summaryrefslogtreecommitdiff
path: root/libpam/include/security
Commit message (Collapse)AuthorAge
* Relevant BUGIDs:Dmitry V. Levin2010-10-03
| | | | | | | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-10-04 Dmitry V. Levin <ldv@altlinux.org> * libpam/pam_modutil_priv.c: New file. * libpam/Makefile.am (libpam_la_SOURCES): Add it. * libpam/include/security/pam_modutil.h (struct pam_modutil_privs, PAM_MODUTIL_DEF_PRIVS, pam_modutil_drop_priv, pam_modutil_regain_priv): New declarations. * libpam/libpam.map (LIBPAM_MODUTIL_1.1.3): New interface. * modules/pam_env/pam_env.c (handle_env): Use new pam_modutil interface. * modules/pam_mail/pam_mail.c (_do_mail): Likewise. * modules/pam_xauth/pam_xauth.c (check_acl, pam_sm_open_session, pam_sm_close_session): Likewise. (pam_sm_open_session): Remove redundant fchown call. Fixes CVE-2010-3430, CVE-2010-3431.
* Relevant BUGIDs: 2892529Thorsten Kukuk2009-12-08
| | | | | | | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2009-12-08 Thorsten Kukuk <kukuk@thkukuk.de> * configure.in: Rename DEBUG to PAM_DEBUG. * libpam/pam_env.c: Likewise * libpam/pam_handlers.c: Likewise * libpam/pam_miscc.c: Likewise * libpam/pam_password.c: Likewise * libpam/include/security/_pam_macros.h: Likewise * libpamc/test/modules/pam_secret.c: Likewise * modules/pam_group/pam_group.c: Likewise * modules/pam_listfile/pam_listfile.c: Likewise * modules/pam_unix/pam_unix_auth.c: Likewise * modules/pam_unix/pam_unix_passwd.c: Likewise
* Relevant BUGIDs:Thorsten Kukuk2009-11-10
| | | | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: regression fix Commit summary: --------------- 2009-11-10 Thorsten Kukuk <kukuk@suse.de> * doc/man/pam_get_authtok.3.xml: Document pam_get_authtok_noverify and pam_get_authtok_verify. * libpam/Makefile.am (libpam_la_LDFLAGS): Bump revesion of libpam. * libpam/pam_get_authtok.c (pam_get_authtok_internal): Renamed from pam_get_authtok, add flags argument, always check return values. * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Use pam_get_authtok_noverify and pam_get_authtok_verify. * libpam/include/security/pam_ext.h: Add prototypes for pam_get_authtok_noverify and pam_get_authtok_verify. * libpam/libpam.map: Add new pam_get_authtok_* functions.
* Relevant BUGIDs:Thorsten Kukuk2008-12-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2008-12-10 Thorsten Kukuk <kukuk@thkukuk.de> * doc/man/pam_item_types_ext.inc.xml: Document PAM_AUTHTOK_TYPE. * libpam/pam_end.c (pam_end): Free authtok_type. * tests/tst-pam_get_item.c: Add PAM_AUTHTOK_TYPE as test case. * tests/tst-pam_set_item.c: Likewise. * libpam/pam_start.c (pam_start): Initialize xdisplay, xauth and authtok_type. * libpam/pam_get_authtok.c (pam_get_authtok): Rename "type" to "authtok_type". * modules/pam_cracklib/pam_cracklib.8.xml: Replace "type=" with "authtok_type=". * doc/man/pam_get_authtok.3.xml: Document authtok_type argument. * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Set type= argument as PAM_AUTHTOK_TYPE item. * libpam/pam_get_authtok.c (pam_get_authtok): If no type argument given, use PAM_AUTHTOK_TYPE item. * libpam/pam_item.c (pam_get_item): Fetch PAM_AUTHTOK_TYPE item. (pam_set_item): Store PAM_AUTHTOK_TYPE item. * libpam/pam_private.h: Add authtok_type to pam_handle. * libpam/include/security/_pam_types.h (PAM_AUTHTOK_TYPE): New.
* Relevant BUGIDs:Thorsten Kukuk2008-12-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2008-12-03 Thorsten Kukuk <kukuk@suse.de> * doc/man/Makefile.am: Add pam_get_authtok.3.xml. * doc/man/pam_get_authtok.3.xml: New. * libpam/Makefile.am: Add pam_get_authtok.c. * libpam/libpam.map: Export pam_get_authtok. * libpam/pam_get_authtok.c: New. * libpam/pam_private.h: Add mod_argc and mod_argv to pam_handle. * libpam_include/security/pam_ext.h: Add pam_get_authtok prototype. * modules/pam_cracklib/pam_cracklib.c: Use pam_get_authtok. * modules/pam_pwhistory/pam_pwhistory.c: Likewise. * po/POTFILES.in: Add libpam/pam_get_authtok.c. * xtests/tst-pam_cracklib1.c: Adjust error codes. * modules/pam_timestamp/Makefile.am: Remove hmactest.c from EXTRA_DIST. * po/*.po: Regenerated.
* Relevant BUGIDs:Thorsten Kukuk2008-01-28
| | | | | | | | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2008-01-28 Thorsten Kukuk <kukuk@thkukuk.de> * libpam/pam_audit.c: Include pam_modutil_private.h. * libpam/pam_item.c (pam_set_item): Fix compiler warning. * libpam/pam_end.c (pam_end): Cast to correct pointer type. * libpam/include/security/_pam_macros.h (_pam_overwrite_n): Use unsigned int.
* Relevant BUGIDs:Tomas Mraz2007-12-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: new feature and cleanup Commit summary: --------------- 2007-12-07 Tomas Mraz <t8m@centrum.cz> * libpam/libpam.map: Add LIBPAM_MODUTIL_1.1 version. * libpam/pam_audit.c: Add _pam_audit_open() and pam_modutil_audit_write(). (_pam_auditlog): Call _pam_audit_open(). * libpam/include/security/pam_modutil.h: Add pam_modutil_audit_write(). * modules/pam_access/pam_access.8.xml: Add noaudit option. Document auditing. * modules/pam_access/pam_access.c: Move fs, sep, pam_access_debug, and only_new_group_syntax variables to struct login_info. Add noaudit member. (_parse_args): Adjust for the move of variables and add support for noaudit option. (group_match): Add debug parameter. (string_match): Likewise. (network_netmask_match): Likewise. (login_access): Adjust for the move of variables. Add nonall_match. Add call to pam_modutil_audit_write(). (list_match): Adjust for the move of variables. (user_match): Likewise. (from_match): Likewise. (pam_sm_authenticate): Call _parse_args() earlier. * modules/pam_limits/pam_limits.8.xml: Add noaudit option. Document auditing. * modules/pam_limits/pam_limits.c (_pam_parse): Add noaudit option. (setup_limits): Call pam_modutil_audit_write(). * modules/pam_time/pam_time.8.xml: Add debug and noaudit options. Document auditing. * modules/pam_time/pam_time.c: Add option parsing (_pam_parse()). (check_account): Call _pam_parse(). Call pam_modutil_audit_write() and pam_syslog() on login denials.
* Relevant BUGIDs:Tomas Mraz2007-12-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2007-12-06 Eamon Walsh <ewalsh@tycho.nsa.gov> * libpam/include/security/_pam_macros.h: Add _pam_overwrite_n() macro. * libpam/include/security/_pam_types.h: Add PAM_XDISPLAY, PAM_XAUTHDATA items, pam_xauth_data struct. * libpam/pam_item.c (pam_set_item, pam_get_item): Handle PAM_XDISPLAY and PAM_XAUTHDATA items. * libpam/pam_end.c (pam_end): Destroy the new items. * libpam/pam_private.h (pam_handle): Add data members for new items. Add prototype for _pam_memdup. * libpam/pam_misc.c: Add _pam_memdup. * doc/man/Makefile.am: Add pam_xauth_data.3. Replace pam_item_types.inc.xml with pam_item_types_std.inc.xml and pam_item_types_ext.inc.xml. * doc/man/pam_get_item.3.xml: Replace pam_item_types.inc.xml with pam_item_types_std.inc.xml and pam_item_types_ext.inc.xml. * doc/man/pam_set_item.3.xml: Likewise. * doc/man/pam_item_types.inc.xml: Removed file. * doc/man/pam_item_types_ext.inc.xml: New file. * doc/man/pam_item_types_std.inc.xml: New file.
* Relevant BUGIDs:Thorsten Kukuk2006-06-14
| | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- Really remove pam_malloc.* files.
* Relevant BUGIDs:Thorsten Kukuk2006-06-14
| | | | | | | | | | | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2006-06-14 Thorsten Kukuk <kukuk@thkukuk.de> * configure.in: Remove --enable-memory-debug, add option to disable prelude if installed. * modules/pam_tally/pam_tally.c: Remove MEMORY_DEBUG * modules/pam_filter/upperLOWER/upperLOWER.c: Likewise. * modules/pam_unix/unix_chkpwd.c: Likewise. * libpam/include/security/_pam_types.h: Likewise. * libpam/libpam.map: Remove LIBPAM_MALLOC_DEBUG export. * libpam/pam_malloc.c: Remove file. * libpam/Makefile.am: Remove pam_malloc.c and pam_malloc.h.
* Relevant BUGIDs:Thorsten Kukuk2006-06-06
| | | | | | | | | | | | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2006-06-06 Thorsten Kukuk <kukuk@thkukuk.de> * libpam/include/security/pam_malloc.h: Add missing license informations. * libpam/include/security/pam_ext.h: Add brackets for C++. * libpam/include/security/pam_modutil.h: Likewise. * libpam/include/security/pam_modules.h: Document where to find the copyright/license informations. * libpam/include/security/pam_appl.h: Move _pam_compat.h include inside of brackets.
* Relevant BUGIDs: noneThorsten Kukuk2006-01-11
| | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2006-01-11 Thorsten Kukuk <kukuk@thkukuk.de> * libpam/Makefile.am (AM_CFLAGS): Define LIBPAM_COMPILE. * libpam/include/security/_pam_types.h: Don't define PAM_NONNULL if we compile libpam itself. And update all po files with new line numbers in PAM modules ...
* Relevant BUGIDs:Thorsten Kukuk2006-01-08
| | | | | | | | | | | | | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2006-01-08 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_cracklib/pam_cracklib.c: Use PAM_AUTHTOK_RECOVERY_ERR instead of PAM_AUTHTOK_RECOVER_ERR. * modules/pam_pwdb/support.-c: Likewise. * modules/pam_unix/support.c: Likewise. * modules/pam_userdb/pam_userdb.c (pam_sm_authenticate): Likewise. * libpam/pam_strerror.c (pam_strerror): Likewise. * libpam/include/security/_pam_compat.h: Define PAM_AUTHTOK_RECOVER_ERR for backward compatibility. * libpam/include/security/_pam_types.h: Rename PAM_AUTHTOK_RECOVER_ERR to PAM_AUTHTOK_RECOVERY_ERR.
* Relevant BUGIDs: noneThorsten Kukuk2006-01-05
| | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- item of pam_get_item() is allowed to be NULL and the behavior is documented, so we have to allow it. 2006-01-05 Thorsten Kukuk <kukuk@thkukuk.de> * libpam/include/security/_pam_types.h: Remove nonnull attribute from third paramter (item) of pam_get_item. * libpam/Makefile.am: Bump version number of shared library.
* Relevant BUGIDs: 604380Thorsten Kukuk2005-11-17
| | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- Fix compatibility with Solaris if compiled on Solaris: 2005-11-17 Thorsten Kukuk <kukuk@thkukuk.de> * libpam/include/security/_pam_compat.h: Fix wrong #ifdef nesting. Redefine PAM_CHANGE_EXPIRED_AUTHTOK [#604380]
* Relevant BUGIDs: Debian bug #53653Steve Langasek2005-10-04
| | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- Declare public header files extern "C" so that they are C++-safe.
* Relevant BUGIDs:Tomas Mraz2005-09-21
| | | | | | | | Purpose of commit: new feature Commit summary: --------------- Moved functions from pammodutil to libpam.
* Relevant BUGIDs:Tomas Mraz2005-09-20
| | | | | | | | Purpose of commit: cleanup Commit summary: --------------- Revert de-constification of pam_get_data and pam_get_item prototypes
* Relevant BUGIDs:Tomas Mraz2005-09-19
| | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- Added PAM_NONNULL attributes to some public API (by ldv) Removed const qualifiers from pam_get_item, pam_get_data to comply with spec
* Relevant BUGIDs: noneThorsten Kukuk2005-09-14
| | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- Link libpam_misc against libpam Fix defines in pam_ext.h Patches from Dmitry V. Levin.
* Relevant BUGIDs: noneThorsten Kukuk2005-09-04
| | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- Replace _pam_system_log with pam_syslog.
* Relevant BUGIDs: noneThorsten Kukuk2005-09-03
| | | | | | | | | Purpose of commit: new feature Commit summary: --------------- Add pam_syslog to unify log messages from PAM modules.
* Relevant BUGIDs: noneThorsten Kukuk2005-09-01
| | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- Fix memory leak in pam_vprompt and adjust printf attribute. Patch from Dmitry V. Levin.
* Relevant BUGIDs: noneThorsten Kukuk2005-09-01
| | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- Add PAM extensions pam_*prompt, pam_*error and pam_*info for usage by modules to libpam, add new pam_ext.h header file with prototypes.
* Relevant BUGIDs: noneThorsten Kukuk2005-08-29
| | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- cleanup the header files, don't include allways all other header files.
* Relevant BUGIDs: noneThorsten Kukuk2005-08-18
| | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- Use modules.map as linker version map for all PAM modules Use /var/run for debug output instead of /tmp (Patches from ALT Linux/OWL)
* Relevant BUGIDs: noneThorsten Kukuk2005-08-16
| | | | | | | | | Purpose of commit: new feature Commit summary: --------------- Big "automake/autoconf/libtool" commit
* Fixed typo issueSebastien Tricaud2005-03-16
|
* Relevant BUGIDs:Thorsten Kukuk2004-09-15
| | | | | | | | | Purpose of commit: Commit summary: --------------- bugfix: Add parts of Steve Grubb's resource leak and other fixes
* Relevant BUGIDs: 485454Andrew G. Morgan2001-11-26
| | | | | | | | | | Purpose of commit: revive feature Commit summary: --------------- malloc et al. debugging was not supported by the new autoconf setup, this commit rectifies that. It also adds a couple of header file inclusions that seem to be needed with recent glibc headers.
* Relevant BUGIDs: 129775Andrew G. Morgan2001-02-05
| | | | | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- This bugfix leads to backwardly incompatable behavior with earlier releases of Linux-PAM. Note, this cleans up the setcred/session and chauthtok stacks in such a way that it is no longer preferred that the setcred module always return the same error code as the auth components of said modules did. This means behavior should be a great deal more sane. It also gives meaning to the unique return codes that are available to pam_sm_setcred. [I'm sure that when we add support for credential relevant events, this change will be critical.]
* Relevant BUGIDs: 129027, 128576Andrew G. Morgan2001-01-22
| | | | | | | | | | Purpose of commit: new feature + documentation Commit summary: --------------- Cleaned up the handling of AUTHTOK items and pam_[gs]et_data() functions. Added more clear documentation about the pam_[gs]et_item() functions to the pam_appl and pam_modules programmer guides.
* Relevant BUGIDs: 124391Jan Rekorajski2000-12-04
| | | | | | | | Purpose of commit: cleanup Commit summary: --------------- * removed unnecessary CVS Log tags from all over the source
* Relevant BUGIDs: 124385Jan Rekorajski2000-12-04
| | | | | | | | Purpose of commit: security Commit summary: --------------- * use O_NOFOLLOW if available when opening debug log
* Relevant BUGIDs: 112646Andrew G. Morgan2000-09-05
| | | | | | | | | Purpose of commit: comment bugfix Commit summary: --------------- Keep comment in line with actual implementation of the fail delay callback function.
* Relevant BUGIDs: 111645Andrew G. Morgan2000-08-11
| | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- C++ support was broken for PAM-applications, this checkin should fix it. I've received this bug report from numerous folk.
* Initial revisionAndrew G. Morgan2000-06-20