| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Fixes #263
* modules/pam_env/pam_env.c (_assemble_line): Do not error out if at feof()
|
|
|
|
|
| |
* configure.ac (AC_INIT): Raise version to 1.5.0.
* NEWS: Update.
|
|
|
|
|
| |
modules/pam_ftp/pam_ftp.c: free anon_user before returning as it may be
still in use.
|
|
|
|
|
| |
modules/pam_faillock/main.c: remove store statement since the value is
only read in the enclosing expression.
|
|
|
|
|
| |
libpam/pam_dispatch: remove store statement since the value is never
read.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* ci/run-build-and-tests.sh (DISTCHECK_CONFIGURE_FLAGS): Remove
--enable-tally --enable-tally2.
* configure.ac: Remove --enable-tally and --enable-tally2 options.
(AM_CONDITIONAL): Remove COND_BUILD_PAM_TALLY and COND_BUILD_PAM_TALLY2.
(AC_CONFIG_FILES): Remove modules/pam_tally/Makefile and
modules/pam_tally2/Makefile.
* doc/sag/pam_tally.xml: Remove.
* doc/sag/pam_tally2.xml: Likewise.
* doc/sag/Linux-PAM_SAG.xml: Do not include pam_tally.xml and
pam_tally2.xml.
* modules/Makefile.am (MAYBE_PAM_TALLY, MAYBE_PAM_TALLY2): Remove.
(SUBDIRS): Remove MAYBE_PAM_TALLY and MAYBE_PAM_TALLY2.
* modules/pam_tally/.gitignore: Remove.
* modules/pam_tally/Makefile.am: Likewise.
* modules/pam_tally/README.xml: Likewise.
* modules/pam_tally/faillog.h: Likewise.
* modules/pam_tally/pam_tally.8.xml: Likewise.
* modules/pam_tally/pam_tally.c: Likewise.
* modules/pam_tally/pam_tally_app.c: Likewise.
* modules/pam_tally/tst-pam_tally: Likewise.
* modules/pam_tally2/.gitignore: Likewise.
* modules/pam_tally2/Makefile.am: Likewise.
* modules/pam_tally2/README.xml: Likewise.
* modules/pam_tally2/pam_tally2.8.xml: Likewise.
* modules/pam_tally2/pam_tally2.c: Likewise.
* modules/pam_tally2/pam_tally2_app.c: Likewise.
* modules/pam_tally2/tallylog.h: Likewise.
* modules/pam_tally2/tst-pam_tally2: Likewise.
* modules/pam_timestamp/pam_timestamp_check.8.xml: Fix typo by replacing
pam_tally with pam_timestamp.
* po/POTFILES.in: Remove ./modules/pam_tally/pam_tally_app.c,
./modules/pam_tally/pam_tally.c, ./modules/pam_tally2/pam_tally2_app.c,
and ./modules/pam_tally2/pam_tally2.c.
* NEWS: Document this change.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* ci/install-dependencies.sh: Remove libcrack2-dev.
* ci/run-build-and-tests.sh (DISTCHECK_CONFIGURE_FLAGS): Remove
--enable-cracklib=check.
* conf/pam.conf: Remove references to pam_cracklib.so.
* configure.ac: Remove --enable-cracklib option.
(AC_SUBST): Remove LIBCRACK.
(AM_CONDITIONAL): Remove COND_BUILD_PAM_CRACKLIB.
(AC_CONFIG_FILES): Remove modules/pam_cracklib/Makefile.
* doc/sag/pam_cracklib.xml: Remove.
* doc/sag/Linux-PAM_SAG.xml: Do not include pam_cracklib.xml.
* modules/Makefile.am (MAYBE_PAM_CRACKLIB): Remove.
(SUBDIRS): Remove MAYBE_PAM_CRACKLIB.
* modules/pam_cracklib/Makefile.am: Remove.
* modules/pam_cracklib/README.xml: Likewise.
* modules/pam_cracklib/pam_cracklib.8.xml: Likewise.
* modules/pam_cracklib/pam_cracklib.c: Likewise.
* modules/pam_cracklib/tst-pam_cracklib: Likewise.
* xtests/tst-pam_cracklib1.c: Likewise.
* xtests/tst-pam_cracklib1.pamd: Likewise.
* xtests/tst-pam_cracklib2.c: Likewise.
* xtests/tst-pam_cracklib2.pamd: Likewise.
* modules/pam_pwhistory/pam_pwhistory.8.xml: Replace pam_cracklib
in examples with pam_passwdqc.
* modules/pam_unix/pam_unix.8.xml: Likewise.
* po/POTFILES.in: Remove ./modules/pam_cracklib/pam_cracklib.c.
* xtests/.gitignore: Remove tst-pam_cracklib1 and tst-pam_cracklib2.
* xtests/Makefile.am (EXTRA_DIST): Remove tst-pam_cracklib1.pamd
and tst-pam_cracklib2.pamd.
(XTESTS): Remove tst-pam_cracklib1 and tst-pam_cracklib2.
* NEWS: Document this change.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Exported functions already have these attributes, add them to other functions.
This enables compilers to find format specifier mismatches, like:
foo_print("Hello %d", "world")
* m4/warn_lang_flags.m4 (gl_WARN_ADD): Add -Wmissing-format-attribute.
* conf/pam_conv1/Makefile.am (AM_CFLAGS): Add -I$(top_srcdir)/libpam/include.
* conf/pam_conv1/pam_conv_y.y: Include <security/_pam_types.h>.
(yyerror): Add printf format attribute.
* modules/pam_pwhistory/opasswd.c (helper_log_err): Likewise.
* modules/pam_rootok/pam_rootok.c (log_callback): Likewise.
* modules/pam_tally/pam_tally.c (tally_log): Likewise.
* modules/pam_tally2/pam_tally2.c (tally_log): Likewise.
* modules/pam_unix/passverify.c (helper_log_err): Likewise.
|
|
|
|
|
|
|
| |
Currently translated at 100.0% (122 of 122 strings).
Co-authored-by: Milo Casagrande <milo@milo.name>
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/it/
|
|
|
|
|
|
|
| |
Currently translated at 100.0% (122 of 122 strings).
Co-authored-by: Yaron Shahrabani <sh.yaron@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/he/
|
|
|
|
|
| |
modules/pam_motd/pam_motd.c: set NULL value instead of "key user" for the
prompt when dropping privileges.
|
| |
|
|
|
|
| |
This reverts commit 1b087edc7f05237bf5eccc405704cd82b848e761.
|
|
|
|
|
|
| |
modules/pam_motd/pam_motd.8.xml: document file filtering of motd
messages.
NEWS: annotate change.
|
|
|
|
|
|
|
|
|
| |
modules/pam_motd/pam_motd.c: filter motd by user and group owning the
proper files. This is achieved by changing the ids of the process
reading the files from root to the target user.
Resolves:
https://bugzilla.redhat.com/show_bug.cgi?id=1861640
|
|
|
|
|
|
| |
args_parse function pass "conf=" argument to set_conf_opt() after handling by self.
set_conf_opt is not able to handle "conf" argument and write error:
sddm-helper[415]: pam_faillock(sddm:auth): Unknown option: conf
|
|
|
|
|
|
|
| |
modules/pam_namespace/pam_namespace.8.xml: delete obsolete information
about polyinstantiation and refer to gdm's documentation.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1861841
|
|
|
|
|
|
|
|
|
|
| |
When running systemd service with DynamicUser being set, the dynamic UID
might be not mapped to user name (/etc/nsswitch.conf is not configured
with systemd nss module).
The getuidname() routine might return NULL and this is not checked by callee.
Signed-off-by: Anton D. Kachalov <rnouse@google.com>
|
|
|
|
|
| |
modules/pam_wheel/pam_wheel.8.xml: indicate that use_uid option uses the
real uid of the calling process.
|
|
|
|
|
|
|
|
| |
modules/pam_wheel/pam_wheel.c: if getlogin fails to obtain the real user
ID, then try with PAM_RUSER.
Resolves:
https://bugzilla.redhat.com/show_bug.cgi?id=1866866
|
|
|
|
|
| |
modules/pam_wheel/pam_wheel.c: improve indentation and explicitly state
condition statements
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some distributions do not build pam_unix, e.g. ALT uses pam_tcb instead.
Add a configure option to disable build of pam_unix so that those who
choose not to build pam_unix no longer have to edit modules/Makefile.am
file. The default is unchanged, i.e. build of pam_unix is enabled.
* configure.ac (AC_ARG_ENABLE): Add unix.
(AM_CONDITIONAL): Add COND_BUILD_PAM_UNIX.
* modules/Makefile.am [COND_BUILD_PAM_UNIX] (MAYBE_PAM_UNIX): Define.
(SUBDIRS): Replace pam_unix with $(COND_BUILD_PAM_UNIX).
|
|
|
|
|
|
|
|
|
| |
This makes them built with full RELRO if -Wl,-z,relro is specified.
* m4/ld-z-now.m4: New file.
* m4/.gitignore: Add it to exclude list.
* configure.ac: Call PAM_LD_Z_NOW.
(EXE_LDFLAGS): Append $ZNOW_LDFLAGS.
|
|
|
|
|
|
|
|
|
|
|
|
| |
This makes all installed executables built with @EXE_CFLAGS@ and
@EXE_LDFLAGS@.
* modules/pam_mkhomedir/Makefile.am (mkhomedir_helper_CFLAGS,
mkhomedir_helper_LDFLAGS): New variables.
* modules/pam_tally/Makefile.am (pam_tally_CFLAGS, pam_tally_LDFLAGS):
Likewise.
* modules/pam_tally2/Makefile.am (pam_tally2_CFLAGS,
pam_tally2_LDFLAGS): Likewise.
|
|
|
|
|
|
|
|
|
| |
There are going to be other options added to CFLAGS and LDFLAGS
of executables made along with modules.
* configure.ac (EXE_CFLAGS, EXE_LDFLAGS): New variables initialized from
PIE_CFLAGS and PIE_LDFLAGS, respectively. AC_SUBST them instead of
PIE_CFLAGS and PIE_LDFLAGS. All users updated.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before this change, every normal build of Linux-PAM used to contain
the following diagnostics:
checking for libprelude-config... no
checking for libprelude - version >= 0.9.0... no
*** The libprelude-config script installed by LIBPRELUDE could not be found
*** If LIBPRELUDE was installed in PREFIX, make sure PREFIX/bin is in
*** your path, or set the LIBPRELUDE_CONFIG environment variable to the
*** full path to libprelude-config.
Given that libprelude-config is rarely used nowadays,
the first two lines of diagnostics should be enough.
* m4/libprelude.m4 (AM_PATH_LIBPRELUDE): When libprelude-config
is not found, do not print the lengthy diagnostics unless
--with-libprelude-prefix was specified.
|
|
|
|
|
|
|
| |
* configure.ac: Rewrite -fpie/pie check using AC_LINK_IFELSE to make
the code more readable. Add --enable-pie=check support and make it
the default, terminate if --enable-pie is specified but -fpie/pie
support is not available.
|
|
|
|
|
| |
* m4/ld-no-undefined.m4: Rewrite using AC_LINK_IFELSE to create a more readable
autoconf macro.
|
|
|
|
|
| |
* m4/ld-as-needed.m4: Rewrite using AC_LINK_IFELSE to create a more readable
autoconf macro.
|
|
|
|
|
| |
* m4/ld-O1.m4: Rewrite using AC_LINK_IFELSE to create a more readable
autoconf macro.
|
|
|
|
|
|
|
|
|
| |
Rewrite using AC_CACHE_CHECK to create a more readable autoconf macro.
* m4/attribute.m4: New file.
* m4/japhar_grep_cflags.m4: Remove.
* m4/.gitignore: Replace japhar_grep_cflags.m4 with attribute.m4.
* configure.ac: Replace AC_C___ATTRIBUTE__ with PAM_ATTRIBUTE_UNUSED.
|
|
|
|
|
|
| |
This way -Wcast-align will be tested regardless of the target machine.
* m4/warn_lang_flags.m4: Add gl_WARN_ADD([-Wcast-align=strict]).
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As the old machinery was not prepared for adding compiler options
conditionally when the compiler supports them, replace it with
a new machinery that implements this.
* m4/warnings.m4: New file.
* m4/warn_lang_flags.m4: Likewise.
* m4/.gitignore: Add exclusions for them.
* m4/japhar_grep_cflags.m4 (JAPHAR_GREP_CFLAGS): Remove.
* configure.ac: Call pam_WARN_LANG_FLAGS. Remove all uses
of JAPHAR_GREP_CFLAGS.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apparently, gcc is also not smart enough to infer the alignment
of structure fields, for details see
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89133
Use unions to avoid these casts altogether, this fixes compilation
warnings reported by gcc on arm, e.g.:
md5.c: In function 'MD5Update':
md5.c:92:35: error: cast increases required alignment of target type [-Werror=cast-align]
92 | MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in);
| ^
md5.c:101:35: error: cast increases required alignment of target type [-Werror=cast-align]
101 | MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in);
| ^
md5.c: In function 'MD5Final':
md5.c:136:35: error: cast increases required alignment of target type [-Werror=cast-align]
136 | MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in);
| ^
md5.c:147:9: error: cast increases required alignment of target type [-Werror=cast-align]
147 | memcpy((uint32 *)ctx->in + 14, ctx->bits, 2*sizeof(uint32));
| ^
md5.c:149:34: error: cast increases required alignment of target type [-Werror=cast-align]
149 | MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in);
| ^
* modules/pam_namespace/md5.h (struct MD5Context): Replace "buf" and
"in" fields with unions. All users updated.
* modules/pam_unix/md5.h (struct MD5Context): Likewise.
* modules/pam_timestamp/sha1.h (struct sha1_context.pending): Replace
with a union. All users updated.
Complements: v1.4.0~195 ("Fix most of clang -Wcast-align compilation warnings")
|
|
|
|
|
|
|
| |
* modules/pam_namespace/md5.c: Do not check against the list of
architectures that are known to be little-endian, instead check
for WORDS_BIGENDIAN macro defined by AC_C_BIGENDIAN autoconf macro
on big-endian platforms.
|
|
|
|
|
|
|
| |
These retrieved contexts are just passed to libselinux functions and not
printed or otherwise made available to the outside, so a context
translation to human readable MCS/MLS labels is not needed.
(see man:setrans.conf(5))
|
|
|
|
|
|
|
| |
The retrieved context is just passed to libselinux functions and not
printed or otherwise made available to the outside, so a context
translation to human readable MCS/MLS labels is not needed.
(see man:setrans.conf(5))
|
|
|
|
|
| |
libselinux 3.1 deprecated the typedef security_context_t.
Use the underlaying type.
|
|
|
|
|
|
|
| |
These retrieved contexts are just passed to libselinux functions and not
printed or otherwise made available to the outside, so a context
translation to human readable MCS/MLS labels is not needed.
(see man:setrans.conf(5))
|
|
|
|
|
| |
libselinux 3.1 deprecated the typedef security_context_t.
Use the underlaying type.
|
|
|
|
|
|
| |
The retrieved context is just passed to the libselinux function
'selinux_check_access()', so a context translation to human readable
MCS/MLS labels is not needed. (see man:setrans.conf(5))
|
|
|
|
|
| |
libselinux 3.1 deprecated the typedef security_context_t.
Use the underlaying type.
|
|
|
|
|
| |
The matchpathcon family is deprecated.
Use the selabel family.
|
|
|
|
|
| |
libselinux 3.1 deprecated the typedef security_context_t.
Use the underlaying type.
|
| |
|
|
|
|
|
|
|
|
|
| |
see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Obsolete-Macros.html
- update AC_HELP_STRING to AS_HELP_STRING
- update AC_TRY_COMPILE to AC_COMPILE_IFELSE
- update AC_TRY_RUN to AC_RUN_IFELSE
- update AC_TRY_LINK to AC_LINK_IFELSE
|
|
|
|
| |
documentation
|
|
|
|
|
| |
* modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Add comment
about the reason for ignoring PAM_AUTHTOK_ERR.
|
|
|
|
|
|
|
|
|
|
| |
The daysleft otherwise stays uninitialized if there is no shadow entry.
Regression from commit f5adefa.
Fixes #255
* modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Initialize daysleft.
|