diff options
| author | Steve Langasek <vorlon@debian.org> | 2019-02-11 16:13:42 -0800 |
|---|---|---|
| committer | Steve Langasek <vorlon@debian.org> | 2019-02-12 06:07:57 +0000 |
| commit | 668b13da8f830c38388cecac45539972e80cb246 (patch) | |
| tree | ba3a4e02ed5ec62fe645dfa810c01d26decf591f /modules/pam_unix | |
| parent | f00afb1ef201b2eef7f9ddbe5a0c6ca802cf49bb (diff) | |
| parent | 3b77a78d575b8ab56bb0e828499df328d55c925f (diff) | |
| download | pam-668b13da8f830c38388cecac45539972e80cb246.tar.gz pam-668b13da8f830c38388cecac45539972e80cb246.tar.bz2 pam-668b13da8f830c38388cecac45539972e80cb246.zip | |
New upstream version 1.3.1
Diffstat (limited to 'modules/pam_unix')
| -rw-r--r-- | modules/pam_unix/pam_unix.8 | 4 | ||||
| -rw-r--r-- | modules/pam_unix/pam_unix_acct.c | 4 | ||||
| -rw-r--r-- | modules/pam_unix/pam_unix_auth.c | 20 | ||||
| -rw-r--r-- | modules/pam_unix/pam_unix_passwd.c | 4 | ||||
| -rw-r--r-- | modules/pam_unix/pam_unix_sess.c | 4 | ||||
| -rw-r--r-- | modules/pam_unix/passverify.c | 2 | ||||
| -rw-r--r-- | modules/pam_unix/support.c | 6 | ||||
| -rw-r--r-- | modules/pam_unix/unix_chkpwd.8 | 4 | ||||
| -rw-r--r-- | modules/pam_unix/unix_chkpwd.c | 2 | ||||
| -rw-r--r-- | modules/pam_unix/unix_update.8 | 4 |
10 files changed, 29 insertions, 25 deletions
diff --git a/modules/pam_unix/pam_unix.8 b/modules/pam_unix/pam_unix.8 index 4ca84495..b3808f1a 100644 --- a/modules/pam_unix/pam_unix.8 +++ b/modules/pam_unix/pam_unix.8 @@ -2,12 +2,12 @@ .\" Title: pam_unix .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> -.\" Date: 04/19/2016 +.\" Date: 05/18/2017 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" -.TH "PAM_UNIX" "8" "04/19/2016" "Linux-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_UNIX" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index 782d84ac..88331149 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -201,7 +201,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) uname = void_uname; D(("user = `%s'", uname)); if (retval != PAM_SUCCESS || uname == NULL) { - pam_syslog(pamh, LOG_ALERT, + pam_syslog(pamh, LOG_ERR, "could not identify user (from uid=%lu)", (unsigned long int)getuid()); return PAM_USER_UNKNOWN; @@ -209,7 +209,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) retval = get_account_info(pamh, uname, &pwent, &spent); if (retval == PAM_USER_UNKNOWN) { - pam_syslog(pamh, LOG_ALERT, + pam_syslog(pamh, LOG_ERR, "could not identify user (from getpwnam(%s))", uname); return retval; diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c index 673861e4..fce6bce1 100644 --- a/modules/pam_unix/pam_unix_auth.c +++ b/modules/pam_unix/pam_unix_auth.c @@ -77,14 +77,12 @@ #define _UNIX_AUTHTOK "-UN*X-PASS" #define AUTH_RETURN \ -do { \ - if (ret_data) { \ - D(("recording return code for next time [%d]", \ - retval)); \ - *ret_data = retval; \ - pam_set_data(pamh, "unix_setcred_return", \ - (void *) ret_data, setcred_free); \ - } \ +do { \ + D(("recording return code for next time [%d]", \ + retval)); \ + *ret_data = retval; \ + pam_set_data(pamh, "unix_setcred_return", \ + (void *) ret_data, setcred_free); \ D(("done. [%s]", pam_strerror(pamh, retval))); \ return retval; \ } while (0) @@ -112,6 +110,12 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) /* Get a few bytes so we can pass our return value to pam_sm_setcred() and pam_sm_acct_mgmt(). */ ret_data = malloc(sizeof(int)); + if (!ret_data) { + D(("cannot malloc ret_data")); + pam_syslog(pamh, LOG_CRIT, + "pam_unix_auth: cannot allocate ret_data"); + return PAM_BUF_ERR; + } /* get the user'name' */ diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index c2e43423..9fdebefb 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -774,7 +774,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) if (retval != PAM_SUCCESS) { if (on(UNIX_DEBUG, ctrl)) { - pam_syslog(pamh, LOG_ALERT, + pam_syslog(pamh, LOG_ERR, "password - new password not obtained"); } pass_old = NULL; /* tidy up */ @@ -864,7 +864,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) _pam_delete(tpass); pass_old = pass_new = NULL; } else { /* something has broken with the module */ - pam_syslog(pamh, LOG_ALERT, + pam_syslog(pamh, LOG_CRIT, "password received unknown request"); retval = PAM_ABORT; } diff --git a/modules/pam_unix/pam_unix_sess.c b/modules/pam_unix/pam_unix_sess.c index dbc62983..03e7dcd9 100644 --- a/modules/pam_unix/pam_unix_sess.c +++ b/modules/pam_unix/pam_unix_sess.c @@ -77,7 +77,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) retval = pam_get_item(pamh, PAM_USER, (void *) &user_name); if (user_name == NULL || *user_name == '\0' || retval != PAM_SUCCESS) { - pam_syslog(pamh, LOG_CRIT, + pam_syslog(pamh, LOG_ERR, "open_session - error recovering username"); return PAM_SESSION_ERR; /* How did we get authenticated with no username?! */ @@ -112,7 +112,7 @@ pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) retval = pam_get_item(pamh, PAM_USER, (void *) &user_name); if (user_name == NULL || *user_name == '\0' || retval != PAM_SUCCESS) { - pam_syslog(pamh, LOG_CRIT, + pam_syslog(pamh, LOG_ERR, "close_session - error recovering username"); return PAM_SESSION_ERR; /* How did we get authenticated with no username?! */ diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 5d6a1484..9c1771e2 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -1023,7 +1023,7 @@ helper_verify_password(const char *name, const char *p, int nullok) retval = get_pwd_hash(name, &pwd, &salt); if (pwd == NULL || salt == NULL) { - helper_log_err(LOG_WARNING, "check pass; user unknown"); + helper_log_err(LOG_NOTICE, "check pass; user unknown"); retval = PAM_USER_UNKNOWN; } else { retval = verify_pwd_hash(p, salt, nullok); diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index fc8595e9..f2e28d35 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -345,7 +345,7 @@ static void _cleanup_failures(pam_handle_t * pamh, void *fl, int err) ); if (failure->count > UNIX_MAX_RETRIES) { - pam_syslog(pamh, LOG_ALERT, + pam_syslog(pamh, LOG_NOTICE, "service(%s) ignoring max retries; %d > %d", service == NULL ? "**unknown**" : (const char *)service, failure->count, @@ -744,12 +744,12 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name if (on(UNIX_AUDIT, ctrl)) { /* this might be a typo and the user has given a password instead of a username. Careful with this. */ - pam_syslog(pamh, LOG_WARNING, + pam_syslog(pamh, LOG_NOTICE, "check pass; user (%s) unknown", name); } else { name = NULL; if (on(UNIX_DEBUG, ctrl) || pwd == NULL) { - pam_syslog(pamh, LOG_WARNING, + pam_syslog(pamh, LOG_NOTICE, "check pass; user unknown"); } else { /* don't log failure as another pam module can succeed */ diff --git a/modules/pam_unix/unix_chkpwd.8 b/modules/pam_unix/unix_chkpwd.8 index 48bba9e0..46048995 100644 --- a/modules/pam_unix/unix_chkpwd.8 +++ b/modules/pam_unix/unix_chkpwd.8 @@ -2,12 +2,12 @@ .\" Title: unix_chkpwd .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> -.\" Date: 04/01/2016 +.\" Date: 05/18/2017 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" -.TH "UNIX_CHKPWD" "8" "04/01/2016" "Linux-PAM Manual" "Linux\-PAM Manual" +.TH "UNIX_CHKPWD" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff --git a/modules/pam_unix/unix_chkpwd.c b/modules/pam_unix/unix_chkpwd.c index 61675ed2..39c84dbf 100644 --- a/modules/pam_unix/unix_chkpwd.c +++ b/modules/pam_unix/unix_chkpwd.c @@ -43,7 +43,7 @@ static int _check_expiry(const char *uname) retval = get_account_info(uname, &pwent, &spent); if (retval != PAM_SUCCESS) { - helper_log_err(LOG_ALERT, "could not obtain user info (%s)", uname); + helper_log_err(LOG_ERR, "could not obtain user info (%s)", uname); printf("-1\n"); return retval; } diff --git a/modules/pam_unix/unix_update.8 b/modules/pam_unix/unix_update.8 index 637c3cc7..c5eab08c 100644 --- a/modules/pam_unix/unix_update.8 +++ b/modules/pam_unix/unix_update.8 @@ -2,12 +2,12 @@ .\" Title: unix_update .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> -.\" Date: 04/01/2016 +.\" Date: 05/18/2017 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" -.TH "UNIX_UPDATE" "8" "04/01/2016" "Linux-PAM Manual" "Linux\-PAM Manual" +.TH "UNIX_UPDATE" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- |