aboutsummaryrefslogtreecommitdiff
path: root/modules/pam_env/pam_env.c
Commit message (Collapse)AuthorAgeFilesLines
* build: rename VENDOR_SCONFIGDIR config.h macro to VENDOR_SCONFIG_DIRDmitry V. Levin2024-08-261-2/+2
| | | | | ... for the same reason SCONFIGDIR config.h macro was renamed to SCONFIG_DIR.
* build: rename SCONFIGDIR config.h macro to SCONFIG_DIRDmitry V. Levin2024-08-251-1/+1
| | | | | | | This way it is visibly different from the configure variable SCONFIGDIR, which is helpful, because their values are slightly different: the macro is quoted while the configure variable is not quoted, and this difference may cause problems with other build systems.
* libpam_internal: introduce pam_econf_readconfigStefan Schubert2024-07-021-4/+3
| | | | | | | Use this new function instead of econf_readDirs() and econf_readDirsWithCallback(). Co-authored-by: Dmitry V. Levin <ldv@strace.io>
* pam_env: fix error handling in econf_read_fileDmitry V. Levin2024-05-191-4/+4
| | | | | | * modules/pam_env/pam_env.c [USE_ECONF] (econf_read_file): Make sure the returned array of strings is properly initialized when econf_getStringValue() fails to return a value.
* pam_env: fix NULL dereference on error path in econf_read_fileDmitry V. Levin2024-05-191-1/+1
| | | | | | | * modules/pam_env/pam_env.c [USE_ECONF] (econf_read_file): Handle NULL value returned by econf_getStringValue(). Resolves: https://github.com/linux-pam/linux-pam/issues/796
* modules: drop redundant return at end of void functionsChristian Göttsche2024-02-221-1/+0
|
* libpam_internal: introduce pam_lineTobias Stoeckmann2024-02-061-7/+7
| | | | | | | | | | | The pam_assemble_line function is renamed to pam_line_assemble and moved into libpam_internal so it can be shared across libpam and the pam_env module. Applied renaming to all other relevant functions and data structures so it is easier to locate them in files. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_env: remove escaped newlines from econf linesTobias Stoeckmann2024-01-181-0/+23
| | | | | | | | | The libeconf routines do not remove escaped newlines the way we want to process them later on. Manually remove them from values. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> Resolves: https://github.com/linux-pam/linux-pam/issues/738 Fixes: 6135c45347b6 ("pam_env: Use vendor specific pam_env.conf and environment as fallback")
* pam_env: fix --enable-vendordir fallback logicDmitry V. Levin2024-01-181-11/+11
| | | | | | | | | * modules/pam_env/pam_env.c (_parse_config_file) [!USE_ECONF && VENDOR_DEFAULT_CONF_FILE]: Do not fallback to vendor pam_env.conf file if the config file is specified via module arguments. Link: https://github.com/linux-pam/linux-pam/issues/738 Fixes: v1.5.3~69 ("pam_env: Use vendor specific pam_env.conf and environment as fallback")
* pam_env: check VENDORDIR after config.h inclusionTobias Stoeckmann2024-01-181-9/+9
| | | | | | | | | The VENDORDIR define has to be checked after config.h inclusion, otherwise the ifdef test always yields false. Fixes: 6135c45347b6 ("pam_env: Use vendor specific pam_env.conf and environment as fallback") Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* treewide: remove unused definesTobias Stoeckmann2024-01-131-3/+0
| | | | | | These are leftovers from fgets usages. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_env: allow escaping of escape characterTobias Stoeckmann2024-01-121-1/+1
| | | | | | Otherwise it is not possible to add \ into an environment variable. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_env: use _pam_assemble_lineTobias Stoeckmann2024-01-051-100/+14
| | | | | | | When pam_env is compiled without libeconf support enabled, this removes fgets limitations and allows arbitrarily long lines. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_env: skip _expand_arg if possibleTobias Stoeckmann2024-01-051-0/+7
| | | | | | | If no special characters exist, simply skip _expand_arg to avoid memory allocations and string copying. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_env: allow very long variable expansionsTobias Stoeckmann2024-01-051-37/+119
| | | | | | | | Variable expansion can exceed the maximum line length allowed in an environment configuration file. Since PAM environment variables already support arbitrary lengths, allow them in pam_env as well. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* treewide: fix typos in commentsTobias Stoeckmann2024-01-051-1/+1
| | | | Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_env: use strndupTobias Stoeckmann2024-01-021-12/+8
| | | | | | The strndup call is easier to review than malloc + strncpy. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_env: reduce variable visibilityTobias Stoeckmann2024-01-021-9/+9
| | | | | | This will simplify further changes. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_env: remove castTobias Stoeckmann2024-01-021-2/+2
| | | | | | | | The zu formatter is available, as can be seen one line above. Do not cast unnecessarily to unsigned long. Cosmetic change on pretty much all supported systems. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_env: fix debug and error messagesTobias Stoeckmann2024-01-021-5/+5
| | | | | | | | The tmpptr variable is only used for resolved variables. If the creation of expanded string overflows at other places, log the actually overflowing character instead of a "random" string in tmpptr. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_env: reduce stack usageTobias Stoeckmann2024-01-021-7/+3
| | | | | | | | It is not required to have a copy of the string in stack. This removes the need of another strncpy call which also makes future cleanups easier. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_env: fix memory leakTobias Stoeckmann2024-01-011-0/+2
| | | | | | | | | If DEFAULT or OVERRIDE is supplied multiple times in a line then memory leaks can occur. Adjusted test case (compile with address sanitizer to see failure). Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_env: use printf type annotation for size_tBenny Baumann2023-11-131-1/+1
| | | | | | | | There was a debug message still using %d (int) instead of the contextually correct %zu (size_t AKA long unsigned int), potentially causing silent truncation of the printed value. Signed-off-by: Benny Baumann <BenBE@geshi.org>
* pam_env: force format string to be constantBenny Baumann2023-11-131-1/+1
| | | | | | | | | | | As the string to output here is user-controlled this could lead to format string attacks. Possible impact is at least information leakage about the program stack. To avoid this, make the format string fixed and insert the actual string for output as an argument. Signed-off-by: Benny Baumann <BenBE@geshi.org>
* pam_env: remove function prefix in debug messagesTobias Stoeckmann2023-11-121-3/+3
| | | | | | The D macro itself already adds the function names. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_env: remove allocator sizeof operator mismatchChristian Göttsche2023-08-071-2/+2
| | | | | | | | | | | | | | | | An array of strings is allocated (into a pointer) so the single array element to be allocated is char*. Since sizeof(char**) should be always equal to sizeof(char*) this caused no issues so far. Reported by Clang analyzer: pam_env.c:391:14: warning: Result of 'malloc' is converted to a pointer of type 'char *', which is incompatible with sizeof operand type 'char **' [unix.MallocSizeof] 391 | *lines = malloc((i + 1)* sizeof(char**)); | ^~~~~~ ~~~~~~~~~~~~~~ pam_env.c:401:13: warning: Result of 'realloc' is converted to a pointer of type 'char *', which is incompatible with sizeof operand type 'char **' [unix.MallocSizeof] 401 | tmp = realloc(*lines, (++i + 1) * sizeof(char**)); | ^~~~~~~ ~~~~~~~~~~~~~~
* modules: cast to unsigned char for character handling functionChristian Göttsche2023-08-071-1/+1
| | | | | | | | Character handling functions, like isspace(3), expect a value representable as unsigned char or equal to EOF. Otherwise the behavior is undefined. See https://wiki.sei.cmu.edu/confluence/display/c/STR37-C.+Arguments+to+character-handling+functions+must+be+representable+as+an+unsigned+char
* modules: make use of secure memory erasureChristian Göttsche2023-02-281-13/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | Use empty initialization of structs to minimize the memset() usage, to reduce the amount of calls which are not sensitive. Non trivial changes: - pam_env: * erase environment variables where possible - pam_exec: * erase responce on error * erase auth token - pam_pwhistory: * erase buffers containing old passwords - pam_selinux: skip overwriting data structure consisting of only pointers to insensitive data, which also gets free'd afterwards (so it currently does not protect against double-free or use-after-free on the member pointers) - pam_unix: erase cipher data in more places - pam_userdb: erase password hashes
* pam_env: use helper to free string listChristian Göttsche2023-02-281-2/+1
| | | | | | Free the environment variables list via the designated helper free_string_array() rather than free its elements in a loop, which might skip some.
* pam_env: override undefined pointer after asprintf failureChristian Göttsche2023-02-281-0/+1
| | | | | On failure the content of the string pointer passed to asprintf(3) is undefined. Set to NULL before free'ing the parent array.
* pam_env: fix VENDOR_DEFAULT_ETC_ENVFILEDmitry V. Levin2023-02-011-1/+1
| | | | | | | * modules/pam_env/pam_env.c (VENDOR_DEFAULT_ETC_ENVFILE): Assume that VENDORDIR already includes "/etc". Fixes: 6135c45347b6 ("pam_env: Use vendor specific pam_env.conf and environment as fallback")
* pam_env: Use vendor specific pam_env.conf and environment as fallbackStefan Schubert2022-12-141-37/+261
| | | | | | | | | | | | Use the vendor directory as fallback for a distribution provided default config if there is no one in /etc. * Makefile.am: Add libeconf setting. * pam_env.c: Take care about the fallback configuration in the vendor directory. * pam_env.8.xml: Add description for the vendor directory. * pam_env.conf.5.xml: Add description for the vendor directory. * tst-pam_env-retval.c: Add tests for libeconf. * configure.ac: Add ECONF settings for building man pages.
* pam_env: _parse_line: fix quoteflg handledValentin Lefebvre2022-12-011-1/+2
| | | | | | | | Check if quote flag is positive before decrementing it. Otherwise, for some use case, it could become negative, and have an unwanted empty string instead of an undefined variable. Signed-off-by: Valentin Lefebvre <valentin.lefebvre@suse.com>
* pam_env: reorder definitions of static functions to avoid forward declarationsDmitry V. Levin2022-04-241-268/+263
| | | | | | | * modules/pam_env/pam_env.c (_assemble_line, _parse_line, _check_var, _clean_var, _expand_arg, _pam_get_item_byname, _define_var, _undefine_var): Move definitions of static functions before their first use to avoid forward declarations cluttering the code.
* modules: move SCONFIGDIR-based macro definitions from Makefile.am to the ↵Dmitry V. Levin2022-01-231-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | source code Since SCONFIGDIR macro is available, the is no need to define macros based on SCONFIGDIR in Makefile.am files. * modules/pam_access/Makefile.am (AM_CFLAGS): Move definitions of PAM_ACCESS_CONFIG and ACCESS_CONF_GLOB macros ... * modules/pam_access/pam_access.c: ... here. * modules/pam_env/Makefile.am (AM_CFLAGS): Move definition of DEFAULT_CONF_FILE macro ... * modules/pam_env/pam_env.c: ... here. * modules/pam_group/Makefile.am (AM_CFLAGS): Move definition of PAM_GROUP_CONF macro ... * modules/pam_group/pam_group.c: ... here. * modules/pam_limits/Makefile.am (AM_CFLAGS): Move definition of LIMITS_FILE macro ... * modules/pam_limits/pam_limits.c: ... here. * modules/pam_sepermit/Makefile.am (AM_CFLAGS): Move definition of SEPERMIT_CONF_FILE macro ... * modules/pam_sepermit/pam_sepermit.c: ... here. * modules/pam_time/Makefile.am (AM_CFLAGS): Move definition of PAM_TIME_CONF macro ... * modules/pam_time/pam_time.c: ... here.
* pam_env: deprecation notice of reading the user environmentTomas Mraz2020-11-051-0/+3
| | | | | | * modules/pam_env/pam_env.8.xml: Add the notice to the manual. * modules/pam_env/pam_env.c (_pam_parse): Log deprecation warning if user_readenv is set.
* pam_env: allow environment files without EOL at EOFTomas Mraz2020-11-041-1/+1
| | | | | | Fixes #263 * modules/pam_env/pam_env.c (_assemble_line): Do not error out if at feof()
* modules: remove PAM_SM_* macrosDmitry V. Levin2020-05-031-14/+2
| | | | | | Starting with commit a684595c0bbd88df71285f43fb27630e3829121e aka Linux-PAM-1.3.0~14 (Remove "--enable-static-modules" option and support from Linux-PAM), PAM_SM_* macros have no effect.
* Fix various typos found using codespell toolDmitry V. Levin2020-03-281-2/+2
|
* modules/pam_env: use pam_str_skip_prefixDmitry V. Levin2020-03-191-21/+24
| | | | | | * modules/pam_env/pam_env.c: Include "pam_inline.h". (_pam_parse, _parse_line): Use pam_str_skip_prefix instead of ugly strncmp invocations.
* pam_env: Change the default to not read the user .pam_environment fileTomas Mraz2020-02-241-1/+1
| | | | | * modules/pam_env/pam_env.8.xml: Document the change. * modules/pam_env/pam_env.c: Set DEFAULT_USER_READ_ENVFILE to 0.
* pam_env: code cleanupsTomas Mraz2020-02-241-19/+37
| | | | | | | | | Raise BUF_SIZE to 8192 bytes. * modules/pam_env/pam_env.c (_parse_env_file): Ignore lines starting with '='. (_assemble_line): Detect long lines and binary files. (_check_var): Avoid overwriting global variable. (_expand_arg): Avoid repeated strlen calls.
* Unification and cleanup of syslog log levels.Tomas Mraz2016-06-301-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * libpam/pam_handlers.c: Make memory allocation failures LOG_CRIT. * libpam/pam_modutil_priv.c: Make memory allocation failures LOG_CRIT. * modules/pam_echo/pam_echo.c: Make memory allocation failures LOG_CRIT. * modules/pam_env/pam_env.c: Make memory allocation failures LOG_CRIT. * modules/pam_exec/pam_exec.c: Make memory allocation failures LOG_CRIT. * modules/pam_filter/pam_filter.c: Make all non-memory call errors LOG_ERR. * modules/pam_group/pam_group.c: Make memory allocation failures LOG_CRIT. * modules/pam_issue/pam_issue.c: Make memory allocation failures LOG_CRIT. * modules/pam_lastlog/pam_lastlog.c: The lastlog file creation is syslogged with LOG_NOTICE, memory allocation errors with LOG_CRIT, other errors with LOG_ERR. * modules/pam_limits/pam_limits.c: User login limit messages are syslogged with LOG_NOTICE, stale utmp entry with LOG_INFO, non-memory errors with LOG_ERR. * modules/pam_listfile/pam_listfile.c: Rejection of user is syslogged with LOG_NOTICE. * modules/pam_namespace/pam_namespace.c: Make memory allocation failures LOG_CRIT. * modules/pam_nologin/pam_nologin.c: Make memory allocation failures LOG_CRIT, other errors LOG_ERR. * modules/pam_securetty/pam_securetty.c: Rejection of access is syslogged with LOG_NOTICE, non-memory errors with LOG_ERR. * modules/pam_selinux/pam_selinux.c: Make memory allocation failures LOG_CRIT. * modules/pam_succeed_if/pam_succeed_if.c: Make all non-memory call errors LOG_ERR. * modules/pam_time/pam_time.c: Make memory allocation failures LOG_CRIT. * modules/pam_timestamp/pam_timestamp.c: Make memory allocation failures LOG_CRIT. * modules/pam_unix/pam_unix_acct.c: Make all non-memory call errors LOG_ERR. * modules/pam_unix/pam_unix_passwd.c: Make memory allocation failures LOG_CRIT, other errors LOG_ERR. * modules/pam_unix/pam_unix_sess.c: Make all non-memory call errors LOG_ERR. * modules/pam_unix/passverify.c: Unknown user is syslogged with LOG_NOTICE. * modules/pam_unix/support.c: Unknown user is syslogged with LOG_NOTICE and max retries ignorance by application likewise. * modules/pam_unix/unix_chkpwd.c: Make all non-memory call errors LOG_ERR. * modules/pam_userdb/pam_userdb.c: Password authentication error is syslogged with LOG_NOTICE. * modules/pam_xauth/pam_xauth.c: Make memory allocation failures LOG_CRIT.
* Remove "--enable-static-modules" option and support fromThorsten Kukuk2016-03-291-22/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Linux-PAM. It was never official supported and was broken since years. * configure.ac: Remove --enable-static-modules option. * doc/man/pam_sm_acct_mgmt.3.xml: Remove PAM_EXTERN. * doc/man/pam_sm_authenticate.3.xml: Likewise. * doc/man/pam_sm_chauthtok.3.xml: Likewise. * doc/man/pam_sm_close_session.3.xml: Likewise. * doc/man/pam_sm_open_session.3.xml: Likewise. * doc/man/pam_sm_setcred.3.xml: Likewise. * libpam/Makefile.am: Remove STATIC_MODULES cases. * libpam/include/security/pam_modules.h: Remove PAM_STATIC parts. * libpam/pam_dynamic.c: Likewise. * libpam/pam_handlers.c: Likewise. * libpam/pam_private.h: Likewise. * libpam/pam_static.c: Remove file. * libpam/pam_static_modules.h: Remove header file. * modules/pam_access/pam_access.c: Remove PAM_EXTERN and PAM_STATIC parts. * modules/pam_cracklib/pam_cracklib.c: Likewise. * modules/pam_debug/pam_debug.c: Likewise. * modules/pam_deny/pam_deny.c: Likewise. * modules/pam_echo/pam_echo.c: Likewise. * modules/pam_env/pam_env.c: Likewise. * modules/pam_exec/pam_exec.c: Likewise. * modules/pam_faildelay/pam_faildelay.c: Likewise. * modules/pam_filter/pam_filter.c: Likewise. * modules/pam_ftp/pam_ftp.c: Likewise. * modules/pam_group/pam_group.c: Likewise. * modules/pam_issue/pam_issue.c: Likewise. * modules/pam_keyinit/pam_keyinit.c: Likewise. * modules/pam_lastlog/pam_lastlog.c: Likewise. * modules/pam_limits/pam_limits.c: Likewise. * modules/pam_listfile/pam_listfile.c: Likewise. * modules/pam_localuser/pam_localuser.c: Likewise. * modules/pam_loginuid/pam_loginuid.c: Likewise. * modules/pam_mail/pam_mail.c: Likewise. * modules/pam_mkhomedir/pam_mkhomedir.c: Likewise. * modules/pam_motd/pam_motd.c: Likewise. * modules/pam_namespace/pam_namespace.c: Likewise. * modules/pam_nologin/pam_nologin.c: Likewise. * modules/pam_permit/pam_permit.c: Likewise. * modules/pam_pwhistory/pam_pwhistory.c: Likewise. * modules/pam_rhosts/pam_rhosts.c: Likewise. * modules/pam_rootok/pam_rootok.c: Likewise. * modules/pam_securetty/pam_securetty.c: Likewise. * modules/pam_selinux/pam_selinux.c: Likewise. * modules/pam_sepermit/pam_sepermit.c: Likewise. * modules/pam_shells/pam_shells.c: Likewise. * modules/pam_stress/pam_stress.c: Likewise. * modules/pam_succeed_if/pam_succeed_if.c: Likewise. * modules/pam_tally/pam_tally.c: Likewise. * modules/pam_tally2/pam_tally2.c: Likewise. * modules/pam_time/pam_time.c: Likewise. * modules/pam_timestamp/pam_timestamp.c: Likewise. * modules/pam_tty_audit/pam_tty_audit.c: Likewise. * modules/pam_umask/pam_umask.c: Likewise. * modules/pam_userdb/pam_userdb.c: Likewise. * modules/pam_warn/pam_warn.c: Likewise. * modules/pam_wheel/pam_wheel.c: Likewise. * modules/pam_xauth/pam_xauth.c: Likewise. * modules/pam_unix/Makefile.am: Remove STATIC_MODULES part. * modules/pam_unix/pam_unix_acct.c: Remove PAM_STATIC part. * modules/pam_unix/pam_unix_auth.c: Likewise. * modules/pam_unix/pam_unix_passwd.c: Likewise. * modules/pam_unix/pam_unix_sess.c: Likewise. * modules/pam_unix/pam_unix_static.c: Removed. * modules/pam_unix/pam_unix_static.h: Removed. * po/POTFILES.in: Remove removed files. * tests/tst-dlopen.c: Remove PAM_STATIC part.
* pam_env: expand @{HOME} and @{SHELL} and enhance documentationThorsten Kukuk2015-03-251-1/+14
| | | | | | | | (Ticket#24 and #29) * modules/pam_env/pam_env.c: Replace @{HOME} and @{SHELL} with passwd entries * modules/pam_env/pam_env.conf.5.xml: Document @{HOME} and @{SHELL} * modules/pam_env/pam_env.8.xml: Enhance documentation
* pam_env: abort when encountering an overflowed environment variable expansionKees Cook2011-10-141-0/+3
| | | | | | | * modules/pam_env/pam_env.c (_expand_arg): Abort when encountering an overflowed environment variable expansion. Fixes CVE-2011-3149. Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874565
* pam_env: correctly count leading whitespace when parsing environment fileKees Cook2011-10-141-1/+4
| | | | | | | * modules/pam_env/pam_env.c (_assemble_line): Correctly count leading whitespace. Fixes CVE-2011-3148. Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874469
* Fix missing dereference.Tomas Mraz2011-08-231-3/+3
|
* 2011-05-30 Thorsten Kukuk <kukuk@thkukuk.de>Thorsten Kukuk2011-05-301-11/+20
| | | | | * modules/pam_env/pam_env.c (_pam_parse): Implement debug option. Based on patch by Tomas Mraz.
* revert preceding patch; under discussion, no consensusSteve Langasek2010-10-111-1/+1
|
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-17 02:57:27 +0000