified, with filename overrides (#69) Adds specifying multiple paths to motd files and motd.d directories to be displayed. A colon-separated list of paths is specified as arguments motd and motd_dir to the pam_motd module. This gives packages several options to install motd files to. By default, the paths are, with highest priority first: /etc/motd /run/motd /usr/lib/motd /etc/motd.d/ /run/motd.d/ /usr/lib/motd.d/ Which is equivalent to the following arguments: motd=/etc/motd:/run/motd:/usr/lib/motd motd_dir=/etc/motd.d:/run/motd.d:/usr/lib/motd.d Files with the same filename in a lower-priority directory, as specified by the order in the colon-separated list, are overridden, meaning PAM will not display them. This allows a package to contain motd files under /usr/lib instead of the host configuration in /etc. A service may also write a dynamically generated motd in /run/motd.d/ and have PAM display it without needing a symlink from /etc/motd.d/ installed. Closes #68 * modules/pam_motd/pam_motd.8.xml: update documentation * modules/pam_motd/pam_motd.c: add specifying multiple motd paths * xtests/.gitignore: add generated test script * xtests/Makefile.am: add test source, scripts and config files * xtests/tst-pam_motd.c: create * xtests/tst-pam_motd.sh: create * xtests/tst-pam_motd1.pamd: create * xtests/tst-pam_motd1.sh: create * xtests/tst-pam_motd2.pamd: create * xtests/tst-pam_motd2.sh: create * xtests/tst-pam_motd3.pamd: create * xtests/tst-pam_motd3.sh: create --- modules/pam_motd/pam_motd.8.xml | 65 ++++++++-- modules/pam_motd/pam_motd.c | 271 ++++++++++++++++++++++++++++++++++++++-- 2 files changed, 317 insertions(+), 19 deletions(-) (limited to 'modules/pam_motd') diff --git a/modules/pam_motd/pam_motd.8.xml b/modules/pam_motd/pam_motd.8.xml index 906c4ed0..4e2110c1 100644 --- a/modules/pam_motd/pam_motd.8.xml +++ b/modules/pam_motd/pam_motd.8.xml @@ -21,6 +21,9 @@ motd=/path/filename + + motd_dir=/path/dirname.d + @@ -31,10 +34,49 @@ pam_motd is a PAM module that can be used to display arbitrary motd (message of the day) files after a successful - login. By default the /etc/motd file is - shown. The message size is limited to 64KB. + login. By default, pam_motd shows files in the + following locations: + + + + /etc/motd + /run/motd + /usr/lib/motd + /etc/motd.d/ + /run/motd.d/ + /usr/lib/motd.d/ + + + + Each message size is limited to 64KB. + + + If /etc/motd does not exist, + then /run/motd is shown. If + /run/motd does not exist, then + /usr/lib/motd is shown. + + + Similar overriding behavior applies to the directories. + Files in /etc/motd.d/ override files + with the same name in /run/motd.d/ and + /usr/lib/motd.d/. Files in /run/motd.d/ + override files with the same name in /usr/lib/motd.d/. + + + Files the in the directories listed above are displayed in + lexicographic order by name. + + + To silence a message, + a symbolic link with target /dev/null + may be placed in /etc/motd.d with + the same filename as the message to be silenced. Example: + Creating a symbolic link as follows silences /usr/lib/motd.d/my_motd. + + + ln -s /dev/null /etc/motd.d/my_motd - @@ -47,8 +89,10 @@ - The /path/filename file is displayed - as message of the day. + The /path/filename file is displayed + as message of the day. Multiple paths to try can be + specified as a colon-separated list. By default this option + is set to /etc/motd:/run/motd:/usr/lib/motd. @@ -59,16 +103,17 @@ The /path/dirname.d directory is scanned - and each file contained inside of it is displayed. + and each file contained inside of it is displayed. Multiple + directories to scan can be specified as a colon-separated list. + By default this option is set to /etc/motd.d:/run/motd.d:/usr/lib/motd.d. - When no options are given, the default is to display both - /etc/motd and the contents of - /etc/motd.d. Specifying either option (or both) - will disable this default behavior. + When no options are given, the default behavior applies for both + options. Specifying either option (or both) will disable the + default behavior for both options. diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c index cc828d7e..1c1cfcfa 100644 --- a/modules/pam_motd/pam_motd.c +++ b/modules/pam_motd/pam_motd.c @@ -33,8 +33,8 @@ */ #define PAM_SM_SESSION -#define DEFAULT_MOTD "/etc/motd" -#define DEFAULT_MOTD_D "/etc/motd.d" +#define DEFAULT_MOTD "/etc/motd:/run/motd:/usr/lib/motd" +#define DEFAULT_MOTD_D "/etc/motd.d:/run/motd.d:/usr/lib/motd.d" #include #include @@ -97,12 +97,235 @@ static void try_to_display_directory(pam_handle_t *pamh, const char *dirname) } } +/* + * Split a DELIM-separated string ARG into an array. + * Outputs a newly allocated array of strings OUT_ARG_SPLIT + * and the number of strings OUT_NUM_STRS. + * Returns 0 in case of error, 1 in case of success. + */ +static int pam_split_string(const pam_handle_t *pamh, char *arg, char delim, + char ***out_arg_split, uint *out_num_strs) +{ + char *arg_extracted = NULL; + const char *arg_ptr = arg; + char **arg_split = NULL; + char delim_str[2]; + int i = 0; + uint num_strs = 0; + int retval = 0; + + delim_str[0] = delim; + delim_str[1] = '\0'; + + if (arg == NULL) { + goto out; + } + + while (arg_ptr != NULL) { + num_strs++; + arg_ptr = strchr(arg_ptr + sizeof(const char), delim); + } + + arg_split = (char **)calloc(num_strs, sizeof(char *)); + if (arg_split == NULL) { + pam_syslog(pamh, LOG_CRIT, "pam_motd: failed to allocate string array"); + goto out; + } + + + arg_extracted = strtok_r(arg, delim_str, &arg); + while (arg_extracted != NULL && i < num_strs) { + arg_split[i++] = arg_extracted; + arg_extracted = strtok_r(NULL, delim_str, &arg); + } + + retval = 1; + + out: + *out_num_strs = num_strs; + *out_arg_split = arg_split; + + return retval; +} + +/* Join A_STR and B_STR, inserting a "/" between them if one is not already trailing + * in A_STR or beginning B_STR. A pointer to a newly allocated string holding the + * joined string is returned in STRP_OUT. + * Returns -1 in case of error, or the number of bytes in the joined string in + * case of success. */ +static int join_dir_strings(char **strp_out, const char *a_str, const char *b_str) +{ + int has_sep = 0; + int retval = -1; + char *join_strp = NULL; + + if (strp_out == NULL || a_str == NULL || b_str == NULL) { + goto out; + } + if (strlen(a_str) == 0) { + goto out; + } + + has_sep = (a_str[strlen(a_str) - 1] == '/') || (b_str[0] == '/'); + + retval = asprintf(&join_strp, "%s%s%s", a_str, + (has_sep == 1) ? "" : "/", b_str); + + if (retval < 0) { + goto out; + } + + *strp_out = join_strp; + + out: + return retval; +} + +static int compare_strings(const void * a, const void * b) +{ + const char *a_str = *(char **)a; + const char *b_str = *(char **)b; + + if (a_str == NULL && b_str == NULL) { + return 0; + } + else if (a_str == NULL) { + return -1; + } + else if (b_str == NULL) { + return 1; + } + else { + return strcmp(a_str, b_str); + } +} + +static int filter_dirents(const struct dirent *d) +{ + return (d->d_type == DT_REG || d->d_type == DT_LNK); +} + +static void try_to_display_directories_with_overrides(pam_handle_t *pamh, + char **motd_dir_path_split, int num_motd_dirs) +{ + struct dirent ***dirscans = NULL; + int *dirscans_sizes = NULL; + int dirscans_size_total = 0; + char **dirnames_all = NULL; + int i; + int i_dirnames = 0; + + if (pamh == NULL || motd_dir_path_split == NULL) { + goto out; + } + if (num_motd_dirs < 1) { + goto out; + } + + if ((dirscans = (struct dirent ***)calloc(num_motd_dirs, + sizeof(struct dirent **))) == NULL) { + pam_syslog(pamh, LOG_CRIT, "pam_motd: failed to allocate dirent arrays"); + goto out; + } + if ((dirscans_sizes = (int *)calloc(num_motd_dirs, sizeof(int))) == NULL) { + pam_syslog(pamh, LOG_CRIT, "pam_motd: failed to allocate dirent array sizes"); + goto out; + } + + for (i = 0; i < num_motd_dirs; i++) { + dirscans_sizes[i] = scandir(motd_dir_path_split[i], &(dirscans[i]), + filter_dirents, alphasort); + if (dirscans_sizes[i] < 0) { + pam_syslog(pamh, LOG_ERR, "pam_motd: error scanning directory %s", motd_dir_path_split[i]); + dirscans_sizes[i] = 0; + } + dirscans_size_total += dirscans_sizes[i]; + } + + /* Allocate space for all file names found in the directories, including duplicates. */ + if ((dirnames_all = (char **)calloc(dirscans_size_total, + sizeof(char *))) == NULL) { + pam_syslog(pamh, LOG_CRIT, "pam_motd: failed to allocate dirname array"); + goto out; + } + + for (i = 0; i < dirscans_size_total; i++) { + dirnames_all[i] = NULL; + } + + for (i = 0; i < num_motd_dirs; i++) { + int j; + + for (j = 0; j < dirscans_sizes[i]; j++) { + dirnames_all[i_dirnames] = dirscans[i][j]->d_name; + i_dirnames++; + } + } + + qsort(dirnames_all, dirscans_size_total, + sizeof(const char *), compare_strings); + + for (i = 0; i < dirscans_size_total; i++) { + int j; + + if (dirnames_all[i] == NULL) { + continue; + } + + /* Skip duplicate file names. */ + if (i > 0 && strcmp(dirnames_all[i], dirnames_all[i - 1]) == 0) { + continue; + } + + for (j = 0; j < num_motd_dirs; j++) { + char *abs_path = NULL; + + if (join_dir_strings(&abs_path, motd_dir_path_split[j], + dirnames_all[i]) < 0) { + continue; + } + + if (abs_path != NULL) { + int fd = open(abs_path, O_RDONLY, 0); + if (fd >= 0) { + try_to_display_fd(pamh, fd); + close(fd); + + /* We displayed a file, skip to the next file name. */ + break; + } + } + _pam_drop(abs_path); + } + } + + out: + _pam_drop(dirnames_all); + for (i = 0; i < num_motd_dirs; i++) { + int j; + for (j = 0; j < dirscans_sizes[i]; j++) { + _pam_drop(dirscans[i][j]); + } + _pam_drop(dirscans[i]); + } + _pam_drop(dirscans_sizes); + _pam_drop(dirscans); + + return; +} + int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { int retval = PAM_IGNORE; const char *motd_path = NULL; + char *motd_path_copy = NULL; + int num_motd_paths = 0; + char **motd_path_split = NULL; const char *motd_dir_path = NULL; + char *motd_dir_path_copy = NULL; + int num_motd_dir_paths = 0; + char **motd_dir_path_split = NULL; if (flags & PAM_SILENT) { return retval; @@ -140,17 +363,47 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, motd_dir_path = default_motd_dir; } - if (motd_path != NULL) { - int fd = open(motd_path, O_RDONLY, 0); + motd_path_copy = strdup(motd_path); + if (motd_path_copy != NULL) { + if (pam_split_string(pamh, motd_path_copy, ':', &motd_path_split, + &num_motd_paths) == 0) { + goto out; + } + } + + motd_dir_path_copy = strdup(motd_dir_path); + if (motd_dir_path_copy != NULL) { + if (pam_split_string(pamh, motd_dir_path_copy, ':', + &motd_dir_path_split, &num_motd_dir_paths) == 0) { + goto out; + } + } + + if (motd_path_split != NULL) { + int i; + + for (i = 0; i < num_motd_paths; i++) { + int fd = open(motd_path_split[i], O_RDONLY, 0); - if (fd >= 0) { - try_to_display_fd(pamh, fd); - close(fd); + if (fd >= 0) { + try_to_display_fd(pamh, fd); + close(fd); + + /* We found and displayed a file, move onto next filename. */ + break; + } } } - if (motd_dir_path != NULL) - try_to_display_directory(pamh, motd_dir_path); + if (motd_dir_path_split != NULL) + try_to_display_directories_with_overrides(pamh, motd_dir_path_split, + num_motd_dir_paths); + + out: + _pam_drop(motd_path_copy); + _pam_drop(motd_path_split); + _pam_drop(motd_dir_path_copy); + _pam_drop(motd_dir_path_split); return retval; } -- cgit v1.2.3 From 8eaf5570cf011148a0b55c53570df5edaafebdb0 Mon Sep 17 00:00:00 2001 From: Robert Fairley Date: Wed, 21 Nov 2018 02:46:02 -0500 Subject: pam_motd: Fix segmentation fault when no motd_dir specified (#76) This fixes a regression introduced by #69, where motd_path was set to NULL and passed into strdup() if the motd_dir argument was not specified in the configuration file. This caused a segmentation fault. * modules/pam_motd/pam_motd.c: fix checks for NULL in arguments * xtests/Makefile.am: add test scripts and config file * xtests/tst-pam_motd.sh: add running tst-pam_motd4.sh * xtests/tst-pam_motd4.pamd: create * xtests/tst-pam_motd4.sh: create --- modules/pam_motd/pam_motd.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'modules/pam_motd') diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c index 1c1cfcfa..ec3ebd58 100644 --- a/modules/pam_motd/pam_motd.c +++ b/modules/pam_motd/pam_motd.c @@ -132,7 +132,6 @@ static int pam_split_string(const pam_handle_t *pamh, char *arg, char delim, goto out; } - arg_extracted = strtok_r(arg, delim_str, &arg); while (arg_extracted != NULL && i < num_strs) { arg_split[i++] = arg_extracted; @@ -363,15 +362,21 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, motd_dir_path = default_motd_dir; } - motd_path_copy = strdup(motd_path); + if (motd_path != NULL) { + motd_path_copy = strdup(motd_path); + } + if (motd_path_copy != NULL) { - if (pam_split_string(pamh, motd_path_copy, ':', &motd_path_split, - &num_motd_paths) == 0) { + if (pam_split_string(pamh, motd_path_copy, ':', + &motd_path_split, &num_motd_paths) == 0) { goto out; } } - motd_dir_path_copy = strdup(motd_dir_path); + if (motd_dir_path != NULL) { + motd_dir_path_copy = strdup(motd_dir_path); + } + if (motd_dir_path_copy != NULL) { if (pam_split_string(pamh, motd_dir_path_copy, ':', &motd_dir_path_split, &num_motd_dir_paths) == 0) { -- cgit v1.2.3 From d57ab22133654033ee1da89f128a81572d320985 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 20 Dec 2018 13:59:25 +0100 Subject: pam_motd: Cleanup the code and avoid unnecessary logging The pam_motd module will not log if the default motd.d directories are missing. Also cleanup some code cleanliness issues and fix compilation warnings. * modules/pam_motd/pam_motd.c: Constification of constant strings. (try_to_display_directory): Removed unused function. (pam_split_string): Replace uint with unsigned int. Fix warnings. (compare_strings): Fix warnings by proper constification. (try_to_display_directories_with_overrides): Cleanups. Switch off the logging if the motd.d directories are missing and they are default ones. (pam_sm_open_session): Cleanup warnings. Pass the information to try_to_display_directories_with_overrides() that non-default motd options are used. --- modules/pam_motd/pam_motd.c | 88 +++++++++++++++++++-------------------------- 1 file changed, 37 insertions(+), 51 deletions(-) (limited to 'modules/pam_motd') diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c index ec3ebd58..dbd718b6 100644 --- a/modules/pam_motd/pam_motd.c +++ b/modules/pam_motd/pam_motd.c @@ -22,6 +22,7 @@ #include #include #include +#include #include #include @@ -48,8 +49,8 @@ pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, return PAM_IGNORE; } -static char default_motd[] = DEFAULT_MOTD; -static char default_motd_dir[] = DEFAULT_MOTD_D; +static const char default_motd[] = DEFAULT_MOTD; +static const char default_motd_dir[] = DEFAULT_MOTD_D; static void try_to_display_fd(pam_handle_t *pamh, int fd) { @@ -75,28 +76,6 @@ static void try_to_display_fd(pam_handle_t *pamh, int fd) _pam_drop(mtmp); } -static void try_to_display_directory(pam_handle_t *pamh, const char *dirname) -{ - DIR *dirp; - - dirp = opendir(dirname); - - if (dirp != NULL) { - struct dirent *entry; - - while ((entry = readdir(dirp))) { - int fd = openat(dirfd(dirp), entry->d_name, O_RDONLY); - - if (fd >= 0) { - try_to_display_fd(pamh, fd); - close(fd); - } - } - - closedir(dirp); - } -} - /* * Split a DELIM-separated string ARG into an array. * Outputs a newly allocated array of strings OUT_ARG_SPLIT @@ -104,14 +83,14 @@ static void try_to_display_directory(pam_handle_t *pamh, const char *dirname) * Returns 0 in case of error, 1 in case of success. */ static int pam_split_string(const pam_handle_t *pamh, char *arg, char delim, - char ***out_arg_split, uint *out_num_strs) + char ***out_arg_split, unsigned int *out_num_strs) { char *arg_extracted = NULL; const char *arg_ptr = arg; char **arg_split = NULL; char delim_str[2]; - int i = 0; - uint num_strs = 0; + unsigned int i = 0; + unsigned int num_strs = 0; int retval = 0; delim_str[0] = delim; @@ -126,7 +105,7 @@ static int pam_split_string(const pam_handle_t *pamh, char *arg, char delim, arg_ptr = strchr(arg_ptr + sizeof(const char), delim); } - arg_split = (char **)calloc(num_strs, sizeof(char *)); + arg_split = calloc(num_strs, sizeof(char *)); if (arg_split == NULL) { pam_syslog(pamh, LOG_CRIT, "pam_motd: failed to allocate string array"); goto out; @@ -180,10 +159,10 @@ static int join_dir_strings(char **strp_out, const char *a_str, const char *b_st return retval; } -static int compare_strings(const void * a, const void * b) +static int compare_strings(const void *a, const void *b) { - const char *a_str = *(char **)a; - const char *b_str = *(char **)b; + const char *a_str = *(const char * const *)a; + const char *b_str = *(const char * const *)b; if (a_str == NULL && b_str == NULL) { return 0; @@ -205,13 +184,13 @@ static int filter_dirents(const struct dirent *d) } static void try_to_display_directories_with_overrides(pam_handle_t *pamh, - char **motd_dir_path_split, int num_motd_dirs) + char **motd_dir_path_split, unsigned int num_motd_dirs, int report_missing) { struct dirent ***dirscans = NULL; - int *dirscans_sizes = NULL; - int dirscans_size_total = 0; + unsigned int *dirscans_sizes = NULL; + unsigned int dirscans_size_total = 0; char **dirnames_all = NULL; - int i; + unsigned int i; int i_dirnames = 0; if (pamh == NULL || motd_dir_path_split == NULL) { @@ -221,29 +200,31 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, goto out; } - if ((dirscans = (struct dirent ***)calloc(num_motd_dirs, - sizeof(struct dirent **))) == NULL) { + if ((dirscans = calloc(num_motd_dirs, sizeof(struct dirent **))) == NULL) { pam_syslog(pamh, LOG_CRIT, "pam_motd: failed to allocate dirent arrays"); goto out; } - if ((dirscans_sizes = (int *)calloc(num_motd_dirs, sizeof(int))) == NULL) { + if ((dirscans_sizes = calloc(num_motd_dirs, sizeof(int))) == NULL) { pam_syslog(pamh, LOG_CRIT, "pam_motd: failed to allocate dirent array sizes"); goto out; } for (i = 0; i < num_motd_dirs; i++) { - dirscans_sizes[i] = scandir(motd_dir_path_split[i], &(dirscans[i]), + int rv; + rv = scandir(motd_dir_path_split[i], &(dirscans[i]), filter_dirents, alphasort); - if (dirscans_sizes[i] < 0) { - pam_syslog(pamh, LOG_ERR, "pam_motd: error scanning directory %s", motd_dir_path_split[i]); - dirscans_sizes[i] = 0; + if (rv < 0) { + if (errno != ENOENT || report_missing) { + pam_syslog(pamh, LOG_ERR, "pam_motd: error scanning directory %s: %m", + motd_dir_path_split[i]); + } + dirscans_sizes[i] = rv; } dirscans_size_total += dirscans_sizes[i]; } /* Allocate space for all file names found in the directories, including duplicates. */ - if ((dirnames_all = (char **)calloc(dirscans_size_total, - sizeof(char *))) == NULL) { + if ((dirnames_all = calloc(dirscans_size_total, sizeof(char *))) == NULL) { pam_syslog(pamh, LOG_CRIT, "pam_motd: failed to allocate dirname array"); goto out; } @@ -253,7 +234,7 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, } for (i = 0; i < num_motd_dirs; i++) { - int j; + unsigned int j; for (j = 0; j < dirscans_sizes[i]; j++) { dirnames_all[i_dirnames] = dirscans[i][j]->d_name; @@ -265,7 +246,7 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, sizeof(const char *), compare_strings); for (i = 0; i < dirscans_size_total; i++) { - int j; + unsigned int j; if (dirnames_all[i] == NULL) { continue; @@ -301,7 +282,8 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, out: _pam_drop(dirnames_all); for (i = 0; i < num_motd_dirs; i++) { - int j; + unsigned int j; + for (j = 0; j < dirscans_sizes[i]; j++) { _pam_drop(dirscans[i][j]); } @@ -319,12 +301,13 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, int retval = PAM_IGNORE; const char *motd_path = NULL; char *motd_path_copy = NULL; - int num_motd_paths = 0; + unsigned int num_motd_paths = 0; char **motd_path_split = NULL; const char *motd_dir_path = NULL; char *motd_dir_path_copy = NULL; - int num_motd_dir_paths = 0; + unsigned int num_motd_dir_paths = 0; char **motd_dir_path_split = NULL; + int report_missing; if (flags & PAM_SILENT) { return retval; @@ -360,6 +343,9 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, if (motd_path == NULL && motd_dir_path == NULL) { motd_path = default_motd; motd_dir_path = default_motd_dir; + report_missing = 0; + } else { + report_missing = 1; } if (motd_path != NULL) { @@ -385,7 +371,7 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, } if (motd_path_split != NULL) { - int i; + unsigned int i; for (i = 0; i < num_motd_paths; i++) { int fd = open(motd_path_split[i], O_RDONLY, 0); @@ -402,7 +388,7 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, if (motd_dir_path_split != NULL) try_to_display_directories_with_overrides(pamh, motd_dir_path_split, - num_motd_dir_paths); + num_motd_dir_paths, report_missing); out: _pam_drop(motd_path_copy); -- cgit v1.2.3 From c81280b16e1831ab0bdd0383486c7e2d1eaf1b5e Mon Sep 17 00:00:00 2001 From: Balint Reczey Date: Wed, 4 Dec 2019 18:12:49 +0100 Subject: pam_motd: Export MOTD_SHOWN=pam after showing MOTD This is a useful indication for update-motd profile.d snippet which can also try to show MOTD when it is not already shown. The use-case for that is showing MOTD in shells in containers without PAM being involved. * modules/pam_motd/pam_motd.c: Export MOTD_SHOWN=pam after showing MOTD * modules/pam_motd/pam_motd.8.xml: Mention setting MOTD_SHOWN=pam in the man page --- modules/pam_motd/pam_motd.8.xml | 5 +++++ modules/pam_motd/pam_motd.c | 2 ++ 2 files changed, 7 insertions(+) (limited to 'modules/pam_motd') diff --git a/modules/pam_motd/pam_motd.8.xml b/modules/pam_motd/pam_motd.8.xml index 4e2110c1..d939ad7e 100644 --- a/modules/pam_motd/pam_motd.8.xml +++ b/modules/pam_motd/pam_motd.8.xml @@ -77,6 +77,11 @@ ln -s /dev/null /etc/motd.d/my_motd + + The MOTD_SHOWN=pam environment variable + is set after showing the motd files, even when all of them were silenced + using symbolic links. + diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c index dbd718b6..51b0168b 100644 --- a/modules/pam_motd/pam_motd.c +++ b/modules/pam_motd/pam_motd.c @@ -396,6 +396,8 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, _pam_drop(motd_dir_path_copy); _pam_drop(motd_dir_path_split); + retval = pam_putenv(pamh, "MOTD_SHOWN=pam"); + return retval; } -- cgit v1.2.3 From 73118592885eb3554eddb360d5f6ab65ee6e1c03 Mon Sep 17 00:00:00 2001 From: Balint Reczey Date: Tue, 17 Dec 2019 16:48:13 +0100 Subject: Return only PAM_IGNORE or error from pam_motd Follow-up for c81280b16e1831ab0bdd0383486c7e2d1eaf1b5e. * modules/pam_motd/pam_motd.c: Return PAM_IGNORE if pam_putenv succeeds. * modules/pam_motd/pam_motd.8.xml: Document additional possible return values of the module. --- modules/pam_motd/pam_motd.8.xml | 18 +++++++++++++++++- modules/pam_motd/pam_motd.c | 2 +- 2 files changed, 18 insertions(+), 2 deletions(-) (limited to 'modules/pam_motd') diff --git a/modules/pam_motd/pam_motd.8.xml b/modules/pam_motd/pam_motd.8.xml index d939ad7e..b533530b 100644 --- a/modules/pam_motd/pam_motd.8.xml +++ b/modules/pam_motd/pam_motd.8.xml @@ -132,11 +132,27 @@ RETURN VALUES + + PAM_ABORT + + + Not all relevant data or options could be obtained. + + + + + PAM_BUF_ERR + + + Memory buffer error. + + + PAM_IGNORE - This is the only return value of this module. + This is the default return value of this module. diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c index 51b0168b..f22cea3a 100644 --- a/modules/pam_motd/pam_motd.c +++ b/modules/pam_motd/pam_motd.c @@ -398,7 +398,7 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, retval = pam_putenv(pamh, "MOTD_SHOWN=pam"); - return retval; + return retval == PAM_SUCCESS ? PAM_IGNORE : retval; } /* end of module definition */ -- cgit v1.2.3 From 1781f0165c6f83601088f47681a05956ad9c21e1 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Wed, 18 Dec 2019 13:55:23 +0100 Subject: Do not use CFLAGS for warning flags set from configure To be able to set CFLAGS from make command-line but not to lose the warning flags. * configure.ac: Put warning flags to WARN_CFLAGS instead of CFLAGS. * */Makefile.am: Apply WARN_CFLAGS to AM_CFLAGS. --- modules/pam_motd/Makefile.am | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'modules/pam_motd') diff --git a/modules/pam_motd/Makefile.am b/modules/pam_motd/Makefile.am index bd499c54..ed77a739 100644 --- a/modules/pam_motd/Makefile.am +++ b/modules/pam_motd/Makefile.am @@ -15,7 +15,8 @@ TESTS = tst-pam_motd securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + $(WARN_CFLAGS) AM_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map -- cgit v1.2.3 From 4dd9b97b762cc73816cb867d49c9d0d0b91d642c Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Sat, 25 Jan 2020 11:11:18 +0100 Subject: configure.ac: add --enable-doc option Allow the user to disable documentation through --disable-doc (enabled by default), this is especially useful when cross-compiling for embedded targets Signed-off-by: Fabrice Fontaine --- modules/pam_motd/Makefile.am | 2 ++ 1 file changed, 2 insertions(+) (limited to 'modules/pam_motd') diff --git a/modules/pam_motd/Makefile.am b/modules/pam_motd/Makefile.am index ed77a739..af94d6ad 100644 --- a/modules/pam_motd/Makefile.am +++ b/modules/pam_motd/Makefile.am @@ -7,7 +7,9 @@ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_motd +if HAVE_DOC man_MANS = pam_motd.8 +endif XMLS = README.xml pam_motd.8.xml TESTS = tst-pam_motd -- cgit v1.2.3 From 69097289e58777306fdd88b08c510eca0916b4a5 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Thu, 5 Mar 2020 00:58:23 +0000 Subject: Fix whitespace issues Remove trailing whitespace introduced by commit f9c9c72121eada731e010ab3620762bcf63db08f. Remove blank lines at EOF introduced by commit 65d6735c5949ec233df9813f734e918a93fa36cf. This makes the project free of warnings reported by git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD * doc/custom-html.xsl: Remove blank line at EOF. * doc/custom-man.xsl: Likewise. * modules/pam_motd/pam_motd.c: Remove trailing whitespace. --- modules/pam_motd/pam_motd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/pam_motd') diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c index f22cea3a..0435a904 100644 --- a/modules/pam_motd/pam_motd.c +++ b/modules/pam_motd/pam_motd.c @@ -136,7 +136,7 @@ static int join_dir_strings(char **strp_out, const char *a_str, const char *b_st int has_sep = 0; int retval = -1; char *join_strp = NULL; - + if (strp_out == NULL || a_str == NULL || b_str == NULL) { goto out; } -- cgit v1.2.3 From 2dda82239dfa0ef5f91c6a6b72e3c0c2e62af6fe Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Mon, 16 Mar 2020 21:02:18 +0000 Subject: modules/pam_motd: use pam_str_skip_prefix * modules/pam_motd/pam_motd.c: Include "pam_inline.h". (pam_sm_open_session): Use pam_str_skip_prefix instead of ugly strncmp invocations. --- modules/pam_motd/pam_motd.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'modules/pam_motd') diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c index 0435a904..d1a4d436 100644 --- a/modules/pam_motd/pam_motd.c +++ b/modules/pam_motd/pam_motd.c @@ -39,6 +39,7 @@ #include #include +#include "pam_inline.h" /* --- session management functions (only) --- */ @@ -314,9 +315,10 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, } for (; argc-- > 0; ++argv) { - if (!strncmp(*argv,"motd=",5)) { + const char *str; + if ((str = pam_str_skip_prefix(*argv, "motd=")) != NULL) { - motd_path = 5 + *argv; + motd_path = str; if (*motd_path != '\0') { D(("set motd path: %s", motd_path)); } else { @@ -325,9 +327,9 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, "motd= specification missing argument - ignored"); } } - else if (!strncmp(*argv,"motd_dir=",9)) { + else if ((str = pam_str_skip_prefix(*argv, "motd_dir=")) != NULL) { - motd_dir_path = 9 + *argv; + motd_dir_path = str; if (*motd_dir_path != '\0') { D(("set motd.d path: %s", motd_dir_path)); } else { -- cgit v1.2.3 From 4efb14c2ae1c2cf8c0aba4f626a0942295017f40 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Sun, 26 Apr 2020 11:12:59 +0000 Subject: pam_motd: do not zero the memory allocated by calloc As dirnames_all is allocated with calloc, zeroing it out is pointless. * modules/pam_motd/pam_motd.c (try_to_display_directories_with_overrides): Remove redundant zeroing of dirnames_all. Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)") --- modules/pam_motd/pam_motd.c | 4 ---- 1 file changed, 4 deletions(-) (limited to 'modules/pam_motd') diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c index d1a4d436..3870d997 100644 --- a/modules/pam_motd/pam_motd.c +++ b/modules/pam_motd/pam_motd.c @@ -230,10 +230,6 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, goto out; } - for (i = 0; i < dirscans_size_total; i++) { - dirnames_all[i] = NULL; - } - for (i = 0; i < num_motd_dirs; i++) { unsigned int j; -- cgit v1.2.3 From 70ee22ba4414b47dcd4ea2dfb8f3ba462b38718d Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Sun, 26 Apr 2020 11:12:59 +0000 Subject: pam_motd: fix misleading error diagnostics Do not invoke calloc with the first argument equal to zero as the return value can be NULL which is undistinguishable from memory allocation error. * modules/pam_motd/pam_motd.c (try_to_display_directories_with_overrides): Skip if there are no directory entries (dirscans_size_total == 0). Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)") --- modules/pam_motd/pam_motd.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'modules/pam_motd') diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c index 3870d997..f0cd317d 100644 --- a/modules/pam_motd/pam_motd.c +++ b/modules/pam_motd/pam_motd.c @@ -224,6 +224,9 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, dirscans_size_total += dirscans_sizes[i]; } + if (dirscans_size_total == 0) + goto out; + /* Allocate space for all file names found in the directories, including duplicates. */ if ((dirnames_all = calloc(dirscans_size_total, sizeof(char *))) == NULL) { pam_syslog(pamh, LOG_CRIT, "pam_motd: failed to allocate dirname array"); -- cgit v1.2.3 From 62cd745d730e5ba13d5d7092ac566fc0b2148e61 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Sun, 26 Apr 2020 11:12:59 +0000 Subject: pam_motd: fix memory leak pam_motd used to leak memory allocated for each motd file successfully opened in try_to_display_directories_with_overrides. * modules/pam_motd/pam_motd.c (try_to_display_directories_with_overrides): Free abs_path. Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)") --- modules/pam_motd/pam_motd.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'modules/pam_motd') diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c index f0cd317d..3be129a5 100644 --- a/modules/pam_motd/pam_motd.c +++ b/modules/pam_motd/pam_motd.c @@ -259,23 +259,23 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, for (j = 0; j < num_motd_dirs; j++) { char *abs_path = NULL; + int fd; if (join_dir_strings(&abs_path, motd_dir_path_split[j], - dirnames_all[i]) < 0) { + dirnames_all[i]) < 0 || abs_path == NULL) { continue; } - if (abs_path != NULL) { - int fd = open(abs_path, O_RDONLY, 0); - if (fd >= 0) { - try_to_display_fd(pamh, fd); - close(fd); + fd = open(abs_path, O_RDONLY, 0); + _pam_drop(abs_path); - /* We displayed a file, skip to the next file name. */ - break; - } + if (fd >= 0) { + try_to_display_fd(pamh, fd); + close(fd); + + /* We displayed a file, skip to the next file name. */ + break; } - _pam_drop(abs_path); } } -- cgit v1.2.3 From 1e14a517cf9b52c4d1697467d1c235215b8519cb Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Sun, 26 Apr 2020 11:12:59 +0000 Subject: pam_motd: remove redundant prefix from syslog messages pam_syslog already does all the prefixing we need. * modules/pam_motd/pam_motd.c (pam_split_string, try_to_display_directories_with_overrides): Remove "pam_motd: " prefix from strings passed to pam_syslog. Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)") --- modules/pam_motd/pam_motd.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'modules/pam_motd') diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c index 3be129a5..6017bb40 100644 --- a/modules/pam_motd/pam_motd.c +++ b/modules/pam_motd/pam_motd.c @@ -108,7 +108,7 @@ static int pam_split_string(const pam_handle_t *pamh, char *arg, char delim, arg_split = calloc(num_strs, sizeof(char *)); if (arg_split == NULL) { - pam_syslog(pamh, LOG_CRIT, "pam_motd: failed to allocate string array"); + pam_syslog(pamh, LOG_CRIT, "failed to allocate string array"); goto out; } @@ -202,11 +202,11 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, } if ((dirscans = calloc(num_motd_dirs, sizeof(struct dirent **))) == NULL) { - pam_syslog(pamh, LOG_CRIT, "pam_motd: failed to allocate dirent arrays"); + pam_syslog(pamh, LOG_CRIT, "failed to allocate dirent arrays"); goto out; } if ((dirscans_sizes = calloc(num_motd_dirs, sizeof(int))) == NULL) { - pam_syslog(pamh, LOG_CRIT, "pam_motd: failed to allocate dirent array sizes"); + pam_syslog(pamh, LOG_CRIT, "failed to allocate dirent array sizes"); goto out; } @@ -216,7 +216,7 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, filter_dirents, alphasort); if (rv < 0) { if (errno != ENOENT || report_missing) { - pam_syslog(pamh, LOG_ERR, "pam_motd: error scanning directory %s: %m", + pam_syslog(pamh, LOG_ERR, "error scanning directory %s: %m", motd_dir_path_split[i]); } dirscans_sizes[i] = rv; @@ -229,7 +229,7 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, /* Allocate space for all file names found in the directories, including duplicates. */ if ((dirnames_all = calloc(dirscans_size_total, sizeof(char *))) == NULL) { - pam_syslog(pamh, LOG_CRIT, "pam_motd: failed to allocate dirname array"); + pam_syslog(pamh, LOG_CRIT, "failed to allocate dirname array"); goto out; } -- cgit v1.2.3 From 48090491ef704ef2c61951b7dcbcd4373dcb5c5d Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Sun, 26 Apr 2020 11:12:59 +0000 Subject: pam_motd: remove redundant return statement * modules/pam_motd/pam_motd.c (try_to_display_directories_with_overrides): Remove return statement at the end of the function returning void. Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)") --- modules/pam_motd/pam_motd.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'modules/pam_motd') diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c index 6017bb40..a8887ec1 100644 --- a/modules/pam_motd/pam_motd.c +++ b/modules/pam_motd/pam_motd.c @@ -291,8 +291,6 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, } _pam_drop(dirscans_sizes); _pam_drop(dirscans); - - return; } int pam_sm_open_session(pam_handle_t *pamh, int flags, -- cgit v1.2.3 From b77aa28f46596773110e842d79b65d3fdce9ed22 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Sun, 26 Apr 2020 11:12:59 +0000 Subject: pam_motd: fix NULL dereference on error path * modules/pam_motd/pam_motd.c (try_to_display_directories_with_overrides): Do not access elements of dirscans_sizes array if dirscans_sizes == NULL due to an earlier memory allocation error. Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)") --- modules/pam_motd/pam_motd.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'modules/pam_motd') diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c index a8887ec1..49886d1a 100644 --- a/modules/pam_motd/pam_motd.c +++ b/modules/pam_motd/pam_motd.c @@ -281,15 +281,16 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, out: _pam_drop(dirnames_all); - for (i = 0; i < num_motd_dirs; i++) { - unsigned int j; + if (dirscans_sizes != NULL) { + for (i = 0; i < num_motd_dirs; i++) { + unsigned int j; - for (j = 0; j < dirscans_sizes[i]; j++) { - _pam_drop(dirscans[i][j]); + for (j = 0; j < dirscans_sizes[i]; j++) + _pam_drop(dirscans[i][j]); + _pam_drop(dirscans[i]); } - _pam_drop(dirscans[i]); + _pam_drop(dirscans_sizes); } - _pam_drop(dirscans_sizes); _pam_drop(dirscans); } -- cgit v1.2.3 From 49b9d3039dc63f9c7e0dec51997ac2dc7f1e8703 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Sun, 26 Apr 2020 11:12:59 +0000 Subject: pam_motd: cleanup calloc invocations Apply the following calloc invocation idiom: ptr = calloc(nmemb, sizeof(*ptr)); * modules/pam_motd/pam_motd.c (pam_split_string, try_to_display_directories_with_overrides): Cleanup calloc invocations. Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)") --- modules/pam_motd/pam_motd.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'modules/pam_motd') diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c index 49886d1a..df09b7d0 100644 --- a/modules/pam_motd/pam_motd.c +++ b/modules/pam_motd/pam_motd.c @@ -106,7 +106,7 @@ static int pam_split_string(const pam_handle_t *pamh, char *arg, char delim, arg_ptr = strchr(arg_ptr + sizeof(const char), delim); } - arg_split = calloc(num_strs, sizeof(char *)); + arg_split = calloc(num_strs, sizeof(*arg_split)); if (arg_split == NULL) { pam_syslog(pamh, LOG_CRIT, "failed to allocate string array"); goto out; @@ -201,11 +201,11 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, goto out; } - if ((dirscans = calloc(num_motd_dirs, sizeof(struct dirent **))) == NULL) { + if ((dirscans = calloc(num_motd_dirs, sizeof(*dirscans))) == NULL) { pam_syslog(pamh, LOG_CRIT, "failed to allocate dirent arrays"); goto out; } - if ((dirscans_sizes = calloc(num_motd_dirs, sizeof(int))) == NULL) { + if ((dirscans_sizes = calloc(num_motd_dirs, sizeof(*dirscans_sizes))) == NULL) { pam_syslog(pamh, LOG_CRIT, "failed to allocate dirent array sizes"); goto out; } @@ -228,7 +228,7 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, goto out; /* Allocate space for all file names found in the directories, including duplicates. */ - if ((dirnames_all = calloc(dirscans_size_total, sizeof(char *))) == NULL) { + if ((dirnames_all = calloc(dirscans_size_total, sizeof(*dirnames_all))) == NULL) { pam_syslog(pamh, LOG_CRIT, "failed to allocate dirname array"); goto out; } -- cgit v1.2.3 From c2c0434bd634a817f2b16ce7f58fc96c04e88b03 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Sun, 26 Apr 2020 11:12:59 +0000 Subject: pam_motd: fix NULL dereference when at least one of motd directories is not available * modules/pam_motd/pam_motd.c (try_to_display_directories_with_overrides): Do not assign -1U to dirscans_sizes[i] when scandir(motd_dir_path_split[i]) returns an error. Resolves: https://bugzilla.altlinux.org/38389 Fixes: d57ab221 ("pam_motd: Cleanup the code and avoid unnecessary logging") --- modules/pam_motd/pam_motd.c | 1 + 1 file changed, 1 insertion(+) (limited to 'modules/pam_motd') diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c index df09b7d0..8147c6fd 100644 --- a/modules/pam_motd/pam_motd.c +++ b/modules/pam_motd/pam_motd.c @@ -219,6 +219,7 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, pam_syslog(pamh, LOG_ERR, "error scanning directory %s: %m", motd_dir_path_split[i]); } + } else { dirscans_sizes[i] = rv; } dirscans_size_total += dirscans_sizes[i]; -- cgit v1.2.3 From 0f5b1b11d286a1ac070b75b49631f6327b286fb4 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Mon, 27 Apr 2020 15:34:04 +0000 Subject: modules/*/Makefile.am: list tests in EXTRA_DIST uniformly The change was prepared using the following script: git grep -l '^TESTS = tst-pam_' modules/ |while read m; do t="$(sed '/^TESTS = tst-pam_/!d;s/^TESTS = //;q' -- "$m")" sed -i "/^EXTRA_DIST =/ s/$t\\>/\$(TESTS)/" -- "$m" done * modules/pam_access/Makefile.am (EXTRA_DIST): Replace tst-pam_access with $(TESTS). * modules/pam_cracklib/Makefile.am (EXTRA_DIST): Replace tst-pam_cracklib with $(TESTS). * modules/pam_debug/Makefile.am (EXTRA_DIST): Replace tst-pam_debug with $(TESTS). * modules/pam_deny/Makefile.am (EXTRA_DIST): Replace tst-pam_deny with $(TESTS). * modules/pam_echo/Makefile.am (EXTRA_DIST): Replace tst-pam_echo with $(TESTS). * modules/pam_env/Makefile.am (EXTRA_DIST): Replace tst-pam_env with $(TESTS). * modules/pam_exec/Makefile.am (EXTRA_DIST): Replace tst-pam_exec with $(TESTS). * modules/pam_faildelay/Makefile.am (EXTRA_DIST): Replace tst-pam_faildelay with $(TESTS). * modules/pam_filter/Makefile.am (EXTRA_DIST): Replace tst-pam_filter with $(TESTS). * modules/pam_ftp/Makefile.am (EXTRA_DIST): Replace tst-pam_ftp with $(TESTS). * modules/pam_group/Makefile.am (EXTRA_DIST): Replace tst-pam_group with $(TESTS). * modules/pam_issue/Makefile.am (EXTRA_DIST): Replace tst-pam_issue with $(TESTS). * modules/pam_keyinit/Makefile.am (EXTRA_DIST): Replace tst-pam_keyinit with $(TESTS). * modules/pam_lastlog/Makefile.am (EXTRA_DIST): Replace tst-pam_lastlog with $(TESTS). * modules/pam_limits/Makefile.am (EXTRA_DIST): Replace tst-pam_limits with $(TESTS). * modules/pam_listfile/Makefile.am (EXTRA_DIST): Replace tst-pam_listfile with $(TESTS). * modules/pam_localuser/Makefile.am (EXTRA_DIST): Replace tst-pam_localuser with $(TESTS). * modules/pam_loginuid/Makefile.am (EXTRA_DIST): Replace tst-pam_loginuid with $(TESTS). * modules/pam_mail/Makefile.am (EXTRA_DIST): Replace tst-pam_mail with $(TESTS). * modules/pam_mkhomedir/Makefile.am (EXTRA_DIST): Replace tst-pam_mkhomedir with $(TESTS). * modules/pam_motd/Makefile.am (EXTRA_DIST): Replace tst-pam_motd with $(TESTS). * modules/pam_namespace/Makefile.am (EXTRA_DIST): Replace tst-pam_namespace with $(TESTS). * modules/pam_nologin/Makefile.am (EXTRA_DIST): Replace tst-pam_nologin with $(TESTS). * modules/pam_permit/Makefile.am (EXTRA_DIST): Replace tst-pam_permit with $(TESTS). * modules/pam_pwhistory/Makefile.am (EXTRA_DIST): Replace tst-pam_pwhistory with $(TESTS). * modules/pam_rhosts/Makefile.am (EXTRA_DIST): Replace tst-pam_rhosts with $(TESTS). * modules/pam_rootok/Makefile.am (EXTRA_DIST): Replace tst-pam_rootok with $(TESTS). * modules/pam_securetty/Makefile.am (EXTRA_DIST): Replace tst-pam_securetty with $(TESTS). * modules/pam_sepermit/Makefile.am (EXTRA_DIST): Replace tst-pam_sepermit with $(TESTS). * modules/pam_setquota/Makefile.am (EXTRA_DIST): Replace tst-pam_setquota with $(TESTS). * modules/pam_shells/Makefile.am (EXTRA_DIST): Replace tst-pam_shells with $(TESTS). * modules/pam_stress/Makefile.am (EXTRA_DIST): Replace tst-pam_stress with $(TESTS). * modules/pam_succeed_if/Makefile.am (EXTRA_DIST): Replace tst-pam_succeed_if with $(TESTS). * modules/pam_tally/Makefile.am (EXTRA_DIST): Replace tst-pam_tally with $(TESTS). * modules/pam_tally2/Makefile.am (EXTRA_DIST): Replace tst-pam_tally2 with $(TESTS). * modules/pam_time/Makefile.am (EXTRA_DIST): Replace tst-pam_time with $(TESTS). * modules/pam_tty_audit/Makefile.am (EXTRA_DIST): Replace tst-pam_tty_audit with $(TESTS). * modules/pam_umask/Makefile.am (EXTRA_DIST): Replace tst-pam_umask with $(TESTS). * modules/pam_userdb/Makefile.am (EXTRA_DIST): Replace tst-pam_userdb with $(TESTS). * modules/pam_usertype/Makefile.am (EXTRA_DIST): Replace tst-pam_usertype with $(TESTS). * modules/pam_warn/Makefile.am (EXTRA_DIST): Replace tst-pam_warn with $(TESTS). * modules/pam_wheel/Makefile.am (EXTRA_DIST): Replace tst-pam_wheel with $(TESTS). * modules/pam_xauth/Makefile.am (EXTRA_DIST): Replace tst-pam_xauth with $(TESTS). --- modules/pam_motd/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/pam_motd') diff --git a/modules/pam_motd/Makefile.am b/modules/pam_motd/Makefile.am index af94d6ad..7b67ebeb 100644 --- a/modules/pam_motd/Makefile.am +++ b/modules/pam_motd/Makefile.am @@ -5,7 +5,7 @@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README -EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_motd +EXTRA_DIST = README $(MANS) $(XMLS) $(TESTS) if HAVE_DOC man_MANS = pam_motd.8 -- cgit v1.2.3 From bd849daab0c0a1107512d4575404f22525db5f96 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Mon, 27 Apr 2020 15:34:04 +0000 Subject: modules/*/Makefile.am: list prerequisites of README target uniformly There is no need to list prerequisites of README targets manually as all README targets depend on $(XMLS). The change is performed automatically using the following script: sed -i 's/^README: pam_.*/README: $(XMLS)/' modules/*/Makefile.am * modules/pam_access/Makefile.am (README): Replace pam_access.8.xml and access.conf.5.xml with $(XMLS). * modules/pam_cracklib/Makefile.am (README): Replace pam_cracklib.8.xml with $(XMLS). * modules/pam_debug/Makefile.am (README): Replace pam_debug.8.xml with $(XMLS). * modules/pam_deny/Makefile.am (README): Replace pam_deny.8.xml with $(XMLS). * modules/pam_echo/Makefile.am (README): Replace pam_echo.8.xml with $(XMLS). * modules/pam_env/Makefile.am (README): Replace pam_env.8.xml and pam_env.conf.5.xml with $(XMLS). * modules/pam_exec/Makefile.am (README): Replace pam_exec.8.xml with $(XMLS). * modules/pam_faildelay/Makefile.am (README): Replace pam_faildelay.8.xml with $(XMLS). * modules/pam_filter/Makefile.am (README): Replace pam_filter.8.xml with $(XMLS). * modules/pam_ftp/Makefile.am (README): Replace pam_ftp.8.xml with $(XMLS). * modules/pam_group/Makefile.am (README): Replace pam_group.8.xml and group.conf.5.xml with $(XMLS). * modules/pam_issue/Makefile.am (README): Replace pam_issue.8.xml with $(XMLS). * modules/pam_keyinit/Makefile.am (README): Replace pam_keyinit.8.xml with $(XMLS). * modules/pam_lastlog/Makefile.am (README): Replace pam_lastlog.8.xml with $(XMLS). * modules/pam_limits/Makefile.am (README): Replace pam_limits.8.xml and limits.conf.5.xml with $(XMLS). * modules/pam_listfile/Makefile.am (README): Replace pam_listfile.8.xml with $(XMLS). * modules/pam_localuser/Makefile.am (README): Replace pam_localuser.8.xml with $(XMLS). * modules/pam_loginuid/Makefile.am (README): Replace pam_loginuid.8.xml with $(XMLS). * modules/pam_mail/Makefile.am (README): Replace pam_mail.8.xml with $(XMLS). * modules/pam_mkhomedir/Makefile.am (README): Replace pam_mkhomedir.8.xml with $(XMLS). * modules/pam_motd/Makefile.am (README): Replace pam_motd.8.xml with $(XMLS). * modules/pam_namespace/Makefile.am (README): Replace pam_namespace.8.xml, namespace.conf.5.xml, and pam_namespace_helper.8.xml with $(XMLS). * modules/pam_nologin/Makefile.am (README): Replace pam_nologin.8.xml with $(XMLS). * modules/pam_permit/Makefile.am (README): Replace pam_permit.8.xml with $(XMLS). * modules/pam_pwhistory/Makefile.am (README): Replace pam_pwhistory.8.xml with $(XMLS). * modules/pam_rhosts/Makefile.am (README): Replace pam_rhosts.8.xml with $(XMLS). * modules/pam_rootok/Makefile.am (README): Replace pam_rootok.8.xml with $(XMLS). * modules/pam_securetty/Makefile.am (README): Replace pam_securetty.8.xml with $(XMLS). * modules/pam_selinux/Makefile.am (README): Replace pam_selinux.8.xml with $(XMLS). * modules/pam_sepermit/Makefile.am (README): Replace pam_sepermit.8.xml with $(XMLS). * modules/pam_setquota/Makefile.am (README): Replace pam_setquota.8.xml with $(XMLS). * modules/pam_shells/Makefile.am (README): Replace pam_shells.8.xml with $(XMLS). * modules/pam_succeed_if/Makefile.am (README): Replace pam_succeed_if.8.xml with $(XMLS). * modules/pam_tally/Makefile.am (README): Replace pam_tally.8.xml with $(XMLS). * modules/pam_tally2/Makefile.am (README): Replace pam_tally2.8.xml with $(XMLS). * modules/pam_time/Makefile.am (README): Replace pam_time.8.xml and time.conf.5.xml with $(XMLS). * modules/pam_timestamp/Makefile.am (README): Replace pam_timestamp.8.xml with $(XMLS). * modules/pam_tty_audit/Makefile.am (README): Replace pam_tty_audit.8.xml with $(XMLS). * modules/pam_umask/Makefile.am (README): Replace pam_umask.8.xml with $(XMLS). * modules/pam_unix/Makefile.am (README): Replace pam_unix.8.xml with $(XMLS). * modules/pam_userdb/Makefile.am (README): Replace pam_userdb.8.xml with $(XMLS). * modules/pam_usertype/Makefile.am (README): Replace pam_usertype.8.xml with $(XMLS). * modules/pam_warn/Makefile.am (README): Replace pam_warn.8.xml with $(XMLS). * modules/pam_wheel/Makefile.am (README): Replace pam_wheel.8.xml with $(XMLS). * modules/pam_xauth/Makefile.am (README): Replace pam_xauth.8.xml with $(XMLS). --- modules/pam_motd/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/pam_motd') diff --git a/modules/pam_motd/Makefile.am b/modules/pam_motd/Makefile.am index 7b67ebeb..0554df82 100644 --- a/modules/pam_motd/Makefile.am +++ b/modules/pam_motd/Makefile.am @@ -29,6 +29,6 @@ pam_motd_la_LIBADD = $(top_builddir)/libpam/libpam.la if ENABLE_REGENERATE_MAN noinst_DATA = README -README: pam_motd.8.xml +README: $(XMLS) -include $(top_srcdir)/Make.xml.rules endif -- cgit v1.2.3 From 1886b6020c510cab239b3ae8db20a66991d8f8db Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Mon, 27 Apr 2020 15:34:04 +0000 Subject: build: move README prerequisites rule from modules/*/Makefile.am to Make.xml.rules As the rule is now the same in every modules/*/Makefile.am file, move it to Make.xml.rules. * Make.xml.rules (README): New prerequisites rule. * modules/pam_access/Makefile.am (README): Remove rule. * modules/pam_cracklib/Makefile.am (README): Likewise. * modules/pam_debug/Makefile.am (README): Likewise. * modules/pam_deny/Makefile.am (README): Likewise. * modules/pam_echo/Makefile.am (README): Likewise. * modules/pam_env/Makefile.am (README): Likewise. * modules/pam_exec/Makefile.am (README): Likewise. * modules/pam_faildelay/Makefile.am (README): Likewise. * modules/pam_filter/Makefile.am (README): Likewise. * modules/pam_ftp/Makefile.am (README): Likewise. * modules/pam_group/Makefile.am (README): Likewise. * modules/pam_issue/Makefile.am (README): Likewise. * modules/pam_keyinit/Makefile.am (README): Likewise. * modules/pam_lastlog/Makefile.am (README): Likewise. * modules/pam_limits/Makefile.am (README): Likewise. * modules/pam_listfile/Makefile.am (README): Likewise. * modules/pam_localuser/Makefile.am (README): Likewise. * modules/pam_loginuid/Makefile.am (README): Likewise. * modules/pam_mail/Makefile.am (README): Likewise. * modules/pam_mkhomedir/Makefile.am (README): Likewise. * modules/pam_motd/Makefile.am (README): Likewise. * modules/pam_namespace/Makefile.am (README): Likewise. * modules/pam_nologin/Makefile.am (README): Likewise. * modules/pam_permit/Makefile.am (README): Likewise. * modules/pam_pwhistory/Makefile.am (README): Likewise. * modules/pam_rhosts/Makefile.am (README): Likewise. * modules/pam_rootok/Makefile.am (README): Likewise. * modules/pam_securetty/Makefile.am (README): Likewise. * modules/pam_selinux/Makefile.am (README): Likewise. * modules/pam_sepermit/Makefile.am (README): Likewise. * modules/pam_setquota/Makefile.am (README): Likewise. * modules/pam_shells/Makefile.am (README): Likewise. * modules/pam_succeed_if/Makefile.am (README): Likewise. * modules/pam_tally/Makefile.am (README): Likewise. * modules/pam_tally2/Makefile.am (README): Likewise. * modules/pam_time/Makefile.am (README): Likewise. * modules/pam_timestamp/Makefile.am (README): Likewise. * modules/pam_tty_audit/Makefile.am (README): Likewise. * modules/pam_umask/Makefile.am (README): Likewise. * modules/pam_unix/Makefile.am (README): Likewise. * modules/pam_userdb/Makefile.am (README): Likewise. * modules/pam_usertype/Makefile.am (README): Likewise. * modules/pam_warn/Makefile.am (README): Likewise. * modules/pam_wheel/Makefile.am (README): Likewise. * modules/pam_xauth/Makefile.am (README): Likewise. --- modules/pam_motd/Makefile.am | 1 - 1 file changed, 1 deletion(-) (limited to 'modules/pam_motd') diff --git a/modules/pam_motd/Makefile.am b/modules/pam_motd/Makefile.am index 0554df82..00124d70 100644 --- a/modules/pam_motd/Makefile.am +++ b/modules/pam_motd/Makefile.am @@ -29,6 +29,5 @@ pam_motd_la_LIBADD = $(top_builddir)/libpam/libpam.la if ENABLE_REGENERATE_MAN noinst_DATA = README -README: $(XMLS) -include $(top_srcdir)/Make.xml.rules endif -- cgit v1.2.3 From d9fe742a06af41711faba73d2f97f4d13b1b0534 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Mon, 27 Apr 2020 15:34:04 +0000 Subject: modules/*/Makefile.am: reorder lines to promote uniformity This is essentially a no-op change that makes modules/*/Makefile.am files less divergent. --- modules/pam_motd/Makefile.am | 1 - 1 file changed, 1 deletion(-) (limited to 'modules/pam_motd') diff --git a/modules/pam_motd/Makefile.am b/modules/pam_motd/Makefile.am index 00124d70..2bf5917f 100644 --- a/modules/pam_motd/Makefile.am +++ b/modules/pam_motd/Makefile.am @@ -11,7 +11,6 @@ if HAVE_DOC man_MANS = pam_motd.8 endif XMLS = README.xml pam_motd.8.xml - TESTS = tst-pam_motd securelibdir = $(SECUREDIR) -- cgit v1.2.3 From d8a518391c4fd93a05e19d145a01bdc8f54a2ff8 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Mon, 27 Apr 2020 15:34:04 +0000 Subject: modules/*/Makefile.am: replace README with $(DATA) in EXTRA_DIST Since the GNU Automake distributes README files by default, the only reason why README had to be listed in EXTRA_DIST was to make these README files generated. Since README is also listed in noinst_DATA, we can safely replace README in EXTRA_DIST with $(DATA), this also opens the way for further EXTRA_DIST cleanup. * modules/*/Makefile.am (EXTRA_DIST): Replace README with $(DATA). --- modules/pam_motd/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/pam_motd') diff --git a/modules/pam_motd/Makefile.am b/modules/pam_motd/Makefile.am index 2bf5917f..46f4673c 100644 --- a/modules/pam_motd/Makefile.am +++ b/modules/pam_motd/Makefile.am @@ -5,7 +5,7 @@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README -EXTRA_DIST = README $(MANS) $(XMLS) $(TESTS) +EXTRA_DIST = $(DATA) $(MANS) $(XMLS) $(TESTS) if HAVE_DOC man_MANS = pam_motd.8 -- cgit v1.2.3 From 97887fd27d83278d045f69759c9d45730c6e01c3 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Sun, 3 May 2020 01:18:44 +0000 Subject: modules/*/Makefile.am: add dist_ prefix to *_DATA ... and remove $(DATA) from EXTRA_DIST. The change is performed automatically using the following script: sed -i 's/^[a-z]*_DATA/dist_&/; /^EXTRA_DIST/ s/ \$(DATA)//' modules/*/Makefile.am --- modules/pam_motd/Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/pam_motd') diff --git a/modules/pam_motd/Makefile.am b/modules/pam_motd/Makefile.am index 46f4673c..fdb73d1b 100644 --- a/modules/pam_motd/Makefile.am +++ b/modules/pam_motd/Makefile.am @@ -5,7 +5,7 @@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README -EXTRA_DIST = $(DATA) $(MANS) $(XMLS) $(TESTS) +EXTRA_DIST = $(MANS) $(XMLS) $(TESTS) if HAVE_DOC man_MANS = pam_motd.8 @@ -27,6 +27,6 @@ securelib_LTLIBRARIES = pam_motd.la pam_motd_la_LIBADD = $(top_builddir)/libpam/libpam.la if ENABLE_REGENERATE_MAN -noinst_DATA = README +dist_noinst_DATA = README -include $(top_srcdir)/Make.xml.rules endif -- cgit v1.2.3 From b0321cdeccdc90f77623e14f5c9e0a52b1c5b8a6 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Sun, 3 May 2020 01:18:44 +0000 Subject: modules/*/Makefile.am: rename man_MANS to dist_man_MANS ... and remove $(MANS) from EXTRA_DIST. The change is performed automatically using the following script: sed -i 's/^man_MANS/dist_&/; /^EXTRA_DIST/ s/ \$(MANS)//' modules/*/Makefile.am --- modules/pam_motd/Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/pam_motd') diff --git a/modules/pam_motd/Makefile.am b/modules/pam_motd/Makefile.am index fdb73d1b..7818a6a3 100644 --- a/modules/pam_motd/Makefile.am +++ b/modules/pam_motd/Makefile.am @@ -5,10 +5,10 @@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README -EXTRA_DIST = $(MANS) $(XMLS) $(TESTS) +EXTRA_DIST = $(XMLS) $(TESTS) if HAVE_DOC -man_MANS = pam_motd.8 +dist_man_MANS = pam_motd.8 endif XMLS = README.xml pam_motd.8.xml TESTS = tst-pam_motd -- cgit v1.2.3 From f7d09edb72f605a2f7e1ec7989ab01c947bb1bee Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Sun, 3 May 2020 12:21:11 +0000 Subject: modules/*/Makefile.am: rename TESTS to dist_check_SCRIPTS ... and remove $(TESTS) from EXTRA_DIST. The change is performed automatically using the following script: sed -i -e 's/^TESTS = \(tst.*\)/dist_check_SCRIPTS = \1\nTESTS = $(dist_check_SCRIPTS)/' \ -e '/^EXTRA_DIST/ s/ \$(TESTS)//' modules/*/Makefile.am --- modules/pam_motd/Makefile.am | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'modules/pam_motd') diff --git a/modules/pam_motd/Makefile.am b/modules/pam_motd/Makefile.am index 7818a6a3..956dad2b 100644 --- a/modules/pam_motd/Makefile.am +++ b/modules/pam_motd/Makefile.am @@ -5,13 +5,14 @@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README -EXTRA_DIST = $(XMLS) $(TESTS) +EXTRA_DIST = $(XMLS) if HAVE_DOC dist_man_MANS = pam_motd.8 endif XMLS = README.xml pam_motd.8.xml -TESTS = tst-pam_motd +dist_check_SCRIPTS = tst-pam_motd +TESTS = $(dist_check_SCRIPTS) securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -- cgit v1.2.3 From 37b5259298be9137f5b40eef16027152ddb803ff Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Fri, 1 May 2020 19:20:12 +0000 Subject: modules: remove PAM_SM_* macros Starting with commit a684595c0bbd88df71285f43fb27630e3829121e aka Linux-PAM-1.3.0~14 (Remove "--enable-static-modules" option and support from Linux-PAM), PAM_SM_* macros have no effect. --- modules/pam_motd/pam_motd.c | 23 +++++------------------ 1 file changed, 5 insertions(+), 18 deletions(-) (limited to 'modules/pam_motd') diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c index 8147c6fd..46f4fe61 100644 --- a/modules/pam_motd/pam_motd.c +++ b/modules/pam_motd/pam_motd.c @@ -1,13 +1,8 @@ -/* pam_motd module */ - /* - * Modified for pam_motd by Ben Collins - * - * Based off of: - * $Id$ + * pam_motd module * + * Modified for pam_motd by Ben Collins * Written by Michael K. Johnson 1996/10/24 - * */ #include "config.h" @@ -26,21 +21,13 @@ #include #include -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_SESSION -#define DEFAULT_MOTD "/etc/motd:/run/motd:/usr/lib/motd" -#define DEFAULT_MOTD_D "/etc/motd.d:/run/motd.d:/usr/lib/motd.d" - #include #include #include "pam_inline.h" +#define DEFAULT_MOTD "/etc/motd:/run/motd:/usr/lib/motd" +#define DEFAULT_MOTD_D "/etc/motd.d:/run/motd.d:/usr/lib/motd.d" + /* --- session management functions (only) --- */ int -- cgit v1.2.3