| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
| |
* modules/pam_unix/pam_unix_auth.c: Use LOG_NOTICE instead of LOG_ERR.
* modules/pam_unix/pam_unix_passwd.c: Likewise.
* modules/pam_umask/pam_umask.c: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Two messages added about obtaining the username are guarded
by the debug option as these should not be normally
logged - they can be useful for debugging but they do not
indicate any special condition.
The message about authenticating user with blank password is
still just LOG_DEBUG priority but it is logged unconditionally
because it is somewhat extraordinary condition to have an user
with blank password.
* modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Replace
D() macro calls which are not enabled on production builds with
regular pam_syslog() calls.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libxcrypt (v4.2 and later) has added support for the yescrypt
hashing method; gost-yescrypt has been added in v4.3.
* modules/pam_unix/pam_unix.8.xml: Documentation for (gost-)yescrypt.
* modules/pam_unix/pam_unix_acct.c: Use 64 bit type for control flags.
* modules/pam_unix/pam_unix_auth.c: Likewise.
* modules/pam_unix/pam_unix_passwd.c: Likewise.
* modules/pam_unix/pam_unix_sess.c: Likewise.
* modules/pam_unix/passverify.c: Add support for (gost-)yescrypt.
* modules/pam_unix/passverify.h: Use 64 bit type for control flags.
* modules/pam_unix/support.c: Set sane rounds for (gost-)yescrypt.
* modules/pam_unix/support.h: Add support for (gost-)yescrypt.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
_UNIX_NEW_AUTHTOK macros
The last use of these macros was removed by commit Linux-PAM-1.3.0~5
so their definitions should go as well.
* modules/pam_unix/pam_unix_auth.c (_UNIX_AUTHTOK): Remove.
* modules/pam_unix/pam_unix_passwd.c (_UNIX_OLD_AUTHTOK,
_UNIX_NEW_AUTHTOK): Likewise.
Complements: 7e09188c5dc4 ("pam_unix: Use pam_get_authtok() instead of
direct pam_prompt() calls.")
|
| |
|
|
|
|
|
|
| |
Check the return value of malloc and if it failed print debug info, send
a syslog message and return an error code.
The test in AUTH_RETURN for ret_data not being NULL becomes redundant.
Signed-off-by: Peter Urbanec <git.user@urbanec.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have to drop support for not_set_pass option which is not much useful
anyway. Instead we get proper support for authtok_type option.
* modules/pam_unix/pam_unix.8.xml: Removed not_set_pass option, added authtok_ty
pe
option.
* modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Replace _unix_read_pas
sword()
call with equivalent pam_get_authtok() call.
* modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Likewise and also drop
support for not_set_pass.
* modules/pam_unix/support.c (_unix_read_password): Remove.
* modules/pam_unix/support.h: Remove UNIX_NOT_SET_PASS add UNIX_AUTHTOK_TYPE.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Linux-PAM. It was never official supported and was broken since years.
* configure.ac: Remove --enable-static-modules option.
* doc/man/pam_sm_acct_mgmt.3.xml: Remove PAM_EXTERN.
* doc/man/pam_sm_authenticate.3.xml: Likewise.
* doc/man/pam_sm_chauthtok.3.xml: Likewise.
* doc/man/pam_sm_close_session.3.xml: Likewise.
* doc/man/pam_sm_open_session.3.xml: Likewise.
* doc/man/pam_sm_setcred.3.xml: Likewise.
* libpam/Makefile.am: Remove STATIC_MODULES cases.
* libpam/include/security/pam_modules.h: Remove PAM_STATIC parts.
* libpam/pam_dynamic.c: Likewise.
* libpam/pam_handlers.c: Likewise.
* libpam/pam_private.h: Likewise.
* libpam/pam_static.c: Remove file.
* libpam/pam_static_modules.h: Remove header file.
* modules/pam_access/pam_access.c: Remove PAM_EXTERN and PAM_STATIC parts.
* modules/pam_cracklib/pam_cracklib.c: Likewise.
* modules/pam_debug/pam_debug.c: Likewise.
* modules/pam_deny/pam_deny.c: Likewise.
* modules/pam_echo/pam_echo.c: Likewise.
* modules/pam_env/pam_env.c: Likewise.
* modules/pam_exec/pam_exec.c: Likewise.
* modules/pam_faildelay/pam_faildelay.c: Likewise.
* modules/pam_filter/pam_filter.c: Likewise.
* modules/pam_ftp/pam_ftp.c: Likewise.
* modules/pam_group/pam_group.c: Likewise.
* modules/pam_issue/pam_issue.c: Likewise.
* modules/pam_keyinit/pam_keyinit.c: Likewise.
* modules/pam_lastlog/pam_lastlog.c: Likewise.
* modules/pam_limits/pam_limits.c: Likewise.
* modules/pam_listfile/pam_listfile.c: Likewise.
* modules/pam_localuser/pam_localuser.c: Likewise.
* modules/pam_loginuid/pam_loginuid.c: Likewise.
* modules/pam_mail/pam_mail.c: Likewise.
* modules/pam_mkhomedir/pam_mkhomedir.c: Likewise.
* modules/pam_motd/pam_motd.c: Likewise.
* modules/pam_namespace/pam_namespace.c: Likewise.
* modules/pam_nologin/pam_nologin.c: Likewise.
* modules/pam_permit/pam_permit.c: Likewise.
* modules/pam_pwhistory/pam_pwhistory.c: Likewise.
* modules/pam_rhosts/pam_rhosts.c: Likewise.
* modules/pam_rootok/pam_rootok.c: Likewise.
* modules/pam_securetty/pam_securetty.c: Likewise.
* modules/pam_selinux/pam_selinux.c: Likewise.
* modules/pam_sepermit/pam_sepermit.c: Likewise.
* modules/pam_shells/pam_shells.c: Likewise.
* modules/pam_stress/pam_stress.c: Likewise.
* modules/pam_succeed_if/pam_succeed_if.c: Likewise.
* modules/pam_tally/pam_tally.c: Likewise.
* modules/pam_tally2/pam_tally2.c: Likewise.
* modules/pam_time/pam_time.c: Likewise.
* modules/pam_timestamp/pam_timestamp.c: Likewise.
* modules/pam_tty_audit/pam_tty_audit.c: Likewise.
* modules/pam_umask/pam_umask.c: Likewise.
* modules/pam_userdb/pam_userdb.c: Likewise.
* modules/pam_warn/pam_warn.c: Likewise.
* modules/pam_wheel/pam_wheel.c: Likewise.
* modules/pam_xauth/pam_xauth.c: Likewise.
* modules/pam_unix/Makefile.am: Remove STATIC_MODULES part.
* modules/pam_unix/pam_unix_acct.c: Remove PAM_STATIC part.
* modules/pam_unix/pam_unix_auth.c: Likewise.
* modules/pam_unix/pam_unix_passwd.c: Likewise.
* modules/pam_unix/pam_unix_sess.c: Likewise.
* modules/pam_unix/pam_unix_static.c: Removed.
* modules/pam_unix/pam_unix_static.h: Removed.
* po/POTFILES.in: Remove removed files.
* tests/tst-dlopen.c: Remove PAM_STATIC part.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* modules/pam_unix/pam_unix.8.xml: Document the no_pass_expiry option.
* modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): If no_pass_expiry
is on and return value data is not set to PAM_SUCCESS then ignore
PAM_NEW_AUTHTOK_REQD and PAM_AUTHTOK_EXPIRED returns.
* modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Always set the
return value data.
(pam_sm_setcred): Test for likeauth option and use the return value data
only if set.
* modules/pam_unix/support.h: Add the no_pass_expiry option.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In --enable-static-modules mode, it was not possible to use "pam_unix"
in PAM config files. Instead, different names had to be used for each
management group: pam_unix_auth, pam_unix_acct, pam_unix_passwd and
pam_unix_session. This change makes pam_unix configuration consistent
with other PAM modules.
* README: Remove the paragraph describing pam_unix distinctions in
--enable-static-modules mode.
* libpam/pam_static_modules.h (_pam_unix_acct_modstruct,
_pam_unix_auth_modstruct, _pam_unix_passwd_modstruct,
_pam_unix_session_modstruct): Remove.
(_pam_unix_modstruct): New pam_module declaration.
* modules/pam_unix/pam_unix_static.h: New file.
* modules/pam_unix/pam_unix_static.c: Likewise.
* modules/pam_unix/Makefile.am (noinst_HEADERS): Add pam_unix_static.h
(pam_unix_la_SOURCES) [STATIC_MODULES]: Add pam_unix_static.c
* modules/pam_unix/pam_unix_acct.c [PAM_STATIC]: Include
pam_unix_static.h
[PAM_STATIC] (_pam_unix_acct_modstruct): Remove.
* modules/pam_unix/pam_unix_auth.c [PAM_STATIC]: Include
pam_unix_static.h
[PAM_STATIC] (_pam_unix_auth_modstruct): Remove.
* modules/pam_unix/pam_unix_passwd.c [PAM_STATIC]: Include
pam_unix_static.h
[PAM_STATIC] (_pam_unix_passwd_modstruct): Remove.
* modules/pam_unix/pam_unix_sess.c [PAM_STATIC]: Include
pam_unix_static.h
[PAM_STATIC] (_pam_unix_session_modstruct): Remove.
Suggested-by: Matveychikov Ilya <i.matveychikov@securitycode.ru>
|
| |
|
|
|
|
| |
Cleanup trailing whitespaces, indentation that uses spaces before tabs,
and blank lines at EOF. Make the project free of warnings reported by
git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2010-08-17 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/pam_unix_passwd.c: Implement minlen option.
* modules/pam_unix/support.c: Likewise.
* modules/pam_unix/support.h: Likewise.
* modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Adjust
arguments for _set_ctrl call.
* modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise.
* modules/pam_unix/pam_unix_session.c: Likewise.
* modules/pam_unix/pam_unix.8.xml: Document minlen option.
Based on patch by Steve Langasek.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2009-12-08 Thorsten Kukuk <kukuk@thkukuk.de>
* configure.in: Rename DEBUG to PAM_DEBUG.
* libpam/pam_env.c: Likewise
* libpam/pam_handlers.c: Likewise
* libpam/pam_miscc.c: Likewise
* libpam/pam_password.c: Likewise
* libpam/include/security/_pam_macros.h: Likewise
* libpamc/test/modules/pam_secret.c: Likewise
* modules/pam_group/pam_group.c: Likewise
* modules/pam_listfile/pam_listfile.c: Likewise
* modules/pam_unix/pam_unix_auth.c: Likewise
* modules/pam_unix/pam_unix_passwd.c: Likewise
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-11-24 Tomas Mraz <t8m@centrum.cz>
* modules/pam_cracklib/pam_cracklib.c(pam_sm_chauthtok): Fix leaks
in error path.
* modules/pam_env/pam_env.c(_parse_env_file): Remove superfluous
condition.
* modules/pam_group/pam_group.c(check_account): Fix leak
in error path.
* modules/pam_listfile/pam_listfile.c(pam_sm_authenticate): Fix leak
in error path.
* modules/pam_securetty/pam_securetty.c(securetty_perform_check): Remove
superfluous condition.
* modules/pam_stress/pam_stress.c(stress_get_password,pam_sm_authenticate):
Remove superfluous conditions.
(pam_sm_chauthtok): Fix mistaken && for &.
* modules/pam_unix/pam_unix_auth.c(pam_sm_authenticate): Remove
superfluous condition.
All the problems fixed in this commit were found by Steve Grubb.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup, new feature
Commit summary:
---------------
Merging the the refactorization pam_unix_ref branch into the trunk.
Added support for sha256 and sha512 password hashes to pam_unix
when the libcrypt supports them.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Don't be more restrictive than useradd for account names:
2006-12-20 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Forbid
only '+' and '-' as first characters for account names.
* modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2005-09-26 Tomas Mraz <t8m@centrum.cz>
* modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary):
_log_err() -> pam_syslog()
(pam_sm_acct_mgmt): _log_err() -> pam_syslog(), fix warning.
* modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate):
_log_err() -> pam_syslog()
* modules/pam_unix/pam_unix_passwd.c: removed obsolete ifdef
(getNISserver, _unix_run_shadow_binary, _update_passwd,
_update_shadow, _do_setpass, _pam_unix_approve_pass,
pam_sm_chauthtok): _log_err() -> pam_syslog()
* modules/pam_unix/pam_unix_sess.c: removed obsolete ifdef
(pam_sm_open_session, pam_sm_close_session):
_log_err() -> pam_syslog()
* modules/pam_unix/support.c (_log_err, converse): removed
(_make_remark): use pam_prompt() instead of converse()
(_set_ctrl, _cleanup_failures, _unix_run_helper_binary,
_unix_verify_password, _unix_read_password):
_log_err() -> pam_syslog()
_cleanup(), _unix_cleanup(): Silence unused param warnings.
(_cleanup_failures, _unix_verify_password, _unix_getpwnam,
_unix_run_helper_binary): Silence incorrect type warnings.
(_unix_read_password): Use multiple pam_prompt() and pam_info() calls
instead of converse().
* modules/pam_unix/support.h (_log_err): removed
* modules/pam_unix/unix_chkpwd.c (_log_err): LOG_AUTH -> LOG_AUTHPRIV
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
cleanup the header files, don't include allways all other header files.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Mark missing strings for translations (login and password)
Fix \a problem with pot/po files
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
Big "automake/autoconf/libtool" commit
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Don't ignore return values of pam_get_item
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
Rename _pam_aconf.h to config.h.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
Fix all occurrence of dereferencing type-punned pointer will break
strict-aliasing rules warnings
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit:
Commit summary:
---------------
bugfix: 440107: Add various patches from Linux Distibutors to make
PAM modules reentrant.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit:
Commit summary:
---------------
bugfix: Add rest of Steve Grubb's resource leak and other fixes
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
pam_unix is too generic a module to override the PAM_USER_PROMPT item.
(More modifications to xsh to help me test this change.)
|
| |
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
pam_unix: fix 'likeauth' to kill off the memory leak once and for all.
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
* Restore pam_unix's handling of 'likeauth' argument to a known working
state
* prettify AUTH_RETURN macro
* remove redundant argv checks in pam_sm_setcred()
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: fix memory leak
Commit summary:
---------------
Fernando Trias pointed out a silly memory leak in pam_unix.so. It looks
like some allocated memory that is simply not needed for anything.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature / bugfix
Commit summary:
---------------
This changes the format of pam_unix log messages, per bug 126423. The
change is extensive (every call to _log_err() now has an additional
argument) but straightforward.
These changes to the logging code incidentally fix the problem reported in
bug 126431.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: autoconf support for Linux-PAM
Commit summary:
---------------
This is a merge of the autoconf support that was developed against
a 0-72 branch.
[Note, because CVS has some issues, this is actually only 95% of
the actual commit. The other files were actually committed when
the preparation branch Linux-PAM-0-73pre-autoconf was updated.
Hopefully, this will complete the merge.]
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
The "likeauth" module argument did not work for pam_pwdb and
pam_unix. This commit fixes it.
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix to pam_unix_auth
Commit summary:
---------------
Fix for 'likeauth' handling in the pam_unix_auth module. If pam_setcred
needs to return the same value as returned by pam_authenticate, malloc()
space for this return value and pass its address to pam_set_data().
Also, changes pam_sm_setcred() so that it reads this value properly.
|
| |
|
