| Commit message (Collapse) | Author | Age |
... | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Every stack jump, besides the jump itself, has a side effect which is
one of 'ignore', 'ok', or 'bad'. Unfortunately, the side effect is far
from obvious because it depends on the PAM function call, and the
documentation that contradicts the implementation does not help either.
* doc/man/pam.conf-syntax.xml (actionN): Rewrite the description
of stack jump effects to match the implementation.
Fixes: 871a6e14d65c3c446ae0af51166dabc7a47a2b56
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Translated using Weblate (Norwegian Bokmål)
Currently translated at 99.1% (121 of 122 strings)
Translation: linux-pam/master
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/nb_NO/
* Translated using Weblate (Catalan)
Currently translated at 98.3% (120 of 122 strings)
Translation: linux-pam/master
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ca/
Co-authored-by: Allan Nordhøy <epost@anotheragency.no>
Co-authored-by: Dmitry V. Levin <ldv@altlinux.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
pam_modutil_getpwnam
pam_modutil_getpwnam is perfectly capable of handling empty strings as
user names, no need to double check that.
* modules/pam_access/pam_access.c (pam_sm_authenticate): Do not check
the user name for emptyness before passing it to pam_modutil_getpwnam.
* modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise.
* modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Likewise.
* modules/pam_shells/pam_shells.c (perform_check): Likewise.
* modules/pam_tally/pam_tally.c (pam_get_uid): Likewise.
* modules/pam_tally2/pam_tally2.c (pam_get_uid): Likewise.
* modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise.
|
| | |
| | |
| | |
| | |
| | | |
* modules/pam_usertype/pam_usertype.8.xml (RETURN VALUES): Document
PAM_BUF_ERR and PAM_CONV_ERR return values.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Give the application a chance to handle PAM_INCOMPLETE.
* modules/pam_usertype/pam_usertype.c (pam_usertype_get_uid): Return
PAM_INCOMPLETE instead of PAM_CONV_AGAIN when pam_get_user returns
PAM_CONV_AGAIN.
* modules/pam_usertype/pam_usertype.8.xml (RETURN VALUES): Document it.
|
| | |
| | |
| | |
| | |
| | | |
* modules/pam_faillock/pam_faillock.8.xml (RETURN VALUES): Document
PAM_BUF_ERR and PAM_CONV_ERR return values.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Give the application a chance to handle PAM_INCOMPLETE.
* modules/pam_faillock/pam_faillock.c (get_pam_user): Return
PAM_INCOMPLETE instead of PAM_CONV_AGAIN when pam_get_user returns
PAM_CONV_AGAIN.
* modules/pam_faillock/pam_faillock.8.xml (RETURN VALUES): Document it.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Starting with commit c2c601f5340a59c5c62193d55b555d384380ea38,
pam_get_user is guaranteed to return one of the following values:
PAM_SUCCESS, PAM_BUF_ERR, PAM_CONV_AGAIN, or PAM_CONV_ERR.
* modules/pam_securetty/pam_securetty.c (pam_sm_authenticate): Do not
replace non-PAM_CONV_AGAIN error values returned by pam_get_user with
PAM_SERVICE_ERR.
* modules/pam_securetty/pam_securetty.8.xml (RETURN VALUES): Document
new return values.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If pam_get_user returned PAM_SUCCESS, the user name is guaranteed
to be a valid C string, no need to double check that.
* modules/pam_access/pam_access.c (pam_sm_authenticate): Do not check
for NULL the user name returned by pam_get_user when the latter returned
PAM_SUCCESS.
* modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Likewise.
* modules/pam_debug/pam_debug.c (pam_sm_authenticate): Likewise.
* modules/pam_filter/pam_filter.c (process_args): Likewise.
* modules/pam_ftp/pam_ftp.c (pam_sm_authenticate): Likewise.
* modules/pam_group/pam_group.c (pam_sm_setcred): Likewise.
* modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise.
* modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): Likewise.
* modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Likewise.
* modules/pam_mail/pam_mail.c (_do_mail): Likewise.
* modules/pam_nologin/pam_nologin.c (perform_check): Likewise.
* modules/pam_permit/pam_permit.c (pam_sm_authenticate): Likewise.
* modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Likewise.
* modules/pam_rhosts/pam_rhosts.c (pam_sm_authenticate): Likewise.
* modules/pam_securetty/pam_securetty.c (pam_sm_authenticate): Likewise.
* modules/pam_sepermit/pam_sepermit.c (pam_sm_authenticate): Likewise.
* modules/pam_shells/pam_shells.c (perform_check): Likewise.
* modules/pam_stress/pam_stress.c (pam_sm_authenticate): Likewise.
* modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Likewise.
* modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Likewise.
* modules/pam_timestamp/pam_timestamp.c (get_timestamp_name): Likewise.
* modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise.
* modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise.
* modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Likewise.
* modules/pam_usertype/pam_usertype.c (pam_usertype_get_uid): Likewise.
* modules/pam_wheel/pam_wheel.c (perform_check): Likewise.
* modules/pam_userdb/pam_userdb.c (pam_sm_authenticate, pam_sm_acct_mgmt):
Likewise.
|
| | |
| | |
| | |
| | |
| | | |
* modules/pam_umask/pam_umask.8.xml (RETURN VALUES): Document
PAM_BUF_ERR, PAM_CONV_ERR, and PAM_INCOMPLETE return values.
|
| | |
| | |
| | |
| | |
| | | |
* modules/pam_exec/pam_exec.8.xml (RETURN VALUES): Document
PAM_BUF_ERR, PAM_CONV_ERR, and PAM_INCOMPLETE return values.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Deprecate pam_cracklib, there are two better alternatives to this
obsolete module: pam_passwdqc from passwdqc project and pam_pwquality
from libpwquality project.
Deprecate pam_tally and pam_tally2 in favour of pam_faillock.
* configure.ac: Implement --enable-cracklib=check that enables build
of pam_cracklib when libcrack is available.
Disable build of pam_cracklib, pam_tally, and pam_tally2 by default.
* NEWS: Mention this change.
* ci/run-build-and-tests.sh (DISTCHECK_CONFIGURE_FLAGS): Add
--enable-tally, --enable-tally2, and --enable-cracklib=check
to check build of these deprecated modules.
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Following the bad example in pam_mkhomedir module, from the very
beginning pam_setquota module used to return PAM_CRED_INSUFFICIENT
when pam_modutil_getpwnam() returned an error. Fix this now
by changing the return value to PAM_USER_UNKNOWN.
* modules/pam_setquota/pam_setquota.c (pam_sm_open_session): Return
PAM_USER_UNKNOWN instead of PAM_CRED_INSUFFICIENT.
* modules/pam_setquota/pam_setquota.8.xml (PAM_CRED_INSUFFICIENT):
Replace with PAM_USER_UNKNOWN.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
From the very beginning pam_mkhomedir module used to return
PAM_CRED_INSUFFICIENT when getpwnam() or pam_modutil_getpwnam()
returned an error. Fix this now by changing the return value
to PAM_USER_UNKNOWN.
* modules/pam_mkhomedir/mkhomedir_helper.c (main): Return
PAM_USER_UNKNOWN instead of PAM_CRED_INSUFFICIENT.
* modules/pam_mkhomedir/pam_mkhomedir.c (pam_sm_open_session): Likewise.
* modules/pam_mkhomedir/pam_mkhomedir.8.xml (PAM_CRED_INSUFFICIENT):
Remove.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When the conversation function returned a value different from
PAM_CONV_AGAIN and provided no response, pam_get_user used to replace
the return value with PAM_CONV_ERR. Fix this and replace the return
value only if it was PAM_SUCCESS.
* libpam/pam_item.c (pam_get_user): Do not override valid values
returned by the conversation function.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Do not assume that the conversation function provided by the application
strictly follows the return values guidelines, replace undocumented
return values with PAM_CONV_ERR.
* libpam/pam_item.c (pam_get_user): If the value returned by the
conversation function is not one of PAM_SUCCESS, PAM_BUF_ERR,
PAM_CONV_AGAIN, or PAM_CONV_ERR, replace it with PAM_CONV_ERR.
|
| | |
| | |
| | |
| | |
| | | |
* doc/man/pam_get_user.3.xml (pam_get_user-return_values): Add
PAM_BUF_ERR, PAM_ABORT, and PAM_CONV_AGAIN.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
pointer
pam_get_user returns PAM_SYSTEM_ERR in case of pamh == NULL.
In case of user == NULL, however, it used to return PAM_PERM_DENIED,
and in case of NULL conversation function it used to return
PAM_SERVICE_ERR.
According to the documentation, PAM_SYSTEM_ERR shall be returned
if a NULL pointer was submitted.
Fix this inconsistency and return PAM_SYSTEM_ERR in each of these
programming error cases.
* libpam/pam_item.c (pam_get_user): Return PAM_SYSTEM_ERR instead of
PAM_PERM_DENIED if user == NULL. Return PAM_SYSTEM_ERR instead of
PAM_SERVICE_ERR if pamh->pam_conversation == NULL.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Translated using Weblate (Spanish)
Currently translated at 81.9% (100 of 122 strings)
* Translated using Weblate (Portuguese)
Currently translated at 100.0% (122 of 122 strings)
|
| | |
| | |
| | |
| | |
| | |
| | | |
Starting with commit a684595c0bbd88df71285f43fb27630e3829121e aka
Linux-PAM-1.3.0~14 (Remove "--enable-static-modules" option and support
from Linux-PAM), PAM_SM_* macros have no effect.
|
| | |
| | |
| | |
| | |
| | |
| | | |
Starting with commit a684595c0bbd88df71285f43fb27630e3829121e aka
Linux-PAM-1.3.0~14 (Remove "--enable-static-modules" option and support
from Linux-PAM), PAM_SM_* macros have no effect.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Following the bad example in pam_succeed_if module, from the very
beginning pam_usertype used to override the default prompt used by
pam_get_user() with "login: ". Fix this now.
* modules/pam_usertype/pam_usertype.c (pam_sm_authenticate): Do not
request PAM_USER_PROMPT item, invoke pam_get_user() with the default
prompt.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
From the very beginning pam_succeed_if used to override the default
prompt used by pam_get_user() with "login: ". Fix this now.
* modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Do not
request PAM_USER_PROMPT item, invoke pam_get_user() with the default
prompt.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
... and remove $(TESTS) from EXTRA_DIST.
The change is performed automatically using the following script:
sed -i -e 's/^TESTS = \(tst.*\)/dist_check_SCRIPTS = \1\nTESTS = $(dist_check_SCRIPTS)/' \
-e '/^EXTRA_DIST/ s/ \$(TESTS)//' modules/*/Makefile.am
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
... and remove $(MANS) from EXTRA_DIST.
The change is performed automatically using the following script:
sed -i 's/^man_MANS/dist_&/; /^EXTRA_DIST/ s/ \$(MANS)//' modules/*/Makefile.am
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* modules/pam_namespace/Makefile.am (service_DATA): New variable.
(install-data-local): Remove all commands related to servicedir.
(uninstall-local): Remove.
Fixes: 59812d1cf ("pam_namespace: secure tmp-inst directories")
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
... and remove $(DATA) from EXTRA_DIST.
The change is performed automatically using the following script:
sed -i 's/^[a-z]*_DATA/dist_&/; /^EXTRA_DIST/ s/ \$(DATA)//' modules/*/Makefile.am
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
... and remove nodist_TESTS.
* modules/pam_timestamp/Makefile.am (nodist_TESTS): Remove.
(TESTS): Replace $(nodist_TESTS) with $(check_PROGRAMS).
(noinst_PROGRAMS): Rename to check_PROGRAMS.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
... and remove it from EXTRA_DIST
* modules/pam_timestamp/Makefile.am (EXTRA_DIST): Remove $(dist_TESTS).
(dist_TESTS): Rename to dist_check_SCRIPTS.
(TESTS): Replace $(dist_TESTS) with $(dist_check_SCRIPTS).
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
... and remove $(SCRIPTS) from EXTRA_DIST.
* modules/pam_namespace/Makefile.am (EXTRA_DIST): Remove $(SCRIPTS).
(secureconf_SCRIPTS): Rename to dist_secureconf_SCRIPTS.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently translated at 100.0% (122 of 122 strings)
Translation: linux-pam/master
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ru/
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently translated at 100.0% (122 of 122 strings)
Translation: linux-pam/master
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/uk/
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently translated at 100.0% (122 of 122 strings)
Translation: linux-pam/master
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/tr/
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently translated at 100.0% (122 of 122 strings)
Translation: linux-pam/master
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/fr/
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently translated at 100.0% (122 of 122 strings)
Translation: linux-pam/master
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/da/
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently translated at 100.0% (122 of 122 strings)
Translation: linux-pam/master
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/pl/
|
| | | |
|
| | |
| | |
| | |
| | | |
Also make the message the same as in pam_tally2.
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Updated translation using Weblate
* Translated using Weblate (Azerbaijani)
Currently translated at 15.8% (19 of 120 strings)
* Translated using Weblate (Norwegian Bokmål)
Currently translated at 100.0% (120 of 120 strings)
Co-authored-by: Alesker Abdullayev - FEDORA Azerbaijan <tech@abdullaeff.com>
Co-authored-by: Allan Nordhøy <epost@anotheragency.no>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Since Make.xml.rules is the only place where XSLTPROC_CUSTOM was used,
remove stereotypic definitions from other Makefiles, this way we no
longer have to worry about vendordir being used somewhere else in
documentation files.
Likewise, define VENDORDIR in config.h and remove stereotypic
-DVENDORDIR= additions from other Makefiles, this way we no longer
have to worry about VENDORDIR being used somewhere else in the code.
* configure.ac (AM_CONDITIONAL): Remove HAVE_VENDORDIR.
(AC_DEFINE_UNQUOTED): Add VENDORDIR.
(AC_SUBST): Remove VENDORDIR, add STRINGPARAM_VENDORDIR.
* Make.xml.rules.in: Replace $(XSLTPROC_CUSTOM) with
@STRINGPARAM_VENDORDIR@.
* doc/man/Makefile.am (XSLTPROC_CUSTOM): Remove.
* libpam/Makefile.am [HAVE_VENDORDIR]: Remove.
* modules/pam_securetty/Makefile.am [HAVE_VENDORDIR]: Remove.
(XSLTPROC_CUSTOM): Remove.
* modules/pam_securetty/pam_securetty.c: Move definitions of local
macros after config.h to benefit from macros defined there.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Make.xml.rules: Rename to ...
* Make.xml.rules.in: ... new file.
* Makefile.am (EXTRA_DIST): Remove Make.xml.rules.
* configure.ac (AC_CONFIG_FILES): Add Make.xml.rules.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
As namespace.init is listed in secureconf_SCRIPTS which is part of
generated SCRIPTS variable.
* modules/pam_namespace/Makefile.am (EXTRA_DIST): Replace namespace.init
with $(SCRIPTS).
|
| | |
| | |
| | |
| | |
| | |
| | | |
* modules/pam_env/Makefile.am (EXTRA_DIST): Remove environment as it is
listed in sysconf_DATA which is part of DATA which is already listed in
EXTRA_DIST.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Since the whole $(DATA) is listed in EXTRA_DIST, $(secureconf_DATA)
can be safely de-listed.
* modules/pam_access/Makefile.am (EXTRA_DIST): Remove
$(secureconf_DATA).
* modules/pam_env/Makefile.am: Likewise.
* modules/pam_group/Makefile.am: Likewise.
* modules/pam_limits/Makefile.am: Likewise.
* modules/pam_namespace/Makefile.am: Likewise.
* modules/pam_sepermit/Makefile.am: Likewise.
* modules/pam_time/Makefile.am: Likewise.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Since the GNU Automake distributes README files by default, the only
reason why README had to be listed in EXTRA_DIST was to make these
README files generated.
Since README is also listed in noinst_DATA, we can safely replace
README in EXTRA_DIST with $(DATA), this also opens the way for
further EXTRA_DIST cleanup.
* modules/*/Makefile.am (EXTRA_DIST): Replace README with $(DATA).
|
| | |
| | |
| | |
| | |
| | | |
This is essentially a no-op change that makes modules/*/Makefile.am
files less divergent.
|