pam.git - Unnamed repository; edit this file 'description' to name the repository.

	Commit message (Collapse)	Author	Age	Files	Lines
*	build: consistently include config.h first	Dmitry V. Levin	2024-08-30	1	-1/+2
\| \| \| \|	Make sure that config.h is included before any system header.
*	pam_setquota: plug memory leak	Tobias Stoeckmann	2023-12-05	1	-0/+1
\| \| \| \| \| \|	The result of pam_modutil_search_key must be freed. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
*	Fix various typos found using codespell tool	Dmitry V. Levin	2020-11-24	1	-2/+2
\| \| \| \| \| \| \| \| \| \|	* modules/pam_limits/limits.conf: Replace "overriden" with "overridden". * modules/pam_mkhomedir/mkhomedir_helper.c (create_homedir): Replace "preseves" with "preserves". * modules/pam_setquota/pam_setquota.8.xml: Replace "specifed" with "specified". * modules/pam_setquota/pam_setquota.c (pam_sm_open_session): Replace "fileystem" with "filesystem", "conditons" with "conditions".
*	pam_setquota: skip mountpoints equal to the user's $HOME	Josef Möllers	2020-05-29	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Matthias Gerstner found the following issue: <quote> So this pam_setquota module iterates over all mounted file systems using `setmntent()` and `getmntent()`. It tries to find the longest match of a file system mounted on /home/$USER or above (except when the fs=/some/path parameter is passed to the pam module). The thing is that /home/$USER is owned by the unprivileged user. And there exist tools like fusermount from libfuse which is by default installed setuid-root for everybody. fusermount allows to mount a FUSE file system using an arbitrary "source device name" as the unprivileged user. Thus considering the following use case: 1) there is only the root file system (/) or a file system is mounted on /home, but not on /home/$USER. 2) the attacker mounts a fake FUSE file system over its own home directory: ``` user $ export _FUSE_COMMFD=0 user $ fusermount $HOME -ononempty,fsname=/dev/sda1 ``` This will result in a mount entry in /proc/mounts looking like this: ``` /dev/sda1 on /home/$USER type fuse (rw,nosuid,nodev,relatime,user_id=1000,group_id=100) ``` 3) when the attacker now logs in with pam_setquota configured then pam_setquota will identify /dev/sda1 and the file system where to apply the user's quota on. As a result an unprivileged user has full control over onto which block device the quota is applied. </quote> If the user's $HOME is on a separate partition, setting a quota on the user's $HOME does not really make sense, so this patch skips mountpoints equal to the user's $HOME, preventing the above mentioned bug as a side-effect (or vice-versa). Reported-by: Matthias Gerstner <mgerstner@suse.de> Co-authored-by: Tomáš Mráz <tmraz@redhat.com> Co-authored-by: Dmitry V. Levin <ldv@altlinux.org> Resolves: https://github.com/linux-pam/linux-pam/pull/230
*	pam_setquota: fix return value when the user is unknown	Dmitry V. Levin	2020-05-09	1	-1/+2
\| \| \| \| \| \| \| \| \| \| \| \|	Following the bad example in pam_mkhomedir module, from the very beginning pam_setquota module used to return PAM_CRED_INSUFFICIENT when pam_modutil_getpwnam() returned an error. Fix this now by changing the return value to PAM_USER_UNKNOWN. * modules/pam_setquota/pam_setquota.c (pam_sm_open_session): Return PAM_USER_UNKNOWN instead of PAM_CRED_INSUFFICIENT. * modules/pam_setquota/pam_setquota.8.xml (PAM_CRED_INSUFFICIENT): Replace with PAM_USER_UNKNOWN.
*	modules: remove PAM_SM_* macros	Dmitry V. Levin	2020-05-03	1	-3/+0
\| \| \| \| \| \|	Starting with commit a684595c0bbd88df71285f43fb27630e3829121e aka Linux-PAM-1.3.0~14 (Remove "--enable-static-modules" option and support from Linux-PAM), PAM_SM_* macros have no effect.
*	pam_setquota: remove PAM_EXTERN and PAM_STATIC parts	Dmitry V. Levin	2020-04-24	1	-15/+8
\| \| \| \| \| \| \|	In other modules they were removed by commit Linux-PAM-1.3.0~14. * modules/pam_setquota/pam_setquota.c: Remove PAM_EXTERN and PAM_STATIC parts.
*	pam_setquota: fix more harmless compilation warnings	Dmitry V. Levin	2020-04-24	1	-4/+7
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	On ppc64le the compiler complains with the following diagnostics: pam_setquota.c: In function 'debug': pam_setquota.c:48:59: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 6 has type '__u64' {aka 'const long unsigned int'} [-Wformat=] 48 \| pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu " \| ~~~^ \| \| \| long long unsigned int \| %lu ...... 51 \| p->dqb_bsoftlimit, p->dqb_bhardlimit, \| ~~~~~~~~~~~~~~~~~ \| \| \| __u64 {aka const long unsigned int} pam_setquota.c:48:75: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 7 has type '__u64' {aka 'const long unsigned int'} [-Wformat=] 48 \| pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu " \| ~~~^ \| \| \| long long unsigned int \| %lu ...... 51 \| p->dqb_bsoftlimit, p->dqb_bhardlimit, \| ~~~~~~~~~~~~~~~~~ \| \| \| __u64 {aka const long unsigned int} pam_setquota.c:48:31: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 8 has type '__u64' {aka 'const long unsigned int'} [-Wformat=] 48 \| pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu " \| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ...... 52 \| p->dqb_isoftlimit, p->dqb_ihardlimit, \| ~~~~~~~~~~~~~~~~~ \| \| \| __u64 {aka const long unsigned int} pam_setquota.c:49:46: note: format string is defined here 49 \| "isoftlimit=%llu ihardlimit=%llu btime=%llu itime=%llu", \| ~~~^ \| \| \| long long unsigned int \| %lu pam_setquota.c:48:31: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 9 has type '__u64' {aka 'const long unsigned int'} [-Wformat=] 48 \| pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu " \| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ...... 52 \| p->dqb_isoftlimit, p->dqb_ihardlimit, \| ~~~~~~~~~~~~~~~~~ \| \| \| __u64 {aka const long unsigned int} pam_setquota.c:49:62: note: format string is defined here 49 \| "isoftlimit=%llu ihardlimit=%llu btime=%llu itime=%llu", \| ~~~^ \| \| \| long long unsigned int \| %lu pam_setquota.c:48:31: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 10 has type '__u64' {aka 'const long unsigned int'} [-Wformat=] 48 \| pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu " \| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ...... 53 \| p->dqb_btime, p->dqb_itime); \| ~~~~~~~~~~~~ \| \| \| __u64 {aka const long unsigned int} pam_setquota.c:49:73: note: format string is defined here 49 \| "isoftlimit=%llu ihardlimit=%llu btime=%llu itime=%llu", \| ~~~^ \| \| \| long long unsigned int \| %lu pam_setquota.c:48:31: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 11 has type '__u64' {aka 'const long unsigned int'} [-Wformat=] 48 \| pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu " \| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ...... 53 \| p->dqb_btime, p->dqb_itime); \| ~~~~~~~~~~~~ \| \| \| __u64 {aka const long unsigned int} pam_setquota.c:49:84: note: format string is defined here 49 \| "isoftlimit=%llu ihardlimit=%llu btime=%llu itime=%llu", \| ~~~^ \| \| \| long long unsigned int \| %lu * modules/pam_setquota/pam_setquota.c (debug): Cast fields of type __u64 to unsigned long long.
*	pam_setquota: fix harmless compilation warnings	Dmitry V. Levin	2020-04-24	1	-6/+5
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Fix -Wunused-variable compilation warnings: pam_setquota.c: In function 'pam_sm_open_session': pam_setquota.c:173:9: warning: unused variable 'ep' [-Wunused-variable] 173 \| char ep, val, mntdevice = NULL; \| ^~ pam_setquota.c:172:17: warning: unused variable 'ul' [-Wunused-variable] 172 \| unsigned long ul; \| ^~ Fix -Wunused-parameter compilation warnings: pam_setquota.c: In function 'pam_sm_open_session': pam_setquota.c:169:60: warning: unused parameter 'flags' [-Wunused-parameter] 169 \| PAM_EXTERN int pam_sm_open_session(pam_handle_t pamh, int flags, int argc, \| ~~~~^~~~~ pam_setquota.c: In function 'pam_sm_close_session': pam_setquota.c:382:40: warning: unused parameter 'pamh' [-Wunused-parameter] 382 \| int pam_sm_close_session(pam_handle_t pamh, int flags, int argc, \| ~~~~~~~~~~~~~~^~~~ pam_setquota.c:382:50: warning: unused parameter 'flags' [-Wunused-parameter] 382 \| int pam_sm_close_session(pam_handle_t pamh, int flags, int argc, \| ~~~~^~~~~ pam_setquota.c:382:61: warning: unused parameter 'argc' [-Wunused-parameter] 382 \| int pam_sm_close_session(pam_handle_t pamh, int flags, int argc, \| ~~~~^~~~ pam_setquota.c:383:39: warning: unused parameter 'argv' [-Wunused-parameter] 383 \| const char argv) { \| ~~~~~~~~~~~~~^~~~ modules/pam_setquota/pam_setquota.c (pam_sm_open_session): Mark 'flags' parameter as unused. Remove unused 'ep' and 'ul' variables. (pam_sm_close_session): Mark all parameters as unused.
*	pam_setquota: new module to set or modify disk quotas on session start	Sven Hartge	2020-04-17	1	-0/+396
	This makes disk quotas usable with central user databases, such as MySQL or LDAP. Resolves: https://github.com/linux-pam/linux-pam/issues/92