aboutsummaryrefslogtreecommitdiff
path: root/modules/pam_pwhistory
Commit message (Collapse)AuthorAgeFilesLines
* modules: add pamc headers to the search path only when neededTobias Stoeckmann2024-01-211-2/+2
| | | | | | | | | The pam client library libpamc is only needed if libpam_misc is in use. But libpam_misc is only used by an SELinux helper binary. Remove the libpamc includes from the search path in all other cases. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_pwhistory: allocate crypt data on the heapChristian Göttsche2024-01-211-9/+26
| | | | | The struct crypt_data has the size of 32768 bytes, thus allocate it on the heap for portability.
* modules: zero out crypt_r(3) data before usageChristian Göttsche2024-01-211-3/+1
| | | | The manual page of crypt_r(3) recommends to zero the entire data object.
* pam_pwhistory: fix typo in example configurationTobias Stoeckmann2024-01-161-1/+1
| | | | | | The option file points to a file, not a directory. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_pwhistory: use cp variable only when neededTobias Stoeckmann2024-01-161-17/+13
| | | | | | | Removes its usage from check_old_pass and reduces its visibility in save_old_pass. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_pwhistory: parse opasswd lines verbatimTobias Stoeckmann2024-01-161-16/+4
| | | | | | | | Users may have a hash character in their name, which would be removed. This in turn effectively defeats the purpose of pam_pwhistory for the user. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_pwhistory: disable SELinux code if not usedTobias Stoeckmann2024-01-151-0/+6
| | | | | | Disable code to run helper binary if SELinux is not enabled. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_pwhistory: build pwhistory_helper only with SELinux enabledTobias Stoeckmann2024-01-151-3/+12
| | | | | | | | | | | Apply the same logic of pam_unix Makefile adjustment for pw_history as well. Reference commit is cb9f88ba944d56c0b6c65be18500f7d56c9f514c. The helper pwhistory_helper(8) is only called from code enabled when SELinux support is enabled. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_pwhistory: annotate declaration with format attributeChristian Göttsche2024-01-152-1/+1
| | | | | Instead of annotating the function definition with the format attribute annotate the declaration, so the annotation is visible at call sites.
* treewide: remove unused definesTobias Stoeckmann2024-01-131-2/+0
| | | | | | These are leftovers from fgets usages. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* modules: simplify newline removalTobias Stoeckmann2024-01-121-4/+2
| | | | Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* treewide: strictly separate builddir and srcdirTobias Stoeckmann2024-01-121-1/+1
| | | | | | | | | | Building outside of source directory fails if --disable-doc is not explicitly chosen. This happens because generated files are sometimes expected in the source directory, where they won't exist. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* treewide: fix typos in comments and documentationTobias Stoeckmann2023-12-181-1/+1
| | | | Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* treewide: assume getline existsDmitry V. Levin2023-12-121-38/+0
| | | | | | | | | | | | | | | | Apparently, getline is being used unconditionally in pam_namespace and pam_sepermit. In pam_namespace, it is being used since 2006 when the module was introduced in the first place. Let's assume getline is universally available and let's use it unconditionally in other cases, too. * configure.ac (AC_CHECK_FUNCS): Remove getline and getdelim. * libpam/pam_modutil_searchkey.c (pam_modutil_search_key): Use getline unconditionally. * modules/pam_pwhistory/opasswd.c (check_old_pass, save_old_pass): Likewise. * modules/pam_shells/pam_shells.c (perform_check): Likewise.
* pam_pwhistory: fix memory leak on error pathDmitry V. Levin2023-12-051-0/+1
| | | | | * modules/pam_pwhistory/pwhistory_config.c (parse_config_file): Free the result returned by pam_modutil_search_key when it becomes unused.
* pam_pwhistory: fix passing NULL filename argument to pwhistory helperMd Zain Hasib2023-10-042-3/+3
| | | | | | | | | | | | | | | | | | This change fixes a bug when pwhistory_helper is invoked from pam_pwhistory with an NULL filename, pwhistory_helper receives a short circuited argc count of 3, ignoring the rest of the arguments passed due to filename being NULL. To resolve the issue, an empty string is passed in case the filename is empty, which is later changed back to NULL in pwhistory_helper so that it can be passed to opasswd to read the default opasswd file. * modules/pam_pwhistory/pam_pwhistory.c (run_save_helper, run_check_helper): Replace NULL filename argument with an empty string. * modules/pam_pwhistory/pwhistory_helper.c (main): Replace empty string filename argument with NULL. Fixes: 11c35109a67f ("pam_pwhistory: Enable alternate location for password history file (#396)") Signed-off-by: Dmitry V. Levin <ldv@strace.io>
* modules: cast to unsigned char for character handling functionChristian Göttsche2023-08-071-2/+2
| | | | | | | | Character handling functions, like isspace(3), expect a value representable as unsigned char or equal to EOF. Otherwise the behavior is undefined. See https://wiki.sei.cmu.edu/confluence/display/c/STR37-C.+Arguments+to+character-handling+functions+must+be+representable+as+an+unsigned+char
* Fix build if crypt_r isn't availableBernhard Rosenkränzer2023-06-071-1/+1
| | | | | | | | retval was being defined only in #ifdef HAVE_CRYPT_R, but used unconditionally. Signed-off-by: Bernhard Rosenkränzer <bero@lindev.ch> Fixes: bcba17939e1b ("modules: make use of secure memory erasure")
* pam_pwhistory: switch away from PATH_MAXPino Toscano2023-05-111-11/+29
| | | | | Allocate the buffers dynamically using asprintf(), so there is no need to use PATH_MAX-fixed size buffers.
* modules: make use of secure memory erasureChristian Göttsche2023-02-282-4/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | Use empty initialization of structs to minimize the memset() usage, to reduce the amount of calls which are not sensitive. Non trivial changes: - pam_env: * erase environment variables where possible - pam_exec: * erase responce on error * erase auth token - pam_pwhistory: * erase buffers containing old passwords - pam_selinux: skip overwriting data structure consisting of only pointers to insensitive data, which also gets free'd afterwards (so it currently does not protect against double-free or use-after-free on the member pointers) - pam_unix: erase cipher data in more places - pam_userdb: erase password hashes
* build: use <vendordir>/security directory for installation if it has been setStefan Schubert2023-02-071-0/+4
| | | | | | | | | Otherwise the corresponding files are still installed in /etc/security. * configure.ac (AC_SUBST): Add VENDOR_SCONFIGDIR. (AM_CONDITIONAL): Add HAVE_VENDORDIR. * modules/*/Makefile.am (secureconfdir): Set to VENDOR_SCONFIGDIR if HAVE_VENDORDIR has been set, otherwise to SCONFIGDIR.
* pam_pwhistory: use vendor specific pwhistory.conf as fallbackStefan Schubert2023-01-272-0/+31
| | | | | | | | | | | | | Use the vendor directory defined by --enable-vendordir=DIR configure option as fallback for the distribution provided default config file if there is no configuration in /etc. * modules/pam_pwhistory/pam_pwhistory.8.xml: Describe pwhistory.conf * modules/pam_pwhistory/pwhistory_config.c [VENDOR_SCONFIGDIR] (VENDOR_PWHISTORY_DEFAULT_CONF): New macro. (parse_config_file) [VENDOR_PWHISTORY_DEFAULT_CONF]: Try to open VENDOR_PWHISTORY_DEFAULT_CONF if PWHISTORY_DEFAULT_CONF file does not exist.
* pam_pwhistory: add a basic test for return valuesStefan Schubert2023-01-272-1/+64
| | | | | | * modules/pam_pwhistory/tst-pam_pwhistory-retval.c: New file. * modules/pam_pwhistory/Makefile.am (TESTS): Add $(check_PROGRAMS). (check_PROGRAMS, tst_pam_pwhistory_retval_LDADD): New variables.
* doc: Update PAM documentation from DockBook 4 to DocBook 5Stefan Schubert2022-12-164-91/+68
| | | | | | | | | | | | | | | | | | | | Changed files -------------- Make.xml.rules.in: - Using RNG file instead of DTD file for checking XML files. - Taking the correct stylesheet for README files. doc/sag/Makefile.am, doc/adg/Makefile.am, doc/mwg/Makefile.am: - Using RNG file instead of DTD file for checking XML files. configure.ac: - Adding a new option for selecting RNG check file (-enable-docbook-rng) - Switching stylesheets to docbook 5 - Checking DocBook 5 environment instead of DocBook 4 environment *.xml: Update from DockBook 4 to DocBook 5
* pam_pwhistory: document config load from fileIker Pedrosa2022-07-153-3/+184
| | | | | | | | | | | * modules/pam_pwhistory/pam_pwhistory.8.xml: Add new option to select configuration file to read. * modules/pam_pwhistory/pwhistory.conf.5.xml: Document configuration options for the file. * modules/pam_pwhistory/Makefile.am (dist_man_MANS): Add pwhistory.conf.5. (XMLS): Add pwhistory.conf.5.xml. Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
* pam_pwhistory: load config from fileIker Pedrosa2022-07-155-11/+197
| | | | | | | | | | | | | | | | | * modules/pam_pwhistory/pam_pwhistory.c: Load config from file and provide new conf option to select the file. * modules/pam_pwhistory/pwhistory_config.c: Parse config from file and load to options structure. * modules/pam_pwhistory/pwhistory_config.h: Move options_t structure and define parse_config_file(). * modules/pam_pwhistory/Makefile.am (noinst_HEADERS): Add pwhistory_config.h. (pam_pwhistory_la_SOURCES): Add pwhistory_config.c. (dist_secureconf_DATA): Add pwhistory.conf. * modules/pam_pwhistory/pwhistory.conf: New configuration file. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2068461 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
* pam_pwhistory: Enable alternate location for password history file (#396)Martyn Welch2022-02-075-51/+95
| | | | | | | | | | | | Sometimes, especially in embedded devices, the /etc directory can be read-only and/or not saved over upgrades. In order to ensure password policies are maintained across upgrades and the module functions on read-only file systems, allow the location of the password history file to be set in the PAM configuration. Signed-off-by: Edward <jinzhou.zhu1@ge.com> [Martyn Welch: Updated commit message and ported to latest version] Signed-off-by: Martyn Welch <martyn.welch@collabora.com> Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
* modules: use SCONFIGDIR macroDmitry V. Levin2022-01-231-1/+1
| | | | | | | | | | | | | | | | | Use SCONFIGDIR macro instead of open-coding "/etc/security", the latter is not correct when configured using --enable-sconfigdir with an argument different from /etc/security. * modules/pam_faillock/faillock.h (FAILLOCK_DEFAULT_CONF): Use SCONFIGDIR. * modules/pam_namespace/pam_namespace.h (SECURECONF_DIR): Remove. (PAM_NAMESPACE_CONFIG, NAMESPACE_INIT_SCRIPT, NAMESPACE_D_DIR, NAMESPACE_D_GLOB): Use SCONFIGDIR. * modules/pam_namespace/Makefile.am (AM_CFLAGS): Remove -DSECURECONF_DIR. * modules/pam_pwhistory/opasswd.c (OLD_PASSWORDS_FILE): Use SCONFIGDIR. * modules/pam_unix/passverify.h: Likewise. * modules/pam_unix/passverify.c (OPW_TMPFILE): Use SCONFIGDIR.
* Fix a typo found using codespell toolDmitry V. Levin2021-09-031-1/+1
| | | | | | | * modules/pam_pwhistory/pam_pwhistory.c: Replace "crypted password" with "hashed password" in comment. * modules/pam_unix/passverify.c (create_password_hash): Rename "crypted" local variable to "hashed".
* Remove support for legacy xcryptBjörn Esser2021-06-141-3/+1
| | | | | | | | | | | | | | | | Since many distributions are shipping a version of libxcrypt >= 4.0.0 as a replacement for glibc's libcrypt now, older versions of xcrypt, which could be installed in parallel, are not relevant anymore. * configure.ac (AC_CHECK_HEADERS): Remove xcrypt.h. (AC_SEARCH_LIBS): Remove xcrypt. (AC_CHECK_FUNCS): Remove crypt_gensalt_r. (AC_DEFINE): Remove HAVE_LIBXCRYPT. * modules/pam_pwhistory/opasswd.c [HAVE_LIBXCRYPT]: Remove. * modules/pam_unix/bigcrypt.c [HAVE_LIBXCRYPT]: Likewise. * modules/pam_userdb/pam_userdb.c [HAVE_LIBXCRYPT]: Likewise. * modules/pam_unix/passverify.c [HAVE_LIBXCRYPT]: Likewise. (create_password_hash) [HAVE_LIBXCRYPT]: Likewise.
* Remove deprecated pam_cracklib moduleDmitry V. Levin2020-10-291-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * ci/install-dependencies.sh: Remove libcrack2-dev. * ci/run-build-and-tests.sh (DISTCHECK_CONFIGURE_FLAGS): Remove --enable-cracklib=check. * conf/pam.conf: Remove references to pam_cracklib.so. * configure.ac: Remove --enable-cracklib option. (AC_SUBST): Remove LIBCRACK. (AM_CONDITIONAL): Remove COND_BUILD_PAM_CRACKLIB. (AC_CONFIG_FILES): Remove modules/pam_cracklib/Makefile. * doc/sag/pam_cracklib.xml: Remove. * doc/sag/Linux-PAM_SAG.xml: Do not include pam_cracklib.xml. * modules/Makefile.am (MAYBE_PAM_CRACKLIB): Remove. (SUBDIRS): Remove MAYBE_PAM_CRACKLIB. * modules/pam_cracklib/Makefile.am: Remove. * modules/pam_cracklib/README.xml: Likewise. * modules/pam_cracklib/pam_cracklib.8.xml: Likewise. * modules/pam_cracklib/pam_cracklib.c: Likewise. * modules/pam_cracklib/tst-pam_cracklib: Likewise. * xtests/tst-pam_cracklib1.c: Likewise. * xtests/tst-pam_cracklib1.pamd: Likewise. * xtests/tst-pam_cracklib2.c: Likewise. * xtests/tst-pam_cracklib2.pamd: Likewise. * modules/pam_pwhistory/pam_pwhistory.8.xml: Replace pam_cracklib in examples with pam_passwdqc. * modules/pam_unix/pam_unix.8.xml: Likewise. * po/POTFILES.in: Remove ./modules/pam_cracklib/pam_cracklib.c. * xtests/.gitignore: Remove tst-pam_cracklib1 and tst-pam_cracklib2. * xtests/Makefile.am (EXTRA_DIST): Remove tst-pam_cracklib1.pamd and tst-pam_cracklib2.pamd. (XTESTS): Remove tst-pam_cracklib1 and tst-pam_cracklib2. * NEWS: Document this change.
* Add missing format function attributes and enable -Wmissing-format-attributeChristian Göttsche2020-10-251-0/+1
| | | | | | | | | | | | | | | | | Exported functions already have these attributes, add them to other functions. This enables compilers to find format specifier mismatches, like: foo_print("Hello %d", "world") * m4/warn_lang_flags.m4 (gl_WARN_ADD): Add -Wmissing-format-attribute. * conf/pam_conv1/Makefile.am (AM_CFLAGS): Add -I$(top_srcdir)/libpam/include. * conf/pam_conv1/pam_conv_y.y: Include <security/_pam_types.h>. (yyerror): Add printf format attribute. * modules/pam_pwhistory/opasswd.c (helper_log_err): Likewise. * modules/pam_rootok/pam_rootok.c (log_callback): Likewise. * modules/pam_tally/pam_tally.c (tally_log): Likewise. * modules/pam_tally2/pam_tally2.c (tally_log): Likewise. * modules/pam_unix/passverify.c (helper_log_err): Likewise.
* build: rename PIE_* AC_SUBST variables to EXE_*Dmitry V. Levin2020-08-071-2/+2
| | | | | | | | | There are going to be other options added to CFLAGS and LDFLAGS of executables made along with modules. * configure.ac (EXE_CFLAGS, EXE_LDFLAGS): New variables initialized from PIE_CFLAGS and PIE_LDFLAGS, respectively. AC_SUBST them instead of PIE_CFLAGS and PIE_LDFLAGS. All users updated.
* pam_pwhistory: add helper to handle SELinuxikerexxe2020-07-207-47/+478
| | | | | | | | The purpose of the helper is to enable tighter confinement of login and password changing services. The helper is thus called only when SELinux is enabled on the system. Resolves: https://github.com/linux-pam/linux-pam/pull/247
* modules: do not check user name for emptyness before passing it to ↵Dmitry V. Levin2020-05-161-9/+0
| | | | | | | | | | | | | | | | pam_modutil_getpwnam pam_modutil_getpwnam is perfectly capable of handling empty strings as user names, no need to double check that. * modules/pam_access/pam_access.c (pam_sm_authenticate): Do not check the user name for emptyness before passing it to pam_modutil_getpwnam. * modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise. * modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Likewise. * modules/pam_shells/pam_shells.c (perform_check): Likewise. * modules/pam_tally/pam_tally.c (pam_get_uid): Likewise. * modules/pam_tally2/pam_tally2.c (pam_get_uid): Likewise. * modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise.
* modules: do not check user name for NULL if pam_get_user returned PAM_SUCCESSDmitry V. Levin2020-05-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If pam_get_user returned PAM_SUCCESS, the user name is guaranteed to be a valid C string, no need to double check that. * modules/pam_access/pam_access.c (pam_sm_authenticate): Do not check for NULL the user name returned by pam_get_user when the latter returned PAM_SUCCESS. * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Likewise. * modules/pam_debug/pam_debug.c (pam_sm_authenticate): Likewise. * modules/pam_filter/pam_filter.c (process_args): Likewise. * modules/pam_ftp/pam_ftp.c (pam_sm_authenticate): Likewise. * modules/pam_group/pam_group.c (pam_sm_setcred): Likewise. * modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise. * modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): Likewise. * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Likewise. * modules/pam_mail/pam_mail.c (_do_mail): Likewise. * modules/pam_nologin/pam_nologin.c (perform_check): Likewise. * modules/pam_permit/pam_permit.c (pam_sm_authenticate): Likewise. * modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Likewise. * modules/pam_rhosts/pam_rhosts.c (pam_sm_authenticate): Likewise. * modules/pam_securetty/pam_securetty.c (pam_sm_authenticate): Likewise. * modules/pam_sepermit/pam_sepermit.c (pam_sm_authenticate): Likewise. * modules/pam_shells/pam_shells.c (perform_check): Likewise. * modules/pam_stress/pam_stress.c (pam_sm_authenticate): Likewise. * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Likewise. * modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Likewise. * modules/pam_timestamp/pam_timestamp.c (get_timestamp_name): Likewise. * modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise. * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise. * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Likewise. * modules/pam_usertype/pam_usertype.c (pam_usertype_get_uid): Likewise. * modules/pam_wheel/pam_wheel.c (perform_check): Likewise. * modules/pam_userdb/pam_userdb.c (pam_sm_authenticate, pam_sm_acct_mgmt): Likewise.
* modules: remove PAM_SM_* macrosDmitry V. Levin2020-05-031-2/+2
| | | | | | Starting with commit a684595c0bbd88df71285f43fb27630e3829121e aka Linux-PAM-1.3.0~14 (Remove "--enable-static-modules" option and support from Linux-PAM), PAM_SM_* macros have no effect.
* modules/*/Makefile.am: rename TESTS to dist_check_SCRIPTSDmitry V. Levin2020-05-031-2/+3
| | | | | | | | ... and remove $(TESTS) from EXTRA_DIST. The change is performed automatically using the following script: sed -i -e 's/^TESTS = \(tst.*\)/dist_check_SCRIPTS = \1\nTESTS = $(dist_check_SCRIPTS)/' \ -e '/^EXTRA_DIST/ s/ \$(TESTS)//' modules/*/Makefile.am
* modules/*/Makefile.am: rename man_MANS to dist_man_MANSDmitry V. Levin2020-05-031-2/+2
| | | | | | | ... and remove $(MANS) from EXTRA_DIST. The change is performed automatically using the following script: sed -i 's/^man_MANS/dist_&/; /^EXTRA_DIST/ s/ \$(MANS)//' modules/*/Makefile.am
* modules/*/Makefile.am: add dist_ prefix to *_DATADmitry V. Levin2020-05-031-2/+2
| | | | | | | ... and remove $(DATA) from EXTRA_DIST. The change is performed automatically using the following script: sed -i 's/^[a-z]*_DATA/dist_&/; /^EXTRA_DIST/ s/ \$(DATA)//' modules/*/Makefile.am
* modules/*/Makefile.am: replace README with $(DATA) in EXTRA_DISTDmitry V. Levin2020-04-271-1/+1
| | | | | | | | | | | | Since the GNU Automake distributes README files by default, the only reason why README had to be listed in EXTRA_DIST was to make these README files generated. Since README is also listed in noinst_DATA, we can safely replace README in EXTRA_DIST with $(DATA), this also opens the way for further EXTRA_DIST cleanup. * modules/*/Makefile.am (EXTRA_DIST): Replace README with $(DATA).
* modules/*/Makefile.am: reorder lines to promote uniformityDmitry V. Levin2020-04-271-3/+1
| | | | | This is essentially a no-op change that makes modules/*/Makefile.am files less divergent.
* build: move README prerequisites rule from modules/*/Makefile.am to ↵Dmitry V. Levin2020-04-271-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make.xml.rules As the rule is now the same in every modules/*/Makefile.am file, move it to Make.xml.rules. * Make.xml.rules (README): New prerequisites rule. * modules/pam_access/Makefile.am (README): Remove rule. * modules/pam_cracklib/Makefile.am (README): Likewise. * modules/pam_debug/Makefile.am (README): Likewise. * modules/pam_deny/Makefile.am (README): Likewise. * modules/pam_echo/Makefile.am (README): Likewise. * modules/pam_env/Makefile.am (README): Likewise. * modules/pam_exec/Makefile.am (README): Likewise. * modules/pam_faildelay/Makefile.am (README): Likewise. * modules/pam_filter/Makefile.am (README): Likewise. * modules/pam_ftp/Makefile.am (README): Likewise. * modules/pam_group/Makefile.am (README): Likewise. * modules/pam_issue/Makefile.am (README): Likewise. * modules/pam_keyinit/Makefile.am (README): Likewise. * modules/pam_lastlog/Makefile.am (README): Likewise. * modules/pam_limits/Makefile.am (README): Likewise. * modules/pam_listfile/Makefile.am (README): Likewise. * modules/pam_localuser/Makefile.am (README): Likewise. * modules/pam_loginuid/Makefile.am (README): Likewise. * modules/pam_mail/Makefile.am (README): Likewise. * modules/pam_mkhomedir/Makefile.am (README): Likewise. * modules/pam_motd/Makefile.am (README): Likewise. * modules/pam_namespace/Makefile.am (README): Likewise. * modules/pam_nologin/Makefile.am (README): Likewise. * modules/pam_permit/Makefile.am (README): Likewise. * modules/pam_pwhistory/Makefile.am (README): Likewise. * modules/pam_rhosts/Makefile.am (README): Likewise. * modules/pam_rootok/Makefile.am (README): Likewise. * modules/pam_securetty/Makefile.am (README): Likewise. * modules/pam_selinux/Makefile.am (README): Likewise. * modules/pam_sepermit/Makefile.am (README): Likewise. * modules/pam_setquota/Makefile.am (README): Likewise. * modules/pam_shells/Makefile.am (README): Likewise. * modules/pam_succeed_if/Makefile.am (README): Likewise. * modules/pam_tally/Makefile.am (README): Likewise. * modules/pam_tally2/Makefile.am (README): Likewise. * modules/pam_time/Makefile.am (README): Likewise. * modules/pam_timestamp/Makefile.am (README): Likewise. * modules/pam_tty_audit/Makefile.am (README): Likewise. * modules/pam_umask/Makefile.am (README): Likewise. * modules/pam_unix/Makefile.am (README): Likewise. * modules/pam_userdb/Makefile.am (README): Likewise. * modules/pam_usertype/Makefile.am (README): Likewise. * modules/pam_warn/Makefile.am (README): Likewise. * modules/pam_wheel/Makefile.am (README): Likewise. * modules/pam_xauth/Makefile.am (README): Likewise.
* modules/*/Makefile.am: list prerequisites of README target uniformlyDmitry V. Levin2020-04-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is no need to list prerequisites of README targets manually as all README targets depend on $(XMLS). The change is performed automatically using the following script: sed -i 's/^README: pam_.*/README: $(XMLS)/' modules/*/Makefile.am * modules/pam_access/Makefile.am (README): Replace pam_access.8.xml and access.conf.5.xml with $(XMLS). * modules/pam_cracklib/Makefile.am (README): Replace pam_cracklib.8.xml with $(XMLS). * modules/pam_debug/Makefile.am (README): Replace pam_debug.8.xml with $(XMLS). * modules/pam_deny/Makefile.am (README): Replace pam_deny.8.xml with $(XMLS). * modules/pam_echo/Makefile.am (README): Replace pam_echo.8.xml with $(XMLS). * modules/pam_env/Makefile.am (README): Replace pam_env.8.xml and pam_env.conf.5.xml with $(XMLS). * modules/pam_exec/Makefile.am (README): Replace pam_exec.8.xml with $(XMLS). * modules/pam_faildelay/Makefile.am (README): Replace pam_faildelay.8.xml with $(XMLS). * modules/pam_filter/Makefile.am (README): Replace pam_filter.8.xml with $(XMLS). * modules/pam_ftp/Makefile.am (README): Replace pam_ftp.8.xml with $(XMLS). * modules/pam_group/Makefile.am (README): Replace pam_group.8.xml and group.conf.5.xml with $(XMLS). * modules/pam_issue/Makefile.am (README): Replace pam_issue.8.xml with $(XMLS). * modules/pam_keyinit/Makefile.am (README): Replace pam_keyinit.8.xml with $(XMLS). * modules/pam_lastlog/Makefile.am (README): Replace pam_lastlog.8.xml with $(XMLS). * modules/pam_limits/Makefile.am (README): Replace pam_limits.8.xml and limits.conf.5.xml with $(XMLS). * modules/pam_listfile/Makefile.am (README): Replace pam_listfile.8.xml with $(XMLS). * modules/pam_localuser/Makefile.am (README): Replace pam_localuser.8.xml with $(XMLS). * modules/pam_loginuid/Makefile.am (README): Replace pam_loginuid.8.xml with $(XMLS). * modules/pam_mail/Makefile.am (README): Replace pam_mail.8.xml with $(XMLS). * modules/pam_mkhomedir/Makefile.am (README): Replace pam_mkhomedir.8.xml with $(XMLS). * modules/pam_motd/Makefile.am (README): Replace pam_motd.8.xml with $(XMLS). * modules/pam_namespace/Makefile.am (README): Replace pam_namespace.8.xml, namespace.conf.5.xml, and pam_namespace_helper.8.xml with $(XMLS). * modules/pam_nologin/Makefile.am (README): Replace pam_nologin.8.xml with $(XMLS). * modules/pam_permit/Makefile.am (README): Replace pam_permit.8.xml with $(XMLS). * modules/pam_pwhistory/Makefile.am (README): Replace pam_pwhistory.8.xml with $(XMLS). * modules/pam_rhosts/Makefile.am (README): Replace pam_rhosts.8.xml with $(XMLS). * modules/pam_rootok/Makefile.am (README): Replace pam_rootok.8.xml with $(XMLS). * modules/pam_securetty/Makefile.am (README): Replace pam_securetty.8.xml with $(XMLS). * modules/pam_selinux/Makefile.am (README): Replace pam_selinux.8.xml with $(XMLS). * modules/pam_sepermit/Makefile.am (README): Replace pam_sepermit.8.xml with $(XMLS). * modules/pam_setquota/Makefile.am (README): Replace pam_setquota.8.xml with $(XMLS). * modules/pam_shells/Makefile.am (README): Replace pam_shells.8.xml with $(XMLS). * modules/pam_succeed_if/Makefile.am (README): Replace pam_succeed_if.8.xml with $(XMLS). * modules/pam_tally/Makefile.am (README): Replace pam_tally.8.xml with $(XMLS). * modules/pam_tally2/Makefile.am (README): Replace pam_tally2.8.xml with $(XMLS). * modules/pam_time/Makefile.am (README): Replace pam_time.8.xml and time.conf.5.xml with $(XMLS). * modules/pam_timestamp/Makefile.am (README): Replace pam_timestamp.8.xml with $(XMLS). * modules/pam_tty_audit/Makefile.am (README): Replace pam_tty_audit.8.xml with $(XMLS). * modules/pam_umask/Makefile.am (README): Replace pam_umask.8.xml with $(XMLS). * modules/pam_unix/Makefile.am (README): Replace pam_unix.8.xml with $(XMLS). * modules/pam_userdb/Makefile.am (README): Replace pam_userdb.8.xml with $(XMLS). * modules/pam_usertype/Makefile.am (README): Replace pam_usertype.8.xml with $(XMLS). * modules/pam_warn/Makefile.am (README): Replace pam_warn.8.xml with $(XMLS). * modules/pam_wheel/Makefile.am (README): Replace pam_wheel.8.xml with $(XMLS). * modules/pam_xauth/Makefile.am (README): Replace pam_xauth.8.xml with $(XMLS).
* modules/*/Makefile.am: list tests in EXTRA_DIST uniformlyDmitry V. Levin2020-04-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The change was prepared using the following script: git grep -l '^TESTS = tst-pam_' modules/ |while read m; do t="$(sed '/^TESTS = tst-pam_/!d;s/^TESTS = //;q' -- "$m")" sed -i "/^EXTRA_DIST =/ s/$t\\>/\$(TESTS)/" -- "$m" done * modules/pam_access/Makefile.am (EXTRA_DIST): Replace tst-pam_access with $(TESTS). * modules/pam_cracklib/Makefile.am (EXTRA_DIST): Replace tst-pam_cracklib with $(TESTS). * modules/pam_debug/Makefile.am (EXTRA_DIST): Replace tst-pam_debug with $(TESTS). * modules/pam_deny/Makefile.am (EXTRA_DIST): Replace tst-pam_deny with $(TESTS). * modules/pam_echo/Makefile.am (EXTRA_DIST): Replace tst-pam_echo with $(TESTS). * modules/pam_env/Makefile.am (EXTRA_DIST): Replace tst-pam_env with $(TESTS). * modules/pam_exec/Makefile.am (EXTRA_DIST): Replace tst-pam_exec with $(TESTS). * modules/pam_faildelay/Makefile.am (EXTRA_DIST): Replace tst-pam_faildelay with $(TESTS). * modules/pam_filter/Makefile.am (EXTRA_DIST): Replace tst-pam_filter with $(TESTS). * modules/pam_ftp/Makefile.am (EXTRA_DIST): Replace tst-pam_ftp with $(TESTS). * modules/pam_group/Makefile.am (EXTRA_DIST): Replace tst-pam_group with $(TESTS). * modules/pam_issue/Makefile.am (EXTRA_DIST): Replace tst-pam_issue with $(TESTS). * modules/pam_keyinit/Makefile.am (EXTRA_DIST): Replace tst-pam_keyinit with $(TESTS). * modules/pam_lastlog/Makefile.am (EXTRA_DIST): Replace tst-pam_lastlog with $(TESTS). * modules/pam_limits/Makefile.am (EXTRA_DIST): Replace tst-pam_limits with $(TESTS). * modules/pam_listfile/Makefile.am (EXTRA_DIST): Replace tst-pam_listfile with $(TESTS). * modules/pam_localuser/Makefile.am (EXTRA_DIST): Replace tst-pam_localuser with $(TESTS). * modules/pam_loginuid/Makefile.am (EXTRA_DIST): Replace tst-pam_loginuid with $(TESTS). * modules/pam_mail/Makefile.am (EXTRA_DIST): Replace tst-pam_mail with $(TESTS). * modules/pam_mkhomedir/Makefile.am (EXTRA_DIST): Replace tst-pam_mkhomedir with $(TESTS). * modules/pam_motd/Makefile.am (EXTRA_DIST): Replace tst-pam_motd with $(TESTS). * modules/pam_namespace/Makefile.am (EXTRA_DIST): Replace tst-pam_namespace with $(TESTS). * modules/pam_nologin/Makefile.am (EXTRA_DIST): Replace tst-pam_nologin with $(TESTS). * modules/pam_permit/Makefile.am (EXTRA_DIST): Replace tst-pam_permit with $(TESTS). * modules/pam_pwhistory/Makefile.am (EXTRA_DIST): Replace tst-pam_pwhistory with $(TESTS). * modules/pam_rhosts/Makefile.am (EXTRA_DIST): Replace tst-pam_rhosts with $(TESTS). * modules/pam_rootok/Makefile.am (EXTRA_DIST): Replace tst-pam_rootok with $(TESTS). * modules/pam_securetty/Makefile.am (EXTRA_DIST): Replace tst-pam_securetty with $(TESTS). * modules/pam_sepermit/Makefile.am (EXTRA_DIST): Replace tst-pam_sepermit with $(TESTS). * modules/pam_setquota/Makefile.am (EXTRA_DIST): Replace tst-pam_setquota with $(TESTS). * modules/pam_shells/Makefile.am (EXTRA_DIST): Replace tst-pam_shells with $(TESTS). * modules/pam_stress/Makefile.am (EXTRA_DIST): Replace tst-pam_stress with $(TESTS). * modules/pam_succeed_if/Makefile.am (EXTRA_DIST): Replace tst-pam_succeed_if with $(TESTS). * modules/pam_tally/Makefile.am (EXTRA_DIST): Replace tst-pam_tally with $(TESTS). * modules/pam_tally2/Makefile.am (EXTRA_DIST): Replace tst-pam_tally2 with $(TESTS). * modules/pam_time/Makefile.am (EXTRA_DIST): Replace tst-pam_time with $(TESTS). * modules/pam_tty_audit/Makefile.am (EXTRA_DIST): Replace tst-pam_tty_audit with $(TESTS). * modules/pam_umask/Makefile.am (EXTRA_DIST): Replace tst-pam_umask with $(TESTS). * modules/pam_userdb/Makefile.am (EXTRA_DIST): Replace tst-pam_userdb with $(TESTS). * modules/pam_usertype/Makefile.am (EXTRA_DIST): Replace tst-pam_usertype with $(TESTS). * modules/pam_warn/Makefile.am (EXTRA_DIST): Replace tst-pam_warn with $(TESTS). * modules/pam_wheel/Makefile.am (EXTRA_DIST): Replace tst-pam_wheel with $(TESTS). * modules/pam_xauth/Makefile.am (EXTRA_DIST): Replace tst-pam_xauth with $(TESTS).
* modules/pam_pwhistory: use pam_str_skip_icase_prefixDmitry V. Levin2020-03-191-5/+8
| | | | | | * modules/pam_pwhistory/pam_pwhistory.c: Include "pam_inline.h". (parse_option): Use pam_str_skip_icase_prefix instead of ugly strncasecmp invocations.
* configure.ac: add --enable-doc optionFabrice Fontaine2020-01-271-0/+2
| | | | | | | | Allow the user to disable documentation through --disable-doc (enabled by default), this is especially useful when cross-compiling for embedded targets Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
* Do not use CFLAGS for warning flags set from configureTomas Mraz2019-12-181-1/+2
| | | | | | | | To be able to set CFLAGS from make command-line but not to lose the warning flags. * configure.ac: Put warning flags to WARN_CFLAGS instead of CFLAGS. * */Makefile.am: Apply WARN_CFLAGS to AM_CFLAGS.
* pam_pwhistory: fix build when -lxcrypt is not availableDmitry V. Levin2019-12-161-1/+1
| | | | | | | | | | | When xcrypt.h is available but -lxcrypt is not, pam_pwhistory fails to build with the following diagnostics: modules/pam_pwhistory/opasswd.c:111: undefined reference to `xcrypt_r' Fix this by using the same check for xcrypt as in other modules. * modules/pam_pwhistory/opasswd.c: Replace HAVE_XCRYPT_H with HAVE_LIBXCRYPT.
* pwhistory: fix read of uninitialized data and memory leak when modifying opasswdMatt Cowell2019-09-021-3/+3
| | | | | | | | | | | | | | | | | | | The glibc implementation of getline/getdelim does not guarantee a NUL terminator in lineptr if getline returns failure (-1). This occurs when the opasswd file exists but is empty. Since strdup is called immediately afterwards, this causes strdup to read uninitialized memory and possibly buffer overrun / crash. This also fixes a memory leak which always occurs when reading the last line of the opasswd file. Since the strdup is called before checking the return code from getline, getdelim, or fgets+strlen, it will duplicate and never free either: - The last successfully read line (for getline or getdelim) - Uninitialized data (if the file is empty) - A 0 byte string (for fgets+strlen) Fix by always checking the return code of getline, getdelim, or fgets+strlen before calling strdup.
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-15 23:39:02 +0000