From 7c0139009fb67bc1877442954f13e72834fa96b6 Mon Sep 17 00:00:00 2001 From: Packit Bot Date: May 07 2021 04:14:33 +0000 Subject: Source-git repo for imports/c8s/pam-1.3.1-14.el8 --- diff --git a/.packit.yaml b/.packit.yaml index c10457a..e47e356 100644 --- a/.packit.yaml +++ b/.packit.yaml @@ -1,11 +1,18 @@ jobs: - job: copr_build metadata: - targets: &id001 [centos-stream-x86_64] + targets: + - centos-stream-8-x86_64 trigger: pull_request - job: tests metadata: - targets: *id001 + targets: + - centos-stream-8-x86_64 trigger: pull_request +sources: +- path: Linux-PAM-1.3.1.tar.xz + url: https://git.centos.org/sources/pam/c8s/e89b6d279c9bf8cb495dfc0b3f3931eb50f818e9 +- path: pam-redhat-0.99.11.tar.bz2 + url: https://git.centos.org/sources/pam/c8s/42206fe8319723ef23ab646b2eab496c86de3f5b specfile_path: SPECS/pam.spec -upstream_ref: sg-start +upstream_ref: c8s-source-git diff --git a/SPECS/Linux-PAM-1.3.1.tar.xz b/SPECS/Linux-PAM-1.3.1.tar.xz deleted file mode 100644 index 424ac57..0000000 Binary files a/SPECS/Linux-PAM-1.3.1.tar.xz and /dev/null differ diff --git a/SPECS/pam-1.3.1-pam-userdb-prevent-garbage-characters-from-db.patch b/SPECS/pam-1.3.1-pam-userdb-prevent-garbage-characters-from-db.patch new file mode 100644 index 0000000..37b3e72 --- /dev/null +++ b/SPECS/pam-1.3.1-pam-userdb-prevent-garbage-characters-from-db.patch @@ -0,0 +1,111 @@ +From a7453aeeb398d6cbb7a709c4e2a1d75905220fff Mon Sep 17 00:00:00 2001 +From: Stanislav Zidek +Date: Fri, 16 Apr 2021 19:14:18 +0200 +Subject: [PATCH] pam_userdb: Prevent garbage characters from db + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1791965 +--- + modules/pam_userdb/pam_userdb.8.xml | 3 +- + modules/pam_userdb/pam_userdb.c | 56 +++++++++++++++++------------ + 2 files changed, 36 insertions(+), 23 deletions(-) + +diff --git a/modules/pam_userdb/pam_userdb.8.xml b/modules/pam_userdb/pam_userdb.8.xml +index fa628ada..bce92850 100644 +--- a/modules/pam_userdb/pam_userdb.8.xml ++++ b/modules/pam_userdb/pam_userdb.8.xml +@@ -100,7 +100,8 @@ + + + +- Print debug information. ++ Print debug information. Note that password hashes, both from db ++ and computed, will be printed to syslog. + + + +diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c +index dc2ca232..d59801bf 100644 +--- a/modules/pam_userdb/pam_userdb.c ++++ b/modules/pam_userdb/pam_userdb.c +@@ -194,7 +194,7 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode, + } + + if (data.dptr != NULL) { +- int compare = 0; ++ int compare = -2; + + if (ctrl & PAM_KEY_ONLY_ARG) + { +@@ -209,36 +209,48 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode, + char *cryptpw = NULL; + + if (data.dsize < 13) { +- compare = -2; ++ /* hash is too short */ ++ pam_syslog(pamh, LOG_INFO, "password hash in database is too short"); + } else if (ctrl & PAM_ICASE_ARG) { +- compare = -2; ++ pam_syslog(pamh, LOG_INFO, ++ "case-insensitive comparison only works with plaintext passwords"); + } else { ++ /* libdb is not guaranteed to produce null terminated strings */ ++ char *pwhash = strndup(data.dptr, data.dsize); ++ ++ if (pwhash == NULL) { ++ pam_syslog(pamh, LOG_CRIT, "strndup failed: data.dptr"); ++ } else { + #ifdef HAVE_CRYPT_R +- struct crypt_data *cdata = NULL; +- cdata = malloc(sizeof(*cdata)); +- if (cdata != NULL) { +- cdata->initialized = 0; +- cryptpw = crypt_r(pass, data.dptr, cdata); +- } ++ struct crypt_data *cdata = NULL; ++ cdata = malloc(sizeof(*cdata)); ++ if (cdata == NULL) { ++ pam_syslog(pamh, LOG_CRIT, "malloc failed: struct crypt_data"); ++ } else { ++ cdata->initialized = 0; ++ cryptpw = crypt_r(pass, pwhash, cdata); ++ } + #else +- cryptpw = crypt (pass, data.dptr); ++ cryptpw = crypt (pass, pwhash); + #endif +- if (cryptpw && strlen(cryptpw) == (size_t)data.dsize) { +- compare = memcmp(data.dptr, cryptpw, data.dsize); +- } else { +- compare = -2; +- if (ctrl & PAM_DEBUG_ARG) { +- if (cryptpw) +- pam_syslog(pamh, LOG_INFO, "lengths of computed and stored hashes differ"); +- else +- pam_syslog(pamh, LOG_INFO, "crypt() returned NULL"); ++ if (cryptpw && strlen(cryptpw) == (size_t)data.dsize) { ++ compare = memcmp(data.dptr, cryptpw, data.dsize); ++ } else { ++ if (ctrl & PAM_DEBUG_ARG) { ++ if (cryptpw) { ++ pam_syslog(pamh, LOG_INFO, "lengths of computed and stored hashes differ"); ++ pam_syslog(pamh, LOG_INFO, "computed hash: %s", cryptpw); ++ } else { ++ pam_syslog(pamh, LOG_ERR, "crypt() returned NULL"); ++ } ++ } + } +- } + #ifdef HAVE_CRYPT_R +- free(cdata); ++ free(cdata); + #endif ++ } ++ free(pwhash); + } +- + } else { + + /* Unknown password encryption method - +-- +2.30.2 + diff --git a/SPECS/pam-redhat-0.99.11.tar.bz2 b/SPECS/pam-redhat-0.99.11.tar.bz2 deleted file mode 100644 index 6d85e7a..0000000 Binary files a/SPECS/pam-redhat-0.99.11.tar.bz2 and /dev/null differ diff --git a/SPECS/pam.spec b/SPECS/pam.spec index c6b8ed4..551c746 100644 --- a/SPECS/pam.spec +++ b/SPECS/pam.spec @@ -3,7 +3,7 @@ Summary: An extensible library which provides authentication for applications Name: pam Version: 1.3.1 -Release: 14%{?dist} +Release: 15%{?dist} # The library is BSD licensed with option to relicense as GPLv2+ # - this option is redundant as the BSD license allows that anyway. # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+. @@ -65,6 +65,8 @@ Patch47: pam-1.3.1-pam-modutil-close-write.patch Patch48: pam-1.3.1-wheel-pam_ruser-fallback.patch # https://github.com/linux-pam/linux-pam/commit/491e5500b6b3913f531574208274358a2df88659 Patch49: pam-1.3.1-namespace-gdm-doc.patch +# https://github.com/linux-pam/linux-pam/commit/a7453aeeb398d6cbb7a709c4e2a1d75905220fff +Patch50: pam-1.3.1-pam-userdb-prevent-garbage-characters-from-db.patch %define _pamlibdir %{_libdir} %define _moduledir %{_libdir}/security @@ -162,6 +164,7 @@ cp %{SOURCE18} . %patch47 -p1 -b .pam-modutil-close-write %patch48 -p1 -b .wheel-pam_ruser-fallback %patch49 -p1 -b .namespace-gdm-doc +%patch50 -p1 -b .pam-userdb-prevent-garbage-characters-from-db autoreconf -i %build @@ -407,6 +410,9 @@ done %doc doc/specs/rfc86.0.txt %changelog +* Mon May 3 2021 Iker Pedrosa 1.3.1-15 +- pam_userdb: Prevent garbage characters from db (#1791965) + * Thu Nov 5 2020 Iker Pedrosa 1.3.1-14 - Revert 1.3.1-12 diff --git a/autom4te.cache/requests b/autom4te.cache/requests index 4a8e734..daa7768 100644 --- a/autom4te.cache/requests +++ b/autom4te.cache/requests @@ -80,264 +80,264 @@ 'configure.ac' ], { - 'AM_MISSING_HAS_RUN' => 1, - 'AM_AUX_DIR_EXPAND' => 1, - 'LT_CMD_MAX_LEN' => 1, - '_LT_COMPILER_OPTION' => 1, - 'm4_pattern_forbid' => 1, - 'AC_LIBTOOL_LINKER_OPTION' => 1, - 'LT_PATH_NM' => 1, - 'LT_LIB_M' => 1, - '_LT_REQUIRED_DARWIN_CHECKS' => 1, - 'AM_ICONV' => 1, - '_m4_warn' => 1, - 'AC_LIBTOOL_LANG_CXX_CONFIG' => 1, - 'AC_TYPE_UNSIGNED_LONG_LONG_INT' => 1, - 'AC_LIB_FROMPACKAGE' => 1, - 'LT_AC_PROG_GCJ' => 1, - 'LT_AC_PROG_SED' => 1, - 'AC_LIB_PREPARE_MULTILIB' => 1, - 'gl_THREADLIB_EARLY_BODY' => 1, - 'LT_AC_PROG_EGREP' => 1, - 'LT_PATH_LD' => 1, - 'LTVERSION_VERSION' => 1, - '_LT_PROG_F77' => 1, - 'AM_AUTOMAKE_VERSION' => 1, - 'gl_AC_TYPE_UINTMAX_T' => 1, - 'AM_PATH_LIBPRELUDE' => 1, - 'LT_SUPPORTED_TAG' => 1, - 'gt_TYPE_INTMAX_T' => 1, - 'LTDL_CONVENIENCE' => 1, - '_LTDL_SETUP' => 1, + 'AC_LIBTOOL_SYS_HARD_LINK_LOCKS' => 1, 'AM_PATH_PROG_WITH_TEST' => 1, - 'AU_DEFUN' => 1, - 'AC_LTDL_PREOPEN' => 1, - 'AM_PROG_NM' => 1, + 'gt_LC_MESSAGES' => 1, + 'm4_pattern_forbid' => 1, + 'gl_THREADLIB_BODY' => 1, + '_LT_PROG_CXX' => 1, + 'AM_ENABLE_STATIC' => 1, + '_LT_CC_BASENAME' => 1, + 'AC_LIBTOOL_CXX' => 1, + 'AC_ENABLE_FAST_INSTALL' => 1, 'AM_PROG_INSTALL_SH' => 1, - 'AM_SUBST_NOTMAKE' => 1, - 'AM_RUN_LOG' => 1, - 'AM_MISSING_PROG' => 1, - 'LTOPTIONS_VERSION' => 1, - 'AM_GNU_GETTEXT_VERSION' => 1, + '_AM_PROG_TAR' => 1, + '_LT_LINKER_OPTION' => 1, 'AM_PO_SUBDIRS' => 1, - '_LT_AC_FILE_LTDLL_C' => 1, - 'gl_GLIBC21' => 1, + 'AC_LIB_FROMPACKAGE' => 1, + 'AC_PROG_LD_RELOAD_FLAG' => 1, + 'LT_AC_PROG_RC' => 1, + 'AC_DISABLE_SHARED' => 1, 'AC_PATH_TOOL_PREFIX' => 1, - 'AC_LIBLTDL_CONVENIENCE' => 1, + 'AM_PROG_CC_C_O' => 1, + 'AM_SET_DEPDIR' => 1, + 'AC_C___ATTRIBUTE__' => 1, + 'AC_ENABLE_SHARED' => 1, + '_LT_AC_SYS_COMPILER' => 1, + 'AC_LTDL_ENABLE_INSTALL' => 1, + 'AC_DEFUN_ONCE' => 1, + 'AC_DEFUN' => 1, + 'AC_WITH_LTDL' => 1, + '_LT_AC_TAGVAR' => 1, + 'AM_DISABLE_SHARED' => 1, + 'AC_LIBTOOL_SYS_MAX_CMD_LEN' => 1, + '_LT_AC_LANG_F77_CONFIG' => 1, + 'AC_LIBTOOL_SYS_LIB_STRIP' => 1, + 'AM_SANITY_CHECK' => 1, + 'LTVERSION_VERSION' => 1, + '_LT_AC_TAGCONFIG' => 1, + 'gt_PRINTF_POSIX' => 1, + 'AC_LTDL_DLLIB' => 1, + '_LTDL_SETUP' => 1, 'AM_CONDITIONAL' => 1, - 'PAM_LD_O1' => 1, - 'LT_SYS_MODULE_EXT' => 1, - 'AC_DEPLIBS_CHECK_METHOD' => 1, - '_LT_AC_LANG_GCJ_CONFIG' => 1, + 'AM_MISSING_HAS_RUN' => 1, + '_LT_WITH_SYSROOT' => 1, + 'AM_AUX_DIR_EXPAND' => 1, + 'AC_LIB_LINKFLAGS_BODY' => 1, + 'LT_SUPPORTED_TAG' => 1, + 'AC_' => 1, + 'AM_OUTPUT_DEPENDENCY_COMMANDS' => 1, + 'AM_GNU_GETTEXT_NEED' => 1, + 'gt_TYPE_INTMAX_T' => 1, + 'AC_LIBTOOL_PROG_COMPILER_NO_RTTI' => 1, + 'AC_LIBTOOL_LANG_C_CONFIG' => 1, '_AM_CONFIG_MACRO_DIRS' => 1, - 'AC_ENABLE_SHARED' => 1, - 'AC_LIBTOOL_COMPILER_OPTION' => 1, - '_AM_MANGLE_OPTION' => 1, - '_LT_AC_LANG_RC_CONFIG' => 1, - 'AC_LTDL_SYMBOL_USCORE' => 1, - 'AC_LIB_RPATH' => 1, - '_AM_OUTPUT_DEPENDENCY_COMMANDS' => 1, - '_LT_AC_SHELL_INIT' => 1, + 'PKG_CHECK_VAR' => 1, + 'AC_LIBTOOL_LANG_CXX_CONFIG' => 1, + '_AC_PROG_LIBTOOL' => 1, + 'AM_PROG_LD' => 1, 'AC_LIBTOOL_DLOPEN_SELF' => 1, - 'LT_PROG_GCJ' => 1, - 'AM_GNU_GETTEXT_NEED' => 1, - 'm4_include' => 1, - 'LTSUGAR_VERSION' => 1, - 'AM_XGETTEXT_OPTION_INIT' => 1, - 'PKG_HAVE_DEFINE_WITH_MODULES' => 1, - 'AC_ENABLE_STATIC' => 1, - 'AC_LTDL_SHLIBEXT' => 1, - 'AC_LIB_APPENDTOVAR' => 1, - 'AM_SET_LEADING_DOT' => 1, + 'AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH' => 1, + 'gl_THREADLIB' => 1, + 'AC_LIBTOOL_PICMODE' => 1, + 'PKG_CHECK_EXISTS' => 1, 'AC_LIB_ARG_WITH' => 1, - 'AM_ICONV_LINKFLAGS_BODY' => 1, - 'AM_PROG_CC_C_O' => 1, - '_AM_PROG_CC_C_O' => 1, - 'PKG_CHECK_VAR' => 1, + 'AM_GNU_GETTEXT_VERSION' => 1, + '_LT_AC_PROG_ECHO_BACKSLASH' => 1, + 'AC_LTDL_SHLIBPATH' => 1, + '_AM_MANGLE_OPTION' => 1, + 'AC_LIB_PROG_LD' => 1, + 'gt_GLIBC2' => 1, + 'AC_LIBTOOL_GCJ' => 1, 'AC_LIBTOOL_OBJDIR' => 1, - 'AM_DISABLE_SHARED' => 1, - '_AC_TYPE_LONG_LONG_SNIPPET' => 1, - 'PAM_LD_NO_UNDEFINED' => 1, - 'AM_INIT_AUTOMAKE' => 1, - 'gl_THREADLIB_BODY' => 1, - 'AC_LIB_LINKFLAGS' => 1, - 'AC_LIB_LINKFLAGS_BODY' => 1, - 'LT_AC_PROG_RC' => 1, - 'AC_LTDL_DLSYM_USCORE' => 1, - '_LT_AC_TAGVAR' => 1, - 'AC_DISABLE_SHARED' => 1, - 'PKG_HAVE_WITH_MODULES' => 1, - '_AM_SET_OPTIONS' => 1, - 'AC_LIBTOOL_PROG_COMPILER_PIC' => 1, - 'LT_FUNC_DLSYM_USCORE' => 1, - 'AC_PROG_LD' => 1, - 'AC_PROG_EGREP' => 1, - 'LT_FUNC_ARGZ' => 1, + 'LTDL_INIT' => 1, + '_AM_PROG_CC_C_O' => 1, 'AC_LIB_HAVE_LINKFLAGS' => 1, - 'AC_LIBTOOL_FC' => 1, - 'AM_PROG_LIBTOOL' => 1, - 'AC_CONFIG_MACRO_DIR_TRACE' => 1, - 'AC_PROG_LIBTOOL' => 1, - 'AM_SILENT_RULES' => 1, - 'AC_LIB_LTDL' => 1, - 'JH_PATH_XML_CATALOG' => 1, - 'AM_PROG_INSTALL_STRIP' => 1, - '_LT_COMPILER_BOILERPLATE' => 1, - 'AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH' => 1, + 'AC_LIB_LINKFLAGS_FROM_LIBS' => 1, + 'm4_pattern_allow' => 1, 'AC_LIBTOOL_POSTDEP_PREDEP' => 1, - '_LT_DLL_DEF_P' => 1, - 'AC_LIBTOOL_SYS_HARD_LINK_LOCKS' => 1, - 'AC_CHECK_LIBM' => 1, - 'gl_THREADLIB_EARLY' => 1, - 'gl_AC_HEADER_STDINT_H' => 1, - 'PKG_PROG_PKG_CONFIG' => 1, - 'LTDL_INSTALLABLE' => 1, - 'AM_SET_CURRENT_AUTOMAKE_VERSION' => 1, - 'gl_EXTERN_INLINE' => 1, - 'LT_SYS_MODULE_PATH' => 1, - 'AC_LIBTOOL_LANG_F77_CONFIG' => 1, + 'AC_CONFIG_MACRO_DIR_TRACE' => 1, '_AC_AM_CONFIG_HEADER_HOOK' => 1, - 'LT_SYS_DLOPEN_SELF' => 1, - 'LT_WITH_LTDL' => 1, - '_LT_LIBOBJ' => 1, - '_AM_SET_OPTION' => 1, - 'include' => 1, - '_LT_AC_CHECK_DLFCN' => 1, - '_LT_AC_PROG_ECHO_BACKSLASH' => 1, - '_AM_AUTOCONF_VERSION' => 1, - 'AC_LIBTOOL_SYS_MAX_CMD_LEN' => 1, - 'AM_ICONV_LINK' => 1, - 'AM_GNU_GETTEXT' => 1, - 'AC_LTDL_SYS_DLOPEN_DEPLIBS' => 1, - 'AC_CONFIG_MACRO_DIR' => 1, - 'AC_LIBTOOL_PROG_COMPILER_NO_RTTI' => 1, - 'AC_LIBTOOL_CONFIG' => 1, - 'AM_XGETTEXT_OPTION' => 1, - 'LTDL_INIT' => 1, - 'AM_SET_DEPDIR' => 1, - '_LT_AC_TAGCONFIG' => 1, - '_AM_SUBST_NOTMAKE' => 1, - 'PAM_LD_AS_NEEDED' => 1, - '_PKG_SHORT_ERRORS_SUPPORTED' => 1, - 'AC_C___ATTRIBUTE__' => 1, - 'LT_PROG_GO' => 1, - 'AM_INTL_SUBDIR' => 1, + 'AM_RUN_LOG' => 1, + 'gl_GLIBC21' => 1, + '_m4_warn' => 1, + 'PKG_CHECK_MODULES_STATIC' => 1, + 'LT_CONFIG_LTDL_DIR' => 1, + 'LT_AC_PROG_SED' => 1, + 'LTDL_INSTALLABLE' => 1, + 'AM_ICONV' => 1, + 'LT_LIB_M' => 1, + 'AM_SET_LEADING_DOT' => 1, '_LT_AC_LANG_F77' => 1, - '_AM_PROG_TAR' => 1, - 'AC_LTDL_SHLIBPATH' => 1, - 'AC_PROG_LD_RELOAD_FLAG' => 1, - 'PKG_WITH_MODULES' => 1, - 'AC_LIBTOOL_SYS_LIB_STRIP' => 1, - 'gt_PRINTF_POSIX' => 1, + 'AM_XGETTEXT_OPTION_INIT' => 1, + 'AC_LIB_WITH_FINAL_PREFIX' => 1, + 'AM_MISSING_PROG' => 1, + 'LT_PROG_GCJ' => 1, + 'include' => 1, + 'LT_PATH_LD' => 1, 'AC_LIBTOOL_RC' => 1, - 'AC_LIBTOOL_PROG_LD_SHLIBS' => 1, - 'LT_CONFIG_LTDL_DIR' => 1, - 'AC_LIB_PREPARE_PREFIX' => 1, - '_LT_AC_SYS_LIBPATH_AIX' => 1, - 'gt_TYPE_WCHAR_T' => 1, - 'AC_LTDL_OBJDIR' => 1, - 'LT_SYS_SYMBOL_USCORE' => 1, + 'AC_LIB_PROG_LD_GNU' => 1, + 'PKG_HAVE_DEFINE_WITH_MODULES' => 1, 'AC_DISABLE_STATIC' => 1, - 'AC_PATH_MAGIC' => 1, - 'm4_pattern_allow' => 1, - 'AC_LIBTOOL_SYS_OLD_ARCHIVE' => 1, - 'AC_DEFUN' => 1, - 'gt_INTTYPES_PRI' => 1, - 'LT_SYS_DLOPEN_DEPLIBS' => 1, - 'AC_LIB_WITH_FINAL_PREFIX' => 1, - '_AC_PROG_LIBTOOL' => 1, - 'gl_DISABLE_THREADS' => 1, - '_LT_AC_LOCK' => 1, + 'gt_TYPE_WCHAR_T' => 1, + 'LTSUGAR_VERSION' => 1, + 'AC_CONFIG_MACRO_DIR' => 1, + 'LT_LANG' => 1, + 'LT_AC_PROG_EGREP' => 1, 'gl_AC_HEADER_INTTYPES_H' => 1, - 'AC_LIB_PREFIX' => 1, - 'AC_LIBTOOL_LANG_RC_CONFIG' => 1, - 'AC_LIBTOOL_PICMODE' => 1, + 'AM_SILENT_RULES' => 1, + 'AM_AUTOMAKE_VERSION' => 1, + 'AC_LIBTOOL_DLOPEN' => 1, + 'AM_PROG_NM' => 1, + 'LT_WITH_LTDL' => 1, + 'LTDL_CONVENIENCE' => 1, + 'AC_TYPE_UNSIGNED_LONG_LONG_INT' => 1, + 'LT_OUTPUT' => 1, + '_LT_PATH_TOOL_PREFIX' => 1, + 'AC_LTDL_SYS_DLOPEN_DEPLIBS' => 1, + 'AC_LTDL_OBJDIR' => 1, + '_AC_TYPE_LONG_LONG_SNIPPET' => 1, 'AC_COMPUTE_INT' => 1, - 'JH_CHECK_XML_CATALOG' => 1, - 'PKG_NOARCH_INSTALLDIR' => 1, - '_LT_AC_LANG_CXX' => 1, - 'PKG_CHECK_MODULES_STATIC' => 1, - 'AM_ENABLE_STATIC' => 1, - 'AC_LIBTOOL_GCJ' => 1, - 'LT_LIB_DLLOAD' => 1, + 'PAM_LD_NO_UNDEFINED' => 1, 'JAPHAR_GREP_CFLAGS' => 1, - 'gt_INTL_SUBDIR_CORE' => 1, - 'AC_LTDL_DLLIB' => 1, - 'AM_MAKE_INCLUDE' => 1, - 'AC_LIBTOOL_LANG_C_CONFIG' => 1, + 'LT_FUNC_DLSYM_USCORE' => 1, + '_AM_OUTPUT_DEPENDENCY_COMMANDS' => 1, + '_LT_AC_SHELL_INIT' => 1, + 'AC_LIBTOOL_PROG_LD_SHLIBS' => 1, + 'gl_THREADLIB_EARLY_BODY' => 1, 'AM_DISABLE_STATIC' => 1, - 'AC_LIBTOOL_SETUP' => 1, - '_LT_PROG_ECHO_BACKSLASH' => 1, - '_LT_AC_SYS_COMPILER' => 1, - '_LT_AC_TRY_DLOPEN_SELF' => 1, - 'AM_NLS' => 1, - 'gt_TYPE_WINT_T' => 1, - '_LT_LINKER_BOILERPLATE' => 1, - 'LT_PROG_RC' => 1, - 'AM_OUTPUT_DEPENDENCY_COMMANDS' => 1, - '_LT_PROG_FC' => 1, - '_LT_LINKER_OPTION' => 1, - 'AM_POSTPROCESS_PO_MAKEFILE' => 1, - 'AC_ENABLE_FAST_INSTALL' => 1, + 'LT_SYS_MODULE_EXT' => 1, + 'AC_PROG_LD' => 1, 'PKG_INSTALLDIR' => 1, - 'AC_WITH_LTDL' => 1, - '_LT_AC_LANG_GCJ' => 1, - 'AC_LIBTOOL_CXX' => 1, - 'LT_OUTPUT' => 1, - '_LT_PROG_CXX' => 1, - 'AC_DISABLE_FAST_INSTALL' => 1, - 'LT_INIT' => 1, - 'AC_LIB_PROG_LD' => 1, - 'AC_LIBTOOL_WIN32_DLL' => 1, - '_LT_PROG_LTMAIN' => 1, - 'AC_TYPE_LONG_LONG_INT' => 1, - 'gt_INTL_MACOSX' => 1, 'gl_FCNTL_O_FLAGS' => 1, - '_AM_DEPENDENCIES' => 1, + '_LT_COMPILER_OPTION' => 1, + 'AM_ICONV_LINK' => 1, + '_AM_SET_OPTION' => 1, + 'LT_SYS_SYMBOL_USCORE' => 1, + 'LT_PROG_GO' => 1, + 'gl_SIZE_MAX' => 1, + 'gt_INTL_SUBDIR_CORE' => 1, + 'AC_LIB_PREPARE_MULTILIB' => 1, + '_LT_PROG_ECHO_BACKSLASH' => 1, + 'AC_ENABLE_STATIC' => 1, + 'AM_DEP_TRACK' => 1, + 'PKG_PROG_PKG_CONFIG' => 1, + 'LT_SYS_MODULE_PATH' => 1, + 'AC_LIB_PREFIX' => 1, + 'JH_PATH_XML_CATALOG' => 1, + '_LT_PROG_FC' => 1, 'AC_LIBTOOL_LANG_GCJ_CONFIG' => 1, - 'AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE' => 1, - '_LT_AC_LANG_C_CONFIG' => 1, - 'AC_LIBTOOL_SYS_DYNAMIC_LINKER' => 1, + 'AC_LIB_RPATH' => 1, + '_PKG_SHORT_ERRORS_SUPPORTED' => 1, + 'LT_PATH_NM' => 1, + 'AC_LIBTOOL_WIN32_DLL' => 1, + 'AC_DEPLIBS_CHECK_METHOD' => 1, + 'AC_LTDL_SYMBOL_USCORE' => 1, + 'AC_LIBTOOL_SETUP' => 1, + 'AC_CHECK_LIBM' => 1, + 'AC_LIBTOOL_CONFIG' => 1, + '_LT_REQUIRED_DARWIN_CHECKS' => 1, '_LT_PREPARE_SED_QUOTE_VARS' => 1, - '_LT_WITH_SYSROOT' => 1, - 'AC_LIBTOOL_F77' => 1, - 'PKG_CHECK_EXISTS' => 1, - 'AC_LIBTOOL_PROG_CC_C_O' => 1, - 'AC_LIBTOOL_DLOPEN' => 1, - 'AC_LIB_PROG_LD_GNU' => 1, - '_LT_AC_LANG_CXX_CONFIG' => 1, - '_LT_PATH_TOOL_PREFIX' => 1, - 'gl_LOCK' => 1, + 'PKG_NOARCH_INSTALLDIR' => 1, + 'AM_PATH_LIBPRELUDE' => 1, + 'gl_PREREQ_LOCK' => 1, 'AC_LTDL_SYSSEARCHPATH' => 1, - 'gl_SIZE_MAX' => 1, - 'AC_LIBLTDL_INSTALLABLE' => 1, - '_LT_AC_LANG_F77_CONFIG' => 1, - 'gl_THREADLIB' => 1, + '_AM_AUTOCONF_VERSION' => 1, + 'PAM_LD_AS_NEEDED' => 1, + 'gl_XSIZE' => 1, + '_LT_AC_SYS_LIBPATH_AIX' => 1, + 'AM_SET_CURRENT_AUTOMAKE_VERSION' => 1, + 'LT_LIB_DLLOAD' => 1, '_AM_IF_OPTION' => 1, - 'AM_PROG_LD' => 1, - 'AC_LTDL_ENABLE_INSTALL' => 1, - 'AM_DEP_TRACK' => 1, - '_LT_AC_PROG_CXXCPP' => 1, - 'LT_LANG' => 1, - 'AC_' => 1, - 'AC_DEFUN_ONCE' => 1, - 'gt_INTDIV0' => 1, - '_LT_CC_BASENAME' => 1, - 'AM_PROG_LEX' => 1, - 'LT_SYS_DLSEARCH_PATH' => 1, + '_LT_LINKER_BOILERPLATE' => 1, + 'AU_DEFUN' => 1, + 'AC_DISABLE_FAST_INSTALL' => 1, + 'AM_NLS' => 1, + 'PKG_WITH_MODULES' => 1, + 'gl_DISABLE_THREADS' => 1, + 'AM_PROG_INSTALL_STRIP' => 1, + 'AM_ENABLE_SHARED' => 1, + 'AC_LIBTOOL_SYS_DYNAMIC_LINKER' => 1, + 'LT_CMD_MAX_LEN' => 1, + 'LT_AC_PROG_GCJ' => 1, + 'AC_LIBTOOL_FC' => 1, + 'gl_AC_HEADER_STDINT_H' => 1, + 'AC_LTDL_PREOPEN' => 1, + 'LT_SYS_DLOPEN_SELF' => 1, 'LTOBSOLETE_VERSION' => 1, - 'gt_LC_MESSAGES' => 1, - 'gl_PREREQ_LOCK' => 1, - 'gl_XSIZE' => 1, - 'gt_GLIBC2' => 1, + 'AC_LIBTOOL_LANG_F77_CONFIG' => 1, 'AC_PROG_NM' => 1, - 'AC_LIB_LINKFLAGS_FROM_LIBS' => 1, + 'AC_LIBLTDL_INSTALLABLE' => 1, + 'AC_LIBTOOL_LINKER_OPTION' => 1, + 'gl_AC_TYPE_UINTMAX_T' => 1, + '_LT_AC_FILE_LTDLL_C' => 1, + 'AC_PROG_LD_GNU' => 1, + 'AM_MAKE_INCLUDE' => 1, + 'AC_LIBLTDL_CONVENIENCE' => 1, + 'AC_TYPE_LONG_LONG_INT' => 1, + 'AC_LIBTOOL_F77' => 1, + '_LT_AC_LANG_GCJ_CONFIG' => 1, + '_LT_AC_LANG_GCJ' => 1, + 'AC_LIB_LINKFLAGS' => 1, + 'AM_XGETTEXT_OPTION' => 1, 'AM_LANGINFO_CODESET' => 1, - 'gl_VISIBILITY' => 1, + 'LTOPTIONS_VERSION' => 1, + '_LT_AC_LANG_C_CONFIG' => 1, + 'gl_EXTERN_INLINE' => 1, + '_LT_COMPILER_BOILERPLATE' => 1, + 'AM_SUBST_NOTMAKE' => 1, + '_LT_AC_LANG_CXX' => 1, + 'gl_THREADLIB_EARLY' => 1, + 'JH_CHECK_XML_CATALOG' => 1, + '_LT_PROG_LTMAIN' => 1, + 'gl_LOCK' => 1, + 'LT_PROG_RC' => 1, + '_LT_AC_CHECK_DLFCN' => 1, + '_AM_SUBST_NOTMAKE' => 1, + 'AM_PROG_LEX' => 1, + 'gt_TYPE_WINT_T' => 1, + 'AM_INIT_AUTOMAKE' => 1, + 'AM_PROG_LIBTOOL' => 1, + 'm4_include' => 1, + 'AM_ICONV_LINKFLAGS_BODY' => 1, + 'LT_INIT' => 1, + '_LT_AC_PROG_CXXCPP' => 1, + '_LT_AC_TRY_DLOPEN_SELF' => 1, + 'AM_GNU_GETTEXT' => 1, + '_LT_DLL_DEF_P' => 1, + '_LT_AC_LANG_CXX_CONFIG' => 1, + 'AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE' => 1, + 'PKG_HAVE_WITH_MODULES' => 1, + '_LT_AC_LOCK' => 1, + 'gt_INTTYPES_PRI' => 1, + '_LT_LIBOBJ' => 1, + 'AC_LIB_APPENDTOVAR' => 1, + 'AC_LIB_LTDL' => 1, + 'AC_LIB_PREPARE_PREFIX' => 1, + 'AM_POSTPROCESS_PO_MAKEFILE' => 1, + 'AC_LTDL_SHLIBEXT' => 1, + '_LT_AC_LANG_RC_CONFIG' => 1, + 'AC_LIBTOOL_SYS_OLD_ARCHIVE' => 1, + 'gt_INTL_MACOSX' => 1, + 'AC_PROG_EGREP' => 1, + '_LT_PROG_F77' => 1, + '_AM_DEPENDENCIES' => 1, + 'PAM_LD_O1' => 1, + 'LT_SYS_DLSEARCH_PATH' => 1, 'PKG_CHECK_MODULES' => 1, - 'AC_PROG_LD_GNU' => 1, - 'AM_ENABLE_SHARED' => 1, - 'AM_SANITY_CHECK' => 1 + 'LT_FUNC_ARGZ' => 1, + 'AC_LIBTOOL_PROG_CC_C_O' => 1, + 'AM_INTL_SUBDIR' => 1, + 'AC_PATH_MAGIC' => 1, + 'AC_LIBTOOL_PROG_COMPILER_PIC' => 1, + 'AC_LIBTOOL_LANG_RC_CONFIG' => 1, + '_AM_SET_OPTIONS' => 1, + 'AC_LIBTOOL_COMPILER_OPTION' => 1, + 'gt_INTDIV0' => 1, + 'LT_SYS_DLOPEN_DEPLIBS' => 1, + 'AC_PROG_LIBTOOL' => 1, + 'gl_VISIBILITY' => 1, + 'AC_LTDL_DLSYM_USCORE' => 1 } ], 'Autom4te::Request' ), bless( [ @@ -352,65 +352,65 @@ 'configure.ac' ], { + 'AC_CONFIG_AUX_DIR' => 1, + 'sinclude' => 1, + 'AC_CANONICAL_BUILD' => 1, + 'AC_CONFIG_HEADERS' => 1, + 'AC_FC_FREEFORM' => 1, + 'AC_LIBSOURCE' => 1, + 'include' => 1, + 'AC_CANONICAL_TARGET' => 1, + 'AM_INIT_AUTOMAKE' => 1, 'AM_PROG_FC_C_O' => 1, - 'AM_PROG_MOC' => 1, + 'AM_PROG_MKDIR_P' => 1, + 'AM_PROG_CXX_C_O' => 1, + '_AM_MAKEFILE_INCLUDE' => 1, + 'AM_PROG_CC_C_O' => 1, + 'AM_POT_TOOLS' => 1, + 'AM_PROG_AR' => 1, 'm4_sinclude' => 1, - 'AC_CONFIG_FILES' => 1, - 'AH_OUTPUT' => 1, - 'AC_CANONICAL_TARGET' => 1, - 'AM_SILENT_RULES' => 1, - 'AM_GNU_GETTEXT' => 1, - 'AC_PROG_LIBTOOL' => 1, - 'LT_CONFIG_LTDL_DIR' => 1, - 'AM_GNU_GETTEXT_INTL_SUBDIR' => 1, + 'AC_CANONICAL_HOST' => 1, + 'AC_FC_PP_SRCEXT' => 1, 'm4_include' => 1, - 'AM_POT_TOOLS' => 1, - 'AM_MAKEFILE_INCLUDE' => 1, + 'AC_DEFINE_TRACE_LITERAL' => 1, + '_AM_COND_ENDIF' => 1, 'AC_SUBST' => 1, - 'AM_AUTOMAKE_VERSION' => 1, - 'AC_CANONICAL_SYSTEM' => 1, + 'AH_OUTPUT' => 1, 'AM_MAINTAINER_MODE' => 1, - 'AM_PROG_F77_C_O' => 1, - 'include' => 1, - 'AC_REQUIRE_AUX_FILE' => 1, - 'LT_SUPPORTED_TAG' => 1, + 'AM_SILENT_RULES' => 1, 'LT_INIT' => 1, - 'AC_LIBSOURCE' => 1, - 'AC_CONFIG_SUBDIRS' => 1, - 'AC_SUBST_TRACE' => 1, - 'AM_EXTRA_RECURSIVE_TARGETS' => 1, 'AC_CONFIG_LIBOBJ_DIR' => 1, - 'AC_INIT' => 1, - 'AC_CANONICAL_HOST' => 1, + 'AC_PROG_LIBTOOL' => 1, + 'AM_GNU_GETTEXT' => 1, + 'AM_EXTRA_RECURSIVE_TARGETS' => 1, + 'AM_MAKEFILE_INCLUDE' => 1, + 'AM_PROG_MOC' => 1, + 'AM_AUTOMAKE_VERSION' => 1, + 'AM_XGETTEXT_OPTION' => 1, + '_LT_AC_TAGCONFIG' => 1, 'AC_FC_PP_DEFINE' => 1, - 'AM_INIT_AUTOMAKE' => 1, + 'm4_pattern_allow' => 1, + '_AM_COND_IF' => 1, + 'AC_SUBST_TRACE' => 1, + 'AM_CONDITIONAL' => 1, 'AC_FC_SRCEXT' => 1, - 'sinclude' => 1, - '_AM_COND_ELSE' => 1, - 'AC_CANONICAL_BUILD' => 1, - 'AM_PROG_CXX_C_O' => 1, - 'AM_PATH_GUILE' => 1, - 'AC_CONFIG_LINKS' => 1, - '_AM_COND_ENDIF' => 1, 'm4_pattern_forbid' => 1, - '_AM_COND_IF' => 1, + 'AC_REQUIRE_AUX_FILE' => 1, 'AM_NLS' => 1, - 'AC_DEFINE_TRACE_LITERAL' => 1, - 'AM_ENABLE_MULTILIB' => 1, - 'AC_FC_FREEFORM' => 1, - 'AC_CONFIG_AUX_DIR' => 1, + 'LT_SUPPORTED_TAG' => 1, + 'AC_CONFIG_FILES' => 1, '_m4_warn' => 1, - '_LT_AC_TAGCONFIG' => 1, + 'AC_CONFIG_LINKS' => 1, + 'AM_PATH_GUILE' => 1, + 'AC_CONFIG_SUBDIRS' => 1, + '_AM_COND_ELSE' => 1, + 'LT_CONFIG_LTDL_DIR' => 1, + 'AM_ENABLE_MULTILIB' => 1, + 'AC_INIT' => 1, + 'AM_PROG_F77_C_O' => 1, + 'AM_GNU_GETTEXT_INTL_SUBDIR' => 1, '_AM_SUBST_NOTMAKE' => 1, - 'AM_PROG_MKDIR_P' => 1, - 'AM_XGETTEXT_OPTION' => 1, - 'AM_PROG_AR' => 1, - '_AM_MAKEFILE_INCLUDE' => 1, - 'AM_PROG_CC_C_O' => 1, - 'AC_CONFIG_HEADERS' => 1, - 'AC_FC_PP_SRCEXT' => 1, - 'm4_pattern_allow' => 1, - 'AM_CONDITIONAL' => 1 + 'AC_CANONICAL_SYSTEM' => 1 } ], 'Autom4te::Request' ) ); diff --git a/modules/pam_userdb/pam_userdb.8.xml b/modules/pam_userdb/pam_userdb.8.xml index fa628ad..bce9285 100644 --- a/modules/pam_userdb/pam_userdb.8.xml +++ b/modules/pam_userdb/pam_userdb.8.xml @@ -100,7 +100,8 @@ - Print debug information. + Print debug information. Note that password hashes, both from db + and computed, will be printed to syslog. diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c index cab37b3..555a16d 100644 --- a/modules/pam_userdb/pam_userdb.c +++ b/modules/pam_userdb/pam_userdb.c @@ -201,7 +201,7 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode, } if (data.dptr != NULL) { - int compare = 0; + int compare = -2; if (ctrl & PAM_KEY_ONLY_ARG) { @@ -216,36 +216,48 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode, char *cryptpw = NULL; if (data.dsize < 13) { - compare = -2; + /* hash is too short */ + pam_syslog(pamh, LOG_INFO, "password hash in database is too short"); } else if (ctrl & PAM_ICASE_ARG) { - compare = -2; + pam_syslog(pamh, LOG_INFO, + "case-insensitive comparison only works with plaintext passwords"); } else { + /* libdb is not guaranteed to produce null terminated strings */ + char *pwhash = strndup(data.dptr, data.dsize); + + if (pwhash == NULL) { + pam_syslog(pamh, LOG_CRIT, "strndup failed: data.dptr"); + } else { #ifdef HAVE_CRYPT_R - struct crypt_data *cdata = NULL; - cdata = malloc(sizeof(*cdata)); - if (cdata != NULL) { - cdata->initialized = 0; - cryptpw = crypt_r(pass, data.dptr, cdata); - } + struct crypt_data *cdata = NULL; + cdata = malloc(sizeof(*cdata)); + if (cdata == NULL) { + pam_syslog(pamh, LOG_CRIT, "malloc failed: struct crypt_data"); + } else { + cdata->initialized = 0; + cryptpw = crypt_r(pass, pwhash, cdata); + } #else - cryptpw = crypt (pass, data.dptr); + cryptpw = crypt (pass, pwhash); #endif - if (cryptpw && strlen(cryptpw) == (size_t)data.dsize) { - compare = memcmp(data.dptr, cryptpw, data.dsize); - } else { - compare = -2; - if (ctrl & PAM_DEBUG_ARG) { - if (cryptpw) - pam_syslog(pamh, LOG_INFO, "lengths of computed and stored hashes differ"); - else - pam_syslog(pamh, LOG_INFO, "crypt() returned NULL"); + if (cryptpw && strlen(cryptpw) == (size_t)data.dsize) { + compare = memcmp(data.dptr, cryptpw, data.dsize); + } else { + if (ctrl & PAM_DEBUG_ARG) { + if (cryptpw) { + pam_syslog(pamh, LOG_INFO, "lengths of computed and stored hashes differ"); + pam_syslog(pamh, LOG_INFO, "computed hash: %s", cryptpw); + } else { + pam_syslog(pamh, LOG_ERR, "crypt() returned NULL"); + } + } } - } #ifdef HAVE_CRYPT_R - free(cdata); + free(cdata); #endif + } + free(pwhash); } - } else { /* Unknown password encryption method -