aboutsummaryrefslogtreecommitdiff
path: root/modules/pam_mkhomedir/mkhomedir_helper.c
Commit message (Collapse)AuthorAgeFilesLines
* HALF WORK: MAX_PATHdevYuqian Yang2025-03-011-39/+8
|
* pam_mkhomedir: avoid string copyingTobias Stoeckmann2023-12-191-6/+2
| | | | | | | The characters in skeldir are only assigned, not modified later on. Use a const char pointer instead which is easier to verify. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_mkhomedir: do not follow symbolic linksTobias Stoeckmann2023-11-291-36/+113
| | | | | | | | Make sure that we do not follow any symbolic links within the home directory of a user. If such a link exists, it must have been created by someone else. Never follow them and just fail. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_mkhomedir: enforce absolute home directoriesTobias Stoeckmann2023-11-291-0/+5
| | | | | | Encountering a relative home directory can only mean troubles. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_mkhomedir: improve error path handlingTobias Stoeckmann2023-11-291-204/+178
| | | | | | | | Extract logic reponsible for copying single directory entries into its own function for easier error handling, i.e. using goto for clean up of variables used in "for loop". Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_mkhomedir: treat existing files as successTobias Stoeckmann2023-11-291-8/+13
| | | | | | | | The mkhomedir_helper treats an already existing home directory as success. Keep this logic within create_homedir to reduce the negative impact of concurrently running instances. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_mkhomedir: return error if link creation failsTobias Stoeckmann2023-11-291-12/+23
| | | | | | | Treat symlink creation failures the same way as failures when creating files and directories. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_mkhomedir: set home directory mode only onceTobias Stoeckmann2023-11-291-14/+7
| | | | | | | | | If HOME_MODE of login.conf is more restrictive than the default directory mode with umask, a short time window exists in which the home directory has a less restrictive mode than requested (between create_homedir and prelude of create_homedir_helper). Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_mkhomedir: always call chown/chmod for dirTobias Stoeckmann2023-11-291-6/+12
| | | | | | | | In some error cases in create_homedir ownership and mode of the newly created directory are not set. Always do so to prevent root-owned directories as error leftovers. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_mkhomedir: simplify handling of newsource/newdestPino Toscano2023-05-121-85/+32
| | | | | | | | | | | | | | | | | To support OSes without PATH_MAX (which is optional in POSIX), there are two code paths for the 'newsource' and 'newdest' variables: one using a PATH_MAX-sized stack buffer, and one using heap allocation. The second is even more complicated than needed, doing manual calculations and allocations. To simplify the code a bit more, easing its maintenance, unify the two using asprintf() to allocate 'newsource' and 'newdest': the extra allocation needed should not be an issue, since this code runs in a separate helper executable. As additional change for this simplification, remove the reset to the two variables to NULL right after their free(), which is not needed since their scopes end.
* modules: make use of secure memory erasureChristian Göttsche2023-02-281-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | Use empty initialization of structs to minimize the memset() usage, to reduce the amount of calls which are not sensitive. Non trivial changes: - pam_env: * erase environment variables where possible - pam_exec: * erase responce on error * erase auth token - pam_pwhistory: * erase buffers containing old passwords - pam_selinux: skip overwriting data structure consisting of only pointers to insensitive data, which also gets free'd afterwards (so it currently does not protect against double-free or use-after-free on the member pointers) - pam_unix: erase cipher data in more places - pam_userdb: erase password hashes
* pam_mkhomedir: use HOME_MODE or UMASK from /etc/login.defsdshein-alt2021-03-051-3/+34
| | | | | | Follow the example of useradd(8) and set the user home directory mode to the value of HOME_MODE or UMASK configuration item from /etc/login.defs when umask option is not specified.
* Fix various typos found using codespell toolDmitry V. Levin2020-11-241-1/+1
| | | | | | | | | | * modules/pam_limits/limits.conf: Replace "overriden" with "overridden". * modules/pam_mkhomedir/mkhomedir_helper.c (create_homedir): Replace "preseves" with "preserves". * modules/pam_setquota/pam_setquota.8.xml: Replace "specifed" with "specified". * modules/pam_setquota/pam_setquota.c (pam_sm_open_session): Replace "fileystem" with "filesystem", "conditons" with "conditions".
* pam_namespace, pam_mkhomedir: fix unlikely descriptor leaks on error pathikerexxe2020-07-011-0/+2
| | | | | | | | | | | [ldv: rewrote commit message] * modules/pam_mkhomedir/mkhomedir_helper.c (create_homedir): Close just opened file descriptor "srcfd" in an unlikely case when it cannot be fstat'ed. * modules/pam_namespace/pam_namespace.c (create_instance): Close just opened file descriptor "fd" in an unlikely case when it cannot be fstat'ed.
* pam_mkhomedir: fix return value when the user is unknownDmitry V. Levin2020-05-091-1/+1
| | | | | | | | | | | | | From the very beginning pam_mkhomedir module used to return PAM_CRED_INSUFFICIENT when getpwnam() or pam_modutil_getpwnam() returned an error. Fix this now by changing the return value to PAM_USER_UNKNOWN. * modules/pam_mkhomedir/mkhomedir_helper.c (main): Return PAM_USER_UNKNOWN instead of PAM_CRED_INSUFFICIENT. * modules/pam_mkhomedir/pam_mkhomedir.c (pam_sm_open_session): Likewise. * modules/pam_mkhomedir/pam_mkhomedir.8.xml (PAM_CRED_INSUFFICIENT): Remove.
* pam_mkhomedir: Allow creating parent of homedir under /Tomas Mraz2017-11-101-7/+9
| | | | | * modules/pam_mkhomedir/mkhomedir_helper.c (make_parent_dirs): Do not skip creating the directory if we are under /.
* pam_mkhomedir: Drop superfluous stat() call.Tomas Mraz2014-08-261-15/+1
| | | | | modules/pam_mkhomedir/mkhomedir_helper.c (create_homedir): Drop superfluous stat() call.
* Fix whitespace issuesDmitry V. Levin2011-10-261-7/+7
| | | | | | Cleanup trailing whitespaces, indentation that uses spaces before tabs, and blank lines at EOF. Make the project free of warnings reported by git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD
* Relevant BUGIDs:Dmitry V. Levin2010-10-211-34/+31
| | | | | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2010-10-21 Dmitry V. Levin <ldv@altlinux.org> * modules/pam_mkhomedir/mkhomedir_helper.c (rec_mkdir): Remove. (create_homedir): Use mkdir() instead of rec_mkdir(). (make_parent_dirs): New function. (main): Use make_parent_dirs() to create parent directories only for the home directory itself.
* Relevant BUGIDs:Thorsten Kukuk2010-10-201-3/+2
| | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-10-20 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_mkhomedir/mkhomedir_helper.c (rec_mkdir): Create parent directories always with mode 0755. (create_homedir): Create main directory with mode 0700 at first.
* Relevant BUGIDs: rhbz#476784Tomas Mraz2009-01-191-0/+422
Purpose of commit: new feature Commit summary: --------------- 2009-01-19 Tomas Mraz <t8m@centrum.cz> * modules/pam_mkhomedir/Makefile.am: Add mkhomedir_helper. * modules/pam_mkhomedir/mkhomedir_helper.8.xml: New file. Manual page for mkhomedir_helper. * modules/pam_mkhomedir/mkhomedir_helper.c: New file. Source for mkhomedir_helper. Most of the code moved from pam_mkhomedir.c. * modules/pam_mkhomedir/pam_mkhomedir.c (_pam_parse): Do not convert umask to integer. (rec_mkdir): Moved to mkhomedir_helper.c. (create_homedir): Just exec the helper. (pam_sm_open_session): Improve logging.
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-08 02:07:18 +0000