| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Given that in most places config.h is included unconditionally,
there is no point in keeping remaining HAVE_CONFIG_H checks.
Public header files do not use config.h and therefore
are not affected by this change anyway.
|
| |
|
|
|
|
|
| |
This way it is visibly different from the configure variable SCONFIGDIR,
which is helpful, because their values are slightly different:
the macro is quoted while the configure variable is not quoted,
and this difference may cause problems with other build systems.
|
| |
|
|
|
| |
The struct crypt_data has the size of 32768 bytes, thus allocate it on
the heap for portability.
|
| |
|
|
| |
The manual page of crypt_r(3) recommends to zero the entire data object.
|
| |
|
|
|
|
|
| |
Removes its usage from check_old_pass and reduces its
visibility in save_old_pass.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
| |
Users may have a hash character in their name, which would be removed.
This in turn effectively defeats the purpose of pam_pwhistory for the
user.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
| |
Instead of annotating the function definition with the format attribute
annotate the declaration, so the annotation is visible at call sites.
|
| |
|
|
|
|
| |
These are leftovers from fgets usages.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
| |
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
| |
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apparently, getline is being used unconditionally in pam_namespace and
pam_sepermit. In pam_namespace, it is being used since 2006 when the
module was introduced in the first place.
Let's assume getline is universally available and let's use it
unconditionally in other cases, too.
* configure.ac (AC_CHECK_FUNCS): Remove getline and getdelim.
* libpam/pam_modutil_searchkey.c (pam_modutil_search_key): Use getline
unconditionally.
* modules/pam_pwhistory/opasswd.c (check_old_pass, save_old_pass):
Likewise.
* modules/pam_shells/pam_shells.c (perform_check): Likewise.
|
| |
|
|
|
|
|
|
| |
Character handling functions, like isspace(3), expect a value
representable as unsigned char or equal to EOF. Otherwise the behavior
is undefined.
See https://wiki.sei.cmu.edu/confluence/display/c/STR37-C.+Arguments+to+character-handling+functions+must+be+representable+as+an+unsigned+char
|
| |
|
|
|
|
|
|
| |
retval was being defined only in #ifdef HAVE_CRYPT_R, but used
unconditionally.
Signed-off-by: Bernhard Rosenkränzer <bero@lindev.ch>
Fixes: bcba17939e1b ("modules: make use of secure memory erasure")
|
| |
|
|
|
| |
Allocate the buffers dynamically using asprintf(), so there is no need
to use PATH_MAX-fixed size buffers.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use empty initialization of structs to minimize the memset() usage, to
reduce the amount of calls which are not sensitive.
Non trivial changes:
- pam_env:
* erase environment variables where possible
- pam_exec:
* erase responce on error
* erase auth token
- pam_pwhistory:
* erase buffers containing old passwords
- pam_selinux: skip overwriting data structure consisting of only
pointers to insensitive data, which also gets free'd afterwards (so
it currently does not protect against double-free or use-after-free on
the member pointers)
- pam_unix: erase cipher data in more places
- pam_userdb: erase password hashes
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Sometimes, especially in embedded devices, the /etc directory can be
read-only and/or not saved over upgrades. In order to ensure password
policies are maintained across upgrades and the module functions on
read-only file systems, allow the location of the password history file
to be set in the PAM configuration.
Signed-off-by: Edward <jinzhou.zhu1@ge.com>
[Martyn Welch: Updated commit message and ported to latest version]
Signed-off-by: Martyn Welch <martyn.welch@collabora.com>
Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use SCONFIGDIR macro instead of open-coding "/etc/security",
the latter is not correct when configured using --enable-sconfigdir
with an argument different from /etc/security.
* modules/pam_faillock/faillock.h (FAILLOCK_DEFAULT_CONF): Use
SCONFIGDIR.
* modules/pam_namespace/pam_namespace.h (SECURECONF_DIR): Remove.
(PAM_NAMESPACE_CONFIG, NAMESPACE_INIT_SCRIPT, NAMESPACE_D_DIR,
NAMESPACE_D_GLOB): Use SCONFIGDIR.
* modules/pam_namespace/Makefile.am (AM_CFLAGS): Remove
-DSECURECONF_DIR.
* modules/pam_pwhistory/opasswd.c (OLD_PASSWORDS_FILE): Use SCONFIGDIR.
* modules/pam_unix/passverify.h: Likewise.
* modules/pam_unix/passverify.c (OPW_TMPFILE): Use SCONFIGDIR.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since many distributions are shipping a version of libxcrypt >= 4.0.0
as a replacement for glibc's libcrypt now, older versions of xcrypt,
which could be installed in parallel, are not relevant anymore.
* configure.ac (AC_CHECK_HEADERS): Remove xcrypt.h.
(AC_SEARCH_LIBS): Remove xcrypt.
(AC_CHECK_FUNCS): Remove crypt_gensalt_r.
(AC_DEFINE): Remove HAVE_LIBXCRYPT.
* modules/pam_pwhistory/opasswd.c [HAVE_LIBXCRYPT]: Remove.
* modules/pam_unix/bigcrypt.c [HAVE_LIBXCRYPT]: Likewise.
* modules/pam_userdb/pam_userdb.c [HAVE_LIBXCRYPT]: Likewise.
* modules/pam_unix/passverify.c [HAVE_LIBXCRYPT]: Likewise.
(create_password_hash) [HAVE_LIBXCRYPT]: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Exported functions already have these attributes, add them to other functions.
This enables compilers to find format specifier mismatches, like:
foo_print("Hello %d", "world")
* m4/warn_lang_flags.m4 (gl_WARN_ADD): Add -Wmissing-format-attribute.
* conf/pam_conv1/Makefile.am (AM_CFLAGS): Add -I$(top_srcdir)/libpam/include.
* conf/pam_conv1/pam_conv_y.y: Include <security/_pam_types.h>.
(yyerror): Add printf format attribute.
* modules/pam_pwhistory/opasswd.c (helper_log_err): Likewise.
* modules/pam_rootok/pam_rootok.c (log_callback): Likewise.
* modules/pam_tally/pam_tally.c (tally_log): Likewise.
* modules/pam_tally2/pam_tally2.c (tally_log): Likewise.
* modules/pam_unix/passverify.c (helper_log_err): Likewise.
|
| |
|
|
|
|
|
|
| |
The purpose of the helper is to enable tighter confinement of login and
password changing services. The helper is thus called only when SELinux
is enabled on the system.
Resolves: https://github.com/linux-pam/linux-pam/pull/247
|
| |
|
|
|
|
|
|
|
|
|
| |
When xcrypt.h is available but -lxcrypt is not, pam_pwhistory fails to
build with the following diagnostics:
modules/pam_pwhistory/opasswd.c:111: undefined reference to `xcrypt_r'
Fix this by using the same check for xcrypt as in other modules.
* modules/pam_pwhistory/opasswd.c: Replace HAVE_XCRYPT_H with
HAVE_LIBXCRYPT.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The glibc implementation of getline/getdelim does not guarantee a NUL
terminator in lineptr if getline returns failure (-1). This occurs when
the opasswd file exists but is empty. Since strdup is called
immediately afterwards, this causes strdup to read uninitialized memory
and possibly buffer overrun / crash.
This also fixes a memory leak which always occurs when reading the last
line of the opasswd file. Since the strdup is called before checking
the return code from getline, getdelim, or fgets+strlen, it will
duplicate and never free either:
- The last successfully read line (for getline or getdelim)
- Uninitialized data (if the file is empty)
- A 0 byte string (for fgets+strlen)
Fix by always checking the return code of getline, getdelim, or
fgets+strlen before calling strdup.
|
| |
|
|
|
|
|
| |
* modules/pam_pwhistory/opasswd.c (parse_entry): Test for missing fields
in opasswd entry and return error.
* modules/pam_unix/passverify.c (save_old_password): Test for missing fields
in opasswd entry and skip it.
|
| |
|
|
|
| |
modules/pam_pwhistory/opasswd.c (compare_password): Add check for crypt() NULL return.
modules/pam_unix/bigcrypt.c (bigcrypt): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* libpam/pam_static_modules.h (_pam_rhosts_auth_modstruct): Remove
obsolete declaration.
(static_modules): Remove undefined reference to
_pam_rhosts_auth_modstruct.
* modules/pam_pwhistory/opasswd.h: Rename {save,check}_old_password to
{save,check}_old_pass in order to avoid conflicts with pam_unix.
* modules/pam_pwhistory/opasswd.c: Likewise.
* modules/pam_pwhistory/pam_pwhistory.c: Likewise.
* modules/pam_tally2/pam_tally2.c: Rename _pam_tally_modstruct to
_pam_tally2_modstruct.
Signed-off-by: Matveychikov Ilya <i.matveychikov@securitycode.ru>
|
| |
|
|
|
|
| |
Cleanup trailing whitespaces, indentation that uses spaces before tabs,
and blank lines at EOF. Make the project free of warnings reported by
git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD
|
| |
|
|
|
|
|
|
|
| |
* modules/pam_pwhistory/opasswd.c (check_old_password): Do not
needlessly call strdupa().
(save_old_password): Avoid memleaks in error paths. Avoid memleak of
buf. Make the opasswd entry parsing more robust.
* modules/pam_pwhistory/pam_pwhistory.8.xml: Document the
special meaning of remember=0.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-04-13 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_pwhistory/opasswd.c: Fix compilation if
cyprt_r() is not available.
* configure.in: check for getutent_r.
* modules/pam_timestamp/pam_timestamp.c: Use getutent()
if getutent_r() does not exist.
Patch from Diego Elio "Flameeyes" Pettenò.
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2009-06-01 Tomáš Mráz <t8m@centrum.cz>
* modules/pam_pwhistory/opasswd.c (save_old_password): Don't
call fclose() on NULL descriptor. Found by Steve Grubb.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2009-03-24 Tomas Mraz <t8m@centrum.cz>
* modules/pam_unix/passverify.c(save_old_password): Call fflush() and
fsync().
(unix_update_passwd, unix_update_shadow): Likewise.
* modules/pam_pwhistory/opasswd.c(save_old_password): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-11-25 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_pwhistory/opasswd.c (save_old_password): Fix typo.
|
|
|
Purpose of commit: new feature
Commit summary:
---------------
2008-10-10 Thorsten Kukuk <kukuk@thkukuk.de>
* configure.in: add modules/pam_pwhistory/Makefile.
* doc/sag/Linux-PAM_SAG.xml: Include pam_pwhistory.xml.
* doc/sag/pam_pwhistory.xml: New.
* libpam/pam_static_modules.h: Add pam_pwhistory data.
* modules/Makefile.am: Add pam_pwhistory directory.
* modules/pam_pwhistory/Makefile.am: New.
* modules/pam_pwhistory/README.xml: New.
* modules/pam_pwhistory/opasswd.c: New.
* modules/pam_pwhistory/opasswd.h: New.
* modules/pam_pwhistory/pam_pwhistory.8.xml: New.
* modules/pam_pwhistory/pam_pwhistory.c: New.
* modules/pam_pwhistory/tst-pam_pwhistory: New.
* xtests/Makefile.am: New.
* xtests/run-xtests.sh: New.
* xtests/tst-pam_pwhistory1.c: New.
* xtests/tst-pam_pwhistory1.pamd: New.
* xtests/tst-pam_pwhistory1.sh: New.
* po/POTFILES.in: Add modules/pam_pwhistory/.
* po/de.po: Update translations.
|
