From 0fb1f5b701432b6d9f40754b69f2fe0dc6f75103 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Tue, 19 Jun 2018 00:00:00 +0000 Subject: Fix grammar of messages printed via pam_prompt Turn into proper sentences those messages that are printed without further modifications using pam_prompt in contexts where proper sentences are expected. * libpam/pam_get_authtok.c (pam_get_authtok_internal): Fix grammar of the message passed to pam_error. * modules/pam_limits/pam_limits.c (pam_sm_open_session): Likewise. * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Fix grammar of error messages passed to pam_error. * modules/pam_mail/pam_mail.c (report_mail): Fix grammar of a message passed to pam_info. * modules/pam_timestamp/pam_timestamp.c (verbose_success): Likewise. * modules/pam_selinux/pam_selinux.c (config_context, send_text): Fix grammar of messages passed to pam_prompt. * modules/pam_tally/pam_tally.c (tally_check): Fix grammar of messages passed to pam_info. * modules/pam_tally2/pam_tally2.c (tally_check): Likewise. * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Fix grammar of messages passed to _make_remark. * modules/pam_unix/pam_unix_passwd.c (_pam_unix_approve_pass, pam_sm_chauthtok): Likewise. * po/Linux-PAM.pot: Regenerate. --- modules/pam_selinux/pam_selinux.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'modules/pam_selinux/pam_selinux.c') diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c index 348cdd40..9b3fe22e 100644 --- a/modules/pam_selinux/pam_selinux.c +++ b/modules/pam_selinux/pam_selinux.c @@ -207,7 +207,7 @@ config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_curre char *type=NULL; char resp_val = 0; - pam_prompt (pamh, PAM_TEXT_INFO, NULL, _("Default Security Context %s\n"), defaultcon); + pam_prompt (pamh, PAM_TEXT_INFO, NULL, _("The default security context is %s."), defaultcon); while (1) { if (query_response(pamh, @@ -227,7 +227,8 @@ config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_curre if (query_response(pamh, _("role:"), context_role_get(new_context), &response, debug) == PAM_SUCCESS && response[0]) { if (get_default_type(response, &type)) { - pam_prompt (pamh, PAM_ERROR_MSG, NULL, _("No default type for role %s\n"), response); + pam_prompt(pamh, PAM_ERROR_MSG, NULL, + _("There is no default type for role %s."), response); _pam_drop(response); continue; } else { @@ -292,7 +293,7 @@ config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_curre } else { send_audit_message(pamh, 0, defaultcon, context_str(new_context)); - send_text(pamh,_("Not a valid security context"),debug); + send_text(pamh,_("This is not a valid security context."),debug); } context_free(new_context); /* next time around allocates another */ } @@ -541,7 +542,7 @@ compute_exec_context(pam_handle_t *pamh, module_data_t *data, if (!data->exec_context) { pam_syslog(pamh, LOG_ERR, "Unable to get valid context for %s", username); pam_prompt(pamh, PAM_ERROR_MSG, NULL, - _("Unable to get valid context for %s"), username); + _("A valid context for %s could not be obtained."), username); } if (getexeccon(&data->prev_exec_context) < 0) @@ -660,7 +661,7 @@ set_context(pam_handle_t *pamh, const module_data_t *data, char msg[PATH_MAX]; snprintf(msg, sizeof(msg), - _("Security Context %s Assigned"), data->exec_context); + _("Security context %s has been assigned."), data->exec_context); send_text(pamh, msg, debug); } #ifdef HAVE_SETKEYCREATECON @@ -676,7 +677,7 @@ set_context(pam_handle_t *pamh, const module_data_t *data, char msg[PATH_MAX]; snprintf(msg, sizeof(msg), - _("Key Creation Context %s Assigned"), data->exec_context); + _("Key creation context %s has been assigned."), data->exec_context); send_text(pamh, msg, debug); } #endif -- cgit v1.2.3 From 03f46bbe3f22d800a1516f4c535a1bfb573068de Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Mon, 16 Dec 2019 10:38:52 +0100 Subject: Fix or suppress various warnings when compiling with -Wall -Wextra * conf/pam_conv1/Makefile.am: Add -Wno-unused-function -Wno-sign-compare to CFLAGS. * doc/specs/Makefile.am: Likewise. * libpamc/include/security/pam_client.h: Explicitly compare old_p with NULL. * modules/pam_access/pam_access.c: Avoid double const. * modules/pam_filter/pam_filter.c: Avoid arbitrary constants. Avoid strncpy() without copying the NUL byte. * modules/pam_group/pam_group.c: Mark switch fallthrough with comment. * modules/pam_time/pam_time.c: Likewise. * modules/pam_limits/pam_limits.c: Remove unused units variable. * modules/pam_listfile/pam_listfile.c: Avoid unnecessary strncpy, use pointers. * modules/pam_rootok/pam_rootok.c (log_callback): Mark unused parameter. * modules/pam_selinux/pam_selinux.c: Use string_to_security_class() instead of hardcoded value. * modules/pam_sepermit/pam_sepermit.c: Properly cast when comparing. * modules/pam_succeed_if/pam_succeed_if.c: Mark unused parameters. * modules/pam_unix/pam_unix_passwd.c: Remove unused variables and properly cast for comparison. * modules/pam_unix/support.c: Remove unused function. --- conf/pam_conv1/Makefile.am | 2 ++ doc/specs/Makefile.am | 2 ++ libpamc/include/security/pam_client.h | 2 +- modules/pam_access/pam_access.c | 2 +- modules/pam_filter/pam_filter.c | 16 ++++++++-------- modules/pam_group/pam_group.c | 1 + modules/pam_limits/pam_limits.c | 7 ++----- modules/pam_listfile/pam_listfile.c | 9 ++++----- modules/pam_rootok/pam_rootok.c | 2 +- modules/pam_selinux/pam_selinux.c | 4 +--- modules/pam_sepermit/pam_sepermit.c | 2 +- modules/pam_succeed_if/pam_succeed_if.c | 11 +++++++++-- modules/pam_time/pam_time.c | 1 + modules/pam_unix/pam_unix_passwd.c | 10 +++++----- modules/pam_unix/support.c | 5 ----- 15 files changed, 39 insertions(+), 37 deletions(-) (limited to 'modules/pam_selinux/pam_selinux.c') diff --git a/conf/pam_conv1/Makefile.am b/conf/pam_conv1/Makefile.am index ce50b686..2e643306 100644 --- a/conf/pam_conv1/Makefile.am +++ b/conf/pam_conv1/Makefile.am @@ -8,6 +8,8 @@ EXTRA_DIST = README AM_YFLAGS = -d +pam_conv1_CFLAGS = -Wno-unused-function -Wno-sign-compare + BUILT_SOURCES = pam_conv_y.h noinst_PROGRAMS = pam_conv1 diff --git a/doc/specs/Makefile.am b/doc/specs/Makefile.am index 99ecc70e..de20decd 100644 --- a/doc/specs/Makefile.am +++ b/doc/specs/Makefile.am @@ -16,6 +16,8 @@ CPPFLAGS = @BUILD_CPPFLAGS@ CFLAGS = @BUILD_CFLAGS@ LDFLAGS = @BUILD_LDFLAGS@ +padout_CFLAGS = -Wno-unused-function -Wno-sign-compare + BUILT_SOURCES = parse_y.h noinst_PROGRAMS = padout diff --git a/libpamc/include/security/pam_client.h b/libpamc/include/security/pam_client.h index 47e41aaf..86672a2e 100644 --- a/libpamc/include/security/pam_client.h +++ b/libpamc/include/security/pam_client.h @@ -109,7 +109,7 @@ char **pamc_list_agents(pamc_handle_t pch); #define PAM_BP_RENEW(old_p, cntrl, data_length) \ do { \ - if (old_p) { \ + if ((old_p) != NULL) { \ if (*(old_p)) { \ u_int32_t __size; \ __size = PAM_BP_SIZE(*(old_p)); \ diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c index 80d885dd..128da01d 100644 --- a/modules/pam_access/pam_access.c +++ b/modules/pam_access/pam_access.c @@ -806,7 +806,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, const char *user=NULL; const void *void_from=NULL; const char *from; - const char const *default_config = PAM_ACCESS_CONFIG; + const char *default_config = PAM_ACCESS_CONFIG; struct passwd *user_pw; char hostname[MAXHOSTNAMELEN + 1]; int rv; diff --git a/modules/pam_filter/pam_filter.c b/modules/pam_filter/pam_filter.c index 8ab7981a..de8c35ad 100644 --- a/modules/pam_filter/pam_filter.c +++ b/modules/pam_filter/pam_filter.c @@ -120,8 +120,8 @@ static int process_args(pam_handle_t *pamh /* the "ARGS" variable */ -#define ARGS_OFFSET 5 /* strlen('ARGS='); */ #define ARGS_NAME "ARGS=" +#define ARGS_OFFSET (sizeof(ARGS_NAME) - 1) size += ARGS_OFFSET; @@ -134,7 +134,7 @@ static int process_args(pam_handle_t *pamh return -1; } - strncpy(levp[0],ARGS_NAME,ARGS_OFFSET); + strcpy(levp[0], ARGS_NAME); for (i=0,size=ARGS_OFFSET; i terminate */ /* the "USER" variable */ -#define USER_OFFSET 5 /* strlen('USER='); */ #define USER_NAME "USER=" +#define USER_OFFSET (sizeof(USER_NAME) - 1) if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user == NULL) { @@ -194,14 +194,14 @@ static int process_args(pam_handle_t *pamh return -1; } - strncpy(levp[2],USER_NAME,USER_OFFSET); + strcpy(levp[2], USER_NAME); strcpy(levp[2]+USER_OFFSET, user); levp[2][size] = '\0'; /* terminate */ /* the "USER" variable */ -#define TYPE_OFFSET 5 /* strlen('TYPE='); */ #define TYPE_NAME "TYPE=" +#define TYPE_OFFSET (sizeof(TYPE_NAME) - 1) size = TYPE_OFFSET+strlen(type); @@ -217,7 +217,7 @@ static int process_args(pam_handle_t *pamh return -1; } - strncpy(levp[3],TYPE_NAME,TYPE_OFFSET); + strcpy(levp[3], TYPE_NAME); strcpy(levp[3]+TYPE_OFFSET, type); levp[3][size] = '\0'; /* terminate */ diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c index 8cd178c0..66252c78 100644 --- a/modules/pam_group/pam_group.c +++ b/modules/pam_group/pam_group.c @@ -183,6 +183,7 @@ read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state) ++src; /* skip it */ break; } + /* fallthrough */ default: *to++ = c; onspace = 0; diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c index cac36999..02967f36 100644 --- a/modules/pam_limits/pam_limits.c +++ b/modules/pam_limits/pam_limits.c @@ -384,7 +384,7 @@ static void parse_kernel_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int FILE *limitsfile; const char *proclimits = "/proc/1/limits"; char line[256]; - char *units, *hard, *soft, *name; + char *hard, *soft, *name; if (!(limitsfile = fopen(proclimits, "r"))) { pam_syslog(pamh, LOG_WARNING, "Could not read %s (%s), using PAM defaults", proclimits, strerror(errno)); @@ -410,10 +410,7 @@ static void parse_kernel_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int if (pos == maxlen) { /* step backwards over "Units" name */ LIMITS_SKIP_WHITESPACE; - LIMITS_MARK_ITEM(units); - } - else { - units = ""; + LIMITS_MARK_ITEM(hard); /* not a typo, units unused */ } /* step backwards over "Hard Limit" value */ diff --git a/modules/pam_listfile/pam_listfile.c b/modules/pam_listfile/pam_listfile.c index 5723598e..1fe5f495 100644 --- a/modules/pam_listfile/pam_listfile.c +++ b/modules/pam_listfile/pam_listfile.c @@ -65,14 +65,14 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, char mybuf[256],myval[256]; struct stat fileinfo; FILE *inf; - char apply_val[256]; + const char *apply_val; int apply_type; /* Stuff for "extended" items */ struct passwd *userinfo; apply_type=APPLY_TYPE_NULL; - memset(apply_val,0,sizeof(apply_val)); + apply_val=""; for(i=0; i < argc; i++) { { @@ -140,13 +140,12 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, citem = 0; } else if(!strcmp(mybuf,"apply")) { apply_type=APPLY_TYPE_NONE; - memset(apply_val,'\0',sizeof(apply_val)); if (myval[0]=='@') { apply_type=APPLY_TYPE_GROUP; - strncpy(apply_val,myval+1,sizeof(apply_val)-1); + apply_val=myval+1; } else { apply_type=APPLY_TYPE_USER; - strncpy(apply_val,myval,sizeof(apply_val)-1); + apply_val=myval; } } else { free(ifname); diff --git a/modules/pam_rootok/pam_rootok.c b/modules/pam_rootok/pam_rootok.c index 17baabe4..80a67f6d 100644 --- a/modules/pam_rootok/pam_rootok.c +++ b/modules/pam_rootok/pam_rootok.c @@ -61,7 +61,7 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv) #ifdef WITH_SELINUX static int -log_callback (int type, const char *fmt, ...) +log_callback (int type UNUSED, const char *fmt, ...) { int audit_fd; va_list ap; diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c index 9b3fe22e..5affec4f 100644 --- a/modules/pam_selinux/pam_selinux.c +++ b/modules/pam_selinux/pam_selinux.c @@ -63,8 +63,6 @@ #include #include -#include -#include #include #include #include @@ -591,7 +589,7 @@ compute_tty_context(const pam_handle_t *pamh, module_data_t *data) } if (security_compute_relabel(data->exec_context, data->prev_tty_context, - SECCLASS_CHR_FILE, &data->tty_context)) { + string_to_security_class("chr_file"), &data->tty_context)) { data->tty_context = NULL; pam_syslog(pamh, LOG_ERR, "Failed to compute new context for %s: %m", data->tty_path); diff --git a/modules/pam_sepermit/pam_sepermit.c b/modules/pam_sepermit/pam_sepermit.c index c6532907..f37af0fb 100644 --- a/modules/pam_sepermit/pam_sepermit.c +++ b/modules/pam_sepermit/pam_sepermit.c @@ -353,7 +353,7 @@ sepermit_match(pam_handle_t *pamh, const char *cfgfile, const char *user, if (*sense == PAM_SUCCESS) { if (ignore) *sense = PAM_IGNORE; - if (geteuid() == 0 && exclusive && get_loginuid(pamh) == -1) + if (geteuid() == 0 && exclusive && get_loginuid(pamh) == (uid_t)-1) if (sepermit_lock(pamh, user, debug) < 0) *sense = PAM_AUTH_ERR; } diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c index afa61b3e..2a791d26 100644 --- a/modules/pam_succeed_if/pam_succeed_if.c +++ b/modules/pam_succeed_if/pam_succeed_if.c @@ -229,9 +229,16 @@ evaluate_notingroup(pam_handle_t *pamh, const char *user, const char *group) return PAM_SUCCESS; return PAM_AUTH_ERR; } + +#ifdef HAVE_INNETGR +# define SOMETIMES_UNUSED UNUSED +#else +# define SOMETIMES_UNUSED +#endif + /* Return PAM_SUCCESS if the (host,user) is in the netgroup. */ static int -evaluate_innetgr(const pam_handle_t* pamh, const char *host, const char *user, const char *group) +evaluate_innetgr(const pam_handle_t* pamh SOMETIMES_UNUSED, const char *host, const char *user, const char *group) { #ifdef HAVE_INNETGR if (innetgr(group, host, user, NULL) == 1) @@ -244,7 +251,7 @@ evaluate_innetgr(const pam_handle_t* pamh, const char *host, const char *user, c } /* Return PAM_SUCCESS if the (host,user) is NOT in the netgroup. */ static int -evaluate_notinnetgr(const pam_handle_t* pamh, const char *host, const char *user, const char *group) +evaluate_notinnetgr(const pam_handle_t* pamh SOMETIMES_UNUSED, const char *host, const char *user, const char *group) { #ifdef HAVE_INNETGR if (innetgr(group, host, user, NULL) == 0) diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c index 26a374b5..4863ea4e 100644 --- a/modules/pam_time/pam_time.c +++ b/modules/pam_time/pam_time.c @@ -213,6 +213,7 @@ read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state) ++src; /* skip it */ break; } + /* fallthrough */ default: *to++ = c; onspace = 0; diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 99a4c40f..93300f46 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -350,7 +350,7 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned long long ctrl, static int check_old_password(const char *forwho, const char *newpass) { static char buf[16384]; - char *s_luser, *s_uid, *s_npas, *s_pas; + char *s_pas; int retval = PAM_SUCCESS; FILE *opwfile; size_t len = strlen(forwho); @@ -364,9 +364,9 @@ static int check_old_password(const char *forwho, const char *newpass) buf[len] == ',')) { char *sptr; buf[strlen(buf) - 1] = '\0'; - s_luser = strtok_r(buf, ":,", &sptr); - s_uid = strtok_r(NULL, ":,", &sptr); - s_npas = strtok_r(NULL, ":,", &sptr); + /* s_luser = */ strtok_r(buf, ":,", &sptr); + /* s_uid = */ strtok_r(NULL, ":,", &sptr); + /* s_npas = */ strtok_r(NULL, ":,", &sptr); s_pas = strtok_r(NULL, ":,", &sptr); while (s_pas != NULL) { char *md5pass = Goodcrypt_md5(newpass, s_pas); @@ -581,7 +581,7 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh remark = _("You must choose a shorter password."); D(("length exceeded [%s]", remark)); } else if (off(UNIX__IAMROOT, ctrl)) { - if (strlen(pass_new) < pass_min_len) + if ((int)strlen(pass_new) < pass_min_len) remark = _("You must choose a longer password."); D(("length check [%s]", remark)); if (on(UNIX_REMEMBER_PASSWD, ctrl)) { diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 4f15b61b..814d4c08 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -211,11 +211,6 @@ unsigned long long _set_ctrl(pam_handle_t *pamh, int flags, int *remember, return ctrl; } -static void _cleanup(pam_handle_t * pamh UNUSED, void *x, int error_status UNUSED) -{ - _pam_delete(x); -} - /* ************************************************************** * * Useful non-trivial functions * * ************************************************************** */ -- cgit v1.2.3 From a96e66f788b1460a8ef4c2883207d4474b829d10 Mon Sep 17 00:00:00 2001 From: MIZUTA Takeshi Date: Mon, 3 Feb 2020 19:12:21 +0900 Subject: Remove redundant header file inclusion There are some source code including the same header file redundantly. We remove these redundant header file inclusion. --- modules/pam_issue/pam_issue.c | 1 - modules/pam_loginuid/pam_loginuid.c | 1 - modules/pam_selinux/pam_selinux.c | 2 -- modules/pam_sepermit/pam_sepermit.c | 1 - modules/pam_shells/pam_shells.c | 1 - modules/pam_tally2/pam_tally2.c | 1 - modules/pam_unix/pam_unix_passwd.c | 1 - modules/pam_xauth/pam_xauth.c | 2 -- 8 files changed, 10 deletions(-) (limited to 'modules/pam_selinux/pam_selinux.c') diff --git a/modules/pam_issue/pam_issue.c b/modules/pam_issue/pam_issue.c index 5fa21c37..8c5ae576 100644 --- a/modules/pam_issue/pam_issue.c +++ b/modules/pam_issue/pam_issue.c @@ -22,7 +22,6 @@ #include #include #include -#include #include #include #include diff --git a/modules/pam_loginuid/pam_loginuid.c b/modules/pam_loginuid/pam_loginuid.c index 96bfd98e..03c0e3a3 100644 --- a/modules/pam_loginuid/pam_loginuid.c +++ b/modules/pam_loginuid/pam_loginuid.c @@ -42,7 +42,6 @@ #ifdef HAVE_LIBAUDIT #include #include -#include #endif /* diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c index 5affec4f..96f9c831 100644 --- a/modules/pam_selinux/pam_selinux.c +++ b/modules/pam_selinux/pam_selinux.c @@ -63,14 +63,12 @@ #include #include -#include #include #include #ifdef HAVE_LIBAUDIT #include #include -#include #endif /* Send audit message */ diff --git a/modules/pam_sepermit/pam_sepermit.c b/modules/pam_sepermit/pam_sepermit.c index f37af0fb..14965a2f 100644 --- a/modules/pam_sepermit/pam_sepermit.c +++ b/modules/pam_sepermit/pam_sepermit.c @@ -53,7 +53,6 @@ #include #include #include -#include #include #define PAM_SM_AUTH diff --git a/modules/pam_shells/pam_shells.c b/modules/pam_shells/pam_shells.c index c8acb9e2..bfe7f116 100644 --- a/modules/pam_shells/pam_shells.c +++ b/modules/pam_shells/pam_shells.c @@ -15,7 +15,6 @@ #include #include #include -#include #include #include #include diff --git a/modules/pam_tally2/pam_tally2.c b/modules/pam_tally2/pam_tally2.c index 48282a33..fc6d6237 100644 --- a/modules/pam_tally2/pam_tally2.c +++ b/modules/pam_tally2/pam_tally2.c @@ -64,7 +64,6 @@ #include #include #include -#include #include #include "tallylog.h" diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 636ace97..a8eec77a 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -56,7 +56,6 @@ #include #include -#include #include #include diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c index 61e98253..ea99bb03 100644 --- a/modules/pam_xauth/pam_xauth.c +++ b/modules/pam_xauth/pam_xauth.c @@ -50,7 +50,6 @@ #include #include #include -#include #define PAM_SM_SESSION @@ -62,7 +61,6 @@ #ifdef WITH_SELINUX #include #include -#include #endif #include "pam_cc_compat.h" -- cgit v1.2.3 From c6c51832af8e7724cfbd454daa65a6644f5b45c2 Mon Sep 17 00:00:00 2001 From: ikerexxe Date: Fri, 6 Mar 2020 15:04:09 +0100 Subject: pam_selinux: check unknown object classes or permissions in current policy Explanation: check whether unknown object classes or permissions are allowed or denied in the current policy Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1680961 --- modules/pam_selinux/pam_selinux.c | 50 +++++++-------------------------------- 1 file changed, 8 insertions(+), 42 deletions(-) (limited to 'modules/pam_selinux/pam_selinux.c') diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c index 96f9c831..827f5942 100644 --- a/modules/pam_selinux/pam_selinux.c +++ b/modules/pam_selinux/pam_selinux.c @@ -157,42 +157,6 @@ query_response (pam_handle_t *pamh, const char *text, const char *def, return rc; } -static int mls_range_allowed(pam_handle_t *pamh, security_context_t src, security_context_t dst, int debug) -{ - struct av_decision avd; - int retval; - security_class_t class; - access_vector_t bit; - context_t src_context; - context_t dst_context; - - class = string_to_security_class("context"); - if (!class) { - pam_syslog(pamh, LOG_ERR, "Failed to translate security class context. %m"); - return 0; - } - - bit = string_to_av_perm(class, "contains"); - if (!bit) { - pam_syslog(pamh, LOG_ERR, "Failed to translate av perm contains. %m"); - return 0; - } - - src_context = context_new (src); - dst_context = context_new (dst); - context_range_set(dst_context, context_range_get(src_context)); - if (debug) - pam_syslog(pamh, LOG_NOTICE, "Checking if %s mls range valid for %s", dst, context_str(dst_context)); - - retval = security_compute_av(context_str(dst_context), dst, class, bit, &avd); - context_free(src_context); - context_free(dst_context); - if (retval || ((bit & avd.allowed) != bit)) - return 0; - - return 1; -} - static security_context_t config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_current_range, int debug) { @@ -274,16 +238,17 @@ config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_curre goto fail_set; context_free(new_context); - /* we have to check that this user is allowed to go into the - range they have specified ... role is tied to an seuser, so that'll - be checked at setexeccon time */ - if (mls_enabled && !mls_range_allowed(pamh, defaultcon, newcon, debug)) { + /* we have to check that this user is allowed to go into the + range they have specified ... role is tied to an seuser, so that'll + be checked at setexeccon time */ + if (mls_enabled && + selinux_check_access(defaultcon, newcon, "context", "contains", NULL) != 0) { pam_syslog(pamh, LOG_NOTICE, "Security context %s is not allowed for %s", defaultcon, newcon); send_audit_message(pamh, 0, defaultcon, newcon); free(newcon); - goto fail_range; + goto fail_range; } return newcon; } @@ -385,7 +350,8 @@ context_from_env (pam_handle_t *pamh, security_context_t defaultcon, int env_par /* we have to check that this user is allowed to go into the range they have specified ... role is tied to an seuser, so that'll be checked at setexeccon time */ - if (mls_enabled && !mls_range_allowed(pamh, defaultcon, newcon, debug)) { + if (mls_enabled && + selinux_check_access(defaultcon, newcon, "context", "contains", NULL) != 0) { pam_syslog(pamh, LOG_NOTICE, "Security context %s is not allowed for %s", defaultcon, newcon); goto fail_set; -- cgit v1.2.3 From ee095e598304d5b251b332f10349f74f6a25e197 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Wed, 18 Mar 2020 00:03:01 +0000 Subject: modules/pam_selinux: use pam_str_skip_prefix * modules/pam_selinux/pam_selinux.c: Include "pam_inline.h". (compute_exec_context, compute_tty_context): Use pam_str_skip_prefix instead of ugly strncmp invocations. --- modules/pam_selinux/pam_selinux.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'modules/pam_selinux/pam_selinux.c') diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c index 827f5942..6537c735 100644 --- a/modules/pam_selinux/pam_selinux.c +++ b/modules/pam_selinux/pam_selinux.c @@ -60,6 +60,7 @@ #include #include #include +#include "pam_inline.h" #include #include @@ -518,7 +519,8 @@ compute_tty_context(const pam_handle_t *pamh, module_data_t *data) { const char *tty = get_item(pamh, PAM_TTY); - if (!tty || !*tty || !strcmp(tty, "ssh") || !strncmp(tty, "NODEV", 5)) { + if (!tty || !*tty || !strcmp(tty, "ssh") + || pam_str_skip_prefix(tty, "NODEV") != NULL) { tty = ttyname(STDIN_FILENO); if (!tty || !*tty) tty = ttyname(STDOUT_FILENO); @@ -528,7 +530,7 @@ compute_tty_context(const pam_handle_t *pamh, module_data_t *data) return PAM_SUCCESS; } - if (strncmp("/dev/", tty, 5)) { + if (pam_str_skip_prefix(tty, "/dev/") == NULL) { if (asprintf(&data->tty_path, "%s%s", "/dev/", tty) < 0) data->tty_path = NULL; } else { -- cgit v1.2.3 From 50f0b621eb56871e568583521bfe9084f28bb4b4 Mon Sep 17 00:00:00 2001 From: Christian Göttsche Date: Tue, 17 Mar 2020 16:24:49 +0100 Subject: pam_selinux: substitute legacy security_context_t type `security_context_t` is a legacy typedef to `char *`, substitute all usage. See https://github.com/SELinuxProject/selinux/commit/9eb9c9327563014ad6a807814e7975424642d5b9 https://github.com/SELinuxProject/selinux/blob/f8c110c8a615eb640510eab39640a0957a6ba19c/libselinux/include/selinux/selinux.h#L16 --- modules/pam_selinux/pam_selinux.c | 40 +++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) (limited to 'modules/pam_selinux/pam_selinux.c') diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c index 6537c735..f8348503 100644 --- a/modules/pam_selinux/pam_selinux.c +++ b/modules/pam_selinux/pam_selinux.c @@ -75,15 +75,15 @@ /* Send audit message */ static -int send_audit_message(pam_handle_t *pamh, int success, security_context_t default_context, - security_context_t selected_context) +int send_audit_message(pam_handle_t *pamh, int success, const char *default_context, + const char *selected_context) { int rc=0; #ifdef HAVE_LIBAUDIT char *msg = NULL; int audit_fd = audit_open(); - security_context_t default_raw=NULL; - security_context_t selected_raw=NULL; + char *default_raw = NULL; + char *selected_raw = NULL; const void *tty = NULL, *rhost = NULL; rc = -1; if (audit_fd < 0) { @@ -158,10 +158,10 @@ query_response (pam_handle_t *pamh, const char *text, const char *def, return rc; } -static security_context_t -config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_current_range, int debug) +static char * +config_context (pam_handle_t *pamh, const char *defaultcon, int use_current_range, int debug) { - security_context_t newcon=NULL; + char *newcon = NULL; context_t new_context; int mls_enabled = is_selinux_mls_enabled(); char *response=NULL; @@ -205,7 +205,7 @@ config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_curre if (mls_enabled) { if (use_current_range) { - security_context_t mycon = NULL; + char *mycon = NULL; context_t my_context; if (getcon(&mycon) != 0) @@ -274,10 +274,10 @@ config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_curre return NULL; } -static security_context_t -context_from_env (pam_handle_t *pamh, security_context_t defaultcon, int env_params, int use_current_range, int debug) +static char * +context_from_env (pam_handle_t *pamh, const char *defaultcon, int env_params, int use_current_range, int debug) { - security_context_t newcon = NULL; + char *newcon = NULL; context_t new_context; context_t my_context = NULL; int mls_enabled = is_selinux_mls_enabled(); @@ -311,7 +311,7 @@ context_from_env (pam_handle_t *pamh, security_context_t defaultcon, int env_par } if (use_current_range) { - security_context_t mycon = NULL; + char *mycon = NULL; if (getcon(&mycon) != 0) goto fail_set; @@ -374,11 +374,11 @@ context_from_env (pam_handle_t *pamh, security_context_t defaultcon, int env_par #define DATANAME "pam_selinux_context" typedef struct { - security_context_t exec_context; - security_context_t prev_exec_context; - security_context_t default_user_context; - security_context_t tty_context; - security_context_t prev_tty_context; + char *exec_context; + char *prev_exec_context; + char *default_user_context; + char *tty_context; + char *prev_tty_context; char *tty_path; } module_data_t; @@ -419,7 +419,7 @@ get_item(const pam_handle_t *pamh, int item_type) } static int -set_exec_context(const pam_handle_t *pamh, security_context_t context) +set_exec_context(const pam_handle_t *pamh, const char *context) { if (setexeccon(context) == 0) return 0; @@ -429,7 +429,7 @@ set_exec_context(const pam_handle_t *pamh, security_context_t context) } static int -set_file_context(const pam_handle_t *pamh, security_context_t context, +set_file_context(const pam_handle_t *pamh, const char *context, const char *file) { if (!file) @@ -453,7 +453,7 @@ compute_exec_context(pam_handle_t *pamh, module_data_t *data, #endif char *seuser = NULL; char *level = NULL; - security_context_t *contextlist = NULL; + char **contextlist = NULL; int num_contexts = 0; const struct passwd *pwd; -- cgit v1.2.3 From 831ec39946667289bbb4475f00ddcfa30ee3db8b Mon Sep 17 00:00:00 2001 From: Christian Göttsche Date: Tue, 17 Mar 2020 17:04:02 +0100 Subject: pam_selinux: fix indentation --- modules/pam_selinux/pam_selinux.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'modules/pam_selinux/pam_selinux.c') diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c index f8348503..d0e1cf50 100644 --- a/modules/pam_selinux/pam_selinux.c +++ b/modules/pam_selinux/pam_selinux.c @@ -239,11 +239,11 @@ config_context (pam_handle_t *pamh, const char *defaultcon, int use_current_rang goto fail_set; context_free(new_context); - /* we have to check that this user is allowed to go into the - range they have specified ... role is tied to an seuser, so that'll - be checked at setexeccon time */ - if (mls_enabled && - selinux_check_access(defaultcon, newcon, "context", "contains", NULL) != 0) { + /* we have to check that this user is allowed to go into the + range they have specified ... role is tied to an seuser, so that'll + be checked at setexeccon time */ + if (mls_enabled && + selinux_check_access(defaultcon, newcon, "context", "contains", NULL) != 0) { pam_syslog(pamh, LOG_NOTICE, "Security context %s is not allowed for %s", defaultcon, newcon); send_audit_message(pamh, 0, defaultcon, newcon); -- cgit v1.2.3 From acbd4d51ea068de178f241d4a133316eec2e7d69 Mon Sep 17 00:00:00 2001 From: Christian Göttsche Date: Mon, 23 Mar 2020 19:43:18 +0100 Subject: pam_selinux: convert send_audit_message to void function The result is nowhere checked and other logging functions like pam_syslog are also not checked. --- modules/pam_selinux/pam_selinux.c | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) (limited to 'modules/pam_selinux/pam_selinux.c') diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c index d0e1cf50..2e92b5c5 100644 --- a/modules/pam_selinux/pam_selinux.c +++ b/modules/pam_selinux/pam_selinux.c @@ -73,25 +73,22 @@ #endif /* Send audit message */ -static - -int send_audit_message(pam_handle_t *pamh, int success, const char *default_context, - const char *selected_context) +static void +send_audit_message(pam_handle_t *pamh, int success, const char *default_context, + const char *selected_context) { - int rc=0; #ifdef HAVE_LIBAUDIT char *msg = NULL; int audit_fd = audit_open(); char *default_raw = NULL; char *selected_raw = NULL; const void *tty = NULL, *rhost = NULL; - rc = -1; if (audit_fd < 0) { if (errno == EINVAL || errno == EPROTONOSUPPORT || errno == EAFNOSUPPORT) - return 0; /* No audit support in kernel */ + return; /* No audit support in kernel */ pam_syslog(pamh, LOG_ERR, "Error connecting to audit system."); - return rc; + return; } (void)pam_get_item(pamh, PAM_TTY, &tty); (void)pam_get_item(pamh, PAM_RHOST, &rhost); @@ -114,7 +111,6 @@ int send_audit_message(pam_handle_t *pamh, int success, const char *default_cont pam_syslog(pamh, LOG_ERR, "Error sending audit message."); goto out; } - rc = 0; out: free(msg); freecon(default_raw); @@ -123,8 +119,8 @@ int send_audit_message(pam_handle_t *pamh, int success, const char *default_cont #else pam_syslog(pamh, LOG_NOTICE, "pam: default-context=%s selected-context=%s success %d", default_context, selected_context, success); #endif - return rc; } + static int send_text (pam_handle_t *pamh, const char *text, int debug) { -- cgit v1.2.3 From fbc66d1cdbbb4bd3abd98b84b51be05f4b061d95 Mon Sep 17 00:00:00 2001 From: Christian Göttsche Date: Mon, 23 Mar 2020 19:45:29 +0100 Subject: pam_selinux: print additional information on failures --- modules/pam_selinux/pam_selinux.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'modules/pam_selinux/pam_selinux.c') diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c index 2e92b5c5..57b02bac 100644 --- a/modules/pam_selinux/pam_selinux.c +++ b/modules/pam_selinux/pam_selinux.c @@ -87,17 +87,17 @@ send_audit_message(pam_handle_t *pamh, int success, const char *default_context, if (errno == EINVAL || errno == EPROTONOSUPPORT || errno == EAFNOSUPPORT) return; /* No audit support in kernel */ - pam_syslog(pamh, LOG_ERR, "Error connecting to audit system."); + pam_syslog(pamh, LOG_ERR, "Error connecting to audit system: %m"); return; } (void)pam_get_item(pamh, PAM_TTY, &tty); (void)pam_get_item(pamh, PAM_RHOST, &rhost); if (selinux_trans_to_raw_context(default_context, &default_raw) < 0) { - pam_syslog(pamh, LOG_ERR, "Error translating default context."); + pam_syslog(pamh, LOG_ERR, "Error translating default context '%s'.", default_context); default_raw = NULL; } if (selinux_trans_to_raw_context(selected_context, &selected_raw) < 0) { - pam_syslog(pamh, LOG_ERR, "Error translating selected context."); + pam_syslog(pamh, LOG_ERR, "Error translating selected context '%s'.", selected_context); selected_raw = NULL; } if (asprintf(&msg, "pam: default-context=%s selected-context=%s", @@ -108,7 +108,7 @@ send_audit_message(pam_handle_t *pamh, int success, const char *default_context, } if (audit_log_user_message(audit_fd, AUDIT_USER_ROLE_CHANGE, msg, rhost, NULL, tty, success) <= 0) { - pam_syslog(pamh, LOG_ERR, "Error sending audit message."); + pam_syslog(pamh, LOG_ERR, "Error sending audit message: %m"); goto out; } out: -- cgit v1.2.3 From d1963687081754796ab643569a882ba6636a44c6 Mon Sep 17 00:00:00 2001 From: Christian Göttsche Date: Mon, 23 Mar 2020 19:54:00 +0100 Subject: pam_selinux: sanitize asprintf argument on failure --- modules/pam_selinux/pam_selinux.c | 1 + 1 file changed, 1 insertion(+) (limited to 'modules/pam_selinux/pam_selinux.c') diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c index 57b02bac..5b7dd277 100644 --- a/modules/pam_selinux/pam_selinux.c +++ b/modules/pam_selinux/pam_selinux.c @@ -103,6 +103,7 @@ send_audit_message(pam_handle_t *pamh, int success, const char *default_context, if (asprintf(&msg, "pam: default-context=%s selected-context=%s", default_raw ? default_raw : (default_context ? default_context : "?"), selected_raw ? selected_raw : (selected_context ? selected_context : "?")) < 0) { + msg = NULL; /* asprintf leaves msg in undefined state on failure */ pam_syslog(pamh, LOG_ERR, "Error allocating memory."); goto out; } -- cgit v1.2.3 From 68aff3a5e29facecfb603bb3d2dd8f8225b8bdde Mon Sep 17 00:00:00 2001 From: Christian Göttsche Date: Mon, 23 Mar 2020 19:57:39 +0100 Subject: pam_selinux: fall back to log to syslog if audit logging fails Resolves: https://github.com/linux-pam/linux-pam/pull/194 --- modules/pam_selinux/pam_selinux.c | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) (limited to 'modules/pam_selinux/pam_selinux.c') diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c index 5b7dd277..deae3ef1 100644 --- a/modules/pam_selinux/pam_selinux.c +++ b/modules/pam_selinux/pam_selinux.c @@ -74,7 +74,7 @@ /* Send audit message */ static void -send_audit_message(pam_handle_t *pamh, int success, const char *default_context, +send_audit_message(const pam_handle_t *pamh, int success, const char *default_context, const char *selected_context) { #ifdef HAVE_LIBAUDIT @@ -85,10 +85,11 @@ send_audit_message(pam_handle_t *pamh, int success, const char *default_context, const void *tty = NULL, *rhost = NULL; if (audit_fd < 0) { if (errno == EINVAL || errno == EPROTONOSUPPORT || - errno == EAFNOSUPPORT) - return; /* No audit support in kernel */ + errno == EAFNOSUPPORT) { + goto fallback; /* No audit support in kernel */ + } pam_syslog(pamh, LOG_ERR, "Error connecting to audit system: %m"); - return; + goto fallback; } (void)pam_get_item(pamh, PAM_TTY, &tty); (void)pam_get_item(pamh, PAM_RHOST, &rhost); @@ -105,21 +106,28 @@ send_audit_message(pam_handle_t *pamh, int success, const char *default_context, selected_raw ? selected_raw : (selected_context ? selected_context : "?")) < 0) { msg = NULL; /* asprintf leaves msg in undefined state on failure */ pam_syslog(pamh, LOG_ERR, "Error allocating memory."); - goto out; + goto fallback; } if (audit_log_user_message(audit_fd, AUDIT_USER_ROLE_CHANGE, msg, rhost, NULL, tty, success) <= 0) { pam_syslog(pamh, LOG_ERR, "Error sending audit message: %m"); - goto out; + goto fallback; } - out: + goto cleanup; + + fallback: +#endif /* HAVE_LIBAUDIT */ + pam_syslog(pamh, LOG_NOTICE, "pam: default-context=%s selected-context=%s success %d", + default_context, selected_context, success); + +#ifdef HAVE_LIBAUDIT + cleanup: free(msg); freecon(default_raw); freecon(selected_raw); - close(audit_fd); -#else - pam_syslog(pamh, LOG_NOTICE, "pam: default-context=%s selected-context=%s success %d", default_context, selected_context, success); -#endif + if (audit_fd >= 0) + close(audit_fd); +#endif /* HAVE_LIBAUDIT */ } static int -- cgit v1.2.3 From 37b5259298be9137f5b40eef16027152ddb803ff Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Fri, 1 May 2020 19:20:12 +0000 Subject: modules: remove PAM_SM_* macros Starting with commit a684595c0bbd88df71285f43fb27630e3829121e aka Linux-PAM-1.3.0~14 (Remove "--enable-static-modules" option and support from Linux-PAM), PAM_SM_* macros have no effect. --- modules/pam_access/pam_access.c | 16 ++-------------- modules/pam_cracklib/pam_cracklib.c | 17 ++--------------- modules/pam_debug/pam_debug.c | 26 +++++--------------------- modules/pam_deny/pam_deny.c | 18 +----------------- modules/pam_echo/pam_echo.c | 5 ----- modules/pam_env/pam_env.c | 16 ++-------------- modules/pam_exec/pam_exec.c | 6 ------ modules/pam_faildelay/pam_faildelay.c | 7 ++----- modules/pam_faillock/pam_faillock.c | 4 ---- modules/pam_filter/pam_filter.c | 7 +------ modules/pam_ftp/pam_ftp.c | 14 +------------- modules/pam_group/pam_group.c | 13 ++----------- modules/pam_issue/pam_issue.c | 5 ++--- modules/pam_keyinit/pam_keyinit.c | 3 ++- modules/pam_lastlog/pam_lastlog.c | 15 ++------------- modules/pam_limits/pam_limits.c | 2 -- modules/pam_listfile/pam_listfile.c | 14 ++------------ modules/pam_localuser/pam_localuser.c | 4 ++-- modules/pam_loginuid/pam_loginuid.c | 4 +++- modules/pam_mail/pam_mail.c | 14 ++------------ modules/pam_mkhomedir/pam_mkhomedir.c | 9 --------- modules/pam_motd/pam_motd.c | 23 +++++------------------ modules/pam_nologin/pam_nologin.c | 15 +-------------- modules/pam_permit/pam_permit.c | 22 +++------------------- modules/pam_pwhistory/pam_pwhistory.c | 4 ++-- modules/pam_rhosts/pam_rhosts.c | 4 ++-- modules/pam_rootok/pam_rootok.c | 13 +------------ modules/pam_securetty/pam_securetty.c | 14 ++------------ modules/pam_selinux/pam_selinux.c | 4 ---- modules/pam_sepermit/pam_sepermit.c | 4 ---- modules/pam_setquota/pam_setquota.c | 3 --- modules/pam_shells/pam_shells.c | 22 ++++++---------------- modules/pam_stress/pam_stress.c | 12 ------------ modules/pam_succeed_if/pam_succeed_if.c | 6 ------ modules/pam_tally/pam_tally.c | 27 ++------------------------- modules/pam_tally2/pam_tally2.c | 19 ++----------------- modules/pam_time/pam_time.c | 25 ++++++++----------------- modules/pam_timestamp/pam_timestamp.c | 3 --- modules/pam_tty_audit/pam_tty_audit.c | 2 -- modules/pam_umask/pam_umask.c | 4 ++-- modules/pam_unix/pam_unix_acct.c | 6 ++---- modules/pam_unix/pam_unix_auth.c | 7 ++----- modules/pam_unix/pam_unix_passwd.c | 7 ++----- modules/pam_unix/pam_unix_sess.c | 6 +----- modules/pam_userdb/pam_userdb.c | 14 ++------------ modules/pam_usertype/pam_usertype.c | 5 ----- modules/pam_warn/pam_warn.c | 14 +------------- modules/pam_wheel/pam_wheel.c | 7 ++----- modules/pam_xauth/pam_xauth.c | 4 ++-- 49 files changed, 83 insertions(+), 432 deletions(-) (limited to 'modules/pam_selinux/pam_selinux.c') diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c index 4c11418d..be726180 100644 --- a/modules/pam_access/pam_access.c +++ b/modules/pam_access/pam_access.c @@ -1,6 +1,6 @@ -/* pam_access module */ - /* + * pam_access module + * * Written by Alexei Nogin 1997/06/15 * (I took login_access from logdaemon-5.6 and converted it to PAM * using parts of pam_time code.) @@ -49,18 +49,6 @@ #include #endif -/* - * here, we make definitions for the externally accessible functions - * in this file (these definitions are required for static modules - * but strongly encouraged generally) they are used to instruct the - * modules include file to define their prototypes. - */ - -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT -#define PAM_SM_SESSION -#define PAM_SM_PASSWORD - #include #include #include diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c index f89f33da..a6ce9395 100644 --- a/modules/pam_cracklib/pam_cracklib.c +++ b/modules/pam_cracklib/pam_cracklib.c @@ -1,8 +1,6 @@ /* * pam_cracklib module - */ - -/* + * * 0.9. switch to using a distance algorithm in similar() * 0.86. added support for setting minimum numbers of digits, uppers, * lowers, and others @@ -15,9 +13,7 @@ * 0.3. Added argument 'debug' * 0.2. new password is fed to cracklib for verify after typed once * 0.1. First release - */ - -/* + * * Written by Cristian Gafton 1996/09/10 * Long password support by Philip W. Dalrymple 1997/07/18 * See the end of the file for Copyright Information @@ -69,15 +65,6 @@ extern char *FascistCheck(char *pw, const char *dictpath); #endif #define MIN(_a, _b) (((_a) < (_b)) ? (_a) : (_b)) -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_PASSWORD - #include #include #include diff --git a/modules/pam_debug/pam_debug.c b/modules/pam_debug/pam_debug.c index 9b68d382..75d475f0 100644 --- a/modules/pam_debug/pam_debug.c +++ b/modules/pam_debug/pam_debug.c @@ -1,32 +1,14 @@ -/* pam_permit module */ - /* - * $Id$ + * pam_debug module * * Written by Andrew Morgan 2001/02/04 * - */ - -#define DEFAULT_USER "nobody" - -#include "config.h" - -#include - -/* * This module is intended as a debugging aide for determining how * the PAM stack is operating. - * - * here, we make definitions for the externally accessible functions - * in this file (these definitions are required for static modules - * but strongly encouraged generally) they are used to instruct the - * modules include file to define their prototypes. */ -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT -#define PAM_SM_SESSION -#define PAM_SM_PASSWORD +#include "config.h" +#include #include #include @@ -35,6 +17,8 @@ #define _PAM_ACTION_UNDEF (-10) #include "../../libpam/pam_tokens.h" +#define DEFAULT_USER "nobody" + /* --- authentication management functions --- */ static int state(pam_handle_t *pamh, const char *text) diff --git a/modules/pam_deny/pam_deny.c b/modules/pam_deny/pam_deny.c index 155a1f5d..a2fe0c23 100644 --- a/modules/pam_deny/pam_deny.c +++ b/modules/pam_deny/pam_deny.c @@ -1,26 +1,10 @@ -/* pam_deny module */ - /* - * $Id$ + * pam_deny module * * Written by Andrew Morgan 1996/3/11 - * - */ - -/* - * here, we make definitions for the externally accessible functions - * in this file (these definitions are required for static modules - * but strongly encouraged generally) they are used to instruct the - * modules include file to define their prototypes. */ #include "config.h" - -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT -#define PAM_SM_SESSION -#define PAM_SM_PASSWORD - #include /* --- authentication management functions --- */ diff --git a/modules/pam_echo/pam_echo.c b/modules/pam_echo/pam_echo.c index bd5910b9..181aeb4c 100644 --- a/modules/pam_echo/pam_echo.c +++ b/modules/pam_echo/pam_echo.c @@ -52,11 +52,6 @@ #define HOST_NAME_MAX 255 #endif -#define PAM_SM_ACCOUNT -#define PAM_SM_AUTH -#define PAM_SM_PASSWORD -#define PAM_SM_SESSION - #include #include #include diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c index 1bdc119d..79d43722 100644 --- a/modules/pam_env/pam_env.c +++ b/modules/pam_env/pam_env.c @@ -1,6 +1,6 @@ -/* pam_env module */ - /* + * pam_env module + * * Written by Dave Kinchlea 1997/01/31 * Inspired by Andrew Morgan , who also supplied the * template for this file (via pam_mail) @@ -26,18 +26,6 @@ #include #include -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_AUTH /* This is primarily a AUTH_SETCRED module */ -#define PAM_SM_SESSION /* But I like to be friendly */ -#define PAM_SM_PASSWORD /* "" */ -#define PAM_SM_ACCOUNT /* "" */ - #include #include #include diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c index 918422cf..5ca85ab3 100644 --- a/modules/pam_exec/pam_exec.c +++ b/modules/pam_exec/pam_exec.c @@ -49,12 +49,6 @@ #include #include - -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT -#define PAM_SM_SESSION -#define PAM_SM_PASSWORD - #include #include #include diff --git a/modules/pam_faildelay/pam_faildelay.c b/modules/pam_faildelay/pam_faildelay.c index 215074b2..02c5fafd 100644 --- a/modules/pam_faildelay/pam_faildelay.c +++ b/modules/pam_faildelay/pam_faildelay.c @@ -1,6 +1,6 @@ -/* pam_faildelay module */ - /* + * pam_faildelay module + * * Allows an admin to set the delay on failure per-application. * Provides "auth" interface only. * @@ -70,9 +70,6 @@ #include #include - -#define PAM_SM_AUTH - #include #include #include diff --git a/modules/pam_faillock/pam_faillock.c b/modules/pam_faillock/pam_faillock.c index 94c175b4..e340a83c 100644 --- a/modules/pam_faillock/pam_faillock.c +++ b/modules/pam_faillock/pam_faillock.c @@ -55,12 +55,8 @@ #include #include "pam_inline.h" - #include "faillock.h" -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT - #define FAILLOCK_ACTION_PREAUTH 0 #define FAILLOCK_ACTION_AUTHSUCC 1 #define FAILLOCK_ACTION_AUTHFAIL 2 diff --git a/modules/pam_filter/pam_filter.c b/modules/pam_filter/pam_filter.c index 4f75486d..9b523da2 100644 --- a/modules/pam_filter/pam_filter.c +++ b/modules/pam_filter/pam_filter.c @@ -1,5 +1,5 @@ /* - * $Id$ + * pam_filter module * * written by Andrew Morgan with much help from * Richard Stevens' UNIX Network Programming book. @@ -25,11 +25,6 @@ #include -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT -#define PAM_SM_SESSION -#define PAM_SM_PASSWORD - #include #include #include "pam_filter.h" diff --git a/modules/pam_ftp/pam_ftp.c b/modules/pam_ftp/pam_ftp.c index ce6ead9a..0d53e5a5 100644 --- a/modules/pam_ftp/pam_ftp.c +++ b/modules/pam_ftp/pam_ftp.c @@ -1,10 +1,7 @@ -/* pam_ftp module */ - /* - * $Id$ + * pam_ftp module * * Written by Andrew Morgan 1996/3/11 - * */ #define PLEASE_ENTER_PASSWORD "Password required for %s." @@ -23,15 +20,6 @@ #include #include -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_AUTH - #include #include #include diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c index 2172a0b5..b5532b81 100644 --- a/modules/pam_group/pam_group.c +++ b/modules/pam_group/pam_group.c @@ -1,6 +1,6 @@ -/* pam_group module */ - /* + * pam_group module + * * Written by Andrew Morgan 1996/7/6 * Field parsing rewritten by Tomas Mraz */ @@ -35,15 +35,6 @@ typedef enum { AND, OR } operator; -/* - * here, we make definitions for the externally accessible functions - * in this file (these definitions are required for static modules - * but strongly encouraged generally) they are used to instruct the - * modules include file to define their prototypes. - */ - -#define PAM_SM_AUTH - #include #include #include diff --git a/modules/pam_issue/pam_issue.c b/modules/pam_issue/pam_issue.c index 8a74ce03..5b6a4669 100644 --- a/modules/pam_issue/pam_issue.c +++ b/modules/pam_issue/pam_issue.c @@ -1,4 +1,5 @@ -/* pam_issue module - a simple /etc/issue parser to set PAM_USER_PROMPT +/* + * pam_issue module - a simple /etc/issue parser to set PAM_USER_PROMPT * * Copyright 1999 by Ben Collins * @@ -28,8 +29,6 @@ #include #include -#define PAM_SM_AUTH - #include #include #include diff --git a/modules/pam_keyinit/pam_keyinit.c b/modules/pam_keyinit/pam_keyinit.c index d58744d7..b3aec483 100644 --- a/modules/pam_keyinit/pam_keyinit.c +++ b/modules/pam_keyinit/pam_keyinit.c @@ -1,4 +1,5 @@ -/* pam_keyinit.c: Initialise the session keyring on login through a PAM module +/* + * pam_keyinit: Initialise the session keyring on login through a PAM module * * Copyright (C) 2006 Red Hat, Inc. All Rights Reserved. * Written by David Howells (dhowells@redhat.com) diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c index 1f707d93..1c46d03a 100644 --- a/modules/pam_lastlog/pam_lastlog.c +++ b/modules/pam_lastlog/pam_lastlog.c @@ -1,6 +1,6 @@ -/* pam_lastlog module */ - /* + * pam_lastlog module + * * Written by Andrew Morgan 1996/3/11 * * This module does the necessary work to display the last login @@ -66,17 +66,6 @@ struct lastlog { #define DEFAULT_INACTIVE_DAYS 90 #define MAX_INACTIVE_DAYS 100000 -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_SESSION -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT - #include #include #include diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c index c8a03ae4..b791cdce 100644 --- a/modules/pam_limits/pam_limits.c +++ b/modules/pam_limits/pam_limits.c @@ -102,8 +102,6 @@ struct pam_limit_s { #define LIMIT_SOFT 1 #define LIMIT_HARD 2 -#define PAM_SM_SESSION - #include #include #include diff --git a/modules/pam_listfile/pam_listfile.c b/modules/pam_listfile/pam_listfile.c index 44e0655c..74ebae1a 100644 --- a/modules/pam_listfile/pam_listfile.c +++ b/modules/pam_listfile/pam_listfile.c @@ -1,4 +1,6 @@ /* + * pam_listfile module + * * by Elliot Lee , Red Hat Software. July 25, 1996. * log refused access error christopher mccrory 1998/7/11 * @@ -22,18 +24,6 @@ #include #endif -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT -#define PAM_SM_PASSWORD -#define PAM_SM_SESSION - #include #include #include diff --git a/modules/pam_localuser/pam_localuser.c b/modules/pam_localuser/pam_localuser.c index ac51e4ef..3633b535 100644 --- a/modules/pam_localuser/pam_localuser.c +++ b/modules/pam_localuser/pam_localuser.c @@ -1,4 +1,6 @@ /* + * pam_localuser module + * * Copyright 2001, 2004 Red Hat, Inc. * * Redistribution and use in source and binary forms, with or without @@ -47,8 +49,6 @@ #include #include -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT #include #include #include diff --git a/modules/pam_loginuid/pam_loginuid.c b/modules/pam_loginuid/pam_loginuid.c index 03c0e3a3..31181789 100644 --- a/modules/pam_loginuid/pam_loginuid.c +++ b/modules/pam_loginuid/pam_loginuid.c @@ -1,4 +1,6 @@ -/* pam_loginuid.c -- +/* + * pam_loginuid module + * * Copyright 2005 Red Hat Inc., Durham, North Carolina. * All Rights Reserved. * diff --git a/modules/pam_mail/pam_mail.c b/modules/pam_mail/pam_mail.c index 2439ae75..c923817d 100644 --- a/modules/pam_mail/pam_mail.c +++ b/modules/pam_mail/pam_mail.c @@ -1,6 +1,6 @@ -/* pam_mail module */ - /* + * pam_mail module + * * Written by Andrew Morgan 1996/3/11 * $HOME additions by David Kinchlea 1997/1/7 * mailhash additions by Chris Adams 1998/7/11 @@ -30,16 +30,6 @@ #define MAIL_ENV_NAME "MAIL" #define MAIL_ENV_FORMAT MAIL_ENV_NAME "=%s" -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_SESSION -#define PAM_SM_AUTH - #include #include #include diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c index 6e035f70..5f9b1661 100644 --- a/modules/pam_mkhomedir/pam_mkhomedir.c +++ b/modules/pam_mkhomedir/pam_mkhomedir.c @@ -44,15 +44,6 @@ #include #include -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_SESSION - #include #include #include diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c index 8147c6fd..46f4fe61 100644 --- a/modules/pam_motd/pam_motd.c +++ b/modules/pam_motd/pam_motd.c @@ -1,13 +1,8 @@ -/* pam_motd module */ - /* - * Modified for pam_motd by Ben Collins - * - * Based off of: - * $Id$ + * pam_motd module * + * Modified for pam_motd by Ben Collins * Written by Michael K. Johnson 1996/10/24 - * */ #include "config.h" @@ -26,21 +21,13 @@ #include #include -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_SESSION -#define DEFAULT_MOTD "/etc/motd:/run/motd:/usr/lib/motd" -#define DEFAULT_MOTD_D "/etc/motd.d:/run/motd.d:/usr/lib/motd.d" - #include #include #include "pam_inline.h" +#define DEFAULT_MOTD "/etc/motd:/run/motd:/usr/lib/motd" +#define DEFAULT_MOTD_D "/etc/motd.d:/run/motd.d:/usr/lib/motd.d" + /* --- session management functions (only) --- */ int diff --git a/modules/pam_nologin/pam_nologin.c b/modules/pam_nologin/pam_nologin.c index 775dda87..8666251a 100644 --- a/modules/pam_nologin/pam_nologin.c +++ b/modules/pam_nologin/pam_nologin.c @@ -1,10 +1,7 @@ -/* pam_nologin module */ - /* - * $Id$ + * pam_nologin module * * Written by Michael K. Johnson 1996/10/24 - * */ #include "config.h" @@ -19,16 +16,6 @@ #include #include -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT - #include #include #include diff --git a/modules/pam_permit/pam_permit.c b/modules/pam_permit/pam_permit.c index c773087a..9e2aedf4 100644 --- a/modules/pam_permit/pam_permit.c +++ b/modules/pam_permit/pam_permit.c @@ -1,33 +1,17 @@ -/* pam_permit module */ - /* - * $Id$ + * pam_permit module * * Written by Andrew Morgan 1996/3/11 - * */ #include "config.h" - -#define DEFAULT_USER "nobody" - #include -/* - * here, we make definitions for the externally accessible functions - * in this file (these definitions are required for static modules - * but strongly encouraged generally) they are used to instruct the - * modules include file to define their prototypes. - */ - -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT -#define PAM_SM_SESSION -#define PAM_SM_PASSWORD - #include #include +#define DEFAULT_USER "nobody" + /* --- authentication management functions --- */ int diff --git a/modules/pam_pwhistory/pam_pwhistory.c b/modules/pam_pwhistory/pam_pwhistory.c index 2d4507d5..c77eb3ea 100644 --- a/modules/pam_pwhistory/pam_pwhistory.c +++ b/modules/pam_pwhistory/pam_pwhistory.c @@ -1,4 +1,6 @@ /* + * pam_pwhistory module + * * Copyright (c) 2008, 2012 Thorsten Kukuk * Author: Thorsten Kukuk * @@ -38,8 +40,6 @@ #include #endif -#define PAM_SM_PASSWORD - #include #include #include diff --git a/modules/pam_rhosts/pam_rhosts.c b/modules/pam_rhosts/pam_rhosts.c index 258a7299..ab2fbd09 100644 --- a/modules/pam_rhosts/pam_rhosts.c +++ b/modules/pam_rhosts/pam_rhosts.c @@ -1,4 +1,6 @@ /* + * pam_rhosts module + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -38,8 +40,6 @@ #include #include -#define PAM_SM_AUTH /* only defines this management group */ - #include #include #include diff --git a/modules/pam_rootok/pam_rootok.c b/modules/pam_rootok/pam_rootok.c index accba21a..3a00d545 100644 --- a/modules/pam_rootok/pam_rootok.c +++ b/modules/pam_rootok/pam_rootok.c @@ -1,7 +1,5 @@ -/* pam_rootok module */ - /* - * $Id$ + * pam_rootok module * * Written by Andrew Morgan 1996/3/11 */ @@ -14,15 +12,6 @@ #include #include -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_AUTH - #include #include diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c index e594fb6a..9a2835ef 100644 --- a/modules/pam_securetty/pam_securetty.c +++ b/modules/pam_securetty/pam_securetty.c @@ -1,6 +1,6 @@ -/* pam_securetty module */ - /* + * pam_securetty module + * * by Elliot Lee , Red Hat Software. * July 25, 1996. * This code shamelessly ripped from the pam_rootok module. @@ -22,16 +22,6 @@ #include #include -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT - #include #include #include diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c index deae3ef1..06c3ce65 100644 --- a/modules/pam_selinux/pam_selinux.c +++ b/modules/pam_selinux/pam_selinux.c @@ -36,7 +36,6 @@ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. - * */ #include "config.h" @@ -53,9 +52,6 @@ #include #include -#define PAM_SM_AUTH -#define PAM_SM_SESSION - #include #include #include diff --git a/modules/pam_sepermit/pam_sepermit.c b/modules/pam_sepermit/pam_sepermit.c index 442703d3..b6fde6c5 100644 --- a/modules/pam_sepermit/pam_sepermit.c +++ b/modules/pam_sepermit/pam_sepermit.c @@ -35,7 +35,6 @@ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. - * */ #include "config.h" @@ -55,9 +54,6 @@ #include #include -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT - #include #include #include diff --git a/modules/pam_setquota/pam_setquota.c b/modules/pam_setquota/pam_setquota.c index 3e2b9508..43c76d66 100644 --- a/modules/pam_setquota/pam_setquota.c +++ b/modules/pam_setquota/pam_setquota.c @@ -6,7 +6,6 @@ Copyright © 2010 Shane Tzen Copyright © 2012-2020 Sven Hartge Copyright © 2016 Keller Fuchs - */ #include @@ -19,8 +18,6 @@ #include #include -#define PAM_SM_SESSION - #include #include #include diff --git a/modules/pam_shells/pam_shells.c b/modules/pam_shells/pam_shells.c index ae67a423..eec86dc4 100644 --- a/modules/pam_shells/pam_shells.c +++ b/modules/pam_shells/pam_shells.c @@ -1,10 +1,6 @@ -/* pam_shells module */ - -#define SHELL_FILE "/etc/shells" - -#define DEFAULT_SHELL "/bin/sh" - /* + * pam_shells module + * * by Erik Troan , Red Hat Software. * August 5, 1996. * This code shamelessly ripped from the pam_securetty module. @@ -21,20 +17,14 @@ #include #include -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT - #include #include #include +#define SHELL_FILE "/etc/shells" + +#define DEFAULT_SHELL "/bin/sh" + static int perform_check(pam_handle_t *pamh) { int retval = PAM_AUTH_ERR; diff --git a/modules/pam_stress/pam_stress.c b/modules/pam_stress/pam_stress.c index 024455e5..62348fab 100644 --- a/modules/pam_stress/pam_stress.c +++ b/modules/pam_stress/pam_stress.c @@ -15,18 +15,6 @@ #include #include -/* - * here, we make definitions for the externally accessible functions - * in this file (these definitions are required for static modules - * but strongly encouraged generally) they are used to instruct the - * modules include file to define their prototypes. - */ - -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT -#define PAM_SM_SESSION -#define PAM_SM_PASSWORD - #include #include #include diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c index 82de4f33..76bc9825 100644 --- a/modules/pam_succeed_if/pam_succeed_if.c +++ b/modules/pam_succeed_if/pam_succeed_if.c @@ -34,7 +34,6 @@ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. - * */ #include "config.h" @@ -54,11 +53,6 @@ #include #include -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT -#define PAM_SM_SESSION -#define PAM_SM_PASSWORD - #include #include #include diff --git a/modules/pam_tally/pam_tally.c b/modules/pam_tally/pam_tally.c index 6f578988..08b5ace2 100644 --- a/modules/pam_tally/pam_tally.c +++ b/modules/pam_tally/pam_tally.c @@ -1,10 +1,7 @@ /* - * pam_tally.c + * pam_tally module * - */ - - -/* By Tim Baverstock , Multi Media Machine Ltd. + * By Tim Baverstock , Multi Media Machine Ltd. * 5 March 1997 * * Stuff stolen from pam_rootok and pam_listfile @@ -30,19 +27,7 @@ #include #include "faillog.h" -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - #ifndef MAIN -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT -/* #define PAM_SM_SESSION */ -/* #define PAM_SM_PASSWORD */ - #include #include #endif @@ -615,8 +600,6 @@ tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts) /* --- authentication management functions (only) --- */ -#ifdef PAM_SM_AUTH - int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) @@ -686,14 +669,10 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, return tally_reset(pamh, uid, opts); } -#endif - /*---------------------------------------------------------------------*/ /* --- authentication management functions (only) --- */ -#ifdef PAM_SM_ACCOUNT - /* To reset failcount of user on successful login */ int @@ -731,8 +710,6 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, return tally_reset(pamh, uid, opts); } -#endif /* #ifdef PAM_SM_ACCOUNT */ - /*-----------------------------------------------------------------------*/ #else /* #ifndef MAIN */ diff --git a/modules/pam_tally2/pam_tally2.c b/modules/pam_tally2/pam_tally2.c index e8c74eb9..8c171b68 100644 --- a/modules/pam_tally2/pam_tally2.c +++ b/modules/pam_tally2/pam_tally2.c @@ -1,10 +1,7 @@ /* - * pam_tally2.c + * pam_tally2 module * - */ - - -/* By Tim Baverstock , Multi Media Machine Ltd. + * By Tim Baverstock , Multi Media Machine Ltd. * 5 March 1997 * * Stuff stolen from pam_rootok and pam_listfile @@ -76,19 +73,7 @@ #define fseeko fseek #endif -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - #ifndef MAIN -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT -/* #define PAM_SM_SESSION */ -/* #define PAM_SM_PASSWORD */ - #include #endif #include diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c index 0643523a..e786d0f9 100644 --- a/modules/pam_time/pam_time.c +++ b/modules/pam_time/pam_time.c @@ -1,6 +1,6 @@ -/* pam_time module */ - /* + * pam_time module + * * Written by Andrew Morgan 1996/6/22 * (File syntax and much other inspiration from the shadow package * shadow-960129) @@ -23,6 +23,12 @@ #include #include +#include +#include +#include +#include +#include "pam_inline.h" + #ifdef HAVE_LIBAUDIT #include #endif @@ -42,21 +48,6 @@ typedef enum { AND, OR } operator; -/* - * here, we make definitions for the externally accessible functions - * in this file (these definitions are required for static modules - * but strongly encouraged generally) they are used to instruct the - * modules include file to define their prototypes. - */ - -#define PAM_SM_ACCOUNT - -#include -#include -#include -#include -#include "pam_inline.h" - static int _pam_parse (const pam_handle_t *pamh, int argc, const char **argv, const char **conffile) { diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c index 420ce9eb..249a9692 100644 --- a/modules/pam_timestamp/pam_timestamp.c +++ b/modules/pam_timestamp/pam_timestamp.c @@ -38,9 +38,6 @@ * */ -#define PAM_SM_AUTH -#define PAM_SM_SESSION - #include "config.h" #include diff --git a/modules/pam_tty_audit/pam_tty_audit.c b/modules/pam_tty_audit/pam_tty_audit.c index 1d9256c3..2f04a05c 100644 --- a/modules/pam_tty_audit/pam_tty_audit.c +++ b/modules/pam_tty_audit/pam_tty_audit.c @@ -48,8 +48,6 @@ #include #include -#define PAM_SM_SESSION - #include #include #include diff --git a/modules/pam_umask/pam_umask.c b/modules/pam_umask/pam_umask.c index 45b048e3..1b5df4b6 100644 --- a/modules/pam_umask/pam_umask.c +++ b/modules/pam_umask/pam_umask.c @@ -1,4 +1,6 @@ /* + * pam_umask module + * * Copyright (c) 2005, 2006, 2007, 2010, 2013 Thorsten Kukuk * * Redistribution and use in source and binary forms, with or without @@ -50,8 +52,6 @@ #include #include -#define PAM_SM_SESSION - #include #include #include diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index 0c5dff96..de8d65c1 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -1,4 +1,6 @@ /* + * pam_unix account management + * * Copyright Elliot Lee, 1996. All rights reserved. * Copyright Jan Rękorajski, 1999. All rights reserved. * @@ -51,10 +53,6 @@ #include -/* indicate that the following groups are defined */ - -#define PAM_SM_ACCOUNT - #include #include #include diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c index 40ff7c65..9a0cd372 100644 --- a/modules/pam_unix/pam_unix_auth.c +++ b/modules/pam_unix/pam_unix_auth.c @@ -1,4 +1,6 @@ /* + * pam_unix authentication management + * * Copyright Alexander O. Yuriev, 1996. All rights reserved. * NIS+ support by Thorsten Kukuk * Copyright Jan Rękorajski, 1999. All rights reserved. @@ -48,11 +50,6 @@ #include #include -/* indicate the following groups are defined */ - -#define PAM_SM_AUTH - -#define _PAM_EXTERN_FUNCTIONS #include #include #include diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 7985ad1b..e9c960a2 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -1,4 +1,6 @@ /* + * pam_unix password management + * * Main coding by Elliot Lee , Red Hat Software. * Copyright (C) 1996. * Copyright (c) Jan Rękorajski, 1999. @@ -60,11 +62,6 @@ #include #include - -/* indicate the following groups are defined */ - -#define PAM_SM_PASSWORD - #include #include #include diff --git a/modules/pam_unix/pam_unix_sess.c b/modules/pam_unix/pam_unix_sess.c index 437d1242..3f6a8fb3 100644 --- a/modules/pam_unix/pam_unix_sess.c +++ b/modules/pam_unix/pam_unix_sess.c @@ -1,5 +1,5 @@ /* - * $Id$ + * pam_unix session management * * Copyright Alexander O. Yuriev, 1996. All rights reserved. * Copyright Jan Rękorajski, 1999. All rights reserved. @@ -47,10 +47,6 @@ #include #include -/* indicate the following groups are defined */ - -#define PAM_SM_SESSION - #include #include #include diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c index 32e759e3..d7d41233 100644 --- a/modules/pam_userdb/pam_userdb.c +++ b/modules/pam_userdb/pam_userdb.c @@ -1,6 +1,6 @@ -/* pam_userdb module */ - /* + * pam_userdb module + * * Written by Cristian Gafton 1996/09/10 * See the end of the file for Copyright Information */ @@ -37,16 +37,6 @@ # endif #endif -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT - #include #include #include diff --git a/modules/pam_usertype/pam_usertype.c b/modules/pam_usertype/pam_usertype.c index 820cf693..76325063 100644 --- a/modules/pam_usertype/pam_usertype.c +++ b/modules/pam_usertype/pam_usertype.c @@ -48,11 +48,6 @@ #include #include -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT -#define PAM_SM_SESSION -#define PAM_SM_PASSWORD - #include #include #include diff --git a/modules/pam_warn/pam_warn.c b/modules/pam_warn/pam_warn.c index 1d196ad3..d91c3e9f 100644 --- a/modules/pam_warn/pam_warn.c +++ b/modules/pam_warn/pam_warn.c @@ -1,7 +1,5 @@ -/* pam_warn module */ - /* - * $Id$ + * pam_warn module * * Written by Andrew Morgan 1996/3/11 */ @@ -13,16 +11,6 @@ #include #include -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_AUTH -#define PAM_SM_PASSWORD - #include #include diff --git a/modules/pam_wheel/pam_wheel.c b/modules/pam_wheel/pam_wheel.c index 32b6cdb0..94f8887a 100644 --- a/modules/pam_wheel/pam_wheel.c +++ b/modules/pam_wheel/pam_wheel.c @@ -1,6 +1,6 @@ -/* pam_wheel module */ - /* + * pam_wheel module + * * Written by Cristian Gafton 1996/09/10 * See the end of the file for Copyright Information * @@ -39,9 +39,6 @@ * modules include file to define the function prototypes. */ -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT - #include #include #include diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c index 7d661a45..7a9f202b 100644 --- a/modules/pam_xauth/pam_xauth.c +++ b/modules/pam_xauth/pam_xauth.c @@ -1,4 +1,6 @@ /* + * pam_xauth module + * * Copyright 2001-2003 Red Hat, Inc. * * Redistribution and use in source and binary forms, with or without @@ -51,8 +53,6 @@ #include #include -#define PAM_SM_SESSION - #include #include #include -- cgit v1.2.3