From 0fb1f5b701432b6d9f40754b69f2fe0dc6f75103 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Tue, 19 Jun 2018 00:00:00 +0000 Subject: Fix grammar of messages printed via pam_prompt Turn into proper sentences those messages that are printed without further modifications using pam_prompt in contexts where proper sentences are expected. * libpam/pam_get_authtok.c (pam_get_authtok_internal): Fix grammar of the message passed to pam_error. * modules/pam_limits/pam_limits.c (pam_sm_open_session): Likewise. * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Fix grammar of error messages passed to pam_error. * modules/pam_mail/pam_mail.c (report_mail): Fix grammar of a message passed to pam_info. * modules/pam_timestamp/pam_timestamp.c (verbose_success): Likewise. * modules/pam_selinux/pam_selinux.c (config_context, send_text): Fix grammar of messages passed to pam_prompt. * modules/pam_tally/pam_tally.c (tally_check): Fix grammar of messages passed to pam_info. * modules/pam_tally2/pam_tally2.c (tally_check): Likewise. * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Fix grammar of messages passed to _make_remark. * modules/pam_unix/pam_unix_passwd.c (_pam_unix_approve_pass, pam_sm_chauthtok): Likewise. * po/Linux-PAM.pot: Regenerate. --- modules/pam_timestamp/pam_timestamp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'modules/pam_timestamp') diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c index e29ce6e9..5da7575d 100644 --- a/modules/pam_timestamp/pam_timestamp.c +++ b/modules/pam_timestamp/pam_timestamp.c @@ -354,7 +354,8 @@ get_timestamp_name(pam_handle_t *pamh, int argc, const char **argv, static void verbose_success(pam_handle_t *pamh, long diff) { - pam_info(pamh, _("Access granted (last access was %ld seconds ago)."), diff); + pam_info(pamh, _("Access has been granted" + " (last access was %ld seconds ago)."), diff); } int -- cgit v1.2.3 From 1781f0165c6f83601088f47681a05956ad9c21e1 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Wed, 18 Dec 2019 13:55:23 +0100 Subject: Do not use CFLAGS for warning flags set from configure To be able to set CFLAGS from make command-line but not to lose the warning flags. * configure.ac: Put warning flags to WARN_CFLAGS instead of CFLAGS. * */Makefile.am: Apply WARN_CFLAGS to AM_CFLAGS. --- modules/pam_timestamp/Makefile.am | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'modules/pam_timestamp') diff --git a/modules/pam_timestamp/Makefile.am b/modules/pam_timestamp/Makefile.am index 5588225b..27fc4fcc 100644 --- a/modules/pam_timestamp/Makefile.am +++ b/modules/pam_timestamp/Makefile.am @@ -19,7 +19,8 @@ secureconfdir = $(SCONFIGDIR) noinst_HEADERS = hmacsha1.h sha1.h -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + $(WARN_CFLAGS) pam_timestamp_la_LDFLAGS = -no-undefined -avoid-version -module $(AM_LDFLAGS) pam_timestamp_la_LIBADD = $(top_builddir)/libpam/libpam.la -- cgit v1.2.3 From 375825bd5d88ee66375fd400c40af7844c1b0608 Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Wed, 13 Feb 2019 08:21:02 +0000 Subject: Miscellaneous grammar fixes --- modules/pam_timestamp/pam_timestamp_check.8.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/pam_timestamp') diff --git a/modules/pam_timestamp/pam_timestamp_check.8.xml b/modules/pam_timestamp/pam_timestamp_check.8.xml index 06432e09..8ca5a755 100644 --- a/modules/pam_timestamp/pam_timestamp_check.8.xml +++ b/modules/pam_timestamp/pam_timestamp_check.8.xml @@ -78,7 +78,7 @@ see if the default timestamp is valid, or optionally remove it. the user authenticates as herself. When the user authenticates as a different user, the name of the timestamp file changes to accommodate this. target_user allows - to specify this user name. + one to specify this user name. -- cgit v1.2.3 From 4dd9b97b762cc73816cb867d49c9d0d0b91d642c Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Sat, 25 Jan 2020 11:11:18 +0100 Subject: configure.ac: add --enable-doc option Allow the user to disable documentation through --disable-doc (enabled by default), this is especially useful when cross-compiling for embedded targets Signed-off-by: Fabrice Fontaine --- modules/pam_timestamp/Makefile.am | 2 ++ 1 file changed, 2 insertions(+) (limited to 'modules/pam_timestamp') diff --git a/modules/pam_timestamp/Makefile.am b/modules/pam_timestamp/Makefile.am index 27fc4fcc..fbac074a 100644 --- a/modules/pam_timestamp/Makefile.am +++ b/modules/pam_timestamp/Makefile.am @@ -7,7 +7,9 @@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README XMLS = README.xml pam_timestamp.8.xml pam_timestamp_check.8.xml +if HAVE_DOC man_MANS = pam_timestamp.8 pam_timestamp_check.8 +endif dist_TESTS = tst-pam_timestamp nodist_TESTS = hmacfile TESTS = $(dist_TESTS) $(nodist_TESTS) -- cgit v1.2.3 From 5956cf525bfb53ed0c5cade3b58f18fde4f85c42 Mon Sep 17 00:00:00 2001 From: TBK Date: Wed, 26 Feb 2020 00:24:39 +0100 Subject: libpamc: Use ISO C99 uintX_t types instead of u_intX_t u_intX_t is a glibcism this fixes the issue of compiling against musl libc. --- modules/pam_timestamp/sha1.c | 46 ++++++++++++++++++++++---------------------- modules/pam_timestamp/sha1.h | 5 +++-- 2 files changed, 26 insertions(+), 25 deletions(-) (limited to 'modules/pam_timestamp') diff --git a/modules/pam_timestamp/sha1.c b/modules/pam_timestamp/sha1.c index 576b4b41..af3ccb97 100644 --- a/modules/pam_timestamp/sha1.c +++ b/modules/pam_timestamp/sha1.c @@ -56,34 +56,34 @@ padding[SHA1_BLOCK_SIZE] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, }; -static u_int32_t -F(u_int32_t b, u_int32_t c, u_int32_t d) +static uint32_t +F(uint32_t b, uint32_t c, uint32_t d) { return (b & c) | ((~b) & d); } -static u_int32_t -G(u_int32_t b, u_int32_t c, u_int32_t d) +static uint32_t +G(uint32_t b, uint32_t c, uint32_t d) { return b ^ c ^ d; } -static u_int32_t -H(u_int32_t b, u_int32_t c, u_int32_t d) +static uint32_t +H(uint32_t b, uint32_t c, uint32_t d) { return (b & c) | (b & d) | (c & d); } -static u_int32_t -RL(u_int32_t n, u_int32_t s) +static uint32_t +RL(uint32_t n, uint32_t s) { return (n << s) | (n >> (32 - s)); } -static u_int32_t -sha1_round(u_int32_t (*FUNC)(u_int32_t, u_int32_t, u_int32_t), - u_int32_t a, u_int32_t b, u_int32_t c, u_int32_t d, u_int32_t e, - u_int32_t i, u_int32_t n) +static uint32_t +sha1_round(uint32_t (*FUNC)(uint32_t, uint32_t, uint32_t), + uint32_t a, uint32_t b, uint32_t c, uint32_t d, uint32_t e, + uint32_t i, uint32_t n) { return RL(a, 5) + FUNC(b, c, d) + e + i + n; } @@ -100,10 +100,10 @@ sha1_init(struct sha1_context *ctx) } static void -sha1_process(struct sha1_context *ctx, u_int32_t buffer[SHA1_BLOCK_SIZE / 4]) +sha1_process(struct sha1_context *ctx, uint32_t buffer[SHA1_BLOCK_SIZE / 4]) { - u_int32_t a, b, c, d, e, temp; - u_int32_t data[80]; + uint32_t a, b, c, d, e, temp; + uint32_t data[80]; int i; for (i = 0; i < 16; i++) { @@ -150,14 +150,14 @@ void sha1_update(struct sha1_context *ctx, const unsigned char *data, size_t length) { size_t i = 0, l = length, c, t; - u_int32_t count = 0; + uint32_t count = 0; /* Process any pending + data blocks. */ while (l + ctx->pending_count >= SHA1_BLOCK_SIZE) { c = ctx->pending_count; t = SHA1_BLOCK_SIZE - c; memcpy(ctx->pending + c, &data[i], t); - sha1_process(ctx, (u_int32_t*) ctx->pending); + sha1_process(ctx, (uint32_t*) ctx->pending); i += t; l -= t; ctx->pending_count = 0; @@ -188,7 +188,7 @@ sha1_output(struct sha1_context *ctx, unsigned char *out) /* Output the sum. */ if (out != NULL) { - u_int32_t c; + uint32_t c; memcpy(&ctx2, ctx, sizeof(ctx2)); /* Pad this block. */ @@ -197,10 +197,10 @@ sha1_output(struct sha1_context *ctx, unsigned char *out) padding, SHA1_BLOCK_SIZE - c); /* Do we need to process two blocks now? */ - if (c >= (SHA1_BLOCK_SIZE - (sizeof(u_int32_t) * 2))) { + if (c >= (SHA1_BLOCK_SIZE - (sizeof(uint32_t) * 2))) { /* Process this block. */ sha1_process(&ctx2, - (u_int32_t*) ctx2.pending); + (uint32_t*) ctx2.pending); /* Set up another block. */ ctx2.pending_count = 0; memset(ctx2.pending, 0, SHA1_BLOCK_SIZE); @@ -218,10 +218,10 @@ sha1_output(struct sha1_context *ctx, unsigned char *out) ctx2.counts[0] = htonl(ctx2.counts[0]); ctx2.counts[1] = htonl(ctx2.counts[1]); memcpy(ctx2.pending + 56, - &ctx2.counts[1], sizeof(u_int32_t)); + &ctx2.counts[1], sizeof(uint32_t)); memcpy(ctx2.pending + 60, - &ctx2.counts[0], sizeof(u_int32_t)); - sha1_process(&ctx2, (u_int32_t*) ctx2.pending); + &ctx2.counts[0], sizeof(uint32_t)); + sha1_process(&ctx2, (uint32_t*) ctx2.pending); /* Output the data. */ out[ 3] = (ctx2.a >> 0) & 0xff; diff --git a/modules/pam_timestamp/sha1.h b/modules/pam_timestamp/sha1.h index 667b87ca..a445e4e6 100644 --- a/modules/pam_timestamp/sha1.h +++ b/modules/pam_timestamp/sha1.h @@ -38,6 +38,7 @@ #ifndef pam_timestamp_sha1_h #define pam_timestamp_sha1_h +#include #include #define SHA1_BLOCK_SIZE 64 @@ -45,9 +46,9 @@ struct sha1_context { size_t count; unsigned char pending[SHA1_BLOCK_SIZE]; - u_int32_t counts[2]; + uint32_t counts[2]; size_t pending_count; - u_int32_t a, b, c, d, e; + uint32_t a, b, c, d, e; }; #define SHA1_OUTPUT_SIZE 20 -- cgit v1.2.3 From a09af55347372864d4d168fa1fa424f832426150 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Wed, 18 Mar 2020 11:16:14 +0000 Subject: modules/pam_timestamp: fix EXTRA_DIST * modules/pam_timestamp/Makefile.am (EXTRA_DIST): Replace "$(man_MANS)" with "$(MANS)" as the former is conditional on HAVE_DOC. --- modules/pam_timestamp/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/pam_timestamp') diff --git a/modules/pam_timestamp/Makefile.am b/modules/pam_timestamp/Makefile.am index fbac074a..e5064285 100644 --- a/modules/pam_timestamp/Makefile.am +++ b/modules/pam_timestamp/Makefile.am @@ -14,7 +14,7 @@ dist_TESTS = tst-pam_timestamp nodist_TESTS = hmacfile TESTS = $(dist_TESTS) $(nodist_TESTS) -EXTRA_DIST = $(man_MANS) $(XMLS) $(dist_TESTS) +EXTRA_DIST = $(MANS) $(XMLS) $(dist_TESTS) securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -- cgit v1.2.3 From 8b7112d4f0ef82d02b1219374a25089848a3a8a3 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Wed, 18 Mar 2020 21:53:06 +0000 Subject: modules/pam_timestamp: fix clang compilation warning modules/pam_timestamp/pam_timestamp.c:807:17: warning: logical not is only applied to the left hand side of this comparison [-Wlogical-not-parentheses] } else if (!timestamp_good(st.st... ^ * modules/pam_timestamp/pam_timestamp.c (main): Change timestamp_good return code check to a more traditional form. --- modules/pam_timestamp/pam_timestamp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/pam_timestamp') diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c index 5da7575d..832aa629 100644 --- a/modules/pam_timestamp/pam_timestamp.c +++ b/modules/pam_timestamp/pam_timestamp.c @@ -799,8 +799,8 @@ main(int argc, char **argv) /* Check oldest login against timestamp */ if (check_login_time(user, st.st_mtime) != PAM_SUCCESS) { retval = 7; - } else if (!timestamp_good(st.st_mtime, time(NULL), - DEFAULT_TIMESTAMP_TIMEOUT) == PAM_SUCCESS) { + } else if (timestamp_good(st.st_mtime, time(NULL), + DEFAULT_TIMESTAMP_TIMEOUT) != PAM_SUCCESS) { retval = 7; } } else { -- cgit v1.2.3 From 69f3b27b3f1d6e8ff37923bca3d2d3559129e843 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Thu, 19 Mar 2020 18:40:16 +0000 Subject: modules/pam_timestamp: fix compilation warnings MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix the following compilation warnings reported by gcc on ilp32 platforms: modules/pam_timestamp/hmacfile.c: In function ‘testvectors’: modules/pam_timestamp/hmacfile.c:121:44: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 2 has type ‘size_t’ {aka ‘unsigned int’} [-Wformat=] 121 | printf("Incorrect result for vector %lu\n", i + 1); | ~~^ ~~~~~ | | | | | size_t {aka unsigned int} | long unsigned int | %u modules/pam_timestamp/hmacfile.c:128:30: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 2 has type ‘size_t’ {aka ‘unsigned int’} [-Wformat=] 128 | printf("Error in vector %lu.\n", i + 1); | ~~^ ~~~~~ | | | | | size_t {aka unsigned int} | long unsigned int | %u In function ‘strncpy’, inlined from ‘pam_sm_open_session’ at modules/pam_timestamp/pam_timestamp.c:584:4: /usr/include/bits/string_fortified.h:106:10: warning: ‘__builtin___strncpy_chk’ output may be truncated copying between 1 and 4095 bytes from a string of length 4095 [-Wstringop-truncation] * modules/pam_timestamp/hmacfile.c (testvectors): Cast the argument of type size_t to unsigned long before passing it to printf. * modules/pam_timestamp/pam_timestamp.c (pam_sm_open_session): Use memcpy instead of strncpy as the source is not NUL-terminated, add an extra check to ensure that iterator stays inside bounds. --- modules/pam_timestamp/hmacfile.c | 6 ++++-- modules/pam_timestamp/pam_timestamp.c | 4 ++-- 2 files changed, 6 insertions(+), 4 deletions(-) (limited to 'modules/pam_timestamp') diff --git a/modules/pam_timestamp/hmacfile.c b/modules/pam_timestamp/hmacfile.c index 7c1f8bfb..69d39afa 100644 --- a/modules/pam_timestamp/hmacfile.c +++ b/modules/pam_timestamp/hmacfile.c @@ -118,14 +118,16 @@ testvectors(void) if (strncasecmp(hex, vectors[i].hmac + 2 * j, 2) != 0) { - printf("Incorrect result for vector %lu\n", i + 1); + printf("Incorrect result for vector %lu\n", + (unsigned long) i + 1); exit(1); } } free(hmac); } else { - printf("Error in vector %lu.\n", i + 1); + printf("Error in vector %lu.\n", + (unsigned long) i + 1); exit(1); } } diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c index 832aa629..d6a04a50 100644 --- a/modules/pam_timestamp/pam_timestamp.c +++ b/modules/pam_timestamp/pam_timestamp.c @@ -578,10 +578,10 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char * /* Create the directory for the timestamp file if it doesn't already * exist. */ - for (i = 1; path[i] != '\0'; i++) { + for (i = 1; i < (int) sizeof(path) && path[i] != '\0'; i++) { if (path[i] == '/') { /* Attempt to create the directory. */ - strncpy(subdir, path, i); + memcpy(subdir, path, i); subdir[i] = '\0'; if (mkdir(subdir, 0700) == 0) { /* Attempt to set the owner to the superuser. */ -- cgit v1.2.3 From f6c60926adc9fa08feaeb696ffa5bfbac7c8c9e8 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Thu, 19 Mar 2020 18:40:16 +0000 Subject: Fix most of clang -Wcast-align compilation warnings Unlike gcc, clang is not smart enough to infer the alignment of structure fields, so add some alignment hints to the code. * libpam/include/pam_cc_compat.h (PAM_ATTRIBUTE_ALIGNED): New macro. * modules/pam_namespace/md5.h: Include "pam_cc_compat.h". (struct MD5Context): Add PAM_ATTRIBUTE_ALIGNED to "in" field. * modules/pam_namespace/md5.c [!(__i386__ || __x86_64__)] (uint8_aligned): New type. [!(__i386__ || __x86_64__)] (byteReverse): Use it instead of unsigned char. * modules/pam_timestamp/sha1.h: Include "pam_cc_compat.h". (struct sha1_context): Add PAM_ATTRIBUTE_ALIGNED to pending field. * modules/pam_unix/md5.h: Include "pam_cc_compat.h". (struct MD5Context): Add PAM_ATTRIBUTE_ALIGNED to "in" field. * modules/pam_unix/md5.c [!HIGHFIRST] (uint8_aligned): New type. [!HIGHFIRST] (byteReverse): Use it instead of unsigned char. --- modules/pam_timestamp/sha1.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'modules/pam_timestamp') diff --git a/modules/pam_timestamp/sha1.h b/modules/pam_timestamp/sha1.h index a445e4e6..a1c38917 100644 --- a/modules/pam_timestamp/sha1.h +++ b/modules/pam_timestamp/sha1.h @@ -40,12 +40,13 @@ #include #include +#include "pam_cc_compat.h" #define SHA1_BLOCK_SIZE 64 struct sha1_context { size_t count; - unsigned char pending[SHA1_BLOCK_SIZE]; + unsigned char pending[SHA1_BLOCK_SIZE] PAM_ATTRIBUTE_ALIGNED(4); uint32_t counts[2]; size_t pending_count; uint32_t a, b, c, d, e; -- cgit v1.2.3 From 1181e0590c9f059c40b71718d4fb3b6c339f65db Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Mon, 16 Mar 2020 21:02:18 +0000 Subject: Use PAM_ARRAY_SIZE Replace all instances of sizeof(x) / sizeof(*x) with PAM_ARRAY_SIZE(x) which is less error-prone and implements an additional type check. * libpam/pam_handlers.c: Include "pam_inline.h". (_pam_open_config_file): Use PAM_ARRAY_SIZE. * modules/pam_exec/pam_exec.c: Include "pam_inline.h". (call_exec): Use PAM_ARRAY_SIZE. * modules/pam_namespace/pam_namespace.c: Include "pam_inline.h". (filter_mntopts): Use PAM_ARRAY_SIZE. * modules/pam_timestamp/hmacfile.c: Include "pam_inline.h". (testvectors): Use PAM_ARRAY_SIZE. * modules/pam_xauth/pam_xauth.c: Include "pam_inline.h". (run_coprocess, pam_sm_open_session): Use PAM_ARRAY_SIZE. * tests/tst-pam_get_item.c: Include "pam_inline.h". (main): Use PAM_ARRAY_SIZE. * tests/tst-pam_set_item.c: Likewise. * xtests/tst-pam_pwhistory1.c: Likewise. * xtests/tst-pam_time1.c: Likewise. --- modules/pam_timestamp/hmacfile.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'modules/pam_timestamp') diff --git a/modules/pam_timestamp/hmacfile.c b/modules/pam_timestamp/hmacfile.c index 69d39afa..371f814e 100644 --- a/modules/pam_timestamp/hmacfile.c +++ b/modules/pam_timestamp/hmacfile.c @@ -33,6 +33,8 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. */ +#include "pam_inline.h" + #include #include #include @@ -104,7 +106,7 @@ testvectors(void) "e8e99d0f45237d786d6bbaa7965c7808bbff1a91", }, }; - for (i = 0; i < sizeof(vectors) / sizeof(vectors[0]); i++) { + for (i = 0; i < PAM_ARRAY_SIZE(vectors); i++) { hmac = NULL; hmac_len = 0; hmac_sha1_generate(&hmac, &hmac_len, -- cgit v1.2.3 From 15c568dc2fa87736d3f92b2e89d41ada04f89886 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Mon, 16 Mar 2020 21:02:18 +0000 Subject: modules/pam_timestamp: use pam_str_skip_prefix * modules/pam_timestamp/pam_timestamp.c: Include "pam_inline.h". (check_tty, get_timestamp_name, pam_sm_authenticate): Use pam_str_skip_prefix instead of ugly strncmp invocations. --- modules/pam_timestamp/pam_timestamp.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'modules/pam_timestamp') diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c index d6a04a50..9790fde0 100644 --- a/modules/pam_timestamp/pam_timestamp.c +++ b/modules/pam_timestamp/pam_timestamp.c @@ -65,6 +65,7 @@ #include #include #include +#include "pam_inline.h" /* The default timeout we use is 5 minutes, which matches the sudo default * for the timestamp_timeout parameter. */ @@ -151,7 +152,7 @@ check_tty(const char *tty) } /* Pull out the meaningful part of the tty's name. */ if (strchr(tty, '/') != NULL) { - if (strncmp(tty, "/dev/", 5) != 0) { + if (pam_str_skip_prefix(tty, "/dev/") == NULL) { /* Make sure the device node is actually in /dev/, * noted by Michal Zalewski. */ return NULL; @@ -282,8 +283,10 @@ get_timestamp_name(pam_handle_t *pamh, int argc, const char **argv, } } for (i = 0; i < argc; i++) { - if (strncmp(argv[i], "timestampdir=", 13) == 0) { - tdir = argv[i] + 13; + const char *str; + + if ((str = pam_str_skip_prefix(argv[i], "timestampdir=")) != NULL) { + tdir = str; if (debug) { pam_syslog(pamh, LOG_DEBUG, "storing timestamps in `%s'", @@ -377,8 +380,10 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) } } for (i = 0; i < argc; i++) { - if (strncmp(argv[i], "timestamp_timeout=", 18) == 0) { - tmp = strtol(argv[i] + 18, &p, 0); + const char *str; + + if ((str = pam_str_skip_prefix(argv[i], "timestamp_timeout=")) != NULL) { + tmp = strtol(str, &p, 0); if ((p != NULL) && (*p == '\0')) { interval = tmp; if (debug) { -- cgit v1.2.3 From 9b62f2ed3be1731581ad8f4b7e5cefd8fd030085 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Tue, 31 Mar 2020 11:18:13 +0200 Subject: pam_timestamp: Fix // in TIMESTAMPDIR _PATH_VARRUN already provides trailing slash for building paths Fixes: $ strings /usr/lib64/security/pam_timestamp.so | grep /run/ /var/run//pam_timestamp /var/run//pam_timestamp/_pam_timestamp_key --- modules/pam_timestamp/pam_timestamp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/pam_timestamp') diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c index 9790fde0..420ce9eb 100644 --- a/modules/pam_timestamp/pam_timestamp.c +++ b/modules/pam_timestamp/pam_timestamp.c @@ -71,7 +71,7 @@ * for the timestamp_timeout parameter. */ #define DEFAULT_TIMESTAMP_TIMEOUT (5 * 60) #define MODULE "pam_timestamp" -#define TIMESTAMPDIR _PATH_VARRUN "/" MODULE +#define TIMESTAMPDIR _PATH_VARRUN MODULE #define TIMESTAMPKEY TIMESTAMPDIR "/_pam_timestamp_key" /* Various buffers we use need to be at least as large as either PATH_MAX or -- cgit v1.2.3 From f8fc750496002b6f97c0ba93bfc24bad90f80b16 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Fri, 24 Apr 2020 00:10:19 +0000 Subject: pam_timestamp: include "config.h" in hmacsha1.c as the first header This ensures "config.h" is included before any system header which fixes the following bug reported by ALT diagnostics: verify-elf: ERROR: ./lib/security/pam_timestamp.so: uses non-LFS functions: __fxstat open * modules/pam_timestamp/hmacsha1.c: Include "config.h". --- modules/pam_timestamp/hmacsha1.c | 1 + 1 file changed, 1 insertion(+) (limited to 'modules/pam_timestamp') diff --git a/modules/pam_timestamp/hmacsha1.c b/modules/pam_timestamp/hmacsha1.c index 3f411061..45a3cac2 100644 --- a/modules/pam_timestamp/hmacsha1.c +++ b/modules/pam_timestamp/hmacsha1.c @@ -36,6 +36,7 @@ * */ /* See RFC 2104 for descriptions. */ +#include "config.h" #include #include #include -- cgit v1.2.3 From 0f5b1b11d286a1ac070b75b49631f6327b286fb4 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Mon, 27 Apr 2020 15:34:04 +0000 Subject: modules/*/Makefile.am: list tests in EXTRA_DIST uniformly The change was prepared using the following script: git grep -l '^TESTS = tst-pam_' modules/ |while read m; do t="$(sed '/^TESTS = tst-pam_/!d;s/^TESTS = //;q' -- "$m")" sed -i "/^EXTRA_DIST =/ s/$t\\>/\$(TESTS)/" -- "$m" done * modules/pam_access/Makefile.am (EXTRA_DIST): Replace tst-pam_access with $(TESTS). * modules/pam_cracklib/Makefile.am (EXTRA_DIST): Replace tst-pam_cracklib with $(TESTS). * modules/pam_debug/Makefile.am (EXTRA_DIST): Replace tst-pam_debug with $(TESTS). * modules/pam_deny/Makefile.am (EXTRA_DIST): Replace tst-pam_deny with $(TESTS). * modules/pam_echo/Makefile.am (EXTRA_DIST): Replace tst-pam_echo with $(TESTS). * modules/pam_env/Makefile.am (EXTRA_DIST): Replace tst-pam_env with $(TESTS). * modules/pam_exec/Makefile.am (EXTRA_DIST): Replace tst-pam_exec with $(TESTS). * modules/pam_faildelay/Makefile.am (EXTRA_DIST): Replace tst-pam_faildelay with $(TESTS). * modules/pam_filter/Makefile.am (EXTRA_DIST): Replace tst-pam_filter with $(TESTS). * modules/pam_ftp/Makefile.am (EXTRA_DIST): Replace tst-pam_ftp with $(TESTS). * modules/pam_group/Makefile.am (EXTRA_DIST): Replace tst-pam_group with $(TESTS). * modules/pam_issue/Makefile.am (EXTRA_DIST): Replace tst-pam_issue with $(TESTS). * modules/pam_keyinit/Makefile.am (EXTRA_DIST): Replace tst-pam_keyinit with $(TESTS). * modules/pam_lastlog/Makefile.am (EXTRA_DIST): Replace tst-pam_lastlog with $(TESTS). * modules/pam_limits/Makefile.am (EXTRA_DIST): Replace tst-pam_limits with $(TESTS). * modules/pam_listfile/Makefile.am (EXTRA_DIST): Replace tst-pam_listfile with $(TESTS). * modules/pam_localuser/Makefile.am (EXTRA_DIST): Replace tst-pam_localuser with $(TESTS). * modules/pam_loginuid/Makefile.am (EXTRA_DIST): Replace tst-pam_loginuid with $(TESTS). * modules/pam_mail/Makefile.am (EXTRA_DIST): Replace tst-pam_mail with $(TESTS). * modules/pam_mkhomedir/Makefile.am (EXTRA_DIST): Replace tst-pam_mkhomedir with $(TESTS). * modules/pam_motd/Makefile.am (EXTRA_DIST): Replace tst-pam_motd with $(TESTS). * modules/pam_namespace/Makefile.am (EXTRA_DIST): Replace tst-pam_namespace with $(TESTS). * modules/pam_nologin/Makefile.am (EXTRA_DIST): Replace tst-pam_nologin with $(TESTS). * modules/pam_permit/Makefile.am (EXTRA_DIST): Replace tst-pam_permit with $(TESTS). * modules/pam_pwhistory/Makefile.am (EXTRA_DIST): Replace tst-pam_pwhistory with $(TESTS). * modules/pam_rhosts/Makefile.am (EXTRA_DIST): Replace tst-pam_rhosts with $(TESTS). * modules/pam_rootok/Makefile.am (EXTRA_DIST): Replace tst-pam_rootok with $(TESTS). * modules/pam_securetty/Makefile.am (EXTRA_DIST): Replace tst-pam_securetty with $(TESTS). * modules/pam_sepermit/Makefile.am (EXTRA_DIST): Replace tst-pam_sepermit with $(TESTS). * modules/pam_setquota/Makefile.am (EXTRA_DIST): Replace tst-pam_setquota with $(TESTS). * modules/pam_shells/Makefile.am (EXTRA_DIST): Replace tst-pam_shells with $(TESTS). * modules/pam_stress/Makefile.am (EXTRA_DIST): Replace tst-pam_stress with $(TESTS). * modules/pam_succeed_if/Makefile.am (EXTRA_DIST): Replace tst-pam_succeed_if with $(TESTS). * modules/pam_tally/Makefile.am (EXTRA_DIST): Replace tst-pam_tally with $(TESTS). * modules/pam_tally2/Makefile.am (EXTRA_DIST): Replace tst-pam_tally2 with $(TESTS). * modules/pam_time/Makefile.am (EXTRA_DIST): Replace tst-pam_time with $(TESTS). * modules/pam_tty_audit/Makefile.am (EXTRA_DIST): Replace tst-pam_tty_audit with $(TESTS). * modules/pam_umask/Makefile.am (EXTRA_DIST): Replace tst-pam_umask with $(TESTS). * modules/pam_userdb/Makefile.am (EXTRA_DIST): Replace tst-pam_userdb with $(TESTS). * modules/pam_usertype/Makefile.am (EXTRA_DIST): Replace tst-pam_usertype with $(TESTS). * modules/pam_warn/Makefile.am (EXTRA_DIST): Replace tst-pam_warn with $(TESTS). * modules/pam_wheel/Makefile.am (EXTRA_DIST): Replace tst-pam_wheel with $(TESTS). * modules/pam_xauth/Makefile.am (EXTRA_DIST): Replace tst-pam_xauth with $(TESTS). --- modules/pam_timestamp/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/pam_timestamp') diff --git a/modules/pam_timestamp/Makefile.am b/modules/pam_timestamp/Makefile.am index e5064285..ccb495f2 100644 --- a/modules/pam_timestamp/Makefile.am +++ b/modules/pam_timestamp/Makefile.am @@ -14,7 +14,7 @@ dist_TESTS = tst-pam_timestamp nodist_TESTS = hmacfile TESTS = $(dist_TESTS) $(nodist_TESTS) -EXTRA_DIST = $(MANS) $(XMLS) $(dist_TESTS) +EXTRA_DIST = README $(MANS) $(XMLS) $(dist_TESTS) securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -- cgit v1.2.3 From bd849daab0c0a1107512d4575404f22525db5f96 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Mon, 27 Apr 2020 15:34:04 +0000 Subject: modules/*/Makefile.am: list prerequisites of README target uniformly There is no need to list prerequisites of README targets manually as all README targets depend on $(XMLS). The change is performed automatically using the following script: sed -i 's/^README: pam_.*/README: $(XMLS)/' modules/*/Makefile.am * modules/pam_access/Makefile.am (README): Replace pam_access.8.xml and access.conf.5.xml with $(XMLS). * modules/pam_cracklib/Makefile.am (README): Replace pam_cracklib.8.xml with $(XMLS). * modules/pam_debug/Makefile.am (README): Replace pam_debug.8.xml with $(XMLS). * modules/pam_deny/Makefile.am (README): Replace pam_deny.8.xml with $(XMLS). * modules/pam_echo/Makefile.am (README): Replace pam_echo.8.xml with $(XMLS). * modules/pam_env/Makefile.am (README): Replace pam_env.8.xml and pam_env.conf.5.xml with $(XMLS). * modules/pam_exec/Makefile.am (README): Replace pam_exec.8.xml with $(XMLS). * modules/pam_faildelay/Makefile.am (README): Replace pam_faildelay.8.xml with $(XMLS). * modules/pam_filter/Makefile.am (README): Replace pam_filter.8.xml with $(XMLS). * modules/pam_ftp/Makefile.am (README): Replace pam_ftp.8.xml with $(XMLS). * modules/pam_group/Makefile.am (README): Replace pam_group.8.xml and group.conf.5.xml with $(XMLS). * modules/pam_issue/Makefile.am (README): Replace pam_issue.8.xml with $(XMLS). * modules/pam_keyinit/Makefile.am (README): Replace pam_keyinit.8.xml with $(XMLS). * modules/pam_lastlog/Makefile.am (README): Replace pam_lastlog.8.xml with $(XMLS). * modules/pam_limits/Makefile.am (README): Replace pam_limits.8.xml and limits.conf.5.xml with $(XMLS). * modules/pam_listfile/Makefile.am (README): Replace pam_listfile.8.xml with $(XMLS). * modules/pam_localuser/Makefile.am (README): Replace pam_localuser.8.xml with $(XMLS). * modules/pam_loginuid/Makefile.am (README): Replace pam_loginuid.8.xml with $(XMLS). * modules/pam_mail/Makefile.am (README): Replace pam_mail.8.xml with $(XMLS). * modules/pam_mkhomedir/Makefile.am (README): Replace pam_mkhomedir.8.xml with $(XMLS). * modules/pam_motd/Makefile.am (README): Replace pam_motd.8.xml with $(XMLS). * modules/pam_namespace/Makefile.am (README): Replace pam_namespace.8.xml, namespace.conf.5.xml, and pam_namespace_helper.8.xml with $(XMLS). * modules/pam_nologin/Makefile.am (README): Replace pam_nologin.8.xml with $(XMLS). * modules/pam_permit/Makefile.am (README): Replace pam_permit.8.xml with $(XMLS). * modules/pam_pwhistory/Makefile.am (README): Replace pam_pwhistory.8.xml with $(XMLS). * modules/pam_rhosts/Makefile.am (README): Replace pam_rhosts.8.xml with $(XMLS). * modules/pam_rootok/Makefile.am (README): Replace pam_rootok.8.xml with $(XMLS). * modules/pam_securetty/Makefile.am (README): Replace pam_securetty.8.xml with $(XMLS). * modules/pam_selinux/Makefile.am (README): Replace pam_selinux.8.xml with $(XMLS). * modules/pam_sepermit/Makefile.am (README): Replace pam_sepermit.8.xml with $(XMLS). * modules/pam_setquota/Makefile.am (README): Replace pam_setquota.8.xml with $(XMLS). * modules/pam_shells/Makefile.am (README): Replace pam_shells.8.xml with $(XMLS). * modules/pam_succeed_if/Makefile.am (README): Replace pam_succeed_if.8.xml with $(XMLS). * modules/pam_tally/Makefile.am (README): Replace pam_tally.8.xml with $(XMLS). * modules/pam_tally2/Makefile.am (README): Replace pam_tally2.8.xml with $(XMLS). * modules/pam_time/Makefile.am (README): Replace pam_time.8.xml and time.conf.5.xml with $(XMLS). * modules/pam_timestamp/Makefile.am (README): Replace pam_timestamp.8.xml with $(XMLS). * modules/pam_tty_audit/Makefile.am (README): Replace pam_tty_audit.8.xml with $(XMLS). * modules/pam_umask/Makefile.am (README): Replace pam_umask.8.xml with $(XMLS). * modules/pam_unix/Makefile.am (README): Replace pam_unix.8.xml with $(XMLS). * modules/pam_userdb/Makefile.am (README): Replace pam_userdb.8.xml with $(XMLS). * modules/pam_usertype/Makefile.am (README): Replace pam_usertype.8.xml with $(XMLS). * modules/pam_warn/Makefile.am (README): Replace pam_warn.8.xml with $(XMLS). * modules/pam_wheel/Makefile.am (README): Replace pam_wheel.8.xml with $(XMLS). * modules/pam_xauth/Makefile.am (README): Replace pam_xauth.8.xml with $(XMLS). --- modules/pam_timestamp/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/pam_timestamp') diff --git a/modules/pam_timestamp/Makefile.am b/modules/pam_timestamp/Makefile.am index ccb495f2..7b945712 100644 --- a/modules/pam_timestamp/Makefile.am +++ b/modules/pam_timestamp/Makefile.am @@ -46,7 +46,7 @@ hmacfile_LDADD = $(top_builddir)/libpam/libpam.la if ENABLE_REGENERATE_MAN noinst_DATA = README -README: pam_timestamp.8.xml +README: $(XMLS) -include $(top_srcdir)/Make.xml.rules endif -- cgit v1.2.3 From 1886b6020c510cab239b3ae8db20a66991d8f8db Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Mon, 27 Apr 2020 15:34:04 +0000 Subject: build: move README prerequisites rule from modules/*/Makefile.am to Make.xml.rules As the rule is now the same in every modules/*/Makefile.am file, move it to Make.xml.rules. * Make.xml.rules (README): New prerequisites rule. * modules/pam_access/Makefile.am (README): Remove rule. * modules/pam_cracklib/Makefile.am (README): Likewise. * modules/pam_debug/Makefile.am (README): Likewise. * modules/pam_deny/Makefile.am (README): Likewise. * modules/pam_echo/Makefile.am (README): Likewise. * modules/pam_env/Makefile.am (README): Likewise. * modules/pam_exec/Makefile.am (README): Likewise. * modules/pam_faildelay/Makefile.am (README): Likewise. * modules/pam_filter/Makefile.am (README): Likewise. * modules/pam_ftp/Makefile.am (README): Likewise. * modules/pam_group/Makefile.am (README): Likewise. * modules/pam_issue/Makefile.am (README): Likewise. * modules/pam_keyinit/Makefile.am (README): Likewise. * modules/pam_lastlog/Makefile.am (README): Likewise. * modules/pam_limits/Makefile.am (README): Likewise. * modules/pam_listfile/Makefile.am (README): Likewise. * modules/pam_localuser/Makefile.am (README): Likewise. * modules/pam_loginuid/Makefile.am (README): Likewise. * modules/pam_mail/Makefile.am (README): Likewise. * modules/pam_mkhomedir/Makefile.am (README): Likewise. * modules/pam_motd/Makefile.am (README): Likewise. * modules/pam_namespace/Makefile.am (README): Likewise. * modules/pam_nologin/Makefile.am (README): Likewise. * modules/pam_permit/Makefile.am (README): Likewise. * modules/pam_pwhistory/Makefile.am (README): Likewise. * modules/pam_rhosts/Makefile.am (README): Likewise. * modules/pam_rootok/Makefile.am (README): Likewise. * modules/pam_securetty/Makefile.am (README): Likewise. * modules/pam_selinux/Makefile.am (README): Likewise. * modules/pam_sepermit/Makefile.am (README): Likewise. * modules/pam_setquota/Makefile.am (README): Likewise. * modules/pam_shells/Makefile.am (README): Likewise. * modules/pam_succeed_if/Makefile.am (README): Likewise. * modules/pam_tally/Makefile.am (README): Likewise. * modules/pam_tally2/Makefile.am (README): Likewise. * modules/pam_time/Makefile.am (README): Likewise. * modules/pam_timestamp/Makefile.am (README): Likewise. * modules/pam_tty_audit/Makefile.am (README): Likewise. * modules/pam_umask/Makefile.am (README): Likewise. * modules/pam_unix/Makefile.am (README): Likewise. * modules/pam_userdb/Makefile.am (README): Likewise. * modules/pam_usertype/Makefile.am (README): Likewise. * modules/pam_warn/Makefile.am (README): Likewise. * modules/pam_wheel/Makefile.am (README): Likewise. * modules/pam_xauth/Makefile.am (README): Likewise. --- modules/pam_timestamp/Makefile.am | 1 - 1 file changed, 1 deletion(-) (limited to 'modules/pam_timestamp') diff --git a/modules/pam_timestamp/Makefile.am b/modules/pam_timestamp/Makefile.am index 7b945712..a5b292d8 100644 --- a/modules/pam_timestamp/Makefile.am +++ b/modules/pam_timestamp/Makefile.am @@ -46,7 +46,6 @@ hmacfile_LDADD = $(top_builddir)/libpam/libpam.la if ENABLE_REGENERATE_MAN noinst_DATA = README -README: $(XMLS) -include $(top_srcdir)/Make.xml.rules endif -- cgit v1.2.3 From d9fe742a06af41711faba73d2f97f4d13b1b0534 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Mon, 27 Apr 2020 15:34:04 +0000 Subject: modules/*/Makefile.am: reorder lines to promote uniformity This is essentially a no-op change that makes modules/*/Makefile.am files less divergent. --- modules/pam_timestamp/Makefile.am | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'modules/pam_timestamp') diff --git a/modules/pam_timestamp/Makefile.am b/modules/pam_timestamp/Makefile.am index a5b292d8..66b85729 100644 --- a/modules/pam_timestamp/Makefile.am +++ b/modules/pam_timestamp/Makefile.am @@ -6,16 +6,16 @@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README -XMLS = README.xml pam_timestamp.8.xml pam_timestamp_check.8.xml +EXTRA_DIST = README $(MANS) $(XMLS) $(dist_TESTS) + if HAVE_DOC man_MANS = pam_timestamp.8 pam_timestamp_check.8 endif +XMLS = README.xml pam_timestamp.8.xml pam_timestamp_check.8.xml dist_TESTS = tst-pam_timestamp nodist_TESTS = hmacfile TESTS = $(dist_TESTS) $(nodist_TESTS) -EXTRA_DIST = README $(MANS) $(XMLS) $(dist_TESTS) - securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) @@ -44,9 +44,9 @@ pam_timestamp_check_LDFLAGS = @PIE_LDFLAGS@ hmacfile_SOURCES = hmacfile.c hmacsha1.c sha1.c hmacfile_LDADD = $(top_builddir)/libpam/libpam.la +noinst_PROGRAMS = hmacfile + if ENABLE_REGENERATE_MAN noinst_DATA = README -include $(top_srcdir)/Make.xml.rules endif - -noinst_PROGRAMS = hmacfile -- cgit v1.2.3 From d8a518391c4fd93a05e19d145a01bdc8f54a2ff8 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Mon, 27 Apr 2020 15:34:04 +0000 Subject: modules/*/Makefile.am: replace README with $(DATA) in EXTRA_DIST Since the GNU Automake distributes README files by default, the only reason why README had to be listed in EXTRA_DIST was to make these README files generated. Since README is also listed in noinst_DATA, we can safely replace README in EXTRA_DIST with $(DATA), this also opens the way for further EXTRA_DIST cleanup. * modules/*/Makefile.am (EXTRA_DIST): Replace README with $(DATA). --- modules/pam_timestamp/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/pam_timestamp') diff --git a/modules/pam_timestamp/Makefile.am b/modules/pam_timestamp/Makefile.am index 66b85729..9153f888 100644 --- a/modules/pam_timestamp/Makefile.am +++ b/modules/pam_timestamp/Makefile.am @@ -6,7 +6,7 @@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README -EXTRA_DIST = README $(MANS) $(XMLS) $(dist_TESTS) +EXTRA_DIST = $(DATA) $(MANS) $(XMLS) $(dist_TESTS) if HAVE_DOC man_MANS = pam_timestamp.8 pam_timestamp_check.8 -- cgit v1.2.3 From f0f35e79d4d5c98e58955a37673b48ea299657ba Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Sun, 3 May 2020 01:18:44 +0000 Subject: modules/pam_timestamp/Makefile.am: rename dist_TESTS to dist_check_SCRIPTS ... and remove it from EXTRA_DIST * modules/pam_timestamp/Makefile.am (EXTRA_DIST): Remove $(dist_TESTS). (dist_TESTS): Rename to dist_check_SCRIPTS. (TESTS): Replace $(dist_TESTS) with $(dist_check_SCRIPTS). --- modules/pam_timestamp/Makefile.am | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'modules/pam_timestamp') diff --git a/modules/pam_timestamp/Makefile.am b/modules/pam_timestamp/Makefile.am index 9153f888..a101805f 100644 --- a/modules/pam_timestamp/Makefile.am +++ b/modules/pam_timestamp/Makefile.am @@ -6,15 +6,15 @@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README -EXTRA_DIST = $(DATA) $(MANS) $(XMLS) $(dist_TESTS) +EXTRA_DIST = $(DATA) $(MANS) $(XMLS) if HAVE_DOC man_MANS = pam_timestamp.8 pam_timestamp_check.8 endif XMLS = README.xml pam_timestamp.8.xml pam_timestamp_check.8.xml -dist_TESTS = tst-pam_timestamp +dist_check_SCRIPTS = tst-pam_timestamp nodist_TESTS = hmacfile -TESTS = $(dist_TESTS) $(nodist_TESTS) +TESTS = $(dist_check_SCRIPTS) $(nodist_TESTS) securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -- cgit v1.2.3 From d37f70b2dcb813311199200598ee6d4fc1ada52b Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Sun, 3 May 2020 01:18:44 +0000 Subject: modules/pam_timestamp/Makefile.am: rename noinst_PROGRAMS to check_PROGRAMS ... and remove nodist_TESTS. * modules/pam_timestamp/Makefile.am (nodist_TESTS): Remove. (TESTS): Replace $(nodist_TESTS) with $(check_PROGRAMS). (noinst_PROGRAMS): Rename to check_PROGRAMS. --- modules/pam_timestamp/Makefile.am | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'modules/pam_timestamp') diff --git a/modules/pam_timestamp/Makefile.am b/modules/pam_timestamp/Makefile.am index a101805f..1aee259b 100644 --- a/modules/pam_timestamp/Makefile.am +++ b/modules/pam_timestamp/Makefile.am @@ -13,8 +13,7 @@ man_MANS = pam_timestamp.8 pam_timestamp_check.8 endif XMLS = README.xml pam_timestamp.8.xml pam_timestamp_check.8.xml dist_check_SCRIPTS = tst-pam_timestamp -nodist_TESTS = hmacfile -TESTS = $(dist_check_SCRIPTS) $(nodist_TESTS) +TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS) securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) @@ -44,7 +43,7 @@ pam_timestamp_check_LDFLAGS = @PIE_LDFLAGS@ hmacfile_SOURCES = hmacfile.c hmacsha1.c sha1.c hmacfile_LDADD = $(top_builddir)/libpam/libpam.la -noinst_PROGRAMS = hmacfile +check_PROGRAMS = hmacfile if ENABLE_REGENERATE_MAN noinst_DATA = README -- cgit v1.2.3 From 97887fd27d83278d045f69759c9d45730c6e01c3 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Sun, 3 May 2020 01:18:44 +0000 Subject: modules/*/Makefile.am: add dist_ prefix to *_DATA ... and remove $(DATA) from EXTRA_DIST. The change is performed automatically using the following script: sed -i 's/^[a-z]*_DATA/dist_&/; /^EXTRA_DIST/ s/ \$(DATA)//' modules/*/Makefile.am --- modules/pam_timestamp/Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/pam_timestamp') diff --git a/modules/pam_timestamp/Makefile.am b/modules/pam_timestamp/Makefile.am index 1aee259b..eab38edb 100644 --- a/modules/pam_timestamp/Makefile.am +++ b/modules/pam_timestamp/Makefile.am @@ -6,7 +6,7 @@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README -EXTRA_DIST = $(DATA) $(MANS) $(XMLS) +EXTRA_DIST = $(MANS) $(XMLS) if HAVE_DOC man_MANS = pam_timestamp.8 pam_timestamp_check.8 @@ -46,6 +46,6 @@ hmacfile_LDADD = $(top_builddir)/libpam/libpam.la check_PROGRAMS = hmacfile if ENABLE_REGENERATE_MAN -noinst_DATA = README +dist_noinst_DATA = README -include $(top_srcdir)/Make.xml.rules endif -- cgit v1.2.3 From b0321cdeccdc90f77623e14f5c9e0a52b1c5b8a6 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Sun, 3 May 2020 01:18:44 +0000 Subject: modules/*/Makefile.am: rename man_MANS to dist_man_MANS ... and remove $(MANS) from EXTRA_DIST. The change is performed automatically using the following script: sed -i 's/^man_MANS/dist_&/; /^EXTRA_DIST/ s/ \$(MANS)//' modules/*/Makefile.am --- modules/pam_timestamp/Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/pam_timestamp') diff --git a/modules/pam_timestamp/Makefile.am b/modules/pam_timestamp/Makefile.am index eab38edb..d49abf4b 100644 --- a/modules/pam_timestamp/Makefile.am +++ b/modules/pam_timestamp/Makefile.am @@ -6,10 +6,10 @@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README -EXTRA_DIST = $(MANS) $(XMLS) +EXTRA_DIST = $(XMLS) if HAVE_DOC -man_MANS = pam_timestamp.8 pam_timestamp_check.8 +dist_man_MANS = pam_timestamp.8 pam_timestamp_check.8 endif XMLS = README.xml pam_timestamp.8.xml pam_timestamp_check.8.xml dist_check_SCRIPTS = tst-pam_timestamp -- cgit v1.2.3 From 37b5259298be9137f5b40eef16027152ddb803ff Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Fri, 1 May 2020 19:20:12 +0000 Subject: modules: remove PAM_SM_* macros Starting with commit a684595c0bbd88df71285f43fb27630e3829121e aka Linux-PAM-1.3.0~14 (Remove "--enable-static-modules" option and support from Linux-PAM), PAM_SM_* macros have no effect. --- modules/pam_timestamp/pam_timestamp.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'modules/pam_timestamp') diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c index 420ce9eb..249a9692 100644 --- a/modules/pam_timestamp/pam_timestamp.c +++ b/modules/pam_timestamp/pam_timestamp.c @@ -38,9 +38,6 @@ * */ -#define PAM_SM_AUTH -#define PAM_SM_SESSION - #include "config.h" #include -- cgit v1.2.3 From 5aca62a102b7309f1d96ded01ad1e7f94310fade Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Fri, 15 May 2020 08:00:00 +0000 Subject: modules: do not check user name for NULL if pam_get_user returned PAM_SUCCESS If pam_get_user returned PAM_SUCCESS, the user name is guaranteed to be a valid C string, no need to double check that. * modules/pam_access/pam_access.c (pam_sm_authenticate): Do not check for NULL the user name returned by pam_get_user when the latter returned PAM_SUCCESS. * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Likewise. * modules/pam_debug/pam_debug.c (pam_sm_authenticate): Likewise. * modules/pam_filter/pam_filter.c (process_args): Likewise. * modules/pam_ftp/pam_ftp.c (pam_sm_authenticate): Likewise. * modules/pam_group/pam_group.c (pam_sm_setcred): Likewise. * modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise. * modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): Likewise. * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Likewise. * modules/pam_mail/pam_mail.c (_do_mail): Likewise. * modules/pam_nologin/pam_nologin.c (perform_check): Likewise. * modules/pam_permit/pam_permit.c (pam_sm_authenticate): Likewise. * modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Likewise. * modules/pam_rhosts/pam_rhosts.c (pam_sm_authenticate): Likewise. * modules/pam_securetty/pam_securetty.c (pam_sm_authenticate): Likewise. * modules/pam_sepermit/pam_sepermit.c (pam_sm_authenticate): Likewise. * modules/pam_shells/pam_shells.c (perform_check): Likewise. * modules/pam_stress/pam_stress.c (pam_sm_authenticate): Likewise. * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Likewise. * modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Likewise. * modules/pam_timestamp/pam_timestamp.c (get_timestamp_name): Likewise. * modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise. * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise. * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Likewise. * modules/pam_usertype/pam_usertype.c (pam_usertype_get_uid): Likewise. * modules/pam_wheel/pam_wheel.c (perform_check): Likewise. * modules/pam_userdb/pam_userdb.c (pam_sm_authenticate, pam_sm_acct_mgmt): Likewise. --- modules/pam_timestamp/pam_timestamp.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'modules/pam_timestamp') diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c index 249a9692..30be883c 100644 --- a/modules/pam_timestamp/pam_timestamp.c +++ b/modules/pam_timestamp/pam_timestamp.c @@ -296,10 +296,7 @@ get_timestamp_name(pam_handle_t *pamh, int argc, const char **argv, return i; } /* Get the name of the target user. */ - if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) { - user = NULL; - } - if ((user == NULL) || (strlen(user) == 0)) { + if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user[0] == '\0') { return PAM_AUTH_ERR; } if (debug) { -- cgit v1.2.3