From 9de67eee2cf8c3024f7bee7393ea762ac7bd09ab Mon Sep 17 00:00:00 2001 From: Matt Cowell Date: Thu, 29 Aug 2019 16:36:35 -0500 Subject: pwhistory: fix read of uninitialized data and memory leak when modifying opasswd The glibc implementation of getline/getdelim does not guarantee a NUL terminator in lineptr if getline returns failure (-1). This occurs when the opasswd file exists but is empty. Since strdup is called immediately afterwards, this causes strdup to read uninitialized memory and possibly buffer overrun / crash. This also fixes a memory leak which always occurs when reading the last line of the opasswd file. Since the strdup is called before checking the return code from getline, getdelim, or fgets+strlen, it will duplicate and never free either: - The last successfully read line (for getline or getdelim) - Uninitialized data (if the file is empty) - A 0 byte string (for fgets+strlen) Fix by always checking the return code of getline, getdelim, or fgets+strlen before calling strdup. --- modules/pam_pwhistory/opasswd.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'modules/pam_pwhistory') diff --git a/modules/pam_pwhistory/opasswd.c b/modules/pam_pwhistory/opasswd.c index e6cf3469..813f579c 100644 --- a/modules/pam_pwhistory/opasswd.c +++ b/modules/pam_pwhistory/opasswd.c @@ -326,6 +326,9 @@ save_old_pass (pam_handle_t *pamh, const char *user, uid_t uid, n = strlen (buf); #endif /* HAVE_GETLINE / HAVE_GETDELIM */ + if (n < 1) + break; + cp = buf; save = strdup (buf); /* Copy to write the original data back. */ if (save == NULL) @@ -336,9 +339,6 @@ save_old_pass (pam_handle_t *pamh, const char *user, uid_t uid, goto error_opasswd; } - if (n < 1) - break; - tmp = strchr (cp, '#'); /* remove comments */ if (tmp) *tmp = '\0'; -- cgit v1.2.1 From 4badb00e44b3648bb586ea66c6783f712b49ea26 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Sun, 15 Dec 2019 17:50:27 +0000 Subject: pam_pwhistory: fix build when -lxcrypt is not available When xcrypt.h is available but -lxcrypt is not, pam_pwhistory fails to build with the following diagnostics: modules/pam_pwhistory/opasswd.c:111: undefined reference to `xcrypt_r' Fix this by using the same check for xcrypt as in other modules. * modules/pam_pwhistory/opasswd.c: Replace HAVE_XCRYPT_H with HAVE_LIBXCRYPT. --- modules/pam_pwhistory/opasswd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/pam_pwhistory') diff --git a/modules/pam_pwhistory/opasswd.c b/modules/pam_pwhistory/opasswd.c index 813f579c..77142f2c 100644 --- a/modules/pam_pwhistory/opasswd.c +++ b/modules/pam_pwhistory/opasswd.c @@ -49,7 +49,7 @@ #include #include -#if defined (HAVE_XCRYPT_H) +#if defined HAVE_LIBXCRYPT #include #elif defined (HAVE_CRYPT_H) #include -- cgit v1.2.1 From 1781f0165c6f83601088f47681a05956ad9c21e1 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Wed, 18 Dec 2019 13:55:23 +0100 Subject: Do not use CFLAGS for warning flags set from configure To be able to set CFLAGS from make command-line but not to lose the warning flags. * configure.ac: Put warning flags to WARN_CFLAGS instead of CFLAGS. * */Makefile.am: Apply WARN_CFLAGS to AM_CFLAGS. --- modules/pam_pwhistory/Makefile.am | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'modules/pam_pwhistory') diff --git a/modules/pam_pwhistory/Makefile.am b/modules/pam_pwhistory/Makefile.am index 4bb4d6df..1e0b6060 100644 --- a/modules/pam_pwhistory/Makefile.am +++ b/modules/pam_pwhistory/Makefile.am @@ -16,7 +16,8 @@ XMLS = README.xml pam_pwhistory.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + $(WARN_CFLAGS) AM_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map -- cgit v1.2.1 From 4dd9b97b762cc73816cb867d49c9d0d0b91d642c Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Sat, 25 Jan 2020 11:11:18 +0100 Subject: configure.ac: add --enable-doc option Allow the user to disable documentation through --disable-doc (enabled by default), this is especially useful when cross-compiling for embedded targets Signed-off-by: Fabrice Fontaine --- modules/pam_pwhistory/Makefile.am | 2 ++ 1 file changed, 2 insertions(+) (limited to 'modules/pam_pwhistory') diff --git a/modules/pam_pwhistory/Makefile.am b/modules/pam_pwhistory/Makefile.am index 1e0b6060..b5d508a6 100644 --- a/modules/pam_pwhistory/Makefile.am +++ b/modules/pam_pwhistory/Makefile.am @@ -9,7 +9,9 @@ EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_pwhistory TESTS = tst-pam_pwhistory +if HAVE_DOC man_MANS = pam_pwhistory.8 +endif XMLS = README.xml pam_pwhistory.8.xml -- cgit v1.2.1 From 3130acba872c2645d2effa11cc80d1f6bfa59858 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Tue, 17 Mar 2020 21:29:24 +0000 Subject: modules/pam_pwhistory: use pam_str_skip_icase_prefix * modules/pam_pwhistory/pam_pwhistory.c: Include "pam_inline.h". (parse_option): Use pam_str_skip_icase_prefix instead of ugly strncasecmp invocations. --- modules/pam_pwhistory/pam_pwhistory.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'modules/pam_pwhistory') diff --git a/modules/pam_pwhistory/pam_pwhistory.c b/modules/pam_pwhistory/pam_pwhistory.c index 3efb0ca5..2d4507d5 100644 --- a/modules/pam_pwhistory/pam_pwhistory.c +++ b/modules/pam_pwhistory/pam_pwhistory.c @@ -57,6 +57,7 @@ #include #include "opasswd.h" +#include "pam_inline.h" #define DEFAULT_BUFLEN 2048 @@ -72,6 +73,8 @@ typedef struct options_t options_t; static void parse_option (pam_handle_t *pamh, const char *argv, options_t *options) { + const char *str; + if (strcasecmp (argv, "try_first_pass") == 0) /* ignore */; else if (strcasecmp (argv, "use_first_pass") == 0) @@ -80,23 +83,23 @@ parse_option (pam_handle_t *pamh, const char *argv, options_t *options) /* ignore, handled by pam_get_authtok */; else if (strcasecmp (argv, "debug") == 0) options->debug = 1; - else if (strncasecmp (argv, "remember=", 9) == 0) + else if ((str = pam_str_skip_icase_prefix(argv, "remember=")) != NULL) { - options->remember = strtol(&argv[9], NULL, 10); + options->remember = strtol(str, NULL, 10); if (options->remember < 0) options->remember = 0; if (options->remember > 400) options->remember = 400; } - else if (strncasecmp (argv, "retry=", 6) == 0) + else if ((str = pam_str_skip_icase_prefix(argv, "retry=")) != NULL) { - options->tries = strtol(&argv[6], NULL, 10); + options->tries = strtol(str, NULL, 10); if (options->tries < 0) options->tries = 1; } else if (strcasecmp (argv, "enforce_for_root") == 0) options->enforce_for_root = 1; - else if (strncasecmp (argv, "authtok_type=", 13) == 0) + else if (pam_str_skip_icase_prefix(argv, "authtok_type=") != NULL) { /* ignore, for pam_get_authtok */; } else pam_syslog (pamh, LOG_ERR, "pam_pwhistory: unknown option: %s", argv); -- cgit v1.2.1 From 0f5b1b11d286a1ac070b75b49631f6327b286fb4 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Mon, 27 Apr 2020 15:34:04 +0000 Subject: modules/*/Makefile.am: list tests in EXTRA_DIST uniformly The change was prepared using the following script: git grep -l '^TESTS = tst-pam_' modules/ |while read m; do t="$(sed '/^TESTS = tst-pam_/!d;s/^TESTS = //;q' -- "$m")" sed -i "/^EXTRA_DIST =/ s/$t\\>/\$(TESTS)/" -- "$m" done * modules/pam_access/Makefile.am (EXTRA_DIST): Replace tst-pam_access with $(TESTS). * modules/pam_cracklib/Makefile.am (EXTRA_DIST): Replace tst-pam_cracklib with $(TESTS). * modules/pam_debug/Makefile.am (EXTRA_DIST): Replace tst-pam_debug with $(TESTS). * modules/pam_deny/Makefile.am (EXTRA_DIST): Replace tst-pam_deny with $(TESTS). * modules/pam_echo/Makefile.am (EXTRA_DIST): Replace tst-pam_echo with $(TESTS). * modules/pam_env/Makefile.am (EXTRA_DIST): Replace tst-pam_env with $(TESTS). * modules/pam_exec/Makefile.am (EXTRA_DIST): Replace tst-pam_exec with $(TESTS). * modules/pam_faildelay/Makefile.am (EXTRA_DIST): Replace tst-pam_faildelay with $(TESTS). * modules/pam_filter/Makefile.am (EXTRA_DIST): Replace tst-pam_filter with $(TESTS). * modules/pam_ftp/Makefile.am (EXTRA_DIST): Replace tst-pam_ftp with $(TESTS). * modules/pam_group/Makefile.am (EXTRA_DIST): Replace tst-pam_group with $(TESTS). * modules/pam_issue/Makefile.am (EXTRA_DIST): Replace tst-pam_issue with $(TESTS). * modules/pam_keyinit/Makefile.am (EXTRA_DIST): Replace tst-pam_keyinit with $(TESTS). * modules/pam_lastlog/Makefile.am (EXTRA_DIST): Replace tst-pam_lastlog with $(TESTS). * modules/pam_limits/Makefile.am (EXTRA_DIST): Replace tst-pam_limits with $(TESTS). * modules/pam_listfile/Makefile.am (EXTRA_DIST): Replace tst-pam_listfile with $(TESTS). * modules/pam_localuser/Makefile.am (EXTRA_DIST): Replace tst-pam_localuser with $(TESTS). * modules/pam_loginuid/Makefile.am (EXTRA_DIST): Replace tst-pam_loginuid with $(TESTS). * modules/pam_mail/Makefile.am (EXTRA_DIST): Replace tst-pam_mail with $(TESTS). * modules/pam_mkhomedir/Makefile.am (EXTRA_DIST): Replace tst-pam_mkhomedir with $(TESTS). * modules/pam_motd/Makefile.am (EXTRA_DIST): Replace tst-pam_motd with $(TESTS). * modules/pam_namespace/Makefile.am (EXTRA_DIST): Replace tst-pam_namespace with $(TESTS). * modules/pam_nologin/Makefile.am (EXTRA_DIST): Replace tst-pam_nologin with $(TESTS). * modules/pam_permit/Makefile.am (EXTRA_DIST): Replace tst-pam_permit with $(TESTS). * modules/pam_pwhistory/Makefile.am (EXTRA_DIST): Replace tst-pam_pwhistory with $(TESTS). * modules/pam_rhosts/Makefile.am (EXTRA_DIST): Replace tst-pam_rhosts with $(TESTS). * modules/pam_rootok/Makefile.am (EXTRA_DIST): Replace tst-pam_rootok with $(TESTS). * modules/pam_securetty/Makefile.am (EXTRA_DIST): Replace tst-pam_securetty with $(TESTS). * modules/pam_sepermit/Makefile.am (EXTRA_DIST): Replace tst-pam_sepermit with $(TESTS). * modules/pam_setquota/Makefile.am (EXTRA_DIST): Replace tst-pam_setquota with $(TESTS). * modules/pam_shells/Makefile.am (EXTRA_DIST): Replace tst-pam_shells with $(TESTS). * modules/pam_stress/Makefile.am (EXTRA_DIST): Replace tst-pam_stress with $(TESTS). * modules/pam_succeed_if/Makefile.am (EXTRA_DIST): Replace tst-pam_succeed_if with $(TESTS). * modules/pam_tally/Makefile.am (EXTRA_DIST): Replace tst-pam_tally with $(TESTS). * modules/pam_tally2/Makefile.am (EXTRA_DIST): Replace tst-pam_tally2 with $(TESTS). * modules/pam_time/Makefile.am (EXTRA_DIST): Replace tst-pam_time with $(TESTS). * modules/pam_tty_audit/Makefile.am (EXTRA_DIST): Replace tst-pam_tty_audit with $(TESTS). * modules/pam_umask/Makefile.am (EXTRA_DIST): Replace tst-pam_umask with $(TESTS). * modules/pam_userdb/Makefile.am (EXTRA_DIST): Replace tst-pam_userdb with $(TESTS). * modules/pam_usertype/Makefile.am (EXTRA_DIST): Replace tst-pam_usertype with $(TESTS). * modules/pam_warn/Makefile.am (EXTRA_DIST): Replace tst-pam_warn with $(TESTS). * modules/pam_wheel/Makefile.am (EXTRA_DIST): Replace tst-pam_wheel with $(TESTS). * modules/pam_xauth/Makefile.am (EXTRA_DIST): Replace tst-pam_xauth with $(TESTS). --- modules/pam_pwhistory/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/pam_pwhistory') diff --git a/modules/pam_pwhistory/Makefile.am b/modules/pam_pwhistory/Makefile.am index b5d508a6..e22c8bcf 100644 --- a/modules/pam_pwhistory/Makefile.am +++ b/modules/pam_pwhistory/Makefile.am @@ -5,7 +5,7 @@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README -EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_pwhistory +EXTRA_DIST = README $(MANS) $(XMLS) $(TESTS) TESTS = tst-pam_pwhistory -- cgit v1.2.1 From bd849daab0c0a1107512d4575404f22525db5f96 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Mon, 27 Apr 2020 15:34:04 +0000 Subject: modules/*/Makefile.am: list prerequisites of README target uniformly There is no need to list prerequisites of README targets manually as all README targets depend on $(XMLS). The change is performed automatically using the following script: sed -i 's/^README: pam_.*/README: $(XMLS)/' modules/*/Makefile.am * modules/pam_access/Makefile.am (README): Replace pam_access.8.xml and access.conf.5.xml with $(XMLS). * modules/pam_cracklib/Makefile.am (README): Replace pam_cracklib.8.xml with $(XMLS). * modules/pam_debug/Makefile.am (README): Replace pam_debug.8.xml with $(XMLS). * modules/pam_deny/Makefile.am (README): Replace pam_deny.8.xml with $(XMLS). * modules/pam_echo/Makefile.am (README): Replace pam_echo.8.xml with $(XMLS). * modules/pam_env/Makefile.am (README): Replace pam_env.8.xml and pam_env.conf.5.xml with $(XMLS). * modules/pam_exec/Makefile.am (README): Replace pam_exec.8.xml with $(XMLS). * modules/pam_faildelay/Makefile.am (README): Replace pam_faildelay.8.xml with $(XMLS). * modules/pam_filter/Makefile.am (README): Replace pam_filter.8.xml with $(XMLS). * modules/pam_ftp/Makefile.am (README): Replace pam_ftp.8.xml with $(XMLS). * modules/pam_group/Makefile.am (README): Replace pam_group.8.xml and group.conf.5.xml with $(XMLS). * modules/pam_issue/Makefile.am (README): Replace pam_issue.8.xml with $(XMLS). * modules/pam_keyinit/Makefile.am (README): Replace pam_keyinit.8.xml with $(XMLS). * modules/pam_lastlog/Makefile.am (README): Replace pam_lastlog.8.xml with $(XMLS). * modules/pam_limits/Makefile.am (README): Replace pam_limits.8.xml and limits.conf.5.xml with $(XMLS). * modules/pam_listfile/Makefile.am (README): Replace pam_listfile.8.xml with $(XMLS). * modules/pam_localuser/Makefile.am (README): Replace pam_localuser.8.xml with $(XMLS). * modules/pam_loginuid/Makefile.am (README): Replace pam_loginuid.8.xml with $(XMLS). * modules/pam_mail/Makefile.am (README): Replace pam_mail.8.xml with $(XMLS). * modules/pam_mkhomedir/Makefile.am (README): Replace pam_mkhomedir.8.xml with $(XMLS). * modules/pam_motd/Makefile.am (README): Replace pam_motd.8.xml with $(XMLS). * modules/pam_namespace/Makefile.am (README): Replace pam_namespace.8.xml, namespace.conf.5.xml, and pam_namespace_helper.8.xml with $(XMLS). * modules/pam_nologin/Makefile.am (README): Replace pam_nologin.8.xml with $(XMLS). * modules/pam_permit/Makefile.am (README): Replace pam_permit.8.xml with $(XMLS). * modules/pam_pwhistory/Makefile.am (README): Replace pam_pwhistory.8.xml with $(XMLS). * modules/pam_rhosts/Makefile.am (README): Replace pam_rhosts.8.xml with $(XMLS). * modules/pam_rootok/Makefile.am (README): Replace pam_rootok.8.xml with $(XMLS). * modules/pam_securetty/Makefile.am (README): Replace pam_securetty.8.xml with $(XMLS). * modules/pam_selinux/Makefile.am (README): Replace pam_selinux.8.xml with $(XMLS). * modules/pam_sepermit/Makefile.am (README): Replace pam_sepermit.8.xml with $(XMLS). * modules/pam_setquota/Makefile.am (README): Replace pam_setquota.8.xml with $(XMLS). * modules/pam_shells/Makefile.am (README): Replace pam_shells.8.xml with $(XMLS). * modules/pam_succeed_if/Makefile.am (README): Replace pam_succeed_if.8.xml with $(XMLS). * modules/pam_tally/Makefile.am (README): Replace pam_tally.8.xml with $(XMLS). * modules/pam_tally2/Makefile.am (README): Replace pam_tally2.8.xml with $(XMLS). * modules/pam_time/Makefile.am (README): Replace pam_time.8.xml and time.conf.5.xml with $(XMLS). * modules/pam_timestamp/Makefile.am (README): Replace pam_timestamp.8.xml with $(XMLS). * modules/pam_tty_audit/Makefile.am (README): Replace pam_tty_audit.8.xml with $(XMLS). * modules/pam_umask/Makefile.am (README): Replace pam_umask.8.xml with $(XMLS). * modules/pam_unix/Makefile.am (README): Replace pam_unix.8.xml with $(XMLS). * modules/pam_userdb/Makefile.am (README): Replace pam_userdb.8.xml with $(XMLS). * modules/pam_usertype/Makefile.am (README): Replace pam_usertype.8.xml with $(XMLS). * modules/pam_warn/Makefile.am (README): Replace pam_warn.8.xml with $(XMLS). * modules/pam_wheel/Makefile.am (README): Replace pam_wheel.8.xml with $(XMLS). * modules/pam_xauth/Makefile.am (README): Replace pam_xauth.8.xml with $(XMLS). --- modules/pam_pwhistory/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/pam_pwhistory') diff --git a/modules/pam_pwhistory/Makefile.am b/modules/pam_pwhistory/Makefile.am index e22c8bcf..788d04a8 100644 --- a/modules/pam_pwhistory/Makefile.am +++ b/modules/pam_pwhistory/Makefile.am @@ -33,6 +33,6 @@ pam_pwhistory_la_SOURCES = pam_pwhistory.c opasswd.c if ENABLE_REGENERATE_MAN noinst_DATA = README -README: pam_pwhistory.8.xml +README: $(XMLS) -include $(top_srcdir)/Make.xml.rules endif -- cgit v1.2.1 From 1886b6020c510cab239b3ae8db20a66991d8f8db Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Mon, 27 Apr 2020 15:34:04 +0000 Subject: build: move README prerequisites rule from modules/*/Makefile.am to Make.xml.rules As the rule is now the same in every modules/*/Makefile.am file, move it to Make.xml.rules. * Make.xml.rules (README): New prerequisites rule. * modules/pam_access/Makefile.am (README): Remove rule. * modules/pam_cracklib/Makefile.am (README): Likewise. * modules/pam_debug/Makefile.am (README): Likewise. * modules/pam_deny/Makefile.am (README): Likewise. * modules/pam_echo/Makefile.am (README): Likewise. * modules/pam_env/Makefile.am (README): Likewise. * modules/pam_exec/Makefile.am (README): Likewise. * modules/pam_faildelay/Makefile.am (README): Likewise. * modules/pam_filter/Makefile.am (README): Likewise. * modules/pam_ftp/Makefile.am (README): Likewise. * modules/pam_group/Makefile.am (README): Likewise. * modules/pam_issue/Makefile.am (README): Likewise. * modules/pam_keyinit/Makefile.am (README): Likewise. * modules/pam_lastlog/Makefile.am (README): Likewise. * modules/pam_limits/Makefile.am (README): Likewise. * modules/pam_listfile/Makefile.am (README): Likewise. * modules/pam_localuser/Makefile.am (README): Likewise. * modules/pam_loginuid/Makefile.am (README): Likewise. * modules/pam_mail/Makefile.am (README): Likewise. * modules/pam_mkhomedir/Makefile.am (README): Likewise. * modules/pam_motd/Makefile.am (README): Likewise. * modules/pam_namespace/Makefile.am (README): Likewise. * modules/pam_nologin/Makefile.am (README): Likewise. * modules/pam_permit/Makefile.am (README): Likewise. * modules/pam_pwhistory/Makefile.am (README): Likewise. * modules/pam_rhosts/Makefile.am (README): Likewise. * modules/pam_rootok/Makefile.am (README): Likewise. * modules/pam_securetty/Makefile.am (README): Likewise. * modules/pam_selinux/Makefile.am (README): Likewise. * modules/pam_sepermit/Makefile.am (README): Likewise. * modules/pam_setquota/Makefile.am (README): Likewise. * modules/pam_shells/Makefile.am (README): Likewise. * modules/pam_succeed_if/Makefile.am (README): Likewise. * modules/pam_tally/Makefile.am (README): Likewise. * modules/pam_tally2/Makefile.am (README): Likewise. * modules/pam_time/Makefile.am (README): Likewise. * modules/pam_timestamp/Makefile.am (README): Likewise. * modules/pam_tty_audit/Makefile.am (README): Likewise. * modules/pam_umask/Makefile.am (README): Likewise. * modules/pam_unix/Makefile.am (README): Likewise. * modules/pam_userdb/Makefile.am (README): Likewise. * modules/pam_usertype/Makefile.am (README): Likewise. * modules/pam_warn/Makefile.am (README): Likewise. * modules/pam_wheel/Makefile.am (README): Likewise. * modules/pam_xauth/Makefile.am (README): Likewise. --- modules/pam_pwhistory/Makefile.am | 1 - 1 file changed, 1 deletion(-) (limited to 'modules/pam_pwhistory') diff --git a/modules/pam_pwhistory/Makefile.am b/modules/pam_pwhistory/Makefile.am index 788d04a8..af8bcb43 100644 --- a/modules/pam_pwhistory/Makefile.am +++ b/modules/pam_pwhistory/Makefile.am @@ -33,6 +33,5 @@ pam_pwhistory_la_SOURCES = pam_pwhistory.c opasswd.c if ENABLE_REGENERATE_MAN noinst_DATA = README -README: $(XMLS) -include $(top_srcdir)/Make.xml.rules endif -- cgit v1.2.1 From d9fe742a06af41711faba73d2f97f4d13b1b0534 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Mon, 27 Apr 2020 15:34:04 +0000 Subject: modules/*/Makefile.am: reorder lines to promote uniformity This is essentially a no-op change that makes modules/*/Makefile.am files less divergent. --- modules/pam_pwhistory/Makefile.am | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'modules/pam_pwhistory') diff --git a/modules/pam_pwhistory/Makefile.am b/modules/pam_pwhistory/Makefile.am index af8bcb43..f65fa60a 100644 --- a/modules/pam_pwhistory/Makefile.am +++ b/modules/pam_pwhistory/Makefile.am @@ -7,13 +7,11 @@ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) $(TESTS) -TESTS = tst-pam_pwhistory - if HAVE_DOC man_MANS = pam_pwhistory.8 endif - XMLS = README.xml pam_pwhistory.8.xml +TESTS = tst-pam_pwhistory securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -- cgit v1.2.1 From d8a518391c4fd93a05e19d145a01bdc8f54a2ff8 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Mon, 27 Apr 2020 15:34:04 +0000 Subject: modules/*/Makefile.am: replace README with $(DATA) in EXTRA_DIST Since the GNU Automake distributes README files by default, the only reason why README had to be listed in EXTRA_DIST was to make these README files generated. Since README is also listed in noinst_DATA, we can safely replace README in EXTRA_DIST with $(DATA), this also opens the way for further EXTRA_DIST cleanup. * modules/*/Makefile.am (EXTRA_DIST): Replace README with $(DATA). --- modules/pam_pwhistory/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/pam_pwhistory') diff --git a/modules/pam_pwhistory/Makefile.am b/modules/pam_pwhistory/Makefile.am index f65fa60a..fde29f80 100644 --- a/modules/pam_pwhistory/Makefile.am +++ b/modules/pam_pwhistory/Makefile.am @@ -5,7 +5,7 @@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README -EXTRA_DIST = README $(MANS) $(XMLS) $(TESTS) +EXTRA_DIST = $(DATA) $(MANS) $(XMLS) $(TESTS) if HAVE_DOC man_MANS = pam_pwhistory.8 -- cgit v1.2.1 From 97887fd27d83278d045f69759c9d45730c6e01c3 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Sun, 3 May 2020 01:18:44 +0000 Subject: modules/*/Makefile.am: add dist_ prefix to *_DATA ... and remove $(DATA) from EXTRA_DIST. The change is performed automatically using the following script: sed -i 's/^[a-z]*_DATA/dist_&/; /^EXTRA_DIST/ s/ \$(DATA)//' modules/*/Makefile.am --- modules/pam_pwhistory/Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/pam_pwhistory') diff --git a/modules/pam_pwhistory/Makefile.am b/modules/pam_pwhistory/Makefile.am index fde29f80..9f716118 100644 --- a/modules/pam_pwhistory/Makefile.am +++ b/modules/pam_pwhistory/Makefile.am @@ -5,7 +5,7 @@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README -EXTRA_DIST = $(DATA) $(MANS) $(XMLS) $(TESTS) +EXTRA_DIST = $(MANS) $(XMLS) $(TESTS) if HAVE_DOC man_MANS = pam_pwhistory.8 @@ -30,6 +30,6 @@ pam_pwhistory_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBCRYPT@ pam_pwhistory_la_SOURCES = pam_pwhistory.c opasswd.c if ENABLE_REGENERATE_MAN -noinst_DATA = README +dist_noinst_DATA = README -include $(top_srcdir)/Make.xml.rules endif -- cgit v1.2.1 From b0321cdeccdc90f77623e14f5c9e0a52b1c5b8a6 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Sun, 3 May 2020 01:18:44 +0000 Subject: modules/*/Makefile.am: rename man_MANS to dist_man_MANS ... and remove $(MANS) from EXTRA_DIST. The change is performed automatically using the following script: sed -i 's/^man_MANS/dist_&/; /^EXTRA_DIST/ s/ \$(MANS)//' modules/*/Makefile.am --- modules/pam_pwhistory/Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/pam_pwhistory') diff --git a/modules/pam_pwhistory/Makefile.am b/modules/pam_pwhistory/Makefile.am index 9f716118..f9a7f9bd 100644 --- a/modules/pam_pwhistory/Makefile.am +++ b/modules/pam_pwhistory/Makefile.am @@ -5,10 +5,10 @@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README -EXTRA_DIST = $(MANS) $(XMLS) $(TESTS) +EXTRA_DIST = $(XMLS) $(TESTS) if HAVE_DOC -man_MANS = pam_pwhistory.8 +dist_man_MANS = pam_pwhistory.8 endif XMLS = README.xml pam_pwhistory.8.xml TESTS = tst-pam_pwhistory -- cgit v1.2.1 From f7d09edb72f605a2f7e1ec7989ab01c947bb1bee Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Sun, 3 May 2020 12:21:11 +0000 Subject: modules/*/Makefile.am: rename TESTS to dist_check_SCRIPTS ... and remove $(TESTS) from EXTRA_DIST. The change is performed automatically using the following script: sed -i -e 's/^TESTS = \(tst.*\)/dist_check_SCRIPTS = \1\nTESTS = $(dist_check_SCRIPTS)/' \ -e '/^EXTRA_DIST/ s/ \$(TESTS)//' modules/*/Makefile.am --- modules/pam_pwhistory/Makefile.am | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'modules/pam_pwhistory') diff --git a/modules/pam_pwhistory/Makefile.am b/modules/pam_pwhistory/Makefile.am index f9a7f9bd..bd9f1ea9 100644 --- a/modules/pam_pwhistory/Makefile.am +++ b/modules/pam_pwhistory/Makefile.am @@ -5,13 +5,14 @@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README -EXTRA_DIST = $(XMLS) $(TESTS) +EXTRA_DIST = $(XMLS) if HAVE_DOC dist_man_MANS = pam_pwhistory.8 endif XMLS = README.xml pam_pwhistory.8.xml -TESTS = tst-pam_pwhistory +dist_check_SCRIPTS = tst-pam_pwhistory +TESTS = $(dist_check_SCRIPTS) securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -- cgit v1.2.1 From 37b5259298be9137f5b40eef16027152ddb803ff Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Fri, 1 May 2020 19:20:12 +0000 Subject: modules: remove PAM_SM_* macros Starting with commit a684595c0bbd88df71285f43fb27630e3829121e aka Linux-PAM-1.3.0~14 (Remove "--enable-static-modules" option and support from Linux-PAM), PAM_SM_* macros have no effect. --- modules/pam_pwhistory/pam_pwhistory.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/pam_pwhistory') diff --git a/modules/pam_pwhistory/pam_pwhistory.c b/modules/pam_pwhistory/pam_pwhistory.c index 2d4507d5..c77eb3ea 100644 --- a/modules/pam_pwhistory/pam_pwhistory.c +++ b/modules/pam_pwhistory/pam_pwhistory.c @@ -1,4 +1,6 @@ /* + * pam_pwhistory module + * * Copyright (c) 2008, 2012 Thorsten Kukuk * Author: Thorsten Kukuk * @@ -38,8 +40,6 @@ #include #endif -#define PAM_SM_PASSWORD - #include #include #include -- cgit v1.2.1 From 5aca62a102b7309f1d96ded01ad1e7f94310fade Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Fri, 15 May 2020 08:00:00 +0000 Subject: modules: do not check user name for NULL if pam_get_user returned PAM_SUCCESS If pam_get_user returned PAM_SUCCESS, the user name is guaranteed to be a valid C string, no need to double check that. * modules/pam_access/pam_access.c (pam_sm_authenticate): Do not check for NULL the user name returned by pam_get_user when the latter returned PAM_SUCCESS. * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Likewise. * modules/pam_debug/pam_debug.c (pam_sm_authenticate): Likewise. * modules/pam_filter/pam_filter.c (process_args): Likewise. * modules/pam_ftp/pam_ftp.c (pam_sm_authenticate): Likewise. * modules/pam_group/pam_group.c (pam_sm_setcred): Likewise. * modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise. * modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): Likewise. * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Likewise. * modules/pam_mail/pam_mail.c (_do_mail): Likewise. * modules/pam_nologin/pam_nologin.c (perform_check): Likewise. * modules/pam_permit/pam_permit.c (pam_sm_authenticate): Likewise. * modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Likewise. * modules/pam_rhosts/pam_rhosts.c (pam_sm_authenticate): Likewise. * modules/pam_securetty/pam_securetty.c (pam_sm_authenticate): Likewise. * modules/pam_sepermit/pam_sepermit.c (pam_sm_authenticate): Likewise. * modules/pam_shells/pam_shells.c (perform_check): Likewise. * modules/pam_stress/pam_stress.c (pam_sm_authenticate): Likewise. * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Likewise. * modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Likewise. * modules/pam_timestamp/pam_timestamp.c (get_timestamp_name): Likewise. * modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise. * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise. * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Likewise. * modules/pam_usertype/pam_usertype.c (pam_usertype_get_uid): Likewise. * modules/pam_wheel/pam_wheel.c (perform_check): Likewise. * modules/pam_userdb/pam_userdb.c (pam_sm_authenticate, pam_sm_acct_mgmt): Likewise. --- modules/pam_pwhistory/pam_pwhistory.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/pam_pwhistory') diff --git a/modules/pam_pwhistory/pam_pwhistory.c b/modules/pam_pwhistory/pam_pwhistory.c index c77eb3ea..9b44cd87 100644 --- a/modules/pam_pwhistory/pam_pwhistory.c +++ b/modules/pam_pwhistory/pam_pwhistory.c @@ -139,7 +139,7 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) if (retval != PAM_SUCCESS) return retval; - if (user == NULL || strlen (user) == 0) + if (strlen (user) == 0) { if (options.debug) pam_syslog (pamh, LOG_DEBUG, -- cgit v1.2.1 From b52bd25910c9a8a32a49be7627a709a081a3768c Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Sat, 16 May 2020 08:00:00 +0000 Subject: modules: do not check user name for emptyness before passing it to pam_modutil_getpwnam pam_modutil_getpwnam is perfectly capable of handling empty strings as user names, no need to double check that. * modules/pam_access/pam_access.c (pam_sm_authenticate): Do not check the user name for emptyness before passing it to pam_modutil_getpwnam. * modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise. * modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Likewise. * modules/pam_shells/pam_shells.c (perform_check): Likewise. * modules/pam_tally/pam_tally.c (pam_get_uid): Likewise. * modules/pam_tally2/pam_tally2.c (pam_get_uid): Likewise. * modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise. --- modules/pam_pwhistory/pam_pwhistory.c | 9 --------- 1 file changed, 9 deletions(-) (limited to 'modules/pam_pwhistory') diff --git a/modules/pam_pwhistory/pam_pwhistory.c b/modules/pam_pwhistory/pam_pwhistory.c index 9b44cd87..cf4fc078 100644 --- a/modules/pam_pwhistory/pam_pwhistory.c +++ b/modules/pam_pwhistory/pam_pwhistory.c @@ -139,15 +139,6 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) if (retval != PAM_SUCCESS) return retval; - if (strlen (user) == 0) - { - if (options.debug) - pam_syslog (pamh, LOG_DEBUG, - "User is not known to system"); - - return PAM_USER_UNKNOWN; - } - if (flags & PAM_PRELIM_CHECK) { if (options.debug) -- cgit v1.2.1