| Commit message (Collapse) | Author | Age |
... | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Purpose of commit: bugfix
Commit summary:
---------------
2008-02-21 Tomas Mraz <t8m@centrum.cz>
* libpam/pam_audit.c (_pam_audit_writelog): Silence syslog
message on non-error return.
* modules/pam_unix/unix_chkpwd.c (main): Proceed as unprivileged
user when checking password of another user.
* modules/pam_unix/unix_update.c: Fix comment.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Purpose of commit: cleanup
Commit summary:
---------------
Rename tst-pam_assemble_line to tst-pam_assemble_line1
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Purpose of commit: bugfix
Commit summary:
---------------
2008-02-18 Dmitry V. Levin <ldv@altlinux.org>
* xtests/Makefile.am (EXTRA_DIST): Add tst-pam_assemble_line.pamd
and tst-pam_assemble_line.sh
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Purpose of commit: bugfix
Commit summary:
---------------
2008-02-18 Dmitry V. Levin <ldv@altlinux.org>
* libpam/pam_handlers.c (_pam_assemble_line): Fix potential
buffer overflow.
* xtests/tst-pam_assemble_line.pamd: New test for
_pam_assemble_line.
* xtests/tst-pam_assemble_line.sh: New script for
tst-pam_assemble_line.
* xtests/Makefile.am (NOSRCTESTS): Add tst-pam_assemble_line.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Purpose of commit: bugfix
Commit summary:
---------------
2008-02-18 Dmitry V. Levin <ldv@altlinux.org>
* modules/pam_exec/pam_exec.c (call_exec): Fix asprintf return
code check.
|
| | |
| | |
| | |
| | |
| | | |
'nullok' option to the helper, because _unix_blankpasswd() will itself call
in to the helper... instead, check directly for a secure tty.
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | | |
to support upgrades for a release, and give a warning in NEWS.Debian.
|
| | |
| | |
| | |
| | | |
.cvsignore file.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
regression which prevents sgid shadow apps from being able to authenticate
any more because the module forces use of the helper and the helper won't
allow authentication of arbitrary users. This change does mean we're
going to be noisier for the time being in an SELinux environment, which
should be addressed but is not a regression on Debian.
|
| | | |
|
| | |
| | |
| | |
| | | |
do another round of service restarts on upgrade.
|
| | |
| | |
| | |
| | |
| | | |
in-process NIS+ account checking instead of unconditionally passing it
off to the unix_chkpwd helper; if it wasn't broke, don't fix it.
|
| | |
| | |
| | |
| | |
| | | |
changes for NIS+, since I know the old behavior was right and don't
believe anyone has tested the new code.
|
| | |
| | |
| | |
| | | |
directory. Fix up the regex for uscan.
|
| | |
| | |
| | |
| | | |
committed upstream soon
|
| | |
| | |
| | |
| | | |
getpwnam() use in pam_unix is thread-safe (fixes an upstream regression)
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | | |
and pam_tally_audit.patch, which have been merged upstream.
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
it reduces the length of time we hold the lock, but at the expense of
being able to enforce minimum times between password changes.
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
(set or unset) when looking up the user's password entry for password
changes. Thanks to Quentin Godfroy <godfroy@clipper.ens.fr> for the
patch. Closes: #469635.
|
| | |
| | |
| | |
| | |
| | | |
the NSS source of our user; this was preventing password changes for NIS
users, which otherwise should have worked. Closes: #203222.
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
superseded upstream, as stripping of hpux-style expiry information from
password fields is now supported.
|
| | |
| | |
| | |
| | | |
Closes: #484249, LP: #245786.
|
| | | |
|
| | |
| | |
| | |
| | | |
been dropped upstream
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
split out into a separate unix_update binary, so at long last we can
change unix_chkpwd to be sgid shadow instead of suid root.
Closes: #155583.
|
| | | |
|
| | | |
|
|\| | |
|
| |\| |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Purpose of commit: prepare release
Commit summary:
---------------
Missing pieces for a 0.99.10.0 release
2008-02-13 Thorsten Kukuk <kukuk@thkukuk.de>
* release version 0.99.10.0
* configure.in: set version number.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Purpose of commit: bugfix
Commit summary:
---------------
2008-02-13 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_rhosts/Makefile.am: Remove pam_rhosts_auth.
* modules/pam_rhosts/pam_rhosts_auth.c: Removed.
* modules/pam_rhosts/tst-pam_rhosts_auth: Removed.
* modules/pam_namespace/Makefile.am (noinst_HEADERS): Add
pam_namespace.h.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Purpose of commit: bugfix, new feature
Commit summary:
---------------
2008-02-13 Tomas Mraz <t8m@centrum.cz>
* modules/pam_namespace/Makefile.am: Add argv_parse files and namespace.d
dir.
* modules/pam_namespace/argv_parse.c: New file.
* modules/pam_namespace/argv_parse.h: New file.
* modules/pam_namespace/namespace.conf.5.xml: Document new features.
* modules/pam_namespace/pam_namespace.8.xml: Likewise.
* modules/pam_namespace/pam_namespace.h: Use SECURECONF_DIR define.
Define NAMESPACE_D_DIR and NAMESPACE_D_GLOB. Define new option flags
and polydir flags.
(polydir_s): Add rdir, replace exclusive with flags, add init_script,
owner, group, and mode.
(instance_data): Add ruser, gid, and ruid.
* modules/pam_namespace/pam_namespace.c: Remove now unused copy_ent().
(add_polydir_entry): Add the entry directly, no copy.
(del_polydir): New function.
(del_polydir_list): Call del_polydir().
(expand_variables, parse_create_params, parse_iscript_params,
parse_method): New functions.
(process_line): Call expand_variables() on polydir and instance prefix.
Call argv_parse() instead of strtok_r(). Allocate struct polydir_s on heap.
(parse_config_file): Parse .conf files from namespace.d dir after
namespace.conf.
(form_context): Call getcon() or get_default_context_with_level() when
appropriate flags are set.
(poly_name): Handle shared polydir flag.
(inst_init): Execute non-default init script when specified.
(create_polydir): New function.
(create_dirs): Remove the code which checks the polydir. Do not call
inst_init() when noinit flag is set.
(ns_setup): Check the polydir and eventually create it if the create flag
is set.
(setup_namespace): Use ruser uid from idata. Set the namespace polydir
pam data only when namespace was set up correctly. Unmount polydir
based on ruser.
(get_user_data): New function.
(pam_sm_open_session): Check for use_current_context and
use_default_context options. Call get_user_data().
(pam_sm_close_session): Call get_user_data().
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Purpose of commit: new feature
Commit summary:
---------------
2008-02-04 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_exec/pam_exec.c: Set PAM environment variables and
add 'quiet' option.
* modules/pam_exec/pam_exec.8.xml: Document new behavior.
Patch from Julien Lecomte <julien@lecomte.at>.
|