From 128ded83a0d1d3b5a85b4c20a6c35d9481e23ce5 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 24 Sep 2004 09:18:21 +0000 Subject: [PATCH] Relevant BUGIDs: Purpose of commit: Commit summary: --------------- bugfix: Fix lot of compiler warnings new feature: add broken_shadow option to pam_unix (patch from Linux distributions) --- CHANGELOG | 2 ++ examples/xsh.c | 6 +++--- libpamc/test/regress/Makefile | 2 +- modules/pam_limits/pam_limits.c | 10 +++------- modules/pam_mkhomedir/pam_mkhomedir.c | 24 +++++++++++++----------- modules/pam_unix/README | 2 ++ modules/pam_unix/pam_unix_acct.c | 4 ++++ modules/pam_unix/support.h | 5 ++++- modules/pam_xauth/pam_xauth.c | 2 +- modules/pammodutil/modutil_getlogin.c | 3 ++- modules/pammodutil/modutil_ioloop.c | 10 ++++++---- 11 files changed, 41 insertions(+), 29 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 1593e593..33e26f0e 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -112,6 +112,8 @@ BerliOS Bugs are marked with (BerliOS #XXXX). (from Linux distributors - kukuk) * Add pam_xauth module (Bug 436440 - kukuk) * configure.in: Fix check for libcrypt (Bug 417704 - kukuk) +* Add the "broken_shadow" argument to pam_unix, for ignoring errors + reading shadow information (from Linux distributors - kukuk) 0.77: Mon Sep 23 10:25:42 PDT 2002 diff --git a/examples/xsh.c b/examples/xsh.c index fdbbbfd0..f8fa1426 100644 --- a/examples/xsh.c +++ b/examples/xsh.c @@ -5,14 +5,14 @@ /* Andrew Morgan (morgan@kernel.org) -- an example application * that invokes a shell, based on blank.c */ +#include + #include #include #include #include -#include - #include #include #include @@ -155,7 +155,7 @@ int main(int argc, char **argv) fprintf(stderr,"%s: problem closing a session\n",argv[0]); break; } - + /* `0' could be as above */ retcode = pam_setcred(pamh, PAM_DELETE_CRED); bail_out(pamh,0,retcode,"pam_setcred"); diff --git a/libpamc/test/regress/Makefile b/libpamc/test/regress/Makefile index ff63e5f0..cba474f9 100644 --- a/libpamc/test/regress/Makefile +++ b/libpamc/test/regress/Makefile @@ -1,7 +1,7 @@ CFLAGS = -g -I ../../include test.libpamc: test.libpamc.o - $(CC) -o $@ $< -L ../.. -lpamc + $(CC) -o $@ $(CFLAGS) $< -L ../.. -lpamc clean: rm -f test.libpamc test.libpamc.o diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c index 0d7f2185..536446bd 100644 --- a/modules/pam_limits/pam_limits.c +++ b/modules/pam_limits/pam_limits.c @@ -311,7 +311,7 @@ static void process_limit(int source, const char *lim_type, int limit_item; int limit_type = 0; long limit_value; - const char **endptr = &lim_value; + char *endptr; const char *value_orig = lim_value; if (ctrl & PAM_DEBUG_ARG) @@ -367,14 +367,10 @@ static void process_limit(int source, const char *lim_type, return; } - /* - * there is a warning here because the library prototype for this - * function is incorrect. - */ - limit_value = strtol(lim_value, endptr, 10); + limit_value = strtol (lim_value, &endptr, 10); /* special case value when limiting logins */ - if (limit_value == 0 && value_orig == *endptr) { /* no chars read */ + if (limit_value == 0 && value_orig == endptr) { /* no chars read */ if (strcmp(lim_value,"-") != 0) { _pam_log(LOG_DEBUG,"wrong limit value '%s'", lim_value); return; diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c index 342637c1..11180444 100644 --- a/modules/pam_mkhomedir/pam_mkhomedir.c +++ b/modules/pam_mkhomedir/pam_mkhomedir.c @@ -4,10 +4,10 @@ when the session begins. This allows users to be present in central database (such as nis, kerb or ldap) without using a distributed file system or pre-creating a large number of directories. - + Here is a sample /etc/pam.d/login file for Debian GNU/Linux 2.1: - + auth requisite pam_securetty.so auth sufficient pam_ldap.so auth required pam_pwdb.so @@ -19,11 +19,11 @@ session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required pam_pwdb.so session optional pam_lastlog.so - password required pam_pwdb.so - + password required pam_pwdb.so + Released under the GNU LGPL version 2 or later Originally written by Jason Gunthorpe Feb 1999 - Structure taken from pam_lastlogin by Andrew Morgan + Structure taken from pam_lastlogin by Andrew Morgan 1996 */ @@ -51,6 +51,8 @@ #include #include +#include + /* argument parsing */ #define MKHOMEDIR_DEBUG 020 /* keep quiet about things */ @@ -98,8 +100,8 @@ static int _pam_parse(int flags, int argc, const char **argv) return ctrl; } -/* This common function is used to send a message to the applications - conversion function. Our only use is to ask the application to print +/* This common function is used to send a message to the applications + conversion function. Our only use is to ask the application to print an informative message that we are creating a home directory */ static int converse(pam_handle_t * pamh, int ctrl, int nargs ,struct pam_message **message @@ -191,7 +193,7 @@ static int create_homedir(pam_handle_t * pamh, int ctrl, { _log_err(LOG_DEBUG, "unable to create directory %s",dest); return PAM_PERM_DENIED; - } + } if (chmod(dest,0777 & (~UMask)) != 0 || chown(dest,pwd->pw_uid,pwd->pw_gid) != 0) { @@ -214,7 +216,7 @@ static int create_homedir(pam_handle_t * pamh, int ctrl, } for (Dir = readdir(D); Dir != 0; Dir = readdir(D)) - { + { int SrcFd; int DestFd; int Res; @@ -344,7 +346,7 @@ int pam_sm_open_session(pam_handle_t * pamh, int flags, int argc const char *user; const struct passwd *pwd; struct stat St; - + /* Parse the flag values */ ctrl = _pam_parse(flags, argc, argv); @@ -373,7 +375,7 @@ int pam_sm_open_session(pam_handle_t * pamh, int flags, int argc } /* Ignore */ -PAM_EXTERN +PAM_EXTERN int pam_sm_close_session(pam_handle_t * pamh, int flags, int argc ,const char **argv) { diff --git a/modules/pam_unix/README b/modules/pam_unix/README index d6b1f395..afeee3da 100644 --- a/modules/pam_unix/README +++ b/modules/pam_unix/README @@ -31,5 +31,7 @@ The following options are recognized: nis - use NIS RPC for setting new password remember=X - remember X old passwords, they are kept in /etc/security/opasswd in MD5 crypted form + broken_shadow - ignore errors reading shadow information for + users in the account management module invalid arguments are logged to syslog. diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index 178b6037..58ba93c1 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -128,6 +128,10 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, return PAM_SUCCESS; } + if (!spent) + if (on(UNIX_BROKEN_SHADOW,ctrl)) + return PAM_SUCCESS; + if (!spent) return PAM_AUTHINFO_UNAVAIL; /* Couldn't get username from shadow */ diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h index 3127e6b0..d9212c28 100644 --- a/modules/pam_unix/support.h +++ b/modules/pam_unix/support.h @@ -81,8 +81,10 @@ typedef struct { #define UNIX_LIKE_AUTH 19 /* need to auth for setcred to work */ #define UNIX_REMEMBER_PASSWD 20 /* Remember N previous passwords */ #define UNIX_NOREAP 21 /* don't reap child process */ +#define UNIX_BROKEN_SHADOW 22 /* ignore errors reading password aging + * information during acct management */ /* -------------- */ -#define UNIX_CTRLS_ 22 /* number of ctrl arguments defined */ +#define UNIX_CTRLS_ 23 /* number of ctrl arguments defined */ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = @@ -112,6 +114,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = /* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 01000000}, /* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 02000000}, /* UNIX_NOREAP */ {"noreap", _ALL_ON_, 04000000}, +/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 010000000}, }; #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c index 58dd059a..1f1e65a3 100644 --- a/modules/pam_xauth/pam_xauth.c +++ b/modules/pam_xauth/pam_xauth.c @@ -33,7 +33,7 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. */ -#ident "$Id$" +/* "$Id$" */ #include "../../_pam_aconf.h" #include diff --git a/modules/pammodutil/modutil_getlogin.c b/modules/pammodutil/modutil_getlogin.c index 28616337..1bbb2450 100644 --- a/modules/pammodutil/modutil_getlogin.c +++ b/modules/pammodutil/modutil_getlogin.c @@ -17,7 +17,8 @@ const char *_pammodutil_getlogin(pam_handle_t *pamh) { int status; - const char *logname, *curr_tty; + char *logname; + const char *curr_tty; char *curr_user; struct utmp *ut, line; diff --git a/modules/pammodutil/modutil_ioloop.c b/modules/pammodutil/modutil_ioloop.c index 4176b658..a852a7b8 100644 --- a/modules/pammodutil/modutil_ioloop.c +++ b/modules/pammodutil/modutil_ioloop.c @@ -8,10 +8,13 @@ #include #include +#include +#include "include/security/_pam_modutil.h" + int _pammodutil_read(int fd, char *buffer, int count) { int block, offset = 0; - + while (count > 0) { block = read(fd, &buffer[offset], count); @@ -31,7 +34,7 @@ int _pammodutil_read(int fd, char *buffer, int count) int _pammodutil_write(int fd, const char *buffer, int count) { int block, offset = 0; - + while (count > 0) { block = write(fd, &buffer[offset], count); @@ -44,7 +47,6 @@ int _pammodutil_write(int fd, const char *buffer, int count) offset += block; count -= block; } - + return offset; } - -- 2.40.0