aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* pam_issue: fix potential memory leak when PAM_USER_PROMPT is setHEADmasterDmitry V. Levin2025-02-251-0/+1
| | | | | * modules/pam_issue/pam_issue.c (pam_sm_authenticate): Free issue_prompt before assigning a new string.
* pam_namespace: fix logic in return value handlingOlivier Bal-Petre2025-02-241-9/+7
| | | | | | | | | The case in which protect_dir() returns an error and the flag POLYDIR_CREATE (flag "create" in namespace.conf) is not set was not handled. Therefore, the program continued without a polydir and returned later on failed mount(2) or stat(2) calls. Signed-off-by: Olivier Bal-Petre <olivier.bal-petre@ssi.gouv.fr>
* AUTHORS: update the list of current maintainersDmitry V. Levin2025-02-181-1/+6
|
* meson: Find programs using the native file only, not the cross fileJames Le Cuirot2025-01-212-1/+10
| | | | | | | | These should all be native programs found on the build machine. We should not try to execute them via QEMU. Users would therefore expect to configure them using the native file, not the cross file. See https://mesonbuild.com/Reference-manual_functions.html#find_program.
* pam_unix: do not overwrite the string returned by crypt_rDmitry V. Levin2024-12-302-4/+8
| | | | | | | | | Given that the crypt_data storage passed to crypt_r is cleared afterwards, there is no point in clearing the string returned by crypt_r. This also fixes the issue with those crypt_r implementations that can return a pointer to read-only memory. Resolves: https://github.com/linux-pam/linux-pam/issues/866
* meson.build: fix pam_namespace.service installation with custom prefixDmitry V. Levin2024-12-041-1/+4
| | | | | | | | When build is configured with a custom prefix, ignore the value of systemdsystemunitdir pkgconfig variable if it doesn't start with that custom prefix. Resolves: https://github.com/linux-pam/linux-pam/issues/863
* pam_unix: fix diagnostic message in debug modexujing2024-12-031-1/+1
| | | | | | | | When configured using -Dpam-debug=true, _pam_unix_approve_pass prints a diagnostic message with addresses of password strings. Apparently, since the times predating the git history of the project in this diagnostic message the addresses of the old and new passwords were mixed up.
* meson: correct check for existence of two preprocessor definesAlexander Kanavin2024-11-291-2/+2
| | | | | | | | | | | | sizeof is meant for *types*, and in case of cross compiling the test program produced by it has incorrect syntax __NR_keyctl something; and will always fail to compile. * meson.build: Use cc.get_define() instead of cc.sizeof() to check for preprocessor symbols. Co-authored-by: Dmitry V. Levin <ldv@strace.io>
* pam_access: fix group name match regressionDmitry V. Levin2024-11-271-1/+1
| | | | | | | * modules/pam_access/pam_access.c (group_match): Fix the order of arguments passed to group_name_or_gid_match. Resolves: https://github.com/linux-pam/linux-pam/issues/860
* meson: support elogind as a logind providerDudemanguy2024-11-266-11/+26
| | | | | | | | | | The systemd functionality used here is also supported by elogind. Introduce elogind meson option that could be used to enable logind support in pam_issue, pam_limits, and pam_timestamp via elogind. When elogind support is enabled, search for libelogind as well and use the appropriate headers.
* meson_options.txt: update logind option descriptionDmitry V. Levin2024-11-261-1/+1
|
* ci: add logind enabled jobsDmitry V. Levin2024-11-253-0/+42
|
* pam_access: rework resolving of tokens as hostnameThorsten Kukuk2024-11-183-17/+105
| | | | | | | | | | * modules/pam_access/pam_access.c: separate resolving of IP addresses from hostnames. Don't resolve TTYs or display variables as hostname (#834). Add "nodns" option to disallow resolving of tokens as hostname. * modules/pam_access/pam_access.8.xml: document nodns option * modules/pam_access/access.conf.5.xml: document that hostnames should be written as FQHN.
* doc: make PDF documentation optionalYaakov Selkowitz2024-11-052-29/+31
| | | | | | | While building any documentation requires xsltproc, only the PDF documentation requires fop, which is dependency-heavy, and not always available (e.g. it is not included in RHEL). This allows the HTML documentation to be built while skipping the PDFs.
* padout: build as a native executableroot2024-11-031-0/+1
| | | | | | | Add 'native: true' to the build config of padout. Resolves: https://github.com/linux-pam/linux-pam/issues/850 Signed-off-by: Sietse <sietse@wizdom.nu>
* po: update translations using Weblate (Indonesian)Andika Triwidada2024-10-281-19/+19
| | | | | | Currently translated at 100.0% (101 of 101 strings). Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/id/
* meson: fix build with -Di18n=disabledDmitry V. Levin2024-10-271-1/+3
| | | | Resolves: https://github.com/linux-pam/linux-pam/issues/847
* maint: update release procedureDmitry V. Levin2024-10-241-4/+5
| | | | * maint/README-release: Update.
* Remove autogen.shDmitry V. Levin2024-10-241-5/+0
| | | | Complements: 613e59dca703 ("build: drop autotools support")
* Prepare for 1.7.0 releaseDmitry V. Levin2024-10-235-4/+15
| | | | | | | | | | * meson.build: Raise project version to 1.7.0. * po/meson.build: Likewise. * po/Linux-PAM.pot (Project-Id-Version): Likewise. * libpam/include/security/_pam_types.h (__LINUX_PAM_MINOR__): Update. * NEWS: Update. Resolves: https://github.com/linux-pam/linux-pam/issues/844
* build: drop autotools supportDmitry V. Levin2024-10-23105-4902/+0
| | | | There is no point in supporting two different build systems.
* ci: drop autotools supportDmitry V. Levin2024-10-233-366/+154
|
* README: replace autotools-based instructions with meson-based onesDmitry V. Levin2024-10-231-20/+7
|
* maint: use meson to generate release tarballsDmitry V. Levin2024-10-231-12/+4
|
* pam_access: clarify `LOCAL` keyword behaviourIker Pedrosa2024-10-221-11/+6
| | | | | | | | | * modules/pam_access/access.conf.5.xml: `LOCAL` keyword behaviour explanation was focused on the development internals. Let's clarify it by rephrasing it to something a sysadmin can understand. Resolves: https://issues.redhat.com/browse/RHEL-39943 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
* pam_access: always match local addressIker Pedrosa2024-10-221-2/+28
| | | | | | | | | | | | | | * modules/pam_access/pam_access.c: match the local address regardless of the IP version in use. In some circumstances the `localhost` may be translated to IPv4 or IPv6, but the configuration file only indicated the address for one of the two versions. Since the originating value is set in `PAM_RHOST` and PAM has no control over it, let's match the local addresses regardless of the IP version in use. Resolves: https://issues.redhat.com/browse/RHEL-23018 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
* ci/meson-build.sh: add a git status checkDmitry V. Levin2024-10-211-0/+5
| | | | | * ci/meson-build.sh: Check that "git status" does not report any differences or untracked files.
* ci/meson-build.sh: change DESTDIR for the install testDmitry V. Levin2024-10-211-2/+2
| | | | | Move DESTDIR inside the build tree to reduce the number of top level directories used for tests.
* pam_get_authtok*: disallow setting pamh to NULLAndrey Kovalev2024-10-185-3/+60
| | | | | | This also prevents a potential NULL pointer dereference in pam_get_authtok_internal and pam_get_authtok_verify when the pamh argument they access is set to NULL.
* build: check gdbm_close return typeDmitry V. Levin2024-10-152-0/+11
| | | | | | | | gdbm_close() used to return void, later it was changed to return int. We cannot assume either way and have to check whether gdbm_close() returns int. Fixes: 45c2c496dcf8 ("pam_userdb: enable GDBM support")
* po: update .pot and .po filesDmitry V. Levin2024-10-1383-7988/+8905
| | | | | | Regenerate po/Linux-PAM.pot and po/*.po using "meson compile Linux-PAM-update-po" command. This essentially updates the line numbers and timestamps.
* po: pass additional arguments to xgettextDmitry V. Levin2024-10-131-1/+6
|
* po: update translations using Weblate (Korean)김인수2024-10-131-44/+44
| | | | | | Currently translated at 100.0% (101 of 101 strings). Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ko/
* po: update translations using Weblate (Korean)Seong-ho Cho2024-10-131-15/+15
| | | | | | Currently translated at 100.0% (101 of 101 strings). Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ko/
* po: update translations using Weblate (Japanese)Tomohiro KATO2024-10-131-11/+11
| | | | | | Currently translated at 100.0% (101 of 101 strings). Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ja/
* po: update translations using Weblate (Irish)Aindriu Mac Giolla Eoin2024-10-131-83/+61
| | | | | | Currently translated at 100.0% (101 of 101 strings). Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ga/
* po: update translations using Weblate (French)Léane GRASSER2024-10-131-45/+46
| | | | | | Currently translated at 100.0% (101 of 101 strings). Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/fr/
* po: update translations using Weblate (Norwegian Nynorsk)Adaline Simonian2024-10-131-6/+8
| | | | | | Currently translated at 97.0% (98 of 101 strings). Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/nn/
* po: update translations using Weblate (Slovenian)Martin Srebotnjak2024-10-131-97/+101
| | | | | | Currently translated at 100.0% (101 of 101 strings). Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/sl/
* .github: add a few more meson jobsDmitry V. Levin2024-10-131-0/+391
|
* .github: add gcc-14 and clang-16/clang-17/clang-18 jobsDmitry V. Levin2024-10-131-0/+271
|
* .github: switch builder jobs from ubuntu-latest to ubuntu-24.04Dmitry V. Levin2024-10-132-25/+25
| | | | | Even though ubuntu-latest is still ubuntu-22.04 yet, let's move on by switching builder jobs to ubuntu-24.04.
* .github: drop old clang jobsDmitry V. Levin2024-10-131-42/+0
| | | | | These clang versions suddenly disappeared from ubuntu-22.04 repository, and it is unlikely that old clang jobs will be missed anyway.
* pam_filter: close unused file descriptorsDmitry V. Levin2024-09-131-1/+5
| | | | | | When creating a socket pipe for communication between the parent and the child process, each of these two processes should keep just one of these socket pipe descriptors.
* pam_filter: fix potential fd leak on error pathDmitry V. Levin2024-09-131-4/+8
| | | | Resolves: https://github.com/linux-pam/linux-pam/issues/829
* examples/tty_conv: fix potential out of bound write in readline()PavlNekrasov2024-09-131-1/+1
| | | | | | | | At the end of the loop the iterator `i` can be equal to `PAM_MAX_RESP_SIZE`, which will cause an index call outside the array in the `input[i] = '\0';` Signed-off-by: Dmitry V. Levin <ldv@strace.io>
* pam_env: install environment file in vendordirThorsten Kukuk2024-09-122-1/+3
| | | | | If vendordir is enabled, the distribution provided configuration files should be below this directory and not in /etc.
* Add .gitattributesDmitry V. Levin2024-09-101-0/+7
| | | | | Mark a few files and directories with export-ignore attribute so that they won't be added to archive files.
* ci: add a few meson jobsDmitry V. Levin2024-09-103-5/+202
|
* meson: build Linux-PAM using mesonDmitry V. Levin2024-09-1078-1/+1973
| | | | | | | | | | On my non-representative hardware, the full build using autotools (./autogen.sh && CFLAGS=-O2 ./configure && make -j`nproc` && make -j`nproc` install) takes about 45 seconds. On the same hardware, the full build using meson (meson setup -Doptimization=2 dir && meson compile -C dir && meson install -C dir) takes just about 7.5 seconds.
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-03 18:06:23 +0000