aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* libpamc/test: pipe deallocation mismatchChristian Göttsche2024-01-042-2/+4
| | | | | | | Close pipes opened via popen(3) with pclose(3). Also close the pipe in error branches. Reported by cppcheck.
* pam_listfile: use getlineTobias Stoeckmann2024-01-031-3/+4
| | | | Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_unix: use getlineTobias Stoeckmann2024-01-032-4/+8
| | | | Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_xauth: use getlineTobias Stoeckmann2024-01-031-2/+5
| | | | Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_faillock: use getlineTobias Stoeckmann2024-01-031-3/+5
| | | | Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_access: use getlineTobias Stoeckmann2024-01-031-7/+12
| | | | Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_exec: use getlineTobias Stoeckmann2024-01-031-2/+4
| | | | Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_limits: use getlineTobias Stoeckmann2024-01-031-8/+16
| | | | Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_sepermit: use getlineTobias Stoeckmann2024-01-031-4/+10
| | | | Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_securetty: use getlineTobias Stoeckmann2024-01-031-9/+24
| | | | Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_unix: reduce variable visibilityTobias Stoeckmann2024-01-031-3/+7
| | | | Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_unix: calculate user length only if neededTobias Stoeckmann2024-01-031-3/+4
| | | | Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_unix: use getline in _unix_getpwnamTobias Stoeckmann2024-01-031-12/+18
| | | | | | Use getline instead of fgets to allow arbitrarily long lines. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_unix: unify error handlingTobias Stoeckmann2024-01-031-15/+14
| | | | Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_unix: use calloc instead of malloc/memsetTobias Stoeckmann2024-01-031-2/+1
| | | | Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_unix: use size_t instead of int for sizesTobias Stoeckmann2024-01-031-5/+5
| | | | | | | Also rename buflen to retlen, since it is not associated with the variable buf, but ret. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_unix: avoid reading uninitialized variableTobias Stoeckmann2024-01-031-10/+8
| | | | | | | | | | | | | | | | | | | | | The function _unix_comesfromsource calls _unix_getpwnam internally. When changing the authentication token, it is first called to read local passwd file and optionally contacting NIS. If an entry is found, _unix_getpwnam is called, this time definitely reading passwd file and contacting NIS (if support exists) and parsing the entry. This is meant to check if the entry is not just available but also valid. Since the return value of _unix_getpwnam is not checked and the supplied pointer is only set in case of success, the check for a NULl pointer afterwards can lead to undefined behavior. It is easier to call _unix_getpwnam directly, check its return value and then check if the entry could be parsed. This in turn reduces the amount of /etc/passwd accesses (and fixes a theoretical TOCTOU race). Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* configure.ac: remove unneeded function checksTobias Stoeckmann2024-01-031-6/+4
| | | | | | | Even if these checks reveal that a function does not exist, there are no corresponding HAVE_* or ac_cv_func_* checks in source files. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_namespace: validate amount of uids in configTobias Stoeckmann2024-01-031-1/+6
| | | | | | | | | | | | | If more than INT_MAX uids are found in a configuration line, the variable `count` would trigger a signed integer overflow. If more than UINT_MAX uids are found in a configuration line, then the `num_uids` counter is invalid, which could eventually lead to out of boundary accesses. Also make sure that size multiplication for malloc does not overflow. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_namespace: document that the namespace.init script runs as rootMatthias Gerstner2024-01-032-2/+8
|
* pam_namespace: document instance_prefix field better wrt final elementMatthias Gerstner2024-01-031-6/+7
|
* pam_namespace: close unnecessary file descriptors before exec()Matthias Gerstner2024-01-031-0/+11
| | | | | | | | | | | Currently the `rm` subprocess and the namespace init script inherit a random set of open file descriptors from the process running PAM. Depending on the actual PAM stack configuration these can even be security sensitive files. In any case it is unclean to inherit unexpected open file descriptors to child processes like this. To address this close all file descriptors except stdio before executing a new program.
* pam_namespace: cleanup_tmpdirs(): use proper error messageMatthias Gerstner2024-01-031-1/+1
|
* pam_namespace: fix double-free on parse error in namespace.confMatthias Gerstner2024-01-031-1/+1
| | | | | | | | | If a line in namespace.conf only consists of one field then the error handling logic in process_line() ends up in a double-free, resulting in a process abort in libc. It looks like instead of NULLing the `dir` variable, the `instance_prefix` is NULLed, without purpose. Fix this.
* pam_exec: allow expose_authtok for password PAM_TYPEAnton Gubarkov2024-01-022-3/+3
| | | | | | | | | Before this change, pam_exec allowed expose_authtok option to be specified for "auth" PAM_TYPE only. * modules/pam_exec/pam_exec.c (call_exec): Allow expose_authtok to be specified for "password" PAM_TYPE. * modules/pam_exec/pam_exec.8.xml: Document it.
* pam_listfile: drop string duplicationTobias Stoeckmann2024-01-021-26/+4
| | | | | | | The ifname variable is only assigned, but the string content itself is never modified. Drop the strdup call to simplify the code. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_listfile: do not truncate argumentsTobias Stoeckmann2024-01-021-40/+31
| | | | | | Allow arbitrary lengths of arguments coming from pam configuration file. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_listfile: fix typo in commentTobias Stoeckmann2024-01-021-1/+1
| | | | Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_listfile: fix formattingTobias Stoeckmann2024-01-021-13/+14
| | | | | | | The formatting made the code look like there is an "else"-block followed by an "else if"-block. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_faillock: do not truncate argumentsTobias Stoeckmann2024-01-021-7/+11
| | | | | | | The FAILLOCK_CONF_MAX_LINELINE limitation is not true for arguments which derive from pam configuration file. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_wheel: do not truncate groupTobias Stoeckmann2024-01-021-7/+7
| | | | | | | If a pam configuration file contains a very long group name, do not silently truncate it. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_env: use strndupTobias Stoeckmann2024-01-021-12/+8
| | | | | | The strndup call is easier to review than malloc + strncpy. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_env: reduce variable visibilityTobias Stoeckmann2024-01-021-9/+9
| | | | | | This will simplify further changes. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_env: remove castTobias Stoeckmann2024-01-021-2/+2
| | | | | | | | The zu formatter is available, as can be seen one line above. Do not cast unnecessarily to unsigned long. Cosmetic change on pretty much all supported systems. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_env: fix debug and error messagesTobias Stoeckmann2024-01-021-5/+5
| | | | | | | | The tmpptr variable is only used for resolved variables. If the creation of expanded string overflows at other places, log the actually overflowing character instead of a "random" string in tmpptr. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_env: reduce stack usageTobias Stoeckmann2024-01-021-7/+3
| | | | | | | | It is not required to have a copy of the string in stack. This removes the need of another strncpy call which also makes future cleanups easier. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_env: fix memory leakTobias Stoeckmann2024-01-012-1/+3
| | | | | | | | | If DEFAULT or OVERRIDE is supplied multiple times in a line then memory leaks can occur. Adjusted test case (compile with address sanitizer to see failure). Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_listfile: add a configuration file parser testDmitry V. Levin2024-01-011-0/+35
| | | | | | | | | | The pam_listfile is apparently the only module in the tree that has mandatory options and at the same time bails out in case of unknown options. Use this specific behaviour of the module to test libpam configuration file parsing. * modules/pam_listfile/tst-pam_listfile-retval.c (main): Perform a test dedicated to configuration file parsing.
* pam_permit: add configuration file parser testTobias Stoeckmann2023-12-311-0/+29
| | | | | | | The pam_permit module is the easiest around. Use its test to add another test case for configuration file parsing in libpam itself. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* libpam: support arbitrarily long config linesTobias Stoeckmann2023-12-311-68/+229
| | | | | | | | | Use getline in _pam_assemble_line to allow very long lines. Also handle escaped newlines and NUL bytes better, even though the latter are not valid for text files. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* libpam: support very long strings in _pam_mkargvTobias Stoeckmann2023-12-313-12/+22
| | | | | | | This support has to be added before arbitrarily long lines are allowed in configuration files. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_motd: support very long argumentsTobias Stoeckmann2023-12-311-11/+10
| | | | | | | | The pam_split_string function should not use unsigned int to make sure that the counter will never overflow if arbitrarily long configuration file lines are supported. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_exec: support very large argc valuesTobias Stoeckmann2023-12-311-1/+1
| | | | | | | Prepare the calculation to support very large argc values in order to support arbitrarily long configuration lines in the future. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_filter: support very long argumentsTobias Stoeckmann2023-12-311-1/+2
| | | | | | | The return value of strlen has to be stored in size_t for future support of arbitrarily long configuration file lines. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_listfile.8: enhance formattingDmitry V. Levin2023-12-311-13/+12
| | | | | * modules/pam_listfile/pam_listfile.8.xml: Fix formatting of option arguments.
* pam_listfile.8: fix grammarDmitry V. Levin2023-12-311-3/+4
| | | | * modules/pam_listfile/pam_listfile.8.xml: Fix a few grammar issues.
* pam_listfile.8: enhance item=tty descriptionDmitry V. Levin2023-12-311-2/+2
| | | | | * modules/pam_listfile/pam_listfile.8.xml: Tweak item=tty description so it no longer implies that PAM_TTY is always set.
* pam_listfile: add a test for return valuesDmitry V. Levin2023-12-302-1/+589
| | | | | | * modules/pam_listfile/tst-pam_listfile-retval.c: New file. * modules/pam_listfile/Makefile.am (TESTS): Add $(check_PROGRAMS). (check_PROGRAMS, tst_pam_listfile_retval_LDADD): New variables.
* pam_canonicalize_user: fix the test for return valuesDmitry V. Levin2023-12-302-16/+17
| | | | | | | | | * modules/pam_canonicalize_user/tst-pam_canonicalize_user-retval.c: Fix. * modules/pam_canonicalize_user/Makefile.am (TESTS): Add $(check_PROGRAMS). (AM_LDFLAGS): Rename to pam_canonicalize_user_la_LDFLAGS. (tst_pam_canonicalize_user_retval_LDFLAGS): New variable. Fixes: 980ddf706777 ("pam_canonicalize_user: add a test for return values")
* po: update translations using Weblate (Slovenian)Martin Srebotnjak2023-12-301-7/+7
| | | | | | Currently translated at 17.8% (18 of 101 strings). Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/sl/
generated by cgit v1.2.3 (git 2.39.1) at 2025-06-02 23:12:15 +0000