| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change introduces pam_modutil_sanitize_helper_fds - a new function
that redirects standard descriptors and closes all other descriptors.
pam_modutil_sanitize_helper_fds supports three types of input and output
redirection:
- PAM_MODUTIL_IGNORE_FD: do not redirect at all.
- PAM_MODUTIL_PIPE_FD: redirect to a pipe. For stdin, it is implemented
by creating a pipe, closing its write end, and redirecting stdin to
its read end. Likewise, for stdout/stderr it is implemented by
creating a pipe, closing its read end, and redirecting to its write
end. Unlike stdin redirection, stdout/stderr redirection to a pipe
has a side effect that a process writing to such descriptor should be
prepared to handle SIGPIPE appropriately.
- PAM_MODUTIL_NULL_FD: redirect to /dev/null. For stdin, it is
implemented via PAM_MODUTIL_PIPE_FD because there is no functional
difference. For stdout/stderr, it is classic redirection to
/dev/null.
PAM_MODUTIL_PIPE_FD is usually more suitable due to linux kernel
security restrictions, but when the helper process might be writing to
the corresponding descriptor and termination of the helper process by
SIGPIPE is not desirable, one should choose PAM_MODUTIL_NULL_FD.
* libpam/pam_modutil_sanitize.c: New file.
* libpam/Makefile.am (libpam_la_SOURCES): Add it.
* libpam/include/security/pam_modutil.h (pam_modutil_redirect_fd,
pam_modutil_sanitize_helper_fds): New declarations.
* libpam/libpam.map (LIBPAM_MODUTIL_1.1.9): New interface.
* modules/pam_exec/pam_exec.c (call_exec): Use
pam_modutil_sanitize_helper_fds.
* modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Likewise.
* modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Likewise.
* modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary):
Likewise.
* modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
* modules/pam_xauth/pam_xauth.c (run_coprocess): Likewise.
* modules/pam_unix/support.h (MAX_FD_NO): Remove.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is no need to copy strings passed as arguments to execve,
the only potentially noticeable effect of using strdup/x_strdup
would be a malformed argument list in case of memory allocation error.
Also, x_strdup, being a thin wrapper around strdup, is of no benefit
when its argument is known to be non-NULL, and should not be used in
such cases.
* modules/pam_cracklib/pam_cracklib.c (password_check): Use strdup
instead of x_strdup, the latter is of no benefit in this case.
* modules/pam_ftp/pam_ftp.c (lookup): Likewise.
* modules/pam_userdb/pam_userdb.c (user_lookup): Likewise.
* modules/pam_userdb/pam_userdb.h (x_strdup): Remove.
* modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Do not use
x_strdup for strings passed as arguments to execve.
* modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Likewise.
* modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): Likewise.
* modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
(_unix_verify_password): Use strdup instead of x_strdup, the latter
is of no benefit in this case.
* modules/pam_xauth/pam_xauth.c (run_coprocess): Do not use strdup for
strings passed as arguments to execv.
|
| |
|
|
|
| |
* modules/pam_unix/pam_unix_acct.c: Check setuid return value.
* modules/pam_unix/support.c: Likewise.
|
| |
|
|
| |
modules/pam_unix/support.c(_set_ctrl): Write to *rounds only if non-NULL.
|
| |
|
|
|
|
| |
* modules/pam_unix/pam_unix_acct.c: run waitpid in a while loop.
* modules/pam_unix/pam_unix_passwd.c: Likewise.
* modules/pam_unix/support.c: Likewise.
|
| |
|
|
|
|
|
|
|
| |
other one is specified as argument.
* modules/pam_unix/support.c: Add search_key, call from __set_ctrl
* modules/pam_unix/support.h: Add define for /etc/login.defs
* modules/pam_unix/pam_unix.8.xml: Document new behavior.
* modules/pam_umask/pam_umask.c: Add missing NULL pointer check
|
| |
|
|
|
|
| |
Cleanup trailing whitespaces, indentation that uses spaces before tabs,
and blank lines at EOF. Make the project free of warnings reported by
git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD
|
| |
|
|
| |
module type.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2011-03-17 Tomas Mraz <tm@t8m.info>
* modules/pam_selinux/pam_selinux.c (config_context): Fix leak of type.
(manual_context): Likewise.
(context_from_env): Remove extraneous auditing in success case.
* modules/pam_unix/support.c (_unix_run_helper_binary): Remove extra
close() call.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-21 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/support.c (_unix_getpwnam): Don't allocate
unneeded buffer for uid/gid [sf#3059572].
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2010-08-17 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/pam_unix_passwd.c: Implement minlen option.
* modules/pam_unix/support.c: Likewise.
* modules/pam_unix/support.h: Likewise.
* modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Adjust
arguments for _set_ctrl call.
* modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise.
* modules/pam_unix/pam_unix_session.c: Likewise.
* modules/pam_unix/pam_unix.8.xml: Document minlen option.
Based on patch by Steve Langasek.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
This makes Linux-PAM compile able with uClibc or on embedded systems
without full libc/libnsl.
2009-06-29 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/yppasswd_xdr.c: Remove unnecessary header files.
* modules/pam_unix/support.c (_unix_getpwnam): Only compile in NIS
support if all necessary functions exist.
* modules/pam_unix/pam_unix_passwd.c (getNISserver): Add debug
option, handle correct if OS has no NIS support.
* modules/pam_access/pam_access.c (netgroup_match): Check if
yp_get_default_domain and innetgr are available at compile time.
* configure.in: Check for functions: innetgr, getdomainname
check for headers: rpcsvc/ypclnt.h, rpcsvc/yp_prot.h.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2009-04-03 Dmitry V. Levin <ldv@altlinux.org>
* libpamc/pamc_load.c (__pamc_exec_agent): Replace call to exit(3)
in child process with call to _exit(2).
* modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Likewise.
* modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary):
Likewise.
* modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary):
Likewise.
* modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
* modules/pam_xauth/pam_xauth.c (run_coprocess): Likewise.
* modules/pam_exec/pam_exec.c (call_exec): Replace all calls to
exit(3) in child process with calls to _exit(2).
* modules/pam_filter/pam_filter.c (set_filter): Likewise.
* modules/pam_namespace/pam_namespace.c (inst_init,
cleanup_tmpdirs): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2009-03-27 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/support.c (_unix_run_helper_binary): Don't
ignore return value of write().
* libpamc/include/security/pam_client.h (PAM_BP_ASSERT): Honour
NDEBUG.
* modules/pam_timestamp/pam_timestamp.c: don't ignore return
values of lchown and fchown.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2009-03-03 Tomas Mraz <t8m@centrum.cz>
* modules/pam_unix/pam_unix_acct.c(_unix_run_verify_binary): Test
for abnormal exit of the helper binary.
* modules/pam_unix/pam_unix_passwd.c(_unix_run_update_binary): Likewise.
* modules/pam_unix/support.c(_unix_run_helper_binary): Likewise.
* modules/pam_mkhomedir/pam_mkhomedir.c(create_homedir): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2009-02-27 Tomas Mraz <t8m@centrum.cz>
* modules/pam_mkhomedir/pam_mkhomedir.c(create_homedir): Replace
signal() with sigaction().
* modules/pam_namespace/pam_namespace.c(inst_init, cleanup_tmpdirs):
Likewise.
* modules/pam_unix/pam_unix_acct.c(_unix_run_verify_binary): Likewise.
* modules/pam_unix/pam_unix_passwd.c(_unix_run_update_binary):
Likewise.
* modules/pam_unix/passverify.c(su_sighandler): Likewise.
* modules/pam_unix/support.c(_unix_run_helper_binary): Likewise.
* modules/pam_tally2/Makefile.am: Link the pam_tally2 app to libpam
for auxiliary functions.
* modules/pam_tally2/pam_tally2.8.xml: Drop non-existing no_reset
option. Document new serialize option.
* modules/pam_tally2/pam_tally2.c: Add support for the new serialize
option.
(_cleanup, tally_set_data, tally_get_data): Add tally file handle to
tally PAM data. Needed for fcntl() locking.
(get_tally): Use low level file access instead of stdio buffered FILE.
If serialize option is used lock the tally file access.
(set_tally, tally_bump, tally_reset): Use low level file access instead
of stdio buffered FILE. Close the file handle only when it is not owned
by PAM data.
(pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt): Pass the tally
file handle to tally_set_data(). Get it from tally_get_data().
(main): Use low level file access instead of stdio buffered FILE.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-12-01 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/pam_unix.8.xml: Document blowfish option.
* configure.in: Check for crypt_gensalt_rn.
* modules/pam_unix/pam_unix_passwd.c: Pass pamh to
create_password_hash function.
* modules/pam_unix/passverify.c (create_password_hash): Add
blowfish support.
* modules/pam_unix/passverify.h: Adjust create_password_hash
prototype.
* modules/pam_unix/support.c: Add support for blowfish option.
* modules/pam_unix/support.h: Add defines for blowfish option.
Patch from Diego Flameeyes Pettenò <flameeyes@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-07-11 Tomas Mraz <t8m@centrum.cz>
* modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Do
not close the pipe descriptor in borderline case (#2009766)
* modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary):
Likewise.
* modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
* modules/pam_unix/support.h: Define upper limit of fds we will
attempt to close.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-05-14 Tomas Mraz <t8m@centrum.cz>
* modules/pam_unix/pam_unix_passwd.c(pam_sm_chauthtok): Unset authtok
item when password is not approved.
* modules/pam_unix/support.c(_unix_read_password): UNIX_USE_FIRST_PASS
is always set when UNIX_AUTHTOK is set, change order of conditions.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup, new feature
Commit summary:
---------------
Merging the the refactorization pam_unix_ref branch into the trunk.
Added support for sha256 and sha512 password hashes to pam_unix
when the libcrypt supports them.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2007-12-05 Tomas Mraz <t8m@centrum.cz>
* modules/pam_unix/Makefile.am: Add passverify.h and passverify.c
as first part of pam_unix refactorization.
* modules/pam_unix/pam_unix/pam_unix_acct.c: Include passverify.h.
* modules/pam_unix/pam_unix_passwd.c: Likewise.
* modules/pam_unix/passverify.c: New file with common functions.
* modules/pam_unix/passverify.h: Prototypes for the common functions.
* modules/pam_unix/support.c: Include passverify.h, move
_unix_shadowed() to passverify.c.
(_unix_verify_password): Refactor out verify_pwd_hash() function.
* modules/pam_unix/support.h: Move _unix_shadowed() prototype to
passverify.h
* modules/pam_unix/unix_chkpwd.c: Use _unix_shadowed() and
verify_pwd_hash() from passverify.c.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2007-08-30 Steve Langasek <vorlon@debian.org>
* modules/pam_unix/support.c, modules/pam_unix/unix_chkpwd.c:
A wrong username doesn't need to be logged at LOG_ALERT;
LOG_WARNING should be sufficient.
Patch from Sam Hartman <hartmans@debian.org>.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2007-02-01 Tomas Mraz <t8m@centrum.cz>
* xtests/tst-pam_unix3.c: Fix typos in comments.
* modules/pam_unix/support.c (_unix_verify_password): Explicitly
disallow '!' in the beginning of password hash. Treat only
13 bytes password hash specifically. (Suggested by Solar Designer.)
Fix a warning and test for allocation failure.
* modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2007-01-23 Thorsten Kukuk <kukuk@suse.de>
* release 0.99.7.1
* configure.in: Set version number to 0.99.7.1
2007-01-23 Thorsten Kukuk <kukuk@thukuk.de>
Tomas Mraz <t2m@centrum.cz>
* modules/pam_unix/support.c (_unix_verify_password): Always
compare full encrypted passwords.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Truncated passwords in shadow do not make sense for other variants than bigcrypt.
2006-12-18 Tomas Mraz <t8m@centrum.cz>
* modules/pam_unix/support.c (_unix_verify_password): Use strncmp
only for bigcrypt result.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2006-10-24 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/support.c (_unix_verify_password): Try system
crypt() if we don't know the hash alogorithm.
* modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
* modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary):
signal() fails with SIG_ERR return
* modules/pam_unix/pam_unix_passwd.c(_unix_run_shadow_binary):
Likewise.
* modules/pam_unix/support.c(_unix_run_helper_binary):
Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
Put bigcrypt prototype in own header instead of an external declaration
in every single file calling bigcrypt:
2006-06-15 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/bigcrypt.h: New.
* modules/pam_unix/Makefile.am: Add bigcrypt.h.
* modules/pam_unix/bigcrypt.c: Include bigcrypt.h.
* modules/pam_unix/support.c: Include bigcrypt.h, remove
own prototype.
* modules/pam_unix/bigcrypt_main.c: Include bigcrypt.h, remove
own prototype.
* modules/pam_unix/pam_unix_passwd.c: Include bigcrypt.h, remove
own prototype.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2006-01-08 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_cracklib/pam_cracklib.c: Use PAM_AUTHTOK_RECOVERY_ERR
instead of PAM_AUTHTOK_RECOVER_ERR.
* modules/pam_pwdb/support.-c: Likewise.
* modules/pam_unix/support.c: Likewise.
* modules/pam_userdb/pam_userdb.c (pam_sm_authenticate): Likewise.
* libpam/pam_strerror.c (pam_strerror): Likewise.
* libpam/include/security/_pam_compat.h: Define
PAM_AUTHTOK_RECOVER_ERR for backward compatibility.
* libpam/include/security/_pam_types.h: Rename
PAM_AUTHTOK_RECOVER_ERR to PAM_AUTHTOK_RECOVERY_ERR.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2005-11-24 Dmitry V. Levin <ldv@altlinux.org>
* configure.in: Do not check for strerror.
* libpam_misc/misc_conv.c (read_string): Replace strerror()
call with %m specifier.
* libpamc/pamc_converse.c (pamc_converse): Likewise.
* modules/pam_echo/pam_echo.c (pam_echo): Likewise.
* modules/pam_localuser/pam_localuser.c (pam_sm_authenticate):
Likewise.
* modules/pam_selinux/pam_selinux.c (security_label_tty):
Likewise.
(security_restorelabel_tty, security_label_tty): Append %m
specifier where appropriate.
* modules/pam_selinux/pam_selinux_check.c (main): Replace
strerror() call with %m specifier.
* modules/pam_unix/pam_unix_passwd.c (save_old_password,
_update_passwd, _update_shadow): Likewise.
* modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
* modules/pam_unix/unix_chkpwd.c (_update_shadow): Likewise.
* po/Linux-PAM.pot: Update strings from pam_selinux.
* po/cs.po: Likewise.
* po/de.po: Likewise.
* po/es.po: Likewise.
* po/fi.po: Likewise.
* po/fr.po: Likewise.
* po/hu.po: Likewise.
* po/it.po: Likewise.
* po/ja.po: Likewise.
* po/nb.po: Likewise.
* po/pa.po: Likewise.
* po/pl.po: Likewise.
* po/pt.po: Likewise.
* po/pt_BR.po: Likewise.
* po/zh_CN.po: Likewise.
* po/zh_TW.po: Likewise.
|
| |
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Fix a typo - strlen of a wrong variable.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2005-10-26 Tomas Mraz <t8m@centrum.cz>
* modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary),
modules/pam_unix/pam_unix_passwd.c (_unix_run_shadow_binary),
modules/pam_unix/support.c (_unix_run_shadow_binary_): Set real
uid to 0 before executing the helper if SELinux is enabled.
* modules/pam_unix/unix_chkpwd.c (main): Disable user check only
if real uid is 0 (CVE-2005-2977). Log failed password check attempt.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2005-09-26 Tomas Mraz <t8m@centrum.cz>
* modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary):
_log_err() -> pam_syslog()
(pam_sm_acct_mgmt): _log_err() -> pam_syslog(), fix warning.
* modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate):
_log_err() -> pam_syslog()
* modules/pam_unix/pam_unix_passwd.c: removed obsolete ifdef
(getNISserver, _unix_run_shadow_binary, _update_passwd,
_update_shadow, _do_setpass, _pam_unix_approve_pass,
pam_sm_chauthtok): _log_err() -> pam_syslog()
* modules/pam_unix/pam_unix_sess.c: removed obsolete ifdef
(pam_sm_open_session, pam_sm_close_session):
_log_err() -> pam_syslog()
* modules/pam_unix/support.c (_log_err, converse): removed
(_make_remark): use pam_prompt() instead of converse()
(_set_ctrl, _cleanup_failures, _unix_run_helper_binary,
_unix_verify_password, _unix_read_password):
_log_err() -> pam_syslog()
_cleanup(), _unix_cleanup(): Silence unused param warnings.
(_cleanup_failures, _unix_verify_password, _unix_getpwnam,
_unix_run_helper_binary): Silence incorrect type warnings.
(_unix_read_password): Use multiple pam_prompt() and pam_info() calls
instead of converse().
* modules/pam_unix/support.h (_log_err): removed
* modules/pam_unix/unix_chkpwd.c (_log_err): LOG_AUTH -> LOG_AUTHPRIV
|
| |
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
Moved functions from pammodutil to libpam.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
cleanup the header files, don't include allways all other header files.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
configure should set _GNU_SOURCE/_BSD_SOURCE
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Don't ignore return values of pam_get_item
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Include sys/resource.h for the RLIMIT stuff.
|
| |
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
Fix for LSB compliance when SELinux enabled.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
Fix all occurrence of dereferencing type-punned pointer will break
strict-aliasing rules warnings
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
Add SELinux support, based on Patch from Red Hat
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Fix return value for unknown user (This is PAM_USER_UNKNOWN and
not PAM_AUTHINFO_UNAVAIL).
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Calling pam_chauthtok of pam_unix and entering the correct old password,
but abort on typing the new one, PAM_AUTHTOK_RECOVER_ERR is returned.
Since we got the old token, PAM_AUTHTOK_ERR needs to be returned.
Found by LSB PAM testsuite.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
skip logging of 'user unknown' authentication failure if the user
has passwd entry
|
| |
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Convert uid gid from passwd entry always as decimal. Test failure.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit:
Commit summary:
---------------
bugfix: Last part of fixes from Red Hat
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit:
Commit summary:
---------------
bugfix: 440107: Add various patches from Linux Distibutors to make
PAM modules reentrant.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit:
Commit summary:
---------------
bugfix: Add parts of Steve Grubb's resource leak and other fixes
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit:
Commit summary:
---------------
bugfix: Bug 1027903 and 1027912
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
The type of remember in support.c is int, not
long. But we compare remember with LONG_MIN
and LONG_MAX. While this works on 32bit
architectures, this fails on 64bit one.
INT_MIN and INT_MAX should be used.
|
