| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Until before, in this case PAM_AUTH_ERR was returned. This leads to unknown
users being logged with the unknown username.
Now it resembles the behaviour of other modules like pam_unix in this case.
|
| |
|
|
|
|
|
|
| |
Allocate the path buffer in check_acl() dynamically using asprintf(),
so there is no need to use a PATH_MAX-fixed size buffer. The fallback
PATH_MAX definition is no more needed, thus is dropped.
Make sure that paths too long still result in PAM_SESSION_ERR.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To support OSes without PATH_MAX (which is optional in POSIX), there are
two code paths for the 'newsource' and 'newdest' variables: one using
a PATH_MAX-sized stack buffer, and one using heap allocation. The second
is even more complicated than needed, doing manual calculations and
allocations.
To simplify the code a bit more, easing its maintenance, unify the two
using asprintf() to allocate 'newsource' and 'newdest': the extra
allocation needed should not be an issue, since this code runs in a
separate helper executable.
As additional change for this simplification, remove the reset to the
two variables to NULL right after their free(), which is not needed
since their scopes end.
|
| |
|
|
|
|
|
|
|
|
| |
Even if this module is supported officially on Linux, make sure it can
still build fine on non-Linux OSes, to ease its testing/fixing a bit:
- build parse_kernel_limits() and stuff needed for it only on Linux,
as it is called already only on Linux
- limit the code needed to apply the 'nonewprivs' options to Linux only,
as it uses a Linux-specific way to set it; add a syslog message for
other OSes
|
| |
|
|
|
|
|
| |
On some systems (e.g. GNU/Hurd), read() succeeds on the fd of a
directory; since the module assumes that read() fails (and thus
pam_modutil_read() as well), manually fail in case the open fd refers
to a directory.
|
| |
|
|
|
| |
PATH_MAX is optional in POSIX, and not defined on GNU/Hurd; hence,
in case it is not defined, define BUFLEN directly to LINE_MAX.
|
| |
|
|
|
| |
Allocate the buffers dynamically using asprintf(), so there is no need
to use PATH_MAX-fixed size buffers.
|
| |
|
|
|
|
|
|
| |
GCC and Clang only define the macro `linux` when using the GNU dialect
of C (e.g. -std=gnu11 instead of -std=c11). Since `linux` is also not
in a reserved namespace it might be target of collisions.
Use the canonical macro `__linux__` instead (already used in
pam_limits.c).
|
| |
|
|
|
|
|
| |
* modules/pam_succeed_if/pam_succeed_if.c (evaluate): Do not use the
result of keyword substitution for keyword match.
Resolves: https://github.com/linux-pam/linux-pam/issues/560
|
| |
|
|
|
|
|
| |
* modules/pam_timestamp/Makefile.am: Only build hmacfile target when
openssl isn't enabled.
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
| | |
|
| |
|
|
|
|
| |
configure.ac: Disable NIS if RPC or YP header files are missing
modules/pam_unix/support.c: Use HAVE_NIS to check for header file presence
modules/pam_unix/pam_unix_passwd.c: Use HAVE_NIS, too
|
| |
|
|
| |
This should fix shellcheck warning SC2004.
|
| |
|
|
|
|
|
|
|
|
| |
bcba17939e1b1a568cd4a764534cde74d37078cc started using pam_overwrite_n()
without providing the definition to this function, which causes a build
failure.
modules/pam_timestamp/hmac_openssl_wrapper.c: include pam_inline.h
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use empty initialization of structs to minimize the memset() usage, to
reduce the amount of calls which are not sensitive.
Non trivial changes:
- pam_env:
* erase environment variables where possible
- pam_exec:
* erase responce on error
* erase auth token
- pam_pwhistory:
* erase buffers containing old passwords
- pam_selinux: skip overwriting data structure consisting of only
pointers to insensitive data, which also gets free'd afterwards (so
it currently does not protect against double-free or use-after-free on
the member pointers)
- pam_unix: erase cipher data in more places
- pam_userdb: erase password hashes
|
| |
|
|
|
|
| |
Free the environment variables list via the designated helper
free_string_array() rather than free its elements in a loop, which might
skip some.
|
| |
|
|
|
| |
On failure the content of the string pointer passed to asprintf(3) is
undefined. Set to NULL before free'ing the parent array.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The struct utmp from glibc uses on many 64bit architectures a 32bit
time_t for compatibility with a 32bit userland, which means utmp will
not survive the year 2038 (32bit time_t overflow). Use the data from
logind instead of utmp.
* configure.ac: Add option --enable-logind
* modules/pam_issue/Makefile.am: Add CFLAGS/LIBS for logind support
* modules/pam_issue/pam_issue.c: Use sd_get_sessions instead of utmp
* modules/pam_timestamp/Makefile.am: Add CFLAGS/LIBS for logind support
* modules/pam_timestamp/pam_timestamp.c: query logind for login time
|
| |
|
|
|
|
|
|
|
| |
Otherwise the corresponding files are still installed in /etc/security.
* configure.ac (AC_SUBST): Add VENDOR_SCONFIGDIR.
(AM_CONDITIONAL): Add HAVE_VENDORDIR.
* modules/*/Makefile.am (secureconfdir): Set to VENDOR_SCONFIGDIR
if HAVE_VENDORDIR has been set, otherwise to SCONFIGDIR.
|
| |
|
|
|
|
|
| |
* modules/pam_env/tst-pam_env-retval.c: Include <errno.h> and <libgen.h>.
[VENDORDIR] (dir, dir_usr, dir_usr_etc): Remove.
[VENDORDIR] (mkdir_p, rmdir_p): New functions.
(setup, cleanup) [VENDORDIR]: Use them.
|
| |
|
|
|
|
|
|
| |
* modules/pam_env/tst-pam_env-retval.c: Replace /usr/etc/security with
VENDOR_SCONFIGDIR, /usr/etc with VENDORDIR. Do not define and use
VENDORDIR based variables unless VENDORDIR is defined.
Fixes: 6135c45347b6 ("pam_env: Use vendor specific pam_env.conf and environment as fallback")
|
| |
|
|
|
|
| |
* modules/pam_env/pam_env.conf.5.xml: Replace /usr/etc with %vendordir%.
Fixes: 6135c45347b6 ("pam_env: Use vendor specific pam_env.conf and environment as fallback")
|
| |
|
|
|
|
|
| |
* modules/pam_env/pam_env.c (VENDOR_DEFAULT_ETC_ENVFILE): Assume that
VENDORDIR already includes "/etc".
Fixes: 6135c45347b6 ("pam_env: Use vendor specific pam_env.conf and environment as fallback")
|
| |
|
|
|
|
|
|
|
| |
* configure.ac: Define HAVE_NIS if NIS is enabled.
* modules/pam_unix/Makefile.am: Don't link against yppasswd_xdr.c
if NIS is disabled.
* modules/pam_unix/pam_unix_passwd.c: Don't redefine HAVE_NIS.
Resolves: https://github.com/linux-pam/linux-pam/issues/523
|
| |
|
|
|
|
| |
* modules/pam_unix/pam_unix_passwd.c: Wrap checks for configure macros
into defined() operator.
* m4/warn_lang_flags.m4 (gl_WARN_ADD): Add -Wundef.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Use the vendor directory defined by --enable-vendordir=DIR configure
option as fallback for the distribution provided default config file
if there is no configuration in /etc.
* modules/pam_pwhistory/pam_pwhistory.8.xml: Describe pwhistory.conf
* modules/pam_pwhistory/pwhistory_config.c [VENDOR_SCONFIGDIR]
(VENDOR_PWHISTORY_DEFAULT_CONF): New macro.
(parse_config_file) [VENDOR_PWHISTORY_DEFAULT_CONF]: Try to open
VENDOR_PWHISTORY_DEFAULT_CONF if PWHISTORY_DEFAULT_CONF file does not
exist.
|
| |
|
|
|
|
| |
* modules/pam_pwhistory/tst-pam_pwhistory-retval.c: New file.
* modules/pam_pwhistory/Makefile.am (TESTS): Add $(check_PROGRAMS).
(check_PROGRAMS, tst_pam_pwhistory_retval_LDADD): New variables.
|
| |
|
|
|
|
|
| |
Regenerate yppasswd.h and yppasswd_xdr.c from yppasswd.x (libnsl) to
avoid GPL code in a PAM module.
Link: https://github.com/thkukuk/libnsl/blob/master/src/rpcsvc/yppasswd.x
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
security_getenforce(3) can return -1 on error; either because the
selinuxfs is not mounted or reading from /sys/fs/selinux/enforce failed.
Since security_getenforce(3) is either called after an approving call to
is_selinux_enabled(3) in create_context() or with populated module
data in restore_context(), which requires a previous pass of
create_context(), the selinuxfs should be mounted.
Reading from /sys/fs/selinux/enforce should never fail (except being
prohibited by the SElinux policy itself) since it is a public interface.
In the unlikely case of security_getenforce(3) nevertheless failing
continue execution as if the result was enforcing (likewise to
pam_sepermit and pam_rootok).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
clang-14 insists on issuing the following warning:
In file included from md5_good.c:4:
md5.c:92:15: error: passing 1-byte aligned argument to 4-byte aligned parameter 1 of 'byteReverse' may result in an unaligned pointer access [-Werror,-Walign-mismatch]
byteReverse(ctx->in.c, 16);
^
md5.c:101:15: error: passing 1-byte aligned argument to 4-byte aligned parameter 1 of 'byteReverse' may result in an unaligned pointer access [-Werror,-Walign-mismatch]
byteReverse(ctx->in.c, 16);
^
md5.c:136:15: error: passing 1-byte aligned argument to 4-byte aligned parameter 1 of 'byteReverse' may result in an unaligned pointer access [-Werror,-Walign-mismatch]
byteReverse(ctx->in.c, 16);
^
md5.c:145:14: error: passing 1-byte aligned argument to 4-byte aligned parameter 1 of 'byteReverse' may result in an unaligned pointer access [-Werror,-Walign-mismatch]
byteReverse(ctx->in.c, 14);
^
md5.c:151:14: error: passing 1-byte aligned argument to 4-byte aligned parameter 1 of 'byteReverse' may result in an unaligned pointer access [-Werror,-Walign-mismatch]
byteReverse(ctx->buf.c, 4);
^
* modules/pam_unix/md5.c (byteReverse): Use uint32 instead of
uint8_aligned, update all users.
(uint8_aligned): Remove unused type.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
gcc-12 insists on issuing the following warning:
In file included from /usr/include/string.h:535,
from pam_limits.c:24:
In function 'strncat',
inlined from 'check_logins' at pam_limits.c:287:6,
inlined from 'setup_limits' at pam_limits.c:1066:13,
inlined from 'pam_sm_open_session' at pam_limits.c:1267:14:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:138:10: error: '__builtin___strncat_chk' argument 2 declared attribute 'nonstring' [-Werror=stringop-overread]
138 | return __builtin___strncat_chk (__dest, __src, __len,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
139 | __glibc_objsize (__dest));
| ~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /usr/include/utmp.h:29,
from pam_limits.c:37:
/usr/include/x86_64-linux-gnu/bits/utmp.h: In function 'pam_sm_open_session':
/usr/include/x86_64-linux-gnu/bits/utmp.h:66:8: note: argument 'ut_user' declared here
66 | char ut_user[UT_NAMESIZE]
| ^~~~~~~
* modules/pam_limits/pam_limits.c (check_logins): Use memcpy instead of
strncat to pacify the compiler.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pam_listfile assumes the group being tested will be written at the end
of the argument list by carrying only a pointer to the value being
examined in 'myval'.
Therefore example
'''
auth required pam_listfile.so \
onerr=succeed apply=ftp item=user sense=deny file=/etc/ftpusers
'''
modified from https://linux.die.net/man/8/pam_listfile is not working because
'apply_val' will point to the latest value of 'myval', which in this case will
be "/etc/ftpusers" instead of "ftp".
Fix this issue by copying the value of 'myval' instead of just taking
a reference pointer.
Signed-off-by: Cyril Duval <cyril.duval@diabolocom.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changed files
--------------
Make.xml.rules.in:
- Using RNG file instead of DTD file for checking XML files.
- Taking the correct stylesheet for README files.
doc/sag/Makefile.am, doc/adg/Makefile.am, doc/mwg/Makefile.am:
- Using RNG file instead of DTD file for checking XML files.
configure.ac:
- Adding a new option for selecting RNG check file (-enable-docbook-rng)
- Switching stylesheets to docbook 5
- Checking DocBook 5 environment instead of DocBook 4 environment
*.xml:
Update from DockBook 4 to DocBook 5
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Use the vendor directory as fallback for a distribution provided default
config if there is no one in /etc.
* Makefile.am: Add libeconf setting.
* pam_env.c: Take care about the fallback configuration in the vendor directory.
* pam_env.8.xml: Add description for the vendor directory.
* pam_env.conf.5.xml: Add description for the vendor directory.
* tst-pam_env-retval.c: Add tests for libeconf.
* configure.ac: Add ECONF settings for building man pages.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
default config if there is no one in /etc.
If pam will be compiled with the option --enable-vendordir=<vendor_dir> and
NOT defined --disable-econf, the files which define valid login shells will
be parsed in following order:
- <vendor_dir>/shells
- <vendor_dir>/shells.d/*
- /etc/shells.d/shells
But all files in <vendor_dir> will be ingnored if the user has defined his
own file /etc/shells.
This commit solves issue: https://github.com/linux-pam/linux-pam/issues/498
|
| |
|
|
|
|
|
|
| |
Check if quote flag is positive before decrementing it. Otherwise, for
some use case, it could become negative, and have an unwanted empty string
instead of an undefined variable.
Signed-off-by: Valentin Lefebvre <valentin.lefebvre@suse.com>
|
| |
|
|
|
|
|
|
|
|
| |
Wording of no new mail message should be significantly different from
new mail so that it does not align in length or similar words.
* modules/pam_mail/pam_mail.c (report_mail): Change the wording of
no new mail message.
Resolves: https://github.com/linux-pam/linux-pam/issues/465
|
| |
|
|
|
|
|
| |
* modules/pam_faillock/main.c (usage): Remove extra whitespace from the
usage diagnostics.
Fixes: 94f0f5ebb ("faillock: add support to print login failure info in legacy format")
|
| |
|
|
|
|
|
|
|
|
| |
Fixed 2 instances in the pam_lastlog module where file locks were
not being enforced when reading and writing last login records.
* modules/pam_lastlog/pam_lastlog.c (last_login_write): The write lock
failure is fatal after 3 tries.
(last_login_read): The read lock failure is non-fatal after 3 tries.
It is non-fatal in the read case due to concerns about a possible DoS.
|
| |
|
|
|
|
|
|
| |
* modules/pam_faillock/pam_faillock.c (write_tally): Avoid logging
a consecutive login failure message for the root user in case when
even_deny_root is not set.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2082442
|
| |
|
|
|
|
|
|
|
|
| |
* modules/pam_faillock/faillock.conf.5.xml: Adding note related to missing
user specific faillock files after reboot.
* modules/pam_faillock/pam_faillock.8.xml: Adding note related to missing
user specific faillock files after reboot.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2062512
|
| |
|
|
|
|
|
|
|
| |
Check the return value of localtime_r() before calling strftime(). This
function crashes if the argument is NULL.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2012871
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
| |
|
|
|
|
| |
* modules/pam_namespace/pam_namespace.c (inst_init): Make sure
the SIGCHLD handler is not reset too early by moving the sigaction
call right before the fork call.
|
| |
|
|
|
|
| |
* modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Make sure
the SIGCHLD handler is not reset too early by moving the sigaction
call right before the fork call.
|
| |
|
|
|
|
|
|
| |
* modules/pam_xauth/pam_xauth.c (run_coprocess): Save the SIGCHLD
handler and reset it to the default before calling fork, restore the
handler after waitpid returns.
Resolves: https://github.com/linux-pam/linux-pam/pull/469
|
| |
|
|
|
|
|
|
| |
* modules/pam_exec/pam_exec.c (call_exec): Save the SIGCHLD handler and
reset it to the default before calling fork, restore the handler after
waitpid returns.
Resolves: https://github.com/linux-pam/linux-pam/issues/405
|
| |
|
|
|
|
|
|
|
|
|
| |
* modules/pam_pwhistory/pam_pwhistory.8.xml: Add new option to select
configuration file to read.
* modules/pam_pwhistory/pwhistory.conf.5.xml: Document configuration
options for the file.
* modules/pam_pwhistory/Makefile.am (dist_man_MANS): Add pwhistory.conf.5.
(XMLS): Add pwhistory.conf.5.xml.
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* modules/pam_pwhistory/pam_pwhistory.c: Load config from file and
provide new conf option to select the file.
* modules/pam_pwhistory/pwhistory_config.c: Parse config from file and
load to options structure.
* modules/pam_pwhistory/pwhistory_config.h: Move options_t structure and
define parse_config_file().
* modules/pam_pwhistory/Makefile.am (noinst_HEADERS): Add pwhistory_config.h.
(pam_pwhistory_la_SOURCES): Add pwhistory_config.c.
(dist_secureconf_DATA): Add pwhistory.conf.
* modules/pam_pwhistory/pwhistory.conf: New configuration file.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2068461
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
pam_tally2 had a simple and minimalstic output to show login failure
info, new output of faillock makes the output look a bit complex and
doesn't show failure counts in a straight manner.
This patch fixes the above issue by adding "--legacy-output" flag to
faillock which makes it possible to get output in pam_tally2 style.
Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
|
| |
|
|
|
|
| |
Move the code to it's own function.
Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
|
