| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
Replace _pam_system_log with pam_syslog.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
Add pam_syslog to unify log messages from PAM modules.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
Fix all occurrence of dereferencing type-punned pointer will break
strict-aliasing rules warnings
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
libpam: don't return PAM_IGNORE if the impression is positive and
using cached chain
pam_nologin: don't overwrite return value with return from pam_get_item
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
Fix the many compile-time warnings caused by features.h being included
before our _pam_aconf.h. This should make it much easier to find other
bugs.
Also, call config.status instead of configure, to allow rebuilding
generated files with the same options.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Legacy behavior for pam_close_session and pam_setcred was not sufficient.
Basically, it appears to be common practice for some applications to call
these functions without first calling pam_authenticate and pam_open_session
which would have frozen the auth and session module stacks.
The new behavior is to treat the returns of these secondary functions as
authoritative when navigating the stack in the absence of a chain-freezing
first set of calls.
pam_chauthtok should not benefit from this behavior, and there does not
appear to be a justification for using an event like this to freeze the
stack outright - legacy behavior did not do that.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup, new feature
Commit summary:
---------------
I'm adding a new module (pam_debug) that helped me to verify that
the new setcred handling did not suffer from a bug in the handling
of 'auth optional'. I'm also fixing a D(()) line from
libpam/pam_dispatch.c which was simply broken.
[There is still an outstanding backward compatibility issue with
pam_dispatch that I'll address with respect to Bug 468724.]
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
This bugfix leads to backwardly incompatable behavior with earlier
releases of Linux-PAM.
Note, this cleans up the setcred/session and chauthtok stacks in
such a way that it is no longer preferred that the setcred module
always return the same error code as the auth components of said
modules did.
This means behavior should be a great deal more sane. It also gives
meaning to the unique return codes that are available to pam_sm_setcred.
[I'm sure that when we add support for credential relevant events,
this change will be critical.]
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature + documentation
Commit summary:
---------------
Cleaned up the handling of AUTHTOK items and pam_[gs]et_data() functions.
Added more clear documentation about the pam_[gs]et_item() functions to
the pam_appl and pam_modules programmer guides.
|
| |
|
