summaryrefslogtreecommitdiff
path: root/modules
Commit message (Collapse)AuthorAge
* Relevant BUGIDs:Tomas Mraz2010-11-16
| | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-11-16 Tomas Mraz <tm@t8m.info> * modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Remove dead and duplicate code. Return PAM_INCOMPLETE instead of PAM_CONV_AGAIN.
* Relevant BUGIDs:Tomas Mraz2010-11-11
| | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-11-11 Tomas Mraz <tm@t8m.info> * modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Fix potential use after free in case SELinux is misconfigured. * modules/pam_namespace/pam_namespace.c (process_line): Fix memory leak when parsing empty config file lines.
* Relevant BUGIDs:Tomas Mraz2010-10-22
| | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-10-22 Tomas Mraz <tm@t8m.info> * modules/pam_namespace/pam_namespace.c (inst_init): Use execle() to execute the init script with clean environment. (CVE-2010-3853) (cleanup_tmpdirs): Likewise for executing rm.
* Relevant BUGIDs:Dmitry V. Levin2010-10-21
| | | | | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2010-10-21 Dmitry V. Levin <ldv@altlinux.org> * modules/pam_mkhomedir/mkhomedir_helper.c (rec_mkdir): Remove. (create_homedir): Use mkdir() instead of rec_mkdir(). (make_parent_dirs): New function. (main): Use make_parent_dirs() to create parent directories only for the home directory itself.
* Relevant BUGIDs:Thorsten Kukuk2010-10-21
| | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-10-21 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_unix/support.c (_unix_getpwnam): Don't allocate unneeded buffer for uid/gid [sf#3059572].
* Relevant BUGIDs:Thorsten Kukuk2010-10-20
| | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-10-20 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_mkhomedir/mkhomedir_helper.c (rec_mkdir): Create parent directories always with mode 0755. (create_homedir): Create main directory with mode 0700 at first.
* Relevant BUGIDs:Dmitry V. Levin2010-10-19
| | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2010-10-19 Dmitry V. Levin <ldv@altlinux.org> * modules/pam_selinux/pam_selinux.c (verbose_message): Remove. (pam_sm_open_session): Call send_text() instead of verbose_message().
* Relevant BUGIDs:Dmitry V. Levin2010-10-19
| | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-10-19 Dmitry V. Levin <ldv@altlinux.org> * modules/pam_selinux/Makefile.am (pam_selinux_la_LIBADD): Add @LIBAUDIT@.
* Relevant BUGIDs:Thorsten Kukuk2010-10-19
| | | | | | | | | | | | | | Purpose of commit: documentation Commit summary: --------------- 2010-10-19 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_env/pam_env.8.xml: Document side effects of environment variables in the stack. * modules/pam_exec/pam_exec.8.xml: Document that user can have controll over the environment.
* revert preceding patch; under discussion, no consensusSteve Langasek2010-10-11
|
* Relevant BUGIDs:Tomas Mraz2010-10-11
| | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-10-11 Tomas Mraz <t8m@centrum.cz> * modules/pam_env/pam_env.c: Change default for user_readenv to 0. * modules/pam_env/pam_env.8.xml: Document the new default for user_readenv.
* Relevant BUGIDs:Dmitry V. Levin2010-10-08
| | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-10-07 Dmitry V. Levin <ldv@altlinux.org> * modules/pam_selinux/pam_selinux.c (verbose_message): Fix format string.
* Relevant BUGIDs:Dmitry V. Levin2010-10-03
| | | | | | | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-10-04 Dmitry V. Levin <ldv@altlinux.org> * libpam/pam_modutil_priv.c: New file. * libpam/Makefile.am (libpam_la_SOURCES): Add it. * libpam/include/security/pam_modutil.h (struct pam_modutil_privs, PAM_MODUTIL_DEF_PRIVS, pam_modutil_drop_priv, pam_modutil_regain_priv): New declarations. * libpam/libpam.map (LIBPAM_MODUTIL_1.1.3): New interface. * modules/pam_env/pam_env.c (handle_env): Use new pam_modutil interface. * modules/pam_mail/pam_mail.c (_do_mail): Likewise. * modules/pam_xauth/pam_xauth.c (check_acl, pam_sm_open_session, pam_sm_close_session): Likewise. (pam_sm_open_session): Remove redundant fchown call. Fixes CVE-2010-3430, CVE-2010-3431.
* Relevant BUGIDs:Thorsten Kukuk2010-09-30
| | | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2010-09-30 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_xauth/pam_xauth.c (pam_sm_close_session): Warn if unlink() fails.
* Relevant BUGIDs:Dmitry V. Levin2010-09-28
| | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-09-27 Dmitry V. Levin <ldv@altlinux.org> * modules/pam_xauth/pam_xauth.c (pam_sm_close_session): Return PAM_SUCCESS immediately if no cookie file is defined. Return PAM_SESSION_ERR if cookie file is defined but target uid cannot be determined. Do not modify cookiefile string returned by pam_get_data.
* Relevant BUGIDs:Dmitry V. Levin2010-09-28
| | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-09-27 Dmitry V. Levin <ldv@altlinux.org> * modules/pam_xauth/pam_xauth.c (check_acl): Check that the given access control file is a regular file.
* Relevant BUGIDs:Dmitry V. Levin2010-09-20
| | | | | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2010-09-16 Dmitry V. Levin <ldv@altlinux.org> * modules/pam_env/pam_env.c (handle_env): Use setfsuid() return code. * modules/pam_mail/pam_mail.c (_do_mail): Likewise. * modules/pam_xauth/pam_xauth.c (check_acl, pam_sm_open_session, pam_sm_close_session): Likewise.
* Relevant BUGIDs:Tomas Mraz2010-08-26
| | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2010-08-26 Tomas Mraz <t8m@centrum.cz> * modules/pam_nologin/pam_nologin.c (perform_check): Try first /var/run/nologin if the nologin file is not explicitly specified. * modules/pam_nologin/pam_nologin.8.xml: Document that /var/run/nologin is tried first.
* Relevant BUGIDs:Thorsten Kukuk2010-08-17
| | | | | | | | | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2010-08-17 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_unix/pam_unix_passwd.c: Implement minlen option. * modules/pam_unix/support.c: Likewise. * modules/pam_unix/support.h: Likewise. * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Adjust arguments for _set_ctrl call. * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise. * modules/pam_unix/pam_unix_session.c: Likewise. * modules/pam_unix/pam_unix.8.xml: Document minlen option. Based on patch by Steve Langasek.
* Relevant BUGIDs:Thorsten Kukuk2010-08-13
| | | | | | | | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-08-12 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_mail/pam_mail.c: Check for mail only with user privilegs. * modules/pam_xauth/pam_xauth.c (run_coprocess): Check return value of setgid, setgroups and setuid. * modules/pam_xauth/pam_xauth.c (check_acl): Save errno for later usage. * modules/pam_env/pam_env.c (handle_env): Check if user exists, read local user config only with user privilegs.`
* Relevant BUGIDs:Thorsten Kukuk2010-08-09
| | | | | | | | | | | | | | Purpose of commit: bugfix/cleanup Commit summary: --------------- 2010-08-09 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_tally/pam_tally.8.xml: Document that pam_tally is deprecated. * modules/pam_tty_audit/Makefile.am (EXTRA_DIST): Fix make dist.
* Relevant BUGIDs: 2923437Thorsten Kukuk2010-08-09
| | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-08-09 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_unix/passverify.c (check_shadow_expiry): Correct check for expired date. * modules/pam_unix/pam_unix_passwd.c (_pam_unix_approve_pass): Remove check for password length. Bug #2923437.
* Relevant BUGIDs:Thorsten Kukuk2010-08-04
| | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-08-04 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_tally2/pam_tally2.c (get_tally): Create file with correct permissions. Patch by Diego Elio "Flameeyes" Pettenò.
* Relevant BUGIDs: 2730965Thorsten Kukuk2010-08-04
| | | | | | | | | | | | Purpose of commit: workaround Commit summary: --------------- 2010-08-04 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_unix/passverify.c (PAMH_ARG_DECL): Don't request password change if time is not yet set (1.1.1970). Bug #2730965.
* Relevant BUGIDs: #3035919, #3002340, #3037155Thorsten Kukuk2010-08-04
| | | | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-08-04 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_access/pam_access.c (user_match): Make sure that user@host will not match @@netgroup. Bug #3035919. * modules/pam_group/pam_group.c (check_account): Add '%' for UNIX groups. * modules/pam_group/group.conf: Add example for '%'. * modules/pam_group/group.conf.5.xml: Document '%' syntax. Bug #3002340, #3037155.
* Relevant BUGIDs: Debian bug #582362Steve Langasek2010-08-02
| | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- Don't pass --version-script options when linking executables, only when linking libraries Patch from Julien Cristau <jcristau@debian.org>
* Relevant BUGIDs: 2917257Thorsten Kukuk2010-07-12
| | | | | | | | | | | | | | | Purpose of commit: enhancement Commit summary: --------------- 2010-07-12 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Add audit flag to enable logging about unknown user (#2917257). * modules/pam_succeed_if/pam_succeed_if.8.xml: Document audit. * modules/pam_succeed_if/pam_succeed_if.8: Regenerated from xml. * modules/pam_succeed_if/README: Regenerated from xml.
* Relevant BUGIDs: 3004656Thorsten Kukuk2010-06-22
| | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-06-22 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_umask/pam_umask.8.xml: Remove comparisation of gid and uid for usergroups. * modules/pam_umask/pam_umask.c (setup_limits_from_gecos): Likewise. Bug #3004656
* Relevant BUGIDs: 3010705Thorsten Kukuk2010-06-15
| | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-06-15 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_xauth/pam_xauth.c (pam_sm_close_session): Call setfsuid to be allowed to remove temporary files (#3010705). (pam_sm_open_session): Call fchown with correct permissions.
* Relevant BUGIDs:Thorsten Kukuk2010-06-09
| | | | | | | | | | | | | | | Purpose of commit: bugfix Add test case for unresolved symbols 2010-06-09 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_tty_audit/Makefile.am (TESTS): Add tst-pam_tty_audit. * modules/pam_tty_audit/tst-pam_tty_audit: New. Commit summary: ---------------
* Relevant BUGIDs: Ubuntu bug #588547Steve Langasek2010-06-07
| | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-06-07 Steve Langasek <vorlon@debian.org> * modules/pam_tty_audit/Makefile.am: If we don't have the libraries required for building pam_tty_audit, we shouldn't install the manpage either.
* Relevant BUGIDs:Thorsten Kukuk2010-05-27
| | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-05-27 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_userdb/pam_userdb.c: Define HAVE_DBM for BerkDB 5.0 support. Patch by Diego Elio Pettenò.
* Relevant BUGIDs:Thorsten Kukuk2010-05-05
| | | | | | | | | | | Purpose of commit: docu fix Commit summary: --------------- 2010-04-15 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_exec/pam_exec.8.xml: Fix example.
* Relevant BUGIDs:Thorsten Kukuk2010-04-14
| | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-04-13 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_pwhistory/opasswd.c: Fix compilation if cyprt_r() is not available. * configure.in: check for getutent_r. * modules/pam_timestamp/pam_timestamp.c: Use getutent() if getutent_r() does not exist. Patch from Diego Elio "Flameeyes" Pettenò.
* Relevant BUGIDs:Thorsten Kukuk2010-04-06
| | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2010-04-06 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_rootok/pam_rootok.c: Add support for acct_mgmt and chauthtok. * modules/pam_rootok/pam_rootok.8.xml: Document new module types.
* Relevant BUGIDs: 2892529Thorsten Kukuk2009-12-08
| | | | | | | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2009-12-08 Thorsten Kukuk <kukuk@thkukuk.de> * configure.in: Rename DEBUG to PAM_DEBUG. * libpam/pam_env.c: Likewise * libpam/pam_handlers.c: Likewise * libpam/pam_miscc.c: Likewise * libpam/pam_password.c: Likewise * libpam/include/security/_pam_macros.h: Likewise * libpamc/test/modules/pam_secret.c: Likewise * modules/pam_group/pam_group.c: Likewise * modules/pam_listfile/pam_listfile.c: Likewise * modules/pam_unix/pam_unix_auth.c: Likewise * modules/pam_unix/pam_unix_passwd.c: Likewise
* Relevant BUGIDs: rhbz#545053Tomas Mraz2009-12-08
| | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2009-12-08 Tomas Mraz <t8m@centrum.cz> * modules/pam_unix/passverify.c(unix_update_shadow): Create a shadow entry if not present in the file.
* Relevant BUGIDs:Tomas Mraz2009-12-08
| | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2009-12-08 Tomas Mraz <t8m@centrum.cz> * modules/pam_listfile/pam_listfile.c(pam_sm_authenticate): Remove unused function and variable.
* Relevant BUGIDs:Tomas Mraz2009-11-19
| | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2009-11-19 Tomas Mraz <t8m@centrum.cz> * modules/pam_sepermit/pam_sepermit.c(sepermit_match): Return PAM_AUTH_ERR from the module if sepermit_lock() fails.
* Relevant BUGIDs: 2892189Tomas Mraz2009-11-18
| | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2009-11-18 Tomas Mraz <t8m@centrum.cz> * modules/pam_access/pam_access.c(user_match): Revert the netgroup match to the original behavior, add new syntax for adding the local hostname. * modules/pam_access/access.conf.5.xml: Document the new syntax for adding the local hostname to the netgroup match.
* Relevant BUGIDs:Thorsten Kukuk2009-11-10
| | | | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: regression fix Commit summary: --------------- 2009-11-10 Thorsten Kukuk <kukuk@suse.de> * doc/man/pam_get_authtok.3.xml: Document pam_get_authtok_noverify and pam_get_authtok_verify. * libpam/Makefile.am (libpam_la_LDFLAGS): Bump revesion of libpam. * libpam/pam_get_authtok.c (pam_get_authtok_internal): Renamed from pam_get_authtok, add flags argument, always check return values. * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Use pam_get_authtok_noverify and pam_get_authtok_verify. * libpam/include/security/pam_ext.h: Add prototypes for pam_get_authtok_noverify and pam_get_authtok_verify. * libpam/libpam.map: Add new pam_get_authtok_* functions.
* Relevant BUGIDs:Thorsten Kukuk2009-11-04
| | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- Add new manual page.
* Relevant BUGIDs:Tomas Mraz2009-11-02
| | | | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2009-11-02 Tomas Mraz <t8m@centrum.cz> * modules/pam_sepermit/Makefile.am: Add sepermit.conf(5) manual page. * modules/pam_sepermit/pam_sepermit.8.xml: Add reference to sepermit.conf(5). Drop some redundant text. * modules/pam_sepermit/sepermit.conf.5.xml: New file. * modules/pam_sepermit/pam_sepermit.c(sepermit_match): Implement the ignore option in sepermit.conf.
* Relevant BUGIDs: rhbz#531530Tomas Mraz2009-10-29
| | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2009-10-29 Tomas Mraz <t8m@centrum.cz> * modules/pam_xauth/Makefile.am: Link with libselinux. * modules/pam_xauth/pam_xauth.c(pam_sm_open_session): Call setfscreatecon() if selinux is enabled to create the .xauth file with the right label. Original idea by Dan Walsh.
* Relevant BUGIDs:Tomas Mraz2009-10-08
| | | | | | | | | | | Purpose of commit: documentation Commit summary: --------------- 2009-10-08 Tomas Mraz <t8m@centrum.cz> * modules/pam_tty_audit/pam_tty_audit.8.xml: Add notice about aureport add SEE ALSO section.
* Relevant BUGIDs:Tomas Mraz2009-10-06
| | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2009-10-06 Tomas Mraz <t8m@centrum.cz> * modules/pam_listfile/pam_listfile.c(pam_sm_authenticate): Just call pam_modutil_user_in_group_nam_nam() instead of reimplementation of group matching.
* Relevant BUGIDs: Debian bug #537848Steve Langasek2009-09-10
| | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2009-09-10 Steve Langasek <vorlon@debian.org> * modules/pam_securetty/pam_securetty.c: pam_securetty should not return PAM_USER_UNKNOWN when the tty is secure, regardless of what was entered as a username. Patch from Nicolas François <nicolas.francois@centraliens.net>.
* Relevant BUGIDs: Debian bug #518908Steve Langasek2009-08-31
| | | | | | | | | | | Purpose of commit: portability Commit summary: --------------- 2009-08-31 Steve Langasek <vorlon@debian.org> * modules/pam_namespace/namespace.init: make this portable to POSIX awk, instead of using GNU awk extensions.
* Relevant BUGIDs: Debian bug #470137Steve Langasek2009-08-25
| | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2009-08-25 Steve Langasek <vorlon@debian.org> * modules/pam_sepermit/pam_sepermit.8.xml: fix up one reference to pam.d(8) left behind because I've forgotten how CVS works
* Relevant BUGIDs:Thorsten Kukuk2009-07-21
| | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2009-07-21 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Delete new token if it does not match strength criteria.