~roguescholar/pam/+git/upstream:ldv/do-not-call-pam_sm_authenticate

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

6bd4e4e... by "Dmitry V. Levin" <email address hidden> on 2024-01-09

pam_usertype: do not call pam_sm_authenticate

Calling an exported function from the module is unsafe as there is no
guarantee that the function that will be actually called is the one that
is provided by the module.

* modules/pam_usertype/pam_usertype.c (pam_sm_authenticate): Rename
to pam_usertype, add static qualifier, remove "flags" argument.
Update all callers. Add a new pam_sm_authenticate as a thin wrapper
around pam_usertype.

5085af5... by "Dmitry V. Levin" <email address hidden> on 2024-01-09

pam_succeed_if: do not call pam_sm_authenticate

Calling an exported function from the module is unsafe as there is no
guarantee that the function that will be actually called is the one that
is provided by the module.

* modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Rename
to pam_succeed_if, add static qualifier, remove "flags" argument.
Update all callers. Add a new pam_sm_authenticate as a thin wrapper
around pam_succeed_if.

1f1dff7... by "Dmitry V. Levin" <email address hidden> on 2024-01-09

pam_sepermit: do not call pam_sm_authenticate

Calling an exported function from the module is unsafe as there is no
guarantee that the function that will be actually called is the one that
is provided by the module.

* modules/pam_sepermit/pam_sepermit.c (pam_sm_authenticate): Rename
to pam_sepermit, add static qualifier, remove "flags" argument.
Update all callers. Add a new pam_sm_authenticate as a thin wrapper
around pam_sepermit.

66106ea... by "Dmitry V. Levin" <email address hidden> on 2024-01-09

pam_localuser: do not call pam_sm_authenticate

Calling an exported function from the module is unsafe as there is no
guarantee that the function that will be actually called is the one that
is provided by the module.

* modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Rename
to pam_localuser, add static qualifier, remove "flags" argument.
Update all callers. Add a new pam_sm_authenticate as a thin wrapper
around pam_localuser.

29b17de... by "Dmitry V. Levin" <email address hidden> on 2024-01-09

pam_listfile: do not call pam_sm_authenticate

Calling an exported function from the module is unsafe as there is no
guarantee that the function that will be actually called is the one that
is provided by the module.

* modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): Rename
to pam_listfile, add static qualifier, remove "flags" argument.
Update all callers. Add a new pam_sm_authenticate as a thin wrapper
around pam_listfile.

8295f09... by "Dmitry V. Levin" <email address hidden> on 2024-01-09

pam_lastlog: do not call pam_sm_authenticate

Calling an exported function from the module is unsafe as there is no
guarantee that the function that will be actually called is the one that
is provided by the module.

* modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Rename to
pam_auth, add static qualifier, remove "flags" argument.
Update all callers. Add a new pam_sm_authenticate as a thin wrapper
around pam_auth.

49b0b16... by "Dmitry V. Levin" <email address hidden> on 2024-01-09

pam_access: do not call pam_sm_authenticate

Calling an exported function from the module is unsafe as there is no
guarantee that the function that will be actually called is the one that
is provided by the module.

* modules/pam_access/pam_access.c (pam_sm_authenticate): Rename to
pam_access, add static qualifier, remove "flags" argument.
Update all callers. Add a new pam_sm_authenticate as a thin wrapper
around pam_access.

8750f00... by "Dmitry V. Levin" <email address hidden> on 2024-01-08

pam_listfile: log all option errors

The parser of module options used to bail out after the first option
error without checking other options. With this change, while the
return code semantics remains unchanged, all option errors are logged.

* modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): Log all
option errors.

74d7248... by "Dmitry V. Levin" <email address hidden> on 2024-01-07

pam_listfile: consistently log unknown options

In most cases the parser of module options already logs unknown options
before returning, but in two cases it didn't.

* modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): Log unknown
onerr= and sense= options.

2894abe... by Andreas Vögele on 2024-01-05

pam_access: add quiet_log option

If quiet_log option is specified, no "access denied" message is logged.

* modules/pam_access/pam_access.c (struct login_info): Add quiet_log.
(parse_args): Initialize it.
(pam_sm_authenticate): Use it.
* modules/pam_access/pam_access.8.xml: Document quiet_log option.

Closes: https://github.com/linux-pam/linux-pam/issues/706