| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
| |
Fixes a minor bug in behavior when is_selinux_enabled()
returned negative value.
* modules/pam_unix/passverify.c: Add parentheses to SELINUX_ENABLED macro.
(unix_update_shadow): Safe cast forwho to non-const char *.
* modules/pam_unix/support.c: Remove unused SELINUX_ENABLED macro.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* modules/pam_unix/pam_unix.8.xml: Document the no_pass_expiry option.
* modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): If no_pass_expiry
is on and return value data is not set to PAM_SUCCESS then ignore
PAM_NEW_AUTHTOK_REQD and PAM_AUTHTOK_EXPIRED returns.
* modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Always set the
return value data.
(pam_sm_setcred): Test for likeauth option and use the return value data
only if set.
* modules/pam_unix/support.h: Add the no_pass_expiry option.
|
| |
|
|
|
| |
* modules/pam_unix/passverify.c (create_password_hash): Change the
salt length for new hashes to 16 characters.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Security fix: CVE-2015-3238
If the process executing pam_sm_authenticate or pam_sm_chauthtok method
of pam_unix is not privileged enough to check the password, e.g.
if selinux is enabled, the _unix_run_helper_binary function is called.
When a long enough password is supplied (16 pages or more, i.e. 65536+
bytes on a system with 4K pages), this helper function hangs
indefinitely, blocked in the write(2) call while writing to a blocking
pipe that has a limited capacity.
With this fix, the verifiable password length will be limited to
PAM_MAX_RESP_SIZE bytes (i.e. 512 bytes) for pam_exec and pam_unix.
* NEWS: Update
* configure.ac: Bump version
* modules/pam_exec/pam_exec.8.xml: document limitation of password length
* modules/pam_exec/pam_exec.c: limit password length to PAM_MAX_RESP_SIZE
* modules/pam_unix/pam_unix.8.xml: document limitation of password length
* modules/pam_unix/pam_unix_passwd.c: limit password length
* modules/pam_unix/passverify.c: Likewise
* modules/pam_unix/passverify.h: Likewise
* modules/pam_unix/support.c: Likewise
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Patch by Louis Sautier
* doc/adg/Linux-PAM_ADG.xml: Fix gramatical errors.
* doc/man/pam.3.xml: Likewise.
* doc/man/pam_acct_mgmt.3.xml: Likewise.
* doc/man/pam_chauthtok.3.xml: Likewise.
* doc/man/pam_sm_chauthtok.3.xml: Likewise.
* modules/pam_limits/limits.conf.5.xml: Likewise.
* modules/pam_mail/pam_mail.8.xml: Likewise.
* modules/pam_rhosts/pam_rhosts.c: Likewise.
* modules/pam_shells/pam_shells.8.xml: Likewise.
* modules/pam_tally/pam_tally.8.xml: Likewise.
* modules/pam_tally2/pam_tally2.8.xml: Likewise.
* modules/pam_unix/pam_unix.8.xml: Likewise.
|
| |
|
|
|
|
|
|
|
| |
messages from session.
* modules/pam_unix/pam_unix.8.xml: Document new option.
* modules/pam_unix/support.h: Add quiet option.
* modules/pam_unix/pam_unix_sess.c: Don't print LOG_INFO messages if
'quiet' option is set.
|
| |
|
|
|
|
|
| |
* modules/pam_unix/passverify.c (create_password_hash): Call crypt_r()
instead of crypt() if available.
* modules/pam_userdb/pam_userdb.c (user_lookup): Call crypt_r()
instead of crypt() if available.
|
| |
|
|
|
|
|
| |
* modules/pam_pwhistory/opasswd.c (parse_entry): Test for missing fields
in opasswd entry and return error.
* modules/pam_unix/passverify.c (save_old_password): Test for missing fields
in opasswd entry and skip it.
|
| |
|
|
|
| |
modules/pam_unix/pam_unix_passwd.c (check_old_password): Check for
NULL return from Goodcrypt_md5().
|
| |
|
|
| |
* modules/pam_unix/md5_crypt.c (crypt_md5): Check for NULL return from malloc().
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change introduces pam_modutil_sanitize_helper_fds - a new function
that redirects standard descriptors and closes all other descriptors.
pam_modutil_sanitize_helper_fds supports three types of input and output
redirection:
- PAM_MODUTIL_IGNORE_FD: do not redirect at all.
- PAM_MODUTIL_PIPE_FD: redirect to a pipe. For stdin, it is implemented
by creating a pipe, closing its write end, and redirecting stdin to
its read end. Likewise, for stdout/stderr it is implemented by
creating a pipe, closing its read end, and redirecting to its write
end. Unlike stdin redirection, stdout/stderr redirection to a pipe
has a side effect that a process writing to such descriptor should be
prepared to handle SIGPIPE appropriately.
- PAM_MODUTIL_NULL_FD: redirect to /dev/null. For stdin, it is
implemented via PAM_MODUTIL_PIPE_FD because there is no functional
difference. For stdout/stderr, it is classic redirection to
/dev/null.
PAM_MODUTIL_PIPE_FD is usually more suitable due to linux kernel
security restrictions, but when the helper process might be writing to
the corresponding descriptor and termination of the helper process by
SIGPIPE is not desirable, one should choose PAM_MODUTIL_NULL_FD.
* libpam/pam_modutil_sanitize.c: New file.
* libpam/Makefile.am (libpam_la_SOURCES): Add it.
* libpam/include/security/pam_modutil.h (pam_modutil_redirect_fd,
pam_modutil_sanitize_helper_fds): New declarations.
* libpam/libpam.map (LIBPAM_MODUTIL_1.1.9): New interface.
* modules/pam_exec/pam_exec.c (call_exec): Use
pam_modutil_sanitize_helper_fds.
* modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Likewise.
* modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Likewise.
* modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary):
Likewise.
* modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
* modules/pam_xauth/pam_xauth.c (run_coprocess): Likewise.
* modules/pam_unix/support.h (MAX_FD_NO): Remove.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is no need to copy strings passed as arguments to execve,
the only potentially noticeable effect of using strdup/x_strdup
would be a malformed argument list in case of memory allocation error.
Also, x_strdup, being a thin wrapper around strdup, is of no benefit
when its argument is known to be non-NULL, and should not be used in
such cases.
* modules/pam_cracklib/pam_cracklib.c (password_check): Use strdup
instead of x_strdup, the latter is of no benefit in this case.
* modules/pam_ftp/pam_ftp.c (lookup): Likewise.
* modules/pam_userdb/pam_userdb.c (user_lookup): Likewise.
* modules/pam_userdb/pam_userdb.h (x_strdup): Remove.
* modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Do not use
x_strdup for strings passed as arguments to execve.
* modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Likewise.
* modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): Likewise.
* modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
(_unix_verify_password): Use strdup instead of x_strdup, the latter
is of no benefit in this case.
* modules/pam_xauth/pam_xauth.c (run_coprocess): Do not use strdup for
strings passed as arguments to execv.
|
| |
|
|
|
| |
* modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): ask
for old password if NIS account.
|
| |
|
|
| |
* modules/pam_unix/support.h: Add UNIX_DES
|
| |
|
|
|
| |
* modules/pam_unix/pam_unix_acct.c: Check setuid return value.
* modules/pam_unix/support.c: Likewise.
|
| |
|
|
| |
modules/pam_unix/support.c(_set_ctrl): Write to *rounds only if non-NULL.
|
| |
|
|
| |
modules/pam_unix/pam_unix_passwd.c: Add missing ')'..
|
| |
|
|
| |
* modules/pam_unix/pam_unix_acct.c: fix last change
|
| |
|
|
|
|
| |
* modules/pam_unix/pam_unix_acct.c: run waitpid in a while loop.
* modules/pam_unix/pam_unix_passwd.c: Likewise.
* modules/pam_unix/support.c: Likewise.
|
| |
|
|
|
| |
modules/pam_unix/unix_update.8.xml: unix_update helper runs in the
permissive mode as well.
|
| |
|
|
|
|
|
|
|
| |
other one is specified as argument.
* modules/pam_unix/support.c: Add search_key, call from __set_ctrl
* modules/pam_unix/support.h: Add define for /etc/login.defs
* modules/pam_unix/pam_unix.8.xml: Document new behavior.
* modules/pam_umask/pam_umask.c: Add missing NULL pointer check
|
| |
|
|
|
| |
modules/pam_namespace/md5.c (MD5Final): Use memcpy instead of assignment.
modules/pam_unix/md5.c (MD5Final): Use memcpy instead of assignment.
|
| |
|
|
|
| |
modules/pam_pwhistory/opasswd.c (compare_password): Add check for crypt() NULL return.
modules/pam_unix/bigcrypt.c (bigcrypt): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
glibc's <sys/wait.h> starting with commit
http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=glibc-2.15-231-gd94a467
does not include <sys/resource.h> for POSIX 2008 conformance reasons, so
when pam is being built with SELinux support enabled, pam_unix_passwd.c
uses getrlimit(2) and therefore should include <sys/resource.h> without
relying on other headers.
* modules/pam_unix/pam_unix_passwd.c: Include <sys/resource.h>.
Reported-by: Guido Trentalancia <guido@trentalancia.com>
Reported-by: "Jory A. Pratt" <anarchy@gentoo.org>
Reported-by: Diego Elio Pettenò <flameeyes@flameeyes.eu>
|
| |
|
|
|
|
|
| |
modules/pam_limits/limits.conf.5.xml: Document race of maxlogins [#10]
modules/pam_namespace/pam_namespace.h: Define MS_SLAVE if necessary
modules/pam_pwhistory/pam_pwhistory.c: Document how the module works
modules/pam_unix/pam_unix.8.xml: Document remember option obsoleted by pam_pwhistory [#6]
|
| |
|
|
|
|
|
|
| |
sys/resource.h.
Signed-off-by: Diego Elio Pettenò <flameeyes@flameeyes.eu>
modules/pam_unix/pam_unix_acct.c: Include sys/resource.h.
|
| |
|
|
|
|
| |
* modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Adjust syslog message.
* modules/pam_unix/passverify.c (create_password_hash): Check for crypt()
returning NULL.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In --enable-static-modules mode, it was not possible to use "pam_unix"
in PAM config files. Instead, different names had to be used for each
management group: pam_unix_auth, pam_unix_acct, pam_unix_passwd and
pam_unix_session. This change makes pam_unix configuration consistent
with other PAM modules.
* README: Remove the paragraph describing pam_unix distinctions in
--enable-static-modules mode.
* libpam/pam_static_modules.h (_pam_unix_acct_modstruct,
_pam_unix_auth_modstruct, _pam_unix_passwd_modstruct,
_pam_unix_session_modstruct): Remove.
(_pam_unix_modstruct): New pam_module declaration.
* modules/pam_unix/pam_unix_static.h: New file.
* modules/pam_unix/pam_unix_static.c: Likewise.
* modules/pam_unix/Makefile.am (noinst_HEADERS): Add pam_unix_static.h
(pam_unix_la_SOURCES) [STATIC_MODULES]: Add pam_unix_static.c
* modules/pam_unix/pam_unix_acct.c [PAM_STATIC]: Include
pam_unix_static.h
[PAM_STATIC] (_pam_unix_acct_modstruct): Remove.
* modules/pam_unix/pam_unix_auth.c [PAM_STATIC]: Include
pam_unix_static.h
[PAM_STATIC] (_pam_unix_auth_modstruct): Remove.
* modules/pam_unix/pam_unix_passwd.c [PAM_STATIC]: Include
pam_unix_static.h
[PAM_STATIC] (_pam_unix_passwd_modstruct): Remove.
* modules/pam_unix/pam_unix_sess.c [PAM_STATIC]: Include
pam_unix_static.h
[PAM_STATIC] (_pam_unix_session_modstruct): Remove.
Suggested-by: Matveychikov Ilya <i.matveychikov@securitycode.ru>
|
| |
|
|
|
|
|
| |
* modules/pam_unix/pam_unix_passwd.c (check_old_password): Make
sure we match only the whole username in opasswd entry.
* modules/pam_unix/passverify.c (save_old_password): Likewise make
sure we match only the whole username in opasswd entry.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GNU automake documentation recommends to avoid using -l options in
LDADD or LIBADD when referring to libraries built by the package.
Instead, it recommends to write the file name of the library explicitly,
and use -l option only to list third-party libraries. As result, the
default value of *_DEPENDENCIES will list all local libraries and omit
the other ones.
* modules/pam_access/Makefile.am (pam_access_la_LIBADD): Replace
"-L$(top_builddir)/libpam -lpam" with
"$(top_builddir)/libpam/libpam.la", to follow GNU automake
recommendations.
* modules/pam_cracklib/Makefile.am (pam_cracklib_la_LIBADD): Likewise.
* modules/pam_debug/Makefile.am (pam_debug_la_LIBADD): Likewise.
* modules/pam_deny/Makefile.am (pam_deny_la_LIBADD): Likewise.
* modules/pam_echo/Makefile.am (pam_echo_la_LIBADD): Likewise.
* modules/pam_env/Makefile.am (pam_env_la_LIBADD): Likewise.
* modules/pam_exec/Makefile.am (pam_exec_la_LIBADD): Likewise.
* modules/pam_faildelay/Makefile.am (pam_faildelay_la_LIBADD): Likewise.
* modules/pam_filter/Makefile.am (pam_filter_la_LIBADD): Likewise.
* modules/pam_filter/upperLOWER/Makefile.am (LDADD): Likewise.
* modules/pam_ftp/Makefile.am (pam_ftp_la_LIBADD): Likewise.
* modules/pam_group/Makefile.am (pam_group_la_LIBADD): Likewise.
* modules/pam_issue/Makefile.am (pam_issue_la_LIBADD): Likewise.
* modules/pam_keyinit/Makefile.am (pam_keyinit_la_LIBADD): Likewise.
* modules/pam_lastlog/Makefile.am (pam_lastlog_la_LIBADD): Likewise.
* modules/pam_limits/Makefile.am (pam_limits_la_LIBADD): Likewise.
* modules/pam_listfile/Makefile.am (pam_listfile_la_LIBADD): Likewise.
* modules/pam_localuser/Makefile.am (pam_localuser_la_LIBADD): Likewise.
* modules/pam_loginuid/Makefile.am (pam_loginuid_la_LIBADD): Likewise.
* modules/pam_mail/Makefile.am (pam_mail_la_LIBADD): Likewise.
* modules/pam_mkhomedir/Makefile.am (pam_mkhomedir_la_LIBADD,
mkhomedir_helper_LDADD): Likewise.
* modules/pam_motd/Makefile.am (pam_motd_la_LIBADD): Likewise.
* modules/pam_namespace/Makefile.am (pam_namespace_la_LIBADD): Likewise.
* modules/pam_nologin/Makefile.am (pam_nologin_la_LIBADD): Likewise.
* modules/pam_permit/Makefile.am (pam_permit_la_LIBADD): Likewise.
* modules/pam_pwhistory/Makefile.am (pam_pwhistory_la_LIBADD): Likewise.
* modules/pam_rhosts/Makefile.am (pam_rhosts_la_LIBADD): Likewise.
* modules/pam_rootok/Makefile.am (pam_rootok_la_LIBADD): Likewise.
* modules/pam_securetty/Makefile.am (pam_securetty_la_LIBADD): Likewise.
* modules/pam_sepermit/Makefile.am (pam_sepermit_la_LIBADD): Likewise.
* modules/pam_shells/Makefile.am (pam_shells_la_LIBADD): Likewise.
* modules/pam_stress/Makefile.am (pam_stress_la_LIBADD): Likewise.
* modules/pam_succeed_if/Makefile.am (pam_succeed_if_la_LIBADD):
Likewise.
* modules/pam_tally/Makefile.am (pam_tally_la_LIBADD): Likewise.
* modules/pam_tally2/Makefile.am (pam_tally2_la_LIBADD,
pam_tally2_LDADD): Likewise.
* modules/pam_time/Makefile.am (pam_time_la_LIBADD): Likewise.
* modules/pam_timestamp/Makefile.am (pam_timestamp_la_LIBADD,
pam_timestamp_check_LDADD, hmacfile_LDADD): Likewise.
* modules/pam_tty_audit/Makefile.am (pam_tty_audit_la_LIBADD): Likewise.
* modules/pam_umask/Makefile.am (pam_umask_la_LIBADD): Likewise.
* modules/pam_unix/Makefile.am (pam_unix_la_LIBADD): Likewise.
* modules/pam_userdb/Makefile.am (pam_userdb_la_LIBADD): Likewise.
* modules/pam_warn/Makefile.am (pam_warn_la_LIBADD): Likewise.
* modules/pam_wheel/Makefile.am (pam_wheel_la_LIBADD): Likewise.
* modules/pam_xauth/Makefile.am (pam_xauth_la_LIBADD): Likewise.
* tests/Makefile.am (LDADD): Likewise.
* examples/Makefile.am (LDADD): Replace "-L$(top_builddir)/libpam -lpam"
with "$(top_builddir)/libpam/libpam.la", and
"-L$(top_builddir)/libpam_misc -lpam_misc" with
"$(top_builddir)/libpam_misc/libpam_misc.la", to follow GNU automake
recommendations.
* xtests/Makefile.am (LDADD): Likewise.
* modules/pam_selinux/Makefile.am (pam_selinux_la_LIBADD): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* .gitignore: Add common ignore patterns.
* m4/.gitignore: Unignore local m4 files.
* dynamic/.gitignore: Unignore Makefile.
* libpamc/test/modules/.gitignore: Likewise.
* libpamc/test/regress/.gitignore: Likewise.
* po/.gitignore: Add Makevars.template.
* conf/.gitignore: Remove common ignore patterns.
* conf/pam_conv1/.gitignore: Likewise.
* doc/.gitignore: Likewise.
* doc/specs/.gitignore: Likewise.
* doc/specs/formatter/.gitignore: Likewise.
* examples/.gitignore: Likewise.
* modules/pam_filter/upperLOWER/.gitignore: Likewise.
* modules/pam_mkhomedir/.gitignore: Likewise.
* modules/pam_selinux/.gitignore: Likewise.
* modules/pam_stress/.gitignore: Likewise.
* modules/pam_tally/.gitignore: Likewise.
* modules/pam_tally2/.gitignore: Likewise.
* modules/pam_timestamp/.gitignore: Likewise.
* modules/pam_unix/.gitignore: Likewise.
* tests/.gitignore: Likewise.
* xtests/.gitignore: Likewise.
* doc/adg/.gitignore: Remove.
* doc/man/.gitignore: Remove.
* doc/mwg/.gitignore: Remove.
* doc/sag/.gitignore: Remove.
* libpamc/.gitignore: Remove.
* libpamc/test/.gitignore: Remove.
* libpam/.gitignore: Remove.
* libpam_misc/.gitignore: Remove.
* modules/.gitignore: Remove.
* modules/pam_access/.gitignore: Remove.
* modules/pam_cracklib/.gitignore: Remove.
* modules/pam_debug/.gitignore: Remove.
* modules/pam_deny/.gitignore: Remove.
* modules/pam_echo/.gitignore: Remove.
* modules/pam_env/.gitignore: Remove.
* modules/pam_exec/.gitignore: Remove.
* modules/pam_faildelay/.gitignore: Remove.
* modules/pam_filter/.gitignore: Remove.
* modules/pam_ftp/.gitignore: Remove.
* modules/pam_group/.gitignore: Remove.
* modules/pam_issue/.gitignore: Remove.
* modules/pam_keyinit/.gitignore: Remove.
* modules/pam_lastlog/.gitignore: Remove.
* modules/pam_limits/.gitignore: Remove.
* modules/pam_listfile/.gitignore: Remove.
* modules/pam_localuser/.gitignore: Remove.
* modules/pam_loginuid/.gitignore: Remove.
* modules/pam_mail/.gitignore: Remove.
* modules/pam_motd/.gitignore: Remove.
* modules/pam_namespace/.gitignore: Remove.
* modules/pam_nologin/.gitignore: Remove.
* modules/pam_permit/.gitignore: Remove.
* modules/pam_pwhistory/.gitignore: Remove.
* modules/pam_rhosts/.gitignore: Remove.
* modules/pam_rootok/.gitignore: Remove.
* modules/pam_securetty/.gitignore: Remove.
* modules/pam_sepermit/.gitignore: Remove.
* modules/pam_shells/.gitignore: Remove.
* modules/pam_succeed_if/.gitignore: Remove.
* modules/pam_time/.gitignore: Remove.
* modules/pam_tty_audit/.gitignore: Remove.
* modules/pam_umask/.gitignore: Remove.
* modules/pam_userdb/.gitignore: Remove.
* modules/pam_warn/.gitignore: Remove.
* modules/pam_wheel/.gitignore: Remove.
* modules/pam_xauth/.gitignore: Remove.
|
| | |
|
| |
|
|
|
|
| |
Cleanup trailing whitespaces, indentation that uses spaces before tabs,
and blank lines at EOF. Make the project free of warnings reported by
git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD
|
| | |
|
| |
|
|
| |
module type.
|
| |
|
|
|
|
|
|
|
|
| |
* configure.in: Check for libtirpc bye default.
* libpam/Makefile.am: Add support for libtirpc.
* modules/pam_access/Makefile.am: Likewise.
* modules/pam_unix/Makefile.am: Likewise.
* modules/pam_unix/pam_unix_passwd.c: Change ifdefs for
new libtirpc support.
* modules/pam_unix/yppasswd_xdr.c: Only compile if we have rpc/rpc.h.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2011-03-17 Tomas Mraz <tm@t8m.info>
* modules/pam_selinux/pam_selinux.c (config_context): Fix leak of type.
(manual_context): Likewise.
(context_from_env): Remove extraneous auditing in success case.
* modules/pam_unix/support.c (_unix_run_helper_binary): Remove extra
close() call.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-21 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/support.c (_unix_getpwnam): Don't allocate
unneeded buffer for uid/gid [sf#3059572].
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2010-08-17 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/pam_unix_passwd.c: Implement minlen option.
* modules/pam_unix/support.c: Likewise.
* modules/pam_unix/support.h: Likewise.
* modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Adjust
arguments for _set_ctrl call.
* modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise.
* modules/pam_unix/pam_unix_session.c: Likewise.
* modules/pam_unix/pam_unix.8.xml: Document minlen option.
Based on patch by Steve Langasek.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-08-09 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/passverify.c (check_shadow_expiry): Correct
check for expired date.
* modules/pam_unix/pam_unix_passwd.c (_pam_unix_approve_pass): Remove
check for password length. Bug #2923437.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: workaround
Commit summary:
---------------
2010-08-04 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/passverify.c (PAMH_ARG_DECL): Don't request
password change if time is not yet set (1.1.1970). Bug #2730965.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2009-12-08 Thorsten Kukuk <kukuk@thkukuk.de>
* configure.in: Rename DEBUG to PAM_DEBUG.
* libpam/pam_env.c: Likewise
* libpam/pam_handlers.c: Likewise
* libpam/pam_miscc.c: Likewise
* libpam/pam_password.c: Likewise
* libpam/include/security/_pam_macros.h: Likewise
* libpamc/test/modules/pam_secret.c: Likewise
* modules/pam_group/pam_group.c: Likewise
* modules/pam_listfile/pam_listfile.c: Likewise
* modules/pam_unix/pam_unix_auth.c: Likewise
* modules/pam_unix/pam_unix_passwd.c: Likewise
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2009-12-08 Tomas Mraz <t8m@centrum.cz>
* modules/pam_unix/passverify.c(unix_update_shadow): Create a shadow
entry if not present in the file.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
This makes Linux-PAM compile able with uClibc or on embedded systems
without full libc/libnsl.
2009-06-29 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/yppasswd_xdr.c: Remove unnecessary header files.
* modules/pam_unix/support.c (_unix_getpwnam): Only compile in NIS
support if all necessary functions exist.
* modules/pam_unix/pam_unix_passwd.c (getNISserver): Add debug
option, handle correct if OS has no NIS support.
* modules/pam_access/pam_access.c (netgroup_match): Check if
yp_get_default_domain and innetgr are available at compile time.
* configure.in: Check for functions: innetgr, getdomainname
check for headers: rpcsvc/ypclnt.h, rpcsvc/yp_prot.h.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: docu fix
Commit summary:
---------------
2009-06-29 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/pam_unix.8.xml: Fix blowfish description.
Reported by Diego E. “Flameeyes” Pettenò.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2009-06-26 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_namespace/Makefile.am: Fix make maintainer-clean,
fix docu dependencies.
* modules/pam_xauth/Makefile.am: Fix make maintainer-clean.
* modules/pam_access/Makefile.am: Likewise.
* modules/pam_debug/Makefile.am: Likewise.
* modules/pam_deny/Makefile.am: Likewise.
* modules/pam_echo/Makefile.am: Likewise.
* modules/pam_env/Makefile.am: Likewise.
* modules/pam_faildelay/Makefile.am: Likewise.
* modules/pam_ftp/Makefile.am: Likewise.
* modules/pam_group/Makefile.am: Likewise.
* modules/pam_issue/Makefile.am: Likewise.
* modules/pam_keyinit/Makefile.am: Likewise.
* modules/pam_lastlog/Makefile.am: Likewise.
* modules/pam_limits/Makefile.am: Likewise.
* modules/pam_listfile/Makefile.am: Likewise.
* modules/pam_localuser/Makefile.am: Likewise.
* modules/pam_loginuid/Makefile.am: Likewise.
* modules/pam_mail/Makefile.am: Likewise.
* modules/pam_mkhomedir/Makefile.am: Likewise.
* modules/pam_motd/Makefile.am: Likewise.
* modules/pam_nologin/Makefile.am: Likewise.
* modules/pam_pwhistory/Makefile.am: Likewise.
* modules/pam_rhosts/Makefile.am: Likewise.
* modules/pam_rootok/Makefile.am: Likewise.
* modules/pam_securetty/Makefile.am: Likewise.
* modules/pam_shells/Makefile.am: Likewise.
* modules/pam_succeed_if/Makefile.am: Likewise.
* modules/pam_tally2/Makefile.am: Likewise.
* modules/pam_tally/Makefile.am: Likewise.
* modules/pam_time/Makefile.am: Likewise.
* modules/pam_timestamp/Makefile.am: Likewise.
* modules/pam_tty_audit/Makefile.am: Likewise.
* modules/pam_umask/Makefile.am: Likewise.
* modules/pam_unix/Makefile.am: Likewise.
* modules/pam_warn/Makefile.am: Likewise.
* modules/pam_wheel/Makefile.am: Likewise.
* modules/pam_filter/Makefile.am: Likewise.
* configure.in: Make regeneration of docu configureable,
rename enable_man to enable_docu.
* modules/pam_env/pam_env.c (_pam_parse): Fix typo in debug
code.
* modules/pam_cracklib/Makefile.am: Don't install docu if
module is disabled for building.
* modules/pam_userdb/Makefile.am: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2009-06-26 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/pam_unix_passwd.c: Remove dead SELinux
code.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Fix blowfish support
009-06-25 Thorsten Kukuk <kukuk@thkukuk.de>
* configure.in: Rename crypt_gensalt_rn to crypt_gensalt_r
* modules/pam_unix/passverify.c: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2009-06-01 Ville Skyttä <ville.skytta@iki.fi>
* modules/pam_limits/pam_limits.8.xml: Only *.conf
files are parsed. Spelling fixes.
* modules/pam_access/pam_access.8.xml: Spelling fixes.
* modules/pam_cracklib/pam_cracklib.8.xml: Likewise.
* modules/pam_echo/pam_echo.8.xml: Likewise.
* modules/pam_env/pam_env.8.xml: Likewise.
* modules/pam_exec/pam_exec.8.xml: Likewise.
* modules/pam_filter/pam_filter.8.xml: Likewise.
* modules/pam_ftp/pam_ftp.8.xml: Likewise.
* modules/pam_group/pam_group.8.xml: Likewise.
* modules/pam_issue/pam_issue.8.xml: Likewise.
* modules/pam_lastlog/pam_lastlog.8.xml: Likewise.
* modules/pam_listfile/pam_listfile.8.xml: Likewise.
* modules/pam_localuser/pam_localuser.8.xml: Likewise.
* modules/pam_loginuid/pam_loginuid.8.xml: Likewise.
* modules/pam_mkhomedir/pam_mkhomedir.8.xml: Likewise.
* modules/pam_motd/pam_motd.8.xml: Likewise.
* modules/pam_namespace/pam_namespace.8.xml: Likewise.
* modules/pam_pwhistory/pam_pwhistory.8.xml: Likewise.
* modules/pam_selinux/pam_selinux.8.xml: Likewise.
* modules/pam_succeed_if/pam_succeed_if.8.xml: Likewise.
* modules/pam_tally/pam_tally.8.xml: Likewise.
* modules/pam_tally2/pam_tally2.8.xml: Likewise.
* modules/pam_time/pam_time.8.xml: Likewise.
* modules/pam_timestamp/pam_timestamp.8.xml: Likewise.
* modules/pam_timestamp/pam_timestamp_check.8.xml: Likewise.
* modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise.
* modules/pam_umask/pam_umask.8.xml: Likewise.
* modules/pam_unix/pam_unix.8.xml: Likewise.
* modules/pam_xauth/pam_xauth.8.xml: Likewise.
|
