From da3bc2fc01c2443486ac1d241c4a09eaa71083c6 Mon Sep 17 00:00:00 2001 From: Tobias Stoeckmann Date: Sat, 11 Nov 2023 12:11:50 +0100 Subject: treewide: do not cast calloc/malloc/realloc It is not required to cast the results of calloc, malloc, realloc, etc. Signed-off-by: Tobias Stoeckmann --- libpam_misc/misc_conv.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'libpam_misc/misc_conv.c') diff --git a/libpam_misc/misc_conv.c b/libpam_misc/misc_conv.c index dbcd6aec..6c23fcb8 100644 --- a/libpam_misc/misc_conv.c +++ b/libpam_misc/misc_conv.c @@ -285,8 +285,7 @@ int misc_conv(int num_msg, const struct pam_message **msgm, D(("allocating empty response structure array.")); - reply = (struct pam_response *) calloc(num_msg, - sizeof(struct pam_response)); + reply = calloc(num_msg, sizeof(struct pam_response)); if (reply == NULL) { D(("no memory for responses")); return PAM_CONV_ERR; -- cgit v1.2.3 From ebf711d1504258a21753738f99464701b9c719ac Mon Sep 17 00:00:00 2001 From: Tobias Stoeckmann Date: Tue, 5 Dec 2023 22:45:56 +0100 Subject: libpam_misc: use sig_atomic_t instead of int Technically it's identical on pretty much all available systems, but let's follow C specifications. Signed-off-by: Tobias Stoeckmann --- libpam_misc/misc_conv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'libpam_misc/misc_conv.c') diff --git a/libpam_misc/misc_conv.c b/libpam_misc/misc_conv.c index 6c23fcb8..0f213bce 100644 --- a/libpam_misc/misc_conv.c +++ b/libpam_misc/misc_conv.c @@ -56,7 +56,7 @@ void (*pam_binary_handler_free)(void *appdata, pamc_bp_t *prompt_p) /* the following code is used to get text input */ -static volatile int expired=0; +static volatile sig_atomic_t expired=0; /* return to the previous signal handling */ static void reset_alarm(struct sigaction *o_ptr) -- cgit v1.2.3 From 0fb2978d0e139dc57878d5c82d6eae79273e2031 Mon Sep 17 00:00:00 2001 From: Tobias Stoeckmann Date: Wed, 6 Dec 2023 22:48:34 +0100 Subject: treewide: fix typos in comments and documentation Signed-off-by: Tobias Stoeckmann --- doc/man/pam.3.xml | 4 ++-- doc/man/pam_open_session.3.xml | 2 +- libpam/pam_delay.c | 2 +- libpam/pam_dispatch.c | 2 +- libpam/pam_password.c | 2 +- libpam/pam_private.h | 2 +- libpam_misc/misc_conv.c | 4 ++-- modules/pam_env/pam_env.8.xml | 2 +- modules/pam_limits/pam_limits.c | 2 +- modules/pam_pwhistory/opasswd.c | 2 +- modules/pam_unix/md5_crypt.c | 2 +- modules/pam_unix/pam_unix_auth.c | 2 +- modules/pam_unix/pam_unix_passwd.c | 2 +- modules/pam_unix/support.c | 2 +- 14 files changed, 16 insertions(+), 16 deletions(-) (limited to 'libpam_misc/misc_conv.c') diff --git a/doc/man/pam.3.xml b/doc/man/pam.3.xml index 4b828016..a7d13b45 100644 --- a/doc/man/pam.3.xml +++ b/doc/man/pam.3.xml @@ -150,7 +150,7 @@ pam_get_item3 - functions allows applications and PAM service modules to set and + functions allow applications and PAM service modules to set and retrieve PAM information. @@ -169,7 +169,7 @@ pam_get_data3 - functions allows PAM service modules to set and retrieve free-form + function allows PAM service modules to set and retrieve free-form data from one invocation to another. diff --git a/doc/man/pam_open_session.3.xml b/doc/man/pam_open_session.3.xml index d37b3e59..a05e0abe 100644 --- a/doc/man/pam_open_session.3.xml +++ b/doc/man/pam_open_session.3.xml @@ -40,7 +40,7 @@ It should be noted that the effective uid, geteuid2 - . of the application should be of sufficient + , of the application should be of sufficient privilege to perform such tasks as creating or mounting the user's home directory for example. diff --git a/libpam/pam_delay.c b/libpam/pam_delay.c index b6a962d0..b8fddbb6 100644 --- a/libpam/pam_delay.c +++ b/libpam/pam_delay.c @@ -19,7 +19,7 @@ /* ********************************************************************** * initialize the time as unset, this is set on the return from the - * authenticating pair of of the libpam pam_XXX calls. + * authenticating pair of the libpam pam_XXX calls. */ void _pam_reset_timer(pam_handle_t *pamh) diff --git a/libpam/pam_dispatch.c b/libpam/pam_dispatch.c index 31a28be3..ca78a10f 100644 --- a/libpam/pam_dispatch.c +++ b/libpam/pam_dispatch.c @@ -299,7 +299,7 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h, } continue; -decision_made: /* by getting here we have made a decision */ +decision_made: /* by getting here we have made a decision */ while (h->next != NULL && h->next->stack_level >= stack_level) { h = h->next; ++depth; diff --git a/libpam/pam_password.c b/libpam/pam_password.c index 5bda547b..9783dbe0 100644 --- a/libpam/pam_password.c +++ b/libpam/pam_password.c @@ -22,7 +22,7 @@ int pam_chauthtok(pam_handle_t *pamh, int flags) return PAM_SYSTEM_ERR; } - /* applications are not allowed to set this flags */ + /* applications are not allowed to set these flags */ if (flags & (PAM_PRELIM_CHECK | PAM_UPDATE_AUTHTOK)) { pam_syslog (pamh, LOG_ERR, "PAM_PRELIM_CHECK or PAM_UPDATE_AUTHTOK set by application"); diff --git a/libpam/pam_private.h b/libpam/pam_private.h index da268bdf..8069b61c 100644 --- a/libpam/pam_private.h +++ b/libpam/pam_private.h @@ -255,7 +255,7 @@ const char *_pam_dlerror (void); /* For now we just use a stack and linear search for module data. */ /* If it becomes apparent that there is a lot of data, it should */ -/* changed to either a sorted list or a hash table. */ +/* be changed to either a sorted list or a hash table. */ struct pam_data { char *name; diff --git a/libpam_misc/misc_conv.c b/libpam_misc/misc_conv.c index 0f213bce..7410e929 100644 --- a/libpam_misc/misc_conv.c +++ b/libpam_misc/misc_conv.c @@ -97,7 +97,7 @@ static int get_delay(void) expired = 0; /* reset flag */ (void) time(&now); - /* has the quit time past? */ + /* has the quit time passed? */ if (pam_misc_conv_die_time && now >= pam_misc_conv_die_time) { fprintf(stderr,"%s",pam_misc_conv_die_line); @@ -105,7 +105,7 @@ static int get_delay(void) return -1; /* time is up */ } - /* has the warning time past? */ + /* has the warning time passed? */ if (pam_misc_conv_warn_time && now >= pam_misc_conv_warn_time) { fprintf(stderr, "%s", pam_misc_conv_warn_line); pam_misc_conv_warn_time = 0; /* reset warn_time */ diff --git a/modules/pam_env/pam_env.8.xml b/modules/pam_env/pam_env.8.xml index fb172e17..3af52ea6 100644 --- a/modules/pam_env/pam_env.8.xml +++ b/modules/pam_env/pam_env.8.xml @@ -181,7 +181,7 @@ Indicate an alternative .pam_environment - file to override the default.The syntax is the same as + file to override the default. The syntax is the same as for /etc/security/pam_env.conf. The filename is relative to the user home directory. This can be useful when different services need different diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c index fc541330..53e2e8f2 100644 --- a/modules/pam_limits/pam_limits.c +++ b/modules/pam_limits/pam_limits.c @@ -914,7 +914,7 @@ parse_config_file(pam_handle_t *pamh, const char *uname, uid_t uid, gid_t gid, for(j=0; j < strlen(value); j++) value[j]=tolower((unsigned char)value[j]); - if (strcmp(uname, domain) == 0) /* this user have a limit */ + if (strcmp(uname, domain) == 0) /* this user has a limit */ process_limit(pamh, LIMITS_DEF_USER, ltype, item, value, ctrl, pl); else if (domain[0]=='@') { if (ctrl & PAM_DEBUG_ARG) { diff --git a/modules/pam_pwhistory/opasswd.c b/modules/pam_pwhistory/opasswd.c index 5f577dfd..f1f62aaf 100644 --- a/modules/pam_pwhistory/opasswd.c +++ b/modules/pam_pwhistory/opasswd.c @@ -425,7 +425,7 @@ save_old_pass, const char *user, int howmany, const char *filename, int debug UN /* increase count. */ entry.count++; - /* check that we don't remember to many passwords. */ + /* check that we don't remember too many passwords. */ while (entry.count > howmany && entry.count > 1) { char *p = strpbrk (entry.old_passwords, ","); diff --git a/modules/pam_unix/md5_crypt.c b/modules/pam_unix/md5_crypt.c index ed5ecda4..c3e77c9d 100644 --- a/modules/pam_unix/md5_crypt.c +++ b/modules/pam_unix/md5_crypt.c @@ -38,7 +38,7 @@ char *MD5Name(crypt_md5)(const char *pw, const char *salt) { const char *magic = "$1$"; /* This string is magic for this algorithm. Having - * it this way, we can get get better later on */ + * it this way, we can get better later on */ char *passwd, *p; const char *sp, *ep; unsigned char final[16]; diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c index 976699d4..ffb61547 100644 --- a/modules/pam_unix/pam_unix_auth.c +++ b/modules/pam_unix/pam_unix_auth.c @@ -118,7 +118,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) /* * Various libraries at various times have had bugs related to * '+' or '-' as the first character of a user name. Don't - * allow this characters here. + * allow these characters here. */ if (name[0] == '-' || name[0] == '+') { pam_syslog(pamh, LOG_NOTICE, "bad username [%s]", name); diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index c1d547c7..9dde2aee 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -698,7 +698,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) } else { D(("process run by root so do nothing this time around")); pass_old = NULL; - retval = PAM_SUCCESS; /* root doesn't have too */ + retval = PAM_SUCCESS; /* root doesn't have to */ } if (retval != PAM_SUCCESS) { diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index eb2fff50..9d8cac7d 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -648,7 +648,7 @@ _unix_blankpasswd (pam_handle_t *pamh, unsigned long long ctrl, const char *name /* * This function does not have to be too smart if something goes - * wrong, return FALSE and let this case to be treated somewhere + * wrong, return FALSE and let this case be treated somewhere * else (CG) */ -- cgit v1.2.3 From 8ae228fa76ff9ef1d8d6b2199582d9206f1830c6 Mon Sep 17 00:00:00 2001 From: Stanislav Brabec Date: Mon, 22 Jul 2024 23:18:16 +0200 Subject: libpam_misc: Use ECHOCTL in the terminal input Use the canonical terminal mode (line mode) and set ECHOCTL to prevent cursor escape from the login prompt using arrows or escape sequences. ICANON is the default in most cases anyway. ECHOCTL is default on tty, but for example not on pty, allowing cursor to escape. Stanislav Brabec --- libpam_misc/misc_conv.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'libpam_misc/misc_conv.c') diff --git a/libpam_misc/misc_conv.c b/libpam_misc/misc_conv.c index 7410e929..6b839b48 100644 --- a/libpam_misc/misc_conv.c +++ b/libpam_misc/misc_conv.c @@ -145,9 +145,10 @@ static int read_string(int echo, const char *prompt, char **retstr) return -1; } memcpy(&term_tmp, &term_before, sizeof(term_tmp)); - if (!echo) { + if (echo) + term_tmp.c_lflag |= ICANON | ECHOCTL; + else term_tmp.c_lflag &= ~(ECHO); - } have_term = 1; /* -- cgit v1.2.3 From 4d1d4f699551f395be065e60513eaf85f01b84e6 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Wed, 21 Aug 2024 08:00:00 +0000 Subject: Include pam_i18n.h where i18n definitions are required Do not include and other i18n stuff via config.h which is included into every compilation unit, include "pam_i18n.h" explicitly where necessary. * configure.ac (AH_BOTTOM): Remove. * libpam/pam_get_authtok.c: Include "pam_i18n.h". * libpam/pam_item.c: Likewise. * libpam/pam_strerror.c: Likewise. * libpam_misc/misc_conv.c: Likewise. * modules/pam_exec/pam_exec.c: Likewise. * modules/pam_faillock/main.c: Likewise. * modules/pam_faillock/pam_faillock.c: Likewise. * modules/pam_lastlog/pam_lastlog.c: Likewise. * modules/pam_limits/pam_limits.c: Likewise. * modules/pam_mail/pam_mail.c: Likewise. * modules/pam_mkhomedir/pam_mkhomedir.c: Likewise. * modules/pam_pwhistory/pam_pwhistory.c: Likewise. * modules/pam_selinux/pam_selinux.c: Likewise. * modules/pam_selinux/pam_selinux_check.c: Likewise. * modules/pam_timestamp/pam_timestamp.c: Likewise. * modules/pam_unix/pam_unix_acct.c: Likewise. * modules/pam_unix/pam_unix_passwd.c: Likewise. * modules/pam_userdb/pam_userdb.c: Likewise. --- configure.ac | 9 --------- libpam/pam_get_authtok.c | 1 + libpam/pam_item.c | 1 + libpam/pam_start.c | 1 + libpam/pam_strerror.c | 1 + libpam_misc/misc_conv.c | 2 ++ modules/pam_exec/pam_exec.c | 1 + modules/pam_faillock/main.c | 1 + modules/pam_faillock/pam_faillock.c | 1 + modules/pam_lastlog/pam_lastlog.c | 1 + modules/pam_limits/pam_limits.c | 1 + modules/pam_mail/pam_mail.c | 1 + modules/pam_mkhomedir/pam_mkhomedir.c | 1 + modules/pam_pwhistory/pam_pwhistory.c | 1 + modules/pam_selinux/pam_selinux.c | 1 + modules/pam_selinux/pam_selinux_check.c | 2 ++ modules/pam_timestamp/pam_timestamp.c | 1 + modules/pam_unix/pam_unix_acct.c | 1 + modules/pam_unix/pam_unix_passwd.c | 1 + modules/pam_userdb/pam_userdb.c | 1 + 20 files changed, 21 insertions(+), 9 deletions(-) (limited to 'libpam_misc/misc_conv.c') diff --git a/configure.ac b/configure.ac index 0c5fd4cd..0bbf50ed 100644 --- a/configure.ac +++ b/configure.ac @@ -706,15 +706,6 @@ AM_GNU_GETTEXT([external]) AC_CHECK_FUNCS(bindtextdomain) AC_CHECK_FUNCS(dngettext) -AH_BOTTOM([#ifdef ENABLE_NLS -#include -#define _(msgid) dgettext(PACKAGE, msgid) -#define N_(msgid) msgid -#else -#define _(msgid) (msgid) -#define N_(msgid) msgid -#endif /* ENABLE_NLS */]) - dnl dnl Check for the availability of the kernel key management facility dnl - The pam_keyinit module only requires the syscalls, not the error codes diff --git a/libpam/pam_get_authtok.c b/libpam/pam_get_authtok.c index 7a38698a..c8973275 100644 --- a/libpam/pam_get_authtok.c +++ b/libpam/pam_get_authtok.c @@ -33,6 +33,7 @@ #include "pam_private.h" #include "pam_inline.h" +#include "pam_i18n.h" #include diff --git a/libpam/pam_item.c b/libpam/pam_item.c index c3a5a3bd..2e43d767 100644 --- a/libpam/pam_item.c +++ b/libpam/pam_item.c @@ -6,6 +6,7 @@ #include "pam_private.h" #include "pam_inline.h" +#include "pam_i18n.h" #include #include diff --git a/libpam/pam_start.c b/libpam/pam_start.c index ef9fdb02..97bc35b1 100644 --- a/libpam/pam_start.c +++ b/libpam/pam_start.c @@ -8,6 +8,7 @@ */ #include "pam_private.h" +#include "pam_i18n.h" #include #include diff --git a/libpam/pam_strerror.c b/libpam/pam_strerror.c index 17c81945..37f1e3b2 100644 --- a/libpam/pam_strerror.c +++ b/libpam/pam_strerror.c @@ -32,6 +32,7 @@ */ #include "pam_private.h" +#include "pam_i18n.h" const char *pam_strerror(pam_handle_t *pamh UNUSED, int errnum) { diff --git a/libpam_misc/misc_conv.c b/libpam_misc/misc_conv.c index 6b839b48..fa3848e3 100644 --- a/libpam_misc/misc_conv.c +++ b/libpam_misc/misc_conv.c @@ -17,7 +17,9 @@ #include #include + #include "pam_inline.h" +#include "pam_i18n.h" #define INPUTSIZE PAM_MISC_CONV_BUFSIZE /* maximum length of input+1 */ #define CONV_ECHO_ON 1 /* types of echo state */ diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c index 5468e179..c3ecb248 100644 --- a/modules/pam_exec/pam_exec.c +++ b/modules/pam_exec/pam_exec.c @@ -55,6 +55,7 @@ #include #include #include "pam_inline.h" +#include "pam_i18n.h" #define ENV_ITEM(n) { (n), #n } static struct { diff --git a/modules/pam_faillock/main.c b/modules/pam_faillock/main.c index 57989ba6..c6dd19cb 100644 --- a/modules/pam_faillock/main.c +++ b/modules/pam_faillock/main.c @@ -52,6 +52,7 @@ #endif #include "pam_inline.h" +#include "pam_i18n.h" #include "faillock.h" #include "faillock_config.h" diff --git a/modules/pam_faillock/pam_faillock.c b/modules/pam_faillock/pam_faillock.c index 038a95ea..93850380 100644 --- a/modules/pam_faillock/pam_faillock.c +++ b/modules/pam_faillock/pam_faillock.c @@ -54,6 +54,7 @@ #include #include "pam_inline.h" +#include "pam_i18n.h" #include "faillock.h" #include "faillock_config.h" diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c index 2daedb7c..ded76763 100644 --- a/modules/pam_lastlog/pam_lastlog.c +++ b/modules/pam_lastlog/pam_lastlog.c @@ -66,6 +66,7 @@ struct lastlog { #include #include #include "pam_inline.h" +#include "pam_i18n.h" /* argument parsing */ diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c index 51276265..1197e25c 100644 --- a/modules/pam_limits/pam_limits.c +++ b/modules/pam_limits/pam_limits.c @@ -114,6 +114,7 @@ struct pam_limit_s { #include #include #include "pam_inline.h" +#include "pam_i18n.h" /* argument parsing */ diff --git a/modules/pam_mail/pam_mail.c b/modules/pam_mail/pam_mail.c index 2b77e560..3202ce0c 100644 --- a/modules/pam_mail/pam_mail.c +++ b/modules/pam_mail/pam_mail.c @@ -35,6 +35,7 @@ #include #include #include "pam_inline.h" +#include "pam_i18n.h" /* argument parsing */ diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c index 72fa7840..71d02b6d 100644 --- a/modules/pam_mkhomedir/pam_mkhomedir.c +++ b/modules/pam_mkhomedir/pam_mkhomedir.c @@ -51,6 +51,7 @@ #include "pam_cc_compat.h" #include "pam_inline.h" +#include "pam_i18n.h" /* argument parsing */ #define MKHOMEDIR_DEBUG 020 /* be verbose about things */ diff --git a/modules/pam_pwhistory/pam_pwhistory.c b/modules/pam_pwhistory/pam_pwhistory.c index 7ff74bdf..e43bd9b2 100644 --- a/modules/pam_pwhistory/pam_pwhistory.c +++ b/modules/pam_pwhistory/pam_pwhistory.c @@ -63,6 +63,7 @@ #include "opasswd.h" #include "pam_inline.h" +#include "pam_i18n.h" #include "pwhistory_config.h" diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c index b0123c8f..a9276123 100644 --- a/modules/pam_selinux/pam_selinux.c +++ b/modules/pam_selinux/pam_selinux.c @@ -57,6 +57,7 @@ #include #include #include "pam_inline.h" +#include "pam_i18n.h" #include #include diff --git a/modules/pam_selinux/pam_selinux_check.c b/modules/pam_selinux/pam_selinux_check.c index 30526d37..753aa88f 100644 --- a/modules/pam_selinux/pam_selinux_check.c +++ b/modules/pam_selinux/pam_selinux_check.c @@ -55,6 +55,8 @@ #include /* for PAM functions */ #include /* for misc_conv PAM utility function */ +#include "pam_i18n.h" + #define SERVICE_NAME "pam_selinux_check" /* the name of this program for PAM */ /* The file containing the context to run * the scripts under. */ diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c index edecc052..51fcd592 100644 --- a/modules/pam_timestamp/pam_timestamp.c +++ b/modules/pam_timestamp/pam_timestamp.c @@ -72,6 +72,7 @@ #include #include #include "pam_inline.h" +#include "pam_i18n.h" /* The default timeout we use is 5 minutes, which matches the sudo default * for the timestamp_timeout parameter. */ diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index 7ffcb9e3..befd3c99 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -57,6 +57,7 @@ #include #include +#include "pam_i18n.h" #include "pam_cc_compat.h" #include "support.h" #include "passverify.h" diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index c3c6ea7a..4a3784a5 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -67,6 +67,7 @@ #include #include "pam_inline.h" +#include "pam_i18n.h" #include "pam_cc_compat.h" #include "md5.h" #include "support.h" diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c index 3bcb4c87..40ede6de 100644 --- a/modules/pam_userdb/pam_userdb.c +++ b/modules/pam_userdb/pam_userdb.c @@ -41,6 +41,7 @@ #include #include #include "pam_inline.h" +#include "pam_i18n.h" #ifndef HAVE_GDBM_H # define COND_UNUSED UNUSED -- cgit v1.2.3