| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: remainder of bugfix
Commit summary:
---------------
Somehow, this got left out of an earlier commit. This checkin completes
the support for fixing bug 132880.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: support for glibc-2.2.2
Commit summary:
---------------
This module needed another #include to support a recent spin of
the glibc headers.
|
| |
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
wasn't linking conv.o into the module.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: minor security bugfix
Commit summary:
---------------
Fixes for the password helper binaries.
Before, there was no check that the password entered was actually that
of the intended user being authenticated. Instead, the password was
checked for the requesting user. While this disstinction sounds like a
security hole, its actually not been a problem in practice. The helper
binaries have only been used in the case that the application is not
setuid-0 and as such even if an improper authentication succeeded, the
application could not change its uid from that of the requesting user.
|
| |
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Needed to link lastlog module with -lutil (on some systems).
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
On systems that have a separate libcrypt. This module needed to be
linked against it.
|
| |
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
non-default config file option fixes (module and in documentation).
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
ia64 support - it behaves like an alpha wrt md5, but then unsigned int
is 32 bits everywhere(*) these days, so just remove the #ifdef nonsense.
|
| |
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Appear to have left these fixes out with last commit to resolve 117434.
|
| |
|
|
|
|
|
|
| |
Purpose of commit: portability bugfix
Commit summary:
---------------
Removed non-posix shell command from pam_filter Makefile.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature / bugfix
Commit summary:
---------------
This changes the format of pam_unix log messages, per bug 126423. The
change is extensive (every call to _log_err() now has an additional
argument) but straightforward.
These changes to the logging code incidentally fix the problem reported in
bug 126431.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
Changes format of pam_unix 'authentication failure' log messages for
purposes of consistency and clarity.
Note that we do not log the 'user=' item in the case of an invalid username
unless the audit flag is turned on.
Note also that the way we currently log these failures isn't i18n-friendly.
I imagine this will need correcting at some point in the future.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: portable handling of utmp in pam_unix
Commit summary:
---------------
Fixes problem with PAM_getlogin() on Solaris (and hopefully other Unices),
as per David Lee's report.
|
| |
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
removed static variables from pam_tally - should be thread safe now.
|
| |
|
|
|
|
|
|
| |
Purpose of commit: copyright notice
Commit summary:
---------------
Added an original sources copyright notice to pam_access (from logdaemon).
|
| |
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
* pam_mail - use PAM_PATH_MAILDIR as the location of mail spool
|
| |
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
* removed unnecessary CVS Log tags from all over the source
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
* pam_tally - check for PAM_TTY if PAM_RHOST is not set when writing
to faillog
|
| |
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
- fixed wrong definition of struct pam_module (was pam_wheel)
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Makefile dependencies
pam_userdb did not compile on a Red Hat 5.2 system. It does now.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
add change_uid option to pam_limits, and set real uid only
if this option is present
|
| |
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
set real uid to the user for who we set limits
|
| |
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
removed static variables from pam_limits.
|
| |
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
removed static variable from pam_wheel module.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Added pam_time/pam_group fixes for infinite loop when reading
'\\[^\n]' in their config files and also added support for '/'.
The latter makes both of these modules support modern tty handling.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
avoid possibility of SIGPIPE from helper binary non-invocation or
early exit.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
fixed the bogus logic in 'similiar' (renamed it to similar) and
documented the new override argument: difignore.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
Added accessconf= option to the module to override the
default access.conf file.
Feature request from Aldrin Martoq and Meelis Roos.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
The pam_limits module did not allow support for a changed number
of limits recognized by the kernel.
Bug identified and resolved by Adam J. Richter of Yggdrasil.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: autoconf support for Linux-PAM
Commit summary:
---------------
This is a merge of the autoconf support that was developed against
a 0-72 branch.
[Note, because CVS has some issues, this is actually only 95% of
the actual commit. The other files were actually committed when
the preparation branch Linux-PAM-0-73pre-autoconf was updated.
Hopefully, this will complete the merge.]
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: merge in the autoconf stuff
Commit summary:
---------------
this is a merge of the 0-72 autoconf branch to something more
up to date. This commit will be followed by merging this
Linux-PAM-0-73pre-autoconf branch to the main trunk.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
modules shouldn't be built with -lpam as it causes problems for
first time installs.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
The "likeauth" module argument did not work for pam_pwdb and
pam_unix. This commit fixes it.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix to pam_unix
Commit summary:
---------------
Fixed case where pam_unix would segfault if the app's conversation function
returned a null pointer as the password. Since a null pointer can never be
a valid password unless the password file also has a null field (which we
already check for), we now check for a valid pointer and return PAM_AUTH_ERR
if we don't have one.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix for pam_shells under Solaris
Commit summary:
---------------
Solaris' C compiler doesn't seem to respect concatenation of strings in
a function argument list. Changed arguments to _pam_log() in the pam_shells
command to get around this.
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix to pam_unix_auth
Commit summary:
---------------
Fix for 'likeauth' handling in the pam_unix_auth module. If pam_setcred
needs to return the same value as returned by pam_authenticate, malloc()
space for this return value and pass its address to pam_set_data().
Also, changes pam_sm_setcred() so that it reads this value properly.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Fix to pam_unix password changing code: if the password file is locked,
retry repeatedly to reduce the risk of leaving other authentication
databases in an inconsistent state when we fail.
|
| |
|
