Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | fix the regex used when suppressing jump counts when reading the saved | Steve Langasek | 2019-01-03 |
| | | | | | config, so that we don't clobber module options with numbers in them | ||
* | another inconsistency in referring to the program name | Steve Langasek | 2019-01-03 |
| | |||
* | session needs to be handled the same way as password, with the possibility of | Steve Langasek | 2019-01-03 |
| | | | | | zero primary modules | ||
* | merge from trunk | Steve Langasek | 2019-01-03 |
|\ | |||
| * | mark for upload | Steve Langasek | 2019-01-03 |
| | | |||
| * | 055_pam_unix_nullok_secure: don't call _pammodutil_tty_secure with a NULL | Steve Langasek | 2019-01-03 |
| | | | | | | | | | | | | tty argument, since this will cause our helper to segfault instead of returning a useful value. Thanks to Troy Davis for the report. Closes: #495806. | ||
* | | bump the version check to 1.0.1-4; we had to upload 1.0.1-3 as a security fix | Steve Langasek | 2019-01-03 |
| | | |||
* | | remove spurious 'conflict' with a non-existent module, which was added just for | Steve Langasek | 2019-01-03 |
| | | | | | | | | example | ||
* | | clear the state on the correct template | Steve Langasek | 2019-01-03 |
| | | |||
* | | @enabled needs to be a unique array, sorted by priority. | Steve Langasek | 2019-01-03 |
| | | |||
* | | don't set high priority if --force is passed, this implies that we're in the | Steve Langasek | 2019-01-03 |
| | | | | | | | | initial config | ||
* | | set the priority to 'high' in the case where we had an empty set of enabled | Steve Langasek | 2019-01-03 |
| | | | | | | | | configs and had to reset to default | ||
* | | condense the unix config, leaving out redundant features that were just for | Steve Langasek | 2019-01-03 |
| | | | | | | | | show | ||
* | | handle the case where there are no modules selected at all; this is an error, | Steve Langasek | 2019-01-03 |
| | | | | | | | | but we should recover gracefully to let the user un-break their system. | ||
* | | set apporpriate values for the debconf question, by storing a list of known | Steve Langasek | 2019-01-03 |
| | | | | | | | | configs in /var/lib/pam/seen | ||
* | | we can't use 'deny' as a fallback if we aren't going to have any primary | Steve Langasek | 2019-01-03 |
| | | | | | | | | modules, which is generally the case for the password stack at present | ||
* | | remove incorrect use of the path when invoking | Steve Langasek | 2019-01-03 |
| | | |||
* | | document a couple more fixmes; and adjust the priority of the right question | Steve Langasek | 2019-01-03 |
| | | |||
* | | it would be good if I could remember the name of the script I just wrote | Steve Langasek | 2019-01-03 |
| | | |||
* | | add a --package option to pam-auth-update, which lowers the debconf priority | Steve Langasek | 2019-01-03 |
| | | | | | | | | of the multiselect question | ||
* | | libpam-cracklib: versioned depend on libpam-runtime, and invoke pam-auth-config | Steve Langasek | 2019-01-03 |
| | | | | | | | | in the postinst | ||
* | | if we didn't do a forced overwrite, don't leave the .pam-old files around | Steve Langasek | 2019-01-03 |
| | | | | | | | | because logically there shouldn't be any differences that warrant reviewing | ||
* | | on upgrade, if we used the --force option clean up he resulting .pam-old | Steve Langasek | 2019-01-03 |
| | | | | | | | | files; these are guaranteed not to contain anything of relevance. | ||
* | | really fix up the regex used for suppressing jump counts to only apply when it | Steve Langasek | 2019-01-03 |
| | | | | | | | | | | appears between brackets | ||
* | | When merging options, handle additions before removals to avoid referencing | Steve Langasek | 2019-01-03 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | an array element we've already deleted. When deleting an option from the config, take care to decrement the counter at the same time since we've just shrunk the array. In diff_profiles, store $1 somewhere more permanent so it doesn't get lost. Fix up the regex used for suppressing jump counts to only apply when it appears between brackets; numbers may also legitimately appear in module options. Quote the module line with \Q\E when doing regex matching. | ||
* | | ... and /install/ the lintian overrides, too | Steve Langasek | 2019-01-03 |
| | | |||
* | | use the proper name, Account instead of Acct, in the unix config | Steve Langasek | 2019-01-03 |
| | | |||
* | | suppress some wrong lintian warnings | Steve Langasek | 2019-01-03 |
| | | |||
* | | rephrase to avoid use of questions in the long description, to satisfy lintian | Steve Langasek | 2019-01-03 |
| | | |||
* | | and also remove the /var/lib/pam directory itself | Steve Langasek | 2019-01-03 |
| | | |||
* | | in the unlikely event of purging libpam-runtime, take care of /var/lib/pam as | Steve Langasek | 2019-01-03 |
| | | | | | | | | | | well | ||
* | | make /var/lib/pam part of the package | Steve Langasek | 2019-01-03 |
| | | |||
* | | mkdir before trying to install to /usr/share/pam-configs | Steve Langasek | 2019-01-03 |
| | | |||
* | | merge from trunk | Steve Langasek | 2019-01-03 |
|\| | |||
| * | deleting a file under debian/libpam-modules in the install target isn't going | Steve Langasek | 2019-01-03 |
| | | | | | | | | to do us any good... | ||
* | | install our configs into /usr/share/pam-configs/ | Steve Langasek | 2019-01-03 |
| | | |||
* | | create the new default configs with support for pam-auth-update substitution, | Steve Langasek | 2019-01-03 |
| | | | | | | | | and set up libpam-runtime.postinst to invoke pam-auth-update | ||
* | | initial support for generating the PAM config: | Steve Langasek | 2019-01-03 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - flesh out the write_profiles() function, which writes both /etc/pam.d and /var/lib/pam - handle resetting our debconf override question on successful output - /var/lib/pam defined only once as a global - fix up the regexps for filtering jumps to take into account that a jump can appear for more than one retcode - fix an off-by-one in the case that there's no saved config - fix how we shift an array reference off an array... - fix a typo in the splice() count - our 'add' list should be a hash instead of an array, just like removals - adjust the parser to trim leading whitespace and blank lines for us | ||
* | | eliminate redundancy in the configs, which happens to also provide for better | Steve Langasek | 2019-01-03 |
| | | | | | | | | | | code reuse | ||
* | | turn on for libpam-runtime, because of debconf | Steve Langasek | 2019-01-03 |
| | | |||
* | | get pam-auth-update installed in the libpam-runtime package | Steve Langasek | 2019-01-03 |
| | | |||
* | | call dh_installdebconf -i, so that debconf templates are added correctly to | Steve Langasek | 2019-01-03 |
| | | | | | | | | | | libpam-runtime | ||
* | | fix an accidental commit that broke the use of x_loadtemplatefile | Steve Langasek | 2019-01-03 |
| | | |||
* | | add some FIXMEs to document known bugs | Steve Langasek | 2019-01-03 |
| | | |||
* | | run debconf-updatepo to export the new templates for translation | Steve Langasek | 2019-01-03 |
| | | |||
* | | implement the force option and the debconf override template | Steve Langasek | 2019-01-03 |
| | | |||
* | | new diff_profiles function, which spits out information about any local mods | Steve Langasek | 2019-01-03 |
| | | | | | | | | to the autogenerated config | ||
* | | merge from trunk | Steve Langasek | 2019-01-03 |
|\| | |||
| * | mark for upload | Steve Langasek | 2019-01-03 |
| | | |||
| * | debian/patches/054_pam_security_abstract_securetty_handling: move the | Steve Langasek | 2019-01-03 |
| | | | | | | | | | | | | | | | | warning log about an insecure tty back to pam_securetty proper; we don't want to generate log messages every time pam_unix is called as non-root. Closes: #493283. As a side-effect, pam_unix no longer logs any warnings about NULL password + insecure tty, but I don't think this is critical. |