2005-11-23 Thorsten Kukuk * modules/pam_xauth/pam_xauth.c (pam_sm_open_session): Introduce new variable to fix compiler warning. * libpam/pam_modutil_getlogin.c (pam_modutil_getlogin): PAM_TTY don't need to start with /dev/. 2005-11-21 Thorsten Kukuk * release version 0.99.2.0 * libpam_misc/Makefile.am: Increase release number (for change from 2005-11-09) * NEWS: Adjust for 0.99.2.0 2005-11-17 Thorsten Kukuk * libpam/include/security/_pam_compat.h: Fix wrong #ifdef nesting. Redefine PAM_CHANGE_EXPIRED_AUTHTOK [#604380] 2005-11-16 Thorsten Kukuk * libpam/pam_handlers.c: Replace code for all dlopen variants with a generic wrapper. * libpam/pam_dynamic.c: Implement generic wrapper for dlopen. * libpam/pam_dynamic.h: Provide prototypes. For Mac OS X support [#534205] 2005-11-09 Tomas Mraz * modules/pam_access/pam_access.c (pam_sm_acct_mgmt): Parse correctly full path tty name. * modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Parse correctly full path tty name. Allow unset tty. (logic_member): Allow matching ':' in tty name. * modules/pam_group/pam_group.c (pam_sm_acct_mgmt): Parse correctly full path tty name. Allow unset tty. (logic_member): Allow matching ':' in tty name. * libpam_misc/misc_conv.c (read_string): Read only up to EOL if stdin is not terminal. 2005-11-07 Thorsten Kukuk * modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Use correct variable names. 2005-11-06 Steve Langasek * modules/pam_env/pam_env.c: don't treat a missing /etc/environment as a fatal error when attempting to read it, and try to read this file by default; this restores the behavior from Linux-PAM 0.76. 2005-11-02 Tomas Mraz * modules/pam_unix/support.c (_unix_getpwnam): Fix typo [#1224807] by ohyajapn. * modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Change the logic when comparing dates to handle corner cases better [#1245888]. 2005-10-31 Thorsten Kukuk * modules/pam_filter/pam_filter.c: Use XCASE only if defined [#624214] 2005-10-27 Thorsten Kukuk * doc/man/pam.8: Fix wording for authentication chapter [#1197444] 2005-10-26 Tomas Mraz * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary), modules/pam_unix/pam_unix_passwd.c (_unix_run_shadow_binary), modules/pam_unix/support.c (_unix_run_shadow_binary_): Set real uid to 0 before executing the helper if SELinux is enabled. * modules/pam_unix/unix_chkpwd.c (main): Disable user check only if real uid is 0 (CVE-2005-2977). Log failed password check attempt. 2005-10-20 Tomas Mraz * configure.in: Added check for xauth binary and --with-xauth option. * config.h.in: Added configurable PAM_PATH_XAUTH. * modules/pam_xauth/README, modules/pam_xauth/pam_xauth.8: Document where xauth is looked for. * modules/pam_xauth/pam_xauth.c (pam_sm_open_session): Implement searching xauth binary on multiple places. (run_coprocess): Don't use execvp as it can be a security risk. 2005-10-04 Steve Langasek * libpam/include/security/pam_malloc.h, libpam/include/security/pam_modules.h: Declare public header files extern "C" so that they are C++-safe. 2005-10-02 Dmitry V. Levin Steve Langasek Cleanup gratuitous use of strdup(). Fix "missing argument" checks. * modules/pam_env/pam_env.c (_pam_parse): Add const qualifier to conffile and envfile arguments. Do not use x_strdup() for conffile and envfile initialization. Fix "missing argument" checks. (_parse_config_file): Take conffile argument of type "const char *" instead of "char **". Do not free conffile. (_parse_env_file): Take env_file argument of type "const char *" instead of "char **". Do not free env_file. (pam_sm_setcred): Add const qualifier to conf_file and env_file. Pass conf_file and env_file to _parse_config_file() and _parse_env_file() by value. (pam_sm_open_session): Likewise. * modules/pam_ftp/pam_ftp.c (_pam_parse): Add const qualifier to users argument. Do not use x_strdup() for users initialization. (lookup): Add const qualifier to list argument. (pam_sm_authenticate): Add const qualifier to users argument. * modules/pam_mail/pam_mail.c (_pam_parse): Add const qualifier to maildir argument. Do not use x_strdup() for maildir initialization. Fix "missing argument" check. (get_folder): Take path_mail argument of type "const char *" instead of "char **". Do not free path_mail. (_do_mail): Add const qualifier to path_mail argument. Pass path_mail to get_folder() by value. * modules/pam_motd/pam_motd.c: Include . (pam_sm_open_session): Add const qualifier to motd_path. Do not use x_strdup() for motd_path initialization. Do not free motd_path. Fix "missing argument" check. Add "unknown option" warning. * modules/pam_userdb/pam_userdb.c (_pam_parse): Add const qualifier to database and cryptmode arguments. Fix "missing argument" checks. (pam_sm_authenticate): Add const qualifier to database and cryptmode. (pam_sm_acct_mgmt): Likewise. 2005-10-01 Steve Langasek * modules/pam_userdb/pam_userdb.c: spelling fix in log message. 2005-09-30 Steve Langasek * modules/pam_userdb/pam_userdb.c: Fix memory leak due to gratuitous use of strdup(). 2005-09-27 Thorsten Kukuk * release 0.99.1.0 * doc/specs/Makefile.am (install-data-local): Install rfc and draft. (all): Copy rfc if we build outside of source directory. 2005-09-27 Thorsten Kukuk * NEWS: Document removal of pam_radius. * autogen.sh: Make configure script executeable. * conv/pam_conv1/Makefile (EXTRA_DIST): Removed lex.yy.c (lex.yy.c): Fixed out of tree build. * conv/pam_conv1/pam_conv.y: Fix main prototype. * README: Adjust. * po/POTFILES.in: Remove files not distributed by tar archive and not containing strings for translation. 2005-09-26 Tomas Mraz * NEWS: Add a few missing entries from CHANGELOG. * AUTHORS: Fixed entries for Toady and me. * Makefile.am (M4_FILES): Fixed out of tree build. * doc/specs/Makefile.am (EXTRA_DIST): Removed lex.yy.c (spec, lex.yy.c): Fixed out of tree build. * modules/pam_userdb/README: Document try_first_pass and use_first_pass options, remove use_authtok option. 2005-09-26 Dmitry V. Levin * NEWS: Mention changes in pam_lastlog. 2005-09-26 Thorsten Kukuk * NEWS: New file. * autogen.sh: Don't generate NEWS file. * CHANGELOG: Document it as obsolete. 2005-09-26 Tomas Mraz * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): _log_err() -> pam_syslog() (pam_sm_acct_mgmt): _log_err() -> pam_syslog(), fix warning. * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): _log_err() -> pam_syslog() * modules/pam_unix/pam_unix_passwd.c: removed obsolete ifdef (getNISserver, _unix_run_shadow_binary, _update_passwd, _update_shadow, _do_setpass, _pam_unix_approve_pass, pam_sm_chauthtok): _log_err() -> pam_syslog() * modules/pam_unix/pam_unix_sess.c: removed obsolete ifdef (pam_sm_open_session, pam_sm_close_session): _log_err() -> pam_syslog() * modules/pam_unix/support.c (_log_err, converse): removed (_make_remark): use pam_prompt() instead of converse() (_set_ctrl, _cleanup_failures, _unix_run_helper_binary, _unix_verify_password, _unix_read_password): _log_err() -> pam_syslog() _cleanup(), _unix_cleanup(): Silence unused param warnings. (_cleanup_failures, _unix_verify_password, _unix_getpwnam, _unix_run_helper_binary): Silence incorrect type warnings. (_unix_read_password): Use multiple pam_prompt() and pam_info() calls instead of converse(). * modules/pam_unix/support.h (_log_err): removed * modules/pam_unix/unix_chkpwd.c (_log_err): LOG_AUTH -> LOG_AUTHPRIV 2005-09-26 Thorsten Kukuk * configure.in: Add doc/specs/Makefile. * Makefile.am: Add releasedocs rule. * doc/Makefile.am: Add specs subdir, remove files from specs directory, add rfc86.0.txt to releasedocs. * doc/specs/Makefile.am: New file. * doc/specs/formatter/parse.y: move from here ... * doc/specs/parse.y: ... here. * doc/specs/formatter/parse.lex: move from here ... * doc/specs/parse.lex: ... here. * modules/pam_mail/pam_mail.c: Mark missing strings for translation * po/Linux-PAM.pot: Add new strings from pam_mail * po/cs.po: Likewise. * po/de.po: Likewise. * po/es.po: Likewise. * po/fi.po: Likewise. * po/fr.po: Likewise. * po/hu.po: Likewise. * po/it.po: Likewise. * po/ja.po: Likewise. * po/nb.po: Likewise. * po/pa.po: Likewise. * po/pl.po: Likewise. * po/pt.po: Likewise. * po/pt_BR.po: Likewise. * po/zh_CN.po: Likewise. * po/zh_TW.po: Likewise. 2005-09-23 Tomas Mraz * modules/pam_access/pam_access.c (from_match): Support NULL from. (string_match): Support NULL string, add NONE keyword matching it. (pam_sm_acct_mgmt): Don't fail when ttyname returns NULL. * modules/pam_access/access.conf: NONE keyword description * modules/pam_access/README: NONE keyword description 2005-09-22 Dmitry V. Levin * modules/pam_xauth/pam_xauth.c: (check_acl, pam_sm_open_session, pam_sm_close_session): Strip redundant "pam_xauth: " prefix from text of log messages. (pam_sm_open_session): Replace sequence of malloc(), strcpy() and strcat() calls with asprintf(). Replace syslog() calls with pam_syslog(). * modules/pam_nologin/pam_nologin.c (parse_args): Use strncmp() instead of memcmp() for string comparison. 2005-09-21 Dmitry V. Levin * modules/pam_nologin/pam_nologin.c: Include . (parse_args): Add pam_handle_t* argument. Log unrecognized options. (perform_check): Log pam_get_user() and malloc() failures. (pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt): Pass pam_handle_t* to parse_args(). * modules/pam_mail/pam_mail.c: Include . Remove YOUR_MAIL_VERBOSE_FORMAT, YOUR_MAIL_STANDARD_FORMAT and NO_MAIL_STANDARD_FORMAT macros. (parse_args, get_folder): Cleanup error messages. (get_folder): Fix leak of the path_mail variable in case of pam_get_user() failure. Cleanup memory management. (get_mail_status): Add pam_handle_t* argument. Fix leaks of namelist variable. Cleanup memory management. Log memory allocation failures. Remove 250-byte limit on Maildir pathname. (report_mail): Mark text messages for translation. (_do_mail): Cleanup memory management. Pass pam_handle_t* to get_mail_status(). * po/Linux-PAM.pot: Update with new strings from pam_mail for translation. * po/cs.po: Likewise. * po/de.po: Likewise. * po/es.po: Likewise. * po/fi.po: Likewise. * po/fr.po: Likewise. * po/hu.po: Likewise. * po/it.po: Likewise. * po/ja.po: Likewise. * po/nb.po: Likewise. * po/pa.po: Likewise. * po/pl.po: Likewise. * po/pt.po: Likewise. * po/pt_BR.po: Likewise. * po/zh_CN.po: Likewise. * po/zh_TW.po: Likewise. 2005-09-20 Thorsten Kukuk * configure.in: Add finish translation. * po/fi.po: New. * acinclude.m4: remove libprelude macros. * m4/libprelude.m4: New. * Makefile.am (EXTRA_DIST): make sure we include all m4 macros. * libpamc/Makefile.am (EXTRA_DIST): Add License. See CHANGELOG for earlier changes.