| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
According to crypt(5), md5 should not be used for new hashes. Let's
give a modern example with yescrypt.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
| |
|
|
|
| |
Resolves: https://github.com/linux-pam/linux-pam/issues/65
Resolves: https://github.com/linux-pam/linux-pam/pull/199
|
| |
|
|
|
|
|
|
|
| |
_PATH_VARRUN already provides trailing slash for building paths
Fixes:
$ strings /usr/lib64/security/pam_timestamp.so | grep /run/
/var/run//pam_timestamp
/var/run//pam_timestamp/_pam_timestamp_key
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The pam_unix.so will never return PAM_AUTHINFO_UNAVAIL on systems
that use the unix_chkpwd helper.
The reason is that in unix_chkpwd.c, towards the end of main(), if
helper_verify_password() does not return PAM_SUCCESS, main() ignores
the actual error that helper_verify_password() returned and instead
returns PAM_AUTH_ERR.
This commit corrects this behavior. Specifically, if
helper_verify_password() returns PAM_USER_UNKNOWN, which it does
when /etc/passwd entry indicates that shadow information is present
but the /etc/shadow entry is missing, the unix_chkpwd now exits
with PAM_AUTHINFO_UNAVAIL. For any other error from
helper_verify_password(), unix_chkpwd continues to exit with
PAM_AUTH_ERR.
* modules/pam_unix/unix_chkpwd.c (main): Return PAM_AUTHINFO_UNAVAIL
when helper_verify_password() returns PAM_USER_UNKNOWN.
|
| | |
|
| |
|
|
|
| |
Resolves: https://github.com/linux-pam/linux-pam/pull/163
Resolves: https://github.com/linux-pam/linux-pam/pull/191
|
| |
|
|
|
|
|
|
|
|
| |
pam_exec module can be called when a user name has not been prompted
yet. And thus the command is called without a user name available.
This fix asks PAM for the user name to ensure it is ready or to force
the prompt.
Resolves: https://github.com/linux-pam/linux-pam/issues/131
Resolves: https://github.com/linux-pam/linux-pam/pull/195
|
| |
|
|
| |
Resolves: https://github.com/linux-pam/linux-pam/pull/194
|
| | |
|
| | |
|
| |
|
|
|
| |
The result is nowhere checked and other logging functions like
pam_syslog are also not checked.
|
| | |
|
| |
|
|
|
|
|
|
| |
`security_context_t` is a legacy typedef to `char *`, substitute all usage.
See
https://github.com/SELinuxProject/selinux/commit/9eb9c9327563014ad6a807814e7975424642d5b9
https://github.com/SELinuxProject/selinux/blob/f8c110c8a615eb640510eab39640a0957a6ba19c/libselinux/include/selinux/selinux.h#L16
|
| |
|
|
|
|
| |
* modules/pam_userdb/pam_userdb.c: Include "pam_inline.h".
(_pam_parse, user_lookup): Use pam_str_skip_icase_prefix
instead of ugly strncasecmp invocations.
|
| |
|
|
|
|
| |
* modules/pam_umask/pam_umask.c: Include "pam_inline.h".
(parse_option, setup_limits_from_gecos): Use pam_str_skip_icase_prefix
instead of ugly strncasecmp invocations.
|
| |
|
|
|
|
| |
* modules/pam_pwhistory/pam_pwhistory.c: Include "pam_inline.h".
(parse_option): Use pam_str_skip_icase_prefix instead of ugly
strncasecmp invocations.
|
| |
|
|
|
| |
* modules/pam_exec/pam_exec.c (call_exec): Use pam_str_skip_icase_prefix
instead of ugly strncasecmp invocations.
|
| |
|
|
|
|
| |
* modules/pam_xauth/pam_xauth.c: Include "pam_inline.h".
(pam_sm_open_session, pam_sm_close_session): Use pam_str_skip_prefix
instead of ugly strncmp invocations.
|
| |
|
|
|
|
| |
* modules/pam_wheel/pam_wheel.c: Include "pam_inline.h".
(_pam_parse): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* modules/pam_unix/passverify.c: Include "pam_inline.h".
(verify_pwd_hash): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
* modules/pam_unix/support.c: Include "pam_inline.h".
(_set_ctrl): Use pam_str_skip_prefix_len instead of hardcoding string
lengths.
* modules/pam_unix/md5_crypt.c: Include "pam_inline.h".
(crypt_md5): Use pam_str_skip_prefix_len.
squash! modules/pam_unix: use pam_str_skip_prefix and pam_str_skip_prefix_len
|
| |
|
|
|
|
| |
* modules/pam_tty_audit/pam_tty_audit.c: Include "pam_inline.h".
(pam_sm_open_session): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
|
| |
|
|
|
|
| |
* modules/pam_timestamp/pam_timestamp.c: Include "pam_inline.h".
(check_tty, get_timestamp_name, pam_sm_authenticate): Use
pam_str_skip_prefix instead of ugly strncmp invocations.
|
| |
|
|
|
|
| |
* modules/pam_tally/pam_tally.c: Include "pam_inline.h".
(tally_parse_args, getopts): Use pam_str_skip_prefix instead of ugly
strncmp invocations.
|
| |
|
|
|
|
| |
* modules/pam_tally2/pam_tally2.c: Include "pam_inline.h".
(tally_parse_args, getopts): Use pam_str_skip_prefix instead of ugly
strncmp invocations.
|
| |
|
|
|
|
| |
* modules/pam_selinux/pam_selinux.c: Include "pam_inline.h".
(compute_exec_context, compute_tty_context): Use pam_str_skip_prefix
instead of ugly strncmp invocations.
|
| |
|
|
|
|
| |
* modules/pam_securetty/pam_securetty.c: Include "pam_inline.h".
(securetty_perform_check): Use pam_str_skip_prefix and
pam_str_skip_prefix_len instead of ugly strncmp invocations.
|
| |
|
|
|
|
| |
* modules/pam_rhosts/pam_rhosts.c: Include "pam_inline.h".
(pam_sm_authenticate): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
|
| |
|
|
|
|
| |
* modules/pam_nologin/pam_nologin.c: Include "pam_inline.h".
(parse_args): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
|
| |
|
|
|
| |
* modules/pam_namespace/pam_namespace.c (root_shared): Use
pam_str_skip_prefix instead of ugly strncmp invocations.
|
| |
|
|
|
|
| |
* modules/pam_motd/pam_motd.c: Include "pam_inline.h".
(pam_sm_open_session): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
|
| |
|
|
|
|
| |
* modules/pam_mkhomedir/pam_mkhomedir.c: Include "pam_inline.h".
(_pam_parse): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
|
| |
|
|
|
|
| |
* modules/pam_mail/pam_mail.c: Include "pam_inline.h".
(_pam_parse): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
|
| |
|
|
|
|
| |
* modules/pam_localuser/pam_localuser.c: Include "pam_inline.h".
(pam_sm_authenticate): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
|
| |
|
|
|
|
| |
* modules/pam_listfile/pam_listfile.c: Include "pam_inline.h".
(pam_sm_authenticate): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
|
| |
|
|
|
|
| |
* modules/pam_limits/pam_limits.c: Include "pam_inline.h".
(_pam_parse, parse_kernel_limits): Use pam_str_skip_prefix instead of
ugly strncmp invocations.
|
| |
|
|
|
|
| |
* modules/pam_lastlog/pam_lastlog.c: Include "pam_inline.h".
(_pam_auth_parse, get_tty): Use pam_str_skip_prefix instead of ugly
strncmp invocations.
|
| |
|
|
|
|
| |
* modules/pam_issue/pam_issue.c: Include "pam_inline.h".
(pam_sm_authenticate, read_issue_quoted): Use pam_str_skip_prefix
instead of ugly strncmp invocations.
|
| |
|
|
|
| |
* modules/pam_ftp/pam_ftp.c: Include "pam_inline.h".
(_pam_parse): Use pam_str_skip_prefix instead of ugly strncmp invocations.
|
| |
|
|
|
|
| |
* modules/pam_env/pam_env.c: Include "pam_inline.h".
(_pam_parse, _parse_line): Use pam_str_skip_prefix instead of ugly
strncmp invocations.
|
| |
|
|
|
| |
* modules/pam_echo/pam_echo.c: Include "pam_inline.h".
(pam_echo): Use pam_str_skip_prefix instead of ugly strncmp invocations.
|
| |
|
|
|
|
| |
* modules/pam_cracklib/pam_cracklib.c: Include "pam_inline.h".
(_pam_parse): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
|
| |
|
|
|
| |
* modules/pam_access/pam_access.c: Include "pam_inline.h".
(parse_args): Use pam_str_skip_prefix instead of ugly strncmp invocations.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace all instances of sizeof(x) / sizeof(*x) with PAM_ARRAY_SIZE(x)
which is less error-prone and implements an additional type check.
* libpam/pam_handlers.c: Include "pam_inline.h".
(_pam_open_config_file): Use PAM_ARRAY_SIZE.
* modules/pam_exec/pam_exec.c: Include "pam_inline.h".
(call_exec): Use PAM_ARRAY_SIZE.
* modules/pam_namespace/pam_namespace.c: Include "pam_inline.h".
(filter_mntopts): Use PAM_ARRAY_SIZE.
* modules/pam_timestamp/hmacfile.c: Include "pam_inline.h".
(testvectors): Use PAM_ARRAY_SIZE.
* modules/pam_xauth/pam_xauth.c: Include "pam_inline.h".
(run_coprocess, pam_sm_open_session): Use PAM_ARRAY_SIZE.
* tests/tst-pam_get_item.c: Include "pam_inline.h".
(main): Use PAM_ARRAY_SIZE.
* tests/tst-pam_set_item.c: Likewise.
* xtests/tst-pam_pwhistory1.c: Likewise.
* xtests/tst-pam_time1.c: Likewise.
|
| |
|
|
|
|
|
|
|
| |
Prefix match for options without arguments such as use_first_pass
is not correct, there has to be an exact match for these options.
* modules/pam_cracklib/pam_cracklib.c (_pam_parse): Fix parsing
of reject_username, gecoscheck, enforce_for_root, use_authtok,
use_first_pass, and try_first_pass options.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Introduce DIAG_PUSH_IGNORE_CAST_ALIGN and DIAG_POP_IGNORE_CAST_ALIGN
macros, use them to silence remaining clang -Wcast-align compilation
warnings.
* libpam/include/pam_cc_compat.h (DIAG_PUSH_IGNORE_CAST_ALIGN,
DIAG_POP_IGNORE_CAST_ALIGN): New macros.
* modules/pam_access/pam_access.c: Include "pam_cc_compat.h".
(from_match, network_netmask_match): Wrap inet_ntop invocations
in DIAG_PUSH_IGNORE_CAST_ALIGN and DIAG_POP_IGNORE_CAST_ALIGN.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unlike gcc, clang is not smart enough to infer the alignment
of structure fields, so add some alignment hints to the code.
* libpam/include/pam_cc_compat.h (PAM_ATTRIBUTE_ALIGNED): New macro.
* modules/pam_namespace/md5.h: Include "pam_cc_compat.h".
(struct MD5Context): Add PAM_ATTRIBUTE_ALIGNED to "in" field.
* modules/pam_namespace/md5.c [!(__i386__ || __x86_64__)]
(uint8_aligned): New type.
[!(__i386__ || __x86_64__)] (byteReverse): Use it instead of
unsigned char.
* modules/pam_timestamp/sha1.h: Include "pam_cc_compat.h".
(struct sha1_context): Add PAM_ATTRIBUTE_ALIGNED to pending field.
* modules/pam_unix/md5.h: Include "pam_cc_compat.h".
(struct MD5Context): Add PAM_ATTRIBUTE_ALIGNED to "in" field.
* modules/pam_unix/md5.c [!HIGHFIRST] (uint8_aligned): New type.
[!HIGHFIRST] (byteReverse): Use it instead of unsigned char.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the following compilation warnings reported by gcc
when sizeof(time_t) > sizeof(long), e.g. on x32:
modules/pam_tally/pam_tally.c:541:7: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 5 has type ‘time_t’ {aka ‘long long int’} [-Wformat=]
541 | _("The account is temporarily locked (%ld seconds left)."),
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
modules/pam_tally/pam_tally.c:546:40: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 6 has type ‘time_t’ {aka ‘long long int’} [-Wformat=]
546 | "user %s (%lu) has time limit [%lds left]"
| ~~^
| |
| long int
| %lld
......
549 | oldtime+lock_time-time(NULL));
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| |
| time_t {aka long long int}
modules/pam_tally2/pam_tally2.c:592:27: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 5 has type ‘time_t’ {aka ‘long long int’} [-Wformat=]
592 | pam_info(pamh, _("The account is temporarily locked (%ld seconds left)."),
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
modules/pam_tally2/pam_tally2.c:597:50: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 6 has type ‘time_t’ {aka ‘long long int’} [-Wformat=]
597 | "user %s (%lu) has time limit [%lds left]"
| ~~^
| |
| long int
| %lld
......
600 | oldtime+opts->lock_time-time(NULL));
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| |
| time_t {aka long long int}
This change doesn't attempt to fix handling of 64-bit time_t on 32-bit
systems in these modules.
* modules/pam_tally/pam_tally.c (tally_check): Cast time_t expressions
to long int before passing them to pam_info and pam_syslog.
* modules/pam_tally2/pam_tally2.c (tally_check): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the following compilation warnings reported by gcc on ilp32 platforms:
modules/pam_timestamp/hmacfile.c: In function ‘testvectors’:
modules/pam_timestamp/hmacfile.c:121:44: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 2 has type ‘size_t’ {aka ‘unsigned int’} [-Wformat=]
121 | printf("Incorrect result for vector %lu\n", i + 1);
| ~~^ ~~~~~
| | |
| | size_t {aka unsigned int}
| long unsigned int
| %u
modules/pam_timestamp/hmacfile.c:128:30: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 2 has type ‘size_t’ {aka ‘unsigned int’} [-Wformat=]
128 | printf("Error in vector %lu.\n", i + 1);
| ~~^ ~~~~~
| | |
| | size_t {aka unsigned int}
| long unsigned int
| %u
In function ‘strncpy’,
inlined from ‘pam_sm_open_session’ at modules/pam_timestamp/pam_timestamp.c:584:4:
/usr/include/bits/string_fortified.h:106:10: warning: ‘__builtin___strncpy_chk’ output may be truncated copying between 1 and 4095 bytes from a string of length 4095 [-Wstringop-truncation]
* modules/pam_timestamp/hmacfile.c (testvectors): Cast the argument
of type size_t to unsigned long before passing it to printf.
* modules/pam_timestamp/pam_timestamp.c (pam_sm_open_session): Use
memcpy instead of strncpy as the source is not NUL-terminated, add an
extra check to ensure that iterator stays inside bounds.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When setreuid() fails, there is no way to proceed any further: either
the process credentials are unchanged but inappropriate, or they are
in an inconsistent state and nothing good could be made out of it.
This fixes the following compilation warnings:
modules/pam_unix/passverify.c:209:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result]
modules/pam_unix/passverify.c:211:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result]
modules/pam_unix/passverify.c:213:6: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result]
modules/pam_unix/passverify.c:214:6: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result]
modules/pam_unix/passverify.c:222:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result]
modules/pam_unix/passverify.c:224:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result]
modules/pam_unix/passverify.c:225:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result]
modules/pam_unix/passverify.c:226:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result]
modules/pam_unix/passverify.c:209:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result]
modules/pam_unix/passverify.c:211:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result]
modules/pam_unix/passverify.c:213:6: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result]
modules/pam_unix/passverify.c:214:6: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result]
modules/pam_unix/passverify.c:222:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result]
modules/pam_unix/passverify.c:224:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result]
modules/pam_unix/passverify.c:225:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result]
modules/pam_unix/passverify.c:226:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result]
* modules/pam_unix/passverify.c (get_account_info) [HELPER_COMPILE]:
Always check setreuid return code and return PAM_CRED_INSUFFICIENT
if setreuid failed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the following compilation warning reported by gcc
when HAVE_LIBAUDIT is not set:
modules/pam_access/pam_access.c: In function ‘login_access’:
modules/pam_access/pam_access.c:338:13: warning: variable ‘nonall_match’ set but not used [-Wunused-but-set-variable]
338 | int nonall_match = NO;
| ^~~~~~~~~~~~
* modules/pam_access/pam_access.c (login_access): Enclose nonall_match
variable with HAVE_LIBAUDIT #ifdef's.
|
