aboutsummaryrefslogtreecommitdiff
path: root/modules/pam_selinux
Commit message (Collapse)AuthorAgeFilesLines
* build: drop autotools supportDmitry V. Levin2024-10-232-44/+0
| | | | There is no point in supporting two different build systems.
* meson: build Linux-PAM using mesonDmitry V. Levin2024-09-101-0/+1
| | | | | | | | | | On my non-representative hardware, the full build using autotools (./autogen.sh && CFLAGS=-O2 ./configure && make -j`nproc` && make -j`nproc` install) takes about 45 seconds. On the same hardware, the full build using meson (meson setup -Doptimization=2 dir && meson compile -C dir && meson install -C dir) takes just about 7.5 seconds.
* Include pam_i18n.h where i18n definitions are requiredDmitry V. Levin2024-08-212-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | Do not include <libintl.h> and other i18n stuff via config.h which is included into every compilation unit, include "pam_i18n.h" explicitly where necessary. * configure.ac (AH_BOTTOM): Remove. * libpam/pam_get_authtok.c: Include "pam_i18n.h". * libpam/pam_item.c: Likewise. * libpam/pam_strerror.c: Likewise. * libpam_misc/misc_conv.c: Likewise. * modules/pam_exec/pam_exec.c: Likewise. * modules/pam_faillock/main.c: Likewise. * modules/pam_faillock/pam_faillock.c: Likewise. * modules/pam_lastlog/pam_lastlog.c: Likewise. * modules/pam_limits/pam_limits.c: Likewise. * modules/pam_mail/pam_mail.c: Likewise. * modules/pam_mkhomedir/pam_mkhomedir.c: Likewise. * modules/pam_pwhistory/pam_pwhistory.c: Likewise. * modules/pam_selinux/pam_selinux.c: Likewise. * modules/pam_selinux/pam_selinux_check.c: Likewise. * modules/pam_timestamp/pam_timestamp.c: Likewise. * modules/pam_unix/pam_unix_acct.c: Likewise. * modules/pam_unix/pam_unix_passwd.c: Likewise. * modules/pam_userdb/pam_userdb.c: Likewise.
* modules: add pamc headers to the search path only when neededTobias Stoeckmann2024-01-211-2/+3
| | | | | | | | | The pam client library libpamc is only needed if libpam_misc is in use. But libpam_misc is only used by an SELinux helper binary. Remove the libpamc includes from the search path in all other cases. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* treewide: strictly separate builddir and srcdirTobias Stoeckmann2024-01-121-1/+1
| | | | | | | | | | Building outside of source directory fails if --disable-doc is not explicitly chosen. This happens because generated files are sometimes expected in the source directory, where they won't exist. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_selinux: take null contexts into accountBenny Baumann2023-11-141-1/+2
| | | | | | | As the context variables can be NULL at this point, this has to be reflected when printing them for debug purposes. Signed-off-by: Benny Baumann <BenBE@geshi.org>
* pam_selinux: fix formatting of audit messagesSteve Grubb2023-08-041-1/+1
| | | | | | | pam_selinux uses audit_log_user_message to write to the audit system. It does not take an op argument, so you have to add one yourself. Otherwise the pam_selinux part of the message is lost because it's not in key=value format.
* modules: make use of secure memory erasureChristian Göttsche2023-02-281-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | Use empty initialization of structs to minimize the memset() usage, to reduce the amount of calls which are not sensitive. Non trivial changes: - pam_env: * erase environment variables where possible - pam_exec: * erase responce on error * erase auth token - pam_pwhistory: * erase buffers containing old passwords - pam_selinux: skip overwriting data structure consisting of only pointers to insensitive data, which also gets free'd afterwards (so it currently does not protect against double-free or use-after-free on the member pointers) - pam_unix: erase cipher data in more places - pam_userdb: erase password hashes
* build: use <vendordir>/security directory for installation if it has been setStefan Schubert2023-02-071-0/+4
| | | | | | | | | Otherwise the corresponding files are still installed in /etc/security. * configure.ac (AC_SUBST): Add VENDOR_SCONFIGDIR. (AM_CONDITIONAL): Add HAVE_VENDORDIR. * modules/*/Makefile.am (secureconfdir): Set to VENDOR_SCONFIGDIR if HAVE_VENDORDIR has been set, otherwise to SCONFIGDIR.
* pam_selinux: treat getenforce failures as enforcingChristian Göttsche2023-01-241-6/+6
| | | | | | | | | | | | | | | | security_getenforce(3) can return -1 on error; either because the selinuxfs is not mounted or reading from /sys/fs/selinux/enforce failed. Since security_getenforce(3) is either called after an approving call to is_selinux_enabled(3) in create_context() or with populated module data in restore_context(), which requires a previous pass of create_context(), the selinuxfs should be mounted. Reading from /sys/fs/selinux/enforce should never fail (except being prohibited by the SElinux policy itself) since it is a public interface. In the unlikely case of security_getenforce(3) nevertheless failing continue execution as if the result was enforcing (likewise to pam_sepermit and pam_rootok).
* doc: Update PAM documentation from DockBook 4 to DocBook 5Stefan Schubert2022-12-162-57/+40
| | | | | | | | | | | | | | | | | | | | Changed files -------------- Make.xml.rules.in: - Using RNG file instead of DTD file for checking XML files. - Taking the correct stylesheet for README files. doc/sag/Makefile.am, doc/adg/Makefile.am, doc/mwg/Makefile.am: - Using RNG file instead of DTD file for checking XML files. configure.ac: - Adding a new option for selecting RNG check file (-enable-docbook-rng) - Switching stylesheets to docbook 5 - Checking DocBook 5 environment instead of DocBook 4 environment *.xml: Update from DockBook 4 to DocBook 5
* pam_selinux: check for string_to_security_class failureChristian Göttsche2020-12-081-1/+12
| | | | | | | | | | Check for the unlikely case string_to_security_class() does not find the associated SELinux security class. This will only happen if the loaded SELinux policy does not define the class "chr_file" (which no sane policy does) or querying the selinuxfs fails. Suggested by #309
* modules: remove PAM_SM_* macrosDmitry V. Levin2020-05-031-4/+0
| | | | | | Starting with commit a684595c0bbd88df71285f43fb27630e3829121e aka Linux-PAM-1.3.0~14 (Remove "--enable-static-modules" option and support from Linux-PAM), PAM_SM_* macros have no effect.
* modules/*/Makefile.am: rename TESTS to dist_check_SCRIPTSDmitry V. Levin2020-05-031-2/+3
| | | | | | | | ... and remove $(TESTS) from EXTRA_DIST. The change is performed automatically using the following script: sed -i -e 's/^TESTS = \(tst.*\)/dist_check_SCRIPTS = \1\nTESTS = $(dist_check_SCRIPTS)/' \ -e '/^EXTRA_DIST/ s/ \$(TESTS)//' modules/*/Makefile.am
* modules/*/Makefile.am: rename man_MANS to dist_man_MANSDmitry V. Levin2020-05-031-2/+2
| | | | | | | ... and remove $(MANS) from EXTRA_DIST. The change is performed automatically using the following script: sed -i 's/^man_MANS/dist_&/; /^EXTRA_DIST/ s/ \$(MANS)//' modules/*/Makefile.am
* modules/*/Makefile.am: add dist_ prefix to *_DATADmitry V. Levin2020-05-031-2/+2
| | | | | | | ... and remove $(DATA) from EXTRA_DIST. The change is performed automatically using the following script: sed -i 's/^[a-z]*_DATA/dist_&/; /^EXTRA_DIST/ s/ \$(DATA)//' modules/*/Makefile.am
* modules/*/Makefile.am: replace README with $(DATA) in EXTRA_DISTDmitry V. Levin2020-04-271-1/+1
| | | | | | | | | | | | Since the GNU Automake distributes README files by default, the only reason why README had to be listed in EXTRA_DIST was to make these README files generated. Since README is also listed in noinst_DATA, we can safely replace README in EXTRA_DIST with $(DATA), this also opens the way for further EXTRA_DIST cleanup. * modules/*/Makefile.am (EXTRA_DIST): Replace README with $(DATA).
* modules/*/Makefile.am: reorder lines to promote uniformityDmitry V. Levin2020-04-271-2/+1
| | | | | This is essentially a no-op change that makes modules/*/Makefile.am files less divergent.
* build: move README prerequisites rule from modules/*/Makefile.am to ↵Dmitry V. Levin2020-04-271-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make.xml.rules As the rule is now the same in every modules/*/Makefile.am file, move it to Make.xml.rules. * Make.xml.rules (README): New prerequisites rule. * modules/pam_access/Makefile.am (README): Remove rule. * modules/pam_cracklib/Makefile.am (README): Likewise. * modules/pam_debug/Makefile.am (README): Likewise. * modules/pam_deny/Makefile.am (README): Likewise. * modules/pam_echo/Makefile.am (README): Likewise. * modules/pam_env/Makefile.am (README): Likewise. * modules/pam_exec/Makefile.am (README): Likewise. * modules/pam_faildelay/Makefile.am (README): Likewise. * modules/pam_filter/Makefile.am (README): Likewise. * modules/pam_ftp/Makefile.am (README): Likewise. * modules/pam_group/Makefile.am (README): Likewise. * modules/pam_issue/Makefile.am (README): Likewise. * modules/pam_keyinit/Makefile.am (README): Likewise. * modules/pam_lastlog/Makefile.am (README): Likewise. * modules/pam_limits/Makefile.am (README): Likewise. * modules/pam_listfile/Makefile.am (README): Likewise. * modules/pam_localuser/Makefile.am (README): Likewise. * modules/pam_loginuid/Makefile.am (README): Likewise. * modules/pam_mail/Makefile.am (README): Likewise. * modules/pam_mkhomedir/Makefile.am (README): Likewise. * modules/pam_motd/Makefile.am (README): Likewise. * modules/pam_namespace/Makefile.am (README): Likewise. * modules/pam_nologin/Makefile.am (README): Likewise. * modules/pam_permit/Makefile.am (README): Likewise. * modules/pam_pwhistory/Makefile.am (README): Likewise. * modules/pam_rhosts/Makefile.am (README): Likewise. * modules/pam_rootok/Makefile.am (README): Likewise. * modules/pam_securetty/Makefile.am (README): Likewise. * modules/pam_selinux/Makefile.am (README): Likewise. * modules/pam_sepermit/Makefile.am (README): Likewise. * modules/pam_setquota/Makefile.am (README): Likewise. * modules/pam_shells/Makefile.am (README): Likewise. * modules/pam_succeed_if/Makefile.am (README): Likewise. * modules/pam_tally/Makefile.am (README): Likewise. * modules/pam_tally2/Makefile.am (README): Likewise. * modules/pam_time/Makefile.am (README): Likewise. * modules/pam_timestamp/Makefile.am (README): Likewise. * modules/pam_tty_audit/Makefile.am (README): Likewise. * modules/pam_umask/Makefile.am (README): Likewise. * modules/pam_unix/Makefile.am (README): Likewise. * modules/pam_userdb/Makefile.am (README): Likewise. * modules/pam_usertype/Makefile.am (README): Likewise. * modules/pam_warn/Makefile.am (README): Likewise. * modules/pam_wheel/Makefile.am (README): Likewise. * modules/pam_xauth/Makefile.am (README): Likewise.
* modules/*/Makefile.am: list prerequisites of README target uniformlyDmitry V. Levin2020-04-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is no need to list prerequisites of README targets manually as all README targets depend on $(XMLS). The change is performed automatically using the following script: sed -i 's/^README: pam_.*/README: $(XMLS)/' modules/*/Makefile.am * modules/pam_access/Makefile.am (README): Replace pam_access.8.xml and access.conf.5.xml with $(XMLS). * modules/pam_cracklib/Makefile.am (README): Replace pam_cracklib.8.xml with $(XMLS). * modules/pam_debug/Makefile.am (README): Replace pam_debug.8.xml with $(XMLS). * modules/pam_deny/Makefile.am (README): Replace pam_deny.8.xml with $(XMLS). * modules/pam_echo/Makefile.am (README): Replace pam_echo.8.xml with $(XMLS). * modules/pam_env/Makefile.am (README): Replace pam_env.8.xml and pam_env.conf.5.xml with $(XMLS). * modules/pam_exec/Makefile.am (README): Replace pam_exec.8.xml with $(XMLS). * modules/pam_faildelay/Makefile.am (README): Replace pam_faildelay.8.xml with $(XMLS). * modules/pam_filter/Makefile.am (README): Replace pam_filter.8.xml with $(XMLS). * modules/pam_ftp/Makefile.am (README): Replace pam_ftp.8.xml with $(XMLS). * modules/pam_group/Makefile.am (README): Replace pam_group.8.xml and group.conf.5.xml with $(XMLS). * modules/pam_issue/Makefile.am (README): Replace pam_issue.8.xml with $(XMLS). * modules/pam_keyinit/Makefile.am (README): Replace pam_keyinit.8.xml with $(XMLS). * modules/pam_lastlog/Makefile.am (README): Replace pam_lastlog.8.xml with $(XMLS). * modules/pam_limits/Makefile.am (README): Replace pam_limits.8.xml and limits.conf.5.xml with $(XMLS). * modules/pam_listfile/Makefile.am (README): Replace pam_listfile.8.xml with $(XMLS). * modules/pam_localuser/Makefile.am (README): Replace pam_localuser.8.xml with $(XMLS). * modules/pam_loginuid/Makefile.am (README): Replace pam_loginuid.8.xml with $(XMLS). * modules/pam_mail/Makefile.am (README): Replace pam_mail.8.xml with $(XMLS). * modules/pam_mkhomedir/Makefile.am (README): Replace pam_mkhomedir.8.xml with $(XMLS). * modules/pam_motd/Makefile.am (README): Replace pam_motd.8.xml with $(XMLS). * modules/pam_namespace/Makefile.am (README): Replace pam_namespace.8.xml, namespace.conf.5.xml, and pam_namespace_helper.8.xml with $(XMLS). * modules/pam_nologin/Makefile.am (README): Replace pam_nologin.8.xml with $(XMLS). * modules/pam_permit/Makefile.am (README): Replace pam_permit.8.xml with $(XMLS). * modules/pam_pwhistory/Makefile.am (README): Replace pam_pwhistory.8.xml with $(XMLS). * modules/pam_rhosts/Makefile.am (README): Replace pam_rhosts.8.xml with $(XMLS). * modules/pam_rootok/Makefile.am (README): Replace pam_rootok.8.xml with $(XMLS). * modules/pam_securetty/Makefile.am (README): Replace pam_securetty.8.xml with $(XMLS). * modules/pam_selinux/Makefile.am (README): Replace pam_selinux.8.xml with $(XMLS). * modules/pam_sepermit/Makefile.am (README): Replace pam_sepermit.8.xml with $(XMLS). * modules/pam_setquota/Makefile.am (README): Replace pam_setquota.8.xml with $(XMLS). * modules/pam_shells/Makefile.am (README): Replace pam_shells.8.xml with $(XMLS). * modules/pam_succeed_if/Makefile.am (README): Replace pam_succeed_if.8.xml with $(XMLS). * modules/pam_tally/Makefile.am (README): Replace pam_tally.8.xml with $(XMLS). * modules/pam_tally2/Makefile.am (README): Replace pam_tally2.8.xml with $(XMLS). * modules/pam_time/Makefile.am (README): Replace pam_time.8.xml and time.conf.5.xml with $(XMLS). * modules/pam_timestamp/Makefile.am (README): Replace pam_timestamp.8.xml with $(XMLS). * modules/pam_tty_audit/Makefile.am (README): Replace pam_tty_audit.8.xml with $(XMLS). * modules/pam_umask/Makefile.am (README): Replace pam_umask.8.xml with $(XMLS). * modules/pam_unix/Makefile.am (README): Replace pam_unix.8.xml with $(XMLS). * modules/pam_userdb/Makefile.am (README): Replace pam_userdb.8.xml with $(XMLS). * modules/pam_usertype/Makefile.am (README): Replace pam_usertype.8.xml with $(XMLS). * modules/pam_warn/Makefile.am (README): Replace pam_warn.8.xml with $(XMLS). * modules/pam_wheel/Makefile.am (README): Replace pam_wheel.8.xml with $(XMLS). * modules/pam_xauth/Makefile.am (README): Replace pam_xauth.8.xml with $(XMLS).
* modules/*/Makefile.am: list manual pages in EXTRA_DIST uniformlyDmitry V. Levin2020-04-271-1/+1
| | | | | | | | | | | | | | | | | | List in EXTRA_DIST those manual pages that are listed in man_MANS as $(MANS). * modules/pam_cracklib/Makefile.am (EXTRA_DIST): Replace pam_cracklib.8 with $(MANS). * modules/pam_keyinit/Makefile.am (EXTRA_DIST): Replace pam_keyinit.8 with $(MANS). * modules/pam_selinux/Makefile.am (EXTRA_DIST): Replace pam_selinux.8 with $(MANS). * modules/pam_sepermit/Makefile.am (EXTRA_DIST): Replace pam_sepermit.8 and sepermit.conf.5 with $(MANS). * modules/pam_tty_audit/Makefile.am (EXTRA_DIST): Replace pam_tty_audit.8 with $(MANS). * modules/pam_userdb/Makefile.am (EXTRA_DIST): Replace pam_userdb.8 with $(MANS).
* modules/*/Makefile.am: list tests in EXTRA_DIST uniformlyDmitry V. Levin2020-04-271-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The change was prepared using the following script: git grep -l '^TESTS = tst-pam_' modules/ |while read m; do t="$(sed '/^TESTS = tst-pam_/!d;s/^TESTS = //;q' -- "$m")" sed -i "/^EXTRA_DIST =/ s/$t\\>/\$(TESTS)/" -- "$m" done * modules/pam_access/Makefile.am (EXTRA_DIST): Replace tst-pam_access with $(TESTS). * modules/pam_cracklib/Makefile.am (EXTRA_DIST): Replace tst-pam_cracklib with $(TESTS). * modules/pam_debug/Makefile.am (EXTRA_DIST): Replace tst-pam_debug with $(TESTS). * modules/pam_deny/Makefile.am (EXTRA_DIST): Replace tst-pam_deny with $(TESTS). * modules/pam_echo/Makefile.am (EXTRA_DIST): Replace tst-pam_echo with $(TESTS). * modules/pam_env/Makefile.am (EXTRA_DIST): Replace tst-pam_env with $(TESTS). * modules/pam_exec/Makefile.am (EXTRA_DIST): Replace tst-pam_exec with $(TESTS). * modules/pam_faildelay/Makefile.am (EXTRA_DIST): Replace tst-pam_faildelay with $(TESTS). * modules/pam_filter/Makefile.am (EXTRA_DIST): Replace tst-pam_filter with $(TESTS). * modules/pam_ftp/Makefile.am (EXTRA_DIST): Replace tst-pam_ftp with $(TESTS). * modules/pam_group/Makefile.am (EXTRA_DIST): Replace tst-pam_group with $(TESTS). * modules/pam_issue/Makefile.am (EXTRA_DIST): Replace tst-pam_issue with $(TESTS). * modules/pam_keyinit/Makefile.am (EXTRA_DIST): Replace tst-pam_keyinit with $(TESTS). * modules/pam_lastlog/Makefile.am (EXTRA_DIST): Replace tst-pam_lastlog with $(TESTS). * modules/pam_limits/Makefile.am (EXTRA_DIST): Replace tst-pam_limits with $(TESTS). * modules/pam_listfile/Makefile.am (EXTRA_DIST): Replace tst-pam_listfile with $(TESTS). * modules/pam_localuser/Makefile.am (EXTRA_DIST): Replace tst-pam_localuser with $(TESTS). * modules/pam_loginuid/Makefile.am (EXTRA_DIST): Replace tst-pam_loginuid with $(TESTS). * modules/pam_mail/Makefile.am (EXTRA_DIST): Replace tst-pam_mail with $(TESTS). * modules/pam_mkhomedir/Makefile.am (EXTRA_DIST): Replace tst-pam_mkhomedir with $(TESTS). * modules/pam_motd/Makefile.am (EXTRA_DIST): Replace tst-pam_motd with $(TESTS). * modules/pam_namespace/Makefile.am (EXTRA_DIST): Replace tst-pam_namespace with $(TESTS). * modules/pam_nologin/Makefile.am (EXTRA_DIST): Replace tst-pam_nologin with $(TESTS). * modules/pam_permit/Makefile.am (EXTRA_DIST): Replace tst-pam_permit with $(TESTS). * modules/pam_pwhistory/Makefile.am (EXTRA_DIST): Replace tst-pam_pwhistory with $(TESTS). * modules/pam_rhosts/Makefile.am (EXTRA_DIST): Replace tst-pam_rhosts with $(TESTS). * modules/pam_rootok/Makefile.am (EXTRA_DIST): Replace tst-pam_rootok with $(TESTS). * modules/pam_securetty/Makefile.am (EXTRA_DIST): Replace tst-pam_securetty with $(TESTS). * modules/pam_sepermit/Makefile.am (EXTRA_DIST): Replace tst-pam_sepermit with $(TESTS). * modules/pam_setquota/Makefile.am (EXTRA_DIST): Replace tst-pam_setquota with $(TESTS). * modules/pam_shells/Makefile.am (EXTRA_DIST): Replace tst-pam_shells with $(TESTS). * modules/pam_stress/Makefile.am (EXTRA_DIST): Replace tst-pam_stress with $(TESTS). * modules/pam_succeed_if/Makefile.am (EXTRA_DIST): Replace tst-pam_succeed_if with $(TESTS). * modules/pam_tally/Makefile.am (EXTRA_DIST): Replace tst-pam_tally with $(TESTS). * modules/pam_tally2/Makefile.am (EXTRA_DIST): Replace tst-pam_tally2 with $(TESTS). * modules/pam_time/Makefile.am (EXTRA_DIST): Replace tst-pam_time with $(TESTS). * modules/pam_tty_audit/Makefile.am (EXTRA_DIST): Replace tst-pam_tty_audit with $(TESTS). * modules/pam_umask/Makefile.am (EXTRA_DIST): Replace tst-pam_umask with $(TESTS). * modules/pam_userdb/Makefile.am (EXTRA_DIST): Replace tst-pam_userdb with $(TESTS). * modules/pam_usertype/Makefile.am (EXTRA_DIST): Replace tst-pam_usertype with $(TESTS). * modules/pam_warn/Makefile.am (EXTRA_DIST): Replace tst-pam_warn with $(TESTS). * modules/pam_wheel/Makefile.am (EXTRA_DIST): Replace tst-pam_wheel with $(TESTS). * modules/pam_xauth/Makefile.am (EXTRA_DIST): Replace tst-pam_xauth with $(TESTS).
* modules/*/Makefile.am: remove manual pages from noinst_DATADmitry V. Levin2020-04-271-1/+1
| | | | | | | | | | | Manual pages already belong to man_MANS, listing them also in noinst_DATA does not help in any way. * modules/pam_cracklib/Makefile.am (noinst_DATA): Remove pam_cracklib.8. * modules/pam_selinux/Makefile.am (noinst_DATA): Remove pam_selinux.8. * modules/pam_sepermit/Makefile.am (noinst_DATA): Remove pam_sepermit.8 and sepermit.conf.5. * modules/pam_userdb/Makefile.am (noinst_DATA): Remove pam_userdb.8.
* build: move pam_selinux and pam_sepermit build conditions to modules/Makefile.amDmitry V. Levin2020-04-261-10/+7
| | | | | | | | | | | | * configure.ac (AM_CONDITIONAL): Replace HAVE_LIBSELINUX with COND_BUILD_PAM_SELINUX and COND_BUILD_PAM_SEPERMIT. * modules/Makefile.am [COND_BUILD_PAM_SELINUX] (MAYBE_PAM_SELINUX): Define. [COND_BUILD_PAM_SEPERMIT] (MAYBE_PAM_SEPERMIT): Likewise. (SUBDIRS): Replace pam_selinux with $(MAYBE_PAM_SELINUX), pam_sepermit with MAYBE_PAM_SEPERMIT. * modules/pam_selinux/Makefile.am: Assume HAVE_LIBSELINUX. * modules/pam_sepermit/Makefile.am: Likewise.
* pam_selinux: fall back to log to syslog if audit logging failsChristian Göttsche2020-03-231-11/+19
| | | | Resolves: https://github.com/linux-pam/linux-pam/pull/194
* pam_selinux: sanitize asprintf argument on failureChristian Göttsche2020-03-231-0/+1
|
* pam_selinux: print additional information on failuresChristian Göttsche2020-03-231-4/+4
|
* pam_selinux: convert send_audit_message to void functionChristian Göttsche2020-03-231-10/+6
| | | | | The result is nowhere checked and other logging functions like pam_syslog are also not checked.
* pam_selinux: fix indentationChristian Göttsche2020-03-231-5/+5
|
* pam_selinux: substitute legacy security_context_t typeChristian Göttsche2020-03-231-20/+20
| | | | | | | | `security_context_t` is a legacy typedef to `char *`, substitute all usage. See https://github.com/SELinuxProject/selinux/commit/9eb9c9327563014ad6a807814e7975424642d5b9 https://github.com/SELinuxProject/selinux/blob/f8c110c8a615eb640510eab39640a0957a6ba19c/libselinux/include/selinux/selinux.h#L16
* modules/pam_selinux: use pam_str_skip_prefixDmitry V. Levin2020-03-191-2/+4
| | | | | | * modules/pam_selinux/pam_selinux.c: Include "pam_inline.h". (compute_exec_context, compute_tty_context): Use pam_str_skip_prefix instead of ugly strncmp invocations.
* pam_selinux: check unknown object classes or permissions in current policyikerexxe2020-03-111-42/+8
| | | | | | Explanation: check whether unknown object classes or permissions are allowed or denied in the current policy Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1680961
* Remove redundant header file inclusionMIZUTA Takeshi2020-02-181-2/+0
| | | | | There are some source code including the same header file redundantly. We remove these redundant header file inclusion.
* configure.ac: add --enable-doc optionFabrice Fontaine2020-01-271-0/+2
| | | | | | | | Allow the user to disable documentation through --disable-doc (enabled by default), this is especially useful when cross-compiling for embedded targets Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
* Do not use CFLAGS for warning flags set from configureTomas Mraz2019-12-181-1/+1
| | | | | | | | To be able to set CFLAGS from make command-line but not to lose the warning flags. * configure.ac: Put warning flags to WARN_CFLAGS instead of CFLAGS. * */Makefile.am: Apply WARN_CFLAGS to AM_CFLAGS.
* Fix or suppress various warnings when compiling with -Wall -WextraTomas Mraz2019-12-161-3/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * conf/pam_conv1/Makefile.am: Add -Wno-unused-function -Wno-sign-compare to CFLAGS. * doc/specs/Makefile.am: Likewise. * libpamc/include/security/pam_client.h: Explicitly compare old_p with NULL. * modules/pam_access/pam_access.c: Avoid double const. * modules/pam_filter/pam_filter.c: Avoid arbitrary constants. Avoid strncpy() without copying the NUL byte. * modules/pam_group/pam_group.c: Mark switch fallthrough with comment. * modules/pam_time/pam_time.c: Likewise. * modules/pam_limits/pam_limits.c: Remove unused units variable. * modules/pam_listfile/pam_listfile.c: Avoid unnecessary strncpy, use pointers. * modules/pam_rootok/pam_rootok.c (log_callback): Mark unused parameter. * modules/pam_selinux/pam_selinux.c: Use string_to_security_class() instead of hardcoded value. * modules/pam_sepermit/pam_sepermit.c: Properly cast when comparing. * modules/pam_succeed_if/pam_succeed_if.c: Mark unused parameters. * modules/pam_unix/pam_unix_passwd.c: Remove unused variables and properly cast for comparison. * modules/pam_unix/support.c: Remove unused function.
* Fix grammar of messages printed via pam_promptDmitry V. Levin2018-06-191-6/+7
| | | | | | | | | | | | | | | | | | | | | | | | | Turn into proper sentences those messages that are printed without further modifications using pam_prompt in contexts where proper sentences are expected. * libpam/pam_get_authtok.c (pam_get_authtok_internal): Fix grammar of the message passed to pam_error. * modules/pam_limits/pam_limits.c (pam_sm_open_session): Likewise. * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Fix grammar of error messages passed to pam_error. * modules/pam_mail/pam_mail.c (report_mail): Fix grammar of a message passed to pam_info. * modules/pam_timestamp/pam_timestamp.c (verbose_success): Likewise. * modules/pam_selinux/pam_selinux.c (config_context, send_text): Fix grammar of messages passed to pam_prompt. * modules/pam_tally/pam_tally.c (tally_check): Fix grammar of messages passed to pam_info. * modules/pam_tally2/pam_tally2.c (tally_check): Likewise. * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Fix grammar of messages passed to _make_remark. * modules/pam_unix/pam_unix_passwd.c (_pam_unix_approve_pass, pam_sm_chauthtok): Likewise. * po/Linux-PAM.pot: Regenerate.
* Unification and cleanup of syslog log levels.Tomas Mraz2016-06-301-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * libpam/pam_handlers.c: Make memory allocation failures LOG_CRIT. * libpam/pam_modutil_priv.c: Make memory allocation failures LOG_CRIT. * modules/pam_echo/pam_echo.c: Make memory allocation failures LOG_CRIT. * modules/pam_env/pam_env.c: Make memory allocation failures LOG_CRIT. * modules/pam_exec/pam_exec.c: Make memory allocation failures LOG_CRIT. * modules/pam_filter/pam_filter.c: Make all non-memory call errors LOG_ERR. * modules/pam_group/pam_group.c: Make memory allocation failures LOG_CRIT. * modules/pam_issue/pam_issue.c: Make memory allocation failures LOG_CRIT. * modules/pam_lastlog/pam_lastlog.c: The lastlog file creation is syslogged with LOG_NOTICE, memory allocation errors with LOG_CRIT, other errors with LOG_ERR. * modules/pam_limits/pam_limits.c: User login limit messages are syslogged with LOG_NOTICE, stale utmp entry with LOG_INFO, non-memory errors with LOG_ERR. * modules/pam_listfile/pam_listfile.c: Rejection of user is syslogged with LOG_NOTICE. * modules/pam_namespace/pam_namespace.c: Make memory allocation failures LOG_CRIT. * modules/pam_nologin/pam_nologin.c: Make memory allocation failures LOG_CRIT, other errors LOG_ERR. * modules/pam_securetty/pam_securetty.c: Rejection of access is syslogged with LOG_NOTICE, non-memory errors with LOG_ERR. * modules/pam_selinux/pam_selinux.c: Make memory allocation failures LOG_CRIT. * modules/pam_succeed_if/pam_succeed_if.c: Make all non-memory call errors LOG_ERR. * modules/pam_time/pam_time.c: Make memory allocation failures LOG_CRIT. * modules/pam_timestamp/pam_timestamp.c: Make memory allocation failures LOG_CRIT. * modules/pam_unix/pam_unix_acct.c: Make all non-memory call errors LOG_ERR. * modules/pam_unix/pam_unix_passwd.c: Make memory allocation failures LOG_CRIT, other errors LOG_ERR. * modules/pam_unix/pam_unix_sess.c: Make all non-memory call errors LOG_ERR. * modules/pam_unix/passverify.c: Unknown user is syslogged with LOG_NOTICE. * modules/pam_unix/support.c: Unknown user is syslogged with LOG_NOTICE and max retries ignorance by application likewise. * modules/pam_unix/unix_chkpwd.c: Make all non-memory call errors LOG_ERR. * modules/pam_userdb/pam_userdb.c: Password authentication error is syslogged with LOG_NOTICE. * modules/pam_xauth/pam_xauth.c: Make memory allocation failures LOG_CRIT.
* Remove "--enable-static-modules" option and support fromThorsten Kukuk2016-03-291-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Linux-PAM. It was never official supported and was broken since years. * configure.ac: Remove --enable-static-modules option. * doc/man/pam_sm_acct_mgmt.3.xml: Remove PAM_EXTERN. * doc/man/pam_sm_authenticate.3.xml: Likewise. * doc/man/pam_sm_chauthtok.3.xml: Likewise. * doc/man/pam_sm_close_session.3.xml: Likewise. * doc/man/pam_sm_open_session.3.xml: Likewise. * doc/man/pam_sm_setcred.3.xml: Likewise. * libpam/Makefile.am: Remove STATIC_MODULES cases. * libpam/include/security/pam_modules.h: Remove PAM_STATIC parts. * libpam/pam_dynamic.c: Likewise. * libpam/pam_handlers.c: Likewise. * libpam/pam_private.h: Likewise. * libpam/pam_static.c: Remove file. * libpam/pam_static_modules.h: Remove header file. * modules/pam_access/pam_access.c: Remove PAM_EXTERN and PAM_STATIC parts. * modules/pam_cracklib/pam_cracklib.c: Likewise. * modules/pam_debug/pam_debug.c: Likewise. * modules/pam_deny/pam_deny.c: Likewise. * modules/pam_echo/pam_echo.c: Likewise. * modules/pam_env/pam_env.c: Likewise. * modules/pam_exec/pam_exec.c: Likewise. * modules/pam_faildelay/pam_faildelay.c: Likewise. * modules/pam_filter/pam_filter.c: Likewise. * modules/pam_ftp/pam_ftp.c: Likewise. * modules/pam_group/pam_group.c: Likewise. * modules/pam_issue/pam_issue.c: Likewise. * modules/pam_keyinit/pam_keyinit.c: Likewise. * modules/pam_lastlog/pam_lastlog.c: Likewise. * modules/pam_limits/pam_limits.c: Likewise. * modules/pam_listfile/pam_listfile.c: Likewise. * modules/pam_localuser/pam_localuser.c: Likewise. * modules/pam_loginuid/pam_loginuid.c: Likewise. * modules/pam_mail/pam_mail.c: Likewise. * modules/pam_mkhomedir/pam_mkhomedir.c: Likewise. * modules/pam_motd/pam_motd.c: Likewise. * modules/pam_namespace/pam_namespace.c: Likewise. * modules/pam_nologin/pam_nologin.c: Likewise. * modules/pam_permit/pam_permit.c: Likewise. * modules/pam_pwhistory/pam_pwhistory.c: Likewise. * modules/pam_rhosts/pam_rhosts.c: Likewise. * modules/pam_rootok/pam_rootok.c: Likewise. * modules/pam_securetty/pam_securetty.c: Likewise. * modules/pam_selinux/pam_selinux.c: Likewise. * modules/pam_sepermit/pam_sepermit.c: Likewise. * modules/pam_shells/pam_shells.c: Likewise. * modules/pam_stress/pam_stress.c: Likewise. * modules/pam_succeed_if/pam_succeed_if.c: Likewise. * modules/pam_tally/pam_tally.c: Likewise. * modules/pam_tally2/pam_tally2.c: Likewise. * modules/pam_time/pam_time.c: Likewise. * modules/pam_timestamp/pam_timestamp.c: Likewise. * modules/pam_tty_audit/pam_tty_audit.c: Likewise. * modules/pam_umask/pam_umask.c: Likewise. * modules/pam_userdb/pam_userdb.c: Likewise. * modules/pam_warn/pam_warn.c: Likewise. * modules/pam_wheel/pam_wheel.c: Likewise. * modules/pam_xauth/pam_xauth.c: Likewise. * modules/pam_unix/Makefile.am: Remove STATIC_MODULES part. * modules/pam_unix/pam_unix_acct.c: Remove PAM_STATIC part. * modules/pam_unix/pam_unix_auth.c: Likewise. * modules/pam_unix/pam_unix_passwd.c: Likewise. * modules/pam_unix/pam_unix_sess.c: Likewise. * modules/pam_unix/pam_unix_static.c: Removed. * modules/pam_unix/pam_unix_static.h: Removed. * po/POTFILES.in: Remove removed files. * tests/tst-dlopen.c: Remove PAM_STATIC part.
* pam_selinux: canonicalize user nameTomas Mraz2014-03-111-0/+5
| | | | | | SELinux expects canonical user name for example without domain component. * modules/pam_selinux/pam_selinux.c (compute_exec_context): Canonicalize user name with pam_modutil_getpwnam().
* pam_selinux: Drop obsolete and unsupported manual context selection.Tomas Mraz2012-11-301-80/+0
| | | | | modules/pam_selinux/pam_selinux.c (manual_context): Drop function. (compute_exec_context): Drop manual_context() call.
* pam_selinux, pam_tally2: Add tty and rhost to audit data.Tomas Mraz2012-09-061-1/+4
| | | | | | | | modules/pam_selinux/pam_selinux.c (send_audit_message): Obtain tty and rhost from PAM items and pass them to audit. modules/pam_tally2/pam_tally2.c (tally_check): Obtain tty and rhost from PAM items and pass them to audit. (main): Obtain tty name of stdin and pass it to audit.
* pam_selinux.8.xml: updateDmitry V. Levin2011-11-031-39/+74
| | | | | | | | | | | * modules/pam_selinux/pam_selinux.8.xml (pam_selinux-cmdsynopsis): Reorder options, add new "restore" option. pam_selinux-description): Rewrite. (pam_selinux-options): Reorder options, describe new "restore" option. (pam_selinux-return_values): Remove PAM_AUTH_ERR, PAM_SESSION_ERR and PAM_BUF_ERR. (pam_selinux-see_also): Remove pam.conf(5). Add execve(2), tty(4) and selinux(8).
* pam_selinux.c: add "restore" optionDmitry V. Levin2011-11-031-1/+8
| | | | | * modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Add new "restore" option.
* pam_selinux.c: rewrite using pam_get_data/pam_set_dataDmitry V. Levin2011-11-031-266/+336
| | | | | | | | | | | | * modules/pam_selinux/pam_selinux.c (security_restorelabel_tty, security_label_tty): Remove old functions. (module_data_t): New structure. (free_module_data, cleanup, get_module_data, get_item, set_exec_context, set_file_context, compute_exec_context, compute_tty_context, restore_context, set_context, create_context): New functions. (pam_sm_authenticate, pam_sm_setcred, pam_sm_open_session, pam_sm_close_session): Use them.
* Use libpam.la/libpam_misc.la to link with -lpam/-lpam_miscDmitry V. Levin2011-10-281-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | GNU automake documentation recommends to avoid using -l options in LDADD or LIBADD when referring to libraries built by the package. Instead, it recommends to write the file name of the library explicitly, and use -l option only to list third-party libraries. As result, the default value of *_DEPENDENCIES will list all local libraries and omit the other ones. * modules/pam_access/Makefile.am (pam_access_la_LIBADD): Replace "-L$(top_builddir)/libpam -lpam" with "$(top_builddir)/libpam/libpam.la", to follow GNU automake recommendations. * modules/pam_cracklib/Makefile.am (pam_cracklib_la_LIBADD): Likewise. * modules/pam_debug/Makefile.am (pam_debug_la_LIBADD): Likewise. * modules/pam_deny/Makefile.am (pam_deny_la_LIBADD): Likewise. * modules/pam_echo/Makefile.am (pam_echo_la_LIBADD): Likewise. * modules/pam_env/Makefile.am (pam_env_la_LIBADD): Likewise. * modules/pam_exec/Makefile.am (pam_exec_la_LIBADD): Likewise. * modules/pam_faildelay/Makefile.am (pam_faildelay_la_LIBADD): Likewise. * modules/pam_filter/Makefile.am (pam_filter_la_LIBADD): Likewise. * modules/pam_filter/upperLOWER/Makefile.am (LDADD): Likewise. * modules/pam_ftp/Makefile.am (pam_ftp_la_LIBADD): Likewise. * modules/pam_group/Makefile.am (pam_group_la_LIBADD): Likewise. * modules/pam_issue/Makefile.am (pam_issue_la_LIBADD): Likewise. * modules/pam_keyinit/Makefile.am (pam_keyinit_la_LIBADD): Likewise. * modules/pam_lastlog/Makefile.am (pam_lastlog_la_LIBADD): Likewise. * modules/pam_limits/Makefile.am (pam_limits_la_LIBADD): Likewise. * modules/pam_listfile/Makefile.am (pam_listfile_la_LIBADD): Likewise. * modules/pam_localuser/Makefile.am (pam_localuser_la_LIBADD): Likewise. * modules/pam_loginuid/Makefile.am (pam_loginuid_la_LIBADD): Likewise. * modules/pam_mail/Makefile.am (pam_mail_la_LIBADD): Likewise. * modules/pam_mkhomedir/Makefile.am (pam_mkhomedir_la_LIBADD, mkhomedir_helper_LDADD): Likewise. * modules/pam_motd/Makefile.am (pam_motd_la_LIBADD): Likewise. * modules/pam_namespace/Makefile.am (pam_namespace_la_LIBADD): Likewise. * modules/pam_nologin/Makefile.am (pam_nologin_la_LIBADD): Likewise. * modules/pam_permit/Makefile.am (pam_permit_la_LIBADD): Likewise. * modules/pam_pwhistory/Makefile.am (pam_pwhistory_la_LIBADD): Likewise. * modules/pam_rhosts/Makefile.am (pam_rhosts_la_LIBADD): Likewise. * modules/pam_rootok/Makefile.am (pam_rootok_la_LIBADD): Likewise. * modules/pam_securetty/Makefile.am (pam_securetty_la_LIBADD): Likewise. * modules/pam_sepermit/Makefile.am (pam_sepermit_la_LIBADD): Likewise. * modules/pam_shells/Makefile.am (pam_shells_la_LIBADD): Likewise. * modules/pam_stress/Makefile.am (pam_stress_la_LIBADD): Likewise. * modules/pam_succeed_if/Makefile.am (pam_succeed_if_la_LIBADD): Likewise. * modules/pam_tally/Makefile.am (pam_tally_la_LIBADD): Likewise. * modules/pam_tally2/Makefile.am (pam_tally2_la_LIBADD, pam_tally2_LDADD): Likewise. * modules/pam_time/Makefile.am (pam_time_la_LIBADD): Likewise. * modules/pam_timestamp/Makefile.am (pam_timestamp_la_LIBADD, pam_timestamp_check_LDADD, hmacfile_LDADD): Likewise. * modules/pam_tty_audit/Makefile.am (pam_tty_audit_la_LIBADD): Likewise. * modules/pam_umask/Makefile.am (pam_umask_la_LIBADD): Likewise. * modules/pam_unix/Makefile.am (pam_unix_la_LIBADD): Likewise. * modules/pam_userdb/Makefile.am (pam_userdb_la_LIBADD): Likewise. * modules/pam_warn/Makefile.am (pam_warn_la_LIBADD): Likewise. * modules/pam_wheel/Makefile.am (pam_wheel_la_LIBADD): Likewise. * modules/pam_xauth/Makefile.am (pam_xauth_la_LIBADD): Likewise. * tests/Makefile.am (LDADD): Likewise. * examples/Makefile.am (LDADD): Replace "-L$(top_builddir)/libpam -lpam" with "$(top_builddir)/libpam/libpam.la", and "-L$(top_builddir)/libpam_misc -lpam_misc" with "$(top_builddir)/libpam_misc/libpam_misc.la", to follow GNU automake recommendations. * xtests/Makefile.am (LDADD): Likewise. * modules/pam_selinux/Makefile.am (pam_selinux_la_LIBADD): Likewise.
* Fix usage of LIBADD, LDADD and LDFLAGSDmitry V. Levin2011-10-281-5/+3
| | | | | | | | | | | | | | * modules/pam_selinux/Makefile.am: Rename pam_selinux_check_LDFLAGS to pam_selinux_check_LDADD. * modules/pam_userdb/Makefile.am: Split out pam_userdb_la_LIBADD from AM_LDFLAGS. * modules/pam_warn/Makefile.am: Split out pam_warn_la_LIBADD from AM_LDFLAGS. * modules/pam_wheel/Makefile.am: Split out pam_wheel_la_LIBADD from AM_LDFLAGS. * modules/pam_xauth/Makefile.am: split out pam_xauth_la_LIBADD from AM_LDFLAGS. * xtests/Makefile.am: Rename AM_LDFLAGS to LDADD.
* Update .gitignore filesDmitry V. Levin2011-10-271-10/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * .gitignore: Add common ignore patterns. * m4/.gitignore: Unignore local m4 files. * dynamic/.gitignore: Unignore Makefile. * libpamc/test/modules/.gitignore: Likewise. * libpamc/test/regress/.gitignore: Likewise. * po/.gitignore: Add Makevars.template. * conf/.gitignore: Remove common ignore patterns. * conf/pam_conv1/.gitignore: Likewise. * doc/.gitignore: Likewise. * doc/specs/.gitignore: Likewise. * doc/specs/formatter/.gitignore: Likewise. * examples/.gitignore: Likewise. * modules/pam_filter/upperLOWER/.gitignore: Likewise. * modules/pam_mkhomedir/.gitignore: Likewise. * modules/pam_selinux/.gitignore: Likewise. * modules/pam_stress/.gitignore: Likewise. * modules/pam_tally/.gitignore: Likewise. * modules/pam_tally2/.gitignore: Likewise. * modules/pam_timestamp/.gitignore: Likewise. * modules/pam_unix/.gitignore: Likewise. * tests/.gitignore: Likewise. * xtests/.gitignore: Likewise. * doc/adg/.gitignore: Remove. * doc/man/.gitignore: Remove. * doc/mwg/.gitignore: Remove. * doc/sag/.gitignore: Remove. * libpamc/.gitignore: Remove. * libpamc/test/.gitignore: Remove. * libpam/.gitignore: Remove. * libpam_misc/.gitignore: Remove. * modules/.gitignore: Remove. * modules/pam_access/.gitignore: Remove. * modules/pam_cracklib/.gitignore: Remove. * modules/pam_debug/.gitignore: Remove. * modules/pam_deny/.gitignore: Remove. * modules/pam_echo/.gitignore: Remove. * modules/pam_env/.gitignore: Remove. * modules/pam_exec/.gitignore: Remove. * modules/pam_faildelay/.gitignore: Remove. * modules/pam_filter/.gitignore: Remove. * modules/pam_ftp/.gitignore: Remove. * modules/pam_group/.gitignore: Remove. * modules/pam_issue/.gitignore: Remove. * modules/pam_keyinit/.gitignore: Remove. * modules/pam_lastlog/.gitignore: Remove. * modules/pam_limits/.gitignore: Remove. * modules/pam_listfile/.gitignore: Remove. * modules/pam_localuser/.gitignore: Remove. * modules/pam_loginuid/.gitignore: Remove. * modules/pam_mail/.gitignore: Remove. * modules/pam_motd/.gitignore: Remove. * modules/pam_namespace/.gitignore: Remove. * modules/pam_nologin/.gitignore: Remove. * modules/pam_permit/.gitignore: Remove. * modules/pam_pwhistory/.gitignore: Remove. * modules/pam_rhosts/.gitignore: Remove. * modules/pam_rootok/.gitignore: Remove. * modules/pam_securetty/.gitignore: Remove. * modules/pam_sepermit/.gitignore: Remove. * modules/pam_shells/.gitignore: Remove. * modules/pam_succeed_if/.gitignore: Remove. * modules/pam_time/.gitignore: Remove. * modules/pam_tty_audit/.gitignore: Remove. * modules/pam_umask/.gitignore: Remove. * modules/pam_userdb/.gitignore: Remove. * modules/pam_warn/.gitignore: Remove. * modules/pam_wheel/.gitignore: Remove. * modules/pam_xauth/.gitignore: Remove.
* Rename all .cvsignore files to .gitignoreDmitry V. Levin2011-10-271-0/+0
|
* Fix whitespace issuesDmitry V. Levin2011-10-263-25/+24
| | | | | | Cleanup trailing whitespaces, indentation that uses spaces before tabs, and blank lines at EOF. Make the project free of warnings reported by git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-08 18:01:35 +0000