| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
There is no point in supporting two different build systems.
|
| |
|
|
|
|
|
|
|
|
| |
On my non-representative hardware, the full build using autotools
(./autogen.sh && CFLAGS=-O2 ./configure && make -j`nproc` && make -j`nproc` install)
takes about 45 seconds.
On the same hardware, the full build using meson
(meson setup -Doptimization=2 dir && meson compile -C dir && meson install -C dir)
takes just about 7.5 seconds.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Do not include <libintl.h> and other i18n stuff via config.h which is
included into every compilation unit, include "pam_i18n.h" explicitly
where necessary.
* configure.ac (AH_BOTTOM): Remove.
* libpam/pam_get_authtok.c: Include "pam_i18n.h".
* libpam/pam_item.c: Likewise.
* libpam/pam_strerror.c: Likewise.
* libpam_misc/misc_conv.c: Likewise.
* modules/pam_exec/pam_exec.c: Likewise.
* modules/pam_faillock/main.c: Likewise.
* modules/pam_faillock/pam_faillock.c: Likewise.
* modules/pam_lastlog/pam_lastlog.c: Likewise.
* modules/pam_limits/pam_limits.c: Likewise.
* modules/pam_mail/pam_mail.c: Likewise.
* modules/pam_mkhomedir/pam_mkhomedir.c: Likewise.
* modules/pam_pwhistory/pam_pwhistory.c: Likewise.
* modules/pam_selinux/pam_selinux.c: Likewise.
* modules/pam_selinux/pam_selinux_check.c: Likewise.
* modules/pam_timestamp/pam_timestamp.c: Likewise.
* modules/pam_unix/pam_unix_acct.c: Likewise.
* modules/pam_unix/pam_unix_passwd.c: Likewise.
* modules/pam_userdb/pam_userdb.c: Likewise.
|
| |
|
|
|
|
|
|
|
| |
The pam client library libpamc is only needed if libpam_misc is in use.
But libpam_misc is only used by an SELinux helper binary.
Remove the libpamc includes from the search path in all other cases.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
|
|
| |
Building outside of source directory fails if --disable-doc is not
explicitly chosen.
This happens because generated files are sometimes expected in the
source directory, where they won't exist.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
| |
As the context variables can be NULL at this point, this has to be
reflected when printing them for debug purposes.
Signed-off-by: Benny Baumann <BenBE@geshi.org>
|
| |
|
|
|
|
|
| |
pam_selinux uses audit_log_user_message to write to the audit system.
It does not take an op argument, so you have to add one yourself. Otherwise
the pam_selinux part of the message is lost because it's not in key=value
format.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use empty initialization of structs to minimize the memset() usage, to
reduce the amount of calls which are not sensitive.
Non trivial changes:
- pam_env:
* erase environment variables where possible
- pam_exec:
* erase responce on error
* erase auth token
- pam_pwhistory:
* erase buffers containing old passwords
- pam_selinux: skip overwriting data structure consisting of only
pointers to insensitive data, which also gets free'd afterwards (so
it currently does not protect against double-free or use-after-free on
the member pointers)
- pam_unix: erase cipher data in more places
- pam_userdb: erase password hashes
|
| |
|
|
|
|
|
|
|
| |
Otherwise the corresponding files are still installed in /etc/security.
* configure.ac (AC_SUBST): Add VENDOR_SCONFIGDIR.
(AM_CONDITIONAL): Add HAVE_VENDORDIR.
* modules/*/Makefile.am (secureconfdir): Set to VENDOR_SCONFIGDIR
if HAVE_VENDORDIR has been set, otherwise to SCONFIGDIR.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
security_getenforce(3) can return -1 on error; either because the
selinuxfs is not mounted or reading from /sys/fs/selinux/enforce failed.
Since security_getenforce(3) is either called after an approving call to
is_selinux_enabled(3) in create_context() or with populated module
data in restore_context(), which requires a previous pass of
create_context(), the selinuxfs should be mounted.
Reading from /sys/fs/selinux/enforce should never fail (except being
prohibited by the SElinux policy itself) since it is a public interface.
In the unlikely case of security_getenforce(3) nevertheless failing
continue execution as if the result was enforcing (likewise to
pam_sepermit and pam_rootok).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changed files
--------------
Make.xml.rules.in:
- Using RNG file instead of DTD file for checking XML files.
- Taking the correct stylesheet for README files.
doc/sag/Makefile.am, doc/adg/Makefile.am, doc/mwg/Makefile.am:
- Using RNG file instead of DTD file for checking XML files.
configure.ac:
- Adding a new option for selecting RNG check file (-enable-docbook-rng)
- Switching stylesheets to docbook 5
- Checking DocBook 5 environment instead of DocBook 4 environment
*.xml:
Update from DockBook 4 to DocBook 5
|
| |
|
|
|
|
|
|
|
|
| |
Check for the unlikely case string_to_security_class() does not find the
associated SELinux security class.
This will only happen if the loaded SELinux policy does not define the
class "chr_file" (which no sane policy does) or querying the selinuxfs
fails.
Suggested by #309
|
| |
|
|
|
|
| |
Starting with commit a684595c0bbd88df71285f43fb27630e3829121e aka
Linux-PAM-1.3.0~14 (Remove "--enable-static-modules" option and support
from Linux-PAM), PAM_SM_* macros have no effect.
|
| |
|
|
|
|
|
|
| |
... and remove $(TESTS) from EXTRA_DIST.
The change is performed automatically using the following script:
sed -i -e 's/^TESTS = \(tst.*\)/dist_check_SCRIPTS = \1\nTESTS = $(dist_check_SCRIPTS)/' \
-e '/^EXTRA_DIST/ s/ \$(TESTS)//' modules/*/Makefile.am
|
| |
|
|
|
|
|
| |
... and remove $(MANS) from EXTRA_DIST.
The change is performed automatically using the following script:
sed -i 's/^man_MANS/dist_&/; /^EXTRA_DIST/ s/ \$(MANS)//' modules/*/Makefile.am
|
| |
|
|
|
|
|
| |
... and remove $(DATA) from EXTRA_DIST.
The change is performed automatically using the following script:
sed -i 's/^[a-z]*_DATA/dist_&/; /^EXTRA_DIST/ s/ \$(DATA)//' modules/*/Makefile.am
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Since the GNU Automake distributes README files by default, the only
reason why README had to be listed in EXTRA_DIST was to make these
README files generated.
Since README is also listed in noinst_DATA, we can safely replace
README in EXTRA_DIST with $(DATA), this also opens the way for
further EXTRA_DIST cleanup.
* modules/*/Makefile.am (EXTRA_DIST): Replace README with $(DATA).
|
| |
|
|
|
| |
This is essentially a no-op change that makes modules/*/Makefile.am
files less divergent.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make.xml.rules
As the rule is now the same in every modules/*/Makefile.am file,
move it to Make.xml.rules.
* Make.xml.rules (README): New prerequisites rule.
* modules/pam_access/Makefile.am (README): Remove rule.
* modules/pam_cracklib/Makefile.am (README): Likewise.
* modules/pam_debug/Makefile.am (README): Likewise.
* modules/pam_deny/Makefile.am (README): Likewise.
* modules/pam_echo/Makefile.am (README): Likewise.
* modules/pam_env/Makefile.am (README): Likewise.
* modules/pam_exec/Makefile.am (README): Likewise.
* modules/pam_faildelay/Makefile.am (README): Likewise.
* modules/pam_filter/Makefile.am (README): Likewise.
* modules/pam_ftp/Makefile.am (README): Likewise.
* modules/pam_group/Makefile.am (README): Likewise.
* modules/pam_issue/Makefile.am (README): Likewise.
* modules/pam_keyinit/Makefile.am (README): Likewise.
* modules/pam_lastlog/Makefile.am (README): Likewise.
* modules/pam_limits/Makefile.am (README): Likewise.
* modules/pam_listfile/Makefile.am (README): Likewise.
* modules/pam_localuser/Makefile.am (README): Likewise.
* modules/pam_loginuid/Makefile.am (README): Likewise.
* modules/pam_mail/Makefile.am (README): Likewise.
* modules/pam_mkhomedir/Makefile.am (README): Likewise.
* modules/pam_motd/Makefile.am (README): Likewise.
* modules/pam_namespace/Makefile.am (README): Likewise.
* modules/pam_nologin/Makefile.am (README): Likewise.
* modules/pam_permit/Makefile.am (README): Likewise.
* modules/pam_pwhistory/Makefile.am (README): Likewise.
* modules/pam_rhosts/Makefile.am (README): Likewise.
* modules/pam_rootok/Makefile.am (README): Likewise.
* modules/pam_securetty/Makefile.am (README): Likewise.
* modules/pam_selinux/Makefile.am (README): Likewise.
* modules/pam_sepermit/Makefile.am (README): Likewise.
* modules/pam_setquota/Makefile.am (README): Likewise.
* modules/pam_shells/Makefile.am (README): Likewise.
* modules/pam_succeed_if/Makefile.am (README): Likewise.
* modules/pam_tally/Makefile.am (README): Likewise.
* modules/pam_tally2/Makefile.am (README): Likewise.
* modules/pam_time/Makefile.am (README): Likewise.
* modules/pam_timestamp/Makefile.am (README): Likewise.
* modules/pam_tty_audit/Makefile.am (README): Likewise.
* modules/pam_umask/Makefile.am (README): Likewise.
* modules/pam_unix/Makefile.am (README): Likewise.
* modules/pam_userdb/Makefile.am (README): Likewise.
* modules/pam_usertype/Makefile.am (README): Likewise.
* modules/pam_warn/Makefile.am (README): Likewise.
* modules/pam_wheel/Makefile.am (README): Likewise.
* modules/pam_xauth/Makefile.am (README): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is no need to list prerequisites of README targets manually as
all README targets depend on $(XMLS).
The change is performed automatically using the following script:
sed -i 's/^README: pam_.*/README: $(XMLS)/' modules/*/Makefile.am
* modules/pam_access/Makefile.am (README): Replace pam_access.8.xml
and access.conf.5.xml with $(XMLS).
* modules/pam_cracklib/Makefile.am (README): Replace pam_cracklib.8.xml
with $(XMLS).
* modules/pam_debug/Makefile.am (README): Replace pam_debug.8.xml
with $(XMLS).
* modules/pam_deny/Makefile.am (README): Replace pam_deny.8.xml
with $(XMLS).
* modules/pam_echo/Makefile.am (README): Replace pam_echo.8.xml
with $(XMLS).
* modules/pam_env/Makefile.am (README): Replace pam_env.8.xml and
pam_env.conf.5.xml with $(XMLS).
* modules/pam_exec/Makefile.am (README): Replace pam_exec.8.xml
with $(XMLS).
* modules/pam_faildelay/Makefile.am (README): Replace
pam_faildelay.8.xml with $(XMLS).
* modules/pam_filter/Makefile.am (README): Replace pam_filter.8.xml
with $(XMLS).
* modules/pam_ftp/Makefile.am (README): Replace pam_ftp.8.xml with
$(XMLS).
* modules/pam_group/Makefile.am (README): Replace pam_group.8.xml
and group.conf.5.xml with $(XMLS).
* modules/pam_issue/Makefile.am (README): Replace pam_issue.8.xml
with $(XMLS).
* modules/pam_keyinit/Makefile.am (README): Replace pam_keyinit.8.xml
with $(XMLS).
* modules/pam_lastlog/Makefile.am (README): Replace pam_lastlog.8.xml
with $(XMLS).
* modules/pam_limits/Makefile.am (README): Replace pam_limits.8.xml
and limits.conf.5.xml with $(XMLS).
* modules/pam_listfile/Makefile.am (README): Replace pam_listfile.8.xml
with $(XMLS).
* modules/pam_localuser/Makefile.am (README): Replace
pam_localuser.8.xml with $(XMLS).
* modules/pam_loginuid/Makefile.am (README): Replace pam_loginuid.8.xml
with $(XMLS).
* modules/pam_mail/Makefile.am (README): Replace pam_mail.8.xml
with $(XMLS).
* modules/pam_mkhomedir/Makefile.am (README): Replace
pam_mkhomedir.8.xml with $(XMLS).
* modules/pam_motd/Makefile.am (README): Replace pam_motd.8.xml
with $(XMLS).
* modules/pam_namespace/Makefile.am (README): Replace
pam_namespace.8.xml, namespace.conf.5.xml,
and pam_namespace_helper.8.xml with $(XMLS).
* modules/pam_nologin/Makefile.am (README): Replace pam_nologin.8.xml
with $(XMLS).
* modules/pam_permit/Makefile.am (README): Replace pam_permit.8.xml
with $(XMLS).
* modules/pam_pwhistory/Makefile.am (README): Replace
pam_pwhistory.8.xml with $(XMLS).
* modules/pam_rhosts/Makefile.am (README): Replace pam_rhosts.8.xml
with $(XMLS).
* modules/pam_rootok/Makefile.am (README): Replace pam_rootok.8.xml
with $(XMLS).
* modules/pam_securetty/Makefile.am (README): Replace
pam_securetty.8.xml with $(XMLS).
* modules/pam_selinux/Makefile.am (README): Replace pam_selinux.8.xml
with $(XMLS).
* modules/pam_sepermit/Makefile.am (README): Replace pam_sepermit.8.xml
with $(XMLS).
* modules/pam_setquota/Makefile.am (README): Replace pam_setquota.8.xml
with $(XMLS).
* modules/pam_shells/Makefile.am (README): Replace pam_shells.8.xml
with $(XMLS).
* modules/pam_succeed_if/Makefile.am (README): Replace
pam_succeed_if.8.xml with $(XMLS).
* modules/pam_tally/Makefile.am (README): Replace pam_tally.8.xml
with $(XMLS).
* modules/pam_tally2/Makefile.am (README): Replace pam_tally2.8.xml
with $(XMLS).
* modules/pam_time/Makefile.am (README): Replace pam_time.8.xml and
time.conf.5.xml with $(XMLS).
* modules/pam_timestamp/Makefile.am (README): Replace
pam_timestamp.8.xml with $(XMLS).
* modules/pam_tty_audit/Makefile.am (README): Replace
pam_tty_audit.8.xml with $(XMLS).
* modules/pam_umask/Makefile.am (README): Replace pam_umask.8.xml
with $(XMLS).
* modules/pam_unix/Makefile.am (README): Replace pam_unix.8.xml
with $(XMLS).
* modules/pam_userdb/Makefile.am (README): Replace pam_userdb.8.xml
with $(XMLS).
* modules/pam_usertype/Makefile.am (README): Replace pam_usertype.8.xml
with $(XMLS).
* modules/pam_warn/Makefile.am (README): Replace pam_warn.8.xml
with $(XMLS).
* modules/pam_wheel/Makefile.am (README): Replace pam_wheel.8.xml
with $(XMLS).
* modules/pam_xauth/Makefile.am (README): Replace pam_xauth.8.xml
with $(XMLS).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
List in EXTRA_DIST those manual pages that are listed in man_MANS
as $(MANS).
* modules/pam_cracklib/Makefile.am (EXTRA_DIST): Replace pam_cracklib.8
with $(MANS).
* modules/pam_keyinit/Makefile.am (EXTRA_DIST): Replace pam_keyinit.8
with $(MANS).
* modules/pam_selinux/Makefile.am (EXTRA_DIST): Replace pam_selinux.8
with $(MANS).
* modules/pam_sepermit/Makefile.am (EXTRA_DIST): Replace pam_sepermit.8
and sepermit.conf.5 with $(MANS).
* modules/pam_tty_audit/Makefile.am (EXTRA_DIST): Replace
pam_tty_audit.8 with $(MANS).
* modules/pam_userdb/Makefile.am (EXTRA_DIST): Replace pam_userdb.8 with
$(MANS).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The change was prepared using the following script:
git grep -l '^TESTS = tst-pam_' modules/ |while read m; do
t="$(sed '/^TESTS = tst-pam_/!d;s/^TESTS = //;q' -- "$m")"
sed -i "/^EXTRA_DIST =/ s/$t\\>/\$(TESTS)/" -- "$m"
done
* modules/pam_access/Makefile.am (EXTRA_DIST): Replace tst-pam_access
with $(TESTS).
* modules/pam_cracklib/Makefile.am (EXTRA_DIST): Replace
tst-pam_cracklib with $(TESTS).
* modules/pam_debug/Makefile.am (EXTRA_DIST): Replace tst-pam_debug with
$(TESTS).
* modules/pam_deny/Makefile.am (EXTRA_DIST): Replace tst-pam_deny with
$(TESTS).
* modules/pam_echo/Makefile.am (EXTRA_DIST): Replace tst-pam_echo with
$(TESTS).
* modules/pam_env/Makefile.am (EXTRA_DIST): Replace tst-pam_env with
$(TESTS).
* modules/pam_exec/Makefile.am (EXTRA_DIST): Replace tst-pam_exec with
$(TESTS).
* modules/pam_faildelay/Makefile.am (EXTRA_DIST): Replace
tst-pam_faildelay with $(TESTS).
* modules/pam_filter/Makefile.am (EXTRA_DIST): Replace tst-pam_filter
with $(TESTS).
* modules/pam_ftp/Makefile.am (EXTRA_DIST): Replace tst-pam_ftp with
$(TESTS).
* modules/pam_group/Makefile.am (EXTRA_DIST): Replace tst-pam_group with
$(TESTS).
* modules/pam_issue/Makefile.am (EXTRA_DIST): Replace tst-pam_issue with
$(TESTS).
* modules/pam_keyinit/Makefile.am (EXTRA_DIST): Replace tst-pam_keyinit
with $(TESTS).
* modules/pam_lastlog/Makefile.am (EXTRA_DIST): Replace tst-pam_lastlog
with $(TESTS).
* modules/pam_limits/Makefile.am (EXTRA_DIST): Replace tst-pam_limits
with $(TESTS).
* modules/pam_listfile/Makefile.am (EXTRA_DIST): Replace
tst-pam_listfile with $(TESTS).
* modules/pam_localuser/Makefile.am (EXTRA_DIST): Replace
tst-pam_localuser with $(TESTS).
* modules/pam_loginuid/Makefile.am (EXTRA_DIST): Replace
tst-pam_loginuid with $(TESTS).
* modules/pam_mail/Makefile.am (EXTRA_DIST): Replace tst-pam_mail with
$(TESTS).
* modules/pam_mkhomedir/Makefile.am (EXTRA_DIST): Replace
tst-pam_mkhomedir with $(TESTS).
* modules/pam_motd/Makefile.am (EXTRA_DIST): Replace tst-pam_motd with
$(TESTS).
* modules/pam_namespace/Makefile.am (EXTRA_DIST): Replace
tst-pam_namespace with $(TESTS).
* modules/pam_nologin/Makefile.am (EXTRA_DIST): Replace tst-pam_nologin
with $(TESTS).
* modules/pam_permit/Makefile.am (EXTRA_DIST): Replace tst-pam_permit
with $(TESTS).
* modules/pam_pwhistory/Makefile.am (EXTRA_DIST): Replace
tst-pam_pwhistory with $(TESTS).
* modules/pam_rhosts/Makefile.am (EXTRA_DIST): Replace tst-pam_rhosts
with $(TESTS).
* modules/pam_rootok/Makefile.am (EXTRA_DIST): Replace tst-pam_rootok
with $(TESTS).
* modules/pam_securetty/Makefile.am (EXTRA_DIST): Replace
tst-pam_securetty with $(TESTS).
* modules/pam_sepermit/Makefile.am (EXTRA_DIST): Replace
tst-pam_sepermit with $(TESTS).
* modules/pam_setquota/Makefile.am (EXTRA_DIST): Replace
tst-pam_setquota with $(TESTS).
* modules/pam_shells/Makefile.am (EXTRA_DIST): Replace tst-pam_shells
with $(TESTS).
* modules/pam_stress/Makefile.am (EXTRA_DIST): Replace tst-pam_stress
with $(TESTS).
* modules/pam_succeed_if/Makefile.am (EXTRA_DIST): Replace
tst-pam_succeed_if with $(TESTS).
* modules/pam_tally/Makefile.am (EXTRA_DIST): Replace tst-pam_tally with
$(TESTS).
* modules/pam_tally2/Makefile.am (EXTRA_DIST): Replace tst-pam_tally2
with $(TESTS).
* modules/pam_time/Makefile.am (EXTRA_DIST): Replace tst-pam_time with
$(TESTS).
* modules/pam_tty_audit/Makefile.am (EXTRA_DIST): Replace
tst-pam_tty_audit with $(TESTS).
* modules/pam_umask/Makefile.am (EXTRA_DIST): Replace tst-pam_umask with
$(TESTS).
* modules/pam_userdb/Makefile.am (EXTRA_DIST): Replace tst-pam_userdb
with $(TESTS).
* modules/pam_usertype/Makefile.am (EXTRA_DIST): Replace
tst-pam_usertype with $(TESTS).
* modules/pam_warn/Makefile.am (EXTRA_DIST): Replace tst-pam_warn with
$(TESTS).
* modules/pam_wheel/Makefile.am (EXTRA_DIST): Replace tst-pam_wheel with
$(TESTS).
* modules/pam_xauth/Makefile.am (EXTRA_DIST): Replace tst-pam_xauth with
$(TESTS).
|
| |
|
|
|
|
|
|
|
|
|
| |
Manual pages already belong to man_MANS, listing them also
in noinst_DATA does not help in any way.
* modules/pam_cracklib/Makefile.am (noinst_DATA): Remove pam_cracklib.8.
* modules/pam_selinux/Makefile.am (noinst_DATA): Remove pam_selinux.8.
* modules/pam_sepermit/Makefile.am (noinst_DATA): Remove pam_sepermit.8
and sepermit.conf.5.
* modules/pam_userdb/Makefile.am (noinst_DATA): Remove pam_userdb.8.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (AM_CONDITIONAL): Replace HAVE_LIBSELINUX with
COND_BUILD_PAM_SELINUX and COND_BUILD_PAM_SEPERMIT.
* modules/Makefile.am [COND_BUILD_PAM_SELINUX] (MAYBE_PAM_SELINUX):
Define.
[COND_BUILD_PAM_SEPERMIT] (MAYBE_PAM_SEPERMIT): Likewise.
(SUBDIRS): Replace pam_selinux with $(MAYBE_PAM_SELINUX),
pam_sepermit with MAYBE_PAM_SEPERMIT.
* modules/pam_selinux/Makefile.am: Assume HAVE_LIBSELINUX.
* modules/pam_sepermit/Makefile.am: Likewise.
|
| |
|
|
| |
Resolves: https://github.com/linux-pam/linux-pam/pull/194
|
| | |
|
| | |
|
| |
|
|
|
| |
The result is nowhere checked and other logging functions like
pam_syslog are also not checked.
|
| | |
|
| |
|
|
|
|
|
|
| |
`security_context_t` is a legacy typedef to `char *`, substitute all usage.
See
https://github.com/SELinuxProject/selinux/commit/9eb9c9327563014ad6a807814e7975424642d5b9
https://github.com/SELinuxProject/selinux/blob/f8c110c8a615eb640510eab39640a0957a6ba19c/libselinux/include/selinux/selinux.h#L16
|
| |
|
|
|
|
| |
* modules/pam_selinux/pam_selinux.c: Include "pam_inline.h".
(compute_exec_context, compute_tty_context): Use pam_str_skip_prefix
instead of ugly strncmp invocations.
|
| |
|
|
|
|
| |
Explanation: check whether unknown object classes or permissions are allowed or denied in the current policy
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1680961
|
| |
|
|
|
| |
There are some source code including the same header file redundantly.
We remove these redundant header file inclusion.
|
| |
|
|
|
|
|
|
| |
Allow the user to disable documentation through --disable-doc (enabled
by default), this is especially useful when cross-compiling for embedded
targets
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
| |
|
|
|
|
|
|
| |
To be able to set CFLAGS from make command-line but not to lose the
warning flags.
* configure.ac: Put warning flags to WARN_CFLAGS instead of CFLAGS.
* */Makefile.am: Apply WARN_CFLAGS to AM_CFLAGS.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* conf/pam_conv1/Makefile.am: Add -Wno-unused-function -Wno-sign-compare to CFLAGS.
* doc/specs/Makefile.am: Likewise.
* libpamc/include/security/pam_client.h: Explicitly compare old_p with NULL.
* modules/pam_access/pam_access.c: Avoid double const.
* modules/pam_filter/pam_filter.c: Avoid arbitrary constants. Avoid strncpy()
without copying the NUL byte.
* modules/pam_group/pam_group.c: Mark switch fallthrough with comment.
* modules/pam_time/pam_time.c: Likewise.
* modules/pam_limits/pam_limits.c: Remove unused units variable.
* modules/pam_listfile/pam_listfile.c: Avoid unnecessary strncpy, use pointers.
* modules/pam_rootok/pam_rootok.c (log_callback): Mark unused parameter.
* modules/pam_selinux/pam_selinux.c: Use string_to_security_class() instead
of hardcoded value.
* modules/pam_sepermit/pam_sepermit.c: Properly cast when comparing.
* modules/pam_succeed_if/pam_succeed_if.c: Mark unused parameters.
* modules/pam_unix/pam_unix_passwd.c: Remove unused variables and properly
cast for comparison.
* modules/pam_unix/support.c: Remove unused function.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Turn into proper sentences those messages that are printed without
further modifications using pam_prompt in contexts where proper
sentences are expected.
* libpam/pam_get_authtok.c (pam_get_authtok_internal): Fix grammar
of the message passed to pam_error.
* modules/pam_limits/pam_limits.c (pam_sm_open_session): Likewise.
* modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Fix
grammar of error messages passed to pam_error.
* modules/pam_mail/pam_mail.c (report_mail): Fix grammar of a message
passed to pam_info.
* modules/pam_timestamp/pam_timestamp.c (verbose_success): Likewise.
* modules/pam_selinux/pam_selinux.c (config_context, send_text): Fix
grammar of messages passed to pam_prompt.
* modules/pam_tally/pam_tally.c (tally_check): Fix grammar of messages
passed to pam_info.
* modules/pam_tally2/pam_tally2.c (tally_check): Likewise.
* modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Fix grammar
of messages passed to _make_remark.
* modules/pam_unix/pam_unix_passwd.c (_pam_unix_approve_pass,
pam_sm_chauthtok): Likewise.
* po/Linux-PAM.pot: Regenerate.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* libpam/pam_handlers.c: Make memory allocation failures LOG_CRIT.
* libpam/pam_modutil_priv.c: Make memory allocation failures LOG_CRIT.
* modules/pam_echo/pam_echo.c: Make memory allocation failures LOG_CRIT.
* modules/pam_env/pam_env.c: Make memory allocation failures LOG_CRIT.
* modules/pam_exec/pam_exec.c: Make memory allocation failures LOG_CRIT.
* modules/pam_filter/pam_filter.c: Make all non-memory call errors LOG_ERR.
* modules/pam_group/pam_group.c: Make memory allocation failures LOG_CRIT.
* modules/pam_issue/pam_issue.c: Make memory allocation failures LOG_CRIT.
* modules/pam_lastlog/pam_lastlog.c: The lastlog file creation is syslogged
with LOG_NOTICE, memory allocation errors with LOG_CRIT, other errors
with LOG_ERR.
* modules/pam_limits/pam_limits.c: User login limit messages are syslogged
with LOG_NOTICE, stale utmp entry with LOG_INFO, non-memory errors with
LOG_ERR.
* modules/pam_listfile/pam_listfile.c: Rejection of user is syslogged
with LOG_NOTICE.
* modules/pam_namespace/pam_namespace.c: Make memory allocation failures
LOG_CRIT.
* modules/pam_nologin/pam_nologin.c: Make memory allocation failures
LOG_CRIT, other errors LOG_ERR.
* modules/pam_securetty/pam_securetty.c: Rejection of access is syslogged
with LOG_NOTICE, non-memory errors with LOG_ERR.
* modules/pam_selinux/pam_selinux.c: Make memory allocation failures LOG_CRIT.
* modules/pam_succeed_if/pam_succeed_if.c: Make all non-memory call errors
LOG_ERR.
* modules/pam_time/pam_time.c: Make memory allocation failures LOG_CRIT.
* modules/pam_timestamp/pam_timestamp.c: Make memory allocation failures
LOG_CRIT.
* modules/pam_unix/pam_unix_acct.c: Make all non-memory call errors LOG_ERR.
* modules/pam_unix/pam_unix_passwd.c: Make memory allocation failures LOG_CRIT,
other errors LOG_ERR.
* modules/pam_unix/pam_unix_sess.c: Make all non-memory call errors LOG_ERR.
* modules/pam_unix/passverify.c: Unknown user is syslogged with LOG_NOTICE.
* modules/pam_unix/support.c: Unknown user is syslogged with LOG_NOTICE and
max retries ignorance by application likewise.
* modules/pam_unix/unix_chkpwd.c: Make all non-memory call errors LOG_ERR.
* modules/pam_userdb/pam_userdb.c: Password authentication error is syslogged
with LOG_NOTICE.
* modules/pam_xauth/pam_xauth.c: Make memory allocation failures LOG_CRIT.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Linux-PAM. It was never official supported and was broken since years.
* configure.ac: Remove --enable-static-modules option.
* doc/man/pam_sm_acct_mgmt.3.xml: Remove PAM_EXTERN.
* doc/man/pam_sm_authenticate.3.xml: Likewise.
* doc/man/pam_sm_chauthtok.3.xml: Likewise.
* doc/man/pam_sm_close_session.3.xml: Likewise.
* doc/man/pam_sm_open_session.3.xml: Likewise.
* doc/man/pam_sm_setcred.3.xml: Likewise.
* libpam/Makefile.am: Remove STATIC_MODULES cases.
* libpam/include/security/pam_modules.h: Remove PAM_STATIC parts.
* libpam/pam_dynamic.c: Likewise.
* libpam/pam_handlers.c: Likewise.
* libpam/pam_private.h: Likewise.
* libpam/pam_static.c: Remove file.
* libpam/pam_static_modules.h: Remove header file.
* modules/pam_access/pam_access.c: Remove PAM_EXTERN and PAM_STATIC parts.
* modules/pam_cracklib/pam_cracklib.c: Likewise.
* modules/pam_debug/pam_debug.c: Likewise.
* modules/pam_deny/pam_deny.c: Likewise.
* modules/pam_echo/pam_echo.c: Likewise.
* modules/pam_env/pam_env.c: Likewise.
* modules/pam_exec/pam_exec.c: Likewise.
* modules/pam_faildelay/pam_faildelay.c: Likewise.
* modules/pam_filter/pam_filter.c: Likewise.
* modules/pam_ftp/pam_ftp.c: Likewise.
* modules/pam_group/pam_group.c: Likewise.
* modules/pam_issue/pam_issue.c: Likewise.
* modules/pam_keyinit/pam_keyinit.c: Likewise.
* modules/pam_lastlog/pam_lastlog.c: Likewise.
* modules/pam_limits/pam_limits.c: Likewise.
* modules/pam_listfile/pam_listfile.c: Likewise.
* modules/pam_localuser/pam_localuser.c: Likewise.
* modules/pam_loginuid/pam_loginuid.c: Likewise.
* modules/pam_mail/pam_mail.c: Likewise.
* modules/pam_mkhomedir/pam_mkhomedir.c: Likewise.
* modules/pam_motd/pam_motd.c: Likewise.
* modules/pam_namespace/pam_namespace.c: Likewise.
* modules/pam_nologin/pam_nologin.c: Likewise.
* modules/pam_permit/pam_permit.c: Likewise.
* modules/pam_pwhistory/pam_pwhistory.c: Likewise.
* modules/pam_rhosts/pam_rhosts.c: Likewise.
* modules/pam_rootok/pam_rootok.c: Likewise.
* modules/pam_securetty/pam_securetty.c: Likewise.
* modules/pam_selinux/pam_selinux.c: Likewise.
* modules/pam_sepermit/pam_sepermit.c: Likewise.
* modules/pam_shells/pam_shells.c: Likewise.
* modules/pam_stress/pam_stress.c: Likewise.
* modules/pam_succeed_if/pam_succeed_if.c: Likewise.
* modules/pam_tally/pam_tally.c: Likewise.
* modules/pam_tally2/pam_tally2.c: Likewise.
* modules/pam_time/pam_time.c: Likewise.
* modules/pam_timestamp/pam_timestamp.c: Likewise.
* modules/pam_tty_audit/pam_tty_audit.c: Likewise.
* modules/pam_umask/pam_umask.c: Likewise.
* modules/pam_userdb/pam_userdb.c: Likewise.
* modules/pam_warn/pam_warn.c: Likewise.
* modules/pam_wheel/pam_wheel.c: Likewise.
* modules/pam_xauth/pam_xauth.c: Likewise.
* modules/pam_unix/Makefile.am: Remove STATIC_MODULES part.
* modules/pam_unix/pam_unix_acct.c: Remove PAM_STATIC part.
* modules/pam_unix/pam_unix_auth.c: Likewise.
* modules/pam_unix/pam_unix_passwd.c: Likewise.
* modules/pam_unix/pam_unix_sess.c: Likewise.
* modules/pam_unix/pam_unix_static.c: Removed.
* modules/pam_unix/pam_unix_static.h: Removed.
* po/POTFILES.in: Remove removed files.
* tests/tst-dlopen.c: Remove PAM_STATIC part.
|
| |
|
|
|
|
| |
SELinux expects canonical user name for example without domain component.
* modules/pam_selinux/pam_selinux.c (compute_exec_context): Canonicalize user name with pam_modutil_getpwnam().
|
| |
|
|
|
| |
modules/pam_selinux/pam_selinux.c (manual_context): Drop function.
(compute_exec_context): Drop manual_context() call.
|
| |
|
|
|
|
|
|
| |
modules/pam_selinux/pam_selinux.c (send_audit_message): Obtain tty and
rhost from PAM items and pass them to audit.
modules/pam_tally2/pam_tally2.c (tally_check): Obtain tty and
rhost from PAM items and pass them to audit.
(main): Obtain tty name of stdin and pass it to audit.
|
| |
|
|
|
|
|
|
|
|
|
| |
* modules/pam_selinux/pam_selinux.8.xml (pam_selinux-cmdsynopsis):
Reorder options, add new "restore" option.
pam_selinux-description): Rewrite.
(pam_selinux-options): Reorder options, describe new "restore" option.
(pam_selinux-return_values): Remove PAM_AUTH_ERR, PAM_SESSION_ERR
and PAM_BUF_ERR.
(pam_selinux-see_also): Remove pam.conf(5). Add execve(2), tty(4)
and selinux(8).
|
| |
|
|
|
| |
* modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Add new
"restore" option.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* modules/pam_selinux/pam_selinux.c (security_restorelabel_tty,
security_label_tty): Remove old functions.
(module_data_t): New structure.
(free_module_data, cleanup, get_module_data, get_item,
set_exec_context, set_file_context, compute_exec_context,
compute_tty_context, restore_context, set_context,
create_context): New functions.
(pam_sm_authenticate, pam_sm_setcred, pam_sm_open_session,
pam_sm_close_session): Use them.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GNU automake documentation recommends to avoid using -l options in
LDADD or LIBADD when referring to libraries built by the package.
Instead, it recommends to write the file name of the library explicitly,
and use -l option only to list third-party libraries. As result, the
default value of *_DEPENDENCIES will list all local libraries and omit
the other ones.
* modules/pam_access/Makefile.am (pam_access_la_LIBADD): Replace
"-L$(top_builddir)/libpam -lpam" with
"$(top_builddir)/libpam/libpam.la", to follow GNU automake
recommendations.
* modules/pam_cracklib/Makefile.am (pam_cracklib_la_LIBADD): Likewise.
* modules/pam_debug/Makefile.am (pam_debug_la_LIBADD): Likewise.
* modules/pam_deny/Makefile.am (pam_deny_la_LIBADD): Likewise.
* modules/pam_echo/Makefile.am (pam_echo_la_LIBADD): Likewise.
* modules/pam_env/Makefile.am (pam_env_la_LIBADD): Likewise.
* modules/pam_exec/Makefile.am (pam_exec_la_LIBADD): Likewise.
* modules/pam_faildelay/Makefile.am (pam_faildelay_la_LIBADD): Likewise.
* modules/pam_filter/Makefile.am (pam_filter_la_LIBADD): Likewise.
* modules/pam_filter/upperLOWER/Makefile.am (LDADD): Likewise.
* modules/pam_ftp/Makefile.am (pam_ftp_la_LIBADD): Likewise.
* modules/pam_group/Makefile.am (pam_group_la_LIBADD): Likewise.
* modules/pam_issue/Makefile.am (pam_issue_la_LIBADD): Likewise.
* modules/pam_keyinit/Makefile.am (pam_keyinit_la_LIBADD): Likewise.
* modules/pam_lastlog/Makefile.am (pam_lastlog_la_LIBADD): Likewise.
* modules/pam_limits/Makefile.am (pam_limits_la_LIBADD): Likewise.
* modules/pam_listfile/Makefile.am (pam_listfile_la_LIBADD): Likewise.
* modules/pam_localuser/Makefile.am (pam_localuser_la_LIBADD): Likewise.
* modules/pam_loginuid/Makefile.am (pam_loginuid_la_LIBADD): Likewise.
* modules/pam_mail/Makefile.am (pam_mail_la_LIBADD): Likewise.
* modules/pam_mkhomedir/Makefile.am (pam_mkhomedir_la_LIBADD,
mkhomedir_helper_LDADD): Likewise.
* modules/pam_motd/Makefile.am (pam_motd_la_LIBADD): Likewise.
* modules/pam_namespace/Makefile.am (pam_namespace_la_LIBADD): Likewise.
* modules/pam_nologin/Makefile.am (pam_nologin_la_LIBADD): Likewise.
* modules/pam_permit/Makefile.am (pam_permit_la_LIBADD): Likewise.
* modules/pam_pwhistory/Makefile.am (pam_pwhistory_la_LIBADD): Likewise.
* modules/pam_rhosts/Makefile.am (pam_rhosts_la_LIBADD): Likewise.
* modules/pam_rootok/Makefile.am (pam_rootok_la_LIBADD): Likewise.
* modules/pam_securetty/Makefile.am (pam_securetty_la_LIBADD): Likewise.
* modules/pam_sepermit/Makefile.am (pam_sepermit_la_LIBADD): Likewise.
* modules/pam_shells/Makefile.am (pam_shells_la_LIBADD): Likewise.
* modules/pam_stress/Makefile.am (pam_stress_la_LIBADD): Likewise.
* modules/pam_succeed_if/Makefile.am (pam_succeed_if_la_LIBADD):
Likewise.
* modules/pam_tally/Makefile.am (pam_tally_la_LIBADD): Likewise.
* modules/pam_tally2/Makefile.am (pam_tally2_la_LIBADD,
pam_tally2_LDADD): Likewise.
* modules/pam_time/Makefile.am (pam_time_la_LIBADD): Likewise.
* modules/pam_timestamp/Makefile.am (pam_timestamp_la_LIBADD,
pam_timestamp_check_LDADD, hmacfile_LDADD): Likewise.
* modules/pam_tty_audit/Makefile.am (pam_tty_audit_la_LIBADD): Likewise.
* modules/pam_umask/Makefile.am (pam_umask_la_LIBADD): Likewise.
* modules/pam_unix/Makefile.am (pam_unix_la_LIBADD): Likewise.
* modules/pam_userdb/Makefile.am (pam_userdb_la_LIBADD): Likewise.
* modules/pam_warn/Makefile.am (pam_warn_la_LIBADD): Likewise.
* modules/pam_wheel/Makefile.am (pam_wheel_la_LIBADD): Likewise.
* modules/pam_xauth/Makefile.am (pam_xauth_la_LIBADD): Likewise.
* tests/Makefile.am (LDADD): Likewise.
* examples/Makefile.am (LDADD): Replace "-L$(top_builddir)/libpam -lpam"
with "$(top_builddir)/libpam/libpam.la", and
"-L$(top_builddir)/libpam_misc -lpam_misc" with
"$(top_builddir)/libpam_misc/libpam_misc.la", to follow GNU automake
recommendations.
* xtests/Makefile.am (LDADD): Likewise.
* modules/pam_selinux/Makefile.am (pam_selinux_la_LIBADD): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* modules/pam_selinux/Makefile.am: Rename pam_selinux_check_LDFLAGS to
pam_selinux_check_LDADD.
* modules/pam_userdb/Makefile.am: Split out pam_userdb_la_LIBADD from
AM_LDFLAGS.
* modules/pam_warn/Makefile.am: Split out pam_warn_la_LIBADD from
AM_LDFLAGS.
* modules/pam_wheel/Makefile.am: Split out pam_wheel_la_LIBADD from
AM_LDFLAGS.
* modules/pam_xauth/Makefile.am: split out pam_xauth_la_LIBADD from
AM_LDFLAGS.
* xtests/Makefile.am: Rename AM_LDFLAGS to LDADD.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* .gitignore: Add common ignore patterns.
* m4/.gitignore: Unignore local m4 files.
* dynamic/.gitignore: Unignore Makefile.
* libpamc/test/modules/.gitignore: Likewise.
* libpamc/test/regress/.gitignore: Likewise.
* po/.gitignore: Add Makevars.template.
* conf/.gitignore: Remove common ignore patterns.
* conf/pam_conv1/.gitignore: Likewise.
* doc/.gitignore: Likewise.
* doc/specs/.gitignore: Likewise.
* doc/specs/formatter/.gitignore: Likewise.
* examples/.gitignore: Likewise.
* modules/pam_filter/upperLOWER/.gitignore: Likewise.
* modules/pam_mkhomedir/.gitignore: Likewise.
* modules/pam_selinux/.gitignore: Likewise.
* modules/pam_stress/.gitignore: Likewise.
* modules/pam_tally/.gitignore: Likewise.
* modules/pam_tally2/.gitignore: Likewise.
* modules/pam_timestamp/.gitignore: Likewise.
* modules/pam_unix/.gitignore: Likewise.
* tests/.gitignore: Likewise.
* xtests/.gitignore: Likewise.
* doc/adg/.gitignore: Remove.
* doc/man/.gitignore: Remove.
* doc/mwg/.gitignore: Remove.
* doc/sag/.gitignore: Remove.
* libpamc/.gitignore: Remove.
* libpamc/test/.gitignore: Remove.
* libpam/.gitignore: Remove.
* libpam_misc/.gitignore: Remove.
* modules/.gitignore: Remove.
* modules/pam_access/.gitignore: Remove.
* modules/pam_cracklib/.gitignore: Remove.
* modules/pam_debug/.gitignore: Remove.
* modules/pam_deny/.gitignore: Remove.
* modules/pam_echo/.gitignore: Remove.
* modules/pam_env/.gitignore: Remove.
* modules/pam_exec/.gitignore: Remove.
* modules/pam_faildelay/.gitignore: Remove.
* modules/pam_filter/.gitignore: Remove.
* modules/pam_ftp/.gitignore: Remove.
* modules/pam_group/.gitignore: Remove.
* modules/pam_issue/.gitignore: Remove.
* modules/pam_keyinit/.gitignore: Remove.
* modules/pam_lastlog/.gitignore: Remove.
* modules/pam_limits/.gitignore: Remove.
* modules/pam_listfile/.gitignore: Remove.
* modules/pam_localuser/.gitignore: Remove.
* modules/pam_loginuid/.gitignore: Remove.
* modules/pam_mail/.gitignore: Remove.
* modules/pam_motd/.gitignore: Remove.
* modules/pam_namespace/.gitignore: Remove.
* modules/pam_nologin/.gitignore: Remove.
* modules/pam_permit/.gitignore: Remove.
* modules/pam_pwhistory/.gitignore: Remove.
* modules/pam_rhosts/.gitignore: Remove.
* modules/pam_rootok/.gitignore: Remove.
* modules/pam_securetty/.gitignore: Remove.
* modules/pam_sepermit/.gitignore: Remove.
* modules/pam_shells/.gitignore: Remove.
* modules/pam_succeed_if/.gitignore: Remove.
* modules/pam_time/.gitignore: Remove.
* modules/pam_tty_audit/.gitignore: Remove.
* modules/pam_umask/.gitignore: Remove.
* modules/pam_userdb/.gitignore: Remove.
* modules/pam_warn/.gitignore: Remove.
* modules/pam_wheel/.gitignore: Remove.
* modules/pam_xauth/.gitignore: Remove.
|
| | |
|
| |
|
|
|
|
| |
Cleanup trailing whitespaces, indentation that uses spaces before tabs,
and blank lines at EOF. Make the project free of warnings reported by
git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD
|
