eeaf310...
by
"Dmitry V. Levin" <email address hidden>
pam_namespace: use sed instead of awk in namespace.init
Given that sed is considered a more lightweight dependency than awk,
and since sed is used by pam_namespace_helper anyway, use sed instead of
awk in namespace.init as well.
* modules/pam_namespace/namespace.init: Use sed instead of awk to obtain
the UMASK value from /etc/login.defs.
1c9ddfb...
by
Tobias Stoeckmann <email address hidden>
build: correctly set WITH_SELINUX conditional
React on actual test if SELinux is available, not just if SELinux
should be tested for.
Currently the supposedly disabled binaries are still installed even if
SELinux is not available.
Fixes: cb9f88ba944d ("pam_unix: build unix_update only with SELinux enabled")
Signed-off-by: Tobias Stoeckmann <email address hidden>
470b5bd...
by
Tobias Stoeckmann <email address hidden>
pam_unix: do not warn if password aging is disabled
Later checks will print a warning if daysleft is 0. If password
aging is disabled, leave daysleft at -1.
aec921f...
by
Tobias Stoeckmann <email address hidden>
libpam_misc: use size_t for sizes
Theoretically the int might overflow. Use a size_t to protect this
function which might be called from an application, because it is
exposed through pam_misc.h header.
9e4e3e4...
by
Tobias Stoeckmann <email address hidden>
pam_env: remove escaped newlines from econf lines
The libeconf routines do not remove escaped newlines the way we want to
process them later on. Manually remove them from values.
Signed-off-by: Tobias Stoeckmann <email address hidden>
Resolves: https://github.com/linux-pam/linux-pam/issues/738
Fixes: 6135c45347b6 ("pam_env: Use vendor specific pam_env.conf and environment as fallback")
28894b3...
by
"Dmitry V. Levin" <email address hidden>
pam_env: fix --enable-vendordir fallback logic
* modules/pam_env/pam_env.c (_parse_config_file) [!USE_ECONF &&
VENDOR_DEFAULT_CONF_FILE]: Do not fallback to vendor pam_env.conf file
if the config file is specified via module arguments.
560a1c4...
by
Tobias Stoeckmann <email address hidden>
libpam: fix build with --enable-read-both-confs
If configure option --enable-read-both-confs is used, the build
fails with 1.6.0 due to missing stack level depth argument passed to
_pam_parse_conf_file.
pam_namespace.c makes use of SIZE_MAX but doesn't include stdint.h,
resulting in the following build failures on 1.6.0:
pam_namespace.c: In function 'process_line':
pam_namespace.c:649:41: error: 'SIZE_MAX' undeclared (first use in this function)
649 | if (count > UINT_MAX || count > SIZE_MAX / sizeof(uid_t)) {
| ^~~~~~~~
pam_namespace.c:41:1: note: 'SIZE_MAX' is defined in header '<stdint.h>'; did you forget to '#include <stdint.h>'?
40 | #include "argv_parse.h"
+++ |+#include <stdint.h>
41 |
pam_namespace.c:649:41: note: each undeclared identifier is reported only once for each function it appears in
649 | if (count > UINT_MAX || count > SIZE_MAX / sizeof(uid_t)) {
| ^~~~~~~~