| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
There is no point in supporting two different build systems.
|
| |
|
|
|
|
|
|
|
| |
* modules/pam_access/access.conf.5.xml: `LOCAL` keyword behaviour
explanation was focused on the development internals. Let's clarify it
by rephrasing it to something a sysadmin can understand.
Resolves: https://issues.redhat.com/browse/RHEL-39943
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* modules/pam_access/pam_access.c: match the local address regardless of
the IP version in use.
In some circumstances the `localhost` may be translated to IPv4 or IPv6,
but the configuration file only indicated the address for one of the two
versions. Since the originating value is set in `PAM_RHOST` and PAM has
no control over it, let's match the local addresses regardless of the IP
version in use.
Resolves: https://issues.redhat.com/browse/RHEL-23018
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
On my non-representative hardware, the full build using autotools
(./autogen.sh && CFLAGS=-O2 ./configure && make -j`nproc` && make -j`nproc` install)
takes about 45 seconds.
On the same hardware, the full build using meson
(meson setup -Doptimization=2 dir && meson compile -C dir && meson install -C dir)
takes just about 7.5 seconds.
|
| |
|
|
|
| |
... for the same reason SCONFIGDIR config.h macro was renamed to
SCONFIG_DIR.
|
| |
|
|
|
|
|
| |
This way it is visibly different from the configure variable SCONFIGDIR,
which is helpful, because their values are slightly different:
the macro is quoted while the configure variable is not quoted,
and this difference may cause problems with other build systems.
|
| |
|
|
|
|
|
|
|
|
|
| |
Extend access.conf(5) syntax to support UID and GID in addition to
user and group names.
Co-authored-by: blueskycs2c <lili.ding@cs2c.com>
Signed-off-by: Dmitry V. Levin <ldv@strace.io>
Resolves: https://github.com/linux-pam/linux-pam/issues/114
Resolves: https://github.com/linux-pam/linux-pam/pull/186
Resolves: https://github.com/linux-pam/linux-pam/pull/601
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Move function bodies from headers into dedicated object files stored in
libpam_internal. This library won't be installed.
Keep the debug function body in header, even though disabled when
building Linux-PAM, to stay API compatible with previous versions.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
|
| |
The pam client library libpamc is only needed if libpam_misc is in use.
But libpam_misc is only used by an SELinux helper binary.
Remove the libpamc includes from the search path in all other cases.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Calling an exported function from the module is unsafe as there is no
guarantee that the function that will be actually called is the one that
is provided by the module.
* modules/pam_access/pam_access.c (pam_sm_authenticate): Rename to
pam_access, add static qualifier, remove "flags" argument.
Update all callers. Add a new pam_sm_authenticate as a thin wrapper
around pam_access.
|
| |
|
|
|
|
|
|
|
|
|
| |
If quiet_log option is specified, no "access denied" message is logged.
* modules/pam_access/pam_access.c (struct login_info): Add quiet_log.
(parse_args): Initialize it.
(pam_sm_authenticate): Use it.
* modules/pam_access/pam_access.8.xml: Document quiet_log option.
Closes: https://github.com/linux-pam/linux-pam/issues/706
|
| |
|
|
|
|
|
|
|
|
| |
Building outside of source directory fails if --disable-doc is not
explicitly chosen.
This happens because generated files are sometimes expected in the
source directory, where they won't exist.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
| |
If a very long group name is supplied, do not truncate it. It is safe to
work directly on the supplied token, which is also already done in
user_match, from where group_match is also called.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
| |
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
| |
It should not happen that inet_ntop uses all space available, but
let's better be safe than sorry, since strcat won't check for us.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
| |
Even though NUL bytes are not supposed to show up in a configuration
file, treat them properly and avoid out of boundary accesses.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
| |
Typos found with codespell
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
| |
Very long strings could overflow the int data type. Make sure to use
the correct data type.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
| |
Character handling functions, like isspace(3), expect a value
representable as unsigned char or equal to EOF. Otherwise the behavior
is undefined.
See https://wiki.sei.cmu.edu/confluence/display/c/STR37-C.+Arguments+to+character-handling+functions+must+be+representable+as+an+unsigned+char
|
| |
|
|
|
|
| |
* modules/pam_access/pam_access.c (network_netmask_match): Don't print
an error if a string is not resolveable, only a debug message in debug
mode. We even don't know if that entry is for remote logins or not.
|
| |
|
|
|
|
|
| |
* modules/pam_access/access.conf.5.xml: Add example and note for IPv6
link-local addresses
* modules/pam_access/access.conf: Add example for IPv6 link-local
addresses
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use empty initialization of structs to minimize the memset() usage, to
reduce the amount of calls which are not sensitive.
Non trivial changes:
- pam_env:
* erase environment variables where possible
- pam_exec:
* erase responce on error
* erase auth token
- pam_pwhistory:
* erase buffers containing old passwords
- pam_selinux: skip overwriting data structure consisting of only
pointers to insensitive data, which also gets free'd afterwards (so
it currently does not protect against double-free or use-after-free on
the member pointers)
- pam_unix: erase cipher data in more places
- pam_userdb: erase password hashes
|
| |
|
|
|
|
|
|
|
| |
Otherwise the corresponding files are still installed in /etc/security.
* configure.ac (AC_SUBST): Add VENDOR_SCONFIGDIR.
(AM_CONDITIONAL): Add HAVE_VENDORDIR.
* modules/*/Makefile.am (secureconfdir): Set to VENDOR_SCONFIGDIR
if HAVE_VENDORDIR has been set, otherwise to SCONFIGDIR.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changed files
--------------
Make.xml.rules.in:
- Using RNG file instead of DTD file for checking XML files.
- Taking the correct stylesheet for README files.
doc/sag/Makefile.am, doc/adg/Makefile.am, doc/mwg/Makefile.am:
- Using RNG file instead of DTD file for checking XML files.
configure.ac:
- Adding a new option for selecting RNG check file (-enable-docbook-rng)
- Switching stylesheets to docbook 5
- Checking DocBook 5 environment instead of DocBook 4 environment
*.xml:
Update from DockBook 4 to DocBook 5
|
| |
|
|
|
|
|
| |
Use the vendor directory as fallback for a distribution provided default config if there is no configuration in /etc.
* pam_access.c: Take care about the fallback configuration in vendor directory.
* pam_access.8.xml: Added description for vendor directory.
|
| |
|
|
|
|
|
|
|
|
| |
According to the manual page, the following entry is valid but does not
work:
-:root:ALL EXCEPT localhost
See https://bugzilla.suse.com/show_bug.cgi?id=1019866
Patched is based on PR#226 from Josef Moellers
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
source code
Since SCONFIGDIR macro is available, the is no need to define macros
based on SCONFIGDIR in Makefile.am files.
* modules/pam_access/Makefile.am (AM_CFLAGS): Move definitions of
PAM_ACCESS_CONFIG and ACCESS_CONF_GLOB macros ...
* modules/pam_access/pam_access.c: ... here.
* modules/pam_env/Makefile.am (AM_CFLAGS): Move definition of
DEFAULT_CONF_FILE macro ...
* modules/pam_env/pam_env.c: ... here.
* modules/pam_group/Makefile.am (AM_CFLAGS): Move definition of
PAM_GROUP_CONF macro ...
* modules/pam_group/pam_group.c: ... here.
* modules/pam_limits/Makefile.am (AM_CFLAGS): Move definition of
LIMITS_FILE macro ...
* modules/pam_limits/pam_limits.c: ... here.
* modules/pam_sepermit/Makefile.am (AM_CFLAGS): Move definition of
SEPERMIT_CONF_FILE macro ...
* modules/pam_sepermit/pam_sepermit.c: ... here.
* modules/pam_time/Makefile.am (AM_CFLAGS): Move definition of
PAM_TIME_CONF macro ...
* modules/pam_time/pam_time.c: ... here.
|
| |
|
|
|
|
| |
* modules/pam_access/pam_access.c (from_match): Split out remote_match()
function and avoid calling it when matching against LOCAL keyword.
There is also no point in doing domain match against TTY or SERVICE.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* modules/pam_access/pam_access.c (pam_sm_authenticate): Downgrade
the syslog level for pam_get_user errors from LOG_ERR to LOG_NOTICE.
* modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Likewise.
* modules/pam_ftp/pam_ftp.c (pam_sm_authenticate): Likewise.
* modules/pam_group/pam_group.c (pam_sm_setcred): Likewise.
* modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise.
* modules/pam_loginuid/pam_loginuid.c (_pam_loginuid): Likewise.
* modules/pam_mail/pam_mail.c (_do_mail): Likewise.
* modules/pam_nologin/pam_nologin.c (perform_check): Likewise.
* modules/pam_rhosts/pam_rhosts.c (pam_sm_authenticate): Likewise.
* modules/pam_sepermit/pam_sepermit.c (pam_sm_authenticate): Likewise.
* modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Likewise.
* modules/pam_tally/pam_tally.c (pam_get_uid): Likewise.
* modules/pam_tally2/pam_tally2.c (pam_get_uid): Likewise.
* modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Likewise.
* modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Likewise.
* modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise.
* modules/pam_userdb/pam_userdb.c (pam_sm_authenticate,
pam_sm_acct_mgmt): Likewise.
* modules/pam_usertype/pam_usertype.c (pam_usertype_get_uid): Likewise.
* modules/pam_xauth/pam_xauth.c (pam_sm_open_session,
pam_sm_close_session): Likewise.
* modules/pam_securetty/pam_securetty.c (securetty_perform_check):
Downgrade the syslog level for pam_get_user errors from LOG_WARNING
to LOG_NOTICE.
* modules/pam_stress/pam_stress.c (pam_sm_authenticate): Likewise.
Suggested-by: Tomáš Mráz <tmraz@fedoraproject.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pam_modutil_getpwnam
pam_modutil_getpwnam is perfectly capable of handling empty strings as
user names, no need to double check that.
* modules/pam_access/pam_access.c (pam_sm_authenticate): Do not check
the user name for emptyness before passing it to pam_modutil_getpwnam.
* modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise.
* modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Likewise.
* modules/pam_shells/pam_shells.c (perform_check): Likewise.
* modules/pam_tally/pam_tally.c (pam_get_uid): Likewise.
* modules/pam_tally2/pam_tally2.c (pam_get_uid): Likewise.
* modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If pam_get_user returned PAM_SUCCESS, the user name is guaranteed
to be a valid C string, no need to double check that.
* modules/pam_access/pam_access.c (pam_sm_authenticate): Do not check
for NULL the user name returned by pam_get_user when the latter returned
PAM_SUCCESS.
* modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Likewise.
* modules/pam_debug/pam_debug.c (pam_sm_authenticate): Likewise.
* modules/pam_filter/pam_filter.c (process_args): Likewise.
* modules/pam_ftp/pam_ftp.c (pam_sm_authenticate): Likewise.
* modules/pam_group/pam_group.c (pam_sm_setcred): Likewise.
* modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise.
* modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): Likewise.
* modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Likewise.
* modules/pam_mail/pam_mail.c (_do_mail): Likewise.
* modules/pam_nologin/pam_nologin.c (perform_check): Likewise.
* modules/pam_permit/pam_permit.c (pam_sm_authenticate): Likewise.
* modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Likewise.
* modules/pam_rhosts/pam_rhosts.c (pam_sm_authenticate): Likewise.
* modules/pam_securetty/pam_securetty.c (pam_sm_authenticate): Likewise.
* modules/pam_sepermit/pam_sepermit.c (pam_sm_authenticate): Likewise.
* modules/pam_shells/pam_shells.c (perform_check): Likewise.
* modules/pam_stress/pam_stress.c (pam_sm_authenticate): Likewise.
* modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Likewise.
* modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Likewise.
* modules/pam_timestamp/pam_timestamp.c (get_timestamp_name): Likewise.
* modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise.
* modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise.
* modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Likewise.
* modules/pam_usertype/pam_usertype.c (pam_usertype_get_uid): Likewise.
* modules/pam_wheel/pam_wheel.c (perform_check): Likewise.
* modules/pam_userdb/pam_userdb.c (pam_sm_authenticate, pam_sm_acct_mgmt):
Likewise.
|
| |
|
|
|
|
| |
Starting with commit a684595c0bbd88df71285f43fb27630e3829121e aka
Linux-PAM-1.3.0~14 (Remove "--enable-static-modules" option and support
from Linux-PAM), PAM_SM_* macros have no effect.
|
| |
|
|
|
|
|
|
| |
... and remove $(TESTS) from EXTRA_DIST.
The change is performed automatically using the following script:
sed -i -e 's/^TESTS = \(tst.*\)/dist_check_SCRIPTS = \1\nTESTS = $(dist_check_SCRIPTS)/' \
-e '/^EXTRA_DIST/ s/ \$(TESTS)//' modules/*/Makefile.am
|
| |
|
|
|
|
|
| |
... and remove $(MANS) from EXTRA_DIST.
The change is performed automatically using the following script:
sed -i 's/^man_MANS/dist_&/; /^EXTRA_DIST/ s/ \$(MANS)//' modules/*/Makefile.am
|
| |
|
|
|
|
|
| |
... and remove $(DATA) from EXTRA_DIST.
The change is performed automatically using the following script:
sed -i 's/^[a-z]*_DATA/dist_&/; /^EXTRA_DIST/ s/ \$(DATA)//' modules/*/Makefile.am
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since the whole $(DATA) is listed in EXTRA_DIST, $(secureconf_DATA)
can be safely de-listed.
* modules/pam_access/Makefile.am (EXTRA_DIST): Remove
$(secureconf_DATA).
* modules/pam_env/Makefile.am: Likewise.
* modules/pam_group/Makefile.am: Likewise.
* modules/pam_limits/Makefile.am: Likewise.
* modules/pam_namespace/Makefile.am: Likewise.
* modules/pam_sepermit/Makefile.am: Likewise.
* modules/pam_time/Makefile.am: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Since the GNU Automake distributes README files by default, the only
reason why README had to be listed in EXTRA_DIST was to make these
README files generated.
Since README is also listed in noinst_DATA, we can safely replace
README in EXTRA_DIST with $(DATA), this also opens the way for
further EXTRA_DIST cleanup.
* modules/*/Makefile.am (EXTRA_DIST): Replace README with $(DATA).
|
| |
|
|
|
| |
This is essentially a no-op change that makes modules/*/Makefile.am
files less divergent.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make.xml.rules
As the rule is now the same in every modules/*/Makefile.am file,
move it to Make.xml.rules.
* Make.xml.rules (README): New prerequisites rule.
* modules/pam_access/Makefile.am (README): Remove rule.
* modules/pam_cracklib/Makefile.am (README): Likewise.
* modules/pam_debug/Makefile.am (README): Likewise.
* modules/pam_deny/Makefile.am (README): Likewise.
* modules/pam_echo/Makefile.am (README): Likewise.
* modules/pam_env/Makefile.am (README): Likewise.
* modules/pam_exec/Makefile.am (README): Likewise.
* modules/pam_faildelay/Makefile.am (README): Likewise.
* modules/pam_filter/Makefile.am (README): Likewise.
* modules/pam_ftp/Makefile.am (README): Likewise.
* modules/pam_group/Makefile.am (README): Likewise.
* modules/pam_issue/Makefile.am (README): Likewise.
* modules/pam_keyinit/Makefile.am (README): Likewise.
* modules/pam_lastlog/Makefile.am (README): Likewise.
* modules/pam_limits/Makefile.am (README): Likewise.
* modules/pam_listfile/Makefile.am (README): Likewise.
* modules/pam_localuser/Makefile.am (README): Likewise.
* modules/pam_loginuid/Makefile.am (README): Likewise.
* modules/pam_mail/Makefile.am (README): Likewise.
* modules/pam_mkhomedir/Makefile.am (README): Likewise.
* modules/pam_motd/Makefile.am (README): Likewise.
* modules/pam_namespace/Makefile.am (README): Likewise.
* modules/pam_nologin/Makefile.am (README): Likewise.
* modules/pam_permit/Makefile.am (README): Likewise.
* modules/pam_pwhistory/Makefile.am (README): Likewise.
* modules/pam_rhosts/Makefile.am (README): Likewise.
* modules/pam_rootok/Makefile.am (README): Likewise.
* modules/pam_securetty/Makefile.am (README): Likewise.
* modules/pam_selinux/Makefile.am (README): Likewise.
* modules/pam_sepermit/Makefile.am (README): Likewise.
* modules/pam_setquota/Makefile.am (README): Likewise.
* modules/pam_shells/Makefile.am (README): Likewise.
* modules/pam_succeed_if/Makefile.am (README): Likewise.
* modules/pam_tally/Makefile.am (README): Likewise.
* modules/pam_tally2/Makefile.am (README): Likewise.
* modules/pam_time/Makefile.am (README): Likewise.
* modules/pam_timestamp/Makefile.am (README): Likewise.
* modules/pam_tty_audit/Makefile.am (README): Likewise.
* modules/pam_umask/Makefile.am (README): Likewise.
* modules/pam_unix/Makefile.am (README): Likewise.
* modules/pam_userdb/Makefile.am (README): Likewise.
* modules/pam_usertype/Makefile.am (README): Likewise.
* modules/pam_warn/Makefile.am (README): Likewise.
* modules/pam_wheel/Makefile.am (README): Likewise.
* modules/pam_xauth/Makefile.am (README): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is no need to list prerequisites of README targets manually as
all README targets depend on $(XMLS).
The change is performed automatically using the following script:
sed -i 's/^README: pam_.*/README: $(XMLS)/' modules/*/Makefile.am
* modules/pam_access/Makefile.am (README): Replace pam_access.8.xml
and access.conf.5.xml with $(XMLS).
* modules/pam_cracklib/Makefile.am (README): Replace pam_cracklib.8.xml
with $(XMLS).
* modules/pam_debug/Makefile.am (README): Replace pam_debug.8.xml
with $(XMLS).
* modules/pam_deny/Makefile.am (README): Replace pam_deny.8.xml
with $(XMLS).
* modules/pam_echo/Makefile.am (README): Replace pam_echo.8.xml
with $(XMLS).
* modules/pam_env/Makefile.am (README): Replace pam_env.8.xml and
pam_env.conf.5.xml with $(XMLS).
* modules/pam_exec/Makefile.am (README): Replace pam_exec.8.xml
with $(XMLS).
* modules/pam_faildelay/Makefile.am (README): Replace
pam_faildelay.8.xml with $(XMLS).
* modules/pam_filter/Makefile.am (README): Replace pam_filter.8.xml
with $(XMLS).
* modules/pam_ftp/Makefile.am (README): Replace pam_ftp.8.xml with
$(XMLS).
* modules/pam_group/Makefile.am (README): Replace pam_group.8.xml
and group.conf.5.xml with $(XMLS).
* modules/pam_issue/Makefile.am (README): Replace pam_issue.8.xml
with $(XMLS).
* modules/pam_keyinit/Makefile.am (README): Replace pam_keyinit.8.xml
with $(XMLS).
* modules/pam_lastlog/Makefile.am (README): Replace pam_lastlog.8.xml
with $(XMLS).
* modules/pam_limits/Makefile.am (README): Replace pam_limits.8.xml
and limits.conf.5.xml with $(XMLS).
* modules/pam_listfile/Makefile.am (README): Replace pam_listfile.8.xml
with $(XMLS).
* modules/pam_localuser/Makefile.am (README): Replace
pam_localuser.8.xml with $(XMLS).
* modules/pam_loginuid/Makefile.am (README): Replace pam_loginuid.8.xml
with $(XMLS).
* modules/pam_mail/Makefile.am (README): Replace pam_mail.8.xml
with $(XMLS).
* modules/pam_mkhomedir/Makefile.am (README): Replace
pam_mkhomedir.8.xml with $(XMLS).
* modules/pam_motd/Makefile.am (README): Replace pam_motd.8.xml
with $(XMLS).
* modules/pam_namespace/Makefile.am (README): Replace
pam_namespace.8.xml, namespace.conf.5.xml,
and pam_namespace_helper.8.xml with $(XMLS).
* modules/pam_nologin/Makefile.am (README): Replace pam_nologin.8.xml
with $(XMLS).
* modules/pam_permit/Makefile.am (README): Replace pam_permit.8.xml
with $(XMLS).
* modules/pam_pwhistory/Makefile.am (README): Replace
pam_pwhistory.8.xml with $(XMLS).
* modules/pam_rhosts/Makefile.am (README): Replace pam_rhosts.8.xml
with $(XMLS).
* modules/pam_rootok/Makefile.am (README): Replace pam_rootok.8.xml
with $(XMLS).
* modules/pam_securetty/Makefile.am (README): Replace
pam_securetty.8.xml with $(XMLS).
* modules/pam_selinux/Makefile.am (README): Replace pam_selinux.8.xml
with $(XMLS).
* modules/pam_sepermit/Makefile.am (README): Replace pam_sepermit.8.xml
with $(XMLS).
* modules/pam_setquota/Makefile.am (README): Replace pam_setquota.8.xml
with $(XMLS).
* modules/pam_shells/Makefile.am (README): Replace pam_shells.8.xml
with $(XMLS).
* modules/pam_succeed_if/Makefile.am (README): Replace
pam_succeed_if.8.xml with $(XMLS).
* modules/pam_tally/Makefile.am (README): Replace pam_tally.8.xml
with $(XMLS).
* modules/pam_tally2/Makefile.am (README): Replace pam_tally2.8.xml
with $(XMLS).
* modules/pam_time/Makefile.am (README): Replace pam_time.8.xml and
time.conf.5.xml with $(XMLS).
* modules/pam_timestamp/Makefile.am (README): Replace
pam_timestamp.8.xml with $(XMLS).
* modules/pam_tty_audit/Makefile.am (README): Replace
pam_tty_audit.8.xml with $(XMLS).
* modules/pam_umask/Makefile.am (README): Replace pam_umask.8.xml
with $(XMLS).
* modules/pam_unix/Makefile.am (README): Replace pam_unix.8.xml
with $(XMLS).
* modules/pam_userdb/Makefile.am (README): Replace pam_userdb.8.xml
with $(XMLS).
* modules/pam_usertype/Makefile.am (README): Replace pam_usertype.8.xml
with $(XMLS).
* modules/pam_warn/Makefile.am (README): Replace pam_warn.8.xml
with $(XMLS).
* modules/pam_wheel/Makefile.am (README): Replace pam_wheel.8.xml
with $(XMLS).
* modules/pam_xauth/Makefile.am (README): Replace pam_xauth.8.xml
with $(XMLS).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The change was prepared using the following script:
git grep -l secureconf_DATA modules/*/Makefile.am |while read m; do
t="$(sed '/^secureconf_DATA = /!d;s///;q' -- "$m")"
sed -i "/^EXTRA_DIST =/ s/\\<$t\\>/\$(secureconf_DATA)/" -- "$m"
done
* modules/pam_access/Makefile.am (EXTRA_DIST): Replace access.conf with
$(secureconf_DATA).
* modules/pam_env/Makefile.am (EXTRA_DIST): Replace pam_env.conf with
$(secureconf_DATA).
* modules/pam_group/Makefile.am (EXTRA_DIST): Replace group.conf with
$(secureconf_DATA).
* modules/pam_limits/Makefile.am (EXTRA_DIST): Replace limits.conf with
$(secureconf_DATA).
* modules/pam_namespace/Makefile.am (EXTRA_DIST): Replace namespace.conf
with $(secureconf_DATA).
* modules/pam_sepermit/Makefile.am (EXTRA_DIST): Replace sepermit.conf
with $(secureconf_DATA).
* modules/pam_time/Makefile.am (EXTRA_DIST): Replace time.conf with
$(secureconf_DATA).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The change was prepared using the following script:
git grep -l '^TESTS = tst-pam_' modules/ |while read m; do
t="$(sed '/^TESTS = tst-pam_/!d;s/^TESTS = //;q' -- "$m")"
sed -i "/^EXTRA_DIST =/ s/$t\\>/\$(TESTS)/" -- "$m"
done
* modules/pam_access/Makefile.am (EXTRA_DIST): Replace tst-pam_access
with $(TESTS).
* modules/pam_cracklib/Makefile.am (EXTRA_DIST): Replace
tst-pam_cracklib with $(TESTS).
* modules/pam_debug/Makefile.am (EXTRA_DIST): Replace tst-pam_debug with
$(TESTS).
* modules/pam_deny/Makefile.am (EXTRA_DIST): Replace tst-pam_deny with
$(TESTS).
* modules/pam_echo/Makefile.am (EXTRA_DIST): Replace tst-pam_echo with
$(TESTS).
* modules/pam_env/Makefile.am (EXTRA_DIST): Replace tst-pam_env with
$(TESTS).
* modules/pam_exec/Makefile.am (EXTRA_DIST): Replace tst-pam_exec with
$(TESTS).
* modules/pam_faildelay/Makefile.am (EXTRA_DIST): Replace
tst-pam_faildelay with $(TESTS).
* modules/pam_filter/Makefile.am (EXTRA_DIST): Replace tst-pam_filter
with $(TESTS).
* modules/pam_ftp/Makefile.am (EXTRA_DIST): Replace tst-pam_ftp with
$(TESTS).
* modules/pam_group/Makefile.am (EXTRA_DIST): Replace tst-pam_group with
$(TESTS).
* modules/pam_issue/Makefile.am (EXTRA_DIST): Replace tst-pam_issue with
$(TESTS).
* modules/pam_keyinit/Makefile.am (EXTRA_DIST): Replace tst-pam_keyinit
with $(TESTS).
* modules/pam_lastlog/Makefile.am (EXTRA_DIST): Replace tst-pam_lastlog
with $(TESTS).
* modules/pam_limits/Makefile.am (EXTRA_DIST): Replace tst-pam_limits
with $(TESTS).
* modules/pam_listfile/Makefile.am (EXTRA_DIST): Replace
tst-pam_listfile with $(TESTS).
* modules/pam_localuser/Makefile.am (EXTRA_DIST): Replace
tst-pam_localuser with $(TESTS).
* modules/pam_loginuid/Makefile.am (EXTRA_DIST): Replace
tst-pam_loginuid with $(TESTS).
* modules/pam_mail/Makefile.am (EXTRA_DIST): Replace tst-pam_mail with
$(TESTS).
* modules/pam_mkhomedir/Makefile.am (EXTRA_DIST): Replace
tst-pam_mkhomedir with $(TESTS).
* modules/pam_motd/Makefile.am (EXTRA_DIST): Replace tst-pam_motd with
$(TESTS).
* modules/pam_namespace/Makefile.am (EXTRA_DIST): Replace
tst-pam_namespace with $(TESTS).
* modules/pam_nologin/Makefile.am (EXTRA_DIST): Replace tst-pam_nologin
with $(TESTS).
* modules/pam_permit/Makefile.am (EXTRA_DIST): Replace tst-pam_permit
with $(TESTS).
* modules/pam_pwhistory/Makefile.am (EXTRA_DIST): Replace
tst-pam_pwhistory with $(TESTS).
* modules/pam_rhosts/Makefile.am (EXTRA_DIST): Replace tst-pam_rhosts
with $(TESTS).
* modules/pam_rootok/Makefile.am (EXTRA_DIST): Replace tst-pam_rootok
with $(TESTS).
* modules/pam_securetty/Makefile.am (EXTRA_DIST): Replace
tst-pam_securetty with $(TESTS).
* modules/pam_sepermit/Makefile.am (EXTRA_DIST): Replace
tst-pam_sepermit with $(TESTS).
* modules/pam_setquota/Makefile.am (EXTRA_DIST): Replace
tst-pam_setquota with $(TESTS).
* modules/pam_shells/Makefile.am (EXTRA_DIST): Replace tst-pam_shells
with $(TESTS).
* modules/pam_stress/Makefile.am (EXTRA_DIST): Replace tst-pam_stress
with $(TESTS).
* modules/pam_succeed_if/Makefile.am (EXTRA_DIST): Replace
tst-pam_succeed_if with $(TESTS).
* modules/pam_tally/Makefile.am (EXTRA_DIST): Replace tst-pam_tally with
$(TESTS).
* modules/pam_tally2/Makefile.am (EXTRA_DIST): Replace tst-pam_tally2
with $(TESTS).
* modules/pam_time/Makefile.am (EXTRA_DIST): Replace tst-pam_time with
$(TESTS).
* modules/pam_tty_audit/Makefile.am (EXTRA_DIST): Replace
tst-pam_tty_audit with $(TESTS).
* modules/pam_umask/Makefile.am (EXTRA_DIST): Replace tst-pam_umask with
$(TESTS).
* modules/pam_userdb/Makefile.am (EXTRA_DIST): Replace tst-pam_userdb
with $(TESTS).
* modules/pam_usertype/Makefile.am (EXTRA_DIST): Replace
tst-pam_usertype with $(TESTS).
* modules/pam_warn/Makefile.am (EXTRA_DIST): Replace tst-pam_warn with
$(TESTS).
* modules/pam_wheel/Makefile.am (EXTRA_DIST): Replace tst-pam_wheel with
$(TESTS).
* modules/pam_xauth/Makefile.am (EXTRA_DIST): Replace tst-pam_xauth with
$(TESTS).
|
| |
|
|
|
|
|
|
| |
* modules/pam_access/pam_access.c (netgroup_match): Place the code
that calls getdomainname under HAVE_GETDOMAINNAME guard.
* modules/pam_issue/pam_issue.c (read_issue_quoted): Likewise.
Resolves: https://github.com/linux-pam/linux-pam/issues/43
|
| |
|
|
|
| |
Resolves: https://github.com/linux-pam/linux-pam/issues/65
Resolves: https://github.com/linux-pam/linux-pam/pull/199
|
| | |
|
| |
|
|
|
| |
* modules/pam_access/pam_access.c: Include "pam_inline.h".
(parse_args): Use pam_str_skip_prefix instead of ugly strncmp invocations.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Introduce DIAG_PUSH_IGNORE_CAST_ALIGN and DIAG_POP_IGNORE_CAST_ALIGN
macros, use them to silence remaining clang -Wcast-align compilation
warnings.
* libpam/include/pam_cc_compat.h (DIAG_PUSH_IGNORE_CAST_ALIGN,
DIAG_POP_IGNORE_CAST_ALIGN): New macros.
* modules/pam_access/pam_access.c: Include "pam_cc_compat.h".
(from_match, network_netmask_match): Wrap inet_ntop invocations
in DIAG_PUSH_IGNORE_CAST_ALIGN and DIAG_POP_IGNORE_CAST_ALIGN.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the following compilation warning reported by gcc
when HAVE_LIBAUDIT is not set:
modules/pam_access/pam_access.c: In function ‘login_access’:
modules/pam_access/pam_access.c:338:13: warning: variable ‘nonall_match’ set but not used [-Wunused-but-set-variable]
338 | int nonall_match = NO;
| ^~~~~~~~~~~~
* modules/pam_access/pam_access.c (login_access): Enclose nonall_match
variable with HAVE_LIBAUDIT #ifdef's.
|
| |
|
|
|
|
|
|
| |
Allow the user to disable documentation through --disable-doc (enabled
by default), this is especially useful when cross-compiling for embedded
targets
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
