| Commit message (Collapse) | Author | Age |
|
|
|
|
| |
modules/pam_unix/pam_unix.8.xml: Document that the MD5 password hash is used
to store the old passwords when remember option is set.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have to drop support for not_set_pass option which is not much useful
anyway. Instead we get proper support for authtok_type option.
* modules/pam_unix/pam_unix.8.xml: Removed not_set_pass option, added authtok_ty
pe
option.
* modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Replace _unix_read_pas
sword()
call with equivalent pam_get_authtok() call.
* modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Likewise and also drop
support for not_set_pass.
* modules/pam_unix/support.c (_unix_read_password): Remove.
* modules/pam_unix/support.h: Remove UNIX_NOT_SET_PASS add UNIX_AUTHTOK_TYPE.
|
|
|
|
|
|
|
|
|
|
|
|
| |
* modules/pam_unix/pam_unix.8.xml: Document the no_pass_expiry option.
* modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): If no_pass_expiry
is on and return value data is not set to PAM_SUCCESS then ignore
PAM_NEW_AUTHTOK_REQD and PAM_AUTHTOK_EXPIRED returns.
* modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Always set the
return value data.
(pam_sm_setcred): Test for likeauth option and use the return value data
only if set.
* modules/pam_unix/support.h: Add the no_pass_expiry option.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Security fix: CVE-2015-3238
If the process executing pam_sm_authenticate or pam_sm_chauthtok method
of pam_unix is not privileged enough to check the password, e.g.
if selinux is enabled, the _unix_run_helper_binary function is called.
When a long enough password is supplied (16 pages or more, i.e. 65536+
bytes on a system with 4K pages), this helper function hangs
indefinitely, blocked in the write(2) call while writing to a blocking
pipe that has a limited capacity.
With this fix, the verifiable password length will be limited to
PAM_MAX_RESP_SIZE bytes (i.e. 512 bytes) for pam_exec and pam_unix.
* NEWS: Update
* configure.ac: Bump version
* modules/pam_exec/pam_exec.8.xml: document limitation of password length
* modules/pam_exec/pam_exec.c: limit password length to PAM_MAX_RESP_SIZE
* modules/pam_unix/pam_unix.8.xml: document limitation of password length
* modules/pam_unix/pam_unix_passwd.c: limit password length
* modules/pam_unix/passverify.c: Likewise
* modules/pam_unix/passverify.h: Likewise
* modules/pam_unix/support.c: Likewise
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Patch by Louis Sautier
* doc/adg/Linux-PAM_ADG.xml: Fix gramatical errors.
* doc/man/pam.3.xml: Likewise.
* doc/man/pam_acct_mgmt.3.xml: Likewise.
* doc/man/pam_chauthtok.3.xml: Likewise.
* doc/man/pam_sm_chauthtok.3.xml: Likewise.
* modules/pam_limits/limits.conf.5.xml: Likewise.
* modules/pam_mail/pam_mail.8.xml: Likewise.
* modules/pam_rhosts/pam_rhosts.c: Likewise.
* modules/pam_shells/pam_shells.8.xml: Likewise.
* modules/pam_tally/pam_tally.8.xml: Likewise.
* modules/pam_tally2/pam_tally2.8.xml: Likewise.
* modules/pam_unix/pam_unix.8.xml: Likewise.
|
|
|
|
|
|
|
|
|
| |
messages from session.
* modules/pam_unix/pam_unix.8.xml: Document new option.
* modules/pam_unix/support.h: Add quiet option.
* modules/pam_unix/pam_unix_sess.c: Don't print LOG_INFO messages if
'quiet' option is set.
|
|
|
|
|
|
|
|
|
| |
other one is specified as argument.
* modules/pam_unix/support.c: Add search_key, call from __set_ctrl
* modules/pam_unix/support.h: Add define for /etc/login.defs
* modules/pam_unix/pam_unix.8.xml: Document new behavior.
* modules/pam_umask/pam_umask.c: Add missing NULL pointer check
|
|
|
|
|
|
|
| |
modules/pam_limits/limits.conf.5.xml: Document race of maxlogins [#10]
modules/pam_namespace/pam_namespace.h: Define MS_SLAVE if necessary
modules/pam_pwhistory/pam_pwhistory.c: Document how the module works
modules/pam_unix/pam_unix.8.xml: Document remember option obsoleted by pam_pwhistory [#6]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2010-08-17 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/pam_unix_passwd.c: Implement minlen option.
* modules/pam_unix/support.c: Likewise.
* modules/pam_unix/support.h: Likewise.
* modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Adjust
arguments for _set_ctrl call.
* modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise.
* modules/pam_unix/pam_unix_session.c: Likewise.
* modules/pam_unix/pam_unix.8.xml: Document minlen option.
Based on patch by Steve Langasek.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: docu fix
Commit summary:
---------------
2009-06-29 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/pam_unix.8.xml: Fix blowfish description.
Reported by Diego E. “Flameeyes” Pettenò.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2009-06-01 Ville Skyttä <ville.skytta@iki.fi>
* modules/pam_limits/pam_limits.8.xml: Only *.conf
files are parsed. Spelling fixes.
* modules/pam_access/pam_access.8.xml: Spelling fixes.
* modules/pam_cracklib/pam_cracklib.8.xml: Likewise.
* modules/pam_echo/pam_echo.8.xml: Likewise.
* modules/pam_env/pam_env.8.xml: Likewise.
* modules/pam_exec/pam_exec.8.xml: Likewise.
* modules/pam_filter/pam_filter.8.xml: Likewise.
* modules/pam_ftp/pam_ftp.8.xml: Likewise.
* modules/pam_group/pam_group.8.xml: Likewise.
* modules/pam_issue/pam_issue.8.xml: Likewise.
* modules/pam_lastlog/pam_lastlog.8.xml: Likewise.
* modules/pam_listfile/pam_listfile.8.xml: Likewise.
* modules/pam_localuser/pam_localuser.8.xml: Likewise.
* modules/pam_loginuid/pam_loginuid.8.xml: Likewise.
* modules/pam_mkhomedir/pam_mkhomedir.8.xml: Likewise.
* modules/pam_motd/pam_motd.8.xml: Likewise.
* modules/pam_namespace/pam_namespace.8.xml: Likewise.
* modules/pam_pwhistory/pam_pwhistory.8.xml: Likewise.
* modules/pam_selinux/pam_selinux.8.xml: Likewise.
* modules/pam_succeed_if/pam_succeed_if.8.xml: Likewise.
* modules/pam_tally/pam_tally.8.xml: Likewise.
* modules/pam_tally2/pam_tally2.8.xml: Likewise.
* modules/pam_time/pam_time.8.xml: Likewise.
* modules/pam_timestamp/pam_timestamp.8.xml: Likewise.
* modules/pam_timestamp/pam_timestamp_check.8.xml: Likewise.
* modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise.
* modules/pam_umask/pam_umask.8.xml: Likewise.
* modules/pam_unix/pam_unix.8.xml: Likewise.
* modules/pam_xauth/pam_xauth.8.xml: Likewise.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-12-01 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/pam_unix.8.xml: Document blowfish option.
* configure.in: Check for crypt_gensalt_rn.
* modules/pam_unix/pam_unix_passwd.c: Pass pamh to
create_password_hash function.
* modules/pam_unix/passverify.c (create_password_hash): Add
blowfish support.
* modules/pam_unix/passverify.h: Adjust create_password_hash
prototype.
* modules/pam_unix/support.c: Add support for blowfish option.
* modules/pam_unix/support.h: Add defines for blowfish option.
Patch from Diego Flameeyes Pettenò <flameeyes@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-09-16 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/pam_unix.8.xml: Fix typo.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-08-18 Thorsten Kukuk <kukuk@thkukuk.de>
* Makefile.am (M4_FILES): Adjust list.
* modules/pam_access/pam_access.8.xml: Fix module service
vs. module type.
* modules/pam_cracklib/pam_cracklib.8.xml: Likewise.
* modules/pam_debug/pam_debug.8.xml: Likewise.
* modules/pam_deny/pam_deny.8.xml: Likewise.
* modules/pam_echo/pam_echo.8.xml: Likewise.
* modules/pam_env/pam_env.8.xml: Likewise.
* modules/pam_exec/pam_exec.8.xml: Likewise.
* modules/pam_faildelay/pam_faildelay.8.xml: Likewise.
* modules/pam_filter/pam_filter.8.xml: Likewise.
* modules/pam_ftp/pam_ftp.8.xml: Likewise.
* modules/pam_group/pam_group.8.xml: Likewise.
* modules/pam_issue/pam_issue.8.xml: Likewise.
* modules/pam_keyinit/pam_keyinit.8.xml: Likewise.
* modules/pam_lastlog/pam_lastlog.8.xml: Likewise.
* modules/pam_limits/pam_limits.8.xml: Likewise.
* modules/pam_listfile/pam_listfile.8.xml: Likewise.
* modules/pam_localuser/pam_localuser.8.xml: Likewise.
* modules/pam_loginuid/pam_loginuid.8.xml: Likewise.
* modules/pam_mail/pam_mail.8.xml: Likewise.
* modules/pam_mkhomedir/pam_mkhomedir.8.xml: Likewise.
* modules/pam_motd/pam_motd.8.xml: Likewise.
* modules/pam_namespace/pam_namespace.8.xml: Likewise.
* modules/pam_nologin/pam_nologin.8.xml: Likewise.
* modules/pam_permit/pam_permit.8.xml: Likewise.
* modules/pam_rhosts/pam_rhosts.8.xml: Likewise.
* modules/pam_rootok/pam_rootok.8.xml: Likewise.
* modules/pam_securetty/pam_securetty.8.xml: Likewise.
* modules/pam_selinux/pam_selinux.8.xml: Likewise.
* modules/pam_sepermit/pam_sepermit.8.xml: Likewise.
* modules/pam_shells/pam_shells.8.xml: Likewise.
* modules/pam_succeed_if/pam_succeed_if.8.xml: Likewise.
* modules/pam_tally/pam_tally.8.xml: Likewise.
* modules/pam_time/pam_time.8.xml: Likewise.
* modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise.
* modules/pam_umask/pam_umask.8.xml: Likewise.
* modules/pam_unix/pam_unix.8.xml: Likewise.
* modules/pam_userdb/pam_userdb.8.xml: Likewise.
* modules/pam_warn/pam_warn.8.xml: Likewise.
* modules/pam_wheel/pam_wheel.8.xml: Likewise.
* modules/pam_xauth/pam_xauth.8.xml: Likewise.
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-07-27 Steve Langasek <vorlon@debian.org>
* modules/pam_*/pam_*.8.xml: fix up the references to pam.d,
which is in manpage section 5, not 8.
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup, new feature
Commit summary:
---------------
Merging the the refactorization pam_unix_ref branch into the trunk.
Added support for sha256 and sha512 password hashes to pam_unix
when the libcrypt supports them.
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Fix typo.
|
|
Purpose of commit: new feature/bugfix
Commit summary:
---------------
2006-09-20 Thorsten Kukuk <kukuk@thkukuk.de>
* doc/adg/Makefile.am: Add manual pages as dependency.
* doc/mwg/Makefile.am: Likewise.
* doc/sag/Makefile.am: Likewise.
* doc/sag/Linux-PAM_SAG.xml: Include pam_unix.xml.
* doc/sag/pam_unix.xml: New.
* modules/pam_unix/Makefile.am: Generate pam_unix.8 manual page.
* modules/pam_unix/README.xml: New.
* modules/pam_unix/pam_unix.8.xml: New.
* modules/pam_unix/README: Regenerate from XML.
* modules/pam_unix/pam_unix.8: Generated from XML.
|