From 03f46bbe3f22d800a1516f4c535a1bfb573068de Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Mon, 16 Dec 2019 10:38:52 +0100 Subject: Fix or suppress various warnings when compiling with -Wall -Wextra * conf/pam_conv1/Makefile.am: Add -Wno-unused-function -Wno-sign-compare to CFLAGS. * doc/specs/Makefile.am: Likewise. * libpamc/include/security/pam_client.h: Explicitly compare old_p with NULL. * modules/pam_access/pam_access.c: Avoid double const. * modules/pam_filter/pam_filter.c: Avoid arbitrary constants. Avoid strncpy() without copying the NUL byte. * modules/pam_group/pam_group.c: Mark switch fallthrough with comment. * modules/pam_time/pam_time.c: Likewise. * modules/pam_limits/pam_limits.c: Remove unused units variable. * modules/pam_listfile/pam_listfile.c: Avoid unnecessary strncpy, use pointers. * modules/pam_rootok/pam_rootok.c (log_callback): Mark unused parameter. * modules/pam_selinux/pam_selinux.c: Use string_to_security_class() instead of hardcoded value. * modules/pam_sepermit/pam_sepermit.c: Properly cast when comparing. * modules/pam_succeed_if/pam_succeed_if.c: Mark unused parameters. * modules/pam_unix/pam_unix_passwd.c: Remove unused variables and properly cast for comparison. * modules/pam_unix/support.c: Remove unused function. --- modules/pam_time/pam_time.c | 1 + 1 file changed, 1 insertion(+) (limited to 'modules/pam_time') diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c index 26a374b5..4863ea4e 100644 --- a/modules/pam_time/pam_time.c +++ b/modules/pam_time/pam_time.c @@ -213,6 +213,7 @@ read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state) ++src; /* skip it */ break; } + /* fallthrough */ default: *to++ = c; onspace = 0; -- cgit v1.2.3 From 1781f0165c6f83601088f47681a05956ad9c21e1 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Wed, 18 Dec 2019 13:55:23 +0100 Subject: Do not use CFLAGS for warning flags set from configure To be able to set CFLAGS from make command-line but not to lose the warning flags. * configure.ac: Put warning flags to WARN_CFLAGS instead of CFLAGS. * */Makefile.am: Apply WARN_CFLAGS to AM_CFLAGS. --- modules/pam_time/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/pam_time') diff --git a/modules/pam_time/Makefile.am b/modules/pam_time/Makefile.am index a1640c17..6eab52ec 100644 --- a/modules/pam_time/Makefile.am +++ b/modules/pam_time/Makefile.am @@ -16,7 +16,7 @@ securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -DPAM_TIME_CONF=\"$(SCONFIGDIR)/time.conf\" + -DPAM_TIME_CONF=\"$(SCONFIGDIR)/time.conf\" $(WARN_CFLAGS) AM_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map -- cgit v1.2.3 From 4dd9b97b762cc73816cb867d49c9d0d0b91d642c Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Sat, 25 Jan 2020 11:11:18 +0100 Subject: configure.ac: add --enable-doc option Allow the user to disable documentation through --disable-doc (enabled by default), this is especially useful when cross-compiling for embedded targets Signed-off-by: Fabrice Fontaine --- modules/pam_time/Makefile.am | 2 ++ 1 file changed, 2 insertions(+) (limited to 'modules/pam_time') diff --git a/modules/pam_time/Makefile.am b/modules/pam_time/Makefile.am index 6eab52ec..3d61078e 100644 --- a/modules/pam_time/Makefile.am +++ b/modules/pam_time/Makefile.am @@ -7,7 +7,9 @@ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) time.conf tst-pam_time +if HAVE_DOC man_MANS = time.conf.5 pam_time.8 +endif XMLS = README.xml time.conf.5.xml pam_time.8.xml TESTS = tst-pam_time -- cgit v1.2.3 From a33d198dd60d34422c706fd85d00b64d43402690 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Mon, 24 Feb 2020 18:57:17 +0100 Subject: pam_group, pam_time: Fix logical error with multiple ! operators * modules/pam_group/group.conf.5.xml: Document what logic list means. * modules/pam_time/time.conf.5.xml: Likewise. * modules/pam_group/pam_group.c (logic_field): Clear the not operator for the further operations. * modules/pam_time/pam_time.c (logic_field): Likewise. --- modules/pam_time/pam_time.c | 1 + modules/pam_time/time.conf.5.xml | 6 ++++++ 2 files changed, 7 insertions(+) (limited to 'modules/pam_time') diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c index 4863ea4e..85a4d42b 100644 --- a/modules/pam_time/pam_time.c +++ b/modules/pam_time/pam_time.c @@ -328,6 +328,7 @@ logic_field(pam_handle_t *pamh, const void *me, const char *x, int rule, return FALSE; } next = VAL; + not = FALSE; } at += l; } diff --git a/modules/pam_time/time.conf.5.xml b/modules/pam_time/time.conf.5.xml index 82227ba0..ee2639d2 100644 --- a/modules/pam_time/time.conf.5.xml +++ b/modules/pam_time/time.conf.5.xml @@ -64,6 +64,12 @@ rule applies. + + A logic list namely means individual tokens that are optionally prefixed + with '!' (logical not) and separated with '&' (logical and) and '|' + (logical or). + + For these items the simple wildcard '*' may be used only once. With netgroups no wildcards or logic operators are allowed. -- cgit v1.2.3 From 8bd03a7dd02399cca16a4593018ab6e8d03a2ff9 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 25 Feb 2020 17:14:42 +0100 Subject: pam_group, pam_time: Fix regression in documentation from last change. * modules/pam_group/group.conf.5.xml: Replace bare & with &. * modules/pam_time/time.conf.5.xml: Likewise. --- modules/pam_time/time.conf.5.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/pam_time') diff --git a/modules/pam_time/time.conf.5.xml b/modules/pam_time/time.conf.5.xml index ee2639d2..acbe2329 100644 --- a/modules/pam_time/time.conf.5.xml +++ b/modules/pam_time/time.conf.5.xml @@ -66,7 +66,7 @@ A logic list namely means individual tokens that are optionally prefixed - with '!' (logical not) and separated with '&' (logical and) and '|' + with '!' (logical not) and separated with '&' (logical and) and '|' (logical or). -- cgit v1.2.3 From ba8d131a2e3179dc5787faf5cba1672f507af85b Mon Sep 17 00:00:00 2001 From: blueskycs2c Date: Tue, 17 Mar 2020 20:42:04 +0800 Subject: pam_time: add conffile option to specify an alternative configuration file Resolves: https://github.com/linux-pam/linux-pam/pull/163 Resolves: https://github.com/linux-pam/linux-pam/pull/191 --- modules/pam_time/pam_time.8.xml | 15 +++++++++++++ modules/pam_time/pam_time.c | 50 +++++++++++++++++++++++++++-------------- 2 files changed, 48 insertions(+), 17 deletions(-) (limited to 'modules/pam_time') diff --git a/modules/pam_time/pam_time.8.xml b/modules/pam_time/pam_time.8.xml index b673beb5..4708220c 100644 --- a/modules/pam_time/pam_time.8.xml +++ b/modules/pam_time/pam_time.8.xml @@ -22,6 +22,9 @@ pam_time.so + + conffile=conf-file + debug @@ -46,6 +49,7 @@ By default rules for time/port access are taken from config file /etc/security/time.conf. + An alternative file can be specified with the conffile option. If Linux PAM is compiled with audit support the module will report @@ -57,6 +61,17 @@ OPTIONS + + + + + + + Indicate an alternative time.conf style configuration file to override the default. + + + + diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c index 85a4d42b..0643523a 100644 --- a/modules/pam_time/pam_time.c +++ b/modules/pam_time/pam_time.c @@ -55,14 +55,17 @@ typedef enum { AND, OR } operator; #include #include #include +#include "pam_inline.h" static int -_pam_parse (const pam_handle_t *pamh, int argc, const char **argv) +_pam_parse (const pam_handle_t *pamh, int argc, const char **argv, const char **conffile) { int ctrl = 0; + *conffile = PAM_TIME_CONF; /* step through arguments */ for (; argc-- > 0; ++argv) { + const char *str; /* generic options */ @@ -70,7 +73,15 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv) ctrl |= PAM_DEBUG_ARG; } else if (!strcmp(*argv, "noaudit")) { ctrl |= PAM_NO_AUDIT; - } else { + } else if ((str = pam_str_skip_prefix(*argv, "conffile=")) != NULL) { + if (str[0] == '\0') { + pam_syslog(pamh, LOG_ERR, + "conffile= specification missing argument - ignored"); + } else { + *conffile = str; + D(("new Configuration File: %s", *conffile)); + } + } else { pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); } } @@ -108,7 +119,7 @@ trim_spaces(char *buf, char *from) #define STATE_EOF 3 /* end of file or error */ static int -read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state) +read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state, const char *file) { char *to; char *src; @@ -127,9 +138,9 @@ read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state) } *from = 0; *state = STATE_NL; - fd = open(PAM_TIME_CONF, O_RDONLY); + fd = open(file, O_RDONLY); if (fd < 0) { - pam_syslog(pamh, LOG_ERR, "error opening %s: %m", PAM_TIME_CONF); + pam_syslog(pamh, LOG_ERR, "error opening %s: %m", file); _pam_drop(*buf); *state = STATE_EOF; return -1; @@ -145,7 +156,7 @@ read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state) while (fd != -1 && to - *buf < PAM_TIME_BUFLEN) { i = pam_modutil_read(fd, to, PAM_TIME_BUFLEN - (to - *buf)); if (i < 0) { - pam_syslog(pamh, LOG_ERR, "error reading %s: %m", PAM_TIME_CONF); + pam_syslog(pamh, LOG_ERR, "error reading %s: %m", file); close(fd); memset(*buf, 0, PAM_TIME_BUFLEN); _pam_drop(*buf); @@ -506,7 +517,7 @@ check_time(pam_handle_t *pamh, const void *AT, const char *times, static int check_account(pam_handle_t *pamh, const char *service, - const char *tty, const char *user) + const char *tty, const char *user, const char *file) { int from=0, state=STATE_NL, fd=-1; char *buffer=NULL; @@ -520,7 +531,7 @@ check_account(pam_handle_t *pamh, const char *service, /* here we get the service name field */ - fd = read_field(pamh, fd, &buffer, &from, &state); + fd = read_field(pamh, fd, &buffer, &from, &state, file); if (!buffer || !buffer[0]) { /* empty line .. ? */ continue; @@ -529,7 +540,7 @@ check_account(pam_handle_t *pamh, const char *service, if (state != STATE_FIELD) { pam_syslog(pamh, LOG_ERR, - "%s: malformed rule #%d", PAM_TIME_CONF, count); + "%s: malformed rule #%d", file, count); continue; } @@ -538,10 +549,10 @@ check_account(pam_handle_t *pamh, const char *service, /* here we get the terminal name field */ - fd = read_field(pamh, fd, &buffer, &from, &state); + fd = read_field(pamh, fd, &buffer, &from, &state, file); if (state != STATE_FIELD) { pam_syslog(pamh, LOG_ERR, - "%s: malformed rule #%d", PAM_TIME_CONF, count); + "%s: malformed rule #%d", file, count); continue; } good &= logic_field(pamh, tty, buffer, count, is_same); @@ -549,10 +560,10 @@ check_account(pam_handle_t *pamh, const char *service, /* here we get the username field */ - fd = read_field(pamh, fd, &buffer, &from, &state); + fd = read_field(pamh, fd, &buffer, &from, &state, file); if (state != STATE_FIELD) { pam_syslog(pamh, LOG_ERR, - "%s: malformed rule #%d", PAM_TIME_CONF, count); + "%s: malformed rule #%d", file, count); continue; } /* If buffer starts with @, we are using netgroups */ @@ -568,10 +579,10 @@ check_account(pam_handle_t *pamh, const char *service, /* here we get the time field */ - fd = read_field(pamh, fd, &buffer, &from, &state); + fd = read_field(pamh, fd, &buffer, &from, &state, file); if (state == STATE_FIELD) { pam_syslog(pamh, LOG_ERR, - "%s: poorly terminated rule #%d", PAM_TIME_CONF, count); + "%s: poorly terminated rule #%d", file, count); continue; } @@ -601,10 +612,15 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, const void *service=NULL, *void_tty=NULL; const char *tty; const char *user=NULL; + const char *conf_file = NULL; int ctrl; int rv; - ctrl = _pam_parse(pamh, argc, argv); + ctrl = _pam_parse(pamh, argc, argv, &conf_file); + + if (ctrl & PAM_DEBUG_ARG) { + pam_syslog(pamh, LOG_DEBUG, "conffile=%s", conf_file); + } /* set service name */ @@ -653,7 +669,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, D(("user=%s", user)); D(("tty=%s", tty)); - rv = check_account(pamh, service, tty, user); + rv = check_account(pamh, service, tty, user, conf_file); if (rv != PAM_SUCCESS) { #ifdef HAVE_LIBAUDIT if (!(ctrl & PAM_NO_AUDIT)) { -- cgit v1.2.3 From 0f5b1b11d286a1ac070b75b49631f6327b286fb4 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Mon, 27 Apr 2020 15:34:04 +0000 Subject: modules/*/Makefile.am: list tests in EXTRA_DIST uniformly The change was prepared using the following script: git grep -l '^TESTS = tst-pam_' modules/ |while read m; do t="$(sed '/^TESTS = tst-pam_/!d;s/^TESTS = //;q' -- "$m")" sed -i "/^EXTRA_DIST =/ s/$t\\>/\$(TESTS)/" -- "$m" done * modules/pam_access/Makefile.am (EXTRA_DIST): Replace tst-pam_access with $(TESTS). * modules/pam_cracklib/Makefile.am (EXTRA_DIST): Replace tst-pam_cracklib with $(TESTS). * modules/pam_debug/Makefile.am (EXTRA_DIST): Replace tst-pam_debug with $(TESTS). * modules/pam_deny/Makefile.am (EXTRA_DIST): Replace tst-pam_deny with $(TESTS). * modules/pam_echo/Makefile.am (EXTRA_DIST): Replace tst-pam_echo with $(TESTS). * modules/pam_env/Makefile.am (EXTRA_DIST): Replace tst-pam_env with $(TESTS). * modules/pam_exec/Makefile.am (EXTRA_DIST): Replace tst-pam_exec with $(TESTS). * modules/pam_faildelay/Makefile.am (EXTRA_DIST): Replace tst-pam_faildelay with $(TESTS). * modules/pam_filter/Makefile.am (EXTRA_DIST): Replace tst-pam_filter with $(TESTS). * modules/pam_ftp/Makefile.am (EXTRA_DIST): Replace tst-pam_ftp with $(TESTS). * modules/pam_group/Makefile.am (EXTRA_DIST): Replace tst-pam_group with $(TESTS). * modules/pam_issue/Makefile.am (EXTRA_DIST): Replace tst-pam_issue with $(TESTS). * modules/pam_keyinit/Makefile.am (EXTRA_DIST): Replace tst-pam_keyinit with $(TESTS). * modules/pam_lastlog/Makefile.am (EXTRA_DIST): Replace tst-pam_lastlog with $(TESTS). * modules/pam_limits/Makefile.am (EXTRA_DIST): Replace tst-pam_limits with $(TESTS). * modules/pam_listfile/Makefile.am (EXTRA_DIST): Replace tst-pam_listfile with $(TESTS). * modules/pam_localuser/Makefile.am (EXTRA_DIST): Replace tst-pam_localuser with $(TESTS). * modules/pam_loginuid/Makefile.am (EXTRA_DIST): Replace tst-pam_loginuid with $(TESTS). * modules/pam_mail/Makefile.am (EXTRA_DIST): Replace tst-pam_mail with $(TESTS). * modules/pam_mkhomedir/Makefile.am (EXTRA_DIST): Replace tst-pam_mkhomedir with $(TESTS). * modules/pam_motd/Makefile.am (EXTRA_DIST): Replace tst-pam_motd with $(TESTS). * modules/pam_namespace/Makefile.am (EXTRA_DIST): Replace tst-pam_namespace with $(TESTS). * modules/pam_nologin/Makefile.am (EXTRA_DIST): Replace tst-pam_nologin with $(TESTS). * modules/pam_permit/Makefile.am (EXTRA_DIST): Replace tst-pam_permit with $(TESTS). * modules/pam_pwhistory/Makefile.am (EXTRA_DIST): Replace tst-pam_pwhistory with $(TESTS). * modules/pam_rhosts/Makefile.am (EXTRA_DIST): Replace tst-pam_rhosts with $(TESTS). * modules/pam_rootok/Makefile.am (EXTRA_DIST): Replace tst-pam_rootok with $(TESTS). * modules/pam_securetty/Makefile.am (EXTRA_DIST): Replace tst-pam_securetty with $(TESTS). * modules/pam_sepermit/Makefile.am (EXTRA_DIST): Replace tst-pam_sepermit with $(TESTS). * modules/pam_setquota/Makefile.am (EXTRA_DIST): Replace tst-pam_setquota with $(TESTS). * modules/pam_shells/Makefile.am (EXTRA_DIST): Replace tst-pam_shells with $(TESTS). * modules/pam_stress/Makefile.am (EXTRA_DIST): Replace tst-pam_stress with $(TESTS). * modules/pam_succeed_if/Makefile.am (EXTRA_DIST): Replace tst-pam_succeed_if with $(TESTS). * modules/pam_tally/Makefile.am (EXTRA_DIST): Replace tst-pam_tally with $(TESTS). * modules/pam_tally2/Makefile.am (EXTRA_DIST): Replace tst-pam_tally2 with $(TESTS). * modules/pam_time/Makefile.am (EXTRA_DIST): Replace tst-pam_time with $(TESTS). * modules/pam_tty_audit/Makefile.am (EXTRA_DIST): Replace tst-pam_tty_audit with $(TESTS). * modules/pam_umask/Makefile.am (EXTRA_DIST): Replace tst-pam_umask with $(TESTS). * modules/pam_userdb/Makefile.am (EXTRA_DIST): Replace tst-pam_userdb with $(TESTS). * modules/pam_usertype/Makefile.am (EXTRA_DIST): Replace tst-pam_usertype with $(TESTS). * modules/pam_warn/Makefile.am (EXTRA_DIST): Replace tst-pam_warn with $(TESTS). * modules/pam_wheel/Makefile.am (EXTRA_DIST): Replace tst-pam_wheel with $(TESTS). * modules/pam_xauth/Makefile.am (EXTRA_DIST): Replace tst-pam_xauth with $(TESTS). --- modules/pam_time/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/pam_time') diff --git a/modules/pam_time/Makefile.am b/modules/pam_time/Makefile.am index 3d61078e..b4581017 100644 --- a/modules/pam_time/Makefile.am +++ b/modules/pam_time/Makefile.am @@ -5,7 +5,7 @@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README -EXTRA_DIST = README $(MANS) $(XMLS) time.conf tst-pam_time +EXTRA_DIST = README $(MANS) $(XMLS) time.conf $(TESTS) if HAVE_DOC man_MANS = time.conf.5 pam_time.8 -- cgit v1.2.3 From b94608b25ad3946f15f4394240e15f34a50052df Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Mon, 27 Apr 2020 15:34:04 +0000 Subject: modules/*/Makefile.am: list secureconf_DATA files in EXTRA_DIST uniformly The change was prepared using the following script: git grep -l secureconf_DATA modules/*/Makefile.am |while read m; do t="$(sed '/^secureconf_DATA = /!d;s///;q' -- "$m")" sed -i "/^EXTRA_DIST =/ s/\\<$t\\>/\$(secureconf_DATA)/" -- "$m" done * modules/pam_access/Makefile.am (EXTRA_DIST): Replace access.conf with $(secureconf_DATA). * modules/pam_env/Makefile.am (EXTRA_DIST): Replace pam_env.conf with $(secureconf_DATA). * modules/pam_group/Makefile.am (EXTRA_DIST): Replace group.conf with $(secureconf_DATA). * modules/pam_limits/Makefile.am (EXTRA_DIST): Replace limits.conf with $(secureconf_DATA). * modules/pam_namespace/Makefile.am (EXTRA_DIST): Replace namespace.conf with $(secureconf_DATA). * modules/pam_sepermit/Makefile.am (EXTRA_DIST): Replace sepermit.conf with $(secureconf_DATA). * modules/pam_time/Makefile.am (EXTRA_DIST): Replace time.conf with $(secureconf_DATA). --- modules/pam_time/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/pam_time') diff --git a/modules/pam_time/Makefile.am b/modules/pam_time/Makefile.am index b4581017..8db6645e 100644 --- a/modules/pam_time/Makefile.am +++ b/modules/pam_time/Makefile.am @@ -5,7 +5,7 @@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README -EXTRA_DIST = README $(MANS) $(XMLS) time.conf $(TESTS) +EXTRA_DIST = README $(MANS) $(XMLS) $(TESTS) $(secureconf_DATA) if HAVE_DOC man_MANS = time.conf.5 pam_time.8 -- cgit v1.2.3 From bd849daab0c0a1107512d4575404f22525db5f96 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Mon, 27 Apr 2020 15:34:04 +0000 Subject: modules/*/Makefile.am: list prerequisites of README target uniformly There is no need to list prerequisites of README targets manually as all README targets depend on $(XMLS). The change is performed automatically using the following script: sed -i 's/^README: pam_.*/README: $(XMLS)/' modules/*/Makefile.am * modules/pam_access/Makefile.am (README): Replace pam_access.8.xml and access.conf.5.xml with $(XMLS). * modules/pam_cracklib/Makefile.am (README): Replace pam_cracklib.8.xml with $(XMLS). * modules/pam_debug/Makefile.am (README): Replace pam_debug.8.xml with $(XMLS). * modules/pam_deny/Makefile.am (README): Replace pam_deny.8.xml with $(XMLS). * modules/pam_echo/Makefile.am (README): Replace pam_echo.8.xml with $(XMLS). * modules/pam_env/Makefile.am (README): Replace pam_env.8.xml and pam_env.conf.5.xml with $(XMLS). * modules/pam_exec/Makefile.am (README): Replace pam_exec.8.xml with $(XMLS). * modules/pam_faildelay/Makefile.am (README): Replace pam_faildelay.8.xml with $(XMLS). * modules/pam_filter/Makefile.am (README): Replace pam_filter.8.xml with $(XMLS). * modules/pam_ftp/Makefile.am (README): Replace pam_ftp.8.xml with $(XMLS). * modules/pam_group/Makefile.am (README): Replace pam_group.8.xml and group.conf.5.xml with $(XMLS). * modules/pam_issue/Makefile.am (README): Replace pam_issue.8.xml with $(XMLS). * modules/pam_keyinit/Makefile.am (README): Replace pam_keyinit.8.xml with $(XMLS). * modules/pam_lastlog/Makefile.am (README): Replace pam_lastlog.8.xml with $(XMLS). * modules/pam_limits/Makefile.am (README): Replace pam_limits.8.xml and limits.conf.5.xml with $(XMLS). * modules/pam_listfile/Makefile.am (README): Replace pam_listfile.8.xml with $(XMLS). * modules/pam_localuser/Makefile.am (README): Replace pam_localuser.8.xml with $(XMLS). * modules/pam_loginuid/Makefile.am (README): Replace pam_loginuid.8.xml with $(XMLS). * modules/pam_mail/Makefile.am (README): Replace pam_mail.8.xml with $(XMLS). * modules/pam_mkhomedir/Makefile.am (README): Replace pam_mkhomedir.8.xml with $(XMLS). * modules/pam_motd/Makefile.am (README): Replace pam_motd.8.xml with $(XMLS). * modules/pam_namespace/Makefile.am (README): Replace pam_namespace.8.xml, namespace.conf.5.xml, and pam_namespace_helper.8.xml with $(XMLS). * modules/pam_nologin/Makefile.am (README): Replace pam_nologin.8.xml with $(XMLS). * modules/pam_permit/Makefile.am (README): Replace pam_permit.8.xml with $(XMLS). * modules/pam_pwhistory/Makefile.am (README): Replace pam_pwhistory.8.xml with $(XMLS). * modules/pam_rhosts/Makefile.am (README): Replace pam_rhosts.8.xml with $(XMLS). * modules/pam_rootok/Makefile.am (README): Replace pam_rootok.8.xml with $(XMLS). * modules/pam_securetty/Makefile.am (README): Replace pam_securetty.8.xml with $(XMLS). * modules/pam_selinux/Makefile.am (README): Replace pam_selinux.8.xml with $(XMLS). * modules/pam_sepermit/Makefile.am (README): Replace pam_sepermit.8.xml with $(XMLS). * modules/pam_setquota/Makefile.am (README): Replace pam_setquota.8.xml with $(XMLS). * modules/pam_shells/Makefile.am (README): Replace pam_shells.8.xml with $(XMLS). * modules/pam_succeed_if/Makefile.am (README): Replace pam_succeed_if.8.xml with $(XMLS). * modules/pam_tally/Makefile.am (README): Replace pam_tally.8.xml with $(XMLS). * modules/pam_tally2/Makefile.am (README): Replace pam_tally2.8.xml with $(XMLS). * modules/pam_time/Makefile.am (README): Replace pam_time.8.xml and time.conf.5.xml with $(XMLS). * modules/pam_timestamp/Makefile.am (README): Replace pam_timestamp.8.xml with $(XMLS). * modules/pam_tty_audit/Makefile.am (README): Replace pam_tty_audit.8.xml with $(XMLS). * modules/pam_umask/Makefile.am (README): Replace pam_umask.8.xml with $(XMLS). * modules/pam_unix/Makefile.am (README): Replace pam_unix.8.xml with $(XMLS). * modules/pam_userdb/Makefile.am (README): Replace pam_userdb.8.xml with $(XMLS). * modules/pam_usertype/Makefile.am (README): Replace pam_usertype.8.xml with $(XMLS). * modules/pam_warn/Makefile.am (README): Replace pam_warn.8.xml with $(XMLS). * modules/pam_wheel/Makefile.am (README): Replace pam_wheel.8.xml with $(XMLS). * modules/pam_xauth/Makefile.am (README): Replace pam_xauth.8.xml with $(XMLS). --- modules/pam_time/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/pam_time') diff --git a/modules/pam_time/Makefile.am b/modules/pam_time/Makefile.am index 8db6645e..566156fd 100644 --- a/modules/pam_time/Makefile.am +++ b/modules/pam_time/Makefile.am @@ -30,6 +30,6 @@ secureconf_DATA = time.conf if ENABLE_REGENERATE_MAN noinst_DATA = README -README: pam_time.8.xml time.conf.5.xml +README: $(XMLS) -include $(top_srcdir)/Make.xml.rules endif -- cgit v1.2.3 From 1886b6020c510cab239b3ae8db20a66991d8f8db Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Mon, 27 Apr 2020 15:34:04 +0000 Subject: build: move README prerequisites rule from modules/*/Makefile.am to Make.xml.rules As the rule is now the same in every modules/*/Makefile.am file, move it to Make.xml.rules. * Make.xml.rules (README): New prerequisites rule. * modules/pam_access/Makefile.am (README): Remove rule. * modules/pam_cracklib/Makefile.am (README): Likewise. * modules/pam_debug/Makefile.am (README): Likewise. * modules/pam_deny/Makefile.am (README): Likewise. * modules/pam_echo/Makefile.am (README): Likewise. * modules/pam_env/Makefile.am (README): Likewise. * modules/pam_exec/Makefile.am (README): Likewise. * modules/pam_faildelay/Makefile.am (README): Likewise. * modules/pam_filter/Makefile.am (README): Likewise. * modules/pam_ftp/Makefile.am (README): Likewise. * modules/pam_group/Makefile.am (README): Likewise. * modules/pam_issue/Makefile.am (README): Likewise. * modules/pam_keyinit/Makefile.am (README): Likewise. * modules/pam_lastlog/Makefile.am (README): Likewise. * modules/pam_limits/Makefile.am (README): Likewise. * modules/pam_listfile/Makefile.am (README): Likewise. * modules/pam_localuser/Makefile.am (README): Likewise. * modules/pam_loginuid/Makefile.am (README): Likewise. * modules/pam_mail/Makefile.am (README): Likewise. * modules/pam_mkhomedir/Makefile.am (README): Likewise. * modules/pam_motd/Makefile.am (README): Likewise. * modules/pam_namespace/Makefile.am (README): Likewise. * modules/pam_nologin/Makefile.am (README): Likewise. * modules/pam_permit/Makefile.am (README): Likewise. * modules/pam_pwhistory/Makefile.am (README): Likewise. * modules/pam_rhosts/Makefile.am (README): Likewise. * modules/pam_rootok/Makefile.am (README): Likewise. * modules/pam_securetty/Makefile.am (README): Likewise. * modules/pam_selinux/Makefile.am (README): Likewise. * modules/pam_sepermit/Makefile.am (README): Likewise. * modules/pam_setquota/Makefile.am (README): Likewise. * modules/pam_shells/Makefile.am (README): Likewise. * modules/pam_succeed_if/Makefile.am (README): Likewise. * modules/pam_tally/Makefile.am (README): Likewise. * modules/pam_tally2/Makefile.am (README): Likewise. * modules/pam_time/Makefile.am (README): Likewise. * modules/pam_timestamp/Makefile.am (README): Likewise. * modules/pam_tty_audit/Makefile.am (README): Likewise. * modules/pam_umask/Makefile.am (README): Likewise. * modules/pam_unix/Makefile.am (README): Likewise. * modules/pam_userdb/Makefile.am (README): Likewise. * modules/pam_usertype/Makefile.am (README): Likewise. * modules/pam_warn/Makefile.am (README): Likewise. * modules/pam_wheel/Makefile.am (README): Likewise. * modules/pam_xauth/Makefile.am (README): Likewise. --- modules/pam_time/Makefile.am | 1 - 1 file changed, 1 deletion(-) (limited to 'modules/pam_time') diff --git a/modules/pam_time/Makefile.am b/modules/pam_time/Makefile.am index 566156fd..ce8418da 100644 --- a/modules/pam_time/Makefile.am +++ b/modules/pam_time/Makefile.am @@ -30,6 +30,5 @@ secureconf_DATA = time.conf if ENABLE_REGENERATE_MAN noinst_DATA = README -README: $(XMLS) -include $(top_srcdir)/Make.xml.rules endif -- cgit v1.2.3 From d9fe742a06af41711faba73d2f97f4d13b1b0534 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Mon, 27 Apr 2020 15:34:04 +0000 Subject: modules/*/Makefile.am: reorder lines to promote uniformity This is essentially a no-op change that makes modules/*/Makefile.am files less divergent. --- modules/pam_time/Makefile.am | 1 - 1 file changed, 1 deletion(-) (limited to 'modules/pam_time') diff --git a/modules/pam_time/Makefile.am b/modules/pam_time/Makefile.am index ce8418da..23d7aa59 100644 --- a/modules/pam_time/Makefile.am +++ b/modules/pam_time/Makefile.am @@ -11,7 +11,6 @@ if HAVE_DOC man_MANS = time.conf.5 pam_time.8 endif XMLS = README.xml time.conf.5.xml pam_time.8.xml - TESTS = tst-pam_time securelibdir = $(SECUREDIR) -- cgit v1.2.3 From d8a518391c4fd93a05e19d145a01bdc8f54a2ff8 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Mon, 27 Apr 2020 15:34:04 +0000 Subject: modules/*/Makefile.am: replace README with $(DATA) in EXTRA_DIST Since the GNU Automake distributes README files by default, the only reason why README had to be listed in EXTRA_DIST was to make these README files generated. Since README is also listed in noinst_DATA, we can safely replace README in EXTRA_DIST with $(DATA), this also opens the way for further EXTRA_DIST cleanup. * modules/*/Makefile.am (EXTRA_DIST): Replace README with $(DATA). --- modules/pam_time/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/pam_time') diff --git a/modules/pam_time/Makefile.am b/modules/pam_time/Makefile.am index 23d7aa59..925b27d2 100644 --- a/modules/pam_time/Makefile.am +++ b/modules/pam_time/Makefile.am @@ -5,7 +5,7 @@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README -EXTRA_DIST = README $(MANS) $(XMLS) $(TESTS) $(secureconf_DATA) +EXTRA_DIST = $(DATA) $(MANS) $(XMLS) $(TESTS) $(secureconf_DATA) if HAVE_DOC man_MANS = time.conf.5 pam_time.8 -- cgit v1.2.3 From f576553fc0cd1ac7bb5aa81ed74e52b7e9ad84ef Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Mon, 27 Apr 2020 15:34:04 +0000 Subject: modules/*/Makefile.am: remove $(secureconf_DATA) from EXTRA_DIST Since the whole $(DATA) is listed in EXTRA_DIST, $(secureconf_DATA) can be safely de-listed. * modules/pam_access/Makefile.am (EXTRA_DIST): Remove $(secureconf_DATA). * modules/pam_env/Makefile.am: Likewise. * modules/pam_group/Makefile.am: Likewise. * modules/pam_limits/Makefile.am: Likewise. * modules/pam_namespace/Makefile.am: Likewise. * modules/pam_sepermit/Makefile.am: Likewise. * modules/pam_time/Makefile.am: Likewise. --- modules/pam_time/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/pam_time') diff --git a/modules/pam_time/Makefile.am b/modules/pam_time/Makefile.am index 925b27d2..ebb835e6 100644 --- a/modules/pam_time/Makefile.am +++ b/modules/pam_time/Makefile.am @@ -5,7 +5,7 @@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README -EXTRA_DIST = $(DATA) $(MANS) $(XMLS) $(TESTS) $(secureconf_DATA) +EXTRA_DIST = $(DATA) $(MANS) $(XMLS) $(TESTS) if HAVE_DOC man_MANS = time.conf.5 pam_time.8 -- cgit v1.2.3 From 97887fd27d83278d045f69759c9d45730c6e01c3 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Sun, 3 May 2020 01:18:44 +0000 Subject: modules/*/Makefile.am: add dist_ prefix to *_DATA ... and remove $(DATA) from EXTRA_DIST. The change is performed automatically using the following script: sed -i 's/^[a-z]*_DATA/dist_&/; /^EXTRA_DIST/ s/ \$(DATA)//' modules/*/Makefile.am --- modules/pam_time/Makefile.am | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'modules/pam_time') diff --git a/modules/pam_time/Makefile.am b/modules/pam_time/Makefile.am index ebb835e6..ba15f051 100644 --- a/modules/pam_time/Makefile.am +++ b/modules/pam_time/Makefile.am @@ -5,7 +5,7 @@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README -EXTRA_DIST = $(DATA) $(MANS) $(XMLS) $(TESTS) +EXTRA_DIST = $(MANS) $(XMLS) $(TESTS) if HAVE_DOC man_MANS = time.conf.5 pam_time.8 @@ -25,9 +25,9 @@ endif pam_time_la_LIBADD = $(top_builddir)/libpam/libpam.la securelib_LTLIBRARIES = pam_time.la -secureconf_DATA = time.conf +dist_secureconf_DATA = time.conf if ENABLE_REGENERATE_MAN -noinst_DATA = README +dist_noinst_DATA = README -include $(top_srcdir)/Make.xml.rules endif -- cgit v1.2.3 From b0321cdeccdc90f77623e14f5c9e0a52b1c5b8a6 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Sun, 3 May 2020 01:18:44 +0000 Subject: modules/*/Makefile.am: rename man_MANS to dist_man_MANS ... and remove $(MANS) from EXTRA_DIST. The change is performed automatically using the following script: sed -i 's/^man_MANS/dist_&/; /^EXTRA_DIST/ s/ \$(MANS)//' modules/*/Makefile.am --- modules/pam_time/Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/pam_time') diff --git a/modules/pam_time/Makefile.am b/modules/pam_time/Makefile.am index ba15f051..592ada8e 100644 --- a/modules/pam_time/Makefile.am +++ b/modules/pam_time/Makefile.am @@ -5,10 +5,10 @@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README -EXTRA_DIST = $(MANS) $(XMLS) $(TESTS) +EXTRA_DIST = $(XMLS) $(TESTS) if HAVE_DOC -man_MANS = time.conf.5 pam_time.8 +dist_man_MANS = time.conf.5 pam_time.8 endif XMLS = README.xml time.conf.5.xml pam_time.8.xml TESTS = tst-pam_time -- cgit v1.2.3 From f7d09edb72f605a2f7e1ec7989ab01c947bb1bee Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Sun, 3 May 2020 12:21:11 +0000 Subject: modules/*/Makefile.am: rename TESTS to dist_check_SCRIPTS ... and remove $(TESTS) from EXTRA_DIST. The change is performed automatically using the following script: sed -i -e 's/^TESTS = \(tst.*\)/dist_check_SCRIPTS = \1\nTESTS = $(dist_check_SCRIPTS)/' \ -e '/^EXTRA_DIST/ s/ \$(TESTS)//' modules/*/Makefile.am --- modules/pam_time/Makefile.am | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'modules/pam_time') diff --git a/modules/pam_time/Makefile.am b/modules/pam_time/Makefile.am index 592ada8e..833d51a6 100644 --- a/modules/pam_time/Makefile.am +++ b/modules/pam_time/Makefile.am @@ -5,13 +5,14 @@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README -EXTRA_DIST = $(XMLS) $(TESTS) +EXTRA_DIST = $(XMLS) if HAVE_DOC dist_man_MANS = time.conf.5 pam_time.8 endif XMLS = README.xml time.conf.5.xml pam_time.8.xml -TESTS = tst-pam_time +dist_check_SCRIPTS = tst-pam_time +TESTS = $(dist_check_SCRIPTS) securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -- cgit v1.2.3 From 37b5259298be9137f5b40eef16027152ddb803ff Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Fri, 1 May 2020 19:20:12 +0000 Subject: modules: remove PAM_SM_* macros Starting with commit a684595c0bbd88df71285f43fb27630e3829121e aka Linux-PAM-1.3.0~14 (Remove "--enable-static-modules" option and support from Linux-PAM), PAM_SM_* macros have no effect. --- modules/pam_time/pam_time.c | 25 ++++++++----------------- 1 file changed, 8 insertions(+), 17 deletions(-) (limited to 'modules/pam_time') diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c index 0643523a..e786d0f9 100644 --- a/modules/pam_time/pam_time.c +++ b/modules/pam_time/pam_time.c @@ -1,6 +1,6 @@ -/* pam_time module */ - /* + * pam_time module + * * Written by Andrew Morgan 1996/6/22 * (File syntax and much other inspiration from the shadow package * shadow-960129) @@ -23,6 +23,12 @@ #include #include +#include +#include +#include +#include +#include "pam_inline.h" + #ifdef HAVE_LIBAUDIT #include #endif @@ -42,21 +48,6 @@ typedef enum { AND, OR } operator; -/* - * here, we make definitions for the externally accessible functions - * in this file (these definitions are required for static modules - * but strongly encouraged generally) they are used to instruct the - * modules include file to define their prototypes. - */ - -#define PAM_SM_ACCOUNT - -#include -#include -#include -#include -#include "pam_inline.h" - static int _pam_parse (const pam_handle_t *pamh, int argc, const char **argv, const char **conffile) { -- cgit v1.2.3 From 5aca62a102b7309f1d96ded01ad1e7f94310fade Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Fri, 15 May 2020 08:00:00 +0000 Subject: modules: do not check user name for NULL if pam_get_user returned PAM_SUCCESS If pam_get_user returned PAM_SUCCESS, the user name is guaranteed to be a valid C string, no need to double check that. * modules/pam_access/pam_access.c (pam_sm_authenticate): Do not check for NULL the user name returned by pam_get_user when the latter returned PAM_SUCCESS. * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Likewise. * modules/pam_debug/pam_debug.c (pam_sm_authenticate): Likewise. * modules/pam_filter/pam_filter.c (process_args): Likewise. * modules/pam_ftp/pam_ftp.c (pam_sm_authenticate): Likewise. * modules/pam_group/pam_group.c (pam_sm_setcred): Likewise. * modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise. * modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): Likewise. * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Likewise. * modules/pam_mail/pam_mail.c (_do_mail): Likewise. * modules/pam_nologin/pam_nologin.c (perform_check): Likewise. * modules/pam_permit/pam_permit.c (pam_sm_authenticate): Likewise. * modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Likewise. * modules/pam_rhosts/pam_rhosts.c (pam_sm_authenticate): Likewise. * modules/pam_securetty/pam_securetty.c (pam_sm_authenticate): Likewise. * modules/pam_sepermit/pam_sepermit.c (pam_sm_authenticate): Likewise. * modules/pam_shells/pam_shells.c (perform_check): Likewise. * modules/pam_stress/pam_stress.c (pam_sm_authenticate): Likewise. * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Likewise. * modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Likewise. * modules/pam_timestamp/pam_timestamp.c (get_timestamp_name): Likewise. * modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise. * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise. * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Likewise. * modules/pam_usertype/pam_usertype.c (pam_usertype_get_uid): Likewise. * modules/pam_wheel/pam_wheel.c (perform_check): Likewise. * modules/pam_userdb/pam_userdb.c (pam_sm_authenticate, pam_sm_acct_mgmt): Likewise. --- modules/pam_time/pam_time.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'modules/pam_time') diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c index e786d0f9..d965cabd 100644 --- a/modules/pam_time/pam_time.c +++ b/modules/pam_time/pam_time.c @@ -623,8 +623,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, /* set username */ - if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user == NULL - || *user == '\0') { + if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || *user == '\0') { pam_syslog(pamh, LOG_ERR, "can not get the username"); return PAM_USER_UNKNOWN; } -- cgit v1.2.3 From aac5a8fdc4aa3f7e56335a6343774cc1b63b408d Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Fri, 22 May 2020 11:00:00 +0000 Subject: modules: downgrade syslog level for pam_get_user errors MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * modules/pam_access/pam_access.c (pam_sm_authenticate): Downgrade the syslog level for pam_get_user errors from LOG_ERR to LOG_NOTICE. * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Likewise. * modules/pam_ftp/pam_ftp.c (pam_sm_authenticate): Likewise. * modules/pam_group/pam_group.c (pam_sm_setcred): Likewise. * modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise. * modules/pam_loginuid/pam_loginuid.c (_pam_loginuid): Likewise. * modules/pam_mail/pam_mail.c (_do_mail): Likewise. * modules/pam_nologin/pam_nologin.c (perform_check): Likewise. * modules/pam_rhosts/pam_rhosts.c (pam_sm_authenticate): Likewise. * modules/pam_sepermit/pam_sepermit.c (pam_sm_authenticate): Likewise. * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Likewise. * modules/pam_tally/pam_tally.c (pam_get_uid): Likewise. * modules/pam_tally2/pam_tally2.c (pam_get_uid): Likewise. * modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Likewise. * modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Likewise. * modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise. * modules/pam_userdb/pam_userdb.c (pam_sm_authenticate, pam_sm_acct_mgmt): Likewise. * modules/pam_usertype/pam_usertype.c (pam_usertype_get_uid): Likewise. * modules/pam_xauth/pam_xauth.c (pam_sm_open_session, pam_sm_close_session): Likewise. * modules/pam_securetty/pam_securetty.c (securetty_perform_check): Downgrade the syslog level for pam_get_user errors from LOG_WARNING to LOG_NOTICE. * modules/pam_stress/pam_stress.c (pam_sm_authenticate): Likewise. Suggested-by: Tomáš Mráz --- modules/pam_time/pam_time.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/pam_time') diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c index d965cabd..089ae22d 100644 --- a/modules/pam_time/pam_time.c +++ b/modules/pam_time/pam_time.c @@ -624,7 +624,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, /* set username */ if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || *user == '\0') { - pam_syslog(pamh, LOG_ERR, "can not get the username"); + pam_syslog(pamh, LOG_NOTICE, "cannot determine user name"); return PAM_USER_UNKNOWN; } -- cgit v1.2.3