From a56a27d91b53f6029760d6a0e38b44b46f086f87 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Tue, 8 Jul 2008 11:20:25 +0000 Subject: Relevant BUGIDs: Purpose of commit: bugfix Commit summary: --------------- 2008-07-08 Thorsten Kukuk * modules/pam_unix/passverify.c (verify_pwd_hash): Adjust debug statement. --- modules/pam_unix/passverify.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/pam_unix/passverify.c') diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 6d588e63..ce5bc450 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -117,7 +117,7 @@ verify_pwd_hash(const char *p, char *hash, unsigned int nullok) p = NULL; /* no longer needed here */ /* the moment of truth -- do we agree with the password? */ - D(("comparing state of pp[%s] and salt[%s]", pp, salt)); + D(("comparing state of pp[%s] and hash[%s]", pp, hash)); if (pp && strcmp(pp, hash) == 0) { retval = PAM_SUCCESS; -- cgit v1.2.3 From b4a78564bec722ef5b17dbba4b2830b2c8d2085b Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Mon, 28 Jul 2008 20:51:56 +0000 Subject: Relevant BUGIDs: Purpose of commit: bugfix (thread safety) Commit summary: --------------- 2008-07-28 Steve Langasek * modules/pam_unix/passverify.c: make save_old_password() thread-safe by using pam_modutil_getpwnam() instead of getpwnam() * modules/pam_unix/passverify.c, modules/pam_unix/passverify.h, modules/pam_unix/pam_unix_passwd.c: add pamh argument to save_old_password() --- ChangeLog | 5 +++++ modules/pam_unix/pam_unix_passwd.c | 2 +- modules/pam_unix/passverify.c | 8 +++++++- modules/pam_unix/passverify.h | 6 ++++++ 4 files changed, 19 insertions(+), 2 deletions(-) (limited to 'modules/pam_unix/passverify.c') diff --git a/ChangeLog b/ChangeLog index 677224a7..f178342f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,11 @@ * libpamc/test/regress/test.libpamc.c: use standard u_int8_t type instead of __u8, as elsewhere. Patch from Roger Leigh . + * modules/pam_unix/passverify.c: make save_old_password() + thread-safe by using pam_modutil_getpwnam() instead of getpwnam() + * modules/pam_unix/passverify.c, modules/pam_unix/passverify.h, + modules/pam_unix/pam_unix_passwd.c: add pamh argument to + save_old_password() 2008-07-27 Steve Langasek diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index abb04c53..240caddb 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -378,7 +378,7 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho, return _unix_run_update_binary(pamh, ctrl, forwho, fromwhat, towhat, remember); #endif /* first, save old password */ - if (save_old_password(forwho, fromwhat, remember)) { + if (save_old_password(pamh, forwho, fromwhat, remember)) { retval = PAM_AUTHTOK_ERR; goto done; } diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index ce5bc450..0f58b019 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -535,9 +535,15 @@ unlock_pwdf(void) } #endif +#ifdef HELPER_COMPILE int save_old_password(const char *forwho, const char *oldpass, int howmany) +#else +int +save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass, + int howmany) +#endif { static char buf[16384]; static char nbuf[16384]; @@ -653,7 +659,7 @@ save_old_password(const char *forwho, const char *oldpass, fclose(opwfile); if (!found) { - pwd = getpwnam(forwho); + pwd = pam_modutil_getpwnam(pamh, forwho); if (pwd == NULL) { err = 1; } else { diff --git a/modules/pam_unix/passverify.h b/modules/pam_unix/passverify.h index e8e112d0..21bb9232 100644 --- a/modules/pam_unix/passverify.h +++ b/modules/pam_unix/passverify.h @@ -33,9 +33,15 @@ lock_pwdf(void); void unlock_pwdf(void); +#ifdef HELPER_COMPILE int save_old_password(const char *forwho, const char *oldpass, int howmany); +#else +int +save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass, + int howmany); +#endif #ifdef HELPER_COMPILE void -- cgit v1.2.3 From ca0f93a7e6a1b3e0d2d94b658d84e9b34b17577b Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Sun, 30 Nov 2008 17:13:58 +0000 Subject: Relevant BUGIDs: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Purpose of commit: bugfix Commit summary: --------------- 2008-11-29 Thorsten Kukuk * configure.in: Check for xcrypt.h, fix typo in libaudit check. * modules/pam_cracklib/pam_cracklib.c: Include xcrypt.h if available. * modules/pam_unix/bigcrypt.c: Likewise. * modules/pam_unix/passverify.c: Likewise. * modules/pam_userdb/pam_userdb.c: Likewise. Patch from Diego Flameeyes Pettenò --- ChangeLog | 8 ++++++++ configure.in | 8 +++++--- modules/pam_cracklib/pam_cracklib.c | 4 +++- modules/pam_unix/bigcrypt.c | 4 +++- modules/pam_unix/passverify.c | 4 +++- modules/pam_userdb/pam_userdb.c | 4 +++- 6 files changed, 25 insertions(+), 7 deletions(-) (limited to 'modules/pam_unix/passverify.c') diff --git a/ChangeLog b/ChangeLog index 43329736..3c055f91 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,13 @@ 2008-11-29 Thorsten Kukuk + * configure.in: Check for xcrypt.h, fix typo in libaudit check. + * modules/pam_cracklib/pam_cracklib.c: Include xcrypt.h if + available. + * modules/pam_unix/bigcrypt.c: Likewise. + * modules/pam_unix/passverify.c: Likewise. + * modules/pam_userdb/pam_userdb.c: Likewise. + Patch from Diego Flameeyes Pettenò + * doc/man/pam_getenv.3.xml: Document that application should not free return value. diff --git a/configure.in b/configure.in index b220a9a2..e16bd44f 100644 --- a/configure.in +++ b/configure.in @@ -347,7 +347,7 @@ if test x"$WITH_LIBAUDIT" != xno ; then [HAVE_AUDIT_TTY_STATUS=""], [#include ])] ) - if test ! -z "$LIBAUDIT" -a "ac_cv_header_libaudit_h" != "no" ; then + if test ! -z "$LIBAUDIT" -a "$ac_cv_header_libaudit_h" != "no" ; then AC_DEFINE([HAVE_LIBAUDIT], 1, [Define to 1 if audit support should be compiled in.]) fi if test ! -z "$HAVE_AUDIT_TTY_STATUS" ; then @@ -360,11 +360,15 @@ AC_SUBST(LIBAUDIT) AM_CONDITIONAL([HAVE_AUDIT_TTY_STATUS], [test "x$HAVE_AUDIT_TTY_STATUS" = xyes]) +AC_CHECK_HEADERS(xcrypt.h crypt.h) BACKUP_LIBS=$LIBS AC_SEARCH_LIBS([crypt],[xcrypt crypt], LIBCRYPT="-l$ac_lib", LIBCRYPT="") AC_CHECK_FUNCS(crypt_r) LIBS=$BACKUP_LIBS AC_SUBST(LIBCRYPT) +if test "$LIBCRYPT" = "-lxcrypt" -a "$ac_cv_header_xcrypt_h" = "yes" ; then + AC_DEFINE([HAVE_LIBXCRYPT], 1, [Define to 1 if xcrypt support should be compiled in.]) +fi AC_ARG_WITH([randomdev], AS_HELP_STRING([--with-randomdev=(|yes|no)],[use specified random device instead of /dev/urandom or 'no' to disable]), opt_randomdev=$withval) if test "$opt_randomdev" = yes -o -z "$opt_randomdev"; then @@ -433,8 +437,6 @@ AC_HEADER_STDC AC_HEADER_SYS_WAIT AC_CHECK_HEADERS(fcntl.h limits.h malloc.h sys/file.h sys/ioctl.h sys/time.h syslog.h net/if.h termio.h unistd.h sys/fsuid.h inittypes.h) -AC_CHECK_HEADERS(crypt.h) - dnl For module/pam_lastlog AC_CHECK_HEADERS(lastlog.h utmp.h utmpx.h) diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c index b94f8596..4b2052fc 100644 --- a/modules/pam_cracklib/pam_cracklib.c +++ b/modules/pam_cracklib/pam_cracklib.c @@ -37,7 +37,9 @@ #include "config.h" #include -#ifdef HAVE_CRYPT_H +#ifdef HAVE_LIBXCRYPT +# include +#elif defined(HAVE_CRYPT_H) # include #endif #include diff --git a/modules/pam_unix/bigcrypt.c b/modules/pam_unix/bigcrypt.c index 9cd55384..9922d177 100644 --- a/modules/pam_unix/bigcrypt.c +++ b/modules/pam_unix/bigcrypt.c @@ -29,7 +29,9 @@ #include #include #include -#ifdef HAVE_CRYPT_H +#ifdef HAVE_LIBXCRYPT +#include +#elif defined(HAVE_CRYPT_H) #include #endif diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 0f58b019..eae1e24c 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -19,7 +19,9 @@ #include #include #include -#ifdef HAVE_CRYPT_H +#ifdef HAVE_LIBXCRYPT +#include +#elif defined(HAVE_CRYPT_H) #include #endif diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c index a796b15e..2d39123b 100644 --- a/modules/pam_userdb/pam_userdb.c +++ b/modules/pam_userdb/pam_userdb.c @@ -17,7 +17,9 @@ #include #include #include -#ifdef HAVE_CRYPT_H +#ifdef HAVE_LIBXCRYPT +#include +#elif defined(HAVE_CRYPT_H) #include #endif -- cgit v1.2.3 From 090693e116fc6ea0dfb649e11a01af08e19b33d9 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Mon, 1 Dec 2008 12:40:40 +0000 Subject: Relevant BUGIDs: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Purpose of commit: new feature Commit summary: --------------- 2008-12-01 Thorsten Kukuk * modules/pam_unix/pam_unix.8.xml: Document blowfish option. * configure.in: Check for crypt_gensalt_rn. * modules/pam_unix/pam_unix_passwd.c: Pass pamh to create_password_hash function. * modules/pam_unix/passverify.c (create_password_hash): Add blowfish support. * modules/pam_unix/passverify.h: Adjust create_password_hash prototype. * modules/pam_unix/support.c: Add support for blowfish option. * modules/pam_unix/support.h: Add defines for blowfish option. Patch from Diego Flameeyes Pettenò --- ChangeLog | 15 ++++++ NEWS | 1 + configure.in | 2 +- modules/pam_unix/pam_unix.8.xml | 28 ++++++++-- modules/pam_unix/pam_unix_passwd.c | 2 +- modules/pam_unix/passverify.c | 107 +++++++++++++++---------------------- modules/pam_unix/passverify.h | 51 +++++++----------- modules/pam_unix/support.c | 32 +++++++---- modules/pam_unix/support.h | 4 +- 9 files changed, 130 insertions(+), 112 deletions(-) (limited to 'modules/pam_unix/passverify.c') diff --git a/ChangeLog b/ChangeLog index 5f452a1b..fb585bcd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,18 @@ +2008-12-01 Thorsten Kukuk + + * modules/pam_unix/pam_unix.8.xml: Document blowfish option. + + * configure.in: Check for crypt_gensalt_rn. + * modules/pam_unix/pam_unix_passwd.c: Pass pamh to + create_password_hash function. + * modules/pam_unix/passverify.c (create_password_hash): Add + blowfish support. + * modules/pam_unix/passverify.h: Adjust create_password_hash + prototype. + * modules/pam_unix/support.c: Add support for blowfish option. + * modules/pam_unix/support.h: Add defines for blowfish option. + Patch from Diego Flameeyes Pettenò + 2008-12-01 Tomas Mraz * modules/pam_access/pam_access.8.xml: Fix description of nodefgroup diff --git a/NEWS b/NEWS index e3f5623c..a480eeb1 100644 --- a/NEWS +++ b/NEWS @@ -20,6 +20,7 @@ Release 1.0.90 * Make libpam not log missing module if its type is prepended with '-' * New pam_timestamp module for authentication based on recent successful login. +* Add blowfish support to pam_unix. Release 1.0.2 diff --git a/configure.in b/configure.in index e16bd44f..ff14401c 100644 --- a/configure.in +++ b/configure.in @@ -363,7 +363,7 @@ AM_CONDITIONAL([HAVE_AUDIT_TTY_STATUS], AC_CHECK_HEADERS(xcrypt.h crypt.h) BACKUP_LIBS=$LIBS AC_SEARCH_LIBS([crypt],[xcrypt crypt], LIBCRYPT="-l$ac_lib", LIBCRYPT="") -AC_CHECK_FUNCS(crypt_r) +AC_CHECK_FUNCS(crypt_r crypt_gensalt_rn) LIBS=$BACKUP_LIBS AC_SUBST(LIBCRYPT) if test "$LIBCRYPT" = "-lxcrypt" -a "$ac_cv_header_xcrypt_h" = "yes" ; then diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml index e08edfcc..cc3affd9 100644 --- a/modules/pam_unix/pam_unix.8.xml +++ b/modules/pam_unix/pam_unix.8.xml @@ -266,7 +266,9 @@ When a user changes their password next, encrypt it with the SHA256 algorithm. If the - SHA256 algorithm is not known to the libcrypt, + SHA256 algorithm is not known to the + crypt3 + function, fall back to MD5. @@ -279,7 +281,24 @@ When a user changes their password next, encrypt it with the SHA512 algorithm. If the - SHA512 algorithm is not known to the libcrypt, + SHA512 algorithm is not known to the + crypt3 + function, + fall back to MD5. + + + + + + + + + + When a user changes their password next, + encrypt it with the blowfish algorithm. If the + SHA512 algorithm is not known to the + crypt3 + function, fall back to MD5. @@ -290,8 +309,9 @@ - Set the optional number of rounds of the SHA256 and SHA512 - password hashing algorithms to n. + Set the optional number of rounds of the SHA256, SHA512 + and blowfish password hashing algorithms to + n. diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 240caddb..b8da9913 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -749,7 +749,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, * First we encrypt the new password. */ - tpass = create_password_hash(pass_new, ctrl, rounds); + tpass = create_password_hash(pamh, pass_new, ctrl, rounds); if (tpass == NULL) { pam_syslog(pamh, LOG_CRIT, "out of memory for password"); diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index eae1e24c..281716e0 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -151,15 +151,8 @@ is_pwd_shadowed(const struct passwd *pwd) return 0; } -#ifdef HELPER_COMPILE -int -get_account_info(const char *name, - struct passwd **pwd, struct spwd **spwdent) -#else -int -get_account_info(pam_handle_t *pamh, const char *name, - struct passwd **pwd, struct spwd **spwdent) -#endif +PAMH_ARG_DECL(int get_account_info, + const char *name, struct passwd **pwd, struct spwd **spwdent) { /* UNIX passwords area */ *pwd = pam_modutil_getpwnam(pamh, name); /* Get password file entry... */ @@ -219,24 +212,13 @@ get_account_info(pam_handle_t *pamh, const char *name, return PAM_SUCCESS; } -#ifdef HELPER_COMPILE -int -get_pwd_hash(const char *name, - struct passwd **pwd, char **hash) -#else -int -get_pwd_hash(pam_handle_t *pamh, const char *name, - struct passwd **pwd, char **hash) -#endif +PAMH_ARG_DECL(int get_pwd_hash, + const char *name, struct passwd **pwd, char **hash) { int retval; struct spwd *spwdent = NULL; -#ifdef HELPER_COMPILE - retval = get_account_info(name, pwd, &spwdent); -#else - retval = get_account_info(pamh, name, pwd, &spwdent); -#endif + retval = get_account_info(PAMH_ARG(name, pwd, &spwdent)); if (retval != PAM_SUCCESS) { return retval; } @@ -251,13 +233,8 @@ get_pwd_hash(pam_handle_t *pamh, const char *name, return PAM_SUCCESS; } -#ifdef HELPER_COMPILE -int -check_shadow_expiry(struct spwd *spent, int *daysleft) -#else -int -check_shadow_expiry(pam_handle_t *pamh, struct spwd *spent, int *daysleft) -#endif +PAMH_ARG_DECL(int check_shadow_expiry, + struct spwd *spent, int *daysleft) { long int curdays; *daysleft = -1; @@ -386,17 +363,19 @@ crypt_md5_wrapper(const char *pass_new) return cp; } -char * -create_password_hash(const char *password, unsigned int ctrl, int rounds) +PAMH_ARG_DECL(char * create_password_hash, + const char *password, unsigned int ctrl, int rounds) { const char *algoid; char salt[64]; /* contains rounds number + max 16 bytes of salt + algo id */ char *sp; if (on(UNIX_MD5_PASS, ctrl)) { + /* algoid = "$1" */ return crypt_md5_wrapper(password); - } - if (on(UNIX_SHA256_PASS, ctrl)) { + } else if (on(UNIX_BLOWFISH_PASS, ctrl)) { + algoid = "$2a$"; + } else if (on(UNIX_SHA256_PASS, ctrl)) { algoid = "$5$"; } else if (on(UNIX_SHA512_PASS, ctrl)) { algoid = "$6$"; @@ -416,17 +395,35 @@ create_password_hash(const char *password, unsigned int ctrl, int rounds) return crypted; } - sp = stpcpy(salt, algoid); - if (on(UNIX_ALGO_ROUNDS, ctrl)) { - sp += snprintf(sp, sizeof(salt) - 3, "rounds=%u$", rounds); +#ifdef HAVE_CRYPT_GENSALT_RN + if (on(UNIX_BLOWFISH_PASS, ctrl)) { + char entropy[17]; + crypt_make_salt(entropy, sizeof(entropy) - 1); + sp = crypt_gensalt_rn(algoid, rounds, + entropy, sizeof(entropy), + salt, sizeof(salt)); + } else { +#endif + sp = stpcpy(salt, algoid); + if (on(UNIX_ALGO_ROUNDS, ctrl)) { + sp += snprintf(sp, sizeof(salt) - 3, "rounds=%u$", rounds); + } + crypt_make_salt(sp, 8); + /* For now be conservative so the resulting hashes + * are not too long. 8 bytes of salt prevents dictionary + * attacks well enough. */ +#ifdef HAVE_CRYPT_GENSALT_RN } - crypt_make_salt(sp, 8); - /* For now be conservative so the resulting hashes - * are not too long. 8 bytes of salt prevents dictionary - * attacks well enough. */ +#endif sp = crypt(password, salt); if (strncmp(algoid, sp, strlen(algoid)) != 0) { - /* libc doesn't know the algorithm, use MD5 */ + /* libxcrypt/libc doesn't know the algorithm, use MD5 */ + pam_syslog(pamh, LOG_ERR, + "Algo %s not supported by the crypto backend, " + "falling back to MD5\n", + on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" : + on(UNIX_SHA256_PASS, ctrl) ? "sha256" : + on(UNIX_SHA512_PASS, ctrl) ? "sha512" : algoid); memset(sp, '\0', strlen(sp)); return crypt_md5_wrapper(password); } @@ -703,13 +700,8 @@ done: } } -#ifdef HELPER_COMPILE -int -unix_update_passwd(const char *forwho, const char *towhat) -#else -int -unix_update_passwd(pam_handle_t *pamh, const char *forwho, const char *towhat) -#endif +PAMH_ARG_DECL(int unix_update_passwd, + const char *forwho, const char *towhat) { struct passwd *tmpent = NULL; struct stat st; @@ -803,11 +795,7 @@ unix_update_passwd(pam_handle_t *pamh, const char *forwho, const char *towhat) done: if (!err) { if (!rename(PW_TMPFILE, "/etc/passwd")) -#ifdef HELPER_COMPILE - helper_log_err( -#else pam_syslog(pamh, -#endif LOG_NOTICE, "password changed for %s", forwho); else err = 1; @@ -830,13 +818,8 @@ done: } } -#ifdef HELPER_COMPILE -int -unix_update_shadow(const char *forwho, char *towhat) -#else -int -unix_update_shadow(pam_handle_t *pamh, const char *forwho, char *towhat) -#endif +PAMH_ARG_DECL(int unix_update_shadow, + const char *forwho, char *towhat) { struct spwd *spwdent = NULL, *stmpent = NULL; struct stat st; @@ -933,11 +916,7 @@ unix_update_shadow(pam_handle_t *pamh, const char *forwho, char *towhat) done: if (!err) { if (!rename(SH_TMPFILE, "/etc/shadow")) -#ifdef HELPER_COMPILE - helper_log_err( -#else pam_syslog(pamh, -#endif LOG_NOTICE, "password changed for %s", forwho); else err = 1; diff --git a/modules/pam_unix/passverify.h b/modules/pam_unix/passverify.h index 21bb9232..3de67593 100644 --- a/modules/pam_unix/passverify.h +++ b/modules/pam_unix/passverify.h @@ -21,9 +21,6 @@ is_pwd_shadowed(const struct passwd *pwd); char * crypt_md5_wrapper(const char *pass_new); -char * -create_password_hash(const char *password, unsigned int ctrl, int rounds); - int unix_selinux_confined(void); @@ -58,41 +55,33 @@ getuidname(uid_t uid); int read_passwords(int fd, int npass, char **passwords); +#endif -int -get_account_info(const char *name, - struct passwd **pwd, struct spwd **spwdent); - -int -get_pwd_hash(const char *name, - struct passwd **pwd, char **hash); - -int -check_shadow_expiry(struct spwd *spent, int *daysleft); +#ifdef HELPER_COMPILE +#define PAMH_ARG_DECL(fname, ...) fname(__VA_ARGS__) +#define PAMH_ARG(...) __VA_ARGS__ +#else +#define PAMH_ARG_DECL(fname, ...) fname(pam_handle_t *pamh, __VA_ARGS__) +#define PAMH_ARG(...) pamh, __VA_ARGS__ +#endif -int -unix_update_passwd(const char *forwho, const char *towhat); +PAMH_ARG_DECL(char * create_password_hash, + const char *password, unsigned int ctrl, int rounds); -int -unix_update_shadow(const char *forwho, char *towhat); -#else -int -get_account_info(pam_handle_t *pamh, const char *name, - struct passwd **pwd, struct spwd **spwdent); +PAMH_ARG_DECL(int get_account_info, + const char *name, struct passwd **pwd, struct spwd **spwdent); -int -get_pwd_hash(pam_handle_t *pamh, const char *name, - struct passwd **pwd, char **hash); +PAMH_ARG_DECL(int get_pwd_hash, + const char *name, struct passwd **pwd, char **hash); -int -check_shadow_expiry(pam_handle_t *pamh, struct spwd *spent, int *daysleft); +PAMH_ARG_DECL(int check_shadow_expiry, + struct spwd *spent, int *daysleft); -int -unix_update_passwd(pam_handle_t *pamh, const char *forwho, const char *towhat); +PAMH_ARG_DECL(int unix_update_passwd, + const char *forwho, const char *towhat); -int -unix_update_shadow(pam_handle_t *pamh, const char *forwho, char *towhat); -#endif +PAMH_ARG_DECL(int unix_update_shadow, + const char *forwho, char *towhat); /* ****************************************************************** * * Copyright (c) Red Hat, Inc. 2007. diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index db630f51..faec20dc 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -109,16 +109,8 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, *remember = 400; } } - if (rounds != NULL) { - if (j == UNIX_ALGO_ROUNDS) { - *rounds = strtol(*argv + 7, NULL, 10); - if ((*rounds < 1000) || (*rounds == INT_MAX)) - /* don't care about bogus values */ - unset(UNIX_ALGO_ROUNDS, ctrl); - if (*rounds >= 10000000) - *rounds = 9999999; - } - } + if (rounds != NULL && j == UNIX_ALGO_ROUNDS) + *rounds = strtol(*argv + 7, NULL, 10); } ++argv; /* step to next argument */ @@ -128,6 +120,26 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, D(("DISALLOW_NULL_AUTHTOK")); set(UNIX__NONULL, ctrl); } + + /* Set default rounds for blowfish */ + if (on(UNIX_BLOWFISH_PASS, ctrl) && off(UNIX_ALGO_ROUNDS, ctrl)) { + *rounds = 5; + set(UNIX_ALGO_ROUNDS, ctrl); + } + + /* Enforce sane "rounds" values */ + if (on(UNIX_ALGO_ROUNDS, ctrl)) { + if (on(UNIX_BLOWFISH_PASS, ctrl)) { + if (*rounds < 4 || *rounds > 31) + *rounds = 5; + } else if (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl)) { + if ((*rounds < 1000) || (*rounds == INT_MAX)) + /* don't care about bogus values */ + unset(UNIX_ALGO_ROUNDS, ctrl); + if (*rounds >= 10000000) + *rounds = 9999999; + } + } /* auditing is a more sensitive version of debug */ diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h index a33dadaa..86575ff0 100644 --- a/modules/pam_unix/support.h +++ b/modules/pam_unix/support.h @@ -88,8 +88,9 @@ typedef struct { #define UNIX_SHA512_PASS 24 /* new password hashes will use SHA512 */ #define UNIX_ALGO_ROUNDS 25 /* optional number of rounds for new password hash algorithms */ +#define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */ /* -------------- */ -#define UNIX_CTRLS_ 26 /* number of ctrl arguments defined */ +#define UNIX_CTRLS_ 27 /* number of ctrl arguments defined */ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = { @@ -122,6 +123,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = /* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(040420000), 020000000}, /* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(020420000), 040000000}, /* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000}, +/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(060420000),0200000000}, }; #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) -- cgit v1.2.3 From 5891c5508e3b9ba699a6a6ba3dae9221a45528e5 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 26 Feb 2009 18:56:12 +0000 Subject: Relevant BUGIDs: debian#514437 rhbz#487216 Purpose of commit: bugfix Commit summary: --------------- 2009-02-26 Tomas Mraz * xtests/Makefile.am: Add tst-pam_unix4. * xtests/tst-pam_unix4.c: New test for password change and shadow min days limit. * xtests/tst-pam_unix4.pamd: Likewise. * xtests/tst-pam_unix4.sh: Likewise. * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Ignore PAM_AUTHTOK_ERR on shadow verification. * modules/pam_unix/passverify.c (check_shadow_expiry): Return PAM_AUTHTOK_ERR if sp_min limit for password change is defied. --- ChangeLog | 13 ++++ NEWS | 1 + modules/pam_unix/pam_unix_acct.c | 3 + modules/pam_unix/passverify.c | 10 ++- xtests/.cvsignore | 1 + xtests/Makefile.am | 2 +- xtests/tst-pam_unix4.c | 154 +++++++++++++++++++++++++++++++++++++++ xtests/tst-pam_unix4.pamd | 6 ++ xtests/tst-pam_unix4.sh | 14 ++++ 9 files changed, 202 insertions(+), 2 deletions(-) create mode 100644 xtests/tst-pam_unix4.c create mode 100644 xtests/tst-pam_unix4.pamd create mode 100755 xtests/tst-pam_unix4.sh (limited to 'modules/pam_unix/passverify.c') diff --git a/ChangeLog b/ChangeLog index 7b50d82b..513a0d45 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,16 @@ +2009-02-26 Tomas Mraz + + * xtests/Makefile.am: Add tst-pam_unix4. + * xtests/tst-pam_unix4.c: New test for password change + and shadow min days limit. + * xtests/tst-pam_unix4.pamd: Likewise. + * xtests/tst-pam_unix4.sh: Likewise. + + * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Ignore + PAM_AUTHTOK_ERR on shadow verification. + * modules/pam_unix/passverify.c (check_shadow_expiry): Return + PAM_AUTHTOK_ERR if sp_min limit for password change is defied. + 2009-02-26 Timur Birsh * po/LINGUAS: New Kazakh translation. diff --git a/NEWS b/NEWS index d41c0556..96724b1b 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,6 @@ Linux-PAM NEWS -- history of user-visible changes. +* Fixed CVE-2009-0579 (minimum days limit on password change is ignored). Release 1.0.90 diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index 3a40d8d3..40ff3c06 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -249,6 +249,9 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, _make_remark(pamh, ctrl, PAM_ERROR_MSG, _("Your account has expired; please contact your system administrator")); break; + case PAM_AUTHTOK_ERR: + retval = PAM_SUCCESS; + /* fallthrough */ case PAM_SUCCESS: if (daysleft >= 0) { pam_syslog(pamh, LOG_DEBUG, diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 281716e0..360bd90b 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -272,8 +272,16 @@ PAMH_ARG_DECL(int check_shadow_expiry, *daysleft = (int)((spent->sp_lstchg + spent->sp_max) - curdays); D(("warn before expiry")); } + if ((curdays - spent->sp_lstchg < spent->sp_min) + && (spent->sp_min != -1)) { + /* + * The last password change was too recent. This error will be ignored + * if no password change is attempted. + */ + D(("password change too recent")); + return PAM_AUTHTOK_ERR; + } return PAM_SUCCESS; - } /* passwd/salt conversion macros */ diff --git a/xtests/.cvsignore b/xtests/.cvsignore index 4533b249..52af6ddf 100644 --- a/xtests/.cvsignore +++ b/xtests/.cvsignore @@ -17,6 +17,7 @@ tst-pam_limits1 tst-pam_unix1 tst-pam_unix2 tst-pam_unix3 +tst-pam_unix4 tst-pam_succeed_if1 tst-pam_group1 tst-pam_authfail diff --git a/xtests/Makefile.am b/xtests/Makefile.am index 30ba2735..83e9dd15 100644 --- a/xtests/Makefile.am +++ b/xtests/Makefile.am @@ -35,7 +35,7 @@ EXTRA_DIST = run-xtests.sh tst-pam_dispatch1.pamd tst-pam_dispatch2.pamd \ XTESTS = tst-pam_dispatch1 tst-pam_dispatch2 tst-pam_dispatch3 \ tst-pam_dispatch4 tst-pam_dispatch5 \ tst-pam_cracklib1 tst-pam_cracklib2 \ - tst-pam_unix1 tst-pam_unix2 tst-pam_unix3 \ + tst-pam_unix1 tst-pam_unix2 tst-pam_unix3 tst-pam_unix4 \ tst-pam_access1 tst-pam_access2 tst-pam_access3 \ tst-pam_access4 tst-pam_limits1 tst-pam_succeed_if1 \ tst-pam_group1 tst-pam_authfail tst-pam_authsucceed \ diff --git a/xtests/tst-pam_unix4.c b/xtests/tst-pam_unix4.c new file mode 100644 index 00000000..1ba0a40c --- /dev/null +++ b/xtests/tst-pam_unix4.c @@ -0,0 +1,154 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * Check password change minimum days handling. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include + +/* A conversation function which uses an internally-stored value for + the responses. */ +static int +fake_conv (int num_msg, const struct pam_message **msgm UNUSED, + struct pam_response **response, void *appdata_ptr UNUSED) +{ + struct pam_response *reply; + int count; + static int respnum = 0; + static const char *resps[] = { "pamunix01", "TsTPAM01MAP", "TsTPAM01MAP" }; + + /* Sanity test. */ + if (num_msg <= 0) + return PAM_CONV_ERR; + + /* Allocate memory for the responses. */ + reply = calloc (num_msg, sizeof (struct pam_response)); + if (reply == NULL) + return PAM_CONV_ERR; + + /* Answer with appropriate response from the above array. */ + for (count = 0; count < num_msg; ++count) + { + if (msgm[count]->msg_style == PAM_PROMPT_ECHO_OFF) + { + reply[count].resp_retcode = 0; + reply[count].resp = strdup (resps[respnum % 3]); + ++respnum; + } + } + + /* Set the pointers in the response structure and return. */ + *response = reply; + return PAM_SUCCESS; +} + +static struct pam_conv conv = { + fake_conv, + NULL +}; + + +/* Check that errors of optional modules are ignored and that + required modules after a sufficient one are not executed. */ + +int +main(int argc, char *argv[]) +{ + pam_handle_t *pamh=NULL; + const char *user="tstpamunix"; + int retval; + int debug = 0; + int fail; + struct passwd *pwd; + + if (argc < 2 || (*argv[1] != 'f' && + *argv[1] != 'p')) + { + fprintf (stderr, "Need fail or pass argument.\n"); + return 2; + } + + fail = *argv[1] == 'f'; + + if (argc > 2 && strcmp (argv[2], "-d") == 0) + debug = 1; + + pwd = getpwnam (user); + + if (pwd == NULL) + { + if (debug) + fprintf (stderr, "unix4: Missing tstpamunix user.\n"); + return 2; + } + + /* we must switch the real (not effective) user so the restrictions + are enforced */ + setreuid (pwd->pw_uid, -1); + + retval = pam_start("tst-pam_unix4", user, &conv, &pamh); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "unix4: pam_start returned %d\n", retval); + return 1; + } + + retval = pam_chauthtok (pamh, 0); + if ((!fail && retval != PAM_SUCCESS) || (fail && retval == PAM_SUCCESS)) + { + if (debug) + fprintf (stderr, "unix4-1: pam_chauthtok returned %d\n", retval); + return 1; + } + + retval = pam_end (pamh,retval); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "unix4: pam_end returned %d\n", retval); + return 1; + } + return 0; +} diff --git a/xtests/tst-pam_unix4.pamd b/xtests/tst-pam_unix4.pamd new file mode 100644 index 00000000..4dc414fc --- /dev/null +++ b/xtests/tst-pam_unix4.pamd @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth required pam_unix.so +account required pam_unix.so +password required pam_unix.so debug +session required pam_unix.so + diff --git a/xtests/tst-pam_unix4.sh b/xtests/tst-pam_unix4.sh new file mode 100755 index 00000000..787c2f90 --- /dev/null +++ b/xtests/tst-pam_unix4.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +# pamunix01 = 0aXKZztA.d1KYIuFXArmd2jU +/usr/sbin/useradd -p 0aXKZztA.d1KYIuFXArmd2jU tstpamunix +# this run must successfully change the password +./tst-pam_unix4 pass +RET=$? +/usr/sbin/usermod -p 0aXKZztA.d1KYIuFXArmd2jU tstpamunix +/usr/bin/chage -m 10000 tstpamunix +# this run must fail to change the password +./tst-pam_unix4 fail || RET=$? + +/usr/sbin/userdel -r tstpamunix 2> /dev/null +exit $RET -- cgit v1.2.3 From 42f4743cc3ca046833afcaeec01f9793d74bbfb4 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Fri, 27 Feb 2009 14:29:39 +0000 Subject: Relevant BUGIDs: Purpose of commit: new feature Commit summary: --------------- 2009-02-27 Tomas Mraz * modules/pam_mkhomedir/pam_mkhomedir.c(create_homedir): Replace signal() with sigaction(). * modules/pam_namespace/pam_namespace.c(inst_init, cleanup_tmpdirs): Likewise. * modules/pam_unix/pam_unix_acct.c(_unix_run_verify_binary): Likewise. * modules/pam_unix/pam_unix_passwd.c(_unix_run_update_binary): Likewise. * modules/pam_unix/passverify.c(su_sighandler): Likewise. * modules/pam_unix/support.c(_unix_run_helper_binary): Likewise. * modules/pam_tally2/Makefile.am: Link the pam_tally2 app to libpam for auxiliary functions. * modules/pam_tally2/pam_tally2.8.xml: Drop non-existing no_reset option. Document new serialize option. * modules/pam_tally2/pam_tally2.c: Add support for the new serialize option. (_cleanup, tally_set_data, tally_get_data): Add tally file handle to tally PAM data. Needed for fcntl() locking. (get_tally): Use low level file access instead of stdio buffered FILE. If serialize option is used lock the tally file access. (set_tally, tally_bump, tally_reset): Use low level file access instead of stdio buffered FILE. Close the file handle only when it is not owned by PAM data. (pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt): Pass the tally file handle to tally_set_data(). Get it from tally_get_data(). (main): Use low level file access instead of stdio buffered FILE. --- ChangeLog | 29 +++++ modules/pam_mkhomedir/pam_mkhomedir.c | 12 +- modules/pam_namespace/pam_namespace.c | 24 ++-- modules/pam_tally2/Makefile.am | 2 +- modules/pam_tally2/pam_tally2.8.xml | 32 +++-- modules/pam_tally2/pam_tally2.c | 216 ++++++++++++++++++++++------------ modules/pam_unix/pam_unix_acct.c | 12 +- modules/pam_unix/pam_unix_passwd.c | 10 +- modules/pam_unix/passverify.c | 8 +- modules/pam_unix/support.c | 10 +- 10 files changed, 239 insertions(+), 116 deletions(-) (limited to 'modules/pam_unix/passverify.c') diff --git a/ChangeLog b/ChangeLog index 513a0d45..5abf28e3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,32 @@ +2009-02-27 Tomas Mraz + + * modules/pam_mkhomedir/pam_mkhomedir.c(create_homedir): Replace + signal() with sigaction(). + * modules/pam_namespace/pam_namespace.c(inst_init, cleanup_tmpdirs): + Likewise. + * modules/pam_unix/pam_unix_acct.c(_unix_run_verify_binary): Likewise. + * modules/pam_unix/pam_unix_passwd.c(_unix_run_update_binary): + Likewise. + * modules/pam_unix/passverify.c(su_sighandler): Likewise. + * modules/pam_unix/support.c(_unix_run_helper_binary): Likewise. + + * modules/pam_tally2/Makefile.am: Link the pam_tally2 app to libpam + for auxiliary functions. + * modules/pam_tally2/pam_tally2.8.xml: Drop non-existing no_reset + option. Document new serialize option. + * modules/pam_tally2/pam_tally2.c: Add support for the new serialize + option. + (_cleanup, tally_set_data, tally_get_data): Add tally file handle to + tally PAM data. Needed for fcntl() locking. + (get_tally): Use low level file access instead of stdio buffered FILE. + If serialize option is used lock the tally file access. + (set_tally, tally_bump, tally_reset): Use low level file access instead + of stdio buffered FILE. Close the file handle only when it is not owned + by PAM data. + (pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt): Pass the tally + file handle to tally_set_data(). Get it from tally_get_data(). + (main): Use low level file access instead of stdio buffered FILE. + 2009-02-26 Tomas Mraz * xtests/Makefile.am: Add tst-pam_unix4. diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c index a0c389c5..1beb2d9f 100644 --- a/modules/pam_mkhomedir/pam_mkhomedir.c +++ b/modules/pam_mkhomedir/pam_mkhomedir.c @@ -104,7 +104,7 @@ create_homedir (pam_handle_t *pamh, int ctrl, const struct passwd *pwd) { int retval, child; - void (*sighandler)(int) = NULL; + struct sigaction newsa, oldsa; /* Mention what is happening, if the notification fails that is OK */ if (!(ctrl & MKHOMEDIR_QUIET)) @@ -118,8 +118,10 @@ create_homedir (pam_handle_t *pamh, int ctrl, * the application to receive a signal it is not expecting - which * may kill the application or worse. */ - sighandler = signal(SIGCHLD, SIG_DFL); - + memset(&newsa, '\0', sizeof(newsa)); + newsa.sa_handler = SIG_DFL; + sigaction(SIGCHLD, &newsa, &oldsa); + if (ctrl & MKHOMEDIR_DEBUG) { pam_syslog(pamh, LOG_DEBUG, "Executing mkhomedir_helper."); } @@ -166,9 +168,7 @@ create_homedir (pam_handle_t *pamh, int ctrl, retval = PAM_SYSTEM_ERR; } - if (sighandler != SIG_ERR) { - (void) signal(SIGCHLD, sighandler); /* restore old signal handler */ - } + sigaction(SIGCHLD, &oldsa, NULL); /* restore old signal handler */ if (ctrl & MKHOMEDIR_DEBUG) { pam_syslog(pamh, LOG_DEBUG, "mkhomedir_helper returned %d", retval); diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c index 89bc3686..7d668d9e 100644 --- a/modules/pam_namespace/pam_namespace.c +++ b/modules/pam_namespace/pam_namespace.c @@ -1157,15 +1157,15 @@ static int inst_init(const struct polydir_s *polyptr, const char *ipath, struct instance_data *idata, int newdir) { pid_t rc, pid; - sighandler_t osighand = NULL; + struct sigaction newsa, oldsa; int status; const char *init_script = NAMESPACE_INIT_SCRIPT; - osighand = signal(SIGCHLD, SIG_DFL); - if (osighand == SIG_ERR) { + memset(&newsa, '\0', sizeof(newsa)); + newsa.sa_handler = SIG_DFL; + if (sigaction(SIGCHLD, &newsa, &oldsa) == -1) { pam_syslog(idata->pamh, LOG_ERR, "Cannot set signal value"); - rc = PAM_SESSION_ERR; - goto out; + return PAM_SESSION_ERR; } if ((polyptr->flags & POLYDIR_ISCRIPT) && polyptr->init_script) @@ -1214,7 +1214,7 @@ static int inst_init(const struct polydir_s *polyptr, const char *ipath, } rc = PAM_SUCCESS; out: - (void) signal(SIGCHLD, osighand); + (void) sigaction(SIGCHLD, &oldsa, NULL); return rc; } @@ -1594,14 +1594,14 @@ static int cleanup_tmpdirs(struct instance_data *idata) { struct polydir_s *pptr; pid_t rc, pid; - sighandler_t osighand = NULL; + struct sigaction newsa, oldsa; int status; - osighand = signal(SIGCHLD, SIG_DFL); - if (osighand == SIG_ERR) { + memset(&newsa, '\0', sizeof(newsa)); + newsa.sa_handler = SIG_DFL; + if (sigaction(SIGCHLD, &newsa, &oldsa) == -1) { pam_syslog(idata->pamh, LOG_ERR, "Cannot set signal value"); - rc = PAM_SESSION_ERR; - goto out; + return PAM_SESSION_ERR; } for (pptr = idata->polydirs_ptr; pptr; pptr = pptr->next) { @@ -1639,7 +1639,7 @@ static int cleanup_tmpdirs(struct instance_data *idata) rc = PAM_SUCCESS; out: - signal(SIGCHLD, osighand); + sigaction(SIGCHLD, &oldsa, NULL); return rc; } diff --git a/modules/pam_tally2/Makefile.am b/modules/pam_tally2/Makefile.am index 6f843e1f..06cdf554 100644 --- a/modules/pam_tally2/Makefile.am +++ b/modules/pam_tally2/Makefile.am @@ -25,7 +25,7 @@ if HAVE_VERSIONING pam_tally2_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif -pam_tally2_LDADD = $(LIBAUDIT) +pam_tally2_LDADD = -L$(top_builddir)/libpam -lpam $(LIBAUDIT) securelib_LTLIBRARIES = pam_tally2.la sbin_PROGRAMS = pam_tally2 diff --git a/modules/pam_tally2/pam_tally2.8.xml b/modules/pam_tally2/pam_tally2.8.xml index a7a3fc47..255fcea4 100644 --- a/modules/pam_tally2/pam_tally2.8.xml +++ b/modules/pam_tally2/pam_tally2.8.xml @@ -42,6 +42,9 @@ root_unlock_time=n + + serialize + audit @@ -244,16 +247,6 @@ - - - - - - - Don't reset count on successful entry, only decrement. - - - @@ -278,6 +271,23 @@ + + + + + + + Serialize access to the tally file using locks. This option might + be used only for non-multithreaded services because it depends on + the fcntl locking of the tally file. Also it is a good idea to use + this option only in such configurations where the time between auth + phase and account or setcred phase is not dependent on the + authenticating client. Otherwise the authenticating client will be + able to prevent simultaneous authentications by the same user by + simply artificially prolonging the time the file record lock is held. + + + @@ -431,7 +441,7 @@ session optional pam_mail.so standard AUTHOR - pam_tally was written by Tim Baverstock and Tomas Mraz. + pam_tally2 was written by Tim Baverstock and Tomas Mraz. diff --git a/modules/pam_tally2/pam_tally2.c b/modules/pam_tally2/pam_tally2.c index faa6942e..3490aa15 100644 --- a/modules/pam_tally2/pam_tally2.c +++ b/modules/pam_tally2/pam_tally2.c @@ -63,6 +63,9 @@ #include #include #include +#include +#include +#include #include "tallylog.h" #ifndef TRUE @@ -87,9 +90,9 @@ /* #define PAM_SM_SESSION */ /* #define PAM_SM_PASSWORD */ -#include #include #endif +#include #include /*---------------------------------------------------------------------*/ @@ -120,7 +123,9 @@ struct tally_options { #define OPT_QUIET 040 #define OPT_AUDIT 0100 #define OPT_NOLOGNOTICE 0400 +#define OPT_SERIALIZE 01000 +#define MAX_LOCK_WAITING_TIME 10 /*---------------------------------------------------------------------*/ @@ -188,6 +193,9 @@ tally_parse_args(pam_handle_t *pamh, struct tally_options *opts, else if ( ! strcmp( *argv, "magic_root" ) ) { opts->ctrl |= OPT_MAGIC_ROOT; } + else if ( ! strcmp( *argv, "serialize" ) ) { + opts->ctrl |= OPT_SERIALIZE; + } else if ( ! strcmp( *argv, "even_deny_root_account" ) || ! strcmp( *argv, "even_deny_root" ) ) { log_phase_no_auth(pamh, phase, *argv); @@ -291,34 +299,44 @@ pam_get_uid(pam_handle_t *pamh, uid_t *uid, const char **userp, struct tally_opt #ifndef MAIN +struct tally_data { + time_t time; + int tfile; +}; + static void -_cleanup(pam_handle_t *pamh UNUSED, void *data, int error_status UNUSED) +_cleanup(pam_handle_t *pamh UNUSED, void *void_data, int error_status UNUSED) { + struct tally_data *data = void_data; + if (data->tfile != -1) + close(data->tfile); free(data); } - static void -tally_set_data( pam_handle_t *pamh, time_t oldtime ) +tally_set_data( pam_handle_t *pamh, time_t oldtime, int tfile ) { - time_t *data; + struct tally_data *data; - if ( (data=malloc(sizeof(time_t))) != NULL ) { - *data = oldtime; + if ( (data=malloc(sizeof(*data))) != NULL ) { + data->time = oldtime; + data->tfile = tfile; pam_set_data(pamh, MODULE_NAME, (void *)data, _cleanup); } } static int -tally_get_data( pam_handle_t *pamh, time_t *oldtime ) +tally_get_data( pam_handle_t *pamh, time_t *oldtime, int *tfile ) { int rv; - const void *data; - - rv = pam_get_data(pamh, MODULE_NAME, &data); - if ( rv == PAM_SUCCESS && data != NULL && oldtime != NULL ) { - *oldtime = *(const time_t *)data; - pam_set_data(pamh, MODULE_NAME, NULL, NULL); + const void *void_data; + const struct tally_data *data; + + rv = pam_get_data(pamh, MODULE_NAME, &void_data); + if ( rv == PAM_SUCCESS && void_data != NULL && oldtime != NULL ) { + data = void_data; + *oldtime = data->time; + *tfile = data->tfile; } else { rv = -1; @@ -334,36 +352,44 @@ tally_get_data( pam_handle_t *pamh, time_t *oldtime ) /* If on entry tallyfile doesn't exist, creation is attempted. */ +static void +alarm_handler(int sig UNUSED) +{ /* we just need to ignore it */ +} + static int get_tally(pam_handle_t *pamh, uid_t uid, const char *filename, - FILE **tfile, struct tallylog *tally) + int *tfile, struct tallylog *tally, unsigned int ctrl) { struct stat fileinfo; int lstat_ret; + void *void_tally = tally; + int preopened = 0; + + if (*tfile != -1) { + preopened = 1; + goto skip_open; + } lstat_ret = lstat(filename, &fileinfo); if (lstat_ret) { - int save_errno; - int oldmask = umask(077); - *tfile=fopen(filename, "a"); - save_errno = errno; + *tfile=open(filename, O_APPEND|O_CREAT, 0700); /* Create file, or append-open in pathological case. */ - umask(oldmask); - if ( !*tfile ) { + if (*tfile == -1) { #ifndef MAIN - if (save_errno == EACCES) { + if (errno == EACCES) { return PAM_IGNORE; /* called with insufficient access rights */ } #endif - errno = save_errno; pam_syslog(pamh, LOG_ALERT, "Couldn't create %s: %m", filename); return PAM_AUTH_ERR; } - lstat_ret = fstat(fileno(*tfile),&fileinfo); - fclose(*tfile); - *tfile = NULL; + lstat_ret = fstat(*tfile, &fileinfo); + close(*tfile); } + *tfile = -1; + if ( lstat_ret ) { pam_syslog(pamh, LOG_ALERT, "Couldn't stat %s", filename); return PAM_AUTH_ERR; @@ -378,7 +404,7 @@ get_tally(pam_handle_t *pamh, uid_t uid, const char *filename, return PAM_AUTH_ERR; } - if (!(*tfile = fopen(filename, "r+"))) { + if ((*tfile = open(filename, O_RDWR)) == -1) { #ifndef MAIN if (errno == EACCES) /* called with insufficient access rights */ return PAM_IGNORE; @@ -388,16 +414,46 @@ get_tally(pam_handle_t *pamh, uid_t uid, const char *filename, return PAM_AUTH_ERR; } - if (fseeko(*tfile, (off_t)uid*(off_t)sizeof(*tally), SEEK_SET)) { - pam_syslog(pamh, LOG_ALERT, "fseek failed for %s: %m", filename); - fclose(*tfile); - *tfile = NULL; +skip_open: + if (lseek(*tfile, (off_t)uid*(off_t)sizeof(*tally), SEEK_SET) == (off_t)-1) { + pam_syslog(pamh, LOG_ALERT, "lseek failed for %s: %m", filename); + if (!preopened) { + close(*tfile); + *tfile = -1; + } return PAM_AUTH_ERR; } + if (!preopened && (ctrl & OPT_SERIALIZE)) { + /* this code is not thread safe as it uses fcntl locks and alarm() + so never use serialize with multithreaded services */ + struct sigaction newsa, oldsa; + unsigned int oldalarm; + int rv; + + memset(&newsa, '\0', sizeof(newsa)); + newsa.sa_handler = alarm_handler; + sigaction(SIGALRM, &newsa, &oldsa); + oldalarm = alarm(MAX_LOCK_WAITING_TIME); + + rv = lockf(*tfile, F_LOCK, sizeof(*tally)); + /* lock failure is not fatal, we attempt to read the tally anyway */ + + /* reinstate the eventual old alarm handler */ + if (rv == -1 && errno == EINTR) { + if (oldalarm > MAX_LOCK_WAITING_TIME) { + oldalarm -= MAX_LOCK_WAITING_TIME; + } else if (oldalarm > 0) { + oldalarm = 1; + } + } + sigaction(SIGALRM, &oldsa, NULL); + alarm(oldalarm); + } + if (fileinfo.st_size < (off_t)(uid+1)*(off_t)sizeof(*tally)) { memset(tally, 0, sizeof(*tally)); - } else if (fread(tally, sizeof(*tally), 1, *tfile) == 0) { + } else if (pam_modutil_read(*tfile, void_tally, sizeof(*tally)) != sizeof(*tally)) { memset(tally, 0, sizeof(*tally)); /* Shouldn't happen */ } @@ -409,29 +465,28 @@ get_tally(pam_handle_t *pamh, uid_t uid, const char *filename, /*---------------------------------------------------------------------*/ -/* --- Support function: update and close tallyfile with tally!=TALLY_HI --- */ +/* --- Support function: update tallyfile with tally!=TALLY_HI --- */ static int set_tally(pam_handle_t *pamh, uid_t uid, - const char *filename, FILE **tfile, struct tallylog *tally) + const char *filename, int *tfile, struct tallylog *tally) { + void *void_tally = tally; if (tally->fail_cnt != TALLY_HI) { - if (fseeko(*tfile, (off_t)uid * sizeof(*tally), SEEK_SET)) { - pam_syslog(pamh, LOG_ALERT, "fseek failed for %s: %m", filename); + if (lseek(*tfile, (off_t)uid * sizeof(*tally), SEEK_SET) == (off_t)-1) { + pam_syslog(pamh, LOG_ALERT, "lseek failed for %s: %m", filename); return PAM_AUTH_ERR; } - if (fwrite(tally, sizeof(*tally), 1, *tfile) == 0) { - pam_syslog(pamh, LOG_ALERT, "update (fwrite) failed for %s: %m", filename); + if (pam_modutil_write(*tfile, void_tally, sizeof(*tally)) != sizeof(*tally)) { + pam_syslog(pamh, LOG_ALERT, "update (write) failed for %s: %m", filename); return PAM_AUTH_ERR; } } - if (fclose(*tfile)) { - *tfile = NULL; - pam_syslog(pamh, LOG_ALERT, "update (fclose) failed for %s: %m", filename); + if (fsync(*tfile)) { + pam_syslog(pamh, LOG_ALERT, "update (fsync) failed for %s: %m", filename); return PAM_AUTH_ERR; } - *tfile=NULL; return PAM_SUCCESS; } @@ -566,20 +621,21 @@ cleanup: static int tally_bump (int inc, time_t *oldtime, pam_handle_t *pamh, - uid_t uid, const char *user, struct tally_options *opts) + uid_t uid, const char *user, struct tally_options *opts, int *tfile) { struct tallylog tally; tally_t oldcnt; - FILE *tfile = NULL; const void *remote_host = NULL; int i, rv; tally.fail_cnt = 0; /* !TALLY_HI --> Log opened for update */ - i = get_tally(pamh, uid, opts->filename, &tfile, &tally); + i = get_tally(pamh, uid, opts->filename, tfile, &tally, opts->ctrl); if (i != PAM_SUCCESS) { - if (tfile) - fclose(tfile); + if (*tfile != -1) { + close(*tfile); + *tfile = -1; + } RETURN_ERROR(i); } @@ -617,23 +673,28 @@ tally_bump (int inc, time_t *oldtime, pam_handle_t *pamh, rv = tally_check(oldcnt, *oldtime, pamh, uid, user, opts, &tally); - i = set_tally(pamh, uid, opts->filename, &tfile, &tally); + i = set_tally(pamh, uid, opts->filename, tfile, &tally); if (i != PAM_SUCCESS) { - if (tfile) - fclose(tfile); + if (*tfile != -1) { + close(*tfile); + *tfile = -1; + } if (rv == PAM_SUCCESS) RETURN_ERROR( i ); /* fallthrough */ + } else if (!(opts->ctrl & OPT_SERIALIZE)) { + close(*tfile); + *tfile = -1; } return rv; } static int -tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts) +tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts, int old_tfile) { struct tallylog tally; - FILE *tfile = NULL; + int tfile = old_tfile; int i; /* resets only if not magic root */ @@ -644,10 +705,10 @@ tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts) tally.fail_cnt = 0; /* !TALLY_HI --> Log opened for update */ - i=get_tally(pamh, uid, opts->filename, &tfile, &tally); + i=get_tally(pamh, uid, opts->filename, &tfile, &tally, opts->ctrl); if (i != PAM_SUCCESS) { - if (tfile) - fclose(tfile); + if (tfile != old_tfile) /* the descriptor is not owned by pam data */ + close(tfile); RETURN_ERROR(i); } @@ -655,11 +716,14 @@ tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts) i=set_tally(pamh, uid, opts->filename, &tfile, &tally); if (i != PAM_SUCCESS) { - if (tfile) - fclose(tfile); + if (tfile != old_tfile) /* the descriptor is not owned by pam data */ + close(tfile); RETURN_ERROR(i); } + if (tfile != old_tfile) + close(tfile); + return PAM_SUCCESS; } @@ -672,7 +736,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { int - rv; + rv, tfile = -1; time_t oldtime = 0; struct tally_options @@ -693,9 +757,9 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, if (rv != PAM_SUCCESS) RETURN_ERROR(rv); - rv = tally_bump(1, &oldtime, pamh, uid, user, opts); + rv = tally_bump(1, &oldtime, pamh, uid, user, opts, &tfile); - tally_set_data(pamh, oldtime); + tally_set_data(pamh, oldtime, tfile); return rv; } @@ -705,7 +769,7 @@ pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { int - rv; + rv, tfile = -1; time_t oldtime = 0; struct tally_options @@ -723,11 +787,15 @@ pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, if ( rv != PAM_SUCCESS ) RETURN_ERROR( rv ); - if ( tally_get_data(pamh, &oldtime) != 0 ) + if ( tally_get_data(pamh, &oldtime, &tfile) != 0 ) /* no data found */ return PAM_SUCCESS; - return tally_reset(pamh, uid, opts); + rv = tally_reset(pamh, uid, opts, tfile); + + pam_set_data(pamh, MODULE_NAME, NULL, NULL); + + return rv; } /*---------------------------------------------------------------------*/ @@ -741,7 +809,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { int - rv; + rv, tfile = -1; time_t oldtime = 0; struct tally_options @@ -759,11 +827,15 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, if ( rv != PAM_SUCCESS ) RETURN_ERROR( rv ); - if ( tally_get_data(pamh, &oldtime) != 0 ) + if ( tally_get_data(pamh, &oldtime, &tfile) != 0 ) /* no data found */ return PAM_SUCCESS; - return tally_reset(pamh, uid, opts); + rv = tally_reset(pamh, uid, opts, tfile); + + pam_set_data(pamh, MODULE_NAME, NULL, NULL); + + return rv; } /*-----------------------------------------------------------------------*/ @@ -895,7 +967,7 @@ main( int argc UNUSED, char **argv ) if ( cline_user ) { uid_t uid; - FILE *tfile=0; + int tfile = -1; struct tally_options opts; int i; @@ -907,10 +979,10 @@ main( int argc UNUSED, char **argv ) exit(1); } - i=get_tally(NULL, uid, cline_filename, &tfile, &tally); + i=get_tally(NULL, uid, cline_filename, &tfile, &tally, 0); if ( i != PAM_SUCCESS ) { - if (tfile) - fclose(tfile); + if (tfile != -1) + close(tfile); fprintf(stderr, "%s: %s\n", *argv, pam_errors(i)); exit(1); } @@ -934,13 +1006,13 @@ main( int argc UNUSED, char **argv ) tally.fail_cnt = cline_reset; } i=set_tally(NULL, uid, cline_filename, &tfile, &tally); + close(tfile); if (i != PAM_SUCCESS) { - if (tfile) fclose(tfile); fprintf(stderr,"%s: %s\n",*argv,pam_errors(i)); exit(1); } } else { - fclose(tfile); + close(tfile); } } else /* !cline_user (ie, operate on all users) */ { diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index 40ff3c06..f8698337 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -65,7 +65,7 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, const char *user, int *daysleft) { int retval=0, child, fds[2]; - void (*sighandler)(int) = NULL; + struct sigaction newsa, oldsa; D(("running verify_binary")); /* create a pipe for the messages */ @@ -85,7 +85,9 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, * The "noreap" module argument is provided so that the admin can * override this behavior. */ - sighandler = signal(SIGCHLD, SIG_DFL); + memset(&newsa, '\0', sizeof(newsa)); + newsa.sa_handler = SIG_DFL; + sigaction(SIGCHLD, &newsa, &oldsa); } /* fork */ @@ -158,9 +160,11 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, } close(fds[0]); } - if (sighandler != SIG_ERR) { - (void) signal(SIGCHLD, sighandler); /* restore old signal handler */ + + if (off(UNIX_NOREAP, ctrl)) { + sigaction(SIGCHLD, &oldsa, NULL); /* restore old signal handler */ } + D(("Returning %d",retval)); return retval; } diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index b8da9913..9386d87f 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -139,7 +139,7 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const const char *fromwhat, const char *towhat, int remember) { int retval, child, fds[2]; - void (*sighandler)(int) = NULL; + struct sigaction newsa, oldsa; D(("called.")); /* create a pipe for the password */ @@ -157,7 +157,9 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const * The "noreap" module argument is provided so that the admin can * override this behavior. */ - sighandler = signal(SIGCHLD, SIG_DFL); + memset(&newsa, '\0', sizeof(newsa)); + newsa.sa_handler = SIG_DFL; + sigaction(SIGCHLD, &newsa, &oldsa); } /* fork */ @@ -236,8 +238,8 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const retval = PAM_AUTH_ERR; } - if (sighandler != SIG_ERR) { - (void) signal(SIGCHLD, sighandler); /* restore old signal handler */ + if (off(UNIX_NOREAP, ctrl)) { + sigaction(SIGCHLD, &oldsa, NULL); /* restore old signal handler */ } return retval; diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 360bd90b..234e86dd 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -994,8 +994,12 @@ su_sighandler(int sig) { #ifndef SA_RESETHAND /* emulate the behaviour of the SA_RESETHAND flag */ - if ( sig == SIGILL || sig == SIGTRAP || sig == SIGBUS || sig = SIGSERV ) - signal(sig, SIG_DFL); + if ( sig == SIGILL || sig == SIGTRAP || sig == SIGBUS || sig = SIGSERV ) { + struct sigaction sa; + memset(&sa, '\0, sizeof(sa)); + sa.sa_handler = SIG_DFL; + sigaction(sig, &sa, NULL); + } #endif if (sig > 0) { _exit(sig); diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index faec20dc..6e1bd454 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -408,7 +408,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, unsigned int ctrl, const char *user) { int retval, child, fds[2]; - void (*sighandler)(int) = NULL; + struct sigaction newsa, oldsa; D(("called.")); /* create a pipe for the password */ @@ -426,7 +426,9 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, * The "noreap" module argument is provided so that the admin can * override this behavior. */ - sighandler = signal(SIGCHLD, SIG_DFL); + memset(&newsa, '\0', sizeof(newsa)); + newsa.sa_handler = SIG_DFL; + sigaction(SIGCHLD, &newsa, &oldsa); } /* fork */ @@ -497,8 +499,8 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, retval = PAM_AUTH_ERR; } - if (sighandler != SIG_ERR) { - (void) signal(SIGCHLD, sighandler); /* restore old signal handler */ + if (off(UNIX_NOREAP, ctrl)) { + sigaction(SIGCHLD, &oldsa, NULL); /* restore old signal handler */ } D(("returning %d", retval)); -- cgit v1.2.3 From 1e56491f0e1cbd07fc0eb0fbfdf5982eced366a6 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 24 Mar 2009 16:33:21 +0000 Subject: Relevant BUGIDs: Purpose of commit: bugfix Commit summary: --------------- 2009-03-24 Tomas Mraz * modules/pam_unix/passverify.c(save_old_password): Call fflush() and fsync(). (unix_update_passwd, unix_update_shadow): Likewise. * modules/pam_pwhistory/opasswd.c(save_old_password): Likewise. --- ChangeLog | 7 +++++++ modules/pam_pwhistory/opasswd.c | 9 +++++++++ modules/pam_unix/passverify.c | 21 ++++++++++++++++++--- 3 files changed, 34 insertions(+), 3 deletions(-) (limited to 'modules/pam_unix/passverify.c') diff --git a/ChangeLog b/ChangeLog index a72289f7..6446162a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2009-03-24 Tomas Mraz + + * modules/pam_unix/passverify.c(save_old_password): Call fflush() and + fsync(). + (unix_update_passwd, unix_update_shadow): Likewise. + * modules/pam_pwhistory/opasswd.c(save_old_password): Likewise. + 2009-03-09 Thorsten Kukuk * release version 1.0.91 diff --git a/modules/pam_pwhistory/opasswd.c b/modules/pam_pwhistory/opasswd.c index fd4cd251..dbcd04e3 100644 --- a/modules/pam_pwhistory/opasswd.c +++ b/modules/pam_pwhistory/opasswd.c @@ -452,6 +452,15 @@ save_old_password (pam_handle_t *pamh, const char *user, uid_t uid, goto error_opasswd; } + if (fflush (newpf) != 0 || fsync (fileno (newpf)) != 0) + { + pam_syslog (pamh, LOG_ERR, + "Error while syncing temporary opasswd file: %m"); + retval = PAM_AUTHTOK_ERR; + fclose (newpf); + goto error_opasswd; + } + if (fclose (newpf) != 0) { pam_syslog (pamh, LOG_ERR, diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 234e86dd..0575f657 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -680,8 +680,13 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass, } } + if (fflush(pwfile) || fsync(fileno(pwfile))) { + D(("fflush or fsync error writing entries to old passwords file: %m")); + err = 1; + } + if (fclose(pwfile)) { - D(("error writing entries to old passwords file: %m")); + D(("fclose error writing entries to old passwords file: %m")); err = 1; } @@ -795,8 +800,13 @@ PAMH_ARG_DECL(int unix_update_passwd, } fclose(opwfile); + if (fflush(pwfile) || fsync(fileno(pwfile))) { + D(("fflush or fsync error writing entries to password file: %m")); + err = 1; + } + if (fclose(pwfile)) { - D(("error writing entries to password file: %m")); + D(("fclose error writing entries to password file: %m")); err = 1; } @@ -916,8 +926,13 @@ PAMH_ARG_DECL(int unix_update_shadow, } fclose(opwfile); + if (fflush(pwfile) || fsync(fileno(pwfile))) { + D(("fflush or fsync error writing entries to shadow file: %m")); + err = 1; + } + if (fclose(pwfile)) { - D(("error writing entries to shadow file: %m")); + D(("fclose error writing entries to shadow file: %m")); err = 1; } -- cgit v1.2.3 From fd1b9361a937f8b565d0d55179da359122e1fc96 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 25 Mar 2009 10:54:23 +0000 Subject: Relevant BUGIDs: 2487654 Purpose of commit: bugfix Commit summary: --------------- 2009-03-25 Thorsten Kukuk * modules/pam_mkhomedir/pam_mkhomedir.c: Make option handling reentrant (#2487654) (_pam_parse): Fix umask option. * modules/pam_unix/passverify.c: Fix typo. * modules/pam_issue/pam_issue.c: Fix compiler warning. * modules/pam_ftp/pam_ftp.c: Likewise. --- ChangeLog | 13 +++++++- modules/pam_ftp/pam_ftp.c | 2 +- modules/pam_issue/pam_issue.c | 2 +- modules/pam_mkhomedir/pam_mkhomedir.c | 57 ++++++++++++++++++----------------- modules/pam_unix/passverify.c | 2 +- po/Linux-PAM.pot | 6 ++-- po/ar.po | 6 ++-- po/as.po | 6 ++-- po/bn_IN.po | 6 ++-- po/ca.po | 6 ++-- po/cs.po | 6 ++-- po/da.po | 6 ++-- po/de.po | 6 ++-- po/es.po | 6 ++-- po/fi.po | 6 ++-- po/fr.po | 6 ++-- po/gu.po | 6 ++-- po/hi.po | 6 ++-- po/hu.po | 6 ++-- po/it.po | 6 ++-- po/ja.po | 6 ++-- po/kk.po | 6 ++-- po/km.po | 6 ++-- po/kn.po | 6 ++-- po/ko.po | 6 ++-- po/ml.po | 6 ++-- po/mr.po | 6 ++-- po/ms.po | 6 ++-- po/nb.po | 6 ++-- po/nl.po | 6 ++-- po/or.po | 6 ++-- po/pa.po | 6 ++-- po/pl.po | 6 ++-- po/pt.po | 6 ++-- po/pt_BR.po | 6 ++-- po/ru.po | 6 ++-- po/si.po | 6 ++-- po/sk.po | 6 ++-- po/sr.po | 6 ++-- po/sr@latin.po | 6 ++-- po/sv.po | 6 ++-- po/ta.po | 6 ++-- po/te.po | 6 ++-- po/tr.po | 6 ++-- po/uk.po | 6 ++-- po/zh_CN.po | 6 ++-- po/zh_TW.po | 6 ++-- po/zu.po | 6 ++-- 48 files changed, 174 insertions(+), 160 deletions(-) (limited to 'modules/pam_unix/passverify.c') diff --git a/ChangeLog b/ChangeLog index b2346a48..c556ff84 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,14 @@ +2009-03-25 Thorsten Kukuk + + * modules/pam_mkhomedir/pam_mkhomedir.c: Make option handling + reentrant (#2487654) + (_pam_parse): Fix umask option. + + * modules/pam_unix/passverify.c: Fix typo. + + * modules/pam_issue/pam_issue.c: Fix compiler warning. + * modules/pam_ftp/pam_ftp.c: Likewise. + 2009-03-25 Pavol Šimo * po/sk.po: Updated translations. @@ -39,7 +50,7 @@ * tests/tst-pam_mkargv.c (main): Fix for non-64bit architectures. -2009-03-03 Tomas Mraz +2009-03-03 Tomas Mraz * modules/pam_unix/pam_unix_acct.c(_unix_run_verify_binary): Test for abnormal exit of the helper binary. diff --git a/modules/pam_ftp/pam_ftp.c b/modules/pam_ftp/pam_ftp.c index 7c546511..a124795b 100644 --- a/modules/pam_ftp/pam_ftp.c +++ b/modules/pam_ftp/pam_ftp.c @@ -172,7 +172,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, /* XXX: Some effort should be made to verify this email address! */ if (!(ctrl & PAM_IGNORE_EMAIL)) { - char *sptr; + char *sptr = NULL; token = strtok_r(resp, "@", &sptr); retval = pam_set_item(pamh, PAM_RUSER, token); diff --git a/modules/pam_issue/pam_issue.c b/modules/pam_issue/pam_issue.c index 7a8a24d5..060baada 100644 --- a/modules/pam_issue/pam_issue.c +++ b/modules/pam_issue/pam_issue.c @@ -145,7 +145,7 @@ read_issue_raw(pam_handle_t *pamh, FILE *fp, char **prompt) return PAM_BUF_ERR; } - if (fread(issue, 1, st.st_size, fp) != st.st_size) { + if ((off_t)fread(issue, 1, st.st_size, fp) != st.st_size) { pam_syslog(pamh, LOG_ERR, "read error: %m"); _pam_drop(issue); return PAM_SERVICE_ERR; diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c index 419b525a..b81708f2 100644 --- a/modules/pam_mkhomedir/pam_mkhomedir.c +++ b/modules/pam_mkhomedir/pam_mkhomedir.c @@ -64,50 +64,52 @@ #define MKHOMEDIR_DEBUG 020 /* be verbose about things */ #define MKHOMEDIR_QUIET 040 /* keep quiet about things */ -static char UMask[16] = "0022"; -static char SkelDir[BUFSIZ] = "/etc/skel"; /* THIS MODULE IS NOT THREAD SAFE */ +struct options_t { + int ctrl; + const char *umask; + const char *skeldir; +}; +typedef struct options_t options_t; -static int -_pam_parse (const pam_handle_t *pamh, int flags, int argc, const char **argv) +static void +_pam_parse (const pam_handle_t *pamh, int flags, int argc, const char **argv, + options_t *opt) { - int ctrl = 0; + opt->ctrl = 0; + opt->umask = "0022"; + opt->skeldir = "/etc/skel"; /* does the appliction require quiet? */ if ((flags & PAM_SILENT) == PAM_SILENT) - ctrl |= MKHOMEDIR_QUIET; + opt->ctrl |= MKHOMEDIR_QUIET; /* step through arguments */ for (; argc-- > 0; ++argv) { if (!strcmp(*argv, "silent")) { - ctrl |= MKHOMEDIR_QUIET; + opt->ctrl |= MKHOMEDIR_QUIET; } else if (!strcmp(*argv, "debug")) { - ctrl |= MKHOMEDIR_DEBUG; + opt->ctrl |= MKHOMEDIR_DEBUG; } else if (!strncmp(*argv,"umask=",6)) { - strncpy(SkelDir,*argv+6,sizeof(UMask)); - UMask[sizeof(UMask)-1] = '\0'; + opt->umask = *argv+6; } else if (!strncmp(*argv,"skel=",5)) { - strncpy(SkelDir,*argv+5,sizeof(SkelDir)); - SkelDir[sizeof(SkelDir)-1] = '\0'; + opt->skeldir = *argv+5; } else { pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); } } - - D(("ctrl = %o", ctrl)); - return ctrl; } /* Do the actual work of creating a home dir */ static int -create_homedir (pam_handle_t *pamh, int ctrl, +create_homedir (pam_handle_t *pamh, options_t *opt, const struct passwd *pwd) { int retval, child; struct sigaction newsa, oldsa; /* Mention what is happening, if the notification fails that is OK */ - if (!(ctrl & MKHOMEDIR_QUIET)) + if (!(opt->ctrl & MKHOMEDIR_QUIET)) pam_info(pamh, _("Creating directory '%s'."), pwd->pw_dir); @@ -121,8 +123,8 @@ create_homedir (pam_handle_t *pamh, int ctrl, memset(&newsa, '\0', sizeof(newsa)); newsa.sa_handler = SIG_DFL; sigaction(SIGCHLD, &newsa, &oldsa); - - if (ctrl & MKHOMEDIR_DEBUG) { + + if (opt->ctrl & MKHOMEDIR_DEBUG) { pam_syslog(pamh, LOG_DEBUG, "Executing mkhomedir_helper."); } @@ -145,8 +147,8 @@ create_homedir (pam_handle_t *pamh, int ctrl, /* exec the mkhomedir helper */ args[0] = x_strdup(MKHOMEDIR_HELPER); args[1] = pwd->pw_name; - args[2] = UMask; - args[3] = SkelDir; + args[2] = x_strdup(opt->umask); + args[3] = x_strdup(opt->skeldir); execve(MKHOMEDIR_HELPER, args, envp); @@ -173,11 +175,11 @@ create_homedir (pam_handle_t *pamh, int ctrl, sigaction(SIGCHLD, &oldsa, NULL); /* restore old signal handler */ - if (ctrl & MKHOMEDIR_DEBUG) { + if (opt->ctrl & MKHOMEDIR_DEBUG) { pam_syslog(pamh, LOG_DEBUG, "mkhomedir_helper returned %d", retval); } - if (retval != PAM_SUCCESS && !(ctrl & MKHOMEDIR_QUIET)) { + if (retval != PAM_SUCCESS && !(opt->ctrl & MKHOMEDIR_QUIET)) { pam_error(pamh, _("Unable to create and initialize directory '%s'."), pwd->pw_dir); } @@ -192,13 +194,14 @@ PAM_EXTERN int pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char **argv) { - int retval, ctrl; + int retval; + options_t opt; const void *user; const struct passwd *pwd; struct stat St; /* Parse the flag values */ - ctrl = _pam_parse(pamh, flags, argc, argv); + _pam_parse(pamh, flags, argc, argv, &opt); /* Determine the user name so we can get the home directory */ retval = pam_get_item(pamh, PAM_USER, &user); @@ -220,14 +223,14 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, /* Stat the home directory, if something exists then we assume it is correct and return a success*/ if (stat(pwd->pw_dir, &St) == 0) { - if (ctrl & MKHOMEDIR_DEBUG) { + if (opt.ctrl & MKHOMEDIR_DEBUG) { pam_syslog(pamh, LOG_DEBUG, "Home directory %s already exists.", pwd->pw_dir); } return PAM_SUCCESS; } - return create_homedir(pamh, ctrl, pwd); + return create_homedir(pamh, &opt, pwd); } /* Ignore */ diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 0575f657..8cf95c33 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -1011,7 +1011,7 @@ su_sighandler(int sig) /* emulate the behaviour of the SA_RESETHAND flag */ if ( sig == SIGILL || sig == SIGTRAP || sig == SIGBUS || sig = SIGSERV ) { struct sigaction sa; - memset(&sa, '\0, sizeof(sa)); + memset(&sa, '\0', sizeof(sa)); sa.sa_handler = SIG_DFL; sigaction(sig, &sa, NULL); } diff --git a/po/Linux-PAM.pot b/po/Linux-PAM.pot index 9ec9f1a4..83d34275 100644 --- a/po/Linux-PAM.pot +++ b/po/Linux-PAM.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -349,12 +349,12 @@ msgstr "" msgid "You have mail in folder %s." msgstr "" -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "" diff --git a/po/ar.po b/po/ar.po index 7bd8c1f1..f89802aa 100644 --- a/po/ar.po +++ b/po/ar.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: @PACKAGE@\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2001-07-13 15:36+0200\n" "Last-Translator: Novell Language \n" "Language-Team: Novell Language \n" @@ -349,12 +349,12 @@ msgstr "لديك بريد قديم في مجلد %s." msgid "You have mail in folder %s." msgstr "لديك بريد في مجلد %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "" diff --git a/po/as.po b/po/as.po index 8ddd4cb8..c4df2665 100644 --- a/po/as.po +++ b/po/as.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM.tip\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-10-13 11:23+0530\n" "Last-Translator: Amitakhya Phukan \n" "Language-Team: Assamese\n" @@ -351,12 +351,12 @@ msgstr "%s ফোলডাৰত আপোনাৰ পুৰণি ডাক msgid "You have mail in folder %s." msgstr "%s ফোল্ডাৰত আপোনাৰ ডাক আছে ।" -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "'%s' পঞ্জিকা সৃষ্টি কৰা হৈছে ।" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "%s পঞ্জিকা সৃষ্টি কৰিব নোৱাৰি: %m" diff --git a/po/bn_IN.po b/po/bn_IN.po index 574a73a4..2a8d8891 100644 --- a/po/bn_IN.po +++ b/po/bn_IN.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM.tip\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-10-20 12:40+0530\n" "Last-Translator: Runa Bhattacharjee \n" "Language-Team: Bengali INDIA \n" @@ -349,12 +349,12 @@ msgstr "%s ফোল্ডারে পুরোনো মেইল উপস্ msgid "You have mail in folder %s." msgstr "%s ফোল্ডারে মেইল উপস্থিত রয়েছে।" -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "'%s' ডিরেক্টরি নির্মাণ করা হচ্ছে।" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "ডিরেক্টরি %s নির্মাণ করতে ব্যর্থ: %m" diff --git a/po/ca.po b/po/ca.po index f1d6e285..52037a51 100644 --- a/po/ca.po +++ b/po/ca.po @@ -17,7 +17,7 @@ msgid "" msgstr "" "Project-Id-Version: linux-PAM\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-10-15 16:10+0200\n" "Last-Translator: Xavier Queralt Mateu \n" "Language-Team: Catalan \n" @@ -359,12 +359,12 @@ msgstr "Teniu correu antic a la carpeta %s." msgid "You have mail in folder %s." msgstr "Teniu correu a la carpeta %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "Creant el directori '%s'." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "No s'ha pogut crear el directori %s: %m" diff --git a/po/cs.po b/po/cs.po index 13a0b06b..7eff55d4 100644 --- a/po/cs.po +++ b/po/cs.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2009-03-24 15:22+0100\n" "Last-Translator: Tomas Mraz \n" "Language-Team: cs_CZ \n" @@ -350,12 +350,12 @@ msgstr "Máte starou poštu ve složce %s." msgid "You have mail in folder %s." msgstr "Máte poštu ve složce %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "Vytváření adresáře '%s'." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "Nezdařilo se vytvořit a inicializovat adresář '%s'." diff --git a/po/da.po b/po/da.po index bdc727a7..e29818c5 100644 --- a/po/da.po +++ b/po/da.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: @PACKAGE@\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2005-08-16 20:00+0200\n" "Last-Translator: Novell Language \n" "Language-Team: Novell Language \n" @@ -354,12 +354,12 @@ msgstr "Du har gammel e-mail i mappe %s." msgid "You have mail in folder %s." msgstr "Du har e-mail i mappe %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "" diff --git a/po/de.po b/po/de.po index 29efb20a..6a921826 100644 --- a/po/de.po +++ b/po/de.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2009-02-25 18:04+01:00\n" "Last-Translator: Fabian Affolter \n" "Language-Team: German \n" @@ -355,12 +355,12 @@ msgstr "Sie haben alte Nachrichten in %s." msgid "You have mail in folder %s." msgstr "Sie haben Nachrichten in %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "Erstelle Verzeichnis '%s'." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "Verzeichnis %s kann nicht erstellt und initialisiert werden: %m" diff --git a/po/es.po b/po/es.po index aba7bbb4..cc13e479 100644 --- a/po/es.po +++ b/po/es.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM.tip.es\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2009-03-18 22:51-0300\n" "Last-Translator: Domingo Becker \n" "Language-Team: Fedora Spanish \n" @@ -357,12 +357,12 @@ msgstr "Tiene correo antiguo en la carpeta %s." msgid "You have mail in folder %s." msgstr "Tiene correo en la carpeta %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "Creando directorio '%s'." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "No se pudo crear e inicializar el directorio '%s'." diff --git a/po/fi.po b/po/fi.po index a6355b84..635613b6 100644 --- a/po/fi.po +++ b/po/fi.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2006-05-04 08:30+0200\n" "Last-Translator: Jyri Palokangas \n" "Language-Team: \n" @@ -352,12 +352,12 @@ msgstr "Sinulla on vanhaa postia kansiossa %s." msgid "You have mail in folder %s." msgstr "Sinulla on postia kansiossa %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "" diff --git a/po/fr.po b/po/fr.po index f7685d61..1b8ce892 100644 --- a/po/fr.po +++ b/po/fr.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: pam.fr2\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-10-19 18:59+0200\n" "Last-Translator: Pablo Martin-Gomez \n" "Language-Team: Français \n" @@ -362,12 +362,12 @@ msgstr "Vous avez un ancien message dans le dossier %s." msgid "You have mail in folder %s." msgstr "Vous avez des messages dans le dossier %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "Création du répertoire « %s »." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "Impossible de créer le répertoire %s : %m" diff --git a/po/gu.po b/po/gu.po index 4f1f4242..af787cf0 100644 --- a/po/gu.po +++ b/po/gu.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM.tip.gu\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-03-13 14:29+0530\n" "Last-Translator: Ankit Patel \n" "Language-Team: Gujarati \n" @@ -352,12 +352,12 @@ msgstr "તમારી પાસે ફોલ્ડર %s માં જૂન msgid "You have mail in folder %s." msgstr "તમારી પાસે ફોલ્ડર %s માં મેઈલ છે." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "ડિરેક્ટરી '%s' બનાવી રહ્યા છીએ." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "ડિરેક્ટરી %s બનાવવામાં અસમર્થ: %m" diff --git a/po/hi.po b/po/hi.po index 0cb486cf..76fbcbf3 100644 --- a/po/hi.po +++ b/po/hi.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: hi\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2007-06-21 15:22+0530\n" "Last-Translator: Rajesh Ranjan \n" "Language-Team: Hindi \n" @@ -352,12 +352,12 @@ msgstr "आपके लिए %s फोल्डर में पुरान msgid "You have mail in folder %s." msgstr "आपके लिए %s फोल्डर में मेल है." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "" diff --git a/po/hu.po b/po/hu.po index 70980d3a..793e4320 100644 --- a/po/hu.po +++ b/po/hu.po @@ -12,7 +12,7 @@ msgid "" msgstr "" "Project-Id-Version: pam\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2009-03-20 20:53+0100\n" "Last-Translator: Sulyok Péter \n" "Language-Team: Hungarian \n" @@ -355,12 +355,12 @@ msgstr "%s mappában régi levél van." msgid "You have mail in folder %s." msgstr "%s mappában levelek vannak." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "\"%s\" mappa teremtése" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "„%s” mapa nem teremthető meg." diff --git a/po/it.po b/po/it.po index 8bfbf1c7..b02c0844 100644 --- a/po/it.po +++ b/po/it.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM.tip\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-10-21 13:21+1000\n" "Last-Translator: \n" "Language-Team: \n" @@ -361,12 +361,12 @@ msgstr "La cartella %s contiene vecchie email." msgid "You have mail in folder %s." msgstr "La cartella %s contiene email." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "Creazione della directory \"%s\"." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "Impossibile creare la directory %s: %m" diff --git a/po/ja.po b/po/ja.po index af470f3f..0e60f50e 100644 --- a/po/ja.po +++ b/po/ja.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM.tip.ja\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-10-21 15:08+1000\n" "Last-Translator: Kiyoto Hashida \n" "Language-Team: Japanese \n" @@ -349,12 +349,12 @@ msgstr "フォルダ%sに古いメールがあります。" msgid "You have mail in folder %s." msgstr "フォルダ%sにメールがあります。" -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "ディレクトリ '%s' を作成中" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "ディレクトリ %s を作成できません: %m" diff --git a/po/kk.po b/po/kk.po index 7044607d..9ad15390 100644 --- a/po/kk.po +++ b/po/kk.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM 1.0.3\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2009-02-26 13:07+0600\n" "Last-Translator: Baurzhan M. \n" "Language-Team: Kazakh \n" @@ -349,12 +349,12 @@ msgstr "Сізде %s бумасында ескі поштаңыз бар." msgid "You have mail in folder %s." msgstr "Сізде %s бумасында поштаңыз бар." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "'%s' бумасын құру." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "%s бумасын құру мүмкін емес: %m" diff --git a/po/km.po b/po/km.po index d8d891d0..b7f435d5 100644 --- a/po/km.po +++ b/po/km.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2006-03-17 10:32+0700\n" "Last-Translator: Khoem Sokhem \n" "Language-Team: Khmer \n" @@ -353,12 +353,12 @@ msgstr "អ្នក​មាន​សំបុត្រ​ចាស់​នៅ msgid "You have mail in folder %s." msgstr "អ្នក​មាន​សំបុត្រ​នៅ​ក្នុង​ថត %s ។" -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "" diff --git a/po/kn.po b/po/kn.po index 990b80fb..87f47610 100644 --- a/po/kn.po +++ b/po/kn.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM.tip.kn\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-10-20 12:29+0530\n" "Last-Translator: Shankar Prasad \n" "Language-Team: Kannada \n" @@ -349,12 +349,12 @@ msgstr "%s ಫೋಲ್ಡರಿನಲ್ಲಿ ನಿಮಗಾಗಿ ಹಳೆ msgid "You have mail in folder %s." msgstr "%s ಫೋಲ್ಡರಿನಲ್ಲಿ ನಿಮಗಾಗಿ ಮೈಲ್ ಇದೆ." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "ಕೋಶ '%s' ಅನ್ನು ರಚಿಸಲಾಗುತ್ತಿದೆ." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "ಕೋಶ '%s' ಅನ್ನು ರಚಿಸಲು ಸಾಧ್ಯವಾಗಿಲ್ಲ.: %m" diff --git a/po/ko.po b/po/ko.po index 073908c6..765ef30a 100644 --- a/po/ko.po +++ b/po/ko.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: ko\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2007-06-22 10:02+1000\n" "Last-Translator: Eunju Kim \n" "Language-Team: Korean \n" @@ -349,12 +349,12 @@ msgstr "%s 폴더에 오래된 메일이 있습니다." msgid "You have mail in folder %s." msgstr "%s 폴더에 메일이 있습니다." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "" diff --git a/po/ml.po b/po/ml.po index f5f1e724..bdee9399 100644 --- a/po/ml.po +++ b/po/ml.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM.tip.ml\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-10-20 12:50+0530\n" "Last-Translator: \n" "Language-Team: \n" @@ -349,12 +349,12 @@ msgstr "%s ഫോള്‍ഡറില്‍ നിങ്ങള്‍ക്ക msgid "You have mail in folder %s." msgstr "%s ഫോള്‍ഡറില്‍ നിങ്ങള്‍ക്ക് മെയില്‍ ഉണ്ട്." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "'%s' ഡയറക്ടറി ഉണ്ടാക്കുന്നു." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "%s ഡയറക്ടറി ഉണ്ടാക്കുവാന്‍ സാധ്യമായില്ല: %m" diff --git a/po/mr.po b/po/mr.po index b01106e8..001b76c3 100644 --- a/po/mr.po +++ b/po/mr.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM.tip\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-10-10 07:07+0530\n" "Last-Translator: Sandeep Shedmake \n" "Language-Team: marathi\n" @@ -350,12 +350,12 @@ msgstr "संचयीका %s अंतर्गत जुणे मेल msgid "You have mail in folder %s." msgstr "संचयीका %s अंतर्गत मेल आढळले गेले." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "संचयीका '%s' बनवित आहे." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "संचयीका %s बनवू शकत नाही: %m" diff --git a/po/ms.po b/po/ms.po index 015bd787..2bb4dc11 100644 --- a/po/ms.po +++ b/po/ms.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: linux-pam\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-09-25 23:52+0800\n" "Last-Translator: Sharuzzaman Ahmat Raslan \n" "Language-Team: Malay \n" @@ -379,12 +379,12 @@ msgstr "" msgid "You have mail in folder %s." msgstr "Pemindahan mel dalam proses" -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, fuzzy, c-format msgid "Creating directory '%s'." msgstr "Menbuat direktori initrd" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "gagal untuk mencipta direktori %s: %s\n" diff --git a/po/nb.po b/po/nb.po index 2675b6f7..4772803e 100644 --- a/po/nb.po +++ b/po/nb.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-04-30 12:59+0200\n" "Last-Translator: Olav Pettershagen \n" "Language-Team: \n" @@ -349,12 +349,12 @@ msgstr "Du har ulest e-post i mappen %s." msgid "You have mail in folder %s." msgstr "Du har e-post i mappen %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "Oppretter katalog «%s»." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "Kan ikke opprette katalog %s: %m" diff --git a/po/nl.po b/po/nl.po index d8196c3d..fcfebc6d 100644 --- a/po/nl.po +++ b/po/nl.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-10-20 23:45+0200\n" "Last-Translator: Peter van Egdom \n" "Language-Team: Dutch \n" @@ -355,12 +355,12 @@ msgstr "U hebt oude e-mail in map %s." msgid "You have mail in folder %s." msgstr "U hebt e-mail in map %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "Aanmaken van map '%s'." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "Niet in staat om map %s aan te maken: %m" diff --git a/po/or.po b/po/or.po index 0ad84901..d14ee6bb 100644 --- a/po/or.po +++ b/po/or.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM.tip.or\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-09-30 11:42+0530\n" "Last-Translator: Manoj Kumar Giri \n" "Language-Team: Oriya\n" @@ -354,12 +354,12 @@ msgstr "ଆପଣଙ୍କ ନିକଟରେ %s ଫୋଲଡରରେ ପୁର msgid "You have mail in folder %s." msgstr "ଆପଣଙ୍କ ନିକଟରେ %s ଫୋଲଡରରେ ଚିଠି ଅଛି।" -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "ଡ଼ିରେକ୍ଟୋରୀ '%s' ନିର୍ମାଣ କରୁଅଛି." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "ଡ଼ିରେକ୍ଟୋରୀ '%s' ନିର୍ମାଣ କରିବାରେ ଅସମର୍ଥ: %m" diff --git a/po/pa.po b/po/pa.po index e05f44d4..ab098b8a 100644 --- a/po/pa.po +++ b/po/pa.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM.pa\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2005-08-06 08:34+0530\n" "Last-Translator: Amanpreet Singh Alam[ਆਲਮ] \n" "Language-Team: Panjabi \n" @@ -354,12 +354,12 @@ msgstr "" msgid "You have mail in folder %s." msgstr "" -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "" diff --git a/po/pl.po b/po/pl.po index cda0d50a..a6fef45d 100644 --- a/po/pl.po +++ b/po/pl.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: pl\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2009-02-26 22:10+0100\n" "Last-Translator: Piotr Drąg \n" "Language-Team: Polish \n" @@ -355,12 +355,12 @@ msgstr "Stare wiadomości w folderze %s." msgid "You have mail in folder %s." msgstr "Wiadomości w folderze %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "Tworzenie katalogu \"%s\"." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "Nie można utworzyć i zainicjować katalogu \"%s\"." diff --git a/po/pt.po b/po/pt.po index b2b56235..81f51390 100644 --- a/po/pt.po +++ b/po/pt.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM.pt\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2006-05-03 21:54+0200\n" "Last-Translator: Antonio Cardoso Martins \n" "Language-Team: portuguese\n" @@ -350,12 +350,12 @@ msgstr "Tem correio electrónico antigo na pasta %s." msgid "You have mail in folder %s." msgstr "Tem correio electrónico na pasta %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "" diff --git a/po/pt_BR.po b/po/pt_BR.po index f20d5802..25b11eb7 100644 --- a/po/pt_BR.po +++ b/po/pt_BR.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM.tip\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2009-02-20 12:41-0300\n" "Last-Translator: Taylon \n" "Language-Team: Brazilian Portuguese \n" @@ -352,12 +352,12 @@ msgstr "Há mensagens antigas na pasta %s." msgid "You have mail in folder %s." msgstr "Há mensagens na pasta %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "Criando o diretório '%s'." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "Impossível criar e inicializar o diretório \"%s\"." diff --git a/po/ru.po b/po/ru.po index 05d46438..da3a77eb 100644 --- a/po/ru.po +++ b/po/ru.po @@ -11,7 +11,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM.tip\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-02-23 20:11+0300\n" "Last-Translator: Andrew Martynov \n" "Language-Team: Russian \n" @@ -362,12 +362,12 @@ msgstr "Есть старая почта в папке %s." msgid "You have mail in folder %s." msgstr "Есть почта в папке %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "Создание каталога '%s'." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "Невозможно создать каталог %s: %m" diff --git a/po/si.po b/po/si.po index c65e5f71..588080a1 100644 --- a/po/si.po +++ b/po/si.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: si\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2007-06-22 12:24+0530\n" "Last-Translator: Danishka Navin \n" "Language-Team: Sinhala \n" @@ -350,12 +350,12 @@ msgstr "%s බහලුම තුළ ඔබට පරණ තැපැල් ඇ msgid "You have mail in folder %s." msgstr "%s බහලුම තුළ ඔබට තැපැල් ඇත." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "" diff --git a/po/sk.po b/po/sk.po index 8764ebd1..ab6a31c9 100644 --- a/po/sk.po +++ b/po/sk.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2009-03-24 22:24+0100\n" "Last-Translator: Pavol Šimo \n" "Language-Team: Slovak \n" @@ -357,12 +357,12 @@ msgstr "Máte starú poštu v priečinku %s." msgid "You have mail in folder %s." msgstr "Máte poštu v priečinku %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "Vytváranie priečinka '%s'." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "Nedá sa vytvoriť a inicializovať priečinok '%s'." diff --git a/po/sr.po b/po/sr.po index b3ab5b92..24dc6b00 100644 --- a/po/sr.po +++ b/po/sr.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-04-05 10:48+0100\n" "Last-Translator: Miloš Komarčević \n" "Language-Team: Serbian (sr) \n" @@ -355,12 +355,12 @@ msgstr "Имате старе поруке у директоријуму %s." msgid "You have mail in folder %s." msgstr "Имате поруке у директоријуму %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "Правим директоријум „%s“." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "Не могу да направим директоријум %s: %m" diff --git a/po/sr@latin.po b/po/sr@latin.po index aa3a03ab..7efd4120 100644 --- a/po/sr@latin.po +++ b/po/sr@latin.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-04-05 10:48+0100\n" "Last-Translator: Miloš Komarčević \n" "Language-Team: Serbian (sr) \n" @@ -355,12 +355,12 @@ msgstr "Imate stare poruke u direktorijumu %s." msgid "You have mail in folder %s." msgstr "Imate poruke u direktorijumu %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "Pravim direktorijum „%s“." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "Ne mogu da napravim direktorijum %s: %m" diff --git a/po/sv.po b/po/sv.po index d3a3b240..cac76674 100644 --- a/po/sv.po +++ b/po/sv.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2009-02-11 12:22+0100\n" "Last-Translator: Daniel Nylander \n" "Language-Team: Swedish \n" @@ -355,12 +355,12 @@ msgstr "Du har gamla brev i katalogen %s." msgid "You have mail in folder %s." msgstr "Du har brev i katalogen %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "Skapar katalogen \"%s\"." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "Kan inte skapa katalogen %s: %m" diff --git a/po/ta.po b/po/ta.po index 5de88254..fdb9662e 100644 --- a/po/ta.po +++ b/po/ta.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: ta\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2007-06-21 15:33+0530\n" "Last-Translator: I felix \n" "Language-Team: Tamil \n" @@ -352,12 +352,12 @@ msgstr "உங்களுக்கு %s அடைவில் பழைய அ msgid "You have mail in folder %s." msgstr "உங்களுக்கு %s அடைவில் அஞ்சல் உள்ளது." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "" diff --git a/po/te.po b/po/te.po index 40baa213..4244913e 100644 --- a/po/te.po +++ b/po/te.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: te\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-10-22 16:24+0530\n" "Last-Translator: Krishna Babu K \n" "Language-Team: Telugu \n" @@ -352,12 +352,12 @@ msgstr "మీరు ఫోల్డరు %sనందు పాతమెయి msgid "You have mail in folder %s." msgstr "మీరు ఫోల్డరు %sనందు మెయిల్‌ను కలిగివున్నారు." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "డెరెక్టరీ '%s' సృష్టించుట." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "డైరెక్టరీ %sను సృష్టించలేక పోయింది: %m" diff --git a/po/tr.po b/po/tr.po index cf900008..0b196051 100644 --- a/po/tr.po +++ b/po/tr.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2006-05-03 19:00+0200\n" "Last-Translator: Koray Löker \n" "Language-Team: Türkçe \n" @@ -349,12 +349,12 @@ msgstr "%s dizininde okunmuş iletiniz var" msgid "You have mail in folder %s." msgstr "%s dizininde iletiniz var" -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "" diff --git a/po/uk.po b/po/uk.po index 9100ce7a..e4f88ba1 100644 --- a/po/uk.po +++ b/po/uk.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM.uk\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2006-05-03 18:59+0200\n" "Last-Translator: Ivan Petrouchtchak \n" "Language-Team: Ukrainian \n" @@ -352,12 +352,12 @@ msgstr "Ви маєте стару пошту в теці %s." msgid "You have mail in folder %s." msgstr "Ви маєте пошту в теці %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "" diff --git a/po/zh_CN.po b/po/zh_CN.po index 71d57f44..36c8c6ba 100644 --- a/po/zh_CN.po +++ b/po/zh_CN.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM.tip\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-10-20 15:43+1000\n" "Last-Translator: Leah Liu \n" "Language-Team: Simplified Chinese \n" @@ -350,12 +350,12 @@ msgstr "您在文件夹 %s 中有旧邮件。" msgid "You have mail in folder %s." msgstr "您在文件夹 %s 中有邮件。" -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "创建目录 '%s'。" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "无法创建目录 %s:%m" diff --git a/po/zh_TW.po b/po/zh_TW.po index 922c1f08..c5095d11 100644 --- a/po/zh_TW.po +++ b/po/zh_TW.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM.tip\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-10-21 15:51+1000\n" "Last-Translator: Terry Chuang \n" "Language-Team: \n" @@ -350,12 +350,12 @@ msgstr "資料夾 %s 中有您的舊郵件。" msgid "You have mail in folder %s." msgstr "資料夾 %s 中有您的郵件。" -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "建立目錄「%s」。" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "無法建立 %s 目錄:%m" diff --git a/po/zu.po b/po/zu.po index bbbbb252..88590f93 100644 --- a/po/zu.po +++ b/po/zu.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2006-11-03 12:03\n" "Last-Translator: Novell Language \n" "Language-Team: Novell Language \n" @@ -346,12 +346,12 @@ msgstr "Unemeyili endala kwifolda %s." msgid "You have mail in folder %s." msgstr "Unemeyili kwifolda %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "" -- cgit v1.2.3