lp:~roguescholar/pam/+git/upstream

Author: Dmitry V. Levin
Author Date: 2024-05-19 15:00:00 UTC

pam_env: fix error handling in econf_read_file

* modules/pam_env/pam_env.c [USE_ECONF] (econf_read_file): Make sure
the returned array of strings is properly initialized
when econf_getStringValue() fails to return a value.

Author: Dmitry V. Levin
Author Date: 2024-05-11 08:00:00 UTC

Move all historic changelog files to a top-level ChangeLog.old directory

Move all historic changelog files away to avoid confusion.

Author: Dmitry V. Levin
Author Date: 2024-05-11 08:00:00 UTC

Move all historic changelog files to a top-level ChangeLog.old directory

Move all historic changelog files away to avoid confusion.

Author: Dmitry V. Levin
Author Date: 2024-04-09 08:00:00 UTC

Prepare for 1.6.1 release

* configure.ac (AC_INIT): Raise version to 1.6.1.
* po/Linux-PAM.pot (Project-Id-Version): Likewise.
* NEWS: Update.

Resolves: https://github.com/linux-pam/linux-pam/issues/774

Author: Dmitry V. Levin
Author Date: 2024-03-31 08:00:00 UTC

pam_start.c: do not call bindtextdomain() unless nls is enabled

Call bindtextdomain() only when both the function is available and
the build is configured with --enable-nls.

* libpam/pam_start.c (_pam_start_internal): Guard bindtextdomain()
invocation with ENABLE_NLS.

Complements: v1.6.0~244 ("pam_start.c: call bindtextdomain() to expose Linux-PAM locales")
Resolves: https://github.com/linux-pam/linux-pam/pull/773

Author: Dmitry V. Levin
Author Date: 2024-01-20 16:00:00 UTC

pam_faildelay: fix compilation warnings on 32bit platforms

Fix the following warning reported by gcc on 32bit platforms:

  pam_faildelay.c: In function 'pam_sm_authenticate':
  pam_faildelay.c:104:34: error: comparison of integer expressions of different signedness: 'long int' and 'unsigned int' [-Werror=sign-compare]
    104 | if (delay < 0 || delay > UINT_MAX)
        | ^
  pam_faildelay.c:123:32: error: comparison of integer expressions of different signedness: 'long int' and 'unsigned int' [-Werror=sign-compare]
    123 | if (delay < 0 || delay > UINT_MAX / S_TO_MICROS)
        | ^

* modules/pam_faildelay/pam_faildelay.c (pam_sm_authenticate): Cast
"delay" to "unsigned long" in comparisons with unsigned int.

Fixes: dd87776d3683 ("pam_faildelay: validate parameter ranges")

Author: Dmitry V. Levin
Author Date: 2024-01-20 08:00:00 UTC

pam_namespace: use sed instead of awk in namespace.init

Given that sed is considered a more lightweight dependency than awk,
and since sed is used by pam_namespace_helper anyway, use sed instead of
awk in namespace.init as well.

* modules/pam_namespace/namespace.init: Use sed instead of awk to obtain
the UMASK value from /etc/login.defs.

Author: Dmitry V. Levin
Author Date: 2024-01-18 17:00:00 UTC

pam_env: fix --enable-vendordir fallback logic

* modules/pam_env/pam_env.c (_parse_config_file) [!USE_ECONF &&
VENDOR_DEFAULT_CONF_FILE]: Do not fallback to vendor pam_env.conf file
if the config file is specified via module arguments.

Link: https://github.com/linux-pam/linux-pam/issues/738
Fixes: v1.5.3~69 ("pam_env: Use vendor specific pam_env.conf and environment as fallback")

Author: Dmitry V. Levin
Author Date: 2024-01-17 08:00:00 UTC

Prepare for 1.6.0 release

* configure.ac (AC_INIT): Raise version to 1.6.0.
* po/Linux-PAM.pot (Project-Id-Version): Likewise.
* NEWS: Update.

Resolves: https://github.com/linux-pam/linux-pam/issues/690

Author: Dmitry V. Levin
Author Date: 2024-01-16 08:00:00 UTC

modules: do not invoke getline(3) unnecessarily

Replace
  while (getline(...) != -1 && retval)
with
  while (retval && getline(...) != -1)

* modules/pam_listfile/pam_listfile.c (pam_listfile): Do not invoke
getline(3) when its result is going to be ignored.
* modules/pam_securetty/pam_securetty.c (securetty_perform_check):
Likewise.

Author: Dmitry V. Levin
Author Date: 2024-01-09 08:00:00 UTC

pam_usertype: do not call pam_sm_authenticate

Calling an exported function from the module is unsafe as there is no
guarantee that the function that will be actually called is the one that
is provided by the module.

* modules/pam_usertype/pam_usertype.c (pam_sm_authenticate): Rename
to pam_usertype, add static qualifier, remove "flags" argument.
Update all callers. Add a new pam_sm_authenticate as a thin wrapper
around pam_usertype.

Author: Dmitry V. Levin
Author Date: 2024-01-08 08:00:00 UTC

pam_listfile: log all option errors

The parser of module options used to bail out after the first option
error without checking other options. With this change, while the
return code semantics remains unchanged, all option errors are logged.

* modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): Log all
option errors.

Author: Dmitry V. Levin
Author Date: 2024-01-01 12:00:00 UTC

pam_unix/passverify: always run the helper to obtain shadow password file entries

Initially, when pam_unix.so verified the password, it used to try to
obtain the shadow password file entry for the given user by invoking
getspnam(3), and only when that didn't work and the effective uid
was nonzero, pam_unix.so used to invoke the helper as a fallback.

When SELinux support was introduced by commit
67aab1ff5515054341a438cf9804e9c9b3a88033, the fallback was extended
also for the case when SELinux was enabled.

Later, commit f220cace205332a3dc34e7b37a85e7627e097e7d extended the
fallback conditions for the case when pam_modutil_getspnam() failed
with EACCES.

Since commit 470823c4aacef5cb3b1180be6ed70846b61a3752, the helper is
invoked as a fallback when pam_modutil_getspnam() fails for any reason.

The ultimate solution for the case when pam_unix.so does not have
permissions to obtain the shadow password file entry is to stop trying
to use pam_modutil_getspnam() and to invoke the helper instead.
Here are two recent examples.

https://github.com/linux-pam/linux-pam/pull/484 describes a system
configuration where libnss_systemd is enabled along with libnss_files
in the shadow entry of nsswitch.conf, so when libnss_files is unable
to obtain the shadow password file entry for the root user, e.g. when
SELinux is enabled, NSS falls back to libnss_systemd which returns
a synthesized shadow password file entry for the root user, which
in turn locks the root user out.

https://bugzilla.redhat.com/show_bug.cgi?id=2150155 describes
essentially the same problem in a similar system configuration.

This commit is the final step in the direction of addressing the issue:
for password verification pam_unix.so now invokes the helper instead of
making the pam_modutil_getspnam() call.

* modules/pam_unix/passverify.c (get_account_info) [!HELPER_COMPILE]:
Always return PAM_UNIX_RUN_HELPER instead of trying to obtain
the shadow password file entry.

Complements: https://github.com/linux-pam/linux-pam/pull/386
Resolves: https://github.com/linux-pam/linux-pam/pull/484
Link: https://github.com/authselect/authselect/commit/1e78f7e048747024a846fd22d68afc6993734e92

Author: Dmitry V. Levin
Author Date: 2023-12-31 08:00:00 UTC

pam_listfile.8: enhance formatting

* modules/pam_listfile/pam_listfile.8.xml: Fix formatting of option
arguments.

Author: Dmitry V. Levin
Author Date: 2023-12-30 20:00:00 UTC

pam_listfile: add a test for return values

* modules/pam_listfile/tst-pam_listfile-retval.c: New file.
* modules/pam_listfile/Makefile.am (TESTS): Add $(check_PROGRAMS).
(check_PROGRAMS, tst_pam_listfile_retval_LDADD): New variables.

Author: Martin Srebotnjak
Author Date: 2023-12-28 23:37:16 UTC

po: update translations using Weblate (Slovenian)

Currently translated at 17.8% (18 of 101 strings).

Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/sl/

Author: Dmitry V. Levin
Author Date: 2023-12-14 08:00:00 UTC

treewide: assume free(NULL) is no-op

The C standard guarantees that if the argument of free() is a null
pointer, no action occurs.

Author: Dmitry V. Levin
Author Date: 2023-12-05 08:00:00 UTC

pam_pwhistory: fix memory leak on error path

* modules/pam_pwhistory/pwhistory_config.c (parse_config_file): Free
the result returned by pam_modutil_search_key when it becomes unused.

Author: Dmitry V. Levin
Author Date: 2023-11-13 08:00:00 UTC

libpam: fix _pam_mkargv return value on error path

* libpam/pam_misc.c (_pam_mkargv): Return 0 in case of memory allocation
failure.

Author: Dmitry V. Levin
Author Date: 2023-11-08 08:00:00 UTC

pam_canonicalize_user: add a test for return values

* modules/pam_canonicalize_user/tst-pam_canonicalize_user-retval.c: New
file.
* modules/pam_canonicalize_user/Makefile.am (TESTS): Add
$(check_PROGRAMS).
(check_PROGRAMS, tst_pam_canonicalize_user_retval_LDADD): New variables.

Author: Dmitry V. Levin
Author Date: 2023-05-23 08:00:00 UTC

.github: add gcc-13 and clang-15 jobs

* .github/workflows/ci.yml (gcc13-x86_64, clang15-x86_64): New jobs.
(gcc12-x86_64-vendordir): Rename to gcc13-x86_64-vendordir,
replace gcc-12 with gcc-13.
(gcc12-x86_64-openssl): Rename to gcc13-x86_64-openssl,
replace gcc-12 with gcc-13.
(clang14-x86_64-vendordir): Rename to clang15-x86_64-vendordir,
replace clang-14 with clang-15.
(clang14-x86_64-openssl): Rename to clang15-x86_64-openssl,
replace clang-14 with clang-15.

Author: Dmitry V. Levin
Author Date: 2023-04-19 08:00:00 UTC

pam_succeed_if: do not use the result of keyword substitution for keyword match

* modules/pam_succeed_if/pam_succeed_if.c (evaluate): Do not use the
result of keyword substitution for keyword match.

Resolves: https://github.com/linux-pam/linux-pam/issues/560

Author: Dmitry V. Levin
Author Date: 2023-04-04 08:00:00 UTC

ci: add --enable-openssl jobs to the ci matrix

Link: https://github.com/linux-pam/linux-pam/pull/550#issuecomment-1490362439

Author: Dmitry V. Levin
Author Date: 2023-04-04 08:00:00 UTC

ci: add --disable-nis jobs to the ci matrix

Author: Dmitry V. Levin
Author Date: 2023-03-31 08:00:00 UTC

treewide: fix unnecessary $ on arithmetic variables

This should fix shellcheck warning SC2004.

Author: Dmitry V. Levin
Author Date: 2023-03-30 20:00:00 UTC

pgp.keys.asc: update

* pgp.keys.asc: Replace with the key used to sign v1.5.2.

Resolves: https://github.com/linux-pam/linux-pam/issues/544

Author: Dmitry V. Levin
Author Date: 2023-01-23 08:00:00 UTC

libpam: remove dead code in pam_dynamic.c

Apparently, the PAM_SHL variant cannot be compiled since the very first
commit back in 2005 when it was introduced, and another variant uses
PAM_DYLD which is virtually unknown to search engines.

* libpam/pam_dynamic.c [PAM_SHL || PAM_DYLD]: Remove.

Resolves: https://github.com/linux-pam/linux-pam/issues/477

Author: Thorsten Kukuk
Author Date: 2022-12-06 16:26:23 UTC

doc/man/Makefile.am: fix XMLS list

The XMLS list of xml sources for the manual pages missed some xml files
and instead contained some nroff sources.

Author: Dmitry V. Levin
Author Date: 2022-07-16 08:00:00 UTC

pam_namespace: make sure the SIGCHLD handler is not reset too early

* modules/pam_namespace/pam_namespace.c (inst_init): Make sure
the SIGCHLD handler is not reset too early by moving the sigaction
call right before the fork call.

Author: Dmitry V. Levin
Author Date: 2022-07-15 08:00:00 UTC

_pam_add_handler: make sure struct handler is properly initialized on error path

* libpam/pam_handlers.c (_pam_add_handler): Use calloc instead of malloc
for struct handler allocation to avoid returning garbage in some fields
of the structure on error path.

Resolves: https://github.com/linux-pam/linux-pam/issues/475

Author: Dmitry V. Levin
Author Date: 2022-06-19 08:00:00 UTC

.github: add a few vendordir enabled jobs

* .github/workflows/ci.yml (gcc11-x86_64-vendordir,
clang12-x86_64-vendordir, gcc11-x86-vendordir): New jobs.

Author: Dmitry V. Levin
Author Date: 2022-04-23 08:00:00 UTC

pam_env: reorder definitions of static functions to avoid forward declarations

* modules/pam_env/pam_env.c (_assemble_line, _parse_line, _check_var,
_clean_var, _expand_arg, _pam_get_item_byname, _define_var,
_undefine_var): Move definitions of static functions before their first
use to avoid forward declarations cluttering the code.

Author: Dmitry V. Levin
Author Date: 2022-04-24 08:00:00 UTC

pam_issue: reorder definitions of static functions to avoid forward declarations

* modules/pam_issue/pam_issue.c (read_issue_raw, read_issue_quoted):
Move definitions of static functions before their first use to avoid
forward declarations cluttering the code.

Author: Stefan Schubert
Author Date: 2021-12-03 13:33:20 UTC

pam_env: add a test of return values

* modules/pam_env/tst-pam_env-retval.c: New file.
* modules/pam_env/Makefile.am (TESTS): Add $(check_PROGRAMS).
(check_PROGRAMS, tst_pam_env_retval_LDADD): New variables.

Co-authored-by: Dmitry V. Levin <ldv@altlinux.org>

Author: Dmitry V. Levin
Author Date: 2022-02-23 08:00:00 UTC

pam_exec: remove redundant free() invocations

In the child process, freeing memory right before pam_syslog()
followed by _exit(ENOMEM) is useless.

* modules/pam_exec/pam_exec.c (call_exec): Do not call free(envlist).

Resolves: https://github.com/linux-pam/linux-pam/issues/444

Author: Dmitry V. Levin
Author Date: 2022-02-23 08:00:00 UTC

pam_exec: remove redundant strdup

In the child process, the elements of argv[] are not modified, so there
is no need to copy strings.

* modules/pam_exec/pam_exec.c (call_exec): Do not call strdup on argv[]
elements during arggv[] initialization.

Resolves: https://github.com/linux-pam/linux-pam/pull/446

Author: Thorsten Kukuk
Author Date: 2009-12-18 12:13:01 UTC

Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2009-12-18 Thorsten Kukuk <kukuk@thkukuk.de>

        * doc/man/Makefile.am (XMLS): Add pam_xauth_data.3.xml.

Author: Tomas Mraz
Author Date: 2008-01-04 17:46:45 UTC

Relevant BUGIDs:

Purpose of commit: new feature

Commit summary:
---------------
        * modules/pam_unix/Makefile.am: Add unix_update helper.
        * modules/pam_unix/pam_unix_passwd.c: Move functions i64c(),
        crypt_md5_wrapper(), save_old_password(), _update_passwd() and
        _update_shadow() to passverify.c file. Rename _unix_run_shadow_binary()
        to _unix_run_update_binary(), which also verifies old password and
        does all writing.
        (_do_setpass, pam_sm_chauthtok): lckpwdf()->lock_pwdf(), the same for unlock.
        Call _unix_run_update_binary() appropriately.
        _update_passwd()->unix_update_passwd(), the same for shadow.
        * modules/pam_unix/passverify.c: Add new functions moved from
        pam_unix_passwd.c and unix_chkpwd.c.
        * modules/pam_unix/passverify.h: Likewise.
        * modules/pam_unix/unix_chkpwd.c: Remove SELinux checks. Move
        su_sighandler(), setup_signals(), getuidname() to passverify.c.
        (main): Remove 'shadow' option. Refactor out read_passwords() and
        call it. More strict checking how the binary is called.
        * modules/pam_unix/unix_update.c: New helper binary - non-setuid,
        called from SELinux confined apps only.

Author: Thorsten Kukuk
Author Date: 2005-10-31 15:30:15 UTC

Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

pam_unix and pam_limits fixes for 0.81 release

Author: Andrew G. Morgan
Author Date: 2000-11-19 23:31:22 UTC

Relevant BUGIDs: task 15788, bugs 108297, 117476, 117474

Purpose of commit: merge in the autoconf stuff

Commit summary:
---------------
this is a merge of the 0-72 autoconf branch to something more
up to date. This commit will be followed by merging this
Linux-PAM-0-73pre-autoconf branch to the main trunk.

Author: Andrew G. Morgan
Author Date: 2000-11-10 17:50:06 UTC

Relevant BUGIDs: task 15788

Purpose of commit: new feature

Commit summary:
---------------
User request to make 'strip' more abstracted: $(STRIP).

Author: Steve Langasek
Author Date: 2000-09-06 19:04:00 UTC

Relevant BUGIDs: task 15788

Purpose of commit: new feature

Commit summary:
---------------
Added config.sub and config.guess, needed for AC_PROG_INSTALL and
related checks.

Author: Andrew G. Morgan
Author Date: 2000-06-20 22:10:38 UTC

Imported 0.72 Linux-PAM sources