According to the GNU Automake manual, this macro is obsolescent,
and its explicit use should no longer be required.
* configure.ac (AM_PROG_CC_C_O): Remove.
Given that SET_MAKE defined by AC_PROG_MAKE_SET has never been
used directly, and AM_INIT_AUTOMAKE that needs this also calls
AC_PROG_MAKE_SET itself, there is no point in using this macro.
* configure.ac (AC_PROG_MAKE_SET): Remove.
According to the GNU Autoconf manual, this macro is obsolescent,
since current versions of the GNU C compiler fix the header files
automatically when installed.
* configure.ac (AC_PROG_GCC_TRADITIONAL): Remove.
Given that GETGROUPS_T defined by AC_TYPE_GETGROUPS has never been
checked, there is no point in using this macro.
* configure.ac (AC_TYPE_GETGROUPS): Remove.
Given that TM_IN_SYS_TIME that might be defined by AC_STRUCT_TM
has never been checked, there is no point in using this obsolescent
macro.
* configure.ac (AC_STRUCT_TM): Remove.
Given that utmp.h is included unconditionally in other modules,
and neither utmpx.h nor lastlog.h is used nowadays, remove obsolete
checks.
* configure.ac (AC_CHECK_HEADERS): Remove lastlog.h, utmp.h, and utmpx.h.
* modules/pam_lastlog/pam_lastlog.c: Include <utmp.h> unconditionally.
Use the canonical terminal mode (line mode) and set ECHOCTL to prevent
cursor escape from the login prompt using arrows or escape sequences.
ICANON is the default in most cases anyway. ECHOCTL is default on tty, but
for example not on pty, allowing cursor to escape.
Stanislav Brabec <sbrabec@suse.com>
Since audit_log_acct_message() was decorated with warn_unused_result
attribute, compilation of faillock helper produces the following
diagnostics:
main.c: In function 'do_user':
main.c:250:25: warning: ignoring return value of 'audit_log_acct_message' declared with attribute 'warn_unused_result' [-Wunused-result]
Given that this helper has never been picky about audit, e.g.
audit_open() errors do not affect its exit status, just silence this
new warning.
* modules/pam_faillock/main.c [HAVE_LIBAUDIT] (do_user): Silence
compilation warning.
* modules/pam_namespace/pam_namespace.c [WITH_SELINUX] (form_context):
Free SELinux context before returning.
```
Error: RESOURCE_LEAK (CWE-772):
Linux-PAM-1.6.0/modules/pam_namespace/pam_namespace.c:928: alloc_arg: "getexeccon" allocates memory that is stored into "scon".
Linux-PAM-1.6.0/modules/pam_namespace/pam_namespace.c:1004: leaked_storage: Variable "scon" going out of scope leaks the storage it points to.
1002| }
1003| /* Should never get here */
1004|-> return PAM_SUCCESS;
1005| }
1006| #endif
```
Resolves: https://issues.redhat.com/browse/RHEL-36475
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
* modules/pam_timestamp/pam_timestamp.c (pam_sm_authenticate)
[WITH_OPENSSL]: Close the timestamp file if hmac_size returned
an error.
```
Error: RESOURCE_LEAK (CWE-772):
Linux-PAM-1.6.0/modules/pam_timestamp/pam_timestamp.c:450: open_fn: Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.]
Linux-PAM-1.6.0/modules/pam_timestamp/pam_timestamp.c:450: var_assign: Assigning: "fd" = handle returned from "open(path, 131072)".
Linux-PAM-1.6.0/modules/pam_timestamp/pam_timestamp.c:460: noescape: Resource "fd" is not freed or pointed-to in "fstat".
Linux-PAM-1.6.0/modules/pam_timestamp/pam_timestamp.c:484: leaked_handle: Handle variable "fd" going out of scope leaks the handle.
482| #ifdef WITH_OPENSSL
483| if (hmac_size(pamh, debug, &maclen)) {
484|-> return PAM_AUTH_ERR;
485| }
486| #else
```
Resolves: https://issues.redhat.com/browse/RHEL-36475
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
* modules/pam_faillock/pam_faillock.c (check_tally): Close the audit
socket when it will no longer be used.
```
Error: RESOURCE_LEAK (CWE-772):
Linux-PAM-1.6.0/modules/pam_faillock/pam_faillock.c:247: open_fn: Returning handle opened by "audit_open".
Linux-PAM-1.6.0/modules/pam_faillock/pam_faillock.c:247: var_assign: Assigning: "audit_fd" = handle returned from "audit_open()".
Linux-PAM-1.6.0/modules/pam_faillock/pam_faillock.c:256: noescape: Resource "audit_fd" is not freed or pointed-to in "audit_log_user_message".
Linux-PAM-1.6.0/modules/pam_faillock/pam_faillock.c:258: leaked_handle: Handle variable "audit_fd" going out of scope leaks the handle.
256| audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf,
257| rhost, NULL, tty, 1);
258|-> }
259| #endif
260| opts->flags |= FAILLOCK_FLAG_UNLOCKED;
```
Resolves: https://issues.redhat.com/browse/RHEL-36475
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
* modules/pam_env/pam_env.c [USE_ECONF] (econf_read_file): Make sure
the returned array of strings is properly initialized
when econf_getStringValue() fails to return a value.
Since 2011, ChangeLog file is generated from git log history.
ChangeLog-CVS is a historic changelog file that was maintained before
the project was migrated from cvs to git.
CHANGELOG is another historic changelog file that was replaced by
ChangeLog in 2005.
modules/pam_unix/CHANGELOG is the oldest of historic changelog files,
it is not maintained since 1999.
All these historic changelog files are no longer relevant, so they are
no longer included into release tarballs.
libpam/pam_modutil_check_user.c: explicitly convert the character
read from /etc/passwd to type "char" to get the same signedness
as the one compared with. Otherwise the functionality will depend
on the (implementation defined) signedness of "char" on the
platform built for.
Dag-Erling Smørgrav's name was encoded using some encoding other than
UTF-8 (that line predates the UTF-8 consensus). This changes it to use
UTF-8, so that it renders properly and so that editors that guess the
file is UTF-8 do not get confused about it.
Add a helper function to compare two strings for equality, that performs
the same amount of operations based on the first argument, regardless of
the length of the second argument, or the position of the first
difference.
This can be used as defense-in-depth mitigation against timing attacks
of password comparisons.
pam_get_data manual page used to claim that PAM_NO_MODULE_DATA is
returned not only when no module specific data is present but also
when there is a corresponding data entry with NULL value.
As this claim is in contradiction with the implementation and with the
pam manual page, fix pam_get_data manual page.
* doc/man/pam_get_data.3.xml (PAM_NO_MODULE_DATA): Sync with
the implementation and with the pam manual page.
Resolves: https://github.com/linux-pam/linux-pam/pull/780
Call bindtextdomain() only when both the function is available and
the build is configured with --enable-nls.
* libpam/pam_start.c (_pam_start_internal): Guard bindtextdomain()
invocation with ENABLE_NLS.
Complements: v1.6.0~244 ("pam_start.c: call bindtextdomain() to expose Linux-PAM locales")
Resolves: https://github.com/linux-pam/linux-pam/pull/773
Document that pam_env.so is only called by pam_setcred() and
not by pam_authenticate() when added to the auth stack.
Resolves: https://github.com/linux-pam/linux-pam/issues/680
Signed-off-by: Thorsten Kukuk <kukuk@suse.com>
Before the change pam_unix has different behaviours for a user with
empty password for these two `/etc/shadow` entries:
nulloktest:$6$Yy4ty2jJ$bsVQWo8qlXC6UHq1/qTC3UR60ZJKmKApJ3Wj7DreAy8FxlVKtlDnplFQ7jMLVlDqordE7e4t49GvTb.aI59TP0:1::::::
nulloktest::1::::::
The entry with a hash was rejected and the entry without was accepted.
The rejection happened because 9e74e90147 "pam_unix: avoid determining
if user exists" introduced the following rejection check (slightly
simplified):
...
} else if (p[0] == '\0' && nullok) {
if (hash[0] != '\0') {
retval = PAM_AUTH_ERR;
}
We should not reject the user with a hash assuming it's non-empty.
The change does that by pushing empty password check into
`verify_pwd_hash()`.
`NixOS` generates such hashed entries for empty passwords as if they
were non-empty using the following perl code:
sub hashPassword {
my ($password) = @_;
my $salt = "";
my @chars = ('.', '/', 0..9, 'A'..'Z', 'a'..'z');
$salt .= $chars[rand 64] for (1..8);
return crypt($password, '$6$' . $salt . '$');
}
Resolves: https://github.com/linux-pam/linux-pam/issues/758
Fixes: 9e74e90147 "pam_unix: avoid determining if user exists"
Signed-off-by: Sergei Trofimovich <slyich@gmail.com>
When limits.d is processed, pl->conf_file consequently points to
elements of filename_list array which are freed later even though
it can still be used in the logging.
Signed-off-by: Shaleen Bathla <shaleen.bathla@oracle.com>
Co-authored-by: Dmitry V. Levin <ldv@strace.io>
Fixes: f6b973b922 ("Add support for limits.d directory to pam_limits")
