aboutsummaryrefslogtreecommitdiff
path: root/modules/pam_limits/pam_limits.c
Commit message (Collapse)AuthorAgeFilesLines
* Remove "--enable-static-modules" option and support fromThorsten Kukuk2016-03-291-17/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Linux-PAM. It was never official supported and was broken since years. * configure.ac: Remove --enable-static-modules option. * doc/man/pam_sm_acct_mgmt.3.xml: Remove PAM_EXTERN. * doc/man/pam_sm_authenticate.3.xml: Likewise. * doc/man/pam_sm_chauthtok.3.xml: Likewise. * doc/man/pam_sm_close_session.3.xml: Likewise. * doc/man/pam_sm_open_session.3.xml: Likewise. * doc/man/pam_sm_setcred.3.xml: Likewise. * libpam/Makefile.am: Remove STATIC_MODULES cases. * libpam/include/security/pam_modules.h: Remove PAM_STATIC parts. * libpam/pam_dynamic.c: Likewise. * libpam/pam_handlers.c: Likewise. * libpam/pam_private.h: Likewise. * libpam/pam_static.c: Remove file. * libpam/pam_static_modules.h: Remove header file. * modules/pam_access/pam_access.c: Remove PAM_EXTERN and PAM_STATIC parts. * modules/pam_cracklib/pam_cracklib.c: Likewise. * modules/pam_debug/pam_debug.c: Likewise. * modules/pam_deny/pam_deny.c: Likewise. * modules/pam_echo/pam_echo.c: Likewise. * modules/pam_env/pam_env.c: Likewise. * modules/pam_exec/pam_exec.c: Likewise. * modules/pam_faildelay/pam_faildelay.c: Likewise. * modules/pam_filter/pam_filter.c: Likewise. * modules/pam_ftp/pam_ftp.c: Likewise. * modules/pam_group/pam_group.c: Likewise. * modules/pam_issue/pam_issue.c: Likewise. * modules/pam_keyinit/pam_keyinit.c: Likewise. * modules/pam_lastlog/pam_lastlog.c: Likewise. * modules/pam_limits/pam_limits.c: Likewise. * modules/pam_listfile/pam_listfile.c: Likewise. * modules/pam_localuser/pam_localuser.c: Likewise. * modules/pam_loginuid/pam_loginuid.c: Likewise. * modules/pam_mail/pam_mail.c: Likewise. * modules/pam_mkhomedir/pam_mkhomedir.c: Likewise. * modules/pam_motd/pam_motd.c: Likewise. * modules/pam_namespace/pam_namespace.c: Likewise. * modules/pam_nologin/pam_nologin.c: Likewise. * modules/pam_permit/pam_permit.c: Likewise. * modules/pam_pwhistory/pam_pwhistory.c: Likewise. * modules/pam_rhosts/pam_rhosts.c: Likewise. * modules/pam_rootok/pam_rootok.c: Likewise. * modules/pam_securetty/pam_securetty.c: Likewise. * modules/pam_selinux/pam_selinux.c: Likewise. * modules/pam_sepermit/pam_sepermit.c: Likewise. * modules/pam_shells/pam_shells.c: Likewise. * modules/pam_stress/pam_stress.c: Likewise. * modules/pam_succeed_if/pam_succeed_if.c: Likewise. * modules/pam_tally/pam_tally.c: Likewise. * modules/pam_tally2/pam_tally2.c: Likewise. * modules/pam_time/pam_time.c: Likewise. * modules/pam_timestamp/pam_timestamp.c: Likewise. * modules/pam_tty_audit/pam_tty_audit.c: Likewise. * modules/pam_umask/pam_umask.c: Likewise. * modules/pam_userdb/pam_userdb.c: Likewise. * modules/pam_warn/pam_warn.c: Likewise. * modules/pam_wheel/pam_wheel.c: Likewise. * modules/pam_xauth/pam_xauth.c: Likewise. * modules/pam_unix/Makefile.am: Remove STATIC_MODULES part. * modules/pam_unix/pam_unix_acct.c: Remove PAM_STATIC part. * modules/pam_unix/pam_unix_auth.c: Likewise. * modules/pam_unix/pam_unix_passwd.c: Likewise. * modules/pam_unix/pam_unix_sess.c: Likewise. * modules/pam_unix/pam_unix_static.c: Removed. * modules/pam_unix/pam_unix_static.h: Removed. * po/POTFILES.in: Remove removed files. * tests/tst-dlopen.c: Remove PAM_STATIC part.
* pam_limits: fix utmp->ut_user handlingDmitry V. Levin2014-01-201-3/+8
| | | | | | | | | ut_user member of struct utmp is a string that is not necessarily null-terminated, so extra care should be taken when using it. * modules/pam_limits/pam_limits.c (check_logins): Convert ut->UT_USER to a null-terminated string and consistently use it where a null-terminated string is expected.
* pam_limits: detect and ignore stale utmp entriesTomas Mraz2014-01-201-0/+7
| | | | | | | | Original idea by Christopher Hailey * modules/pam_limits/pam_limits.c (check_logins): Use kill() to detect if pid of the utmp entry is still running and ignore the entry if it is not.
* Fix whitespace issuesDmitry V. Levin2011-10-261-8/+8
| | | | | | Cleanup trailing whitespaces, indentation that uses spaces before tabs, and blank lines at EOF. Make the project free of warnings reported by git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD
* 2011-06-21 Thorsten Kukuk <kukuk@thkukuk.de>Thorsten Kukuk2011-06-211-5/+157
| | | | | | | | * modules/pam_limits/pam_limits.c: Add set_all option, read limits from PID one if no limit is specified and set_all is set. * modules/pam_limits/pam_limits.8.xml: Document set_all option. Based on Patch by Kees Cook.
* Relevant BUGIDs:Tomas Mraz2010-12-141-25/+173
| | | | | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2010-12-14 Tomas Mraz <tm@t8m.info> * modules/pam_limits/pam_limits.c (parse_uid_range): New function to parse the range of uids or gids. (parse_config_file): Call parse_uid_range() and if uid/gid range is identified, setup the limits if the range matches. New parameters containing user's uid and primary gid. (pam_sm_open_session): Pass the user's uid and primary gid to parse_config_file(). * modules/pam_limits/limits.conf.5.xml: Document the uid/gid ranges.
* Relevant BUGIDs:Tomas Mraz2010-11-181-7/+0
| | | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2010-11-18 Tomas Mraz <tm@t8m.info> * modules/pam_limits/pam_limits.c (pam_parse,pam_sm_open_session): Drop obsolete and broken option change_uid. * modules/pam_limits/pam_limits.8.xml: Likewise.
* Relevant BUGIDs:Thorsten Kukuk2009-02-201-3/+77
| | | | | | | | | | | | | | Purpose of commit: enhancement Commit summary: --------------- 2009-02-20 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_limits/limits.conf.5.xml: Document that the kernel can refuse values out of range for the local system. * modules/pam_limits/pam_limits.c (setup_limits): Log if setrlimit fails.
* Relevant BUGIDs:Tomas Mraz2007-12-071-0/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: new feature and cleanup Commit summary: --------------- 2007-12-07 Tomas Mraz <t8m@centrum.cz> * libpam/libpam.map: Add LIBPAM_MODUTIL_1.1 version. * libpam/pam_audit.c: Add _pam_audit_open() and pam_modutil_audit_write(). (_pam_auditlog): Call _pam_audit_open(). * libpam/include/security/pam_modutil.h: Add pam_modutil_audit_write(). * modules/pam_access/pam_access.8.xml: Add noaudit option. Document auditing. * modules/pam_access/pam_access.c: Move fs, sep, pam_access_debug, and only_new_group_syntax variables to struct login_info. Add noaudit member. (_parse_args): Adjust for the move of variables and add support for noaudit option. (group_match): Add debug parameter. (string_match): Likewise. (network_netmask_match): Likewise. (login_access): Adjust for the move of variables. Add nonall_match. Add call to pam_modutil_audit_write(). (list_match): Adjust for the move of variables. (user_match): Likewise. (from_match): Likewise. (pam_sm_authenticate): Call _parse_args() earlier. * modules/pam_limits/pam_limits.8.xml: Add noaudit option. Document auditing. * modules/pam_limits/pam_limits.c (_pam_parse): Add noaudit option. (setup_limits): Call pam_modutil_audit_write(). * modules/pam_time/pam_time.8.xml: Add debug and noaudit options. Document auditing. * modules/pam_time/pam_time.c: Add option parsing (_pam_parse()). (check_account): Call _pam_parse(). Call pam_modutil_audit_write() and pam_syslog() on login denials.
* Relevant BUGIDs: Debian bug #331278Steve Langasek2007-09-031-23/+15
| | | | | | | | | | | | Purpose of commit: bugfix/cleanup Commit summary: --------------- 2007-09-03 Steve Langasek <vorlon@debian.org> * modules/pam_limits/pam_limits.c: remove a number of unnecessary string manipulations, including a strncpy() that was acting on overlapping memory.
* Relevant BUGIDs: Debian bugs #76119, #165066Steve Langasek2007-08-281-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: portability Commit summary: --------------- 2007-08-27 Steve Langasek <vorlon@debian.org> * modules/pam_limits/pam_limits.c: when building on non-Linux systems, give a warning only, not an error; no one seems to remember why this error was here in the first place, but leave something in that might still grab the attention of non-Linux users. Patch from Michal Suchanek <hramrach_l@centrum.cz>. * configure.in, modules/pam_rhosts/pam_rhosts_auth.c: check for the presence of net/if.h before using, required for Hurd compatibility. Patch from Igor Khavkine <i_khavki@alcor.concordia.ca>. * modules/pam_limits/pam_limits.c: conditionalize the use of RLIMIT_AS, which is not present on the Hurd. Patch from Igor Khavkine <i_khavki@alcor.concordia.ca>. * modules/pam_rhosts/pam_rhosts_auth.c: use getline() instead of a static buffer when available; fixes the build on systems without MAXHOSTNAMELEN (i.e., the Hurd). * modules/pam_xauth/pam_xauth.c: make sure PATH_MAX is defined before using it.
* Relevant BUGIDs:Thorsten Kukuk2007-07-101-0/+1
| | | | | | | | | | | | | | | Purpose of commit: bugfix/new feature Commit summary: --------------- 2007-07-10 Thorsten Kukuk <kukuk@thkukuk.de> * configure.in: Add --with-db-uniquename option to support db libraries and functions with unique name extension. Patch from Diego 'Flameeyes' Pettenò <flameeyes@gmail.com>. * modules/pam_limits/pam_limits.c: Include locale.h.
* Relevant BUGIDs:Thorsten Kukuk2007-06-261-1/+3
| | | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2007-06-26 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_limits/pam_limits.c (process_limit): Check upper and lower limit of nice value, fix off-by-one in conversation to rlim_t. * xtests/Makefile.am: Add new pam_limits test case. * xtests/limits.conf: New, config file for test case. * xtests/pam_limits1.c: New, test case for RLIMIT_NICE. * xtests/pam_limits1.sh: Likewise. * xtests/pam_limits1.pamd: Likewise.
* Relevant BUGIDs:Thorsten Kukuk2007-06-221-4/+14
| | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2007-06-22 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Print better error message if /proc/self/loginuid cannot be opened. * modules/pam_limits/pam_limits.c (process_limit): Check for variable overflow after multiplication [bnc#283001].
* Relevant BUGIDs:Tomas Mraz2007-03-291-16/+58
| | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- * modules/pam_limits/Makefile.am: Define limits.d dir and install it. * modules/pam_limits/pam_limits.8.xml: Describe limits.d parsing. * modules/pam_limits/pam_limits.c (pam_limit_s): Make conf_file ptr. (pam_parse): conf_file is now ptr. (pam_sm_open_session): Add parsing files from limits.d subdir using glob, change pl to pointer.
* Relevant BUGIDs:Thorsten Kukuk2006-08-051-1/+1
| | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2006-08-05 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_limits/pam_limits.c (pam_sm_open_session): Use pam_modutil_getpwnam instead of getpwnam.
* Relevant BUGIDs:Thorsten Kukuk2006-07-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: bugfixes Commit summary: --------------- 2006-07-24 Thorsten Kukuk <kukuk@thkukuk.de> * doc/adg/Makefile.am: Add uninstall and distclean rules. * doc/mwg/Makefile.am: Likewise. * doc/sag/Makefile.am: Likewise. 2006-07-08 Daniel Richard G. <skunk@iskunk.org> * conf/pam_conv1/Makefile.am: Fix rules for lex and yacc files. * conf/pam_conv1/pam_conv.lex: Rename to ... * conf/pam_conv1/pam_conv_l.l: ... this. * conf/pam_conv1/pam_conv.y: Rename to ... * conf/pam_conv1/pam_conv_y.y: ... this. * configure.in: Add AC_HELP_STRING()s to various AC_ARG_ENABLE() calls. * doc/Makefile.am: Fix rule to install index.html. * doc/adg/Makefile.am: Fix test usage. * doc/mwg/Makefile.am: Likewise. * doc/sag/Makefile.am: Likewise. * doc/specs/Makefile.am: Fix rules for lex and yacc files. * specs/parse.lex: Rename to ... * doc/specs/parse_l.l: ... this. * doc/specs/parse.y: Rename to ... * doc/specs/parse_y.y: ... this. * libpam/pam_account.c: Fix #if vs. #ifdef. * libpam/pam_audit.c: Likewise. * libpam/pam_auth.c: Likewise. * libpam/pam_password.c: Likewise. * libpam/pam_private.h: Likewise. * libpam/pam_session.c: Likewise. * libpam/pam_start.c: Likewise. * libpam/pam_static.c: Fix "empty sourcefile" warning. * modules/pam_limits/pam_limits.c: Check for __linux, too. * modules/pam_userdb/Makefile.am: Don't run test if no libdb available. * tests/tst-dlopen.c: Include config.h.
* Relevant BUGIDs:Thorsten Kukuk2006-06-231-11/+0
| | | | | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- Bring implementation in sync with documentation: 2006-06-24 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_limits/pam_limits.c (setup_limits): Don't reset priority for root.
* Relevant BUGIDs:Thorsten Kukuk2006-06-171-1/+1
| | | | | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2006-06-17 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_limits/Makefile.am: Include Make.xml.rules. * modules/pam_limits/limits.conf.5: New, generated from xml file. * modules/pam_limits/limits.conf.5.xml: New. * modules/pam_limits/pam_limits.8: New, generated from xml file. * modules/pam_limits/pam_limits.8.xml: New. * modules/pam_limits/README.xml: New. * modules/pam_limits/README: Regenerated from README.xml.
* Relevant BUGIDs:Tomas Mraz2005-09-211-5/+5
| | | | | | | | Purpose of commit: new feature Commit summary: --------------- Moved functions from pammodutil to libpam.
* Relevant BUGIDs:Thorsten Kukuk2005-09-201-35/+42
| | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- cleanup from ldv (forgot to commit...)
* Relevant BUGIDs: Red Hat bz 168790Tomas Mraz2005-09-201-0/+1
| | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- pam_limits: Fix regression from RLIMIT_NICE support (wrong limit values for other limits are applied) patch by Anton Guda
* Relevant BUGIDs: noneThorsten Kukuk2005-09-051-45/+38
| | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- Use pam_syslog instead of _pam_log
* Relevant BUGIDs: noneThorsten Kukuk2005-08-231-10/+14
| | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- Change major version number back to "0". Add more patches from ALT-Linux/OWL:
* Relevant BUGIDs: noneThorsten Kukuk2005-08-161-14/+14
| | | | | | | | | Purpose of commit: new feature Commit summary: --------------- Big "automake/autoconf/libtool" commit
* Relevant BUGIDs: noneThorsten Kukuk2005-07-201-1/+1
| | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- Rename _pam_aconf.h to config.h.
* Relevant BUGIDs: mail reportThorsten Kukuk2005-07-061-2/+0
| | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- Don't lowercase login names. Using uppercase login names is a bad idea, but people are doing it.
* Relevant BUGIDs:Tomas Mraz2005-07-041-1/+14
| | | | | | | | | Purpose of commit: new feature Commit summary: --------------- Improve the RLIMIT_NICE support so the input values are in the nice range -20..19
* Relevant BUGIDs:Tomas Mraz2005-06-221-0/+8
| | | | | | | | Purpose of commit: new feature Commit summary: --------------- pam_limits: Support new limits in linux 2.6.12
* Relevant BUGIDs: Novell #81690Thorsten Kukuk2005-06-071-1/+4
| | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- If the process priority is not specified in the limits.conf file, pam_limits should not reset the current one to zero.
* Relevant BUGIDs: 945449Tomas Mraz2005-05-161-25/+36
| | | | | | | | Purpose of commit: bugfix Commit summary: --------------- Correct support of unlimited limits, use the right type for rlimit value.
* Relevant BUGIDs: mailThorsten Kukuk2005-02-211-7/+7
| | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- The following reported by mail was fixed: "I've been in trouble using the '%group' feature in the limits.conf file. There are priorities when settings the limits and the order is as enumerated here. The problem is that the initial value is LIMITS_DEF_NONE, so neither LIMITS_DEF_ALL nor LIMITS_DEF_ALLGROUP can ever be set."
* Relevant BUGIDs: Red Hat bz 131190Tomas Mraz2005-01-071-0/+8
| | | | | | | | Purpose of commit: new feature Commit summary: --------------- Support new limits of Linux kernel 2.6
* Relevant BUGIDs:Tomas Mraz2004-11-041-2/+5
| | | | | | | | Purpose of commit: bugfix Commit summary: --------------- Make limiting logins for users in a group actually work
* Relevant BUGIDs:Tomas Mraz2004-11-041-2/+2
| | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- Revert the change in previous pam_limits.c commit it's already compensated by count=1 assignment
* Relevant BUGIDs:Thorsten Kukuk2004-10-061-2/+2
| | | | | | | | | Purpose of commit: Commit summary: --------------- bugfix: Last part of fixes from Red Hat
* Relevant BUGIDs:Thorsten Kukuk2004-09-241-64/+14
| | | | | | | | | | Purpose of commit: Commit summary: --------------- bugfix: 440107: Add various patches from Linux Distibutors to make PAM modules reentrant.
* Relevant BUGIDs:Thorsten Kukuk2004-09-241-7/+3
| | | | | | | | | | | Purpose of commit: Commit summary: --------------- bugfix: Fix lot of compiler warnings new feature: add broken_shadow option to pam_unix (patch from Linux distributions)
* Relevant BUGIDs:Thorsten Kukuk2004-09-221-23/+25
| | | | | | | | | Purpose of commit: Commit summary: --------------- bugfix: Add rest of Steve Grubb's resource leak and other fixes
* Relevant BUGIDs: 533664Jan Rekorajski2002-05-091-4/+27
| | | | | | | | | Purpose of commit: new feature Commit summary: --------------- added '%' domain for maxlogins limiting, now '*' and @group have the old meaning (every) and '%' the new one (all)
* Relevant BUGIDs: 533668Jan Rekorajski2002-05-071-5/+11
| | | | | | | | Purpose of commit: cleanup Commit summary: --------------- put not so interesting log messages under debug arg
* Relevant BUGIDs: 533664Jan Rekorajski2002-05-071-1/+2
| | | | | | | | Purpose of commit: bugfix Commit summary: --------------- keep well know behaviour of maxlogins default ('*') limit
* Relevant BUGIDs: 530428Jan Rekorajski2002-03-151-1/+3
| | | | | | | | Purpose of commit: bugfix Commit summary: --------------- pam_limits didn't the priority value specified in config.
* Relevant BUGIDs: 493294Andrew G. Morgan2002-01-191-27/+52
| | | | | | | | | | | | Purpose of commit: bugfix and document Commit summary: --------------- The login limit counting seemed to have its math incorrect. The default has been changed to the sane one, and a new module argument has been added "utmp_early" that returns the module to its old behavior. Thanks to Berend De Schouwe for getting to the bottom of this issue.
* Relevant BUGIDs: 476990Andrew G. Morgan2001-11-111-29/+42
| | | | | | | | Purpose of commit: new feature Commit summary: --------------- support -ve process priorities (and include superuser in this feature)
* Relevant BUGIDs: 436061Andrew G. Morgan2001-06-271-70/+93
| | | | | | | | | Purpose of commit: new feature Commit summary: --------------- Harald Welte poured over the Red Hat version and submitted the outstanding diff.
* Relevant BUGIDs: 424060Andrew G. Morgan2001-06-241-39/+26
| | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- latest attempt to deal with the number of rlimits supported by Linux. (Last attempt was the fix for Bug 219554 (ne 119554).
* Relevant BUGIDs: 404953Andrew G. Morgan2001-03-291-1/+8
| | | | | | | | Purpose of commit: bugfix Commit summary: --------------- The syntax "<domain> -" was not recognized.
* Relevant BUGIDs: 124062Jan Rekorajski2000-12-011-2/+6
| | | | | | | | | Purpose of commit: new feature Commit summary: --------------- add change_uid option to pam_limits, and set real uid only if this option is present
* Relevant BUGIDs: 123972Jan Rekorajski2000-11-301-0/+1
| | | | | | | | Purpose of commit: bugfix Commit summary: --------------- set real uid to the user for who we set limits
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-11 00:57:43 +0000