2007-08-31 Steve Langasek * modules/pam_group/group.conf: don't use "games" as an example group, on some distros this is a pre-existing group that it would be a security hole to give users access to. 2007-08-30 Thorsten Kukuk * modules/pam_limits/limits.conf.5.xml: Document that maxlogins is ignored for users with UID 0. 2007-08-30 Steve Langasek * modules/pam_unix/support.c, modules/pam_unix/unix_chkpwd.c: A wrong username doesn't need to be logged at LOG_ALERT; LOG_WARNING should be sufficient. Patch from Sam Hartman . * modules/pam_cracklib/pam_cracklib.c: s/CRACKLIB_DICT/CRACKLIB_DICTS/, for consistency with existing #define in pam_unix 2007-08-29 Steve Langasek * libpam/pam_modutil_getgrgid.c, libpam/pam_modutil_getgrnam.c, libpam/pam_modutil_getpwnam.c, libpam/pam_modutil_getpwuid.c, libpam/pam_modutil_getspnam.c: don't use pthread mutexes in libpam unnecessarily; this avoids linking problems on non-Linux platforms. * modules/pam_listfile/pam_listfile.c, modules/pam_listfile/README, modules/pam_listfile/pam_listfile.8, modules/pam_listfile/pam_listfile.8.xml: add a 'quiet' option to avoid logging errors any time a user is refused service by this module. 2007-08-29 Thorsten Kukuk * modules/pam_rhosts/pam_rhosts_auth.c: buflen needs to be size_t. (__icheckhost): Cast to int32_t to fix limited range error. * modules/pam_cracklib/pam_cracklib.c: Mark cracklib_dictpath as const. 2007-08-29 Steve Langasek * modules/pam_rhosts/pam_rhosts_auth.c: getline returns -1 at EOF, not 0. Check accordingly to fix an infinite loop. Thanks to Stephan Springl for catching this. 2007-08-28 Steve Langasek * configure.in: call AC_CHECK_HEADERS instead of AC_CHECK_HEADER for crack.h, so we get a HAVE_CRACK_H define. * modules/pam_cracklib/pam_cracklib.c: don't copy around the cracklib dictpath into a fixed-width buffer, when we can just point at the existing strings; and allow users to override the default cracklib path with -DCRACKLIB_DICT, required for compatibility with cracklib 2.7. 2007-08-27 Steve Langasek * modules/pam_limits/pam_limits.c: when building on non-Linux systems, give a warning only, not an error; no one seems to remember why this error was here in the first place, but leave something in that might still grab the attention of non-Linux users. Patch from Michal Suchanek . * configure.in, modules/pam_rhosts/pam_rhosts_auth.c: check for the presence of net/if.h before using, required for Hurd compatibility. Patch from Igor Khavkine . * modules/pam_limits/pam_limits.c: conditionalize the use of RLIMIT_AS, which is not present on the Hurd. Patch from Igor Khavkine . * modules/pam_rhosts/pam_rhosts_auth.c: use getline() instead of a static buffer when available; fixes the build on systems without MAXHOSTNAMELEN (i.e., the Hurd). * modules/pam_xauth/pam_xauth.c: make sure PATH_MAX is defined before using it. 2007-08-26 Andrew Morgan * doc/man/pam.conf-syntax.xml Minor fixes: '\[' -> '\]'. 2007-08-25 Steve Langasek * doc/man/pam.conf-syntax.xml, doc/man/pam.conf.5: Document "new" control options conv_again and incomplete, supported in pam.d's extended syntax. Patch from Ben Collins . 2007-08-15 Tomas Mraz * modules/pam_access/pam_access.c (list_match): Add explicit sptr argument for strtok_r, otherwise the code is not portable. 2007-08-13 Olivier Blin * doc/man/pam.3.xml: Fix typo. * doc/man/pam.3: Likewise. * doc/man/pam_end.3.xml: Likewise. * doc/man/pam_end.3: Likewise. 2007-07-18 Thorsten Kukuk * release version 0.99.8.1 * libpam/pam_audit.c: Include unistd.h for getuid(). * libpam/Makefile.am: Bump version number. 2007-07-12 Thorsten Kukuk * libpam/pam_audit.c (_pam_audit_writelog): Don't return error if application runs as normal user. Fixes regression introduced with last change. 2007-07-10 Thorsten Kukuk * configure.in: Add --with-db-uniquename option to support db libraries and functions with unique name extension. Patch from Diego 'Flameeyes' Pettenò . * modules/pam_limits/pam_limits.c: Include locale.h. 2007-07-06 Thorsten Kukuk * release version 0.99.8.0 * configure.in: Check for audit_log_acct_message instead of audit_log_user_message. * libpam/pam_audit.c: Use audit_log_acct_message. Based on patch from Mark J Cox . * libpam/Makefile.am: Bump version number of libpam. * modules/pam_umask/pam_umask.c (set_umask): mode_t is 32bit, not 64bit. * xtests/tst-pam_limits1.c: Fix printf arguments. * po/*.po: Merge po files with latest code changes. 2007-06-26 Thorsten Kukuk * modules/pam_limits/pam_limits.c (process_limit): Check upper and lower limit of nice value, fix off-by-one in conversation to rlim_t. * xtests/Makefile.am: Add new pam_limits test case. * xtests/limits.conf: New, config file for test case. * xtests/pam_limits1.c: New, test case for RLIMIT_NICE. * xtests/pam_limits1.sh: Likewise. * xtests/pam_limits1.pamd: Likewise. 2007-06-25 Thorsten Kukuk * modules/pam_access/pam_access.c (list_match): Use saveptr of strtok_r result for recursive calls. * xtests/Makefile.am: Add new pam_access test cases. * xtests/pam_access1.c: New test case. * xtests/pam_access2.c: Likewise. * xtests/pam_access3.c: Likewise. * xtests/pam_access4.c: Likewise. * xtests/pam_access1.sh: Wrapper to create user accounts. * xtests/pam_access2.sh: Likewise. * xtests/pam_access3.sh: Likewise. * xtests/pam_access4.sh: Likewise. * xtests/pam_access1.pamd: PAM config file for pam_access tests. * xtests/pam_access2.pamd: Likewise. * xtests/pam_access3.pamd: Likewise. * xtests/pam_access4.pamd: Likewise. * xtests/access.conf: Config file for pam_access tests. * xtests/run-tests.sh: Install access.conf into system. 2007-06-22 Thorsten Kukuk * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Print better error message if /proc/self/loginuid cannot be opened. * modules/pam_limits/pam_limits.c (process_limit): Check for variable overflow after multiplication [bnc#283001]. * modules/pam_access/pam_access.c: Add new syntax for groups in access.conf to differentiate group names from account names. Based on patch from Julien Lecomte , solves feature request [#411390]. * modules/pam_access/access.conf: Add example for new group syntax. * modules/pam_access/access.conf.5.xml: Document new syntax. 2007-06-20 Thorsten Kukuk * modules/pam_cracklib/pam_cracklib.8.xml: Document new minclass option. * modules/pam_cracklib/pam_cracklib.c: Add support for minimum character classes [#1688777]. Based on patch from Keith Schincke. * xtests/tst-pam_cracklib2.c: New, test case for minclass option. * xtests/tst-pam_cracklib2.pamd: New, PAM config file for test case. * xtests/Makefile.am: Add new testcase. * xtests/pam_cracklib.c: Fix comment what this application tests. * configure.in: Use /lib64 on x86-64, ppc64, s390x, sparc64 2007-06-15 Tomas Mraz * modules/pam_selinux/pam_selinux.8.xml: Remove multiple option, add select_context and use_current_range options. * modules/pam_selinux/pam_selinux.c (send_audit_message): Added function for auditing role/level changes. (query_response): Add default response. (select_context): Removed. (manual_context): Query only role and level. (mls_range_allowed): Added function for range check. (config_context): Added function for role and level override. (pam_sm_open_session): Remove multiple option, add select_context and use_current_range_options. Use getseuserbyname to obtain SELinux user and level. Audit role/level changes. Call setkeycreatecon to assign key creation context. Don't fail on errors when SELinux is not in enforcing mode. * configure.in: Check for setkeycreatecon(). * modules/pam_namespace/README.xml: Avoid duplication of documentation. * modules/pam_namespace/namespace.conf: More real life example from MLS support. * modules/pam_namespace/namespace.conf.5.xml: Likewise plus properly describe how instance directory names are formed. * modules/pam_namespace/namespace.init: Preserve euid when called from setuid apps (su, newrole). * modules/pam_namespace/pam_namespace.8.xml: Added option no_unmount_on_close. * modules/pam_namespace/pam_namespace.c (process_line): Polyinst methods are now user, level and context. Fix crash on unknown override user in config file. (ns_override): Add explicit uid parameter. (form_context): Skip for user method. Implement level based polyinstantiation. (poly_name): Initialize contexts. Add level based polyinst, remove 'both' metod. Use raw contexts for instance names, truncate long instance names and add hash. (ns_setup): Hashing moved to poly_name(). (setup_namespace): Handle correctly override users for su (when unmnt_remnt is used). (pam_sm_close_session): Added no_unmount_on_close option. * modules/pam_namespace/pam_namespace.h: Added no_unmount_on_close_option, level method, limit on instance directory name length. 2007-05-04 Thorsten Kukuk * xtests/run-xtests.sh: Use SRCDIR to find PAM config files. * xtests/Makefile.am: Call run-xtests.sh with srcdir as first argument. Based on patch by Bernard Leak . 2007-04-30 Thorsten Kukuk * modules/pam_limits/limits.conf: Address space limit is KB. * modules/pam_limits/limits.conf.5.xml: Likewise. Reported by Thomas Vander Stichele . * modules/pam_mail/pam_mail.c (_do_mail): Remove duplicate check for PAM_SILENT and don't bail out if it is set [#1706247]. 2007-03-29 Tomas Mraz * modules/pam_access/pam_access.c (login_access, list_match): Replace strtok with strtok_r. * modules/pam_cracklib/pam_cracklib.c (check_old_password): Likewise. * modules/pam_ftp/pam_ftp.c (lookup, pam_authenticate): Likewise. * modules/pam_unix/pam_unix_passwd.c (check_old_password, save_old_password): Likewise. * modules/pam_limits/Makefile.am: Define limits.d dir and install it. * modules/pam_limits/pam_limits.8.xml: Describe limits.d parsing. * modules/pam_limits/pam_limits.c (pam_limit_s): Make conf_file ptr. (pam_parse): conf_file is now ptr. (pam_sm_open_session): Add parsing files from limits.d subdir using glob, change pl to pointer. 2007-03-12 Thorsten Kukuk * po/ar.po: New translation. * po/ca.po: Likewise. * po/da.po: Likewise. * po/ru.po: Likewise. * po/sv.po: Likewise. * po/zu.po: Likewise. * po/LINGUAS: Add ar, ca, da, ru, sv, zu * po/hu.po: Update translation. 2007-02-21 Tomas Mraz * modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Test for allocation failure in bigcrypt(). * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Allow modification of '*' password by root. 2007-02-06 Tomas Mraz * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Remove debug syslog message when loginuid doesn't exist. 2007-02-01 Tomas Mraz * xtests/tst-pam_unix3.c: Fix typos in comments. * modules/pam_unix/support.c (_unix_verify_password): Explicitly disallow '!' in the beginning of password hash. Treat only 13 bytes password hash specifically. (Suggested by Solar Designer.) Fix a warning and test for allocation failure. * modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Likewise. 2007-01-31 Thorsten Kukuk * xtests/Makefile.am: Add new pam_unix.so tests * xtests/run-xtests.sh: Prefer shell scripts (wrapper) over binaries. * xtests/tst-pam_cracklib1.c: Fix typo. * xtests/tst-pam_unix1.c: New, for sucurity fix. * xtests/tst-pam_unix1.pamd: New. * xtests/tst-pam_unix1.sh: New. * xtests/tst-pam_unix2.c: New, for crypt checks. * xtests/tst-pam_unix2.pamd: New. * xtests/tst-pam_unix2.sh: New. * xtests/tst-pam_unix3.c: New, for bigcrypt checks. * xtests/tst-pam_unix3.pamd: New. * xtests/tst-pam_unix3.sh: New. 2007-01-23 Thorsten Kukuk * release 0.99.7.1 * configure.in: Set version number to 0.99.7.1 2007-01-23 Thorsten Kukuk Tomas Mraz * modules/pam_unix/support.c (_unix_verify_password): Always compare full encrypted passwords (CVE-2007-0003). 2007-01-23 Tomas Mraz * modules/pam_loginuid/Makefile.am (AM_LDFLAGS): Add LIBAUDIT. * modules/pam_selinux/Makefile.am (pam_selinux_check_LDFLAGS): Add AM_LDFLAGS. (pam_selinux_la_LDFLAGS): Likewise. 2007-01-17 Thorsten Kukuk * release 0.99.7.0 * configure.in: Set version number to 0.99.7.0 * Makefile.am (M4_FILES): Replace GNU make extension by listing all m4 files. 2007-01-17 Tomas Mraz * po/*.po: Updated strings to translate. * po/Linux-PAM.pot: Likewise. 2007-01-16 Thorsten Kukuk * doc/man/pam.conf-syntax.xml: Improve documentation about sufficient keyword (Patch by Petteri Räty ) 2006-12-20 Thorsten Kukuk * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Forbid only '+' and '-' as first characters for account names. * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise. 2006-12-18 Thorsten Kukuk * configure.in: Fix ENOKEY check (specify errno.h as header file to search in). * configure.in: Add AM_PROG_CC_C_O. * libpam/Makefile.am: Add content of AM_LDFLAGS to *_LDFLAGS. * modules/pam_tally/Makefile.am: Likewise. * modules/pam_unix/Makefile.am: Likewise. * modules/pam_stress/pam_stress.c (pam_sm_chauthtok): Fix localisation of message printed to user. * po/de.po: Adjust translation. 2006-12-18 Tomas Mraz * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Localize message printed to user. * modules/pam_unix/support.c (_unix_verify_password): Use strncmp only for bigcrypt result. * modules/pam_keyinit/pam_keyinit.c (kill_keyrings): Switch to new egid first, euid next. Revert euid/egid to old euid/egid and not ruid/rgid. (pam_sm_open_session): Switch to new rgid first, ruid next. 2006-12-13 Thorsten Kukuk * modules/pam_localuser/pam_localuser.c: Add support for session and chauthtok [SF#1606180]. * modules/pam_localuser/pam_localuser.8.xml: Document last change. * libpam/pam_audit.c (_pam_audit_writelog): Print error message only once. 2006-12-12 Thorsten Kukuk * libpam/pam_audit.c (_pam_audit_writelog): Print error message on failure to syslog. 2006-12-09 Thorsten Kukuk * modules/pam_umask/pam_umask.c: Use strtoul instead of strtol, fix overflow detection. 2006-12-06 Thorsten Kukuk * modules/pam_mkhomedir/pam_mkhomedir.c (rec_mkdir): Fix handling of left-most path component [SF#1591598]. (create_homedir): Mark user visible messages for translation. * po/de.po: Adjust german translation for pam_mkhomedir. * modules/pam_faildelay/pam_faildelay.c: If no argument is given, try to read FAIL_DELAY from /etc/login.defs. * modules/pam_faildelay/pam_faildelay.8.xml: Document usage of /etc/login.defs. 2006-12-04 Tomas Mraz * po/jp.po: Fixed mistake in Password: message (from Peng Huang ). 2006-11-28 Thorsten Kukuk * po/hu.po: Update hungarian translation (from Kalman Kemenczy ). * configure.in: Allow disabling support for cracklib, audit, libdb. * modules/pam_faildelay/pam_faildelay.8.xml: Correct name of Author. * configure.in: Remove --enable-docdir (obsolete by --docdir). * doc/Makefile.am: Don't overwrite htmldir. * doc/adg/Makefile.am: Use docdir, htmldir and pdfdir. * doc/mwg/Makefile.am: Likewise. * doc/sag/Makefile.am: Likewise. * doc/specs/Makefile.am: Use docdir. * tests/tst-pam_set_data.c: New test cases for pam_set_data(). * tests/Makefile.am: Add pam_set_data test case. * libpam/pam_data.c: Add NULL pointer check for module_data_name. * libpam/Makefile.am: Bump revision of shared library. 2006-11-08 Thorsten Kukuk * configure.in: Add modules/pam_faildelay/Makefile. * doc/sag/Linux-PAM_SAG.xml: Include pam_faildelay.xml. * doc/sag/pam_faildelay.xml: New. * libpam/pam_static_modules.h: Include static pam_faildelay data. * modules/Makefile.am: Add pam_faildelay directory. * modules/pam_faildelay/Makefile.am: New. * modules/pam_faildelay/README: New, generated from XML file. * modules/pam_faildelay/README.xml: New. * modules/pam_faildelay/pam_faildelay.8: New, generated from xml. * modules/pam_faildelay/pam_faildelay.8.xml: New. * modules/pam_faildelay/pam_faildelay.c: New. * modules/pam_faildelay/tst-pam_faildelay: New. * po/POTFILES.in: Add pam_faildelay.c and pam_loginuid.c. 2006-11-07 Thorsten Kukuk * modules/pam_cracklib/pam_cracklib.c: PAM_DEBUG_ARG is a bit mask and not a boolean value (Reported by Jochen Voss ). 2006-10-26 Thorsten Kukuk * doc/man/pam.3.xml: Add pam_get_user function. * modules/pam_motd/pam_motd.8.xml: Fix typo. 2006-10-24 Thorsten Kukuk * modules/pam_namespace/pam_namespace.c: Reserve space for trailing zero. 2006-10-24 Thorsten Kukuk * modules/pam_unix/support.c (_unix_verify_password): Try system crypt() if we don't know the hash alogorithm. * modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Likewise. 2006-10-13 Tomas Mraz * doc/mwg/Linux-PAM_MWG.xml: Add id[s] to section[s]. * doc/sag/pam_access.xml: Likewise. * doc/sag/pam_echo.xml: Likewise. * doc/sag/pam_env.xml: Likewise. * doc/sag/pam_exec.xml: Likewise. * doc/sag/pam_group.xml: Likewise. * doc/sag/pam_limits.xml: Likewise. * doc/sag/pam_namespace.xml: Likewise. * doc/sag/pam_time.xml: Likewise. * doc/sag/Linux-PAM_SAG.xml: Add id to book. * doc/adg/Linux-PAM_ADG.xml: Add id to book. * doc/mwg/Linux-PAM_MWG.xml: Add id to book. 2006-10-07 Thorsten Kukuk * po/hu.po: Updated hungarian translation (from Kalman Kemenczy ) 2006-09-20 Thorsten Kukuk * doc/adg/Makefile.am: Add manual pages as dependency. * doc/mwg/Makefile.am: Likewise. * doc/sag/Makefile.am: Likewise. * doc/sag/Linux-PAM_SAG.xml: Include pam_unix.xml. * doc/sag/pam_unix.xml: New. * modules/pam_unix/Makefile.am: Generate pam_unix.8 manual page. * modules/pam_unix/README.xml: New. * modules/pam_unix/pam_unix.8.xml: New. * modules/pam_unix/README: Regenerate from XML. * modules/pam_unix/pam_unix.8: Generated from XML. 2006-09-09 Dmitry V. Levin * modules/pam_wheel/pam_wheel.8.xml: Fix typo. * modules/pam_wheel/pam_wheel.8: Likewise. * modules/pam_wheel/README: Likewise. 2006-09-08 Thorsten Kukuk * po/de.po: Fix typo. 2006-09-06 Thorsten Kukuk * release version 0.99.6.3 2006-09-01 Thorsten Kukuk * modules/pam_loginuid/pam_loginuid.8.xml: Fix typo in config name. 2006-08-31 Thorsten Kukuk * modules/pam_env/environment: New, dummy environment example config file. * modules/pam_namespace/Makefile.am: Don't install manual page if we don't build module. * m4/ld-as-needed.m4: Don't set LDFLAGS if check failed. * m4/ld-O1: Likewise. 2006-08-30 Tomas Mraz * modules/pam_access/pam_access.8.xml: All services supported. * modules/pam_access/pam_access.c (pam_sm_open_session): New. (pam_sm_close_session): New. (pam_sm_chauthtok): New. * modules/pam_access/pam_succeed_if.8.xml: All services supported. * modules/pam_access/pam_succeed_if.c (pam_sm_setcred): Return PAM_IGNORE rather than success. (pam_sm_open_session): New. (pam_sm_close_session): New. (pam_sm_chauthtok): New. 2006-08-30 Thorsten Kukuk * xtests/Makefile.am: Move shell code to execute tests from here ... * xtests/run-xtests.sh: ... to here. * xtests/*.c: Include config.h. * tests/*.c: Likewise. * modules/pam_namespace/pam_namespace.c: Use pam_modutil_getpwnam() instead of getpwnam(). 2006-08-29 Thorsten Kukuk * doc/sag/pam_loginuid.xml: New. * doc/sag/Linux-PAM_SAG.xml: Include pam_loginuid.xml. * configure.in: Add modules/pam_loginuid/Makefile. * modules/Makefile.am: Add pam_loginuid sub directory. * libpam/pam_static_modules.h: Add pam_loginuid. * modules/pam_loginuid/Makefile.am: New. * modules/pam_loginuid/tst-pam_loginuid: New. * modules/pam_loginuid/pam_loginuid.8.xml: New. * modules/pam_loginuid/pam_loginuid.8: New, generated from XML source. * modules/pam_loginuid/pam_loginuid.c: New. * modules/pam_loginuid/README.xml: New. * modules/pam_loginuid/README: New, generated from XML source. 2006-08-29 Dmitry V. Levin * modules/pam_exec/pam_exec.c (call_exec): Add required third argument to open() call with O_CREAT flag set. 2006-08-28 Thorsten Kukuk * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Remove duplicate code. 2006-08-24 Thorsten Kukuk * release version 0.99.6.2 * modules/pam_lastlog/pam_lastlog.c (last_login_date): Create lastlog file if it does not exist. * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Check for error from getting second token. * xtests/Makefile.am: Add tst-pam_cracklib1 * xtests/tst-pam_cracklib1.c: New, check for pam_cracklib seg.fault. * xtests/tst-pam_cracklib1.pamd: New, config for cracklib test. 2006-08-24 Thorsten Kukuk * xtests/tst-pam_dispatch4.c: New test. * xtests/tst-pam_dispatch4.pamd: PAM config for new test. 2006-08-09 Thorsten Kukuk * release version 0.99.6.1 2006-08-09 David Howells * modules/pam_keyinit/pam_keyinit.c (kill_keyrings): Set real uid to user's before revoking. (pam_sm_open_session): Remember the uid. 2006-08-06 Thorsten Kukuk * modules/pam_umask/pam_umask.c (setup_limits_from_gecos): Add error handling. * modules/pam_umask/pam_umask.8.xml: Document silent option. * xtests/Makefile.am: Fix includes for bootstrapping. Reported by Greg Schafer . 2006-08-05 Thorsten Kukuk * release version 0.99.6.0 * modules/pam_limits/pam_limits.c (pam_sm_open_session): Use pam_modutil_getpwnam instead of getpwnam. * modules/pam_succeed_if/pam_succeed_if.c (evaluate): Cast svc variable to char pointer for snprintf. * configure.in: Generate xtests/Makefile. * Makefile.am (SUBDIRS): Add xtests. * README: Document make check and make xtests. * xtests/Makefile.am: New. * xtests/tst-pam_dispatch1.pamd: New. * xtests/tst-pam_dispatch2.pamd: New. * xtests/tst-pam_dispatch3.pamd: New. * xtests/tst-pam_dispatch1.c: New. * xtests/tst-pam_dispatch2.c: New. * xtests/tst-pam_dispatch3.c: New. 2006-08-04 Ray Strode * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Return PAM_USER_UNKNOWN instead of PAM_SERVICE_ERR where appropriate. 2006-08-03 David Howells * modules/pam_keyinit/pam_keyinit.c: Debug should be off by default. (init_keyrings): Properly handle multiple invocations of the module. (kill_keyrings, pam_sm_open_session, pam_sm_close_session): Likewise. 2006-08-03 Tomas Mraz * modules/pam_succeed_if/pam_succeed_if.c (evaluate_inlist): New function for list matching. (evaluate_notinlist): Likewise. (evaluate): Add service value match, list matching. * modules/pam_succeed_if/pam_succeed_if.8.xml: Document the features. * modules/pam_selinux/pam_selinux.c (security_label_tty): Don't log relabelling error when the tty device doesn't exist (ENOENT). 2006-08-01 Thorsten Kukuk * doc/man/pam_fail_delay.3.xml: Fix some Bugs and enhance rationale about when this function should be used and when not. * doc/index.html: Cleanup to look prettier. 2006-08-01 Thorsten Kukuk * libpam/Makefile.am: Bump patchlevel of libpam. * libpam/pam_dispatch.c (_pam_dispatch_aux): If [return=die] or [return=bad] is used, don't return PAM_IGNORE. Based on patch by Tomas Mraz , [BRC#196859]. 2006-07-28 Thorsten Kukuk * ABOUT-NLS: Upgrade to gettext-0.15. * config.rpath: Likewise. * m4/gettext.m4: Upgrade to gettext-0.15. * m4/inttypes-h.m4: New file, from gettext-0.15. * m4/inttypes-pri.m4: Upgrade to gettext-0.15. * m4/lib-link.m4: Upgrade to gettext-0.15. * m4/lib-prefix.m4: Upgrade to gettext-0.15. * m4/lock.m4: New file, from gettext-0.15. * m4/longdouble.m4: Upgrade to gettext-0.15. * m4/nls.m4: Upgrade to gettext-0.15. * m4/po.m4: Upgrade to gettext-0.15. * m4/size_max.m4: Upgrade to gettext-0.15. * m4/visibility.m4: New file, from gettext-0.15. * po/Makefile.in.in: Upgrade to gettext-0.15. 2006-07-24 David Quigley * modules/pam_namespace/Makefile.am: Add pam_namespace.h. * modules/pam_namespace/pam_namespace.c: Move includes and data structure definitions from here ... * modules/pam_namespace/pam_namespace.h: ... here. New file. * modules/pam_namespace/pam_namespace.c: Move large sections of code into new functions. 2006-07-24 Thorsten Kukuk * doc/adg/Makefile.am: Add uninstall and distclean rules. * doc/mwg/Makefile.am: Likewise. * doc/sag/Makefile.am: Likewise. 2006-07-08 Daniel Richard G. * conf/pam_conv1/Makefile.am: Fix rules for lex and yacc files. * conf/pam_conv1/pam_conv.lex: Rename to ... * conf/pam_conv1/pam_conv_l.l: ... this. * conf/pam_conv1/pam_conv.y: Rename to ... * conf/pam_conv1/pam_conv_y.y: ... this. * configure.in: Add AC_HELP_STRING()s to various AC_ARG_ENABLE() calls. * doc/Makefile.am: Fix rule to install index.html. * doc/adg/Makefile.am: Fix test usage. * doc/mwg/Makefile.am: Likewise. * doc/sag/Makefile.am: Likewise. * doc/specs/Makefile.am: Fix rules for lex and yacc files. * specs/parse.lex: Rename to ... * doc/specs/parse_l.l: ... this. * doc/specs/parse.y: Rename to ... * doc/specs/parse_y.y: ... this. * libpam/pam_account.c: Fix #if vs. #ifdef. * libpam/pam_audit.c: Likewise. * libpam/pam_auth.c: Likewise. * libpam/pam_password.c: Likewise. * libpam/pam_private.h: Likewise. * libpam/pam_session.c: Likewise. * libpam/pam_start.c: Likewise. * libpam/pam_static.c: Fix "empty sourcefile" warning. * modules/pam_limits/pam_limits.c: Check for __linux, too. * modules/pam_userdb/Makefile.am: Don't run test if no libdb available. * tests/tst-dlopen.c: Include config.h. 2006-07-03 Dan Yefimov * configure.in: Fixed have_key_syscalls test. * modules/pam_access/pam_access.c (from_match): Fixed IPv4 network match, removed AI_ADDRCONFIG flag. 2006-06-30 Tomas Mraz * modules/pam_namespace/Makefile.am(EXTRA_DIST): Add namespace.init. 2006-06-29 Thorsten Kukuk * doc/Makefile.am (releasedocs): Fix directory layout. * doc/adg/Makefile.am: Likewise. * doc/mwg/Makefile.am: Likewise. * doc/sag/Makefile.am: Likewise. 2006-06-28 Thorsten Kukuk * doc/sag: System Administrator Guide as XML source. * doc/sag/Makefile.am: New. * doc/sag/Linux-PAM_SAG.xml: New, main XML document. * doc/sag/pam_*.xml: New, wrapper to include module documentation. * doc/adg: Application Developers Guide as XML source. * doc/adg/Makefile.am: New. * doc/adg/Linux-PAM_ADG.xml: New, main XML document. * doc/adg/pam_*.xml: New, wrappers to include manual pages. * doc/mwg: Application Developers Guide as XML source. * doc/mwg/Makefile.am: New. * doc/mwg/Linux-PAM_MWG.xml: New, main XML document. * doc/mwg/pam_*.xml: New, wrappers to include manual pages. * doc/CREDITS: Removed. * doc/NOTES: Removed. * doc/pam_appl.sgml: Removed. * doc/pam_modules.sgml: Removed. * doc/pam_source.sgml: Removed. * doc/figs/pam_orient.txt: Removed. * doc/figs: Removed. * configure.in: Remove checks for sgml2* progrs, add sag, adg and mwg Makefiles. * doc/Makefile.am: Remove references to sgml, add sag, adg and mwg directories. * doc/modules: Remove directory. * doc/html: Remove directory. * doc/ps: Remove directory. * doc/pdf: Remove directory. * doc/txts: Remove directory. * doc/index.html: Moved from html directory to here. 2006-06-28 Thorsten Kukuk * release version 0.99.5.0 * bump version number to 0.99.5.0 * modules/pam_rhosts/pam_rhosts.c: New module, replaces pam_rhosts_auth.so. * modules/pam_rhosts/pam_rhosts.8.xml: New. * modules/pam_rhosts/pam_rhosts.8: New, generated from XML source. * modules/pam_rhosts/tst-pam_rhosts: New. * modules/pam_rhosts/Makefile.am: Add pam_rhosts, generate manual page and README. * modules/pam_rhosts/README.xml: New. * modules/pam_rhosts/reADME: Regenerated from XML source. * doc/man/pam_sm_acct_mgmt.3.xml: Adjust syntax for module writers guide. * doc/man/pam_sm_authenticate.3.xml: Likewise. * doc/man/pam_sm_chauthtok.3.xml: Likewise. * doc/man/pam_sm_close_session.3.xml: Likewise. * doc/man/pam_sm_open_session.3.xml: Likewise. * doc/man/pam_sm_setcred.3.xml: Likewise. * po/POTFILES.in: Add new source files. * libpam/pam_static_modules.h: Add new modules. * modules/pam_keyinit.c: Add _pam_keyinit_modstruct. * modules/pam_keyinit/Makefile.am (EXTRA_DIST): Add XML files and manual page. 2006-06-27 Thorsten Kukuk * configure.in: Allow disabling of SELinux support, check for rootok_af. 2006-06-27 Tomas Mraz * modules/pam_namespace/pam_namespace.c: New module originally written by Janak Desai. * modules/pam_namespace/Makefile.am: New. * modules/pam_namespace/README: New. * modules/pam_namespace/md5.c: New. * modules/pam_namespace/md5.h: New. * modules/pam_namespace/namespace.conf: New. * modules/pam_namespace/namespace.conf.5: New. * modules/pam_namespace/namespace.conf.5.xml: New. * modules/pam_namespace/namespace.init: New. * modules/pam_namespace/pam_namespace.8: New. * modules/pam_namespace/pam_namespace.8.xml: New. * modules/pam_namespace/tst-pam_namespace: New. * modules/Makefile.am: Added pam_namespace. * configure.in: Added pam_namespace, test for unshare library call. 2006-06-27 David Howells * modules/pam_keyinit/pam_keyinit.c: New module. * modules/pam_keyinit/pam_keyinit.8: New. * modules/pam_keyinit/pam_keyinit.8.xml: New. * modules/pam_keyinit/README: New. * modules/pam_keyinit/README.xml: New. * modules/pam_keyinit/Makefile.am: New. * modules/pam_keyinit/tst-pam_keyinit: New. * modules/Makefile.am: Added pam_keyinit. * configure.in: Added test for the key mgmt syscall. 2006-06-27 Thorsten Kukuk * m4/libprelude.m4: Sync with upstream. 2006-06-27 Tomas Mraz * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): signal() fails with SIG_ERR return * modules/pam_unix/pam_unix_passwd.c(_unix_run_shadow_binary): Likewise. * modules/pam_unix/support.c(_unix_run_helper_binary): Likewise. 2006-06-25 Thorsten Kukuk * doc/man/misc_conv.3.xml: New. * doc/man/misc_conv.3: New. * doc/man/pam_misc_paste_env.3.xml: New. * doc/man/pam_misc_paste_env.3: New. * doc/man/pam_misc_drop_env.3.xml: New. * doc/man/pam_misc_drop_env.3: New. * doc/man/pam_misc_setenv.3.xml: New. * doc/man/pam_misc_setenv.3: New. * doc/man/Makefile.am: Add new manual pages. * doc/man/pam_acct_mgmt.3.xml: Fix syntax for inclusion in Applicatoin Developer Guide. * doc/man/pam_authenticate.3.xml: Likewise * doc/man/pam_chauthtok.3.xml: Likewise * doc/man/pam_close_session.3.xml: Likewise * doc/man/pam_conv.3.xml: Likewise * doc/man/pam_end.3.xml: Likewise * doc/man/pam_fail_delay.3.xml: Likewise * doc/man/pam_getenv.3.xml: Likewise * doc/man/pam_getenvlist.3.xml: Likewise * doc/man/pam_open_session.3.xml: Likewise * doc/man/pam_putenv.3.xml: Likewise * doc/man/pam_setcred.3.xml: Likewise * doc/man/pam_start.3.xml: Likewise * doc/man/pam_strerror.3.xml: Likewise * doc/man/pam_acct_mgmt.3: Regenerate from XML source. * doc/man/pam_authenticate.3: Likewise * doc/man/pam_chauthtok.3: Likewise * doc/man/pam_close_session.3: Likewise * doc/man/pam_conv.3: Likewise * doc/man/pam_end.3: Likewise * doc/man/pam_fail_delay.3: Likewise * doc/man/pam_getenv.3: Likewise * doc/man/pam_getenvlist.3: Likewise * doc/man/pam_open_session.3: Likewise * doc/man/pam_putenv.3: Likewise * doc/man/pam_setcred.3: Likewise * doc/man/pam_sm_close_session.3: Likewise * doc/man/pam_start.3: Likewise * doc/man/pam_strerror.3: Likewise * doc/man/pam_syslog.3: Likewise * doc/man/PAM.8: Likewise 2006-06-24 Thorsten Kukuk * modules/pam_limits/pam_limits.c (setup_limits): Don't reset priority for root. 2006-06-23 Thorsten Kukuk * modules/pam_access/access.conf.5.xml: Fix syntax for SAG. * modules/pam_access/pam_access.8.xml: Likewise. * modules/pam_deny/pam_deny.8.xml: Likewise. * modules/pam_echo/pam_echo.8.xml: Likewise. * modules/pam_env/pam_env.8.xml: Likewise. * modules/pam_env/pam_env.conf.5.xml: Likewise. * modules/pam_group/group.conf.5.xml: Likewise. * modules/pam_group/pam_group.8.xml: Likewise. * modules/pam_limits/limits.conf.5.xml: Likewise. * modules/pam_listfile/pam_listfile.8.xml: Likewise. * modules/pam_succeed_if/pam_succeed_if.8.xml: Likewise. * modules/pam_time/pam_time.8.xml: Likewise. * modules/pam_time/time.conf.5.xml: Likewise. * modules/pam_access/access.conf.5: Regenerate. * modules/pam_access/pam_access.8: Likewise. * modules/pam_deny/pam_deny.8: Likewise. * modules/pam_echo/README: Likewise. * modules/pam_echo/pam_echo.8: Likewise. * modules/pam_env/pam_env.8: Likewise. * modules/pam_env/pam_env.conf.5: Likewise. * modules/pam_group/README: Likewise. * modules/pam_group/group.conf.5: Likewise. * modules/pam_group/pam_group.8: Likewise. * modules/pam_limits/limits.conf.5: Likewise. * modules/pam_listfile/README: Likewise. * modules/pam_listfile/pam_listfile.8: Likewise. * modules/pam_succeed_if/pam_succeed_if.8: Likewise. * modules/pam_time/pam_time.8: Likewise. * modules/pam_time/time.conf.5: Likewise. * doc/man/Makefile.am: Add pam.conf-desc.xml, pam.conf-dir.xml and pam.conf-syntax.xml. * doc/man/pam.conf.5.xml: Split into different pieces for SAG. * doc/man/pam.conf.5: Regenerated. * doc/man/pam.conf-desc.xml: New. * doc/man/pam.conf-dir.xml: New. * doc/man/pam.conf-syntax.xml: New. 2006-06-21 Thorsten Kukuk * modules/pam_selinux/Makefile.am: Fix "make dist" if libselinux is not installed. * modules/pam_issue/pam_issue.8.xml: Fix listing of escapes. * modules/pam_issue/pam_issue.8: Regenerate. 2006-06-20 Thorsten Kukuk * configure.in: Remove unused check for libcap. * m4/ld-as-needed.m4: New. * m4/ld-O1.m4: New. * configure.in: Call PAM_LD_AS_NEEDED and PAM_LD_O1, require docbook version 4.4. 2006-06-19 Thorsten Kukuk * doc/man/pam.8.xml: Syntax cleanup. * doc/pam/PAM.8: Regenerated from xml source. * man/pam_sm_chauthtok.3: New. * man/pam_sm_chauthtok.3.xml: New. * man/pam_sm_close_session.3: New. * man/pam_sm_close_session.3.xml: New. * man/pam_sm_open_session.3: New. * man/pam_sm_open_session.3.xml: New. * man/pam_sm_authenticate.3: New. * man/pam_sm_authenticate.3.xml: New. * man/pam_sm_setcred.3: New. * man/pam_sm_setcred.3.xml: New. * man/Makefile.am: Add new pam_sm_* manual pages. * specs/Makefile.am: Fix rule to generate draft. 2006-06-18 Thorsten Kukuk * modules/pam_tally/Makefile.am: Include Make.xml.rules. * modules/pam_tally/pam_tally.8.xml: New. * modules/pam_tally/pam_tally.8: New, generated from xml file. * modules/pam_tally/README.xml: New. * modules/pam_tally/README: Regenerated from xml file. * modules/pam_selinux/Makefile.am: Include Make.xml.rules. * modules/pam_selinux/pam_selinux.8.xml: New. * modules/pam_selinux/pam_selinux.8: Regenerated from xml file. * modules/pam_selinux/README.xml: New. * modules/pam_selinux/README: Regenerated from xml file. 2006-06-17 Thorsten Kukuk * modules/pam_debug/Makefile.am: Include Make.xml.rules. * modules/pam_debug/pam_debug.8.xml: New. * modules/pam_debug/pam_debug.8: New, generated from xml file. * modules/pam_debug/README.xml: New. * modules/pam_debug/README: Regenerated from xml file. * examples/vpass.c: UID is unsigned on Linux. * modules/pam_exec/pam_exec.c: Likewise. * modules/pam_unix/pam_unix_acct.c: Likewise. * modules/pam_unix/pam_unix_sess.c: Likewise. * modules/pam_succeed_if/pam_succeed_if.8.xml: Fix syntax error. * modules/pam_succeed_if/pam_succeed_if.8: Regenerated. * modules/pam_succeed_if/README: Regenerated. * modules/pam_limits/Makefile.am: Include Make.xml.rules. * modules/pam_limits/limits.conf.5: New, generated from xml file. * modules/pam_limits/limits.conf.5.xml: New. * modules/pam_limits/pam_limits.8: New, generated from xml file. * modules/pam_limits/pam_limits.8.xml: New. * modules/pam_limits/README.xml: New. * modules/pam_limits/README: Regenerated from README.xml. 2006-06-16 Thorsten Kukuk * modules/pam_unix/pam_unix_passwd.c (save_old_password): UIDs are unsigned on Linux, don't truncate them. (_do_setpass): err is of type clnt_stat, not int. * modules/pam_lastlog/pam_lastlog.c (last_login_read): Don't truncate UID for syslog output. * modules/pam_time/pam_time.c: Replace type boolean with int. * modules/pam_group/pam_group.c: Likewise. 2006-06-15 Thorsten Kukuk * modules/pam_unix/bigcrypt.h: New. * modules/pam_unix/Makefile.am: Add bigcrypt.h. * modules/pam_unix/bigcrypt.c: Include bigcrypt.h. * modules/pam_unix/support.c: Include bigcrypt.h, remove own prototype. * modules/pam_unix/bigcrypt_main.c: Include bigcrypt.h, remove own prototype. * modules/pam_unix/pam_unix_passwd.c: Include bigcrypt.h, remove own prototype. * modules/pam_time/pam_time.c (logic_member): Remove unused variable len. * modules/pam_group/pam_group.c (logic_field): Accept colon in tty name. [#1428276]. (logic_member): Remove unused variable len. (check_account): Fix usage of err variable in debug code. * modules/pam_time/pam_time.c (logic_field): Likewise. * configure.in: Add special exceptions for icc: different compiler warnings, no PIE support. 2006-06-14 Thorsten Kukuk * libpam/pam_misc.c (_pam_strdup): Use strlen and strcpy. * configure.in: Remove --enable-memory-debug, add option to disable prelude if installed. * modules/pam_tally/pam_tally.c: Remove MEMORY_DEBUG * modules/pam_filter/upperLOWER/upperLOWER.c: Likewise. * modules/pam_unix/unix_chkpwd.c: Likewise. * libpam/include/security/_pam_types.h: Likewise. * libpam/libpam.map: Remove LIBPAM_MALLOC_DEBUG export. * libpam/pam_malloc.c: Remove file. * libpam/Makefile.am: Remove pam_malloc.c and pam_malloc.h. * libpam/pam_handlers.c (extract_modulename): Use _pam_strdup instead of strdup. * libpam/pam_private.h: Remove _pam_strCMP. * libpam/pam_misc.c: Likewise. * libpam/pam_handlers.c: Replaced _pam_strCMP with strcasecmp. 2006-06-12 Thorsten Kukuk * modules/pam_tally/Makefile.am (AM_LDFLAGS): Remove flags for modules from main application. 2006-06-09 Thorsten Kukuk * modules/pam_time/Makefile.am: Include Make.xml.rules. * modules/pam_time/time.conf.5: New, generated from xml file. * modules/pam_time/time.conf.5.xml: New. * modules/pam_time/pam_time.8: New, generated from xml file. * modules/pam_time/pam_time.8.xml: New. * modules/pam_time/README.xml: New. * modules/pam_time/README: Regenerated from README.xml. * modules/pam_wheel/Makefile.am: Include Make.xml.rules. * modules/pam_wheel/pam_wheel.8.xml: New. * modules/pam_wheel/pam_wheel.8: New, generated from xml file. * modules/pam_wheel/README.xml: New. * modules/pam_wheel/README: Regenerated from xml file. * modules/pam_xauth/Makefile.am: Include Make.xml.rules. * modules/pam_xauth/pam_xauth.8.xml: New. * modules/pam_xauth/pam_xauth.8: Regenerated from xml file. * modules/pam_xauth/README.xml: New. * modules/pam_xauth/README: Regenerated from xml file. * modules/pam_deny/pam_deny.8.xml: Fix syntax errors. * modules/pam_deny/pam_deny.8: Regenerate from xml file. * modules/pam_deny/README: Likewise. * modules/pam_warn/Makefile.am: Include Make.xml.rules. * modules/pam_warn/pam_warn.8.xml: New. * modules/pam_warn/pam_warn.8: New, generated from xml file. * modules/pam_warn/README.xml: New. * modules/pam_warn/README: Regenerated from xml file. * modules/pam_userdb/Makefile.am: Include Make.xml.rules. * modules/pam_userdb/pam_userdb.8.xml: New. * modules/pam_userdb/pam_userdb.8: New, generated from xml file. * modules/pam_userdb/README.xml: New. * modules/pam_userdb/README: Regenerated from xml file. 2006-06-06 Thorsten Kukuk * modules/pam_shells/Makefile.am: Include Make.xml.rules. * modules/pam_shells/pam_shells.8.xml: New. * modules/pam_shells/pam_shells.8: New, generated from xml file. * modules/pam_shells/README.xml: New. * modules/pam_shells/README: Regenerated from xml file. * libpam/include/security/pam_malloc.h: Add missing license informations. * libpam/include/security/pam_ext.h: Add brackets for C++. * libpam/include/security/pam_modutil.h: Likewise. * libpam/include/security/pam_modules.h: Document where to find the copyright/license informations. * libpam/include/security/pam_appl.h: Move _pam_compat.h include inside of brackets. 2006-06-04 Thorsten Kukuk * modules/pam_securetty/Makefile.am: Include Make.xml.rules. * modules/pam_securetty/pam_securetty.8.xml: New. * modules/pam_securetty/pam_securetty.8: Regenerated from xml file. * modules/pam_securetty/README.xml: New. * modules/pam_securetty/README: Regenerated from xml file. * modules/pam_rootok/Makefile.am: Include Make.xml.rules. * modules/pam_rootok/pam_rootok.8.xml: New. * modules/pam_rootok/pam_rootok.8: New, generated from xml file. * modules/pam_rootok/README.xml: New. * modules/pam_rootok/README: Regenerated from xml file. * modules/pam_permit/Makefile.am: Include Make.xml.rules. * modules/pam_permit/pam_permit.8.xml: New. * modules/pam_permit/pam_permit.8: New, generated from xml file. * modules/pam_permit/README.xml: New. * modules/pam_permit/README: Regenerated from xml file. * modules/pam_nologin/Makefile.am: Include Make.xml.rules. * modules/pam_nologin/pam_nologin.8.xml: New. * modules/pam_nologin/pam_nologin.8: Regenerated from xml file. * modules/pam_nologin/README.xml: New. * modules/pam_nologin/README: Regenerated from xml file. 2006-06-03 Thorsten Kukuk * modules/pam_motd/Makefile.am: Include Make.xml.rules. * modules/pam_motd/pam_motd.8.xml: New. * modules/pam_motd/pam_motd.8: New, generated from xml file. * modules/pam_motd/README.xml: New. * modules/pam_motd/README: New, generated from xml file. 2006-06-02 Thorsten Kukuk * modules/pam_mail/Makefile.am: Include Make.xml.rules. * modules/pam_mail/pam_mail.8.xml: New. * modules/pam_mail/pam_mail.8: New, generated from xml file. * modules/pam_mail/README.xml: New. * modules/pam_mail/README: Regenerated from xml file. * modules/pam_localuser/Makefile.am: Include Make.xml.rules. * modules/pam_localuser/pam_localuser.8.xml: New. * modules/pam_localuser/pam_localuser.8: New, generated from xml file. * modules/pam_localuser/README.xml: New. * modules/pam_localuser/README: Regenerated from xml file. * doc/man/PAM.8: Regenerate with DocBook XSL Stylesheets v1.70.1. * doc/man/pam.3: Likewise. * doc/man/pam.conf.5: Likewise. * doc/man/pam_acct_mgmt.3: Likewise. * doc/man/pam_authenticate.3: Likewise. * doc/man/pam_chauthtok.3: Likewise. * doc/man/pam_close_session.3: Likewise. * doc/man/pam_conv.3: Likewise. * doc/man/pam_end.3: Likewise. * doc/man/pam_error.3: Likewise. * doc/man/pam_fail_delay.3: Likewise. * doc/man/pam_get_data.3: Likewise. * doc/man/pam_get_item.3: Likewise. * doc/man/pam_get_user.3: Likewise. * doc/man/pam_getenv.3: Likewise. * doc/man/pam_getenvlist.3: Likewise. * doc/man/pam_info.3: Likewise. * doc/man/pam_open_session.3: Likewise. * doc/man/pam_prompt.3: Likewise. * doc/man/pam_putenv.3: Likewise. * doc/man/pam_set_data.3: Likewise. * doc/man/pam_set_item.3: Likewise. * doc/man/pam_setcred.3: Likewise. * doc/man/pam_sm_acct_mgmt.3: Likewise. * doc/man/pam_start.3: Likewise. * doc/man/pam_strerror.3: Likewise. * doc/man/pam_syslog.3: Likewise. * modules/pam_access/access.conf.5: Likewise. * modules/pam_access/pam_access.8: Likewise. * modules/pam_cracklib/pam_cracklib.8: Likewise. * modules/pam_deny/pam_deny.8: Likewise. * modules/pam_echo/pam_echo.8: Likewise. * modules/pam_env/pam_env.8: Likewise. * modules/pam_env/pam_env.conf.5: Likewise. * modules/pam_exec/pam_exec.8: Likewise. * modules/pam_filter/pam_filter.8: Likewise. * modules/pam_ftp/pam_ftp.8: Likewise. * modules/pam_group/group.conf.5: Likewise. * modules/pam_group/pam_group.8: Likewise. * modules/pam_issue/pam_issue.8: Likewise. * modules/pam_lastlog/pam_lastlog.8: Likewise. * modules/pam_mkhomedir/pam_mkhomedir.8: Likewise. * modules/pam_succeed_if/pam_succeed_if.8: Likewise. * modules/pam_umask/pam_umask.8: Likewise. * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Use dngettext if available [#1427738]. * configure.in: Check for dngettext [#1427738]. * po/*.po: Update to dngettext usage. * modules/pam_listfile/Makefile.am: Include Make.xml.rules. * modules/pam_listfile/pam_listfile.8.xml: New. * modules/pam_listfile/pam_listfile.8: New, generated from xml file. * modules/pam_listfile/README.xml: New. * modules/pam_listfile/README: Regenerated from xml file. 2006-06-01 Thorsten Kukuk * modules/pam_lastlog/Makefile.am: Include Make.xml.rules. * modules/pam_lastlog/pam_lastlog.8.xml: New. * modules/pam_lastlog/pam_lastlog.8: New, generated from xml file. * modules/pam_lastlog/README.xml: New. * modules/pam_lastlog/README: Regenerated from xml file. * modules/pam_group/Makefile.am: Include Make.xml.rules. * modules/pam_group/group.conf.5.xml: New. * modules/pam_group/group.conf.5: New, generated from xml file. * modules/pam_group/pam_group.8.xml: New. * modules/pam_group/pam_group.8: New, generated from xml file. * modules/pam_group/README.xml: New. * modules/pam_group/README: Regenerated from xml file. * modules/pam_ftp/Makefile.am: Include Make.xml.rules. * modules/pam_ftp/pam_ftp.8.xml: New. * modules/pam_ftp/pam_ftp.8: New, generated from xml file. * modules/pam_ftp/README.xml: New. * modules/pam_ftp/README: Regenerated from xml file. * modules/pam_issue/Makefile.am: Include Make.xml.rules. * modules/pam_issue/pam_issue.8.xml: New. * modules/pam_issue/pam_issue.8: New, generated from xml file. * modules/pam_issue/README.xml: New. * modules/pam_issue/README: Regenerated from xml file. * modules/pam_filter/Makefile.am: Include Make.xml.rules. * modules/pam_filter/pam_filter.8.xml: New. * modules/pam_filter/pam_filter.8: New, generated from xml file. * modules/pam_filter/README.xml: New. * modules/pam_filter/README: Regenerated from xml file. 2006-05-30 Thorsten Kukuk * modules/pam_mkhomedir/pam_mkhomedir.8.xml: Fix umask and skel directory documentation. * modules/pam_umask/Makefile.am: Include Make.xml.rules. * modules/pam_umask/pam_umask.8.xml: New. * modules/pam_umask/pam_umask.8: New, generated from xml file. * modules/pam_umask/README.xml: New. * modules/pam_umask/README: Regenerated from xml file. 2006-05-29 Thorsten Kukuk * modules/pam_mkhomedir/Makefile.am: Include Make.xml.rules. * modules/pam_mkhomedir/pam_mkhomedir.8.xml: New. * modules/pam_mkhomedir/pam_mkhomedir.8: New, generated from xml file. * modules/pam_mkhomedir/README.xml: New. * modules/pam_mkhomedir/README: Regenerated from xml file. 2006-05-23 Thorsten Kukuk * modules/pam_echo/pam_echo.c (pam_echo): Use pam_modutil_read() instead of read(). 2006-05-22 Thorsten Kukuk * modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): Fix memory leaks, [#1490956] found by Coverity. * modules/pam_tally/pam_tally.c (pam_get_uid): Check return value of pam_get_user(). (tally_get_data): Check if oldtime is not NULL. [#1489818] found by Coverity. * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Don't ignore return value of stat(). [#1489808] found by Coverity. * modules/pam_mail/pam_mail.c (get_folder): Fix a potential NULL pointer dereference. [#1489792] found by Coverity. * libpam/Makefile.am: bump release number of libpam.so. * libpam/pam_misc.c (_pam_mkargv): Fix memory leak, [#1489804] found by Coverity. * modules/pam_echo/pam_echo.c (replace_and_print): Initialize str, [#1489658] found by Coverity. * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Fix a potential NULL pointer dereference. (pam_sm_chauthtok): Remove dead code. [#1489634] found by Coverity. 2006-05-04 Thorsten Kukuk * configure.in: Check for fseeko. * modules/pam_tally/pam_tally.c: Use fseeko if available (Based on patch by IBM). 2006-05-04 Thorsten Kukuk * release version 0.99.4.0 * libpam/pam_strerror.c: Unify error messages. * po/zh_TW.po: Adjust for last pam_strerror changes. * po/zh_CN.po: Likewise. * po/uk.po: Likewise. * po/tr.po: Likewise. * po/pt.po: Likewise. * po/pt_BR.po: Likewise. * po/pl.po: Likewise. * po/ja.po: Likewise. * po/nl.po: Likewise. * po/nb.po: Likewise. * po/it.po: Likewise. * po/hu.po: Likewise. * po/fr.po: Likewise. * po/fi.po: Likewise. * po/es.po: Likewise. * po/de.po: Likewise. * po/cs.po: Likewise. * doc/man/pam.3.xml: New. * doc/man/pam.3. New, generated from XML file. * doc/man/pam_sm_acct_mgmt.3.xml: New. * doc/man/pam_sm_acct_mgmt.3: New, generated from XML file. * doc/man/*.xml: Fix encoding and use always UTF-8, regenerate all manual pages. * doc/pam_modules.sgml (PAM_NEW_AUTHTOKEN_REQD): Fix typo. 2006-05-02 Thorsten Kukuk * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Use different strings for plural or not [#1427738] * po/*.po: Adjust for pam_unix.so translation fix. * modules/pam_tally/pam_tally.c: Always close file handle in error case, don't close it depending on *TALLY value [#1478180] 2006-04-21 Thorsten Kukuk * po/fr.po: Updated. 2006-04-11 Thorsten Kukuk * po/km.po: Updated. 2006-03-27 Thorsten Kukuk * po/LINGUAS: Add uk. * po/uk.po: New. * po/cs.po: Updated. * po/po/es.po: Updated. * po/fi.po: Updated. * po/fr.po: Updated. * po/hu.po: Updated. * po/it.po: Updated. * po/ja.po: Updated. * po/nb.po: Updated. * po/pl.po: Updated. * po/pt.po: Updated. * po/pt_BR.po: Updated. * po/zh_CN.po: Updated. * po/zh_TW.po: Updated. 2006-03-21 Thorsten Kukuk * configure.in: Remove ALL_LINGUAS. * po/LINGUAS: New. * po/tr.po: New (from Ismail Donmez ). 2006-03-13 Thorsten Kukuk * doc/man/pam_error.3.xml: New. * doc/man/pam_error.3: New, generated from XML file. * doc/man/pam_verror.3: New, generated from XML file. * doc/man/Makefile.am: Add pam_error.3 and pam_verror.3. * modules/pam_lastlog/Makefile.am: Fix typo. * modules/pam_lastlog/pam_lastlog.c: Move comment for translators in right line. * po/*.po: Update po files with comment for translator. 2006-03-12 Thorsten Kukuk * doc/man/Makefile.am: Add new manual pages. * doc/man/pam.conf.5.xml: Replace link with content of PAM admin guide. * doc/man/pam.conf.5: Regenerated from XML file. * doc/man/pam_info.3.xml: New. * doc/man/pam_info.3: New, generated from XML file. * doc/man/pam_vinfo.3: New, generated from XML file. * doc/man/pam_conv.3.xml: New. * doc/man/pam_conv.3: New, generated from XML file. * doc/man/pam_putenv.3.xml: New. * doc/man/pam_putenv.3: New, generated from XML file. * doc/man/pam_getenv.3.xml: New. * doc/man/pam_getenv.3: New, generated from XML file. * doc/man/pam_getenvlist.3.xml: New. * doc/man/pam_getenvlist.3: New, generated from XML file. * libpam/pam_item.c (pam_get_user): Check for valid pamh before using it. * configure.in: create tests/Makefile * Makefile.am (SUBDIRS): Add tests * tests/Makefile.am: New. * tests/tst-dlopen.c: New. * tests/tst-pam_acct_mgmt.c: New. * tests/tst-pam_authenticate.c: New. * tests/tst-pam_chauthtok.c: New. * tests/tst-pam_close_session.c: New. * tests/tst-pam_end.c: New. * tests/tst-pam_fail_delay.c: New. * tests/tst-pam_getenvlist.c: New. * tests/tst-pam_get_item.c: New. * tests/tst-pam_open_session.c: New. * tests/tst-pam_setcred.c: New. * tests/tst-pam_set_item.c: New. * tests/tst-pam_start.c: New. * tests/tst-pam_get_user.c: New. * modules/pam_access/Makefile.am: Add rules for make check * modules/pam_access/tst-pam_access: New * modules/pam_cracklib/Makefile.am: Add rules for make check * modules/pam_cracklib/tst-pam_cracklib: New * modules/pam_debug/Makefile.am: Add rules for make check * modules/pam_debug/tst-pam_debug: New * modules/pam_deny/Makefile.am: Add rules for make check * modules/pam_deny/tst-pam_deny: New * modules/pam_echo/Makefile.am: Add rules for make check * modules/pam_echo/tst-pam_echo: New * modules/pam_env/Makefile.am: Add rules for make check * modules/pam_env/tst-pam_env: New * modules/pam_exec/Makefile.am: Add rules for make check * modules/pam_exec/tst-pam_exec: New * modules/pam_filter/Makefile.am: Add rules for make check * modules/pam_filter/tst-pam_filter: New * modules/pam_ftp/Makefile.am: Add rules for make check * modules/pam_ftp/tst-pam_ftp: New * modules/pam_group/Makefile.am: Add rules for make check * modules/pam_group/tst-pam_group: New * modules/pam_issue/Makefile.am: Add rules for make check * modules/pam_issue/tst-pam_issue: New * modules/pam_lastlog/Makefile.am: Add rules for make check * modules/pam_lastlog/tst-pam_lastlog: New * modules/pam_limits/Makefile.am: Add rules for make check * modules/pam_limits/tst-pam_limits: New * modules/pam_listfile/Makefile.am: Add rules for make check * modules/pam_listfile/tst-pam_listfile: New * modules/pam_localuser/Makefile.am: Add rules for make check * modules/pam_localuser/tst-pam_localuser: New * modules/pam_mail/Makefile.am: Add rules for make check * modules/pam_mail/tst-pam_mail: New * modules/pam_mkhomedir/Makefile.am: Add rules for make check * modules/pam_mkhomedir/tst-pam_mkhomedir: New * modules/pam_motd/Makefile.am: Add rules for make check * modules/pam_motd/tst-pam_motd: New * modules/pam_nologin/Makefile.am: Add rules for make check * modules/pam_nologin/tst-pam_nologin: New * modules/pam_permit/Makefile.am: Add rules for make check * modules/pam_permit/tst-pam_permit: New * modules/pam_rhosts/Makefile.am: Add rules for make check * modules/pam_rhosts/tst-pam_rhosts: New * modules/pam_rootok/Makefile.am: Add rules for make check * modules/pam_rootok/tst-pam_rootok: New * modules/pam_securetty/Makefile.am: Add rules for make check * modules/pam_securetty/tst-pam_securetty: New * modules/pam_selinux/Makefile.am: Add rules for make check * modules/pam_selinux/tst-pam_selinux: New * modules/pam_shells/Makefile.am: Add rules for make check * modules/pam_shells/tst-pam_shells: New * modules/pam_stress/Makefile.am: Add rules for make check * modules/pam_stress/tst-pam_stress: New * modules/pam_succeed_if/Makefile.am: Add rules for make check * modules/pam_succeed_if/tst-pam_succeed_if: New * modules/pam_tally/Makefile.am: Add rules for make check * modules/pam_tally/tst-pam_tally: New * modules/pam_time/Makefile.am: Add rules for make check * modules/pam_time/tst-pam_time: New * modules/pam_umask/Makefile.am: Add rules for make check * modules/pam_umask/tst-pam_umask: New * modules/pam_unix/Makefile.am: Add rules for make check * modules/pam_unix/tst-pam_unix: New * modules/pam_userdb/Makefile.am: Add rules for make check * modules/pam_userdb/tst-pam_userdb: New * modules/pam_warn/Makefile.am: Add rules for make check * modules/pam_warn/tst-pam_warn: New * modules/pam_wheel/Makefile.am: Add rules for make check * modules/pam_wheel/tst-pam_wheel: New * modules/pam_xauth/Makefile.am: Add rules for make check * modules/pam_xauth/tst-pam_xauth: New 2006-03-11 Thorsten Kukuk * doc/man/pam_fail_delay.3.xml: New. * doc/man/pam_fail_delay.3: New, generated from xml. * doc/man/pam_prompt.3.xml: New. * doc/man/pam_prompt.3: New, generated from xml. * doc/man/pam_syslog.3.xml: New. * doc/man/pam_syslog.3: New, generated from xml. * doc/man/pam_vprompt.3: New, generated from xml. * doc/man/pam_vsyslog.3: New, generated from xml. 2006-02-24 Thorsten Kukuk * po/km.po: Update Khmer translation. 2006-02-24 Thorsten Kukuk * modules/pam_succeed_if/pam_succeed_if.8.xml: New, based on version from #1425487. * modules/pam_succeed_if/pam_succeed_if.8: Regenerated from xml. * modules/pam_succeed_if/Makefile.am: Include XML rules. * modules/pam_succeed_if/README.xml: New. * modules/pam_succeed_if/README: Regenerated from xml. * modules/pam_succeed_if/pam_succeed_if.c: Fix comment about return values. 2006-02-22 Thorsten Kukuk * configure.in: Fix check for incomplete libaudit installations (Patch from Ruediger Oertel ). * modules/pam_lastlog/pam_lastlog.c (last_login_write): Initialize correct last_login field [#1427401]. * modules/pam_lastlog/pam_lastlog.c (last_login_read): Mark strftime format string for translation to allow reorder [#1428269]. * po/*.po: Update with last pam_lastlog change. 2006-02-17 Thorsten Kukuk * doc/man/Makefile.am: Add new manual pages. * doc/man/pam_end.3: Regenerated from xml file. * doc/man/pam_end.3.xml: Document freeing of item data. * doc/man/pam_get_user.3: New. * doc/man/pam_get_user.3.xml: New. * modules/pam_access/access.conf.5.xml: Fix typos. * modules/pam_env/Makefile.am: Add new manual pages. * modules/pam_env/README: Regenerate from xml file. * modules/pam_env/README.xml: New. * modules/pam_env/pam_env.8: New. * modules/pam_env/pam_env.8.xml: New. * modules/pam_env/pam_env.conf.5: New. * modules/pam_env/pam_env.conf.5.xml New. 2006-02-14 Thorsten Kukuk * po/fi.po: Updated translations. * po/pl.po: Likewise. * po/km.po: New translation. * configure.in: Add km as new language. 2006-02-13 Thorsten Kukuk * modules/pam_echo/pam_echo.8.xml: New. * modules/pam_echo/pam_echo.8: Regenerated from xml file. * modules/pam_echo/Makefile.am: Include Make.xml.rules. * modules/pam_echo/pam_echo.c: Fix return value. * doc/modules/pam_chroot.sgml: Remove obsolete sgml file. 2006-02-12 Thorsten Kukuk * configure.in: Add doc/man/Makefile. * Make.xml.rules: Enable xincludes for manual pages. * doc/Makefile.am (EXRA_DIST): Remove manual pages. (SUBDIR): Add man subdirectory. * doc/man/Makefile.am: New. * doc/man/pam_acct_mgmt.3: New. * doc/man/pam_acct_mgmt.3.xml: New. * doc/man/pam_get_data.3: New. * doc/man/pam_get_data.3.xml: New. * doc/man/pam_set_data.3: New. * doc/man/pam_set_data.3.xml: New. * doc/man/pam.8.xml: New. * doc/man/pam.8: Regenerated from xml file. * doc/man/pam_authenticate.3.xml: New. * doc/man/pam_authenticate.3: Regenerated from xml file. * doc/man/pam_chauthtok.3.xml: New. * doc/man/pam_chauthtok.3: Regenerated from xml file. * doc/man/pam_close_session.3.xml: New. * doc/man/pam_close_session.3: Regenerated from xml file. * doc/man/pam_end.3.xml: New. * doc/man/pam_end.3: Regenerated from xml file. * doc/man/pam_fail_delay.3.xml: New. * doc/man/pam_fail_delay.3: Regenerated from xml file. * doc/man/pam_get_item.3.xml: New. * doc/man/pam_get_item.3: Regenerated from xml file. * doc/man/pam_item_types.inc.xml: New. * doc/man/pam_open_session.3.xml: New. * doc/man/pam_open_session.3: Regenerated from xml file. * doc/man/pam_set_item.3.xml: New. * doc/man/pam_set_item.3: Regenerated from xml file. * doc/man/pam_setcred.3.xml: New. * doc/man/pam_setcred.3: Regenerated from xml file. * doc/man/pam_start.3.xml: New. * doc/man/pam_start.3: Regenerated from xml file. * doc/man/pam_strerror.3.xml: New. * doc/man/pam_strerror.3: Regenerated from xml file. * doc/man/template-man: Removed. 2006-02-10 Thorsten Kukuk * configure.in: Remove pam_pwdb support. * modules/Makefile.am: remove pam_pwdb. * modules/pam_pwdb: Remove complete directory. * libpam/Makefile.am: Remove LIBPWDB references. * libpam/pam_static_modules.h: Remove pam_pwdb references. * doc/modules/pam_pwdb.sgml: Removed. * po/POTFILES.in: Remove modules/pam_pwdb/*.c entries. * doc/pam_source.sgml: Remove references to libpwdb. * doc/modules/pam_limits.sgml: Remove wrong reference to libpwdb. * doc/modules/pam_group.sgml: Likewise. * doc/modules/pam_cracklib.sgml: Replace pam_pwdb with pam_unix. * doc/modules/pam_userdb.sgml: Likewise. * modules/pam_cracklib/pam_cracklib.8.xml: Replace pam_pwdb with pam_unix. * modules/pam_mkhomedir/pam_mkhomedir.c: Likewise. * modules/pam_group/pam_group.c: Remove dead code for libpwdb. * modules/pam_access/Makefile.am: Fix EXTRA_DIST. * modules/pam_cracklib/Makefile.am: Likewise. * modules/pam_deny/Makefile.am: Likewise. * modules/pam_exec/Makefile.am: Likewise. 2006-02-07 Thorsten Kukuk * configure.in: Check for text browser. * Make.xml.rules: Add rule to generate README from README.xml. * modules/pam_access/Makefile.am: Include Make.xml.rules. * modules/pam_access/README: Regenerated from README.xml. * modules/pam_access/README.xml: New. * modules/pam_access/access.conf: Extended by new examples. * modules/pam_access/access.conf.5: New, generated from xml file. * modules/pam_access/access.conf.5.xml: New. * modules/pam_access/pam_access.8: New, generated from xml file. * modules/pam_access/pam_access.8.xml: New. * modules/pam_access/pam_access.c: Add rules for IPv6 and netmasks. Based on patch from Mike Becher . * modules/pam_deny/Makefile.am: Include Make.xml.rules. * modules/pam_deny/pam_deny.8.xml: New. * modules/pam_deny/pam_deny.8: New, generated from xml file. * modules/pam_deny/README.xml: New. * modules/pam_deny/README: Regenerated from xml file. * modules/pam_cracklib/Makefile.am: Include Make.xml.rules. * modules/pam_cracklib/pam_cracklib.8.xml: New. * modules/pam_cracklib/pam_cracklib.8: New, generated from xml file. * modules/pam_cracklib/README.xml: New. * modules/pam_cracklib/README: Regenerated from xml file. * modules/pam_exec/Makefile.am: Add rule to generate README. * modules/pam_exec/README: Regenerated from xml file. * modules/pam_exec/pam_exec.8: Regenerated from xml file. * modules/pam_exec/pam_exec.8.xml: Syntax files. 2006-02-06 Thorsten Kukuk * po/nl.po: New. * po/pt.po: Update translations. * configure.in: Add nl as new language. 2006-01-30 Thorsten Kukuk * modules/pam_exec/pam_exec.8.xml: Fix syntax of Return Value section. * modules/pam_exec/Makefile.am: Include Make.xml.rules. * Make.xml.rules: New. * Makefile.am (EXTRA_DIST): Add Make.xml.rules. 2006-01-27 Thorsten Kukuk * configure.in: Prefer libdb over libndbm, fix check for libcrack and remove not needed BACKUP_LIBS. 2006-01-24 Thorsten Kukuk * modules/pam_debug/pam_debug.c: Fix name of pam_module struct. * po/de.po: Fix one translation. * configure.in: Add modules/pam_exec. * modules/Makefile.am: Add pam_exec subdirectory. * modules/pam_exec/README: New. * modules/pam_exec/Makefile.am: New. * modules/pam_exec/pam_exec.8: New. * modules/pam_exec/pam_exec.c: New. * modules/pam_exec/pam_exec.8.xml: New. * po/POTFILES.in: Add modules/pam_exec/pam_exec.c. * po/*.po: Merge new pam_exec strings. * libpam/pam_static_modules.h: New. * Makefile.am: Reorder subdirectories for static modules. * configure.in: Add --enable-static-modules option. * libpam/Makefile.am: Define WITH_SELINUX and WITH_PWDB if necessary, add pam_static_modules.h, link against all PAM module object files if STATIC_MODULES is defined. * libpam/pam_static.c: Remove old _static_module* includes, include pam_static_modules.h. * configure.in: Add checks for xsltproc, xmllint and docbook xsl stylesheet. * m4/jh_path_xml_catalog.m4: New. 2006-01-22 Thorsten Kukuk * modules/pam_succeed_if/pam_succeed_if.c: Add support for static modules. * modules/pam_xauth/pam_xauth.c: Likewise. * libpam/pam_static.c (_pam_open_static_handler): Add pamh as argument. * libpam/pam_private.h: Adjust prototype. * libpam/pam_handlers.c (_pam_add_handler): Add pamh to _pam_open_static_handler call. * configure.in: Don't define PAM_DYNAMIC. * libpam/pam_handlers.c: Get ride of PAM_DYNAMIC, don't include pam_dynamic.h * libpam/pam_dynamic.c: Don't include pam_dynamic.h, exclude functions if we compile with PAM_STATIC. * libpam/pam_dynamic.h: Remove. * libpam/pam_private.h: Add function prototypes from pam_dynamic.h. * libpam/Makefile.am: Bump version number of libpam, remove pam_dynamic.h. 2006-01-21 Thorsten Kukuk * modules/pam_listfile/pam_listfile.c: Add support for session and password management. 2006-01-19 Thorsten Kukuk * doc/specs/Makefile.am (spec): Add padout to fix parallel build (Reported by Andreas Haumer ). 2006-01-15 Thorsten Kukuk * modules/pam_echo/pam_echo.c: Define HOST_NAME_MAX if not already defined. 2006-01-13 Thorsten Kukuk * release version 0.99.3.0 * libpam_misc/misc_conv.c (misc_conv): Fix strict aliasing error. * modules/pam_umask/pam_umask.c (search_key): Don't ignore EOF/error return value from fgets(). * configure.in: Check for getline and getdelim * po/fi.po: Add new translations. * po/de.po: Likewise. * po/es.po: Likewise. * po/fr.po: Likewise. * po/it.po: Likewise. * po/ja.po: Likewise. * po/pt_BR.po: Likewise. * po/zh_CH.po: Likewise. * po/zh_TW.po: Likewise. 2006-01-13 Dmitry V. Levin * libpam/pam_audit.c (_pam_auditlog): Replace strerror(errno) call with %m specifier. 2006-01-12 Thorsten Kukuk * configure.in: Add check for -fpie/-pie * modules/pam_filter/upperLOWER/Makefile.am: Compile/link upperLOWER with -fpie/-pie if supported. * modules/pam_unix/Makefile.am: Compile/link unix_chkpwd with -fpie/-pie if supported. 2006-01-12 Steve Grubb * configure.in: Add check for audit library. * libpam/Makefile.am (libpam_la_LDFLAGS): Add LIBAUDIT. (libpam_la_SOURCES): Add pam_audit.c. * libpam/pam_account.c (pam_acct_mgmt): Add _pam_auditlog() call. * libpam/pam_auth.c (pam_authenticate), (pam_setcred): Likewise. * libpam/pam_password.c (pam_chauthtok): Likewise. * libpam/pam_session.c (pam_open_session), (pam_close_session): Likewise. * libpam/pam_private.h: Add audit_state member to pam_handle, declare _pam_auditlog and _pam_audit_end. * libpam/pam_start.c (pam_start): Initialize audit_state. * libpam/pam_audit.c: New file with _pam_auditlog and _pam_audit_end implementation. * libpam/pam_end.c (pam_end): Add _pam_audit_end() call. * NEWS: Note about added auditing. 2006-01-11 Thorsten Kukuk * libpam/Makefile.am (AM_CFLAGS): Define LIBPAM_COMPILE. * libpam/include/security/_pam_types.h: Don't define PAM_NONNULL if we compile libpam itself. * po/hu.po: Update with new translations. 2006-01-08 Thorsten Kukuk * modules/pam_cracklib/pam_cracklib.c: Use PAM_AUTHTOK_RECOVERY_ERR instead of PAM_AUTHTOK_RECOVER_ERR. * modules/pam_pwdb/support.-c: Likewise. * modules/pam_unix/support.c: Likewise. * modules/pam_userdb/pam_userdb.c (pam_sm_authenticate): Likewise. * libpam/pam_strerror.c (pam_strerror): Likewise. * libpam/include/security/_pam_compat.h: Define PAM_AUTHTOK_RECOVER_ERR for backward compatibility. * libpam/include/security/_pam_types.h: Rename PAM_AUTHTOK_RECOVER_ERR to PAM_AUTHTOK_RECOVERY_ERR. 2006-01-05 Thorsten Kukuk * libpam/include/security/_pam_types.h: Remove nonnull attribute from third paramter (item) of pam_get_item. * libpam/Makefile.am: Bump version number of shared library. 2005-12-21 Tomas Mraz * modules/pam_succeed_if/pam_succeed_if.c (evaluate_ingroup), (evaluate_notingroup): Simplified. (evaluate_innetgr), (evaluate_notinnetgr): New functions. (evaluate): Added calls to evaluate_(not)innetgr(). * modules/pam_succeed_if/README: Documented netgroup matching. * NEWS: Mentioned the added netgroup matching support. 2005-12-20 Thorsten Kukuk * modules/pam_lastlog/pam_lastlog.c (last_login_read): Use strftime instead of ctime. * po/de.po: Fix typo. 2005-12-19 Thorsten Kukuk * libpam/pam_syslog.c: Define LOG_AUTHPRIV as LOG_AUTH on Solaris. Reported by Charles_H_Bedford@nbc.gov. * modules/pam_time/pam_time.c (check_account): Implement support for netgroups. * modules/pam_time/time.conf: Document usage of netgroups. 2005-12-16 Thorsten Kukuk * modules/pam_group/pam_group.c (check_account): Implement support for netgroups. * modules/pam_group/group.conf: Add all documentation to this example config file and don't reference to outdated configs. * modules/pam_group/README: New. * modules/pam_group/Makefile.am: Add README to EXTRADIST. 2005-12-15 Thorsten Kukuk * modules/pam_lastlog/pam_lastlog.c (last_login_read): Don't report an error if user logins the first time. * modules/pam_lastlog/README: New. * modules/pam_lastlog/Makefile.am: Add README to EXTRADIST. 2005-12-14 Thorsten Kukuk * modules/pam_deny/pam_deny.c: Fix comment. * doc/pam_appl.sgml: Fix typo. Reported by Russell Bateman 2005-12-12 Thorsten Kukuk * release version 0.99.2.1 * po/de.po: Remove new fuzzy entry * NEWS: Add 0.99.2.1 changes * configure.in: bump version number to 0.99.2.1 2005-12-12 Dmitry V. Levin Cleanup pam_syslog messages. * modules/pam_env/pam_env.c (_expand_arg): Fix compiler warning. * modules/pam_filter/pam_filter.c (set_filter): Append %m specifier to pam_syslog messages where appropriate. * modules/pam_group/pam_group.c (read_field): Likewise. * modules/pam_mkhomedir/pam_mkhomedir.c (make_remark): Remove. (create_homedir): Do not use make_remark() wrapper, call pam_info() directly. Call pam_syslog() right after failed operation and append %m specifier to pam_syslog messages where appropriate. * modules/pam_rhosts/pam_rhosts_auth.c (pam_iruserok): Replace sequence of malloc(), strcpy() and strcat() calls with asprintf(). Append %m specifier to pam_syslog messages where appropriate. * modules/pam_securetty/pam_securetty.c (securetty_perform_check): Append %m specifier to pam_syslog messages where appropriate. * modules/pam_shells/pam_shells.c (perform_check): Likewise. 2005-12-12 Tomas Mraz * modules/pam_mail/pam_mail.c (report_mail): Fixed typo in string. * po/Linux-PAM.pot: Likewise. * po/de.po: Likewise. * po/es.po: Likewise. * po/fi.po: Likewise. * po/fr.po: Likewise. * po/hu.po: Likewise. * po/it.po: Likewise. * po/ja.po: Likewise. * po/nb.po: Likewise. * po/pa.po: Likewise. * po/pl.po: Likewise. * po/pt.po: Likewise. * po/pt_BR.po: Likewise. * po/zh_CN.po: Likewise. * po/zh_TW.po: Likewise. * po/de.po: Add new translation, fixed typo in string. 2005-12-12 Mike Becher * doc/Makefile.am: Fixed install of PS, PDF, TXT and HTML files. 2005-12-12 Thorsten Kukuk * modules/pam_mail/README: Document "quiet" and "standard" options. 2005-12-07 Thorsten Kukuk * modules/pam_mail/pam_mail.c: Modify assembling of output for easier translation. * po/de.po: Translate new pam_mail messages. 2005-11-24 Thorsten Kukuk * po/de.po: Add new translation, fix wrong format specifier. * po/cs.po: Fix wrong format specifier. * po/es.po: Likewise. * po/fi.po: Likewise. * po/fr.po: Likewise. * po/hu.po: Likewise. * po/it.po: Likewise. * po/ja.po: Likewise. * po/nb.po: Likewise. * po/pa.po: Likewise. * po/pl.po: Likewise. * po/pt.po: Likewise. * po/pt_BR.po: Likewise. * po/zh_CN.po: Likewise. * po/zh_TW.po: Likewise. 2005-11-24 Dmitry V. Levin * config.h.in: Remove generated file. * .cvsignore: Add config.h.in. * configure.in: Do not check for strerror. * libpam_misc/misc_conv.c (read_string): Replace strerror() call with %m specifier. * libpamc/pamc_converse.c (pamc_converse): Likewise. * modules/pam_echo/pam_echo.c (pam_echo): Likewise. * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Likewise. * modules/pam_selinux/pam_selinux.c (security_label_tty): Likewise. (security_restorelabel_tty, security_label_tty): Append %m specifier where appropriate. * modules/pam_selinux/pam_selinux_check.c (main): Replace strerror() call with %m specifier. * modules/pam_unix/pam_unix_passwd.c (save_old_password, _update_passwd, _update_shadow): Likewise. * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise. * modules/pam_unix/unix_chkpwd.c (_update_shadow): Likewise. * po/Linux-PAM.pot: Update strings from pam_selinux. * po/cs.po: Likewise. * po/de.po: Likewise. * po/es.po: Likewise. * po/fi.po: Likewise. * po/fr.po: Likewise. * po/hu.po: Likewise. * po/it.po: Likewise. * po/ja.po: Likewise. * po/nb.po: Likewise. * po/pa.po: Likewise. * po/pl.po: Likewise. * po/pt.po: Likewise. * po/pt_BR.po: Likewise. * po/zh_CN.po: Likewise. * po/zh_TW.po: Likewise. 2005-11-23 Thorsten Kukuk * modules/pam_xauth/pam_xauth.c (pam_sm_open_session): Introduce new variable to fix compiler warning. * libpam/pam_modutil_getlogin.c (pam_modutil_getlogin): PAM_TTY don't need to start with /dev/. 2005-11-21 Thorsten Kukuk * release version 0.99.2.0 * libpam_misc/Makefile.am: Increase release number (for change from 2005-11-09) * NEWS: Adjust for 0.99.2.0 2005-11-17 Thorsten Kukuk * libpam/include/security/_pam_compat.h: Fix wrong #ifdef nesting. Redefine PAM_CHANGE_EXPIRED_AUTHTOK [#604380] 2005-11-16 Thorsten Kukuk * libpam/pam_handlers.c: Replace code for all dlopen variants with a generic wrapper. * libpam/pam_dynamic.c: Implement generic wrapper for dlopen. * libpam/pam_dynamic.h: Provide prototypes. For Mac OS X support [#534205] 2005-11-09 Tomas Mraz * modules/pam_access/pam_access.c (pam_sm_acct_mgmt): Parse correctly full path tty name. * modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Parse correctly full path tty name. Allow unset tty. (logic_member): Allow matching ':' in tty name. * modules/pam_group/pam_group.c (pam_sm_acct_mgmt): Parse correctly full path tty name. Allow unset tty. (logic_member): Allow matching ':' in tty name. * libpam_misc/misc_conv.c (read_string): Read only up to EOL if stdin is not terminal. 2005-11-07 Thorsten Kukuk * modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Use correct variable names. 2005-11-06 Steve Langasek * modules/pam_env/pam_env.c: don't treat a missing /etc/environment as a fatal error when attempting to read it, and try to read this file by default; this restores the behavior from Linux-PAM 0.76. 2005-11-02 Tomas Mraz * modules/pam_unix/support.c (_unix_getpwnam): Fix typo [#1224807] by ohyajapn. * modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Change the logic when comparing dates to handle corner cases better [#1245888]. 2005-10-31 Thorsten Kukuk * modules/pam_filter/pam_filter.c: Use XCASE only if defined [#624214] 2005-10-27 Thorsten Kukuk * doc/man/pam.8: Fix wording for authentication chapter [#1197444] 2005-10-26 Tomas Mraz * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary), modules/pam_unix/pam_unix_passwd.c (_unix_run_shadow_binary), modules/pam_unix/support.c (_unix_run_shadow_binary_): Set real uid to 0 before executing the helper if SELinux is enabled. * modules/pam_unix/unix_chkpwd.c (main): Disable user check only if real uid is 0 (CVE-2005-2977). Log failed password check attempt. 2005-10-20 Tomas Mraz * configure.in: Added check for xauth binary and --with-xauth option. * config.h.in: Added configurable PAM_PATH_XAUTH. * modules/pam_xauth/README, modules/pam_xauth/pam_xauth.8: Document where xauth is looked for. * modules/pam_xauth/pam_xauth.c (pam_sm_open_session): Implement searching xauth binary on multiple places. (run_coprocess): Don't use execvp as it can be a security risk. 2005-10-04 Steve Langasek * libpam/include/security/pam_malloc.h, libpam/include/security/pam_modules.h: Declare public header files extern "C" so that they are C++-safe. 2005-10-02 Dmitry V. Levin Steve Langasek Cleanup gratuitous use of strdup(). Fix "missing argument" checks. * modules/pam_env/pam_env.c (_pam_parse): Add const qualifier to conffile and envfile arguments. Do not use x_strdup() for conffile and envfile initialization. Fix "missing argument" checks. (_parse_config_file): Take conffile argument of type "const char *" instead of "char **". Do not free conffile. (_parse_env_file): Take env_file argument of type "const char *" instead of "char **". Do not free env_file. (pam_sm_setcred): Add const qualifier to conf_file and env_file. Pass conf_file and env_file to _parse_config_file() and _parse_env_file() by value. (pam_sm_open_session): Likewise. * modules/pam_ftp/pam_ftp.c (_pam_parse): Add const qualifier to users argument. Do not use x_strdup() for users initialization. (lookup): Add const qualifier to list argument. (pam_sm_authenticate): Add const qualifier to users argument. * modules/pam_mail/pam_mail.c (_pam_parse): Add const qualifier to maildir argument. Do not use x_strdup() for maildir initialization. Fix "missing argument" check. (get_folder): Take path_mail argument of type "const char *" instead of "char **". Do not free path_mail. (_do_mail): Add const qualifier to path_mail argument. Pass path_mail to get_folder() by value. * modules/pam_motd/pam_motd.c: Include . (pam_sm_open_session): Add const qualifier to motd_path. Do not use x_strdup() for motd_path initialization. Do not free motd_path. Fix "missing argument" check. Add "unknown option" warning. * modules/pam_userdb/pam_userdb.c (_pam_parse): Add const qualifier to database and cryptmode arguments. Fix "missing argument" checks. (pam_sm_authenticate): Add const qualifier to database and cryptmode. (pam_sm_acct_mgmt): Likewise. 2005-10-01 Steve Langasek * modules/pam_userdb/pam_userdb.c: spelling fix in log message. 2005-09-30 Steve Langasek * modules/pam_userdb/pam_userdb.c: Fix memory leak due to gratuitous use of strdup(). 2005-09-27 Thorsten Kukuk * release 0.99.1.0 * doc/specs/Makefile.am (install-data-local): Install rfc and draft. (all): Copy rfc if we build outside of source directory. 2005-09-27 Thorsten Kukuk * NEWS: Document removal of pam_radius. * autogen.sh: Make configure script executeable. * conv/pam_conv1/Makefile (EXTRA_DIST): Removed lex.yy.c (lex.yy.c): Fixed out of tree build. * conv/pam_conv1/pam_conv.y: Fix main prototype. * README: Adjust. * po/POTFILES.in: Remove files not distributed by tar archive and not containing strings for translation. 2005-09-26 Tomas Mraz * NEWS: Add a few missing entries from CHANGELOG. * AUTHORS: Fixed entries for Toady and me. * Makefile.am (M4_FILES): Fixed out of tree build. * doc/specs/Makefile.am (EXTRA_DIST): Removed lex.yy.c (spec, lex.yy.c): Fixed out of tree build. * modules/pam_userdb/README: Document try_first_pass and use_first_pass options, remove use_authtok option. 2005-09-26 Dmitry V. Levin * NEWS: Mention changes in pam_lastlog. 2005-09-26 Thorsten Kukuk * NEWS: New file. * autogen.sh: Don't generate NEWS file. * CHANGELOG: Document it as obsolete. 2005-09-26 Tomas Mraz * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): _log_err() -> pam_syslog() (pam_sm_acct_mgmt): _log_err() -> pam_syslog(), fix warning. * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): _log_err() -> pam_syslog() * modules/pam_unix/pam_unix_passwd.c: removed obsolete ifdef (getNISserver, _unix_run_shadow_binary, _update_passwd, _update_shadow, _do_setpass, _pam_unix_approve_pass, pam_sm_chauthtok): _log_err() -> pam_syslog() * modules/pam_unix/pam_unix_sess.c: removed obsolete ifdef (pam_sm_open_session, pam_sm_close_session): _log_err() -> pam_syslog() * modules/pam_unix/support.c (_log_err, converse): removed (_make_remark): use pam_prompt() instead of converse() (_set_ctrl, _cleanup_failures, _unix_run_helper_binary, _unix_verify_password, _unix_read_password): _log_err() -> pam_syslog() _cleanup(), _unix_cleanup(): Silence unused param warnings. (_cleanup_failures, _unix_verify_password, _unix_getpwnam, _unix_run_helper_binary): Silence incorrect type warnings. (_unix_read_password): Use multiple pam_prompt() and pam_info() calls instead of converse(). * modules/pam_unix/support.h (_log_err): removed * modules/pam_unix/unix_chkpwd.c (_log_err): LOG_AUTH -> LOG_AUTHPRIV 2005-09-26 Thorsten Kukuk * configure.in: Add doc/specs/Makefile. * Makefile.am: Add releasedocs rule. * doc/Makefile.am: Add specs subdir, remove files from specs directory, add rfc86.0.txt to releasedocs. * doc/specs/Makefile.am: New file. * doc/specs/formatter/parse.y: move from here ... * doc/specs/parse.y: ... here. * doc/specs/formatter/parse.lex: move from here ... * doc/specs/parse.lex: ... here. * modules/pam_mail/pam_mail.c: Mark missing strings for translation * po/Linux-PAM.pot: Add new strings from pam_mail * po/cs.po: Likewise. * po/de.po: Likewise. * po/es.po: Likewise. * po/fi.po: Likewise. * po/fr.po: Likewise. * po/hu.po: Likewise. * po/it.po: Likewise. * po/ja.po: Likewise. * po/nb.po: Likewise. * po/pa.po: Likewise. * po/pl.po: Likewise. * po/pt.po: Likewise. * po/pt_BR.po: Likewise. * po/zh_CN.po: Likewise. * po/zh_TW.po: Likewise. 2005-09-23 Tomas Mraz * modules/pam_access/pam_access.c (from_match): Support NULL from. (string_match): Support NULL string, add NONE keyword matching it. (pam_sm_acct_mgmt): Don't fail when ttyname returns NULL. * modules/pam_access/access.conf: NONE keyword description * modules/pam_access/README: NONE keyword description 2005-09-22 Dmitry V. Levin * modules/pam_xauth/pam_xauth.c: (check_acl, pam_sm_open_session, pam_sm_close_session): Strip redundant "pam_xauth: " prefix from text of log messages. (pam_sm_open_session): Replace sequence of malloc(), strcpy() and strcat() calls with asprintf(). Replace syslog() calls with pam_syslog(). * modules/pam_nologin/pam_nologin.c (parse_args): Use strncmp() instead of memcmp() for string comparison. 2005-09-21 Dmitry V. Levin * modules/pam_nologin/pam_nologin.c: Include . (parse_args): Add pam_handle_t* argument. Log unrecognized options. (perform_check): Log pam_get_user() and malloc() failures. (pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt): Pass pam_handle_t* to parse_args(). * modules/pam_mail/pam_mail.c: Include . Remove YOUR_MAIL_VERBOSE_FORMAT, YOUR_MAIL_STANDARD_FORMAT and NO_MAIL_STANDARD_FORMAT macros. (parse_args, get_folder): Cleanup error messages. (get_folder): Fix leak of the path_mail variable in case of pam_get_user() failure. Cleanup memory management. (get_mail_status): Add pam_handle_t* argument. Fix leaks of namelist variable. Cleanup memory management. Log memory allocation failures. Remove 250-byte limit on Maildir pathname. (report_mail): Mark text messages for translation. (_do_mail): Cleanup memory management. Pass pam_handle_t* to get_mail_status(). * po/Linux-PAM.pot: Update with new strings from pam_mail for translation. * po/cs.po: Likewise. * po/de.po: Likewise. * po/es.po: Likewise. * po/fi.po: Likewise. * po/fr.po: Likewise. * po/hu.po: Likewise. * po/it.po: Likewise. * po/ja.po: Likewise. * po/nb.po: Likewise. * po/pa.po: Likewise. * po/pl.po: Likewise. * po/pt.po: Likewise. * po/pt_BR.po: Likewise. * po/zh_CN.po: Likewise. * po/zh_TW.po: Likewise. 2005-09-20 Thorsten Kukuk * configure.in: Add finish translation. * po/fi.po: New. * acinclude.m4: remove libprelude macros. * m4/libprelude.m4: New. * Makefile.am (EXTRA_DIST): make sure we include all m4 macros. * libpamc/Makefile.am (EXTRA_DIST): Add License. See CHANGELOG for earlier changes.