| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
| |
getpwnam() use in pam_unix is thread-safe (fixes an upstream regression)
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
and pam_tally_audit.patch, which have been merged upstream.
|
| | |
|
| |
|
|
|
| |
it reduces the length of time we hold the lock, but at the expense of
being able to enforce minimum times between password changes.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
(set or unset) when looking up the user's password entry for password
changes. Thanks to Quentin Godfroy <godfroy@clipper.ens.fr> for the
patch. Closes: #469635.
|
| |
|
|
|
| |
the NSS source of our user; this was preventing password changes for NIS
users, which otherwise should have worked. Closes: #203222.
|
| | |
|
| |
|
|
|
| |
superseded upstream, as stripping of hpux-style expiry information from
password fields is now supported.
|
| |
|
|
| |
Closes: #484249, LP: #245786.
|
| | |
|
| |
|
|
| |
been dropped upstream
|
| | |
|
| |
|
|
|
|
| |
split out into a separate unix_update binary, so at long last we can
change unix_chkpwd to be sgid shadow instead of suid root.
Closes: #155583.
|
| | |
|
| | |
|
| |\ |
|
| | |\ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Purpose of commit: prepare release
Commit summary:
---------------
Missing pieces for a 0.99.10.0 release
2008-02-13 Thorsten Kukuk <kukuk@thkukuk.de>
* release version 0.99.10.0
* configure.in: set version number.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Purpose of commit: bugfix
Commit summary:
---------------
2008-02-13 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_rhosts/Makefile.am: Remove pam_rhosts_auth.
* modules/pam_rhosts/pam_rhosts_auth.c: Removed.
* modules/pam_rhosts/tst-pam_rhosts_auth: Removed.
* modules/pam_namespace/Makefile.am (noinst_HEADERS): Add
pam_namespace.h.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Purpose of commit: bugfix, new feature
Commit summary:
---------------
2008-02-13 Tomas Mraz <t8m@centrum.cz>
* modules/pam_namespace/Makefile.am: Add argv_parse files and namespace.d
dir.
* modules/pam_namespace/argv_parse.c: New file.
* modules/pam_namespace/argv_parse.h: New file.
* modules/pam_namespace/namespace.conf.5.xml: Document new features.
* modules/pam_namespace/pam_namespace.8.xml: Likewise.
* modules/pam_namespace/pam_namespace.h: Use SECURECONF_DIR define.
Define NAMESPACE_D_DIR and NAMESPACE_D_GLOB. Define new option flags
and polydir flags.
(polydir_s): Add rdir, replace exclusive with flags, add init_script,
owner, group, and mode.
(instance_data): Add ruser, gid, and ruid.
* modules/pam_namespace/pam_namespace.c: Remove now unused copy_ent().
(add_polydir_entry): Add the entry directly, no copy.
(del_polydir): New function.
(del_polydir_list): Call del_polydir().
(expand_variables, parse_create_params, parse_iscript_params,
parse_method): New functions.
(process_line): Call expand_variables() on polydir and instance prefix.
Call argv_parse() instead of strtok_r(). Allocate struct polydir_s on heap.
(parse_config_file): Parse .conf files from namespace.d dir after
namespace.conf.
(form_context): Call getcon() or get_default_context_with_level() when
appropriate flags are set.
(poly_name): Handle shared polydir flag.
(inst_init): Execute non-default init script when specified.
(create_polydir): New function.
(create_dirs): Remove the code which checks the polydir. Do not call
inst_init() when noinit flag is set.
(ns_setup): Check the polydir and eventually create it if the create flag
is set.
(setup_namespace): Use ruser uid from idata. Set the namespace polydir
pam data only when namespace was set up correctly. Unmount polydir
based on ruser.
(get_user_data): New function.
(pam_sm_open_session): Check for use_current_context and
use_default_context options. Call get_user_data().
(pam_sm_close_session): Call get_user_data().
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Purpose of commit: new feature
Commit summary:
---------------
2008-02-04 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_exec/pam_exec.c: Set PAM environment variables and
add 'quiet' option.
* modules/pam_exec/pam_exec.8.xml: Document new behavior.
Patch from Julien Lecomte <julien@lecomte.at>.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Purpose of commit: bugfixes
Commit summary:
---------------
2008-02-04 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_sepermit/Makefile.am: Install config file only
if we build the module.
* doc/Makefile.am: Fix build out of source directory.
* po/POTFILES.in: Add pam_sepermit.c.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Purpose of commit: bugfix
Commit summary:
---------------
2008-02-04 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/Makefile.am: Add pam_sepermit.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Purpose of commit: bugfixes
Commit summary:
---------------
2008-02-04 Thorsten Kukuk <kukuk@thkukuk.de>
* libpam/pam_static_modules.h: Add _pam_sepermit_modstruct.
* modules/pam_sepermit/pam_sepermit.c: Fix typo.
* README: Add --disable-pie to configure options for static library.
* doc/man/Makefile.am: Fix building outside of src directory.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Purpose of commit: new feature
Commit summary:
---------------
2008-02-01 Tomas Mraz <t8m@centrum.cz>
* modules/pam_namespace/namespace.conf.5.xml: Add documentation for
tmpfs and tmpdir polyinst and for ~ user list modifier.
* modules/pam_namespace/namespace.init: Add documentation for the
new init parameter. Add home directory initialization script.
* modules/pam_namespace/pam_namespace.8.xml: Document the new
init parameter of the namespace.init script.
* modules/pam_namespace/pam_namespace.c(copy_ent): Copy exclusive flag.
(cleanup_data): New function.
(process_line): Set exclusive flag. Add tmpfs and tmpdir methods.
(ns_override): Change behavior on the exclusive flag.
(poly_name): Process tmpfs and tmpdir methods.
(inst_init): Add flag for new directory initialization.
(create_dirs): Process the tmpdir method, add the new directory
flag.
(ns_setup): Remove unused code. Process the tmpfs method.
(cleanup_tmpdirs): New function.
(setup_namespace): Set data for proper cleanup. Cleanup the tmpdirs
on failures.
(pam_sm_close_session): Instead of parsing the config file again use
the previously set data for cleanup.
* modules/pam_namespace/pam_namespace.h: Add TMPFS and TMPDIR methods
and exclusive flag.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Purpose of commit: new feature
Commit summary:
---------------
2008-01-29 Tomas Mraz <t8m@centrum.cz>
* configure.in: Test for setkeycreatecon needs libselinux.
Add new module pam_sepermit.
* modules/Makefile.am: Add new module pam_sepermit.
* modules/pam_sepermit/.cvsignore: New file.
* modules/pam_sepermit/Makefile.am: Likewise.
* modules/pam_sepermit/README.xml: Likewise.
* modules/pam_sepermit/pam_sepermit.8.xml: Likewise.
* modules/pam_sepermit/pam_sepermit.c: Likewise.
* modules/pam_sepermit/sepermit.conf: Likewise.
* modules/pam_sepermit/tst-pam_sepermit: Likewise.
* doc/sag/pam_sepermit.xml: Likewise.
* doc/sag/pam_tty_audit.xml: Add pam_tty_audit to SAG.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Purpose of commit: new feature
Commit summary:
---------------
2008-01-29 Miloslav Trmac <mitr@redhat.com>
* modules/pam_tty_audit/README.xml: Add notes section.
* modules/pam_tty_audit/pam_tty_audit.8.xml: Describe patterns
support and open_only option. Add notes.
* modules/pam_tty_audit/pam_tty_audit.c(pam_sm_open_session): Add
support for pattern matching and the open_only option.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Purpose of commit: cleanup
Commit summary:
---------------
2008-01-28 Thorsten Kukuk <kukuk@thkukuk.de>
* libpam/pam_audit.c: Include pam_modutil_private.h.
* libpam/pam_item.c (pam_set_item): Fix compiler warning.
* libpam/pam_end.c (pam_end): Cast to correct pointer type.
* libpam/include/security/_pam_macros.h (_pam_overwrite_n): Use
unsigned int.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Purpose of commit: bugfix
Commit summary:
---------------
2008-01-28 Thorsten Kukuk <kukuk@suse.de>
* modules/pam_unix/passverify.c: Fix compiling without SELinux
support.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Purpose of commit: bugfix
Commit summary:
---------------
2008-01-24 Tomas Mraz <t8m@centrum.cz>
* modules/pam_unix/bigcrypt.c (bigcrypt): Use crypt_r() when
available.
* modules/pam_unix/passverify.c (strip_hpux_aging): New function
to strip HP/UX aging info from password hash.
(verify_pwd_hash): Call strip_hpux_aging(), use crypt_r() when
available.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Purpose of commit: cleanup, new feature
Commit summary:
---------------
Merging the the refactorization pam_unix_ref branch into the trunk.
Added support for sha256 and sha512 password hashes to pam_unix
when the libcrypt supports them.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Purpose of commit: bigfix
Commit summary:
---------------
2008-01-08 Thorsten Kukuk <kukuk@thkukuk.de>
* doc/man/Makefile.am: Fix manual page dependencies,
add hack for bug in xsl stylestheets.
2008-01-02 Petteri Räty <betelgeuse@gentoo.org>
* modules/pam_limits/limits.conf: document allowed values for
nice.
* modules/pam_limits/limits.conf.5.xml: Likewise.
and readd files wrongly deleted before.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Purpose of commit: cleanup
Commit summary:
---------------
Remove autogenerated documentation from CVS
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Purpose of commit: bugfix
Commit summary:
---------------
2008-01-07 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_succeed_if/pam_succeed_if.8.xml: Fix
cut & paste error [#1863490].
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Purpose of commit: cleanup
Commit summary:
---------------
2008-01-07 Thorsten Kukuk <kukuk@thkukuk.de>
* po/sv.po: Update swedish translation [#1857531]
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Purpose of commit: cleanup
Commit summary:
---------------
2008-01-07 Thorsten Kukuk <kukuk@thkukuk.de>
* po/it.po: Fix typos.
* po/de.po: Few new translations.
* po/POTFILES.in: Add pam_tty_audit.c and passverify.c.
* doc/man/pam_xauth_data.3.xml: Added to CVS.
* doc/man/pam_xauth_data.3: Likewise.
* modules/pam_tty_audit/README: Likewise.
* modules/pam_tty_audit/pam_tty_audit.8: Likewise.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Purpose of commit: docufix
Commit summary:
---------------
2007-12-18 Thorsten Kukuk <kukuk@thkukuk.de>
* README: Document how to run make check with static modules
(SF#1822779).
2007-12-18 Peter Breitenlohner <peb@mppmu.mpg.de>
* README: Document that "make check" requires a file
/etc/pam.d/other (SF#1822764).
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Purpose of commit: cleanup
Commit summary:
---------------
2007-12-12 Eamon Walsh <ewalsh@tycho.nsa.gov>
* doc/man/pam_item_types_ext.inc.xml: More appropriate wording
for PAM_XDISPLAY doc.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Purpose of commit: new feature and cleanup
Commit summary:
---------------
2007-12-07 Tomas Mraz <t8m@centrum.cz>
* libpam/libpam.map: Add LIBPAM_MODUTIL_1.1 version.
* libpam/pam_audit.c: Add _pam_audit_open() and
pam_modutil_audit_write().
(_pam_auditlog): Call _pam_audit_open().
* libpam/include/security/pam_modutil.h: Add pam_modutil_audit_write().
* modules/pam_access/pam_access.8.xml: Add noaudit option.
Document auditing.
* modules/pam_access/pam_access.c: Move fs, sep, pam_access_debug, and
only_new_group_syntax variables to struct login_info. Add noaudit
member.
(_parse_args): Adjust for the move of variables and add support for
noaudit option.
(group_match): Add debug parameter.
(string_match): Likewise.
(network_netmask_match): Likewise.
(login_access): Adjust for the move of variables. Add nonall_match.
Add call to pam_modutil_audit_write().
(list_match): Adjust for the move of variables.
(user_match): Likewise.
(from_match): Likewise.
(pam_sm_authenticate): Call _parse_args() earlier.
* modules/pam_limits/pam_limits.8.xml: Add noaudit option.
Document auditing.
* modules/pam_limits/pam_limits.c (_pam_parse): Add noaudit option.
(setup_limits): Call pam_modutil_audit_write().
* modules/pam_time/pam_time.8.xml: Add debug and noaudit options.
Document auditing.
* modules/pam_time/pam_time.c: Add option parsing (_pam_parse()).
(check_account): Call _pam_parse(). Call pam_modutil_audit_write()
and pam_syslog() on login denials.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Purpose of commit: translations
Commit summary:
---------------
2007-12-07 Tomas Mraz <t8m@centrum.cz>
* po/cs.po: Updated translations.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Purpose of commit: translations
Commit summary:
---------------
2007-12-07 Luca Bruno <luca.br@uno.it>
* po/it.po: Updated translations.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Purpose of commit: new feature
Commit summary:
---------------
2007-12-06 Eamon Walsh <ewalsh@tycho.nsa.gov>
* libpam/include/security/_pam_macros.h: Add _pam_overwrite_n()
macro.
* libpam/include/security/_pam_types.h: Add PAM_XDISPLAY,
PAM_XAUTHDATA items, pam_xauth_data struct.
* libpam/pam_item.c (pam_set_item, pam_get_item): Handle
PAM_XDISPLAY and PAM_XAUTHDATA items.
* libpam/pam_end.c (pam_end): Destroy the new items.
* libpam/pam_private.h (pam_handle): Add data members for new
items. Add prototype for _pam_memdup.
* libpam/pam_misc.c: Add _pam_memdup.
* doc/man/Makefile.am: Add pam_xauth_data.3. Replace
pam_item_types.inc.xml with pam_item_types_std.inc.xml and
pam_item_types_ext.inc.xml.
* doc/man/pam_get_item.3.xml: Replace pam_item_types.inc.xml
with pam_item_types_std.inc.xml and pam_item_types_ext.inc.xml.
* doc/man/pam_set_item.3.xml: Likewise.
* doc/man/pam_item_types.inc.xml: Removed file.
* doc/man/pam_item_types_ext.inc.xml: New file.
* doc/man/pam_item_types_std.inc.xml: New file.
|
