summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile3
-rw-r--r--README20
-rw-r--r--changelog186
-rw-r--r--pam_pwdfile.c18
4 files changed, 214 insertions, 13 deletions
diff --git a/Makefile b/Makefile
index 6905e9a..a0d2f3f 100644
--- a/Makefile
+++ b/Makefile
@@ -32,3 +32,6 @@ install: $(LIBSHARED)
clean:
$(RM) *.o *.so
+
+changelog-from-git: changelog
+ { git log --decorate $(shell head -1 changelog | cut -d\ -f2).. | vipe; echo; cat changelog; } | sponge changelog
diff --git a/README b/README
index 568cf5a..bf9eacd 100644
--- a/README
+++ b/README
@@ -25,7 +25,7 @@ options
* debug: produce a bit of debug output
* nodelay: don't tell the PAM stack to cause a delay on auth failure
* flock: use a shared (read) advisory lock on pwdfile, you should better move new versions into place instead
-* legacy_crypt: turns on bigcrypt and "broken md5_crypt", you will only need that if you use password hashes from another system that uses those algorithms
+* legacy_crypt: see section LEGACY CRYPT
PASSWORD FILE
@@ -33,6 +33,22 @@ PASSWORD FILE
The password file basically looks like passwd(5): one line for each user with two or more colon-separated fields.
First field contains the username, the second the crypt()ed password.
-Other field are optional.
+Other fields are optional.
crypt()ed passwords in various formats can be generated with mkpasswd from the whois package.
+
+
+LEGACY CRYPT
+============
+
+There are two crypt types that are disabled by default: bigcrypt and broken md5_crypt.
+They are disabled because they use static buffers which is bad when doing PAM authentication using this module in a multithreaded server.
+All the other crypt types are checked via the systems crypt_r function if available, else with the normal crypt function and the same static-buffer-problem.
+
+bigcrypt was used on DEC systems to allow for longer passwords.
+You can check if your passwd file contains any of these with `cut -d: -f2 passwd-file | egrep '^[^$].{13}'`.
+
+Broken md5_crypt is a speciality of big-endian systems.
+An early implementation of md5_crypt got the byte order wrong here and produced different crypt outputs.
+You might have some of these crypt hashes in your passwd file only if you created them on a big-endian system.
+If an md5_crypt hash also worked on a little-endian system (up to and including libpam-pwdfile 0.99) it isn't broken md5_crypt.
diff --git a/changelog b/changelog
index 9936e81..3cc9312 100644
--- a/changelog
+++ b/changelog
@@ -1,5 +1,187 @@
-changelog for pam_pwdfile PAM module - Charl P. Botha <cpbotha@ieee.org>
----------------------------------------------------------------------------
+commit 6946f4bd3102d677d9ce43d4c48ed6bec2b13a31
+Author: Timo Weingärtner <timo@tiwe.de>
+Date: 2013-09-29 15:50:21 +0200
+
+ update copyright
+
+ also fix spelling error "GNU Public License"
+
+commit 183200793e5aec74f73b21bd96d46b447da64f11
+Author: Timo Weingärtner <timo@tiwe.de>
+Date: 2013-09-28 16:35:58 +0200
+
+ Makefile: add target changelog-from-git
+
+ needs moreutils
+
+commit 5e5588cd1edfbab1889537b93ae13b159f76caff
+Author: Timo Weingärtner <timo@tiwe.de>
+Date: 2013-09-26 16:29:26 +0200
+
+ README: describe legacy_crypt in more detail
+
+commit 235369330e1c1366e5c7cb31561cdb673703ad58
+Author: Timo Weingärtner <timo@tiwe.de>
+Date: 2013-09-26 16:29:11 +0200
+
+ fix typo in README
+
+commit 090a8585370c7857a193467fc057828b82ec358f
+Author: Timo Weingärtner <timo@tiwe.de>
+Date: 2013-06-01 00:15:00 +0200
+
+ move opening brace out of ifdef to make code folding work
+
+commit 4964a685e75c75d662bb0d4f1bb3fd126f49eca2
+Author: Timo Weingärtner <timo@tiwe.de>
+Date: 2013-06-01 00:14:07 +0200
+
+ don't include features.h
+
+commit 201e799f7a2fcba3af2c9214f25545460ef9b08a (tag: v0.100)
+Author: Timo Weingärtner <timo@tiwe.de>
+Date: 2013-05-27 21:10:18 +0200
+
+ rework documentation
+
+ remove stuff in contrib, it is outdated or explained in the service's
+ documentation
+
+commit da52bf9630a077d90e1338d818a3e179367058c4
+Author: Timo Weingärtner <timo@tiwe.de>
+Date: 2013-05-27 21:08:02 +0200
+
+ separate DESTDIR and PAM_LIB_DIR
+
+commit e493c1467bbaebfbaf2a9a6b1da3398b76232ce5
+Author: Timo Weingärtner <timo@tiwe.de>
+Date: 2013-05-14 20:22:36 +0200
+
+ remove CVS $Id line and static version number
+
+commit caea065f12f3d358948cd0ca760ebd7c27cb6c80
+Author: Timo Weingärtner <timo@tiwe.de>
+Date: 2013-05-14 20:08:06 +0200
+
+ overhaul bigcrypt.c
+
+ * drop unnessesary variables
+ * rename variables and define's to be more desciptive
+ * rotate pointer updates to front of loop
+ * don't copy key
+
+ there was no point in using crypt_r() here, we return our result in a static
+ buffer ourselves
+
+commit 495461432ca4034d49ee37cb398c6bd253d6f66d
+Author: Timo Weingärtner <timo@tiwe.de>
+Date: 2013-05-11 19:34:44 +0200
+
+ md5.c: fix compiler warnings
+
+commit be53f76279d158aa3e5fb2960f9ae4da52201857
+Author: Timo Weingärtner <timo@tiwe.de>
+Date: 2013-05-11 01:43:50 +0200
+
+ replace self-defined uint32 with uint32_t from stdint.h
+
+ unsigned int is not guaranteed to have 32 bits
+
+commit ce9367b3202477b3cc914cabfe0cb2a856f3a51d
+Author: Timo Weingärtner <timo@tiwe.de>
+Date: 2013-05-10 21:30:05 +0200
+
+ major overhaul
+
+ * merge fgetpwnam into pam_sm_authenticate
+ * handle empty password field
+ * fix a fd and memory leak if pwdfile opening succeeds but locking fails
+ * use crypt_r (enabled via USE_CRYPT_R)
+ * rely on crypt() to handle newer crypt variants (including "good" md5 crypt)
+ * make bigcrypt and broken md5 crypt optional
+ * add some const's
+
+commit 88dd2b1a22cd06fc401a8ddadd41114cebe159d5
+Author: Timo Weingärtner <timo@tiwe.de>
+Date: 2013-05-10 21:27:56 +0200
+
+ include proper headers for crypt()
+
+ this also prepares for crypt_r()
+
+commit 138c589dd4cdf68659bfa643e5659fa1200f6081
+Author: Timo Weingärtner <timo@tiwe.de>
+Date: 2013-04-29 13:06:26 +0200
+
+ rework pwdfile reading
+
+ * drop rewind(), we read the file just once
+ * use getline() to get rid of the fixed-size buffer
+ * let strsep() also handle the newline
+ * stop at the first line containing the user instead of using the last
+
+commit 0437f4656f1d5a541b4ab951c457fae19f8deee4
+Author: Timo Weingärtner <timo@tiwe.de>
+Date: 2013-04-28 17:15:15 +0200
+
+ use pam_get_authtok
+
+ this also gets it right with use_first_pass
+ also use the default prompt for the username
+
+commit 86c95423b2908869ee42f9f40896a0bb0b773cf4
+Author: Timo Weingärtner <timo@tiwe.de>
+Date: 2013-04-27 23:55:20 +0200
+
+ rework argument parsing
+
+ * don't copy pwdfile argument, we don't need to modify it
+ * replace sizeof() with strlen() as that is easier to understand and the
+ compiler can also optimize it away
+ * expand DEFINE's so we can get rid of the comments
+
+commit 64707e82165bb32db5763b38bf550b538bcd4eec
+Author: Timo Weingärtner <timo@tiwe.de>
+Date: 2013-04-27 18:07:22 +0200
+
+ make Brokencrypt_md5 also broken on little-endian
+
+ otherwise broken hashes from big-endian systems won't work
+ also remove ASM_MD5 #ifndef's, we don't have assembler code here
+
+commit 629c03d7775e1f4b5c0fdee358c6773f70e91961
+Author: Timo Weingärtner <timo@tiwe.de>
+Date: 2013-04-26 12:57:56 +0200
+
+ add debug module option and use pam_syslog
+
+ also:
+ * remove some unnessesary comments
+ * add vim settings for unusual indentation
+
+commit fbce1a480fda4c97b21c87fb39096d23db6eedfb
+Author: Timo Weingärtner <timo@tiwe.de>
+Date: 2013-04-25 14:27:07 +0200
+
+ apply visibility patch by Peter Palfrader
+
+commit 0148de59cdcea4013d694fc04db3174ce06c60b1
+Author: Timo Weingärtner <timo@tiwe.de>
+Date: 2013-04-25 14:22:49 +0200
+
+ rework Makefile for standalone building
+
+ if this is ever integrated into pam it will be autotools anyways
+ use ?= and += to better work with distribution's build systems
+
+commit 5dbeed06ae0b0f168158920c59dcfb0cc822dee6
+Author: Charl Botha <cpbotha@cpbotha.net>
+Date: 2009-08-16 19:57:51 +0000
+
+ Added note about contrib directory.
+
+=====================================
+old (pre-git) changelog:
0.99 : Sat Dec 20 20:30:37 CET 2003
diff --git a/pam_pwdfile.c b/pam_pwdfile.c
index 9b96fe3..bebbeea 100644
--- a/pam_pwdfile.c
+++ b/pam_pwdfile.c
@@ -1,11 +1,11 @@
-/* pam_pwdfile.c copyright 1999-2003 by Charl P. Botha <cpbotha@ieee.org>
- *
+/*
* pam authentication module that can be pointed at any username/crypted
* text file so that pam using application can use an alternate set of
* passwords than specified in system password database
*
- * Copyright (c) Charl P. Botha, 1999-2003. All rights reserved
- *
+ * Copyright (c) 1999-2003 Charl P. Botha <cpbotha@cpbotha.net>
+ * Copyright (c) 2012-2013 Timo Weingärtner <timo@tiwe.de>
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -19,8 +19,8 @@
* products derived from this software without specific prior
* written permission.
*
- * ALTERNATIVELY, this product may be distributed under the terms of
- * the GNU Public License, in which case the provisions of the GPL are
+ * ALTERNATIVELY, this product may be distributed under the terms of the
+ * GNU General Public License, in which case the provisions of the GPL are
* required INSTEAD OF the above restrictions. (This clause is
* necessary due to a potential bad interaction between the GPL and
* the restrictions contained in a BSD-style copyright.)
@@ -50,7 +50,6 @@
#endif
#endif
-#include <features.h>
#include <syslog.h>
#include <stdio.h>
#include <stdlib.h>
@@ -202,10 +201,11 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags,
#ifdef USE_CRYPT_R
crypt_buf.initialized = 0;
- if (!(crypted_password = crypt_r(password, stored_crypted_password, &crypt_buf))) {
+ if (!(crypted_password = crypt_r(password, stored_crypted_password, &crypt_buf)))
#else
- if (!(crypted_password = crypt(password, stored_crypted_password))) {
+ if (!(crypted_password = crypt(password, stored_crypted_password)))
#endif
+ {
pam_syslog(pamh, LOG_ERR, "crypt() failed");
free(linebuf);
return PAM_AUTH_ERR;