| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
Extend access.conf(5) syntax to support UID and GID in addition to
user and group names.
Co-authored-by: blueskycs2c <lili.ding@cs2c.com>
Signed-off-by: Dmitry V. Levin <ldv@strace.io>
Resolves: https://github.com/linux-pam/linux-pam/issues/114
Resolves: https://github.com/linux-pam/linux-pam/pull/186
Resolves: https://github.com/linux-pam/linux-pam/pull/601
|
| |
|
|
|
|
| |
sign_extend_unsigned_to_ll()
Import these handy macros from strace project.
|
| |
|
|
|
|
|
|
|
|
| |
Use the canonical terminal mode (line mode) and set ECHOCTL to prevent
cursor escape from the login prompt using arrows or escape sequences.
ICANON is the default in most cases anyway. ECHOCTL is default on tty, but
for example not on pty, allowing cursor to escape.
Stanislav Brabec <sbrabec@suse.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since audit_log_acct_message() was decorated with warn_unused_result
attribute, compilation of faillock helper produces the following
diagnostics:
main.c: In function 'do_user':
main.c:250:25: warning: ignoring return value of 'audit_log_acct_message' declared with attribute 'warn_unused_result' [-Wunused-result]
Given that this helper has never been picky about audit, e.g.
audit_open() errors do not affect its exit status, just silence this
new warning.
* modules/pam_faillock/main.c [HAVE_LIBAUDIT] (do_user): Silence
compilation warning.
|
| |
|
|
|
|
| |
Check for econf_readConfigWithCallback() and use it if available.
Co-authored-by: Dmitry V. Levin <ldv@strace.io>
|
| |
|
|
|
|
|
| |
Use this new function instead of econf_readDirs() and
econf_readDirsWithCallback().
Co-authored-by: Dmitry V. Levin <ldv@strace.io>
|
| |
|
|
|
| |
This also prevents a possible segfault when pam_set_item tries to
convert an empty service_name to lower case.
|
| |
|
|
|
|
| |
Log in case the database could not be initialized.
Include the errno on lookup failure.
|
| |
|
|
| |
Log in case the current fscreate context could not be retrieved.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* modules/pam_namespace/pam_namespace.c (create_polydir) [WITH_SELINUX]:
Free SELinux context in case of an error.
```
Error: RESOURCE_LEAK (CWE-772):
Linux-PAM-1.6.0/modules/pam_namespace/pam_namespace.c:1433: alloc_arg: "getfscreatecon_raw" allocates memory that is stored into "oldcon_raw".
Linux-PAM-1.6.0/modules/pam_namespace/pam_namespace.c:1462: leaked_storage: Variable "oldcon_raw" going out of scope leaks the storage it points to.
1460| pam_syslog(idata->pamh, LOG_ERR,
1461| "Error creating directory %s: %m", dir);
1462|-> return PAM_SESSION_ERR;
1463| }
1464|
```
Resolves: https://issues.redhat.com/browse/RHEL-36475
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* modules/pam_namespace/pam_namespace.c [WITH_SELINUX] (form_context):
Free SELinux context before returning.
```
Error: RESOURCE_LEAK (CWE-772):
Linux-PAM-1.6.0/modules/pam_namespace/pam_namespace.c:928: alloc_arg: "getexeccon" allocates memory that is stored into "scon".
Linux-PAM-1.6.0/modules/pam_namespace/pam_namespace.c:1004: leaked_storage: Variable "scon" going out of scope leaks the storage it points to.
1002| }
1003| /* Should never get here */
1004|-> return PAM_SUCCESS;
1005| }
1006| #endif
```
Resolves: https://issues.redhat.com/browse/RHEL-36475
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* modules/pam_timestamp/pam_timestamp.c (pam_sm_authenticate)
[WITH_OPENSSL]: Close the timestamp file if hmac_size returned
an error.
```
Error: RESOURCE_LEAK (CWE-772):
Linux-PAM-1.6.0/modules/pam_timestamp/pam_timestamp.c:450: open_fn: Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.]
Linux-PAM-1.6.0/modules/pam_timestamp/pam_timestamp.c:450: var_assign: Assigning: "fd" = handle returned from "open(path, 131072)".
Linux-PAM-1.6.0/modules/pam_timestamp/pam_timestamp.c:460: noescape: Resource "fd" is not freed or pointed-to in "fstat".
Linux-PAM-1.6.0/modules/pam_timestamp/pam_timestamp.c:484: leaked_handle: Handle variable "fd" going out of scope leaks the handle.
482| #ifdef WITH_OPENSSL
483| if (hmac_size(pamh, debug, &maclen)) {
484|-> return PAM_AUTH_ERR;
485| }
486| #else
```
Resolves: https://issues.redhat.com/browse/RHEL-36475
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* modules/pam_rootok/pam_rootok.c (log_callback): Close the audit socket
if vasprintf returned an error.
```
Error: RESOURCE_LEAK (CWE-772):
Linux-PAM-1.6.0/modules/pam_rootok/pam_rootok.c:59: open_fn: Returning handle opened by "audit_open".
Linux-PAM-1.6.0/modules/pam_rootok/pam_rootok.c:59: var_assign: Assigning: "audit_fd" = handle returned from "audit_open()".
Linux-PAM-1.6.0/modules/pam_rootok/pam_rootok.c:69: leaked_handle: Handle variable "audit_fd" going out of scope leaks the handle.
67| va_end(ap);
68| if (ret < 0) {
69|-> return 0;
70| }
71| audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL,
```
Resolves: https://issues.redhat.com/browse/RHEL-36475
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* modules/pam_faillock/pam_faillock.c (check_tally): Close the audit
socket when it will no longer be used.
```
Error: RESOURCE_LEAK (CWE-772):
Linux-PAM-1.6.0/modules/pam_faillock/pam_faillock.c:247: open_fn: Returning handle opened by "audit_open".
Linux-PAM-1.6.0/modules/pam_faillock/pam_faillock.c:247: var_assign: Assigning: "audit_fd" = handle returned from "audit_open()".
Linux-PAM-1.6.0/modules/pam_faillock/pam_faillock.c:256: noescape: Resource "audit_fd" is not freed or pointed-to in "audit_log_user_message".
Linux-PAM-1.6.0/modules/pam_faillock/pam_faillock.c:258: leaked_handle: Handle variable "audit_fd" going out of scope leaks the handle.
256| audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf,
257| rhost, NULL, tty, 1);
258|-> }
259| #endif
260| opts->flags |= FAILLOCK_FLAG_UNLOCKED;
```
Resolves: https://issues.redhat.com/browse/RHEL-36475
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
| |
|
|
|
|
| |
* modules/pam_env/pam_env.c [USE_ECONF] (econf_read_file): Make sure
the returned array of strings is properly initialized
when econf_getStringValue() fails to return a value.
|
| |
|
|
|
|
|
| |
* modules/pam_env/pam_env.c [USE_ECONF] (econf_read_file): Handle NULL
value returned by econf_getStringValue().
Resolves: https://github.com/linux-pam/linux-pam/issues/796
|
| |
|
|
| |
Move all historic changelog files away to avoid confusion.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Since 2011, ChangeLog file is generated from git log history.
ChangeLog-CVS is a historic changelog file that was maintained before
the project was migrated from cvs to git.
CHANGELOG is another historic changelog file that was replaced by
ChangeLog in 2005.
modules/pam_unix/CHANGELOG is the oldest of historic changelog files,
it is not maintained since 1999.
All these historic changelog files are no longer relevant, so they are
no longer included into release tarballs.
|
| |
|
|
|
|
|
|
| |
libpam/pam_modutil_check_user.c: explicitly convert the character
read from /etc/passwd to type "char" to get the same signedness
as the one compared with. Otherwise the functionality will depend
on the (implementation defined) signedness of "char" on the
platform built for.
|
| |
|
|
|
|
|
| |
Dag-Erling Smørgrav's name was encoded using some encoding other than
UTF-8 (that line predates the UTF-8 consensus). This changes it to use
UTF-8, so that it renders properly and so that editors that guess the
file is UTF-8 do not get confused about it.
|
| |
|
|
| |
Signed-off-by: Christoph Anton Mitterer <mail@christoph.anton.mitterer.name>
|
| |
|
|
|
|
| |
The previous sentence was strange to read.
Signed-off-by: Christoph Anton Mitterer <mail@christoph.anton.mitterer.name>
|
| |
|
|
|
| |
Compare the hashes in constant time as a defense-in-depth mechanism,
since performance is not a priority.
|
| |
|
|
|
|
|
|
|
| |
Add a helper function to compare two strings for equality, that performs
the same amount of operations based on the first argument, regardless of
the length of the second argument, or the position of the first
difference.
This can be used as defense-in-depth mitigation against timing attacks
of password comparisons.
|
| |
|
|
|
|
|
|
| |
* configure.ac (AC_INIT): Raise version to 1.6.1.
* po/Linux-PAM.pot (Project-Id-Version): Likewise.
* NEWS: Update.
Resolves: https://github.com/linux-pam/linux-pam/issues/774
|
| |
|
|
|
| |
Regenerate po/Linux-PAM.pot and po/*.po using "make -C po update-po"
command. This essentially updates the line numbers and timestamps.
|
| |
|
|
|
|
|
| |
* configure.ac (AC_HEADER_STDC, AC_HEADER_TIME): Remove.
(AC_CHECK_HEADERS): Remove fcntl.h, limits.h, malloc.h, sys/file.h,
sys/ioctl.h, sys/time.h, syslog.h, net/if.h, termio.h, unistd.h,
sys/fsuid.h, and inittypes.h.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
pam_get_data manual page used to claim that PAM_NO_MODULE_DATA is
returned not only when no module specific data is present but also
when there is a corresponding data entry with NULL value.
As this claim is in contradiction with the implementation and with the
pam manual page, fix pam_get_data manual page.
* doc/man/pam_get_data.3.xml (PAM_NO_MODULE_DATA): Sync with
the implementation and with the pam manual page.
Resolves: https://github.com/linux-pam/linux-pam/pull/780
|
| |
|
|
|
| |
* tests/tst-pam_get_data.c (main): Check that PAM_NO_MODULE_DATA is
returned by pam_get_data iff the corresponding data is not present.
|
| |
|
|
|
| |
* tests/tst-pam_get_data.c: Include "test_assert.h".
(main): Rewrite using ASSERT_EQ() and ASSERT_NE() macros.
|
| |
|
|
| |
The function was not tested, so add some basic testing to it.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Call bindtextdomain() only when both the function is available and
the build is configured with --enable-nls.
* libpam/pam_start.c (_pam_start_internal): Guard bindtextdomain()
invocation with ENABLE_NLS.
Complements: v1.6.0~244 ("pam_start.c: call bindtextdomain() to expose Linux-PAM locales")
Resolves: https://github.com/linux-pam/linux-pam/pull/773
|
| |
|
|
|
|
|
|
| |
Document that pam_env.so is only called by pam_setcred() and
not by pam_authenticate() when added to the auth stack.
Resolves: https://github.com/linux-pam/linux-pam/issues/680
Signed-off-by: Thorsten Kukuk <kukuk@suse.com>
|
| | |
|
| |
|
|
|
|
| |
Currently translated at 87.1% (88 of 101 strings).
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/id/
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before the change pam_unix has different behaviours for a user with
empty password for these two `/etc/shadow` entries:
nulloktest:$6$Yy4ty2jJ$bsVQWo8qlXC6UHq1/qTC3UR60ZJKmKApJ3Wj7DreAy8FxlVKtlDnplFQ7jMLVlDqordE7e4t49GvTb.aI59TP0:1::::::
nulloktest::1::::::
The entry with a hash was rejected and the entry without was accepted.
The rejection happened because 9e74e90147c "pam_unix: avoid determining
if user exists" introduced the following rejection check (slightly
simplified):
...
} else if (p[0] == '\0' && nullok) {
if (hash[0] != '\0') {
retval = PAM_AUTH_ERR;
}
We should not reject the user with a hash assuming it's non-empty.
The change does that by pushing empty password check into
`verify_pwd_hash()`.
`NixOS` generates such hashed entries for empty passwords as if they
were non-empty using the following perl code:
sub hashPassword {
my ($password) = @_;
my $salt = "";
my @chars = ('.', '/', 0..9, 'A'..'Z', 'a'..'z');
$salt .= $chars[rand 64] for (1..8);
return crypt($password, '$6$' . $salt . '$');
}
Resolves: https://github.com/linux-pam/linux-pam/issues/758
Fixes: 9e74e90147c "pam_unix: avoid determining if user exists"
Signed-off-by: Sergei Trofimovich <slyich@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
When limits.d is processed, pl->conf_file consequently points to
elements of filename_list array which are freed later even though
it can still be used in the logging.
Signed-off-by: Shaleen Bathla <shaleen.bathla@oracle.com>
Co-authored-by: Dmitry V. Levin <ldv@strace.io>
Fixes: f6b973b92281 ("Add support for limits.d directory to pam_limits")
|
| |
|
|
|
|
|
| |
It can happen that yp functions are found in system but their header
files are not available. In this case, do not call them.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
| |
Failing if a feature is directly requested is default by now.
Do the same for --enable-nis=yes.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Since the struct member user might be NULL use the same condition for
the value as for the preceding key.
Reported-by: Yugend
|
| |
|
|
|
|
|
|
| |
Untangle two distinct strings to simplify their usage.
Check for allocation failure of the second one.
Fix double-free of the second one in the error branch in line 692.
Reported-by: Yugend
|
