diff options
| -rw-r--r-- | Makefile | 3 | ||||
| -rw-r--r-- | README | 20 | ||||
| -rw-r--r-- | changelog | 186 | ||||
| -rw-r--r-- | pam_pwdfile.c | 18 | 
4 files changed, 214 insertions, 13 deletions
| @@ -32,3 +32,6 @@ install: $(LIBSHARED)  clean:  	$(RM) *.o *.so + +changelog-from-git: changelog +	{ git log --decorate $(shell head -1 changelog | cut -d\  -f2).. | vipe; echo; cat changelog; } | sponge changelog @@ -25,7 +25,7 @@ options  * debug: produce a bit of debug output  * nodelay: don't tell the PAM stack to cause a delay on auth failure  * flock: use a shared (read) advisory lock on pwdfile, you should better move new versions into place instead -* legacy_crypt: turns on bigcrypt and "broken md5_crypt", you will only need that if you use password hashes from another system that uses those algorithms +* legacy_crypt: see section LEGACY CRYPT  PASSWORD FILE @@ -33,6 +33,22 @@ PASSWORD FILE  The password file basically looks like passwd(5): one line for each user with two or more colon-separated fields.  First field contains the username, the second the crypt()ed password. -Other field are optional. +Other fields are optional.  crypt()ed passwords in various formats can be generated with mkpasswd from the whois package. + + +LEGACY CRYPT +============ + +There are two crypt types that are disabled by default: bigcrypt and broken md5_crypt. +They are disabled because they use static buffers which is bad when doing PAM authentication using this module in a multithreaded server. +All the other crypt types are checked via the systems crypt_r function if available, else with the normal crypt function and the same static-buffer-problem. + +bigcrypt was used on DEC systems to allow for longer passwords. +You can check if your passwd file contains any of these with `cut -d: -f2 passwd-file | egrep '^[^$].{13}'`. + +Broken md5_crypt is a speciality of big-endian systems. +An early implementation of md5_crypt got the byte order wrong here and produced different crypt outputs. +You might have some of these crypt hashes in your passwd file only if you created them on a big-endian system. +If an md5_crypt hash also worked on a little-endian system (up to and including libpam-pwdfile 0.99) it isn't broken md5_crypt. @@ -1,5 +1,187 @@ -changelog for pam_pwdfile PAM module - Charl P. Botha <cpbotha@ieee.org> ---------------------------------------------------------------------------- +commit 6946f4bd3102d677d9ce43d4c48ed6bec2b13a31 +Author: Timo Weingärtner <timo@tiwe.de> +Date:   2013-09-29 15:50:21 +0200 + +    update copyright +     +    also fix spelling error "GNU Public License" + +commit 183200793e5aec74f73b21bd96d46b447da64f11 +Author: Timo Weingärtner <timo@tiwe.de> +Date:   2013-09-28 16:35:58 +0200 + +    Makefile: add target changelog-from-git +     +    needs moreutils + +commit 5e5588cd1edfbab1889537b93ae13b159f76caff +Author: Timo Weingärtner <timo@tiwe.de> +Date:   2013-09-26 16:29:26 +0200 + +    README: describe legacy_crypt in more detail + +commit 235369330e1c1366e5c7cb31561cdb673703ad58 +Author: Timo Weingärtner <timo@tiwe.de> +Date:   2013-09-26 16:29:11 +0200 + +    fix typo in README + +commit 090a8585370c7857a193467fc057828b82ec358f +Author: Timo Weingärtner <timo@tiwe.de> +Date:   2013-06-01 00:15:00 +0200 + +    move opening brace out of ifdef to make code folding work + +commit 4964a685e75c75d662bb0d4f1bb3fd126f49eca2 +Author: Timo Weingärtner <timo@tiwe.de> +Date:   2013-06-01 00:14:07 +0200 + +    don't include features.h + +commit 201e799f7a2fcba3af2c9214f25545460ef9b08a (tag: v0.100) +Author: Timo Weingärtner <timo@tiwe.de> +Date:   2013-05-27 21:10:18 +0200 + +    rework documentation +     +    remove stuff in contrib, it is outdated or explained in the service's +    documentation + +commit da52bf9630a077d90e1338d818a3e179367058c4 +Author: Timo Weingärtner <timo@tiwe.de> +Date:   2013-05-27 21:08:02 +0200 + +    separate DESTDIR and PAM_LIB_DIR + +commit e493c1467bbaebfbaf2a9a6b1da3398b76232ce5 +Author: Timo Weingärtner <timo@tiwe.de> +Date:   2013-05-14 20:22:36 +0200 + +    remove CVS $Id line and static version number + +commit caea065f12f3d358948cd0ca760ebd7c27cb6c80 +Author: Timo Weingärtner <timo@tiwe.de> +Date:   2013-05-14 20:08:06 +0200 + +    overhaul bigcrypt.c +     +    * drop unnessesary variables +    * rename variables and define's to be more desciptive +    * rotate pointer updates to front of loop +    * don't copy key +     +    there was no point in using crypt_r() here, we return our result in a static +    buffer ourselves + +commit 495461432ca4034d49ee37cb398c6bd253d6f66d +Author: Timo Weingärtner <timo@tiwe.de> +Date:   2013-05-11 19:34:44 +0200 + +    md5.c: fix compiler warnings + +commit be53f76279d158aa3e5fb2960f9ae4da52201857 +Author: Timo Weingärtner <timo@tiwe.de> +Date:   2013-05-11 01:43:50 +0200 + +    replace self-defined uint32 with uint32_t from stdint.h +     +    unsigned int is not guaranteed to have 32 bits + +commit ce9367b3202477b3cc914cabfe0cb2a856f3a51d +Author: Timo Weingärtner <timo@tiwe.de> +Date:   2013-05-10 21:30:05 +0200 + +    major overhaul +     +    * merge fgetpwnam into pam_sm_authenticate +    * handle empty password field +    * fix a fd and memory leak if pwdfile opening succeeds but locking fails +    * use crypt_r (enabled via USE_CRYPT_R) +    * rely on crypt() to handle newer crypt variants (including "good" md5 crypt) +    * make bigcrypt and broken md5 crypt optional +    * add some const's + +commit 88dd2b1a22cd06fc401a8ddadd41114cebe159d5 +Author: Timo Weingärtner <timo@tiwe.de> +Date:   2013-05-10 21:27:56 +0200 + +    include proper headers for crypt() +     +    this also prepares for crypt_r() + +commit 138c589dd4cdf68659bfa643e5659fa1200f6081 +Author: Timo Weingärtner <timo@tiwe.de> +Date:   2013-04-29 13:06:26 +0200 + +    rework pwdfile reading +     +    * drop rewind(), we read the file just once +    * use getline() to get rid of the fixed-size buffer +    * let strsep() also handle the newline +    * stop at the first line containing the user instead of using the last + +commit 0437f4656f1d5a541b4ab951c457fae19f8deee4 +Author: Timo Weingärtner <timo@tiwe.de> +Date:   2013-04-28 17:15:15 +0200 + +    use pam_get_authtok +     +    this also gets it right with use_first_pass +    also use the default prompt for the username + +commit 86c95423b2908869ee42f9f40896a0bb0b773cf4 +Author: Timo Weingärtner <timo@tiwe.de> +Date:   2013-04-27 23:55:20 +0200 + +    rework argument parsing +     +    * don't copy pwdfile argument, we don't need to modify it +    * replace sizeof() with strlen() as that is easier to understand and the +      compiler can also optimize it away +    * expand DEFINE's so we can get rid of the comments + +commit 64707e82165bb32db5763b38bf550b538bcd4eec +Author: Timo Weingärtner <timo@tiwe.de> +Date:   2013-04-27 18:07:22 +0200 + +    make Brokencrypt_md5 also broken on little-endian +     +    otherwise broken hashes from big-endian systems won't work +    also remove ASM_MD5 #ifndef's, we don't have assembler code here + +commit 629c03d7775e1f4b5c0fdee358c6773f70e91961 +Author: Timo Weingärtner <timo@tiwe.de> +Date:   2013-04-26 12:57:56 +0200 + +    add debug module option and use pam_syslog +     +    also: +    * remove some unnessesary comments +    * add vim settings for unusual indentation + +commit fbce1a480fda4c97b21c87fb39096d23db6eedfb +Author: Timo Weingärtner <timo@tiwe.de> +Date:   2013-04-25 14:27:07 +0200 + +    apply visibility patch by Peter Palfrader + +commit 0148de59cdcea4013d694fc04db3174ce06c60b1 +Author: Timo Weingärtner <timo@tiwe.de> +Date:   2013-04-25 14:22:49 +0200 + +    rework Makefile for standalone building +     +    if this is ever integrated into pam it will be autotools anyways +    use ?= and += to better work with distribution's build systems + +commit 5dbeed06ae0b0f168158920c59dcfb0cc822dee6 +Author: Charl Botha <cpbotha@cpbotha.net> +Date:   2009-08-16 19:57:51 +0000 + +    Added note about contrib directory. + +===================================== +old (pre-git) changelog:  0.99 : Sat Dec 20 20:30:37 CET 2003 diff --git a/pam_pwdfile.c b/pam_pwdfile.c index 9b96fe3..bebbeea 100644 --- a/pam_pwdfile.c +++ b/pam_pwdfile.c @@ -1,11 +1,11 @@ -/* pam_pwdfile.c copyright 1999-2003 by Charl P. Botha <cpbotha@ieee.org> - * +/*    * pam authentication module that can be pointed at any username/crypted   * text file so that pam using application can use an alternate set of   * passwords than specified in system password database   *  - * Copyright (c) Charl P. Botha, 1999-2003. All rights reserved - * + * Copyright (c) 1999-2003 Charl P. Botha <cpbotha@cpbotha.net> + * Copyright (c) 2012-2013 Timo Weingärtner <timo@tiwe.de> + *    * Redistribution and use in source and binary forms, with or without   * modification, are permitted provided that the following conditions   * are met: @@ -19,8 +19,8 @@   *    products derived from this software without specific prior   *    written permission.   *  - * ALTERNATIVELY, this product may be distributed under the terms of - * the GNU Public License, in which case the provisions of the GPL are + * ALTERNATIVELY, this product may be distributed under the terms of the + * GNU General Public License, in which case the provisions of the GPL are   * required INSTEAD OF the above restrictions.  (This clause is   * necessary due to a potential bad interaction between the GPL and   * the restrictions contained in a BSD-style copyright.) @@ -50,7 +50,6 @@  #endif  #endif -#include <features.h>  #include <syslog.h>  #include <stdio.h>  #include <stdlib.h> @@ -202,10 +201,11 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags,  #ifdef USE_CRYPT_R      crypt_buf.initialized = 0; -    if (!(crypted_password = crypt_r(password, stored_crypted_password, &crypt_buf))) { +    if (!(crypted_password = crypt_r(password, stored_crypted_password, &crypt_buf)))  #else -    if (!(crypted_password = crypt(password, stored_crypted_password))) { +    if (!(crypted_password = crypt(password, stored_crypted_password)))  #endif +    {  	pam_syslog(pamh, LOG_ERR, "crypt() failed");  	free(linebuf);  	return PAM_AUTH_ERR; | 
