| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The grantor field gives audit trail of PAM modules which granted access
for successful return from libpam calls. In case of failed return
the grantor field is set to '?'.
libpam/pam_account.c (pam_acct_mgmt): Remove _pam_auditlog() call.
libpam/pam_auth.c (pam_authenticate, pam_setcred): Likewise.
libpam/pam_password.c (pam_chauthtok): Likewise.
libpam/pam_session.c (pam_open_session, pam_close_session): Likewise.
libpam/pam_audit.c (_pam_audit_writelog): Add grantors parameter,
add grantor= field to the message if grantors is set.
(_pam_list_grantors): New function creating the string with grantors list.
(_pam_auditlog): Add struct handler pointer parameter, call _pam_list_grantors()
to list the grantors from the handler list.
(_pam_audit_end): Add NULL handler parameter to _pam_auditlog() call.
(pam_modutil_audit_write): Add NULL grantors parameter to _pam_audit_writelog().
libpam/pam_dispatch.c (_pam_dispatch_aux): Set h->grantor where appropriate.
(_pam_clear_grantors): New function to clear grantor field of handler.
(_pam_dispatch): Call _pam_clear_grantors() before executing the stack.
Call _pam_auditlog() when appropriate.
libpam/pam_handlers.c (extract_modulename): Do not allow empty module name
or just "?" to avoid confusing audit trail.
(_pam_add_handler): Test for NULL return from extract_modulename().
Clear grantor field of handler.
libpam/pam_private.h: Add grantor field to struct handler, add handler pointer
parameter to _pam_auditlog().
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-12-10 Thorsten Kukuk <kukuk@thkukuk.de>
* doc/man/pam_item_types_ext.inc.xml: Document PAM_AUTHTOK_TYPE.
* libpam/pam_end.c (pam_end): Free authtok_type.
* tests/tst-pam_get_item.c: Add PAM_AUTHTOK_TYPE
as test case.
* tests/tst-pam_set_item.c: Likewise.
* libpam/pam_start.c (pam_start): Initialize xdisplay,
xauth and authtok_type.
* libpam/pam_get_authtok.c (pam_get_authtok): Rename "type"
to "authtok_type".
* modules/pam_cracklib/pam_cracklib.8.xml: Replace "type=" with
"authtok_type=".
* doc/man/pam_get_authtok.3.xml: Document authtok_type argument.
* modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Set
type= argument as PAM_AUTHTOK_TYPE item.
* libpam/pam_get_authtok.c (pam_get_authtok): If no type
argument given, use PAM_AUTHTOK_TYPE item.
* libpam/pam_item.c (pam_get_item): Fetch PAM_AUTHTOK_TYPE item.
(pam_set_item): Store PAM_AUTHTOK_TYPE item.
* libpam/pam_private.h: Add authtok_type to pam_handle.
* libpam/include/security/_pam_types.h (PAM_AUTHTOK_TYPE): New.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-12-03 Thorsten Kukuk <kukuk@suse.de>
* doc/man/Makefile.am: Add pam_get_authtok.3.xml.
* doc/man/pam_get_authtok.3.xml: New.
* libpam/Makefile.am: Add pam_get_authtok.c.
* libpam/libpam.map: Export pam_get_authtok.
* libpam/pam_get_authtok.c: New.
* libpam/pam_private.h: Add mod_argc and mod_argv to pam_handle.
* libpam_include/security/pam_ext.h: Add pam_get_authtok
prototype.
* modules/pam_cracklib/pam_cracklib.c: Use pam_get_authtok.
* modules/pam_pwhistory/pam_pwhistory.c: Likewise.
* po/POTFILES.in: Add libpam/pam_get_authtok.c.
* xtests/tst-pam_cracklib1.c: Adjust error codes.
* modules/pam_timestamp/Makefile.am: Remove hmactest.c from
EXTRA_DIST.
* po/*.po: Regenerated.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-11-24 Tomas Mraz <t8m@centrum.cz>
* libpam/pam_handlers.c (_pam_parse_conf_file): '-' at
beginning of type token marks silent module.
(_pam_load_module): Add handler_type parameter. Do not log
module load error if module is silent.
(_pam_add_handler): Pass handler_type to _pam_load_module().
* libpam/pam_private.h: Add PAM_HT_SILENT_MODULE.
* doc/man/pam.conf-syntax.xml: Document the '-' at beginning
of type.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2007-12-06 Eamon Walsh <ewalsh@tycho.nsa.gov>
* libpam/include/security/_pam_macros.h: Add _pam_overwrite_n()
macro.
* libpam/include/security/_pam_types.h: Add PAM_XDISPLAY,
PAM_XAUTHDATA items, pam_xauth_data struct.
* libpam/pam_item.c (pam_set_item, pam_get_item): Handle
PAM_XDISPLAY and PAM_XAUTHDATA items.
* libpam/pam_end.c (pam_end): Destroy the new items.
* libpam/pam_private.h (pam_handle): Add data members for new
items. Add prototype for _pam_memdup.
* libpam/pam_misc.c: Add _pam_memdup.
* doc/man/Makefile.am: Add pam_xauth_data.3. Replace
pam_item_types.inc.xml with pam_item_types_std.inc.xml and
pam_item_types_ext.inc.xml.
* doc/man/pam_get_item.3.xml: Replace pam_item_types.inc.xml
with pam_item_types_std.inc.xml and pam_item_types_ext.inc.xml.
* doc/man/pam_set_item.3.xml: Likewise.
* doc/man/pam_item_types.inc.xml: Removed file.
* doc/man/pam_item_types_ext.inc.xml: New file.
* doc/man/pam_item_types_std.inc.xml: New file.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2007-10-19 Tomas Mraz <t8m@centrum.cz>
* xtests/tst-pam_access1.c: Use different name for user and group.
* xtests/tst-pam_access1.sh: Likewise.
* xtests/tst-pam_access2.c: Likewise.
* xtests/tst-pam_access2.sh: Likewise.
* xtests/tst-pam_access4.c: Likewise.
* xtests/tst-pam_access4.sh: Likewise.
* xtests/group.conf: Likewise.
* xtests/tst-pam_group1.c: Likewise.
* xtests/tst-pam_group1.sh: Likewise.
* libpam/pam_dispatch.c (_pam_dispatch_aux): Save states for substacks,
record substack level, skip over virtual substack modules, implement
evaluation of done, die, reset and jumps in substacks. Also fixes
too far jumps in substacks.
* libpam/pam_end.c (pam_end): Drop substack evaluation states.
* libpam/pam_handlers.c (_pam_parse_conf_file): Add substack level
parameter, instead of must_fail use handler_type needed for virtual
substack modules.
(_pam_load_conf_file): Add substack level parameter.
(_pam_init_handlers): Substack level parameter added to
_pam_parse_conf_file() calls.
(_pam_load_module): New function.
(_pam_add_handler): Refactor code into the _pam_load_module(). Add
support for virtual substack modules.
* libpam/pam_private.h: Rename must_fail to handler_type, add stack_level
to struct handler. Define handler type constants. Add struct
for substack evaluation states. Define constant for maximum
substack level. Add substack states pointer to former state struct.
* libpam/pam_start.c (pam_start): Initialize pointer to substack states.
* doc/man/pam.conf-syntax.xml: Document substack control.
* xtests/Makefile.am: Add new tests for substack evaluation.
* xtests/run_xtests.sh: Support multiple .pamd files in a test.
* xtests/tst-pam_authfail.pamd: New tests for substack evaluation.
* xtests/tst-pam_authsucceed.pamd: Likewise.
* xtests/tst-pam_substack1.pamd: Likewise.
* xtests/tst-pam_substack1a.pamd: Likewise.
* xtests/tst-pam_substack1.sh: Likewise.
* xtests/tst-pam_substack2.pamd: Likewise.
* xtests/tst-pam_substack2a.pamd: Likewise.
* xtests/tst-pam_substack2.sh: Likewise.
* xtests/tst-pam_substack3.pamd: Likewise.
* xtests/tst-pam_substack3a.pamd: Likewise.
* xtests/tst-pam_substack3.sh: Likewise.
* xtests/tst-pam_substack4.pamd: Likewise.
* xtests/tst-pam_substack4a.pamd: Likewise.
* xtests/tst-pam_substack4.sh: Likewise.
* xtests/tst-pam_substack5.pamd: Likewise.
* xtests/tst-pam_substack5a.pamd: Likewise.
* xtests/tst-pam_substack5.sh: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfixes
Commit summary:
---------------
2006-07-24 Thorsten Kukuk <kukuk@thkukuk.de>
* doc/adg/Makefile.am: Add uninstall and distclean rules.
* doc/mwg/Makefile.am: Likewise.
* doc/sag/Makefile.am: Likewise.
2006-07-08 Daniel Richard G. <skunk@iskunk.org>
* conf/pam_conv1/Makefile.am: Fix rules for lex and yacc files.
* conf/pam_conv1/pam_conv.lex: Rename to ...
* conf/pam_conv1/pam_conv_l.l: ... this.
* conf/pam_conv1/pam_conv.y: Rename to ...
* conf/pam_conv1/pam_conv_y.y: ... this.
* configure.in: Add AC_HELP_STRING()s to various AC_ARG_ENABLE()
calls.
* doc/Makefile.am: Fix rule to install index.html.
* doc/adg/Makefile.am: Fix test usage.
* doc/mwg/Makefile.am: Likewise.
* doc/sag/Makefile.am: Likewise.
* doc/specs/Makefile.am: Fix rules for lex and yacc files.
* specs/parse.lex: Rename to ...
* doc/specs/parse_l.l: ... this.
* doc/specs/parse.y: Rename to ...
* doc/specs/parse_y.y: ... this.
* libpam/pam_account.c: Fix #if vs. #ifdef.
* libpam/pam_audit.c: Likewise.
* libpam/pam_auth.c: Likewise.
* libpam/pam_password.c: Likewise.
* libpam/pam_private.h: Likewise.
* libpam/pam_session.c: Likewise.
* libpam/pam_start.c: Likewise.
* libpam/pam_static.c: Fix "empty sourcefile" warning.
* modules/pam_limits/pam_limits.c: Check for __linux, too.
* modules/pam_userdb/Makefile.am: Don't run test if no
libdb available.
* tests/tst-dlopen.c: Include config.h.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2006-06-14 Thorsten Kukuk <kukuk@thkukuk.de>
* libpam/pam_handlers.c (extract_modulename): Use _pam_strdup
instead of strdup.
* libpam/pam_private.h: Remove _pam_strCMP.
* libpam/pam_misc.c: Likewise.
* libpam/pam_handlers.c: Replaced _pam_strCMP with strcasecmp.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Fix infrastructure and compile errors for PAM_STATIC (static modules):
2006-01-22 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_succeed_if/pam_succeed_if.c (pam_sm_acct_mgmt):
Add support for static modules.
* modules/pam_xauth/pam_xauth.c: Likewise.
* libpam/pam_handlers.c (_pam_add_handler): Add pamh to
_pam_open_static_handler call.
* libpam/pam_static.c (_pam_open_static_handler): Add pamh
as argument.
* libpam/pam_private.h: Adjust prototype.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Fix compiling of static version of shared libpam, libpamc and libpam_misc
libraries without assuming "--enable-static-modules do not make the modules
dynamically loadable".
2006-01-22 Thorsten Kukuk <kukuk@thkukuk.de>
* configure.in: Don't define PAM_DYNAMIC.
* libpam/pam_handlers.c: Get ride of PAM_DYNAMIC, don't
include pam_dynamic.h
* libpam/pam_dynamic.c: Don't include pam_dynamic.h,
exclude functions if we compile with PAM_STATIC.
* libpam/pam_dynamic.h: Remove.
* libpam/pam_private.h: Add function prototypes from pam_dynamic.h.
* libpam/Makefile.am: Bump version number of libpam, remove
pam_dynamic.h.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2006-01-13 Thorsten Kukuk <kukuk@thkukuk.de>
* libpam_misc/misc_conv.c (misc_conv): Fix strict aliasing
error.
* modules/pam_umask/pam_umask.c (search_key): Don't ignore
EOF/error return value from fgets().
* configure.in: Check for getline and getdelim
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2006-01-12 Steve Grubb <sgrubb@redhat.com>
* configure.in: Add check for audit library.
* libpam/Makefile.am (libpam_la_LDFLAGS): Add LIBAUDIT.
(libpam_la_SOURCES): Add pam_audit.c.
* libpam/pam_account.c (pam_acct_mgmt): Add _pam_auditlog() call.
* libpam/pam_auth.c (pam_authenticate), (pam_setcred): Likewise.
* libpam/pam_password.c (pam_chauthtok): Likewise.
* libpam/pam_session.c (pam_open_session),
(pam_close_session): Likewise.
* libpam/pam_private.h: Add audit_state member to pam_handle,
declare _pam_auditlog and _pam_audit_end.
* libpam/pam_start.c (pam_start): Initialize audit_state.
* libpam/pam_audit.c: New file with _pam_auditlog and _pam_audit_end
implementation.
* libpam/pam_end.c (pam_end): Add _pam_audit_end() call.
* NEWS: Note about added auditing.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
Replace _pam_system_log with pam_syslog.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
Add pam_syslog to unify log messages from PAM modules.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
cleanup the header files, don't include allways all other header files.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Mark missing strings for translations (login and password)
Fix \a problem with pot/po files
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
Change major version number back to "0".
Add more patches from ALT-Linux/OWL:
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
Rename _pam_aconf.h to config.h.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
Set PAM_DEFAULT_PROMPT to "login: " as already done by all
Linux distributors.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit:
Commit summary:
---------------
bugfix: Add parts of Steve Grubb's resource leak and other fixes
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Legacy behavior for pam_close_session and pam_setcred was not sufficient.
Basically, it appears to be common practice for some applications to call
these functions without first calling pam_authenticate and pam_open_session
which would have frozen the auth and session module stacks.
The new behavior is to treat the returns of these secondary functions as
authoritative when navigating the stack in the absence of a chain-freezing
first set of calls.
pam_chauthtok should not benefit from this behavior, and there does not
appear to be a justification for using an event like this to freeze the
stack outright - legacy behavior did not do that.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
This bugfix leads to backwardly incompatable behavior with earlier
releases of Linux-PAM.
Note, this cleans up the setcred/session and chauthtok stacks in
such a way that it is no longer preferred that the setcred module
always return the same error code as the auth components of said
modules did.
This means behavior should be a great deal more sane. It also gives
meaning to the unique return codes that are available to pam_sm_setcred.
[I'm sure that when we add support for credential relevant events,
this change will be critical.]
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature + documentation
Commit summary:
---------------
Cleaned up the handling of AUTHTOK items and pam_[gs]et_data() functions.
Added more clear documentation about the pam_[gs]et_item() functions to
the pam_appl and pam_modules programmer guides.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: autoconf support for Linux-PAM
Commit summary:
---------------
This is a merge of the autoconf support that was developed against
a 0-72 branch.
[Note, because CVS has some issues, this is actually only 95% of
the actual commit. The other files were actually committed when
the preparation branch Linux-PAM-0-73pre-autoconf was updated.
Hopefully, this will complete the merge.]
|
| |
|
