| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
* pgp.keys.asc: Replace with the key used to sign v1.5.2.
Resolves: https://github.com/linux-pam/linux-pam/issues/544
|
|
|
|
|
|
|
|
|
|
| |
bcba17939e1b1a568cd4a764534cde74d37078cc started using pam_overwrite_n()
without providing the definition to this function, which causes a build
failure.
modules/pam_timestamp/hmac_openssl_wrapper.c: include pam_inline.h
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
|
|
|
|
|
| |
Currently translated at 100.0% (101 of 101 strings).
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/pa/
|
|
|
|
|
|
| |
man/pam_item_types_std.inc.xml: In the past, PAM_TTY was used for tty
devices and $DISPLAY variables for X-based applications. With the
introduction of PAM_DISPLAY PAM_TTY should only be used for devices.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use empty initialization of structs to minimize the memset() usage, to
reduce the amount of calls which are not sensitive.
Non trivial changes:
- pam_env:
* erase environment variables where possible
- pam_exec:
* erase responce on error
* erase auth token
- pam_pwhistory:
* erase buffers containing old passwords
- pam_selinux: skip overwriting data structure consisting of only
pointers to insensitive data, which also gets free'd afterwards (so
it currently does not protect against double-free or use-after-free on
the member pointers)
- pam_unix: erase cipher data in more places
- pam_userdb: erase password hashes
|
| |
|
| |
|
|
|
|
|
|
| |
Non trivial changes:
- erase responses in pam_get_authtok_internal() on error branch
|
|
|
|
|
|
|
|
|
|
| |
Avoid compiler optimizations to elide the memory erasure by using a
secure method: either memset_explicit() [C23], bzero_explicit() [glibc
2.25] or a manual memory barrier.
Since the current helpers _pam_overwrite*() and _pam_drop_reply() are
publicly exported, create new ones in "pam_inline.h" and deprecate the
old ones.
|
|
|
|
|
|
| |
Free the environment variables list via the designated helper
free_string_array() rather than free its elements in a loop, which might
skip some.
|
|
|
|
|
| |
On failure the content of the string pointer passed to asprintf(3) is
undefined. Set to NULL before free'ing the parent array.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The struct utmp from glibc uses on many 64bit architectures a 32bit
time_t for compatibility with a 32bit userland, which means utmp will
not survive the year 2038 (32bit time_t overflow). Use the data from
logind instead of utmp.
* configure.ac: Add option --enable-logind
* modules/pam_issue/Makefile.am: Add CFLAGS/LIBS for logind support
* modules/pam_issue/pam_issue.c: Use sd_get_sessions instead of utmp
* modules/pam_timestamp/Makefile.am: Add CFLAGS/LIBS for logind support
* modules/pam_timestamp/pam_timestamp.c: query logind for login time
|
|
|
|
|
|
| |
Currently translated at 16.8% (17 of 101 strings).
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/sl/
|
|
|
|
|
|
| |
Currently translated at 100.0% (101 of 101 strings).
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/he/
|
|
|
|
|
|
|
|
|
|
| |
Make /usr/lib/pam.d and <vendordir>/pam.d more visible in the standard
manual pages, so that people don't assume there is only /etc/pam.d
* doc/man/pam.8.xml: Don't always speak about /etc/pam.d only
* doc/man/pam.conf-desc.xml: Don't always speak about /etc/pam.d only
* doc/man/pam.conf-dir.xml: Explain search path for pam config files
* doc/man/pam.conf.5.xml: Add filelist with all pam.d directories
|
|
|
|
|
|
|
|
|
|
|
|
| |
pam_lastlog uses utmp, wtmp, btmp and lastlog. None of them is Y2038
safe, even on 64bit architectures. Most 64bit architectures use 32bit
time_t for compat reasons with 32bit userland.
Additionally, all relevant tools for which pam_lastlog would make sense
already have their own support for all four files, so this module will
most likely only create duplicate entries.
* configure.ac: don't build pam_lastlog by default.
* ci/run-build-and-tests.sh: enable pam_lastlog.
|
|
|
|
|
|
|
|
|
| |
utmp uses 32bit time_t for compatibility with 32bit userland on some
64bit systems and is thus not Y2038 safe. Use getlogin() from libc
which avoids using utmp and is more safe than the old utmp-based
implementation by using /proc/self/loginuid.
* libpam/pam_modutil_getlogin.c: Use getlogin() instead of parsing utmp
|
|
|
|
|
|
| |
Currently translated at 100.0% (101 of 101 strings).
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/cs/
|
|
|
|
|
|
| |
Currently translated at 100.0% (101 of 101 strings).
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ko/
|
|
|
|
|
|
| |
Currently translated at 100.0% (101 of 101 strings).
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/hr/
|
|
|
|
|
|
| |
Currently translated at 100.0% (101 of 101 strings).
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/kk/
|
|
|
|
|
|
| |
Currently translated at 100.0% (101 of 101 strings).
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/de/
|
|
|
|
|
|
| |
Currently translated at 100.0% (101 of 101 strings).
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/sv/
|
|
|
|
|
|
| |
Currently translated at 100.0% (101 of 101 strings).
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/fi/
|
|
|
|
|
|
| |
Currently translated at 100.0% (101 of 101 strings).
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/uk/
|
|
|
|
|
|
| |
Currently translated at 100.0% (101 of 101 strings).
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/tr/
|
|
|
|
|
|
| |
Currently translated at 100.0% (101 of 101 strings).
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/pl/
|
|
|
|
|
|
| |
Currently translated at 100.0% (101 of 101 strings).
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ko/
|
|
|
|
|
|
| |
Currently translated at 100.0% (101 of 101 strings).
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ka/
|
|
|
|
|
|
|
|
|
| |
Otherwise the corresponding files are still installed in /etc/security.
* configure.ac (AC_SUBST): Add VENDOR_SCONFIGDIR.
(AM_CONDITIONAL): Add HAVE_VENDORDIR.
* modules/*/Makefile.am (secureconfdir): Set to VENDOR_SCONFIGDIR
if HAVE_VENDORDIR has been set, otherwise to SCONFIGDIR.
|
|
|
|
|
|
|
|
| |
* .github/workflows/ci.yml (clang-14): Change VENDORDIR from /usr/etc to
${prefix}/share/etc, this should help to check that the code no longer
relies on the assumption that VENDORDIR == /usr/etc.
Complements: 0d1c62eb4733 ("ci: make VENDORDIR based on $prefix")
|
|
|
|
|
|
|
| |
* ci/run-build-and-tests.sh: Accept VENDORDIR that does not start with /.
* .github/workflows/ci.yml (VENDORDIR): Change from /usr/etc to
${prefix}/share/etc, this should help to check that the code no longer
relies on the assumption that VENDORDIR == /usr/etc.
|
|
|
|
|
|
|
| |
* modules/pam_env/tst-pam_env-retval.c: Include <errno.h> and <libgen.h>.
[VENDORDIR] (dir, dir_usr, dir_usr_etc): Remove.
[VENDORDIR] (mkdir_p, rmdir_p): New functions.
(setup, cleanup) [VENDORDIR]: Use them.
|
|
|
|
|
|
|
|
| |
* modules/pam_env/tst-pam_env-retval.c: Replace /usr/etc/security with
VENDOR_SCONFIGDIR, /usr/etc with VENDORDIR. Do not define and use
VENDORDIR based variables unless VENDORDIR is defined.
Fixes: 6135c45347b6 ("pam_env: Use vendor specific pam_env.conf and environment as fallback")
|
|
|
|
|
|
| |
* modules/pam_env/pam_env.conf.5.xml: Replace /usr/etc with %vendordir%.
Fixes: 6135c45347b6 ("pam_env: Use vendor specific pam_env.conf and environment as fallback")
|
|
|
|
|
|
|
| |
* modules/pam_env/pam_env.c (VENDOR_DEFAULT_ETC_ENVFILE): Assume that
VENDORDIR already includes "/etc".
Fixes: 6135c45347b6 ("pam_env: Use vendor specific pam_env.conf and environment as fallback")
|
|
|
|
|
|
|
|
|
| |
* configure.ac: Define HAVE_NIS if NIS is enabled.
* modules/pam_unix/Makefile.am: Don't link against yppasswd_xdr.c
if NIS is disabled.
* modules/pam_unix/pam_unix_passwd.c: Don't redefine HAVE_NIS.
Resolves: https://github.com/linux-pam/linux-pam/issues/523
|
|
|
|
|
|
|
|
| |
* libpam/include/pam_cc_compat.h (DIAG_PUSH_IGNORE_FORMAT_NONLITERAL,
DIAG_POP_IGNORE_FORMAT_NONLITERAL): New macros.
* libpam/pam_handlers.c (_pam_open_config_file): Use them to exempt
usage of format string literals from a constant array.
* m4/warn_lang_flags.m4 (gl_WARN_ADD): Add -Wformat=2.
|
|
|
|
|
|
| |
* modules/pam_unix/pam_unix_passwd.c: Wrap checks for configure macros
into defined() operator.
* m4/warn_lang_flags.m4 (gl_WARN_ADD): Add -Wundef.
|
|
|
|
|
|
|
| |
The current codebase should comply with those.
* m4/warn_lang_flags.m4 (gl_WARN_ADD): Add -Winit-self,
-Wnull-dereference, and -Wunused.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use the vendor directory defined by --enable-vendordir=DIR configure
option as fallback for the distribution provided default config file
if there is no configuration in /etc.
* modules/pam_pwhistory/pam_pwhistory.8.xml: Describe pwhistory.conf
* modules/pam_pwhistory/pwhistory_config.c [VENDOR_SCONFIGDIR]
(VENDOR_PWHISTORY_DEFAULT_CONF): New macro.
(parse_config_file) [VENDOR_PWHISTORY_DEFAULT_CONF]: Try to open
VENDOR_PWHISTORY_DEFAULT_CONF if PWHISTORY_DEFAULT_CONF file does not
exist.
|
|
|
|
|
|
| |
* modules/pam_pwhistory/tst-pam_pwhistory-retval.c: New file.
* modules/pam_pwhistory/Makefile.am (TESTS): Add $(check_PROGRAMS).
(check_PROGRAMS, tst_pam_pwhistory_retval_LDADD): New variables.
|
| |
|
|
|
|
|
|
|
| |
Regenerate yppasswd.h and yppasswd_xdr.c from yppasswd.x (libnsl) to
avoid GPL code in a PAM module.
Link: https://github.com/thkukuk/libnsl/blob/master/src/rpcsvc/yppasswd.x
|
|
|
|
|
|
|
|
|
|
| |
Apparently, the PAM_SHL variant cannot be compiled since the very first
commit back in 2005 when it was introduced, and another variant uses
PAM_DYLD which is virtually unknown to search engines.
* libpam/pam_dynamic.c [PAM_SHL || PAM_DYLD]: Remove.
Resolves: https://github.com/linux-pam/linux-pam/issues/477
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
security_getenforce(3) can return -1 on error; either because the
selinuxfs is not mounted or reading from /sys/fs/selinux/enforce failed.
Since security_getenforce(3) is either called after an approving call to
is_selinux_enabled(3) in create_context() or with populated module
data in restore_context(), which requires a previous pass of
create_context(), the selinuxfs should be mounted.
Reading from /sys/fs/selinux/enforce should never fail (except being
prohibited by the SElinux policy itself) since it is a public interface.
In the unlikely case of security_getenforce(3) nevertheless failing
continue execution as if the result was enforcing (likewise to
pam_sepermit and pam_rootok).
|
|
|
|
|
|
|
|
|
| |
* .github/workflows/ci.yml (gcc12-x86_64, clang14-x86_64,
clang13-x86_64): New jobs.
(gcc11-x86_64-vendordir): Rename to gcc12-x86_64-vendordir,
replace gcc-11 with gcc-12.
(clang12-x86_64-vendordir): Rename to clang14-x86_64-vendordir,
replace clang-12 with clang-14.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Switch runners to the latest Ubuntu LTS available, which is currently
Ubuntu 22.04. Also, remove old compiler versions from the ci matrix.
* .github/workflows/ci.yml (gcc8-x86_64, clang10-x86_64, clang9-x86_64,
clang8-x86_64): Remove.
(gcc11-x86_64-vendordir, gcc11-x86_64, gcc10-x86_64, gcc9-x86_64,
clang12-x86_64-vendordir, clang12-x86_64, clang11-x86_64): Replace
ubuntu-20.04 with ubuntu-latest.
Link: https://github.blog/changelog/2022-11-09-github-actions-ubuntu-latest-workflows-will-use-ubuntu-22-04/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
clang-14 insists on issuing the following warning:
In file included from md5_good.c:4:
md5.c:92:15: error: passing 1-byte aligned argument to 4-byte aligned parameter 1 of 'byteReverse' may result in an unaligned pointer access [-Werror,-Walign-mismatch]
byteReverse(ctx->in.c, 16);
^
md5.c:101:15: error: passing 1-byte aligned argument to 4-byte aligned parameter 1 of 'byteReverse' may result in an unaligned pointer access [-Werror,-Walign-mismatch]
byteReverse(ctx->in.c, 16);
^
md5.c:136:15: error: passing 1-byte aligned argument to 4-byte aligned parameter 1 of 'byteReverse' may result in an unaligned pointer access [-Werror,-Walign-mismatch]
byteReverse(ctx->in.c, 16);
^
md5.c:145:14: error: passing 1-byte aligned argument to 4-byte aligned parameter 1 of 'byteReverse' may result in an unaligned pointer access [-Werror,-Walign-mismatch]
byteReverse(ctx->in.c, 14);
^
md5.c:151:14: error: passing 1-byte aligned argument to 4-byte aligned parameter 1 of 'byteReverse' may result in an unaligned pointer access [-Werror,-Walign-mismatch]
byteReverse(ctx->buf.c, 4);
^
* modules/pam_unix/md5.c (byteReverse): Use uint32 instead of
uint8_aligned, update all users.
(uint8_aligned): Remove unused type.
|