| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-11 Tomas Mraz <t8m@centrum.cz>
* modules/pam_env/pam_env.c: Change default for user_readenv to 0.
* modules/pam_env/pam_env.8.xml: Document the new default for user_readenv.
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-07 Dmitry V. Levin <ldv@altlinux.org>
* modules/pam_selinux/pam_selinux.c (verbose_message): Fix format
string.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-04 Dmitry V. Levin <ldv@altlinux.org>
* libpam/pam_modutil_priv.c: New file.
* libpam/Makefile.am (libpam_la_SOURCES): Add it.
* libpam/include/security/pam_modutil.h (struct pam_modutil_privs,
PAM_MODUTIL_DEF_PRIVS, pam_modutil_drop_priv,
pam_modutil_regain_priv): New declarations.
* libpam/libpam.map (LIBPAM_MODUTIL_1.1.3): New interface.
* modules/pam_env/pam_env.c (handle_env): Use new pam_modutil interface.
* modules/pam_mail/pam_mail.c (_do_mail): Likewise.
* modules/pam_xauth/pam_xauth.c (check_acl, pam_sm_open_session,
pam_sm_close_session): Likewise.
(pam_sm_open_session): Remove redundant fchown call.
Fixes CVE-2010-3430, CVE-2010-3431.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-01 Thorsten Kukuk <kukuk@thkukuk.de>
* configure.in: Extend cross compiling check.
* doc/specs/Makefile.am: Set CFLAGS and LDFLAGS to BUILD_CFLAGS
and BUILD_LDFLAGS.
Bug #3078936 / gentoo #339174
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2010-09-30 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_xauth/pam_xauth.c (pam_sm_close_session): Warn if
unlink() fails.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-09-27 Dmitry V. Levin <ldv@altlinux.org>
* modules/pam_xauth/pam_xauth.c (pam_sm_close_session): Return
PAM_SUCCESS immediately if no cookie file is defined. Return
PAM_SESSION_ERR if cookie file is defined but target uid cannot be
determined. Do not modify cookiefile string returned by pam_get_data.
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-09-27 Dmitry V. Levin <ldv@altlinux.org>
* modules/pam_xauth/pam_xauth.c (check_acl): Check that the given
access control file is a regular file.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2010-09-16 Dmitry V. Levin <ldv@altlinux.org>
* modules/pam_env/pam_env.c (handle_env): Use setfsuid() return code.
* modules/pam_mail/pam_mail.c (_do_mail): Likewise.
* modules/pam_xauth/pam_xauth.c (check_acl, pam_sm_open_session,
pam_sm_close_session): Likewise.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new release
Commit summary:
---------------
2010-08-31 Thorsten Kukuk <kukuk@thkukuk.de>
* release version 1.1.2
* configure.in: Bump version number.
* NEWS: Document changes since 1.1.1.
* doc/adg/Linux-PAM_ADG.xml: Bump version number.
* doc/mwg/Linux-PAM_MWG.xml: Likewise.
* doc/sag/Linux-PAM_SAG.xml: Likewise.
* libpam/Makefile.am: Bump revision of shared library.
* po/*.po: Regenerate.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2010-08-26 Tomas Mraz <t8m@centrum.cz>
* modules/pam_nologin/pam_nologin.c (perform_check): Try first
/var/run/nologin if the nologin file is not explicitly specified.
* modules/pam_nologin/pam_nologin.8.xml: Document that /var/run/nologin
is tried first.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: translation
Commit summary:
---------------
2010-08-26 Sweta Kothari <swkothar@redhat.com>
* po/gu.po: Updated translations.
2010-08-26 Geert Warrink <geert.warrink@onsnet.nu>
* po/nl.po: Updated translations.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-08-26 Thorsten Kukuk <kukuk@thkukuk.de>
* doc/specs/Makefile.am: Use CC_FOR_BUILD as compiler (cross
compile support).
* configure.in: Check for host compiler if cross compiling.
Bug #2315432, debian#284854#42.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2010-08-17 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/pam_unix_passwd.c: Implement minlen option.
* modules/pam_unix/support.c: Likewise.
* modules/pam_unix/support.h: Likewise.
* modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Adjust
arguments for _set_ctrl call.
* modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise.
* modules/pam_unix/pam_unix_session.c: Likewise.
* modules/pam_unix/pam_unix.8.xml: Document minlen option.
Based on patch by Steve Langasek.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-08-12 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_mail/pam_mail.c: Check for mail only with user
privilegs.
* modules/pam_xauth/pam_xauth.c (run_coprocess): Check return
value of setgid, setgroups and setuid.
* modules/pam_xauth/pam_xauth.c (check_acl): Save errno for
later usage.
* modules/pam_env/pam_env.c (handle_env): Check if user exists,
read local user config only with user privilegs.`
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix/cleanup
Commit summary:
---------------
2010-08-09 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_tally/pam_tally.8.xml: Document that pam_tally is
deprecated.
* modules/pam_tty_audit/Makefile.am (EXTRA_DIST): Fix make dist.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-08-09 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/passverify.c (check_shadow_expiry): Correct
check for expired date.
* modules/pam_unix/pam_unix_passwd.c (_pam_unix_approve_pass): Remove
check for password length. Bug #2923437.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-08-04 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_tally2/pam_tally2.c (get_tally): Create file
with correct permissions. Patch by Diego Elio "Flameeyes" Pettenò.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: workaround
Commit summary:
---------------
2010-08-04 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/passverify.c (PAMH_ARG_DECL): Don't request
password change if time is not yet set (1.1.1970). Bug #2730965.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-08-04 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_access/pam_access.c (user_match): Make sure
that user@host will not match @@netgroup. Bug #3035919.
* modules/pam_group/pam_group.c (check_account): Add '%' for
UNIX groups.
* modules/pam_group/group.conf: Add example for '%'.
* modules/pam_group/group.conf.5.xml: Document '%' syntax.
Bug #3002340, #3037155.
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Don't pass --version-script options when linking executables, only when
linking libraries
Patch from Julien Cristau <jcristau@debian.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: enhancement
Commit summary:
---------------
2010-07-12 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Add
audit flag to enable logging about unknown user (#2917257).
* modules/pam_succeed_if/pam_succeed_if.8.xml: Document audit.
* modules/pam_succeed_if/pam_succeed_if.8: Regenerated from xml.
* modules/pam_succeed_if/README: Regenerated from xml.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-06-22 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_umask/pam_umask.8.xml: Remove comparisation of
gid and uid for usergroups.
* modules/pam_umask/pam_umask.c (setup_limits_from_gecos): Likewise.
Bug #3004656
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-06-22 Thorsten Kukuk <kukuk@thkukuk.de>
* configure.in: Don't check for libxcrypt if no xcrypt.h exists,
fix typo introduced with 1.1.1.
Reported by Diego Elio "Flameeyes" Pettenò.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-06-15 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_xauth/pam_xauth.c (pam_sm_close_session): Call
setfsuid to be allowed to remove temporary files (#3010705).
(pam_sm_open_session): Call fchown with correct permissions.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Add test case for unresolved symbols
2010-06-09 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_tty_audit/Makefile.am (TESTS): Add tst-pam_tty_audit.
* modules/pam_tty_audit/tst-pam_tty_audit: New.
Commit summary:
---------------
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-06-07 Steve Langasek <vorlon@debian.org>
* modules/pam_tty_audit/Makefile.am: If we don't have the libraries
required for building pam_tty_audit, we shouldn't install the manpage
either.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-05-27 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_userdb/pam_userdb.c: Define HAVE_DBM
for BerkDB 5.0 support. Patch by Diego Elio Pettenò.
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: docu fix
Commit summary:
---------------
2010-04-15 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_exec/pam_exec.8.xml: Fix example.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-04-13 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_pwhistory/opasswd.c: Fix compilation if
cyprt_r() is not available.
* configure.in: check for getutent_r.
* modules/pam_timestamp/pam_timestamp.c: Use getutent()
if getutent_r() does not exist.
Patch from Diego Elio "Flameeyes" Pettenò.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: enhancement
Commit summary:
---------------
2010-04-12 Thorsten Kukuk <kukuk@thkukuk.de>
* doc/man/pam.conf-syntax.xml: Better documentation of
"actionN". Patch from Michal Soltys <soltys@ziu.info>.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2010-04-06 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_rootok/pam_rootok.c: Add support for acct_mgmt
and chauthtok.
* modules/pam_rootok/pam_rootok.8.xml: Document new module
types.
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
po/ar.po: Add missing Plural-Forms entry to header.
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: translation
Commit summary:
---------------
2010-03-25 Daniel Nylander <po@danielnylander.se>
* po/sv.po: Updated translations.
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: translation
Commit summary:
---------------
2010-03-24 Ani Peter <anipeter@fedoraproject.org>
* po/ml.po: Updated translations.
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: translations
Commit summary:
---------------
2010-03-08 Yuri Chornoivan <yurchor@ukr.net>
* po/uk.po: Updated translations.
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-02-09 Tomas Mraz <t8m@centrum.cz>
* libpam/pam_get_authtok.c (pam_get_authtok_internal): Fix
regression in the new password prompt.
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: translation
Commit summary:
---------------
2010-01-04 Elad <el.il@doom.co.il>
* po/he.po: New translation to Hebrew.
* po/LINGUAS: Add Hebrew to the list.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: release
Commit summary:
---------------
2009-12-16 Thorsten Kukuk <kukuk@suse.de>
* release version 1.1.1
* NEWS: Adjust for 1.1.1
* configure.in: Likewise.
* doc/adg/Linux-PAM_ADG.xml: Likewise.
* doc/mwg/Linux-PAM_MWG.xml: Likewise.
* doc/sag/Linux-PAM_SAG.xml: Likewise.
* po/*.po: Regenerated.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2009-12-08 Thorsten Kukuk <kukuk@thkukuk.de>
* configure.in: Rename DEBUG to PAM_DEBUG.
* libpam/pam_env.c: Likewise
* libpam/pam_handlers.c: Likewise
* libpam/pam_miscc.c: Likewise
* libpam/pam_password.c: Likewise
* libpam/include/security/_pam_macros.h: Likewise
* libpamc/test/modules/pam_secret.c: Likewise
* modules/pam_group/pam_group.c: Likewise
* modules/pam_listfile/pam_listfile.c: Likewise
* modules/pam_unix/pam_unix_auth.c: Likewise
* modules/pam_unix/pam_unix_passwd.c: Likewise
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2009-12-08 Tomas Mraz <t8m@centrum.cz>
* modules/pam_unix/passverify.c(unix_update_shadow): Create a shadow
entry if not present in the file.
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2009-12-08 Tomas Mraz <t8m@centrum.cz>
* modules/pam_listfile/pam_listfile.c(pam_sm_authenticate): Remove
unused function and variable.
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2009-11-19 Tomas Mraz <t8m@centrum.cz>
* modules/pam_sepermit/pam_sepermit.c(sepermit_match): Return
PAM_AUTH_ERR from the module if sepermit_lock() fails.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2009-11-18 Tomas Mraz <t8m@centrum.cz>
* modules/pam_access/pam_access.c(user_match): Revert the netgroup
match to the original behavior, add new syntax for adding the local
hostname.
* modules/pam_access/access.conf.5.xml: Document the new syntax
for adding the local hostname to the netgroup match.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: regression fix
Commit summary:
---------------
2009-11-10 Thorsten Kukuk <kukuk@suse.de>
* doc/man/pam_get_authtok.3.xml: Document pam_get_authtok_noverify
and pam_get_authtok_verify.
* libpam/Makefile.am (libpam_la_LDFLAGS): Bump revesion of libpam.
* libpam/pam_get_authtok.c (pam_get_authtok_internal): Renamed
from pam_get_authtok, add flags argument, always check return
values.
* modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Use
pam_get_authtok_noverify and pam_get_authtok_verify.
* libpam/include/security/pam_ext.h: Add prototypes for
pam_get_authtok_noverify and pam_get_authtok_verify.
* libpam/libpam.map: Add new pam_get_authtok_* functions.
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Add new manual page.
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: translation
Commit summary:
---------------
2009-11-02 Ani Peter <anipeter@fedoraproject.org>
* po/ml.po: Updated translations.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2009-11-02 Tomas Mraz <t8m@centrum.cz>
* modules/pam_sepermit/Makefile.am: Add sepermit.conf(5) manual page.
* modules/pam_sepermit/pam_sepermit.8.xml: Add reference to
sepermit.conf(5). Drop some redundant text.
* modules/pam_sepermit/sepermit.conf.5.xml: New file.
* modules/pam_sepermit/pam_sepermit.c(sepermit_match): Implement the ignore
option in sepermit.conf.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2009-10-29 Tomas Mraz <t8m@centrum.cz>
* modules/pam_xauth/Makefile.am: Link with libselinux.
* modules/pam_xauth/pam_xauth.c(pam_sm_open_session): Call
setfscreatecon() if selinux is enabled to create the .xauth file
with the right label. Original idea by Dan Walsh.
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: documentation
Commit summary:
---------------
2009-10-08 Tomas Mraz <t8m@centrum.cz>
* modules/pam_tty_audit/pam_tty_audit.8.xml: Add notice about aureport
add SEE ALSO section.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2009-10-06 Tomas Mraz <t8m@centrum.cz>
* modules/pam_listfile/pam_listfile.c(pam_sm_authenticate): Just
call pam_modutil_user_in_group_nam_nam() instead of reimplementation
of group matching.
|