| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
| |
Use strtoll to support up to 64 bit on 32 bit systems, although only up
to 32 unsigned bits are used. The strtoul function exists but converts
negative numbers to positive ones without any form of warning.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the following warning reported by gcc on 32bit platforms:
pam_faildelay.c: In function 'pam_sm_authenticate':
pam_faildelay.c:104:34: error: comparison of integer expressions of different signedness: 'long int' and 'unsigned int' [-Werror=sign-compare]
104 | if (delay < 0 || delay > UINT_MAX)
| ^
pam_faildelay.c:123:32: error: comparison of integer expressions of different signedness: 'long int' and 'unsigned int' [-Werror=sign-compare]
123 | if (delay < 0 || delay > UINT_MAX / S_TO_MICROS)
| ^
* modules/pam_faildelay/pam_faildelay.c (pam_sm_authenticate): Cast
"delay" to "unsigned long" in comparisons with unsigned int.
Fixes: dd87776d3683 ("pam_faildelay: validate parameter ranges")
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The function sscanf does not verify that a value parsed with %ld is
actually within the valid range of a long, allowing silent truncation.
When parsing FAIL_DELAY from login.defs, a mask of 0777 is applied
before performing range checks for strtol return value. Since this
mask does not make sense here, it is removed.
With these changes, values smaller than 0 or larger than UINT_MAX,
which is the actual limit for pam_fail_delay, are discarded and
logged.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
| |
Starting with commit a684595c0bbd88df71285f43fb27630e3829121e aka
Linux-PAM-1.3.0~14 (Remove "--enable-static-modules" option and support
from Linux-PAM), PAM_SM_* macros have no effect.
|
| |
|
|
|
|
|
|
|
|
|
| |
* libpam/pam_modutil_searchkey.c: New source file with pam_modutil_search_key().
* libpam/Makefile.am: Add the pam_modutil_searchkey.c.
* libpam/include/security/pam_modutil.h: Add the pam_modutil_search_key() prototype.
* libpam/libpam.map: Add the pam_modutil_search_key() into a new version.
* modules/pam_faildelay/pam_faildelay.c: Drop search_key() and use
pam_modutil_search_key().
* modules/pam_umask/pam_umask.c: Likewise.
* modules/pam_unix/support.c: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Linux-PAM. It was never official supported and was broken since years.
* configure.ac: Remove --enable-static-modules option.
* doc/man/pam_sm_acct_mgmt.3.xml: Remove PAM_EXTERN.
* doc/man/pam_sm_authenticate.3.xml: Likewise.
* doc/man/pam_sm_chauthtok.3.xml: Likewise.
* doc/man/pam_sm_close_session.3.xml: Likewise.
* doc/man/pam_sm_open_session.3.xml: Likewise.
* doc/man/pam_sm_setcred.3.xml: Likewise.
* libpam/Makefile.am: Remove STATIC_MODULES cases.
* libpam/include/security/pam_modules.h: Remove PAM_STATIC parts.
* libpam/pam_dynamic.c: Likewise.
* libpam/pam_handlers.c: Likewise.
* libpam/pam_private.h: Likewise.
* libpam/pam_static.c: Remove file.
* libpam/pam_static_modules.h: Remove header file.
* modules/pam_access/pam_access.c: Remove PAM_EXTERN and PAM_STATIC parts.
* modules/pam_cracklib/pam_cracklib.c: Likewise.
* modules/pam_debug/pam_debug.c: Likewise.
* modules/pam_deny/pam_deny.c: Likewise.
* modules/pam_echo/pam_echo.c: Likewise.
* modules/pam_env/pam_env.c: Likewise.
* modules/pam_exec/pam_exec.c: Likewise.
* modules/pam_faildelay/pam_faildelay.c: Likewise.
* modules/pam_filter/pam_filter.c: Likewise.
* modules/pam_ftp/pam_ftp.c: Likewise.
* modules/pam_group/pam_group.c: Likewise.
* modules/pam_issue/pam_issue.c: Likewise.
* modules/pam_keyinit/pam_keyinit.c: Likewise.
* modules/pam_lastlog/pam_lastlog.c: Likewise.
* modules/pam_limits/pam_limits.c: Likewise.
* modules/pam_listfile/pam_listfile.c: Likewise.
* modules/pam_localuser/pam_localuser.c: Likewise.
* modules/pam_loginuid/pam_loginuid.c: Likewise.
* modules/pam_mail/pam_mail.c: Likewise.
* modules/pam_mkhomedir/pam_mkhomedir.c: Likewise.
* modules/pam_motd/pam_motd.c: Likewise.
* modules/pam_namespace/pam_namespace.c: Likewise.
* modules/pam_nologin/pam_nologin.c: Likewise.
* modules/pam_permit/pam_permit.c: Likewise.
* modules/pam_pwhistory/pam_pwhistory.c: Likewise.
* modules/pam_rhosts/pam_rhosts.c: Likewise.
* modules/pam_rootok/pam_rootok.c: Likewise.
* modules/pam_securetty/pam_securetty.c: Likewise.
* modules/pam_selinux/pam_selinux.c: Likewise.
* modules/pam_sepermit/pam_sepermit.c: Likewise.
* modules/pam_shells/pam_shells.c: Likewise.
* modules/pam_stress/pam_stress.c: Likewise.
* modules/pam_succeed_if/pam_succeed_if.c: Likewise.
* modules/pam_tally/pam_tally.c: Likewise.
* modules/pam_tally2/pam_tally2.c: Likewise.
* modules/pam_time/pam_time.c: Likewise.
* modules/pam_timestamp/pam_timestamp.c: Likewise.
* modules/pam_tty_audit/pam_tty_audit.c: Likewise.
* modules/pam_umask/pam_umask.c: Likewise.
* modules/pam_userdb/pam_userdb.c: Likewise.
* modules/pam_warn/pam_warn.c: Likewise.
* modules/pam_wheel/pam_wheel.c: Likewise.
* modules/pam_xauth/pam_xauth.c: Likewise.
* modules/pam_unix/Makefile.am: Remove STATIC_MODULES part.
* modules/pam_unix/pam_unix_acct.c: Remove PAM_STATIC part.
* modules/pam_unix/pam_unix_auth.c: Likewise.
* modules/pam_unix/pam_unix_passwd.c: Likewise.
* modules/pam_unix/pam_unix_sess.c: Likewise.
* modules/pam_unix/pam_unix_static.c: Removed.
* modules/pam_unix/pam_unix_static.h: Removed.
* po/POTFILES.in: Remove removed files.
* tests/tst-dlopen.c: Remove PAM_STATIC part.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2007-11-06 Thorsten Kukuk <kukuk@thkukuk.de>
* libpam/pam_static_modules.h: Fix name of pam_namespace variable.
2007-10-30 Peter Breitenlohner <peb@mppmu.mpg.de>
* tests/tst-dlopen.c: Return 77 in case of static modules, such that
all modules/pam_*/tst-pam_* tests yield SKIP instead of FAIL.
* libpam/Makefile.am (libpam_la_LIBADD): Use "$(shell ls ...)" instead
of "`ls ...`", to allow for static modules.
* libpam/pam_static_modules.h: Make pam_keyinit module depend on
HAVE_KEY_MANAGEMENT; correct name of pam_faildelay pam_module struct.
* modules/pam_faildelay/pam_faildelay.c: Correct name of pam_module
struct.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2006-12-06 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_faildelay/pam_faildelay.c: If no argument is
given, try to read FAIL_DELAY from /etc/login.defs.
* modules/pam_faildelay/pam_faildelay.8.xml: Document usage
of /etc/login.defs.
|
|
|
Purpose of commit: new feature
Commit summary:
---------------
2006-11-08 Thorsten Kukuk <kukuk@thkukuk.de>
* configure.in: Add modules/pam_faildelay/Makefile.
* doc/sag/Linux-PAM_SAG.xml: Include pam_faildelay.xml.
* doc/sag/pam_faildelay.xml: New.
* libpam/pam_static_modules.h: Include static pam_faildelay data.
* modules/Makefile.am: Add pam_faildelay directory.
* modules/pam_faildelay/Makefile.am: New.
* modules/pam_faildelay/README: New, generated from XML file.
* modules/pam_faildelay/README.xml: New.
* modules/pam_faildelay/pam_faildelay.8: New, generated from xml.
* modules/pam_faildelay/pam_faildelay.8.xml: New.
* modules/pam_faildelay/pam_faildelay.c: New.
* modules/pam_faildelay/tst-pam_faildelay: New.
|
