| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Given that sed is considered a more lightweight dependency than awk,
and since sed is used by pam_namespace_helper anyway, use sed instead of
awk in namespace.init as well.
* modules/pam_namespace/namespace.init: Use sed instead of awk to obtain
the UMASK value from /etc/login.defs.
|
| |
|
|
|
|
|
|
|
|
|
| |
React on actual test if SELinux is available, not just if SELinux
should be tested for.
Currently the supposedly disabled binaries are still installed even if
SELinux is not available.
Fixes: cb9f88ba944d ("pam_unix: build unix_update only with SELinux enabled")
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
|
| |
Later checks will print a warning if daysleft is 0. If password
aging is disabled, leave daysleft at -1.
Resolves: https://github.com/linux-pam/linux-pam/issues/743
Fixes: 9ebc14085a3b ("pam_unix: allow disabled password aging")
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
| |
Theoretically the int might overflow. Use a size_t to protect this
function which might be called from an application, because it is
exposed through pam_misc.h header.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
|
| |
The libeconf routines do not remove escaped newlines the way we want to
process them later on. Manually remove them from values.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Resolves: https://github.com/linux-pam/linux-pam/issues/738
Fixes: 6135c45347b6 ("pam_env: Use vendor specific pam_env.conf and environment as fallback")
|
| |
|
|
|
|
|
|
|
| |
* modules/pam_env/pam_env.c (_parse_config_file) [!USE_ECONF &&
VENDOR_DEFAULT_CONF_FILE]: Do not fallback to vendor pam_env.conf file
if the config file is specified via module arguments.
Link: https://github.com/linux-pam/linux-pam/issues/738
Fixes: v1.5.3~69 ("pam_env: Use vendor specific pam_env.conf and environment as fallback")
|
| |
|
|
|
|
|
|
|
| |
The VENDORDIR define has to be checked after config.h
inclusion, otherwise the ifdef test always yields false.
Fixes: 6135c45347b6 ("pam_env: Use vendor specific pam_env.conf and environment as fallback")
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
|
|
| |
If configure option --enable-read-both-confs is used, the build
fails with 1.6.0 due to missing stack level depth argument passed to
_pam_parse_conf_file.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Resolves: https://github.com/linux-pam/linux-pam/issues/736
Fixes: v1.6.0~205 ("libpam: avoid infinite recursion with includes")
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pam_namespace.c makes use of SIZE_MAX but doesn't include stdint.h,
resulting in the following build failures on 1.6.0:
pam_namespace.c: In function 'process_line':
pam_namespace.c:649:41: error: 'SIZE_MAX' undeclared (first use in this function)
649 | if (count > UINT_MAX || count > SIZE_MAX / sizeof(uid_t)) {
| ^~~~~~~~
pam_namespace.c:41:1: note: 'SIZE_MAX' is defined in header '<stdint.h>'; did you forget to '#include <stdint.h>'?
40 | #include "argv_parse.h"
+++ |+#include <stdint.h>
41 |
pam_namespace.c:649:41: note: each undeclared identifier is reported only once for each function it appears in
649 | if (count > UINT_MAX || count > SIZE_MAX / sizeof(uid_t)) {
| ^~~~~~~~
Fixes: v1.6.0~100 ("pam_namespace: validate amount of uids in config")
Resolves: https://github.com/linux-pam/linux-pam/issues/733
|
| |
|
|
|
|
|
|
| |
* configure.ac (AC_INIT): Raise version to 1.6.0.
* po/Linux-PAM.pot (Project-Id-Version): Likewise.
* NEWS: Update.
Resolves: https://github.com/linux-pam/linux-pam/issues/690
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Without O_DIRECTORY the path crawling logic is subject to e.g. FIFOs
being placed in user controlled directories, causing the PAM module to
block indefinitely during `openat()`.
Pass O_DIRECTORY to cause the `openat()` to fail if the path does not
refer to a directory.
With this the check whether the final path element is a directory
becomes unnecessary, drop it.
|
| |
|
|
|
| |
Regenerate po/Linux-PAM.pot and po/*.po using "make -C po update-po"
command. This essentially updates the line numbers and timestamps.
|
| |
|
|
|
|
| |
Currently translated at 100.0% (101 of 101 strings).
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/fr/
|
| |
|
|
| |
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
| |
The option file points to a file, not a directory.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
The two files custom-html.xsl and custom-man.xsl are created at
configure time. Only delete them on `make distclean` instead of
`make clean` to be able to re-generate manual pages afterwards.
Fixes: b285afe0ea45 ("doc: remove generated files during cleanup")
|
| |
|
|
|
|
|
| |
Fail if --enable-logind is specified while libsystemd cannot be found,
so the feature is reliably enabled on request.
Complements: v1.5.3~26 ("Y2038: use logind instead of utmp")
|
| |
|
|
|
|
|
| |
Removes its usage from check_old_pass and reduces its
visibility in save_old_pass.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
| |
Users may have a hash character in their name, which would be removed.
This in turn effectively defeats the purpose of pam_pwhistory for the
user.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The opasswd file shall not use comma as a separator. Enforce colon just
like pam_pwhistory does as well.
A comma can be part of a user name, although its usage is discouraged.
If such a user exists, it could happen that stored passwords of another
user are checked.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Replace
while (getline(...) != -1 && retval)
with
while (retval && getline(...) != -1)
* modules/pam_listfile/pam_listfile.c (pam_listfile): Do not invoke
getline(3) when its result is going to be ignored.
* modules/pam_securetty/pam_securetty.c (securetty_perform_check):
Likewise.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Since the module operates on sensitive files set the close-on-exec flag,
to avoid file descriptor leaks if there is ever any sibling thread.
The fopen(3) mode "e" is supported in glibc since version 2.7 (released
in 2007), and ignored prior, see:
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=65d834b0add966dbbdb5ed1e916c60b2b2d87f10
|
| |
|
|
|
|
|
|
|
|
|
| |
In case unix_chkpwd(8) is not a setuid but a setgid binary, reset to the
real group as well.
Also check the privileges are permanently lost, see:
https://wiki.sei.cmu.edu/confluence/display/c/POS37-C.+Ensure+that+privilege+relinquishment+is+successful
See also the current Debian patch:
https://sources.debian.org/src/pam/1.5.2-9.1/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch/
|
| |
|
|
|
|
| |
In case unix_update(8) is installed as a setuid binary, which Fedora and
Debian does not do, prevent unprivileged users to probe (and eventually
change) passwords of other users (including root).
|
| |
|
|
|
|
|
| |
Emit audit reports in the helper unix_update(8) about abnormal
executions, unprivileged authentications, and password updates.
Also log unprivileged authentication failures to syslog.
|
| |
|
|
|
| |
Split the audit logging code into a separate file, to be reused by
unix_update(8).
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The returned value stored in pwd from _unix_getpwnam is inserted into
pam handler through pam_set_data. Do not manually free the value.
Also check getline return value for != -1 instead of == -1.
Fixes 8f2ca5919b26843ef774ef0aeb9bf261dec943a0 and
73d009e9ea8edafc18c7fe3650b25dd6bdce88c1. No release affected.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
| |
Disable code to run helper binary if SELinux is not enabled.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Apply the same logic of pam_unix Makefile adjustment for
pw_history as well. Reference commit is
cb9f88ba944d56c0b6c65be18500f7d56c9f514c.
The helper pwhistory_helper(8) is only called from code enabled when
SELinux support is enabled.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
| |
Instead of annotating the function definition with the format attribute
annotate the declaration, so the annotation is visible at call sites.
|
| |
|
|
|
| |
Instead of annotating the function definition with the format attribute
annotate the declaration, so the annotation is visible at call sites.
|
| |
|
|
|
|
| |
Cover previous changes with unit test.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
| |
If an empty string is encountered, do not treat it as 0. Instead,
return PAM_SERVICE_ERR as specified in comment.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fields are currently written to stack buffer, even if they already
exist in heap. Just reference them in this case. If numbers have to be
stored as a string, use a stack buffer sufficiently large for the
long long conversion (64 bit).
Also adjust the "left != buf" check to allow this change. It is simply
the else-statement to previous if-else-if-block, because in every other
case left is set to buf.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
| |
These are leftovers from fgets usages.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Calling an exported function from the module is unsafe as there is no
guarantee that the function that will be actually called is the one that
is provided by the module.
* modules/pam_usertype/pam_usertype.c (pam_sm_authenticate): Rename
to pam_usertype, add static qualifier, remove "flags" argument.
Update all callers. Add a new pam_sm_authenticate as a thin wrapper
around pam_usertype.
|
| |
|
|
|
|
|
|
|
|
|
| |
Calling an exported function from the module is unsafe as there is no
guarantee that the function that will be actually called is the one that
is provided by the module.
* modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Rename
to pam_succeed_if, add static qualifier, remove "flags" argument.
Update all callers. Add a new pam_sm_authenticate as a thin wrapper
around pam_succeed_if.
|
| |
|
|
|
|
|
|
|
|
|
| |
Calling an exported function from the module is unsafe as there is no
guarantee that the function that will be actually called is the one that
is provided by the module.
* modules/pam_sepermit/pam_sepermit.c (pam_sm_authenticate): Rename
to pam_sepermit, add static qualifier, remove "flags" argument.
Update all callers. Add a new pam_sm_authenticate as a thin wrapper
around pam_sepermit.
|
| |
|
|
|
|
|
|
|
|
|
| |
Calling an exported function from the module is unsafe as there is no
guarantee that the function that will be actually called is the one that
is provided by the module.
* modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Rename
to pam_localuser, add static qualifier, remove "flags" argument.
Update all callers. Add a new pam_sm_authenticate as a thin wrapper
around pam_localuser.
|
| |
|
|
|
|
|
|
|
|
|
| |
Calling an exported function from the module is unsafe as there is no
guarantee that the function that will be actually called is the one that
is provided by the module.
* modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): Rename
to pam_listfile, add static qualifier, remove "flags" argument.
Update all callers. Add a new pam_sm_authenticate as a thin wrapper
around pam_listfile.
|
| |
|
|
|
|
|
|
|
|
|
| |
Calling an exported function from the module is unsafe as there is no
guarantee that the function that will be actually called is the one that
is provided by the module.
* modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Rename to
pam_auth, add static qualifier, remove "flags" argument.
Update all callers. Add a new pam_sm_authenticate as a thin wrapper
around pam_auth.
|
