| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: release
Commit summary:
---------------
2010-10-28 Thorsten Kukuk <kukuk@thkukuk.de>
* release version 1.1.3
* configure.in: Increase version to 1.1.3
* NEWS: document visible changes
* libpam/Makefile.am (libpam_la_LDFLAGS): Bump version number.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new release
Commit summary:
---------------
2010-08-31 Thorsten Kukuk <kukuk@thkukuk.de>
* release version 1.1.2
* configure.in: Bump version number.
* NEWS: Document changes since 1.1.1.
* doc/adg/Linux-PAM_ADG.xml: Bump version number.
* doc/mwg/Linux-PAM_MWG.xml: Likewise.
* doc/sag/Linux-PAM_SAG.xml: Likewise.
* libpam/Makefile.am: Bump revision of shared library.
* po/*.po: Regenerate.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2010-04-06 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_rootok/pam_rootok.c: Add support for acct_mgmt
and chauthtok.
* modules/pam_rootok/pam_rootok.8.xml: Document new module
types.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: release
Commit summary:
---------------
2009-12-16 Thorsten Kukuk <kukuk@suse.de>
* release version 1.1.1
* NEWS: Adjust for 1.1.1
* configure.in: Likewise.
* doc/adg/Linux-PAM_ADG.xml: Likewise.
* doc/mwg/Linux-PAM_MWG.xml: Likewise.
* doc/sag/Linux-PAM_SAG.xml: Likewise.
* po/*.po: Regenerated.
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: release
Commit summary:
---------------
2009-06-19 Thorsten Kukuk <kukuk@thkukuk.de>
* release version 1.1.0
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: beta release
Commit summary:
---------------
2009-05-05 Thorsten Kukuk <kukuk@thkukuk.de>
* release 1.0.92
* libpamc/Makefile.am (libpamc_la_LDFLAGS): Increase revesion.
* configure.in: Increase version to 1.0.92.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: release
Commit summary:
---------------
2009-03-09 Thorsten Kukuk <kukuk@thkukuk.de>
* release version 1.0.91
* libpam/Makefile.am (libpam_la_LDFLAGS): Bump version number.
* xtests/Makefile.am: Add tst-pam_unix4.pamd, tst-pam_unix4.sh
and time.conf.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2009-02-26 Tomas Mraz <t8m@centrum.cz>
* xtests/Makefile.am: Add tst-pam_unix4.
* xtests/tst-pam_unix4.c: New test for password change
and shadow min days limit.
* xtests/tst-pam_unix4.pamd: Likewise.
* xtests/tst-pam_unix4.sh: Likewise.
* modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Ignore
PAM_AUTHTOK_ERR on shadow verification.
* modules/pam_unix/passverify.c (check_shadow_expiry): Return
PAM_AUTHTOK_ERR if sp_min limit for password change is defied.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-12-10 Thorsten Kukuk <kukuk@thkukuk.de>
* doc/man/pam_item_types_ext.inc.xml: Document PAM_AUTHTOK_TYPE.
* libpam/pam_end.c (pam_end): Free authtok_type.
* tests/tst-pam_get_item.c: Add PAM_AUTHTOK_TYPE
as test case.
* tests/tst-pam_set_item.c: Likewise.
* libpam/pam_start.c (pam_start): Initialize xdisplay,
xauth and authtok_type.
* libpam/pam_get_authtok.c (pam_get_authtok): Rename "type"
to "authtok_type".
* modules/pam_cracklib/pam_cracklib.8.xml: Replace "type=" with
"authtok_type=".
* doc/man/pam_get_authtok.3.xml: Document authtok_type argument.
* modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Set
type= argument as PAM_AUTHTOK_TYPE item.
* libpam/pam_get_authtok.c (pam_get_authtok): If no type
argument given, use PAM_AUTHTOK_TYPE item.
* libpam/pam_item.c (pam_get_item): Fetch PAM_AUTHTOK_TYPE item.
(pam_set_item): Store PAM_AUTHTOK_TYPE item.
* libpam/pam_private.h: Add authtok_type to pam_handle.
* libpam/include/security/_pam_types.h (PAM_AUTHTOK_TYPE): New.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-12-03 Thorsten Kukuk <kukuk@suse.de>
* doc/man/Makefile.am: Add pam_get_authtok.3.xml.
* doc/man/pam_get_authtok.3.xml: New.
* libpam/Makefile.am: Add pam_get_authtok.c.
* libpam/libpam.map: Export pam_get_authtok.
* libpam/pam_get_authtok.c: New.
* libpam/pam_private.h: Add mod_argc and mod_argv to pam_handle.
* libpam_include/security/pam_ext.h: Add pam_get_authtok
prototype.
* modules/pam_cracklib/pam_cracklib.c: Use pam_get_authtok.
* modules/pam_pwhistory/pam_pwhistory.c: Likewise.
* po/POTFILES.in: Add libpam/pam_get_authtok.c.
* xtests/tst-pam_cracklib1.c: Adjust error codes.
* modules/pam_timestamp/Makefile.am: Remove hmactest.c from
EXTRA_DIST.
* po/*.po: Regenerated.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new features
Commit summary:
---------------
2008-12-02 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_env/pam_env.c: Add support for user specific
environment file. Based on a patch from Ubuntu.
* modules/pam_env/pam_env.8.xml: Document new options.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-12-01 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/pam_unix.8.xml: Document blowfish option.
* configure.in: Check for crypt_gensalt_rn.
* modules/pam_unix/pam_unix_passwd.c: Pass pamh to
create_password_hash function.
* modules/pam_unix/passverify.c (create_password_hash): Add
blowfish support.
* modules/pam_unix/passverify.h: Adjust create_password_hash
prototype.
* modules/pam_unix/support.c: Add support for blowfish option.
* modules/pam_unix/support.h: Add defines for blowfish option.
Patch from Diego Flameeyes Pettenò <flameeyes@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-11-28 Tomas Mraz <t8m@centrum.cz>
* modules/pam_tally2/pam_tally2.c (tally_check): Fix info format
to be the same as in pam_tally.
* configure.in: Add modules/pam_timestamp/Makefile.
* doc/sag/Linux-PAM_SAG.xml: Include pam_timestamp.xml.
* doc/sag/pam_timestamp.xml: New.
* libpam/pam_static_modules.h: Add pam_timestamp static struct.
* modules/Makefile.am: Add pam_timestamp directory.
* modules/pam_timestamp/Makefile.am: New.
* modules/pam_timestamp/README.xml: New.
* modules/pam_timestamp/hmacsha1.h: New.
* modules/pam_timestamp/sha1.h: New.
* modules/pam_timestamp/pam_timestamp.8.xml: New.
* modules/pam_timestamp/pam_timestamp_check.8.xml: New.
* modules/pam_timestamp/pam_timestamp.c: New.
* modules/pam_timestamp/pam_timestamp_check.c: New.
* modules/pam_timestamp/hmacfile.c: New.
* modules/pam_timestamp/hmacsha1.c: New.
* modules/pam_timestamp/sha1.c: New.
* modules/pam_timestamp/tst-pam_timestamp: New.
* po/POTFILES.in: Add pam_timestamp sources.
* po/*.po: Regenerate.
* po/cs.po: Updated translations.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-11-24 Tomas Mraz <t8m@centrum.cz>
* libpam/pam_handlers.c (_pam_parse_conf_file): '-' at
beginning of type token marks silent module.
(_pam_load_module): Add handler_type parameter. Do not log
module load error if module is silent.
(_pam_add_handler): Pass handler_type to _pam_load_module().
* libpam/pam_private.h: Add PAM_HT_SILENT_MODULE.
* doc/man/pam.conf-syntax.xml: Document the '-' at beginning
of type.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-10-17 Tomas Mraz <t8m@centrum.cz>
* configure.in: Add modules/pam_tally2/Makefile.
* doc/sag/Linux-PAM_SAG.xml: Include pam_tally2.xml.
* doc/sag/pam_tally2.xml: New.
* libpam/pam_static_modules.h: Add pam_tally2 static struct.
* modules/Makefile.am: Add pam_tally2 directory.
* modules/pam_tally2/Makefile.am: New.
* modules/pam_tally2/README.xml: New.
* modules/pam_tally2/tallylog.h: New.
* modules/pam_tally2/pam_tally2.8.xml: New.
* modules/pam_tally2/pam_tally2.c: New.
* modules/pam_tally2/pam_tally2_app.c: New.
* modules/pam_tally2/tst-pam_tally2: New.
* po/POTFILES.in: Add pam_tally2 sources.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-10-10 Thorsten Kukuk <kukuk@thkukuk.de>
* configure.in: add modules/pam_pwhistory/Makefile.
* doc/sag/Linux-PAM_SAG.xml: Include pam_pwhistory.xml.
* doc/sag/pam_pwhistory.xml: New.
* libpam/pam_static_modules.h: Add pam_pwhistory data.
* modules/Makefile.am: Add pam_pwhistory directory.
* modules/pam_pwhistory/Makefile.am: New.
* modules/pam_pwhistory/README.xml: New.
* modules/pam_pwhistory/opasswd.c: New.
* modules/pam_pwhistory/opasswd.h: New.
* modules/pam_pwhistory/pam_pwhistory.8.xml: New.
* modules/pam_pwhistory/pam_pwhistory.c: New.
* modules/pam_pwhistory/tst-pam_pwhistory: New.
* xtests/Makefile.am: New.
* xtests/run-xtests.sh: New.
* xtests/tst-pam_pwhistory1.c: New.
* xtests/tst-pam_pwhistory1.pamd: New.
* xtests/tst-pam_pwhistory1.sh: New.
* po/POTFILES.in: Add modules/pam_pwhistory/.
* po/de.po: Update translations.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-09-30 Tomas Mraz <t8m@centrum.cz>
* modules/pam_lastlog/pam_lastlog.8.xml: Document new options
noupdate and showfailed.
* modules/pam_lastlog/pam_lastlog.c(pam_parse): Recognize the new
options.
(last_login_read): New output parameter lltime. Do not display
the last login message if it would be empty.
(last_login_date): New output parameter lltime. Do not write the
last login info when LASTLOG_UPDATE is not set.
(last_login_failed): New function to display the last bad login
attempt from btmp.
(pam_sm_open_session): Obtain lltime from last_login_date() and
call last_login_failed() when appropriate.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-09-19 Tomas Mraz <t8m@centrum.cz>
* modules/pam_cracklib/pam_cracklib.8.xml: Fix description
of the palindrome test. Document new options maxrepeat and
reject_username.
* modules/pam_cracklib/pam_cracklib.c(_pam_parse): Parse
the maxrepeat and reject_username options.
(password_check): Call the new tests usercheck() and
consecutive().
(_pam_unix_approve_pass): Pass user name to the password_check().
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-07-09 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_tally/pam_tally.c: Add support for silent and
no_log_info options.
* modules/pam_tally/pam_tally.8.xml: Document silent and
no_log_info options.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-04-21 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_access/access.conf.5.xml: Document changed behavior
of LOCAL keyword.
* modules/pam_access/pam_access.c: Add from_remote_host to
struct login_info to change behavior of LOCAL keyword: if
PAM_RHOST is not set, LOCAL will be true.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-04-18 Tomas Mraz <t8m@centrum.cz>
* modules/pam_namespace/pam_namespace.c: New functions
unprotect_dirs(), cleanup_protect_data(), protect_mount(),
protect_dir() to protect directory by bind mount.
(cleanup_data): Renamed to cleanup_polydir_data().
(parse_create_params): Allow missing specification of mode
or owner.
(check_inst_parent): Call protect_dir() on the instance parent
directory. The directory is created when it doesn't exist.
(create_polydir): Protect and make the polydir by protect_dir(),
remove potential races.
(create_dirs): Renamed to create_instance(), remove call to
inst_init().
(ns_setup): Call protect_dir() on the polydir if it already exists.
Call inst_init() after the polydir is mounted.
(setup_namespace): Set the namespace protect data to be cleaned up
on pam_close_session()/pam_end().
(pam_sm_open_session): Initialize the protect_dirs.
(pam_sm_close_session): Cleanup namespace protect data.
* modules/pam_namespace/pam_namespace.h: Define struct for the
stack of protected dirs.
* modules/pam_namespace/pam_namespace.8.xml: Document when the
instance init script is called.
* modules/pam_namespace/namespace.conf.5.xml: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-04-17 Tomas Mraz <t8m@centrum.cz>
* modules/pam_access/pam_access.c(myhostname): Removed function.
(user_match): Supply hostname of the machine to the netgroup_match().
Use hostname from the loginfo instead of calling myhostname().
(pam_sm_authenticate): Call gethostname() to fill hostname in the
loginfo.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: release
Commit summary:
---------------
Release Version 1.0.0
2008-04-03 Thorsten Kukuk <kukuk@thkukuk.de>
* release version 1.0.0
* configure.in: Set version number to 1.0.0.
* libpam/Makefile.am: Bump patchlevel of libpam.
* doc/adg/Linux-PAM_ADG.xml: Update version/date.
* doc/mwg/Linux-PAM_MWG.xml: Likewise.
* doc/sag/Linux-PAM_SAG.xml: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-02-13 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_rhosts/Makefile.am: Remove pam_rhosts_auth.
* modules/pam_rhosts/pam_rhosts_auth.c: Removed.
* modules/pam_rhosts/tst-pam_rhosts_auth: Removed.
* modules/pam_namespace/Makefile.am (noinst_HEADERS): Add
pam_namespace.h.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix, new feature
Commit summary:
---------------
2008-02-13 Tomas Mraz <t8m@centrum.cz>
* modules/pam_namespace/Makefile.am: Add argv_parse files and namespace.d
dir.
* modules/pam_namespace/argv_parse.c: New file.
* modules/pam_namespace/argv_parse.h: New file.
* modules/pam_namespace/namespace.conf.5.xml: Document new features.
* modules/pam_namespace/pam_namespace.8.xml: Likewise.
* modules/pam_namespace/pam_namespace.h: Use SECURECONF_DIR define.
Define NAMESPACE_D_DIR and NAMESPACE_D_GLOB. Define new option flags
and polydir flags.
(polydir_s): Add rdir, replace exclusive with flags, add init_script,
owner, group, and mode.
(instance_data): Add ruser, gid, and ruid.
* modules/pam_namespace/pam_namespace.c: Remove now unused copy_ent().
(add_polydir_entry): Add the entry directly, no copy.
(del_polydir): New function.
(del_polydir_list): Call del_polydir().
(expand_variables, parse_create_params, parse_iscript_params,
parse_method): New functions.
(process_line): Call expand_variables() on polydir and instance prefix.
Call argv_parse() instead of strtok_r(). Allocate struct polydir_s on heap.
(parse_config_file): Parse .conf files from namespace.d dir after
namespace.conf.
(form_context): Call getcon() or get_default_context_with_level() when
appropriate flags are set.
(poly_name): Handle shared polydir flag.
(inst_init): Execute non-default init script when specified.
(create_polydir): New function.
(create_dirs): Remove the code which checks the polydir. Do not call
inst_init() when noinit flag is set.
(ns_setup): Check the polydir and eventually create it if the create flag
is set.
(setup_namespace): Use ruser uid from idata. Set the namespace polydir
pam data only when namespace was set up correctly. Unmount polydir
based on ruser.
(get_user_data): New function.
(pam_sm_open_session): Check for use_current_context and
use_default_context options. Call get_user_data().
(pam_sm_close_session): Call get_user_data().
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-02-01 Tomas Mraz <t8m@centrum.cz>
* modules/pam_namespace/namespace.conf.5.xml: Add documentation for
tmpfs and tmpdir polyinst and for ~ user list modifier.
* modules/pam_namespace/namespace.init: Add documentation for the
new init parameter. Add home directory initialization script.
* modules/pam_namespace/pam_namespace.8.xml: Document the new
init parameter of the namespace.init script.
* modules/pam_namespace/pam_namespace.c(copy_ent): Copy exclusive flag.
(cleanup_data): New function.
(process_line): Set exclusive flag. Add tmpfs and tmpdir methods.
(ns_override): Change behavior on the exclusive flag.
(poly_name): Process tmpfs and tmpdir methods.
(inst_init): Add flag for new directory initialization.
(create_dirs): Process the tmpdir method, add the new directory
flag.
(ns_setup): Remove unused code. Process the tmpfs method.
(cleanup_tmpdirs): New function.
(setup_namespace): Set data for proper cleanup. Cleanup the tmpdirs
on failures.
(pam_sm_close_session): Instead of parsing the config file again use
the previously set data for cleanup.
* modules/pam_namespace/pam_namespace.h: Add TMPFS and TMPDIR methods
and exclusive flag.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-01-29 Tomas Mraz <t8m@centrum.cz>
* configure.in: Test for setkeycreatecon needs libselinux.
Add new module pam_sepermit.
* modules/Makefile.am: Add new module pam_sepermit.
* modules/pam_sepermit/.cvsignore: New file.
* modules/pam_sepermit/Makefile.am: Likewise.
* modules/pam_sepermit/README.xml: Likewise.
* modules/pam_sepermit/pam_sepermit.8.xml: Likewise.
* modules/pam_sepermit/pam_sepermit.c: Likewise.
* modules/pam_sepermit/sepermit.conf: Likewise.
* modules/pam_sepermit/tst-pam_sepermit: Likewise.
* doc/sag/pam_sepermit.xml: Likewise.
* doc/sag/pam_tty_audit.xml: Add pam_tty_audit to SAG.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup, new feature
Commit summary:
---------------
Merging the the refactorization pam_unix_ref branch into the trunk.
Added support for sha256 and sha512 password hashes to pam_unix
when the libcrypt supports them.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2007-12-06 Eamon Walsh <ewalsh@tycho.nsa.gov>
* libpam/include/security/_pam_macros.h: Add _pam_overwrite_n()
macro.
* libpam/include/security/_pam_types.h: Add PAM_XDISPLAY,
PAM_XAUTHDATA items, pam_xauth_data struct.
* libpam/pam_item.c (pam_set_item, pam_get_item): Handle
PAM_XDISPLAY and PAM_XAUTHDATA items.
* libpam/pam_end.c (pam_end): Destroy the new items.
* libpam/pam_private.h (pam_handle): Add data members for new
items. Add prototype for _pam_memdup.
* libpam/pam_misc.c: Add _pam_memdup.
* doc/man/Makefile.am: Add pam_xauth_data.3. Replace
pam_item_types.inc.xml with pam_item_types_std.inc.xml and
pam_item_types_ext.inc.xml.
* doc/man/pam_get_item.3.xml: Replace pam_item_types.inc.xml
with pam_item_types_std.inc.xml and pam_item_types_ext.inc.xml.
* doc/man/pam_set_item.3.xml: Likewise.
* doc/man/pam_item_types.inc.xml: Removed file.
* doc/man/pam_item_types_ext.inc.xml: New file.
* doc/man/pam_item_types_std.inc.xml: New file.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2007-12-05 Miloslav Trmac <mitr@redhat.com>
* configure.in: Add test for audit_tty_status struct. Add
pam_tty_audit module.
* libpam/pam_static_modules.h: Add pam_tty_audit module.
* modules/pam_tty_audit/Makefile.am: New file.
* modules/pam_tty_audit/README.xml: Likewise.
* modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise.
* modules/pam_tty_audit/pam_tty_audit.c: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2007-10-19 Tomas Mraz <t8m@centrum.cz>
* xtests/tst-pam_access1.c: Use different name for user and group.
* xtests/tst-pam_access1.sh: Likewise.
* xtests/tst-pam_access2.c: Likewise.
* xtests/tst-pam_access2.sh: Likewise.
* xtests/tst-pam_access4.c: Likewise.
* xtests/tst-pam_access4.sh: Likewise.
* xtests/group.conf: Likewise.
* xtests/tst-pam_group1.c: Likewise.
* xtests/tst-pam_group1.sh: Likewise.
* libpam/pam_dispatch.c (_pam_dispatch_aux): Save states for substacks,
record substack level, skip over virtual substack modules, implement
evaluation of done, die, reset and jumps in substacks. Also fixes
too far jumps in substacks.
* libpam/pam_end.c (pam_end): Drop substack evaluation states.
* libpam/pam_handlers.c (_pam_parse_conf_file): Add substack level
parameter, instead of must_fail use handler_type needed for virtual
substack modules.
(_pam_load_conf_file): Add substack level parameter.
(_pam_init_handlers): Substack level parameter added to
_pam_parse_conf_file() calls.
(_pam_load_module): New function.
(_pam_add_handler): Refactor code into the _pam_load_module(). Add
support for virtual substack modules.
* libpam/pam_private.h: Rename must_fail to handler_type, add stack_level
to struct handler. Define handler type constants. Add struct
for substack evaluation states. Define constant for maximum
substack level. Add substack states pointer to former state struct.
* libpam/pam_start.c (pam_start): Initialize pointer to substack states.
* doc/man/pam.conf-syntax.xml: Document substack control.
* xtests/Makefile.am: Add new tests for substack evaluation.
* xtests/run_xtests.sh: Support multiple .pamd files in a test.
* xtests/tst-pam_authfail.pamd: New tests for substack evaluation.
* xtests/tst-pam_authsucceed.pamd: Likewise.
* xtests/tst-pam_substack1.pamd: Likewise.
* xtests/tst-pam_substack1a.pamd: Likewise.
* xtests/tst-pam_substack1.sh: Likewise.
* xtests/tst-pam_substack2.pamd: Likewise.
* xtests/tst-pam_substack2a.pamd: Likewise.
* xtests/tst-pam_substack2.sh: Likewise.
* xtests/tst-pam_substack3.pamd: Likewise.
* xtests/tst-pam_substack3a.pamd: Likewise.
* xtests/tst-pam_substack3.sh: Likewise.
* xtests/tst-pam_substack4.pamd: Likewise.
* xtests/tst-pam_substack4a.pamd: Likewise.
* xtests/tst-pam_substack4.sh: Likewise.
* xtests/tst-pam_substack5.pamd: Likewise.
* xtests/tst-pam_substack5a.pamd: Likewise.
* xtests/tst-pam_substack5.sh: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: release
Commit summary:
---------------
2007-10-09 Thorsten Kukuk <kukuk@thkukuk.de>
* release version 0.99.9.0
* configure.in: Increase vesion number.
* libpam/Makefile.am: Increase release number.
* libpam_misc/Makefile.am: Increase release number.
* po/*.po: Regenerate.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup (behavior change)
Commit summary:
---------------
2007-09-03 Steve Langasek <vorlon@debian.org>
* libpam_misc/misc_conv.c: don't block SIGINT in misc_conv; it's
perfectly valid to allow the user to interrupt at a prompt. If
an application wants prompts to not be interruptable, the
application should take responsibility for blocking SIGINT.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2007-07-18 Thorsten Kukuk <kukuk@thkukuk.de>
* release version 0.99.8.1
* libpam/pam_audit.c: Include unistd.h for getuid().
* libpam/Makefile.am: Bump version number.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix, release
Commit summary:
---------------
2007-07-06 Thorsten Kukuk <kukuk@thkukuk.de>
* release version 0.99.8.0
* configure.in: Check for audit_log_acct_message instead of
audit_log_user_message.
* libpam/pam_audit.c: Use audit_log_acct_message.
Based on patch from Mark J Cox <mjc@redhat.com>.
* libpam/Makefile.am: Bump version number of libpam.
* modules/pam_umask/pam_umask.c (set_umask): mode_t is 32bit,
not 64bit.
* xtests/tst-pam_limits1.c: Fix printf arguments.
* po/*.po: Merge po files with latest code changes.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new features
Commit summary:
---------------
2007-06-20 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_cracklib/pam_cracklib.8.xml: Document new minclass
option.
* modules/pam_cracklib/pam_cracklib.c: Add support for minimum
character classes [#1688777]. Based on patch from Keith Schincke.
* xtests/tst-pam_cracklib2.c: New, test case for minclass option.
* xtests/tst-pam_cracklib2.pamd: New, PAM config file for test case.
* xtests/Makefile.am: Add new testcase.
* xtests/pam_cracklib.c: Fix comment what this application tests.
* configure.in: Use /lib64 on x86-64, ppc64, s390x, sparc64
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2007-06-15 Tomas Mraz <t8m@centrum.cz>
* modules/pam_selinux/pam_selinux.8.xml: Remove multiple option,
add select_context and use_current_range options.
* modules/pam_selinux/pam_selinux.c (send_audit_message): Added
function for auditing role/level changes.
(query_response): Add default response.
(select_context): Removed.
(manual_context): Query only role and level.
(mls_range_allowed): Added function for range check.
(config_context): Added function for role and level override.
(pam_sm_open_session): Remove multiple option, add select_context
and use_current_range_options. Use getseuserbyname to obtain
SELinux user and level. Audit role/level changes. Call setkeycreatecon
to assign key creation context. Don't fail on errors when SELinux
is not in enforcing mode.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix, new feature
Commit summary:
---------------
2007-06-15 Tomas Mraz <t8m@centrum.cz>
* modules/pam_namespace/README.xml: Avoid duplication of
documentation.
* modules/pam_namespace/namespace.conf: More real life example
from MLS support.
* modules/pam_namespace/namespace.conf.5.xml: Likewise plus
properly describe how instance directory names are formed.
* modules/pam_namespace/namespace.init: Preserve euid when
called from setuid apps (su, newrole).
* modules/pam_namespace/pam_namespace.8.xml: Added option
no_unmount_on_close.
* modules/pam_namespace/pam_namespace.c (process_line): Polyinst
methods are now user, level and context. Fix crash on unknown
override user in config file.
(ns_override): Add explicit uid parameter.
(form_context): Skip for user method. Implement level based
polyinstantiation.
(poly_name): Initialize contexts. Add level based polyinst,
remove 'both' metod. Use raw contexts for instance names,
truncate long instance names and add hash.
(ns_setup): Hashing moved to poly_name().
(setup_namespace): Handle correctly override users for
su (when unmnt_remnt is used).
(pam_sm_close_session): Added no_unmount_on_close option.
* modules/pam_namespace/pam_namespace.h: Added
no_unmount_on_close_option, level method, limit on instance
directory name length.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
* modules/pam_limits/Makefile.am: Define limits.d dir and install it.
* modules/pam_limits/pam_limits.8.xml: Describe limits.d parsing.
* modules/pam_limits/pam_limits.c (pam_limit_s): Make conf_file ptr.
(pam_parse): conf_file is now ptr.
(pam_sm_open_session): Add parsing files from limits.d subdir using
glob, change pl to pointer.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: translations
Commit summary:
---------------
2007-03-12 Thorsten Kukuk <kukuk@thkukuk.de>
* po/ar.po: New translation.
* po/ca.po: Likewise.
* po/da.po: Likewise.
* po/ru.po: Likewise.
* po/sv.po: Likewise.
* po/zu.po: Likewise.
* po/LINGUAS: Add ar, ca, da, ru, sv, zu
* po/hu.po: Update translation.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2007-01-23 Thorsten Kukuk <kukuk@suse.de>
* release 0.99.7.1
* configure.in: Set version number to 0.99.7.1
2007-01-23 Thorsten Kukuk <kukuk@thukuk.de>
Tomas Mraz <t2m@centrum.cz>
* modules/pam_unix/support.c (_unix_verify_password): Always
compare full encrypted passwords.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: release
Commit summary:
---------------
2007-01-17 Thorsten Kukuk <kukuk@thkukuk.de>
* release 0.99.7.0
* configure.in: Set version number to 0.99.7.0
* Makefile.am (M4_FILES): Replace GNU make extension by listing
all m4 files.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2006-11-08 Thorsten Kukuk <kukuk@thkukuk.de>
* configure.in: Add modules/pam_faildelay/Makefile.
* doc/sag/Linux-PAM_SAG.xml: Include pam_faildelay.xml.
* doc/sag/pam_faildelay.xml: New.
* libpam/pam_static_modules.h: Include static pam_faildelay data.
* modules/Makefile.am: Add pam_faildelay directory.
* modules/pam_faildelay/Makefile.am: New.
* modules/pam_faildelay/README: New, generated from XML file.
* modules/pam_faildelay/README.xml: New.
* modules/pam_faildelay/pam_faildelay.8: New, generated from xml.
* modules/pam_faildelay/pam_faildelay.8.xml: New.
* modules/pam_faildelay/pam_faildelay.c: New.
* modules/pam_faildelay/tst-pam_faildelay: New.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature/bugfix
Commit summary:
---------------
2006-09-20 Thorsten Kukuk <kukuk@thkukuk.de>
* doc/adg/Makefile.am: Add manual pages as dependency.
* doc/mwg/Makefile.am: Likewise.
* doc/sag/Makefile.am: Likewise.
* doc/sag/Linux-PAM_SAG.xml: Include pam_unix.xml.
* doc/sag/pam_unix.xml: New.
* modules/pam_unix/Makefile.am: Generate pam_unix.8 manual page.
* modules/pam_unix/README.xml: New.
* modules/pam_unix/pam_unix.8.xml: New.
* modules/pam_unix/README: Regenerate from XML.
* modules/pam_unix/pam_unix.8: Generated from XML.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2006-08-30 Tomas Mraz <t8m@centrum.cz>
* modules/pam_access/pam_access.8.xml: All services supported.
* modules/pam_access/pam_access.c (pam_sm_open_session): New.
(pam_sm_close_session): New.
(pam_sm_chauthtok): New.
* modules/pam_access/pam_succeed_if.8.xml: All services supported.
* modules/pam_access/pam_succeed_if.c (pam_sm_setcred): Return
PAM_IGNORE rather than success.
(pam_sm_open_session): New.
(pam_sm_close_session): New.
(pam_sm_chauthtok): New.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
As discussed with Tomas I'm adding the pam_loginuid module from RH
to make the SELinux/Audit stack complete:
2006-08-29 Thorsten Kukuk <kukuk@thkukuk.de>
* doc/sag/pam_loginuid.xml: New.
* doc/sag/Linux-PAM_SAG.xml: Include pam_loginuid.xml.
* configure.in: Add modules/pam_loginuid/Makefile.
* modules/Makefile.am: Add pam_loginuid sub directory.
* libpam/pam_static_modules.h: Add pam_loginuid.
* modules/pam_loginuid/Makefile.am: New.
* modules/pam_loginuid/tst-pam_loginuid: New.
* modules/pam_loginuid/pam_loginuid.8.xml: New.
* modules/pam_loginuid/pam_loginuid.8: New, generated from XML source.
* modules/pam_loginuid/pam_loginuid.c: New.
* modules/pam_loginuid/README.xml: New.
* modules/pam_loginuid/README: New, generated from XML source.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2006-08-24 Thorsten Kukuk <kukuk@thkukuk.de>
* release version 0.99.6.2
* modules/pam_lastlog/pam_lastlog.c (last_login_date): Create
lastlog file if it does not exist.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit:
Commit summary:
---------------
Prepare 0.99.6.1 release
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit:
Commit summary:
---------------
Release 0.99.6.0
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
Add xtests to allow checks for PAM functions only doable in installed
system.
2006-08-05 Thorsten Kukuk <kukuk@thkukuk.de>
* configure.in: Generate xtests/Makefile.
* Makefile.am (SUBDIRS): Add xtests.
* README: Document make check and make xtests.
* xtests/Makefile.am: New.
* xtests/tst-pam_dispatch1.pamd: New.
* xtests/tst-pam_dispatch2.pamd: New.
* xtests/tst-pam_dispatch3.pamd: New.
* xtests/tst-pam_dispatch1.c: New.
* xtests/tst-pam_dispatch2.c: New.
* xtests/tst-pam_dispatch3.c: New.
|
