| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change introduces pam_modutil_sanitize_helper_fds - a new function
that redirects standard descriptors and closes all other descriptors.
pam_modutil_sanitize_helper_fds supports three types of input and output
redirection:
- PAM_MODUTIL_IGNORE_FD: do not redirect at all.
- PAM_MODUTIL_PIPE_FD: redirect to a pipe. For stdin, it is implemented
by creating a pipe, closing its write end, and redirecting stdin to
its read end. Likewise, for stdout/stderr it is implemented by
creating a pipe, closing its read end, and redirecting to its write
end. Unlike stdin redirection, stdout/stderr redirection to a pipe
has a side effect that a process writing to such descriptor should be
prepared to handle SIGPIPE appropriately.
- PAM_MODUTIL_NULL_FD: redirect to /dev/null. For stdin, it is
implemented via PAM_MODUTIL_PIPE_FD because there is no functional
difference. For stdout/stderr, it is classic redirection to
/dev/null.
PAM_MODUTIL_PIPE_FD is usually more suitable due to linux kernel
security restrictions, but when the helper process might be writing to
the corresponding descriptor and termination of the helper process by
SIGPIPE is not desirable, one should choose PAM_MODUTIL_NULL_FD.
* libpam/pam_modutil_sanitize.c: New file.
* libpam/Makefile.am (libpam_la_SOURCES): Add it.
* libpam/include/security/pam_modutil.h (pam_modutil_redirect_fd,
pam_modutil_sanitize_helper_fds): New declarations.
* libpam/libpam.map (LIBPAM_MODUTIL_1.1.9): New interface.
* modules/pam_exec/pam_exec.c (call_exec): Use
pam_modutil_sanitize_helper_fds.
* modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Likewise.
* modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Likewise.
* modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary):
Likewise.
* modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
* modules/pam_xauth/pam_xauth.c (run_coprocess): Likewise.
* modules/pam_unix/support.h (MAX_FD_NO): Remove.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is no need to copy strings passed as arguments to execve,
the only potentially noticeable effect of using strdup/x_strdup
would be a malformed argument list in case of memory allocation error.
Also, x_strdup, being a thin wrapper around strdup, is of no benefit
when its argument is known to be non-NULL, and should not be used in
such cases.
* modules/pam_cracklib/pam_cracklib.c (password_check): Use strdup
instead of x_strdup, the latter is of no benefit in this case.
* modules/pam_ftp/pam_ftp.c (lookup): Likewise.
* modules/pam_userdb/pam_userdb.c (user_lookup): Likewise.
* modules/pam_userdb/pam_userdb.h (x_strdup): Remove.
* modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Do not use
x_strdup for strings passed as arguments to execve.
* modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Likewise.
* modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): Likewise.
* modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
(_unix_verify_password): Use strdup instead of x_strdup, the latter
is of no benefit in this case.
* modules/pam_xauth/pam_xauth.c (run_coprocess): Do not use strdup for
strings passed as arguments to execv.
|
| |
|
|
|
| |
* modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): ask
for old password if NIS account.
|
| |
|
|
| |
* modules/pam_unix/support.h: Add UNIX_DES
|
| |
|
|
|
| |
* modules/pam_unix/pam_unix_acct.c: Check setuid return value.
* modules/pam_unix/support.c: Likewise.
|
| |
|
|
| |
modules/pam_unix/support.c(_set_ctrl): Write to *rounds only if non-NULL.
|
| |
|
|
| |
modules/pam_unix/pam_unix_passwd.c: Add missing ')'..
|
| |
|
|
| |
* modules/pam_unix/pam_unix_acct.c: fix last change
|
| |
|
|
|
|
| |
* modules/pam_unix/pam_unix_acct.c: run waitpid in a while loop.
* modules/pam_unix/pam_unix_passwd.c: Likewise.
* modules/pam_unix/support.c: Likewise.
|
| |
|
|
|
| |
modules/pam_unix/unix_update.8.xml: unix_update helper runs in the
permissive mode as well.
|
| |
|
|
|
|
|
|
|
| |
other one is specified as argument.
* modules/pam_unix/support.c: Add search_key, call from __set_ctrl
* modules/pam_unix/support.h: Add define for /etc/login.defs
* modules/pam_unix/pam_unix.8.xml: Document new behavior.
* modules/pam_umask/pam_umask.c: Add missing NULL pointer check
|
| |
|
|
|
| |
modules/pam_namespace/md5.c (MD5Final): Use memcpy instead of assignment.
modules/pam_unix/md5.c (MD5Final): Use memcpy instead of assignment.
|
| |
|
|
|
| |
modules/pam_pwhistory/opasswd.c (compare_password): Add check for crypt() NULL return.
modules/pam_unix/bigcrypt.c (bigcrypt): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
glibc's <sys/wait.h> starting with commit
http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=glibc-2.15-231-gd94a467
does not include <sys/resource.h> for POSIX 2008 conformance reasons, so
when pam is being built with SELinux support enabled, pam_unix_passwd.c
uses getrlimit(2) and therefore should include <sys/resource.h> without
relying on other headers.
* modules/pam_unix/pam_unix_passwd.c: Include <sys/resource.h>.
Reported-by: Guido Trentalancia <guido@trentalancia.com>
Reported-by: "Jory A. Pratt" <anarchy@gentoo.org>
Reported-by: Diego Elio Pettenò <flameeyes@flameeyes.eu>
|
| |
|
|
|
|
|
| |
modules/pam_limits/limits.conf.5.xml: Document race of maxlogins [#10]
modules/pam_namespace/pam_namespace.h: Define MS_SLAVE if necessary
modules/pam_pwhistory/pam_pwhistory.c: Document how the module works
modules/pam_unix/pam_unix.8.xml: Document remember option obsoleted by pam_pwhistory [#6]
|
| |
|
|
|
|
|
|
| |
sys/resource.h.
Signed-off-by: Diego Elio Pettenò <flameeyes@flameeyes.eu>
modules/pam_unix/pam_unix_acct.c: Include sys/resource.h.
|
| |
|
|
|
|
| |
* modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Adjust syslog message.
* modules/pam_unix/passverify.c (create_password_hash): Check for crypt()
returning NULL.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In --enable-static-modules mode, it was not possible to use "pam_unix"
in PAM config files. Instead, different names had to be used for each
management group: pam_unix_auth, pam_unix_acct, pam_unix_passwd and
pam_unix_session. This change makes pam_unix configuration consistent
with other PAM modules.
* README: Remove the paragraph describing pam_unix distinctions in
--enable-static-modules mode.
* libpam/pam_static_modules.h (_pam_unix_acct_modstruct,
_pam_unix_auth_modstruct, _pam_unix_passwd_modstruct,
_pam_unix_session_modstruct): Remove.
(_pam_unix_modstruct): New pam_module declaration.
* modules/pam_unix/pam_unix_static.h: New file.
* modules/pam_unix/pam_unix_static.c: Likewise.
* modules/pam_unix/Makefile.am (noinst_HEADERS): Add pam_unix_static.h
(pam_unix_la_SOURCES) [STATIC_MODULES]: Add pam_unix_static.c
* modules/pam_unix/pam_unix_acct.c [PAM_STATIC]: Include
pam_unix_static.h
[PAM_STATIC] (_pam_unix_acct_modstruct): Remove.
* modules/pam_unix/pam_unix_auth.c [PAM_STATIC]: Include
pam_unix_static.h
[PAM_STATIC] (_pam_unix_auth_modstruct): Remove.
* modules/pam_unix/pam_unix_passwd.c [PAM_STATIC]: Include
pam_unix_static.h
[PAM_STATIC] (_pam_unix_passwd_modstruct): Remove.
* modules/pam_unix/pam_unix_sess.c [PAM_STATIC]: Include
pam_unix_static.h
[PAM_STATIC] (_pam_unix_session_modstruct): Remove.
Suggested-by: Matveychikov Ilya <i.matveychikov@securitycode.ru>
|
| |
|
|
|
|
|
| |
* modules/pam_unix/pam_unix_passwd.c (check_old_password): Make
sure we match only the whole username in opasswd entry.
* modules/pam_unix/passverify.c (save_old_password): Likewise make
sure we match only the whole username in opasswd entry.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GNU automake documentation recommends to avoid using -l options in
LDADD or LIBADD when referring to libraries built by the package.
Instead, it recommends to write the file name of the library explicitly,
and use -l option only to list third-party libraries. As result, the
default value of *_DEPENDENCIES will list all local libraries and omit
the other ones.
* modules/pam_access/Makefile.am (pam_access_la_LIBADD): Replace
"-L$(top_builddir)/libpam -lpam" with
"$(top_builddir)/libpam/libpam.la", to follow GNU automake
recommendations.
* modules/pam_cracklib/Makefile.am (pam_cracklib_la_LIBADD): Likewise.
* modules/pam_debug/Makefile.am (pam_debug_la_LIBADD): Likewise.
* modules/pam_deny/Makefile.am (pam_deny_la_LIBADD): Likewise.
* modules/pam_echo/Makefile.am (pam_echo_la_LIBADD): Likewise.
* modules/pam_env/Makefile.am (pam_env_la_LIBADD): Likewise.
* modules/pam_exec/Makefile.am (pam_exec_la_LIBADD): Likewise.
* modules/pam_faildelay/Makefile.am (pam_faildelay_la_LIBADD): Likewise.
* modules/pam_filter/Makefile.am (pam_filter_la_LIBADD): Likewise.
* modules/pam_filter/upperLOWER/Makefile.am (LDADD): Likewise.
* modules/pam_ftp/Makefile.am (pam_ftp_la_LIBADD): Likewise.
* modules/pam_group/Makefile.am (pam_group_la_LIBADD): Likewise.
* modules/pam_issue/Makefile.am (pam_issue_la_LIBADD): Likewise.
* modules/pam_keyinit/Makefile.am (pam_keyinit_la_LIBADD): Likewise.
* modules/pam_lastlog/Makefile.am (pam_lastlog_la_LIBADD): Likewise.
* modules/pam_limits/Makefile.am (pam_limits_la_LIBADD): Likewise.
* modules/pam_listfile/Makefile.am (pam_listfile_la_LIBADD): Likewise.
* modules/pam_localuser/Makefile.am (pam_localuser_la_LIBADD): Likewise.
* modules/pam_loginuid/Makefile.am (pam_loginuid_la_LIBADD): Likewise.
* modules/pam_mail/Makefile.am (pam_mail_la_LIBADD): Likewise.
* modules/pam_mkhomedir/Makefile.am (pam_mkhomedir_la_LIBADD,
mkhomedir_helper_LDADD): Likewise.
* modules/pam_motd/Makefile.am (pam_motd_la_LIBADD): Likewise.
* modules/pam_namespace/Makefile.am (pam_namespace_la_LIBADD): Likewise.
* modules/pam_nologin/Makefile.am (pam_nologin_la_LIBADD): Likewise.
* modules/pam_permit/Makefile.am (pam_permit_la_LIBADD): Likewise.
* modules/pam_pwhistory/Makefile.am (pam_pwhistory_la_LIBADD): Likewise.
* modules/pam_rhosts/Makefile.am (pam_rhosts_la_LIBADD): Likewise.
* modules/pam_rootok/Makefile.am (pam_rootok_la_LIBADD): Likewise.
* modules/pam_securetty/Makefile.am (pam_securetty_la_LIBADD): Likewise.
* modules/pam_sepermit/Makefile.am (pam_sepermit_la_LIBADD): Likewise.
* modules/pam_shells/Makefile.am (pam_shells_la_LIBADD): Likewise.
* modules/pam_stress/Makefile.am (pam_stress_la_LIBADD): Likewise.
* modules/pam_succeed_if/Makefile.am (pam_succeed_if_la_LIBADD):
Likewise.
* modules/pam_tally/Makefile.am (pam_tally_la_LIBADD): Likewise.
* modules/pam_tally2/Makefile.am (pam_tally2_la_LIBADD,
pam_tally2_LDADD): Likewise.
* modules/pam_time/Makefile.am (pam_time_la_LIBADD): Likewise.
* modules/pam_timestamp/Makefile.am (pam_timestamp_la_LIBADD,
pam_timestamp_check_LDADD, hmacfile_LDADD): Likewise.
* modules/pam_tty_audit/Makefile.am (pam_tty_audit_la_LIBADD): Likewise.
* modules/pam_umask/Makefile.am (pam_umask_la_LIBADD): Likewise.
* modules/pam_unix/Makefile.am (pam_unix_la_LIBADD): Likewise.
* modules/pam_userdb/Makefile.am (pam_userdb_la_LIBADD): Likewise.
* modules/pam_warn/Makefile.am (pam_warn_la_LIBADD): Likewise.
* modules/pam_wheel/Makefile.am (pam_wheel_la_LIBADD): Likewise.
* modules/pam_xauth/Makefile.am (pam_xauth_la_LIBADD): Likewise.
* tests/Makefile.am (LDADD): Likewise.
* examples/Makefile.am (LDADD): Replace "-L$(top_builddir)/libpam -lpam"
with "$(top_builddir)/libpam/libpam.la", and
"-L$(top_builddir)/libpam_misc -lpam_misc" with
"$(top_builddir)/libpam_misc/libpam_misc.la", to follow GNU automake
recommendations.
* xtests/Makefile.am (LDADD): Likewise.
* modules/pam_selinux/Makefile.am (pam_selinux_la_LIBADD): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* .gitignore: Add common ignore patterns.
* m4/.gitignore: Unignore local m4 files.
* dynamic/.gitignore: Unignore Makefile.
* libpamc/test/modules/.gitignore: Likewise.
* libpamc/test/regress/.gitignore: Likewise.
* po/.gitignore: Add Makevars.template.
* conf/.gitignore: Remove common ignore patterns.
* conf/pam_conv1/.gitignore: Likewise.
* doc/.gitignore: Likewise.
* doc/specs/.gitignore: Likewise.
* doc/specs/formatter/.gitignore: Likewise.
* examples/.gitignore: Likewise.
* modules/pam_filter/upperLOWER/.gitignore: Likewise.
* modules/pam_mkhomedir/.gitignore: Likewise.
* modules/pam_selinux/.gitignore: Likewise.
* modules/pam_stress/.gitignore: Likewise.
* modules/pam_tally/.gitignore: Likewise.
* modules/pam_tally2/.gitignore: Likewise.
* modules/pam_timestamp/.gitignore: Likewise.
* modules/pam_unix/.gitignore: Likewise.
* tests/.gitignore: Likewise.
* xtests/.gitignore: Likewise.
* doc/adg/.gitignore: Remove.
* doc/man/.gitignore: Remove.
* doc/mwg/.gitignore: Remove.
* doc/sag/.gitignore: Remove.
* libpamc/.gitignore: Remove.
* libpamc/test/.gitignore: Remove.
* libpam/.gitignore: Remove.
* libpam_misc/.gitignore: Remove.
* modules/.gitignore: Remove.
* modules/pam_access/.gitignore: Remove.
* modules/pam_cracklib/.gitignore: Remove.
* modules/pam_debug/.gitignore: Remove.
* modules/pam_deny/.gitignore: Remove.
* modules/pam_echo/.gitignore: Remove.
* modules/pam_env/.gitignore: Remove.
* modules/pam_exec/.gitignore: Remove.
* modules/pam_faildelay/.gitignore: Remove.
* modules/pam_filter/.gitignore: Remove.
* modules/pam_ftp/.gitignore: Remove.
* modules/pam_group/.gitignore: Remove.
* modules/pam_issue/.gitignore: Remove.
* modules/pam_keyinit/.gitignore: Remove.
* modules/pam_lastlog/.gitignore: Remove.
* modules/pam_limits/.gitignore: Remove.
* modules/pam_listfile/.gitignore: Remove.
* modules/pam_localuser/.gitignore: Remove.
* modules/pam_loginuid/.gitignore: Remove.
* modules/pam_mail/.gitignore: Remove.
* modules/pam_motd/.gitignore: Remove.
* modules/pam_namespace/.gitignore: Remove.
* modules/pam_nologin/.gitignore: Remove.
* modules/pam_permit/.gitignore: Remove.
* modules/pam_pwhistory/.gitignore: Remove.
* modules/pam_rhosts/.gitignore: Remove.
* modules/pam_rootok/.gitignore: Remove.
* modules/pam_securetty/.gitignore: Remove.
* modules/pam_sepermit/.gitignore: Remove.
* modules/pam_shells/.gitignore: Remove.
* modules/pam_succeed_if/.gitignore: Remove.
* modules/pam_time/.gitignore: Remove.
* modules/pam_tty_audit/.gitignore: Remove.
* modules/pam_umask/.gitignore: Remove.
* modules/pam_userdb/.gitignore: Remove.
* modules/pam_warn/.gitignore: Remove.
* modules/pam_wheel/.gitignore: Remove.
* modules/pam_xauth/.gitignore: Remove.
|
| | |
|
| |
|
|
|
|
| |
Cleanup trailing whitespaces, indentation that uses spaces before tabs,
and blank lines at EOF. Make the project free of warnings reported by
git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD
|
| | |
|
| |
|
|
| |
module type.
|
| |
|
|
|
|
|
|
|
|
| |
* configure.in: Check for libtirpc bye default.
* libpam/Makefile.am: Add support for libtirpc.
* modules/pam_access/Makefile.am: Likewise.
* modules/pam_unix/Makefile.am: Likewise.
* modules/pam_unix/pam_unix_passwd.c: Change ifdefs for
new libtirpc support.
* modules/pam_unix/yppasswd_xdr.c: Only compile if we have rpc/rpc.h.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2011-03-17 Tomas Mraz <tm@t8m.info>
* modules/pam_selinux/pam_selinux.c (config_context): Fix leak of type.
(manual_context): Likewise.
(context_from_env): Remove extraneous auditing in success case.
* modules/pam_unix/support.c (_unix_run_helper_binary): Remove extra
close() call.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-21 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/support.c (_unix_getpwnam): Don't allocate
unneeded buffer for uid/gid [sf#3059572].
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2010-08-17 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/pam_unix_passwd.c: Implement minlen option.
* modules/pam_unix/support.c: Likewise.
* modules/pam_unix/support.h: Likewise.
* modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Adjust
arguments for _set_ctrl call.
* modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise.
* modules/pam_unix/pam_unix_session.c: Likewise.
* modules/pam_unix/pam_unix.8.xml: Document minlen option.
Based on patch by Steve Langasek.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-08-09 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/passverify.c (check_shadow_expiry): Correct
check for expired date.
* modules/pam_unix/pam_unix_passwd.c (_pam_unix_approve_pass): Remove
check for password length. Bug #2923437.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: workaround
Commit summary:
---------------
2010-08-04 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/passverify.c (PAMH_ARG_DECL): Don't request
password change if time is not yet set (1.1.1970). Bug #2730965.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2009-12-08 Thorsten Kukuk <kukuk@thkukuk.de>
* configure.in: Rename DEBUG to PAM_DEBUG.
* libpam/pam_env.c: Likewise
* libpam/pam_handlers.c: Likewise
* libpam/pam_miscc.c: Likewise
* libpam/pam_password.c: Likewise
* libpam/include/security/_pam_macros.h: Likewise
* libpamc/test/modules/pam_secret.c: Likewise
* modules/pam_group/pam_group.c: Likewise
* modules/pam_listfile/pam_listfile.c: Likewise
* modules/pam_unix/pam_unix_auth.c: Likewise
* modules/pam_unix/pam_unix_passwd.c: Likewise
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2009-12-08 Tomas Mraz <t8m@centrum.cz>
* modules/pam_unix/passverify.c(unix_update_shadow): Create a shadow
entry if not present in the file.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
This makes Linux-PAM compile able with uClibc or on embedded systems
without full libc/libnsl.
2009-06-29 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/yppasswd_xdr.c: Remove unnecessary header files.
* modules/pam_unix/support.c (_unix_getpwnam): Only compile in NIS
support if all necessary functions exist.
* modules/pam_unix/pam_unix_passwd.c (getNISserver): Add debug
option, handle correct if OS has no NIS support.
* modules/pam_access/pam_access.c (netgroup_match): Check if
yp_get_default_domain and innetgr are available at compile time.
* configure.in: Check for functions: innetgr, getdomainname
check for headers: rpcsvc/ypclnt.h, rpcsvc/yp_prot.h.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: docu fix
Commit summary:
---------------
2009-06-29 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/pam_unix.8.xml: Fix blowfish description.
Reported by Diego E. “Flameeyes” Pettenò.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2009-06-26 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_namespace/Makefile.am: Fix make maintainer-clean,
fix docu dependencies.
* modules/pam_xauth/Makefile.am: Fix make maintainer-clean.
* modules/pam_access/Makefile.am: Likewise.
* modules/pam_debug/Makefile.am: Likewise.
* modules/pam_deny/Makefile.am: Likewise.
* modules/pam_echo/Makefile.am: Likewise.
* modules/pam_env/Makefile.am: Likewise.
* modules/pam_faildelay/Makefile.am: Likewise.
* modules/pam_ftp/Makefile.am: Likewise.
* modules/pam_group/Makefile.am: Likewise.
* modules/pam_issue/Makefile.am: Likewise.
* modules/pam_keyinit/Makefile.am: Likewise.
* modules/pam_lastlog/Makefile.am: Likewise.
* modules/pam_limits/Makefile.am: Likewise.
* modules/pam_listfile/Makefile.am: Likewise.
* modules/pam_localuser/Makefile.am: Likewise.
* modules/pam_loginuid/Makefile.am: Likewise.
* modules/pam_mail/Makefile.am: Likewise.
* modules/pam_mkhomedir/Makefile.am: Likewise.
* modules/pam_motd/Makefile.am: Likewise.
* modules/pam_nologin/Makefile.am: Likewise.
* modules/pam_pwhistory/Makefile.am: Likewise.
* modules/pam_rhosts/Makefile.am: Likewise.
* modules/pam_rootok/Makefile.am: Likewise.
* modules/pam_securetty/Makefile.am: Likewise.
* modules/pam_shells/Makefile.am: Likewise.
* modules/pam_succeed_if/Makefile.am: Likewise.
* modules/pam_tally2/Makefile.am: Likewise.
* modules/pam_tally/Makefile.am: Likewise.
* modules/pam_time/Makefile.am: Likewise.
* modules/pam_timestamp/Makefile.am: Likewise.
* modules/pam_tty_audit/Makefile.am: Likewise.
* modules/pam_umask/Makefile.am: Likewise.
* modules/pam_unix/Makefile.am: Likewise.
* modules/pam_warn/Makefile.am: Likewise.
* modules/pam_wheel/Makefile.am: Likewise.
* modules/pam_filter/Makefile.am: Likewise.
* configure.in: Make regeneration of docu configureable,
rename enable_man to enable_docu.
* modules/pam_env/pam_env.c (_pam_parse): Fix typo in debug
code.
* modules/pam_cracklib/Makefile.am: Don't install docu if
module is disabled for building.
* modules/pam_userdb/Makefile.am: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2009-06-26 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/pam_unix_passwd.c: Remove dead SELinux
code.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Fix blowfish support
009-06-25 Thorsten Kukuk <kukuk@thkukuk.de>
* configure.in: Rename crypt_gensalt_rn to crypt_gensalt_r
* modules/pam_unix/passverify.c: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2009-06-01 Ville Skyttä <ville.skytta@iki.fi>
* modules/pam_limits/pam_limits.8.xml: Only *.conf
files are parsed. Spelling fixes.
* modules/pam_access/pam_access.8.xml: Spelling fixes.
* modules/pam_cracklib/pam_cracklib.8.xml: Likewise.
* modules/pam_echo/pam_echo.8.xml: Likewise.
* modules/pam_env/pam_env.8.xml: Likewise.
* modules/pam_exec/pam_exec.8.xml: Likewise.
* modules/pam_filter/pam_filter.8.xml: Likewise.
* modules/pam_ftp/pam_ftp.8.xml: Likewise.
* modules/pam_group/pam_group.8.xml: Likewise.
* modules/pam_issue/pam_issue.8.xml: Likewise.
* modules/pam_lastlog/pam_lastlog.8.xml: Likewise.
* modules/pam_listfile/pam_listfile.8.xml: Likewise.
* modules/pam_localuser/pam_localuser.8.xml: Likewise.
* modules/pam_loginuid/pam_loginuid.8.xml: Likewise.
* modules/pam_mkhomedir/pam_mkhomedir.8.xml: Likewise.
* modules/pam_motd/pam_motd.8.xml: Likewise.
* modules/pam_namespace/pam_namespace.8.xml: Likewise.
* modules/pam_pwhistory/pam_pwhistory.8.xml: Likewise.
* modules/pam_selinux/pam_selinux.8.xml: Likewise.
* modules/pam_succeed_if/pam_succeed_if.8.xml: Likewise.
* modules/pam_tally/pam_tally.8.xml: Likewise.
* modules/pam_tally2/pam_tally2.8.xml: Likewise.
* modules/pam_time/pam_time.8.xml: Likewise.
* modules/pam_timestamp/pam_timestamp.8.xml: Likewise.
* modules/pam_timestamp/pam_timestamp_check.8.xml: Likewise.
* modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise.
* modules/pam_umask/pam_umask.8.xml: Likewise.
* modules/pam_unix/pam_unix.8.xml: Likewise.
* modules/pam_xauth/pam_xauth.8.xml: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2009-05-11 Tomáš Mráz <t8m@centrum.cz>
* modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): Remove
unnecessary setuid() call.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2009-04-09 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/yppasswd.h: Update license to GPLv2 or later
on request of Olaf Kirch (Author).
* modules/pam_unix/yppasswd_xdr.c: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2009-04-03 Dmitry V. Levin <ldv@altlinux.org>
* libpamc/pamc_load.c (__pamc_exec_agent): Replace call to exit(3)
in child process with call to _exit(2).
* modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Likewise.
* modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary):
Likewise.
* modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary):
Likewise.
* modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
* modules/pam_xauth/pam_xauth.c (run_coprocess): Likewise.
* modules/pam_exec/pam_exec.c (call_exec): Replace all calls to
exit(3) in child process with calls to _exit(2).
* modules/pam_filter/pam_filter.c (set_filter): Likewise.
* modules/pam_namespace/pam_namespace.c (inst_init,
cleanup_tmpdirs): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2009-03-27 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/support.c (_unix_run_helper_binary): Don't
ignore return value of write().
* libpamc/include/security/pam_client.h (PAM_BP_ASSERT): Honour
NDEBUG.
* modules/pam_timestamp/pam_timestamp.c: don't ignore return
values of lchown and fchown.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2009-03-25 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_mkhomedir/pam_mkhomedir.c: Make option handling
reentrant (#2487654)
(_pam_parse): Fix umask option.
* modules/pam_unix/passverify.c: Fix typo.
* modules/pam_issue/pam_issue.c: Fix compiler warning.
* modules/pam_ftp/pam_ftp.c: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2009-03-24 Tomas Mraz <t8m@centrum.cz>
* modules/pam_unix/passverify.c(save_old_password): Call fflush() and
fsync().
(unix_update_passwd, unix_update_shadow): Likewise.
* modules/pam_pwhistory/opasswd.c(save_old_password): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2009-03-03 Tomas Mraz <t8m@centrum.cz>
* modules/pam_unix/pam_unix_acct.c(_unix_run_verify_binary): Test
for abnormal exit of the helper binary.
* modules/pam_unix/pam_unix_passwd.c(_unix_run_update_binary): Likewise.
* modules/pam_unix/support.c(_unix_run_helper_binary): Likewise.
* modules/pam_mkhomedir/pam_mkhomedir.c(create_homedir): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2009-02-27 Tomas Mraz <t8m@centrum.cz>
* modules/pam_mkhomedir/pam_mkhomedir.c(create_homedir): Replace
signal() with sigaction().
* modules/pam_namespace/pam_namespace.c(inst_init, cleanup_tmpdirs):
Likewise.
* modules/pam_unix/pam_unix_acct.c(_unix_run_verify_binary): Likewise.
* modules/pam_unix/pam_unix_passwd.c(_unix_run_update_binary):
Likewise.
* modules/pam_unix/passverify.c(su_sighandler): Likewise.
* modules/pam_unix/support.c(_unix_run_helper_binary): Likewise.
* modules/pam_tally2/Makefile.am: Link the pam_tally2 app to libpam
for auxiliary functions.
* modules/pam_tally2/pam_tally2.8.xml: Drop non-existing no_reset
option. Document new serialize option.
* modules/pam_tally2/pam_tally2.c: Add support for the new serialize
option.
(_cleanup, tally_set_data, tally_get_data): Add tally file handle to
tally PAM data. Needed for fcntl() locking.
(get_tally): Use low level file access instead of stdio buffered FILE.
If serialize option is used lock the tally file access.
(set_tally, tally_bump, tally_reset): Use low level file access instead
of stdio buffered FILE. Close the file handle only when it is not owned
by PAM data.
(pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt): Pass the tally
file handle to tally_set_data(). Get it from tally_get_data().
(main): Use low level file access instead of stdio buffered FILE.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2009-02-26 Tomas Mraz <t8m@centrum.cz>
* xtests/Makefile.am: Add tst-pam_unix4.
* xtests/tst-pam_unix4.c: New test for password change
and shadow min days limit.
* xtests/tst-pam_unix4.pamd: Likewise.
* xtests/tst-pam_unix4.sh: Likewise.
* modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Ignore
PAM_AUTHTOK_ERR on shadow verification.
* modules/pam_unix/passverify.c (check_shadow_expiry): Return
PAM_AUTHTOK_ERR if sp_min limit for password change is defied.
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-12-01 Tomas Mraz <t8m@centrum.cz>
* modules/pam_unix/support.h: Fix masks for cipher algorithm
flags.
|
