| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
* meson.build: Raise project version to 1.7.0.
* po/meson.build: Likewise.
* po/Linux-PAM.pot (Project-Id-Version): Likewise.
* libpam/include/security/_pam_types.h (__LINUX_PAM_MINOR__): Update.
* NEWS: Update.
Resolves: https://github.com/linux-pam/linux-pam/issues/844
|
| |
|
|
| |
There is no point in supporting two different build systems.
|
| |
|
|
|
|
| |
This also prevents a potential NULL pointer dereference in
pam_get_authtok_internal and pam_get_authtok_verify when
the pamh argument they access is set to NULL.
|
| |
|
|
|
|
|
|
|
|
| |
On my non-representative hardware, the full build using autotools
(./autogen.sh && CFLAGS=-O2 ./configure && make -j`nproc` && make -j`nproc` install)
takes about 45 seconds.
On the same hardware, the full build using meson
(meson setup -Doptimization=2 dir && meson compile -C dir && meson install -C dir)
takes just about 7.5 seconds.
|
| |
|
|
| |
Make sure that config.h is included before any system header.
|
| |
|
|
|
|
|
|
| |
Given that in most places config.h is included unconditionally,
there is no point in keeping remaining HAVE_CONFIG_H checks.
Public header files do not use config.h and therefore
are not affected by this change anyway.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Do not include <libintl.h> and other i18n stuff via config.h which is
included into every compilation unit, include "pam_i18n.h" explicitly
where necessary.
* configure.ac (AH_BOTTOM): Remove.
* libpam/pam_get_authtok.c: Include "pam_i18n.h".
* libpam/pam_item.c: Likewise.
* libpam/pam_strerror.c: Likewise.
* libpam_misc/misc_conv.c: Likewise.
* modules/pam_exec/pam_exec.c: Likewise.
* modules/pam_faillock/main.c: Likewise.
* modules/pam_faillock/pam_faillock.c: Likewise.
* modules/pam_lastlog/pam_lastlog.c: Likewise.
* modules/pam_limits/pam_limits.c: Likewise.
* modules/pam_mail/pam_mail.c: Likewise.
* modules/pam_mkhomedir/pam_mkhomedir.c: Likewise.
* modules/pam_pwhistory/pam_pwhistory.c: Likewise.
* modules/pam_selinux/pam_selinux.c: Likewise.
* modules/pam_selinux/pam_selinux_check.c: Likewise.
* modules/pam_timestamp/pam_timestamp.c: Likewise.
* modules/pam_unix/pam_unix_acct.c: Likewise.
* modules/pam_unix/pam_unix_passwd.c: Likewise.
* modules/pam_userdb/pam_userdb.c: Likewise.
|
| |
|
|
|
|
|
|
|
|
| |
Introduce a new internal header file that is going to be used for
i18n definitions instead of providing those definitions via config.h.
providing convenient assertion testing functionality.
* libpam/include/pam_i18n.h: New file.
* libpam/Makefile.am (noinst_HEADERS): Add include/pam_i18n.h.
|
| |
|
|
|
|
| |
As the first header included by pam_private.h is config.h,
there is no need to include config.h explicitly right before
pam_private.h
|
| |
|
|
|
|
|
|
| |
The includedir variable in pkgconfig files used to erroneously contain
"security" subsirectory, e.g. /usr/include/security, which led to Cflags
tag containing wrong -I compiler option, e.g. -I/usr/include/security.
Fixes: b4f0e2e1f7a1 ("Add pkgconfig files for provided libraries")
|
| |
|
|
|
|
| |
sign_extend_unsigned_to_ll()
Import these handy macros from strace project.
|
| |
|
|
|
|
|
| |
Use this new function instead of econf_readDirs() and
econf_readDirsWithCallback().
Co-authored-by: Dmitry V. Levin <ldv@strace.io>
|
| |
|
|
|
| |
This also prevents a possible segfault when pam_set_item tries to
convert an empty service_name to lower case.
|
| |
|
|
|
|
|
|
| |
libpam/pam_modutil_check_user.c: explicitly convert the character
read from /etc/passwd to type "char" to get the same signedness
as the one compared with. Otherwise the functionality will depend
on the (implementation defined) signedness of "char" on the
platform built for.
|
| |
|
|
|
|
|
|
|
| |
Add a helper function to compare two strings for equality, that performs
the same amount of operations based on the first argument, regardless of
the length of the second argument, or the position of the first
difference.
This can be used as defense-in-depth mitigation against timing attacks
of password comparisons.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Call bindtextdomain() only when both the function is available and
the build is configured with --enable-nls.
* libpam/pam_start.c (_pam_start_internal): Guard bindtextdomain()
invocation with ENABLE_NLS.
Complements: v1.6.0~244 ("pam_start.c: call bindtextdomain() to expose Linux-PAM locales")
Resolves: https://github.com/linux-pam/linux-pam/pull/773
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
The pam_assemble_line function is renamed to pam_line_assemble and
moved into libpam_internal so it can be shared across libpam and the
pam_env module.
Applied renaming to all other relevant functions and data structures
so it is easier to locate them in files.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
That function is being added to C23 with the same prototype
as memset(3):
void* memset_explicit(void*, int, size_t);
Unlike bzero, it accepts the fill byte as an argument.
Fixes: 19a292681789 ("libpam: introduce secure memory erasure helpers")
|
| |
|
|
|
|
|
|
|
|
| |
Move function bodies from headers into dedicated object files stored in
libpam_internal. This library won't be installed.
Keep the debug function body in header, even though disabled when
building Linux-PAM, to stay API compatible with previous versions.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
|
|
| |
If configure option --enable-read-both-confs is used, the build
fails with 1.6.0 due to missing stack level depth argument passed to
_pam_parse_conf_file.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Resolves: https://github.com/linux-pam/linux-pam/issues/736
Fixes: v1.6.0~205 ("libpam: avoid infinite recursion with includes")
|
| |
|
|
| |
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
| |
These are leftovers from fgets usages.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
| |
Use getrandom to retrieve random numbers for delay calculation.
If it fails or is not available, keep using current algorithm.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a delay close to UINT_MAX has been set, then the delay computation
might overflow the value due to added randomness.
Systems where linux-pam is in use should generally have a 32 bit
unsigned int and a 64 bit unsigned long long, and a time_t of either
64 bit or 32 bit. Under these assumptions, using the result for delay is
safe because of the division before assigning it to tv_sec (time_t).
Thought about using uint64_t type here but as long as "unsigned int"
is part of the API instead of uint32_t, no proper guarantees could be
made anyway.
Unfortunately we have to supply an unsigned int if a PAM_FAIL_DELAY
function has been set. In such a case, supply a UINT_MAX if delay is
larger than that. It's the best we can do without breaking the API.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
| |
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
| |
To use _pam_assemble_line in pam_env, we must be able to modify the
replacement of an escaped newline. The PAM configuration replaces it
with a blank, while pam_env fully removes it.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
|
|
| |
This follows the idiom of debug functions which reside in headers to
allow their usage within libpam itself and its modules without adding
modutil functions, i.e. extending the API.
No functional change.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
| |
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
| |
The declaration uses static keyword, the definition does not.
Fix the definition, because the function is only used in this
file.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
| |
Avoid potential dangling-else issues by wrapping macros inside a while
loop.
|
| |
|
|
| |
Reported by clang-tidy.
|
| |
|
|
|
|
|
|
|
| |
Use getline in _pam_assemble_line to allow very long lines.
Also handle escaped newlines and NUL bytes better, even though
the latter are not valid for text files.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
| |
This support has to be added before arbitrarily long lines are allowed
in configuration files.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
|
|
| |
The input string "s" is duplicated into "sbuf" and tokens copied from
there into target memory "our_argv".
Since "our_argv" is allocated to be always large enough to keep the
whole string "s" (plus pointers) in it, we can skip "sbuf" entirely.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
| |
Suggested-by: Benny Baumann <BenBE@geshi.org>
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
| |
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
| |
The D macro itself already adds the function names.
It is a follow up to 79f97b5dfddbd54942036851e49c369502689853.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
| |
Very long strings could overflow the int data type. Make sure to use
the correct data type.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
| |
The C standard guarantees that if the argument of free() is a null
pointer, no action occurs.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apparently, getline is being used unconditionally in pam_namespace and
pam_sepermit. In pam_namespace, it is being used since 2006 when the
module was introduced in the first place.
Let's assume getline is universally available and let's use it
unconditionally in other cases, too.
* configure.ac (AC_CHECK_FUNCS): Remove getline and getdelim.
* libpam/pam_modutil_searchkey.c (pam_modutil_search_key): Use getline
unconditionally.
* modules/pam_pwhistory/opasswd.c (check_old_pass, save_old_pass):
Likewise.
* modules/pam_shells/pam_shells.c (perform_check): Likewise.
|
| |
|
|
|
|
|
|
|
|
| |
This already implies that the passwd file itself is broken. Yet do not
skip lines by accident due to fgets limitations.
As a positive side effect, arbitrarily long lines and user names are
supported now as well.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
| |
Since format is a constant, the table can be skipped. Use
strspn/strcspn instead which might even be optimized compared
to custom for loops.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
| |
It is always the same format.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
| |
The _pam_StrTok function resembles strtok_r instead of strtok. For
upcoming changes the naming should not relate to strtok anymore.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
| |
The size arguments to pam_modutil_read and pam_modutil_write are of
type int. If a negative value is specified, fail with -1 instead of
returning 0, indicating "just" a short read or write.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
| |
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
| |
This is much easier to read, does the same and is less prone
to getting memcpy and strcpy wrong.
Signed-off-by: Benny Baumann <BenBE@geshi.org>
|
| |
|
|
|
| |
* libpam/pam_misc.c (_pam_mkargv): Return 0 in case of memory allocation
failure.
|
