| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-02-04 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/Makefile.am: Add pam_sepermit.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfixes
Commit summary:
---------------
2008-02-04 Thorsten Kukuk <kukuk@thkukuk.de>
* libpam/pam_static_modules.h: Add _pam_sepermit_modstruct.
* modules/pam_sepermit/pam_sepermit.c: Fix typo.
* README: Add --disable-pie to configure options for static library.
* doc/man/Makefile.am: Fix building outside of src directory.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-02-01 Tomas Mraz <t8m@centrum.cz>
* modules/pam_namespace/namespace.conf.5.xml: Add documentation for
tmpfs and tmpdir polyinst and for ~ user list modifier.
* modules/pam_namespace/namespace.init: Add documentation for the
new init parameter. Add home directory initialization script.
* modules/pam_namespace/pam_namespace.8.xml: Document the new
init parameter of the namespace.init script.
* modules/pam_namespace/pam_namespace.c(copy_ent): Copy exclusive flag.
(cleanup_data): New function.
(process_line): Set exclusive flag. Add tmpfs and tmpdir methods.
(ns_override): Change behavior on the exclusive flag.
(poly_name): Process tmpfs and tmpdir methods.
(inst_init): Add flag for new directory initialization.
(create_dirs): Process the tmpdir method, add the new directory
flag.
(ns_setup): Remove unused code. Process the tmpfs method.
(cleanup_tmpdirs): New function.
(setup_namespace): Set data for proper cleanup. Cleanup the tmpdirs
on failures.
(pam_sm_close_session): Instead of parsing the config file again use
the previously set data for cleanup.
* modules/pam_namespace/pam_namespace.h: Add TMPFS and TMPDIR methods
and exclusive flag.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-01-29 Tomas Mraz <t8m@centrum.cz>
* configure.in: Test for setkeycreatecon needs libselinux.
Add new module pam_sepermit.
* modules/Makefile.am: Add new module pam_sepermit.
* modules/pam_sepermit/.cvsignore: New file.
* modules/pam_sepermit/Makefile.am: Likewise.
* modules/pam_sepermit/README.xml: Likewise.
* modules/pam_sepermit/pam_sepermit.8.xml: Likewise.
* modules/pam_sepermit/pam_sepermit.c: Likewise.
* modules/pam_sepermit/sepermit.conf: Likewise.
* modules/pam_sepermit/tst-pam_sepermit: Likewise.
* doc/sag/pam_sepermit.xml: Likewise.
* doc/sag/pam_tty_audit.xml: Add pam_tty_audit to SAG.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-01-29 Miloslav Trmac <mitr@redhat.com>
* modules/pam_tty_audit/README.xml: Add notes section.
* modules/pam_tty_audit/pam_tty_audit.8.xml: Describe patterns
support and open_only option. Add notes.
* modules/pam_tty_audit/pam_tty_audit.c(pam_sm_open_session): Add
support for pattern matching and the open_only option.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-01-28 Thorsten Kukuk <kukuk@suse.de>
* modules/pam_unix/passverify.c: Fix compiling without SELinux
support.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-01-24 Tomas Mraz <t8m@centrum.cz>
* modules/pam_unix/bigcrypt.c (bigcrypt): Use crypt_r() when
available.
* modules/pam_unix/passverify.c (strip_hpux_aging): New function
to strip HP/UX aging info from password hash.
(verify_pwd_hash): Call strip_hpux_aging(), use crypt_r() when
available.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup, new feature
Commit summary:
---------------
Merging the the refactorization pam_unix_ref branch into the trunk.
Added support for sha256 and sha512 password hashes to pam_unix
when the libcrypt supports them.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bigfix
Commit summary:
---------------
2008-01-08 Thorsten Kukuk <kukuk@thkukuk.de>
* doc/man/Makefile.am: Fix manual page dependencies,
add hack for bug in xsl stylestheets.
2008-01-02 Petteri Räty <betelgeuse@gentoo.org>
* modules/pam_limits/limits.conf: document allowed values for
nice.
* modules/pam_limits/limits.conf.5.xml: Likewise.
and readd files wrongly deleted before.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
Remove autogenerated documentation from CVS
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-01-07 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_succeed_if/pam_succeed_if.8.xml: Fix
cut & paste error [#1863490].
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2008-01-07 Thorsten Kukuk <kukuk@thkukuk.de>
* po/it.po: Fix typos.
* po/de.po: Few new translations.
* po/POTFILES.in: Add pam_tty_audit.c and passverify.c.
* doc/man/pam_xauth_data.3.xml: Added to CVS.
* doc/man/pam_xauth_data.3: Likewise.
* modules/pam_tty_audit/README: Likewise.
* modules/pam_tty_audit/pam_tty_audit.8: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature and cleanup
Commit summary:
---------------
2007-12-07 Tomas Mraz <t8m@centrum.cz>
* libpam/libpam.map: Add LIBPAM_MODUTIL_1.1 version.
* libpam/pam_audit.c: Add _pam_audit_open() and
pam_modutil_audit_write().
(_pam_auditlog): Call _pam_audit_open().
* libpam/include/security/pam_modutil.h: Add pam_modutil_audit_write().
* modules/pam_access/pam_access.8.xml: Add noaudit option.
Document auditing.
* modules/pam_access/pam_access.c: Move fs, sep, pam_access_debug, and
only_new_group_syntax variables to struct login_info. Add noaudit
member.
(_parse_args): Adjust for the move of variables and add support for
noaudit option.
(group_match): Add debug parameter.
(string_match): Likewise.
(network_netmask_match): Likewise.
(login_access): Adjust for the move of variables. Add nonall_match.
Add call to pam_modutil_audit_write().
(list_match): Adjust for the move of variables.
(user_match): Likewise.
(from_match): Likewise.
(pam_sm_authenticate): Call _parse_args() earlier.
* modules/pam_limits/pam_limits.8.xml: Add noaudit option.
Document auditing.
* modules/pam_limits/pam_limits.c (_pam_parse): Add noaudit option.
(setup_limits): Call pam_modutil_audit_write().
* modules/pam_time/pam_time.8.xml: Add debug and noaudit options.
Document auditing.
* modules/pam_time/pam_time.c: Add option parsing (_pam_parse()).
(check_account): Call _pam_parse(). Call pam_modutil_audit_write()
and pam_syslog() on login denials.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2007-12-05 Tomas Mraz <t8m@centrum.cz>
* modules/pam_tty_audit/pam_tty_audit.8.xml: Fix example.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2007-12-05 Miloslav Trmac <mitr@redhat.com>
* configure.in: Add test for audit_tty_status struct. Add
pam_tty_audit module.
* libpam/pam_static_modules.h: Add pam_tty_audit module.
* modules/pam_tty_audit/Makefile.am: New file.
* modules/pam_tty_audit/README.xml: Likewise.
* modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise.
* modules/pam_tty_audit/pam_tty_audit.c: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2007-12-05 Tomas Mraz <t8m@centrum.cz>
* modules/pam_unix/Makefile.am: Add passverify.h and passverify.c
as first part of pam_unix refactorization.
* modules/pam_unix/pam_unix/pam_unix_acct.c: Include passverify.h.
* modules/pam_unix/pam_unix_passwd.c: Likewise.
* modules/pam_unix/passverify.c: New file with common functions.
* modules/pam_unix/passverify.h: Prototypes for the common functions.
* modules/pam_unix/support.c: Include passverify.h, move
_unix_shadowed() to passverify.c.
(_unix_verify_password): Refactor out verify_pwd_hash() function.
* modules/pam_unix/support.h: Move _unix_shadowed() prototype to
passverify.h
* modules/pam_unix/unix_chkpwd.c: Use _unix_shadowed() and
verify_pwd_hash() from passverify.c.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2007-11-20 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/Makefile.am (unix_chkpwd_LDADD): Don't link
unix_chkpwd unnecessary against libpam (#1822779).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Don't link pam_tally application against libpam, if linked static,
libpam is not yet available.
2007-11-20 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_tally/pam_tally.c (tally_log): Map
pam_modutil_getpwnam to getpwnam if we don't compile
as module.
* modules/pam_tally/Makefile.am: Don't link pam_tally_app
against libpam (#1822779).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2007-11-06 Thorsten Kukuk <kukuk@thkukuk.de>
* xtests/tst-pam_group1.c: Include stdlib.h
* xtests/tst-pam_succeed_if1.c: Likewise.
* xtests/tst-pam_limits1.c: Likewise.
* xtests/tst-pam_access1.c: Likewise.
* xtests/tst-pam_access2.c: Likewise.
* xtests/tst-pam_access3.c: Likewise.
* xtests/tst-pam_access4.c: Likewise.
* xtests/tst-pam_unix1.c: Likewise.
* xtests/tst-pam_unix2.c: Likewise.
* xtests/tst-pam_unix3.c: Likewise.
* xtests/tst-pam_cracklib1.c: Likewise.
* xtests/tst-pam_cracklib2.c: Likewise.
2007-10-30 Peter Breitenlohner <peb@mppmu.mpg.de>
* modules/pam_rhosts/pam_rhosts_auth.c (__icheckhost): Correct
misplaced parenthesis.
* modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Prevent use of
dngettext() when NLS is disabled.
* modules/pam_exec/pam_exec.c (call_exec): Avoid gcc warning.
* doc/specs/parse_y.y (set_label, new_counter): Break trigraphs to
avoid gcc warning.
* modules/pam_wheel/pam_wheel.c: Remove excessive initializer
elements.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2007-11-01 Peter Breitenlohner <peb@mppmu.mpg.de>
* doc/man/pam_conv.3.xml: Correct typo.
2007-10-30 Peter Breitenlohner <peb@mppmu.mpg.de>
* modules/pam_cracklib/pam_cracklib.8.xml: Correct typo.
* modules/pam_limits/limits.conf.5.xml: Likewise.
* modules/pam_listfile/pam_listfile.8.xml: Likewise.
* modules/pam_xauth/pam_xauth.8.xml: Likewise.
* modules/pam_deny/pam_deny.8.xml: Correct spelling.
* modules/pam_group/pam_group.8.xml: Likewise.
* modules/pam_permit/pam_permit.8.xml: Likewise.
* modules/pam_shells/pam_shells.8.xml: Likewise.
* modules/pam_time/pam_time.8.xml: Likewise.
* modules/pam_warn/pam_warn.8.xml: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2007-11-06 Thorsten Kukuk <kukuk@thkukuk.de>
* libpam/pam_static_modules.h: Fix name of pam_namespace variable.
2007-10-30 Peter Breitenlohner <peb@mppmu.mpg.de>
* tests/tst-dlopen.c: Return 77 in case of static modules, such that
all modules/pam_*/tst-pam_* tests yield SKIP instead of FAIL.
* libpam/Makefile.am (libpam_la_LIBADD): Use "$(shell ls ...)" instead
of "`ls ...`", to allow for static modules.
* libpam/pam_static_modules.h: Make pam_keyinit module depend on
HAVE_KEY_MANAGEMENT; correct name of pam_faildelay pam_module struct.
* modules/pam_faildelay/pam_faildelay.c: Correct name of pam_module
struct.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2007-10-25 Steve Langasek <vorlon@debian.org>
* modules/pam_tally/pam_tally.c: fix the definition of OPT_AUDIT
to be octal instead of decimal, so that it works properly in a
bit field instead of forcing the "even_deny_root_account" and
"no_reset" options to on.
Patch from Corey Wright <undefined@pobox.com>.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2007-10-09 Tomas Mraz <t8m@centrum.cz>
* modules/pam_tally/pam_tally.8.xml: Document audit option
correctly.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2007-10-08 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_time/pam_time.c (is_same): Length of strings without
wildcard needs to be the same.
* modules/pam_group/pam_group.c (is_same): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2007-10-01 Thorsten Kukuk <kukuk@thkukuk.de>
* xtests/tst-pam_group1.c: New test case for user compare in pam_group.
* xtests/tst-pam_group1.sh: Script to run test case.
* xtests/tst-pam_group1.pamd: Config for test case.
* xtests/Makefile.am: Add tst-pam_group1 test case.
* xtests/run-xtests.sh: Save/restore group.conf.
* xtests/group.conf: New.
* modules/pam_xauth/pam_xauth.c (pam_sm_open_session): Don't
free arguments used for putenv().
* doc/man/pam_putenv.3.xml: Document that application has to free
the memory.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2007-09-27 Tomas Mraz <t8m@centrum.cz>
* modules/pam_succeed_if/pam_succeed_if.c (evaluate_inlist): Fix in
operator rhbz #295151.
* modules/pam_namespace/pam_namespace.c (poly_name): Do not try to
get context when SELinux is disabled rhbz #306901.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: testcase
Commit summary:
---------------
2007-09-27 Thorsten Kukuk <kukuk@thkukuk.de>
* xtests/tst-pam_succeed_if1.c: New test case for
https://bugzilla.redhat.com/show_bug.cgi?id=295151
* xtests/tst-pam_succeed_if1.sh: Script to run test case.
* xtests/tst-pam_succeed_if1.pamd: Config for test case.
* xtests/Makefile.am: Add tst-pam_succeed_if1 test case.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix/cleanup
Commit summary:
---------------
2007-09-03 Steve Langasek <vorlon@debian.org>
* modules/pam_limits/pam_limits.c: remove a number of unnecessary
string manipulations, including a strncpy() that was acting on
overlapping memory.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2007-09-02 Thorsten Kukuk <kukuk@thkukuk.de>
* examples/Makefile.am: Fix usage of LIBADD, LDADD and LDFLAGS.
* libpam/Makefile.am: Likewise.
* modules/pam_access/Makefile.am: Likewise.
* modules/pam_cracklib/Makefile.am: Likewise.
* modules/pam_debug/Makefile.am: Likewise.
* modules/pam_deny/Makefile.am: Likewise.
* modules/pam_echo/Makefile.am: Likewise.
* modules/pam_env/Makefile.am: Likewise.
* modules/pam_exec/Makefile.am: Likewise.
* modules/pam_faildelay/Makefile.am: Likewise.
* modules/pam_filter/Makefile.am: Likewise.
* modules/pam_filter/upperLOWER/Makefile.am: Likewise.
* modules/pam_ftp/Makefile.am: Likewise.
* modules/pam_group/Makefile.am: Likewise.
* modules/pam_issue/Makefile.am: Likewise.
* modules/pam_keyinit/Makefile.am: Likewise.
* modules/pam_lastlog/Makefile.am: Likewise.
* modules/pam_limits/Makefile.am: Likewise.
* modules/pam_listfile/Makefile.am: Likewise.
* modules/pam_localuser/Makefile.am: Likewise.
* modules/pam_loginuid/Makefile.am: Likewise.
* modules/pam_mail/Makefile.am: Likewise.
* modules/pam_mkhomedir/Makefile.am: Likewise.
* modules/pam_motd/Makefile.am: Likewise.
* modules/pam_namespace/Makefile.am: Likewise.
* modules/pam_nologin/Makefile.am: Likewise.
* modules/pam_permit/Makefile.am: Likewise.
* modules/pam_rhosts/Makefile.am: Likewise.
* modules/pam_rootok/Makefile.am: Likewise.
* modules/pam_securetty/Makefile.am: Likewise.
* modules/pam_selinux/Makefile.am: Likewise.
* modules/pam_shells/Makefile.am: Likewise.
* modules/pam_stress/Makefile.am: Likewise.
* modules/pam_succeed_if/Makefile.am: Likewise.
* modules/pam_tally/Makefile.am: Likewise.
* modules/pam_time/Makefile.am: Likewise.
* modules/pam_umask/Makefile.am: Likewise.
* modules/pam_unix/Makefile.am: Likewise.
* tests/Makefile.am: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2007-08-31 Steve Langasek <vorlon@debian.org>
* modules/pam_group/group.conf: don't use "games" as an example
group, on some distros this is a pre-existing group that it would
be a security hole to give users access to.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2007-08-30 Steve Langasek <vorlon@debian.org>
* modules/pam_unix/support.c, modules/pam_unix/unix_chkpwd.c:
A wrong username doesn't need to be logged at LOG_ALERT;
LOG_WARNING should be sufficient.
Patch from Sam Hartman <hartmans@debian.org>.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: documentation fix
Commit summary:
---------------
2007-08-30 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_limits/limits.conf.5.xml: Document that maxlogins
is ignored for users with UID 0.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2007-08-30 Steve Langasek <vorlon@debian.org>
* modules/pam_cracklib/pam_cracklib.c:
s/CRACKLIB_DICT/CRACKLIB_DICTS/, for consistency with existing
#define in pam_unix
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2007-08-29 Steve Langasek <vorlon@debian.org>
* modules/pam_listfile/pam_listfile.c, modules/pam_listfile/README,
modules/pam_listfile/pam_listfile.8,
modules/pam_listfile/pam_listfile.8.xml: add a 'quiet' option to
avoid logging errors any time a user is refused service by this
module.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2007-08-29 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_rhosts/pam_rhosts_auth.c: buflen needs to be size_t.
(__icheckhost): Cast to int32_t to fix limited range error.
* modules/pam_cracklib/pam_cracklib.c: Mark cracklib_dictpath
as const.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2007-08-29 Steve Langasek <vorlon@debian.org>
* modules/pam_rhosts/pam_rhosts_auth.c: getline returns -1 at
EOF, not 0. Check accordingly to fix an infinite loop. Thanks
to Stephan Springl <springl-rhosts@bfw-online.de> for catching
this.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2007-08-28 Steve Langasek <vorlon@debian.org>
* configure.in: call AC_CHECK_HEADERS instead of AC_CHECK_HEADER
for crack.h, so we get a HAVE_CRACK_H define.
* modules/pam_cracklib/pam_cracklib.c: don't copy around the
cracklib dictpath into a fixed-width buffer, when we can just
point at the existing strings; and allow users to override the
default cracklib path with -DCRACKLIB_DICT, required for
compatibility with cracklib 2.7.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: portability
Commit summary:
---------------
2007-08-27 Steve Langasek <vorlon@debian.org>
* modules/pam_limits/pam_limits.c: when building on non-Linux
systems, give a warning only, not an error; no one seems to
remember why this error was here in the first place, but leave
something in that might still grab the attention of non-Linux
users.
Patch from Michal Suchanek <hramrach_l@centrum.cz>.
* configure.in, modules/pam_rhosts/pam_rhosts_auth.c: check for
the presence of net/if.h before using, required for Hurd
compatibility.
Patch from Igor Khavkine <i_khavki@alcor.concordia.ca>.
* modules/pam_limits/pam_limits.c: conditionalize the use of
RLIMIT_AS, which is not present on the Hurd.
Patch from Igor Khavkine <i_khavki@alcor.concordia.ca>.
* modules/pam_rhosts/pam_rhosts_auth.c: use getline() instead of
a static buffer when available; fixes the build on systems
without MAXHOSTNAMELEN (i.e., the Hurd).
* modules/pam_xauth/pam_xauth.c: make sure PATH_MAX is defined
before using it.
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2007-08-15 Tomas Mraz <t8m@centrum.cz>
* modules/pam_access/pam_access.c (list_match): Add explicit
sptr argument for strtok_r, otherwise the code is not portable.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix/new feature
Commit summary:
---------------
2007-07-10 Thorsten Kukuk <kukuk@thkukuk.de>
* configure.in: Add --with-db-uniquename option to support
db libraries and functions with unique name extension.
Patch from Diego 'Flameeyes' Pettenò <flameeyes@gmail.com>.
* modules/pam_limits/pam_limits.c: Include locale.h.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix, release
Commit summary:
---------------
2007-07-06 Thorsten Kukuk <kukuk@thkukuk.de>
* release version 0.99.8.0
* configure.in: Check for audit_log_acct_message instead of
audit_log_user_message.
* libpam/pam_audit.c: Use audit_log_acct_message.
Based on patch from Mark J Cox <mjc@redhat.com>.
* libpam/Makefile.am: Bump version number of libpam.
* modules/pam_umask/pam_umask.c (set_umask): mode_t is 32bit,
not 64bit.
* xtests/tst-pam_limits1.c: Fix printf arguments.
* po/*.po: Merge po files with latest code changes.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2007-06-26 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_limits/pam_limits.c (process_limit): Check upper and
lower limit of nice value, fix off-by-one in conversation to rlim_t.
* xtests/Makefile.am: Add new pam_limits test case.
* xtests/limits.conf: New, config file for test case.
* xtests/pam_limits1.c: New, test case for RLIMIT_NICE.
* xtests/pam_limits1.sh: Likewise.
* xtests/pam_limits1.pamd: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2007-06-25 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_access/pam_access.c (list_match): Use saveptr of strtok_r
result for recursive calls.
* xtests/Makefile.am: Add new pam_access test cases.
* xtests/pam_access1.c: New test case.
* xtests/pam_access2.c: Likewise.
* xtests/pam_access3.c: Likewise.
* xtests/pam_access4.c: Likewise.
* xtests/pam_access1.sh: Wrapper to create user accounts.
* xtests/pam_access2.sh: Likewise.
* xtests/pam_access3.sh: Likewise.
* xtests/pam_access4.sh: Likewise.
* xtests/pam_access1.pamd: PAM config file for pam_access tests.
* xtests/pam_access2.pamd: Likewise.
* xtests/pam_access3.pamd: Likewise.
* xtests/pam_access4.pamd: Likewise.
* xtests/access.conf: Config file for pam_access tests.
* xtests/run-tests.sh: Install access.conf into system.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2007-06-22 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_loginuid/pam_loginuid.c (set_loginuid): Print
better error message if /proc/self/loginuid cannot be opened.
* modules/pam_limits/pam_limits.c (process_limit): Check for
variable overflow after multiplication [bnc#283001].
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2007-06-22 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_access/pam_access.c: Add new syntax for groups
in access.conf to differentiate group names from account names.
Based on patch from Julien Lecomte <julien@famille-lecomte.net>,
solves feature request [#411390].
* modules/pam_access/access.conf: Add example for new group
syntax.
* modules/pam_access/access.conf.5.xml: Document new syntax.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new features
Commit summary:
---------------
2007-06-20 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_cracklib/pam_cracklib.8.xml: Document new minclass
option.
* modules/pam_cracklib/pam_cracklib.c: Add support for minimum
character classes [#1688777]. Based on patch from Keith Schincke.
* xtests/tst-pam_cracklib2.c: New, test case for minclass option.
* xtests/tst-pam_cracklib2.pamd: New, PAM config file for test case.
* xtests/Makefile.am: Add new testcase.
* xtests/pam_cracklib.c: Fix comment what this application tests.
* configure.in: Use /lib64 on x86-64, ppc64, s390x, sparc64
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2007-06-15 Tomas Mraz <t8m@centrum.cz>
* modules/pam_selinux/pam_selinux.8.xml: Remove multiple option,
add select_context and use_current_range options.
* modules/pam_selinux/pam_selinux.c (send_audit_message): Added
function for auditing role/level changes.
(query_response): Add default response.
(select_context): Removed.
(manual_context): Query only role and level.
(mls_range_allowed): Added function for range check.
(config_context): Added function for role and level override.
(pam_sm_open_session): Remove multiple option, add select_context
and use_current_range_options. Use getseuserbyname to obtain
SELinux user and level. Audit role/level changes. Call setkeycreatecon
to assign key creation context. Don't fail on errors when SELinux
is not in enforcing mode.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix, new feature
Commit summary:
---------------
2007-06-15 Tomas Mraz <t8m@centrum.cz>
* modules/pam_namespace/README.xml: Avoid duplication of
documentation.
* modules/pam_namespace/namespace.conf: More real life example
from MLS support.
* modules/pam_namespace/namespace.conf.5.xml: Likewise plus
properly describe how instance directory names are formed.
* modules/pam_namespace/namespace.init: Preserve euid when
called from setuid apps (su, newrole).
* modules/pam_namespace/pam_namespace.8.xml: Added option
no_unmount_on_close.
* modules/pam_namespace/pam_namespace.c (process_line): Polyinst
methods are now user, level and context. Fix crash on unknown
override user in config file.
(ns_override): Add explicit uid parameter.
(form_context): Skip for user method. Implement level based
polyinstantiation.
(poly_name): Initialize contexts. Add level based polyinst,
remove 'both' metod. Use raw contexts for instance names,
truncate long instance names and add hash.
(ns_setup): Hashing moved to poly_name().
(setup_namespace): Handle correctly override users for
su (when unmnt_remnt is used).
(pam_sm_close_session): Added no_unmount_on_close option.
* modules/pam_namespace/pam_namespace.h: Added
no_unmount_on_close_option, level method, limit on instance
directory name length.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: documentation fix
Commit summary:
---------------
2007-04-30 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_limits/limits.conf: Address space limit is KB.
* modules/pam_limits/limits.conf.5.xml: Likewise.
Reported by Thomas Vander Stichele <thomas@apestaart.org>.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2007-04-30 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_mail/pam_mail.c (_do_mail): Remove duplicate
check for PAM_SILENT and don't bail out if it is set [#1706247].
|
