From e4a1c685a4b6b470194f4f5d1b69e7d9b2b4c63a Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Thu, 31 May 2018 00:20:18 +0000 Subject: pam_unix: remove obsolete _UNIX_AUTHTOK, _UNIX_OLD_AUTHTOK, and _UNIX_NEW_AUTHTOK macros The last use of these macros was removed by commit Linux-PAM-1.3.0~5 so their definitions should go as well. * modules/pam_unix/pam_unix_auth.c (_UNIX_AUTHTOK): Remove. * modules/pam_unix/pam_unix_passwd.c (_UNIX_OLD_AUTHTOK, _UNIX_NEW_AUTHTOK): Likewise. Complements: 7e09188c5dc4 ("pam_unix: Use pam_get_authtok() instead of direct pam_prompt() calls.") --- modules/pam_unix/pam_unix_passwd.c | 5 ----- 1 file changed, 5 deletions(-) (limited to 'modules/pam_unix/pam_unix_passwd.c') diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 9fdebefb..302cf126 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -106,11 +106,6 @@ extern int getrpcport(const char *host, unsigned long prognum, Sets it. */ -/* data tokens */ - -#define _UNIX_OLD_AUTHTOK "-UN*X-OLD-PASS" -#define _UNIX_NEW_AUTHTOK "-UN*X-NEW-PASS" - #define MAX_PASSWD_TRIES 3 #ifdef HAVE_NIS -- cgit v1.2.3 From 0fb1f5b701432b6d9f40754b69f2fe0dc6f75103 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Tue, 19 Jun 2018 00:00:00 +0000 Subject: Fix grammar of messages printed via pam_prompt Turn into proper sentences those messages that are printed without further modifications using pam_prompt in contexts where proper sentences are expected. * libpam/pam_get_authtok.c (pam_get_authtok_internal): Fix grammar of the message passed to pam_error. * modules/pam_limits/pam_limits.c (pam_sm_open_session): Likewise. * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Fix grammar of error messages passed to pam_error. * modules/pam_mail/pam_mail.c (report_mail): Fix grammar of a message passed to pam_info. * modules/pam_timestamp/pam_timestamp.c (verbose_success): Likewise. * modules/pam_selinux/pam_selinux.c (config_context, send_text): Fix grammar of messages passed to pam_prompt. * modules/pam_tally/pam_tally.c (tally_check): Fix grammar of messages passed to pam_info. * modules/pam_tally2/pam_tally2.c (tally_check): Likewise. * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Fix grammar of messages passed to _make_remark. * modules/pam_unix/pam_unix_passwd.c (_pam_unix_approve_pass, pam_sm_chauthtok): Likewise. * po/Linux-PAM.pot: Regenerate. --- libpam/pam_get_authtok.c | 4 +- modules/pam_cracklib/pam_cracklib.c | 3 +- modules/pam_limits/pam_limits.c | 3 +- modules/pam_mail/pam_mail.c | 2 +- modules/pam_selinux/pam_selinux.c | 13 +++--- modules/pam_tally/pam_tally.c | 4 +- modules/pam_tally2/pam_tally2.c | 4 +- modules/pam_timestamp/pam_timestamp.c | 3 +- modules/pam_unix/pam_unix_acct.c | 16 +++---- modules/pam_unix/pam_unix_passwd.c | 7 +-- po/Linux-PAM.pot | 82 ++++++++++++++++++----------------- 11 files changed, 74 insertions(+), 67 deletions(-) (limited to 'modules/pam_unix/pam_unix_passwd.c') diff --git a/libpam/pam_get_authtok.c b/libpam/pam_get_authtok.c index 9bfbdf0f..800c6e54 100644 --- a/libpam/pam_get_authtok.c +++ b/libpam/pam_get_authtok.c @@ -161,7 +161,7 @@ pam_get_authtok_internal (pam_handle_t *pamh, int item, { /* We want to abort */ if (chpass) - pam_error (pamh, _("Password change aborted.")); + pam_error (pamh, _("Password change has been aborted.")); return PAM_AUTHTOK_ERR; } @@ -233,7 +233,7 @@ pam_get_authtok_verify (pam_handle_t *pamh, const char **authtok, { /* We want to abort the password change */ pam_set_item (pamh, PAM_AUTHTOK, NULL); - pam_error (pamh, _("Password change aborted.")); + pam_error (pamh, _("Password change has been aborted.")); return PAM_AUTHTOK_ERR; } diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c index 45c02aba..29d3a616 100644 --- a/modules/pam_cracklib/pam_cracklib.c +++ b/modules/pam_cracklib/pam_cracklib.c @@ -692,7 +692,8 @@ static int _pam_unix_approve_pass(pam_handle_t *pamh, if (ctrl & PAM_DEBUG_ARG) pam_syslog(pamh, LOG_DEBUG, "bad authentication token"); pam_error(pamh, "%s", pass_new == NULL ? - _("No password supplied"):_("Password unchanged")); + _("No password has been supplied.") : + _("The password has not been changed.")); return PAM_AUTHTOK_ERR; } diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c index 4bc4ae71..cac36999 100644 --- a/modules/pam_limits/pam_limits.c +++ b/modules/pam_limits/pam_limits.c @@ -1088,7 +1088,8 @@ out: retval = setup_limits(pamh, pwd->pw_name, pwd->pw_uid, ctrl, pl); if (retval & LOGIN_ERR) - pam_error(pamh, _("Too many logins for '%s'."), pwd->pw_name); + pam_error(pamh, _("There were too many logins for '%s'."), + pwd->pw_name); if (retval != LIMITED_OK) { return PAM_PERM_DENIED; } diff --git a/modules/pam_mail/pam_mail.c b/modules/pam_mail/pam_mail.c index 0022f6d6..703c93cb 100644 --- a/modules/pam_mail/pam_mail.c +++ b/modules/pam_mail/pam_mail.c @@ -294,7 +294,7 @@ report_mail(pam_handle_t *pamh, int ctrl, int type, const char *folder) switch (type) { case HAVE_NO_MAIL: - retval = pam_info (pamh, "%s", _("No mail.")); + retval = pam_info (pamh, "%s", _("You have no mail.")); break; case HAVE_NEW_MAIL: retval = pam_info (pamh, "%s", _("You have new mail.")); diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c index 348cdd40..9b3fe22e 100644 --- a/modules/pam_selinux/pam_selinux.c +++ b/modules/pam_selinux/pam_selinux.c @@ -207,7 +207,7 @@ config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_curre char *type=NULL; char resp_val = 0; - pam_prompt (pamh, PAM_TEXT_INFO, NULL, _("Default Security Context %s\n"), defaultcon); + pam_prompt (pamh, PAM_TEXT_INFO, NULL, _("The default security context is %s."), defaultcon); while (1) { if (query_response(pamh, @@ -227,7 +227,8 @@ config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_curre if (query_response(pamh, _("role:"), context_role_get(new_context), &response, debug) == PAM_SUCCESS && response[0]) { if (get_default_type(response, &type)) { - pam_prompt (pamh, PAM_ERROR_MSG, NULL, _("No default type for role %s\n"), response); + pam_prompt(pamh, PAM_ERROR_MSG, NULL, + _("There is no default type for role %s."), response); _pam_drop(response); continue; } else { @@ -292,7 +293,7 @@ config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_curre } else { send_audit_message(pamh, 0, defaultcon, context_str(new_context)); - send_text(pamh,_("Not a valid security context"),debug); + send_text(pamh,_("This is not a valid security context."),debug); } context_free(new_context); /* next time around allocates another */ } @@ -541,7 +542,7 @@ compute_exec_context(pam_handle_t *pamh, module_data_t *data, if (!data->exec_context) { pam_syslog(pamh, LOG_ERR, "Unable to get valid context for %s", username); pam_prompt(pamh, PAM_ERROR_MSG, NULL, - _("Unable to get valid context for %s"), username); + _("A valid context for %s could not be obtained."), username); } if (getexeccon(&data->prev_exec_context) < 0) @@ -660,7 +661,7 @@ set_context(pam_handle_t *pamh, const module_data_t *data, char msg[PATH_MAX]; snprintf(msg, sizeof(msg), - _("Security Context %s Assigned"), data->exec_context); + _("Security context %s has been assigned."), data->exec_context); send_text(pamh, msg, debug); } #ifdef HAVE_SETKEYCREATECON @@ -676,7 +677,7 @@ set_context(pam_handle_t *pamh, const module_data_t *data, char msg[PATH_MAX]; snprintf(msg, sizeof(msg), - _("Key Creation Context %s Assigned"), data->exec_context); + _("Key creation context %s has been assigned."), data->exec_context); send_text(pamh, msg, debug); } #endif diff --git a/modules/pam_tally/pam_tally.c b/modules/pam_tally/pam_tally.c index 66a515c2..0e51693c 100644 --- a/modules/pam_tally/pam_tally.c +++ b/modules/pam_tally/pam_tally.c @@ -538,7 +538,7 @@ tally_check (time_t oldtime, pam_handle_t *pamh, uid_t uid, { if (!(opts->ctrl & OPT_SILENT)) pam_info (pamh, - _("Account temporary locked (%ld seconds left)"), + _("Account is temporary locked (%ld seconds left)."), oldtime+lock_time-time(NULL)); if (!(opts->ctrl & OPT_NOLOGNOTICE)) @@ -563,7 +563,7 @@ tally_check (time_t oldtime, pam_handle_t *pamh, uid_t uid, ( ((opts->ctrl & OPT_DENY_ROOT) || uid) ) /* even_deny stops uid check */ ) { if (!(opts->ctrl & OPT_SILENT)) - pam_info (pamh, _("Account locked due to %u failed logins"), + pam_info (pamh, _("Account is locked due to %u failed logins."), (unsigned int)tally); if (!(opts->ctrl & OPT_NOLOGNOTICE)) diff --git a/modules/pam_tally2/pam_tally2.c b/modules/pam_tally2/pam_tally2.c index da1c0481..9a24d881 100644 --- a/modules/pam_tally2/pam_tally2.c +++ b/modules/pam_tally2/pam_tally2.c @@ -577,7 +577,7 @@ tally_check (tally_t oldcnt, time_t oldtime, pam_handle_t *pamh, uid_t uid, #endif if (!(opts->ctrl & OPT_QUIET)) { - pam_info(pamh, _("Account locked due to %u failed logins"), + pam_info(pamh, _("Account is locked due to %u failed logins."), (unsigned int)tally->fail_cnt); } loglevel = LOG_NOTICE; @@ -594,7 +594,7 @@ tally_check (tally_t oldcnt, time_t oldtime, pam_handle_t *pamh, uid_t uid, tally->fail_time = oldtime; if (!(opts->ctrl & OPT_QUIET)) { - pam_info(pamh, _("Account temporary locked (%ld seconds left)"), + pam_info(pamh, _("Account is temporary locked (%ld seconds left)."), oldtime+opts->lock_time-time(NULL)); } if (!(opts->ctrl & OPT_NOLOGNOTICE)) { diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c index e29ce6e9..5da7575d 100644 --- a/modules/pam_timestamp/pam_timestamp.c +++ b/modules/pam_timestamp/pam_timestamp.c @@ -354,7 +354,8 @@ get_timestamp_name(pam_handle_t *pamh, int argc, const char **argv, static void verbose_success(pam_handle_t *pamh, long diff) { - pam_info(pamh, _("Access granted (last access was %ld seconds ago)."), diff); + pam_info(pamh, _("Access has been granted" + " (last access was %ld seconds ago)."), diff); } int diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index 88331149..fbc84e2f 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -250,7 +250,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) "account %s has expired (account expired)", uname); _make_remark(pamh, ctrl, PAM_ERROR_MSG, - _("Your account has expired; please contact your system administrator")); + _("Your account has expired; please contact your system administrator.")); break; case PAM_NEW_AUTHTOK_REQD: if (daysleft == 0) { @@ -258,13 +258,13 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) "expired password for user %s (root enforced)", uname); _make_remark(pamh, ctrl, PAM_ERROR_MSG, - _("You are required to change your password immediately (administrator enforced)")); + _("You are required to change your password immediately (administrator enforced).")); } else { pam_syslog(pamh, LOG_DEBUG, "expired password for user %s (password aged)", uname); _make_remark(pamh, ctrl, PAM_ERROR_MSG, - _("You are required to change your password immediately (password expired)")); + _("You are required to change your password immediately (password expired).")); } break; case PAM_AUTHTOK_EXPIRED: @@ -272,7 +272,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) "account %s has expired (failed to change password)", uname); _make_remark(pamh, ctrl, PAM_ERROR_MSG, - _("Your account has expired; please contact your system administrator")); + _("Your account has expired; please contact your system administrator.")); break; case PAM_AUTHTOK_ERR: retval = PAM_SUCCESS; @@ -285,19 +285,19 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) #if defined HAVE_DNGETTEXT && defined ENABLE_NLS snprintf (buf, sizeof (buf), dngettext(PACKAGE, - "Warning: your password will expire in %d day", - "Warning: your password will expire in %d days", + "Warning: your password will expire in %d day.", + "Warning: your password will expire in %d days.", daysleft), daysleft); #else if (daysleft == 1) snprintf(buf, sizeof (buf), - _("Warning: your password will expire in %d day"), + _("Warning: your password will expire in %d day."), daysleft); else snprintf(buf, sizeof (buf), /* TRANSLATORS: only used if dngettext is not supported */ - _("Warning: your password will expire in %d days"), + _("Warning: your password will expire in %d days."), daysleft); #endif _make_remark(pamh, ctrl, PAM_TEXT_INFO, buf); diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 302cf126..9d0aa733 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -560,7 +560,8 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh pam_syslog(pamh, LOG_DEBUG, "bad authentication token"); } _make_remark(pamh, ctrl, PAM_ERROR_MSG, pass_new == NULL ? - _("No password supplied") : _("Password unchanged")); + _("No password has been supplied.") : + _("The password has not been changed.")); return PAM_AUTHTOK_ERR; } /* @@ -577,7 +578,7 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh } if (off(UNIX__IAMROOT, ctrl)) { if (strlen(pass_new) < pass_min_len) - remark = _("You must choose a longer password"); + remark = _("You must choose a longer password."); D(("length check [%s]", remark)); if (on(UNIX_REMEMBER_PASSWD, ctrl)) { if ((retval = check_old_password(user, pass_new)) == PAM_AUTHTOK_ERR) @@ -714,7 +715,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) if (retval == PAM_AUTHTOK_ERR) { if (off(UNIX__IAMROOT, ctrl)) _make_remark(pamh, ctrl, PAM_ERROR_MSG, - _("You must wait longer to change your password")); + _("You must wait longer to change your password.")); else retval = PAM_SUCCESS; } diff --git a/po/Linux-PAM.pot b/po/Linux-PAM.pot index 74778010..25a59788 100644 --- a/po/Linux-PAM.pot +++ b/po/Linux-PAM.pot @@ -1,6 +1,6 @@ # SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Linux-PAM Project -# This file is distributed under the same license as the PACKAGE package. +# This file is distributed under the same license as the Linux-PAM package. # FIRST AUTHOR , YEAR. # #, fuzzy @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM 1.3.1\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2018-05-18 12:58+0200\n" +"POT-Creation-Date: 2018-06-19 00:00+0000\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -61,7 +61,7 @@ msgid "Retype %s" msgstr "" #: libpam/pam_get_authtok.c:164 libpam/pam_get_authtok.c:236 -msgid "Password change aborted." +msgid "Password change has been aborted." msgstr "" #: libpam/pam_item.c:311 @@ -247,17 +247,17 @@ msgid "contains the user name in some form" msgstr "" #: modules/pam_cracklib/pam_cracklib.c:695 -#: modules/pam_unix/pam_unix_passwd.c:568 -msgid "No password supplied" +#: modules/pam_unix/pam_unix_passwd.c:563 +msgid "No password has been supplied." msgstr "" -#: modules/pam_cracklib/pam_cracklib.c:695 -#: modules/pam_unix/pam_unix_passwd.c:568 -msgid "Password unchanged" +#: modules/pam_cracklib/pam_cracklib.c:696 +#: modules/pam_unix/pam_unix_passwd.c:564 +msgid "The password has not been changed." msgstr "" -#: modules/pam_cracklib/pam_cracklib.c:715 -#: modules/pam_cracklib/pam_cracklib.c:797 +#: modules/pam_cracklib/pam_cracklib.c:716 +#: modules/pam_cracklib/pam_cracklib.c:798 #, c-format msgid "BAD PASSWORD: %s" msgstr "" @@ -326,11 +326,11 @@ msgstr "" #: modules/pam_limits/pam_limits.c:1091 #, c-format -msgid "Too many logins for '%s'." +msgid "There were too many logins for '%s'." msgstr "" #: modules/pam_mail/pam_mail.c:297 -msgid "No mail." +msgid "You have no mail." msgstr "" #: modules/pam_mail/pam_mail.c:300 @@ -376,7 +376,7 @@ msgid "Unable to create and initialize directory '%s'." msgstr "" #: modules/pam_pwhistory/pam_pwhistory.c:217 -#: modules/pam_unix/pam_unix_passwd.c:589 +#: modules/pam_unix/pam_unix_passwd.c:585 msgid "Password has been already used. Choose another." msgstr "" @@ -386,7 +386,7 @@ msgstr "" #: modules/pam_selinux/pam_selinux.c:210 #, c-format -msgid "Default Security Context %s\n" +msgid "The default security context is %s." msgstr "" #: modules/pam_selinux/pam_selinux.c:214 @@ -397,32 +397,32 @@ msgstr "" msgid "role:" msgstr "" -#: modules/pam_selinux/pam_selinux.c:230 +#: modules/pam_selinux/pam_selinux.c:231 #, c-format -msgid "No default type for role %s\n" +msgid "There is no default type for role %s." msgstr "" -#: modules/pam_selinux/pam_selinux.c:262 +#: modules/pam_selinux/pam_selinux.c:263 msgid "level:" msgstr "" -#: modules/pam_selinux/pam_selinux.c:295 -msgid "Not a valid security context" +#: modules/pam_selinux/pam_selinux.c:296 +msgid "This is not a valid security context." msgstr "" -#: modules/pam_selinux/pam_selinux.c:544 +#: modules/pam_selinux/pam_selinux.c:545 #, c-format -msgid "Unable to get valid context for %s" +msgid "A valid context for %s could not be obtained." msgstr "" -#: modules/pam_selinux/pam_selinux.c:663 +#: modules/pam_selinux/pam_selinux.c:664 #, c-format -msgid "Security Context %s Assigned" +msgid "Security context %s has been assigned." msgstr "" -#: modules/pam_selinux/pam_selinux.c:679 +#: modules/pam_selinux/pam_selinux.c:680 #, c-format -msgid "Key Creation Context %s Assigned" +msgid "Key creation context %s has been assigned." msgstr "" #: modules/pam_selinux/pam_selinux_check.c:99 @@ -442,12 +442,12 @@ msgstr "" #: modules/pam_tally/pam_tally.c:541 modules/pam_tally2/pam_tally2.c:597 #, c-format -msgid "Account temporary locked (%ld seconds left)" +msgid "Account is temporary locked (%ld seconds left)." msgstr "" #: modules/pam_tally/pam_tally.c:566 modules/pam_tally2/pam_tally2.c:580 #, c-format -msgid "Account locked due to %u failed logins" +msgid "Account is locked due to %u failed logins." msgstr "" #: modules/pam_tally/pam_tally.c:750 modules/pam_tally2/pam_tally2.c:863 @@ -502,48 +502,50 @@ msgstr "" #: modules/pam_timestamp/pam_timestamp.c:357 #, c-format -msgid "Access granted (last access was %ld seconds ago)." +msgid "Access has been granted (last access was %ld seconds ago)." msgstr "" #: modules/pam_unix/pam_unix_acct.c:253 modules/pam_unix/pam_unix_acct.c:275 -msgid "Your account has expired; please contact your system administrator" +msgid "Your account has expired; please contact your system administrator." msgstr "" #: modules/pam_unix/pam_unix_acct.c:261 msgid "" -"You are required to change your password immediately (administrator enforced)" +"You are required to change your password immediately (administrator " +"enforced)." msgstr "" #: modules/pam_unix/pam_unix_acct.c:267 -msgid "You are required to change your password immediately (password expired)" +msgid "" +"You are required to change your password immediately (password expired)." msgstr "" #: modules/pam_unix/pam_unix_acct.c:288 modules/pam_unix/pam_unix_acct.c:295 #, c-format -msgid "Warning: your password will expire in %d day" -msgid_plural "Warning: your password will expire in %d days" +msgid "Warning: your password will expire in %d day." +msgid_plural "Warning: your password will expire in %d days." msgstr[0] "" msgstr[1] "" #. TRANSLATORS: only used if dngettext is not supported #: modules/pam_unix/pam_unix_acct.c:300 #, c-format -msgid "Warning: your password will expire in %d days" +msgid "Warning: your password will expire in %d days." msgstr "" -#: modules/pam_unix/pam_unix_passwd.c:470 +#: modules/pam_unix/pam_unix_passwd.c:465 msgid "NIS password could not be changed." msgstr "" -#: modules/pam_unix/pam_unix_passwd.c:585 -msgid "You must choose a longer password" +#: modules/pam_unix/pam_unix_passwd.c:581 +msgid "You must choose a longer password." msgstr "" -#: modules/pam_unix/pam_unix_passwd.c:692 +#: modules/pam_unix/pam_unix_passwd.c:688 #, c-format msgid "Changing password for %s." msgstr "" -#: modules/pam_unix/pam_unix_passwd.c:722 -msgid "You must wait longer to change your password" +#: modules/pam_unix/pam_unix_passwd.c:718 +msgid "You must wait longer to change your password." msgstr "" -- cgit v1.2.3 From dce80b3f11b3c3aa137d18f22699809094dd64b6 Mon Sep 17 00:00:00 2001 From: Björn Esser Date: Thu, 15 Nov 2018 15:58:56 +0100 Subject: pam_unix: Prefer a gensalt function, that supports auto entropy. * modules/pam_unix/pam_unix_passwd.c: Initialize rounds parameter to 0. * modules/pam_unix/passverify.c: Prefer gensalt with auto entropy. * modules/pam_unix/support.c: Fix sanitizing of rounds parameter. --- modules/pam_unix/pam_unix_passwd.c | 2 +- modules/pam_unix/passverify.c | 13 +++++++++++++ modules/pam_unix/support.c | 7 +++++-- 3 files changed, 19 insertions(+), 3 deletions(-) (limited to 'modules/pam_unix/pam_unix_passwd.c') diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 9d0aa733..f2c42513 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -603,7 +603,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) unsigned int ctrl, lctrl; int retval; int remember = -1; - int rounds = -1; + int rounds = 0; int pass_min_len = 0; /* */ diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 1f433b3a..0d2c8029 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -375,7 +375,12 @@ PAMH_ARG_DECL(char * create_password_hash, const char *password, unsigned int ctrl, int rounds) { const char *algoid; +#if defined(CRYPT_GENSALT_OUTPUT_SIZE) && CRYPT_GENSALT_OUTPUT_SIZE > 64 + /* Strings returned by crypt_gensalt_rn will be no longer than this. */ + char salt[CRYPT_GENSALT_OUTPUT_SIZE]; +#else char salt[64]; /* contains rounds number + max 16 bytes of salt + algo id */ +#endif char *sp; #ifdef HAVE_CRYPT_R struct crypt_data *cdata = NULL; @@ -406,6 +411,13 @@ PAMH_ARG_DECL(char * create_password_hash, return crypted; } +#if defined(CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY) && CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY + /* + * Any version of libcrypt supporting auto entropy is + * guaranteed to have crypt_gensalt_rn(). + */ + sp = crypt_gensalt_rn(algoid, rounds, NULL, 0, salt, sizeof(salt)); +#else #ifdef HAVE_CRYPT_GENSALT_R if (on(UNIX_BLOWFISH_PASS, ctrl)) { char entropy[17]; @@ -423,6 +435,7 @@ PAMH_ARG_DECL(char * create_password_hash, #ifdef HAVE_CRYPT_GENSALT_R } #endif +#endif /* CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY */ #ifdef HAVE_CRYPT_R sp = NULL; cdata = malloc(sizeof(*cdata)); diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index f2e28d35..753e5f89 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -175,6 +175,7 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, if (val) { *rounds = strtol(val, NULL, 10); + set(UNIX_ALGO_ROUNDS, ctrl); free (val); } } @@ -254,11 +255,13 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, if (*rounds < 4 || *rounds > 31) *rounds = 5; } else if (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl)) { - if ((*rounds < 1000) || (*rounds == INT_MAX)) + if ((*rounds < 1000) || (*rounds == INT_MAX)) { /* don't care about bogus values */ + *rounds = 0; unset(UNIX_ALGO_ROUNDS, ctrl); - if (*rounds >= 10000000) + } else if (*rounds >= 10000000) { *rounds = 9999999; + { } } -- cgit v1.2.3 From 16bd523f85ede9fa9115f80e826f2d803d7e61d4 Mon Sep 17 00:00:00 2001 From: Björn Esser Date: Thu, 15 Nov 2018 16:38:05 +0100 Subject: pam_unix: Add support for (gost-)yescrypt hashing methods. libxcrypt (v4.2 and later) has added support for the yescrypt hashing method; gost-yescrypt has been added in v4.3. * modules/pam_unix/pam_unix.8.xml: Documentation for (gost-)yescrypt. * modules/pam_unix/pam_unix_acct.c: Use 64 bit type for control flags. * modules/pam_unix/pam_unix_auth.c: Likewise. * modules/pam_unix/pam_unix_passwd.c: Likewise. * modules/pam_unix/pam_unix_sess.c: Likewise. * modules/pam_unix/passverify.c: Add support for (gost-)yescrypt. * modules/pam_unix/passverify.h: Use 64 bit type for control flags. * modules/pam_unix/support.c: Set sane rounds for (gost-)yescrypt. * modules/pam_unix/support.h: Add support for (gost-)yescrypt. --- modules/pam_unix/pam_unix.8.xml | 35 ++++++++++++- modules/pam_unix/pam_unix_acct.c | 4 +- modules/pam_unix/pam_unix_auth.c | 4 +- modules/pam_unix/pam_unix_passwd.c | 12 ++--- modules/pam_unix/pam_unix_sess.c | 4 +- modules/pam_unix/passverify.c | 8 ++- modules/pam_unix/passverify.h | 2 +- modules/pam_unix/support.c | 33 +++++++----- modules/pam_unix/support.h | 101 ++++++++++++++++++++----------------- 9 files changed, 128 insertions(+), 75 deletions(-) (limited to 'modules/pam_unix/pam_unix_passwd.c') diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml index 1b318f11..cae2aeaa 100644 --- a/modules/pam_unix/pam_unix.8.xml +++ b/modules/pam_unix/pam_unix.8.xml @@ -331,14 +331,45 @@ + + + + + + + When a user changes their password next, + encrypt it with the gost-yescrypt algorithm. If the + gost-yescrypt algorithm is not known to the + crypt3 + function, + fall back to MD5. + + + + + + + + + + When a user changes their password next, + encrypt it with the yescrypt algorithm. If the + yescrypt algorithm is not known to the + crypt3 + function, + fall back to MD5. + + + - Set the optional number of rounds of the SHA256, SHA512 - and blowfish password hashing algorithms to + Set the optional number of rounds of the SHA256, SHA512, + blowfish, gost-yescrypt, and yescrypt password hashing + algorithms to n. diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index fbc84e2f..d8d084ac 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -62,7 +62,7 @@ #include "support.h" #include "passverify.h" -int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, +int _unix_run_verify_binary(pam_handle_t *pamh, unsigned long long ctrl, const char *user, int *daysleft) { int retval=0, child, fds[2]; @@ -185,7 +185,7 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) { - unsigned int ctrl; + unsigned long long ctrl; const void *void_uname; const char *uname; int retval, daysleft; diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c index 9d9f709d..905fc66c 100644 --- a/modules/pam_unix/pam_unix_auth.c +++ b/modules/pam_unix/pam_unix_auth.c @@ -96,7 +96,7 @@ setcred_free (pam_handle_t *pamh UNUSED, void *ptr, int err UNUSED) int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) { - unsigned int ctrl; + unsigned long long ctrl; int retval, *ret_data = NULL; const char *name; const char *p; @@ -194,7 +194,7 @@ pam_sm_setcred (pam_handle_t *pamh, int flags, { int retval; const void *pretval = NULL; - unsigned int ctrl; + unsigned long long ctrl; D(("called.")); diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index f2c42513..df4c1233 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -138,7 +138,7 @@ __taddr2port (const struct netconfig *nconf, const struct netbuf *nbuf) } #endif -static char *getNISserver(pam_handle_t *pamh, unsigned int ctrl) +static char *getNISserver(pam_handle_t *pamh, unsigned long long ctrl) { char *master; char *domainname; @@ -233,7 +233,7 @@ static char *getNISserver(pam_handle_t *pamh, unsigned int ctrl) #ifdef WITH_SELINUX -static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const char *user, +static int _unix_run_update_binary(pam_handle_t *pamh, unsigned long long ctrl, const char *user, const char *fromwhat, const char *towhat, int remember) { int retval, child, fds[2]; @@ -388,7 +388,7 @@ static int check_old_password(const char *forwho, const char *newpass) static int _do_setpass(pam_handle_t* pamh, const char *forwho, const char *fromwhat, - char *towhat, unsigned int ctrl, int remember) + char *towhat, unsigned long long ctrl, int remember) { struct passwd *pwd = NULL; int retval = 0; @@ -512,7 +512,7 @@ done: return retval; } -static int _unix_verify_shadow(pam_handle_t *pamh, const char *user, unsigned int ctrl) +static int _unix_verify_shadow(pam_handle_t *pamh, const char *user, unsigned long long ctrl) { struct passwd *pwent = NULL; /* Password and shadow password */ struct spwd *spent = NULL; /* file entries for the user */ @@ -542,7 +542,7 @@ static int _unix_verify_shadow(pam_handle_t *pamh, const char *user, unsigned in } static int _pam_unix_approve_pass(pam_handle_t * pamh - ,unsigned int ctrl + ,unsigned long long ctrl ,const char *pass_old ,const char *pass_new, int pass_min_len) @@ -600,7 +600,7 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) { - unsigned int ctrl, lctrl; + unsigned long long ctrl, lctrl; int retval; int remember = -1; int rounds = 0; diff --git a/modules/pam_unix/pam_unix_sess.c b/modules/pam_unix/pam_unix_sess.c index 03e7dcd9..4b8af530 100644 --- a/modules/pam_unix/pam_unix_sess.c +++ b/modules/pam_unix/pam_unix_sess.c @@ -67,7 +67,7 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { char *user_name, *service; - unsigned int ctrl; + unsigned long long ctrl; int retval; const char *login_name; @@ -103,7 +103,7 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { char *user_name, *service; - unsigned int ctrl; + unsigned long long ctrl; int retval; D(("called.")); diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 95dfe528..39e2bfac 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -387,7 +387,7 @@ crypt_md5_wrapper(const char *pass_new) } PAMH_ARG_DECL(char * create_password_hash, - const char *password, unsigned int ctrl, int rounds) + const char *password, unsigned long long ctrl, int rounds) { const char *algoid; #if defined(CRYPT_GENSALT_OUTPUT_SIZE) && CRYPT_GENSALT_OUTPUT_SIZE > 64 @@ -404,6 +404,10 @@ PAMH_ARG_DECL(char * create_password_hash, if (on(UNIX_MD5_PASS, ctrl)) { /* algoid = "$1" */ return crypt_md5_wrapper(password); + } else if (on(UNIX_YESCRYPT_PASS, ctrl)) { + algoid = "$y$"; + } else if (on(UNIX_GOST_YESCRYPT_PASS, ctrl)) { + algoid = "$gy$"; } else if (on(UNIX_BLOWFISH_PASS, ctrl)) { algoid = "$2b$"; } else if (on(UNIX_SHA256_PASS, ctrl)) { @@ -466,6 +470,8 @@ PAMH_ARG_DECL(char * create_password_hash, pam_syslog(pamh, LOG_ERR, "Algo %s not supported by the crypto backend, " "falling back to MD5\n", + on(UNIX_YESCRYPT_PASS, ctrl) ? "yescrypt" : + on(UNIX_GOST_YESCRYPT_PASS, ctrl) ? "gost_yescrypt" : on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" : on(UNIX_SHA256_PASS, ctrl) ? "sha256" : on(UNIX_SHA512_PASS, ctrl) ? "sha512" : algoid); diff --git a/modules/pam_unix/passverify.h b/modules/pam_unix/passverify.h index caf7ae8a..086c28ac 100644 --- a/modules/pam_unix/passverify.h +++ b/modules/pam_unix/passverify.h @@ -66,7 +66,7 @@ read_passwords(int fd, int npass, char **passwords); #endif PAMH_ARG_DECL(char * create_password_hash, - const char *password, unsigned int ctrl, int rounds); + const char *password, unsigned long long ctrl, int rounds); PAMH_ARG_DECL(int get_account_info, const char *name, struct passwd **pwd, struct spwd **spwdent); diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 8cbc4217..6894288d 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -107,7 +107,7 @@ search_key (const char *key, const char *filename) /* this is a front-end for module-application conversations */ -int _make_remark(pam_handle_t * pamh, unsigned int ctrl, +int _make_remark(pam_handle_t * pamh, unsigned long long ctrl, int type, const char *text) { int retval = PAM_SUCCESS; @@ -122,10 +122,11 @@ int _make_remark(pam_handle_t * pamh, unsigned int ctrl, * set the control flags for the UNIX module. */ -int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, - int *pass_min_len, int argc, const char **argv) +unsigned long long _set_ctrl(pam_handle_t *pamh, int flags, int *remember, + int *rounds, int *pass_min_len, int argc, + const char **argv) { - unsigned int ctrl; + unsigned long long ctrl; char *val; int j; @@ -243,15 +244,23 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, set(UNIX__NONULL, ctrl); } - /* Set default rounds for blowfish */ - if (on(UNIX_BLOWFISH_PASS, ctrl) && off(UNIX_ALGO_ROUNDS, ctrl) && rounds != NULL) { - *rounds = 5; - set(UNIX_ALGO_ROUNDS, ctrl); + /* Set default rounds for blowfish, gost-yescrypt and yescrypt */ + if (off(UNIX_ALGO_ROUNDS, ctrl) && rounds != NULL) { + if (on(UNIX_BLOWFISH_PASS, ctrl) || + on(UNIX_GOST_YESCRYPT_PASS, ctrl) || + on(UNIX_YESCRYPT_PASS, ctrl)) { + *rounds = 5; + set(UNIX_ALGO_ROUNDS, ctrl); + } } /* Enforce sane "rounds" values */ if (on(UNIX_ALGO_ROUNDS, ctrl)) { - if (on(UNIX_BLOWFISH_PASS, ctrl)) { + if (on(UNIX_GOST_YESCRYPT_PASS, ctrl) || + on(UNIX_YESCRYPT_PASS, ctrl)) { + if (*rounds < 3 || *rounds > 11) + *rounds = 5; + } else if (on(UNIX_BLOWFISH_PASS, ctrl)) { if (*rounds < 4 || *rounds > 31) *rounds = 5; } else if (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl)) { @@ -532,7 +541,7 @@ int _unix_comesfromsource(pam_handle_t *pamh, #include static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, - unsigned int ctrl, const char *user) + unsigned long long ctrl, const char *user) { int retval, child, fds[2]; struct sigaction newsa, oldsa; @@ -658,7 +667,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, */ int -_unix_blankpasswd (pam_handle_t *pamh, unsigned int ctrl, const char *name) +_unix_blankpasswd (pam_handle_t *pamh, unsigned long long ctrl, const char *name) { struct passwd *pwd = NULL; char *salt = NULL; @@ -706,7 +715,7 @@ _unix_blankpasswd (pam_handle_t *pamh, unsigned int ctrl, const char *name) } int _unix_verify_password(pam_handle_t * pamh, const char *name - ,const char *p, unsigned int ctrl) + ,const char *p, unsigned long long ctrl) { struct passwd *pwd = NULL; char *salt = NULL; diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h index 543e9b9f..e02c05e0 100644 --- a/modules/pam_unix/support.h +++ b/modules/pam_unix/support.h @@ -22,8 +22,8 @@ typedef struct { const char *token; - unsigned int mask; /* shall assume 32 bits of flags */ - unsigned int flag; + unsigned long long mask; /* shall assume 64 bits of flags */ + unsigned long long flag; unsigned int is_hash_algo; } UNIX_Ctrls; @@ -48,7 +48,7 @@ typedef struct { /* the generic mask */ -#define _ALL_ON_ (~0U) +#define _ALL_ON_ (~0ULL) /* end of macro definitions definitions for the control flags */ @@ -98,47 +98,51 @@ typedef struct { #define UNIX_QUIET 28 /* Don't print informational messages */ #define UNIX_NO_PASS_EXPIRY 29 /* Don't check for password expiration if not used for authentication */ #define UNIX_DES 30 /* DES, default */ +#define UNIX_GOST_YESCRYPT_PASS 31 /* new password hashes will use gost-yescrypt */ +#define UNIX_YESCRYPT_PASS 32 /* new password hashes will use yescrypt */ /* -------------- */ -#define UNIX_CTRLS_ 31 /* number of ctrl arguments defined */ +#define UNIX_CTRLS_ 33 /* number of ctrl arguments defined */ -#define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)) +#define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)&&off(UNIX_GOST_YESCRYPT_PASS,ctrl)&&off(UNIX_YESCRYPT_PASS,ctrl)) static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = { -/* symbol token name ctrl mask ctrl * - * ----------------------- ------------------- --------------------- -------- */ - -/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 01, 0}, -/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 02, 0}, -/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 04, 0}, -/* UNIX_AUDIT */ {"audit", _ALL_ON_, 010, 0}, -/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(060), 020, 0}, -/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(060), 040, 0}, -/* UNIX_AUTHTOK_TYPE */ {"authtok_type=", _ALL_ON_, 0100, 0}, -/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0600), 0200, 0}, -/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0600), 0400, 0}, -/* UNIX__NONULL */ {NULL, _ALL_ON_, 01000, 0}, -/* UNIX__QUIET */ {NULL, _ALL_ON_, 02000, 0}, -/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 04000, 0}, -/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 010000, 0}, -/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(0260420000), 020000, 1}, -/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(01000), 0, 0}, -/* UNIX_DEBUG */ {"debug", _ALL_ON_, 040000, 0}, -/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0100000, 0}, -/* UNIX_NIS */ {"nis", _ALL_ON_, 0200000, 0}, -/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(0260420000), 0400000, 1}, -/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 01000000, 0}, -/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 02000000, 0}, -/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 04000000, 0}, -/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 010000000, 0}, -/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(0260420000), 020000000, 1}, -/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(0260420000), 040000000, 1}, -/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000, 0}, -/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0260420000), 0200000000, 1}, -/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000, 0}, -/* UNIX_QUIET */ {"quiet", _ALL_ON_, 01000000000, 0}, -/* UNIX_NO_PASS_EXPIRY */ {"no_pass_expiry", _ALL_ON_, 02000000000, 0}, -/* UNIX_DES */ {"des", _ALL_ON_^(0260420000), 0, 1}, +/* symbol token name ctrl mask ctrl * + * --------------------------- -------------------- ------------------------- ---------------- */ + +/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 01, 0}, +/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 02, 0}, +/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 04, 0}, +/* UNIX_AUDIT */ {"audit", _ALL_ON_, 010, 0}, +/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(060ULL), 020, 0}, +/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(060ULL), 040, 0}, +/* UNIX_AUTHTOK_TYPE */ {"authtok_type=", _ALL_ON_, 0100, 0}, +/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0600ULL), 0200, 0}, +/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0600ULL), 0400, 0}, +/* UNIX__NONULL */ {NULL, _ALL_ON_, 01000, 0}, +/* UNIX__QUIET */ {NULL, _ALL_ON_, 02000, 0}, +/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 04000, 0}, +/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 010000, 0}, +/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(015660420000ULL), 020000, 1}, +/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(01000ULL), 0, 0}, +/* UNIX_DEBUG */ {"debug", _ALL_ON_, 040000, 0}, +/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0100000, 0}, +/* UNIX_NIS */ {"nis", _ALL_ON_, 0200000, 0}, +/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(015660420000ULL), 0400000, 1}, +/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 01000000, 0}, +/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 02000000, 0}, +/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 04000000, 0}, +/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 010000000, 0}, +/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(015660420000ULL), 020000000, 1}, +/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(015660420000ULL), 040000000, 1}, +/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000, 0}, +/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(015660420000ULL), 0200000000, 1}, +/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000, 0}, +/* UNIX_QUIET */ {"quiet", _ALL_ON_, 01000000000, 0}, +/* UNIX_NO_PASS_EXPIRY */ {"no_pass_expiry", _ALL_ON_, 02000000000, 0}, +/* UNIX_DES */ {"des", _ALL_ON_^(015660420000ULL), 0, 1}, +/* UNIX_GOST_YESCRYPT_PASS */ {"gost_yescrypt", _ALL_ON_^(015660420000ULL), 04000000000, 1}, +/* UNIX_YESCRYPT_PASS */ {"yescrypt", _ALL_ON_^(015660420000ULL), 010000000000, 1}, }; #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) @@ -151,20 +155,23 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = _pam_drop(xx); \ } -extern int _make_remark(pam_handle_t * pamh, unsigned int ctrl - ,int type, const char *text); -extern int _set_ctrl(pam_handle_t * pamh, int flags, int *remember, int *rounds, - int *pass_min_len, int argc, const char **argv); +extern int _make_remark(pam_handle_t * pamh, unsigned long long ctrl, + int type, const char *text); +extern unsigned long long _set_ctrl(pam_handle_t * pamh, int flags, + int *remember, int *rounds, + int *pass_min_len, + int argc, const char **argv); extern int _unix_getpwnam (pam_handle_t *pamh, const char *name, int files, int nis, struct passwd **ret); extern int _unix_comesfromsource (pam_handle_t *pamh, const char *name, int files, int nis); -extern int _unix_blankpasswd(pam_handle_t *pamh,unsigned int ctrl, +extern int _unix_blankpasswd(pam_handle_t *pamh, unsigned long long ctrl, const char *name); -extern int _unix_verify_password(pam_handle_t * pamh, const char *name - ,const char *p, unsigned int ctrl); +extern int _unix_verify_password(pam_handle_t * pamh, const char *name, + const char *p, unsigned long long ctrl); extern int _unix_run_verify_binary(pam_handle_t *pamh, - unsigned int ctrl, const char *user, int *daysleft); + unsigned long long ctrl, + const char *user, int *daysleft); #endif /* _PAM_UNIX_SUPPORT_H */ -- cgit v1.2.3 From 5154aabe8aac27d569059cad3332cd12c7442a8a Mon Sep 17 00:00:00 2001 From: Florian Best Date: Wed, 26 Jun 2019 23:13:13 +0200 Subject: Restrict password length when changing password --- modules/pam_unix/pam_unix_passwd.c | 6 +++++- po/af.po | 3 +++ po/am.po | 3 +++ po/anp.po | 3 +++ po/ar.po | 3 +++ po/as.po | 3 +++ po/ast.po | 3 +++ po/bal.po | 3 +++ po/be.po | 3 +++ po/bg.po | 3 +++ po/bn.po | 3 +++ po/bn_IN.po | 3 +++ po/bo.po | 3 +++ po/br.po | 3 +++ po/brx.po | 3 +++ po/bs.po | 3 +++ po/ca.po | 3 +++ po/cs.po | 3 +++ po/cy.po | 3 +++ po/da.po | 3 +++ po/de.po | 3 +++ po/de_CH.po | 3 +++ po/el.po | 3 +++ po/en_GB.po | 3 +++ po/eo.po | 3 +++ po/es.po | 3 +++ po/et.po | 3 +++ po/eu.po | 3 +++ po/fa.po | 3 +++ po/fi.po | 3 +++ po/fr.po | 3 +++ po/ga.po | 3 +++ po/gl.po | 3 +++ po/gu.po | 3 +++ po/he.po | 3 +++ po/hi.po | 3 +++ po/hr.po | 3 +++ po/hu.po | 3 +++ po/ia.po | 3 +++ po/id.po | 3 +++ po/ilo.po | 3 +++ po/is.po | 3 +++ po/it.po | 3 +++ po/ja.po | 3 +++ po/ka.po | 3 +++ po/kk.po | 3 +++ po/km.po | 3 +++ po/kn.po | 3 +++ po/ko.po | 3 +++ po/kw.po | 3 +++ po/kw@kkcor.po | 3 +++ po/kw@uccor.po | 3 +++ po/kw_GB.po | 3 +++ po/ky.po | 3 +++ po/lt.po | 3 +++ po/lv.po | 3 +++ po/mai.po | 3 +++ po/mk.po | 3 +++ po/ml.po | 3 +++ po/mn.po | 3 +++ po/mr.po | 3 +++ po/ms.po | 3 +++ po/my.po | 3 +++ po/nb.po | 3 +++ po/nds.po | 3 +++ po/ne.po | 3 +++ po/nl.po | 3 +++ po/nn.po | 3 +++ po/nso.po | 3 +++ po/or.po | 3 +++ po/pa.po | 3 +++ po/pl.po | 3 +++ po/pt.po | 3 +++ po/pt_BR.po | 3 +++ po/ro.po | 3 +++ po/ru.po | 3 +++ po/si.po | 3 +++ po/sk.po | 3 +++ po/sl.po | 3 +++ po/sq.po | 3 +++ po/sr.po | 3 +++ po/sr@latin.po | 3 +++ po/sv.po | 3 +++ po/ta.po | 3 +++ po/te.po | 3 +++ po/tg.po | 3 +++ po/th.po | 3 +++ po/tr.po | 3 +++ po/tw.po | 3 +++ po/uk.po | 3 +++ po/ur.po | 3 +++ po/vi.po | 3 +++ po/wba.po | 3 +++ po/yo.po | 3 +++ po/zh_CN.po | 3 +++ po/zh_HK.po | 3 +++ po/zh_TW.po | 3 +++ po/zu.po | 3 +++ 98 files changed, 296 insertions(+), 1 deletion(-) (limited to 'modules/pam_unix/pam_unix_passwd.c') diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index df4c1233..4d2f5e2c 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -576,7 +576,11 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh return PAM_AUTHTOK_ERR; } } - if (off(UNIX__IAMROOT, ctrl)) { + + if (strlen(pass_new) > MAX_PASS) { + remark = _("You must choose a shorter password."); + D(("length exceeded [%s]", remark)); + } else if (off(UNIX__IAMROOT, ctrl)) { if (strlen(pass_new) < pass_min_len) remark = _("You must choose a longer password."); D(("length check [%s]", remark)); diff --git a/po/af.po b/po/af.po index 4850ed42..5fad6de4 100644 --- a/po/af.po +++ b/po/af.po @@ -566,3 +566,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "Jy moet 'n korter wagwoord kies." diff --git a/po/am.po b/po/am.po index 65afbfa2..6734dec1 100644 --- a/po/am.po +++ b/po/am.po @@ -566,3 +566,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "አጠር ያለ የይለፍ ቃል መምረጥ አለብህ." diff --git a/po/anp.po b/po/anp.po index d517e0ae..5251b460 100644 --- a/po/anp.po +++ b/po/anp.po @@ -562,3 +562,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "" diff --git a/po/ar.po b/po/ar.po index b078d478..e06d455c 100644 --- a/po/ar.po +++ b/po/ar.po @@ -578,3 +578,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "يجب الانتظار فترة أطول لتغيير كلمة السر" + +msgid "You must choose a shorter password." +msgstr "يجب عليك اختيار كلمة مرور أقصر." diff --git a/po/as.po b/po/as.po index 455ae99b..77281385 100644 --- a/po/as.po +++ b/po/as.po @@ -575,3 +575,6 @@ msgstr "%s ৰ বাবে গুপ্তশব্দ সলনি কৰা #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "আপোনাৰ গুপ্তশব্দ সলনি কৰিবলৈ আপুনি আৰু কিছু পৰ অপেক্ষা কৰিব লাগিব" + +msgid "You must choose a shorter password." +msgstr "" diff --git a/po/ast.po b/po/ast.po index 8ddd6309..5db61744 100644 --- a/po/ast.po +++ b/po/ast.po @@ -566,3 +566,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "" diff --git a/po/bal.po b/po/bal.po index 8d756d96..cb88538d 100644 --- a/po/bal.po +++ b/po/bal.po @@ -565,3 +565,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "" diff --git a/po/be.po b/po/be.po index d238b047..40a03552 100644 --- a/po/be.po +++ b/po/be.po @@ -571,3 +571,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "Вы павінны выбраць больш кароткі пароль." diff --git a/po/bg.po b/po/bg.po index c58f8ee0..a544f196 100644 --- a/po/bg.po +++ b/po/bg.po @@ -579,3 +579,6 @@ msgstr "Смяна на паролата за %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Трябва да изчакате повече, за да промените Вашата парола" + +msgid "You must choose a shorter password." +msgstr "Трябва да изберете по-кратка парола." diff --git a/po/bn.po b/po/bn.po index 1da2a383..d1a3abe4 100644 --- a/po/bn.po +++ b/po/bn.po @@ -583,3 +583,6 @@ msgstr "%s-র পাসওয়ার্ড পরিবর্তন করা #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "কিছু কাল পরে পাসওয়ার্ড পরিবর্তন করা সম্ভব হবে" + +msgid "You must choose a shorter password." +msgstr "আপনি একটি ছোট পাসওয়ার্ড নির্বাচন করতে হবে।" diff --git a/po/bn_IN.po b/po/bn_IN.po index 4e1a504a..366b70b4 100644 --- a/po/bn_IN.po +++ b/po/bn_IN.po @@ -578,3 +578,6 @@ msgstr "%s-র পাসওয়ার্ড পরিবর্তন করা #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "কিছু কাল পরে পাসওয়ার্ড পরিবর্তন করা সম্ভব হবে" + +msgid "You must choose a shorter password." +msgstr "আপনি একটি ছোট পাসওয়ার্ড নির্বাচন করতে হবে।" diff --git a/po/bo.po b/po/bo.po index 43cd8c21..d080b943 100644 --- a/po/bo.po +++ b/po/bo.po @@ -564,3 +564,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "" diff --git a/po/br.po b/po/br.po index 1839f3d3..af59a546 100644 --- a/po/br.po +++ b/po/br.po @@ -566,3 +566,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "" diff --git a/po/brx.po b/po/brx.po index 85a5863b..929f5852 100644 --- a/po/brx.po +++ b/po/brx.po @@ -566,3 +566,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "" diff --git a/po/bs.po b/po/bs.po index dd8e5c50..47a615f1 100644 --- a/po/bs.po +++ b/po/bs.po @@ -569,3 +569,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "Morate odabrati kraću lozinku." diff --git a/po/ca.po b/po/ca.po index 680f1cb8..cf77ad51 100644 --- a/po/ca.po +++ b/po/ca.po @@ -580,3 +580,6 @@ msgstr "S'està canviant la contrasenya de %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Heu d'esperar més temps abans de canviar la contrasenya" + +msgid "You must choose a shorter password." +msgstr "Heu de triar una contrasenya més curta." diff --git a/po/cs.po b/po/cs.po index 762ad8d0..69731a10 100644 --- a/po/cs.po +++ b/po/cs.po @@ -576,3 +576,6 @@ msgstr "Změna hesla pro %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Na změnu svého hesla musíte počkat déle" + +msgid "You must choose a shorter password." +msgstr "Musíte zvolit kratší heslo." diff --git a/po/cy.po b/po/cy.po index ec442d89..8416d51f 100644 --- a/po/cy.po +++ b/po/cy.po @@ -571,3 +571,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "Rhaid i chi ddewis cyfrinair byrrach." diff --git a/po/da.po b/po/da.po index 9436302f..8a1d605d 100644 --- a/po/da.po +++ b/po/da.po @@ -572,3 +572,6 @@ msgstr "Ændrer adgangskode for %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Du skal vente lidt længere for at ændre din adgangskode" + +msgid "You must choose a shorter password." +msgstr "Du skal vælge en kortere adgangskode." diff --git a/po/de.po b/po/de.po index 815497fb..6c8e343b 100644 --- a/po/de.po +++ b/po/de.po @@ -580,3 +580,6 @@ msgstr "Ändern des Passworts für %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Sie können Ihr Passwort noch nicht ändern" + +msgid "You must choose a shorter password." +msgstr "Sie müssen ein kürzeres Passwort wählen." diff --git a/po/de_CH.po b/po/de_CH.po index 002af986..af50343b 100644 --- a/po/de_CH.po +++ b/po/de_CH.po @@ -566,3 +566,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "Sie müssen ein kürzeres Passwort wählen." diff --git a/po/el.po b/po/el.po index e0547802..2b5a78b9 100644 --- a/po/el.po +++ b/po/el.po @@ -565,3 +565,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "Πρέπει να επιλέξετε μικρότερο κωδικό πρόσβασης." diff --git a/po/en_GB.po b/po/en_GB.po index 66cf3429..e04689e5 100644 --- a/po/en_GB.po +++ b/po/en_GB.po @@ -566,3 +566,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "" diff --git a/po/eo.po b/po/eo.po index 1ab548ea..45ddfd17 100644 --- a/po/eo.po +++ b/po/eo.po @@ -566,3 +566,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "Vi devas elekti pli mallongan pasvorton." diff --git a/po/es.po b/po/es.po index 88490203..22b6fc68 100644 --- a/po/es.po +++ b/po/es.po @@ -585,3 +585,6 @@ msgstr "Cambiando la contraseña de %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Debe esperar más tiempo para cambiar la contraseña" + +msgid "You must choose a shorter password." +msgstr "Debes elegir una contraseña más corta." diff --git a/po/et.po b/po/et.po index 0c4e9b31..d826104e 100644 --- a/po/et.po +++ b/po/et.po @@ -568,3 +568,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "Peate valima lühema parooli." diff --git a/po/eu.po b/po/eu.po index cba3e90a..f0de0402 100644 --- a/po/eu.po +++ b/po/eu.po @@ -567,3 +567,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "Pasahitz laburragoa aukeratu behar duzu." diff --git a/po/fa.po b/po/fa.po index f7e77c9b..743e2c99 100644 --- a/po/fa.po +++ b/po/fa.po @@ -564,3 +564,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "شما باید رمز عبور کوتاهتری انتخاب کنید." diff --git a/po/fi.po b/po/fi.po index 0e458aea..ccad0c40 100644 --- a/po/fi.po +++ b/po/fi.po @@ -584,3 +584,6 @@ msgstr "Vaihdetaan käyttäjän %s salasana." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Sinun täytyy odottaa kauemmin vaihtaaksesi salasanan" + +msgid "You must choose a shorter password." +msgstr "Sinun on valittava lyhyempi salasana." diff --git a/po/fr.po b/po/fr.po index dfca80a0..ce2176fe 100644 --- a/po/fr.po +++ b/po/fr.po @@ -593,3 +593,6 @@ msgstr "Changement du mot de passe pour %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Vous devez encore attendre avant de changer votre mot de passe" + +msgid "You must choose a shorter password." +msgstr "Vous devez choisir un mot de passe plus court." diff --git a/po/ga.po b/po/ga.po index f9b76a0e..c8a74319 100644 --- a/po/ga.po +++ b/po/ga.po @@ -601,3 +601,6 @@ msgstr "Focal faire %s á athrú." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Caithfidh tú fanacht níos faide chun d'fhocal faire a athrú" + +msgid "You must choose a shorter password." +msgstr "Ní mór duit pasfhocal níos giorra a roghnú." diff --git a/po/gl.po b/po/gl.po index d073f9b1..bc237ec1 100644 --- a/po/gl.po +++ b/po/gl.po @@ -566,3 +566,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "Debes escoller un contrasinal máis curto." diff --git a/po/gu.po b/po/gu.po index 820cb457..44fb7179 100644 --- a/po/gu.po +++ b/po/gu.po @@ -575,3 +575,6 @@ msgstr "%s માટે પાસવર્ડ બદલવાનું." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "તમારો પાસવર્ડ બદલવા માટે તમારે લાંબો સમય રાહ જોવી જ પડશે" + +msgid "You must choose a shorter password." +msgstr "તમારે ટૂંકા પાસવર્ડને પસંદ કરવો આવશ્યક છે." diff --git a/po/he.po b/po/he.po index 485b4491..cd6fe2e1 100644 --- a/po/he.po +++ b/po/he.po @@ -568,3 +568,6 @@ msgstr "משנה ססמה עבור %s.‏" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "אתה חייב לחכות יותר כדי לשנות את הססמה" + +msgid "You must choose a shorter password." +msgstr "עליך לבחור סיסמה קצרה יותר." diff --git a/po/hi.po b/po/hi.po index 78d0af1c..6ffa21b3 100644 --- a/po/hi.po +++ b/po/hi.po @@ -574,3 +574,6 @@ msgstr "%s के लिए कूटशब्द बदल रहा है" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "आपको अपना शब्दकूट बदलने के लिए लंबी प्रतीक्षा करनी होगी" + +msgid "You must choose a shorter password." +msgstr "आपको एक छोटा पासवर्ड चुनना होगा।" diff --git a/po/hr.po b/po/hr.po index 4e4a9a46..6240fb8c 100644 --- a/po/hr.po +++ b/po/hr.po @@ -569,3 +569,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "Morate odabrati kraću zaporku." diff --git a/po/hu.po b/po/hu.po index a4992271..b362ba38 100644 --- a/po/hu.po +++ b/po/hu.po @@ -580,3 +580,6 @@ msgstr "%s jelszavának megváltoztatása." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Tovább kell várnia míg megváltoztathatja a jelszavát" + +msgid "You must choose a shorter password." +msgstr "Egy rövidebb jelszót kell választania." diff --git a/po/ia.po b/po/ia.po index fcd7a2b8..efbfea69 100644 --- a/po/ia.po +++ b/po/ia.po @@ -580,3 +580,6 @@ msgstr "Cambiamento del contrasigno pro %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Attende ancora pro cambiar le contrasigno" + +msgid "You must choose a shorter password." +msgstr "" diff --git a/po/id.po b/po/id.po index b45ed5ff..f85297fe 100644 --- a/po/id.po +++ b/po/id.po @@ -564,3 +564,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "Anda harus memilih kata sandi yang lebih pendek." diff --git a/po/ilo.po b/po/ilo.po index bfac356f..3b1be996 100644 --- a/po/ilo.po +++ b/po/ilo.po @@ -566,3 +566,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "" diff --git a/po/is.po b/po/is.po index 6f02ee32..fedbbe57 100644 --- a/po/is.po +++ b/po/is.po @@ -566,3 +566,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "Þú verður að velja styttri lykilorð." diff --git a/po/it.po b/po/it.po index 09222493..7d343524 100644 --- a/po/it.po +++ b/po/it.po @@ -589,3 +589,6 @@ msgstr "Cambio password per %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Attendere ancora per cambiare la password" + +msgid "You must choose a shorter password." +msgstr "Devi scegliere una password più breve." diff --git a/po/ja.po b/po/ja.po index ef2148b6..8bc5229e 100644 --- a/po/ja.po +++ b/po/ja.po @@ -575,3 +575,6 @@ msgstr "%s 用にパスワードを変更中" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "パスワードを変更するには長く待つ必要があります" + +msgid "You must choose a shorter password." +msgstr "もっと短いパスワードを選択する必要があります。" diff --git a/po/ka.po b/po/ka.po index 7f465cb4..23e9e1bb 100644 --- a/po/ka.po +++ b/po/ka.po @@ -565,3 +565,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "თქვენ უნდა აირჩიოთ მოკლე პაროლი." diff --git a/po/kk.po b/po/kk.po index 0cedb870..c7ec624a 100644 --- a/po/kk.po +++ b/po/kk.po @@ -574,3 +574,6 @@ msgstr "%s үшін парольді өзгерту." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Пароліңізді өзгерті үшін біраз күтуіңіз керек" + +msgid "You must choose a shorter password." +msgstr "Сіз қысқа парольді таңдауыңыз керек." diff --git a/po/km.po b/po/km.po index e15f1ed7..8085ca07 100644 --- a/po/km.po +++ b/po/km.po @@ -569,3 +569,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "អ្នក​ត្រូវ​តែ​រង់ចាំ​បន្តិច ដើម្បី​ផ្លាស់ប្ដូរ​ពាក្យសម្ងាត់​របស់​អ្នក" + +msgid "You must choose a shorter password." +msgstr "អ្នកត្រូវតែជ្រើសរើសពាក្យសម្ងាត់ខ្លី។" diff --git a/po/kn.po b/po/kn.po index 9a22f5b3..ba0005af 100644 --- a/po/kn.po +++ b/po/kn.po @@ -575,3 +575,6 @@ msgstr "%s ಗಾಗಿ ಗುಪ್ತಪದವನ್ನು ಬದಲಾಯಿ #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "ನಿಮ್ಮ ಗುಪ್ತಪದವನ್ನು ಬದಲಾಯಿಸಲು ನೀವು ಬಹಳ ಸಮಯ ಕಾಯಬೇಕು" + +msgid "You must choose a shorter password." +msgstr "ನೀವು ಕಡಿಮೆ ಪಾಸ್‌ವರ್ಡ್ ಅನ್ನು ಆರಿಸಬೇಕು." diff --git a/po/ko.po b/po/ko.po index a5a2beb8..1ebe07cb 100644 --- a/po/ko.po +++ b/po/ko.po @@ -573,3 +573,6 @@ msgstr "%s에 대한 암호 변경 중 " #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "암호 변경을 위해 조금더 기다려 주십시오." + +msgid "You must choose a shorter password." +msgstr "더 짧은 암호를 선택해야합니다." diff --git a/po/kw.po b/po/kw.po index 6cc4aa80..17b2f128 100644 --- a/po/kw.po +++ b/po/kw.po @@ -563,3 +563,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "" diff --git a/po/kw@kkcor.po b/po/kw@kkcor.po index e10c5f4f..0bcb780a 100644 --- a/po/kw@kkcor.po +++ b/po/kw@kkcor.po @@ -563,3 +563,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "" diff --git a/po/kw@uccor.po b/po/kw@uccor.po index 8ce6789f..1c3a7a4e 100644 --- a/po/kw@uccor.po +++ b/po/kw@uccor.po @@ -563,3 +563,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "" diff --git a/po/kw_GB.po b/po/kw_GB.po index 55bac444..b7824fce 100644 --- a/po/kw_GB.po +++ b/po/kw_GB.po @@ -563,3 +563,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "" diff --git a/po/ky.po b/po/ky.po index ef2744e6..279602d2 100644 --- a/po/ky.po +++ b/po/ky.po @@ -564,3 +564,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "Сиз кыска сөздү тандоо керек." diff --git a/po/lt.po b/po/lt.po index 391393f0..35baf6ec 100644 --- a/po/lt.po +++ b/po/lt.po @@ -569,3 +569,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "Turite pasirinkti trumpesnį slaptažodį." diff --git a/po/lv.po b/po/lv.po index 5951105f..71c023dd 100644 --- a/po/lv.po +++ b/po/lv.po @@ -569,3 +569,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "Jums jāizvēlas īsāka parole." diff --git a/po/mai.po b/po/mai.po index f45e71c5..7af46914 100644 --- a/po/mai.po +++ b/po/mai.po @@ -566,3 +566,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "" diff --git a/po/mk.po b/po/mk.po index 38b5e120..f91b12ed 100644 --- a/po/mk.po +++ b/po/mk.po @@ -566,3 +566,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "Мора да изберете пократка лозинка." diff --git a/po/ml.po b/po/ml.po index d84115d5..ba0bcd00 100644 --- a/po/ml.po +++ b/po/ml.po @@ -574,3 +574,6 @@ msgstr "%s-നുളള അടയാളവാക്ക് മാറ്റുന #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "നിങ്ങളുടെ അടയാളവാക്ക് മാറ്റുന്നതിനായി ഇനിയും കാത്തിരിക്കേണ്ടതാണ്." + +msgid "You must choose a shorter password." +msgstr "നിങ്ങൾ ഒരു ഹ്രസ്വ പാസ്‌വേഡ് തിരഞ്ഞെടുക്കണം." diff --git a/po/mn.po b/po/mn.po index 6449114a..9195403a 100644 --- a/po/mn.po +++ b/po/mn.po @@ -566,3 +566,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "Та богино нууц үг сонгох ёстой." diff --git a/po/mr.po b/po/mr.po index 9989305e..8a4f6bc0 100644 --- a/po/mr.po +++ b/po/mr.po @@ -574,3 +574,6 @@ msgstr "%s करीता गुप्तशब्द बदलवित आह #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "तुमचा गुप्तशब्द बदलण्यासाठी तुम्हाला बराच वेळ वाट पहावी लागेल" + +msgid "You must choose a shorter password." +msgstr "आपण लहान संकेतशब्द निवडणे आवश्यक आहे." diff --git a/po/ms.po b/po/ms.po index dea80954..aad48229 100644 --- a/po/ms.po +++ b/po/ms.po @@ -564,3 +564,6 @@ msgstr "Menukar katalaluan untuk %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "Anda mesti memilih kata laluan yang lebih pendek." diff --git a/po/my.po b/po/my.po index 7613d708..9aeb978e 100644 --- a/po/my.po +++ b/po/my.po @@ -564,3 +564,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "သင်တစ်ဦးပိုမိုတိုတောင်းသောစကားဝှက်ကိုရွေးချယ်ရပါမည်။" diff --git a/po/nb.po b/po/nb.po index dffee3fd..1cf9a595 100644 --- a/po/nb.po +++ b/po/nb.po @@ -576,3 +576,6 @@ msgstr "Endrer passord for %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Du må vente lenger før du kan endre passordet" + +msgid "You must choose a shorter password." +msgstr "Du må velge et kortere passord." diff --git a/po/nds.po b/po/nds.po index f1efce3a..e839e9ae 100644 --- a/po/nds.po +++ b/po/nds.po @@ -565,3 +565,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "" diff --git a/po/ne.po b/po/ne.po index f8dfebc2..546eaccf 100644 --- a/po/ne.po +++ b/po/ne.po @@ -566,3 +566,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "तपाईंले छोटो पासवर्ड छान्नु पर्छ।" diff --git a/po/nl.po b/po/nl.po index d7652635..b675f4d7 100644 --- a/po/nl.po +++ b/po/nl.po @@ -586,3 +586,6 @@ msgstr "Veranderen van wachtwoord voor %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "U moet langer wachten om uw wachtwoord te wijzigen" + +msgid "You must choose a shorter password." +msgstr "U moet een korter wachtwoord kiezen." diff --git a/po/nn.po b/po/nn.po index c1a4d73f..a057bbe0 100644 --- a/po/nn.po +++ b/po/nn.po @@ -565,3 +565,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "Du må velge et kortere passord." diff --git a/po/nso.po b/po/nso.po index ae7321b6..9527b4f9 100644 --- a/po/nso.po +++ b/po/nso.po @@ -566,3 +566,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "" diff --git a/po/or.po b/po/or.po index 28583df3..93463c6b 100644 --- a/po/or.po +++ b/po/or.po @@ -576,3 +576,6 @@ msgstr "%s ପାଇଁ ପ୍ରବେଶ ସଙ୍କେତକୁ ବଦଳା #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "ପ୍ରବେଶ ସଙ୍କେତକୁ ବଦଳାଇବା ପାଇଁ ଆପଣ ଅଧିକ ସମୟ ଅପେକ୍ଷା କରିବା ଉଚିତ" + +msgid "You must choose a shorter password." +msgstr "" diff --git a/po/pa.po b/po/pa.po index e1b21414..deb55e14 100644 --- a/po/pa.po +++ b/po/pa.po @@ -574,3 +574,6 @@ msgstr "%s ਲਈ ਪਾਸਵਰਡ ਤਬਦੀਲ ਕਰ ਰਿਹਾ ਹੈ #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "ਤੁਹਾਨੂੰ ਲੰਬੇ ਸਮੇਂ ਲਈ ਆਪਣੇ ਪਾਸਵਰਡ ਲਈ ਉਡੀਕ ਕਰਨੀ ਪਵੇਗੀ" + +msgid "You must choose a shorter password." +msgstr "ਤੁਹਾਨੂੰ ਇੱਕ ਛੋਟਾ ਪਾਸਵਰਡ ਚੁਣਨਾ ਚਾਹੀਦਾ ਹੈ." diff --git a/po/pl.po b/po/pl.po index 6ff6d754..a7a4ae76 100644 --- a/po/pl.po +++ b/po/pl.po @@ -582,3 +582,6 @@ msgstr "Zmienianie hasła dla %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Należy poczekać dłużej na zmianę hasła" + +msgid "You must choose a shorter password." +msgstr "Musisz wybrać krótsze hasło." diff --git a/po/pt.po b/po/pt.po index ccebe2ca..eff8f816 100644 --- a/po/pt.po +++ b/po/pt.po @@ -583,3 +583,6 @@ msgstr "A alterar senha para %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Tem de esperar mais antes de poder alterar a sua senha" + +msgid "You must choose a shorter password." +msgstr "Você deve escolher uma senha mais curta." diff --git a/po/pt_BR.po b/po/pt_BR.po index c54bad29..d3a02d96 100644 --- a/po/pt_BR.po +++ b/po/pt_BR.po @@ -578,3 +578,6 @@ msgstr "Mudando senha para %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Aguarde mais tempo para mudar a senha" + +msgid "You must choose a shorter password." +msgstr "Você deve escolher uma senha mais curta." diff --git a/po/ro.po b/po/ro.po index 486cab4f..4e443851 100644 --- a/po/ro.po +++ b/po/ro.po @@ -569,3 +569,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "Trebuie să alegeți o parolă mai scurtă." diff --git a/po/ru.po b/po/ru.po index 03323082..bb54b412 100644 --- a/po/ru.po +++ b/po/ru.po @@ -586,3 +586,6 @@ msgstr "Смена пароля для %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "До смены пароля должно пройти больше времени" + +msgid "You must choose a shorter password." +msgstr "Вы должны выбрать более короткий пароль." diff --git a/po/si.po b/po/si.po index aa6356c0..7234cc6a 100644 --- a/po/si.po +++ b/po/si.po @@ -571,3 +571,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "ඔබගේ රහස්පදය වෙනස් කිරීමට බොහෝ වෙලාවක් රැදී සිටීය යුතුම වේ" + +msgid "You must choose a shorter password." +msgstr "ඔබ කෙටි මුරපදයක් තෝරා ගත යුතුය." diff --git a/po/sk.po b/po/sk.po index ce7e534e..9c1718bd 100644 --- a/po/sk.po +++ b/po/sk.po @@ -588,3 +588,6 @@ msgstr "Zmena hesla pre %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Na zmenu svojho hesla musíte počkať dlhšie" + +msgid "You must choose a shorter password." +msgstr "Musíte zvoliť kratšie heslo." diff --git a/po/sl.po b/po/sl.po index 0fe22f90..db2b296e 100644 --- a/po/sl.po +++ b/po/sl.po @@ -571,3 +571,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "Izbrati morate krajše geslo." diff --git a/po/sq.po b/po/sq.po index ab512375..77749c25 100644 --- a/po/sq.po +++ b/po/sq.po @@ -566,3 +566,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "Ju duhet të zgjidhni një fjalëkalim më të shkurtër." diff --git a/po/sr.po b/po/sr.po index 582645d0..db257d03 100644 --- a/po/sr.po +++ b/po/sr.po @@ -581,3 +581,6 @@ msgstr "Мењам лозинку за %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Морате дуже сачекати на промену лозинке" + +msgid "You must choose a shorter password." +msgstr "Морате одабрати краћу лозинку." diff --git a/po/sr@latin.po b/po/sr@latin.po index 4f87077a..763610e4 100644 --- a/po/sr@latin.po +++ b/po/sr@latin.po @@ -581,3 +581,6 @@ msgstr "Menjam lozinku za %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Morate duže sačekati na promenu lozinke" + +msgid "You must choose a shorter password." +msgstr "" diff --git a/po/sv.po b/po/sv.po index 7791df4c..6a9fc1bf 100644 --- a/po/sv.po +++ b/po/sv.po @@ -581,3 +581,6 @@ msgstr "Ändrar lösenord för %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Du måste vänta längre innan du kan ändra lösenord" + +msgid "You must choose a shorter password." +msgstr "Du måste välja ett kortare lösenord." diff --git a/po/ta.po b/po/ta.po index f1ea10a9..e7ce7eb8 100644 --- a/po/ta.po +++ b/po/ta.po @@ -575,3 +575,6 @@ msgstr "%sக்கு கடவுச்சொல்லை மாற்று #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "உங்கள் கடவுச்சொல்லை மாற்ற சிறிது காத்திருக்க வேண்டும்" + +msgid "You must choose a shorter password." +msgstr "குறுகிய கடவுச்சொல்லை நீங்கள் தேர்வு செய்ய வேண்டும்." diff --git a/po/te.po b/po/te.po index 169e8839..bb26d6c6 100644 --- a/po/te.po +++ b/po/te.po @@ -574,3 +574,6 @@ msgstr "%s కొరకు సంకేతపదమును మార్చు #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "మీ సంకేతపదమును మార్చుటకు మీరు ఎక్కువసేపు వేచివుండాలి" + +msgid "You must choose a shorter password." +msgstr "మీరు తప్పనిసరిగా తక్కువ పాస్‌వర్డ్‌ను ఎంచుకోవాలి." diff --git a/po/tg.po b/po/tg.po index 51ed86b4..d61db052 100644 --- a/po/tg.po +++ b/po/tg.po @@ -566,3 +566,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "Шумо бояд гузарвожаи кӯтоҳтарро интихоб кунед." diff --git a/po/th.po b/po/th.po index 94d9c000..36fa0336 100644 --- a/po/th.po +++ b/po/th.po @@ -564,3 +564,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "คุณต้องเลือกรหัสผ่านที่สั้นกว่า" diff --git a/po/tr.po b/po/tr.po index 382909ae..eb55d94d 100644 --- a/po/tr.po +++ b/po/tr.po @@ -580,3 +580,6 @@ msgstr "%s kullanıcısının parolası değiştiriliyor." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Parolanızı değiştirmek için daha sonra denemelisiniz" + +msgid "You must choose a shorter password." +msgstr "Daha kısa bir şifre seçmelisiniz." diff --git a/po/tw.po b/po/tw.po index 2e9238f3..f08ddea3 100644 --- a/po/tw.po +++ b/po/tw.po @@ -562,3 +562,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "" diff --git a/po/uk.po b/po/uk.po index fd2bacf5..6b1d5640 100644 --- a/po/uk.po +++ b/po/uk.po @@ -586,3 +586,6 @@ msgstr "Зміна пароля %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Ви повинні зачекати, щоб змінити ваш пароль" + +msgid "You must choose a shorter password." +msgstr "Необхідно вибрати коротший пароль." diff --git a/po/ur.po b/po/ur.po index 54f75ccb..9b65a4ec 100644 --- a/po/ur.po +++ b/po/ur.po @@ -565,3 +565,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "آپ کو ایک چھوٹا پاس ورڈ منتخب کرنا ہوگا." diff --git a/po/vi.po b/po/vi.po index 998be99c..cd529ab1 100644 --- a/po/vi.po +++ b/po/vi.po @@ -577,3 +577,6 @@ msgstr "Thay đổi mật khẩu cho %s." #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Bạn phải đợi thêm nữa, để thay đổi mật khẩu" + +msgid "You must choose a shorter password." +msgstr "Bạn phải chọn một mật khẩu ngắn hơn." diff --git a/po/wba.po b/po/wba.po index 7c088a2c..c6815502 100644 --- a/po/wba.po +++ b/po/wba.po @@ -562,3 +562,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "" diff --git a/po/yo.po b/po/yo.po index b719d25a..175b2a87 100644 --- a/po/yo.po +++ b/po/yo.po @@ -562,3 +562,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "O gbọdọ yan ọrọigbaniwọle kukuru." diff --git a/po/zh_CN.po b/po/zh_CN.po index 33c257d4..ce9b2333 100644 --- a/po/zh_CN.po +++ b/po/zh_CN.po @@ -572,3 +572,6 @@ msgstr "为 %s 更改 STRESS 密码。" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "您必须等待更长时间以更改密码" + +msgid "You must choose a shorter password." +msgstr "您必须选择较短的密码。" diff --git a/po/zh_HK.po b/po/zh_HK.po index bb861112..65b00415 100644 --- a/po/zh_HK.po +++ b/po/zh_HK.po @@ -563,3 +563,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "" + +msgid "You must choose a shorter password." +msgstr "您必須選擇較短的密碼。" diff --git a/po/zh_TW.po b/po/zh_TW.po index 105840ea..1a5e8beb 100644 --- a/po/zh_TW.po +++ b/po/zh_TW.po @@ -570,3 +570,6 @@ msgstr "正在更改 %s 的 STRESS 密碼。" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "您必須久候,以更改您的密碼" + +msgid "You must choose a shorter password." +msgstr "您必須選擇較短的密碼。" diff --git a/po/zu.po b/po/zu.po index 2bf11e92..f34b41db 100644 --- a/po/zu.po +++ b/po/zu.po @@ -576,3 +576,6 @@ msgstr "" #: modules/pam_unix/pam_unix_passwd.c:722 msgid "You must wait longer to change your password" msgstr "Kumelwe ulinde isikhashana ukuze ushintshe iphasiwedi yakho" + +msgid "You must choose a shorter password." +msgstr "Kumele ukhethe iphasiwedi emifushane." -- cgit v1.2.3 From 5caf76b1655c22e28d1167b786f741ed47f301b1 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 27 Jun 2019 19:00:41 +0200 Subject: pam_unix: Correct MAXPASS define name in the previous two commits. * modules/pam_unix/pam_unix_passwd.c: Change MAX_PASS to MAXPASS. * modules/pam_unix/support.c: Likewise. --- modules/pam_unix/pam_unix_passwd.c | 2 +- modules/pam_unix/support.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'modules/pam_unix/pam_unix_passwd.c') diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 4d2f5e2c..4bb1bc56 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -577,7 +577,7 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh } } - if (strlen(pass_new) > MAX_PASS) { + if (strlen(pass_new) > MAXPASS) { remark = _("You must choose a shorter password."); D(("length exceeded [%s]", remark)); } else if (off(UNIX__IAMROOT, ctrl)) { diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index e5415f59..81c7651c 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -646,7 +646,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name struct passwd *pwd = NULL; char *salt = NULL; char *data_name; - char pw[MAX_PASS + 1]; + char pw[MAXPASS + 1]; int retval; @@ -673,7 +673,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name strcpy(data_name + sizeof(FAIL_PREFIX) - 1, name); } - if (p != NULL && strlen(p) > MAX_PASS) { + if (p != NULL && strlen(p) > MAXPASS) { memset(pw, 0, sizeof(pw)); p = strncpy(pw, p, sizeof(pw) - 1); } -- cgit v1.2.3 From f87a953d223d5305adfe3bbb00b4c037c9ae7cd3 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 10 Oct 2019 11:11:14 +0200 Subject: pam_unix: Fix the spelling of Jan Rękorajski's name. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/pam_unix/CHANGELOG | 18 +++++++++--------- modules/pam_unix/pam_unix_acct.c | 2 +- modules/pam_unix/pam_unix_auth.c | 2 +- modules/pam_unix/pam_unix_passwd.c | 2 +- modules/pam_unix/pam_unix_sess.c | 2 +- modules/pam_unix/passverify.c | 2 +- modules/pam_unix/support.c | 2 +- 7 files changed, 15 insertions(+), 15 deletions(-) (limited to 'modules/pam_unix/pam_unix_passwd.c') diff --git a/modules/pam_unix/CHANGELOG b/modules/pam_unix/CHANGELOG index c18acc27..f8f70f59 100644 --- a/modules/pam_unix/CHANGELOG +++ b/modules/pam_unix/CHANGELOG @@ -1,6 +1,6 @@ $Id$ -* Mon Aug 16 1999 Jan Rkorajski +* Mon Aug 16 1999 Jan Rękorajski - fixed reentrancy problems * Sun Jul 4 21:03:42 PDT 1999 @@ -15,7 +15,7 @@ $Id$ * Sun Jun 27 1999 Steve Langasek - fix to uid-handling code for NIS+ -* Sat Jun 26 1999 Jan Rkorajski +* Sat Jun 26 1999 Jan Rękorajski - merged MD5 fix and early failure syslog by Andrey Vladimirovich Savochkin - minor fixes @@ -24,31 +24,31 @@ $Id$ * Fri Jun 25 1999 Stephen Langasek - reorganized the code to let it build as separate C files -* Sun Jun 20 1999 Jan Rkorajski +* Sun Jun 20 1999 Jan Rękorajski - fixes in pam_unix_auth, it incorrectly saved and restored return value when likeauth option was used -* Tue Jun 15 1999 Jan Rkorajski +* Tue Jun 15 1999 Jan Rękorajski - added NIS+ support -* Mon Jun 14 1999 Jan Rkorajski +* Mon Jun 14 1999 Jan Rękorajski - total rewrite based on pam_pwdb module, now there is ONE pam_unix.so module, it accepts the same options as pam_pwdb - all of them correctly ;) (pam_pwdb dosn't understand what DISALLOW_NULL_AUTHTOK means) -* Tue Apr 20 1999 Jan Rkorajski +* Tue Apr 20 1999 Jan Rękorajski - Arghhh, pam_unix_passwd was not updating /etc/shadow when used with pam_cracklib. -* Mon Apr 19 1999 Jan Rkorajski +* Mon Apr 19 1999 Jan Rękorajski - added "remember=XXX" option that means 'remember XXX old passwords' Old passwords are stored in /etc/security/opasswd, there can be maximum of 400 passwords per user. -* Sat Mar 27 1999 Jan Rkorajski +* Sat Mar 27 1999 Jan Rękorajski - added crypt16 to pam_unix_auth and pam_unix_passwd (check only, this algorithm is too lame to use it in real life) -* Sun Mar 21 1999 Jan Rkorajski +* Sun Mar 21 1999 Jan Rękorajski - pam_unix_auth now correctly behave when user has NULL AUTHTOK - pam_unix_auth returns PAM_PERM_DENIED when seteuid fails diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index d8d084ac..e99c2d03 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -1,6 +1,6 @@ /* * Copyright Elliot Lee, 1996. All rights reserved. - * Copyright Jan Rkorajski, 1999. All rights reserved. + * Copyright Jan Rękorajski, 1999. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c index 905fc66c..681e49db 100644 --- a/modules/pam_unix/pam_unix_auth.c +++ b/modules/pam_unix/pam_unix_auth.c @@ -1,7 +1,7 @@ /* * Copyright Alexander O. Yuriev, 1996. All rights reserved. * NIS+ support by Thorsten Kukuk - * Copyright Jan Rkorajski, 1999. All rights reserved. + * Copyright Jan Rękorajski, 1999. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 4bb1bc56..87db7cf1 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -1,7 +1,7 @@ /* * Main coding by Elliot Lee , Red Hat Software. * Copyright (C) 1996. - * Copyright (c) Jan Rêkorajski, 1999. + * Copyright (c) Jan Rękorajski, 1999. * Copyright (c) Red Hat, Inc., 2007, 2008. * * Redistribution and use in source and binary forms, with or without diff --git a/modules/pam_unix/pam_unix_sess.c b/modules/pam_unix/pam_unix_sess.c index 71f5594d..437d1242 100644 --- a/modules/pam_unix/pam_unix_sess.c +++ b/modules/pam_unix/pam_unix_sess.c @@ -2,7 +2,7 @@ * $Id$ * * Copyright Alexander O. Yuriev, 1996. All rights reserved. - * Copyright Jan Rkorajski, 1999. All rights reserved. + * Copyright Jan Rękorajski, 1999. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 80e32767..2f9a4306 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -1217,7 +1217,7 @@ read_passwords(int fd, int npass, char **passwords) #endif /* ****************************************************************** * - * Copyright (c) Jan Rêkorajski 1999. + * Copyright (c) Jan Rękorajski 1999. * Copyright (c) Andrew G. Morgan 1996-8. * Copyright (c) Alex O. Yuriev, 1996. * Copyright (c) Cristian Gafton 1996. diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 81c7651c..4f15b61b 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -799,7 +799,7 @@ cleanup: } /* ****************************************************************** * - * Copyright (c) Jan Rêkorajski 1999. + * Copyright (c) Jan Rękorajski 1999. * Copyright (c) Andrew G. Morgan 1996-8. * Copyright (c) Alex O. Yuriev, 1996. * Copyright (c) Cristian Gafton 1996. -- cgit v1.2.3 From 7fbb8592fb75dac96b31a26de7528917060eb589 Mon Sep 17 00:00:00 2001 From: Sophie Herold Date: Thu, 28 Nov 2019 15:27:04 +0100 Subject: Lower "bad username" log priority (#154) * modules/pam_unix/pam_unix_auth.c: Use LOG_NOTICE instead of LOG_ERR. * modules/pam_unix/pam_unix_passwd.c: Likewise. * modules/pam_umask/pam_umask.c: Likewise. --- modules/pam_umask/pam_umask.c | 2 +- modules/pam_unix/pam_unix_auth.c | 2 +- modules/pam_unix/pam_unix_passwd.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'modules/pam_unix/pam_unix_passwd.c') diff --git a/modules/pam_umask/pam_umask.c b/modules/pam_umask/pam_umask.c index 3dcc5b10..d962ed1f 100644 --- a/modules/pam_umask/pam_umask.c +++ b/modules/pam_umask/pam_umask.c @@ -199,7 +199,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, { if (name) { - pam_syslog (pamh, LOG_ERR, "bad username [%s]", name); + pam_syslog (pamh, LOG_NOTICE, "bad username [%s]", name); return PAM_USER_UNKNOWN; } return PAM_SERVICE_ERR; diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c index 3fca9452..40ff7c65 100644 --- a/modules/pam_unix/pam_unix_auth.c +++ b/modules/pam_unix/pam_unix_auth.c @@ -125,7 +125,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) * allow this characters here. */ if (name == NULL || name[0] == '-' || name[0] == '+') { - pam_syslog(pamh, LOG_ERR, "bad username [%s]", name); + pam_syslog(pamh, LOG_NOTICE, "bad username [%s]", name); retval = PAM_USER_UNKNOWN; AUTH_RETURN; } diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 87db7cf1..99a4c40f 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -632,7 +632,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) * allow them. */ if (user == NULL || user[0] == '-' || user[0] == '+') { - pam_syslog(pamh, LOG_ERR, "bad username [%s]", user); + pam_syslog(pamh, LOG_NOTICE, "bad username [%s]", user); return PAM_USER_UNKNOWN; } if (retval == PAM_SUCCESS && on(UNIX_DEBUG, ctrl)) -- cgit v1.2.3 From 03f46bbe3f22d800a1516f4c535a1bfb573068de Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Mon, 16 Dec 2019 10:38:52 +0100 Subject: Fix or suppress various warnings when compiling with -Wall -Wextra * conf/pam_conv1/Makefile.am: Add -Wno-unused-function -Wno-sign-compare to CFLAGS. * doc/specs/Makefile.am: Likewise. * libpamc/include/security/pam_client.h: Explicitly compare old_p with NULL. * modules/pam_access/pam_access.c: Avoid double const. * modules/pam_filter/pam_filter.c: Avoid arbitrary constants. Avoid strncpy() without copying the NUL byte. * modules/pam_group/pam_group.c: Mark switch fallthrough with comment. * modules/pam_time/pam_time.c: Likewise. * modules/pam_limits/pam_limits.c: Remove unused units variable. * modules/pam_listfile/pam_listfile.c: Avoid unnecessary strncpy, use pointers. * modules/pam_rootok/pam_rootok.c (log_callback): Mark unused parameter. * modules/pam_selinux/pam_selinux.c: Use string_to_security_class() instead of hardcoded value. * modules/pam_sepermit/pam_sepermit.c: Properly cast when comparing. * modules/pam_succeed_if/pam_succeed_if.c: Mark unused parameters. * modules/pam_unix/pam_unix_passwd.c: Remove unused variables and properly cast for comparison. * modules/pam_unix/support.c: Remove unused function. --- conf/pam_conv1/Makefile.am | 2 ++ doc/specs/Makefile.am | 2 ++ libpamc/include/security/pam_client.h | 2 +- modules/pam_access/pam_access.c | 2 +- modules/pam_filter/pam_filter.c | 16 ++++++++-------- modules/pam_group/pam_group.c | 1 + modules/pam_limits/pam_limits.c | 7 ++----- modules/pam_listfile/pam_listfile.c | 9 ++++----- modules/pam_rootok/pam_rootok.c | 2 +- modules/pam_selinux/pam_selinux.c | 4 +--- modules/pam_sepermit/pam_sepermit.c | 2 +- modules/pam_succeed_if/pam_succeed_if.c | 11 +++++++++-- modules/pam_time/pam_time.c | 1 + modules/pam_unix/pam_unix_passwd.c | 10 +++++----- modules/pam_unix/support.c | 5 ----- 15 files changed, 39 insertions(+), 37 deletions(-) (limited to 'modules/pam_unix/pam_unix_passwd.c') diff --git a/conf/pam_conv1/Makefile.am b/conf/pam_conv1/Makefile.am index ce50b686..2e643306 100644 --- a/conf/pam_conv1/Makefile.am +++ b/conf/pam_conv1/Makefile.am @@ -8,6 +8,8 @@ EXTRA_DIST = README AM_YFLAGS = -d +pam_conv1_CFLAGS = -Wno-unused-function -Wno-sign-compare + BUILT_SOURCES = pam_conv_y.h noinst_PROGRAMS = pam_conv1 diff --git a/doc/specs/Makefile.am b/doc/specs/Makefile.am index 99ecc70e..de20decd 100644 --- a/doc/specs/Makefile.am +++ b/doc/specs/Makefile.am @@ -16,6 +16,8 @@ CPPFLAGS = @BUILD_CPPFLAGS@ CFLAGS = @BUILD_CFLAGS@ LDFLAGS = @BUILD_LDFLAGS@ +padout_CFLAGS = -Wno-unused-function -Wno-sign-compare + BUILT_SOURCES = parse_y.h noinst_PROGRAMS = padout diff --git a/libpamc/include/security/pam_client.h b/libpamc/include/security/pam_client.h index 47e41aaf..86672a2e 100644 --- a/libpamc/include/security/pam_client.h +++ b/libpamc/include/security/pam_client.h @@ -109,7 +109,7 @@ char **pamc_list_agents(pamc_handle_t pch); #define PAM_BP_RENEW(old_p, cntrl, data_length) \ do { \ - if (old_p) { \ + if ((old_p) != NULL) { \ if (*(old_p)) { \ u_int32_t __size; \ __size = PAM_BP_SIZE(*(old_p)); \ diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c index 80d885dd..128da01d 100644 --- a/modules/pam_access/pam_access.c +++ b/modules/pam_access/pam_access.c @@ -806,7 +806,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, const char *user=NULL; const void *void_from=NULL; const char *from; - const char const *default_config = PAM_ACCESS_CONFIG; + const char *default_config = PAM_ACCESS_CONFIG; struct passwd *user_pw; char hostname[MAXHOSTNAMELEN + 1]; int rv; diff --git a/modules/pam_filter/pam_filter.c b/modules/pam_filter/pam_filter.c index 8ab7981a..de8c35ad 100644 --- a/modules/pam_filter/pam_filter.c +++ b/modules/pam_filter/pam_filter.c @@ -120,8 +120,8 @@ static int process_args(pam_handle_t *pamh /* the "ARGS" variable */ -#define ARGS_OFFSET 5 /* strlen('ARGS='); */ #define ARGS_NAME "ARGS=" +#define ARGS_OFFSET (sizeof(ARGS_NAME) - 1) size += ARGS_OFFSET; @@ -134,7 +134,7 @@ static int process_args(pam_handle_t *pamh return -1; } - strncpy(levp[0],ARGS_NAME,ARGS_OFFSET); + strcpy(levp[0], ARGS_NAME); for (i=0,size=ARGS_OFFSET; i terminate */ /* the "USER" variable */ -#define USER_OFFSET 5 /* strlen('USER='); */ #define USER_NAME "USER=" +#define USER_OFFSET (sizeof(USER_NAME) - 1) if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user == NULL) { @@ -194,14 +194,14 @@ static int process_args(pam_handle_t *pamh return -1; } - strncpy(levp[2],USER_NAME,USER_OFFSET); + strcpy(levp[2], USER_NAME); strcpy(levp[2]+USER_OFFSET, user); levp[2][size] = '\0'; /* terminate */ /* the "USER" variable */ -#define TYPE_OFFSET 5 /* strlen('TYPE='); */ #define TYPE_NAME "TYPE=" +#define TYPE_OFFSET (sizeof(TYPE_NAME) - 1) size = TYPE_OFFSET+strlen(type); @@ -217,7 +217,7 @@ static int process_args(pam_handle_t *pamh return -1; } - strncpy(levp[3],TYPE_NAME,TYPE_OFFSET); + strcpy(levp[3], TYPE_NAME); strcpy(levp[3]+TYPE_OFFSET, type); levp[3][size] = '\0'; /* terminate */ diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c index 8cd178c0..66252c78 100644 --- a/modules/pam_group/pam_group.c +++ b/modules/pam_group/pam_group.c @@ -183,6 +183,7 @@ read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state) ++src; /* skip it */ break; } + /* fallthrough */ default: *to++ = c; onspace = 0; diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c index cac36999..02967f36 100644 --- a/modules/pam_limits/pam_limits.c +++ b/modules/pam_limits/pam_limits.c @@ -384,7 +384,7 @@ static void parse_kernel_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int FILE *limitsfile; const char *proclimits = "/proc/1/limits"; char line[256]; - char *units, *hard, *soft, *name; + char *hard, *soft, *name; if (!(limitsfile = fopen(proclimits, "r"))) { pam_syslog(pamh, LOG_WARNING, "Could not read %s (%s), using PAM defaults", proclimits, strerror(errno)); @@ -410,10 +410,7 @@ static void parse_kernel_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int if (pos == maxlen) { /* step backwards over "Units" name */ LIMITS_SKIP_WHITESPACE; - LIMITS_MARK_ITEM(units); - } - else { - units = ""; + LIMITS_MARK_ITEM(hard); /* not a typo, units unused */ } /* step backwards over "Hard Limit" value */ diff --git a/modules/pam_listfile/pam_listfile.c b/modules/pam_listfile/pam_listfile.c index 5723598e..1fe5f495 100644 --- a/modules/pam_listfile/pam_listfile.c +++ b/modules/pam_listfile/pam_listfile.c @@ -65,14 +65,14 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, char mybuf[256],myval[256]; struct stat fileinfo; FILE *inf; - char apply_val[256]; + const char *apply_val; int apply_type; /* Stuff for "extended" items */ struct passwd *userinfo; apply_type=APPLY_TYPE_NULL; - memset(apply_val,0,sizeof(apply_val)); + apply_val=""; for(i=0; i < argc; i++) { { @@ -140,13 +140,12 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, citem = 0; } else if(!strcmp(mybuf,"apply")) { apply_type=APPLY_TYPE_NONE; - memset(apply_val,'\0',sizeof(apply_val)); if (myval[0]=='@') { apply_type=APPLY_TYPE_GROUP; - strncpy(apply_val,myval+1,sizeof(apply_val)-1); + apply_val=myval+1; } else { apply_type=APPLY_TYPE_USER; - strncpy(apply_val,myval,sizeof(apply_val)-1); + apply_val=myval; } } else { free(ifname); diff --git a/modules/pam_rootok/pam_rootok.c b/modules/pam_rootok/pam_rootok.c index 17baabe4..80a67f6d 100644 --- a/modules/pam_rootok/pam_rootok.c +++ b/modules/pam_rootok/pam_rootok.c @@ -61,7 +61,7 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv) #ifdef WITH_SELINUX static int -log_callback (int type, const char *fmt, ...) +log_callback (int type UNUSED, const char *fmt, ...) { int audit_fd; va_list ap; diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c index 9b3fe22e..5affec4f 100644 --- a/modules/pam_selinux/pam_selinux.c +++ b/modules/pam_selinux/pam_selinux.c @@ -63,8 +63,6 @@ #include #include -#include -#include #include #include #include @@ -591,7 +589,7 @@ compute_tty_context(const pam_handle_t *pamh, module_data_t *data) } if (security_compute_relabel(data->exec_context, data->prev_tty_context, - SECCLASS_CHR_FILE, &data->tty_context)) { + string_to_security_class("chr_file"), &data->tty_context)) { data->tty_context = NULL; pam_syslog(pamh, LOG_ERR, "Failed to compute new context for %s: %m", data->tty_path); diff --git a/modules/pam_sepermit/pam_sepermit.c b/modules/pam_sepermit/pam_sepermit.c index c6532907..f37af0fb 100644 --- a/modules/pam_sepermit/pam_sepermit.c +++ b/modules/pam_sepermit/pam_sepermit.c @@ -353,7 +353,7 @@ sepermit_match(pam_handle_t *pamh, const char *cfgfile, const char *user, if (*sense == PAM_SUCCESS) { if (ignore) *sense = PAM_IGNORE; - if (geteuid() == 0 && exclusive && get_loginuid(pamh) == -1) + if (geteuid() == 0 && exclusive && get_loginuid(pamh) == (uid_t)-1) if (sepermit_lock(pamh, user, debug) < 0) *sense = PAM_AUTH_ERR; } diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c index afa61b3e..2a791d26 100644 --- a/modules/pam_succeed_if/pam_succeed_if.c +++ b/modules/pam_succeed_if/pam_succeed_if.c @@ -229,9 +229,16 @@ evaluate_notingroup(pam_handle_t *pamh, const char *user, const char *group) return PAM_SUCCESS; return PAM_AUTH_ERR; } + +#ifdef HAVE_INNETGR +# define SOMETIMES_UNUSED UNUSED +#else +# define SOMETIMES_UNUSED +#endif + /* Return PAM_SUCCESS if the (host,user) is in the netgroup. */ static int -evaluate_innetgr(const pam_handle_t* pamh, const char *host, const char *user, const char *group) +evaluate_innetgr(const pam_handle_t* pamh SOMETIMES_UNUSED, const char *host, const char *user, const char *group) { #ifdef HAVE_INNETGR if (innetgr(group, host, user, NULL) == 1) @@ -244,7 +251,7 @@ evaluate_innetgr(const pam_handle_t* pamh, const char *host, const char *user, c } /* Return PAM_SUCCESS if the (host,user) is NOT in the netgroup. */ static int -evaluate_notinnetgr(const pam_handle_t* pamh, const char *host, const char *user, const char *group) +evaluate_notinnetgr(const pam_handle_t* pamh SOMETIMES_UNUSED, const char *host, const char *user, const char *group) { #ifdef HAVE_INNETGR if (innetgr(group, host, user, NULL) == 0) diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c index 26a374b5..4863ea4e 100644 --- a/modules/pam_time/pam_time.c +++ b/modules/pam_time/pam_time.c @@ -213,6 +213,7 @@ read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state) ++src; /* skip it */ break; } + /* fallthrough */ default: *to++ = c; onspace = 0; diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 99a4c40f..93300f46 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -350,7 +350,7 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned long long ctrl, static int check_old_password(const char *forwho, const char *newpass) { static char buf[16384]; - char *s_luser, *s_uid, *s_npas, *s_pas; + char *s_pas; int retval = PAM_SUCCESS; FILE *opwfile; size_t len = strlen(forwho); @@ -364,9 +364,9 @@ static int check_old_password(const char *forwho, const char *newpass) buf[len] == ',')) { char *sptr; buf[strlen(buf) - 1] = '\0'; - s_luser = strtok_r(buf, ":,", &sptr); - s_uid = strtok_r(NULL, ":,", &sptr); - s_npas = strtok_r(NULL, ":,", &sptr); + /* s_luser = */ strtok_r(buf, ":,", &sptr); + /* s_uid = */ strtok_r(NULL, ":,", &sptr); + /* s_npas = */ strtok_r(NULL, ":,", &sptr); s_pas = strtok_r(NULL, ":,", &sptr); while (s_pas != NULL) { char *md5pass = Goodcrypt_md5(newpass, s_pas); @@ -581,7 +581,7 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh remark = _("You must choose a shorter password."); D(("length exceeded [%s]", remark)); } else if (off(UNIX__IAMROOT, ctrl)) { - if (strlen(pass_new) < pass_min_len) + if ((int)strlen(pass_new) < pass_min_len) remark = _("You must choose a longer password."); D(("length check [%s]", remark)); if (on(UNIX_REMEMBER_PASSWD, ctrl)) { diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 4f15b61b..814d4c08 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -211,11 +211,6 @@ unsigned long long _set_ctrl(pam_handle_t *pamh, int flags, int *remember, return ctrl; } -static void _cleanup(pam_handle_t * pamh UNUSED, void *x, int error_status UNUSED) -{ - _pam_delete(x); -} - /* ************************************************************** * * Useful non-trivial functions * * ************************************************************** */ -- cgit v1.2.3 From df86351adfbe6a5dc7a68dce1074403f97fd1046 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Sat, 18 Jan 2020 00:35:14 +0000 Subject: Fix remaining -Wcast-qual compilation warnings MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Introduce a new internal header file with definitions of DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL macros, use them to temporary silence -Wcast-qual compilation warnings in various modules. * libpam/include/pam_cc_compat.h: New file. * libpam/Makefile.am (noinst_HEADERS): Add include/pam_cc_compat.h. * modules/pam_mkhomedir/pam_mkhomedir.c: Include "pam_cc_compat.h". (create_homedir): Wrap execve invocation in DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL. * modules/pam_namespace/pam_namespace.c: Include "pam_cc_compat.h". (pam_sm_close_session): Wrap the cast that discards ‘const’ qualifier in DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL. * modules/pam_tty_audit/pam_tty_audit.c: Include "pam_cc_compat.h". (nl_send): Wrap the cast that discards ‘const’ qualifier in DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL. * modules/pam_unix/pam_unix_acct.c: Include "pam_cc_compat.h". (_unix_run_verify_binary): Wrap execve invocation in DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL. * modules/pam_unix/pam_unix_passwd.c: Include "pam_cc_compat.h". (_unix_run_update_binary): Wrap execve invocation in DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL. * modules/pam_unix/passverify.c: Include "pam_cc_compat.h". (unix_update_shadow): Wrap the cast that discards ‘const’ qualifier in DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL. * modules/pam_unix/support.c: Include "pam_cc_compat.h". (_unix_run_helper_binary): Wrap execve invocation in DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL. * modules/pam_xauth/pam_xauth.c: Include "pam_cc_compat.h". (run_coprocess): Wrap execv invocation in DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL. --- libpam/Makefile.am | 2 +- libpam/include/pam_cc_compat.h | 35 +++++++++++++++++++++++++++++++++++ modules/pam_mkhomedir/pam_mkhomedir.c | 4 ++++ modules/pam_namespace/pam_namespace.c | 3 +++ modules/pam_tty_audit/pam_tty_audit.c | 4 ++++ modules/pam_unix/pam_unix_acct.c | 3 +++ modules/pam_unix/pam_unix_passwd.c | 3 +++ modules/pam_unix/passverify.c | 3 +++ modules/pam_unix/support.c | 3 +++ modules/pam_xauth/pam_xauth.c | 4 ++++ 10 files changed, 63 insertions(+), 1 deletion(-) create mode 100644 libpam/include/pam_cc_compat.h (limited to 'modules/pam_unix/pam_unix_passwd.c') diff --git a/libpam/Makefile.am b/libpam/Makefile.am index d9f9e041..9d5c844d 100644 --- a/libpam/Makefile.am +++ b/libpam/Makefile.am @@ -23,7 +23,7 @@ include_HEADERS = include/security/_pam_compat.h \ include/security/pam_ext.h include/security/pam_modutil.h noinst_HEADERS = pam_prelude.h pam_private.h pam_tokens.h \ - pam_modutil_private.h + pam_modutil_private.h include/pam_cc_compat.h libpam_la_LDFLAGS = -no-undefined -version-info 84:2:84 libpam_la_LIBADD = @LIBAUDIT@ $(LIBPRELUDE_LIBS) $(ECONF_LIBS) @LIBDL@ diff --git a/libpam/include/pam_cc_compat.h b/libpam/include/pam_cc_compat.h new file mode 100644 index 00000000..a4b84c62 --- /dev/null +++ b/libpam/include/pam_cc_compat.h @@ -0,0 +1,35 @@ +/* + * Copyright (c) 2020 Dmitry V. Levin + */ + +#ifndef PAM_CC_COMPAT_H +#define PAM_CC_COMPAT_H + +#include "config.h" +#include + +#if defined __clang__ && defined __clang_major__ && defined __clang_minor__ +# define PAM_CLANG_PREREQ(maj, min) \ + ((__clang_major__ << 16) + __clang_minor__ >= ((maj) << 16) + (min)) +#else +# define PAM_CLANG_PREREQ(maj, min) 0 +#endif + +#if PAM_GNUC_PREREQ(4, 6) +# define DIAG_PUSH_IGNORE_CAST_QUAL \ + _Pragma("GCC diagnostic push"); \ + _Pragma("GCC diagnostic ignored \"-Wcast-qual\"") +# define DIAG_POP_IGNORE_CAST_QUAL \ + _Pragma("GCC diagnostic pop") +#elif PAM_CLANG_PREREQ(2, 6) +# define DIAG_PUSH_IGNORE_CAST_QUAL \ + _Pragma("clang diagnostic push"); \ + _Pragma("clang diagnostic ignored \"-Wcast-qual\"") +# define DIAG_POP_IGNORE_CAST_QUAL \ + _Pragma("clang diagnostic pop") +#else +# define DIAG_PUSH_IGNORE_CAST_QUAL /* empty */ +# define DIAG_POP_IGNORE_CAST_QUAL /* empty */ +#endif + +#endif /* PAM_CC_COMPAT_H */ diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c index aec1e7e5..1a4dab47 100644 --- a/modules/pam_mkhomedir/pam_mkhomedir.c +++ b/modules/pam_mkhomedir/pam_mkhomedir.c @@ -58,6 +58,8 @@ #include #include +#include "pam_cc_compat.h" + /* argument parsing */ #define MKHOMEDIR_DEBUG 020 /* be verbose about things */ #define MKHOMEDIR_QUIET 040 /* keep quiet about things */ @@ -143,7 +145,9 @@ create_homedir (pam_handle_t *pamh, options_t *opt, args[2] = opt->umask; args[3] = opt->skeldir; + DIAG_PUSH_IGNORE_CAST_QUAL; execve(MKHOMEDIR_HELPER, (char **)args, envp); + DIAG_POP_IGNORE_CAST_QUAL; /* should not get here: exit with error */ D(("helper binary is not available")); diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c index d49dc621..155d3965 100644 --- a/modules/pam_namespace/pam_namespace.c +++ b/modules/pam_namespace/pam_namespace.c @@ -34,6 +34,7 @@ #define _ATFILE_SOURCE +#include "pam_cc_compat.h" #include "pam_namespace.h" #include "argv_parse.h" @@ -2230,7 +2231,9 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, /* nothing to reset */ return PAM_SUCCESS; + DIAG_PUSH_IGNORE_CAST_QUAL; idata.polydirs_ptr = (void *)polyptr; + DIAG_POP_IGNORE_CAST_QUAL; if (idata.flags & PAMNS_DEBUG) pam_syslog(idata.pamh, LOG_DEBUG, "Resetting namespace for pid %d", diff --git a/modules/pam_tty_audit/pam_tty_audit.c b/modules/pam_tty_audit/pam_tty_audit.c index 79e5d511..7dbcada2 100644 --- a/modules/pam_tty_audit/pam_tty_audit.c +++ b/modules/pam_tty_audit/pam_tty_audit.c @@ -54,6 +54,8 @@ #include #include +#include "pam_cc_compat.h" + #define DATANAME "pam_tty_audit_last_state" /* Open an audit netlink socket */ @@ -79,7 +81,9 @@ nl_send (int fd, unsigned type, unsigned flags, const void *data, size_t size) nlm.nlmsg_pid = 0; iov[0].iov_base = &nlm; iov[0].iov_len = sizeof (nlm); + DIAG_PUSH_IGNORE_CAST_QUAL; iov[1].iov_base = (void *)data; + DIAG_POP_IGNORE_CAST_QUAL; iov[1].iov_len = size; addr.nl_family = AF_NETLINK; addr.nl_pid = 0; diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index e99c2d03..36f68eff 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -59,6 +59,7 @@ #include #include +#include "pam_cc_compat.h" #include "support.h" #include "passverify.h" @@ -127,7 +128,9 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned long long ctrl, args[1] = user; args[2] = "chkexpiry"; + DIAG_PUSH_IGNORE_CAST_QUAL; execve(CHKPWD_HELPER, (char *const *) args, envp); + DIAG_POP_IGNORE_CAST_QUAL; pam_syslog(pamh, LOG_ERR, "helper binary execve failed: %m"); /* should not get here: exit with error */ diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 93300f46..636ace97 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -70,6 +70,7 @@ #include #include +#include "pam_cc_compat.h" #include "md5.h" #include "support.h" #include "passverify.h" @@ -293,7 +294,9 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned long long ctrl, snprintf(buffer, sizeof(buffer), "%d", remember); args[4] = buffer; + DIAG_PUSH_IGNORE_CAST_QUAL; execve(UPDATE_HELPER, (char *const *) args, envp); + DIAG_POP_IGNORE_CAST_QUAL; /* should not get here: exit with error */ D(("helper binary is not available")); diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 67f9e6f7..65307e11 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -25,6 +25,7 @@ #include #endif +#include "pam_cc_compat.h" #include "md5.h" #include "bigcrypt.h" #include "passverify.h" @@ -1020,7 +1021,9 @@ PAMH_ARG_DECL(int unix_update_shadow, fclose(opwfile); if (!wroteentry && !err) { + DIAG_PUSH_IGNORE_CAST_QUAL; spwdent.sp_namp = (char *)forwho; + DIAG_POP_IGNORE_CAST_QUAL; spwdent.sp_pwdp = towhat; spwdent.sp_lstchg = time(NULL) / (60 * 60 * 24); if (spwdent.sp_lstchg == 0) diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 814d4c08..33761840 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -28,6 +28,7 @@ #include #include +#include "pam_cc_compat.h" #include "support.h" #include "passverify.h" @@ -526,7 +527,9 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, args[2]="nonull"; } + DIAG_PUSH_IGNORE_CAST_QUAL; execve(CHKPWD_HELPER, (char *const *) args, envp); + DIAG_POP_IGNORE_CAST_QUAL; /* should not get here: exit with error */ D(("helper binary is not available")); diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c index 3339def8..61e98253 100644 --- a/modules/pam_xauth/pam_xauth.c +++ b/modules/pam_xauth/pam_xauth.c @@ -65,6 +65,8 @@ #include #endif +#include "pam_cc_compat.h" + #define DATANAME "pam_xauth_cookie_file" #define XAUTHENV "XAUTHORITY" #define HOMEENV "HOME" @@ -179,7 +181,9 @@ run_coprocess(pam_handle_t *pamh, const char *input, char **output, } } /* Run the command. */ + DIAG_PUSH_IGNORE_CAST_QUAL; execv(command, (char *const *) args); + DIAG_POP_IGNORE_CAST_QUAL; /* Never reached. */ _exit(1); } -- cgit v1.2.3 From a96e66f788b1460a8ef4c2883207d4474b829d10 Mon Sep 17 00:00:00 2001 From: MIZUTA Takeshi Date: Mon, 3 Feb 2020 19:12:21 +0900 Subject: Remove redundant header file inclusion There are some source code including the same header file redundantly. We remove these redundant header file inclusion. --- modules/pam_issue/pam_issue.c | 1 - modules/pam_loginuid/pam_loginuid.c | 1 - modules/pam_selinux/pam_selinux.c | 2 -- modules/pam_sepermit/pam_sepermit.c | 1 - modules/pam_shells/pam_shells.c | 1 - modules/pam_tally2/pam_tally2.c | 1 - modules/pam_unix/pam_unix_passwd.c | 1 - modules/pam_xauth/pam_xauth.c | 2 -- 8 files changed, 10 deletions(-) (limited to 'modules/pam_unix/pam_unix_passwd.c') diff --git a/modules/pam_issue/pam_issue.c b/modules/pam_issue/pam_issue.c index 5fa21c37..8c5ae576 100644 --- a/modules/pam_issue/pam_issue.c +++ b/modules/pam_issue/pam_issue.c @@ -22,7 +22,6 @@ #include #include #include -#include #include #include #include diff --git a/modules/pam_loginuid/pam_loginuid.c b/modules/pam_loginuid/pam_loginuid.c index 96bfd98e..03c0e3a3 100644 --- a/modules/pam_loginuid/pam_loginuid.c +++ b/modules/pam_loginuid/pam_loginuid.c @@ -42,7 +42,6 @@ #ifdef HAVE_LIBAUDIT #include #include -#include #endif /* diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c index 5affec4f..96f9c831 100644 --- a/modules/pam_selinux/pam_selinux.c +++ b/modules/pam_selinux/pam_selinux.c @@ -63,14 +63,12 @@ #include #include -#include #include #include #ifdef HAVE_LIBAUDIT #include #include -#include #endif /* Send audit message */ diff --git a/modules/pam_sepermit/pam_sepermit.c b/modules/pam_sepermit/pam_sepermit.c index f37af0fb..14965a2f 100644 --- a/modules/pam_sepermit/pam_sepermit.c +++ b/modules/pam_sepermit/pam_sepermit.c @@ -53,7 +53,6 @@ #include #include #include -#include #include #define PAM_SM_AUTH diff --git a/modules/pam_shells/pam_shells.c b/modules/pam_shells/pam_shells.c index c8acb9e2..bfe7f116 100644 --- a/modules/pam_shells/pam_shells.c +++ b/modules/pam_shells/pam_shells.c @@ -15,7 +15,6 @@ #include #include #include -#include #include #include #include diff --git a/modules/pam_tally2/pam_tally2.c b/modules/pam_tally2/pam_tally2.c index 48282a33..fc6d6237 100644 --- a/modules/pam_tally2/pam_tally2.c +++ b/modules/pam_tally2/pam_tally2.c @@ -64,7 +64,6 @@ #include #include #include -#include #include #include "tallylog.h" diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 636ace97..a8eec77a 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -56,7 +56,6 @@ #include #include -#include #include #include diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c index 61e98253..ea99bb03 100644 --- a/modules/pam_xauth/pam_xauth.c +++ b/modules/pam_xauth/pam_xauth.c @@ -50,7 +50,6 @@ #include #include #include -#include #define PAM_SM_SESSION @@ -62,7 +61,6 @@ #ifdef WITH_SELINUX #include #include -#include #endif #include "pam_cc_compat.h" -- cgit v1.2.3 From 9569de568a7eeaf91e2134ee3e1dd00978882903 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Thu, 5 Mar 2020 19:33:12 +0000 Subject: pam_unix: fix --disable-nis compilation warnings When the build is configured using --disable-nis option, gcc complains: pam_unix_passwd.c: In function '_do_setpass': pam_unix_passwd.c:398:8: warning: unused variable 'master' [-Wunused-variable] support.c: In function '_unix_getpwnam': support.c:305:21: warning: parameter 'nis' set but not used [-Wunused-but-set-parameter] * modules/pam_unix/pam_unix_passwd.c (_do_setpass): Move the definition of "master" variable to [HAVE_NIS]. * modules/pam_unix/support.c (_unix_getpwnam) [!(HAVE_YP_GET_DEFAULT_DOMAIN && HAVE_YP_BIND && HAVE_YP_MATCH && HAVE_YP_UNBIND)]: Do not assign the unused parameter but mark it as used. --- modules/pam_unix/pam_unix_passwd.c | 3 ++- modules/pam_unix/support.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'modules/pam_unix/pam_unix_passwd.c') diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index a8eec77a..7985ad1b 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -395,7 +395,6 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho, struct passwd *pwd = NULL; int retval = 0; int unlocked = 0; - char *master = NULL; D(("called")); @@ -408,6 +407,8 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho, if (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, forwho, 0, 1)) { #ifdef HAVE_NIS + char *master; + if ((master=getNISserver(pamh, ctrl)) != NULL) { struct timeval timeout; struct yppasswd yppwd; diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 6a840a26..a04211cd 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -351,7 +351,7 @@ int _unix_getpwnam(pam_handle_t *pamh, const char *name, } #else /* we don't have NIS support, make compiler happy. */ - nis = 0; + (void) nis; #endif if (matched && (ret != NULL)) { -- cgit v1.2.3 From 37b5259298be9137f5b40eef16027152ddb803ff Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Fri, 1 May 2020 19:20:12 +0000 Subject: modules: remove PAM_SM_* macros Starting with commit a684595c0bbd88df71285f43fb27630e3829121e aka Linux-PAM-1.3.0~14 (Remove "--enable-static-modules" option and support from Linux-PAM), PAM_SM_* macros have no effect. --- modules/pam_access/pam_access.c | 16 ++-------------- modules/pam_cracklib/pam_cracklib.c | 17 ++--------------- modules/pam_debug/pam_debug.c | 26 +++++--------------------- modules/pam_deny/pam_deny.c | 18 +----------------- modules/pam_echo/pam_echo.c | 5 ----- modules/pam_env/pam_env.c | 16 ++-------------- modules/pam_exec/pam_exec.c | 6 ------ modules/pam_faildelay/pam_faildelay.c | 7 ++----- modules/pam_faillock/pam_faillock.c | 4 ---- modules/pam_filter/pam_filter.c | 7 +------ modules/pam_ftp/pam_ftp.c | 14 +------------- modules/pam_group/pam_group.c | 13 ++----------- modules/pam_issue/pam_issue.c | 5 ++--- modules/pam_keyinit/pam_keyinit.c | 3 ++- modules/pam_lastlog/pam_lastlog.c | 15 ++------------- modules/pam_limits/pam_limits.c | 2 -- modules/pam_listfile/pam_listfile.c | 14 ++------------ modules/pam_localuser/pam_localuser.c | 4 ++-- modules/pam_loginuid/pam_loginuid.c | 4 +++- modules/pam_mail/pam_mail.c | 14 ++------------ modules/pam_mkhomedir/pam_mkhomedir.c | 9 --------- modules/pam_motd/pam_motd.c | 23 +++++------------------ modules/pam_nologin/pam_nologin.c | 15 +-------------- modules/pam_permit/pam_permit.c | 22 +++------------------- modules/pam_pwhistory/pam_pwhistory.c | 4 ++-- modules/pam_rhosts/pam_rhosts.c | 4 ++-- modules/pam_rootok/pam_rootok.c | 13 +------------ modules/pam_securetty/pam_securetty.c | 14 ++------------ modules/pam_selinux/pam_selinux.c | 4 ---- modules/pam_sepermit/pam_sepermit.c | 4 ---- modules/pam_setquota/pam_setquota.c | 3 --- modules/pam_shells/pam_shells.c | 22 ++++++---------------- modules/pam_stress/pam_stress.c | 12 ------------ modules/pam_succeed_if/pam_succeed_if.c | 6 ------ modules/pam_tally/pam_tally.c | 27 ++------------------------- modules/pam_tally2/pam_tally2.c | 19 ++----------------- modules/pam_time/pam_time.c | 25 ++++++++----------------- modules/pam_timestamp/pam_timestamp.c | 3 --- modules/pam_tty_audit/pam_tty_audit.c | 2 -- modules/pam_umask/pam_umask.c | 4 ++-- modules/pam_unix/pam_unix_acct.c | 6 ++---- modules/pam_unix/pam_unix_auth.c | 7 ++----- modules/pam_unix/pam_unix_passwd.c | 7 ++----- modules/pam_unix/pam_unix_sess.c | 6 +----- modules/pam_userdb/pam_userdb.c | 14 ++------------ modules/pam_usertype/pam_usertype.c | 5 ----- modules/pam_warn/pam_warn.c | 14 +------------- modules/pam_wheel/pam_wheel.c | 7 ++----- modules/pam_xauth/pam_xauth.c | 4 ++-- 49 files changed, 83 insertions(+), 432 deletions(-) (limited to 'modules/pam_unix/pam_unix_passwd.c') diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c index 4c11418d..be726180 100644 --- a/modules/pam_access/pam_access.c +++ b/modules/pam_access/pam_access.c @@ -1,6 +1,6 @@ -/* pam_access module */ - /* + * pam_access module + * * Written by Alexei Nogin 1997/06/15 * (I took login_access from logdaemon-5.6 and converted it to PAM * using parts of pam_time code.) @@ -49,18 +49,6 @@ #include #endif -/* - * here, we make definitions for the externally accessible functions - * in this file (these definitions are required for static modules - * but strongly encouraged generally) they are used to instruct the - * modules include file to define their prototypes. - */ - -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT -#define PAM_SM_SESSION -#define PAM_SM_PASSWORD - #include #include #include diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c index f89f33da..a6ce9395 100644 --- a/modules/pam_cracklib/pam_cracklib.c +++ b/modules/pam_cracklib/pam_cracklib.c @@ -1,8 +1,6 @@ /* * pam_cracklib module - */ - -/* + * * 0.9. switch to using a distance algorithm in similar() * 0.86. added support for setting minimum numbers of digits, uppers, * lowers, and others @@ -15,9 +13,7 @@ * 0.3. Added argument 'debug' * 0.2. new password is fed to cracklib for verify after typed once * 0.1. First release - */ - -/* + * * Written by Cristian Gafton 1996/09/10 * Long password support by Philip W. Dalrymple 1997/07/18 * See the end of the file for Copyright Information @@ -69,15 +65,6 @@ extern char *FascistCheck(char *pw, const char *dictpath); #endif #define MIN(_a, _b) (((_a) < (_b)) ? (_a) : (_b)) -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_PASSWORD - #include #include #include diff --git a/modules/pam_debug/pam_debug.c b/modules/pam_debug/pam_debug.c index 9b68d382..75d475f0 100644 --- a/modules/pam_debug/pam_debug.c +++ b/modules/pam_debug/pam_debug.c @@ -1,32 +1,14 @@ -/* pam_permit module */ - /* - * $Id$ + * pam_debug module * * Written by Andrew Morgan 2001/02/04 * - */ - -#define DEFAULT_USER "nobody" - -#include "config.h" - -#include - -/* * This module is intended as a debugging aide for determining how * the PAM stack is operating. - * - * here, we make definitions for the externally accessible functions - * in this file (these definitions are required for static modules - * but strongly encouraged generally) they are used to instruct the - * modules include file to define their prototypes. */ -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT -#define PAM_SM_SESSION -#define PAM_SM_PASSWORD +#include "config.h" +#include #include #include @@ -35,6 +17,8 @@ #define _PAM_ACTION_UNDEF (-10) #include "../../libpam/pam_tokens.h" +#define DEFAULT_USER "nobody" + /* --- authentication management functions --- */ static int state(pam_handle_t *pamh, const char *text) diff --git a/modules/pam_deny/pam_deny.c b/modules/pam_deny/pam_deny.c index 155a1f5d..a2fe0c23 100644 --- a/modules/pam_deny/pam_deny.c +++ b/modules/pam_deny/pam_deny.c @@ -1,26 +1,10 @@ -/* pam_deny module */ - /* - * $Id$ + * pam_deny module * * Written by Andrew Morgan 1996/3/11 - * - */ - -/* - * here, we make definitions for the externally accessible functions - * in this file (these definitions are required for static modules - * but strongly encouraged generally) they are used to instruct the - * modules include file to define their prototypes. */ #include "config.h" - -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT -#define PAM_SM_SESSION -#define PAM_SM_PASSWORD - #include /* --- authentication management functions --- */ diff --git a/modules/pam_echo/pam_echo.c b/modules/pam_echo/pam_echo.c index bd5910b9..181aeb4c 100644 --- a/modules/pam_echo/pam_echo.c +++ b/modules/pam_echo/pam_echo.c @@ -52,11 +52,6 @@ #define HOST_NAME_MAX 255 #endif -#define PAM_SM_ACCOUNT -#define PAM_SM_AUTH -#define PAM_SM_PASSWORD -#define PAM_SM_SESSION - #include #include #include diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c index 1bdc119d..79d43722 100644 --- a/modules/pam_env/pam_env.c +++ b/modules/pam_env/pam_env.c @@ -1,6 +1,6 @@ -/* pam_env module */ - /* + * pam_env module + * * Written by Dave Kinchlea 1997/01/31 * Inspired by Andrew Morgan , who also supplied the * template for this file (via pam_mail) @@ -26,18 +26,6 @@ #include #include -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_AUTH /* This is primarily a AUTH_SETCRED module */ -#define PAM_SM_SESSION /* But I like to be friendly */ -#define PAM_SM_PASSWORD /* "" */ -#define PAM_SM_ACCOUNT /* "" */ - #include #include #include diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c index 918422cf..5ca85ab3 100644 --- a/modules/pam_exec/pam_exec.c +++ b/modules/pam_exec/pam_exec.c @@ -49,12 +49,6 @@ #include #include - -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT -#define PAM_SM_SESSION -#define PAM_SM_PASSWORD - #include #include #include diff --git a/modules/pam_faildelay/pam_faildelay.c b/modules/pam_faildelay/pam_faildelay.c index 215074b2..02c5fafd 100644 --- a/modules/pam_faildelay/pam_faildelay.c +++ b/modules/pam_faildelay/pam_faildelay.c @@ -1,6 +1,6 @@ -/* pam_faildelay module */ - /* + * pam_faildelay module + * * Allows an admin to set the delay on failure per-application. * Provides "auth" interface only. * @@ -70,9 +70,6 @@ #include #include - -#define PAM_SM_AUTH - #include #include #include diff --git a/modules/pam_faillock/pam_faillock.c b/modules/pam_faillock/pam_faillock.c index 94c175b4..e340a83c 100644 --- a/modules/pam_faillock/pam_faillock.c +++ b/modules/pam_faillock/pam_faillock.c @@ -55,12 +55,8 @@ #include #include "pam_inline.h" - #include "faillock.h" -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT - #define FAILLOCK_ACTION_PREAUTH 0 #define FAILLOCK_ACTION_AUTHSUCC 1 #define FAILLOCK_ACTION_AUTHFAIL 2 diff --git a/modules/pam_filter/pam_filter.c b/modules/pam_filter/pam_filter.c index 4f75486d..9b523da2 100644 --- a/modules/pam_filter/pam_filter.c +++ b/modules/pam_filter/pam_filter.c @@ -1,5 +1,5 @@ /* - * $Id$ + * pam_filter module * * written by Andrew Morgan with much help from * Richard Stevens' UNIX Network Programming book. @@ -25,11 +25,6 @@ #include -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT -#define PAM_SM_SESSION -#define PAM_SM_PASSWORD - #include #include #include "pam_filter.h" diff --git a/modules/pam_ftp/pam_ftp.c b/modules/pam_ftp/pam_ftp.c index ce6ead9a..0d53e5a5 100644 --- a/modules/pam_ftp/pam_ftp.c +++ b/modules/pam_ftp/pam_ftp.c @@ -1,10 +1,7 @@ -/* pam_ftp module */ - /* - * $Id$ + * pam_ftp module * * Written by Andrew Morgan 1996/3/11 - * */ #define PLEASE_ENTER_PASSWORD "Password required for %s." @@ -23,15 +20,6 @@ #include #include -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_AUTH - #include #include #include diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c index 2172a0b5..b5532b81 100644 --- a/modules/pam_group/pam_group.c +++ b/modules/pam_group/pam_group.c @@ -1,6 +1,6 @@ -/* pam_group module */ - /* + * pam_group module + * * Written by Andrew Morgan 1996/7/6 * Field parsing rewritten by Tomas Mraz */ @@ -35,15 +35,6 @@ typedef enum { AND, OR } operator; -/* - * here, we make definitions for the externally accessible functions - * in this file (these definitions are required for static modules - * but strongly encouraged generally) they are used to instruct the - * modules include file to define their prototypes. - */ - -#define PAM_SM_AUTH - #include #include #include diff --git a/modules/pam_issue/pam_issue.c b/modules/pam_issue/pam_issue.c index 8a74ce03..5b6a4669 100644 --- a/modules/pam_issue/pam_issue.c +++ b/modules/pam_issue/pam_issue.c @@ -1,4 +1,5 @@ -/* pam_issue module - a simple /etc/issue parser to set PAM_USER_PROMPT +/* + * pam_issue module - a simple /etc/issue parser to set PAM_USER_PROMPT * * Copyright 1999 by Ben Collins * @@ -28,8 +29,6 @@ #include #include -#define PAM_SM_AUTH - #include #include #include diff --git a/modules/pam_keyinit/pam_keyinit.c b/modules/pam_keyinit/pam_keyinit.c index d58744d7..b3aec483 100644 --- a/modules/pam_keyinit/pam_keyinit.c +++ b/modules/pam_keyinit/pam_keyinit.c @@ -1,4 +1,5 @@ -/* pam_keyinit.c: Initialise the session keyring on login through a PAM module +/* + * pam_keyinit: Initialise the session keyring on login through a PAM module * * Copyright (C) 2006 Red Hat, Inc. All Rights Reserved. * Written by David Howells (dhowells@redhat.com) diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c index 1f707d93..1c46d03a 100644 --- a/modules/pam_lastlog/pam_lastlog.c +++ b/modules/pam_lastlog/pam_lastlog.c @@ -1,6 +1,6 @@ -/* pam_lastlog module */ - /* + * pam_lastlog module + * * Written by Andrew Morgan 1996/3/11 * * This module does the necessary work to display the last login @@ -66,17 +66,6 @@ struct lastlog { #define DEFAULT_INACTIVE_DAYS 90 #define MAX_INACTIVE_DAYS 100000 -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_SESSION -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT - #include #include #include diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c index c8a03ae4..b791cdce 100644 --- a/modules/pam_limits/pam_limits.c +++ b/modules/pam_limits/pam_limits.c @@ -102,8 +102,6 @@ struct pam_limit_s { #define LIMIT_SOFT 1 #define LIMIT_HARD 2 -#define PAM_SM_SESSION - #include #include #include diff --git a/modules/pam_listfile/pam_listfile.c b/modules/pam_listfile/pam_listfile.c index 44e0655c..74ebae1a 100644 --- a/modules/pam_listfile/pam_listfile.c +++ b/modules/pam_listfile/pam_listfile.c @@ -1,4 +1,6 @@ /* + * pam_listfile module + * * by Elliot Lee , Red Hat Software. July 25, 1996. * log refused access error christopher mccrory 1998/7/11 * @@ -22,18 +24,6 @@ #include #endif -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT -#define PAM_SM_PASSWORD -#define PAM_SM_SESSION - #include #include #include diff --git a/modules/pam_localuser/pam_localuser.c b/modules/pam_localuser/pam_localuser.c index ac51e4ef..3633b535 100644 --- a/modules/pam_localuser/pam_localuser.c +++ b/modules/pam_localuser/pam_localuser.c @@ -1,4 +1,6 @@ /* + * pam_localuser module + * * Copyright 2001, 2004 Red Hat, Inc. * * Redistribution and use in source and binary forms, with or without @@ -47,8 +49,6 @@ #include #include -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT #include #include #include diff --git a/modules/pam_loginuid/pam_loginuid.c b/modules/pam_loginuid/pam_loginuid.c index 03c0e3a3..31181789 100644 --- a/modules/pam_loginuid/pam_loginuid.c +++ b/modules/pam_loginuid/pam_loginuid.c @@ -1,4 +1,6 @@ -/* pam_loginuid.c -- +/* + * pam_loginuid module + * * Copyright 2005 Red Hat Inc., Durham, North Carolina. * All Rights Reserved. * diff --git a/modules/pam_mail/pam_mail.c b/modules/pam_mail/pam_mail.c index 2439ae75..c923817d 100644 --- a/modules/pam_mail/pam_mail.c +++ b/modules/pam_mail/pam_mail.c @@ -1,6 +1,6 @@ -/* pam_mail module */ - /* + * pam_mail module + * * Written by Andrew Morgan 1996/3/11 * $HOME additions by David Kinchlea 1997/1/7 * mailhash additions by Chris Adams 1998/7/11 @@ -30,16 +30,6 @@ #define MAIL_ENV_NAME "MAIL" #define MAIL_ENV_FORMAT MAIL_ENV_NAME "=%s" -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_SESSION -#define PAM_SM_AUTH - #include #include #include diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c index 6e035f70..5f9b1661 100644 --- a/modules/pam_mkhomedir/pam_mkhomedir.c +++ b/modules/pam_mkhomedir/pam_mkhomedir.c @@ -44,15 +44,6 @@ #include #include -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_SESSION - #include #include #include diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c index 8147c6fd..46f4fe61 100644 --- a/modules/pam_motd/pam_motd.c +++ b/modules/pam_motd/pam_motd.c @@ -1,13 +1,8 @@ -/* pam_motd module */ - /* - * Modified for pam_motd by Ben Collins - * - * Based off of: - * $Id$ + * pam_motd module * + * Modified for pam_motd by Ben Collins * Written by Michael K. Johnson 1996/10/24 - * */ #include "config.h" @@ -26,21 +21,13 @@ #include #include -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_SESSION -#define DEFAULT_MOTD "/etc/motd:/run/motd:/usr/lib/motd" -#define DEFAULT_MOTD_D "/etc/motd.d:/run/motd.d:/usr/lib/motd.d" - #include #include #include "pam_inline.h" +#define DEFAULT_MOTD "/etc/motd:/run/motd:/usr/lib/motd" +#define DEFAULT_MOTD_D "/etc/motd.d:/run/motd.d:/usr/lib/motd.d" + /* --- session management functions (only) --- */ int diff --git a/modules/pam_nologin/pam_nologin.c b/modules/pam_nologin/pam_nologin.c index 775dda87..8666251a 100644 --- a/modules/pam_nologin/pam_nologin.c +++ b/modules/pam_nologin/pam_nologin.c @@ -1,10 +1,7 @@ -/* pam_nologin module */ - /* - * $Id$ + * pam_nologin module * * Written by Michael K. Johnson 1996/10/24 - * */ #include "config.h" @@ -19,16 +16,6 @@ #include #include -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT - #include #include #include diff --git a/modules/pam_permit/pam_permit.c b/modules/pam_permit/pam_permit.c index c773087a..9e2aedf4 100644 --- a/modules/pam_permit/pam_permit.c +++ b/modules/pam_permit/pam_permit.c @@ -1,33 +1,17 @@ -/* pam_permit module */ - /* - * $Id$ + * pam_permit module * * Written by Andrew Morgan 1996/3/11 - * */ #include "config.h" - -#define DEFAULT_USER "nobody" - #include -/* - * here, we make definitions for the externally accessible functions - * in this file (these definitions are required for static modules - * but strongly encouraged generally) they are used to instruct the - * modules include file to define their prototypes. - */ - -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT -#define PAM_SM_SESSION -#define PAM_SM_PASSWORD - #include #include +#define DEFAULT_USER "nobody" + /* --- authentication management functions --- */ int diff --git a/modules/pam_pwhistory/pam_pwhistory.c b/modules/pam_pwhistory/pam_pwhistory.c index 2d4507d5..c77eb3ea 100644 --- a/modules/pam_pwhistory/pam_pwhistory.c +++ b/modules/pam_pwhistory/pam_pwhistory.c @@ -1,4 +1,6 @@ /* + * pam_pwhistory module + * * Copyright (c) 2008, 2012 Thorsten Kukuk * Author: Thorsten Kukuk * @@ -38,8 +40,6 @@ #include #endif -#define PAM_SM_PASSWORD - #include #include #include diff --git a/modules/pam_rhosts/pam_rhosts.c b/modules/pam_rhosts/pam_rhosts.c index 258a7299..ab2fbd09 100644 --- a/modules/pam_rhosts/pam_rhosts.c +++ b/modules/pam_rhosts/pam_rhosts.c @@ -1,4 +1,6 @@ /* + * pam_rhosts module + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -38,8 +40,6 @@ #include #include -#define PAM_SM_AUTH /* only defines this management group */ - #include #include #include diff --git a/modules/pam_rootok/pam_rootok.c b/modules/pam_rootok/pam_rootok.c index accba21a..3a00d545 100644 --- a/modules/pam_rootok/pam_rootok.c +++ b/modules/pam_rootok/pam_rootok.c @@ -1,7 +1,5 @@ -/* pam_rootok module */ - /* - * $Id$ + * pam_rootok module * * Written by Andrew Morgan 1996/3/11 */ @@ -14,15 +12,6 @@ #include #include -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_AUTH - #include #include diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c index e594fb6a..9a2835ef 100644 --- a/modules/pam_securetty/pam_securetty.c +++ b/modules/pam_securetty/pam_securetty.c @@ -1,6 +1,6 @@ -/* pam_securetty module */ - /* + * pam_securetty module + * * by Elliot Lee , Red Hat Software. * July 25, 1996. * This code shamelessly ripped from the pam_rootok module. @@ -22,16 +22,6 @@ #include #include -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT - #include #include #include diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c index deae3ef1..06c3ce65 100644 --- a/modules/pam_selinux/pam_selinux.c +++ b/modules/pam_selinux/pam_selinux.c @@ -36,7 +36,6 @@ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. - * */ #include "config.h" @@ -53,9 +52,6 @@ #include #include -#define PAM_SM_AUTH -#define PAM_SM_SESSION - #include #include #include diff --git a/modules/pam_sepermit/pam_sepermit.c b/modules/pam_sepermit/pam_sepermit.c index 442703d3..b6fde6c5 100644 --- a/modules/pam_sepermit/pam_sepermit.c +++ b/modules/pam_sepermit/pam_sepermit.c @@ -35,7 +35,6 @@ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. - * */ #include "config.h" @@ -55,9 +54,6 @@ #include #include -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT - #include #include #include diff --git a/modules/pam_setquota/pam_setquota.c b/modules/pam_setquota/pam_setquota.c index 3e2b9508..43c76d66 100644 --- a/modules/pam_setquota/pam_setquota.c +++ b/modules/pam_setquota/pam_setquota.c @@ -6,7 +6,6 @@ Copyright © 2010 Shane Tzen Copyright © 2012-2020 Sven Hartge Copyright © 2016 Keller Fuchs - */ #include @@ -19,8 +18,6 @@ #include #include -#define PAM_SM_SESSION - #include #include #include diff --git a/modules/pam_shells/pam_shells.c b/modules/pam_shells/pam_shells.c index ae67a423..eec86dc4 100644 --- a/modules/pam_shells/pam_shells.c +++ b/modules/pam_shells/pam_shells.c @@ -1,10 +1,6 @@ -/* pam_shells module */ - -#define SHELL_FILE "/etc/shells" - -#define DEFAULT_SHELL "/bin/sh" - /* + * pam_shells module + * * by Erik Troan , Red Hat Software. * August 5, 1996. * This code shamelessly ripped from the pam_securetty module. @@ -21,20 +17,14 @@ #include #include -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT - #include #include #include +#define SHELL_FILE "/etc/shells" + +#define DEFAULT_SHELL "/bin/sh" + static int perform_check(pam_handle_t *pamh) { int retval = PAM_AUTH_ERR; diff --git a/modules/pam_stress/pam_stress.c b/modules/pam_stress/pam_stress.c index 024455e5..62348fab 100644 --- a/modules/pam_stress/pam_stress.c +++ b/modules/pam_stress/pam_stress.c @@ -15,18 +15,6 @@ #include #include -/* - * here, we make definitions for the externally accessible functions - * in this file (these definitions are required for static modules - * but strongly encouraged generally) they are used to instruct the - * modules include file to define their prototypes. - */ - -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT -#define PAM_SM_SESSION -#define PAM_SM_PASSWORD - #include #include #include diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c index 82de4f33..76bc9825 100644 --- a/modules/pam_succeed_if/pam_succeed_if.c +++ b/modules/pam_succeed_if/pam_succeed_if.c @@ -34,7 +34,6 @@ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. - * */ #include "config.h" @@ -54,11 +53,6 @@ #include #include -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT -#define PAM_SM_SESSION -#define PAM_SM_PASSWORD - #include #include #include diff --git a/modules/pam_tally/pam_tally.c b/modules/pam_tally/pam_tally.c index 6f578988..08b5ace2 100644 --- a/modules/pam_tally/pam_tally.c +++ b/modules/pam_tally/pam_tally.c @@ -1,10 +1,7 @@ /* - * pam_tally.c + * pam_tally module * - */ - - -/* By Tim Baverstock , Multi Media Machine Ltd. + * By Tim Baverstock , Multi Media Machine Ltd. * 5 March 1997 * * Stuff stolen from pam_rootok and pam_listfile @@ -30,19 +27,7 @@ #include #include "faillog.h" -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - #ifndef MAIN -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT -/* #define PAM_SM_SESSION */ -/* #define PAM_SM_PASSWORD */ - #include #include #endif @@ -615,8 +600,6 @@ tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts) /* --- authentication management functions (only) --- */ -#ifdef PAM_SM_AUTH - int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) @@ -686,14 +669,10 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, return tally_reset(pamh, uid, opts); } -#endif - /*---------------------------------------------------------------------*/ /* --- authentication management functions (only) --- */ -#ifdef PAM_SM_ACCOUNT - /* To reset failcount of user on successful login */ int @@ -731,8 +710,6 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, return tally_reset(pamh, uid, opts); } -#endif /* #ifdef PAM_SM_ACCOUNT */ - /*-----------------------------------------------------------------------*/ #else /* #ifndef MAIN */ diff --git a/modules/pam_tally2/pam_tally2.c b/modules/pam_tally2/pam_tally2.c index e8c74eb9..8c171b68 100644 --- a/modules/pam_tally2/pam_tally2.c +++ b/modules/pam_tally2/pam_tally2.c @@ -1,10 +1,7 @@ /* - * pam_tally2.c + * pam_tally2 module * - */ - - -/* By Tim Baverstock , Multi Media Machine Ltd. + * By Tim Baverstock , Multi Media Machine Ltd. * 5 March 1997 * * Stuff stolen from pam_rootok and pam_listfile @@ -76,19 +73,7 @@ #define fseeko fseek #endif -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - #ifndef MAIN -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT -/* #define PAM_SM_SESSION */ -/* #define PAM_SM_PASSWORD */ - #include #endif #include diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c index 0643523a..e786d0f9 100644 --- a/modules/pam_time/pam_time.c +++ b/modules/pam_time/pam_time.c @@ -1,6 +1,6 @@ -/* pam_time module */ - /* + * pam_time module + * * Written by Andrew Morgan 1996/6/22 * (File syntax and much other inspiration from the shadow package * shadow-960129) @@ -23,6 +23,12 @@ #include #include +#include +#include +#include +#include +#include "pam_inline.h" + #ifdef HAVE_LIBAUDIT #include #endif @@ -42,21 +48,6 @@ typedef enum { AND, OR } operator; -/* - * here, we make definitions for the externally accessible functions - * in this file (these definitions are required for static modules - * but strongly encouraged generally) they are used to instruct the - * modules include file to define their prototypes. - */ - -#define PAM_SM_ACCOUNT - -#include -#include -#include -#include -#include "pam_inline.h" - static int _pam_parse (const pam_handle_t *pamh, int argc, const char **argv, const char **conffile) { diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c index 420ce9eb..249a9692 100644 --- a/modules/pam_timestamp/pam_timestamp.c +++ b/modules/pam_timestamp/pam_timestamp.c @@ -38,9 +38,6 @@ * */ -#define PAM_SM_AUTH -#define PAM_SM_SESSION - #include "config.h" #include diff --git a/modules/pam_tty_audit/pam_tty_audit.c b/modules/pam_tty_audit/pam_tty_audit.c index 1d9256c3..2f04a05c 100644 --- a/modules/pam_tty_audit/pam_tty_audit.c +++ b/modules/pam_tty_audit/pam_tty_audit.c @@ -48,8 +48,6 @@ #include #include -#define PAM_SM_SESSION - #include #include #include diff --git a/modules/pam_umask/pam_umask.c b/modules/pam_umask/pam_umask.c index 45b048e3..1b5df4b6 100644 --- a/modules/pam_umask/pam_umask.c +++ b/modules/pam_umask/pam_umask.c @@ -1,4 +1,6 @@ /* + * pam_umask module + * * Copyright (c) 2005, 2006, 2007, 2010, 2013 Thorsten Kukuk * * Redistribution and use in source and binary forms, with or without @@ -50,8 +52,6 @@ #include #include -#define PAM_SM_SESSION - #include #include #include diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index 0c5dff96..de8d65c1 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -1,4 +1,6 @@ /* + * pam_unix account management + * * Copyright Elliot Lee, 1996. All rights reserved. * Copyright Jan Rękorajski, 1999. All rights reserved. * @@ -51,10 +53,6 @@ #include -/* indicate that the following groups are defined */ - -#define PAM_SM_ACCOUNT - #include #include #include diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c index 40ff7c65..9a0cd372 100644 --- a/modules/pam_unix/pam_unix_auth.c +++ b/modules/pam_unix/pam_unix_auth.c @@ -1,4 +1,6 @@ /* + * pam_unix authentication management + * * Copyright Alexander O. Yuriev, 1996. All rights reserved. * NIS+ support by Thorsten Kukuk * Copyright Jan Rękorajski, 1999. All rights reserved. @@ -48,11 +50,6 @@ #include #include -/* indicate the following groups are defined */ - -#define PAM_SM_AUTH - -#define _PAM_EXTERN_FUNCTIONS #include #include #include diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 7985ad1b..e9c960a2 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -1,4 +1,6 @@ /* + * pam_unix password management + * * Main coding by Elliot Lee , Red Hat Software. * Copyright (C) 1996. * Copyright (c) Jan Rękorajski, 1999. @@ -60,11 +62,6 @@ #include #include - -/* indicate the following groups are defined */ - -#define PAM_SM_PASSWORD - #include #include #include diff --git a/modules/pam_unix/pam_unix_sess.c b/modules/pam_unix/pam_unix_sess.c index 437d1242..3f6a8fb3 100644 --- a/modules/pam_unix/pam_unix_sess.c +++ b/modules/pam_unix/pam_unix_sess.c @@ -1,5 +1,5 @@ /* - * $Id$ + * pam_unix session management * * Copyright Alexander O. Yuriev, 1996. All rights reserved. * Copyright Jan Rękorajski, 1999. All rights reserved. @@ -47,10 +47,6 @@ #include #include -/* indicate the following groups are defined */ - -#define PAM_SM_SESSION - #include #include #include diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c index 32e759e3..d7d41233 100644 --- a/modules/pam_userdb/pam_userdb.c +++ b/modules/pam_userdb/pam_userdb.c @@ -1,6 +1,6 @@ -/* pam_userdb module */ - /* + * pam_userdb module + * * Written by Cristian Gafton 1996/09/10 * See the end of the file for Copyright Information */ @@ -37,16 +37,6 @@ # endif #endif -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT - #include #include #include diff --git a/modules/pam_usertype/pam_usertype.c b/modules/pam_usertype/pam_usertype.c index 820cf693..76325063 100644 --- a/modules/pam_usertype/pam_usertype.c +++ b/modules/pam_usertype/pam_usertype.c @@ -48,11 +48,6 @@ #include #include -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT -#define PAM_SM_SESSION -#define PAM_SM_PASSWORD - #include #include #include diff --git a/modules/pam_warn/pam_warn.c b/modules/pam_warn/pam_warn.c index 1d196ad3..d91c3e9f 100644 --- a/modules/pam_warn/pam_warn.c +++ b/modules/pam_warn/pam_warn.c @@ -1,7 +1,5 @@ -/* pam_warn module */ - /* - * $Id$ + * pam_warn module * * Written by Andrew Morgan 1996/3/11 */ @@ -13,16 +11,6 @@ #include #include -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_AUTH -#define PAM_SM_PASSWORD - #include #include diff --git a/modules/pam_wheel/pam_wheel.c b/modules/pam_wheel/pam_wheel.c index 32b6cdb0..94f8887a 100644 --- a/modules/pam_wheel/pam_wheel.c +++ b/modules/pam_wheel/pam_wheel.c @@ -1,6 +1,6 @@ -/* pam_wheel module */ - /* + * pam_wheel module + * * Written by Cristian Gafton 1996/09/10 * See the end of the file for Copyright Information * @@ -39,9 +39,6 @@ * modules include file to define the function prototypes. */ -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT - #include #include #include diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c index 7d661a45..7a9f202b 100644 --- a/modules/pam_xauth/pam_xauth.c +++ b/modules/pam_xauth/pam_xauth.c @@ -1,4 +1,6 @@ /* + * pam_xauth module + * * Copyright 2001-2003 Red Hat, Inc. * * Redistribution and use in source and binary forms, with or without @@ -51,8 +53,6 @@ #include #include -#define PAM_SM_SESSION - #include #include #include -- cgit v1.2.3 From 5aca62a102b7309f1d96ded01ad1e7f94310fade Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Fri, 15 May 2020 08:00:00 +0000 Subject: modules: do not check user name for NULL if pam_get_user returned PAM_SUCCESS If pam_get_user returned PAM_SUCCESS, the user name is guaranteed to be a valid C string, no need to double check that. * modules/pam_access/pam_access.c (pam_sm_authenticate): Do not check for NULL the user name returned by pam_get_user when the latter returned PAM_SUCCESS. * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Likewise. * modules/pam_debug/pam_debug.c (pam_sm_authenticate): Likewise. * modules/pam_filter/pam_filter.c (process_args): Likewise. * modules/pam_ftp/pam_ftp.c (pam_sm_authenticate): Likewise. * modules/pam_group/pam_group.c (pam_sm_setcred): Likewise. * modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise. * modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): Likewise. * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Likewise. * modules/pam_mail/pam_mail.c (_do_mail): Likewise. * modules/pam_nologin/pam_nologin.c (perform_check): Likewise. * modules/pam_permit/pam_permit.c (pam_sm_authenticate): Likewise. * modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Likewise. * modules/pam_rhosts/pam_rhosts.c (pam_sm_authenticate): Likewise. * modules/pam_securetty/pam_securetty.c (pam_sm_authenticate): Likewise. * modules/pam_sepermit/pam_sepermit.c (pam_sm_authenticate): Likewise. * modules/pam_shells/pam_shells.c (perform_check): Likewise. * modules/pam_stress/pam_stress.c (pam_sm_authenticate): Likewise. * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Likewise. * modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Likewise. * modules/pam_timestamp/pam_timestamp.c (get_timestamp_name): Likewise. * modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise. * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise. * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Likewise. * modules/pam_usertype/pam_usertype.c (pam_usertype_get_uid): Likewise. * modules/pam_wheel/pam_wheel.c (perform_check): Likewise. * modules/pam_userdb/pam_userdb.c (pam_sm_authenticate, pam_sm_acct_mgmt): Likewise. --- modules/pam_access/pam_access.c | 2 +- modules/pam_cracklib/pam_cracklib.c | 2 +- modules/pam_debug/pam_debug.c | 2 +- modules/pam_filter/pam_filter.c | 3 +-- modules/pam_ftp/pam_ftp.c | 2 +- modules/pam_group/pam_group.c | 3 +-- modules/pam_lastlog/pam_lastlog.c | 3 +-- modules/pam_listfile/pam_listfile.c | 4 ++-- modules/pam_localuser/pam_localuser.c | 2 +- modules/pam_mail/pam_mail.c | 2 +- modules/pam_nologin/pam_nologin.c | 2 +- modules/pam_permit/pam_permit.c | 2 +- modules/pam_pwhistory/pam_pwhistory.c | 2 +- modules/pam_rhosts/pam_rhosts.c | 2 +- modules/pam_securetty/pam_securetty.c | 2 +- modules/pam_sepermit/pam_sepermit.c | 3 +-- modules/pam_shells/pam_shells.c | 4 ++-- modules/pam_stress/pam_stress.c | 4 +--- modules/pam_succeed_if/pam_succeed_if.c | 2 +- modules/pam_time/pam_time.c | 3 +-- modules/pam_timestamp/pam_timestamp.c | 5 +---- modules/pam_umask/pam_umask.c | 10 +++------- modules/pam_unix/pam_unix_auth.c | 2 +- modules/pam_unix/pam_unix_passwd.c | 2 +- modules/pam_userdb/pam_userdb.c | 4 ++-- modules/pam_usertype/pam_usertype.c | 2 +- modules/pam_wheel/pam_wheel.c | 2 +- 27 files changed, 32 insertions(+), 46 deletions(-) (limited to 'modules/pam_unix/pam_unix_passwd.c') diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c index be726180..b0289a3a 100644 --- a/modules/pam_access/pam_access.c +++ b/modules/pam_access/pam_access.c @@ -819,7 +819,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, /* set username */ - if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user == NULL + if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || *user == '\0') { pam_syslog(pamh, LOG_ERR, "cannot determine the user's name"); return PAM_USER_UNKNOWN; diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c index a6ce9395..f6fb0130 100644 --- a/modules/pam_cracklib/pam_cracklib.c +++ b/modules/pam_cracklib/pam_cracklib.c @@ -687,7 +687,7 @@ static int _pam_unix_approve_pass(pam_handle_t *pamh, } retval = pam_get_user(pamh, &user, NULL); - if (retval != PAM_SUCCESS || user == NULL) { + if (retval != PAM_SUCCESS) { if (ctrl & PAM_DEBUG_ARG) pam_syslog(pamh,LOG_ERR,"Can not get username"); return PAM_AUTHTOK_ERR; diff --git a/modules/pam_debug/pam_debug.c b/modules/pam_debug/pam_debug.c index 75d475f0..61b39d75 100644 --- a/modules/pam_debug/pam_debug.c +++ b/modules/pam_debug/pam_debug.c @@ -73,7 +73,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, D(("get user returned error: %s", pam_strerror(pamh,retval))); return retval; } - if (user == NULL || *user == '\0') { + if (*user == '\0') { D(("username not known")); retval = pam_set_item(pamh, PAM_USER, (const void *) DEFAULT_USER); if (retval != PAM_SUCCESS) diff --git a/modules/pam_filter/pam_filter.c b/modules/pam_filter/pam_filter.c index 9b523da2..2f0af4fb 100644 --- a/modules/pam_filter/pam_filter.c +++ b/modules/pam_filter/pam_filter.c @@ -171,8 +171,7 @@ static int process_args(pam_handle_t *pamh #define USER_NAME "USER=" #define USER_OFFSET (sizeof(USER_NAME) - 1) - if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || - user == NULL) { + if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) { user = ""; } size = USER_OFFSET+strlen(user); diff --git a/modules/pam_ftp/pam_ftp.c b/modules/pam_ftp/pam_ftp.c index 0d53e5a5..36979d57 100644 --- a/modules/pam_ftp/pam_ftp.c +++ b/modules/pam_ftp/pam_ftp.c @@ -119,7 +119,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, ctrl = _pam_parse(pamh, argc, argv, &users); retval = pam_get_user(pamh, &user, NULL); - if (retval != PAM_SUCCESS || user == NULL) { + if (retval != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR, "no user specified"); return PAM_USER_UNKNOWN; } diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c index b5532b81..8fd8584e 100644 --- a/modules/pam_group/pam_group.c +++ b/modules/pam_group/pam_group.c @@ -771,8 +771,7 @@ pam_sm_setcred (pam_handle_t *pamh, int flags, /* set username */ - if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user == NULL - || *user == '\0') { + if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || *user == '\0') { pam_syslog(pamh, LOG_ERR, "cannot determine the user's name"); return PAM_USER_UNKNOWN; } diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c index 1c46d03a..3e27b3ed 100644 --- a/modules/pam_lastlog/pam_lastlog.c +++ b/modules/pam_lastlog/pam_lastlog.c @@ -669,8 +669,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, /* which user? */ - if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user == NULL - || *user == '\0') { + if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || *user == '\0') { pam_syslog(pamh, LOG_ERR, "cannot determine the user's name"); return PAM_USER_UNKNOWN; } diff --git a/modules/pam_listfile/pam_listfile.c b/modules/pam_listfile/pam_listfile.c index 74ebae1a..4d30d017 100644 --- a/modules/pam_listfile/pam_listfile.c +++ b/modules/pam_listfile/pam_listfile.c @@ -188,7 +188,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, int rval; rval=pam_get_user(pamh,&user_name,NULL); - if((rval==PAM_SUCCESS) && user_name && user_name[0]) { + if(rval==PAM_SUCCESS && user_name[0]) { /* Got it ? Valid ? */ if(apply_type==APPLY_TYPE_USER) { if(strcmp(user_name, apply_val)) { @@ -225,7 +225,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, } if((citem == PAM_USER) && !citemp) { retval = pam_get_user(pamh,&citemp,NULL); - if (retval != PAM_SUCCESS || !citemp) { + if (retval != PAM_SUCCESS) { free(ifname); return PAM_SERVICE_ERR; } diff --git a/modules/pam_localuser/pam_localuser.c b/modules/pam_localuser/pam_localuser.c index 3633b535..6f4f8aea 100644 --- a/modules/pam_localuser/pam_localuser.c +++ b/modules/pam_localuser/pam_localuser.c @@ -100,7 +100,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, return PAM_SYSTEM_ERR; } - if ((user == NULL) || (strlen(user) == 0)) { + if (strlen(user) == 0) { pam_syslog (pamh, LOG_ERR, "user name not valid"); fclose(fp); return PAM_SYSTEM_ERR; diff --git a/modules/pam_mail/pam_mail.c b/modules/pam_mail/pam_mail.c index c923817d..0dc12e1e 100644 --- a/modules/pam_mail/pam_mail.c +++ b/modules/pam_mail/pam_mail.c @@ -382,7 +382,7 @@ static int _do_mail(pam_handle_t *pamh, int flags, int argc, ctrl = _pam_parse(pamh, flags, argc, argv, &path_mail, &hashcount); retval = pam_get_user(pamh, &user, NULL); - if (retval != PAM_SUCCESS || user == NULL) { + if (retval != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR, "cannot determine username"); return PAM_USER_UNKNOWN; } diff --git a/modules/pam_nologin/pam_nologin.c b/modules/pam_nologin/pam_nologin.c index 8666251a..4ba33602 100644 --- a/modules/pam_nologin/pam_nologin.c +++ b/modules/pam_nologin/pam_nologin.c @@ -64,7 +64,7 @@ static int perform_check(pam_handle_t *pamh, struct opt_s *opts) int retval = opts->retval_when_nofile; int fd = -1; - if ((pam_get_user(pamh, &username, NULL) != PAM_SUCCESS) || !username) { + if ((pam_get_user(pamh, &username, NULL) != PAM_SUCCESS)) { pam_syslog(pamh, LOG_ERR, "cannot determine username"); return PAM_USER_UNKNOWN; } diff --git a/modules/pam_permit/pam_permit.c b/modules/pam_permit/pam_permit.c index 9e2aedf4..4f973686 100644 --- a/modules/pam_permit/pam_permit.c +++ b/modules/pam_permit/pam_permit.c @@ -29,7 +29,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, D(("get user returned error: %s", pam_strerror(pamh,retval))); return retval; } - if (user == NULL || *user == '\0') { + if (*user == '\0') { D(("username not known")); retval = pam_set_item(pamh, PAM_USER, (const void *) DEFAULT_USER); if (retval != PAM_SUCCESS) diff --git a/modules/pam_pwhistory/pam_pwhistory.c b/modules/pam_pwhistory/pam_pwhistory.c index c77eb3ea..9b44cd87 100644 --- a/modules/pam_pwhistory/pam_pwhistory.c +++ b/modules/pam_pwhistory/pam_pwhistory.c @@ -139,7 +139,7 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) if (retval != PAM_SUCCESS) return retval; - if (user == NULL || strlen (user) == 0) + if (strlen (user) == 0) { if (options.debug) pam_syslog (pamh, LOG_DEBUG, diff --git a/modules/pam_rhosts/pam_rhosts.c b/modules/pam_rhosts/pam_rhosts.c index ab2fbd09..4dabfa13 100644 --- a/modules/pam_rhosts/pam_rhosts.c +++ b/modules/pam_rhosts/pam_rhosts.c @@ -94,7 +94,7 @@ int pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, return retval; } - if (rhost == NULL || ruser == NULL || luser == NULL) + if (rhost == NULL || ruser == NULL) return PAM_AUTH_ERR; if (opt_superuser && strcmp(opt_superuser, luser) == 0) diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c index 9a2835ef..355a23ab 100644 --- a/modules/pam_securetty/pam_securetty.c +++ b/modules/pam_securetty/pam_securetty.c @@ -83,7 +83,7 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl, } retval = pam_get_user(pamh, &username, NULL); - if (retval != PAM_SUCCESS || username == NULL) { + if (retval != PAM_SUCCESS) { pam_syslog(pamh, LOG_WARNING, "cannot determine username"); return (retval == PAM_CONV_AGAIN ? PAM_INCOMPLETE:PAM_SERVICE_ERR); } diff --git a/modules/pam_sepermit/pam_sepermit.c b/modules/pam_sepermit/pam_sepermit.c index b6fde6c5..b49b0097 100644 --- a/modules/pam_sepermit/pam_sepermit.c +++ b/modules/pam_sepermit/pam_sepermit.c @@ -384,8 +384,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, if (debug) pam_syslog(pamh, LOG_NOTICE, "Parsing config file: %s", cfgfile); - if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user == NULL - || *user == '\0') { + if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || *user == '\0') { pam_syslog(pamh, LOG_ERR, "Cannot determine the user's name"); return PAM_USER_UNKNOWN; } diff --git a/modules/pam_shells/pam_shells.c b/modules/pam_shells/pam_shells.c index eec86dc4..9e15a566 100644 --- a/modules/pam_shells/pam_shells.c +++ b/modules/pam_shells/pam_shells.c @@ -40,7 +40,7 @@ static int perform_check(pam_handle_t *pamh) return PAM_SERVICE_ERR; } - if (!userName || (userName[0] == '\0')) { + if (userName[0] == '\0') { /* Don't let them use a NULL username... */ retval = pam_get_user(pamh,&userName,NULL); @@ -48,7 +48,7 @@ static int perform_check(pam_handle_t *pamh) return PAM_SERVICE_ERR; /* It could still be NULL the second time. */ - if (!userName || (userName[0] == '\0')) + if (userName[0] == '\0') return PAM_SERVICE_ERR; } diff --git a/modules/pam_stress/pam_stress.c b/modules/pam_stress/pam_stress.c index 62348fab..9baba321 100644 --- a/modules/pam_stress/pam_stress.c +++ b/modules/pam_stress/pam_stress.c @@ -217,11 +217,9 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, /* try to get the username */ retval = pam_get_user(pamh, &username, "username: "); - if (retval != PAM_SUCCESS || !username) { + if (retval != PAM_SUCCESS) { pam_syslog(pamh, LOG_WARNING, "pam_sm_authenticate: failed to get username"); - if (retval == PAM_SUCCESS) - retval = PAM_USER_UNKNOWN; /* username was null */ return retval; } else if (ctrl & PAM_ST_DEBUG) { diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c index 76bc9825..db2c2db5 100644 --- a/modules/pam_succeed_if/pam_succeed_if.c +++ b/modules/pam_succeed_if/pam_succeed_if.c @@ -501,7 +501,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, } else { /* Get the user's name. */ ret = pam_get_user(pamh, &user, NULL); - if ((ret != PAM_SUCCESS) || (user == NULL)) { + if (ret != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR, "error retrieving user name: %s", pam_strerror(pamh, ret)); diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c index e786d0f9..d965cabd 100644 --- a/modules/pam_time/pam_time.c +++ b/modules/pam_time/pam_time.c @@ -623,8 +623,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, /* set username */ - if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user == NULL - || *user == '\0') { + if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || *user == '\0') { pam_syslog(pamh, LOG_ERR, "can not get the username"); return PAM_USER_UNKNOWN; } diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c index 249a9692..30be883c 100644 --- a/modules/pam_timestamp/pam_timestamp.c +++ b/modules/pam_timestamp/pam_timestamp.c @@ -296,10 +296,7 @@ get_timestamp_name(pam_handle_t *pamh, int argc, const char **argv, return i; } /* Get the name of the target user. */ - if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) { - user = NULL; - } - if ((user == NULL) || (strlen(user) == 0)) { + if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user[0] == '\0') { return PAM_AUTH_ERR; } if (debug) { diff --git a/modules/pam_umask/pam_umask.c b/modules/pam_umask/pam_umask.c index 1b5df4b6..e17d0fc1 100644 --- a/modules/pam_umask/pam_umask.c +++ b/modules/pam_umask/pam_umask.c @@ -205,14 +205,10 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, return (retval == PAM_CONV_AGAIN ? PAM_INCOMPLETE:retval); } - if (name == NULL || name[0] == '\0') + if (name[0] == '\0') { - if (name) - { - pam_syslog (pamh, LOG_NOTICE, "bad username [%s]", name); - return PAM_USER_UNKNOWN; - } - return PAM_SERVICE_ERR; + pam_syslog (pamh, LOG_NOTICE, "bad username [%s]", name); + return PAM_USER_UNKNOWN; } pw = pam_modutil_getpwnam (pamh, name); diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c index 9a0cd372..4eccff8e 100644 --- a/modules/pam_unix/pam_unix_auth.c +++ b/modules/pam_unix/pam_unix_auth.c @@ -121,7 +121,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) * '+' or '-' as the first character of a user name. Don't * allow this characters here. */ - if (name == NULL || name[0] == '-' || name[0] == '+') { + if (name[0] == '-' || name[0] == '+') { pam_syslog(pamh, LOG_NOTICE, "bad username [%s]", name); retval = PAM_USER_UNKNOWN; AUTH_RETURN; diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index e9c960a2..e988b2e3 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -631,7 +631,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) * '+' or '-' as the first character of a user name. Don't * allow them. */ - if (user == NULL || user[0] == '-' || user[0] == '+') { + if (user[0] == '-' || user[0] == '+') { pam_syslog(pamh, LOG_NOTICE, "bad username [%s]", user); return PAM_USER_UNKNOWN; } diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c index d7d41233..3692465d 100644 --- a/modules/pam_userdb/pam_userdb.c +++ b/modules/pam_userdb/pam_userdb.c @@ -346,7 +346,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, /* Get the username */ retval = pam_get_user(pamh, &username, NULL); - if ((retval != PAM_SUCCESS) || (!username)) { + if (retval != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR, "can not get the username"); return PAM_SERVICE_ERR; } @@ -437,7 +437,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, /* Get the username */ retval = pam_get_user(pamh, &username, NULL); - if ((retval != PAM_SUCCESS) || (!username)) { + if (retval != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR,"can not get the username"); return PAM_SERVICE_ERR; } diff --git a/modules/pam_usertype/pam_usertype.c b/modules/pam_usertype/pam_usertype.c index 76325063..eb656c09 100644 --- a/modules/pam_usertype/pam_usertype.c +++ b/modules/pam_usertype/pam_usertype.c @@ -126,7 +126,7 @@ pam_usertype_get_uid(struct pam_usertype_opts *opts, /* Get uid of user that is being authenticated. */ ret = pam_get_user(pamh, &username, NULL); - if (ret != PAM_SUCCESS || username == NULL) { + if (ret != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR, "error retrieving user name: %s", pam_strerror(pamh, ret)); return ret; diff --git a/modules/pam_wheel/pam_wheel.c b/modules/pam_wheel/pam_wheel.c index 94f8887a..f40eafff 100644 --- a/modules/pam_wheel/pam_wheel.c +++ b/modules/pam_wheel/pam_wheel.c @@ -107,7 +107,7 @@ perform_check (pam_handle_t *pamh, int ctrl, const char *use_group) int retval = PAM_AUTH_ERR; retval = pam_get_user(pamh, &username, NULL); - if ((retval != PAM_SUCCESS) || (!username)) { + if (retval != PAM_SUCCESS) { if (ctrl & PAM_DEBUG_ARG) { pam_syslog(pamh, LOG_DEBUG, "can not get the username"); } -- cgit v1.2.3