| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
There is no point in supporting two different build systems.
|
| |
|
|
|
|
|
|
| |
Commit 95b464f8417d ("configure.ac: add --with-systemdunitdir option")
aka v1.5.2~51 introduced a regression: if --with-systemdunitdir is not
specified, then the pam_namespace service file is no longer installed.
Fixes: 95b464f8417d ("configure.ac: add --with-systemdunitdir option")
|
| |
|
|
|
| |
... for the same reason SCONFIGDIR config.h macro was renamed to
SCONFIG_DIR.
|
| |
|
|
|
|
|
| |
This way it is visibly different from the configure variable SCONFIGDIR,
which is helpful, because their values are slightly different:
the macro is quoted while the configure variable is not quoted,
and this difference may cause problems with other build systems.
|
| |
|
|
|
|
|
|
|
|
| |
* doc/custom-html.xsl.in: Remove.
* configure.ac: Do not generate doc/custom-html.xsl file.
* doc/.gitignore: Remove custom-html.xsl.
* doc/Makefile.am (DISTCLEANFILES): Remove custom-html.xsl.
(EXTRA_DIST): Remove custom-html.xsl.in.
Complements: cf2fc5ff7b4a ("doc: Update PAM documentation from DockBook 4 to DocBook 5")
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unhardcode ".libs" subdirectory where libtool stores shared objects,
as other build systems doesn't necessarily use it.
* configure.ac (AC_DEFINE_UNQUOTED): Add LTDIR.
* modules/pam_canonicalize_user/tst-pam_canonicalize_user-retval.c:
Replace ".libs/" with LTDIR.
* modules/pam_debug/tst-pam_debug-retval.c: Likewise.
* modules/pam_deny/tst-pam_deny-retval.c: Likewise.
* modules/pam_echo/tst-pam_echo-retval.c: Likewise.
* modules/pam_env/tst-pam_env-retval.c: Likewise.
* modules/pam_faildelay/tst-pam_faildelay-retval.c: Likewise.
* modules/pam_faillock/tst-pam_faillock-retval.c: Likewise.
* modules/pam_listfile/tst-pam_listfile-retval.c: Likewise.
* modules/pam_localuser/tst-pam_localuser-retval.c: Likewise.
* modules/pam_mkhomedir/tst-pam_mkhomedir-retval.c: Likewise.
* modules/pam_nologin/tst-pam_nologin-retval.c: Likewise.
* modules/pam_permit/tst-pam_permit-retval.c: Likewise.
* modules/pam_pwhistory/tst-pam_pwhistory-retval.c: Likewise.
* modules/pam_rootok/tst-pam_rootok-retval.c: Likewise.
* modules/pam_sepermit/tst-pam_sepermit-retval.c: Likewise.
* modules/pam_succeed_if/tst-pam_succeed_if-retval.c: Likewise.
* modules/pam_time/tst-pam_time-retval.c: Likewise.
* modules/pam_warn/tst-pam_warn-retval.c: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Do not include <libintl.h> and other i18n stuff via config.h which is
included into every compilation unit, include "pam_i18n.h" explicitly
where necessary.
* configure.ac (AH_BOTTOM): Remove.
* libpam/pam_get_authtok.c: Include "pam_i18n.h".
* libpam/pam_item.c: Likewise.
* libpam/pam_strerror.c: Likewise.
* libpam_misc/misc_conv.c: Likewise.
* modules/pam_exec/pam_exec.c: Likewise.
* modules/pam_faillock/main.c: Likewise.
* modules/pam_faillock/pam_faillock.c: Likewise.
* modules/pam_lastlog/pam_lastlog.c: Likewise.
* modules/pam_limits/pam_limits.c: Likewise.
* modules/pam_mail/pam_mail.c: Likewise.
* modules/pam_mkhomedir/pam_mkhomedir.c: Likewise.
* modules/pam_pwhistory/pam_pwhistory.c: Likewise.
* modules/pam_selinux/pam_selinux.c: Likewise.
* modules/pam_selinux/pam_selinux_check.c: Likewise.
* modules/pam_timestamp/pam_timestamp.c: Likewise.
* modules/pam_unix/pam_unix_acct.c: Likewise.
* modules/pam_unix/pam_unix_passwd.c: Likewise.
* modules/pam_userdb/pam_userdb.c: Likewise.
|
| |
|
|
|
|
|
|
| |
The includedir variable in pkgconfig files used to erroneously contain
"security" subsirectory, e.g. /usr/include/security, which led to Cflags
tag containing wrong -I compiler option, e.g. -I/usr/include/security.
Fixes: b4f0e2e1f7a1 ("Add pkgconfig files for provided libraries")
|
| |
|
|
|
|
|
|
| |
These macros provide fallback definitions for uid_t, gid_t, off_t,
pid_t, and size_t types which are defined in standard headers anyway.
* configure.ac (AC_TYPE_UID_T, AC_TYPE_OFF_T, AC_TYPE_PID_T,
AC_TYPE_SIZE_T): Remove.
|
| |
|
|
|
|
|
| |
According to the GNU Automake manual, this macro is obsolescent,
and its explicit use should no longer be required.
* configure.ac (AM_PROG_CC_C_O): Remove.
|
| |
|
|
|
|
|
| |
Given that LN_S defined by AC_PROG_LN_S is not used,
there is no point in using this macro.
* configure.ac (AC_PROG_LN_S): Remove.
|
| |
|
|
|
|
|
|
| |
Given that SET_MAKE defined by AC_PROG_MAKE_SET has never been
used directly, and AM_INIT_AUTOMAKE that needs this also calls
AC_PROG_MAKE_SET itself, there is no point in using this macro.
* configure.ac (AC_PROG_MAKE_SET): Remove.
|
| |
|
|
|
|
|
|
| |
According to the GNU Autoconf manual, this macro is obsolescent,
since current versions of the GNU C compiler fix the header files
automatically when installed.
* configure.ac (AC_PROG_GCC_TRADITIONAL): Remove.
|
| |
|
|
|
|
|
| |
According to the GNU Autoconf manual, this macro is obsolescent,
as current systems have a working 'memcmp'.
* configure.ac (AC_FUNC_MEMCMP): Remove.
|
| |
|
|
|
|
|
| |
According to the GNU Autoconf manual, this macro is obsolescent,
as current C compilers support 'const'.
* configure.ac (AC_C_CONST): Remove.
|
| |
|
|
|
|
|
| |
Given that GETGROUPS_T defined by AC_TYPE_GETGROUPS has never been
checked, there is no point in using this macro.
* configure.ac (AC_TYPE_GETGROUPS): Remove.
|
| |
|
|
|
|
|
|
| |
Given that TM_IN_SYS_TIME that might be defined by AC_STRUCT_TM
has never been checked, there is no point in using this obsolescent
macro.
* configure.ac (AC_STRUCT_TM): Remove.
|
| |
|
|
|
|
|
| |
Given that <sys/wait.h> is included unconditionally,
there is no point in using AC_HEADER_SYS_WAIT.
* configure.ac (AC_HEADER_SYS_WAIT): Remove.
|
| |
|
|
|
|
|
| |
Given that <dirent.h> is included unconditionally,
there is no point in using AC_HEADER_DIRENT.
* configure.ac (AC_HEADER_DIRENT): Remove.
|
| |
|
|
|
|
|
|
|
| |
Given that utmp.h is included unconditionally in other modules,
and neither utmpx.h nor lastlog.h is used nowadays, remove obsolete
checks.
* configure.ac (AC_CHECK_HEADERS): Remove lastlog.h, utmp.h, and utmpx.h.
* modules/pam_lastlog/pam_lastlog.c: Include <utmp.h> unconditionally.
|
| | |
|
| |
|
|
|
|
| |
Check for econf_readConfigWithCallback() and use it if available.
Co-authored-by: Dmitry V. Levin <ldv@strace.io>
|
| |
|
|
|
|
|
|
| |
* configure.ac (AC_INIT): Raise version to 1.6.1.
* po/Linux-PAM.pot (Project-Id-Version): Likewise.
* NEWS: Update.
Resolves: https://github.com/linux-pam/linux-pam/issues/774
|
| |
|
|
|
|
|
| |
* configure.ac (AC_HEADER_STDC, AC_HEADER_TIME): Remove.
(AC_CHECK_HEADERS): Remove fcntl.h, limits.h, malloc.h, sys/file.h,
sys/ioctl.h, sys/time.h, syslog.h, net/if.h, termio.h, unistd.h,
sys/fsuid.h, and inittypes.h.
|
| |
|
|
|
|
|
| |
Failing if a feature is directly requested is default by now.
Do the same for --enable-nis=yes.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
|
|
| |
Move function bodies from headers into dedicated object files stored in
libpam_internal. This library won't be installed.
Keep the debug function body in header, even though disabled when
building Linux-PAM, to stay API compatible with previous versions.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The options whether to build with support for libprelude, libaudit,
libselinux, or libeconf are set to enable-if-available. These options
also have a configure flag `--enable-foo`, which currently fall back to
the feature being disabled if not available.
Change these feature flags to fail if specified explicitly and the
required dependencies cannot be satisfied.
Prompted by #728 and #746
|
| |
|
|
|
|
|
|
|
|
|
| |
React on actual test if SELinux is available, not just if SELinux
should be tested for.
Currently the supposedly disabled binaries are still installed even if
SELinux is not available.
Fixes: cb9f88ba944d ("pam_unix: build unix_update only with SELinux enabled")
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
| |
* configure.ac (AC_INIT): Raise version to 1.6.0.
* po/Linux-PAM.pot (Project-Id-Version): Likewise.
* NEWS: Update.
Resolves: https://github.com/linux-pam/linux-pam/issues/690
|
| |
|
|
|
|
|
| |
Fail if --enable-logind is specified while libsystemd cannot be found,
so the feature is reliably enabled on request.
Complements: v1.5.3~26 ("Y2038: use logind instead of utmp")
|
| |
|
|
|
|
|
|
|
|
| |
Building outside of source directory fails if --disable-doc is not
explicitly chosen.
This happens because generated files are sometimes expected in the
source directory, where they won't exist.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
| |
The helper unix_update(8) is only called from code enabled when SELinux
support is enabled.
|
| |
|
|
|
|
|
|
| |
Use getrandom to retrieve random numbers for delay calculation.
If it fails or is not available, keep using current algorithm.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
| |
Even if these checks reveal that a function does not exist, there are
no corresponding HAVE_* or ac_cv_func_* checks in source files.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
|
| |
* configure.ac (AC_CHECK_HEADERS): Add sys/random.h.
(AC_CHECK_FUNCS): Add getrandom.
* modules/pam_timestamp/hmac_openssl_wrapper.c [HAVE_SYS_RANDOM_H]:
Include <sys/random.h>.
(generate_key) [HAVE_GETRANDOM]: Call getrandom(2) before trying
to open /dev/urandom.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apparently, getline is being used unconditionally in pam_namespace and
pam_sepermit. In pam_namespace, it is being used since 2006 when the
module was introduced in the first place.
Let's assume getline is universally available and let's use it
unconditionally in other cases, too.
* configure.ac (AC_CHECK_FUNCS): Remove getline and getdelim.
* libpam/pam_modutil_searchkey.c (pam_modutil_search_key): Use getline
unconditionally.
* modules/pam_pwhistory/opasswd.c (check_old_pass, save_old_pass):
Likewise.
* modules/pam_shells/pam_shells.c (perform_check): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This module uses the name of the user obtained via pam_get_user(3)
as a key to query the password database, and replaces PAM_USER
with the pw_name value that has been returned.
The main usage scenario is systems where a user name is used in several
distinct authentication systems, some of them being case sensitive while
others are not.
* configure.ac (AC_CONFIG_FILES): Add
modules/pam_canonicalize_user/Makefile.
* doc/sag/pam_canonicalize_user.xml: New file.
* doc/sag/Linux-PAM_SAG.xml: Add a reference to
pam_canonicalize_user.xml.
* modules/Makefile.am (SUBDIRS): Add pam_canonicalize_user.
* modules/pam_canonicalize_user/Makefile.am: New file.
* modules/pam_canonicalize_user/README.xml: New file.
* modules/pam_canonicalize_user/pam_canonicalize_user.8.xml: New file.
* modules/pam_canonicalize_user/pam_canonicalize_user.c: New file.
* modules/pam_canonicalize_user/tst-pam_canonicalize_user: New file.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac: check whether close_range() is available in the system.
* libpam/pam_modutil_sanitize.c: use close_range() to close all file
descriptors. If the interface isn't available use the previous
approach.
Link: https://github.com/linux-pam/linux-pam/pull/276
Resolves: https://issues.redhat.com/browse/RHEL-5099
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
| |
|
|
|
|
| |
Without the change locales are not visible to applications using PAM if
PAM library is installed into a --prefix= different from the default
one.
|
| |
|
|
|
|
|
|
| |
* configure.ac: add `gdbm` option to `enable-db`
* modules/pam_userdb/pam_userdb.c: conditionally provide database access
depending on the database technology
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
| |
|
|
|
|
|
|
| |
Allow the user to not build the examples through --disable-examples
(enabled by default); this can be useful:
- when cross-compiling, as the examples are not useful
- in distribution builds, not building stuff that is not used in any
way
|
| |
|
|
|
| |
* configure.ac (AC_INIT): Raise version to 1.5.3.
* NEWS: Update.
|
| |
|
|
|
|
|
| |
* Make.xml.rules.in: Avoid conflicting profile.condition settings.
* configure.ac: Likewise.
Resolves: https://github.com/linux-pam/linux-pam/issues/553
|
| |
|
|
|
|
| |
configure.ac: Disable NIS if RPC or YP header files are missing
modules/pam_unix/support.c: Use HAVE_NIS to check for header file presence
modules/pam_unix/pam_unix_passwd.c: Use HAVE_NIS, too
|
| |
|
|
|
|
|
|
|
|
| |
Avoid compiler optimizations to elide the memory erasure by using a
secure method: either memset_explicit() [C23], bzero_explicit() [glibc
2.25] or a manual memory barrier.
Since the current helpers _pam_overwrite*() and _pam_drop_reply() are
publicly exported, create new ones in "pam_inline.h" and deprecate the
old ones.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The struct utmp from glibc uses on many 64bit architectures a 32bit
time_t for compatibility with a 32bit userland, which means utmp will
not survive the year 2038 (32bit time_t overflow). Use the data from
logind instead of utmp.
* configure.ac: Add option --enable-logind
* modules/pam_issue/Makefile.am: Add CFLAGS/LIBS for logind support
* modules/pam_issue/pam_issue.c: Use sd_get_sessions instead of utmp
* modules/pam_timestamp/Makefile.am: Add CFLAGS/LIBS for logind support
* modules/pam_timestamp/pam_timestamp.c: query logind for login time
|
| |
|
|
|
|
|
|
|
|
|
|
| |
pam_lastlog uses utmp, wtmp, btmp and lastlog. None of them is Y2038
safe, even on 64bit architectures. Most 64bit architectures use 32bit
time_t for compat reasons with 32bit userland.
Additionally, all relevant tools for which pam_lastlog would make sense
already have their own support for all four files, so this module will
most likely only create duplicate entries.
* configure.ac: don't build pam_lastlog by default.
* ci/run-build-and-tests.sh: enable pam_lastlog.
|
| |
|
|
|
|
|
|
|
| |
Otherwise the corresponding files are still installed in /etc/security.
* configure.ac (AC_SUBST): Add VENDOR_SCONFIGDIR.
(AM_CONDITIONAL): Add HAVE_VENDORDIR.
* modules/*/Makefile.am (secureconfdir): Set to VENDOR_SCONFIGDIR
if HAVE_VENDORDIR has been set, otherwise to SCONFIGDIR.
|
| |
|
|
|
|
|
|
|
| |
* configure.ac: Define HAVE_NIS if NIS is enabled.
* modules/pam_unix/Makefile.am: Don't link against yppasswd_xdr.c
if NIS is disabled.
* modules/pam_unix/pam_unix_passwd.c: Don't redefine HAVE_NIS.
Resolves: https://github.com/linux-pam/linux-pam/issues/523
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changed files
--------------
Make.xml.rules.in:
- Using RNG file instead of DTD file for checking XML files.
- Taking the correct stylesheet for README files.
doc/sag/Makefile.am, doc/adg/Makefile.am, doc/mwg/Makefile.am:
- Using RNG file instead of DTD file for checking XML files.
configure.ac:
- Adding a new option for selecting RNG check file (-enable-docbook-rng)
- Switching stylesheets to docbook 5
- Checking DocBook 5 environment instead of DocBook 4 environment
*.xml:
Update from DockBook 4 to DocBook 5
|
