| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
* .github/workflows/ci.yml (gcc11-x86_64-vendordir,
clang12-x86_64-vendordir, gcc11-x86-vendordir): New jobs.
|
| |
|
|
|
| |
* ci/run-build-and-tests.sh: Configure using --enable-vendordir option
when VENDORDIR environment variable is set.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* modules/pam_faillock/main.c: Load configuration from file
* modules/pam_faillock/pam_faillock: Improve tally directory management
* modules/pam_faillock/faillock_config.c: Print errors
* modules/pam_faillock/faillock_config.h: Extend options structure and
define get_tally_dir().
* modules/pam_faillock/Makefile.am: Compile faillock_config.c for
faillock binary.
* modules/pam_faillock/faillock.8.xml: Update with the new configuration
option.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1978029
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The configuration load can be reused by faillock.
* modules/pam_faillock/faillock_config.c: Move configuration loading
functions (read_config_file and set_conf_opt) to this file.
* modules/pam_faillock/faillock_config.h: Move configuration loading
macros and structures.
* modules/pam_faillock/Makefile.am: Add faillock_config.
* modules/pam_faillock/faillock.h: Remove configuration loading macros.
* modules/pam_faillock/pam_faillock.c: Remove configuration loading
functions, macros and structures.
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
| |
|
|
|
|
|
| |
* modules/pam_env/pam_env.c (_assemble_line, _parse_line, _check_var,
_clean_var, _expand_arg, _pam_get_item_byname, _define_var,
_undefine_var): Move definitions of static functions before their first
use to avoid forward declarations cluttering the code.
|
| |
|
|
|
|
| |
* modules/pam_issue/pam_issue.c (read_issue_raw, read_issue_quoted):
Move definitions of static functions before their first use to avoid
forward declarations cluttering the code.
|
| |
|
|
|
|
| |
Currently translated at 100.0% (100 of 100 strings).
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/pa/
|
| |
|
|
|
|
| |
Currently translated at 100.0% (100 of 100 strings).
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ko/
|
| |
|
|
|
|
|
|
| |
* modules/pam_env/tst-pam_env-retval.c: New file.
* modules/pam_env/Makefile.am (TESTS): Add $(check_PROGRAMS).
(check_PROGRAMS, tst_pam_env_retval_LDADD): New variables.
Co-authored-by: Dmitry V. Levin <ldv@altlinux.org>
|
| |
|
|
|
|
|
|
|
|
| |
According to the manual page, the following entry is valid but does not
work:
-:root:ALL EXCEPT localhost
See https://bugzilla.suse.com/show_bug.cgi?id=1019866
Patched is based on PR#226 from Josef Moellers
|
| |
|
|
|
|
|
|
|
| |
In the child process, freeing memory right before pam_syslog()
followed by _exit(ENOMEM) is useless.
* modules/pam_exec/pam_exec.c (call_exec): Do not call free(envlist).
Resolves: https://github.com/linux-pam/linux-pam/issues/444
|
| |
|
|
|
|
|
|
|
|
| |
In the child process, the elements of argv[] are not modified, so there
is no need to copy strings.
* modules/pam_exec/pam_exec.c (call_exec): Do not call strdup on argv[]
elements during arggv[] initialization.
Resolves: https://github.com/linux-pam/linux-pam/pull/446
|
| | |
|
| |
|
|
|
|
|
|
| |
Fix the following compilation warning reported by clang:
"result of comparison against a string literal is unspecified
(use strcmp instead)".
* pam_time.c (_pam_parse): Do not compare char* string with a constant.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* modules/pam_usertype/pam_usertype.c (pam_usertype_is_system): Stop
using SYS_UID_MIN to check if it is a system account, because all
accounts below the SYS_UID_MAX are system users.
* modules/pam_usertype/pam_usertype.8.xml: Remove reference to SYS_UID_MIN
as it is no longer used to calculate the system accounts.
* configure.ac: Remove PAM_USERTYPE_SYSUIDMIN.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1949137
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
* modules/pam_keyinit/pam_keyinit.c: Bypass setre*id() C library calls
with kernel calls and change global variables definitions to be
thread-safe.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1997969
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Co-Authored-By: Andreas Schneider <asn@samba.org>
|
| |
|
|
|
|
| |
Currently translated at 100.0% (100 of 100 strings).
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/zh_CN/
|
| |
|
|
|
|
| |
Currently translated at 100.0% (100 of 100 strings).
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/hr/
|
| |
|
|
|
|
| |
Currently translated at 82.0% (82 of 100 strings).
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/es/
|
| |
|
|
|
|
| |
Currently translated at 100.0% (100 of 100 strings).
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ko/
|
| |
|
|
|
|
| |
Currently translated at 100.0% (100 of 100 strings).
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/sk/
|
| |
|
|
|
|
| |
Currently translated at 1.0% (1 of 100 strings).
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/zh_HK/
|
| |
|
|
|
|
| |
Currently translated at 100.0% (100 of 100 strings).
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ja/
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use the vendor directory defined by --enable-vendordir=DIR configure
option as fallback for the distribution provided default config file
if there is no configuration in /etc.
* modules/pam_time/pam_time.8.xml: Describe this.
* modules/pam_time/time.h [VENDOR_SCONFIGDIR] (VENDOR_PAM_TIME_CONF):
New macro.
* modules/pam_time/pam_time.c (_pam_parse) [VENDOR_PAM_TIME_CONF]:
Try to open VENDOR_PAM_TIME_CONF file when no conffile= option was
specified and PAM_TIME_CONF file does not exist.
Co-authored-by: Dmitry V. Levin <ldv@altlinux.org>
Resolves: https://github.com/linux-pam/linux-pam/pull/409
|
| |
|
|
|
|
|
|
| |
* modules/pam_time/tst-pam_time-retval.c: New file.
* modules/pam_time/Makefile.am (TESTS): Add $(check_PROGRAMS).
(check_PROGRAMS, tst_pam_time_retval_LDADD): New variables.
Co-authored-by: Dmitry V. Levin <ldv@altlinux.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Sometimes, especially in embedded devices, the /etc directory can be
read-only and/or not saved over upgrades. In order to ensure password
policies are maintained across upgrades and the module functions on
read-only file systems, allow the location of the password history file
to be set in the PAM configuration.
Signed-off-by: Edward <jinzhou.zhu1@ge.com>
[Martyn Welch: Updated commit message and ported to latest version]
Signed-off-by: Martyn Welch <martyn.welch@collabora.com>
Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
|
| |
|
|
|
|
| |
* libpam/Makefile.am (libpam_la_LIBADD): Add @LTLIBINTL@.
Resolves: https://github.com/linux-pam/linux-pam/pull/433
|
| |
|
|
|
|
|
|
| |
* modules/pam_faillock/tst-pam_faillock-retval.c: New file.
* modules/pam_faillock/Makefile.am (TESTS): Add $(check_PROGRAMS).
(check_PROGRAMS, tst_pam_faillock_retval_LDADD): New variables.
Resolves: https://github.com/linux-pam/linux-pam/pull/431
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use the vendor directory defined by --enable-vendordir=DIR configure
option as fallback for the distribution provided default config file
if there is no configuration in /etc.
* modules/pam_faillock/pam_faillock.8.xml: Describe this.
* modules/pam_faillock/faillock.h [VENDOR_SCONFIGDIR]
(VENDOR_FAILLOCK_DEFAULT_CONF): New macro.
* modules/pam_faillock/pam_faillock.c (read_config_file)
[VENDOR_FAILLOCK_DEFAULT_CONF]: Try to open VENDOR_FAILLOCK_DEFAULT_CONF
file when FAILLOCK_DEFAULT_CONF file does not exist.
Co-authored-by: Dmitry V. Levin <ldv@altlinux.org>
Resolves: https://github.com/linux-pam/linux-pam/pull/423
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use the vendor directory defined by --enable-vendordir=DIR configure
option as fallback for the distribution provided default config file
if there is no configuration in /etc.
* modules/pam_group/pam_group.c: Include <errno.h>.
[VENDOR_SCONFIGDIR] (VENDOR_PAM_GROUP_CONF): New macro.
(read_field): Add conf_filename argument, use it instead of PAM_GROUP_CONF.
(check_account) <conf_filename>: New variable, initialize it to
PAM_GROUP_CONF, pass it to read_field().
[VENDOR_PAM_GROUP_CONF]: Assign VENDOR_PAM_GROUP_CONF to conf_filename
when PAM_GROUP_CONF file does not exist.
* modules/pam_group/pam_group.8.xml: Describe it.
Co-authored-by: Dmitry V. Levin <ldv@altlinux.org>
Resolves: https://github.com/linux-pam/linux-pam/pull/412
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use the vendor directory defined by --enable-vendordir=DIR configure
option as fallback for the distribution provided default config file
if there is no configuration in /etc.
* modules/pam_sepermit/pam_sepermit.c [VENDOR_SCONFIGDIR]
(SEPERMIT_VENDOR_CONF_FILE): New macro.
(pam_sm_authenticate) [SEPERMIT_VENDOR_CONF_FILE]: Use it as default
config file when conf= option is not specified and the file pointed
by SEPERMIT_CONF_FILE does not exist.
* modules/pam_sepermit/pam_sepermit.8.xml: Describe it.
Co-authored-by: Dmitry V. Levin <ldv@altlinux.org>
Resolves: https://github.com/linux-pam/linux-pam/pull/411
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The last build of Linux-PAM by travis-ci.org was in March of 2020,
and travis-ci.org says that all building is ceased since June of 2021.
Given that in foreseeable future travis-ci.com is not going to welcome
free software projects, there is no use to keep Travis CI support
in the tree.
* .travis.yml: Remove.
Link: https://blog.travis-ci.com/2020-11-02-travis-ci-new-billing
|
| |
|
|
|
| |
* ci/run-build-and-tests.sh: Check that "git status" does not report
any untracked files.
|
| |
|
|
| |
* .gitignore: Add Make.xml.rules.
|
| |
|
|
|
| |
* modules/pam_limits/pam_limits.c (parse_config_file): Use
VENDOR_SCONFIGDIR macro instead of VENDORDIR.
|
| |
|
|
|
|
|
| |
This is a VENDORDIR version of SCONFIGDIR macro, defined to
VENDORDIR"/security" when --enable-vendordir is used for build.
* configure.ac (AC_DEFINE_UNQUOTED): Add VENDOR_SCONFIGDIR.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
source code
Since SCONFIGDIR macro is available, the is no need to define macros
based on SCONFIGDIR in Makefile.am files.
* modules/pam_access/Makefile.am (AM_CFLAGS): Move definitions of
PAM_ACCESS_CONFIG and ACCESS_CONF_GLOB macros ...
* modules/pam_access/pam_access.c: ... here.
* modules/pam_env/Makefile.am (AM_CFLAGS): Move definition of
DEFAULT_CONF_FILE macro ...
* modules/pam_env/pam_env.c: ... here.
* modules/pam_group/Makefile.am (AM_CFLAGS): Move definition of
PAM_GROUP_CONF macro ...
* modules/pam_group/pam_group.c: ... here.
* modules/pam_limits/Makefile.am (AM_CFLAGS): Move definition of
LIMITS_FILE macro ...
* modules/pam_limits/pam_limits.c: ... here.
* modules/pam_sepermit/Makefile.am (AM_CFLAGS): Move definition of
SEPERMIT_CONF_FILE macro ...
* modules/pam_sepermit/pam_sepermit.c: ... here.
* modules/pam_time/Makefile.am (AM_CFLAGS): Move definition of
PAM_TIME_CONF macro ...
* modules/pam_time/pam_time.c: ... here.
|
| |
|
|
|
|
|
|
|
| |
LIMITS_FILE_DIR used to define a glob pattern instead of a directory
name, fix that inconsistency.
* modules/pam_limits/Makefile.am (AM_CFLAGS): Move "/*.conf" ending of
LIMITS_FILE_DIR macro ...
* modules/pam_limits/pam_limits.c (LIMITS_CONF_GLOB): ... here.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use SCONFIGDIR macro instead of open-coding "/etc/security",
the latter is not correct when configured using --enable-sconfigdir
with an argument different from /etc/security.
* modules/pam_faillock/faillock.h (FAILLOCK_DEFAULT_CONF): Use
SCONFIGDIR.
* modules/pam_namespace/pam_namespace.h (SECURECONF_DIR): Remove.
(PAM_NAMESPACE_CONFIG, NAMESPACE_INIT_SCRIPT, NAMESPACE_D_DIR,
NAMESPACE_D_GLOB): Use SCONFIGDIR.
* modules/pam_namespace/Makefile.am (AM_CFLAGS): Remove
-DSECURECONF_DIR.
* modules/pam_pwhistory/opasswd.c (OLD_PASSWORDS_FILE): Use SCONFIGDIR.
* modules/pam_unix/passverify.h: Likewise.
* modules/pam_unix/passverify.c (OPW_TMPFILE): Use SCONFIGDIR.
|
| |
|
|
|
|
|
|
|
| |
Follow the VENDORDIR example and introduce a macro defined to the
argument of --enable-sconfigdir option. Unlike --enable-vendordir,
--enable-sconfigdir has a default value, so when --enable-sconfigdir
is not used for build, SCONFIGDIR will be defined to that default value.
* configure.ac (AC_DEFINE_UNQUOTED): Add SCONFIGDIR.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The parser of conf= option failed to recognize the option unless
it was specified without an argument, making it useless.
* modules/pam_sepermit/pam_sepermit.c: Include "pam_inline.h".
(pam_sm_authenticate): Fix parsing of conf= option.
* modules/pam_sepermit/tst-pam_sepermit-retval.c: Check conf= option.
Co-authored-by: Stefan Schubert <schubi@suse.de>
Resolves: https://github.com/linux-pam/linux-pam/pull/429
|
| |
|
|
|
|
| |
* modules/pam_sepermit/tst-pam_sepermit-retval.c: New file.
* modules/pam_sepermit/Makefile.am (TESTS): Add $(check_PROGRAMS).
(check_PROGRAMS, tst_pam_sepermit_retval_LDADD): New variables.
|
| |
|
| |
fix: typing error
|
| |
|
|
|
| |
* examples/Makefile.am: Add tty_conv to noinst_PROGRAMS
* examples/tty_conv.c: A new example of conversation function.
|
| |
|
|
| |
This adjustes the documentation for the changes from PR#418
We no longer fail if the config file does not exist.
|
| |
|
|
|
| |
* modules/pam_rootok/pam_rootok.c (log_callback): Move audit_fd
definition under HAVE_LIBAUDIT guard.
|
| |
|
|
| |
A config with only comments or an empty one is completely fine for
pam_limits. So don't complain about missing config files either.
|
| | |
|
| |
|
|
|
|
| |
* README: Rename install_dependencies.sh to install-dependencies.sh.
Fixes: v1.4.0~211 ("Adjust README with instructions for package prerequsities")
|
