aboutsummaryrefslogtreecommitdiff
path: root/modules
Commit message (Collapse)AuthorAgeFilesLines
...
* pam_time: use vendor specific time.conf as fallbackStefan Schubert2022-02-082-0/+21
| | | | | | | | | | | | | | | | Use the vendor directory defined by --enable-vendordir=DIR configure option as fallback for the distribution provided default config file if there is no configuration in /etc. * modules/pam_time/pam_time.8.xml: Describe this. * modules/pam_time/time.h [VENDOR_SCONFIGDIR] (VENDOR_PAM_TIME_CONF): New macro. * modules/pam_time/pam_time.c (_pam_parse) [VENDOR_PAM_TIME_CONF]: Try to open VENDOR_PAM_TIME_CONF file when no conffile= option was specified and PAM_TIME_CONF file does not exist. Co-authored-by: Dmitry V. Levin <ldv@altlinux.org> Resolves: https://github.com/linux-pam/linux-pam/pull/409
* pam_time: add a test of return valuesStefan Schubert2022-02-082-1/+111
| | | | | | | | * modules/pam_time/tst-pam_time-retval.c: New file. * modules/pam_time/Makefile.am (TESTS): Add $(check_PROGRAMS). (check_PROGRAMS, tst_pam_time_retval_LDADD): New variables. Co-authored-by: Dmitry V. Levin <ldv@altlinux.org>
* pam_pwhistory: Enable alternate location for password history file (#396)Martyn Welch2022-02-075-51/+95
| | | | | | | | | | | | Sometimes, especially in embedded devices, the /etc directory can be read-only and/or not saved over upgrades. In order to ensure password policies are maintained across upgrades and the module functions on read-only file systems, allow the location of the password history file to be set in the PAM configuration. Signed-off-by: Edward <jinzhou.zhu1@ge.com> [Martyn Welch: Updated commit message and ported to latest version] Signed-off-by: Martyn Welch <martyn.welch@collabora.com> Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
* pam_faillock: add a test of return valuesStefan Schubert2022-02-042-1/+123
| | | | | | | | * modules/pam_faillock/tst-pam_faillock-retval.c: New file. * modules/pam_faillock/Makefile.am (TESTS): Add $(check_PROGRAMS). (check_PROGRAMS, tst_pam_faillock_retval_LDADD): New variables. Resolves: https://github.com/linux-pam/linux-pam/pull/431
* pam_faillock: use vendor specific faillock.conf as fallbackStefan Schubert2022-02-013-1/+29
| | | | | | | | | | | | | | | | Use the vendor directory defined by --enable-vendordir=DIR configure option as fallback for the distribution provided default config file if there is no configuration in /etc. * modules/pam_faillock/pam_faillock.8.xml: Describe this. * modules/pam_faillock/faillock.h [VENDOR_SCONFIGDIR] (VENDOR_FAILLOCK_DEFAULT_CONF): New macro. * modules/pam_faillock/pam_faillock.c (read_config_file) [VENDOR_FAILLOCK_DEFAULT_CONF]: Try to open VENDOR_FAILLOCK_DEFAULT_CONF file when FAILLOCK_DEFAULT_CONF file does not exist. Co-authored-by: Dmitry V. Levin <ldv@altlinux.org> Resolves: https://github.com/linux-pam/linux-pam/pull/423
* pam_group: use vendor specific group.conf as fallbackStefan Schubert2022-01-252-14/+35
| | | | | | | | | | | | | | | | | | Use the vendor directory defined by --enable-vendordir=DIR configure option as fallback for the distribution provided default config file if there is no configuration in /etc. * modules/pam_group/pam_group.c: Include <errno.h>. [VENDOR_SCONFIGDIR] (VENDOR_PAM_GROUP_CONF): New macro. (read_field): Add conf_filename argument, use it instead of PAM_GROUP_CONF. (check_account) <conf_filename>: New variable, initialize it to PAM_GROUP_CONF, pass it to read_field(). [VENDOR_PAM_GROUP_CONF]: Assign VENDOR_PAM_GROUP_CONF to conf_filename when PAM_GROUP_CONF file does not exist. * modules/pam_group/pam_group.8.xml: Describe it. Co-authored-by: Dmitry V. Levin <ldv@altlinux.org> Resolves: https://github.com/linux-pam/linux-pam/pull/412
* pam_sepermit: use vendor specific sepermit.conf as fallbackStefan Schubert2022-01-242-2/+21
| | | | | | | | | | | | | | | | Use the vendor directory defined by --enable-vendordir=DIR configure option as fallback for the distribution provided default config file if there is no configuration in /etc. * modules/pam_sepermit/pam_sepermit.c [VENDOR_SCONFIGDIR] (SEPERMIT_VENDOR_CONF_FILE): New macro. (pam_sm_authenticate) [SEPERMIT_VENDOR_CONF_FILE]: Use it as default config file when conf= option is not specified and the file pointed by SEPERMIT_CONF_FILE does not exist. * modules/pam_sepermit/pam_sepermit.8.xml: Describe it. Co-authored-by: Dmitry V. Levin <ldv@altlinux.org> Resolves: https://github.com/linux-pam/linux-pam/pull/411
* pam_limits: use VENDOR_SCONFIGDIR macroDmitry V. Levin2022-01-231-2/+2
| | | | | * modules/pam_limits/pam_limits.c (parse_config_file): Use VENDOR_SCONFIGDIR macro instead of VENDORDIR.
* modules: move SCONFIGDIR-based macro definitions from Makefile.am to the ↵Dmitry V. Levin2022-01-2312-10/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | source code Since SCONFIGDIR macro is available, the is no need to define macros based on SCONFIGDIR in Makefile.am files. * modules/pam_access/Makefile.am (AM_CFLAGS): Move definitions of PAM_ACCESS_CONFIG and ACCESS_CONF_GLOB macros ... * modules/pam_access/pam_access.c: ... here. * modules/pam_env/Makefile.am (AM_CFLAGS): Move definition of DEFAULT_CONF_FILE macro ... * modules/pam_env/pam_env.c: ... here. * modules/pam_group/Makefile.am (AM_CFLAGS): Move definition of PAM_GROUP_CONF macro ... * modules/pam_group/pam_group.c: ... here. * modules/pam_limits/Makefile.am (AM_CFLAGS): Move definition of LIMITS_FILE macro ... * modules/pam_limits/pam_limits.c: ... here. * modules/pam_sepermit/Makefile.am (AM_CFLAGS): Move definition of SEPERMIT_CONF_FILE macro ... * modules/pam_sepermit/pam_sepermit.c: ... here. * modules/pam_time/Makefile.am (AM_CFLAGS): Move definition of PAM_TIME_CONF macro ... * modules/pam_time/pam_time.c: ... here.
* pam_limits: make LIMITS_FILE_DIR macro consistentDmitry V. Levin2022-01-232-2/+2
| | | | | | | | | LIMITS_FILE_DIR used to define a glob pattern instead of a directory name, fix that inconsistency. * modules/pam_limits/Makefile.am (AM_CFLAGS): Move "/*.conf" ending of LIMITS_FILE_DIR macro ... * modules/pam_limits/pam_limits.c (LIMITS_CONF_GLOB): ... here.
* modules: use SCONFIGDIR macroDmitry V. Levin2022-01-236-13/+9
| | | | | | | | | | | | | | | | | Use SCONFIGDIR macro instead of open-coding "/etc/security", the latter is not correct when configured using --enable-sconfigdir with an argument different from /etc/security. * modules/pam_faillock/faillock.h (FAILLOCK_DEFAULT_CONF): Use SCONFIGDIR. * modules/pam_namespace/pam_namespace.h (SECURECONF_DIR): Remove. (PAM_NAMESPACE_CONFIG, NAMESPACE_INIT_SCRIPT, NAMESPACE_D_DIR, NAMESPACE_D_GLOB): Use SCONFIGDIR. * modules/pam_namespace/Makefile.am (AM_CFLAGS): Remove -DSECURECONF_DIR. * modules/pam_pwhistory/opasswd.c (OLD_PASSWORDS_FILE): Use SCONFIGDIR. * modules/pam_unix/passverify.h: Likewise. * modules/pam_unix/passverify.c (OPW_TMPFILE): Use SCONFIGDIR.
* pam_sepermit: fix conf= option supportDmitry V. Levin2022-01-222-4/+107
| | | | | | | | | | | | The parser of conf= option failed to recognize the option unless it was specified without an argument, making it useless. * modules/pam_sepermit/pam_sepermit.c: Include "pam_inline.h". (pam_sm_authenticate): Fix parsing of conf= option. * modules/pam_sepermit/tst-pam_sepermit-retval.c: Check conf= option. Co-authored-by: Stefan Schubert <schubi@suse.de> Resolves: https://github.com/linux-pam/linux-pam/pull/429
* pam_sepermit: add a basic test for return valuesDmitry V. Levin2022-01-222-1/+64
| | | | | | * modules/pam_sepermit/tst-pam_sepermit-retval.c: New file. * modules/pam_sepermit/Makefile.am (TESTS): Add $(check_PROGRAMS). (check_PROGRAMS, tst_pam_sepermit_retval_LDADD): New variables.
* pam_limits: adjust docu if config file is missing (#426)Thorsten Kukuk2022-01-141-1/+0
| | | | This adjustes the documentation for the changes from PR#418 We no longer fail if the config file does not exist.
* pam_rootok: fix compilation warning when HAVE_LIBAUDIT is not definedStefan Schubert2022-01-131-2/+1
| | | | | * modules/pam_rootok/pam_rootok.c (log_callback): Move audit_fd definition under HAVE_LIBAUDIT guard.
* pam_limits: don't fail on missing config files (#418)Ludwig Nussel2022-01-131-0/+3
| | | | A config with only comments or an empty one is completely fine for pam_limits. So don't complain about missing config files either.
* Check the return value of localtime in faillock (#421)pyllyukko2022-01-121-0/+5
|
* modules/pam_limits: fix build with old Linux kernel headersDmitry V. Levin2021-11-241-0/+4
| | | | | | | | | | | | As PR_SET_NO_NEW_PRIVS was introduced by Linux kernel commit v3.5-rc1~161^2~37, provide a fallback definition to fix build with older Linux kernel headers. * modules/pam_limits/pam_limits.c [!PR_SET_NO_NEW_PRIVS] (PR_SET_NO_NEW_PRIVS): New macro. Resolves: https://github.com/linux-pam/linux-pam/issues/406 Fixes: dd9cf929 ("modules/pam_limits: add support for nonewprivs")
* Use vendor specific limits.conf as fallback (#402)Thorsten Kukuk2021-11-032-3/+22
| | | * Use vendor specific limits.conf as fallback
* Fix a typo found using codespell toolDmitry V. Levin2021-09-032-4/+4
| | | | | | | * modules/pam_pwhistory/pam_pwhistory.c: Replace "crypted password" with "hashed password" in comment. * modules/pam_unix/passverify.c (create_password_hash): Rename "crypted" local variable to "hashed".
* pam_unix: workaround the problem caused by libnss_systemdDmitry V. Levin2021-08-191-2/+1
| | | | | | | | | | | | | | | | | | | The getspnam(3) manual page says that errno shall be set to EACCES when the caller does not have permission to access the shadow password file. Unfortunately, this contract is broken when libnss_systemd is used in the nss stack. Workaround this problem by falling back to the helper invocation when pam_modutil_getspnam returns NULL regardless of errno. As pam_unix already behaves this way when selinux is enabled, it should be OK for the case when selinux is not enabled, too. * modules/pam_unix/passverify.c (get_account_info): When pam_modutil_getspnam returns NULL, unconditionally fall back to the helper invocation. Complements: f220cace2053 ("Permit unix_chkpwd & pam_unix.so to run without being setuid-root") Resolves: https://github.com/linux-pam/linux-pam/issues/379
* pam_faillock: remove confusing commentDmitry V. Levin2021-07-201-1/+0
| | | | | * modules/pam_faillock/pam_faillock.c (faillock_message): Remove the comment that meant to help translators but actually confused xgettext.
* pam_filter: Close file after controlling ttyIker Pedrosa2021-07-091-1/+1
| | | | | | | | | | | | | | | | | | | | Failing to check the descriptor value meant that there was a bug in the attempt to close the controlling tty. Moreover, this would lead to a file descriptor leak as pointed out by the static analyzer tool: Error: RESOURCE_LEAK (CWE-772): [#def26] Linux-PAM-1.5.1/modules/pam_filter/pam_filter.c:356: open_fn: Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.] Linux-PAM-1.5.1/modules/pam_filter/pam_filter.c:356: var_assign: Assigning: "t" = handle returned from "open("/dev/tty", 2)". Linux-PAM-1.5.1/modules/pam_filter/pam_filter.c:357: off_by_one: Testing whether handle "t" is strictly greater than zero is suspicious. "t" leaks when it is zero. Linux-PAM-1.5.1/modules/pam_filter/pam_filter.c:357: remediation: Did you intend to include equality with zero? Linux-PAM-1.5.1/modules/pam_filter/pam_filter.c:367: leaked_handle: Handle variable "t" going out of scope leaks the handle. 365| pam_syslog(pamh, LOG_ERR, 366| "child cannot become new session: %m"); 367|-> return PAM_ABORT; 368| } 369| Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
* Permit unix_chkpwd & pam_unix.so to run without being setuid-root.Andrew G. Morgan2021-06-291-4/+8
| | | | | | | | | | | | | | | | | | | | | Remove the hard-coding of the idea that the only way pam_unix.so can read the shadow file is if it can, in some way, run setuid-root. Linux capabilities only require cap_dac_override to read the /etc/shadow file. This change achieves two things: it opens a path for a linux-pam application to run without being setuid-root; further, it allows unix_chkpwd to run non-setuid-root if it is installed: sudo setcap cap_dac_override=ep unix_chkpwd If we wanted to link against libcap, we could install this binary with cap_dac_override=p, and use cap_set_proc() to raise the effective bit at runtime. However, some distributions already link unix_chkpwd against libcap-ng for some, likely spurious, reason so "ep" is fine for now. Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
* Remove support for legacy xcryptBjörn Esser2021-06-144-28/+8
| | | | | | | | | | | | | | | | Since many distributions are shipping a version of libxcrypt >= 4.0.0 as a replacement for glibc's libcrypt now, older versions of xcrypt, which could be installed in parallel, are not relevant anymore. * configure.ac (AC_CHECK_HEADERS): Remove xcrypt.h. (AC_SEARCH_LIBS): Remove xcrypt. (AC_CHECK_FUNCS): Remove crypt_gensalt_r. (AC_DEFINE): Remove HAVE_LIBXCRYPT. * modules/pam_pwhistory/opasswd.c [HAVE_LIBXCRYPT]: Remove. * modules/pam_unix/bigcrypt.c [HAVE_LIBXCRYPT]: Likewise. * modules/pam_userdb/pam_userdb.c [HAVE_LIBXCRYPT]: Likewise. * modules/pam_unix/passverify.c [HAVE_LIBXCRYPT]: Likewise. (create_password_hash) [HAVE_LIBXCRYPT]: Likewise.
* pam_timestamp: replace hmac implementationIker Pedrosa2021-06-145-11/+500
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | sha1 is no longer recommended as a cryptographic algorithm for authentication. Thus, the idea of this change is to replace the implementation provided by hmacsha1 included in pam_timestamp module by the one in the openssl library. This way, there's no need to maintain the cryptographic algorithm implementation and it can be easily changed with a single configuration change. modules/pam_timestamp/hmac_openssl_wrapper.c: implement wrapper functions around openssl's hmac implementation. Moreover, manage the key generation and its read and write in a file. Include an option to configure the cryptographic algorithm in login.defs file. modules/pam_timestamp/hmac_openssl_wrapper.h: likewise. modules/pam_timestamp/pam_timestamp.c: replace calls to functions provided by hmacsha1 by functions provided by openssl's wrapper. configure.ac: include openssl dependecy if it is enabled. modules/pam_timestamp/Makefile.am: include new files and openssl library to compilation. ci/install-dependencies.sh: include openssl library to dependencies. NEWS: add new item to next release. Make.xml.rules.in: add stringparam profiling for hmac doc/custom-man.xsl: change import docbook to one with profiling modules/pam_timestamp/pam_timestamp.8.xml: add conditional paragraph to indicate the value in /etc/login.defs that holds the value for the encryption algorithm Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1947294
* pam_unix: do not use crypt_checksalt when checking for password expirationDmitry V. Levin2021-06-101-6/+0
| | | | | | | | | | | | | | According to Zack Weinberg, the intended meaning of CRYPT_SALT_METHOD_LEGACY is "passwd(1) should not use this hashing method", it is not supposed to mean "force a password change on next login for any user with an existing stored hash using this method". This reverts commit 4da9febc39b955892a30686e8396785b96bb8ba5. * modules/pam_unix/passverify.c (check_shadow_expiry) [CRYPT_CHECKSALT_AVAILABLE]: Remove. Closes: https://github.com/linux-pam/linux-pam/issues/367
* pam_exec: implement quiet_log optionPatrick Schleizer2021-06-102-0/+22
| | | | | | | * modules/pam_exec/pam_exec.c (call_exec): Implement quiet_log option. * modules/pam_exec/pam_exec.8.xml: Document it. Resolves: https://github.com/linux-pam/linux-pam/issues/334
* pam_limits: "Unlimited" is not a valid value for RLIMIT_NOFILE.Josef Moellers2021-04-222-0/+51
| | | | | | | | Replace it with a value obtained from /proc/sys/fs/nr_open * modules/pam_limits/limits.conf.5.xml: Document the replacement. * modules/pam_limits/pam_limits.c: Replace unlimited RLIMIT_NOFILE value with a value obtained from /proc/sys/fs/nr_open
* pam_userdb: Prevent garbage characters from dbStanislav Zidek2021-04-212-23/+36
| | | | Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1791965
* pam_access: clean up the remote host matching codeTomas Mraz2021-04-121-16/+28
| | | | | | * modules/pam_access/pam_access.c (from_match): Split out remote_match() function and avoid calling it when matching against LOCAL keyword. There is also no point in doing domain match against TTY or SERVICE.
* pam_faillock: convert spaces to tab to keep code stylechuanqin2021-03-251-3/+2
| | | | convert spaces to tab which mixture use in modules/pam_faillock/main.c
* pam_env: fix example in pam_env.conf.5 for setting variabletheslimshaney2021-03-081-1/+1
|
* pam_mkhomedir: use HOME_MODE or UMASK from /etc/login.defsdshein-alt2021-03-054-9/+87
| | | | | | Follow the example of useradd(8) and set the user home directory mode to the value of HOME_MODE or UMASK configuration item from /etc/login.defs when umask option is not specified.
* configure.ac: add --with-systemdunitdir optionChangqing Li2021-01-271-1/+1
| | | | | | | | | | | | | * Add this option to support the following scenario: prefix = '/usr' servicedir = '/lib/systemd/system' * The default behavior is changed: If this option is not given, servicedir will be set to the value that is obtained from systemd pkg-config file. If the value cannot be obtained, servicedir will be set to the default value '$(prefix)/lib/systemd/system'. Signed-off-by: Changqing Li <changqing.li@windriver.com>
* faillock: create tallydir before creating tallyfileChangqing Li2021-01-271-0/+3
| | | | | | | | | | | | | The default tallydir is "/var/run/faillock", and this default tallydir may not exist. Function open may fail as tallydir does not exist when creating the tallyfile. Therefore, faillock will not work well. Fix this problem by creating tallydir before creating tallyfile when the tallydir does not exist. Signed-off-by: Changqing Li <changqing.li@windriver.com>
* pam_securetty: don't complain about missing configLudwig Nussel2021-01-271-2/+4
| | | | | | | Not shipping a config file should be perfectly valid for distros while still having eg login pre-configured to honor securetty when present. PAM itself doesn't ship any template either. So avoid spamming the log file if /etc/securetty wasn't found.
* faillock: Use pluralization via dngettext or fallbackKolja2021-01-251-1/+16
|
* pam_umask: fix handling of umask parameterDmitry V. Levin2020-12-281-7/+11
| | | | | | | | | | | | | Potential failures of strdup(3) were ignored, fix this by not using strdup(3) at all. * modules/pam_umask/pam_umask.c (struct options_t): Add const to umask field, add login_umask field. (parse_option): Do not use strdup. (get_options): Assign pam_modutil_search_key return values to options->login_umask. (pam_sm_open_session): Free options.login_umask instead of options.umask.
* pam_setquota: Minor whitespace, spelling and mail address fixesSven Hartge2020-12-281-4/+4
|
* pam_mkhomedir: fix umask wording in documentationDmitry V. Levin2020-12-231-1/+1
| | | | * modules/pam_mkhomedir/pam_mkhomedir.8.xml (umask): Fix wording.
* pam_namespace: check for string_to_security_class failureChristian Göttsche2020-12-081-0/+6
| | | | | | | | | | Check for the unlikely case string_to_security_class() does not find the associated SELinux security class. This will only happen if the loaded SELinux policy does not define the class "dir" (which no sane policy does) or querying the selinuxfs fails. Suggested by #309
* pam_selinux: check for string_to_security_class failureChristian Göttsche2020-12-081-1/+12
| | | | | | | | | | Check for the unlikely case string_to_security_class() does not find the associated SELinux security class. This will only happen if the loaded SELinux policy does not define the class "chr_file" (which no sane policy does) or querying the selinuxfs fails. Suggested by #309
* pam_unix: fix memory leak on error pathThomas M. DuBuisson2020-11-241-0/+6
| | | | | * modules/pam_unix/bigcrypt.c (bigcrypt) [HAVE_CRYPT_R]: Do not leak cdata if crypt_r() fails.
* Fix various typos found using codespell toolDmitry V. Levin2020-11-244-6/+6
| | | | | | | | | | * modules/pam_limits/limits.conf: Replace "overriden" with "overridden". * modules/pam_mkhomedir/mkhomedir_helper.c (create_homedir): Replace "preseves" with "preserves". * modules/pam_setquota/pam_setquota.8.xml: Replace "specifed" with "specified". * modules/pam_setquota/pam_setquota.c (pam_sm_open_session): Replace "fileystem" with "filesystem", "conditons" with "conditions".
* Fix grammar: replace "an user" with "a user" everywhereDmitry V. Levin2020-11-246-6/+6
| | | | | | | | | | * NEWS: Replace "an user" with "a user". * modules/pam_faillock/pam_faillock.8.xml: Likewise. * modules/pam_lastlog/pam_lastlog.8.xml: Likewise. * modules/pam_limits/pam_limits.c: Likewise. * modules/pam_sepermit/sepermit.conf: Likewise. * modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise. * modules/pam_userdb/pam_userdb.c: Likewise.
* pam_wheel: Use pam_modutil_user_in_group_uid_gid instead of reimplementationTomas Mraz2020-11-241-13/+2
| | | | | | | | | | | The pam_modutil_user_in_group... functions use getgrouplist to check the membership so they work also in setups with remote services which do not provide group members in struct group. Fixes #297 * modules/pam_wheel/pam_wheel.c (perform_check): Call pam_modutil_user_in_group_uid_gid to do the group check.
* Second blank check with root for non-existent users must never return 1Tomas Mraz2020-11-201-26/+13
| | | | | | | | | | | | | | | The commit af0faf66 ("pam_unix: avoid determining if user exists") introduced a regression where the blank check could return 1 if root had an empty password hash because in the second case the password hash of root was used. We now always return 0 in this case. The issue was found by Johannes Löthberg. Fixes #284 * modules/pam_unix/support.c (_unix_blankpasswd): Make the loop to cover the complete blank check so both existing and non existing cases are identical except for the possible return value.
* faillock: Add a nodelay optionTavian Barnes2020-11-122-1/+17
| | | | Fixes #295
* pam_env: deprecation notice of reading the user environmentTomas Mraz2020-11-052-0/+8
| | | | | | * modules/pam_env/pam_env.8.xml: Add the notice to the manual. * modules/pam_env/pam_env.c (_pam_parse): Log deprecation warning if user_readenv is set.
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-09 16:24:48 +0000