| Commit message (Collapse) | Author | Age |
|---|
| |
|
| |
* modules/pam_cracklib/pam_cracklib.c (simple): Apply the maxclassrepeat when greater than 0.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Linux-PAM. It was never official supported and was broken since years.
* configure.ac: Remove --enable-static-modules option.
* doc/man/pam_sm_acct_mgmt.3.xml: Remove PAM_EXTERN.
* doc/man/pam_sm_authenticate.3.xml: Likewise.
* doc/man/pam_sm_chauthtok.3.xml: Likewise.
* doc/man/pam_sm_close_session.3.xml: Likewise.
* doc/man/pam_sm_open_session.3.xml: Likewise.
* doc/man/pam_sm_setcred.3.xml: Likewise.
* libpam/Makefile.am: Remove STATIC_MODULES cases.
* libpam/include/security/pam_modules.h: Remove PAM_STATIC parts.
* libpam/pam_dynamic.c: Likewise.
* libpam/pam_handlers.c: Likewise.
* libpam/pam_private.h: Likewise.
* libpam/pam_static.c: Remove file.
* libpam/pam_static_modules.h: Remove header file.
* modules/pam_access/pam_access.c: Remove PAM_EXTERN and PAM_STATIC parts.
* modules/pam_cracklib/pam_cracklib.c: Likewise.
* modules/pam_debug/pam_debug.c: Likewise.
* modules/pam_deny/pam_deny.c: Likewise.
* modules/pam_echo/pam_echo.c: Likewise.
* modules/pam_env/pam_env.c: Likewise.
* modules/pam_exec/pam_exec.c: Likewise.
* modules/pam_faildelay/pam_faildelay.c: Likewise.
* modules/pam_filter/pam_filter.c: Likewise.
* modules/pam_ftp/pam_ftp.c: Likewise.
* modules/pam_group/pam_group.c: Likewise.
* modules/pam_issue/pam_issue.c: Likewise.
* modules/pam_keyinit/pam_keyinit.c: Likewise.
* modules/pam_lastlog/pam_lastlog.c: Likewise.
* modules/pam_limits/pam_limits.c: Likewise.
* modules/pam_listfile/pam_listfile.c: Likewise.
* modules/pam_localuser/pam_localuser.c: Likewise.
* modules/pam_loginuid/pam_loginuid.c: Likewise.
* modules/pam_mail/pam_mail.c: Likewise.
* modules/pam_mkhomedir/pam_mkhomedir.c: Likewise.
* modules/pam_motd/pam_motd.c: Likewise.
* modules/pam_namespace/pam_namespace.c: Likewise.
* modules/pam_nologin/pam_nologin.c: Likewise.
* modules/pam_permit/pam_permit.c: Likewise.
* modules/pam_pwhistory/pam_pwhistory.c: Likewise.
* modules/pam_rhosts/pam_rhosts.c: Likewise.
* modules/pam_rootok/pam_rootok.c: Likewise.
* modules/pam_securetty/pam_securetty.c: Likewise.
* modules/pam_selinux/pam_selinux.c: Likewise.
* modules/pam_sepermit/pam_sepermit.c: Likewise.
* modules/pam_shells/pam_shells.c: Likewise.
* modules/pam_stress/pam_stress.c: Likewise.
* modules/pam_succeed_if/pam_succeed_if.c: Likewise.
* modules/pam_tally/pam_tally.c: Likewise.
* modules/pam_tally2/pam_tally2.c: Likewise.
* modules/pam_time/pam_time.c: Likewise.
* modules/pam_timestamp/pam_timestamp.c: Likewise.
* modules/pam_tty_audit/pam_tty_audit.c: Likewise.
* modules/pam_umask/pam_umask.c: Likewise.
* modules/pam_userdb/pam_userdb.c: Likewise.
* modules/pam_warn/pam_warn.c: Likewise.
* modules/pam_wheel/pam_wheel.c: Likewise.
* modules/pam_xauth/pam_xauth.c: Likewise.
* modules/pam_unix/Makefile.am: Remove STATIC_MODULES part.
* modules/pam_unix/pam_unix_acct.c: Remove PAM_STATIC part.
* modules/pam_unix/pam_unix_auth.c: Likewise.
* modules/pam_unix/pam_unix_passwd.c: Likewise.
* modules/pam_unix/pam_unix_sess.c: Likewise.
* modules/pam_unix/pam_unix_static.c: Removed.
* modules/pam_unix/pam_unix_static.h: Removed.
* po/POTFILES.in: Remove removed files.
* tests/tst-dlopen.c: Remove PAM_STATIC part.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is no need to copy strings passed as arguments to execve,
the only potentially noticeable effect of using strdup/x_strdup
would be a malformed argument list in case of memory allocation error.
Also, x_strdup, being a thin wrapper around strdup, is of no benefit
when its argument is known to be non-NULL, and should not be used in
such cases.
* modules/pam_cracklib/pam_cracklib.c (password_check): Use strdup
instead of x_strdup, the latter is of no benefit in this case.
* modules/pam_ftp/pam_ftp.c (lookup): Likewise.
* modules/pam_userdb/pam_userdb.c (user_lookup): Likewise.
* modules/pam_userdb/pam_userdb.h (x_strdup): Remove.
* modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Do not use
x_strdup for strings passed as arguments to execve.
* modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Likewise.
* modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): Likewise.
* modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
(_unix_verify_password): Use strdup instead of x_strdup, the latter
is of no benefit in this case.
* modules/pam_xauth/pam_xauth.c (run_coprocess): Do not use strdup for
strings passed as arguments to execv.
|
| |
|
|
|
|
|
| |
modules/pam_cracklib/pam_cracklib.c (_pam_parse): Parse the maxsequence option.
(sequence): New function to check for too long monotonic sequence of characters.
(password_check): Call the sequence().
modules/pam_cracklib/pam_cracklib.8.xml: Document the maxsequence check.
|
| |
|
|
|
|
| |
modules/pam_cracklib/pam_cracklib.c (_pam_parse): Recognize the enforce_for_root option.
(pam_sm_chauthtok): Enforce errors for root with the option.
modules/pam_cracklib/pam_cracklib.8.xml: Document the enforce_for_root option.
|
| |
|
|
|
|
|
|
|
|
| |
modules/pam_cracklib/pam_cracklib.c (_pam_parse): Recognize the maxclassrepeat, gecoscheck options. Ignore difignore option.
(simple): Add the check for the same class repetition.
(usercheck): Refactor into wordcheck().
(gecoscheck): New test for words from the GECOS field.
(password_check): Call the gecoscheck().
(pam_sm_chauthtok): Drop the diff_ignore from options struct.
modules/pam_cracklib/pam_cracklib.8.xml: Document the maxclassrepeat and gecoscheck checks, update the documentation of the difok test.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: regression fix
Commit summary:
---------------
2009-11-10 Thorsten Kukuk <kukuk@suse.de>
* doc/man/pam_get_authtok.3.xml: Document pam_get_authtok_noverify
and pam_get_authtok_verify.
* libpam/Makefile.am (libpam_la_LDFLAGS): Bump revesion of libpam.
* libpam/pam_get_authtok.c (pam_get_authtok_internal): Renamed
from pam_get_authtok, add flags argument, always check return
values.
* modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Use
pam_get_authtok_noverify and pam_get_authtok_verify.
* libpam/include/security/pam_ext.h: Add prototypes for
pam_get_authtok_noverify and pam_get_authtok_verify.
* libpam/libpam.map: Add new pam_get_authtok_* functions.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2009-07-21 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Delete
new token if it does not match strength criteria.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-12-10 Thorsten Kukuk <kukuk@thkukuk.de>
* doc/man/pam_item_types_ext.inc.xml: Document PAM_AUTHTOK_TYPE.
* libpam/pam_end.c (pam_end): Free authtok_type.
* tests/tst-pam_get_item.c: Add PAM_AUTHTOK_TYPE
as test case.
* tests/tst-pam_set_item.c: Likewise.
* libpam/pam_start.c (pam_start): Initialize xdisplay,
xauth and authtok_type.
* libpam/pam_get_authtok.c (pam_get_authtok): Rename "type"
to "authtok_type".
* modules/pam_cracklib/pam_cracklib.8.xml: Replace "type=" with
"authtok_type=".
* doc/man/pam_get_authtok.3.xml: Document authtok_type argument.
* modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Set
type= argument as PAM_AUTHTOK_TYPE item.
* libpam/pam_get_authtok.c (pam_get_authtok): If no type
argument given, use PAM_AUTHTOK_TYPE item.
* libpam/pam_item.c (pam_get_item): Fetch PAM_AUTHTOK_TYPE item.
(pam_set_item): Store PAM_AUTHTOK_TYPE item.
* libpam/pam_private.h: Add authtok_type to pam_handle.
* libpam/include/security/_pam_types.h (PAM_AUTHTOK_TYPE): New.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-12-03 Thorsten Kukuk <kukuk@suse.de>
* doc/man/Makefile.am: Add pam_get_authtok.3.xml.
* doc/man/pam_get_authtok.3.xml: New.
* libpam/Makefile.am: Add pam_get_authtok.c.
* libpam/libpam.map: Export pam_get_authtok.
* libpam/pam_get_authtok.c: New.
* libpam/pam_private.h: Add mod_argc and mod_argv to pam_handle.
* libpam_include/security/pam_ext.h: Add pam_get_authtok
prototype.
* modules/pam_cracklib/pam_cracklib.c: Use pam_get_authtok.
* modules/pam_pwhistory/pam_pwhistory.c: Likewise.
* po/POTFILES.in: Add libpam/pam_get_authtok.c.
* xtests/tst-pam_cracklib1.c: Adjust error codes.
* modules/pam_timestamp/Makefile.am: Remove hmactest.c from
EXTRA_DIST.
* po/*.po: Regenerated.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-11-29 Thorsten Kukuk <kukuk@thkukuk.de>
* configure.in: Check for xcrypt.h, fix typo in libaudit check.
* modules/pam_cracklib/pam_cracklib.c: Include xcrypt.h if
available.
* modules/pam_unix/bigcrypt.c: Likewise.
* modules/pam_unix/passverify.c: Likewise.
* modules/pam_userdb/pam_userdb.c: Likewise.
Patch from Diego Flameeyes Pettenò <flameeyes@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-11-24 Tomas Mraz <t8m@centrum.cz>
* modules/pam_cracklib/pam_cracklib.c(pam_sm_chauthtok): Fix leaks
in error path.
* modules/pam_env/pam_env.c(_parse_env_file): Remove superfluous
condition.
* modules/pam_group/pam_group.c(check_account): Fix leak
in error path.
* modules/pam_listfile/pam_listfile.c(pam_sm_authenticate): Fix leak
in error path.
* modules/pam_securetty/pam_securetty.c(securetty_perform_check): Remove
superfluous condition.
* modules/pam_stress/pam_stress.c(stress_get_password,pam_sm_authenticate):
Remove superfluous conditions.
(pam_sm_chauthtok): Fix mistaken && for &.
* modules/pam_unix/pam_unix_auth.c(pam_sm_authenticate): Remove
superfluous condition.
All the problems fixed in this commit were found by Steve Grubb.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit:
Commit summary:
---------------
2008-10-10 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass):
Remove check for re-used passwords.
* modules/pam_cracklib/pam_cracklib.8.xml: Remove documentation
of re-used password check.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-09-19 Tomas Mraz <t8m@centrum.cz>
* modules/pam_cracklib/pam_cracklib.8.xml: Fix description
of the palindrome test. Document new options maxrepeat and
reject_username.
* modules/pam_cracklib/pam_cracklib.c(_pam_parse): Parse
the maxrepeat and reject_username options.
(password_check): Call the new tests usercheck() and
consecutive().
(_pam_unix_approve_pass): Pass user name to the password_check().
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-04-16 Tomas Mraz <t8m@centrum.cz>
* modules/pam_cracklib/pam_cracklib.c(_pam_parse): Recognize also
try_first_pass and use_first_pass options.
(pam_sm_chauthtok): Implement the new options.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2008-03-05 Tomas Mraz <t8m@centrum.cz>
* modules/pam_cracklib/pam_cracklib.c(pam_sm_chauthtok): Avoid
unnecessary x_strdup() of resp.
* modules/pam_ftp/pam_ftp(pam_sm_authenticate): Call _pam_overwrite()
before dropping password resp.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2007-08-30 Steve Langasek <vorlon@debian.org>
* modules/pam_cracklib/pam_cracklib.c:
s/CRACKLIB_DICT/CRACKLIB_DICTS/, for consistency with existing
#define in pam_unix
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2007-08-29 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_rhosts/pam_rhosts_auth.c: buflen needs to be size_t.
(__icheckhost): Cast to int32_t to fix limited range error.
* modules/pam_cracklib/pam_cracklib.c: Mark cracklib_dictpath
as const.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2007-08-28 Steve Langasek <vorlon@debian.org>
* configure.in: call AC_CHECK_HEADERS instead of AC_CHECK_HEADER
for crack.h, so we get a HAVE_CRACK_H define.
* modules/pam_cracklib/pam_cracklib.c: don't copy around the
cracklib dictpath into a fixed-width buffer, when we can just
point at the existing strings; and allow users to override the
default cracklib path with -DCRACKLIB_DICT, required for
compatibility with cracklib 2.7.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new features
Commit summary:
---------------
2007-06-20 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_cracklib/pam_cracklib.8.xml: Document new minclass
option.
* modules/pam_cracklib/pam_cracklib.c: Add support for minimum
character classes [#1688777]. Based on patch from Keith Schincke.
* xtests/tst-pam_cracklib2.c: New, test case for minclass option.
* xtests/tst-pam_cracklib2.pamd: New, PAM config file for test case.
* xtests/Makefile.am: Add new testcase.
* xtests/pam_cracklib.c: Fix comment what this application tests.
* configure.in: Use /lib64 on x86-64, ppc64, s390x, sparc64
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2007-03-29 Tomas Mraz <t8m@centrum.cz>
* modules/pam_access/pam_access.c (login_access, list_match):
Replace strtok with strtok_r.
* modules/pam_cracklib/pam_cracklib.c (check_old_password):
Likewise.
* modules/pam_ftp/pam_ftp.c (lookup, pam_authenticate):
Likewise.
* modules/pam_unix/pam_unix_passwd.c (check_old_password,
save_old_password): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2006-11-07 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_cracklib/pam_cracklib.c: PAM_DEBUG_ARG
is a bit mask and not a boolean value (Reported by
Jochen Voss <voss@seehuhn.de>).
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2006-08-28 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Remove
duplicate code.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2006-08-24 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Check
for error from getting second token.
* xtests/Makefile.am: Add tst-pam_cracklib1
* xtests/tst-pam_cracklib1.c: New, check for pam_cracklib seg.fault.
* xtests/tst-pam_cracklib1.pamd: New, config for cracklib test.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfixes
Commit summary:
---------------
2006-05-22 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_listfile/pam_listfile.c (pam_sm_authenticate):
Fix memory leaks, [#1490956] found by Coverity.
* modules/pam_tally/pam_tally.c (pam_get_uid): Check return
value of pam_get_user().
(tally_get_data): Check if oldtime is not NULL.
[#1489818] found by Coverity.
* modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Don't
ignore return value of stat(). [#1489808] found by Coverity.
* modules/pam_mail/pam_mail.c (get_folder): Fix a potential
NULL pointer dereference. [#1489792] found by Coverity.
* libpam/Makefile.am: bump release number of libpam.so.
* libpam/pam_misc.c (_pam_mkargv): Fix memory leak,
[#1489804] found by Coverity.
* modules/pam_echo/pam_echo.c (replace_and_print): Initialize
str, [#1489658] found by Coverity.
* modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Fix
a potential NULL pointer dereference.
(pam_sm_chauthtok): Remove dead code.
[#1489634] found by Coverity.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2006-01-08 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_cracklib/pam_cracklib.c: Use PAM_AUTHTOK_RECOVERY_ERR
instead of PAM_AUTHTOK_RECOVER_ERR.
* modules/pam_pwdb/support.-c: Likewise.
* modules/pam_unix/support.c: Likewise.
* modules/pam_userdb/pam_userdb.c (pam_sm_authenticate): Likewise.
* libpam/pam_strerror.c (pam_strerror): Likewise.
* libpam/include/security/_pam_compat.h: Define
PAM_AUTHTOK_RECOVER_ERR for backward compatibility.
* libpam/include/security/_pam_types.h: Rename
PAM_AUTHTOK_RECOVER_ERR to PAM_AUTHTOK_RECOVERY_ERR.
|
| |
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
More translatable strings in pam_cracklib.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
use pam_syslog instead of _pam_log
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
pam_cracklib:
- Make cracklib dict path an option
- Don't compile a hard path to cracklib dict, libcrack knows it better
- Use pam_prompt().
With this, pam_cracklib should work again after moving to automake.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
Big "automake/autoconf/libtool" commit
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
Rename _pam_aconf.h to config.h.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
Fix all occurrence of dereferencing type-punned pointer will break
strict-aliasing rules warnings
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit:
Commit summary:
---------------
bugfix: Add parts of Steve Grubb's resource leak and other fixes
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit:
Commit summary:
---------------
bugfix: First round of Linux distributor patch merges
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit:
Commit summary:
---------------
bugfix: merge with BerliOS
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: improved feature
Commit summary:
---------------
Replace the 'similar' function with a real distance algorithm. (From Harald
Welte and Nalin).
Also fix a typo that somehow slipped through an earlier checkin. [Bug 476947].
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
be more confident that strings are being initialized correctly
from Nalin.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
pam_cracklib enhancements to make use of negative limits.
Werner Puschitz gets brownie points for submitting documentation to
match!
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
On systems that have a separate libcrypt. This module needed to be
linked against it.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
fixed the bogus logic in 'similiar' (renamed it to similar) and
documented the new override argument: difignore.
|
| |
|
