| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
| |
SELinux expects canonical user name for example without domain component.
* modules/pam_selinux/pam_selinux.c (compute_exec_context): Canonicalize user name with pam_modutil_getpwnam().
|
| |
|
|
|
| |
modules/pam_selinux/pam_selinux.c (manual_context): Drop function.
(compute_exec_context): Drop manual_context() call.
|
| |
|
|
|
|
|
|
| |
modules/pam_selinux/pam_selinux.c (send_audit_message): Obtain tty and
rhost from PAM items and pass them to audit.
modules/pam_tally2/pam_tally2.c (tally_check): Obtain tty and
rhost from PAM items and pass them to audit.
(main): Obtain tty name of stdin and pass it to audit.
|
| |
|
|
|
| |
* modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Add new
"restore" option.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* modules/pam_selinux/pam_selinux.c (security_restorelabel_tty,
security_label_tty): Remove old functions.
(module_data_t): New structure.
(free_module_data, cleanup, get_module_data, get_item,
set_exec_context, set_file_context, compute_exec_context,
compute_tty_context, restore_context, set_context,
create_context): New functions.
(pam_sm_authenticate, pam_sm_setcred, pam_sm_open_session,
pam_sm_close_session): Use them.
|
| |
|
|
|
|
| |
Cleanup trailing whitespaces, indentation that uses spaces before tabs,
and blank lines at EOF. Make the project free of warnings reported by
git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2011-03-17 Tomas Mraz <tm@t8m.info>
* modules/pam_selinux/pam_selinux.c (config_context): Fix leak of type.
(manual_context): Likewise.
(context_from_env): Remove extraneous auditing in success case.
* modules/pam_unix/support.c (_unix_run_helper_binary): Remove extra
close() call.
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-12-21 Tomas Mraz <tm@t8m.info>
* modules/pam_selinux/pam_selinux.c (mls_range_allowed): Unhardcode
values for security class and av permission bit.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-11-11 Tomas Mraz <tm@t8m.info>
* modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Fix
potential use after free in case SELinux is misconfigured.
* modules/pam_namespace/pam_namespace.c (process_line): Fix memory
leak when parsing empty config file lines.
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2010-10-19 Dmitry V. Levin <ldv@altlinux.org>
* modules/pam_selinux/pam_selinux.c (verbose_message): Remove.
(pam_sm_open_session): Call send_text() instead of verbose_message().
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-07 Dmitry V. Levin <ldv@altlinux.org>
* modules/pam_selinux/pam_selinux.c (verbose_message): Fix format
string.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-12-17 Tomas Mraz <t8m@centrum.cz>
* modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Do
not abort on unknown option. Avoid double free of old_status.
(pam_sm_close_session): Use LOG_DEBUG for restored status message.
* configure.in: Test for getseuser().
* modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Call getseuser()
instead of getseuserbyname() if the function is available.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-07-11 Tomas Mraz <t8m@centrum.cz>
* modules/pam_selinux/pam_selinux.c (config_context): Do not
ask for the level if use_current_range is set.
(context_from_env): New function to obtain the context from
PAM environment variables.
(pam_sm_open_session): Call context_from_env() if env_params option
is present. use_current_range now modifies behavior of the
context_from_env and config_context options.
* modules/pam_selinux/pam_selinux.8.xml: Describe the env_params
option. Adjust description of use_current_range option.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2008-05-02 Tomas Mraz <t8m@centrum.cz>
* modules/pam_selinux/pam_selinux.c(query_response): Add handling
for NULL response.
(manual_context): Handle failed query_response() properly. Rename
variable responses to response which is more correct name.
(config_context): Likewise.
(pam_sm_open_session): Do not base decision on whether there is a tty.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-04-22 Tomas Mraz <t8m@centrum.cz>
* modules/pam_selinux/pam_selinux.c(pam_sm_close_sesion): Fix
regression from the change from 2008-03-20. setexeccon() must be
called also with NULL prev_context.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-03-20 Tomas Mraz <t8m@centrum.cz>
* modules/pam_namespace/pam_namespace.c(poly_name): Switch to USER
method only when appropriate.
(setup_namespace): Do not umount when not mounted with RUSER.
* modules/pam_selinux/pam_selinux.c(pam_sm_close_session): Call
freecontext() after the context is logged not before.
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: translations
Commit summary:
---------------
2008-03-03 Tomas Mraz <t8m@centrum.cz>
* modules/pam_selinux/pam_selinux.c: Do not translate syslog messages.
* po/Linux-PAM.pot: Update.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2007-06-15 Tomas Mraz <t8m@centrum.cz>
* modules/pam_selinux/pam_selinux.8.xml: Remove multiple option,
add select_context and use_current_range options.
* modules/pam_selinux/pam_selinux.c (send_audit_message): Added
function for auditing role/level changes.
(query_response): Add default response.
(select_context): Removed.
(manual_context): Query only role and level.
(mls_range_allowed): Added function for range check.
(config_context): Added function for role and level override.
(pam_sm_open_session): Remove multiple option, add select_context
and use_current_range_options. Use getseuserbyname to obtain
SELinux user and level. Audit role/level changes. Call setkeycreatecon
to assign key creation context. Don't fail on errors when SELinux
is not in enforcing mode.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
* modules/pam_selinux/pam_selinux.c (security_label_tty): Don't log
relabelling error when the tty device doesn't exist (ENOENT).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2006-06-18 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_selinux/Makefile.am: Include Make.xml.rules.
* modules/pam_selinux/pam_selinux.8.xml: New.
* modules/pam_selinux/pam_selinux.8: Regenerated from xml file.
* modules/pam_selinux/README.xml: New.
* modules/pam_selinux/README: Regenerated from xml file.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2005-11-24 Dmitry V. Levin <ldv@altlinux.org>
* configure.in: Do not check for strerror.
* libpam_misc/misc_conv.c (read_string): Replace strerror()
call with %m specifier.
* libpamc/pamc_converse.c (pamc_converse): Likewise.
* modules/pam_echo/pam_echo.c (pam_echo): Likewise.
* modules/pam_localuser/pam_localuser.c (pam_sm_authenticate):
Likewise.
* modules/pam_selinux/pam_selinux.c (security_label_tty):
Likewise.
(security_restorelabel_tty, security_label_tty): Append %m
specifier where appropriate.
* modules/pam_selinux/pam_selinux_check.c (main): Replace
strerror() call with %m specifier.
* modules/pam_unix/pam_unix_passwd.c (save_old_password,
_update_passwd, _update_shadow): Likewise.
* modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
* modules/pam_unix/unix_chkpwd.c (_update_shadow): Likewise.
* po/Linux-PAM.pot: Update strings from pam_selinux.
* po/cs.po: Likewise.
* po/de.po: Likewise.
* po/es.po: Likewise.
* po/fi.po: Likewise.
* po/fr.po: Likewise.
* po/hu.po: Likewise.
* po/it.po: Likewise.
* po/ja.po: Likewise.
* po/nb.po: Likewise.
* po/pa.po: Likewise.
* po/pl.po: Likewise.
* po/pt.po: Likewise.
* po/pt_BR.po: Likewise.
* po/zh_CN.po: Likewise.
* po/zh_TW.po: Likewise.
|
| |
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
Moved functions from pammodutil to libpam.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
Added PAM_NONNULL attributes to some public API (by ldv)
Removed const qualifiers from pam_get_item, pam_get_data to comply
with spec
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
Move pam_selinux_check.c code from pam_selinux.c to main fail.
Replace syslog with pam_syslog
Use pam_prompt instead of conv() functions.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
cleanup the header files, don't include allways all other header files.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
Mark message strings for translation
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
Rename _pam_aconf.h to config.h.
|
| |
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
Remove duplicate/wrong place of _pam_aconf.h inclusion
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
Fix all occurrence of dereferencing type-punned pointer will break
strict-aliasing rules warnings
|
|
|
Purpose of commit: new feature
Commit summary:
---------------
Add pam_selinux module
|
