Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add PAM authorization #1121

Merged
merged 5 commits into from Mar 13, 2022
Merged

Add PAM authorization #1121

merged 5 commits into from Mar 13, 2022

Conversation

arogge
Copy link
Member

@arogge arogge commented Mar 11, 2022

Backport of PR #1115 to bareos-19.2

Thank you for contributing to the Bareos Project!

Please check

  • Short description and the purpose of this PR is present above this paragraph
  • Your name is present in the AUTHORS file (optional)

If you have any questions or problems, please give a comment in the PR.

Helpful documentation and best practices

Checklist for the reviewer of the PR (will be processed by the Bareos team)

General
  • PR name is meaningful
  • Purpose of the PR is understood
  • Separate commit for this PR in the CHANGELOG.md, PR number referenced is same
  • Commit descriptions are understandable and well formatted
  • If backport: add original PR number and target branch at top of this file: Backport of PR#000 to bareos-2x
Source code quality
  • Source code changes are understandable
  • Variable and function names are meaningful
  • Code comments are correct (logically and spelling)
  • Required documentation changes are present and part of the PR
  • bareos-check-sources --since-merge does not report any problems
  • git status should not report modifications in the source tree after building and testing
Tests
  • Decision taken that a system- or unittest is required (if not, then remove this paragraph)
  • The decision towards a systemtest is reasonable compared to a unittest
  • Testname matches exactly what is being tested
  • Output of the test leads quickly to the origin of the fault

@arogge
dir: fix memory-leak on failed PAM authentication
2e4a10e 
Fixes CVE-2022-24756

(cherry picked from commit e8e7998)
@arogge
systemtests: prepare PAM tests for account checks
c960841
@arogge
dir: check account authorization during PAM login
1d61a41 
Fixes CVE-2022-24755

Previously, when a user logged in via PAM, Bareos did only check for
authentication (i.e. the "auth" section in PAM). No authorization checks
were made (the "account" section in PAM). This patch now adds the proper
check.
This will break existing PAM configuration!

(cherry picked from commit abe4620)
@arogge
docs: update PAM configuration
0a15a33 
Add an account section to the example and describe what has changed and
what users should do to be able to login again.

(cherry picked from commit f4ccb86)
@arogge arogge added the is a backport to 19.2 This is a backport from master to bareos-19.2 label Mar 11, 2022
@pstorz pstorz self-requested a review March 13, 2022 08:20
@pstorz pstorz merged commit 5f1f0d2 into bareos:bareos-19.2 Mar 13, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pstorz pstorz pstorz approved these changes

Assignees
No one assigned
Labels
is a backport to 19.2 This is a backport from master to bareos-19.2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@arogge @pstorz