| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
| |
There is no point in supporting two different build systems.
|
| |
|
|
|
|
|
|
|
|
| |
On my non-representative hardware, the full build using autotools
(./autogen.sh && CFLAGS=-O2 ./configure && make -j`nproc` && make -j`nproc` install)
takes about 45 seconds.
On the same hardware, the full build using meson
(meson setup -Doptimization=2 dir && meson compile -C dir && meson install -C dir)
takes just about 7.5 seconds.
|
| |
|
|
|
| |
... for the same reason SCONFIGDIR config.h macro was renamed to
SCONFIG_DIR.
|
| |
|
|
|
|
|
| |
This way it is visibly different from the configure variable SCONFIGDIR,
which is helpful, because their values are slightly different:
the macro is quoted while the configure variable is not quoted,
and this difference may cause problems with other build systems.
|
| |
|
|
|
| |
* modules/pam_env/Makefile.am (AM_CFLAGS): Remove second
-I$(top_srcdir)/libpam_internal/include.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unhardcode ".libs" subdirectory where libtool stores shared objects,
as other build systems doesn't necessarily use it.
* configure.ac (AC_DEFINE_UNQUOTED): Add LTDIR.
* modules/pam_canonicalize_user/tst-pam_canonicalize_user-retval.c:
Replace ".libs/" with LTDIR.
* modules/pam_debug/tst-pam_debug-retval.c: Likewise.
* modules/pam_deny/tst-pam_deny-retval.c: Likewise.
* modules/pam_echo/tst-pam_echo-retval.c: Likewise.
* modules/pam_env/tst-pam_env-retval.c: Likewise.
* modules/pam_faildelay/tst-pam_faildelay-retval.c: Likewise.
* modules/pam_faillock/tst-pam_faillock-retval.c: Likewise.
* modules/pam_listfile/tst-pam_listfile-retval.c: Likewise.
* modules/pam_localuser/tst-pam_localuser-retval.c: Likewise.
* modules/pam_mkhomedir/tst-pam_mkhomedir-retval.c: Likewise.
* modules/pam_nologin/tst-pam_nologin-retval.c: Likewise.
* modules/pam_permit/tst-pam_permit-retval.c: Likewise.
* modules/pam_pwhistory/tst-pam_pwhistory-retval.c: Likewise.
* modules/pam_rootok/tst-pam_rootok-retval.c: Likewise.
* modules/pam_sepermit/tst-pam_sepermit-retval.c: Likewise.
* modules/pam_succeed_if/tst-pam_succeed_if-retval.c: Likewise.
* modules/pam_time/tst-pam_time-retval.c: Likewise.
* modules/pam_warn/tst-pam_warn-retval.c: Likewise.
|
| |
|
|
|
|
|
| |
Use this new function instead of econf_readDirs() and
econf_readDirsWithCallback().
Co-authored-by: Dmitry V. Levin <ldv@strace.io>
|
| |
|
|
|
|
| |
* modules/pam_env/pam_env.c [USE_ECONF] (econf_read_file): Make sure
the returned array of strings is properly initialized
when econf_getStringValue() fails to return a value.
|
| |
|
|
|
|
|
| |
* modules/pam_env/pam_env.c [USE_ECONF] (econf_read_file): Handle NULL
value returned by econf_getStringValue().
Resolves: https://github.com/linux-pam/linux-pam/issues/796
|
| | |
|
| |
|
|
|
|
|
|
| |
Document that pam_env.so is only called by pam_setcred() and
not by pam_authenticate() when added to the auth stack.
Resolves: https://github.com/linux-pam/linux-pam/issues/680
Signed-off-by: Thorsten Kukuk <kukuk@suse.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
The pam_assemble_line function is renamed to pam_line_assemble and
moved into libpam_internal so it can be shared across libpam and the
pam_env module.
Applied renaming to all other relevant functions and data structures
so it is easier to locate them in files.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
|
|
| |
Move function bodies from headers into dedicated object files stored in
libpam_internal. This library won't be installed.
Keep the debug function body in header, even though disabled when
building Linux-PAM, to stay API compatible with previous versions.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
|
| |
The pam client library libpamc is only needed if libpam_misc is in use.
But libpam_misc is only used by an SELinux helper binary.
Remove the libpamc includes from the search path in all other cases.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
|
| |
The libeconf routines do not remove escaped newlines the way we want to
process them later on. Manually remove them from values.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Resolves: https://github.com/linux-pam/linux-pam/issues/738
Fixes: 6135c45347b6 ("pam_env: Use vendor specific pam_env.conf and environment as fallback")
|
| |
|
|
|
|
|
|
|
| |
* modules/pam_env/pam_env.c (_parse_config_file) [!USE_ECONF &&
VENDOR_DEFAULT_CONF_FILE]: Do not fallback to vendor pam_env.conf file
if the config file is specified via module arguments.
Link: https://github.com/linux-pam/linux-pam/issues/738
Fixes: v1.5.3~69 ("pam_env: Use vendor specific pam_env.conf and environment as fallback")
|
| |
|
|
|
|
|
|
|
| |
The VENDORDIR define has to be checked after config.h
inclusion, otherwise the ifdef test always yields false.
Fixes: 6135c45347b6 ("pam_env: Use vendor specific pam_env.conf and environment as fallback")
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
| |
These are leftovers from fgets usages.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
| |
Otherwise it is not possible to add \ into an environment variable.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
| |
Comply with doc/man and enforce that pam_env.conf.5 does exist.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
|
|
| |
Building outside of source directory fails if --disable-doc is not
explicitly chosen.
This happens because generated files are sometimes expected in the
source directory, where they won't exist.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
| |
When pam_env is compiled without libeconf support enabled,
this removes fgets limitations and allows arbitrarily long lines.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
| |
If no special characters exist, simply skip _expand_arg to avoid
memory allocations and string copying.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
| |
This covers the _assemble_line functionality, which slightly differs
from _pam_assemble_line in libpam, i.e. does not replace the backslash
with a blank.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
| |
Variable expansion can exceed the maximum line length allowed in an
environment configuration file. Since PAM environment variables already
support arbitrary lengths, allow them in pam_env as well.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
| |
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
| |
The strndup call is easier to review than malloc + strncpy.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
| |
This will simplify further changes.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
| |
The zu formatter is available, as can be seen one line above. Do not
cast unnecessarily to unsigned long. Cosmetic change on pretty much
all supported systems.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
| |
The tmpptr variable is only used for resolved variables. If the
creation of expanded string overflows at other places, log the actually
overflowing character instead of a "random" string in tmpptr.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
| |
It is not required to have a copy of the string in stack. This removes
the need of another strncpy call which also makes future cleanups
easier.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
|
| |
If DEFAULT or OVERRIDE is supplied multiple times in a line then memory
leaks can occur.
Adjusted test case (compile with address sanitizer to see failure).
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
| |
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
| |
There was a debug message still using %d (int) instead of the
contextually correct %zu (size_t AKA long unsigned int), potentially
causing silent truncation of the printed value.
Signed-off-by: Benny Baumann <BenBE@geshi.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
As the string to output here is user-controlled this could lead
to format string attacks. Possible impact is at least information
leakage about the program stack.
To avoid this, make the format string fixed and insert the actual
string for output as an argument.
Signed-off-by: Benny Baumann <BenBE@geshi.org>
|
| |
|
|
|
|
| |
The D macro itself already adds the function names.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An array of strings is allocated (into a pointer) so the single array
element to be allocated is char*.
Since sizeof(char**) should be always equal to sizeof(char*) this caused
no issues so far.
Reported by Clang analyzer:
pam_env.c:391:14: warning: Result of 'malloc' is converted to a pointer of type 'char *', which is incompatible with sizeof operand type 'char **' [unix.MallocSizeof]
391 | *lines = malloc((i + 1)* sizeof(char**));
| ^~~~~~ ~~~~~~~~~~~~~~
pam_env.c:401:13: warning: Result of 'realloc' is converted to a pointer of type 'char *', which is incompatible with sizeof operand type 'char **' [unix.MallocSizeof]
401 | tmp = realloc(*lines, (++i + 1) * sizeof(char**));
| ^~~~~~~ ~~~~~~~~~~~~~~
|
| |
|
|
|
|
|
|
| |
Character handling functions, like isspace(3), expect a value
representable as unsigned char or equal to EOF. Otherwise the behavior
is undefined.
See https://wiki.sei.cmu.edu/confluence/display/c/STR37-C.+Arguments+to+character-handling+functions+must+be+representable+as+an+unsigned+char
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use empty initialization of structs to minimize the memset() usage, to
reduce the amount of calls which are not sensitive.
Non trivial changes:
- pam_env:
* erase environment variables where possible
- pam_exec:
* erase responce on error
* erase auth token
- pam_pwhistory:
* erase buffers containing old passwords
- pam_selinux: skip overwriting data structure consisting of only
pointers to insensitive data, which also gets free'd afterwards (so
it currently does not protect against double-free or use-after-free on
the member pointers)
- pam_unix: erase cipher data in more places
- pam_userdb: erase password hashes
|
| |
|
|
|
|
| |
Free the environment variables list via the designated helper
free_string_array() rather than free its elements in a loop, which might
skip some.
|
| |
|
|
|
| |
On failure the content of the string pointer passed to asprintf(3) is
undefined. Set to NULL before free'ing the parent array.
|
| |
|
|
|
|
|
|
|
| |
Otherwise the corresponding files are still installed in /etc/security.
* configure.ac (AC_SUBST): Add VENDOR_SCONFIGDIR.
(AM_CONDITIONAL): Add HAVE_VENDORDIR.
* modules/*/Makefile.am (secureconfdir): Set to VENDOR_SCONFIGDIR
if HAVE_VENDORDIR has been set, otherwise to SCONFIGDIR.
|
| |
|
|
|
|
|
| |
* modules/pam_env/tst-pam_env-retval.c: Include <errno.h> and <libgen.h>.
[VENDORDIR] (dir, dir_usr, dir_usr_etc): Remove.
[VENDORDIR] (mkdir_p, rmdir_p): New functions.
(setup, cleanup) [VENDORDIR]: Use them.
|
| |
|
|
|
|
|
|
| |
* modules/pam_env/tst-pam_env-retval.c: Replace /usr/etc/security with
VENDOR_SCONFIGDIR, /usr/etc with VENDORDIR. Do not define and use
VENDORDIR based variables unless VENDORDIR is defined.
Fixes: 6135c45347b6 ("pam_env: Use vendor specific pam_env.conf and environment as fallback")
|
| |
|
|
|
|
| |
* modules/pam_env/pam_env.conf.5.xml: Replace /usr/etc with %vendordir%.
Fixes: 6135c45347b6 ("pam_env: Use vendor specific pam_env.conf and environment as fallback")
|
| |
|
|
|
|
|
| |
* modules/pam_env/pam_env.c (VENDOR_DEFAULT_ETC_ENVFILE): Assume that
VENDORDIR already includes "/etc".
Fixes: 6135c45347b6 ("pam_env: Use vendor specific pam_env.conf and environment as fallback")
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changed files
--------------
Make.xml.rules.in:
- Using RNG file instead of DTD file for checking XML files.
- Taking the correct stylesheet for README files.
doc/sag/Makefile.am, doc/adg/Makefile.am, doc/mwg/Makefile.am:
- Using RNG file instead of DTD file for checking XML files.
configure.ac:
- Adding a new option for selecting RNG check file (-enable-docbook-rng)
- Switching stylesheets to docbook 5
- Checking DocBook 5 environment instead of DocBook 4 environment
*.xml:
Update from DockBook 4 to DocBook 5
|
