| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Linux-PAM. It was never official supported and was broken since years.
* configure.ac: Remove --enable-static-modules option.
* doc/man/pam_sm_acct_mgmt.3.xml: Remove PAM_EXTERN.
* doc/man/pam_sm_authenticate.3.xml: Likewise.
* doc/man/pam_sm_chauthtok.3.xml: Likewise.
* doc/man/pam_sm_close_session.3.xml: Likewise.
* doc/man/pam_sm_open_session.3.xml: Likewise.
* doc/man/pam_sm_setcred.3.xml: Likewise.
* libpam/Makefile.am: Remove STATIC_MODULES cases.
* libpam/include/security/pam_modules.h: Remove PAM_STATIC parts.
* libpam/pam_dynamic.c: Likewise.
* libpam/pam_handlers.c: Likewise.
* libpam/pam_private.h: Likewise.
* libpam/pam_static.c: Remove file.
* libpam/pam_static_modules.h: Remove header file.
* modules/pam_access/pam_access.c: Remove PAM_EXTERN and PAM_STATIC parts.
* modules/pam_cracklib/pam_cracklib.c: Likewise.
* modules/pam_debug/pam_debug.c: Likewise.
* modules/pam_deny/pam_deny.c: Likewise.
* modules/pam_echo/pam_echo.c: Likewise.
* modules/pam_env/pam_env.c: Likewise.
* modules/pam_exec/pam_exec.c: Likewise.
* modules/pam_faildelay/pam_faildelay.c: Likewise.
* modules/pam_filter/pam_filter.c: Likewise.
* modules/pam_ftp/pam_ftp.c: Likewise.
* modules/pam_group/pam_group.c: Likewise.
* modules/pam_issue/pam_issue.c: Likewise.
* modules/pam_keyinit/pam_keyinit.c: Likewise.
* modules/pam_lastlog/pam_lastlog.c: Likewise.
* modules/pam_limits/pam_limits.c: Likewise.
* modules/pam_listfile/pam_listfile.c: Likewise.
* modules/pam_localuser/pam_localuser.c: Likewise.
* modules/pam_loginuid/pam_loginuid.c: Likewise.
* modules/pam_mail/pam_mail.c: Likewise.
* modules/pam_mkhomedir/pam_mkhomedir.c: Likewise.
* modules/pam_motd/pam_motd.c: Likewise.
* modules/pam_namespace/pam_namespace.c: Likewise.
* modules/pam_nologin/pam_nologin.c: Likewise.
* modules/pam_permit/pam_permit.c: Likewise.
* modules/pam_pwhistory/pam_pwhistory.c: Likewise.
* modules/pam_rhosts/pam_rhosts.c: Likewise.
* modules/pam_rootok/pam_rootok.c: Likewise.
* modules/pam_securetty/pam_securetty.c: Likewise.
* modules/pam_selinux/pam_selinux.c: Likewise.
* modules/pam_sepermit/pam_sepermit.c: Likewise.
* modules/pam_shells/pam_shells.c: Likewise.
* modules/pam_stress/pam_stress.c: Likewise.
* modules/pam_succeed_if/pam_succeed_if.c: Likewise.
* modules/pam_tally/pam_tally.c: Likewise.
* modules/pam_tally2/pam_tally2.c: Likewise.
* modules/pam_time/pam_time.c: Likewise.
* modules/pam_timestamp/pam_timestamp.c: Likewise.
* modules/pam_tty_audit/pam_tty_audit.c: Likewise.
* modules/pam_umask/pam_umask.c: Likewise.
* modules/pam_userdb/pam_userdb.c: Likewise.
* modules/pam_warn/pam_warn.c: Likewise.
* modules/pam_wheel/pam_wheel.c: Likewise.
* modules/pam_xauth/pam_xauth.c: Likewise.
* modules/pam_unix/Makefile.am: Remove STATIC_MODULES part.
* modules/pam_unix/pam_unix_acct.c: Remove PAM_STATIC part.
* modules/pam_unix/pam_unix_auth.c: Likewise.
* modules/pam_unix/pam_unix_passwd.c: Likewise.
* modules/pam_unix/pam_unix_sess.c: Likewise.
* modules/pam_unix/pam_unix_static.c: Removed.
* modules/pam_unix/pam_unix_static.h: Removed.
* po/POTFILES.in: Remove removed files.
* tests/tst-dlopen.c: Remove PAM_STATIC part.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* modules/pam_namespace/pam_namespace.c: call setuid() before execing the
namespace init script, so that scripts run with maximum privilege regardless
of the shell implementation.
* modules/pam_namespace/namespace.init: drop the '-p' bashism from the
shebang line
This is not a POSIX standard option, it's a bashism. The bash manpage says
that it's used to prevent the effective user id from being reset to the real
user id on startup, and to ignore certain unsafe variables from the
environment.
In the case of pam_namespace, the -p is not necessary for environment
sanitizing because the PAM module (properly) sanitizes the environment
before execing the script.
The stated reason given in CVS history for passing -p is to "preserve euid
when called from setuid apps (su, newrole)." This should be done more
portably, by calling setuid() before spawning the shell.
Signed-off-by: Steve Langasek <vorlon@debian.org>
Bug-Debian: http://bugs.debian.org/624842
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1081323
|
| |
|
|
|
|
|
|
|
| |
modules/pam_namespace/pam_namespace.h: Add mount_opts member to polydir
structure.
modules/pam_namespace/pam_namespace.c (del_polydir): Free the mount_opts.
(parse_method): Parse the mntopts flag.
(ns_setup): Pass the mount_opts to mount().
modules/pam_namespace/namespace.conf.5.xml: Document the mntopts flag.
|
| |
|
|
|
|
|
|
| |
* modules/pam_namespace/pam_namespace.c (pam_sm_close_session): Recognize
the unmount_on_close option and make the default to be to not unmount.
* modules/pam_namespace/pam_namespace.h: Rename PAMNS_NO_UNMOUNT_ON_CLOSE to
PAMNS_UNMOUNT_ON_CLOSE.
* modules/pam_namespace/pam_namespace.8.xml: Document the change.
|
| |
|
|
|
|
|
|
|
| |
* modules/pam_namespace/pam_namespace.c (protect_dir): Drop the always argument.
(check_inst_parent): Drop the always argument from protect_dir().
(create_polydir): Likewise.
(ns_setup): Likewise and do not mark the polydir with MS_PRIVATE.
(setup_namespace): Mark the / with MS_SLAVE|MS_REC.
* modules/pam_namespace/pam_namespace.8.xml: Reflect the change in docs.
|
| |
|
|
|
|
| |
Cleanup trailing whitespaces, indentation that uses spaces before tabs,
and blank lines at EOF. Make the project free of warnings reported by
git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2011-03-18 Tomas Mraz <tm@t8m.info>
* modules/pam_namespace/md5.c (MD5Final): Clear the whole ctx.
* modules/pam_namespace/pam_namespace.c (del_polydir): Guard for NULL poly.
(protect_dir): Guard for -1 passing to close().
(ns_setup): Likewise.
(pam_sm_open_session): Correctly test for SELinux enabled flag.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-11-11 Tomas Mraz <tm@t8m.info>
* modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Fix
potential use after free in case SELinux is misconfigured.
* modules/pam_namespace/pam_namespace.c (process_line): Fix memory
leak when parsing empty config file lines.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-22 Tomas Mraz <tm@t8m.info>
* modules/pam_namespace/pam_namespace.c (inst_init): Use execle()
to execute the init script with clean environment. (CVE-2010-3853)
(cleanup_tmpdirs): Likewise for executing rm.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2009-04-03 Dmitry V. Levin <ldv@altlinux.org>
* libpamc/pamc_load.c (__pamc_exec_agent): Replace call to exit(3)
in child process with call to _exit(2).
* modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Likewise.
* modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary):
Likewise.
* modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary):
Likewise.
* modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
* modules/pam_xauth/pam_xauth.c (run_coprocess): Likewise.
* modules/pam_exec/pam_exec.c (call_exec): Replace all calls to
exit(3) in child process with calls to _exit(2).
* modules/pam_filter/pam_filter.c (set_filter): Likewise.
* modules/pam_namespace/pam_namespace.c (inst_init,
cleanup_tmpdirs): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2009-02-27 Tomas Mraz <t8m@centrum.cz>
* modules/pam_mkhomedir/pam_mkhomedir.c(create_homedir): Replace
signal() with sigaction().
* modules/pam_namespace/pam_namespace.c(inst_init, cleanup_tmpdirs):
Likewise.
* modules/pam_unix/pam_unix_acct.c(_unix_run_verify_binary): Likewise.
* modules/pam_unix/pam_unix_passwd.c(_unix_run_update_binary):
Likewise.
* modules/pam_unix/passverify.c(su_sighandler): Likewise.
* modules/pam_unix/support.c(_unix_run_helper_binary): Likewise.
* modules/pam_tally2/Makefile.am: Link the pam_tally2 app to libpam
for auxiliary functions.
* modules/pam_tally2/pam_tally2.8.xml: Drop non-existing no_reset
option. Document new serialize option.
* modules/pam_tally2/pam_tally2.c: Add support for the new serialize
option.
(_cleanup, tally_set_data, tally_get_data): Add tally file handle to
tally PAM data. Needed for fcntl() locking.
(get_tally): Use low level file access instead of stdio buffered FILE.
If serialize option is used lock the tally file access.
(set_tally, tally_bump, tally_reset): Use low level file access instead
of stdio buffered FILE. Close the file handle only when it is not owned
by PAM data.
(pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt): Pass the tally
file handle to tally_set_data(). Get it from tally_get_data().
(main): Use low level file access instead of stdio buffered FILE.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-04-18 Tomas Mraz <t8m@centrum.cz>
* modules/pam_namespace/pam_namespace.c: New functions
unprotect_dirs(), cleanup_protect_data(), protect_mount(),
protect_dir() to protect directory by bind mount.
(cleanup_data): Renamed to cleanup_polydir_data().
(parse_create_params): Allow missing specification of mode
or owner.
(check_inst_parent): Call protect_dir() on the instance parent
directory. The directory is created when it doesn't exist.
(create_polydir): Protect and make the polydir by protect_dir(),
remove potential races.
(create_dirs): Renamed to create_instance(), remove call to
inst_init().
(ns_setup): Call protect_dir() on the polydir if it already exists.
Call inst_init() after the polydir is mounted.
(setup_namespace): Set the namespace protect data to be cleaned up
on pam_close_session()/pam_end().
(pam_sm_open_session): Initialize the protect_dirs.
(pam_sm_close_session): Cleanup namespace protect data.
* modules/pam_namespace/pam_namespace.h: Define struct for the
stack of protected dirs.
* modules/pam_namespace/pam_namespace.8.xml: Document when the
instance init script is called.
* modules/pam_namespace/namespace.conf.5.xml: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-03-20 Tomas Mraz <t8m@centrum.cz>
* modules/pam_namespace/pam_namespace.c(poly_name): Switch to USER
method only when appropriate.
(setup_namespace): Do not umount when not mounted with RUSER.
* modules/pam_selinux/pam_selinux.c(pam_sm_close_session): Call
freecontext() after the context is logged not before.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix, new feature
Commit summary:
---------------
2008-02-13 Tomas Mraz <t8m@centrum.cz>
* modules/pam_namespace/Makefile.am: Add argv_parse files and namespace.d
dir.
* modules/pam_namespace/argv_parse.c: New file.
* modules/pam_namespace/argv_parse.h: New file.
* modules/pam_namespace/namespace.conf.5.xml: Document new features.
* modules/pam_namespace/pam_namespace.8.xml: Likewise.
* modules/pam_namespace/pam_namespace.h: Use SECURECONF_DIR define.
Define NAMESPACE_D_DIR and NAMESPACE_D_GLOB. Define new option flags
and polydir flags.
(polydir_s): Add rdir, replace exclusive with flags, add init_script,
owner, group, and mode.
(instance_data): Add ruser, gid, and ruid.
* modules/pam_namespace/pam_namespace.c: Remove now unused copy_ent().
(add_polydir_entry): Add the entry directly, no copy.
(del_polydir): New function.
(del_polydir_list): Call del_polydir().
(expand_variables, parse_create_params, parse_iscript_params,
parse_method): New functions.
(process_line): Call expand_variables() on polydir and instance prefix.
Call argv_parse() instead of strtok_r(). Allocate struct polydir_s on heap.
(parse_config_file): Parse .conf files from namespace.d dir after
namespace.conf.
(form_context): Call getcon() or get_default_context_with_level() when
appropriate flags are set.
(poly_name): Handle shared polydir flag.
(inst_init): Execute non-default init script when specified.
(create_polydir): New function.
(create_dirs): Remove the code which checks the polydir. Do not call
inst_init() when noinit flag is set.
(ns_setup): Check the polydir and eventually create it if the create flag
is set.
(setup_namespace): Use ruser uid from idata. Set the namespace polydir
pam data only when namespace was set up correctly. Unmount polydir
based on ruser.
(get_user_data): New function.
(pam_sm_open_session): Check for use_current_context and
use_default_context options. Call get_user_data().
(pam_sm_close_session): Call get_user_data().
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-02-01 Tomas Mraz <t8m@centrum.cz>
* modules/pam_namespace/namespace.conf.5.xml: Add documentation for
tmpfs and tmpdir polyinst and for ~ user list modifier.
* modules/pam_namespace/namespace.init: Add documentation for the
new init parameter. Add home directory initialization script.
* modules/pam_namespace/pam_namespace.8.xml: Document the new
init parameter of the namespace.init script.
* modules/pam_namespace/pam_namespace.c(copy_ent): Copy exclusive flag.
(cleanup_data): New function.
(process_line): Set exclusive flag. Add tmpfs and tmpdir methods.
(ns_override): Change behavior on the exclusive flag.
(poly_name): Process tmpfs and tmpdir methods.
(inst_init): Add flag for new directory initialization.
(create_dirs): Process the tmpdir method, add the new directory
flag.
(ns_setup): Remove unused code. Process the tmpfs method.
(cleanup_tmpdirs): New function.
(setup_namespace): Set data for proper cleanup. Cleanup the tmpdirs
on failures.
(pam_sm_close_session): Instead of parsing the config file again use
the previously set data for cleanup.
* modules/pam_namespace/pam_namespace.h: Add TMPFS and TMPDIR methods
and exclusive flag.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2007-09-27 Tomas Mraz <t8m@centrum.cz>
* modules/pam_succeed_if/pam_succeed_if.c (evaluate_inlist): Fix in
operator rhbz #295151.
* modules/pam_namespace/pam_namespace.c (poly_name): Do not try to
get context when SELinux is disabled rhbz #306901.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix, new feature
Commit summary:
---------------
2007-06-15 Tomas Mraz <t8m@centrum.cz>
* modules/pam_namespace/README.xml: Avoid duplication of
documentation.
* modules/pam_namespace/namespace.conf: More real life example
from MLS support.
* modules/pam_namespace/namespace.conf.5.xml: Likewise plus
properly describe how instance directory names are formed.
* modules/pam_namespace/namespace.init: Preserve euid when
called from setuid apps (su, newrole).
* modules/pam_namespace/pam_namespace.8.xml: Added option
no_unmount_on_close.
* modules/pam_namespace/pam_namespace.c (process_line): Polyinst
methods are now user, level and context. Fix crash on unknown
override user in config file.
(ns_override): Add explicit uid parameter.
(form_context): Skip for user method. Implement level based
polyinstantiation.
(poly_name): Initialize contexts. Add level based polyinst,
remove 'both' metod. Use raw contexts for instance names,
truncate long instance names and add hash.
(ns_setup): Hashing moved to poly_name().
(setup_namespace): Handle correctly override users for
su (when unmnt_remnt is used).
(pam_sm_close_session): Added no_unmount_on_close option.
* modules/pam_namespace/pam_namespace.h: Added
no_unmount_on_close_option, level method, limit on instance
directory name length.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2006-10-24 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_namespace/pam_namespace.c: Reserve space for
trailing zero.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2006-08-30 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_namespace/pam_namespace.c: Use pam_modutil_getpwnam()
instead of getpwnam().
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2006-07-24 David Quigley <dpquigl@tycho.nsa.gov>
* modules/pam_namespace/Makefile.am: Add pam_namespace.h.
* modules/pam_namespace/pam_namespace.c: Move includes and
data structure definitions from here ...
* modules/pam_namespace/pam_namespace.h: ... here. New file.
* modules/pam_namespace/pam_namespace.c: Move large sections
of code into new functions.
Acked by Janak Desai <janak@us.ibm.com>
|
|
|
Purpose of commit: new feature
Commit summary:
---------------
* modules/pam_namespace/pam_namespace.c: New module
originally written by Janak Desai.
* modules/pam_namespace/Makefile.am: New.
* modules/pam_namespace/README: New.
* modules/pam_namespace/md5.c: New.
* modules/pam_namespace/md5.h: New.
* modules/pam_namespace/namespace.conf: New.
* modules/pam_namespace/namespace.conf.5: New.
* modules/pam_namespace/namespace.conf.5.xml: New.
* modules/pam_namespace/namespace.init: New.
* modules/pam_namespace/pam_namespace.8: New.
* modules/pam_namespace/pam_namespace.8.xml: New.
* modules/Makefile.am: Added pam_namespace.
* configure.in: Added pam_namespace, test for unshare
library call.
|
