summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
...
* Fix pam_tty_audit log_passwd support and regression.Tomas Mraz2013-09-25
| | | | | modules/pam_tty_audit/pam_tty_audit.c: Add missing "config.h" include. (pam_sm_open_session): Always copy the old status as initialization of new.
* Release version 1.1.8Thorsten Kukuk2013-09-19
|
* Check return value of setuid to remove glibc warnings.Thorsten Kukuk2013-09-16
| | | | | * modules/pam_unix/pam_unix_acct.c: Check setuid return value. * modules/pam_unix/support.c: Likewise.
* Write to *rounds only if non-NULL.Tomas Mraz2013-09-13
| | | | modules/pam_unix/support.c(_set_ctrl): Write to *rounds only if non-NULL.
* Add missing ')'Tomas Mraz2013-09-13
| | | | modules/pam_unix/pam_unix_passwd.c: Add missing ')'..
* Release version 1.1.7Thorsten Kukuk2013-09-11
|
* Updated translations from Transifex.Tomas Mraz2013-09-11
| | | | po/*.po: Updated translations from Transifex.
* Extend pam_exec by stdout and type= options (ticket #8):Thorsten Kukuk2013-09-04
| | | | | * modules/pam_exec/pam_exec.c: Add stdout and type= option * modules/pam_exec/pam_exec.8.xml: Document new options
* Fix compile errorThorsten Kukuk2013-08-30
| | | | * modules/pam_unix/pam_unix_acct.c: fix last change
* Restart waitpid if it returns with EINTR (ticket #17)Thorsten Kukuk2013-08-29
| | | | | | * modules/pam_unix/pam_unix_acct.c: run waitpid in a while loop. * modules/pam_unix/pam_unix_passwd.c: Likewise. * modules/pam_unix/support.c: Likewise.
* misc_conv.3: Fix documentation of misc_convThorsten Kukuk2013-08-28
| | | | doc/man/misc_conv.3.xml: Fix return value of misc_conv
* Apply the exclusive check in pam_sepermit only when loginuid not set.Tomas Mraz2013-08-23
| | | | | | * modules/pam_sepermit/pam_sepermit.c(get_loginuid): Read loginuid from /proc (sepermit_match): Apply the exclusive check only when loginuid not set.
* Updated translations from Transifex.Tomas Mraz2013-08-22
| | | | * po/*.po: Updated translations from Transifex.
* pam_rootok: fix linking in --enable-audit modeDmitry V. Levin2013-07-01
| | | | | | | pam_rootok.c explicitly uses functions from libaudit, so the module has to be linked with the library. * modules/pam_rootok/Makefile.am (pam_rootok_la_LIBADD): Add @LIBAUDIT@.
* pam_tty_audit: fix a typo that crept in during patch reviewRichard Guy Briggs2013-07-01
| | | | | | | | | | * modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Replace all occurrences of HAVE_AUDIT_TTY_STATUS_LOG_PASSWD with HAVE_STRUCT_AUDIT_TTY_STATUS_LOG_PASSWD. * configure.in (HAVE_AUDIT_TTY_STATUS_LOG_PASSWD): Remove. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
* pam_tty_audit: add an option to control logging of passwords: log_passwdRichard Guy Briggs2013-06-21
| | | | | | | | | | | | | | | | | | Most commands are entered one line at a time and processed as complete lines in non-canonical mode. Commands that interactively require a password, enter canonical mode with echo set to off to do this. This feature (icanon and !echo) can be used to avoid logging passwords by audit while still logging the rest of the command. Adding a member to the struct audit_tty_status passed in by pam_tty_audit allows control of logging passwords per task. * configure.in: autoconf bits to conditionally add support at compile time depending on struct audit_tty_status kernel header version. * modules/pam_tty_audit/pam_tty_audit.8.xml: Document new pam_tty_audit module log_passwd option. * modules/pam_tty_audit/pam_tty_audit.c: (pam_sm_open_session): Added "log_passwd" option parsing. Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
* Man page fix - unix_update runs in the permissive mode as well.Tomas Mraz2013-06-20
| | | | | modules/pam_unix/unix_update.8.xml: unix_update helper runs in the permissive mode as well.
* Use hash from /etc/login.defs as default if noThorsten Kukuk2013-06-18
| | | | | | | | | other one is specified as argument. * modules/pam_unix/support.c: Add search_key, call from __set_ctrl * modules/pam_unix/support.h: Add define for /etc/login.defs * modules/pam_unix/pam_unix.8.xml: Document new behavior. * modules/pam_umask/pam_umask.c: Add missing NULL pointer check
* pam_access: better not change the default function used to get domain name.Tomas Mraz2013-04-12
| | | | | | modules/pam_access/pam_access.c (netgroup_match): As we did not use yp_get_default_domain() in the 1.1 branch due to typo in ifdef we should use it only as fallback.
* Fix strict aliasing issue in MD5 implementations.Tomas Mraz2013-03-28
| | | | | modules/pam_namespace/md5.c (MD5Final): Use memcpy instead of assignment. modules/pam_unix/md5.c (MD5Final): Use memcpy instead of assignment.
* pam_lastlog: Do not fail on short read if btmp is corrupted.Tomas Mraz2013-03-22
| | | | | modules/pam_lastlog/pam_lastlog.c (last_login_failed): Just warn, not fail on short read or read error.
* pam_rootok: Allow proper logging of the user AVC if access disallowed by SELinuxTomas Mraz2013-03-22
| | | | | modules/pam_rootok/pam_rootok.c (log_callback, selinux_check_root): New functions. (check_for_root): Use the selinux_check_root() instead of checkPasswdAccess.
* Add checks for crypt() returning NULL.Tomas Mraz2013-02-08
| | | | | modules/pam_pwhistory/opasswd.c (compare_password): Add check for crypt() NULL return. modules/pam_unix/bigcrypt.c (bigcrypt): Likewise.
* pam_userdb: Allow also modern password hashes supported by crypt().Tomas Mraz2013-02-07
| | | | | modules/pam_userdb/pam_userdb.c (user_lookup): Allow password hashes longer than 13 characters and long salt.
* pam_access: fix typo in ifdefWalter de Jong2013-01-18
| | | | | modules/pam_access/pam_access.c (netgroup_match): Fix typo in #ifdef HAVE_YP_GET_DEFAULT_DOMAIN.
* pam_cracklib: Mention checks that are not run for root.Tomas Mraz2012-12-20
| | | | | modules/pam_cracklib/pam_cracklib.8.xml: Add note about checks when run as root.
* Update also the POT file.Tomas Mraz2012-12-20
| | | | po/Linux-PAM.pot: Update to reflect current sources.
* Updated translations from Transifex, added new languages.Tomas Mraz2012-12-12
| | | | | po/LINGUAS: Added new languages. po/*.po: Updated translations from Transifex including new languages.
* pam_selinux: Drop obsolete and unsupported manual context selection.Tomas Mraz2012-11-30
| | | | | modules/pam_selinux/pam_selinux.c (manual_context): Drop function. (compute_exec_context): Drop manual_context() call.
* pam_limits: fix grammatical mistake.Tomas Mraz2012-11-23
| | | | modules/pam_limits/limits.conf: Fix grammatical mistake.
* Reflect the enforce_for_root semantics change in pam_pwhistory xtest.Tomas Mraz2012-11-13
| | | | | xtests/tst-pam_pwhistory1.pamd: Use enforce_for_root as the test is running with real uid == 0.
* pam_unix: fix build in --enable-selinux modeDmitry V. Levin2012-10-10
| | | | | | | | | | | | | | | glibc's <sys/wait.h> starting with commit http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=glibc-2.15-231-gd94a467 does not include <sys/resource.h> for POSIX 2008 conformance reasons, so when pam is being built with SELinux support enabled, pam_unix_passwd.c uses getrlimit(2) and therefore should include <sys/resource.h> without relying on other headers. * modules/pam_unix/pam_unix_passwd.c: Include <sys/resource.h>. Reported-by: Guido Trentalancia <guido@trentalancia.com> Reported-by: "Jory A. Pratt" <anarchy@gentoo.org> Reported-by: Diego Elio Pettenò <flameeyes@flameeyes.eu>
* pam_namespace: add mntopts flag for tmpfs mount optionsTomas Mraz2012-10-10
| | | | | | | | | modules/pam_namespace/pam_namespace.h: Add mount_opts member to polydir structure. modules/pam_namespace/pam_namespace.c (del_polydir): Free the mount_opts. (parse_method): Parse the mntopts flag. (ns_setup): Pass the mount_opts to mount(). modules/pam_namespace/namespace.conf.5.xml: Document the mntopts flag.
* pam_selinux, pam_tally2: Add tty and rhost to audit data.Tomas Mraz2012-09-06
| | | | | | | | modules/pam_selinux/pam_selinux.c (send_audit_message): Obtain tty and rhost from PAM items and pass them to audit. modules/pam_tally2/pam_tally2.c (tally_check): Obtain tty and rhost from PAM items and pass them to audit. (main): Obtain tty name of stdin and pass it to audit.
* Update configure.in to use more recent interfaces.Tomas Mraz2012-09-06
| | | | | configure.in: Use LT_INIT instead of AC_PROG_LIBTOOL and AS_HELP_STRING instead of AC_HELP_STRING.
* Add missing $(DESTDIR) when making directories on install.Tomas Mraz2012-08-17
| | | | | | | modules/pam_namespace/Makefile.am: Add missing $(DESTDIR) when making $(namespaceddir) on install. modules/pam_sepermit/Makefile.am: Add missing $(DESTDIR) when making $(sepermitlockdir) on install.
* release version 1.1.6Thorsten Kukuk2012-08-17
| | | | | | configure.in: Bump version to 1.1.6 NEWS: Document changes po/*.po: Regenerate *.po files
* Small documentation and define fixesThorsten Kukuk2012-08-16
| | | | | | | modules/pam_limits/limits.conf.5.xml: Document race of maxlogins [#10] modules/pam_namespace/pam_namespace.h: Define MS_SLAVE if necessary modules/pam_pwhistory/pam_pwhistory.c: Document how the module works modules/pam_unix/pam_unix.8.xml: Document remember option obsoleted by pam_pwhistory [#6]
* Respect PAM_AUTHTOK_TYPE in pam_get_authtok_verify().Tomas Mraz2012-08-13
| | | | | | libpam/pam_get_authtok.c (pam_get_authtok_internal): Set the PAM_AUTHTOK_TYPE item when obtained from module options. (pam_get_authtok_verify): Use the PAM_AUTHTOK_TYPE item when prompting.
* Document limits.d also in the limits.conf manpage.Tomas Mraz2012-08-09
| | | | modules/pam_limits/limits.conf.5.xml: Document the limits.d existence.
* New autotools do not create empty directories on install.Tomas Mraz2012-07-23
| | | | | | | modules/pam_namespace/Makefile.am: Add install-data-local target to create namespaceddir. modules/pam_sepermit/Makefile.am: Add install-data-local target to create sepermitlockdir.
* RLIMIT_* variables are no longer defined unless you explicitly includeStevan Bajić2012-07-09
| | | | | | | | sys/resource.h. Signed-off-by: Diego Elio Pettenò <flameeyes@flameeyes.eu> modules/pam_unix/pam_unix_acct.c: Include sys/resource.h.
* pam_umask: correct the documentation of GECOS field parsingTomas Mraz2012-06-27
| | | | | modules/pam_umask/pam_umask.8.xml: Correct the documentation of GECOS field parsing.
* pam_cracklib: Add monotonic character sequence checking.Tomas Mraz2012-06-22
| | | | | | | modules/pam_cracklib/pam_cracklib.c (_pam_parse): Parse the maxsequence option. (sequence): New function to check for too long monotonic sequence of characters. (password_check): Call the sequence(). modules/pam_cracklib/pam_cracklib.8.xml: Document the maxsequence check.
* pam_timestamp: Fix copy&paste error in manpage.Tomas Mraz2012-06-01
| | | | modules/pam_timestamp/pam_timestamp.8.xml: Fix AUTHOR section.
* Pulled new translations from Transifex.Tomas Mraz2012-05-28
| | | | po/*.po: Updated translations.
* pam_pwhistory: Always record the old password even when root changes it.Tomas Mraz2012-05-28
| | | | | | modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Use the UID of the process instead of the target user UID (same as in pam_cracklib) to check for root. Always record old password.
* pam_cracklib: Add enforce_for_root option.Tomas Mraz2012-05-24
| | | | | | modules/pam_cracklib/pam_cracklib.c (_pam_parse): Recognize the enforce_for_root option. (pam_sm_chauthtok): Enforce errors for root with the option. modules/pam_cracklib/pam_cracklib.8.xml: Document the enforce_for_root option.
* pam_cracklib: Add maxclassrepeat, gecoscheck checks and remove unused difignore.Tomas Mraz2012-04-30
| | | | | | | | | | modules/pam_cracklib/pam_cracklib.c (_pam_parse): Recognize the maxclassrepeat, gecoscheck options. Ignore difignore option. (simple): Add the check for the same class repetition. (usercheck): Refactor into wordcheck(). (gecoscheck): New test for words from the GECOS field. (password_check): Call the gecoscheck(). (pam_sm_chauthtok): Drop the diff_ignore from options struct. modules/pam_cracklib/pam_cracklib.8.xml: Document the maxclassrepeat and gecoscheck checks, update the documentation of the difok test.
* pam_lastlog: Never lock out the root account.Tomas Mraz2012-04-30
| | | | | | modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Return PAM_SUCCESS if uid==0. modules/pam_lastlog/pam_lastlog.8.xml: Improve documentation.