Merge tag 'v1.0' into debian

release 1.0

4 files changed, 214 insertions, 13 deletions

diff --git a/Makefile b/Makefile
index 6905e9a..a0d2f3f 100644
--- a/Makefile
+++ b/Makefile
@@ -32,3 +32,6 @@ install: $(LIBSHARED)
 
 clean:
 	$(RM) *.o *.so
+
+changelog-from-git: changelog
+	{ git log --decorate $(shell head -1 changelog | cut -d\  -f2).. | vipe; echo; cat changelog; } | sponge changelog
diff --git a/README b/README
index 568cf5a..bf9eacd 100644
--- a/README
+++ b/README
@@ -25,7 +25,7 @@ options
 * debug: produce a bit of debug output
 * nodelay: don't tell the PAM stack to cause a delay on auth failure
 * flock: use a shared (read) advisory lock on pwdfile, you should better move new versions into place instead
-* legacy_crypt: turns on bigcrypt and "broken md5_crypt", you will only need that if you use password hashes from another system that uses those algorithms
+* legacy_crypt: see section LEGACY CRYPT
 
 
 PASSWORD FILE
@@ -33,6 +33,22 @@ PASSWORD FILE
 
 The password file basically looks like passwd(5): one line for each user with two or more colon-separated fields.
 First field contains the username, the second the crypt()ed password.
-Other field are optional.
+Other fields are optional.
 
 crypt()ed passwords in various formats can be generated with mkpasswd from the whois package.
+
+
+LEGACY CRYPT
+============
+
+There are two crypt types that are disabled by default: bigcrypt and broken md5_crypt.
+They are disabled because they use static buffers which is bad when doing PAM authentication using this module in a multithreaded server.
+All the other crypt types are checked via the systems crypt_r function if available, else with the normal crypt function and the same static-buffer-problem.
+
+bigcrypt was used on DEC systems to allow for longer passwords.
+You can check if your passwd file contains any of these with `cut -d: -f2 passwd-file | egrep '^[^$].{13}'`.
+
+Broken md5_crypt is a speciality of big-endian systems.
+An early implementation of md5_crypt got the byte order wrong here and produced different crypt outputs.
+You might have some of these crypt hashes in your passwd file only if you created them on a big-endian system.
+If an md5_crypt hash also worked on a little-endian system (up to and including libpam-pwdfile 0.99) it isn't broken md5_crypt.
diff --git a/changelog b/changelog
index 9936e81..3cc9312 100644
--- a/changelog
+++ b/changelog
@@ -1,5 +1,187 @@
-changelog for pam_pwdfile PAM module - Charl P. Botha <cpbotha@ieee.org>
----------------------------------------------------------------------------
+commit 6946f4bd3102d677d9ce43d4c48ed6bec2b13a31
+Author: Timo Weingärtner <timo@tiwe.de>
+Date:   2013-09-29 15:50:21 +0200
+
+    update copyright
+    
+    also fix spelling error "GNU Public License"
+
+commit 183200793e5aec74f73b21bd96d46b447da64f11
+Author: Timo Weingärtner <timo@tiwe.de>
+Date:   2013-09-28 16:35:58 +0200
+
+    Makefile: add target changelog-from-git
+    
+    needs moreutils
+
+commit 5e5588cd1edfbab1889537b93ae13b159f76caff
+Author: Timo Weingärtner <timo@tiwe.de>
+Date:   2013-09-26 16:29:26 +0200
+
+    README: describe legacy_crypt in more detail
+
+commit 235369330e1c1366e5c7cb31561cdb673703ad58
+Author: Timo Weingärtner <timo@tiwe.de>
+Date:   2013-09-26 16:29:11 +0200
+
+    fix typo in README
+
+commit 090a8585370c7857a193467fc057828b82ec358f
+Author: Timo Weingärtner <timo@tiwe.de>
+Date:   2013-06-01 00:15:00 +0200
+
+    move opening brace out of ifdef to make code folding work
+
+commit 4964a685e75c75d662bb0d4f1bb3fd126f49eca2
+Author: Timo Weingärtner <timo@tiwe.de>
+Date:   2013-06-01 00:14:07 +0200
+
+    don't include features.h
+
+commit 201e799f7a2fcba3af2c9214f25545460ef9b08a (tag: v0.100)
+Author: Timo Weingärtner <timo@tiwe.de>
+Date:   2013-05-27 21:10:18 +0200
+
+    rework documentation
+    
+    remove stuff in contrib, it is outdated or explained in the service's
+    documentation
+
+commit da52bf9630a077d90e1338d818a3e179367058c4
+Author: Timo Weingärtner <timo@tiwe.de>
+Date:   2013-05-27 21:08:02 +0200
+
+    separate DESTDIR and PAM_LIB_DIR
+
+commit e493c1467bbaebfbaf2a9a6b1da3398b76232ce5
+Author: Timo Weingärtner <timo@tiwe.de>
+Date:   2013-05-14 20:22:36 +0200
+
+    remove CVS $Id line and static version number
+
+commit caea065f12f3d358948cd0ca760ebd7c27cb6c80
+Author: Timo Weingärtner <timo@tiwe.de>
+Date:   2013-05-14 20:08:06 +0200
+
+    overhaul bigcrypt.c
+    
+    * drop unnessesary variables
+    * rename variables and define's to be more desciptive
+    * rotate pointer updates to front of loop
+    * don't copy key
+    
+    there was no point in using crypt_r() here, we return our result in a static
+    buffer ourselves
+
+commit 495461432ca4034d49ee37cb398c6bd253d6f66d
+Author: Timo Weingärtner <timo@tiwe.de>
+Date:   2013-05-11 19:34:44 +0200
+
+    md5.c: fix compiler warnings
+
+commit be53f76279d158aa3e5fb2960f9ae4da52201857
+Author: Timo Weingärtner <timo@tiwe.de>
+Date:   2013-05-11 01:43:50 +0200
+
+    replace self-defined uint32 with uint32_t from stdint.h
+    
+    unsigned int is not guaranteed to have 32 bits
+
+commit ce9367b3202477b3cc914cabfe0cb2a856f3a51d
+Author: Timo Weingärtner <timo@tiwe.de>
+Date:   2013-05-10 21:30:05 +0200
+
+    major overhaul
+    
+    * merge fgetpwnam into pam_sm_authenticate
+    * handle empty password field
+    * fix a fd and memory leak if pwdfile opening succeeds but locking fails
+    * use crypt_r (enabled via USE_CRYPT_R)
+    * rely on crypt() to handle newer crypt variants (including "good" md5 crypt)
+    * make bigcrypt and broken md5 crypt optional
+    * add some const's
+
+commit 88dd2b1a22cd06fc401a8ddadd41114cebe159d5
+Author: Timo Weingärtner <timo@tiwe.de>
+Date:   2013-05-10 21:27:56 +0200
+
+    include proper headers for crypt()
+    
+    this also prepares for crypt_r()
+
+commit 138c589dd4cdf68659bfa643e5659fa1200f6081
+Author: Timo Weingärtner <timo@tiwe.de>
+Date:   2013-04-29 13:06:26 +0200
+
+    rework pwdfile reading
+    
+    * drop rewind(), we read the file just once
+    * use getline() to get rid of the fixed-size buffer
+    * let strsep() also handle the newline
+    * stop at the first line containing the user instead of using the last
+
+commit 0437f4656f1d5a541b4ab951c457fae19f8deee4
+Author: Timo Weingärtner <timo@tiwe.de>
+Date:   2013-04-28 17:15:15 +0200
+
+    use pam_get_authtok
+    
+    this also gets it right with use_first_pass
+    also use the default prompt for the username
+
+commit 86c95423b2908869ee42f9f40896a0bb0b773cf4
+Author: Timo Weingärtner <timo@tiwe.de>
+Date:   2013-04-27 23:55:20 +0200
+
+    rework argument parsing
+    
+    * don't copy pwdfile argument, we don't need to modify it
+    * replace sizeof() with strlen() as that is easier to understand and the
+      compiler can also optimize it away
+    * expand DEFINE's so we can get rid of the comments
+
+commit 64707e82165bb32db5763b38bf550b538bcd4eec
+Author: Timo Weingärtner <timo@tiwe.de>
+Date:   2013-04-27 18:07:22 +0200
+
+    make Brokencrypt_md5 also broken on little-endian
+    
+    otherwise broken hashes from big-endian systems won't work
+    also remove ASM_MD5 #ifndef's, we don't have assembler code here
+
+commit 629c03d7775e1f4b5c0fdee358c6773f70e91961
+Author: Timo Weingärtner <timo@tiwe.de>
+Date:   2013-04-26 12:57:56 +0200
+
+    add debug module option and use pam_syslog
+    
+    also:
+    * remove some unnessesary comments
+    * add vim settings for unusual indentation
+
+commit fbce1a480fda4c97b21c87fb39096d23db6eedfb
+Author: Timo Weingärtner <timo@tiwe.de>
+Date:   2013-04-25 14:27:07 +0200
+
+    apply visibility patch by Peter Palfrader
+
+commit 0148de59cdcea4013d694fc04db3174ce06c60b1
+Author: Timo Weingärtner <timo@tiwe.de>
+Date:   2013-04-25 14:22:49 +0200
+
+    rework Makefile for standalone building
+    
+    if this is ever integrated into pam it will be autotools anyways
+    use ?= and += to better work with distribution's build systems
+
+commit 5dbeed06ae0b0f168158920c59dcfb0cc822dee6
+Author: Charl Botha <cpbotha@cpbotha.net>
+Date:   2009-08-16 19:57:51 +0000
+
+    Added note about contrib directory.
+
+=====================================
+old (pre-git) changelog:
 
 0.99 : Sat Dec 20 20:30:37 CET 2003
 
diff --git a/pam_pwdfile.c b/pam_pwdfile.c
index 9b96fe3..bebbeea 100644
--- a/pam_pwdfile.c
+++ b/pam_pwdfile.c
@@ -1,11 +1,11 @@
-/* pam_pwdfile.c copyright 1999-2003 by Charl P. Botha <cpbotha@ieee.org>
- *
+/* 
  * pam authentication module that can be pointed at any username/crypted
  * text file so that pam using application can use an alternate set of
  * passwords than specified in system password database
  * 
- * Copyright (c) Charl P. Botha, 1999-2003. All rights reserved
- *
+ * Copyright (c) 1999-2003 Charl P. Botha <cpbotha@cpbotha.net>
+ * Copyright (c) 2012-2013 Timo Weingärtner <timo@tiwe.de>
+ * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -19,8 +19,8 @@
  *    products derived from this software without specific prior
  *    written permission.
  * 
- * ALTERNATIVELY, this product may be distributed under the terms of
- * the GNU Public License, in which case the provisions of the GPL are
+ * ALTERNATIVELY, this product may be distributed under the terms of the
+ * GNU General Public License, in which case the provisions of the GPL are
  * required INSTEAD OF the above restrictions.  (This clause is
  * necessary due to a potential bad interaction between the GPL and
  * the restrictions contained in a BSD-style copyright.)
@@ -50,7 +50,6 @@
 #endif
 #endif
 
-#include <features.h>
 #include <syslog.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -202,10 +201,11 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags,
     
 #ifdef USE_CRYPT_R
     crypt_buf.initialized = 0;
-    if (!(crypted_password = crypt_r(password, stored_crypted_password, &crypt_buf))) {
+    if (!(crypted_password = crypt_r(password, stored_crypted_password, &crypt_buf)))
 #else
-    if (!(crypted_password = crypt(password, stored_crypted_password))) {
+    if (!(crypted_password = crypt(password, stored_crypted_password)))
 #endif
+    {
 	pam_syslog(pamh, LOG_ERR, "crypt() failed");
 	free(linebuf);
 	return PAM_AUTH_ERR;