aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* po: update .pot and .po filesDmitry V. Levin2022-11-1183-2140/+2717
| | | | | | Regenerate po/Linux-PAM.pot and po/*.po using "make -C po update-po" command. This updates translations of pam_faillock and pam_mail modules.
* pam_mail: adjust wording for no new mailed neville2022-11-111-1/+1
| | | | | | | | | | Wording of no new mail message should be significantly different from new mail so that it does not align in length or similar words. * modules/pam_mail/pam_mail.c (report_mail): Change the wording of no new mail message. Resolves: https://github.com/linux-pam/linux-pam/issues/465
* pam_faillock: fix typo in usage diagnosticsDmitry V. Levin2022-11-111-1/+1
| | | | | | | * modules/pam_faillock/main.c (usage): Remove extra whitespace from the usage diagnostics. Fixes: 94f0f5ebb ("faillock: add support to print login failure info in legacy format")
* po: update translations using Weblate (Spanish)Emilio Herrera2022-11-111-18/+16
| | | | | | Currently translated at 90.0% (90 of 100 strings). Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/es/
* po: update translations using Weblate (Korean)김인수2022-11-111-33/+33
| | | | | | Currently translated at 100.0% (100 of 100 strings). Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ko/
* po: update translations using Weblate (Georgian)Temuri Doghonadze2022-11-111-90/+90
| | | | | | | Currently translated at 100.0% (100 of 100 strings). Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ka/ Resolves: https://github.com/linux-pam/linux-pam/pull/485
* pam_lastlog: fix file lockingDavin Shearer2022-11-071-10/+26
| | | | | | | | | | Fixed 2 instances in the pam_lastlog module where file locks were not being enforced when reading and writing last login records. * modules/pam_lastlog/pam_lastlog.c (last_login_write): The write lock failure is fatal after 3 tries. (last_login_read): The read lock failure is non-fatal after 3 tries. It is non-fatal in the read case due to concerns about a possible DoS.
* pam_faillock: avoid logging an erroneous consecutive login failure messageDeepak Das2022-11-071-3/+5
| | | | | | | | * modules/pam_faillock/pam_faillock.c (write_tally): Avoid logging a consecutive login failure message for the root user in case when even_deny_root is not set. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2082442
* pam_faillock: Clarify missing user faillock files after rebootDeepak Das2022-11-072-0/+10
| | | | | | | | | | * modules/pam_faillock/faillock.conf.5.xml: Adding note related to missing user specific faillock files after reboot. * modules/pam_faillock/pam_faillock.8.xml: Adding note related to missing user specific faillock files after reboot. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2062512
* doc: make stylesheets configurableStefan Schubert2022-10-277-11/+36
| | | | | | | | | | | | | | | | | | | | | Before this change, all stylesheets were hardcoded. With this change, stylesheets can be defined at configure stage. * configure.ac: Add new options to configure stylesheets: --enable-html-stylesheet=FILE --enable-txt-stylesheet=FILE --enable-pdf-stylesheet=FILE --enable-man-stylesheet=FILE * doc/custom-html.xsl: Rename to doc/custom-html.xsl.in, parametrize html stylesheet. * doc/custom-man.xsl: Rename to doc/custom-man.xsl.in, parametrize man stylesheet. * doc/.gitignore: Add custom-man.xsl and custom-html.xsl. * doc/adg/Makefile.am: Use stylesheet variables. * doc/mwg/Makefile.am: Likewise. * doc/sag/Makefile.am: Likewise. Resolves: https://github.com/linux-pam/linux-pam/pull/499
* libpam*: For uncommon prefixes, provide substitution variables in pkgconfig ↵Felix Lechner2022-09-283-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | files. Fix undefined references to ${exec_prefix} in pkgconfig files on Guix. The subsequent declarations of ${libdir} and ${includedir} in the same files require this commit when ${prefix} is set to something other than /usr. When the pkgconfig files were initially provided, the two lines added here were dropped for what seemed like a good reason. [1] In the common case of a /usr prefix, 'configure.ac' sets ${libdir} and possibly ${includedir} explicitly [2] so the additional lines were then not needed. Guix and probably Nix too, however, depart from the Filesystem Hierarchy Standard and require the missing lines. Without those lines, the pkgconfig files are defective on Guix. [3] Since working systems are not affected, the lines are added for all. The fix was confirmed for Guix. One of the files looked like this: prefix=/gnu/store/3mcmjilqrivrpb3hvps32lnbnyrxrzr8-linux-pam-1.5.2-1.dc2f566 exec_prefix=${prefix} libdir=${exec_prefix}/lib includedir=/gnu/store/3mcmjilqrivrpb3hvps32lnbnyrxrzr8-linux-pam-1.5.2-1.dc2f566/include/security Name: PAM Description: The primary Linux-PAM library. It is used by PAM modules and PAM-aware applications. URL: http://www.linux-pam.org/ Version: 1.5.2 Cflags: -I${includedir} Libs: -L${libdir} -lpam * libpam/pam.pc.in, libpamc/pamc.pc.in, libpam_misc/pam_misc.pc.in: Add @prefix@ and @exec_prefix@. Resolves: https://github.com/linux-pam/linux-pam/issues/466 [1] https://github.com/linux-pam/linux-pam/pull/369#discussion_r650557756 [2] https://github.com/linux-pam/linux-pam/blob/40c271164dbcebfc5304d0537a42fb42e6b6803c/configure.ac#L28-L36 [3] https://github.com/linux-pam/linux-pam/issues/466
* pam_lastlog: check localtime_r() return valueIker Pedrosa2022-09-271-6/+6
| | | | | | | | | Check the return value of localtime_r() before calling strftime(). This function crashes if the argument is NULL. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2012871 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
* configure.ac: fix implicit function declaration in mail spool directory checkSam James2022-09-121-0/+1
| | | | | | | | | | | | | Fixes the following error with Clang 15 (which makes implicit function declarations an error by default): ``` +error: call to undeclared library function 'exit' with type 'void (int) __attribute__((noreturn))'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration] exit(0); ^ note: include the header <stdlib.h> or explicitly provide a declaration for 'exit' ``` Signed-off-by: Sam James <sam@gentoo.org>
* po: update translations using Weblate (Estonian)H A2022-07-181-8/+9
| | | | | | Currently translated at 28.0% (28 of 100 strings). Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/et/
* po: update translations using Weblate (Korean)김인수2022-07-181-6/+7
| | | | | | Currently translated at 100.0% (100 of 100 strings). Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ko/
* po: update translations using Weblate (Chinese (Simplified) (zh_CN))Dingzhong Chen2022-07-181-39/+39
| | | | | | Currently translated at 100.0% (100 of 100 strings). Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/zh_CN/
* pam_namespace: make sure the SIGCHLD handler is not reset too earlyDmitry V. Levin2022-07-161-15/+15
| | | | | | * modules/pam_namespace/pam_namespace.c (inst_init): Make sure the SIGCHLD handler is not reset too early by moving the sigaction call right before the fork call.
* pam_mkhomedir: make sure the SIGCHLD handler is not reset too earlyDmitry V. Levin2022-07-161-9/+9
| | | | | | * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Make sure the SIGCHLD handler is not reset too early by moving the sigaction call right before the fork call.
* pam_xauth: add SIGCHLD protection handledengbo2022-07-151-0/+15
| | | | | | | | * modules/pam_xauth/pam_xauth.c (run_coprocess): Save the SIGCHLD handler and reset it to the default before calling fork, restore the handler after waitpid returns. Resolves: https://github.com/linux-pam/linux-pam/pull/469
* pam_exec: add SIGCHLD protection handledengbo2022-07-151-0/+10
| | | | | | | | * modules/pam_exec/pam_exec.c (call_exec): Save the SIGCHLD handler and reset it to the default before calling fork, restore the handler after waitpid returns. Resolves: https://github.com/linux-pam/linux-pam/issues/405
* pam_pwhistory: document config load from fileIker Pedrosa2022-07-153-3/+184
| | | | | | | | | | | * modules/pam_pwhistory/pam_pwhistory.8.xml: Add new option to select configuration file to read. * modules/pam_pwhistory/pwhistory.conf.5.xml: Document configuration options for the file. * modules/pam_pwhistory/Makefile.am (dist_man_MANS): Add pwhistory.conf.5. (XMLS): Add pwhistory.conf.5.xml. Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
* pam_pwhistory: load config from fileIker Pedrosa2022-07-155-11/+197
| | | | | | | | | | | | | | | | | * modules/pam_pwhistory/pam_pwhistory.c: Load config from file and provide new conf option to select the file. * modules/pam_pwhistory/pwhistory_config.c: Parse config from file and load to options structure. * modules/pam_pwhistory/pwhistory_config.h: Move options_t structure and define parse_config_file(). * modules/pam_pwhistory/Makefile.am (noinst_HEADERS): Add pwhistory_config.h. (pam_pwhistory_la_SOURCES): Add pwhistory_config.c. (dist_secureconf_DATA): Add pwhistory.conf. * modules/pam_pwhistory/pwhistory.conf: New configuration file. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2068461 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
* libpam: improve pam_modutil_search_key() docIker Pedrosa2022-07-151-1/+10
| | | | | | | * libpam/include/security/pam_modutil.h: Improve the pam_modutil_search_key() interface documentation. Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
* _pam_add_handler: make sure struct handler is properly initialized on error pathDmitry V. Levin2022-07-151-10/+4
| | | | | | | | * libpam/pam_handlers.c (_pam_add_handler): Use calloc instead of malloc for struct handler allocation to avoid returning garbage in some fields of the structure on error path. Resolves: https://github.com/linux-pam/linux-pam/issues/475
* .github: switch whitespace-errors job to ubuntu-latestDmitry V. Levin2022-07-011-1/+1
| | | | | | | | | While ubuntu-latest in ci is not necessarily the latest version of the OS available in ci, whitespace-errors job should be agnostic to the version being used, so use the default one. * .github/workflows/ci.yml (whitespace-errors) <runs-on>: Change from ubuntu-20.04 to ubuntu-latest.
* faillock: add support to print login failure info in legacy formatShreenidhi Shedi2022-07-012-11/+66
| | | | | | | | | | | pam_tally2 had a simple and minimalstic output to show login failure info, new output of faillock makes the output look a bit complex and doesn't show failure counts in a straight manner. This patch fixes the above issue by adding "--legacy-output" flag to faillock which makes it possible to get output in pam_tally2 style. Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
* faillock: refactor faillock info printing codeShreenidhi Shedi2022-07-011-21/+31
| | | | | | Move the code to it's own function. Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
* faillock: error out if user does not existShreenidhi Shedi2022-07-011-1/+5
| | | | | | | | | | No need to do any further processing if a non existent username is given to faillock. For first time successful login, failure field should be 0 and faillock should show something like pam_tally2 did. Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
* pam_motd: do not rely on all filesystems providing a filetypePer Jessen2022-06-301-9/+40
| | | | | | | | | | | | | When using scandir() to look for MOTD files to display, we wrongly relied on all filesystems providing a filetype. This is a fix to divert to lstat() when we have no filetype. To maintain MT safety, it isn't possible to use lstat() in the scandir() filter function, so all of the filtering has been moved to an additional loop after scanning all the motd dirs. Also, remove superfluous alphasort from scandir(), we are doing a qsort() later. Resolves: https://github.com/linux-pam/linux-pam/issues/455
* pam_namespace: use vendor specific namespace.conf and namespace.init as fallbackStefan Schubert2022-06-304-15/+167
| | | | | | | | | | Use the vendor directory as fallback for a distribution provided default config and scripts if there is no configuration in /etc. pam_namespace.c: Take care about the fallback configuration in vendor directory. pam_namespace.h: Define vendor specific files and directories. pam_namespace.8.xml: Add description for vendor directories and files. namespace.conf.5.xml: Add description for vendor directories and files.
* pam_limits: use vendor specific content in limits.d directory as fallbackStefan Schubert2022-06-302-61/+164
| | | | | | | | Use the vendor directory as fallback for a distribution provided default config if there is no configuration in /etc. pam_limits.c: Take care about the fallback configuration in vendor directory. pam_limits.8.xml: Add description for vendor directory.
* pam_access: use vendor specific access.conf as fallbackStefan Schubert2022-06-302-19/+145
| | | | | | | Use the vendor directory as fallback for a distribution provided default config if there is no configuration in /etc. * pam_access.c: Take care about the fallback configuration in vendor directory. * pam_access.8.xml: Added description for vendor directory.
* .github: add a few vendordir enabled jobsDmitry V. Levin2022-06-191-0/+45
| | | | | * .github/workflows/ci.yml (gcc11-x86_64-vendordir, clang12-x86_64-vendordir, gcc11-x86-vendordir): New jobs.
* ci: add vendor directory configuration supportDmitry V. Levin2022-06-191-0/+6
| | | | | * ci/run-build-and-tests.sh: Configure using --enable-vendordir option when VENDORDIR environment variable is set.
* doc: add pam_faillock module to SAGliaohanqin2022-05-241-0/+2
|
* faillock: load configuration from fileIker Pedrosa2022-05-246-33/+109
| | | | | | | | | | | | | | | | * modules/pam_faillock/main.c: Load configuration from file * modules/pam_faillock/pam_faillock: Improve tally directory management * modules/pam_faillock/faillock_config.c: Print errors * modules/pam_faillock/faillock_config.h: Extend options structure and define get_tally_dir(). * modules/pam_faillock/Makefile.am: Compile faillock_config.c for faillock binary. * modules/pam_faillock/faillock.8.xml: Update with the new configuration option. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1978029 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
* pam_faillock: move config to its own fileIker Pedrosa2022-05-245-230/+322
| | | | | | | | | | | | | | | The configuration load can be reused by faillock. * modules/pam_faillock/faillock_config.c: Move configuration loading functions (read_config_file and set_conf_opt) to this file. * modules/pam_faillock/faillock_config.h: Move configuration loading macros and structures. * modules/pam_faillock/Makefile.am: Add faillock_config. * modules/pam_faillock/faillock.h: Remove configuration loading macros. * modules/pam_faillock/pam_faillock.c: Remove configuration loading functions, macros and structures. Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
* pam_env: reorder definitions of static functions to avoid forward declarationsDmitry V. Levin2022-04-241-268/+263
| | | | | | | * modules/pam_env/pam_env.c (_assemble_line, _parse_line, _check_var, _clean_var, _expand_arg, _pam_get_item_byname, _define_var, _undefine_var): Move definitions of static functions before their first use to avoid forward declarations cluttering the code.
* pam_issue: reorder definitions of static functions to avoid forward declarationsDmitry V. Levin2022-04-241-93/+88
| | | | | | * modules/pam_issue/pam_issue.c (read_issue_raw, read_issue_quoted): Move definitions of static functions before their first use to avoid forward declarations cluttering the code.
* po: update translations using Weblate (Punjabi)A S Alam2022-04-181-6/+6
| | | | | | Currently translated at 100.0% (100 of 100 strings). Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/pa/
* po: update translations using Weblate (Korean)Seong-ho Cho2022-04-181-77/+76
| | | | | | Currently translated at 100.0% (100 of 100 strings). Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ko/
* pam_env: add a test of return valuesStefan Schubert2022-03-112-1/+203
| | | | | | | | * modules/pam_env/tst-pam_env-retval.c: New file. * modules/pam_env/Makefile.am (TESTS): Add $(check_PROGRAMS). (check_PROGRAMS, tst_pam_env_retval_LDADD): New variables. Co-authored-by: Dmitry V. Levin <ldv@altlinux.org>
* pam_access: handle hostnames in access.confThorsten Kukuk2022-03-111-19/+76
| | | | | | | | | | According to the manual page, the following entry is valid but does not work: -:root:ALL EXCEPT localhost See https://bugzilla.suse.com/show_bug.cgi?id=1019866 Patched is based on PR#226 from Josef Moellers
* pam_exec: remove redundant free() invocationsDmitry V. Levin2022-02-241-8/+3
| | | | | | | | | In the child process, freeing memory right before pam_syslog() followed by _exit(ENOMEM) is useless. * modules/pam_exec/pam_exec.c (call_exec): Do not call free(envlist). Resolves: https://github.com/linux-pam/linux-pam/issues/444
* pam_exec: remove redundant strdupDmitry V. Levin2022-02-241-3/+5
| | | | | | | | | | In the child process, the elements of argv[] are not modified, so there is no need to copy strings. * modules/pam_exec/pam_exec.c (call_exec): Do not call strdup on argv[] elements during arggv[] initialization. Resolves: https://github.com/linux-pam/linux-pam/pull/446
* pam_nologin: don't print empty messageThorsten Kukuk2022-02-241-15/+18
|
* pam_time: fix clang compilation warningStefan Schubert2022-02-211-3/+4
| | | | | | | | Fix the following compilation warning reported by clang: "result of comparison against a string literal is unspecified (use strcmp instead)". * pam_time.c (_pam_parse): Do not compare char* string with a constant.
* pam_usertype: only use SYS_UID_MAX for system usersIker Pedrosa2022-02-213-15/+7
| | | | | | | | | | | | * modules/pam_usertype/pam_usertype.c (pam_usertype_is_system): Stop using SYS_UID_MIN to check if it is a system account, because all accounts below the SYS_UID_MAX are system users. * modules/pam_usertype/pam_usertype.8.xml: Remove reference to SYS_UID_MIN as it is no longer used to calculate the system accounts. * configure.ac: Remove PAM_USERTYPE_SYSUIDMIN. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1949137 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
* pam_keyinit: thread-safe implementationIker Pedrosa2022-02-211-16/+44
| | | | | | | | | | * modules/pam_keyinit/pam_keyinit.c: Bypass setre*id() C library calls with kernel calls and change global variables definitions to be thread-safe. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1997969 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com> Co-Authored-By: Andreas Schneider <asn@samba.org>
* po: update translations using Weblate (Chinese (Simplified) (zh_CN))pan chenbo2022-02-091-4/+5
| | | | | | Currently translated at 100.0% (100 of 100 strings). Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/zh_CN/
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-16 03:56:12 +0000