summaryrefslogtreecommitdiff
path: root/modules/pam_selinux
Commit message (Collapse)AuthorAge
* Remove "--enable-static-modules" option and support fromThorsten Kukuk2016-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Linux-PAM. It was never official supported and was broken since years. * configure.ac: Remove --enable-static-modules option. * doc/man/pam_sm_acct_mgmt.3.xml: Remove PAM_EXTERN. * doc/man/pam_sm_authenticate.3.xml: Likewise. * doc/man/pam_sm_chauthtok.3.xml: Likewise. * doc/man/pam_sm_close_session.3.xml: Likewise. * doc/man/pam_sm_open_session.3.xml: Likewise. * doc/man/pam_sm_setcred.3.xml: Likewise. * libpam/Makefile.am: Remove STATIC_MODULES cases. * libpam/include/security/pam_modules.h: Remove PAM_STATIC parts. * libpam/pam_dynamic.c: Likewise. * libpam/pam_handlers.c: Likewise. * libpam/pam_private.h: Likewise. * libpam/pam_static.c: Remove file. * libpam/pam_static_modules.h: Remove header file. * modules/pam_access/pam_access.c: Remove PAM_EXTERN and PAM_STATIC parts. * modules/pam_cracklib/pam_cracklib.c: Likewise. * modules/pam_debug/pam_debug.c: Likewise. * modules/pam_deny/pam_deny.c: Likewise. * modules/pam_echo/pam_echo.c: Likewise. * modules/pam_env/pam_env.c: Likewise. * modules/pam_exec/pam_exec.c: Likewise. * modules/pam_faildelay/pam_faildelay.c: Likewise. * modules/pam_filter/pam_filter.c: Likewise. * modules/pam_ftp/pam_ftp.c: Likewise. * modules/pam_group/pam_group.c: Likewise. * modules/pam_issue/pam_issue.c: Likewise. * modules/pam_keyinit/pam_keyinit.c: Likewise. * modules/pam_lastlog/pam_lastlog.c: Likewise. * modules/pam_limits/pam_limits.c: Likewise. * modules/pam_listfile/pam_listfile.c: Likewise. * modules/pam_localuser/pam_localuser.c: Likewise. * modules/pam_loginuid/pam_loginuid.c: Likewise. * modules/pam_mail/pam_mail.c: Likewise. * modules/pam_mkhomedir/pam_mkhomedir.c: Likewise. * modules/pam_motd/pam_motd.c: Likewise. * modules/pam_namespace/pam_namespace.c: Likewise. * modules/pam_nologin/pam_nologin.c: Likewise. * modules/pam_permit/pam_permit.c: Likewise. * modules/pam_pwhistory/pam_pwhistory.c: Likewise. * modules/pam_rhosts/pam_rhosts.c: Likewise. * modules/pam_rootok/pam_rootok.c: Likewise. * modules/pam_securetty/pam_securetty.c: Likewise. * modules/pam_selinux/pam_selinux.c: Likewise. * modules/pam_sepermit/pam_sepermit.c: Likewise. * modules/pam_shells/pam_shells.c: Likewise. * modules/pam_stress/pam_stress.c: Likewise. * modules/pam_succeed_if/pam_succeed_if.c: Likewise. * modules/pam_tally/pam_tally.c: Likewise. * modules/pam_tally2/pam_tally2.c: Likewise. * modules/pam_time/pam_time.c: Likewise. * modules/pam_timestamp/pam_timestamp.c: Likewise. * modules/pam_tty_audit/pam_tty_audit.c: Likewise. * modules/pam_umask/pam_umask.c: Likewise. * modules/pam_userdb/pam_userdb.c: Likewise. * modules/pam_warn/pam_warn.c: Likewise. * modules/pam_wheel/pam_wheel.c: Likewise. * modules/pam_xauth/pam_xauth.c: Likewise. * modules/pam_unix/Makefile.am: Remove STATIC_MODULES part. * modules/pam_unix/pam_unix_acct.c: Remove PAM_STATIC part. * modules/pam_unix/pam_unix_auth.c: Likewise. * modules/pam_unix/pam_unix_passwd.c: Likewise. * modules/pam_unix/pam_unix_sess.c: Likewise. * modules/pam_unix/pam_unix_static.c: Removed. * modules/pam_unix/pam_unix_static.h: Removed. * po/POTFILES.in: Remove removed files. * tests/tst-dlopen.c: Remove PAM_STATIC part.
* pam_selinux: canonicalize user nameTomas Mraz2014-03-11
| | | | | | SELinux expects canonical user name for example without domain component. * modules/pam_selinux/pam_selinux.c (compute_exec_context): Canonicalize user name with pam_modutil_getpwnam().
* pam_selinux: Drop obsolete and unsupported manual context selection.Tomas Mraz2012-11-30
| | | | | modules/pam_selinux/pam_selinux.c (manual_context): Drop function. (compute_exec_context): Drop manual_context() call.
* pam_selinux, pam_tally2: Add tty and rhost to audit data.Tomas Mraz2012-09-06
| | | | | | | | modules/pam_selinux/pam_selinux.c (send_audit_message): Obtain tty and rhost from PAM items and pass them to audit. modules/pam_tally2/pam_tally2.c (tally_check): Obtain tty and rhost from PAM items and pass them to audit. (main): Obtain tty name of stdin and pass it to audit.
* pam_selinux.8.xml: updateDmitry V. Levin2011-11-03
| | | | | | | | | | | * modules/pam_selinux/pam_selinux.8.xml (pam_selinux-cmdsynopsis): Reorder options, add new "restore" option. pam_selinux-description): Rewrite. (pam_selinux-options): Reorder options, describe new "restore" option. (pam_selinux-return_values): Remove PAM_AUTH_ERR, PAM_SESSION_ERR and PAM_BUF_ERR. (pam_selinux-see_also): Remove pam.conf(5). Add execve(2), tty(4) and selinux(8).
* pam_selinux.c: add "restore" optionDmitry V. Levin2011-11-03
| | | | | * modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Add new "restore" option.
* pam_selinux.c: rewrite using pam_get_data/pam_set_dataDmitry V. Levin2011-11-03
| | | | | | | | | | | | * modules/pam_selinux/pam_selinux.c (security_restorelabel_tty, security_label_tty): Remove old functions. (module_data_t): New structure. (free_module_data, cleanup, get_module_data, get_item, set_exec_context, set_file_context, compute_exec_context, compute_tty_context, restore_context, set_context, create_context): New functions. (pam_sm_authenticate, pam_sm_setcred, pam_sm_open_session, pam_sm_close_session): Use them.
* Use libpam.la/libpam_misc.la to link with -lpam/-lpam_miscDmitry V. Levin2011-10-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | GNU automake documentation recommends to avoid using -l options in LDADD or LIBADD when referring to libraries built by the package. Instead, it recommends to write the file name of the library explicitly, and use -l option only to list third-party libraries. As result, the default value of *_DEPENDENCIES will list all local libraries and omit the other ones. * modules/pam_access/Makefile.am (pam_access_la_LIBADD): Replace "-L$(top_builddir)/libpam -lpam" with "$(top_builddir)/libpam/libpam.la", to follow GNU automake recommendations. * modules/pam_cracklib/Makefile.am (pam_cracklib_la_LIBADD): Likewise. * modules/pam_debug/Makefile.am (pam_debug_la_LIBADD): Likewise. * modules/pam_deny/Makefile.am (pam_deny_la_LIBADD): Likewise. * modules/pam_echo/Makefile.am (pam_echo_la_LIBADD): Likewise. * modules/pam_env/Makefile.am (pam_env_la_LIBADD): Likewise. * modules/pam_exec/Makefile.am (pam_exec_la_LIBADD): Likewise. * modules/pam_faildelay/Makefile.am (pam_faildelay_la_LIBADD): Likewise. * modules/pam_filter/Makefile.am (pam_filter_la_LIBADD): Likewise. * modules/pam_filter/upperLOWER/Makefile.am (LDADD): Likewise. * modules/pam_ftp/Makefile.am (pam_ftp_la_LIBADD): Likewise. * modules/pam_group/Makefile.am (pam_group_la_LIBADD): Likewise. * modules/pam_issue/Makefile.am (pam_issue_la_LIBADD): Likewise. * modules/pam_keyinit/Makefile.am (pam_keyinit_la_LIBADD): Likewise. * modules/pam_lastlog/Makefile.am (pam_lastlog_la_LIBADD): Likewise. * modules/pam_limits/Makefile.am (pam_limits_la_LIBADD): Likewise. * modules/pam_listfile/Makefile.am (pam_listfile_la_LIBADD): Likewise. * modules/pam_localuser/Makefile.am (pam_localuser_la_LIBADD): Likewise. * modules/pam_loginuid/Makefile.am (pam_loginuid_la_LIBADD): Likewise. * modules/pam_mail/Makefile.am (pam_mail_la_LIBADD): Likewise. * modules/pam_mkhomedir/Makefile.am (pam_mkhomedir_la_LIBADD, mkhomedir_helper_LDADD): Likewise. * modules/pam_motd/Makefile.am (pam_motd_la_LIBADD): Likewise. * modules/pam_namespace/Makefile.am (pam_namespace_la_LIBADD): Likewise. * modules/pam_nologin/Makefile.am (pam_nologin_la_LIBADD): Likewise. * modules/pam_permit/Makefile.am (pam_permit_la_LIBADD): Likewise. * modules/pam_pwhistory/Makefile.am (pam_pwhistory_la_LIBADD): Likewise. * modules/pam_rhosts/Makefile.am (pam_rhosts_la_LIBADD): Likewise. * modules/pam_rootok/Makefile.am (pam_rootok_la_LIBADD): Likewise. * modules/pam_securetty/Makefile.am (pam_securetty_la_LIBADD): Likewise. * modules/pam_sepermit/Makefile.am (pam_sepermit_la_LIBADD): Likewise. * modules/pam_shells/Makefile.am (pam_shells_la_LIBADD): Likewise. * modules/pam_stress/Makefile.am (pam_stress_la_LIBADD): Likewise. * modules/pam_succeed_if/Makefile.am (pam_succeed_if_la_LIBADD): Likewise. * modules/pam_tally/Makefile.am (pam_tally_la_LIBADD): Likewise. * modules/pam_tally2/Makefile.am (pam_tally2_la_LIBADD, pam_tally2_LDADD): Likewise. * modules/pam_time/Makefile.am (pam_time_la_LIBADD): Likewise. * modules/pam_timestamp/Makefile.am (pam_timestamp_la_LIBADD, pam_timestamp_check_LDADD, hmacfile_LDADD): Likewise. * modules/pam_tty_audit/Makefile.am (pam_tty_audit_la_LIBADD): Likewise. * modules/pam_umask/Makefile.am (pam_umask_la_LIBADD): Likewise. * modules/pam_unix/Makefile.am (pam_unix_la_LIBADD): Likewise. * modules/pam_userdb/Makefile.am (pam_userdb_la_LIBADD): Likewise. * modules/pam_warn/Makefile.am (pam_warn_la_LIBADD): Likewise. * modules/pam_wheel/Makefile.am (pam_wheel_la_LIBADD): Likewise. * modules/pam_xauth/Makefile.am (pam_xauth_la_LIBADD): Likewise. * tests/Makefile.am (LDADD): Likewise. * examples/Makefile.am (LDADD): Replace "-L$(top_builddir)/libpam -lpam" with "$(top_builddir)/libpam/libpam.la", and "-L$(top_builddir)/libpam_misc -lpam_misc" with "$(top_builddir)/libpam_misc/libpam_misc.la", to follow GNU automake recommendations. * xtests/Makefile.am (LDADD): Likewise. * modules/pam_selinux/Makefile.am (pam_selinux_la_LIBADD): Likewise.
* Fix usage of LIBADD, LDADD and LDFLAGSDmitry V. Levin2011-10-28
| | | | | | | | | | | | | | * modules/pam_selinux/Makefile.am: Rename pam_selinux_check_LDFLAGS to pam_selinux_check_LDADD. * modules/pam_userdb/Makefile.am: Split out pam_userdb_la_LIBADD from AM_LDFLAGS. * modules/pam_warn/Makefile.am: Split out pam_warn_la_LIBADD from AM_LDFLAGS. * modules/pam_wheel/Makefile.am: Split out pam_wheel_la_LIBADD from AM_LDFLAGS. * modules/pam_xauth/Makefile.am: split out pam_xauth_la_LIBADD from AM_LDFLAGS. * xtests/Makefile.am: Rename AM_LDFLAGS to LDADD.
* Update .gitignore filesDmitry V. Levin2011-10-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * .gitignore: Add common ignore patterns. * m4/.gitignore: Unignore local m4 files. * dynamic/.gitignore: Unignore Makefile. * libpamc/test/modules/.gitignore: Likewise. * libpamc/test/regress/.gitignore: Likewise. * po/.gitignore: Add Makevars.template. * conf/.gitignore: Remove common ignore patterns. * conf/pam_conv1/.gitignore: Likewise. * doc/.gitignore: Likewise. * doc/specs/.gitignore: Likewise. * doc/specs/formatter/.gitignore: Likewise. * examples/.gitignore: Likewise. * modules/pam_filter/upperLOWER/.gitignore: Likewise. * modules/pam_mkhomedir/.gitignore: Likewise. * modules/pam_selinux/.gitignore: Likewise. * modules/pam_stress/.gitignore: Likewise. * modules/pam_tally/.gitignore: Likewise. * modules/pam_tally2/.gitignore: Likewise. * modules/pam_timestamp/.gitignore: Likewise. * modules/pam_unix/.gitignore: Likewise. * tests/.gitignore: Likewise. * xtests/.gitignore: Likewise. * doc/adg/.gitignore: Remove. * doc/man/.gitignore: Remove. * doc/mwg/.gitignore: Remove. * doc/sag/.gitignore: Remove. * libpamc/.gitignore: Remove. * libpamc/test/.gitignore: Remove. * libpam/.gitignore: Remove. * libpam_misc/.gitignore: Remove. * modules/.gitignore: Remove. * modules/pam_access/.gitignore: Remove. * modules/pam_cracklib/.gitignore: Remove. * modules/pam_debug/.gitignore: Remove. * modules/pam_deny/.gitignore: Remove. * modules/pam_echo/.gitignore: Remove. * modules/pam_env/.gitignore: Remove. * modules/pam_exec/.gitignore: Remove. * modules/pam_faildelay/.gitignore: Remove. * modules/pam_filter/.gitignore: Remove. * modules/pam_ftp/.gitignore: Remove. * modules/pam_group/.gitignore: Remove. * modules/pam_issue/.gitignore: Remove. * modules/pam_keyinit/.gitignore: Remove. * modules/pam_lastlog/.gitignore: Remove. * modules/pam_limits/.gitignore: Remove. * modules/pam_listfile/.gitignore: Remove. * modules/pam_localuser/.gitignore: Remove. * modules/pam_loginuid/.gitignore: Remove. * modules/pam_mail/.gitignore: Remove. * modules/pam_motd/.gitignore: Remove. * modules/pam_namespace/.gitignore: Remove. * modules/pam_nologin/.gitignore: Remove. * modules/pam_permit/.gitignore: Remove. * modules/pam_pwhistory/.gitignore: Remove. * modules/pam_rhosts/.gitignore: Remove. * modules/pam_rootok/.gitignore: Remove. * modules/pam_securetty/.gitignore: Remove. * modules/pam_sepermit/.gitignore: Remove. * modules/pam_shells/.gitignore: Remove. * modules/pam_succeed_if/.gitignore: Remove. * modules/pam_time/.gitignore: Remove. * modules/pam_tty_audit/.gitignore: Remove. * modules/pam_umask/.gitignore: Remove. * modules/pam_userdb/.gitignore: Remove. * modules/pam_warn/.gitignore: Remove. * modules/pam_wheel/.gitignore: Remove. * modules/pam_xauth/.gitignore: Remove.
* Rename all .cvsignore files to .gitignoreDmitry V. Levin2011-10-27
|
* Fix whitespace issuesDmitry V. Levin2011-10-26
| | | | | | Cleanup trailing whitespaces, indentation that uses spaces before tabs, and blank lines at EOF. Make the project free of warnings reported by git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD
* Relevant BUGIDs:Tomas Mraz2011-03-17
| | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2011-03-17 Tomas Mraz <tm@t8m.info> * modules/pam_selinux/pam_selinux.c (config_context): Fix leak of type. (manual_context): Likewise. (context_from_env): Remove extraneous auditing in success case. * modules/pam_unix/support.c (_unix_run_helper_binary): Remove extra close() call.
* Relevant BUGIDs:Tomas Mraz2010-12-21
| | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-12-21 Tomas Mraz <tm@t8m.info> * modules/pam_selinux/pam_selinux.c (mls_range_allowed): Unhardcode values for security class and av permission bit.
* Relevant BUGIDs:Tomas Mraz2010-11-11
| | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-11-11 Tomas Mraz <tm@t8m.info> * modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Fix potential use after free in case SELinux is misconfigured. * modules/pam_namespace/pam_namespace.c (process_line): Fix memory leak when parsing empty config file lines.
* Relevant BUGIDs:Dmitry V. Levin2010-10-19
| | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2010-10-19 Dmitry V. Levin <ldv@altlinux.org> * modules/pam_selinux/pam_selinux.c (verbose_message): Remove. (pam_sm_open_session): Call send_text() instead of verbose_message().
* Relevant BUGIDs:Dmitry V. Levin2010-10-19
| | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-10-19 Dmitry V. Levin <ldv@altlinux.org> * modules/pam_selinux/Makefile.am (pam_selinux_la_LIBADD): Add @LIBAUDIT@.
* Relevant BUGIDs:Dmitry V. Levin2010-10-08
| | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-10-07 Dmitry V. Levin <ldv@altlinux.org> * modules/pam_selinux/pam_selinux.c (verbose_message): Fix format string.
* Relevant BUGIDs:Tomas Mraz2009-06-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2009-06-01 Ville Skyttä <ville.skytta@iki.fi> * modules/pam_limits/pam_limits.8.xml: Only *.conf files are parsed. Spelling fixes. * modules/pam_access/pam_access.8.xml: Spelling fixes. * modules/pam_cracklib/pam_cracklib.8.xml: Likewise. * modules/pam_echo/pam_echo.8.xml: Likewise. * modules/pam_env/pam_env.8.xml: Likewise. * modules/pam_exec/pam_exec.8.xml: Likewise. * modules/pam_filter/pam_filter.8.xml: Likewise. * modules/pam_ftp/pam_ftp.8.xml: Likewise. * modules/pam_group/pam_group.8.xml: Likewise. * modules/pam_issue/pam_issue.8.xml: Likewise. * modules/pam_lastlog/pam_lastlog.8.xml: Likewise. * modules/pam_listfile/pam_listfile.8.xml: Likewise. * modules/pam_localuser/pam_localuser.8.xml: Likewise. * modules/pam_loginuid/pam_loginuid.8.xml: Likewise. * modules/pam_mkhomedir/pam_mkhomedir.8.xml: Likewise. * modules/pam_motd/pam_motd.8.xml: Likewise. * modules/pam_namespace/pam_namespace.8.xml: Likewise. * modules/pam_pwhistory/pam_pwhistory.8.xml: Likewise. * modules/pam_selinux/pam_selinux.8.xml: Likewise. * modules/pam_succeed_if/pam_succeed_if.8.xml: Likewise. * modules/pam_tally/pam_tally.8.xml: Likewise. * modules/pam_tally2/pam_tally2.8.xml: Likewise. * modules/pam_time/pam_time.8.xml: Likewise. * modules/pam_timestamp/pam_timestamp.8.xml: Likewise. * modules/pam_timestamp/pam_timestamp_check.8.xml: Likewise. * modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise. * modules/pam_umask/pam_umask.8.xml: Likewise. * modules/pam_unix/pam_unix.8.xml: Likewise. * modules/pam_xauth/pam_xauth.8.xml: Likewise.
* Relevant BUGIDs:Tomas Mraz2008-12-17
| | | | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2008-12-17 Tomas Mraz <t8m@centrum.cz> * modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Do not abort on unknown option. Avoid double free of old_status. (pam_sm_close_session): Use LOG_DEBUG for restored status message. * configure.in: Test for getseuser(). * modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Call getseuser() instead of getseuserbyname() if the function is available.
* Relevant BUGIDs:Thorsten Kukuk2008-08-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2008-08-18 Thorsten Kukuk <kukuk@thkukuk.de> * Makefile.am (M4_FILES): Adjust list. * modules/pam_access/pam_access.8.xml: Fix module service vs. module type. * modules/pam_cracklib/pam_cracklib.8.xml: Likewise. * modules/pam_debug/pam_debug.8.xml: Likewise. * modules/pam_deny/pam_deny.8.xml: Likewise. * modules/pam_echo/pam_echo.8.xml: Likewise. * modules/pam_env/pam_env.8.xml: Likewise. * modules/pam_exec/pam_exec.8.xml: Likewise. * modules/pam_faildelay/pam_faildelay.8.xml: Likewise. * modules/pam_filter/pam_filter.8.xml: Likewise. * modules/pam_ftp/pam_ftp.8.xml: Likewise. * modules/pam_group/pam_group.8.xml: Likewise. * modules/pam_issue/pam_issue.8.xml: Likewise. * modules/pam_keyinit/pam_keyinit.8.xml: Likewise. * modules/pam_lastlog/pam_lastlog.8.xml: Likewise. * modules/pam_limits/pam_limits.8.xml: Likewise. * modules/pam_listfile/pam_listfile.8.xml: Likewise. * modules/pam_localuser/pam_localuser.8.xml: Likewise. * modules/pam_loginuid/pam_loginuid.8.xml: Likewise. * modules/pam_mail/pam_mail.8.xml: Likewise. * modules/pam_mkhomedir/pam_mkhomedir.8.xml: Likewise. * modules/pam_motd/pam_motd.8.xml: Likewise. * modules/pam_namespace/pam_namespace.8.xml: Likewise. * modules/pam_nologin/pam_nologin.8.xml: Likewise. * modules/pam_permit/pam_permit.8.xml: Likewise. * modules/pam_rhosts/pam_rhosts.8.xml: Likewise. * modules/pam_rootok/pam_rootok.8.xml: Likewise. * modules/pam_securetty/pam_securetty.8.xml: Likewise. * modules/pam_selinux/pam_selinux.8.xml: Likewise. * modules/pam_sepermit/pam_sepermit.8.xml: Likewise. * modules/pam_shells/pam_shells.8.xml: Likewise. * modules/pam_succeed_if/pam_succeed_if.8.xml: Likewise. * modules/pam_tally/pam_tally.8.xml: Likewise. * modules/pam_time/pam_time.8.xml: Likewise. * modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise. * modules/pam_umask/pam_umask.8.xml: Likewise. * modules/pam_unix/pam_unix.8.xml: Likewise. * modules/pam_userdb/pam_userdb.8.xml: Likewise. * modules/pam_warn/pam_warn.8.xml: Likewise. * modules/pam_wheel/pam_wheel.8.xml: Likewise. * modules/pam_xauth/pam_xauth.8.xml: Likewise.
* Relevant BUGIDs: Debian bug #470137Steve Langasek2008-07-27
| | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2008-07-27 Steve Langasek <vorlon@debian.org> * modules/pam_*/pam_*.8.xml: fix up the references to pam.d, which is in manpage section 5, not 8.
* Relevant BUGIDs:Tomas Mraz2008-07-11
| | | | | | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2008-07-11 Tomas Mraz <t8m@centrum.cz> * modules/pam_selinux/pam_selinux.c (config_context): Do not ask for the level if use_current_range is set. (context_from_env): New function to obtain the context from PAM environment variables. (pam_sm_open_session): Call context_from_env() if env_params option is present. use_current_range now modifies behavior of the context_from_env and config_context options. * modules/pam_selinux/pam_selinux.8.xml: Describe the env_params option. Adjust description of use_current_range option.
* Relevant BUGIDs:Tomas Mraz2008-05-02
| | | | | | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2008-05-02 Tomas Mraz <t8m@centrum.cz> * modules/pam_selinux/pam_selinux.c(query_response): Add handling for NULL response. (manual_context): Handle failed query_response() properly. Rename variable responses to response which is more correct name. (config_context): Likewise. (pam_sm_open_session): Do not base decision on whether there is a tty.
* Relevant BUGIDs: rhbz#443667Tomas Mraz2008-04-22
| | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2008-04-22 Tomas Mraz <t8m@centrum.cz> * modules/pam_selinux/pam_selinux.c(pam_sm_close_sesion): Fix regression from the change from 2008-03-20. setexeccon() must be called also with NULL prev_context.
* Relevant BUGIDs: rhbz#438338, rhbz#438264Tomas Mraz2008-03-20
| | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2008-03-20 Tomas Mraz <t8m@centrum.cz> * modules/pam_namespace/pam_namespace.c(poly_name): Switch to USER method only when appropriate. (setup_namespace): Do not umount when not mounted with RUSER. * modules/pam_selinux/pam_selinux.c(pam_sm_close_session): Call freecontext() after the context is logged not before.
* Relevant BUGIDs:Tomas Mraz2008-03-03
| | | | | | | | | | | Purpose of commit: translations Commit summary: --------------- 2008-03-03 Tomas Mraz <t8m@centrum.cz> * modules/pam_selinux/pam_selinux.c: Do not translate syslog messages. * po/Linux-PAM.pot: Update.
* Relevant BUGIDs:Thorsten Kukuk2008-01-08
| | | | | | | | | | | | | | | | | | | Purpose of commit: bigfix Commit summary: --------------- 2008-01-08 Thorsten Kukuk <kukuk@thkukuk.de> * doc/man/Makefile.am: Fix manual page dependencies, add hack for bug in xsl stylestheets. 2008-01-02 Petteri Räty <betelgeuse@gentoo.org> * modules/pam_limits/limits.conf: document allowed values for nice. * modules/pam_limits/limits.conf.5.xml: Likewise. and readd files wrongly deleted before.
* Relevant BUGIDs:Thorsten Kukuk2008-01-08
| | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- Remove autogenerated documentation from CVS
* Relevant BUGIDs:Thorsten Kukuk2007-09-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2007-09-02 Thorsten Kukuk <kukuk@thkukuk.de> * examples/Makefile.am: Fix usage of LIBADD, LDADD and LDFLAGS. * libpam/Makefile.am: Likewise. * modules/pam_access/Makefile.am: Likewise. * modules/pam_cracklib/Makefile.am: Likewise. * modules/pam_debug/Makefile.am: Likewise. * modules/pam_deny/Makefile.am: Likewise. * modules/pam_echo/Makefile.am: Likewise. * modules/pam_env/Makefile.am: Likewise. * modules/pam_exec/Makefile.am: Likewise. * modules/pam_faildelay/Makefile.am: Likewise. * modules/pam_filter/Makefile.am: Likewise. * modules/pam_filter/upperLOWER/Makefile.am: Likewise. * modules/pam_ftp/Makefile.am: Likewise. * modules/pam_group/Makefile.am: Likewise. * modules/pam_issue/Makefile.am: Likewise. * modules/pam_keyinit/Makefile.am: Likewise. * modules/pam_lastlog/Makefile.am: Likewise. * modules/pam_limits/Makefile.am: Likewise. * modules/pam_listfile/Makefile.am: Likewise. * modules/pam_localuser/Makefile.am: Likewise. * modules/pam_loginuid/Makefile.am: Likewise. * modules/pam_mail/Makefile.am: Likewise. * modules/pam_mkhomedir/Makefile.am: Likewise. * modules/pam_motd/Makefile.am: Likewise. * modules/pam_namespace/Makefile.am: Likewise. * modules/pam_nologin/Makefile.am: Likewise. * modules/pam_permit/Makefile.am: Likewise. * modules/pam_rhosts/Makefile.am: Likewise. * modules/pam_rootok/Makefile.am: Likewise. * modules/pam_securetty/Makefile.am: Likewise. * modules/pam_selinux/Makefile.am: Likewise. * modules/pam_shells/Makefile.am: Likewise. * modules/pam_stress/Makefile.am: Likewise. * modules/pam_succeed_if/Makefile.am: Likewise. * modules/pam_tally/Makefile.am: Likewise. * modules/pam_time/Makefile.am: Likewise. * modules/pam_umask/Makefile.am: Likewise. * modules/pam_unix/Makefile.am: Likewise. * tests/Makefile.am: Likewise.
* Relevant BUGIDs: 1688777Thorsten Kukuk2007-06-20
| | | | | | | | | | | | | | | | | | | | | | Purpose of commit: new features Commit summary: --------------- 2007-06-20 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_cracklib/pam_cracklib.8.xml: Document new minclass option. * modules/pam_cracklib/pam_cracklib.c: Add support for minimum character classes [#1688777]. Based on patch from Keith Schincke. * xtests/tst-pam_cracklib2.c: New, test case for minclass option. * xtests/tst-pam_cracklib2.pamd: New, PAM config file for test case. * xtests/Makefile.am: Add new testcase. * xtests/pam_cracklib.c: Fix comment what this application tests. * configure.in: Use /lib64 on x86-64, ppc64, s390x, sparc64
* Relevant BUGIDs:Tomas Mraz2007-06-15
| | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2007-06-15 Tomas Mraz <t8m@centrum.cz> * modules/pam_selinux/pam_selinux.8.xml: Remove multiple option, add select_context and use_current_range options. * modules/pam_selinux/pam_selinux.c (send_audit_message): Added function for auditing role/level changes. (query_response): Add default response. (select_context): Removed. (manual_context): Query only role and level. (mls_range_allowed): Added function for range check. (config_context): Added function for role and level override. (pam_sm_open_session): Remove multiple option, add select_context and use_current_range_options. Use getseuserbyname to obtain SELinux user and level. Audit role/level changes. Call setkeycreatecon to assign key creation context. Don't fail on errors when SELinux is not in enforcing mode.
* Relevant BUGIDs:Tomas Mraz2007-01-23
| | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2007-01-23 Tomas Mraz <t8m@centrum.cz> * modules/pam_loginuid/Makefile.am (AM_LDFLAGS): Add LIBAUDIT. * modules/pam_selinux/Makefile.am (pam_selinux_check_LDFLAGS): Add AM_LDFLAGS. (pam_selinux_la_LDFLAGS): Likewise.
* Relevant BUGIDs:Tomas Mraz2006-08-03
| | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- * modules/pam_selinux/pam_selinux.c (security_label_tty): Don't log relabelling error when the tty device doesn't exist (ENOENT).
* Relevant BUGIDs:Thorsten Kukuk2006-06-21
| | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2006-06-21 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_selinux/Makefile.am: Fix "make dist" if libselinux is not installed. * modules/pam_issue/pam_issue.8.xml: Fix listing of escapes. * modules/pam_issue/pam_issue.8: Regenerate.
* Relevant BUGIDs:Thorsten Kukuk2006-06-18
| | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- Regenerate with correct example section.
* Relevant BUGIDs:Thorsten Kukuk2006-06-18
| | | | | | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2006-06-18 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_selinux/Makefile.am: Include Make.xml.rules. * modules/pam_selinux/pam_selinux.8.xml: New. * modules/pam_selinux/pam_selinux.8: Regenerated from xml file. * modules/pam_selinux/README.xml: New. * modules/pam_selinux/README: Regenerated from xml file.
* Relevant BUGIDs:Thorsten Kukuk2006-03-12
| | | | | | | | | Purpose of commit: new feature Commit summary: --------------- Add lot of tests for make check
* Relevant BUGIDs:Thorsten Kukuk2006-02-07
| | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2006-02-06 Thorsten Kukuk <kukuk@thkukuk.de> * po/nl.po: New. * po/pt.po: Update translations. * configure.in: Add nl as new language.
* Relevant BUGIDs: noneDmitry V. Levin2005-11-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2005-11-24 Dmitry V. Levin <ldv@altlinux.org> * configure.in: Do not check for strerror. * libpam_misc/misc_conv.c (read_string): Replace strerror() call with %m specifier. * libpamc/pamc_converse.c (pamc_converse): Likewise. * modules/pam_echo/pam_echo.c (pam_echo): Likewise. * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Likewise. * modules/pam_selinux/pam_selinux.c (security_label_tty): Likewise. (security_restorelabel_tty, security_label_tty): Append %m specifier where appropriate. * modules/pam_selinux/pam_selinux_check.c (main): Replace strerror() call with %m specifier. * modules/pam_unix/pam_unix_passwd.c (save_old_password, _update_passwd, _update_shadow): Likewise. * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise. * modules/pam_unix/unix_chkpwd.c (_update_shadow): Likewise. * po/Linux-PAM.pot: Update strings from pam_selinux. * po/cs.po: Likewise. * po/de.po: Likewise. * po/es.po: Likewise. * po/fi.po: Likewise. * po/fr.po: Likewise. * po/hu.po: Likewise. * po/it.po: Likewise. * po/ja.po: Likewise. * po/nb.po: Likewise. * po/pa.po: Likewise. * po/pl.po: Likewise. * po/pt.po: Likewise. * po/pt_BR.po: Likewise. * po/zh_CN.po: Likewise. * po/zh_TW.po: Likewise.
* Relevant BUGIDs:Thorsten Kukuk2005-11-07
| | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2005-11-07 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Use correct variable names. And adjust .cvsignore files for libtool generated files.
* Relevant BUGIDs: noneThorsten Kukuk2005-09-27
| | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- Add more missing .cvsignore files to CVS
* Relevant BUGIDs:Tomas Mraz2005-09-21
| | | | | | | | Purpose of commit: new feature Commit summary: --------------- Allow out of tree builds
* Relevant BUGIDs:Tomas Mraz2005-09-21
| | | | | | | | Purpose of commit: new feature Commit summary: --------------- Moved functions from pammodutil to libpam.
* Relevant BUGIDs:Tomas Mraz2005-09-19
| | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- Added PAM_NONNULL attributes to some public API (by ldv) Removed const qualifiers from pam_get_item, pam_get_data to comply with spec
* Relevant BUGIDs:Thorsten Kukuk2005-09-19
| | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- Fix compiling of libpammodutil and linking against it.
* Relevant BUGIDs: noneThorsten Kukuk2005-09-18
| | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- check if argument which we try to access exists
* Relevant BUGIDs: noneThorsten Kukuk2005-09-05
| | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- Move pam_selinux_check.c code from pam_selinux.c to main fail. Replace syslog with pam_syslog Use pam_prompt instead of conv() functions.
* Relevant BUGIDs: noneThorsten Kukuk2005-08-29
| | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- cleanup the header files, don't include allways all other header files.
* Relevant BUGIDs: noneThorsten Kukuk2005-08-18
| | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- Use modules.map as linker version map for all PAM modules Use /var/run for debug output instead of /tmp (Patches from ALT Linux/OWL)