| Commit message (Collapse) | Author | Age |
|
|
|
|
|
| |
Currently translated at 100.0% (99 of 99 strings).
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ko/
|
|
|
|
|
|
| |
Currently translated at 81.8% (81 of 99 strings).
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/es/
|
|
|
|
|
|
|
|
| |
Replace it with a value obtained from /proc/sys/fs/nr_open
* modules/pam_limits/limits.conf.5.xml: Document the replacement.
* modules/pam_limits/pam_limits.c: Replace unlimited RLIMIT_NOFILE
value with a value obtained from /proc/sys/fs/nr_open
|
|
|
|
| |
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1791965
|
|
|
|
|
|
|
| |
Fixes #347
* libpam_misc/misc_conv.c (read_string): Use TCSAFLUSH instead
of TCSADRAIN when resetting the terminal echo state
|
|
|
|
|
|
| |
* modules/pam_access/pam_access.c (from_match): Split out remote_match()
function and avoid calling it when matching against LOCAL keyword.
There is also no point in doing domain match against TTY or SERVICE.
|
|
|
|
| |
convert spaces to tab which mixture use in modules/pam_faillock/main.c
|
| |
|
|
|
|
|
|
| |
Follow the example of useradd(8) and set the user home directory mode
to the value of HOME_MODE or UMASK configuration item from
/etc/login.defs when umask option is not specified.
|
|
|
|
|
|
|
| |
Currently translated at 100.0% (99 of 99 strings).
Co-authored-by: Ricky Tigg <ricky.tigg@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/fi/
|
|
|
|
|
|
|
| |
Currently translated at 77.7% (77 of 99 strings).
Co-authored-by: Balázs Meskó <meskobalazs@mailbox.org>
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/hu/
|
|
|
|
|
|
|
| |
Currently translated at 43.4% (43 of 99 strings).
Co-authored-by: Carmen Bianca Bakker <carmen@carmenbianca.eu>
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/eo/
|
|
|
|
|
|
|
|
| |
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.
Co-authored-by: Weblate <noreply@weblate.org>
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/
Translation: linux-pam/master
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add this option to support the following scenario:
prefix = '/usr'
servicedir = '/lib/systemd/system'
* The default behavior is changed:
If this option is not given, servicedir will be set to the value that is
obtained from systemd pkg-config file. If the value cannot be obtained,
servicedir will be set to the default value '$(prefix)/lib/systemd/system'.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The default tallydir is "/var/run/faillock", and this default
tallydir may not exist.
Function open may fail as tallydir does not exist when creating
the tallyfile. Therefore, faillock will not work well.
Fix this problem by creating tallydir before creating tallyfile
when the tallydir does not exist.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
|
|
|
|
|
|
|
| |
Not shipping a config file should be perfectly valid for distros while
still having eg login pre-configured to honor securetty when present.
PAM itself doesn't ship any template either. So avoid spamming the log
file if /etc/securetty wasn't found.
|
| |
|
|
|
|
|
|
|
| |
Currently translated at 100.0% (99 of 99 strings).
Co-authored-by: Andreas-Johann Ø Ulvestad <aj@aju.no>
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/nn/
|
|
|
|
|
|
|
| |
Currently translated at 100.0% (99 of 99 strings).
Co-authored-by: Jan Kuparinen <copper_fin@hotmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/fi/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Potential failures of strdup(3) were ignored, fix this by not using
strdup(3) at all.
* modules/pam_umask/pam_umask.c (struct options_t): Add const to umask
field, add login_umask field.
(parse_option): Do not use strdup.
(get_options): Assign pam_modutil_search_key return values
to options->login_umask.
(pam_sm_open_session): Free options.login_umask instead of
options.umask.
|
| |
|
|
|
|
|
|
|
| |
Currently translated at 100.0% (99 of 99 strings).
Co-authored-by: Vlad <milovlad@outlook.com>
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ro/
|
|
|
|
| |
* modules/pam_mkhomedir/pam_mkhomedir.8.xml (umask): Fix wording.
|
|
|
|
|
|
| |
Currently translated at 100.0% (122 of 122 strings).
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/bg/
|
|
|
|
|
|
|
|
|
|
| |
Fixes `test: too many arguments` when building Linux-PAM using sbase.
This is due to a non-POSIX syntax test ... -a ... and test ... -o ....
> The XSI extensions specifying the -a and -o binary primaries and the
> '(' and ')' operators have been marked obsolescent.
See https://pubs.opengroup.org/onlinepubs/9699919799/utilities/test.html
|
|
|
|
|
|
|
|
|
|
| |
Check for the unlikely case string_to_security_class() does not find the
associated SELinux security class.
This will only happen if the loaded SELinux policy does not define the
class "dir" (which no sane policy does) or querying the selinuxfs
fails.
Suggested by #309
|
|
|
|
|
|
|
|
|
|
| |
Check for the unlikely case string_to_security_class() does not find the
associated SELinux security class.
This will only happen if the loaded SELinux policy does not define the
class "chr_file" (which no sane policy does) or querying the selinuxfs
fails.
Suggested by #309
|
|
|
|
|
|
|
|
|
| |
The done action does not terminate the stack processing in case
there is a failing module with bad action up in the stack.
Fixes #307
* doc/man/pam.conf-syntax.xml: Clarify the effect of 'done'.
|
|
|
|
|
|
|
| |
* .github/workflows/ci.yml (runs-on): Switch from ubuntu-latest to
ubuntu-20.04 for whitespace-errors and *-x86_64 jobs. Stick with
ubuntu-18.04 for *-x86 and *-x32 jobs until we figure out how to
obtain -lcrypt on ubuntu-20.04 for these architectures.
|
|
|
|
|
|
|
| |
Apparently, both -lcrypt and -lxcrypt from ubuntu-18.04 already provide
crypt_r.
* ci/install-dependencies.sh (packages): Remove libxcrypt-dev.
|
|
|
|
|
| |
* modules/pam_unix/bigcrypt.c (bigcrypt) [HAVE_CRYPT_R]: Do not leak
cdata if crypt_r() fails.
|
|
|
|
| |
* maint/README-release: Update.
|
|
|
|
|
|
|
|
|
| |
Regenerate po/Linux-PAM.pot and po/*.po using "make -C po update-po"
command. This removes translations of pam_cracklib, pam_tally, and
pam_tally2 modules that were removed in v1.5.0.
Complements: v1.5.0~10 "Remove deprecated pam_cracklib module"
Complements: v1.5.0~9 "Remove deprecated pam_tally and pam_tally2 modules"
|
|
|
|
| |
* po/POTFILES.in: Strip "./" prefix, sort the list.
|
|
|
|
|
|
|
| |
Currently translated at 100.0% (122 of 122 strings).
Co-authored-by: Jan Kuparinen <copper_fin@hotmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/fi/
|
|
|
|
| |
* configure.ac (AC_INIT): Raise version to 1.5.1.
|
|
|
|
|
|
|
|
|
|
| |
* modules/pam_limits/limits.conf: Replace "overriden" with "overridden".
* modules/pam_mkhomedir/mkhomedir_helper.c (create_homedir): Replace
"preseves" with "preserves".
* modules/pam_setquota/pam_setquota.8.xml: Replace "specifed" with
"specified".
* modules/pam_setquota/pam_setquota.c (pam_sm_open_session): Replace
"fileystem" with "filesystem", "conditons" with "conditions".
|
|
|
|
|
|
|
|
|
|
| |
* NEWS: Replace "an user" with "a user".
* modules/pam_faillock/pam_faillock.8.xml: Likewise.
* modules/pam_lastlog/pam_lastlog.8.xml: Likewise.
* modules/pam_limits/pam_limits.c: Likewise.
* modules/pam_sepermit/sepermit.conf: Likewise.
* modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise.
* modules/pam_userdb/pam_userdb.c: Likewise.
|
|
|
|
|
|
|
|
|
|
|
| |
The pam_modutil_user_in_group... functions use getgrouplist to check
the membership so they work also in setups with remote services which do
not provide group members in struct group.
Fixes #297
* modules/pam_wheel/pam_wheel.c (perform_check): Call pam_modutil_user_in_group_uid_gid
to do the group check.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The commit af0faf66 ("pam_unix: avoid determining if user exists") introduced
a regression where the blank check could return 1 if root had an empty
password hash because in the second case the password hash of root was
used. We now always return 0 in this case.
The issue was found by Johannes Löthberg.
Fixes #284
* modules/pam_unix/support.c (_unix_blankpasswd): Make the loop
to cover the complete blank check so both existing and non existing
cases are identical except for the possible return value.
|
|
|
|
| |
Fixes #295
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace the setgroups(0, NULL) call in pam_modutil_drop_priv() with a
call to initgroups(). This makes sure that the user's supplementary
groups are also configured. Fall back to setgroups(0, NULL) in case the
initgroups() call fails.
This fixes the permission check in pam_motd: this feature was intended
to allow setting permissions on a motd file to prevent it from being
shown to users who are not a member of a particular group (for example,
wheel).
Closes #292
|
|
|
|
|
|
| |
* modules/pam_env/pam_env.8.xml: Add the notice to the manual.
* modules/pam_env/pam_env.c (_pam_parse): Log deprecation warning
if user_readenv is set.
|
|
|
|
| |
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Found with AddressSanitzer in pam_wrapper tests.
==985738== 44 bytes in 4 blocks are definitely lost in loss record 18 of 18
==985738== at 0x4839809: malloc (vg_replace_malloc.c:307)
==985738== by 0x48957E1: _pam_strdup (pam_misc.c:129)
==985738== by 0x489851B: _pam_start_internal (pam_start.c:85)
==985738== by 0x4849C8C: libpam_pam_start_confdir (pam_wrapper.c:418)
==985738== by 0x484AF94: pwrap_pam_start (pam_wrapper.c:1461)
==985738== by 0x484AFEE: pam_start (pam_wrapper.c:1483)
==985738== by 0x401723: setup_noconv (test_pam_wrapper.c:189)
==985738== by 0x4889E82: ??? (in /usr/lib64/libcmocka.so.0.7.0)
==985738== by 0x488A444: _cmocka_run_group_tests (in /usr/lib64/libcmocka.so.0.7.0)
==985738== by 0x403EE5: main (test_pam_wrapper.c:1059)
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
|
|
|
|
| |
Fixes #263
* modules/pam_env/pam_env.c (_assemble_line): Do not error out if at feof()
|
|
|
|
|
| |
* configure.ac (AC_INIT): Raise version to 1.5.0.
* NEWS: Update.
|
|
|
|
|
| |
modules/pam_ftp/pam_ftp.c: free anon_user before returning as it may be
still in use.
|
|
|
|
|
| |
modules/pam_faillock/main.c: remove store statement since the value is
only read in the enclosing expression.
|