* modules/pam_access/pam_access.c: separate resolving of IP addresses
from hostnames. Don't resolve TTYs or display variables as hostname
(#834).
Add "nodns" option to disallow resolving of tokens as hostname.
* modules/pam_access/pam_access.8.xml: document nodns option
* modules/pam_access/access.conf.5.xml: document that hostnames should
be written as FQHN.
While building any documentation requires xsltproc, only the PDF
documentation requires fop, which is dependency-heavy, and not always
available (e.g. it is not included in RHEL). This allows the HTML
documentation to be built while skipping the PDFs.
* modules/pam_access/access.conf.5.xml: `LOCAL` keyword behaviour
explanation was focused on the development internals. Let's clarify it
by rephrasing it to something a sysadmin can understand.
Resolves: https://issues.redhat.com/browse/RHEL-39943
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
* modules/pam_access/pam_access.c: match the local address regardless of
the IP version in use.
In some circumstances the `localhost` may be translated to IPv4 or IPv6,
but the configuration file only indicated the address for one of the two
versions. Since the originating value is set in `PAM_RHOST` and PAM has
no control over it, let's match the local addresses regardless of the IP
version in use.
Resolves: https://issues.redhat.com/browse/RHEL-23018
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
This also prevents a potential NULL pointer dereference in
pam_get_authtok_internal and pam_get_authtok_verify when
the pamh argument they access is set to NULL.
gdbm_close() used to return void, later it was changed to return int.
We cannot assume either way and have to check whether gdbm_close()
returns int.
Fixes: 45c2c496dc ("pam_userdb: enable GDBM support")
When creating a socket pipe for communication between the parent and the
child process, each of these two processes should keep just one of these
socket pipe descriptors.
At the end of the loop the iterator `i` can be equal to
`PAM_MAX_RESP_SIZE`, which will cause an index call outside the array
in the `input[i] = '\0';`
Signed-off-by: Dmitry V. Levin <ldv@strace.io>
On my non-representative hardware, the full build using autotools
(./autogen.sh && CFLAGS=-O2 ./configure && make -j`nproc` && make -j`nproc` install)
takes about 45 seconds.
On the same hardware, the full build using meson
(meson setup -Doptimization=2 dir && meson compile -C dir && meson install -C dir)
takes just about 7.5 seconds.
As crypt_r is expected to return a pointer into a provided crypt_data
struct, callers should not modify the string returned by crypt_r after
freeing the corresponding crypt_data struct.
Co-authored-by: Dmitry V. Levin <ldv@strace.io>
The utmp database is unreliable for counting logged in users, since
there is no standard which defines who should create an entry at which
time for which reason. And it has a Y2038 problem with glibc/x86-64.
Query systemd-logind for the number of user sessions instead.
Since systemd added new types of classes (e.g. manager*), we cannot
use the count of all sessions anymore, but have to check which class
this is.
This is backward compatible, systemd v209 or newer is required.
Given that in most places config.h is included unconditionally,
there is no point in keeping remaining HAVE_CONFIG_H checks.
Public header files do not use config.h and therefore
are not affected by this change anyway.
