summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* po: update translations using Weblate (Korean)simmon2021-04-25
| | | | | | Currently translated at 100.0% (99 of 99 strings). Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ko/
* po: update translations using Weblate (Spanish)Emilio Herrera2021-04-25
| | | | | | Currently translated at 81.8% (81 of 99 strings). Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/es/
* pam_limits: "Unlimited" is not a valid value for RLIMIT_NOFILE.Josef Moellers2021-04-22
| | | | | | | | Replace it with a value obtained from /proc/sys/fs/nr_open * modules/pam_limits/limits.conf.5.xml: Document the replacement. * modules/pam_limits/pam_limits.c: Replace unlimited RLIMIT_NOFILE value with a value obtained from /proc/sys/fs/nr_open
* pam_userdb: Prevent garbage characters from dbStanislav Zidek2021-04-21
| | | | Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1791965
* misc_conv: Flush the terminal input after the password is readTomas Mraz2021-04-12
| | | | | | | Fixes #347 * libpam_misc/misc_conv.c (read_string): Use TCSAFLUSH instead of TCSADRAIN when resetting the terminal echo state
* pam_access: clean up the remote host matching codeTomas Mraz2021-04-12
| | | | | | * modules/pam_access/pam_access.c (from_match): Split out remote_match() function and avoid calling it when matching against LOCAL keyword. There is also no point in doing domain match against TTY or SERVICE.
* pam_faillock: convert spaces to tab to keep code stylechuanqin2021-03-25
| | | | convert spaces to tab which mixture use in modules/pam_faillock/main.c
* pam_env: fix example in pam_env.conf.5 for setting variabletheslimshaney2021-03-08
|
* pam_mkhomedir: use HOME_MODE or UMASK from /etc/login.defsdshein-alt2021-03-05
| | | | | | Follow the example of useradd(8) and set the user home directory mode to the value of HOME_MODE or UMASK configuration item from /etc/login.defs when umask option is not specified.
* po: update translations using Weblate (Finnish)Ricky Tigg2021-02-13
| | | | | | | Currently translated at 100.0% (99 of 99 strings). Co-authored-by: Ricky Tigg <ricky.tigg@gmail.com> Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/fi/
* po: update translations using Weblate (Hungarian)Balázs Meskó2021-02-13
| | | | | | | Currently translated at 77.7% (77 of 99 strings). Co-authored-by: Balázs Meskó <meskobalazs@mailbox.org> Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/hu/
* po: update translations using Weblate (Esperanto)Carmen Bianca Bakker2021-02-13
| | | | | | | Currently translated at 43.4% (43 of 99 strings). Co-authored-by: Carmen Bianca Bakker <carmen@carmenbianca.eu> Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/eo/
* Update translation filesWeblate2021-02-13
| | | | | | | | Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ Translation: linux-pam/master
* configure.ac: add --with-systemdunitdir optionChangqing Li2021-01-27
| | | | | | | | | | | | | * Add this option to support the following scenario: prefix = '/usr' servicedir = '/lib/systemd/system' * The default behavior is changed: If this option is not given, servicedir will be set to the value that is obtained from systemd pkg-config file. If the value cannot be obtained, servicedir will be set to the default value '$(prefix)/lib/systemd/system'. Signed-off-by: Changqing Li <changqing.li@windriver.com>
* faillock: create tallydir before creating tallyfileChangqing Li2021-01-27
| | | | | | | | | | | | | The default tallydir is "/var/run/faillock", and this default tallydir may not exist. Function open may fail as tallydir does not exist when creating the tallyfile. Therefore, faillock will not work well. Fix this problem by creating tallydir before creating tallyfile when the tallydir does not exist. Signed-off-by: Changqing Li <changqing.li@windriver.com>
* pam_securetty: don't complain about missing configLudwig Nussel2021-01-27
| | | | | | | Not shipping a config file should be perfectly valid for distros while still having eg login pre-configured to honor securetty when present. PAM itself doesn't ship any template either. So avoid spamming the log file if /etc/securetty wasn't found.
* faillock: Use pluralization via dngettext or fallbackKolja2021-01-25
|
* po: update translations using Weblate (Norwegian Nynorsk)Andreas-Johann Ø Ulvestad2021-01-18
| | | | | | | Currently translated at 100.0% (99 of 99 strings). Co-authored-by: Andreas-Johann Ø Ulvestad <aj@aju.no> Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/nn/
* po: update translations using Weblate (Finnish)Jan Kuparinen2021-01-18
| | | | | | | Currently translated at 100.0% (99 of 99 strings). Co-authored-by: Jan Kuparinen <copper_fin@hotmail.com> Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/fi/
* pam_umask: fix handling of umask parameterDmitry V. Levin2020-12-28
| | | | | | | | | | | | | Potential failures of strdup(3) were ignored, fix this by not using strdup(3) at all. * modules/pam_umask/pam_umask.c (struct options_t): Add const to umask field, add login_umask field. (parse_option): Do not use strdup. (get_options): Assign pam_modutil_search_key return values to options->login_umask. (pam_sm_open_session): Free options.login_umask instead of options.umask.
* pam_setquota: Minor whitespace, spelling and mail address fixesSven Hartge2020-12-28
|
* po: update translations using Weblate (Romanian)Vlad2020-12-26
| | | | | | | Currently translated at 100.0% (99 of 99 strings). Co-authored-by: Vlad <milovlad@outlook.com> Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ro/
* pam_mkhomedir: fix umask wording in documentationDmitry V. Levin2020-12-23
| | | | * modules/pam_mkhomedir/pam_mkhomedir.8.xml (umask): Fix wording.
* po: update translations using Weblate (Bulgarian)Dmitry V. Levin2020-12-20
| | | | | | Currently translated at 100.0% (122 of 122 strings). Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/bg/
* configure: test -a|o is not POSIXIssam E. Maghni2020-12-16
| | | | | | | | | | Fixes `test: too many arguments` when building Linux-PAM using sbase. This is due to a non-POSIX syntax test ... -a ... and test ... -o .... > The XSI extensions specifying the -a and -o binary primaries and the > '(' and ')' operators have been marked obsolescent. See https://pubs.opengroup.org/onlinepubs/9699919799/utilities/test.html
* pam_namespace: check for string_to_security_class failureChristian Göttsche2020-12-08
| | | | | | | | | | Check for the unlikely case string_to_security_class() does not find the associated SELinux security class. This will only happen if the loaded SELinux policy does not define the class "dir" (which no sane policy does) or querying the selinuxfs fails. Suggested by #309
* pam_selinux: check for string_to_security_class failureChristian Göttsche2020-12-08
| | | | | | | | | | Check for the unlikely case string_to_security_class() does not find the associated SELinux security class. This will only happen if the loaded SELinux policy does not define the class "chr_file" (which no sane policy does) or querying the selinuxfs fails. Suggested by #309
* Clarify the effect of 'done' in documentationTomas Mraz2020-12-07
| | | | | | | | | The done action does not terminate the stack processing in case there is a failing module with bad action up in the stack. Fixes #307 * doc/man/pam.conf-syntax.xml: Clarify the effect of 'done'.
* .github: partially migrate from ubuntu-18.04 to ubuntu-20.04Dmitry V. Levin2020-11-28
| | | | | | | * .github/workflows/ci.yml (runs-on): Switch from ubuntu-latest to ubuntu-20.04 for whitespace-errors and *-x86_64 jobs. Stick with ubuntu-18.04 for *-x86 and *-x32 jobs until we figure out how to obtain -lcrypt on ubuntu-20.04 for these architectures.
* ci: do not install libxcrypt-devDmitry V. Levin2020-11-28
| | | | | | | Apparently, both -lcrypt and -lxcrypt from ubuntu-18.04 already provide crypt_r. * ci/install-dependencies.sh (packages): Remove libxcrypt-dev.
* pam_unix: fix memory leak on error pathThomas M. DuBuisson2020-11-24
| | | | | * modules/pam_unix/bigcrypt.c (bigcrypt) [HAVE_CRYPT_R]: Do not leak cdata if crypt_r() fails.
* maint: update release procedureDmitry V. Levin2020-11-24
| | | | * maint/README-release: Update.
* po: update .po and .pot filesDmitry V. Levin2020-11-24
| | | | | | | | | Regenerate po/Linux-PAM.pot and po/*.po using "make -C po update-po" command. This removes translations of pam_cracklib, pam_tally, and pam_tally2 modules that were removed in v1.5.0. Complements: v1.5.0~10 "Remove deprecated pam_cracklib module" Complements: v1.5.0~9 "Remove deprecated pam_tally and pam_tally2 modules"
* po: cleanup POTFILES.inDmitry V. Levin2020-11-24
| | | | * po/POTFILES.in: Strip "./" prefix, sort the list.
* po: update translations using Weblate (Finnish)Jan Kuparinen2020-11-24
| | | | | | | Currently translated at 100.0% (122 of 122 strings). Co-authored-by: Jan Kuparinen <copper_fin@hotmail.com> Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/fi/
* Prepare for 1.5.1 releaseDmitry V. Levin2020-11-24
| | | | * configure.ac (AC_INIT): Raise version to 1.5.1.
* Fix various typos found using codespell toolDmitry V. Levin2020-11-24
| | | | | | | | | | * modules/pam_limits/limits.conf: Replace "overriden" with "overridden". * modules/pam_mkhomedir/mkhomedir_helper.c (create_homedir): Replace "preseves" with "preserves". * modules/pam_setquota/pam_setquota.8.xml: Replace "specifed" with "specified". * modules/pam_setquota/pam_setquota.c (pam_sm_open_session): Replace "fileystem" with "filesystem", "conditons" with "conditions".
* Fix grammar: replace "an user" with "a user" everywhereDmitry V. Levin2020-11-24
| | | | | | | | | | * NEWS: Replace "an user" with "a user". * modules/pam_faillock/pam_faillock.8.xml: Likewise. * modules/pam_lastlog/pam_lastlog.8.xml: Likewise. * modules/pam_limits/pam_limits.c: Likewise. * modules/pam_sepermit/sepermit.conf: Likewise. * modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise. * modules/pam_userdb/pam_userdb.c: Likewise.
* pam_wheel: Use pam_modutil_user_in_group_uid_gid instead of reimplementationTomas Mraz2020-11-24
| | | | | | | | | | | The pam_modutil_user_in_group... functions use getgrouplist to check the membership so they work also in setups with remote services which do not provide group members in struct group. Fixes #297 * modules/pam_wheel/pam_wheel.c (perform_check): Call pam_modutil_user_in_group_uid_gid to do the group check.
* Add NEWS entries for the 1.5.1 security fix releaseTomas Mraz2020-11-24
|
* Second blank check with root for non-existent users must never return 1Tomas Mraz2020-11-20
| | | | | | | | | | | | | | | The commit af0faf66 ("pam_unix: avoid determining if user exists") introduced a regression where the blank check could return 1 if root had an empty password hash because in the second case the password hash of root was used. We now always return 0 in this case. The issue was found by Johannes Löthberg. Fixes #284 * modules/pam_unix/support.c (_unix_blankpasswd): Make the loop to cover the complete blank check so both existing and non existing cases are identical except for the possible return value.
* faillock: Add a nodelay optionTavian Barnes2020-11-12
| | | | Fixes #295
* libpam: add supplementary groups on priv dropAllison Karlitskaya2020-11-10
| | | | | | | | | | | | | | Replace the setgroups(0, NULL) call in pam_modutil_drop_priv() with a call to initgroups(). This makes sure that the user's supplementary groups are also configured. Fall back to setgroups(0, NULL) in case the initgroups() call fails. This fixes the permission check in pam_motd: this feature was intended to allow setting permissions on a motd file to prevent it from being shown to users who are not a member of a particular group (for example, wheel). Closes #292
* pam_env: deprecation notice of reading the user environmentTomas Mraz2020-11-05
| | | | | | * modules/pam_env/pam_env.8.xml: Add the notice to the manual. * modules/pam_env/pam_env.c (_pam_parse): Log deprecation warning if user_readenv is set.
* libpam: Fix memory leak on error path in _pam_start_internal()Andreas Schneider2020-11-04
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* libpam: Fix memory leak with pam_start_confdir()Andreas Schneider2020-11-04
| | | | | | | | | | | | | | | | | | Found with AddressSanitzer in pam_wrapper tests. ==985738== 44 bytes in 4 blocks are definitely lost in loss record 18 of 18 ==985738== at 0x4839809: malloc (vg_replace_malloc.c:307) ==985738== by 0x48957E1: _pam_strdup (pam_misc.c:129) ==985738== by 0x489851B: _pam_start_internal (pam_start.c:85) ==985738== by 0x4849C8C: libpam_pam_start_confdir (pam_wrapper.c:418) ==985738== by 0x484AF94: pwrap_pam_start (pam_wrapper.c:1461) ==985738== by 0x484AFEE: pam_start (pam_wrapper.c:1483) ==985738== by 0x401723: setup_noconv (test_pam_wrapper.c:189) ==985738== by 0x4889E82: ??? (in /usr/lib64/libcmocka.so.0.7.0) ==985738== by 0x488A444: _cmocka_run_group_tests (in /usr/lib64/libcmocka.so.0.7.0) ==985738== by 0x403EE5: main (test_pam_wrapper.c:1059) Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* pam_env: allow environment files without EOL at EOFTomas Mraz2020-11-04
| | | | | | Fixes #263 * modules/pam_env/pam_env.c (_assemble_line): Do not error out if at feof()
* Prepare for 1.5.0 releaseDmitry V. Levin2020-11-03
| | | | | * configure.ac (AC_INIT): Raise version to 1.5.0. * NEWS: Update.
* pam_ftp: fix potential memory leakikerexxe2020-11-03
| | | | | modules/pam_ftp/pam_ftp.c: free anon_user before returning as it may be still in use.
* pam_faillock: fix unread store statementikerexxe2020-11-03
| | | | | modules/pam_faillock/main.c: remove store statement since the value is only read in the enclosing expression.
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-08 16:03:48 +0000