| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
| |
There is no point in supporting two different build systems.
|
| |
|
|
|
|
|
|
|
|
| |
On my non-representative hardware, the full build using autotools
(./autogen.sh && CFLAGS=-O2 ./configure && make -j`nproc` && make -j`nproc` install)
takes about 45 seconds.
On the same hardware, the full build using meson
(meson setup -Doptimization=2 dir && meson compile -C dir && meson install -C dir)
takes just about 7.5 seconds.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unhardcode ".libs" subdirectory where libtool stores shared objects,
as other build systems doesn't necessarily use it.
* configure.ac (AC_DEFINE_UNQUOTED): Add LTDIR.
* modules/pam_canonicalize_user/tst-pam_canonicalize_user-retval.c:
Replace ".libs/" with LTDIR.
* modules/pam_debug/tst-pam_debug-retval.c: Likewise.
* modules/pam_deny/tst-pam_deny-retval.c: Likewise.
* modules/pam_echo/tst-pam_echo-retval.c: Likewise.
* modules/pam_env/tst-pam_env-retval.c: Likewise.
* modules/pam_faildelay/tst-pam_faildelay-retval.c: Likewise.
* modules/pam_faillock/tst-pam_faillock-retval.c: Likewise.
* modules/pam_listfile/tst-pam_listfile-retval.c: Likewise.
* modules/pam_localuser/tst-pam_localuser-retval.c: Likewise.
* modules/pam_mkhomedir/tst-pam_mkhomedir-retval.c: Likewise.
* modules/pam_nologin/tst-pam_nologin-retval.c: Likewise.
* modules/pam_permit/tst-pam_permit-retval.c: Likewise.
* modules/pam_pwhistory/tst-pam_pwhistory-retval.c: Likewise.
* modules/pam_rootok/tst-pam_rootok-retval.c: Likewise.
* modules/pam_sepermit/tst-pam_sepermit-retval.c: Likewise.
* modules/pam_succeed_if/tst-pam_succeed_if-retval.c: Likewise.
* modules/pam_time/tst-pam_time-retval.c: Likewise.
* modules/pam_warn/tst-pam_warn-retval.c: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Do not include <libintl.h> and other i18n stuff via config.h which is
included into every compilation unit, include "pam_i18n.h" explicitly
where necessary.
* configure.ac (AH_BOTTOM): Remove.
* libpam/pam_get_authtok.c: Include "pam_i18n.h".
* libpam/pam_item.c: Likewise.
* libpam/pam_strerror.c: Likewise.
* libpam_misc/misc_conv.c: Likewise.
* modules/pam_exec/pam_exec.c: Likewise.
* modules/pam_faillock/main.c: Likewise.
* modules/pam_faillock/pam_faillock.c: Likewise.
* modules/pam_lastlog/pam_lastlog.c: Likewise.
* modules/pam_limits/pam_limits.c: Likewise.
* modules/pam_mail/pam_mail.c: Likewise.
* modules/pam_mkhomedir/pam_mkhomedir.c: Likewise.
* modules/pam_pwhistory/pam_pwhistory.c: Likewise.
* modules/pam_selinux/pam_selinux.c: Likewise.
* modules/pam_selinux/pam_selinux_check.c: Likewise.
* modules/pam_timestamp/pam_timestamp.c: Likewise.
* modules/pam_unix/pam_unix_acct.c: Likewise.
* modules/pam_unix/pam_unix_passwd.c: Likewise.
* modules/pam_userdb/pam_userdb.c: Likewise.
|
| |
|
|
|
|
|
|
|
|
| |
Move function bodies from headers into dedicated object files stored in
libpam_internal. This library won't be installed.
Keep the debug function body in header, even though disabled when
building Linux-PAM, to stay API compatible with previous versions.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
|
| |
The pam client library libpamc is only needed if libpam_misc is in use.
But libpam_misc is only used by an SELinux helper binary.
Remove the libpamc includes from the search path in all other cases.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
|
|
| |
Building outside of source directory fails if --disable-doc is not
explicitly chosen.
This happens because generated files are sometimes expected in the
source directory, where they won't exist.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
| |
The characters in skeldir are only assigned, not modified later on.
Use a const char pointer instead which is easier to verify.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
| |
Make sure that we do not follow any symbolic links within the home
directory of a user. If such a link exists, it must have been
created by someone else. Never follow them and just fail.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
| |
Encountering a relative home directory can only mean troubles.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
| |
Extract logic reponsible for copying single directory entries into its
own function for easier error handling, i.e. using goto for clean up
of variables used in "for loop".
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
| |
The mkhomedir_helper treats an already existing home directory as
success. Keep this logic within create_homedir to reduce the
negative impact of concurrently running instances.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
| |
Treat symlink creation failures the same way as failures when
creating files and directories.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
|
| |
If HOME_MODE of login.conf is more restrictive than the default
directory mode with umask, a short time window exists in which the home
directory has a less restrictive mode than requested (between
create_homedir and prelude of create_homedir_helper).
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
| |
In some error cases in create_homedir ownership and mode of the newly
created directory are not set. Always do so to prevent root-owned
directories as error leftovers.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
| |
While the underlying type for setting the user was correct, the
additional output neglected to include the type cast necessary when
actually printing the data. This is rectified here.
Signed-off-by: Benny Baumann <BenBE@geshi.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To support OSes without PATH_MAX (which is optional in POSIX), there are
two code paths for the 'newsource' and 'newdest' variables: one using
a PATH_MAX-sized stack buffer, and one using heap allocation. The second
is even more complicated than needed, doing manual calculations and
allocations.
To simplify the code a bit more, easing its maintenance, unify the two
using asprintf() to allocate 'newsource' and 'newdest': the extra
allocation needed should not be an issue, since this code runs in a
separate helper executable.
As additional change for this simplification, remove the reset to the
two variables to NULL right after their free(), which is not needed
since their scopes end.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use empty initialization of structs to minimize the memset() usage, to
reduce the amount of calls which are not sensitive.
Non trivial changes:
- pam_env:
* erase environment variables where possible
- pam_exec:
* erase responce on error
* erase auth token
- pam_pwhistory:
* erase buffers containing old passwords
- pam_selinux: skip overwriting data structure consisting of only
pointers to insensitive data, which also gets free'd afterwards (so
it currently does not protect against double-free or use-after-free on
the member pointers)
- pam_unix: erase cipher data in more places
- pam_userdb: erase password hashes
|
| |
|
|
|
|
|
|
|
| |
Otherwise the corresponding files are still installed in /etc/security.
* configure.ac (AC_SUBST): Add VENDOR_SCONFIGDIR.
(AM_CONDITIONAL): Add HAVE_VENDORDIR.
* modules/*/Makefile.am (secureconfdir): Set to VENDOR_SCONFIGDIR
if HAVE_VENDORDIR has been set, otherwise to SCONFIGDIR.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changed files
--------------
Make.xml.rules.in:
- Using RNG file instead of DTD file for checking XML files.
- Taking the correct stylesheet for README files.
doc/sag/Makefile.am, doc/adg/Makefile.am, doc/mwg/Makefile.am:
- Using RNG file instead of DTD file for checking XML files.
configure.ac:
- Adding a new option for selecting RNG check file (-enable-docbook-rng)
- Switching stylesheets to docbook 5
- Checking DocBook 5 environment instead of DocBook 4 environment
*.xml:
Update from DockBook 4 to DocBook 5
|
| |
|
|
|
|
| |
* modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Make sure
the SIGCHLD handler is not reset too early by moving the sigaction
call right before the fork call.
|
| |
|
|
|
|
| |
Follow the example of useradd(8) and set the user home directory mode
to the value of HOME_MODE or UMASK configuration item from
/etc/login.defs when umask option is not specified.
|
| |
|
|
| |
* modules/pam_mkhomedir/pam_mkhomedir.8.xml (umask): Fix wording.
|
| |
|
|
|
|
|
|
|
|
| |
* modules/pam_limits/limits.conf: Replace "overriden" with "overridden".
* modules/pam_mkhomedir/mkhomedir_helper.c (create_homedir): Replace
"preseves" with "preserves".
* modules/pam_setquota/pam_setquota.8.xml: Replace "specifed" with
"specified".
* modules/pam_setquota/pam_setquota.c (pam_sm_open_session): Replace
"fileystem" with "filesystem", "conditons" with "conditions".
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This makes all installed executables built with @EXE_CFLAGS@ and
@EXE_LDFLAGS@.
* modules/pam_mkhomedir/Makefile.am (mkhomedir_helper_CFLAGS,
mkhomedir_helper_LDFLAGS): New variables.
* modules/pam_tally/Makefile.am (pam_tally_CFLAGS, pam_tally_LDFLAGS):
Likewise.
* modules/pam_tally2/Makefile.am (pam_tally2_CFLAGS,
pam_tally2_LDFLAGS): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
| |
[ldv: rewrote commit message]
* modules/pam_mkhomedir/mkhomedir_helper.c (create_homedir): Close just
opened file descriptor "srcfd" in an unlikely case when it cannot be
fstat'ed.
* modules/pam_namespace/pam_namespace.c (create_instance): Close just
opened file descriptor "fd" in an unlikely case when it cannot be
fstat'ed.
|
| |
|
|
|
|
| |
* modules/pam_mkhomedir/tst-pam_mkhomedir-retval.c: New file.
* modules/pam_mkhomedir/Makefile.am (TESTS): Add $(check_PROGRAMS).
(check_PROGRAMS, tst_pam_mkhomedir_retval_LDADD): New variables.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
From the very beginning pam_mkhomedir module used to return
PAM_CRED_INSUFFICIENT when getpwnam() or pam_modutil_getpwnam()
returned an error. Fix this now by changing the return value
to PAM_USER_UNKNOWN.
* modules/pam_mkhomedir/mkhomedir_helper.c (main): Return
PAM_USER_UNKNOWN instead of PAM_CRED_INSUFFICIENT.
* modules/pam_mkhomedir/pam_mkhomedir.c (pam_sm_open_session): Likewise.
* modules/pam_mkhomedir/pam_mkhomedir.8.xml (PAM_CRED_INSUFFICIENT):
Remove.
|
| |
|
|
|
|
| |
Starting with commit a684595c0bbd88df71285f43fb27630e3829121e aka
Linux-PAM-1.3.0~14 (Remove "--enable-static-modules" option and support
from Linux-PAM), PAM_SM_* macros have no effect.
|
| |
|
|
|
|
|
|
| |
... and remove $(TESTS) from EXTRA_DIST.
The change is performed automatically using the following script:
sed -i -e 's/^TESTS = \(tst.*\)/dist_check_SCRIPTS = \1\nTESTS = $(dist_check_SCRIPTS)/' \
-e '/^EXTRA_DIST/ s/ \$(TESTS)//' modules/*/Makefile.am
|
| |
|
|
|
|
|
| |
... and remove $(MANS) from EXTRA_DIST.
The change is performed automatically using the following script:
sed -i 's/^man_MANS/dist_&/; /^EXTRA_DIST/ s/ \$(MANS)//' modules/*/Makefile.am
|
| |
|
|
|
|
|
| |
... and remove $(DATA) from EXTRA_DIST.
The change is performed automatically using the following script:
sed -i 's/^[a-z]*_DATA/dist_&/; /^EXTRA_DIST/ s/ \$(DATA)//' modules/*/Makefile.am
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Since the GNU Automake distributes README files by default, the only
reason why README had to be listed in EXTRA_DIST was to make these
README files generated.
Since README is also listed in noinst_DATA, we can safely replace
README in EXTRA_DIST with $(DATA), this also opens the way for
further EXTRA_DIST cleanup.
* modules/*/Makefile.am (EXTRA_DIST): Replace README with $(DATA).
|
| |
|
|
|
| |
This is essentially a no-op change that makes modules/*/Makefile.am
files less divergent.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make.xml.rules
As the rule is now the same in every modules/*/Makefile.am file,
move it to Make.xml.rules.
* Make.xml.rules (README): New prerequisites rule.
* modules/pam_access/Makefile.am (README): Remove rule.
* modules/pam_cracklib/Makefile.am (README): Likewise.
* modules/pam_debug/Makefile.am (README): Likewise.
* modules/pam_deny/Makefile.am (README): Likewise.
* modules/pam_echo/Makefile.am (README): Likewise.
* modules/pam_env/Makefile.am (README): Likewise.
* modules/pam_exec/Makefile.am (README): Likewise.
* modules/pam_faildelay/Makefile.am (README): Likewise.
* modules/pam_filter/Makefile.am (README): Likewise.
* modules/pam_ftp/Makefile.am (README): Likewise.
* modules/pam_group/Makefile.am (README): Likewise.
* modules/pam_issue/Makefile.am (README): Likewise.
* modules/pam_keyinit/Makefile.am (README): Likewise.
* modules/pam_lastlog/Makefile.am (README): Likewise.
* modules/pam_limits/Makefile.am (README): Likewise.
* modules/pam_listfile/Makefile.am (README): Likewise.
* modules/pam_localuser/Makefile.am (README): Likewise.
* modules/pam_loginuid/Makefile.am (README): Likewise.
* modules/pam_mail/Makefile.am (README): Likewise.
* modules/pam_mkhomedir/Makefile.am (README): Likewise.
* modules/pam_motd/Makefile.am (README): Likewise.
* modules/pam_namespace/Makefile.am (README): Likewise.
* modules/pam_nologin/Makefile.am (README): Likewise.
* modules/pam_permit/Makefile.am (README): Likewise.
* modules/pam_pwhistory/Makefile.am (README): Likewise.
* modules/pam_rhosts/Makefile.am (README): Likewise.
* modules/pam_rootok/Makefile.am (README): Likewise.
* modules/pam_securetty/Makefile.am (README): Likewise.
* modules/pam_selinux/Makefile.am (README): Likewise.
* modules/pam_sepermit/Makefile.am (README): Likewise.
* modules/pam_setquota/Makefile.am (README): Likewise.
* modules/pam_shells/Makefile.am (README): Likewise.
* modules/pam_succeed_if/Makefile.am (README): Likewise.
* modules/pam_tally/Makefile.am (README): Likewise.
* modules/pam_tally2/Makefile.am (README): Likewise.
* modules/pam_time/Makefile.am (README): Likewise.
* modules/pam_timestamp/Makefile.am (README): Likewise.
* modules/pam_tty_audit/Makefile.am (README): Likewise.
* modules/pam_umask/Makefile.am (README): Likewise.
* modules/pam_unix/Makefile.am (README): Likewise.
* modules/pam_userdb/Makefile.am (README): Likewise.
* modules/pam_usertype/Makefile.am (README): Likewise.
* modules/pam_warn/Makefile.am (README): Likewise.
* modules/pam_wheel/Makefile.am (README): Likewise.
* modules/pam_xauth/Makefile.am (README): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is no need to list prerequisites of README targets manually as
all README targets depend on $(XMLS).
The change is performed automatically using the following script:
sed -i 's/^README: pam_.*/README: $(XMLS)/' modules/*/Makefile.am
* modules/pam_access/Makefile.am (README): Replace pam_access.8.xml
and access.conf.5.xml with $(XMLS).
* modules/pam_cracklib/Makefile.am (README): Replace pam_cracklib.8.xml
with $(XMLS).
* modules/pam_debug/Makefile.am (README): Replace pam_debug.8.xml
with $(XMLS).
* modules/pam_deny/Makefile.am (README): Replace pam_deny.8.xml
with $(XMLS).
* modules/pam_echo/Makefile.am (README): Replace pam_echo.8.xml
with $(XMLS).
* modules/pam_env/Makefile.am (README): Replace pam_env.8.xml and
pam_env.conf.5.xml with $(XMLS).
* modules/pam_exec/Makefile.am (README): Replace pam_exec.8.xml
with $(XMLS).
* modules/pam_faildelay/Makefile.am (README): Replace
pam_faildelay.8.xml with $(XMLS).
* modules/pam_filter/Makefile.am (README): Replace pam_filter.8.xml
with $(XMLS).
* modules/pam_ftp/Makefile.am (README): Replace pam_ftp.8.xml with
$(XMLS).
* modules/pam_group/Makefile.am (README): Replace pam_group.8.xml
and group.conf.5.xml with $(XMLS).
* modules/pam_issue/Makefile.am (README): Replace pam_issue.8.xml
with $(XMLS).
* modules/pam_keyinit/Makefile.am (README): Replace pam_keyinit.8.xml
with $(XMLS).
* modules/pam_lastlog/Makefile.am (README): Replace pam_lastlog.8.xml
with $(XMLS).
* modules/pam_limits/Makefile.am (README): Replace pam_limits.8.xml
and limits.conf.5.xml with $(XMLS).
* modules/pam_listfile/Makefile.am (README): Replace pam_listfile.8.xml
with $(XMLS).
* modules/pam_localuser/Makefile.am (README): Replace
pam_localuser.8.xml with $(XMLS).
* modules/pam_loginuid/Makefile.am (README): Replace pam_loginuid.8.xml
with $(XMLS).
* modules/pam_mail/Makefile.am (README): Replace pam_mail.8.xml
with $(XMLS).
* modules/pam_mkhomedir/Makefile.am (README): Replace
pam_mkhomedir.8.xml with $(XMLS).
* modules/pam_motd/Makefile.am (README): Replace pam_motd.8.xml
with $(XMLS).
* modules/pam_namespace/Makefile.am (README): Replace
pam_namespace.8.xml, namespace.conf.5.xml,
and pam_namespace_helper.8.xml with $(XMLS).
* modules/pam_nologin/Makefile.am (README): Replace pam_nologin.8.xml
with $(XMLS).
* modules/pam_permit/Makefile.am (README): Replace pam_permit.8.xml
with $(XMLS).
* modules/pam_pwhistory/Makefile.am (README): Replace
pam_pwhistory.8.xml with $(XMLS).
* modules/pam_rhosts/Makefile.am (README): Replace pam_rhosts.8.xml
with $(XMLS).
* modules/pam_rootok/Makefile.am (README): Replace pam_rootok.8.xml
with $(XMLS).
* modules/pam_securetty/Makefile.am (README): Replace
pam_securetty.8.xml with $(XMLS).
* modules/pam_selinux/Makefile.am (README): Replace pam_selinux.8.xml
with $(XMLS).
* modules/pam_sepermit/Makefile.am (README): Replace pam_sepermit.8.xml
with $(XMLS).
* modules/pam_setquota/Makefile.am (README): Replace pam_setquota.8.xml
with $(XMLS).
* modules/pam_shells/Makefile.am (README): Replace pam_shells.8.xml
with $(XMLS).
* modules/pam_succeed_if/Makefile.am (README): Replace
pam_succeed_if.8.xml with $(XMLS).
* modules/pam_tally/Makefile.am (README): Replace pam_tally.8.xml
with $(XMLS).
* modules/pam_tally2/Makefile.am (README): Replace pam_tally2.8.xml
with $(XMLS).
* modules/pam_time/Makefile.am (README): Replace pam_time.8.xml and
time.conf.5.xml with $(XMLS).
* modules/pam_timestamp/Makefile.am (README): Replace
pam_timestamp.8.xml with $(XMLS).
* modules/pam_tty_audit/Makefile.am (README): Replace
pam_tty_audit.8.xml with $(XMLS).
* modules/pam_umask/Makefile.am (README): Replace pam_umask.8.xml
with $(XMLS).
* modules/pam_unix/Makefile.am (README): Replace pam_unix.8.xml
with $(XMLS).
* modules/pam_userdb/Makefile.am (README): Replace pam_userdb.8.xml
with $(XMLS).
* modules/pam_usertype/Makefile.am (README): Replace pam_usertype.8.xml
with $(XMLS).
* modules/pam_warn/Makefile.am (README): Replace pam_warn.8.xml
with $(XMLS).
* modules/pam_wheel/Makefile.am (README): Replace pam_wheel.8.xml
with $(XMLS).
* modules/pam_xauth/Makefile.am (README): Replace pam_xauth.8.xml
with $(XMLS).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The change was prepared using the following script:
git grep -l '^TESTS = tst-pam_' modules/ |while read m; do
t="$(sed '/^TESTS = tst-pam_/!d;s/^TESTS = //;q' -- "$m")"
sed -i "/^EXTRA_DIST =/ s/$t\\>/\$(TESTS)/" -- "$m"
done
* modules/pam_access/Makefile.am (EXTRA_DIST): Replace tst-pam_access
with $(TESTS).
* modules/pam_cracklib/Makefile.am (EXTRA_DIST): Replace
tst-pam_cracklib with $(TESTS).
* modules/pam_debug/Makefile.am (EXTRA_DIST): Replace tst-pam_debug with
$(TESTS).
* modules/pam_deny/Makefile.am (EXTRA_DIST): Replace tst-pam_deny with
$(TESTS).
* modules/pam_echo/Makefile.am (EXTRA_DIST): Replace tst-pam_echo with
$(TESTS).
* modules/pam_env/Makefile.am (EXTRA_DIST): Replace tst-pam_env with
$(TESTS).
* modules/pam_exec/Makefile.am (EXTRA_DIST): Replace tst-pam_exec with
$(TESTS).
* modules/pam_faildelay/Makefile.am (EXTRA_DIST): Replace
tst-pam_faildelay with $(TESTS).
* modules/pam_filter/Makefile.am (EXTRA_DIST): Replace tst-pam_filter
with $(TESTS).
* modules/pam_ftp/Makefile.am (EXTRA_DIST): Replace tst-pam_ftp with
$(TESTS).
* modules/pam_group/Makefile.am (EXTRA_DIST): Replace tst-pam_group with
$(TESTS).
* modules/pam_issue/Makefile.am (EXTRA_DIST): Replace tst-pam_issue with
$(TESTS).
* modules/pam_keyinit/Makefile.am (EXTRA_DIST): Replace tst-pam_keyinit
with $(TESTS).
* modules/pam_lastlog/Makefile.am (EXTRA_DIST): Replace tst-pam_lastlog
with $(TESTS).
* modules/pam_limits/Makefile.am (EXTRA_DIST): Replace tst-pam_limits
with $(TESTS).
* modules/pam_listfile/Makefile.am (EXTRA_DIST): Replace
tst-pam_listfile with $(TESTS).
* modules/pam_localuser/Makefile.am (EXTRA_DIST): Replace
tst-pam_localuser with $(TESTS).
* modules/pam_loginuid/Makefile.am (EXTRA_DIST): Replace
tst-pam_loginuid with $(TESTS).
* modules/pam_mail/Makefile.am (EXTRA_DIST): Replace tst-pam_mail with
$(TESTS).
* modules/pam_mkhomedir/Makefile.am (EXTRA_DIST): Replace
tst-pam_mkhomedir with $(TESTS).
* modules/pam_motd/Makefile.am (EXTRA_DIST): Replace tst-pam_motd with
$(TESTS).
* modules/pam_namespace/Makefile.am (EXTRA_DIST): Replace
tst-pam_namespace with $(TESTS).
* modules/pam_nologin/Makefile.am (EXTRA_DIST): Replace tst-pam_nologin
with $(TESTS).
* modules/pam_permit/Makefile.am (EXTRA_DIST): Replace tst-pam_permit
with $(TESTS).
* modules/pam_pwhistory/Makefile.am (EXTRA_DIST): Replace
tst-pam_pwhistory with $(TESTS).
* modules/pam_rhosts/Makefile.am (EXTRA_DIST): Replace tst-pam_rhosts
with $(TESTS).
* modules/pam_rootok/Makefile.am (EXTRA_DIST): Replace tst-pam_rootok
with $(TESTS).
* modules/pam_securetty/Makefile.am (EXTRA_DIST): Replace
tst-pam_securetty with $(TESTS).
* modules/pam_sepermit/Makefile.am (EXTRA_DIST): Replace
tst-pam_sepermit with $(TESTS).
* modules/pam_setquota/Makefile.am (EXTRA_DIST): Replace
tst-pam_setquota with $(TESTS).
* modules/pam_shells/Makefile.am (EXTRA_DIST): Replace tst-pam_shells
with $(TESTS).
* modules/pam_stress/Makefile.am (EXTRA_DIST): Replace tst-pam_stress
with $(TESTS).
* modules/pam_succeed_if/Makefile.am (EXTRA_DIST): Replace
tst-pam_succeed_if with $(TESTS).
* modules/pam_tally/Makefile.am (EXTRA_DIST): Replace tst-pam_tally with
$(TESTS).
* modules/pam_tally2/Makefile.am (EXTRA_DIST): Replace tst-pam_tally2
with $(TESTS).
* modules/pam_time/Makefile.am (EXTRA_DIST): Replace tst-pam_time with
$(TESTS).
* modules/pam_tty_audit/Makefile.am (EXTRA_DIST): Replace
tst-pam_tty_audit with $(TESTS).
* modules/pam_umask/Makefile.am (EXTRA_DIST): Replace tst-pam_umask with
$(TESTS).
* modules/pam_userdb/Makefile.am (EXTRA_DIST): Replace tst-pam_userdb
with $(TESTS).
* modules/pam_usertype/Makefile.am (EXTRA_DIST): Replace
tst-pam_usertype with $(TESTS).
* modules/pam_warn/Makefile.am (EXTRA_DIST): Replace tst-pam_warn with
$(TESTS).
* modules/pam_wheel/Makefile.am (EXTRA_DIST): Replace tst-pam_wheel with
$(TESTS).
* modules/pam_xauth/Makefile.am (EXTRA_DIST): Replace tst-pam_xauth with
$(TESTS).
|
| | |
|
| |
|
|
|
|
| |
* modules/pam_mkhomedir/pam_mkhomedir.c: Include "pam_inline.h".
(_pam_parse): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
|
| |
|
|
|
|
|
|
| |
Allow the user to disable documentation through --disable-doc (enabled
by default), this is especially useful when cross-compiling for embedded
targets
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce a new internal header file with definitions of
DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL macros,
use them to temporary silence -Wcast-qual compilation warnings
in various modules.
* libpam/include/pam_cc_compat.h: New file.
* libpam/Makefile.am (noinst_HEADERS): Add include/pam_cc_compat.h.
* modules/pam_mkhomedir/pam_mkhomedir.c: Include "pam_cc_compat.h".
(create_homedir): Wrap execve invocation in DIAG_PUSH_IGNORE_CAST_QUAL
and DIAG_POP_IGNORE_CAST_QUAL.
* modules/pam_namespace/pam_namespace.c: Include "pam_cc_compat.h".
(pam_sm_close_session): Wrap the cast that discards ‘const’ qualifier
in DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL.
* modules/pam_tty_audit/pam_tty_audit.c: Include "pam_cc_compat.h".
(nl_send): Wrap the cast that discards ‘const’ qualifier in
DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL.
* modules/pam_unix/pam_unix_acct.c: Include "pam_cc_compat.h".
(_unix_run_verify_binary): Wrap execve invocation in
DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL.
* modules/pam_unix/pam_unix_passwd.c: Include "pam_cc_compat.h".
(_unix_run_update_binary): Wrap execve invocation in
DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL.
* modules/pam_unix/passverify.c: Include "pam_cc_compat.h".
(unix_update_shadow): Wrap the cast that discards ‘const’ qualifier
in DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL.
* modules/pam_unix/support.c: Include "pam_cc_compat.h".
(_unix_run_helper_binary): Wrap execve invocation in
DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL.
* modules/pam_xauth/pam_xauth.c: Include "pam_cc_compat.h".
(run_coprocess): Wrap execv invocation in DIAG_PUSH_IGNORE_CAST_QUAL
and DIAG_POP_IGNORE_CAST_QUAL.
|
| |
|
|
|
|
|
|
|
|
| |
* libpam/pam_modutil_searchkey.c: Avoid assigning empty string literal to
non-const char *.
* modules/pam_filter/pam_filter.c: Avoid using const char **.
* modules/pam_mkhomedir/pam_mkhomedir.c: Properly cast out const for execve().
* modules/pam_namespace/pam_namespace.c: Properly cast out const from pam data.
* modules/pam_tally2/pam_tally2.c: String literal must be assigned to
const char *.
|
| |
|
|
|
|
|
|
| |
To be able to set CFLAGS from make command-line but not to lose the
warning flags.
* configure.ac: Put warning flags to WARN_CFLAGS instead of CFLAGS.
* */Makefile.am: Apply WARN_CFLAGS to AM_CFLAGS.
|
| | |
|
| |
|
|
|
| |
* modules/pam_mkhomedir/mkhomedir_helper.c (make_parent_dirs): Do not
skip creating the directory if we are under /.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove blank lines at EOF introduced by commit
a684595c0bbd88df71285f43fb27630e3829121e,
making the project free of warnings reported by
git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD
* libpam/pam_dynamic.c: Remove blank line at EOF.
* modules/pam_echo/pam_echo.c: Likewise.
* modules/pam_keyinit/pam_keyinit.c: Likewise.
* modules/pam_mkhomedir/pam_mkhomedir.c: Likewise.
* modules/pam_pwhistory/pam_pwhistory.c: Likewise.
* modules/pam_rhosts/pam_rhosts.c: Likewise.
* modules/pam_sepermit/pam_sepermit.c: Likewise.
* modules/pam_stress/pam_stress.c: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Linux-PAM. It was never official supported and was broken since years.
* configure.ac: Remove --enable-static-modules option.
* doc/man/pam_sm_acct_mgmt.3.xml: Remove PAM_EXTERN.
* doc/man/pam_sm_authenticate.3.xml: Likewise.
* doc/man/pam_sm_chauthtok.3.xml: Likewise.
* doc/man/pam_sm_close_session.3.xml: Likewise.
* doc/man/pam_sm_open_session.3.xml: Likewise.
* doc/man/pam_sm_setcred.3.xml: Likewise.
* libpam/Makefile.am: Remove STATIC_MODULES cases.
* libpam/include/security/pam_modules.h: Remove PAM_STATIC parts.
* libpam/pam_dynamic.c: Likewise.
* libpam/pam_handlers.c: Likewise.
* libpam/pam_private.h: Likewise.
* libpam/pam_static.c: Remove file.
* libpam/pam_static_modules.h: Remove header file.
* modules/pam_access/pam_access.c: Remove PAM_EXTERN and PAM_STATIC parts.
* modules/pam_cracklib/pam_cracklib.c: Likewise.
* modules/pam_debug/pam_debug.c: Likewise.
* modules/pam_deny/pam_deny.c: Likewise.
* modules/pam_echo/pam_echo.c: Likewise.
* modules/pam_env/pam_env.c: Likewise.
* modules/pam_exec/pam_exec.c: Likewise.
* modules/pam_faildelay/pam_faildelay.c: Likewise.
* modules/pam_filter/pam_filter.c: Likewise.
* modules/pam_ftp/pam_ftp.c: Likewise.
* modules/pam_group/pam_group.c: Likewise.
* modules/pam_issue/pam_issue.c: Likewise.
* modules/pam_keyinit/pam_keyinit.c: Likewise.
* modules/pam_lastlog/pam_lastlog.c: Likewise.
* modules/pam_limits/pam_limits.c: Likewise.
* modules/pam_listfile/pam_listfile.c: Likewise.
* modules/pam_localuser/pam_localuser.c: Likewise.
* modules/pam_loginuid/pam_loginuid.c: Likewise.
* modules/pam_mail/pam_mail.c: Likewise.
* modules/pam_mkhomedir/pam_mkhomedir.c: Likewise.
* modules/pam_motd/pam_motd.c: Likewise.
* modules/pam_namespace/pam_namespace.c: Likewise.
* modules/pam_nologin/pam_nologin.c: Likewise.
* modules/pam_permit/pam_permit.c: Likewise.
* modules/pam_pwhistory/pam_pwhistory.c: Likewise.
* modules/pam_rhosts/pam_rhosts.c: Likewise.
* modules/pam_rootok/pam_rootok.c: Likewise.
* modules/pam_securetty/pam_securetty.c: Likewise.
* modules/pam_selinux/pam_selinux.c: Likewise.
* modules/pam_sepermit/pam_sepermit.c: Likewise.
* modules/pam_shells/pam_shells.c: Likewise.
* modules/pam_stress/pam_stress.c: Likewise.
* modules/pam_succeed_if/pam_succeed_if.c: Likewise.
* modules/pam_tally/pam_tally.c: Likewise.
* modules/pam_tally2/pam_tally2.c: Likewise.
* modules/pam_time/pam_time.c: Likewise.
* modules/pam_timestamp/pam_timestamp.c: Likewise.
* modules/pam_tty_audit/pam_tty_audit.c: Likewise.
* modules/pam_umask/pam_umask.c: Likewise.
* modules/pam_userdb/pam_userdb.c: Likewise.
* modules/pam_warn/pam_warn.c: Likewise.
* modules/pam_wheel/pam_wheel.c: Likewise.
* modules/pam_xauth/pam_xauth.c: Likewise.
* modules/pam_unix/Makefile.am: Remove STATIC_MODULES part.
* modules/pam_unix/pam_unix_acct.c: Remove PAM_STATIC part.
* modules/pam_unix/pam_unix_auth.c: Likewise.
* modules/pam_unix/pam_unix_passwd.c: Likewise.
* modules/pam_unix/pam_unix_sess.c: Likewise.
* modules/pam_unix/pam_unix_static.c: Removed.
* modules/pam_unix/pam_unix_static.h: Removed.
* po/POTFILES.in: Remove removed files.
* tests/tst-dlopen.c: Remove PAM_STATIC part.
|
| |
|
|
|
| |
modules/pam_mkhomedir/mkhomedir_helper.c (create_homedir): Drop superfluous
stat() call.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change introduces pam_modutil_sanitize_helper_fds - a new function
that redirects standard descriptors and closes all other descriptors.
pam_modutil_sanitize_helper_fds supports three types of input and output
redirection:
- PAM_MODUTIL_IGNORE_FD: do not redirect at all.
- PAM_MODUTIL_PIPE_FD: redirect to a pipe. For stdin, it is implemented
by creating a pipe, closing its write end, and redirecting stdin to
its read end. Likewise, for stdout/stderr it is implemented by
creating a pipe, closing its read end, and redirecting to its write
end. Unlike stdin redirection, stdout/stderr redirection to a pipe
has a side effect that a process writing to such descriptor should be
prepared to handle SIGPIPE appropriately.
- PAM_MODUTIL_NULL_FD: redirect to /dev/null. For stdin, it is
implemented via PAM_MODUTIL_PIPE_FD because there is no functional
difference. For stdout/stderr, it is classic redirection to
/dev/null.
PAM_MODUTIL_PIPE_FD is usually more suitable due to linux kernel
security restrictions, but when the helper process might be writing to
the corresponding descriptor and termination of the helper process by
SIGPIPE is not desirable, one should choose PAM_MODUTIL_NULL_FD.
* libpam/pam_modutil_sanitize.c: New file.
* libpam/Makefile.am (libpam_la_SOURCES): Add it.
* libpam/include/security/pam_modutil.h (pam_modutil_redirect_fd,
pam_modutil_sanitize_helper_fds): New declarations.
* libpam/libpam.map (LIBPAM_MODUTIL_1.1.9): New interface.
* modules/pam_exec/pam_exec.c (call_exec): Use
pam_modutil_sanitize_helper_fds.
* modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Likewise.
* modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Likewise.
* modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary):
Likewise.
* modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
* modules/pam_xauth/pam_xauth.c (run_coprocess): Likewise.
* modules/pam_unix/support.h (MAX_FD_NO): Remove.
|
