aboutsummaryrefslogtreecommitdiff
path: root/modules/pam_access/pam_access.c
Commit message (Collapse)AuthorAgeFilesLines
* pam_access: fix group name match regressionDmitry V. Levin2024-11-271-1/+1
| | | | | | | * modules/pam_access/pam_access.c (group_match): Fix the order of arguments passed to group_name_or_gid_match. Resolves: https://github.com/linux-pam/linux-pam/issues/860
* pam_access: rework resolving of tokens as hostnameThorsten Kukuk2024-11-181-2/+70
| | | | | | | | | | * modules/pam_access/pam_access.c: separate resolving of IP addresses from hostnames. Don't resolve TTYs or display variables as hostname (#834). Add "nodns" option to disallow resolving of tokens as hostname. * modules/pam_access/pam_access.8.xml: document nodns option * modules/pam_access/access.conf.5.xml: document that hostnames should be written as FQHN.
* pam_access: always match local addressIker Pedrosa2024-10-221-2/+28
| | | | | | | | | | | | | | * modules/pam_access/pam_access.c: match the local address regardless of the IP version in use. In some circumstances the `localhost` may be translated to IPv4 or IPv6, but the configuration file only indicated the address for one of the two versions. Since the originating value is set in `PAM_RHOST` and PAM has no control over it, let's match the local addresses regardless of the IP version in use. Resolves: https://issues.redhat.com/browse/RHEL-23018 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
* build: rename VENDOR_SCONFIGDIR config.h macro to VENDOR_SCONFIG_DIRDmitry V. Levin2024-08-261-3/+3
| | | | | ... for the same reason SCONFIGDIR config.h macro was renamed to SCONFIG_DIR.
* build: rename SCONFIGDIR config.h macro to SCONFIG_DIRDmitry V. Levin2024-08-251-2/+2
| | | | | | | This way it is visibly different from the configure variable SCONFIGDIR, which is helpful, because their values are slightly different: the macro is quoted while the configure variable is not quoted, and this difference may cause problems with other build systems.
* pam_access: support UID and GID in access.confMatthew Luckam2024-08-131-4/+57
| | | | | | | | | | | Extend access.conf(5) syntax to support UID and GID in addition to user and group names. Co-authored-by: blueskycs2c <lili.ding@cs2c.com> Signed-off-by: Dmitry V. Levin <ldv@strace.io> Resolves: https://github.com/linux-pam/linux-pam/issues/114 Resolves: https://github.com/linux-pam/linux-pam/pull/186 Resolves: https://github.com/linux-pam/linux-pam/pull/601
* modules: enclose macro parameterChristian Göttsche2024-02-221-1/+1
|
* pam_access: do not call pam_sm_authenticateDmitry V. Levin2024-01-131-12/+18
| | | | | | | | | | | Calling an exported function from the module is unsafe as there is no guarantee that the function that will be actually called is the one that is provided by the module. * modules/pam_access/pam_access.c (pam_sm_authenticate): Rename to pam_access, add static qualifier, remove "flags" argument. Update all callers. Add a new pam_sm_authenticate as a thin wrapper around pam_access.
* pam_access: add quiet_log optionAndreas Vögele2024-01-131-2/+8
| | | | | | | | | | | If quiet_log option is specified, no "access denied" message is logged. * modules/pam_access/pam_access.c (struct login_info): Add quiet_log. (parse_args): Initialize it. (pam_sm_authenticate): Use it. * modules/pam_access/pam_access.8.xml: Document quiet_log option. Closes: https://github.com/linux-pam/linux-pam/issues/706
* pam_access: avoid group name truncationTobias Stoeckmann2024-01-081-7/+5
| | | | | | | | If a very long group name is supplied, do not truncate it. It is safe to work directly on the supplied token, which is also already done in user_match, from where group_match is also called. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_access: use getlineTobias Stoeckmann2024-01-031-7/+12
| | | | Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_access: reserve space for dot characterTobias Stoeckmann2023-12-191-1/+1
| | | | | | | It should not happen that inet_ntop uses all space available, but let's better be safe than sorry, since strcat won't check for us. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_access: fix nul byte handling in configTobias Stoeckmann2023-12-181-0/+2
| | | | | | | Even though NUL bytes are not supposed to show up in a configuration file, treat them properly and avoid out of boundary accesses. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* treewide: fix typosTobias Stoeckmann2023-12-181-1/+1
| | | | | | Typos found with codespell Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* treewide: store strlen results in size_tTobias Stoeckmann2023-12-141-6/+6
| | | | | | | Very long strings could overflow the int data type. Make sure to use the correct data type. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* modules: cast to unsigned char for character handling functionChristian Göttsche2023-08-071-1/+1
| | | | | | | | Character handling functions, like isspace(3), expect a value representable as unsigned char or equal to EOF. Otherwise the behavior is undefined. See https://wiki.sei.cmu.edu/confluence/display/c/STR37-C.+Arguments+to+character-handling+functions+must+be+representable+as+an+unsigned+char
* pam_access: make non-resolveable hostname a debug output (#590)Thorsten Kukuk2023-08-041-1/+2
| | | | | | * modules/pam_access/pam_access.c (network_netmask_match): Don't print an error if a string is not resolveable, only a debug message in debug mode. We even don't know if that entry is for remote logins or not.
* modules: make use of secure memory erasureChristian Göttsche2023-02-281-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | Use empty initialization of structs to minimize the memset() usage, to reduce the amount of calls which are not sensitive. Non trivial changes: - pam_env: * erase environment variables where possible - pam_exec: * erase responce on error * erase auth token - pam_pwhistory: * erase buffers containing old passwords - pam_selinux: skip overwriting data structure consisting of only pointers to insensitive data, which also gets free'd afterwards (so it currently does not protect against double-free or use-after-free on the member pointers) - pam_unix: erase cipher data in more places - pam_userdb: erase password hashes
* pam_access: use vendor specific access.conf as fallbackStefan Schubert2022-06-301-18/+117
| | | | | | | Use the vendor directory as fallback for a distribution provided default config if there is no configuration in /etc. * pam_access.c: Take care about the fallback configuration in vendor directory. * pam_access.8.xml: Added description for vendor directory.
* pam_access: handle hostnames in access.confThorsten Kukuk2022-03-111-19/+76
| | | | | | | | | | According to the manual page, the following entry is valid but does not work: -:root:ALL EXCEPT localhost See https://bugzilla.suse.com/show_bug.cgi?id=1019866 Patched is based on PR#226 from Josef Moellers
* modules: move SCONFIGDIR-based macro definitions from Makefile.am to the ↵Dmitry V. Levin2022-01-231-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | source code Since SCONFIGDIR macro is available, the is no need to define macros based on SCONFIGDIR in Makefile.am files. * modules/pam_access/Makefile.am (AM_CFLAGS): Move definitions of PAM_ACCESS_CONFIG and ACCESS_CONF_GLOB macros ... * modules/pam_access/pam_access.c: ... here. * modules/pam_env/Makefile.am (AM_CFLAGS): Move definition of DEFAULT_CONF_FILE macro ... * modules/pam_env/pam_env.c: ... here. * modules/pam_group/Makefile.am (AM_CFLAGS): Move definition of PAM_GROUP_CONF macro ... * modules/pam_group/pam_group.c: ... here. * modules/pam_limits/Makefile.am (AM_CFLAGS): Move definition of LIMITS_FILE macro ... * modules/pam_limits/pam_limits.c: ... here. * modules/pam_sepermit/Makefile.am (AM_CFLAGS): Move definition of SEPERMIT_CONF_FILE macro ... * modules/pam_sepermit/pam_sepermit.c: ... here. * modules/pam_time/Makefile.am (AM_CFLAGS): Move definition of PAM_TIME_CONF macro ... * modules/pam_time/pam_time.c: ... here.
* pam_access: clean up the remote host matching codeTomas Mraz2021-04-121-16/+28
| | | | | | * modules/pam_access/pam_access.c (from_match): Split out remote_match() function and avoid calling it when matching against LOCAL keyword. There is also no point in doing domain match against TTY or SERVICE.
* modules: downgrade syslog level for pam_get_user errorsDmitry V. Levin2020-05-221-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * modules/pam_access/pam_access.c (pam_sm_authenticate): Downgrade the syslog level for pam_get_user errors from LOG_ERR to LOG_NOTICE. * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Likewise. * modules/pam_ftp/pam_ftp.c (pam_sm_authenticate): Likewise. * modules/pam_group/pam_group.c (pam_sm_setcred): Likewise. * modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise. * modules/pam_loginuid/pam_loginuid.c (_pam_loginuid): Likewise. * modules/pam_mail/pam_mail.c (_do_mail): Likewise. * modules/pam_nologin/pam_nologin.c (perform_check): Likewise. * modules/pam_rhosts/pam_rhosts.c (pam_sm_authenticate): Likewise. * modules/pam_sepermit/pam_sepermit.c (pam_sm_authenticate): Likewise. * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Likewise. * modules/pam_tally/pam_tally.c (pam_get_uid): Likewise. * modules/pam_tally2/pam_tally2.c (pam_get_uid): Likewise. * modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Likewise. * modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Likewise. * modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise. * modules/pam_userdb/pam_userdb.c (pam_sm_authenticate, pam_sm_acct_mgmt): Likewise. * modules/pam_usertype/pam_usertype.c (pam_usertype_get_uid): Likewise. * modules/pam_xauth/pam_xauth.c (pam_sm_open_session, pam_sm_close_session): Likewise. * modules/pam_securetty/pam_securetty.c (securetty_perform_check): Downgrade the syslog level for pam_get_user errors from LOG_WARNING to LOG_NOTICE. * modules/pam_stress/pam_stress.c (pam_sm_authenticate): Likewise. Suggested-by: Tomáš Mráz <tmraz@fedoraproject.org>
* modules: do not check user name for emptyness before passing it to ↵Dmitry V. Levin2020-05-161-2/+1
| | | | | | | | | | | | | | | | pam_modutil_getpwnam pam_modutil_getpwnam is perfectly capable of handling empty strings as user names, no need to double check that. * modules/pam_access/pam_access.c (pam_sm_authenticate): Do not check the user name for emptyness before passing it to pam_modutil_getpwnam. * modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise. * modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Likewise. * modules/pam_shells/pam_shells.c (perform_check): Likewise. * modules/pam_tally/pam_tally.c (pam_get_uid): Likewise. * modules/pam_tally2/pam_tally2.c (pam_get_uid): Likewise. * modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise.
* modules: do not check user name for NULL if pam_get_user returned PAM_SUCCESSDmitry V. Levin2020-05-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If pam_get_user returned PAM_SUCCESS, the user name is guaranteed to be a valid C string, no need to double check that. * modules/pam_access/pam_access.c (pam_sm_authenticate): Do not check for NULL the user name returned by pam_get_user when the latter returned PAM_SUCCESS. * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Likewise. * modules/pam_debug/pam_debug.c (pam_sm_authenticate): Likewise. * modules/pam_filter/pam_filter.c (process_args): Likewise. * modules/pam_ftp/pam_ftp.c (pam_sm_authenticate): Likewise. * modules/pam_group/pam_group.c (pam_sm_setcred): Likewise. * modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise. * modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): Likewise. * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Likewise. * modules/pam_mail/pam_mail.c (_do_mail): Likewise. * modules/pam_nologin/pam_nologin.c (perform_check): Likewise. * modules/pam_permit/pam_permit.c (pam_sm_authenticate): Likewise. * modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Likewise. * modules/pam_rhosts/pam_rhosts.c (pam_sm_authenticate): Likewise. * modules/pam_securetty/pam_securetty.c (pam_sm_authenticate): Likewise. * modules/pam_sepermit/pam_sepermit.c (pam_sm_authenticate): Likewise. * modules/pam_shells/pam_shells.c (perform_check): Likewise. * modules/pam_stress/pam_stress.c (pam_sm_authenticate): Likewise. * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Likewise. * modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Likewise. * modules/pam_timestamp/pam_timestamp.c (get_timestamp_name): Likewise. * modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise. * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise. * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Likewise. * modules/pam_usertype/pam_usertype.c (pam_usertype_get_uid): Likewise. * modules/pam_wheel/pam_wheel.c (perform_check): Likewise. * modules/pam_userdb/pam_userdb.c (pam_sm_authenticate, pam_sm_acct_mgmt): Likewise.
* modules: remove PAM_SM_* macrosDmitry V. Levin2020-05-031-14/+2
| | | | | | Starting with commit a684595c0bbd88df71285f43fb27630e3829121e aka Linux-PAM-1.3.0~14 (Remove "--enable-static-modules" option and support from Linux-PAM), PAM_SM_* macros have no effect.
* pam_access, pam_issue: do not assume that getdomainname always existsDmitry V. Levin2020-04-151-0/+3
| | | | | | | | * modules/pam_access/pam_access.c (netgroup_match): Place the code that calls getdomainname under HAVE_GETDOMAINNAME guard. * modules/pam_issue/pam_issue.c (read_issue_quoted): Likewise. Resolves: https://github.com/linux-pam/linux-pam/issues/43
* Fix various typos found using codespell toolDmitry V. Levin2020-03-281-4/+4
|
* modules/pam_access: use pam_str_skip_prefixDmitry V. Levin2020-03-191-9/+11
| | | | | * modules/pam_access/pam_access.c: Include "pam_inline.h". (parse_args): Use pam_str_skip_prefix instead of ugly strncmp invocations.
* Fix remaining clang -Wcast-align compilation warningsDmitry V. Levin2020-03-191-0/+6
| | | | | | | | | | | | Introduce DIAG_PUSH_IGNORE_CAST_ALIGN and DIAG_POP_IGNORE_CAST_ALIGN macros, use them to silence remaining clang -Wcast-align compilation warnings. * libpam/include/pam_cc_compat.h (DIAG_PUSH_IGNORE_CAST_ALIGN, DIAG_POP_IGNORE_CAST_ALIGN): New macros. * modules/pam_access/pam_access.c: Include "pam_cc_compat.h". (from_match, network_netmask_match): Wrap inet_ntop invocations in DIAG_PUSH_IGNORE_CAST_ALIGN and DIAG_POP_IGNORE_CAST_ALIGN.
* modules/pam_access: fix compilation warningDmitry V. Levin2020-03-191-0/+4
| | | | | | | | | | | | | Fix the following compilation warning reported by gcc when HAVE_LIBAUDIT is not set: modules/pam_access/pam_access.c: In function ‘login_access’: modules/pam_access/pam_access.c:338:13: warning: variable ‘nonall_match’ set but not used [-Wunused-but-set-variable] 338 | int nonall_match = NO; | ^~~~~~~~~~~~ * modules/pam_access/pam_access.c (login_access): Enclose nonall_match variable with HAVE_LIBAUDIT #ifdef's.
* pam_access: Fix (IPv6) address prefix size matchingmsalle2020-01-021-1/+3
| | | | | | | IPv6 address prefix sizes larger than 128 (i.e. not larger or equal to) should be discarded. Additionally, for IPv4 addresses, the largest valid prefix size should be 32. Fixes #161
* Fix or suppress various warnings when compiling with -Wall -WextraTomas Mraz2019-12-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * conf/pam_conv1/Makefile.am: Add -Wno-unused-function -Wno-sign-compare to CFLAGS. * doc/specs/Makefile.am: Likewise. * libpamc/include/security/pam_client.h: Explicitly compare old_p with NULL. * modules/pam_access/pam_access.c: Avoid double const. * modules/pam_filter/pam_filter.c: Avoid arbitrary constants. Avoid strncpy() without copying the NUL byte. * modules/pam_group/pam_group.c: Mark switch fallthrough with comment. * modules/pam_time/pam_time.c: Likewise. * modules/pam_limits/pam_limits.c: Remove unused units variable. * modules/pam_listfile/pam_listfile.c: Avoid unnecessary strncpy, use pointers. * modules/pam_rootok/pam_rootok.c (log_callback): Mark unused parameter. * modules/pam_selinux/pam_selinux.c: Use string_to_security_class() instead of hardcoded value. * modules/pam_sepermit/pam_sepermit.c: Properly cast when comparing. * modules/pam_succeed_if/pam_succeed_if.c: Mark unused parameters. * modules/pam_unix/pam_unix_passwd.c: Remove unused variables and properly cast for comparison. * modules/pam_unix/support.c: Remove unused function.
* pam_access: support parsing files in /etc/security/access.d/*.confTomas Mraz2017-05-311-2/+29
| | | | | | | | | * modules/pam_access/pam_access.c (login_access): Return NOMATCH if there was no match in the parsed file. (pam_sm_authenticate): Add glob() call to go through the ACCESS_CONF_GLOB subdirectory and call login_access() on the individual files matched. * modules/pam_access/pam_access.8.xml: Document the addition. * modules/pam_access/Makefile.am: Add ACCESS_CONF_GLOB definition.
* Properly test for strtol() failure to find any digits.Josef Moellers2017-02-091-1/+1
| | | | | * modules/pam_access/pam_access.c (network_netmask_match): Test for endptr set to beginning and not NULL.
* pam_access: First check for the (group) match.Tomas Mraz2016-11-011-4/+4
| | | | | | | The (group) match is performed first to allow for groups containing '@'. * modules/pam_access/pam_access.c (user_match): First check for the (group) match.
* Remove "--enable-static-modules" option and support fromThorsten Kukuk2016-03-291-21/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Linux-PAM. It was never official supported and was broken since years. * configure.ac: Remove --enable-static-modules option. * doc/man/pam_sm_acct_mgmt.3.xml: Remove PAM_EXTERN. * doc/man/pam_sm_authenticate.3.xml: Likewise. * doc/man/pam_sm_chauthtok.3.xml: Likewise. * doc/man/pam_sm_close_session.3.xml: Likewise. * doc/man/pam_sm_open_session.3.xml: Likewise. * doc/man/pam_sm_setcred.3.xml: Likewise. * libpam/Makefile.am: Remove STATIC_MODULES cases. * libpam/include/security/pam_modules.h: Remove PAM_STATIC parts. * libpam/pam_dynamic.c: Likewise. * libpam/pam_handlers.c: Likewise. * libpam/pam_private.h: Likewise. * libpam/pam_static.c: Remove file. * libpam/pam_static_modules.h: Remove header file. * modules/pam_access/pam_access.c: Remove PAM_EXTERN and PAM_STATIC parts. * modules/pam_cracklib/pam_cracklib.c: Likewise. * modules/pam_debug/pam_debug.c: Likewise. * modules/pam_deny/pam_deny.c: Likewise. * modules/pam_echo/pam_echo.c: Likewise. * modules/pam_env/pam_env.c: Likewise. * modules/pam_exec/pam_exec.c: Likewise. * modules/pam_faildelay/pam_faildelay.c: Likewise. * modules/pam_filter/pam_filter.c: Likewise. * modules/pam_ftp/pam_ftp.c: Likewise. * modules/pam_group/pam_group.c: Likewise. * modules/pam_issue/pam_issue.c: Likewise. * modules/pam_keyinit/pam_keyinit.c: Likewise. * modules/pam_lastlog/pam_lastlog.c: Likewise. * modules/pam_limits/pam_limits.c: Likewise. * modules/pam_listfile/pam_listfile.c: Likewise. * modules/pam_localuser/pam_localuser.c: Likewise. * modules/pam_loginuid/pam_loginuid.c: Likewise. * modules/pam_mail/pam_mail.c: Likewise. * modules/pam_mkhomedir/pam_mkhomedir.c: Likewise. * modules/pam_motd/pam_motd.c: Likewise. * modules/pam_namespace/pam_namespace.c: Likewise. * modules/pam_nologin/pam_nologin.c: Likewise. * modules/pam_permit/pam_permit.c: Likewise. * modules/pam_pwhistory/pam_pwhistory.c: Likewise. * modules/pam_rhosts/pam_rhosts.c: Likewise. * modules/pam_rootok/pam_rootok.c: Likewise. * modules/pam_securetty/pam_securetty.c: Likewise. * modules/pam_selinux/pam_selinux.c: Likewise. * modules/pam_sepermit/pam_sepermit.c: Likewise. * modules/pam_shells/pam_shells.c: Likewise. * modules/pam_stress/pam_stress.c: Likewise. * modules/pam_succeed_if/pam_succeed_if.c: Likewise. * modules/pam_tally/pam_tally.c: Likewise. * modules/pam_tally2/pam_tally2.c: Likewise. * modules/pam_time/pam_time.c: Likewise. * modules/pam_timestamp/pam_timestamp.c: Likewise. * modules/pam_tty_audit/pam_tty_audit.c: Likewise. * modules/pam_umask/pam_umask.c: Likewise. * modules/pam_userdb/pam_userdb.c: Likewise. * modules/pam_warn/pam_warn.c: Likewise. * modules/pam_wheel/pam_wheel.c: Likewise. * modules/pam_xauth/pam_xauth.c: Likewise. * modules/pam_unix/Makefile.am: Remove STATIC_MODULES part. * modules/pam_unix/pam_unix_acct.c: Remove PAM_STATIC part. * modules/pam_unix/pam_unix_auth.c: Likewise. * modules/pam_unix/pam_unix_passwd.c: Likewise. * modules/pam_unix/pam_unix_sess.c: Likewise. * modules/pam_unix/pam_unix_static.c: Removed. * modules/pam_unix/pam_unix_static.h: Removed. * po/POTFILES.in: Remove removed files. * tests/tst-dlopen.c: Remove PAM_STATIC part.
* Remove YP dependencies from pam_access, they were never usedThorsten Kukuk2016-03-231-8/+0
| | | | | | | | and such not needed. * modules/pam_access/Makefile.am: Remove NIS_CFLAGS and NIS_LIBS * modules/pam_access/pam_access.c: Remove yp_get_default_domain case, it will never be used.
* pam_access: Avoid uninitialized access of line.Tomas Mraz2014-08-131-2/+2
| | | | | * modules/pam_access/pam_access.c (login_access): Reorder condition so line is not accessed when uninitialized.
* pam_access: fix debug level logging (ticket #19)Dmitry V. Levin2013-11-201-1/+1
| | | | | * modules/pam_access/pam_access.c (group_match): Log the group token passed to the function, not an uninitialized data on the stack.
* pam_access: better not change the default function used to get domain name.Tomas Mraz2013-04-121-3/+3
| | | | | | modules/pam_access/pam_access.c (netgroup_match): As we did not use yp_get_default_domain() in the 1.1 branch due to typo in ifdef we should use it only as fallback.
* pam_access: fix typo in ifdefWalter de Jong2013-01-181-1/+1
| | | | | modules/pam_access/pam_access.c (netgroup_match): Fix typo in #ifdef HAVE_YP_GET_DEFAULT_DOMAIN.
* Fix whitespace issuesDmitry V. Levin2011-10-261-4/+4
| | | | | | Cleanup trailing whitespaces, indentation that uses spaces before tabs, and blank lines at EOF. Make the project free of warnings reported by git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD
* If getdomainname() fails or domainname not set use NULL as domain in innetgr().Tomas Mraz2011-10-101-5/+3
|
* Add hostname resolution cache.Tomas Mraz2011-10-101-19/+35
|
* Fix the split on @ in the user field. (Red Hat Bug #732081)Tomas Mraz2011-08-251-1/+4
|
* Initialize the fake_item from item.Tomas Mraz2011-06-151-0/+1
|
* Relevant BUGIDs: #3035919, #3002340, #3037155Thorsten Kukuk2010-08-041-1/+2
| | | | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-08-04 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_access/pam_access.c (user_match): Make sure that user@host will not match @@netgroup. Bug #3035919. * modules/pam_group/pam_group.c (check_account): Add '%' for UNIX groups. * modules/pam_group/group.conf: Add example for '%'. * modules/pam_group/group.conf.5.xml: Document '%' syntax. Bug #3002340, #3037155.
* Relevant BUGIDs: 2892189Tomas Mraz2009-11-181-3/+8
| | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2009-11-18 Tomas Mraz <t8m@centrum.cz> * modules/pam_access/pam_access.c(user_match): Revert the netgroup match to the original behavior, add new syntax for adding the local hostname. * modules/pam_access/access.conf.5.xml: Document the new syntax for adding the local hostname to the netgroup match.
* Relevant BUGIDs:Thorsten Kukuk2009-06-301-4/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- This makes Linux-PAM compile able with uClibc or on embedded systems without full libc/libnsl. 2009-06-29 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_unix/yppasswd_xdr.c: Remove unnecessary header files. * modules/pam_unix/support.c (_unix_getpwnam): Only compile in NIS support if all necessary functions exist. * modules/pam_unix/pam_unix_passwd.c (getNISserver): Add debug option, handle correct if OS has no NIS support. * modules/pam_access/pam_access.c (netgroup_match): Check if yp_get_default_domain and innetgr are available at compile time. * configure.in: Check for functions: innetgr, getdomainname check for headers: rpcsvc/ypclnt.h, rpcsvc/yp_prot.h.
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-12 10:18:06 +0000