~roguescholar/pam/+git/upstream:ldv/free

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

954234f... by "Dmitry V. Levin" <email address hidden> on 2023-12-14

treewide: assume free(NULL) is no-op

The C standard guarantees that if the argument of free() is a null
pointer, no action occurs.

297f0b5... by Tobias Stoeckmann <email address hidden> on 2023-12-12

pam_unix: sp_min and sp_warn must be at least 1

If sp_min or sp_warn are set to 0 or empty (-1), then their respective
features are disabled according to shadow(5).

Signed-off-by: Tobias Stoeckmann <email address hidden>

9ebc140... by Tobias Stoeckmann <email address hidden> on 2023-12-12

pam_unix: allow disabled password aging

According to shadow(5) manual page, an empty sp_lstchg field implies
that password aging is disabled.

This indeed is in sync with shadow's isexpired function.

Signed-off-by: Tobias Stoeckmann <email address hidden>

51a06bc... by Tobias Stoeckmann <email address hidden> on 2023-12-12

pam_unix: sync expiry checks with shadow

The shadow library uses "greater than or equal to" checks instead of
current "greater than" checks in pam_unix.

The account expiry check is already "greater than or equal to" so this
adjustment can even be argued without making references to other
projects.

Signed-off-by: Tobias Stoeckmann <email address hidden>

86506bd... by Tobias Stoeckmann <email address hidden> on 2023-12-12

pam_xauth: simplify check_acl

The strcspn function can easily replace memchr here. The latter would
scan the entire buffer and requires a manual size limitation.

Signed-off-by: Tobias Stoeckmann <email address hidden>

eec4358... by Tobias Stoeckmann <email address hidden> on 2023-12-12

pam_limits: avoid sscanf in parse_config_file

Even though sscanf is easy to use for scanning strings, it has the
drawback that the required memory has to be allocated beforehand.

Since variable "line" is not accessed anymore after sscanf, it is
easier to point into the memory assigned to "line". The function
strtok_r can be used as a replacement for sscanf.

Signed-off-by: Tobias Stoeckmann <email address hidden>

525a62a... by Tobias Stoeckmann <email address hidden> on 2023-12-12

pam_unix: simplify save_old_password

The combination of snprintf and fputs is not needed. It is possible to
call fprintf directly. The previously ignored return value of snprintf
is covered this way as well.

Signed-off-by: Tobias Stoeckmann <email address hidden>

cf492d0... by "Dmitry V. Levin" <email address hidden> on 2023-12-12

treewide: assume getline exists

Apparently, getline is being used unconditionally in pam_namespace and
pam_sepermit. In pam_namespace, it is being used since 2006 when the
module was introduced in the first place.

Let's assume getline is universally available and let's use it
unconditionally in other cases, too.

* configure.ac (AC_CHECK_FUNCS): Remove getline and getdelim.
* libpam/pam_modutil_searchkey.c (pam_modutil_search_key): Use getline
unconditionally.
* modules/pam_pwhistory/opasswd.c (check_old_pass, save_old_pass):
Likewise.
* modules/pam_shells/pam_shells.c (perform_check): Likewise.

f6a171e... by Tobias Stoeckmann <email address hidden> on 2023-12-12

pam_shells: fix regression

The \n at the end of a line has to be removed, otherwise the strcmp
check will always fail.

Fixes: f800c5a85330 ("pam_shells: limit shells to absolute paths")
Signed-off-by: Tobias Stoeckmann <email address hidden>

2c711ce... by Tobias Stoeckmann <email address hidden> on 2023-12-10

pam_unix: fix possible shadow signed overflows

It is possible to trigger signed integer overflows in
check_shadow_expiry if /etc/shadow contains very large values.

Since these values have to be set by a system administrator, it would
already count as a configuration error.

Yet, avoid overflows which would consider accounts which are supposed
to be valid for a veeery long time as already invalid. Also, it would
be undefined behavior for almost all C standards.

Also consider every negative value as invalid, not just -1. The shadow
project has different ways of handling these values, but this approach
is in sync with its lib/isexpired.c implementation.

Signed-off-by: Tobias Stoeckmann <email address hidden>