aboutsummaryrefslogtreecommitdiff
path: root/modules/pam_timestamp
Commit message (Collapse)AuthorAgeFilesLines
* build: drop autotools supportDmitry V. Levin2024-10-232-62/+0
| | | | There is no point in supporting two different build systems.
* meson: build Linux-PAM using mesonDmitry V. Levin2024-09-101-0/+1
| | | | | | | | | | On my non-representative hardware, the full build using autotools (./autogen.sh && CFLAGS=-O2 ./configure && make -j`nproc` && make -j`nproc` install) takes about 45 seconds. On the same hardware, the full build using meson (meson setup -Doptimization=2 dir && meson compile -C dir && meson install -C dir) takes just about 7.5 seconds.
* build: consistently include config.h firstDmitry V. Levin2024-08-301-1/+1
| | | | Make sure that config.h is included before any system header.
* Include pam_i18n.h where i18n definitions are requiredDmitry V. Levin2024-08-211-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | Do not include <libintl.h> and other i18n stuff via config.h which is included into every compilation unit, include "pam_i18n.h" explicitly where necessary. * configure.ac (AH_BOTTOM): Remove. * libpam/pam_get_authtok.c: Include "pam_i18n.h". * libpam/pam_item.c: Likewise. * libpam/pam_strerror.c: Likewise. * libpam_misc/misc_conv.c: Likewise. * modules/pam_exec/pam_exec.c: Likewise. * modules/pam_faillock/main.c: Likewise. * modules/pam_faillock/pam_faillock.c: Likewise. * modules/pam_lastlog/pam_lastlog.c: Likewise. * modules/pam_limits/pam_limits.c: Likewise. * modules/pam_mail/pam_mail.c: Likewise. * modules/pam_mkhomedir/pam_mkhomedir.c: Likewise. * modules/pam_pwhistory/pam_pwhistory.c: Likewise. * modules/pam_selinux/pam_selinux.c: Likewise. * modules/pam_selinux/pam_selinux_check.c: Likewise. * modules/pam_timestamp/pam_timestamp.c: Likewise. * modules/pam_unix/pam_unix_acct.c: Likewise. * modules/pam_unix/pam_unix_passwd.c: Likewise. * modules/pam_userdb/pam_userdb.c: Likewise.
* pam_timestamp: close the timestamp file on error pathIker Pedrosa2024-05-231-0/+1
| | | | | | | | | | | | | | | | | | | | | | * modules/pam_timestamp/pam_timestamp.c (pam_sm_authenticate) [WITH_OPENSSL]: Close the timestamp file if hmac_size returned an error. ``` Error: RESOURCE_LEAK (CWE-772): Linux-PAM-1.6.0/modules/pam_timestamp/pam_timestamp.c:450: open_fn: Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.] Linux-PAM-1.6.0/modules/pam_timestamp/pam_timestamp.c:450: var_assign: Assigning: "fd" = handle returned from "open(path, 131072)". Linux-PAM-1.6.0/modules/pam_timestamp/pam_timestamp.c:460: noescape: Resource "fd" is not freed or pointed-to in "fstat". Linux-PAM-1.6.0/modules/pam_timestamp/pam_timestamp.c:484: leaked_handle: Handle variable "fd" going out of scope leaks the handle. 482| #ifdef WITH_OPENSSL 483| if (hmac_size(pamh, debug, &maclen)) { 484|-> return PAM_AUTH_ERR; 485| } 486| #else ``` Resolves: https://issues.redhat.com/browse/RHEL-36475 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
* doc: fix uses of non-neutral gender pronounsAura Herrero Ruiz2024-04-021-2/+2
|
* modules: add pamc headers to the search path only when neededTobias Stoeckmann2024-01-211-2/+1
| | | | | | | | | The pam client library libpamc is only needed if libpam_misc is in use. But libpam_misc is only used by an SELinux helper binary. Remove the libpamc includes from the search path in all other cases. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* treewide: strictly separate builddir and srcdirTobias Stoeckmann2024-01-121-1/+1
| | | | | | | | | | Building outside of source directory fails if --disable-doc is not explicitly chosen. This happens because generated files are sometimes expected in the source directory, where they won't exist. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_timestamp: correct failure conditionChristian Göttsche2024-01-041-1/+1
| | | | | | | | Bail out on NULL pointer, not otherwise. Reported by cppcheck. Fixes: 8a3f0810 ("Y2038: use logind instead of utmp")
* pam_timestamp: fix condition orderChristian Göttsche2024-01-041-2/+2
| | | | | | | Check the array index first before dereferencing the array. Also convert the index type to size_t to avoid casting. Reported by cppcheck.
* pam_timestamp_check: check format_timestamp_name return valueDmitry V. Levin2023-12-271-2/+5
| | | | | * modules/pam_timestamp/pam_timestamp.c [PAM_TIMESTAMP_MAIN] (main): Bail out if format_timestamp_name returns an error.
* pam_timestamp_check: fix potential null pointer dereferences on error pathDmitry V. Levin2023-12-241-29/+24
| | | | | | * modules/pam_timestamp/pam_timestamp.c [PAM_TIMESTAMP_MAIN] (main): Bail out early in case of initialization errors to avoid potential null pointer dereferences in -d mode.
* pam_timestamp_check: fix potential null pointer dereference on error pathFmiard2023-12-241-1/+2
| | | | | * modules/pam_timestamp/pam_timestamp.c [PAM_TIMESTAMP_MAIN] (main): Bail out early if getpwuid fails.
* pam_timestamp: try RAND_priv_bytes firstBenny Baumann2023-12-191-0/+7
| | | | | * modules/pam_timestamp/hmac_openssl_wrapper.c: Include <openssl/rand.h>. (generate_key): Try RAND_priv_bytes before getrandom.
* pam_timestamp: prefer getrandom(2) when availableBenny Baumann2023-12-191-0/+13
| | | | | | | | | * configure.ac (AC_CHECK_HEADERS): Add sys/random.h. (AC_CHECK_FUNCS): Add getrandom. * modules/pam_timestamp/hmac_openssl_wrapper.c [HAVE_SYS_RANDOM_H]: Include <sys/random.h>. (generate_key) [HAVE_GETRANDOM]: Call getrandom(2) before trying to open /dev/urandom.
* pam_timestamp: indicate non-null arguments to the compilerBenny Baumann2023-12-191-0/+4
| | | | | | | | | | As these functions assume their arguments to be valid pointers without checking this pre-condition, this should be marked to the compiler. Doing so allows to detect potential NULL dereferences when a caller may pass in an invalid NULL pointer. * modules/pam_timestamp/hmac_openssl_wrapper.c (generate_key, read_file, write_file, key_management): Add PAM_NONNULL attribute.
* pam_timestamp: ensure we get zero-initialized memoryBenny Baumann2023-12-191-2/+2
| | | | | | | | | | This ensures that the whole buffer is in a somewhat defined state all the time even when some function calls write into the buffer only partially. This is not strictly necessary, as short writes into the buffer are checked, but it's good practice anyway. * modules/pam_timestamp/hmac_openssl_wrapper.c (generate_key): Replace malloc with calloc.
* pam_timestamp: allocate memory before opening /dev/urandomBenny Baumann2023-12-191-8/+9
| | | | | | | | | It's handy to have the memory allocated before trying several methods of obtaining randomness that are going to be introduced by subsequent commits. * modules/pam_timestamp/hmac_openssl_wrapper.c (generate_key): Allocate memory before trying to open /dev/urandom.
* pam_timestamp: clean buffers before freeingBenny Baumann2023-12-191-0/+2
| | | | | | * modules/pam_timestamp/hmac_openssl_wrapper.c (generate_key): Clean the buffer on short read. (write_file): Clean the buffer on short write.
* treewide: assume free(NULL) is no-opDmitry V. Levin2023-12-141-3/+1
| | | | | The C standard guarantees that if the argument of free() is a null pointer, no action occurs.
* pam_timestamp: check for ioloop errorsTobias Stoeckmann2023-12-041-6/+12
| | | | | | | | | | The pam_modutil_read and pam_modutil_write return values are signed. Check for values smaller than 0 in case of errors. Also limit key file sizes to INT_MAX due to internal limitations of pam_modutil_read. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* treewide: do not cast calloc/malloc/reallocTobias Stoeckmann2023-11-121-1/+1
| | | | | | | It is not required to cast the results of calloc, malloc, realloc, etc. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_timestamp: use secure memory erasureChristian Göttsche2023-08-071-2/+3
| | | | Closes: #575
* pam_timestamp: constify sha1 padding blockChristian Göttsche2023-08-071-1/+1
| | | | The padding block is only read from via memcpy(3).
* pam_timestamp: do not assume PATH_MAX is definedPino Toscano2023-05-111-1/+3
| | | | | PATH_MAX is optional in POSIX, and not defined on GNU/Hurd; hence, in case it is not defined, define BUFLEN directly to LINE_MAX.
* pam_timestamp: Only build hmacfile when no opensslIker Pedrosa2023-04-201-5/+2
| | | | | | | * modules/pam_timestamp/Makefile.am: Only build hmacfile target when openssl isn't enabled. Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
* pam_timestamp: fix build failureIker Pedrosa2023-03-301-0/+1
| | | | | | | | | | bcba17939e1b1a568cd4a764534cde74d37078cc started using pam_overwrite_n() without providing the definition to this function, which causes a build failure. modules/pam_timestamp/hmac_openssl_wrapper.c: include pam_inline.h Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
* modules: make use of secure memory erasureChristian Göttsche2023-02-283-14/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | Use empty initialization of structs to minimize the memset() usage, to reduce the amount of calls which are not sensitive. Non trivial changes: - pam_env: * erase environment variables where possible - pam_exec: * erase responce on error * erase auth token - pam_pwhistory: * erase buffers containing old passwords - pam_selinux: skip overwriting data structure consisting of only pointers to insensitive data, which also gets free'd afterwards (so it currently does not protect against double-free or use-after-free on the member pointers) - pam_unix: erase cipher data in more places - pam_userdb: erase password hashes
* Y2038: use logind instead of utmpThorsten Kukuk2023-02-282-6/+46
| | | | | | | | | | | | | The struct utmp from glibc uses on many 64bit architectures a 32bit time_t for compatibility with a 32bit userland, which means utmp will not survive the year 2038 (32bit time_t overflow). Use the data from logind instead of utmp. * configure.ac: Add option --enable-logind * modules/pam_issue/Makefile.am: Add CFLAGS/LIBS for logind support * modules/pam_issue/pam_issue.c: Use sd_get_sessions instead of utmp * modules/pam_timestamp/Makefile.am: Add CFLAGS/LIBS for logind support * modules/pam_timestamp/pam_timestamp.c: query logind for login time
* build: use <vendordir>/security directory for installation if it has been setStefan Schubert2023-02-071-0/+4
| | | | | | | | | Otherwise the corresponding files are still installed in /etc/security. * configure.ac (AC_SUBST): Add VENDOR_SCONFIGDIR. (AM_CONDITIONAL): Add HAVE_VENDORDIR. * modules/*/Makefile.am (secureconfdir): Set to VENDOR_SCONFIGDIR if HAVE_VENDORDIR has been set, otherwise to SCONFIGDIR.
* doc: Update PAM documentation from DockBook 4 to DocBook 5Stefan Schubert2022-12-163-77/+56
| | | | | | | | | | | | | | | | | | | | Changed files -------------- Make.xml.rules.in: - Using RNG file instead of DTD file for checking XML files. - Taking the correct stylesheet for README files. doc/sag/Makefile.am, doc/adg/Makefile.am, doc/mwg/Makefile.am: - Using RNG file instead of DTD file for checking XML files. configure.ac: - Adding a new option for selecting RNG check file (-enable-docbook-rng) - Switching stylesheets to docbook 5 - Checking DocBook 5 environment instead of DocBook 4 environment *.xml: Update from DockBook 4 to DocBook 5
* pam_timestamp: replace hmac implementationIker Pedrosa2021-06-145-11/+500
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | sha1 is no longer recommended as a cryptographic algorithm for authentication. Thus, the idea of this change is to replace the implementation provided by hmacsha1 included in pam_timestamp module by the one in the openssl library. This way, there's no need to maintain the cryptographic algorithm implementation and it can be easily changed with a single configuration change. modules/pam_timestamp/hmac_openssl_wrapper.c: implement wrapper functions around openssl's hmac implementation. Moreover, manage the key generation and its read and write in a file. Include an option to configure the cryptographic algorithm in login.defs file. modules/pam_timestamp/hmac_openssl_wrapper.h: likewise. modules/pam_timestamp/pam_timestamp.c: replace calls to functions provided by hmacsha1 by functions provided by openssl's wrapper. configure.ac: include openssl dependecy if it is enabled. modules/pam_timestamp/Makefile.am: include new files and openssl library to compilation. ci/install-dependencies.sh: include openssl library to dependencies. NEWS: add new item to next release. Make.xml.rules.in: add stringparam profiling for hmac doc/custom-man.xsl: change import docbook to one with profiling modules/pam_timestamp/pam_timestamp.8.xml: add conditional paragraph to indicate the value in /etc/login.defs that holds the value for the encryption algorithm Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1947294
* Remove deprecated pam_tally and pam_tally2 modulesDmitry V. Levin2020-10-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * ci/run-build-and-tests.sh (DISTCHECK_CONFIGURE_FLAGS): Remove --enable-tally --enable-tally2. * configure.ac: Remove --enable-tally and --enable-tally2 options. (AM_CONDITIONAL): Remove COND_BUILD_PAM_TALLY and COND_BUILD_PAM_TALLY2. (AC_CONFIG_FILES): Remove modules/pam_tally/Makefile and modules/pam_tally2/Makefile. * doc/sag/pam_tally.xml: Remove. * doc/sag/pam_tally2.xml: Likewise. * doc/sag/Linux-PAM_SAG.xml: Do not include pam_tally.xml and pam_tally2.xml. * modules/Makefile.am (MAYBE_PAM_TALLY, MAYBE_PAM_TALLY2): Remove. (SUBDIRS): Remove MAYBE_PAM_TALLY and MAYBE_PAM_TALLY2. * modules/pam_tally/.gitignore: Remove. * modules/pam_tally/Makefile.am: Likewise. * modules/pam_tally/README.xml: Likewise. * modules/pam_tally/faillog.h: Likewise. * modules/pam_tally/pam_tally.8.xml: Likewise. * modules/pam_tally/pam_tally.c: Likewise. * modules/pam_tally/pam_tally_app.c: Likewise. * modules/pam_tally/tst-pam_tally: Likewise. * modules/pam_tally2/.gitignore: Likewise. * modules/pam_tally2/Makefile.am: Likewise. * modules/pam_tally2/README.xml: Likewise. * modules/pam_tally2/pam_tally2.8.xml: Likewise. * modules/pam_tally2/pam_tally2.c: Likewise. * modules/pam_tally2/pam_tally2_app.c: Likewise. * modules/pam_tally2/tallylog.h: Likewise. * modules/pam_tally2/tst-pam_tally2: Likewise. * modules/pam_timestamp/pam_timestamp_check.8.xml: Fix typo by replacing pam_tally with pam_timestamp. * po/POTFILES.in: Remove ./modules/pam_tally/pam_tally_app.c, ./modules/pam_tally/pam_tally.c, ./modules/pam_tally2/pam_tally2_app.c, and ./modules/pam_tally2/pam_tally2.c. * NEWS: Document this change.
* build: rename PIE_* AC_SUBST variables to EXE_*Dmitry V. Levin2020-08-071-2/+2
| | | | | | | | | There are going to be other options added to CFLAGS and LDFLAGS of executables made along with modules. * configure.ac (EXE_CFLAGS, EXE_LDFLAGS): New variables initialized from PIE_CFLAGS and PIE_LDFLAGS, respectively. AC_SUBST them instead of PIE_CFLAGS and PIE_LDFLAGS. All users updated.
* Fix -Wcast-align compilation warnings on armDmitry V. Levin2020-08-062-12/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Apparently, gcc is also not smart enough to infer the alignment of structure fields, for details see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89133 Use unions to avoid these casts altogether, this fixes compilation warnings reported by gcc on arm, e.g.: md5.c: In function 'MD5Update': md5.c:92:35: error: cast increases required alignment of target type [-Werror=cast-align] 92 | MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in); | ^ md5.c:101:35: error: cast increases required alignment of target type [-Werror=cast-align] 101 | MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in); | ^ md5.c: In function 'MD5Final': md5.c:136:35: error: cast increases required alignment of target type [-Werror=cast-align] 136 | MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in); | ^ md5.c:147:9: error: cast increases required alignment of target type [-Werror=cast-align] 147 | memcpy((uint32 *)ctx->in + 14, ctx->bits, 2*sizeof(uint32)); | ^ md5.c:149:34: error: cast increases required alignment of target type [-Werror=cast-align] 149 | MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in); | ^ * modules/pam_namespace/md5.h (struct MD5Context): Replace "buf" and "in" fields with unions. All users updated. * modules/pam_unix/md5.h (struct MD5Context): Likewise. * modules/pam_timestamp/sha1.h (struct sha1_context.pending): Replace with a union. All users updated. Complements: v1.4.0~195 ("Fix most of clang -Wcast-align compilation warnings")
* modules: do not check user name for NULL if pam_get_user returned PAM_SUCCESSDmitry V. Levin2020-05-151-4/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If pam_get_user returned PAM_SUCCESS, the user name is guaranteed to be a valid C string, no need to double check that. * modules/pam_access/pam_access.c (pam_sm_authenticate): Do not check for NULL the user name returned by pam_get_user when the latter returned PAM_SUCCESS. * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Likewise. * modules/pam_debug/pam_debug.c (pam_sm_authenticate): Likewise. * modules/pam_filter/pam_filter.c (process_args): Likewise. * modules/pam_ftp/pam_ftp.c (pam_sm_authenticate): Likewise. * modules/pam_group/pam_group.c (pam_sm_setcred): Likewise. * modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise. * modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): Likewise. * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Likewise. * modules/pam_mail/pam_mail.c (_do_mail): Likewise. * modules/pam_nologin/pam_nologin.c (perform_check): Likewise. * modules/pam_permit/pam_permit.c (pam_sm_authenticate): Likewise. * modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Likewise. * modules/pam_rhosts/pam_rhosts.c (pam_sm_authenticate): Likewise. * modules/pam_securetty/pam_securetty.c (pam_sm_authenticate): Likewise. * modules/pam_sepermit/pam_sepermit.c (pam_sm_authenticate): Likewise. * modules/pam_shells/pam_shells.c (perform_check): Likewise. * modules/pam_stress/pam_stress.c (pam_sm_authenticate): Likewise. * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Likewise. * modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Likewise. * modules/pam_timestamp/pam_timestamp.c (get_timestamp_name): Likewise. * modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise. * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise. * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Likewise. * modules/pam_usertype/pam_usertype.c (pam_usertype_get_uid): Likewise. * modules/pam_wheel/pam_wheel.c (perform_check): Likewise. * modules/pam_userdb/pam_userdb.c (pam_sm_authenticate, pam_sm_acct_mgmt): Likewise.
* modules: remove PAM_SM_* macrosDmitry V. Levin2020-05-031-3/+0
| | | | | | Starting with commit a684595c0bbd88df71285f43fb27630e3829121e aka Linux-PAM-1.3.0~14 (Remove "--enable-static-modules" option and support from Linux-PAM), PAM_SM_* macros have no effect.
* modules/*/Makefile.am: rename man_MANS to dist_man_MANSDmitry V. Levin2020-05-031-2/+2
| | | | | | | ... and remove $(MANS) from EXTRA_DIST. The change is performed automatically using the following script: sed -i 's/^man_MANS/dist_&/; /^EXTRA_DIST/ s/ \$(MANS)//' modules/*/Makefile.am
* modules/*/Makefile.am: add dist_ prefix to *_DATADmitry V. Levin2020-05-031-2/+2
| | | | | | | ... and remove $(DATA) from EXTRA_DIST. The change is performed automatically using the following script: sed -i 's/^[a-z]*_DATA/dist_&/; /^EXTRA_DIST/ s/ \$(DATA)//' modules/*/Makefile.am
* modules/pam_timestamp/Makefile.am: rename noinst_PROGRAMS to check_PROGRAMSDmitry V. Levin2020-05-031-3/+2
| | | | | | | | ... and remove nodist_TESTS. * modules/pam_timestamp/Makefile.am (nodist_TESTS): Remove. (TESTS): Replace $(nodist_TESTS) with $(check_PROGRAMS). (noinst_PROGRAMS): Rename to check_PROGRAMS.
* modules/pam_timestamp/Makefile.am: rename dist_TESTS to dist_check_SCRIPTSDmitry V. Levin2020-05-031-3/+3
| | | | | | | | ... and remove it from EXTRA_DIST * modules/pam_timestamp/Makefile.am (EXTRA_DIST): Remove $(dist_TESTS). (dist_TESTS): Rename to dist_check_SCRIPTS. (TESTS): Replace $(dist_TESTS) with $(dist_check_SCRIPTS).
* modules/*/Makefile.am: replace README with $(DATA) in EXTRA_DISTDmitry V. Levin2020-04-271-1/+1
| | | | | | | | | | | | Since the GNU Automake distributes README files by default, the only reason why README had to be listed in EXTRA_DIST was to make these README files generated. Since README is also listed in noinst_DATA, we can safely replace README in EXTRA_DIST with $(DATA), this also opens the way for further EXTRA_DIST cleanup. * modules/*/Makefile.am (EXTRA_DIST): Replace README with $(DATA).
* modules/*/Makefile.am: reorder lines to promote uniformityDmitry V. Levin2020-04-271-5/+5
| | | | | This is essentially a no-op change that makes modules/*/Makefile.am files less divergent.
* build: move README prerequisites rule from modules/*/Makefile.am to ↵Dmitry V. Levin2020-04-271-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make.xml.rules As the rule is now the same in every modules/*/Makefile.am file, move it to Make.xml.rules. * Make.xml.rules (README): New prerequisites rule. * modules/pam_access/Makefile.am (README): Remove rule. * modules/pam_cracklib/Makefile.am (README): Likewise. * modules/pam_debug/Makefile.am (README): Likewise. * modules/pam_deny/Makefile.am (README): Likewise. * modules/pam_echo/Makefile.am (README): Likewise. * modules/pam_env/Makefile.am (README): Likewise. * modules/pam_exec/Makefile.am (README): Likewise. * modules/pam_faildelay/Makefile.am (README): Likewise. * modules/pam_filter/Makefile.am (README): Likewise. * modules/pam_ftp/Makefile.am (README): Likewise. * modules/pam_group/Makefile.am (README): Likewise. * modules/pam_issue/Makefile.am (README): Likewise. * modules/pam_keyinit/Makefile.am (README): Likewise. * modules/pam_lastlog/Makefile.am (README): Likewise. * modules/pam_limits/Makefile.am (README): Likewise. * modules/pam_listfile/Makefile.am (README): Likewise. * modules/pam_localuser/Makefile.am (README): Likewise. * modules/pam_loginuid/Makefile.am (README): Likewise. * modules/pam_mail/Makefile.am (README): Likewise. * modules/pam_mkhomedir/Makefile.am (README): Likewise. * modules/pam_motd/Makefile.am (README): Likewise. * modules/pam_namespace/Makefile.am (README): Likewise. * modules/pam_nologin/Makefile.am (README): Likewise. * modules/pam_permit/Makefile.am (README): Likewise. * modules/pam_pwhistory/Makefile.am (README): Likewise. * modules/pam_rhosts/Makefile.am (README): Likewise. * modules/pam_rootok/Makefile.am (README): Likewise. * modules/pam_securetty/Makefile.am (README): Likewise. * modules/pam_selinux/Makefile.am (README): Likewise. * modules/pam_sepermit/Makefile.am (README): Likewise. * modules/pam_setquota/Makefile.am (README): Likewise. * modules/pam_shells/Makefile.am (README): Likewise. * modules/pam_succeed_if/Makefile.am (README): Likewise. * modules/pam_tally/Makefile.am (README): Likewise. * modules/pam_tally2/Makefile.am (README): Likewise. * modules/pam_time/Makefile.am (README): Likewise. * modules/pam_timestamp/Makefile.am (README): Likewise. * modules/pam_tty_audit/Makefile.am (README): Likewise. * modules/pam_umask/Makefile.am (README): Likewise. * modules/pam_unix/Makefile.am (README): Likewise. * modules/pam_userdb/Makefile.am (README): Likewise. * modules/pam_usertype/Makefile.am (README): Likewise. * modules/pam_warn/Makefile.am (README): Likewise. * modules/pam_wheel/Makefile.am (README): Likewise. * modules/pam_xauth/Makefile.am (README): Likewise.
* modules/*/Makefile.am: list prerequisites of README target uniformlyDmitry V. Levin2020-04-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is no need to list prerequisites of README targets manually as all README targets depend on $(XMLS). The change is performed automatically using the following script: sed -i 's/^README: pam_.*/README: $(XMLS)/' modules/*/Makefile.am * modules/pam_access/Makefile.am (README): Replace pam_access.8.xml and access.conf.5.xml with $(XMLS). * modules/pam_cracklib/Makefile.am (README): Replace pam_cracklib.8.xml with $(XMLS). * modules/pam_debug/Makefile.am (README): Replace pam_debug.8.xml with $(XMLS). * modules/pam_deny/Makefile.am (README): Replace pam_deny.8.xml with $(XMLS). * modules/pam_echo/Makefile.am (README): Replace pam_echo.8.xml with $(XMLS). * modules/pam_env/Makefile.am (README): Replace pam_env.8.xml and pam_env.conf.5.xml with $(XMLS). * modules/pam_exec/Makefile.am (README): Replace pam_exec.8.xml with $(XMLS). * modules/pam_faildelay/Makefile.am (README): Replace pam_faildelay.8.xml with $(XMLS). * modules/pam_filter/Makefile.am (README): Replace pam_filter.8.xml with $(XMLS). * modules/pam_ftp/Makefile.am (README): Replace pam_ftp.8.xml with $(XMLS). * modules/pam_group/Makefile.am (README): Replace pam_group.8.xml and group.conf.5.xml with $(XMLS). * modules/pam_issue/Makefile.am (README): Replace pam_issue.8.xml with $(XMLS). * modules/pam_keyinit/Makefile.am (README): Replace pam_keyinit.8.xml with $(XMLS). * modules/pam_lastlog/Makefile.am (README): Replace pam_lastlog.8.xml with $(XMLS). * modules/pam_limits/Makefile.am (README): Replace pam_limits.8.xml and limits.conf.5.xml with $(XMLS). * modules/pam_listfile/Makefile.am (README): Replace pam_listfile.8.xml with $(XMLS). * modules/pam_localuser/Makefile.am (README): Replace pam_localuser.8.xml with $(XMLS). * modules/pam_loginuid/Makefile.am (README): Replace pam_loginuid.8.xml with $(XMLS). * modules/pam_mail/Makefile.am (README): Replace pam_mail.8.xml with $(XMLS). * modules/pam_mkhomedir/Makefile.am (README): Replace pam_mkhomedir.8.xml with $(XMLS). * modules/pam_motd/Makefile.am (README): Replace pam_motd.8.xml with $(XMLS). * modules/pam_namespace/Makefile.am (README): Replace pam_namespace.8.xml, namespace.conf.5.xml, and pam_namespace_helper.8.xml with $(XMLS). * modules/pam_nologin/Makefile.am (README): Replace pam_nologin.8.xml with $(XMLS). * modules/pam_permit/Makefile.am (README): Replace pam_permit.8.xml with $(XMLS). * modules/pam_pwhistory/Makefile.am (README): Replace pam_pwhistory.8.xml with $(XMLS). * modules/pam_rhosts/Makefile.am (README): Replace pam_rhosts.8.xml with $(XMLS). * modules/pam_rootok/Makefile.am (README): Replace pam_rootok.8.xml with $(XMLS). * modules/pam_securetty/Makefile.am (README): Replace pam_securetty.8.xml with $(XMLS). * modules/pam_selinux/Makefile.am (README): Replace pam_selinux.8.xml with $(XMLS). * modules/pam_sepermit/Makefile.am (README): Replace pam_sepermit.8.xml with $(XMLS). * modules/pam_setquota/Makefile.am (README): Replace pam_setquota.8.xml with $(XMLS). * modules/pam_shells/Makefile.am (README): Replace pam_shells.8.xml with $(XMLS). * modules/pam_succeed_if/Makefile.am (README): Replace pam_succeed_if.8.xml with $(XMLS). * modules/pam_tally/Makefile.am (README): Replace pam_tally.8.xml with $(XMLS). * modules/pam_tally2/Makefile.am (README): Replace pam_tally2.8.xml with $(XMLS). * modules/pam_time/Makefile.am (README): Replace pam_time.8.xml and time.conf.5.xml with $(XMLS). * modules/pam_timestamp/Makefile.am (README): Replace pam_timestamp.8.xml with $(XMLS). * modules/pam_tty_audit/Makefile.am (README): Replace pam_tty_audit.8.xml with $(XMLS). * modules/pam_umask/Makefile.am (README): Replace pam_umask.8.xml with $(XMLS). * modules/pam_unix/Makefile.am (README): Replace pam_unix.8.xml with $(XMLS). * modules/pam_userdb/Makefile.am (README): Replace pam_userdb.8.xml with $(XMLS). * modules/pam_usertype/Makefile.am (README): Replace pam_usertype.8.xml with $(XMLS). * modules/pam_warn/Makefile.am (README): Replace pam_warn.8.xml with $(XMLS). * modules/pam_wheel/Makefile.am (README): Replace pam_wheel.8.xml with $(XMLS). * modules/pam_xauth/Makefile.am (README): Replace pam_xauth.8.xml with $(XMLS).
* modules/*/Makefile.am: list tests in EXTRA_DIST uniformlyDmitry V. Levin2020-04-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The change was prepared using the following script: git grep -l '^TESTS = tst-pam_' modules/ |while read m; do t="$(sed '/^TESTS = tst-pam_/!d;s/^TESTS = //;q' -- "$m")" sed -i "/^EXTRA_DIST =/ s/$t\\>/\$(TESTS)/" -- "$m" done * modules/pam_access/Makefile.am (EXTRA_DIST): Replace tst-pam_access with $(TESTS). * modules/pam_cracklib/Makefile.am (EXTRA_DIST): Replace tst-pam_cracklib with $(TESTS). * modules/pam_debug/Makefile.am (EXTRA_DIST): Replace tst-pam_debug with $(TESTS). * modules/pam_deny/Makefile.am (EXTRA_DIST): Replace tst-pam_deny with $(TESTS). * modules/pam_echo/Makefile.am (EXTRA_DIST): Replace tst-pam_echo with $(TESTS). * modules/pam_env/Makefile.am (EXTRA_DIST): Replace tst-pam_env with $(TESTS). * modules/pam_exec/Makefile.am (EXTRA_DIST): Replace tst-pam_exec with $(TESTS). * modules/pam_faildelay/Makefile.am (EXTRA_DIST): Replace tst-pam_faildelay with $(TESTS). * modules/pam_filter/Makefile.am (EXTRA_DIST): Replace tst-pam_filter with $(TESTS). * modules/pam_ftp/Makefile.am (EXTRA_DIST): Replace tst-pam_ftp with $(TESTS). * modules/pam_group/Makefile.am (EXTRA_DIST): Replace tst-pam_group with $(TESTS). * modules/pam_issue/Makefile.am (EXTRA_DIST): Replace tst-pam_issue with $(TESTS). * modules/pam_keyinit/Makefile.am (EXTRA_DIST): Replace tst-pam_keyinit with $(TESTS). * modules/pam_lastlog/Makefile.am (EXTRA_DIST): Replace tst-pam_lastlog with $(TESTS). * modules/pam_limits/Makefile.am (EXTRA_DIST): Replace tst-pam_limits with $(TESTS). * modules/pam_listfile/Makefile.am (EXTRA_DIST): Replace tst-pam_listfile with $(TESTS). * modules/pam_localuser/Makefile.am (EXTRA_DIST): Replace tst-pam_localuser with $(TESTS). * modules/pam_loginuid/Makefile.am (EXTRA_DIST): Replace tst-pam_loginuid with $(TESTS). * modules/pam_mail/Makefile.am (EXTRA_DIST): Replace tst-pam_mail with $(TESTS). * modules/pam_mkhomedir/Makefile.am (EXTRA_DIST): Replace tst-pam_mkhomedir with $(TESTS). * modules/pam_motd/Makefile.am (EXTRA_DIST): Replace tst-pam_motd with $(TESTS). * modules/pam_namespace/Makefile.am (EXTRA_DIST): Replace tst-pam_namespace with $(TESTS). * modules/pam_nologin/Makefile.am (EXTRA_DIST): Replace tst-pam_nologin with $(TESTS). * modules/pam_permit/Makefile.am (EXTRA_DIST): Replace tst-pam_permit with $(TESTS). * modules/pam_pwhistory/Makefile.am (EXTRA_DIST): Replace tst-pam_pwhistory with $(TESTS). * modules/pam_rhosts/Makefile.am (EXTRA_DIST): Replace tst-pam_rhosts with $(TESTS). * modules/pam_rootok/Makefile.am (EXTRA_DIST): Replace tst-pam_rootok with $(TESTS). * modules/pam_securetty/Makefile.am (EXTRA_DIST): Replace tst-pam_securetty with $(TESTS). * modules/pam_sepermit/Makefile.am (EXTRA_DIST): Replace tst-pam_sepermit with $(TESTS). * modules/pam_setquota/Makefile.am (EXTRA_DIST): Replace tst-pam_setquota with $(TESTS). * modules/pam_shells/Makefile.am (EXTRA_DIST): Replace tst-pam_shells with $(TESTS). * modules/pam_stress/Makefile.am (EXTRA_DIST): Replace tst-pam_stress with $(TESTS). * modules/pam_succeed_if/Makefile.am (EXTRA_DIST): Replace tst-pam_succeed_if with $(TESTS). * modules/pam_tally/Makefile.am (EXTRA_DIST): Replace tst-pam_tally with $(TESTS). * modules/pam_tally2/Makefile.am (EXTRA_DIST): Replace tst-pam_tally2 with $(TESTS). * modules/pam_time/Makefile.am (EXTRA_DIST): Replace tst-pam_time with $(TESTS). * modules/pam_tty_audit/Makefile.am (EXTRA_DIST): Replace tst-pam_tty_audit with $(TESTS). * modules/pam_umask/Makefile.am (EXTRA_DIST): Replace tst-pam_umask with $(TESTS). * modules/pam_userdb/Makefile.am (EXTRA_DIST): Replace tst-pam_userdb with $(TESTS). * modules/pam_usertype/Makefile.am (EXTRA_DIST): Replace tst-pam_usertype with $(TESTS). * modules/pam_warn/Makefile.am (EXTRA_DIST): Replace tst-pam_warn with $(TESTS). * modules/pam_wheel/Makefile.am (EXTRA_DIST): Replace tst-pam_wheel with $(TESTS). * modules/pam_xauth/Makefile.am (EXTRA_DIST): Replace tst-pam_xauth with $(TESTS).
* pam_timestamp: include "config.h" in hmacsha1.c as the first headerDmitry V. Levin2020-04-241-0/+1
| | | | | | | | | This ensures "config.h" is included before any system header which fixes the following bug reported by ALT diagnostics: verify-elf: ERROR: ./lib/security/pam_timestamp.so: uses non-LFS functions: __fxstat open * modules/pam_timestamp/hmacsha1.c: Include "config.h".
* pam_timestamp: Fix // in TIMESTAMPDIRPetr Lautrbach2020-03-311-1/+1
| | | | | | | | | _PATH_VARRUN already provides trailing slash for building paths Fixes: $ strings /usr/lib64/security/pam_timestamp.so | grep /run/ /var/run//pam_timestamp /var/run//pam_timestamp/_pam_timestamp_key
* modules/pam_timestamp: use pam_str_skip_prefixDmitry V. Levin2020-03-191-5/+10
| | | | | | * modules/pam_timestamp/pam_timestamp.c: Include "pam_inline.h". (check_tty, get_timestamp_name, pam_sm_authenticate): Use pam_str_skip_prefix instead of ugly strncmp invocations.
* Use PAM_ARRAY_SIZEDmitry V. Levin2020-03-191-1/+3
| | | | | | | | | | | | | | | | | | | | | Replace all instances of sizeof(x) / sizeof(*x) with PAM_ARRAY_SIZE(x) which is less error-prone and implements an additional type check. * libpam/pam_handlers.c: Include "pam_inline.h". (_pam_open_config_file): Use PAM_ARRAY_SIZE. * modules/pam_exec/pam_exec.c: Include "pam_inline.h". (call_exec): Use PAM_ARRAY_SIZE. * modules/pam_namespace/pam_namespace.c: Include "pam_inline.h". (filter_mntopts): Use PAM_ARRAY_SIZE. * modules/pam_timestamp/hmacfile.c: Include "pam_inline.h". (testvectors): Use PAM_ARRAY_SIZE. * modules/pam_xauth/pam_xauth.c: Include "pam_inline.h". (run_coprocess, pam_sm_open_session): Use PAM_ARRAY_SIZE. * tests/tst-pam_get_item.c: Include "pam_inline.h". (main): Use PAM_ARRAY_SIZE. * tests/tst-pam_set_item.c: Likewise. * xtests/tst-pam_pwhistory1.c: Likewise. * xtests/tst-pam_time1.c: Likewise.
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-08 15:32:51 +0000