linux-pam-commits November 2011

linux-pam-commits@lists.fedorahosted.org

1 participants
14 discussions

by Dmitry V. Levin

commit a03bf70cc3c6fc0992dc6a8e56b10649e56bf553 Author: Dmitry V. Levin <ldv(a)altlinux.org> Date: Thu Oct 27 14:55:55 2011 +0000 Fix "make distcheck" There is no use to distribute m4 files manually, because automake does the right thing, while manual distribution is not only redundant but also very fragile. * Makefile.am (M4_FILES): Remove. (EXTRA_DIST): Remove M4_FILES. Makefile.am | 9 +-------- 1 files changed, 1 insertions(+), 8 deletions(-) --- diff --git a/Makefile.am b/Makefile.am index 69d09f6..2d41b87 100644 --- a/Makefile.am +++ b/Makefile.am @@ -12,15 +12,8 @@ endif CLEANFILES = *~ -M4_FILES = m4/gettext.m4 m4/iconv.m4 m4/intlmacosx.m4 \ - m4/japhar_grep_cflags.m4 m4/jh_path_xml_catalog.m4 \ - m4/ld-as-needed.m4 m4/ld-no-undefined.m4 m4/ld-O1.m4 \ - m4/lib-ld.m4 m4/lib-link.m4 m4/lib-prefix.m4 \ - m4/libprelude.m4 m4/libtool.m4 m4/nls.m4 \ - m4/po.m4 m4/progtest.m4 - EXTRA_DIST = config.rpath mkinstalldirs pgp.keys.asc CHANGELOG \ - Copyright $(M4_FILES) Make.xml.rules + Copyright Make.xml.rules ACLOCAL_AMFLAGS = -I m4

12 years, 6 months

1
0
0 / 0

[linux-pam] Remove modules/pam_timestamp/hmacfile from distribution

by Dmitry V. Levin

commit d468cbd673a38dc03362fc375b854ab3d7c2d6a1 Author: Dmitry V. Levin <ldv(a)altlinux.org> Date: Thu Oct 27 14:55:55 2011 +0000 Remove modules/pam_timestamp/hmacfile from distribution * modules/pam_timestamp/Makefile.am (dist_TESTS): Add tst-pam_timestamp. (nodist_TESTS): Add hmacfile. (EXTRA_DIST): Replace TESTS with dist_TESTS. modules/pam_timestamp/Makefile.am | 6 ++++-- 1 files changed, 4 insertions(+), 2 deletions(-) --- diff --git a/modules/pam_timestamp/Makefile.am b/modules/pam_timestamp/Makefile.am index 313c1eb..9b84cd1 100644 --- a/modules/pam_timestamp/Makefile.am +++ b/modules/pam_timestamp/Makefile.am @@ -8,9 +8,11 @@ MAINTAINERCLEANFILES = $(MANS) README XMLS = README.xml pam_timestamp.8.xml pam_timestamp_check.8.xml man_MANS = pam_timestamp.8 pam_timestamp_check.8 -TESTS = tst-pam_timestamp hmacfile +dist_TESTS = tst-pam_timestamp +nodist_TESTS = hmacfile +TESTS = $(dist_TESTS) $(nodist_TESTS) -EXTRA_DIST = $(man_MANS) $(XMLS) $(TESTS) +EXTRA_DIST = $(man_MANS) $(XMLS) $(dist_TESTS) securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR)

12 years, 6 months

1
0
0 / 0

[linux-pam] Rename all .cvsignore files to .gitignore

by Dmitry V. Levin

commit c9c4faaf50c66d5e4d1b9d6c450c206c12f09f8a Author: Dmitry V. Levin <ldv(a)altlinux.org> Date: Thu Oct 27 14:55:55 2011 +0000 Rename all .cvsignore files to .gitignore .cvsignore => .gitignore | 0 conf/{.cvsignore => .gitignore} | 0 conf/pam_conv1/{.cvsignore => .gitignore} | 0 doc/{.cvsignore => .gitignore} | 0 doc/adg/{.cvsignore => .gitignore} | 0 doc/man/{.cvsignore => .gitignore} | 0 doc/mwg/{.cvsignore => .gitignore} | 0 doc/sag/{.cvsignore => .gitignore} | 0 doc/specs/{.cvsignore => .gitignore} | 0 doc/specs/formatter/{.cvsignore => .gitignore} | 0 examples/{.cvsignore => .gitignore} | 0 libpam/{.cvsignore => .gitignore} | 0 libpam_misc/{.cvsignore => .gitignore} | 0 libpamc/{.cvsignore => .gitignore} | 0 libpamc/test/{.cvsignore => .gitignore} | 0 m4/{.cvsignore => .gitignore} | 0 modules/{.cvsignore => .gitignore} | 0 modules/pam_access/{.cvsignore => .gitignore} | 0 modules/pam_cracklib/{.cvsignore => .gitignore} | 0 modules/pam_debug/{.cvsignore => .gitignore} | 0 modules/pam_deny/{.cvsignore => .gitignore} | 0 modules/pam_echo/{.cvsignore => .gitignore} | 0 modules/pam_env/{.cvsignore => .gitignore} | 0 modules/pam_exec/{.cvsignore => .gitignore} | 0 modules/pam_faildelay/{.cvsignore => .gitignore} | 0 modules/pam_filter/{.cvsignore => .gitignore} | 0 .../upperLOWER/{.cvsignore => .gitignore} | 0 modules/pam_ftp/{.cvsignore => .gitignore} | 0 modules/pam_group/{.cvsignore => .gitignore} | 0 modules/pam_issue/{.cvsignore => .gitignore} | 0 modules/pam_keyinit/{.cvsignore => .gitignore} | 0 modules/pam_lastlog/{.cvsignore => .gitignore} | 0 modules/pam_limits/{.cvsignore => .gitignore} | 0 modules/pam_listfile/{.cvsignore => .gitignore} | 0 modules/pam_localuser/{.cvsignore => .gitignore} | 0 modules/pam_loginuid/{.cvsignore => .gitignore} | 0 modules/pam_mail/{.cvsignore => .gitignore} | 0 modules/pam_mkhomedir/{.cvsignore => .gitignore} | 0 modules/pam_motd/{.cvsignore => .gitignore} | 0 modules/pam_namespace/{.cvsignore => .gitignore} | 0 modules/pam_nologin/{.cvsignore => .gitignore} | 0 modules/pam_permit/{.cvsignore => .gitignore} | 0 modules/pam_pwhistory/{.cvsignore => .gitignore} | 0 modules/pam_rhosts/{.cvsignore => .gitignore} | 0 modules/pam_rootok/{.cvsignore => .gitignore} | 0 modules/pam_securetty/{.cvsignore => .gitignore} | 0 modules/pam_selinux/{.cvsignore => .gitignore} | 0 modules/pam_sepermit/{.cvsignore => .gitignore} | 0 modules/pam_shells/{.cvsignore => .gitignore} | 0 modules/pam_stress/{.cvsignore => .gitignore} | 0 modules/pam_succeed_if/{.cvsignore => .gitignore} | 0 modules/pam_tally/{.cvsignore => .gitignore} | 0 modules/pam_tally2/{.cvsignore => .gitignore} | 0 modules/pam_time/{.cvsignore => .gitignore} | 0 modules/pam_timestamp/{.cvsignore => .gitignore} | 0 modules/pam_tty_audit/{.cvsignore => .gitignore} | 0 modules/pam_umask/{.cvsignore => .gitignore} | 0 modules/pam_unix/{.cvsignore => .gitignore} | 0 modules/pam_userdb/{.cvsignore => .gitignore} | 0 modules/pam_warn/{.cvsignore => .gitignore} | 0 modules/pam_wheel/{.cvsignore => .gitignore} | 0 modules/pam_xauth/{.cvsignore => .gitignore} | 0 po/{.cvsignore => .gitignore} | 0 tests/{.cvsignore => .gitignore} | 0 xtests/{.cvsignore => .gitignore} | 0 65 files changed, 0 insertions(+), 0 deletions(-) --- diff --git a/.cvsignore b/.gitignore similarity index 100% rename from .cvsignore rename to .gitignore diff --git a/conf/.cvsignore b/conf/.gitignore similarity index 100% rename from conf/.cvsignore rename to conf/.gitignore diff --git a/conf/pam_conv1/.cvsignore b/conf/pam_conv1/.gitignore similarity index 100% rename from conf/pam_conv1/.cvsignore rename to conf/pam_conv1/.gitignore diff --git a/doc/.cvsignore b/doc/.gitignore similarity index 100% rename from doc/.cvsignore rename to doc/.gitignore diff --git a/doc/adg/.cvsignore b/doc/adg/.gitignore similarity index 100% rename from doc/adg/.cvsignore rename to doc/adg/.gitignore diff --git a/doc/man/.cvsignore b/doc/man/.gitignore similarity index 100% rename from doc/man/.cvsignore rename to doc/man/.gitignore diff --git a/doc/mwg/.cvsignore b/doc/mwg/.gitignore similarity index 100% rename from doc/mwg/.cvsignore rename to doc/mwg/.gitignore diff --git a/doc/sag/.cvsignore b/doc/sag/.gitignore similarity index 100% rename from doc/sag/.cvsignore rename to doc/sag/.gitignore diff --git a/doc/specs/.cvsignore b/doc/specs/.gitignore similarity index 100% rename from doc/specs/.cvsignore rename to doc/specs/.gitignore diff --git a/doc/specs/formatter/.cvsignore b/doc/specs/formatter/.gitignore similarity index 100% rename from doc/specs/formatter/.cvsignore rename to doc/specs/formatter/.gitignore diff --git a/examples/.cvsignore b/examples/.gitignore similarity index 100% rename from examples/.cvsignore rename to examples/.gitignore diff --git a/libpam/.cvsignore b/libpam/.gitignore similarity index 100% rename from libpam/.cvsignore rename to libpam/.gitignore diff --git a/libpam_misc/.cvsignore b/libpam_misc/.gitignore similarity index 100% rename from libpam_misc/.cvsignore rename to libpam_misc/.gitignore diff --git a/libpamc/.cvsignore b/libpamc/.gitignore similarity index 100% rename from libpamc/.cvsignore rename to libpamc/.gitignore diff --git a/libpamc/test/.cvsignore b/libpamc/test/.gitignore similarity index 100% rename from libpamc/test/.cvsignore rename to libpamc/test/.gitignore diff --git a/m4/.cvsignore b/m4/.gitignore similarity index 100% rename from m4/.cvsignore rename to m4/.gitignore diff --git a/modules/.cvsignore b/modules/.gitignore similarity index 100% rename from modules/.cvsignore rename to modules/.gitignore diff --git a/modules/pam_access/.cvsignore b/modules/pam_access/.gitignore similarity index 100% rename from modules/pam_access/.cvsignore rename to modules/pam_access/.gitignore diff --git a/modules/pam_cracklib/.cvsignore b/modules/pam_cracklib/.gitignore similarity index 100% rename from modules/pam_cracklib/.cvsignore rename to modules/pam_cracklib/.gitignore diff --git a/modules/pam_debug/.cvsignore b/modules/pam_debug/.gitignore similarity index 100% rename from modules/pam_debug/.cvsignore rename to modules/pam_debug/.gitignore diff --git a/modules/pam_deny/.cvsignore b/modules/pam_deny/.gitignore similarity index 100% rename from modules/pam_deny/.cvsignore rename to modules/pam_deny/.gitignore diff --git a/modules/pam_echo/.cvsignore b/modules/pam_echo/.gitignore similarity index 100% rename from modules/pam_echo/.cvsignore rename to modules/pam_echo/.gitignore diff --git a/modules/pam_env/.cvsignore b/modules/pam_env/.gitignore similarity index 100% rename from modules/pam_env/.cvsignore rename to modules/pam_env/.gitignore diff --git a/modules/pam_exec/.cvsignore b/modules/pam_exec/.gitignore similarity index 100% rename from modules/pam_exec/.cvsignore rename to modules/pam_exec/.gitignore diff --git a/modules/pam_faildelay/.cvsignore b/modules/pam_faildelay/.gitignore similarity index 100% rename from modules/pam_faildelay/.cvsignore rename to modules/pam_faildelay/.gitignore diff --git a/modules/pam_filter/.cvsignore b/modules/pam_filter/.gitignore similarity index 100% rename from modules/pam_filter/.cvsignore rename to modules/pam_filter/.gitignore diff --git a/modules/pam_filter/upperLOWER/.cvsignore b/modules/pam_filter/upperLOWER/.gitignore similarity index 100% rename from modules/pam_filter/upperLOWER/.cvsignore rename to modules/pam_filter/upperLOWER/.gitignore diff --git a/modules/pam_ftp/.cvsignore b/modules/pam_ftp/.gitignore similarity index 100% rename from modules/pam_ftp/.cvsignore rename to modules/pam_ftp/.gitignore diff --git a/modules/pam_group/.cvsignore b/modules/pam_group/.gitignore similarity index 100% rename from modules/pam_group/.cvsignore rename to modules/pam_group/.gitignore diff --git a/modules/pam_issue/.cvsignore b/modules/pam_issue/.gitignore similarity index 100% rename from modules/pam_issue/.cvsignore rename to modules/pam_issue/.gitignore diff --git a/modules/pam_keyinit/.cvsignore b/modules/pam_keyinit/.gitignore similarity index 100% rename from modules/pam_keyinit/.cvsignore rename to modules/pam_keyinit/.gitignore diff --git a/modules/pam_lastlog/.cvsignore b/modules/pam_lastlog/.gitignore similarity index 100% rename from modules/pam_lastlog/.cvsignore rename to modules/pam_lastlog/.gitignore diff --git a/modules/pam_limits/.cvsignore b/modules/pam_limits/.gitignore similarity index 100% rename from modules/pam_limits/.cvsignore rename to modules/pam_limits/.gitignore diff --git a/modules/pam_listfile/.cvsignore b/modules/pam_listfile/.gitignore similarity index 100% rename from modules/pam_listfile/.cvsignore rename to modules/pam_listfile/.gitignore diff --git a/modules/pam_localuser/.cvsignore b/modules/pam_localuser/.gitignore similarity index 100% rename from modules/pam_localuser/.cvsignore rename to modules/pam_localuser/.gitignore diff --git a/modules/pam_loginuid/.cvsignore b/modules/pam_loginuid/.gitignore similarity index 100% rename from modules/pam_loginuid/.cvsignore rename to modules/pam_loginuid/.gitignore diff --git a/modules/pam_mail/.cvsignore b/modules/pam_mail/.gitignore similarity index 100% rename from modules/pam_mail/.cvsignore rename to modules/pam_mail/.gitignore diff --git a/modules/pam_mkhomedir/.cvsignore b/modules/pam_mkhomedir/.gitignore similarity index 100% rename from modules/pam_mkhomedir/.cvsignore rename to modules/pam_mkhomedir/.gitignore diff --git a/modules/pam_motd/.cvsignore b/modules/pam_motd/.gitignore similarity index 100% rename from modules/pam_motd/.cvsignore rename to modules/pam_motd/.gitignore diff --git a/modules/pam_namespace/.cvsignore b/modules/pam_namespace/.gitignore similarity index 100% rename from modules/pam_namespace/.cvsignore rename to modules/pam_namespace/.gitignore diff --git a/modules/pam_nologin/.cvsignore b/modules/pam_nologin/.gitignore similarity index 100% rename from modules/pam_nologin/.cvsignore rename to modules/pam_nologin/.gitignore diff --git a/modules/pam_permit/.cvsignore b/modules/pam_permit/.gitignore similarity index 100% rename from modules/pam_permit/.cvsignore rename to modules/pam_permit/.gitignore diff --git a/modules/pam_pwhistory/.cvsignore b/modules/pam_pwhistory/.gitignore similarity index 100% rename from modules/pam_pwhistory/.cvsignore rename to modules/pam_pwhistory/.gitignore diff --git a/modules/pam_rhosts/.cvsignore b/modules/pam_rhosts/.gitignore similarity index 100% rename from modules/pam_rhosts/.cvsignore rename to modules/pam_rhosts/.gitignore diff --git a/modules/pam_rootok/.cvsignore b/modules/pam_rootok/.gitignore similarity index 100% rename from modules/pam_rootok/.cvsignore rename to modules/pam_rootok/.gitignore diff --git a/modules/pam_securetty/.cvsignore b/modules/pam_securetty/.gitignore similarity index 100% rename from modules/pam_securetty/.cvsignore rename to modules/pam_securetty/.gitignore diff --git a/modules/pam_selinux/.cvsignore b/modules/pam_selinux/.gitignore similarity index 100% rename from modules/pam_selinux/.cvsignore rename to modules/pam_selinux/.gitignore diff --git a/modules/pam_sepermit/.cvsignore b/modules/pam_sepermit/.gitignore similarity index 100% rename from modules/pam_sepermit/.cvsignore rename to modules/pam_sepermit/.gitignore diff --git a/modules/pam_shells/.cvsignore b/modules/pam_shells/.gitignore similarity index 100% rename from modules/pam_shells/.cvsignore rename to modules/pam_shells/.gitignore diff --git a/modules/pam_stress/.cvsignore b/modules/pam_stress/.gitignore similarity index 100% rename from modules/pam_stress/.cvsignore rename to modules/pam_stress/.gitignore diff --git a/modules/pam_succeed_if/.cvsignore b/modules/pam_succeed_if/.gitignore similarity index 100% rename from modules/pam_succeed_if/.cvsignore rename to modules/pam_succeed_if/.gitignore diff --git a/modules/pam_tally/.cvsignore b/modules/pam_tally/.gitignore similarity index 100% rename from modules/pam_tally/.cvsignore rename to modules/pam_tally/.gitignore diff --git a/modules/pam_tally2/.cvsignore b/modules/pam_tally2/.gitignore similarity index 100% rename from modules/pam_tally2/.cvsignore rename to modules/pam_tally2/.gitignore diff --git a/modules/pam_time/.cvsignore b/modules/pam_time/.gitignore similarity index 100% rename from modules/pam_time/.cvsignore rename to modules/pam_time/.gitignore diff --git a/modules/pam_timestamp/.cvsignore b/modules/pam_timestamp/.gitignore similarity index 100% rename from modules/pam_timestamp/.cvsignore rename to modules/pam_timestamp/.gitignore diff --git a/modules/pam_tty_audit/.cvsignore b/modules/pam_tty_audit/.gitignore similarity index 100% rename from modules/pam_tty_audit/.cvsignore rename to modules/pam_tty_audit/.gitignore diff --git a/modules/pam_umask/.cvsignore b/modules/pam_umask/.gitignore similarity index 100% rename from modules/pam_umask/.cvsignore rename to modules/pam_umask/.gitignore diff --git a/modules/pam_unix/.cvsignore b/modules/pam_unix/.gitignore similarity index 100% rename from modules/pam_unix/.cvsignore rename to modules/pam_unix/.gitignore diff --git a/modules/pam_userdb/.cvsignore b/modules/pam_userdb/.gitignore similarity index 100% rename from modules/pam_userdb/.cvsignore rename to modules/pam_userdb/.gitignore diff --git a/modules/pam_warn/.cvsignore b/modules/pam_warn/.gitignore similarity index 100% rename from modules/pam_warn/.cvsignore rename to modules/pam_warn/.gitignore diff --git a/modules/pam_wheel/.cvsignore b/modules/pam_wheel/.gitignore similarity index 100% rename from modules/pam_wheel/.cvsignore rename to modules/pam_wheel/.gitignore diff --git a/modules/pam_xauth/.cvsignore b/modules/pam_xauth/.gitignore similarity index 100% rename from modules/pam_xauth/.cvsignore rename to modules/pam_xauth/.gitignore diff --git a/po/.cvsignore b/po/.gitignore similarity index 100% rename from po/.cvsignore rename to po/.gitignore diff --git a/tests/.cvsignore b/tests/.gitignore similarity index 100% rename from tests/.cvsignore rename to tests/.gitignore diff --git a/xtests/.cvsignore b/xtests/.gitignore similarity index 100% rename from xtests/.cvsignore rename to xtests/.gitignore

12 years, 6 months

1
0
0 / 0

[linux-pam] Fix whitespace issues

by Dmitry V. Levin

commit 1814aec611a5f9e03eceee81237ad3a3f51c954a Author: Dmitry V. Levin <ldv(a)altlinux.org> Date: Wed Oct 26 23:56:54 2011 +0000 Fix whitespace issues Cleanup trailing whitespaces, indentation that uses spaces before tabs, and blank lines at EOF. Make the project free of warnings reported by git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD ABOUT-NLS | 1 - CHANGELOG | 21 +- COPYING | 1 - Copyright | 1 - INSTALL | 1 - Make.xml.rules | 1 - NEWS | 2 +- conf/pam.conf | 1 - conf/pam_conv1/README | 1 - doc/Makefile.am | 1 - doc/man/pam_chauthtok.3.xml | 2 +- doc/man/pam_get_user.3.xml | 8 +- doc/man/pam_set_data.3.xml | 2 +- doc/man/pam_sm_authenticate.3.xml | 4 +- doc/man/pam_xauth_data.3.xml | 2 +- doc/specs/.cvsignore | 1 - doc/specs/draft-morgan-pam.raw | 6 +- doc/specs/parse_y.y | 8 +- doc/specs/rfc86.0.txt | 6 - dynamic/test.c | 4 +- examples/.cvsignore | 1 - examples/README | 1 - examples/blank.c | 4 +- examples/check_user.c | 4 +- examples/vpass.c | 2 - libpam/.cvsignore | 1 - libpam/pam_audit.c | 4 +- libpam/pam_delay.c | 1 - libpam/pam_dispatch.c | 8 +- libpam/pam_dynamic.c | 10 +- libpam/pam_handlers.c | 18 +- libpam/pam_item.c | 6 +- libpam/pam_misc.c | 2 +- libpam/pam_modutil_getgrgid.c | 12 +- libpam/pam_modutil_getgrnam.c | 8 +- libpam/pam_modutil_getpwnam.c | 8 +- libpam/pam_modutil_getpwuid.c | 12 +- libpam/pam_modutil_getspnam.c | 8 +- libpam/pam_modutil_ingroup.c | 2 +- libpam/pam_prelude.h | 1 - libpam/pam_session.c | 2 +- libpam/pam_tokens.h | 4 +- libpam_misc/Makefile.am | 1 - libpam_misc/include/security/pam_misc.h | 4 +- libpam_misc/misc_conv.c | 2 +- libpamc/License | 1 - libpamc/include/security/pam_client.h | 2 +- libpamc/pamc_client.c | 6 +- libpamc/pamc_load.c | 8 +- libpamc/test/agents/secret@here | 9 +- libpamc/test/modules/pam_secret.c | 2 +- libpamc/test/regress/test.libpamc.c | 4 +- libpamc/test/regress/test.secret@here | 3 +- m4/japhar_grep_cflags.m4 | 1 - m4/libprelude.m4 | 2 +- modules/modules.map | 3 +- modules/pam_access/pam_access.c | 8 +- modules/pam_env/pam_env.conf | 16 +- modules/pam_env/pam_env.conf.5.xml | 2 +- modules/pam_exec/pam_exec.8.xml | 8 +- modules/pam_exec/pam_exec.c | 2 +- modules/pam_keyinit/pam_keyinit.c | 1 - modules/pam_limits/pam_limits.c | 16 +- modules/pam_mkhomedir/mkhomedir_helper.c | 14 +- modules/pam_mkhomedir/pam_mkhomedir.c | 2 +- modules/pam_namespace/md5.c | 2 +- modules/pam_namespace/namespace.conf | 4 +- modules/pam_namespace/namespace.conf.5.xml | 6 +- modules/pam_namespace/namespace.init | 2 +- modules/pam_namespace/pam_namespace.c | 330 +++++++++++----------- modules/pam_namespace/pam_namespace.h | 7 +- modules/pam_pwhistory/opasswd.c | 4 +- modules/pam_securetty/pam_securetty.c | 4 +- modules/pam_selinux/Makefile.am | 3 +- modules/pam_selinux/pam_selinux.c | 44 ++-- modules/pam_selinux/pam_selinux_check.8 | 2 +- modules/pam_sepermit/pam_sepermit.c | 15 +- modules/pam_shells/pam_shells.c | 2 +- modules/pam_stress/pam_stress.c | 2 +- modules/pam_tally/pam_tally.c | 40 ++-- modules/pam_tally/pam_tally_app.c | 1 - modules/pam_tally2/pam_tally2.c | 38 ++-- modules/pam_tally2/pam_tally2_app.c | 1 - modules/pam_time/pam_time.c | 4 +- modules/pam_time/time.conf | 2 +- modules/pam_time/time.conf.5.xml | 2 +- modules/pam_timestamp/hmacfile.c | 2 +- modules/pam_timestamp/hmacsha1.c | 4 +- modules/pam_timestamp/pam_timestamp.8.xml | 1 - modules/pam_timestamp/pam_timestamp_check.8.xml | 1 - modules/pam_timestamp/sha1.c | 2 +- modules/pam_unix/CHANGELOG | 5 +- modules/pam_unix/bigcrypt.c | 8 +- modules/pam_unix/md5.c | 2 +- modules/pam_unix/pam_unix_auth.c | 2 +- modules/pam_unix/pam_unix_passwd.c | 4 +- modules/pam_unix/pam_unix_sess.c | 5 +- modules/pam_unix/passverify.c | 20 +- modules/pam_unix/support.c | 4 +- modules/pam_unix/unix_update.c | 2 +- modules/pam_userdb/Makefile.am | 1 - modules/pam_userdb/create.pl | 4 +- modules/pam_userdb/pam_userdb.c | 10 +- modules/pam_userdb/pam_userdb.h | 2 +- po/.cvsignore | 1 - tests/tst-dlopen.c | 1 - xtests/group.conf | 1 - xtests/tst-pam_access1.pamd | 1 - xtests/tst-pam_access2.pamd | 1 - xtests/tst-pam_access3.pamd | 1 - xtests/tst-pam_access4.pamd | 1 - xtests/tst-pam_authfail.c | 4 +- xtests/tst-pam_authsucceed.c | 4 +- xtests/tst-pam_dispatch3.pamd | 1 - xtests/tst-pam_group1.pamd | 1 - xtests/tst-pam_limits1.pamd | 1 - xtests/tst-pam_pwhistory1.pamd | 1 - xtests/tst-pam_substack1.pamd | 2 +- xtests/tst-pam_unix1.pamd | 1 - xtests/tst-pam_unix2.pamd | 1 - xtests/tst-pam_unix3.pamd | 1 - xtests/tst-pam_unix4.pamd | 1 - 122 files changed, 436 insertions(+), 493 deletions(-) --- diff --git a/ABOUT-NLS b/ABOUT-NLS index 3575535..680627f 100644 --- a/ABOUT-NLS +++ b/ABOUT-NLS @@ -1108,4 +1108,3 @@ developed inside the GNU project. Therefore the information given above applies also for every other Free Software Project. Contact `translation(a)iro.umontreal.ca' to make the `.pot' files available to the translation teams. - diff --git a/CHANGELOG b/CHANGELOG index 02d081a..a997c0f 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -129,17 +129,17 @@ bug report - outstanding bugs are listed here: * libpam: Fix debug code (kukuk) * pam_limits: Fix order of LIMITS_DEF_* priorities (kukuk) * pam_xauth: preserve DISPLAY variable (Novell #66885 - kukuk) -* libpam: Add prelude ids (http://www.prelude-ids.org) support, +* libpam: Add prelude ids (http://www.prelude-ids.org) support, as experimental. (toady) -* configure: Add the directory where new versions of cracklib is - installed (from Jim Gifford - toady) +* configure: Add the directory where new versions of cracklib is + installed (from Jim Gifford - toady) * libpamc: Use standard u_intX_t types instead of __uX (kukuk) 0.78: Do Nov 18 14:48:36 CET 2004 * pam_unix: change the order of trying password changes - local first, NIS second (t8m) -* pam_wheel: add option only_root to make it affect authentication +* pam_wheel: add option only_root to make it affect authentication to root account only * pam_unix: test return values on renaming files and report error to syslog and to user @@ -175,7 +175,7 @@ bug report - outstanding bugs are listed here: The whole idea is to create few "systemwide" pam configs and include parts of them in application pam configs. (patch by "Dmitry V. Levin" <ldv(a)altlinux.org>) (Bug 812567 - baggins). -* doc/modules/pam_mkhomedir.sgml: Remove wrong debug options +* doc/modules/pam_mkhomedir.sgml: Remove wrong debug options (Bug 591605 - kukuk) * pam_unix: Call password checking helper whenever the password field contains only one character (Bug 1027903 - kukuk) @@ -1050,7 +1050,7 @@ libpam. Prior versions were buggy - see bugfix for Bug 129775. (otherwise /etc/pam.conf is treated as before) - given /etc/pam.d/ . config files are named (in lower case) by service-name - . config files have same syntax as /etc/pam.conf except + . config files have same syntax as /etc/pam.conf except that the "service-name" field is not present. (there are thus three manditory fields (and arguments are optional): @@ -1207,7 +1207,7 @@ Sat Nov 30 19:30:20 PST 1996, Andrew Morgan <morgan(a)parc.power.net> also some coverage of libpam_misc in the App. Developers' guide. * Cristian's patches to pam_limits and pam_pwdb. Fixing bugs. (MORE added) - + * adopted Cristian's _pam_macros.h file to help with common macros and debugging stuff, gone through tree tidying up debugging lines to use this [not complete]. @@ -1287,7 +1287,7 @@ A brief summary of what has changed: * removed <bf/ .. / from documentation titles. This was not giving politically correct html.. - + ----- My vvvvvvvvvvvvvvvvvvv was a long time ago ;*] ----- Wed Sep 4 23:57:19 PDT 1996 (Andrew Morgan <morgan(a)physics.ucla.edu> @@ -1345,7 +1345,7 @@ PASSWD - Elliot's account management included, and enhanced by Cristian Gafton. *** If anyone has any trouble, please *say*. Your problem will be fixed in the next release. Also please feel free to scour the - code for race conditions etc... + code for race conditions etc... [* The above change requires that you purge your /usr/lib/security directory of the old pam_unix_XXX.so modules: they will NOT be deleted @@ -1533,7 +1533,7 @@ CFLAGS* added 'make sterile' to top level makefile. This does extraclean and rem future documentation of static module support in pam_modules.sgml) * libpam; many changes to makefiles and also automated the inclusion of static module objects in pam_static.c -* modified modules for automated static/dynamic support. Added static & +* modified modules for automated static/dynamic support. Added static & dynamic subdirectories, as instructed by Michael * removed an annoying syslog message from pam_filter: "parent exited.." * updated todo list (anyone know anything about svgalib/X? we probably should @@ -1763,4 +1763,3 @@ Sat Feb 17 17:30:24 EST 1996 (Alexander O. Yuriev alex(a)bach.cis.temple.edu) * stable code from pam_unix is added to modules/pam_unix * test/test.c now requests username and password and attempts to perform authentication - diff --git a/COPYING b/COPYING index 2f27a2e..12ff8c5 100644 --- a/COPYING +++ b/COPYING @@ -38,4 +38,3 @@ TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------------------------------------------------------------------------- - diff --git a/Copyright b/Copyright index 2f27a2e..12ff8c5 100644 --- a/Copyright +++ b/Copyright @@ -38,4 +38,3 @@ TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------------------------------------------------------------------------- - diff --git a/INSTALL b/INSTALL index 56b077d..3111736 100644 --- a/INSTALL +++ b/INSTALL @@ -233,4 +233,3 @@ configuration-related scripts to be executed by `/bin/bash'. `configure' also accepts some other, not widely useful, options. Run `configure --help' for more details. - diff --git a/Make.xml.rules b/Make.xml.rules index 6e9dccc..bee30cd 100644 --- a/Make.xml.rules +++ b/Make.xml.rules @@ -22,4 +22,3 @@ README: README.xml $(XSLTPROC) -o $(srcdir)/$@ --path $(srcdir) --xinclude --nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< #CLEANFILES += $(man_MANS) README - diff --git a/NEWS b/NEWS index 81f961f..fe8cf47 100644 --- a/NEWS +++ b/NEWS @@ -3,7 +3,7 @@ Linux-PAM NEWS -- history of user-visible changes. Release 1.1.5 * pam_env: Fix CVE-2011-3148 and CVE-2011-3149 * pam_access: Add hostname resolution cache -* Documentation: Improvements/fixes +* Documentation: Improvements/fixes Release 1.1.4 diff --git a/conf/pam.conf b/conf/pam.conf index aa0e413..3a06bd6 100644 --- a/conf/pam.conf +++ b/conf/pam.conf @@ -123,4 +123,3 @@ xdm account required pam_unix.so # The PAM configuration file for the `xlock' service # xlock auth required pam_unix.so - diff --git a/conf/pam_conv1/README b/conf/pam_conv1/README index 9d27e22..8c748ba 100644 --- a/conf/pam_conv1/README +++ b/conf/pam_conv1/README @@ -6,4 +6,3 @@ creates the pam.d/ directory in the current directory. The program will fail if ./pam.d/ already exists. Andrew Morgan, February 1997 - diff --git a/doc/Makefile.am b/doc/Makefile.am index 4a300e1..f4762f2 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -19,4 +19,3 @@ releasedocs: all make -C sag releasedocs make -C adg releasedocs make -C mwg releasedocs - diff --git a/doc/man/pam_chauthtok.3.xml b/doc/man/pam_chauthtok.3.xml index 7e20070..b9922a6 100644 --- a/doc/man/pam_chauthtok.3.xml +++ b/doc/man/pam_chauthtok.3.xml @@ -35,7 +35,7 @@ associated with the handle <emphasis>pamh</emphasis>). </para> <para> - The <emphasis>pamh</emphasis> argument is an authentication + The <emphasis>pamh</emphasis> argument is an authentication handle obtained by a prior call to pam_start(). The flags argument is the binary or of zero or more of the following values: diff --git a/doc/man/pam_get_user.3.xml b/doc/man/pam_get_user.3.xml index ff8be69..9c5830e 100644 --- a/doc/man/pam_get_user.3.xml +++ b/doc/man/pam_get_user.3.xml @@ -42,7 +42,7 @@ name of the user specified by <citerefentry> <refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>. If no user was specified it what + </citerefentry>. If no user was specified it what <function>pam_get_item (pamh, PAM_USER, ... );</function> would have returned. If this is NULL it obtains the username via the <citerefentry> @@ -70,14 +70,14 @@ </itemizedlist> <para> By whatever means the username is obtained, a pointer to it is - returned as the contents of <emphasis>*user</emphasis>. Note, - this memory should <emphasis remap="B">not</emphasis> be + returned as the contents of <emphasis>*user</emphasis>. Note, + this memory should <emphasis remap="B">not</emphasis> be <emphasis>free()</emphasis>'d or <emphasis>modified</emphasis> by the module. </para> <para> This function sets the <emphasis>PAM_USER</emphasis> item - associated with the + associated with the <citerefentry> <refentrytitle>pam_set_item</refentrytitle><manvolnum>3</manvolnum> </citerefentry> and diff --git a/doc/man/pam_set_data.3.xml b/doc/man/pam_set_data.3.xml index d6d224e..c20068c 100644 --- a/doc/man/pam_set_data.3.xml +++ b/doc/man/pam_set_data.3.xml @@ -40,7 +40,7 @@ <title>DESCRIPTION</title> <para> The <function>pam_set_data</function> function associates a pointer - to an object with the (hopefully) unique string + to an object with the (hopefully) unique string <emphasis>module_data_name</emphasis> in the PAM context specified by the <emphasis>pamh</emphasis> argument. </para> diff --git a/doc/man/pam_sm_authenticate.3.xml b/doc/man/pam_sm_authenticate.3.xml index 37c7757..9121aed 100644 --- a/doc/man/pam_sm_authenticate.3.xml +++ b/doc/man/pam_sm_authenticate.3.xml @@ -62,7 +62,7 @@ Return <emphasis remap='B'>PAM_AUTH_ERR</emphasis> if the database of authentication tokens for this authentication mechanism has a <emphasis>NULL</emphasis> entry for the user. - Without this flag, such a <emphasis>NULL</emphasis> token + Without this flag, such a <emphasis>NULL</emphasis> token will lead to a success without the user being prompted. </para> </listitem> @@ -95,7 +95,7 @@ <listitem> <para> The modules were not able to access the authentication - information. This might be due to a network or hardware + information. This might be due to a network or hardware failure etc. </para> </listitem> diff --git a/doc/man/pam_xauth_data.3.xml b/doc/man/pam_xauth_data.3.xml index 0cd6730..505985e 100644 --- a/doc/man/pam_xauth_data.3.xml +++ b/doc/man/pam_xauth_data.3.xml @@ -35,7 +35,7 @@ struct pam_xauth_data { <title>DESCRIPTION</title> <para> The <function>pam_xauth_data</function> structure contains X - authentication data used to make a connection to an X display. + authentication data used to make a connection to an X display. Using this mechanism, an application can communicate X authentication data to PAM service modules. This allows modules to make a connection to the user's X display in order to label the diff --git a/doc/specs/.cvsignore b/doc/specs/.cvsignore index 0e7cbe2..efaf18a 100644 --- a/doc/specs/.cvsignore +++ b/doc/specs/.cvsignore @@ -9,4 +9,3 @@ padout parse_l.c parse_y.c parse_y.h - diff --git a/doc/specs/draft-morgan-pam.raw b/doc/specs/draft-morgan-pam.raw index 45109f4..ec5bba4 100644 --- a/doc/specs/draft-morgan-pam.raw +++ b/doc/specs/draft-morgan-pam.raw @@ -227,7 +227,7 @@ o Anyone can define additional agents by using names in the format your agent has as an identifier, they you are entitled to use this identifier.) It is up to each domain how it manages its local namespace. - + The '/' character is a mandatory delimiter, indicating the end of the agent_id. The trailing data is of a format specific to the agent with the given agent_id. @@ -377,7 +377,7 @@ conversation function with which it encapsulates module-generated requests and exchanges them with the client. Every message sent by a module should be acknowledged. -General conversation functions can support the following five +General conversation functions can support the following five conversation requests: echo text string @@ -617,7 +617,7 @@ Following a call to pamc_end, the pamc_handle_t will be invalid. The return value for this function is one of the following: - PAM_BPC_TRUE - all invoked agents are content with + PAM_BPC_TRUE - all invoked agents are content with authentication (the server is _not_ judged _un_trustworthy by any agent) diff --git a/doc/specs/parse_y.y b/doc/specs/parse_y.y index 87fc54e..b195f5d 100644 --- a/doc/specs/parse_y.y +++ b/doc/specs/parse_y.y @@ -7,7 +7,7 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> - + #define MAXLINE 1000 #define INDENT_STRING " " #define PAPER_WIDTH 74 @@ -86,7 +86,7 @@ doc: printf("%s%s%s", $2, fixed, $4); free($2); free($4); - + l = (len+1)/2; memset(fixed, ' ', l); fixed[l] = '\0'; @@ -113,7 +113,7 @@ doc: printf("%s%s%s", $2, fixed, $4); free($2); free($4); - + l = (len+1)/2; memset(fixed, ' ', l); fixed[l] = '\0'; @@ -281,7 +281,7 @@ char *new_counter(const char *key) sprintf(new+j, "%d", ++i); counter_root = set_key(counter_root, key, new); - + if (last_label) { free(last_label); } diff --git a/doc/specs/rfc86.0.txt b/doc/specs/rfc86.0.txt index 6dd5e6e..b8c635a 100644 --- a/doc/specs/rfc86.0.txt +++ b/doc/specs/rfc86.0.txt @@ -1843,9 +1843,3 @@ Samar, Schemers Page 28 - - - - - - diff --git a/dynamic/test.c b/dynamic/test.c index 35496fe..c633cfd 100644 --- a/dynamic/test.c +++ b/dynamic/test.c @@ -16,8 +16,8 @@ int main(int argc, char **argv) } /* handle->XXX points to each of the PAM functions */ - - + + if (dlclose(handle)) { fprintf(stderr, "failed to unload pam.so: %s\n", dlerror()); exit(1); diff --git a/examples/.cvsignore b/examples/.cvsignore index 752507e..12e16f1 100644 --- a/examples/.cvsignore +++ b/examples/.cvsignore @@ -6,4 +6,3 @@ Makefile Makefile.in .deps .libs - diff --git a/examples/README b/examples/README index f4ae951..fee734d 100644 --- a/examples/README +++ b/examples/README @@ -10,4 +10,3 @@ application it might be a place to start... xsh is new as of Linux-PAM-0.31, it is identical to blank, but invokes /bin/sh if the user is authenticated. - diff --git a/examples/blank.c b/examples/blank.c index 9d51756..8210013 100644 --- a/examples/blank.c +++ b/examples/blank.c @@ -50,7 +50,7 @@ int main(int argc, char **argv) fprintf(stderr,"usage: %s [username]\n",argv[0]); } else if (argc == 2) { username = argv[1]; - } + } /* initialize the Linux-PAM library */ retcode = pam_start("blank", username, &conv, &pamh); @@ -141,7 +141,7 @@ int main(int argc, char **argv) fprintf(stderr,"%s: problem closing a session\n",argv[0]); break; } - + retcode = pam_setcred(pamh, PAM_DELETE_CRED); bail_out(pamh,0,retcode,"pam_setcred2"); diff --git a/examples/check_user.c b/examples/check_user.c index 4a33f2a..89cc137 100644 --- a/examples/check_user.c +++ b/examples/check_user.c @@ -1,6 +1,6 @@ /* $Id$ - + This program was contributed by Shane Watts <shane(a)icarus.bofh.asn.au> slight modifications by AGM. @@ -35,7 +35,7 @@ int main(int argc, char *argv[]) } retval = pam_start("check", user, &conv, &pamh); - + if (retval == PAM_SUCCESS) retval = pam_authenticate(pamh, 0); /* is user really user? */ diff --git a/examples/vpass.c b/examples/vpass.c index a54ec06..f73b361 100644 --- a/examples/vpass.c +++ b/examples/vpass.c @@ -47,5 +47,3 @@ int main(void) pam_end(pamh, res); exit(0); } - - diff --git a/libpam/.cvsignore b/libpam/.cvsignore index e1a7920..c281f21 100644 --- a/libpam/.cvsignore +++ b/libpam/.cvsignore @@ -6,4 +6,3 @@ Makefile.in .libs *.la *.lo - diff --git a/libpam/pam_audit.c b/libpam/pam_audit.c index 7f2e0b2..531746a 100644 --- a/libpam/pam_audit.c +++ b/libpam/pam_audit.c @@ -161,7 +161,7 @@ pam_modutil_audit_write(pam_handle_t *pamh, int type, { int audit_fd; int rc; - + if ((audit_fd=_pam_audit_open(pamh)) == -1) { return PAM_SYSTEM_ERR; } else if (audit_fd == -2) { @@ -171,7 +171,7 @@ pam_modutil_audit_write(pam_handle_t *pamh, int type, rc = _pam_audit_writelog(pamh, audit_fd, type, message, retval); audit_close(audit_fd); - + return rc < 0 ? PAM_SYSTEM_ERR : PAM_SUCCESS; } diff --git a/libpam/pam_delay.c b/libpam/pam_delay.c index a9cfa80..cb6c9d5 100644 --- a/libpam/pam_delay.c +++ b/libpam/pam_delay.c @@ -156,4 +156,3 @@ int pam_fail_delay(pam_handle_t *pamh, unsigned int usec) return PAM_SUCCESS; } - diff --git a/libpam/pam_dispatch.c b/libpam/pam_dispatch.c index 98c69c6..eb52c82 100644 --- a/libpam/pam_dispatch.c +++ b/libpam/pam_dispatch.c @@ -261,16 +261,16 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h, if (impression == _PAM_UNDEF || (impression == _PAM_POSITIVE && status == PAM_SUCCESS) ) { - if ( retval != PAM_IGNORE || cached_retval == retval ) { + if ( retval != PAM_IGNORE || cached_retval == retval ) { impression = _PAM_POSITIVE; - status = retval; - } + status = retval; + } } } /* this means that we need to skip #action stacked modules */ while (h->next != NULL && h->next->stack_level >= stack_level && action > 0) { - do { + do { h = h->next; ++depth; } while (h->next != NULL && h->next->stack_level > stack_level); diff --git a/libpam/pam_dynamic.c b/libpam/pam_dynamic.c index 5be33c3..e1155e5 100644 --- a/libpam/pam_dynamic.c +++ b/libpam/pam_dynamic.c @@ -55,8 +55,8 @@ void *_pam_dlopen(const char *mod_path) NSObjectFileImage ofile; void *ret = NULL; - if (NSCreateObjectFileImageFromFile(mod_path, &ofile) != - NSObjectFileImageSuccess ) + if (NSCreateObjectFileImageFromFile(mod_path, &ofile) != + NSObjectFileImageSuccess ) return NULL; ret = NSLinkModule(ofile, mod_path, NSLINKMODULE_OPTION_PRIVATE | NSLINKMODULE_OPTION_BINDNOW); @@ -68,7 +68,7 @@ void *_pam_dlopen(const char *mod_path) #endif } -servicefn _pam_dlsym(void *handle, const char *symbol) +servicefn _pam_dlsym(void *handle, const char *symbol) { #ifdef PAM_SHL char *_symbol = NULL; @@ -83,7 +83,7 @@ servicefn _pam_dlsym(void *handle, const char *symbol) return NULL; strcpy(_symbol, SHLIB_SYM_PREFIX); strcat(_symbol, symbol); - if( shl_findsym(&handle, _symbol, + if( shl_findsym(&handle, _symbol, (short) TYPE_PROCEDURE, &ret ){ free(_symbol); return NULL; @@ -92,7 +92,7 @@ servicefn _pam_dlsym(void *handle, const char *symbol) } return ret; - + #elif defined(PAM_DYLD) NSSymbol nsSymbol; char *_symbol; diff --git a/libpam/pam_handlers.c b/libpam/pam_handlers.c index 59a1929..02714f7 100644 --- a/libpam/pam_handlers.c +++ b/libpam/pam_handlers.c @@ -194,16 +194,16 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f tok = _pam_StrTok(NULL, " \n\t", &nexttok); if (pam_include) { - if (substack) { + if (substack) { res = _pam_add_handler(pamh, PAM_HT_SUBSTACK, other, - stack_level, module_type, actions, tok, - 0, NULL, 0); + stack_level, module_type, actions, tok, + 0, NULL, 0); if (res != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR, "error adding substack %s", tok); D(("failed to load module - aborting")); return PAM_ABORT; - } - } + } + } if (_pam_load_conf_file(pamh, tok, this_service, module_type, stack_level + substack #ifdef PAM_READ_BOTH_CONFS @@ -625,7 +625,7 @@ _pam_load_module(pam_handle_t *pamh, const char *mod_path, int handler_type) struct loaded_module *mod; D(("_pam_load_module: loading module `%s'", mod_path)); - + mod = pamh->handlers.module; /* First, ensure the module is loaded */ @@ -774,12 +774,12 @@ int _pam_add_handler(pam_handle_t *pamh /* if we get here with NULL it means allocation error */ return PAM_ABORT; } - + mod_type = mod->type; } - + if (mod_path == NULL) - mod_path = UNKNOWN_MODULE; + mod_path = UNKNOWN_MODULE; /* * At this point 'mod' points to the stored/loaded module. diff --git a/libpam/pam_item.c b/libpam/pam_item.c index 00e00c2..8148fd5 100644 --- a/libpam/pam_item.c +++ b/libpam/pam_item.c @@ -315,8 +315,8 @@ int pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt) if (pamh->former.want_user) { /* must have a prompt to resume with */ if (! pamh->former.prompt) { - pam_syslog(pamh, LOG_ERR, - "pam_get_user: failed to resume with prompt" + pam_syslog(pamh, LOG_ERR, + "pam_get_user: failed to resume with prompt" ); return PAM_ABORT; } @@ -324,7 +324,7 @@ int pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt) /* must be the same prompt as last time */ if (strcmp(pamh->former.prompt, use_prompt)) { pam_syslog(pamh, LOG_ERR, - "pam_get_user: resumed with different prompt"); + "pam_get_user: resumed with different prompt"); return PAM_ABORT; } diff --git a/libpam/pam_misc.c b/libpam/pam_misc.c index 0e60727..aac0e92 100644 --- a/libpam/pam_misc.c +++ b/libpam/pam_misc.c @@ -312,7 +312,7 @@ void _pam_parse_control(int *control_array, char *tok) break; } } - if (act > 0) { + if (act > 0) { /* * Either we have a number or we have hit an error. In * principle, there is nothing to stop us accepting diff --git a/libpam/pam_modutil_getgrgid.c b/libpam/pam_modutil_getgrgid.c index 600946a..386d6f4 100644 --- a/libpam/pam_modutil_getgrgid.c +++ b/libpam/pam_modutil_getgrgid.c @@ -16,7 +16,7 @@ #include <stdlib.h> static int intlen(int number) -{ +{ int len = 2; while (number != 0) { number /= 10; @@ -26,7 +26,7 @@ static int intlen(int number) } static int longlen(long number) -{ +{ int len = 2; while (number != 0) { number /= 10; @@ -72,7 +72,7 @@ pam_modutil_getgrgid(pam_handle_t *pamh, gid_t gid) int i; data_name = malloc(strlen("_pammodutil_getgrgid") + 1 + - longlen((long)gid) + 1 + intlen(INT_MAX) + 1); + longlen((long)gid) + 1 + intlen(INT_MAX) + 1); if ((pamh != NULL) && (data_name == NULL)) { D(("was unable to register the data item [%s]", pam_strerror(pamh, status))); @@ -83,7 +83,7 @@ pam_modutil_getgrgid(pam_handle_t *pamh, gid_t gid) if (pamh != NULL) { for (i = 0; i < INT_MAX; i++) { sprintf(data_name, "_pammodutil_getgrgid_%ld_%d", - (long) gid, i); + (long) gid, i); status = PAM_NO_MODULE_DATA; if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { status = pam_set_data(pamh, data_name, @@ -114,7 +114,7 @@ pam_modutil_getgrgid(pam_handle_t *pamh, gid_t gid) /* no sense in repeating the call */ break; } - + length <<= PWD_LENGTH_SHIFT; } while (length < PWD_ABSURD_PWD_LENGTH); @@ -131,7 +131,7 @@ pam_modutil_getgrgid(pam_handle_t *pamh, gid_t gid) * Sorry, there does not appear to be a reentrant version of * getgrgid(). So, we use the standard libc function. */ - + return getgrgid(gid); #endif /* def HAVE_GETGRGID_R */ diff --git a/libpam/pam_modutil_getgrnam.c b/libpam/pam_modutil_getgrnam.c index adf7daa..cbb1551 100644 --- a/libpam/pam_modutil_getgrnam.c +++ b/libpam/pam_modutil_getgrnam.c @@ -16,7 +16,7 @@ #include <stdlib.h> static int intlen(int number) -{ +{ int len = 2; while (number != 0) { number /= 10; @@ -62,7 +62,7 @@ pam_modutil_getgrnam(pam_handle_t *pamh, const char *group) int i; data_name = malloc(strlen("_pammodutil_getgrnam") + 1 + - strlen(group) + 1 + intlen(INT_MAX) + 1); + strlen(group) + 1 + intlen(INT_MAX) + 1); if ((pamh != NULL) && (data_name == NULL)) { D(("was unable to register the data item [%s]", pam_strerror(pamh, status))); @@ -103,7 +103,7 @@ pam_modutil_getgrnam(pam_handle_t *pamh, const char *group) /* no sense in repeating the call */ break; } - + length <<= PWD_LENGTH_SHIFT; } while (length < PWD_ABSURD_PWD_LENGTH); @@ -120,7 +120,7 @@ pam_modutil_getgrnam(pam_handle_t *pamh, const char *group) * Sorry, there does not appear to be a reentrant version of * getgrnam(). So, we use the standard libc function. */ - + return getgrnam(group); #endif /* def HAVE_GETGRNAM_R */ diff --git a/libpam/pam_modutil_getpwnam.c b/libpam/pam_modutil_getpwnam.c index f4e4d80..8132c76 100644 --- a/libpam/pam_modutil_getpwnam.c +++ b/libpam/pam_modutil_getpwnam.c @@ -16,7 +16,7 @@ #include <stdlib.h> static int intlen(int number) -{ +{ int len = 2; while (number != 0) { number /= 10; @@ -62,7 +62,7 @@ pam_modutil_getpwnam(pam_handle_t *pamh, const char *user) int i; data_name = malloc(strlen("_pammodutil_getpwnam") + 1 + - strlen(user) + 1 + intlen(INT_MAX) + 1); + strlen(user) + 1 + intlen(INT_MAX) + 1); if ((pamh != NULL) && (data_name == NULL)) { D(("was unable to register the data item [%s]", pam_strerror(pamh, status))); @@ -103,7 +103,7 @@ pam_modutil_getpwnam(pam_handle_t *pamh, const char *user) /* no sense in repeating the call */ break; } - + length <<= PWD_LENGTH_SHIFT; } while (length < PWD_ABSURD_PWD_LENGTH); @@ -120,7 +120,7 @@ pam_modutil_getpwnam(pam_handle_t *pamh, const char *user) * Sorry, there does not appear to be a reentrant version of * getpwnam(). So, we use the standard libc function. */ - + return getpwnam(user); #endif /* def HAVE_GETPWNAM_R */ diff --git a/libpam/pam_modutil_getpwuid.c b/libpam/pam_modutil_getpwuid.c index 33a6cf4..3a43593 100644 --- a/libpam/pam_modutil_getpwuid.c +++ b/libpam/pam_modutil_getpwuid.c @@ -16,7 +16,7 @@ #include <stdlib.h> static int intlen(int number) -{ +{ int len = 2; while (number != 0) { number /= 10; @@ -26,7 +26,7 @@ static int intlen(int number) } static int longlen(long number) -{ +{ int len = 2; while (number != 0) { number /= 10; @@ -72,7 +72,7 @@ pam_modutil_getpwuid(pam_handle_t *pamh, uid_t uid) int i; data_name = malloc(strlen("_pammodutil_getpwuid") + 1 + - longlen((long) uid) + 1 + intlen(INT_MAX) + 1); + longlen((long) uid) + 1 + intlen(INT_MAX) + 1); if ((pamh != NULL) && (data_name == NULL)) { D(("was unable to register the data item [%s]", pam_strerror(pamh, status))); @@ -83,7 +83,7 @@ pam_modutil_getpwuid(pam_handle_t *pamh, uid_t uid) if (pamh != NULL) { for (i = 0; i < INT_MAX; i++) { sprintf(data_name, "_pammodutil_getpwuid_%ld_%d", - (long) uid, i); + (long) uid, i); status = PAM_NO_MODULE_DATA; if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { status = pam_set_data(pamh, data_name, @@ -114,7 +114,7 @@ pam_modutil_getpwuid(pam_handle_t *pamh, uid_t uid) /* no sense in repeating the call */ break; } - + length <<= PWD_LENGTH_SHIFT; } while (length < PWD_ABSURD_PWD_LENGTH); @@ -131,7 +131,7 @@ pam_modutil_getpwuid(pam_handle_t *pamh, uid_t uid) * Sorry, there does not appear to be a reentrant version of * getpwuid(). So, we use the standard libc function. */ - + return getpwuid(uid); #endif /* def HAVE_GETPWUID_R */ diff --git a/libpam/pam_modutil_getspnam.c b/libpam/pam_modutil_getspnam.c index 7cc6488..032709e 100644 --- a/libpam/pam_modutil_getspnam.c +++ b/libpam/pam_modutil_getspnam.c @@ -16,7 +16,7 @@ #include <stdlib.h> static int intlen(int number) -{ +{ int len = 2; while (number != 0) { number /= 10; @@ -62,7 +62,7 @@ pam_modutil_getspnam(pam_handle_t *pamh, const char *user) int i; data_name = malloc(strlen("_pammodutil_getspnam") + 1 + - strlen(user) + 1 + intlen(INT_MAX) + 1); + strlen(user) + 1 + intlen(INT_MAX) + 1); if ((pamh != NULL) && (data_name == NULL)) { D(("was unable to register the data item [%s]", pam_strerror(pamh, status))); @@ -103,7 +103,7 @@ pam_modutil_getspnam(pam_handle_t *pamh, const char *user) /* no sense in repeating the call */ break; } - + length <<= PWD_LENGTH_SHIFT; } while (length < PWD_ABSURD_PWD_LENGTH); @@ -120,7 +120,7 @@ pam_modutil_getspnam(pam_handle_t *pamh, const char *user) * Sorry, there does not appear to be a reentrant version of * getspnam(). So, we use the standard libc function. */ - + return getspnam(user); #endif /* def HAVE_GETSPNAM_R */ diff --git a/libpam/pam_modutil_ingroup.c b/libpam/pam_modutil_ingroup.c index 7a15f71..875cf3e 100644 --- a/libpam/pam_modutil_ingroup.c +++ b/libpam/pam_modutil_ingroup.c @@ -74,7 +74,7 @@ pam_modutil_user_in_group_common(pam_handle_t *pamh UNUSED, return 0; } -int +int pam_modutil_user_in_group_nam_nam(pam_handle_t *pamh, const char *user, const char *group) { diff --git a/libpam/pam_prelude.h b/libpam/pam_prelude.h index 13ee6fd..196b141 100644 --- a/libpam/pam_prelude.h +++ b/libpam/pam_prelude.h @@ -13,4 +13,3 @@ void prelude_send_alert(pam_handle_t *pamh, int authval); #endif /* _SECURITY_PAM_PRELUDE_H */ - diff --git a/libpam/pam_session.c b/libpam/pam_session.c index 34532bc..512153f 100644 --- a/libpam/pam_session.c +++ b/libpam/pam_session.c @@ -24,7 +24,7 @@ int pam_open_session(pam_handle_t *pamh, int flags) #ifdef HAVE_LIBAUDIT retval = _pam_auditlog(pamh, PAM_OPEN_SESSION, retval, flags); -#endif +#endif return retval; } diff --git a/libpam/pam_tokens.h b/libpam/pam_tokens.h index fcda7ec..1412fa3 100644 --- a/libpam/pam_tokens.h +++ b/libpam/pam_tokens.h @@ -89,13 +89,13 @@ const char * const _pam_token_returns[_PAM_RETURN_VALUES+1] = { * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. - * + * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE diff --git a/libpam_misc/Makefile.am b/libpam_misc/Makefile.am index 7cc8812..a521b60 100644 --- a/libpam_misc/Makefile.am +++ b/libpam_misc/Makefile.am @@ -20,4 +20,3 @@ libpam_misc_la_LIBADD = $(top_builddir)/libpam/libpam.la lib_LTLIBRARIES = libpam_misc.la libpam_misc_la_SOURCES = help_env.c misc_conv.c - diff --git a/libpam_misc/include/security/pam_misc.h b/libpam_misc/include/security/pam_misc.h index 07578e6..fca2422 100644 --- a/libpam_misc/include/security/pam_misc.h +++ b/libpam_misc/include/security/pam_misc.h @@ -6,8 +6,8 @@ #include <security/pam_appl.h> #include <security/pam_client.h> -#ifdef __cplusplus -extern "C" { +#ifdef __cplusplus +extern "C" { #endif /* __cplusplus */ /* include some useful macros */ diff --git a/libpam_misc/misc_conv.c b/libpam_misc/misc_conv.c index 3f82de1..3f74eea 100644 --- a/libpam_misc/misc_conv.c +++ b/libpam_misc/misc_conv.c @@ -180,7 +180,7 @@ static int read_string(int echo, const char *prompt, char **retstr) if (have_term) nc = read(STDIN_FILENO, line, INPUTSIZE-1); else /* we must read one line only */ - for (nc = 0; nc < INPUTSIZE-1 && (nc?line[nc-1]:0) != '\n'; + for (nc = 0; nc < INPUTSIZE-1 && (nc?line[nc-1]:0) != '\n'; nc++) { int rv; if ((rv=read(STDIN_FILENO, line+nc, 1)) != 1) { diff --git a/libpamc/License b/libpamc/License index 9010695..9316078 100644 --- a/libpamc/License +++ b/libpamc/License @@ -39,4 +39,3 @@ TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------------------------------------------------------------------------- - diff --git a/libpamc/include/security/pam_client.h b/libpamc/include/security/pam_client.h index 988c245..47e41aa 100644 --- a/libpamc/include/security/pam_client.h +++ b/libpamc/include/security/pam_client.h @@ -121,7 +121,7 @@ do { \ \ __size = PAM_BP_MIN_SIZE + data_length; \ if ((*(old_p) = PAM_BP_CALLOC(1, 1+__size))) { \ - __PAM_BP_WOCTET(*(old_p), 3) = __size & 0xFF; \ + __PAM_BP_WOCTET(*(old_p), 3) = __size & 0xFF; \ __PAM_BP_WOCTET(*(old_p), 2) = (__size>>=8) & 0xFF; \ __PAM_BP_WOCTET(*(old_p), 1) = (__size>>=8) & 0xFF; \ __PAM_BP_WOCTET(*(old_p), 0) = (__size>>=8) & 0xFF; \ diff --git a/libpamc/pamc_client.c b/libpamc/pamc_client.c index 9d2bc67..175f424 100644 --- a/libpamc/pamc_client.c +++ b/libpamc/pamc_client.c @@ -66,7 +66,7 @@ pamc_handle_t pamc_start(void) if ( default_path[i] == PAMC_SYSTEM_AGENT_SEPARATOR || !default_path[i] ) { int length; - + pch->agent_paths[this] = malloc(length = 1+i-last); if (pch->agent_paths[this] == NULL) { @@ -102,7 +102,7 @@ drop_pch: } /* - * shutdown each of the loaded agents and + * shutdown each of the loaded agents and */ static int __pamc_shutdown_agents(pamc_handle_t pch) @@ -110,7 +110,7 @@ static int __pamc_shutdown_agents(pamc_handle_t pch) int retval = PAM_BPC_TRUE; D(("called")); - + while (pch->chain) { pid_t pid; int status; diff --git a/libpamc/pamc_load.c b/libpamc/pamc_load.c index dbbfbd5..5155e0a 100644 --- a/libpamc/pamc_load.c +++ b/libpamc/pamc_load.c @@ -25,7 +25,7 @@ static int __pamc_exec_agent(pamc_handle_t pch, pamc_agent_t *agent) return PAM_BPC_FAIL; } } - + /* enough memory for any path + this agent */ reset_length = 3 + pch->max_path + agent->id_length; D(("reset_length = %d (3+%d+%d)", @@ -57,7 +57,7 @@ static int __pamc_exec_agent(pamc_handle_t pch, pamc_agent_t *agent) D(("no agent was found")); goto free_and_return; } - + if (pipe(to_agent)) { D(("failed to open pipe to agent")); goto free_and_return; @@ -262,7 +262,7 @@ int pamc_load(pamc_handle_t pch, const char *agent_id) D(("sorry agent is disabled")); return PAM_BPC_FALSE; } - + length = strlen(agent_id); /* scan list to see if agent is loaded */ @@ -296,7 +296,7 @@ int pamc_load(pamc_handle_t pch, const char *agent_id) agent->next = pch->chain; pch->chain = agent; - + return PAM_BPC_TRUE; fail_free_agent_id: diff --git a/libpamc/test/agents/secret@here b/libpamc/test/agents/secret@here index afdcbaa..8d82c01 100755 --- a/libpamc/test/agents/secret@here +++ b/libpamc/test/agents/secret@here @@ -41,7 +41,7 @@ for (;;) { ($reply_control, $reply_data) = HandleContinuation($data); } else { if ($debug) { - print STDERR + print STDERR "agent: unrecognized packet $control {$data} to read\n"; } ($reply_control, $reply_data) = (0x04, ""); @@ -133,7 +133,7 @@ sub HandleContinuation ($) { } my $expected_digest = CreateDigest($state{$key}); - my ($local_cookie, $remote_cookie, $shared_secret) + my ($local_cookie, $remote_cookie, $shared_secret) = split '\|', $state{$key}; delete $state{$key}; @@ -154,7 +154,7 @@ sub HandleContinuation ($) { print STDERR "agent: server appears to know the secret\n"; } - my $session_authenticated_ticket = + my $session_authenticated_ticket = CreateDigest($remote_cookie."|".$shared_secret."|".$local_cookie); # FIXME: Agent should set a derived session key environment @@ -183,7 +183,7 @@ sub ReadBinaryPrompt { # broken packet header return (-1, ""); } - + my ($length, $control) = unpack("N C", $buffer); if ($length < 5) { # broken packet length @@ -305,4 +305,3 @@ sub GetRandom { } } - diff --git a/libpamc/test/modules/pam_secret.c b/libpamc/test/modules/pam_secret.c index 6316f7f..f1c74c6 100644 --- a/libpamc/test/modules/pam_secret.c +++ b/libpamc/test/modules/pam_secret.c @@ -664,6 +664,6 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags, old_data = NULL; D(("done (%d)", retval)); - + return retval; } diff --git a/libpamc/test/regress/test.libpamc.c b/libpamc/test/regress/test.libpamc.c index 91f8d12..b0fff9c 100644 --- a/libpamc/test/regress/test.libpamc.c +++ b/libpamc/test/regress/test.libpamc.c @@ -172,7 +172,7 @@ void prompt_to_packet(pamc_bp_t prompt, struct internal_packet *packet) data_length = PAM_BP_LENGTH(prompt); packet->at = 0; append_data(packet, data_length, NULL); - + PAM_BP_EXTRACT(prompt, 0, data_length, packet->buffer); fprintf(stderr, "server received[%d]: {%d|0x%.2x|%s}\n", @@ -332,7 +332,7 @@ int main(int argc, char **argv) digest); } - + retval = pamc_end(&pch); fprintf(stderr, "server: agent(s) were %shappy to terminate\n", diff --git a/libpamc/test/regress/test.secret@here b/libpamc/test/regress/test.secret@here index 2e0b9b9..67fe22e 100755 --- a/libpamc/test/regress/test.secret@here +++ b/libpamc/test/regress/test.secret@here @@ -94,7 +94,7 @@ sub ReadBinaryPrompt ($) { # broken packet header return (-1, ""); } - + my ($length, $control) = unpack("N C", $buffer); if ($length < 5) { # broken packet length @@ -149,4 +149,3 @@ sub IdentifyLocalSecret ($) { return $secret; } - diff --git a/m4/japhar_grep_cflags.m4 b/m4/japhar_grep_cflags.m4 index 5318a14..cf2ea4a 100644 --- a/m4/japhar_grep_cflags.m4 +++ b/m4/japhar_grep_cflags.m4 @@ -45,4 +45,3 @@ else fi AC_MSG_RESULT($ac_cv___attribute__) ]) - diff --git a/m4/libprelude.m4 b/m4/libprelude.m4 index 2c61d35..f78527f 100644 --- a/m4/libprelude.m4 +++ b/m4/libprelude.m4 @@ -8,7 +8,7 @@ dnl $id$ # Werner Koch 99-12-09 dnl AM_PATH_LIBPRELUDE([MINIMUM-VERSION, [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) -dnl Test for libprelude, and define LIBPRELUDE_PREFIX, LIBPRELUDE_CFLAGS, LIBPRELUDE_PTHREAD_CFLAGS, +dnl Test for libprelude, and define LIBPRELUDE_PREFIX, LIBPRELUDE_CFLAGS, LIBPRELUDE_PTHREAD_CFLAGS, dnl LIBPRELUDE_LDFLAGS, and LIBPRELUDE_LIBS dnl AC_DEFUN([AM_PATH_LIBPRELUDE], diff --git a/modules/modules.map b/modules/modules.map index 2234aa4..369b047 100644 --- a/modules/modules.map +++ b/modules/modules.map @@ -1,4 +1,4 @@ -{ +{ global: pam_sm_acct_mgmt; pam_sm_authenticate; @@ -8,4 +8,3 @@ pam_sm_setcred; local: *; }; - diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c index 2669a5e..65798f1 100644 --- a/modules/pam_access/pam_access.c +++ b/modules/pam_access/pam_access.c @@ -100,7 +100,7 @@ struct login_info { const char *from; const char *config_file; const char *hostname; - int debug; /* Print debugging messages. */ + int debug; /* Print debugging messages. */ int only_new_group_syntax; /* Only allow group entries of the form "(xyz)" */ int noaudit; /* Do not audit denials */ const char *fs; /* field separator */ @@ -375,7 +375,7 @@ login_access (pam_handle_t *pamh, struct login_info *item) /* Allow field seperator in last field of froms */ if (!(perm = strtok_r(line, item->fs, &sptr)) || !(users = strtok_r(NULL, item->fs, &sptr)) - || !(froms = strtok_r(NULL, "\n", &sptr))) { + || !(froms = strtok_r(NULL, "\n", &sptr))) { pam_syslog(pamh, LOG_ERR, "%s: line %d: bad field count", item->config_file, lineno); continue; @@ -398,8 +398,8 @@ login_access (pam_handle_t *pamh, struct login_info *item) nonall_match = YES; } if (item->debug) - pam_syslog (pamh, LOG_DEBUG, - "from_match=%d, \"%s\"", match, item->from); + pam_syslog (pamh, LOG_DEBUG, + "from_match=%d, \"%s\"", match, item->from); } } (void) fclose(fp); diff --git a/modules/pam_env/pam_env.conf b/modules/pam_env/pam_env.conf index d0ba35c..30e9d00 100644 --- a/modules/pam_env/pam_env.conf +++ b/modules/pam_env/pam_env.conf @@ -1,7 +1,7 @@ # -# This is the configuration file for pam_env, a PAM module to load in -# a configurable list of environment variables for a -# +# This is the configuration file for pam_env, a PAM module to load in +# a configurable list of environment variables for a +# # The original idea for this came from Andrew G. Morgan ... #<quote> # Mmm. Perhaps you might like to write a pam_env module that reads a @@ -22,16 +22,16 @@ # administrators rather than set by logging in, how to treat them both # in the same config file? # -# Here is my idea: +# Here is my idea: # # Each line starts with the variable name, there are then two possible -# options for each variable DEFAULT and OVERRIDE. +# options for each variable DEFAULT and OVERRIDE. # DEFAULT allows and administrator to set the value of the # variable to some default value, if none is supplied then the empty # string is assumed. The OVERRIDE option tells pam_env that it should # enter in its value (overriding the default value) if there is one # to use. OVERRIDE is not used, "" is assumed and no override will be -# done. +# done. # # VARIABLE [DEFAULT=[value]] [OVERRIDE=[value]] # @@ -42,7 +42,7 @@ # values can be delimited with "", escaped " not supported. # Note that many environment variables that you would like to use # may not be set by the time the module is called. -# For example, HOME is used below several times, but +# For example, HOME is used below several times, but # many PAM applications don't make it available by the time you need it. # # @@ -52,7 +52,7 @@ # to "localhost" rather than not being set at all #REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST} # -# Set the DISPLAY variable if it seems reasonable +# Set the DISPLAY variable if it seems reasonable #DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY} # # diff --git a/modules/pam_env/pam_env.conf.5.xml b/modules/pam_env/pam_env.conf.5.xml index 090e0e7..45950b8 100644 --- a/modules/pam_env/pam_env.conf.5.xml +++ b/modules/pam_env/pam_env.conf.5.xml @@ -21,7 +21,7 @@ <para> The <filename>/etc/security/pam_env.conf</filename> file specifies - the environment variables to be set, unset or modified by + the environment variables to be set, unset or modified by <citerefentry><refentrytitle>pam_env</refentrytitle><manvolnum>8</manvolnum></citerefentry>. When someone logs in, this file is read and the environment variables are set according. diff --git a/modules/pam_exec/pam_exec.8.xml b/modules/pam_exec/pam_exec.8.xml index 0976f67..4dc2a19 100644 --- a/modules/pam_exec/pam_exec.8.xml +++ b/modules/pam_exec/pam_exec.8.xml @@ -123,8 +123,8 @@ </term> <listitem> <para> - Per default pam_exec.so will echo the exit status of the - external command if it fails. + Per default pam_exec.so will echo the exit status of the + external command if it fails. Specifying this option will suppress the message. </para> </listitem> @@ -136,8 +136,8 @@ </term> <listitem> <para> - Per default pam_exec.so will execute the external command - with the real user ID of the calling process. + Per default pam_exec.so will execute the external command + with the real user ID of the calling process. Specifying this option means the command is run with the effective user ID. </para> diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c index 7b2e402..8b37e95 100644 --- a/modules/pam_exec/pam_exec.c +++ b/modules/pam_exec/pam_exec.c @@ -282,7 +282,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh, char *buffer = NULL; if ((i = open (logfile, O_CREAT|O_APPEND|O_WRONLY, - S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) == -1) + S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) == -1) { int err = errno; pam_syslog (pamh, LOG_ERR, "open of %s failed: %m", diff --git a/modules/pam_keyinit/pam_keyinit.c b/modules/pam_keyinit/pam_keyinit.c index 4732f93..8d0501e 100644 --- a/modules/pam_keyinit/pam_keyinit.c +++ b/modules/pam_keyinit/pam_keyinit.c @@ -266,4 +266,3 @@ struct pam_module _pam_keyinit_modstruct = { NULL }; #endif - diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c index c1810e0..8bf3b9b 100644 --- a/modules/pam_limits/pam_limits.c +++ b/modules/pam_limits/pam_limits.c @@ -630,7 +630,7 @@ process_limit (const pam_handle_t *pamh, int source, const char *lim_type, else rlimit_value *= 1024; } - break; + break; #ifdef RLIMIT_NICE case RLIMIT_NICE: if (int_value > 19) @@ -672,7 +672,7 @@ process_limit (const pam_handle_t *pamh, int source, const char *lim_type, } else { pl->login_limit = int_value; pl->login_limit_def = source; - } + } } } return; @@ -975,8 +975,8 @@ static int setup_limits(pam_handle_t *pamh, if (check_logins(pamh, uname, pl->login_limit, ctrl, pl) == LOGIN_ERR) { #ifdef HAVE_LIBAUDIT if (!(ctrl & PAM_NO_AUDIT)) { - pam_modutil_audit_write(pamh, AUDIT_ANOM_LOGIN_SESSIONS, - "pam_limits", PAM_PERM_DENIED); + pam_modutil_audit_write(pamh, AUDIT_ANOM_LOGIN_SESSIONS, + "pam_limits", PAM_PERM_DENIED); /* ignore return value as we fail anyway */ } #endif @@ -1055,12 +1055,12 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, /* Parse the *.conf files. */ for (i = 0; globbuf.gl_pathv[i] != NULL; i++) { pl->conf_file = globbuf.gl_pathv[i]; - retval = parse_config_file(pamh, pwd->pw_name, pwd->pw_uid, pwd->pw_gid, ctrl, pl); - if (retval == PAM_IGNORE) { + retval = parse_config_file(pamh, pwd->pw_name, pwd->pw_uid, pwd->pw_gid, ctrl, pl); + if (retval == PAM_IGNORE) { D(("the configuration file ('%s') has an applicable '<domain> -' entry", pl->conf_file)); globfree(&globbuf); return PAM_SUCCESS; - } + } if (retval != PAM_SUCCESS) goto out; } @@ -1070,7 +1070,7 @@ out: globfree(&globbuf); if (retval != PAM_SUCCESS) { - pam_syslog(pamh, LOG_WARNING, "error parsing the configuration file: '%s' ",CONF_FILE); + pam_syslog(pamh, LOG_WARNING, "error parsing the configuration file: '%s' ",CONF_FILE); return retval; } diff --git a/modules/pam_mkhomedir/mkhomedir_helper.c b/modules/pam_mkhomedir/mkhomedir_helper.c index 2a47de3..f426d72 100644 --- a/modules/pam_mkhomedir/mkhomedir_helper.c +++ b/modules/pam_mkhomedir/mkhomedir_helper.c @@ -272,8 +272,8 @@ create_homedir(const struct passwd *pwd, } /* Set the proper ownership and permissions for the module. We make - the file a+w and then mask it with the set mask. This preseves - execute bits */ + the file a+w and then mask it with the set mask. This preseves + execute bits */ if (fchmod(destfd, (st.st_mode | 0222) & (~u_mask)) != 0 || fchown(destfd, pwd->pw_uid, pwd->pw_gid) != 0) { @@ -384,8 +384,8 @@ main(int argc, char *argv[]) pwd = getpwnam(argv[1]); if (pwd == NULL) { - pam_syslog(NULL, LOG_ERR, "User unknown."); - return PAM_CRED_INSUFFICIENT; + pam_syslog(NULL, LOG_ERR, "User unknown."); + return PAM_CRED_INSUFFICIENT; } if (argc >= 3) { @@ -399,11 +399,11 @@ main(int argc, char *argv[]) } if (argc >= 4) { - if (strlen(argv[3]) >= sizeof(skeldir)) { + if (strlen(argv[3]) >= sizeof(skeldir)) { pam_syslog(NULL, LOG_ERR, "Too long skeldir path."); return PAM_SESSION_ERR; - } - strcpy(skeldir, argv[3]); + } + strcpy(skeldir, argv[3]); } /* Stat the home directory, if something exists then we assume it is diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c index dfc4979..5ac8a0f 100644 --- a/modules/pam_mkhomedir/pam_mkhomedir.c +++ b/modules/pam_mkhomedir/pam_mkhomedir.c @@ -140,7 +140,7 @@ create_homedir (pam_handle_t *pamh, options_t *opt, if (rlim.rlim_max >= MAX_FD_NO) rlim.rlim_max = MAX_FD_NO; for (i=0; i < (int)rlim.rlim_max; i++) { - close(i); + close(i); } } diff --git a/modules/pam_namespace/md5.c b/modules/pam_namespace/md5.c index c79fb35..ce4f7d6 100644 --- a/modules/pam_namespace/md5.c +++ b/modules/pam_namespace/md5.c @@ -107,7 +107,7 @@ void MD5Name(MD5Update)(struct MD5Context *ctx, unsigned const char *buf, unsign } /* - * Final wrapup - pad to 64-byte boundary with the bit pattern + * Final wrapup - pad to 64-byte boundary with the bit pattern * 1 0* (64-bit count of bits processed, MSB-first) */ void MD5Name(MD5Final)(unsigned char digest[16], struct MD5Context *ctx) diff --git a/modules/pam_namespace/namespace.conf b/modules/pam_namespace/namespace.conf index f973225..b611a0f 100644 --- a/modules/pam_namespace/namespace.conf +++ b/modules/pam_namespace/namespace.conf @@ -5,8 +5,8 @@ # Uncommenting the following three lines will polyinstantiate # /tmp, /var/tmp and user's home directories. /tmp and /var/tmp will # be polyinstantiated based on the MLS level part of the security context as well as user -# name, Polyinstantion will not be performed for user root and adm for directories -# /tmp and /var/tmp, whereas home directories will be polyinstantiated for all users. +# name, Polyinstantion will not be performed for user root and adm for directories +# /tmp and /var/tmp, whereas home directories will be polyinstantiated for all users. # The user name and context is appended to the instance prefix. # # Note that instance directories do not have to reside inside the diff --git a/modules/pam_namespace/namespace.conf.5.xml b/modules/pam_namespace/namespace.conf.5.xml index 61c8673..673099b 100644 --- a/modules/pam_namespace/namespace.conf.5.xml +++ b/modules/pam_namespace/namespace.conf.5.xml @@ -61,7 +61,7 @@ <para> The second field, <replaceable>instance_prefix</replaceable> is the string prefix used to build the pathname for the instantiation - of <polydir>. Depending on the polyinstantiation + of <polydir>. Depending on the polyinstantiation <replaceable>method</replaceable> it is then appended with "instance differentiation string" to generate the final instance directory path. This directory is created if it did not exist @@ -75,7 +75,7 @@ <para> The third field, <replaceable>method</replaceable>, is the method used for polyinstantiation. It can take these values; "user" - for polyinstantiation based on user name, "level" for + for polyinstantiation based on user name, "level" for polyinstantiation based on process MLS level and user name, "context" for polyinstantiation based on process security context and user name, "tmpfs" for mounting tmpfs filesystem as an instance dir, and @@ -97,7 +97,7 @@ The <replaceable>method</replaceable> field can contain also following optional flags separated by <emphasis>:</emphasis> characters. </para> - + <para><emphasis>create</emphasis>=<replaceable>mode</replaceable>,<replaceable>owner</replaceable>,<replaceable>group</replaceable> - create the polyinstantiated directory. The mode, owner and group parameters are optional. The default for mode is determined by umask, the default diff --git a/modules/pam_namespace/namespace.init b/modules/pam_namespace/namespace.init index 9898bf3..9ab5806 100755 --- a/modules/pam_namespace/namespace.init +++ b/modules/pam_namespace/namespace.init @@ -1,5 +1,5 @@ #!/bin/sh -p -# It receives polydir path as $1, the instance path as $2, +# It receives polydir path as $1, the instance path as $2, # a flag whether the instance dir was newly created (0 - no, 1 - yes) in $3, # and user name in $4. # diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c index 4a99184..f0bffa1 100644 --- a/modules/pam_namespace/pam_namespace.c +++ b/modules/pam_namespace/pam_namespace.c @@ -76,7 +76,7 @@ static void del_polydir_list(struct polydir_s *polydirs_ptr) struct polydir_s *dptr = polydirs_ptr; while (dptr) { - struct polydir_s *tptr = dptr; + struct polydir_s *tptr = dptr; dptr = dptr->next; del_polydir(tptr); } @@ -163,9 +163,9 @@ static int parse_create_params(char *params, struct polydir_s *poly) poly->group = (gid_t)ULONG_MAX; if (*params != '=') - return 0; + return 0; params++; - + next = strchr(params, ','); if (next != NULL) { *next = '\0'; @@ -182,7 +182,7 @@ static int parse_create_params(char *params, struct polydir_s *poly) params = next; if (params == NULL) - return 0; + return 0; next = strchr(params, ','); if (next != NULL) { *next = '\0'; @@ -200,22 +200,22 @@ static int parse_create_params(char *params, struct polydir_s *poly) if (params == NULL || *params == '\0') { if (pwd != NULL) poly->group = pwd->pw_gid; - return 0; + return 0; } grp = getgrnam(params); if (grp == NULL) - return -1; + return -1; poly->group = grp->gr_gid; - + return 0; } static int parse_iscript_params(char *params, struct polydir_s *poly) { if (*params != '=') - return 0; + return 0; params++; - + if (*params != '\0') { if (*params != '/') { /* path is relative to NAMESPACE_D_DIR */ if (asprintf(&poly->init_script, "%s%s", NAMESPACE_D_DIR, params) == -1) @@ -235,11 +235,11 @@ static int parse_method(char *method, struct polydir_s *poly, enum polymethod pm; char *sptr = NULL; static const char *method_names[] = { "user", "context", "level", "tmpdir", - "tmpfs", NULL }; + "tmpfs", NULL }; static const char *flag_names[] = { "create", "noinit", "iscript", - "shared", NULL }; + "shared", NULL }; static const unsigned int flag_values[] = { POLYDIR_CREATE, POLYDIR_NOINIT, - POLYDIR_ISCRIPT, POLYDIR_SHARED }; + POLYDIR_ISCRIPT, POLYDIR_SHARED }; int i; char *flag; @@ -247,41 +247,41 @@ static int parse_method(char *method, struct polydir_s *poly, pm = NONE; for (i = 0; method_names[i]; i++) { - if (strcmp(method, method_names[i]) == 0) { - pm = i + 1; /* 0 = NONE */ - } + if (strcmp(method, method_names[i]) == 0) { + pm = i + 1; /* 0 = NONE */ + } } if (pm == NONE) { pam_syslog(idata->pamh, LOG_NOTICE, "Unknown method"); return -1; } - + poly->method = pm; - + while ((flag=strtok_r(NULL, ":", &sptr)) != NULL) { - for (i = 0; flag_names[i]; i++) { - int namelen = strlen(flag_names[i]); - - if (strncmp(flag, flag_names[i], namelen) == 0) { - poly->flags |= flag_values[i]; - switch (flag_values[i]) { - case POLYDIR_CREATE: - if (parse_create_params(flag+namelen, poly) != 0) { + for (i = 0; flag_names[i]; i++) { + int namelen = strlen(flag_names[i]); + + if (strncmp(flag, flag_names[i], namelen) == 0) { + poly->flags |= flag_values[i]; + switch (flag_values[i]) { + case POLYDIR_CREATE: + if (parse_create_params(flag+namelen, poly) != 0) { pam_syslog(idata->pamh, LOG_CRIT, "Invalid create parameters"); - return -1; - } - break; + return -1; + } + break; - case POLYDIR_ISCRIPT: - if (parse_iscript_params(flag+namelen, poly) != 0) { + case POLYDIR_ISCRIPT: + if (parse_iscript_params(flag+namelen, poly) != 0) { pam_syslog(idata->pamh, LOG_CRIT, "Memory allocation error"); - return -1; - }; - break; - } - } - } + return -1; + }; + break; + } + } + } } return 0; @@ -337,7 +337,7 @@ static int process_line(char *line, const char *home, const char *rhome, poly = calloc(1, sizeof(*poly)); if (poly == NULL) - goto erralloc; + goto erralloc; /* * Initialize and scan the five strings from the line from the @@ -383,12 +383,12 @@ static int process_line(char *line, const char *home, const char *rhome, dir = NULL; goto erralloc; } - + if ((dir=expand_variables(dir, var_names, var_values)) == NULL) { instance_prefix = NULL; goto erralloc; } - + if ((instance_prefix=expand_variables(instance_prefix, var_names, var_values)) == NULL) { goto erralloc; @@ -409,12 +409,12 @@ static int process_line(char *line, const char *home, const char *rhome, if (len > 0 && rdir[len-1] == '/') { rdir[len-1] = '\0'; } - + if (dir[0] == '\0' || rdir[0] == '\0') { - pam_syslog(idata->pamh, LOG_NOTICE, "Invalid polydir"); - goto skipping; + pam_syslog(idata->pamh, LOG_NOTICE, "Invalid polydir"); + goto skipping; } - + /* * Populate polyinstantiated directory structure with appropriate * pathnames and the method with which to polyinstantiate. @@ -430,14 +430,14 @@ static int process_line(char *line, const char *home, const char *rhome, strcpy(poly->instance_prefix, instance_prefix); if (parse_method(method, poly, idata) != 0) { - goto skipping; + goto skipping; } if (poly->method == TMPDIR) { - if (sizeof(poly->instance_prefix) - strlen(poly->instance_prefix) < 7) { - pam_syslog(idata->pamh, LOG_NOTICE, "Pathnames too long"); - goto skipping; - } + if (sizeof(poly->instance_prefix) - strlen(poly->instance_prefix) < 7) { + pam_syslog(idata->pamh, LOG_NOTICE, "Pathnames too long"); + goto skipping; + } strcat(poly->instance_prefix, "XXXXXX"); } @@ -463,7 +463,7 @@ static int process_line(char *line, const char *home, const char *rhome, uid_t *uidptr; const char *ustr, *sstr; int count, i; - + if (*uids == '~') { poly->flags |= POLYDIR_EXCLUSIVE; uids++; @@ -488,8 +488,8 @@ static int process_line(char *line, const char *home, const char *rhome, pwd = pam_modutil_getpwnam(idata->pamh, ustr); if (pwd == NULL) { - pam_syslog(idata->pamh, LOG_ERR, "Unknown user %s in configuration", ustr); - poly->num_uids--; + pam_syslog(idata->pamh, LOG_ERR, "Unknown user %s in configuration", ustr); + poly->num_uids--; } else { *uidptr = pwd->pw_uid; uidptr++; @@ -508,7 +508,7 @@ static int process_line(char *line, const char *home, const char *rhome, erralloc: pam_syslog(idata->pamh, LOG_CRIT, "Memory allocation error"); - + skipping: if (idata->flags & PAMNS_IGN_CONFIG_ERR) retval = 0; @@ -554,9 +554,9 @@ static int parse_config_file(struct instance_data *idata) return PAM_SESSION_ERR; } if ((home=strdup(cpwd->pw_dir)) == NULL) { - pam_syslog(idata->pamh, LOG_CRIT, - "Memory allocation error"); - return PAM_SESSION_ERR; + pam_syslog(idata->pamh, LOG_CRIT, + "Memory allocation error"); + return PAM_SESSION_ERR; } cpwd = pam_modutil_getpwnam(idata->pamh, idata->ruser); @@ -568,10 +568,10 @@ static int parse_config_file(struct instance_data *idata) } if ((rhome=strdup(cpwd->pw_dir)) == NULL) { - pam_syslog(idata->pamh, LOG_CRIT, - "Memory allocation error"); - free(home); - return PAM_SESSION_ERR; + pam_syslog(idata->pamh, LOG_CRIT, + "Memory allocation error"); + free(home); + return PAM_SESSION_ERR; } /* @@ -594,7 +594,7 @@ static int parse_config_file(struct instance_data *idata) fil = fopen(confname, "r"); if (fil == NULL) { pam_syslog(idata->pamh, LOG_ERR, "Error opening config file %s", - confname); + confname); globfree(&globbuf); free(rhome); free(home); @@ -625,14 +625,14 @@ static int parse_config_file(struct instance_data *idata) if (n >= globbuf.gl_pathc) break; - confname = globbuf.gl_pathv[n]; + confname = globbuf.gl_pathv[n]; n++; } - + globfree(&globbuf); free(rhome); free(home); - + /* All done...just some debug stuff */ if (idata->flags & PAMNS_DEBUG) { struct polydir_s *dptr = idata->polydirs_ptr; @@ -640,7 +640,7 @@ static int parse_config_file(struct instance_data *idata) uid_t i; pam_syslog(idata->pamh, LOG_DEBUG, - dptr?"Configured poly dirs:":"No configured poly dirs"); + dptr?"Configured poly dirs:":"No configured poly dirs"); while (dptr) { pam_syslog(idata->pamh, LOG_DEBUG, "dir='%s' iprefix='%s' meth=%d", dptr->dir, dptr->instance_prefix, dptr->method); @@ -667,7 +667,7 @@ static int ns_override(struct polydir_s *polyptr, struct instance_data *idata, unsigned int i; if (idata->flags & PAMNS_DEBUG) - pam_syslog(idata->pamh, LOG_DEBUG, + pam_syslog(idata->pamh, LOG_DEBUG, "Checking for ns override in dir %s for uid %d", polyptr->dir, uid); @@ -745,7 +745,7 @@ static int form_context(const struct polydir_s *polyptr, rc = getexeccon(&scon); } if (rc < 0 || scon == NULL) { - pam_syslog(idata->pamh, LOG_ERR, + pam_syslog(idata->pamh, LOG_ERR, "Error getting exec context, %m"); return PAM_SESSION_ERR; } @@ -870,17 +870,17 @@ static int poly_name(const struct polydir_s *polyptr, char **i_name, } pm = USER; } - + switch (pm) { case USER: if (asprintf(i_name, "%s", idata->user) < 0) { *i_name = NULL; goto fail; - } - break; + } + break; #ifdef WITH_SELINUX - case LEVEL: + case LEVEL: case CONTEXT: if (selinux_trans_to_raw_context(*i_context, &rawcon) < 0) { pam_syslog(idata->pamh, LOG_ERR, "Error translating directory context"); @@ -890,27 +890,27 @@ static int poly_name(const struct polydir_s *polyptr, char **i_name, if (asprintf(i_name, "%s", rawcon) < 0) { *i_name = NULL; goto fail; - } + } } else { if (asprintf(i_name, "%s_%s", rawcon, idata->user) < 0) { *i_name = NULL; goto fail; - } + } } - break; + break; #endif /* WITH_SELINUX */ case TMPDIR: case TMPFS: if ((*i_name=strdup("")) == NULL) - goto fail; + goto fail; return PAM_SUCCESS; - default: - if (idata->flags & PAMNS_DEBUG) - pam_syslog(idata->pamh, LOG_ERR, "Unknown method"); - goto fail; + default: + if (idata->flags & PAMNS_DEBUG) + pam_syslog(idata->pamh, LOG_ERR, "Unknown method"); + goto fail; } if (idata->flags & PAMNS_DEBUG) @@ -919,24 +919,24 @@ static int poly_name(const struct polydir_s *polyptr, char **i_name, if ((idata->flags & PAMNS_GEN_HASH) || strlen(*i_name) > NAMESPACE_MAX_DIR_LEN) { hash = md5hash(*i_name, idata); if (hash == NULL) { - goto fail; + goto fail; } if (idata->flags & PAMNS_GEN_HASH) { - free(*i_name); + free(*i_name); *i_name = hash; hash = NULL; } else { - char *newname; - if (asprintf(&newname, "%.*s_%s", NAMESPACE_MAX_DIR_LEN-1-(int)strlen(hash), - *i_name, hash) < 0) { - goto fail; - } - free(*i_name); - *i_name = newname; + char *newname; + if (asprintf(&newname, "%.*s_%s", NAMESPACE_MAX_DIR_LEN-1-(int)strlen(hash), + *i_name, hash) < 0) { + goto fail; + } + free(*i_name); + *i_name = newname; } } rc = PAM_SUCCESS; - + fail: free(hash); #ifdef WITH_SELINUX @@ -959,34 +959,34 @@ static int protect_mount(int dfd, const char *path, struct instance_data *idata) { struct protect_dir_s *dir = idata->protect_dirs; char tmpbuf[64]; - + while (dir != NULL) { if (strcmp(path, dir->dir) == 0) { return 0; } dir = dir->next; } - + dir = calloc(1, sizeof(*dir)); - + if (dir == NULL) { return -1; } - + dir->dir = strdup(path); - + if (dir->dir == NULL) { free(dir); return -1; } - + snprintf(tmpbuf, sizeof(tmpbuf), "/proc/self/fd/%d", dfd); - + if (idata->flags & PAMNS_DEBUG) { pam_syslog(idata->pamh, LOG_INFO, "Protect mount of %s over itself", path); } - + if (mount(tmpbuf, tmpbuf, NULL, MS_BIND, NULL) != 0) { int save_errno = errno; pam_syslog(idata->pamh, LOG_ERR, @@ -996,7 +996,7 @@ static int protect_mount(int dfd, const char *path, struct instance_data *idata) errno = save_errno; return -1; } - + dir->next = idata->protect_dirs; idata->protect_dirs = dir; @@ -1019,15 +1019,15 @@ static int protect_dir(const char *path, mode_t mode, int do_mkdir, int always, if (p == NULL) { goto error; } - + if (*dir == '/') { dfd = open("/", flags); if (dfd == -1) { goto error; } - dir++; /* assume / is safe */ + dir++; /* assume / is safe */ } - + while ((d=strchr(dir, '/')) != NULL) { *d = '\0'; dfd_next = openat(dfd, dir, flags); @@ -1042,8 +1042,8 @@ static int protect_dir(const char *path, mode_t mode, int do_mkdir, int always, if (fstat(dfd, &st) != 0) { goto error; } - - if (flags & O_NOFOLLOW) { + + if (flags & O_NOFOLLOW) { /* we are inside user-owned dir - protect */ if (protect_mount(dfd, p, idata) == -1) goto error; @@ -1058,14 +1058,14 @@ static int protect_dir(const char *path, mode_t mode, int do_mkdir, int always, } rv = openat(dfd, dir, flags); - + if (rv == -1) { if (!do_mkdir || mkdirat(dfd, dir, mode) != 0) { goto error; } rv = openat(dfd, dir, flags); } - + if (rv != -1) { if (fstat(rv, &st) != 0) { save_errno = errno; @@ -1082,7 +1082,7 @@ static int protect_dir(const char *path, mode_t mode, int do_mkdir, int always, } } - if ((flags & O_NOFOLLOW) || always) { + if ((flags & O_NOFOLLOW) || always) { /* we are inside user-owned dir - protect */ if (protect_mount(rv, p, idata) == -1) { save_errno = errno; @@ -1251,7 +1251,7 @@ static int create_polydir(struct polydir_s *polyptr, pam_syslog(idata->pamh, LOG_DEBUG, "Polydir %s context: %s", dir, (char *)dircon); if (setfscreatecon(dircon) != 0) - pam_syslog(idata->pamh, LOG_NOTICE, + pam_syslog(idata->pamh, LOG_NOTICE, "Error setting context for directory %s: %m", dir); freecon(dircon); } @@ -1279,15 +1279,15 @@ static int create_polydir(struct polydir_s *polyptr, pam_syslog(idata->pamh, LOG_DEBUG, "Created polydir %s", dir); if (polyptr->mode != (mode_t)ULONG_MAX) { - /* explicit mode requested */ - if (fchmod(rc, mode) != 0) { + /* explicit mode requested */ + if (fchmod(rc, mode) != 0) { pam_syslog(idata->pamh, LOG_ERR, - "Error changing mode of directory %s: %m", dir); + "Error changing mode of directory %s: %m", dir); close(rc); umount(dir); /* undo the eventual protection bind mount */ - rmdir(dir); - return PAM_SESSION_ERR; - } + rmdir(dir); + return PAM_SESSION_ERR; + } } if (polyptr->owner != (uid_t)ULONG_MAX) @@ -1345,14 +1345,14 @@ static int create_instance(struct polydir_s *polyptr, char *ipath, struct stat * * attributes to match that of the original directory that is being * polyinstantiated. */ - + if (polyptr->method == TMPDIR) { - if (mkdtemp(polyptr->instance_prefix) == NULL) { + if (mkdtemp(polyptr->instance_prefix) == NULL) { pam_syslog(idata->pamh, LOG_ERR, "Error creating temporary instance %s, %m", polyptr->instance_prefix); polyptr->method = NONE; /* do not clean up! */ return PAM_SESSION_ERR; - } + } /* copy the actual directory name to ipath */ strcpy(ipath, polyptr->instance_prefix); } else if (mkdir(ipath, S_IRUSR) < 0) { @@ -1452,21 +1452,21 @@ static int ns_setup(struct polydir_s *polyptr, if (retval < 0 && errno != ENOENT) { pam_syslog(idata->pamh, LOG_ERR, "Polydir %s access error: %m", polyptr->dir); - return PAM_SESSION_ERR; + return PAM_SESSION_ERR; } if (retval < 0) { - if ((polyptr->flags & POLYDIR_CREATE) && + if ((polyptr->flags & POLYDIR_CREATE) && create_polydir(polyptr, idata) != PAM_SUCCESS) return PAM_SESSION_ERR; } else { - close(retval); + close(retval); } - + if (polyptr->method == TMPFS) { if (mount("tmpfs", polyptr->dir, "tmpfs", 0, NULL) < 0) { pam_syslog(idata->pamh, LOG_ERR, "Error mounting tmpfs on %s, %m", - polyptr->dir); + polyptr->dir); return PAM_SESSION_ERR; } @@ -1481,7 +1481,7 @@ static int ns_setup(struct polydir_s *polyptr, polyptr->dir); return PAM_SESSION_ERR; } - + /* * Obtain the name of instance pathname based on the * polyinstantiation method and instance context returned by @@ -1495,8 +1495,8 @@ static int ns_setup(struct polydir_s *polyptr, #endif if (retval != PAM_SUCCESS) { - if (retval != PAM_IGNORE) - pam_syslog(idata->pamh, LOG_ERR, "Error getting instance name"); + if (retval != PAM_IGNORE) + pam_syslog(idata->pamh, LOG_ERR, "Error getting instance name"); goto cleanup; } else { #ifdef WITH_SELINUX @@ -1526,8 +1526,8 @@ static int ns_setup(struct polydir_s *polyptr, #endif if (retval == PAM_IGNORE) { - newdir = 0; - retval = PAM_SUCCESS; + newdir = 0; + retval = PAM_SUCCESS; } if (retval != PAM_SUCCESS) { @@ -1647,7 +1647,7 @@ static int cleanup_tmpdirs(struct instance_data *idata) } if (!WIFEXITED(status) || WIFSIGNALED(status) > 0) { pam_syslog(idata->pamh, LOG_ERR, - "Error removing %s", pptr->instance_prefix); + "Error removing %s", pptr->instance_prefix); } } else if (pid < 0) { pam_syslog(idata->pamh, LOG_ERR, @@ -1686,14 +1686,14 @@ static int setup_namespace(struct instance_data *idata, enum unmnt_op unmnt) */ for (pptr = idata->polydirs_ptr; pptr; pptr = pptr->next) { if (ns_override(pptr, idata, idata->uid)) { - if (unmnt == NO_UNMNT || ns_override(pptr, idata, idata->ruid)) { - if (idata->flags & PAMNS_DEBUG) - pam_syslog(idata->pamh, LOG_DEBUG, + if (unmnt == NO_UNMNT || ns_override(pptr, idata, idata->ruid)) { + if (idata->flags & PAMNS_DEBUG) + pam_syslog(idata->pamh, LOG_DEBUG, "Overriding poly for user %d for dir %s", idata->uid, pptr->dir); } else { - if (idata->flags & PAMNS_DEBUG) - pam_syslog(idata->pamh, LOG_DEBUG, + if (idata->flags & PAMNS_DEBUG) + pam_syslog(idata->pamh, LOG_DEBUG, "Need unmount ns for user %d for dir %s", idata->ruid, pptr->dir); need_poly = 1; @@ -1721,7 +1721,7 @@ static int setup_namespace(struct instance_data *idata, enum unmnt_op unmnt) return PAM_SESSION_ERR; } } else { - del_polydir_list(idata->polydirs_ptr); + del_polydir_list(idata->polydirs_ptr); return PAM_SUCCESS; } @@ -1768,12 +1768,12 @@ static int setup_namespace(struct instance_data *idata, enum unmnt_op unmnt) * are available from */ strcpy(poly_parent, pptr->rdir); - fptr = strchr(poly_parent, '/'); - cptr = strrchr(poly_parent, '/'); - if (fptr && cptr && (fptr == cptr)) - strcpy(poly_parent, "/"); - else if (cptr) - *cptr = '\0'; + fptr = strchr(poly_parent, '/'); + cptr = strrchr(poly_parent, '/'); + if (fptr && cptr && (fptr == cptr)) + strcpy(poly_parent, "/"); + else if (cptr) + *cptr = '\0'; if (chdir(poly_parent) < 0) { pam_syslog(idata->pamh, LOG_ERR, "Can't chdir to %s, %m", poly_parent); @@ -1781,12 +1781,12 @@ static int setup_namespace(struct instance_data *idata, enum unmnt_op unmnt) } if (umount(pptr->rdir) < 0) { - int saved_errno = errno; - pam_syslog(idata->pamh, LOG_ERR, "Unmount of %s failed, %m", - pptr->rdir); - if (saved_errno != EINVAL) { - retval = PAM_SESSION_ERR; - goto out; + int saved_errno = errno; + pam_syslog(idata->pamh, LOG_ERR, "Unmount of %s failed, %m", + pptr->rdir); + if (saved_errno != EINVAL) { + retval = PAM_SESSION_ERR; + goto out; } } else if (idata->flags & PAMNS_DEBUG) pam_syslog(idata->pamh, LOG_DEBUG, "Umount succeeded %s", @@ -1803,20 +1803,20 @@ static int setup_namespace(struct instance_data *idata, enum unmnt_op unmnt) } out: if (retval != PAM_SUCCESS) { - cleanup_tmpdirs(idata); - unprotect_dirs(idata->protect_dirs); + cleanup_tmpdirs(idata); + unprotect_dirs(idata->protect_dirs); } else if (pam_set_data(idata->pamh, NAMESPACE_PROTECT_DATA, idata->protect_dirs, - cleanup_protect_data) != PAM_SUCCESS) { + cleanup_protect_data) != PAM_SUCCESS) { pam_syslog(idata->pamh, LOG_ERR, "Unable to set namespace protect data"); - cleanup_tmpdirs(idata); - unprotect_dirs(idata->protect_dirs); + cleanup_tmpdirs(idata); + unprotect_dirs(idata->protect_dirs); return PAM_SYSTEM_ERR; } else if (pam_set_data(idata->pamh, NAMESPACE_POLYDIR_DATA, idata->polydirs_ptr, - cleanup_polydir_data) != PAM_SUCCESS) { + cleanup_polydir_data) != PAM_SUCCESS) { pam_syslog(idata->pamh, LOG_ERR, "Unable to set namespace polydir data"); - cleanup_tmpdirs(idata); - pam_set_data(idata->pamh, NAMESPACE_PROTECT_DATA, NULL, NULL); - idata->protect_dirs = NULL; + cleanup_tmpdirs(idata); + pam_set_data(idata->pamh, NAMESPACE_PROTECT_DATA, NULL, NULL); + idata->protect_dirs = NULL; return PAM_SYSTEM_ERR; } return retval; @@ -1943,7 +1943,7 @@ static int get_user_data(struct instance_data *idata) int retval; char *user_name; struct passwd *pwd; - /* + /* * Lookup user and fill struct items */ retval = pam_get_item(idata->pamh, PAM_USER, (void*) &user_name ); @@ -1969,10 +1969,10 @@ static int get_user_data(struct instance_data *idata) /* Fill in RUSER too */ retval = pam_get_item(idata->pamh, PAM_RUSER, (void*) &user_name ); if ( user_name != NULL && retval == PAM_SUCCESS && user_name[0] != '\0' ) { - strncat(idata->ruser, user_name, sizeof(idata->ruser) - 1); - pwd = pam_modutil_getpwnam(idata->pamh, user_name); + strncat(idata->ruser, user_name, sizeof(idata->ruser) - 1); + pwd = pam_modutil_getpwnam(idata->pamh, user_name); } else { - pwd = pam_modutil_getpwuid(idata->pamh, getuid()); + pwd = pam_modutil_getpwuid(idata->pamh, getuid()); } if (!pwd) { pam_syslog(idata->pamh, LOG_ERR, "user unknown '%s'", user_name); @@ -2005,7 +2005,7 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, #ifdef WITH_SELINUX if (is_selinux_enabled()) idata.flags |= PAMNS_SELINUX_ENABLED; - if (ctxt_based_inst_needed()) + if (ctxt_based_inst_needed()) idata.flags |= PAMNS_CTXT_BASED_INST; #endif @@ -2036,7 +2036,7 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, unmnt = UNMNT_ONLY; if (strcmp(argv[i], "require_selinux") == 0) { if (!(idata.flags & PAMNS_SELINUX_ENABLED)) { - pam_syslog(idata.pamh, LOG_ERR, + pam_syslog(idata.pamh, LOG_ERR, "selinux_required option given and selinux is disabled"); return PAM_SESSION_ERR; } @@ -2047,7 +2047,7 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, retval = get_user_data(&idata); if (retval != PAM_SUCCESS) - return retval; + return retval; if (root_shared()) { idata.flags |= PAMNS_MOUNT_PRIVATE; @@ -2135,13 +2135,13 @@ PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, retval = get_user_data(&idata); if (retval != PAM_SUCCESS) - return retval; + return retval; retval = pam_get_data(idata.pamh, NAMESPACE_POLYDIR_DATA, (const void **)&polyptr); if (retval != PAM_SUCCESS || polyptr == NULL) - /* nothing to reset */ - return PAM_SUCCESS; - + /* nothing to reset */ + return PAM_SUCCESS; + idata.polydirs_ptr = polyptr; if (idata.flags & PAMNS_DEBUG) @@ -2160,7 +2160,7 @@ PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, pam_set_data(idata.pamh, NAMESPACE_POLYDIR_DATA, NULL, NULL); pam_set_data(idata.pamh, NAMESPACE_PROTECT_DATA, NULL, NULL); - + return PAM_SUCCESS; } diff --git a/modules/pam_namespace/pam_namespace.h b/modules/pam_namespace/pam_namespace.h index c49995c..6bca31c 100644 --- a/modules/pam_namespace/pam_namespace.h +++ b/modules/pam_namespace/pam_namespace.h @@ -1,5 +1,5 @@ /****************************************************************************** - * A module for Linux-PAM that will set the default namespace after + * A module for Linux-PAM that will set the default namespace after * establishing a session via PAM. * * (C) Copyright IBM Corporation 2005 @@ -134,9 +134,9 @@ enum polymethod { /* * Depending on the application using this namespace module, we * may need to unmount priviously bind mounted instance directory. - * Applications such as login and sshd, that establish a new + * Applications such as login and sshd, that establish a new * session unmount of instance directory is not needed. For applications - * such as su and newrole, that switch the identity, this module + * such as su and newrole, that switch the identity, this module * has to unmount previous instance directory first and re-mount * based on the new indentity. For other trusted applications that * just want to undo polyinstantiation, only unmount of previous @@ -182,4 +182,3 @@ struct instance_data { uid_t ruid; /* The uid of the requesting user */ unsigned long flags; /* Flags for debug, selinux etc */ }; - diff --git a/modules/pam_pwhistory/opasswd.c b/modules/pam_pwhistory/opasswd.c index 738483a..f896119 100644 --- a/modules/pam_pwhistory/opasswd.c +++ b/modules/pam_pwhistory/opasswd.c @@ -395,7 +395,7 @@ save_old_password (pam_handle_t *pamh, const char *user, uid_t uid, entry.user, entry.uid, entry.count, oldpass) < 0) { - free (save); + free (save); retval = PAM_AUTHTOK_ERR; fclose (oldpf); fclose (newpf); @@ -408,7 +408,7 @@ save_old_password (pam_handle_t *pamh, const char *user, uid_t uid, entry.user, entry.uid, entry.count, entry.old_passwords, oldpass) < 0) { - free (save); + free (save); retval = PAM_AUTHTOK_ERR; fclose (oldpf); fclose (newpf); diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c index 4e97ef5..5f2d1be 100644 --- a/modules/pam_securetty/pam_securetty.c +++ b/modules/pam_securetty/pam_securetty.c @@ -203,9 +203,9 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl, for (n = p; n != NULL; p = n+1) { if ((n = strchr(p, ' ')) != NULL) - *n = '\0'; + *n = '\0'; - if (strcmp(p, uttyname) == 0) { + if (strcmp(p, uttyname) == 0) { retval = 0; break; } diff --git a/modules/pam_selinux/Makefile.am b/modules/pam_selinux/Makefile.am index 5c83acb..ef142f4 100644 --- a/modules/pam_selinux/Makefile.am +++ b/modules/pam_selinux/Makefile.am @@ -10,7 +10,7 @@ EXTRA_DIST = README $(XMLS) pam_selinux.8 pam_selinux_check.8 \ if HAVE_LIBSELINUX TESTS = tst-pam_selinux - man_MANS = pam_selinux.8 + man_MANS = pam_selinux.8 endif XMLS = README.xml pam_selinux.8.xml @@ -40,4 +40,3 @@ noinst_DATA = README pam_selinux.8 README: pam_selinux.8.xml -include $(top_srcdir)/Make.xml.rules endif - diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c index f99d433..b777b01 100644 --- a/modules/pam_selinux/pam_selinux.c +++ b/modules/pam_selinux/pam_selinux.c @@ -142,7 +142,7 @@ query_response (pam_handle_t *pamh, const char *text, const char *def, char **response, int debug) { int rc; - if (def) + if (def) rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, response, "%s [%s] ", text, def); else rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, response, "%s ", text); @@ -150,7 +150,7 @@ query_response (pam_handle_t *pamh, const char *text, const char *def, if (*response == NULL) { rc = PAM_CONV_ERR; } - + if (rc != PAM_SUCCESS) { pam_syslog(pamh, LOG_WARNING, "No response to query: %s", text); } else if (debug) @@ -190,11 +190,11 @@ manual_context (pam_handle_t *pamh, const char *user, int debug) /* Allow the user to enter each field of the context individually */ if (query_response(pamh, _("role:"), NULL, &response, debug) == PAM_SUCCESS && response[0] != '\0') { - if (context_role_set (new_context, response)) + if (context_role_set (new_context, response)) goto fail_set; - if (get_default_type(response, &type)) + if (get_default_type(response, &type)) goto fail_set; - if (context_type_set (new_context, type)) + if (context_type_set (new_context, type)) goto fail_set; _pam_drop(type); } @@ -283,7 +283,7 @@ config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_curre while (1) { if (query_response(pamh, - _("Would you like to enter a different role or level?"), "n", + _("Would you like to enter a different role or level?"), "n", &response, debug) == PAM_SUCCESS) { resp_val = response[0]; _pam_drop(response); @@ -293,22 +293,22 @@ config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_curre if ((resp_val == 'y') || (resp_val == 'Y')) { if ((new_context = context_new(defaultcon)) == NULL) - goto fail_set; + goto fail_set; /* Allow the user to enter role and level individually */ - if (query_response(pamh, _("role:"), context_role_get(new_context), + if (query_response(pamh, _("role:"), context_role_get(new_context), &response, debug) == PAM_SUCCESS && response[0]) { if (get_default_type(response, &type)) { pam_prompt (pamh, PAM_ERROR_MSG, NULL, _("No default type for role %s\n"), response); _pam_drop(response); continue; } else { - if (context_role_set(new_context, response)) + if (context_role_set(new_context, response)) goto fail_set; if (context_type_set (new_context, type)) goto fail_set; _pam_drop(type); - } + } } _pam_drop(response); @@ -320,9 +320,9 @@ config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_curre if (getcon(&mycon) != 0) goto fail_set; - my_context = context_new(mycon); + my_context = context_new(mycon); if (my_context == NULL) { - freecon(mycon); + freecon(mycon); goto fail_set; } freecon(mycon); @@ -331,11 +331,11 @@ config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_curre goto fail_set; } context_free(my_context); - } else if (query_response(pamh, _("level:"), context_range_get(new_context), + } else if (query_response(pamh, _("level:"), context_range_get(new_context), &response, debug) == PAM_SUCCESS && response[0]) { if (context_range_set(new_context, response)) goto fail_set; - } + } _pam_drop(response); } @@ -355,7 +355,7 @@ config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_curre if (mls_enabled && !mls_range_allowed(pamh, defaultcon, newcon, debug)) { pam_syslog(pamh, LOG_NOTICE, "Security context %s is not allowed for %s", defaultcon, newcon); - send_audit_message(pamh, 0, defaultcon, newcon); + send_audit_message(pamh, 0, defaultcon, newcon); free(newcon); goto fail_range; @@ -380,7 +380,7 @@ config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_curre context_free (new_context); send_audit_message(pamh, 0, defaultcon, NULL); fail_range: - return NULL; + return NULL; } static security_context_t @@ -405,7 +405,7 @@ context_from_env (pam_handle_t *pamh, security_context_t defaultcon, int env_par pam_syslog(pamh, LOG_NOTICE, "No default type for role %s", env); goto fail_set; } else { - if (context_role_set(new_context, env)) + if (context_role_set(new_context, env)) goto fail_set; if (context_type_set(new_context, type)) goto fail_set; @@ -449,7 +449,7 @@ context_from_env (pam_handle_t *pamh, security_context_t defaultcon, int env_par if (debug) pam_syslog(pamh, LOG_NOTICE, "Selected Security Context %s", newcon); - + /* Get the string value of the context and see if it is valid. */ if (security_check_context(newcon)) { pam_syslog(pamh, LOG_NOTICE, "Not a valid security context %s", newcon); @@ -623,7 +623,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, env_params = 1; } } - + if (debug) pam_syslog(pamh, LOG_NOTICE, "Open Session"); @@ -656,9 +656,9 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, #else if (getseuserbyname(username, &seuser, &level) == 0) { #endif - num_contexts = get_ordered_context_list_with_level(seuser, + num_contexts = get_ordered_context_list_with_level(seuser, level, - NULL, + NULL, &contextlist); if (debug) pam_syslog(pamh, LOG_DEBUG, "Username= %s SELinux User = %s Level= %s", @@ -692,7 +692,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, return PAM_SUCCESS; } } - else { + else { if (seuser != NULL) { user_context = manual_context(pamh,seuser,debug); free(seuser); diff --git a/modules/pam_selinux/pam_selinux_check.8 b/modules/pam_selinux/pam_selinux_check.8 index d6fcdff..34f578d 100644 --- a/modules/pam_selinux/pam_selinux_check.8 +++ b/modules/pam_selinux/pam_selinux_check.8 @@ -29,7 +29,7 @@ returns an exit code of 0 for success and > 0 on error: pam_selinux(8) .SH BUGS -Let's hope not, but if you find any, please email the author. +Let's hope not, but if you find any, please email the author. .SH AUTHOR Dan Walsh <dwalsh(a)redhat.com> diff --git a/modules/pam_sepermit/pam_sepermit.c b/modules/pam_sepermit/pam_sepermit.c index 4879b68..f799845 100644 --- a/modules/pam_sepermit/pam_sepermit.c +++ b/modules/pam_sepermit/pam_sepermit.c @@ -85,11 +85,11 @@ match_process_uid(pid_t pid, uid_t uid) uid_t puid; FILE *f; int re = 0; - + snprintf (buf, sizeof buf, PROC_BASE "/%d/status", pid); if (!(f = fopen (buf, "r"))) return 0; - + while (fgets(buf, sizeof buf, f)) { if (sscanf (buf, "Uid:\t%d", &puid)) { re = uid == puid; @@ -246,9 +246,9 @@ sepermit_match(pam_handle_t *pamh, const char *cfgfile, const char *user, int matched = 0; int exclusive = 0; int ignore = 0; - + f = fopen(cfgfile, "r"); - + if (!f) { pam_syslog(pamh, LOG_ERR, "Failed to open config file %s: %m", cfgfile); return PAM_SERVICE_ERR; @@ -276,7 +276,7 @@ sepermit_match(pam_handle_t *pamh, const char *cfgfile, const char *user, start = strtok_r(start, OPT_DELIM, &sptr); switch (start[0]) { - case '@': + case '@': ++start; if (debug) pam_syslog(pamh, LOG_NOTICE, "Matching user %s against group %s", user, start); @@ -411,9 +411,9 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, } #ifdef PAM_STATIC - + /* static module data */ - + struct pam_module _pam_sepermit_modstruct = { "pam_sepermit", pam_sm_authenticate, @@ -424,4 +424,3 @@ struct pam_module _pam_sepermit_modstruct = { NULL }; #endif - diff --git a/modules/pam_shells/pam_shells.c b/modules/pam_shells/pam_shells.c index 89fc297..68bd607 100644 --- a/modules/pam_shells/pam_shells.c +++ b/modules/pam_shells/pam_shells.c @@ -57,7 +57,7 @@ static int perform_check(pam_handle_t *pamh) return PAM_SERVICE_ERR; /* It could still be NULL the second time. */ - if (!userName || (userName[0] == '\0')) + if (!userName || (userName[0] == '\0')) return PAM_SERVICE_ERR; } diff --git a/modules/pam_stress/pam_stress.c b/modules/pam_stress/pam_stress.c index b75a597..c1695d7 100644 --- a/modules/pam_stress/pam_stress.c +++ b/modules/pam_stress/pam_stress.c @@ -62,7 +62,7 @@ _pam_report (const pam_handle_t *pamh, int ctrl, const char *name, pam_syslog(pamh, LOG_DEBUG, "CALLED: %s", name); pam_syslog(pamh, LOG_DEBUG, "FLAGS : 0%o%s", flags, (flags & PAM_SILENT) ? " (silent)":""); - pam_syslog(pamh, LOG_DEBUG, "CTRL = 0%o", ctrl); + pam_syslog(pamh, LOG_DEBUG, "CTRL = 0%o", ctrl); pam_syslog(pamh, LOG_DEBUG, "ARGV :"); while (argc--) { pam_syslog(pamh, LOG_DEBUG, " \"%s\"", *argv++); diff --git a/modules/pam_tally/pam_tally.c b/modules/pam_tally/pam_tally.c index dffbc89..c712885 100644 --- a/modules/pam_tally/pam_tally.c +++ b/modules/pam_tally/pam_tally.c @@ -134,7 +134,7 @@ static void log_phase_no_auth(pam_handle_t *pamh, int phase, const char *argv) { if ( phase != PHASE_AUTH ) { - pam_syslog(pamh, LOG_ERR, + pam_syslog(pamh, LOG_ERR, "option %s allowed in auth phase only", argv); } } @@ -194,12 +194,12 @@ tally_parse_args(pam_handle_t *pamh, struct tally_options *opts, else if ( ! strcmp( *argv, "per_user" ) ) { log_phase_no_auth(pamh, phase, *argv); - opts->ctrl |= OPT_PER_USER; + opts->ctrl |= OPT_PER_USER; } else if ( ! strcmp( *argv, "no_lock_time") ) { log_phase_no_auth(pamh, phase, *argv); - opts->ctrl |= OPT_NO_LOCK_TIME; + opts->ctrl |= OPT_NO_LOCK_TIME; } else if ( ! strcmp( *argv, "no_reset" ) ) { opts->ctrl |= OPT_NO_RESET; @@ -463,19 +463,19 @@ tally_bump (int inc, time_t *oldtime, pam_handle_t *pamh, (void) pam_get_item(pamh, PAM_RHOST, &remote_host); if (!remote_host) { - (void) pam_get_item(pamh, PAM_TTY, &cur_tty); + (void) pam_get_item(pamh, PAM_TTY, &cur_tty); if (!cur_tty) { - strncpy(fsp->fs_faillog.fail_line, "unknown", + strncpy(fsp->fs_faillog.fail_line, "unknown", sizeof(fsp->fs_faillog.fail_line) - 1); fsp->fs_faillog.fail_line[sizeof(fsp->fs_faillog.fail_line)-1] = 0; } else { - strncpy(fsp->fs_faillog.fail_line, cur_tty, + strncpy(fsp->fs_faillog.fail_line, cur_tty, sizeof(fsp->fs_faillog.fail_line)-1); fsp->fs_faillog.fail_line[sizeof(fsp->fs_faillog.fail_line)-1] = 0; } } else { - strncpy(fsp->fs_faillog.fail_line, remote_host, + strncpy(fsp->fs_faillog.fail_line, remote_host, (size_t)sizeof(fsp->fs_faillog.fail_line)); fsp->fs_faillog.fail_line[sizeof(fsp->fs_faillog.fail_line)-1] = 0; } @@ -534,8 +534,8 @@ tally_check (time_t oldtime, pam_handle_t *pamh, uid_t uid, if (lock_time && oldtime && !(opts->ctrl & OPT_NO_LOCK_TIME) ) { - if ( lock_time + oldtime > time(NULL) ) - { + if ( lock_time + oldtime > time(NULL) ) + { if (!(opts->ctrl & OPT_SILENT)) pam_info (pamh, _("Account temporary locked (%ld seconds left)"), @@ -543,19 +543,19 @@ tally_check (time_t oldtime, pam_handle_t *pamh, uid_t uid, if (!(opts->ctrl & OPT_NOLOGNOTICE)) pam_syslog (pamh, LOG_NOTICE, - "user %s (%lu) has time limit [%lds left]" + "user %s (%lu) has time limit [%lds left]" " since last failure.", user, (unsigned long int) uid, oldtime+lock_time-time(NULL)); - return PAM_AUTH_ERR; - } + return PAM_AUTH_ERR; + } } if (opts->unlock_time && oldtime) { - if ( opts->unlock_time + oldtime <= time(NULL) ) - { /* ignore deny check after unlock_time elapsed */ - return PAM_SUCCESS; - } + if ( opts->unlock_time + oldtime <= time(NULL) ) + { /* ignore deny check after unlock_time elapsed */ + return PAM_SUCCESS; + } } if ( ( deny != 0 ) && /* deny==0 means no deny */ @@ -599,8 +599,8 @@ tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts) if (tally == 0) { - fsp->fs_faillog.fail_time = (time_t) 0; - strcpy(fsp->fs_faillog.fail_line, ""); + fsp->fs_faillog.fail_time = (time_t) 0; + strcpy(fsp->fs_faillog.fail_line, ""); } i=set_tally(pamh, tally, uid, opts->filename, &TALLY, fsp); @@ -866,8 +866,8 @@ int main ( int argc UNUSED, char **argv ) if ( ! fread((char *) &fsp->fs_faillog, sizeof (struct faillog), 1, TALLY) || ! fsp->fs_faillog.fail_cnt ) { - continue; - } + continue; + } tally = fsp->fs_faillog.fail_cnt; if ( ( pw=getpwuid(uid) ) ) { diff --git a/modules/pam_tally/pam_tally_app.c b/modules/pam_tally/pam_tally_app.c index 9e6e1fa..ad28854 100644 --- a/modules/pam_tally/pam_tally_app.c +++ b/modules/pam_tally/pam_tally_app.c @@ -4,4 +4,3 @@ #define MAIN #include "pam_tally.c" - diff --git a/modules/pam_tally2/pam_tally2.c b/modules/pam_tally2/pam_tally2.c index e1df6d7..c72d27a 100644 --- a/modules/pam_tally2/pam_tally2.c +++ b/modules/pam_tally2/pam_tally2.c @@ -159,7 +159,7 @@ static void log_phase_no_auth(pam_handle_t *pamh, int phase, const char *argv) { if ( phase != PHASE_AUTH ) { - pam_syslog(pamh, LOG_ERR, + pam_syslog(pamh, LOG_ERR, "option %s allowed in auth phase only", argv); } } @@ -407,7 +407,7 @@ get_tally(pam_handle_t *pamh, uid_t uid, const char *filename, if ((*tfile = open(filename, O_RDWR)) == -1) { #ifndef MAIN if (errno == EACCES) /* called with insufficient access rights */ - return PAM_IGNORE; + return PAM_IGNORE; #endif pam_syslog(pamh, LOG_ALERT, "Error opening %s for update: %m", filename); @@ -418,7 +418,7 @@ skip_open: if (lseek(*tfile, (off_t)uid*(off_t)sizeof(*tally), SEEK_SET) == (off_t)-1) { pam_syslog(pamh, LOG_ALERT, "lseek failed for %s: %m", filename); if (!preopened) { - close(*tfile); + close(*tfile); *tfile = -1; } return PAM_AUTH_ERR; @@ -536,30 +536,30 @@ tally_check (tally_t oldcnt, time_t oldtime, pam_handle_t *pamh, uid_t uid, if (uid) { /* Unlock time check */ if (opts->unlock_time && oldtime) { - if (opts->unlock_time + oldtime <= time(NULL)) { + if (opts->unlock_time + oldtime <= time(NULL)) { /* ignore deny check after unlock_time elapsed */ #ifdef HAVE_LIBAUDIT snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid); audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf, NULL, NULL, NULL, 1); #endif - rv = PAM_SUCCESS; - goto cleanup; - } + rv = PAM_SUCCESS; + goto cleanup; + } } } else { /* Root unlock time check */ if (opts->root_unlock_time && oldtime) { if (opts->root_unlock_time + oldtime <= time(NULL)) { - /* ignore deny check after unlock_time elapsed */ + /* ignore deny check after unlock_time elapsed */ #ifdef HAVE_LIBAUDIT snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid); audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf, NULL, NULL, NULL, 1); #endif - rv = PAM_SUCCESS; - goto cleanup; - } + rv = PAM_SUCCESS; + goto cleanup; + } } } @@ -597,7 +597,7 @@ tally_check (tally_t oldcnt, time_t oldtime, pam_handle_t *pamh, uid_t uid, oldtime+opts->lock_time-time(NULL)); } if (!(opts->ctrl & OPT_NOLOGNOTICE)) { - pam_syslog(pamh, LOG_NOTICE, + pam_syslog(pamh, LOG_NOTICE, "user %s (%lu) has time limit [%lds left]" " since last failure.", user, (unsigned long)uid, @@ -605,7 +605,7 @@ tally_check (tally_t oldcnt, time_t oldtime, pam_handle_t *pamh, uid_t uid, } rv = PAM_AUTH_ERR; goto cleanup; - } + } } cleanup: @@ -648,10 +648,10 @@ tally_bump (int inc, time_t *oldtime, pam_handle_t *pamh, (void) pam_get_item(pamh, PAM_RHOST, &remote_host); if (!remote_host) { - (void) pam_get_item(pamh, PAM_TTY, &remote_host); + (void) pam_get_item(pamh, PAM_TTY, &remote_host); if (!remote_host) { - remote_host = "unknown"; - } + remote_host = "unknown"; + } } strncpy(tally.fail_line, remote_host, @@ -1019,14 +1019,14 @@ main( int argc UNUSED, char **argv ) FILE *tfile=fopen(cline_filename, "r"); uid_t uid=0; if (!tfile && cline_reset != 0) { - perror(*argv); - exit(1); + perror(*argv); + exit(1); } for ( ; tfile && !feof(tfile); uid++ ) { if ( !fread(&tally, sizeof(tally), 1, tfile) || !tally.fail_cnt ) { - continue; + continue; } print_one(&tally, uid); } diff --git a/modules/pam_tally2/pam_tally2_app.c b/modules/pam_tally2/pam_tally2_app.c index 681ed69..b72e9bf 100644 --- a/modules/pam_tally2/pam_tally2_app.c +++ b/modules/pam_tally2/pam_tally2_app.c @@ -4,4 +4,3 @@ #define MAIN #include "pam_tally2.c" - diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c index dff4a6d..c94737c 100644 --- a/modules/pam_time/pam_time.c +++ b/modules/pam_time/pam_time.c @@ -135,7 +135,7 @@ read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state) return -1; } } - + if (*from > 0) to = shift_buf(*buf, *from); @@ -652,7 +652,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, #ifdef HAVE_LIBAUDIT if (!(ctrl & PAM_NO_AUDIT)) { pam_modutil_audit_write(pamh, AUDIT_ANOM_LOGIN_TIME, - "pam_time", rv); /* ignore return value as we fail anyway */ + "pam_time", rv); /* ignore return value as we fail anyway */ } #endif if (ctrl & PAM_DEBUG_ARG) { diff --git a/modules/pam_time/time.conf b/modules/pam_time/time.conf index c7b7989..68d2dad 100644 --- a/modules/pam_time/time.conf +++ b/modules/pam_time/time.conf @@ -1,4 +1,4 @@ -# this is an example configuration file for the pam_time module. Its syntax +# this is an example configuration file for the pam_time module. Its syntax # was initially based heavily on that of the shadow package (shadow-960129). # # the syntax of the lines is as follows: diff --git a/modules/pam_time/time.conf.5.xml b/modules/pam_time/time.conf.5.xml index 224fda3..82227ba 100644 --- a/modules/pam_time/time.conf.5.xml +++ b/modules/pam_time/time.conf.5.xml @@ -119,7 +119,7 @@ login ; tty* & !ttyp* ; !root ; !Al0000-2400 Games (configured to use PAM) are only to be accessed out of working hours. This rule does not apply to the user <emphasis>waster</emphasis>: - <programlisting> + <programlisting> games ; * ; !waster ; Wd0000-2400 | Wk1800-0800 </programlisting> </para> diff --git a/modules/pam_timestamp/hmacfile.c b/modules/pam_timestamp/hmacfile.c index d2da5ff..7c1f8bf 100644 --- a/modules/pam_timestamp/hmacfile.c +++ b/modules/pam_timestamp/hmacfile.c @@ -63,7 +63,7 @@ testvectors(void) "b617318655057264e28bc0b6fb378c8ef146be00", }, -#ifdef HMAC_ALLOW_SHORT_KEYS +#ifdef HMAC_ALLOW_SHORT_KEYS { "Jefe", 4, "what do ya want for nothing?", 28, diff --git a/modules/pam_timestamp/hmacsha1.c b/modules/pam_timestamp/hmacsha1.c index 5b3774f..573ecf3 100644 --- a/modules/pam_timestamp/hmacsha1.c +++ b/modules/pam_timestamp/hmacsha1.c @@ -69,8 +69,8 @@ hmac_key_create(pam_handle_t *pamh, const char *filename, size_t key_size, pam_syslog(pamh, LOG_ERR, "Cannot create %s: %m", filename); return; } - - + + if (fchown(keyfd, owner, group) == -1) { pam_syslog(pamh, LOG_ERR, "Cannot chown %s: %m", filename); return; diff --git a/modules/pam_timestamp/pam_timestamp.8.xml b/modules/pam_timestamp/pam_timestamp.8.xml index adb87a7..fc6a927 100644 --- a/modules/pam_timestamp/pam_timestamp.8.xml +++ b/modules/pam_timestamp/pam_timestamp.8.xml @@ -186,4 +186,3 @@ session optional pam_timestamp.so </refsect1> </refentry> - diff --git a/modules/pam_timestamp/pam_timestamp_check.8.xml b/modules/pam_timestamp/pam_timestamp_check.8.xml index 7ec7140..06432e0 100644 --- a/modules/pam_timestamp/pam_timestamp_check.8.xml +++ b/modules/pam_timestamp/pam_timestamp_check.8.xml @@ -205,4 +205,3 @@ session optional pam_timestamp.so </refsect1> </refentry> - diff --git a/modules/pam_timestamp/sha1.c b/modules/pam_timestamp/sha1.c index e6705eb..576b4b4 100644 --- a/modules/pam_timestamp/sha1.c +++ b/modules/pam_timestamp/sha1.c @@ -185,7 +185,7 @@ size_t sha1_output(struct sha1_context *ctx, unsigned char *out) { struct sha1_context ctx2; - + /* Output the sum. */ if (out != NULL) { u_int32_t c; diff --git a/modules/pam_unix/CHANGELOG b/modules/pam_unix/CHANGELOG index 1476b57..c18acc2 100644 --- a/modules/pam_unix/CHANGELOG +++ b/modules/pam_unix/CHANGELOG @@ -8,7 +8,7 @@ $Id$ - temporarily removed the crypt16 stuff. I'm really paranoid about crypto stuff and exporting it, and there are a few too many 's-box' references in the code for my liking.. - + * Wed Jun 30 1999 Steve Langasek <vorlon(a)netexpress.net> - further NIS+ fixes @@ -50,6 +50,5 @@ $Id$ is too lame to use it in real life) * Sun Mar 21 1999 Jan R�korajski <baggins(a)mimuw.edu.pl> -- pam_unix_auth now correctly behave when user has NULL AUTHTOK +- pam_unix_auth now correctly behave when user has NULL AUTHTOK - pam_unix_auth returns PAM_PERM_DENIED when seteuid fails - diff --git a/modules/pam_unix/bigcrypt.c b/modules/pam_unix/bigcrypt.c index 9922d17..e10d1c5 100644 --- a/modules/pam_unix/bigcrypt.c +++ b/modules/pam_unix/bigcrypt.c @@ -1,20 +1,20 @@ /* * This function implements the "bigcrypt" algorithm specifically for * Linux-PAM. - * + * * This algorithm is algorithm 0 (default) shipped with the C2 secure * implementation of Digital UNIX. - * + * * Disclaimer: This work is not based on the source code to Digital * UNIX, nor am I connected to Digital Equipment Corp, in any way * other than as a customer. This code is based on published * interfaces and reasonable guesswork. - * + * * Description: The cleartext is divided into blocks of SEGMENT_SIZE=8 * characters or less. Each block is encrypted using the standard UNIX * libc crypt function. The result of the encryption for one block * provides the salt for the suceeding block. - * + * * Restrictions: The buffer used to hold the encrypted result is * statically allocated. (see MAX_PASS_LEN below). This is necessary, * as the returned pointer points to "static data that are overwritten diff --git a/modules/pam_unix/md5.c b/modules/pam_unix/md5.c index 94d1c9d..7881db5 100644 --- a/modules/pam_unix/md5.c +++ b/modules/pam_unix/md5.c @@ -107,7 +107,7 @@ void MD5Name(MD5Update)(struct MD5Context *ctx, unsigned const char *buf, unsign } /* - * Final wrapup - pad to 64-byte boundary with the bit pattern + * Final wrapup - pad to 64-byte boundary with the bit pattern * 1 0* (64-bit count of bits processed, MSB-first) */ void MD5Name(MD5Final)(unsigned char digest[16], struct MD5Context *ctx) diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c index d9c4ea5..1379d96 100644 --- a/modules/pam_unix/pam_unix_auth.c +++ b/modules/pam_unix/pam_unix_auth.c @@ -206,7 +206,7 @@ pam_sm_setcred (pam_handle_t *pamh, int flags UNUSED, don't worry about an explicit check of argv. */ if (pam_get_data(pamh, "unix_setcred_return", &pretval) == PAM_SUCCESS && pretval) { - retval = *(const int *)pretval; + retval = *(const int *)pretval; pam_set_data(pamh, "unix_setcred_return", NULL, NULL); D(("recovered data indicates that old retval was %d", retval)); } diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 631df31..6ba2c2e 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -212,7 +212,7 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const rlim.rlim_max = MAX_FD_NO; for (i=0; i < (int)rlim.rlim_max; i++) { if (i != STDIN_FILENO) - close(i); + close(i); } } @@ -262,7 +262,7 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const } else { D(("fork failed")); close(fds[0]); - close(fds[1]); + close(fds[1]); retval = PAM_AUTH_ERR; } diff --git a/modules/pam_unix/pam_unix_sess.c b/modules/pam_unix/pam_unix_sess.c index 778062e..72046ea 100644 --- a/modules/pam_unix/pam_unix_sess.c +++ b/modules/pam_unix/pam_unix_sess.c @@ -16,13 +16,13 @@ * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. - * + * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE @@ -140,4 +140,3 @@ struct pam_module _pam_unix_session_modstruct = { NULL, }; #endif - diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 5199a69..089f4b8 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -89,17 +89,17 @@ verify_pwd_hash(const char *p, char *hash, unsigned int nullok) } else { if (!strncmp(hash, "$1$", 3)) { pp = Goodcrypt_md5(p, hash); - if (pp && strcmp(pp, hash) != 0) { + if (pp && strcmp(pp, hash) != 0) { _pam_delete(pp); pp = Brokencrypt_md5(p, hash); - } + } } else if (*hash != '$' && hash_len >= 13) { - pp = bigcrypt(p, hash); - if (pp && hash_len == 13 && strlen(pp) > hash_len) { + pp = bigcrypt(p, hash); + if (pp && hash_len == 13 && strlen(pp) > hash_len) { _pam_overwrite(pp + hash_len); - } + } } else { - /* + /* * Ok, we don't know the crypt algorithm, but maybe * libcrypt knows about it? We should try it. */ @@ -448,12 +448,12 @@ unix_selinux_confined(void) char tempfile[]="/etc/.pwdXXXXXX"; if (confined != -1) - return confined; + return confined; /* cannot be confined without SELinux enabled */ if (!SELINUX_ENABLED){ - confined = 0; - return confined; + confined = 0; + return confined; } /* let's try opening shadow read only */ @@ -633,7 +633,7 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass, char *sptr = NULL; found = 1; if (howmany == 0) - continue; + continue; buf[strlen(buf) - 1] = '\0'; s_luser = strtok_r(buf, ":", &sptr); s_uid = strtok_r(NULL, ":", &sptr); diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index cc350e5..ab04535 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -475,7 +475,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, rlim.rlim_max = MAX_FD_NO; for (i=0; i < (int)rlim.rlim_max; i++) { if (i != STDIN_FILENO) - close(i); + close(i); } } @@ -530,7 +530,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, } else { D(("fork failed")); close(fds[0]); - close(fds[1]); + close(fds[1]); retval = PAM_AUTH_ERR; } diff --git a/modules/pam_unix/unix_update.c b/modules/pam_unix/unix_update.c index 702912d..6ea7ea5 100644 --- a/modules/pam_unix/unix_update.c +++ b/modules/pam_unix/unix_update.c @@ -62,7 +62,7 @@ set_password(const char *forwho, const char *shadow, const char *remember) } if (lock_pwdf() != PAM_SUCCESS) - return PAM_AUTHTOK_LOCK_BUSY; + return PAM_AUTHTOK_LOCK_BUSY; pwd = getpwnam(forwho); diff --git a/modules/pam_userdb/Makefile.am b/modules/pam_userdb/Makefile.am index b05cc6c..77cc960 100644 --- a/modules/pam_userdb/Makefile.am +++ b/modules/pam_userdb/Makefile.am @@ -35,4 +35,3 @@ noinst_DATA = README pam_userdb.8 README: pam_userdb.8.xml -include $(top_srcdir)/Make.xml.rules endif - diff --git a/modules/pam_userdb/create.pl b/modules/pam_userdb/create.pl index 224204b..06915c9 100644 --- a/modules/pam_userdb/create.pl +++ b/modules/pam_userdb/create.pl @@ -1,5 +1,5 @@ #!/usr/bin/perl -# this program creates a database in ARGV[1] from pairs given on +# this program creates a database in ARGV[1] from pairs given on # stdandard input # # $Id$ @@ -19,5 +19,3 @@ while (<STDIN>) { $lusers{$user} = $pass; } untie %lusers; - - diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c index 11b0d6b..c075c4b 100644 --- a/modules/pam_userdb/pam_userdb.c +++ b/modules/pam_userdb/pam_userdb.c @@ -145,7 +145,7 @@ _pam_parse (pam_handle_t *pamh, int argc, const char **argv, * return values: * 1 = User not found * 0 = OK - * -1 = Password incorrect + * -1 = Password incorrect * -2 = System error */ static int @@ -362,12 +362,12 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, retval = pam_get_item(pamh, PAM_AUTHTOK, &password); if (retval != PAM_SUCCESS || password == NULL) { if ((ctrl & PAM_TRY_FPASS_ARG) != 0) { - /* Converse to obtain a password */ - retval = obtain_authtok(pamh); - if (retval != PAM_SUCCESS) { + /* Converse to obtain a password */ + retval = obtain_authtok(pamh); + if (retval != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR, "can not obtain password from user"); return retval; - } + } retval = pam_get_item(pamh, PAM_AUTHTOK, &password); } if (retval != PAM_SUCCESS || password == NULL) { diff --git a/modules/pam_userdb/pam_userdb.h b/modules/pam_userdb/pam_userdb.h index 4cd81ba..3cd8fee 100644 --- a/modules/pam_userdb/pam_userdb.h +++ b/modules/pam_userdb/pam_userdb.h @@ -2,7 +2,7 @@ #ifndef _PAM_USERSDB_H #define _PAM_USERSDB_H /* $Id$ */ - + /* Header files */ #include <security/pam_appl.h> diff --git a/po/.cvsignore b/po/.cvsignore index f5ef83a..32677b4 100644 --- a/po/.cvsignore +++ b/po/.cvsignore @@ -4,4 +4,3 @@ Makefile.in *.gmo remove-potcdate.sed stamp-po - diff --git a/tests/tst-dlopen.c b/tests/tst-dlopen.c index e4770ee..3000055 100644 --- a/tests/tst-dlopen.c +++ b/tests/tst-dlopen.c @@ -45,4 +45,3 @@ int main(int argc, char **argv) return 0; #endif } - diff --git a/xtests/group.conf b/xtests/group.conf index 04fe3ef..2cb3487 100644 --- a/xtests/group.conf +++ b/xtests/group.conf @@ -1,3 +1,2 @@ tst-pam_group1;tty1;tstpamgrp;Al0000-2400;tstpamgrpg - diff --git a/xtests/tst-pam_access1.pamd b/xtests/tst-pam_access1.pamd index f47ec34..a70f2d9 100644 --- a/xtests/tst-pam_access1.pamd +++ b/xtests/tst-pam_access1.pamd @@ -3,4 +3,3 @@ auth required pam_access.so nodefgroup account required pam_permit.so password required pam_permit.so session required pam_permit.so - diff --git a/xtests/tst-pam_access2.pamd b/xtests/tst-pam_access2.pamd index f47ec34..a70f2d9 100644 --- a/xtests/tst-pam_access2.pamd +++ b/xtests/tst-pam_access2.pamd @@ -3,4 +3,3 @@ auth required pam_access.so nodefgroup account required pam_permit.so password required pam_permit.so session required pam_permit.so - diff --git a/xtests/tst-pam_access3.pamd b/xtests/tst-pam_access3.pamd index f47ec34..a70f2d9 100644 --- a/xtests/tst-pam_access3.pamd +++ b/xtests/tst-pam_access3.pamd @@ -3,4 +3,3 @@ auth required pam_access.so nodefgroup account required pam_permit.so password required pam_permit.so session required pam_permit.so - diff --git a/xtests/tst-pam_access4.pamd b/xtests/tst-pam_access4.pamd index f47ec34..a70f2d9 100644 --- a/xtests/tst-pam_access4.pamd +++ b/xtests/tst-pam_access4.pamd @@ -3,4 +3,3 @@ auth required pam_access.so nodefgroup account required pam_permit.so password required pam_permit.so session required pam_permit.so - diff --git a/xtests/tst-pam_authfail.c b/xtests/tst-pam_authfail.c index afdbd6a..0e7d808 100644 --- a/xtests/tst-pam_authfail.c +++ b/xtests/tst-pam_authfail.c @@ -60,14 +60,14 @@ main(int argc, char *argv[]) if (argc > 2) { stack = argv[2]; } - + if (argc > 1) { if (strcmp (argv[1], "-d") == 0) debug = 1; else stack = argv[1]; } - + retval = pam_start(stack, user, &conv, &pamh); if (retval != PAM_SUCCESS) diff --git a/xtests/tst-pam_authsucceed.c b/xtests/tst-pam_authsucceed.c index 8666f3f..c0ee802 100644 --- a/xtests/tst-pam_authsucceed.c +++ b/xtests/tst-pam_authsucceed.c @@ -60,14 +60,14 @@ main(int argc, char *argv[]) if (argc > 2) { stack = argv[2]; } - + if (argc > 1) { if (strcmp (argv[1], "-d") == 0) debug = 1; else stack = argv[1]; } - + retval = pam_start(stack, user, &conv, &pamh); if (retval != PAM_SUCCESS) diff --git a/xtests/tst-pam_dispatch3.pamd b/xtests/tst-pam_dispatch3.pamd index 8172c5f..7f290ab 100644 --- a/xtests/tst-pam_dispatch3.pamd +++ b/xtests/tst-pam_dispatch3.pamd @@ -3,4 +3,3 @@ auth optional pam_debug.so auth=auth_err auth sufficient pam_debug.so auth=success auth required pam_debug.so auth=perm_denied account required pam_debug.so acct=acct_expired - diff --git a/xtests/tst-pam_group1.pamd b/xtests/tst-pam_group1.pamd index d78f3a6..e75d0d1 100644 --- a/xtests/tst-pam_group1.pamd +++ b/xtests/tst-pam_group1.pamd @@ -4,4 +4,3 @@ auth required pam_permit.so account required pam_permit.so password required pam_permit.so session required pam_permit.so - diff --git a/xtests/tst-pam_limits1.pamd b/xtests/tst-pam_limits1.pamd index 206ef1f..7b1771c 100644 --- a/xtests/tst-pam_limits1.pamd +++ b/xtests/tst-pam_limits1.pamd @@ -3,4 +3,3 @@ auth required pam_permit.so account required pam_permit.so password required pam_permit.so session required pam_limits.so - diff --git a/xtests/tst-pam_pwhistory1.pamd b/xtests/tst-pam_pwhistory1.pamd index e096cc4..68e1b94 100644 --- a/xtests/tst-pam_pwhistory1.pamd +++ b/xtests/tst-pam_pwhistory1.pamd @@ -4,4 +4,3 @@ account required pam_permit.so password required pam_pwhistory.so remember=10 retry=1 password required pam_unix.so use_authtok md5 session required pam_permit.so - diff --git a/xtests/tst-pam_substack1.pamd b/xtests/tst-pam_substack1.pamd index 6eab233..8dfe1b8 100644 --- a/xtests/tst-pam_substack1.pamd +++ b/xtests/tst-pam_substack1.pamd @@ -1,5 +1,5 @@ #%PAM-1.0 -# Even if the substack succeeds with sufficient +# Even if the substack succeeds with sufficient # the whole stack should fail. auth substack tst-pam_substack1a auth required pam_debug.so auth=auth_err diff --git a/xtests/tst-pam_unix1.pamd b/xtests/tst-pam_unix1.pamd index 1a2990c..6cd67b6 100644 --- a/xtests/tst-pam_unix1.pamd +++ b/xtests/tst-pam_unix1.pamd @@ -3,4 +3,3 @@ auth required pam_unix.so account required pam_unix.so password required pam_unix.so session required pam_unix.so - diff --git a/xtests/tst-pam_unix2.pamd b/xtests/tst-pam_unix2.pamd index 1a2990c..6cd67b6 100644 --- a/xtests/tst-pam_unix2.pamd +++ b/xtests/tst-pam_unix2.pamd @@ -3,4 +3,3 @@ auth required pam_unix.so account required pam_unix.so password required pam_unix.so session required pam_unix.so - diff --git a/xtests/tst-pam_unix3.pamd b/xtests/tst-pam_unix3.pamd index 1a2990c..6cd67b6 100644 --- a/xtests/tst-pam_unix3.pamd +++ b/xtests/tst-pam_unix3.pamd @@ -3,4 +3,3 @@ auth required pam_unix.so account required pam_unix.so password required pam_unix.so session required pam_unix.so - diff --git a/xtests/tst-pam_unix4.pamd b/xtests/tst-pam_unix4.pamd index 4dc414f..1affa8e 100644 --- a/xtests/tst-pam_unix4.pamd +++ b/xtests/tst-pam_unix4.pamd @@ -3,4 +3,3 @@ auth required pam_unix.so account required pam_unix.so password required pam_unix.so debug session required pam_unix.so -

12 years, 6 months

1
0
0 / 0

← Newer
1
2
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

linux-pam-commits November 2011