1 2005-11-17 Thorsten Kukuk <kukuk@thkukuk.de>
3 * libpam/include/security/_pam_compat.h: Fix wrong #ifdef nesting.
4 Redefine PAM_CHANGE_EXPIRED_AUTHTOK [#604380]
6 2005-11-16 Thorsten Kukuk <kukuk@thkukuk.de>
8 * libpam/pam_handlers.c: Replace code for all dlopen variants with
10 * libpam/pam_dynamic.c: Implement generic wrapper for dlopen.
11 * libpam/pam_dynamic.h: Provide prototypes.
12 For Mac OS X support [#534205]
14 2005-11-09 Tomas Mraz <t8m@centrum.cz>
16 * modules/pam_access/pam_access.c (pam_sm_acct_mgmt): Parse correctly
18 * modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Parse correctly
19 full path tty name. Allow unset tty.
20 (logic_member): Allow matching ':' in tty name.
21 * modules/pam_group/pam_group.c (pam_sm_acct_mgmt): Parse correctly
22 full path tty name. Allow unset tty.
23 (logic_member): Allow matching ':' in tty name.
25 * libpam_misc/misc_conv.c (read_string): Read only up to EOL if stdin
28 2005-11-07 Thorsten Kukuk <kukuk@thkukuk.de>
30 * modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Use
31 correct variable names.
33 2005-11-06 Steve Langasek <vorlon@debian.org>
35 * modules/pam_env/pam_env.c: don't treat a missing
36 /etc/environment as a fatal error when attempting to read it,
37 and try to read this file by default; this restores the behavior
40 2005-11-02 Tomas Mraz <t8m@centrum.cz>
42 * modules/pam_unix/support.c (_unix_getpwnam): Fix typo [#1224807]
45 * modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Change the
46 logic when comparing dates to handle corner cases better [#1245888].
48 2005-10-31 Thorsten Kukuk <kukuk@suse.de>
50 * modules/pam_filter/pam_filter.c: Use XCASE only if defined
53 2005-10-27 Thorsten Kukuk <kukuk@suse.de>
55 * doc/man/pam.8: Fix wording for authentication chapter [#1197444]
57 2005-10-26 Tomas Mraz <t8m@centrum.cz>
59 * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary),
60 modules/pam_unix/pam_unix_passwd.c (_unix_run_shadow_binary),
61 modules/pam_unix/support.c (_unix_run_shadow_binary_): Set real
62 uid to 0 before executing the helper if SELinux is enabled.
63 * modules/pam_unix/unix_chkpwd.c (main): Disable user check only
64 if real uid is 0 (CVE-2005-2977). Log failed password check attempt.
67 2005-10-20 Tomas Mraz <t8m@centrum.cz>
69 * configure.in: Added check for xauth binary and --with-xauth option.
70 * config.h.in: Added configurable PAM_PATH_XAUTH.
71 * modules/pam_xauth/README,
72 modules/pam_xauth/pam_xauth.8: Document where xauth is looked for.
73 * modules/pam_xauth/pam_xauth.c (pam_sm_open_session): Implement
74 searching xauth binary on multiple places.
75 (run_coprocess): Don't use execvp as it can be a security risk.
77 2005-10-04 Steve Langasek <vorlon@debian.org>
79 * libpam/include/security/pam_malloc.h,
80 libpam/include/security/pam_modules.h: Declare public header
81 files extern "C" so that they are C++-safe.
83 2005-10-02 Dmitry V. Levin <ldv@altlinux.org>
84 Steve Langasek <vorlon@debian.org>
86 Cleanup gratuitous use of strdup().
87 Fix "missing argument" checks.
89 * modules/pam_env/pam_env.c (_pam_parse): Add const qualifier
90 to conffile and envfile arguments. Do not use x_strdup() for
91 conffile and envfile initialization. Fix "missing argument"
93 (_parse_config_file): Take conffile argument of type "const char *"
94 instead of "char **". Do not free conffile.
95 (_parse_env_file): Take env_file argument of type "const char *"
96 instead of "char **". Do not free env_file.
97 (pam_sm_setcred): Add const qualifier to conf_file and env_file.
98 Pass conf_file and env_file to _parse_config_file() and
99 _parse_env_file() by value.
100 (pam_sm_open_session): Likewise.
102 * modules/pam_ftp/pam_ftp.c (_pam_parse): Add const qualifier to
103 users argument. Do not use x_strdup() for users initialization.
104 (lookup): Add const qualifier to list argument.
105 (pam_sm_authenticate): Add const qualifier to users argument.
107 * modules/pam_mail/pam_mail.c (_pam_parse): Add const qualifier
108 to maildir argument. Do not use x_strdup() for maildir
109 initialization. Fix "missing argument" check.
110 (get_folder): Take path_mail argument of type "const char *"
111 instead of "char **". Do not free path_mail.
112 (_do_mail): Add const qualifier to path_mail argument.
113 Pass path_mail to get_folder() by value.
115 * modules/pam_motd/pam_motd.c: Include <syslog.h>.
116 (pam_sm_open_session): Add const qualifier to motd_path.
117 Do not use x_strdup() for motd_path initialization. Do not
118 free motd_path. Fix "missing argument" check. Add "unknown
121 * modules/pam_userdb/pam_userdb.c (_pam_parse): Add const
122 qualifier to database and cryptmode arguments. Fix "missing
124 (pam_sm_authenticate): Add const qualifier to database and cryptmode.
125 (pam_sm_acct_mgmt): Likewise.
127 2005-10-01 Steve Langasek <vorlon@debian.org>
129 * modules/pam_userdb/pam_userdb.c: spelling fix in log message.
131 2005-09-30 Steve Langasek <vorlon@debian.org>
133 * modules/pam_userdb/pam_userdb.c: Fix memory leak due to
134 gratuitous use of strdup().
136 2005-09-27 Thorsten Kukuk <kukuk@thkukuk.de>
140 * doc/specs/Makefile.am (install-data-local): Install
142 (all): Copy rfc if we build outside of source directory.
144 2005-09-27 Thorsten Kukuk <kukuk@suse.de>
146 * NEWS: Document removal of pam_radius.
147 * autogen.sh: Make configure script executeable.
149 * conv/pam_conv1/Makefile (EXTRA_DIST): Removed lex.yy.c
150 (lex.yy.c): Fixed out of tree build.
152 * conv/pam_conv1/pam_conv.y: Fix main prototype.
156 * po/POTFILES.in: Remove files not distributed by tar archive
157 and not containing strings for translation.
159 2005-09-26 Tomas Mraz <t8m@centrum.cz>
161 * NEWS: Add a few missing entries from CHANGELOG.
163 * AUTHORS: Fixed entries for Toady and me.
165 * Makefile.am (M4_FILES): Fixed out of tree build.
166 * doc/specs/Makefile.am (EXTRA_DIST): Removed lex.yy.c
167 (spec, lex.yy.c): Fixed out of tree build.
169 * modules/pam_userdb/README: Document try_first_pass and
170 use_first_pass options, remove use_authtok option.
173 2005-09-26 Dmitry V. Levin <ldv@altlinux.org>
175 * NEWS: Mention changes in pam_lastlog.
177 2005-09-26 Thorsten Kukuk <kukuk@suse.de>
180 * autogen.sh: Don't generate NEWS file.
181 * CHANGELOG: Document it as obsolete.
183 2005-09-26 Tomas Mraz <t8m@centrum.cz>
185 * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary):
186 _log_err() -> pam_syslog()
187 (pam_sm_acct_mgmt): _log_err() -> pam_syslog(), fix warning.
188 * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate):
189 _log_err() -> pam_syslog()
190 * modules/pam_unix/pam_unix_passwd.c: removed obsolete ifdef
191 (getNISserver, _unix_run_shadow_binary, _update_passwd,
192 _update_shadow, _do_setpass, _pam_unix_approve_pass,
193 pam_sm_chauthtok): _log_err() -> pam_syslog()
194 * modules/pam_unix/pam_unix_sess.c: removed obsolete ifdef
195 (pam_sm_open_session, pam_sm_close_session):
196 _log_err() -> pam_syslog()
197 * modules/pam_unix/support.c (_log_err, converse): removed
198 (_make_remark): use pam_prompt() instead of converse()
199 (_set_ctrl, _cleanup_failures, _unix_run_helper_binary,
200 _unix_verify_password, _unix_read_password):
201 _log_err() -> pam_syslog()
202 _cleanup(), _unix_cleanup(): Silence unused param warnings.
203 (_cleanup_failures, _unix_verify_password, _unix_getpwnam,
204 _unix_run_helper_binary): Silence incorrect type warnings.
205 (_unix_read_password): Use multiple pam_prompt() and pam_info() calls
206 instead of converse().
207 * modules/pam_unix/support.h (_log_err): removed
208 * modules/pam_unix/unix_chkpwd.c (_log_err): LOG_AUTH -> LOG_AUTHPRIV
210 2005-09-26 Thorsten Kukuk <kukuk@suse.de>
212 * configure.in: Add doc/specs/Makefile.
213 * Makefile.am: Add releasedocs rule.
214 * doc/Makefile.am: Add specs subdir, remove files from specs
215 directory, add rfc86.0.txt to releasedocs.
216 * doc/specs/Makefile.am: New file.
217 * doc/specs/formatter/parse.y: move from here ...
218 * doc/specs/parse.y: ... here.
219 * doc/specs/formatter/parse.lex: move from here ...
220 * doc/specs/parse.lex: ... here.
222 * modules/pam_mail/pam_mail.c: Mark missing strings for translation
223 * po/Linux-PAM.pot: Add new strings from pam_mail
224 * po/cs.po: Likewise.
225 * po/de.po: Likewise.
226 * po/es.po: Likewise.
227 * po/fi.po: Likewise.
228 * po/fr.po: Likewise.
229 * po/hu.po: Likewise.
230 * po/it.po: Likewise.
231 * po/ja.po: Likewise.
232 * po/nb.po: Likewise.
233 * po/pa.po: Likewise.
234 * po/pl.po: Likewise.
235 * po/pt.po: Likewise.
236 * po/pt_BR.po: Likewise.
237 * po/zh_CN.po: Likewise.
238 * po/zh_TW.po: Likewise.
240 2005-09-23 Tomas Mraz <t8m@centrum.cz>
242 * modules/pam_access/pam_access.c (from_match): Support NULL from.
243 (string_match): Support NULL string, add NONE keyword matching it.
244 (pam_sm_acct_mgmt): Don't fail when ttyname returns NULL.
245 * modules/pam_access/access.conf: NONE keyword description
246 * modules/pam_access/README: NONE keyword description
248 2005-09-22 Dmitry V. Levin <ldv@altlinux.org>
250 * modules/pam_xauth/pam_xauth.c: (check_acl, pam_sm_open_session,
251 pam_sm_close_session): Strip redundant "pam_xauth: " prefix from
252 text of log messages.
253 (pam_sm_open_session): Replace sequence of malloc(), strcpy()
254 and strcat() calls with asprintf(). Replace syslog() calls
257 * modules/pam_nologin/pam_nologin.c (parse_args): Use strncmp()
258 instead of memcmp() for string comparison.
260 2005-09-21 Dmitry V. Levin <ldv@altlinux.org>
262 * modules/pam_nologin/pam_nologin.c: Include <syslog.h>.
263 (parse_args): Add pam_handle_t* argument. Log unrecognized
265 (perform_check): Log pam_get_user() and malloc() failures.
266 (pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt):
267 Pass pam_handle_t* to parse_args().
269 * modules/pam_mail/pam_mail.c: Include <errno.h>.
270 Remove YOUR_MAIL_VERBOSE_FORMAT, YOUR_MAIL_STANDARD_FORMAT and
271 NO_MAIL_STANDARD_FORMAT macros.
272 (parse_args, get_folder): Cleanup error messages.
273 (get_folder): Fix leak of the path_mail variable in case of
274 pam_get_user() failure. Cleanup memory management.
275 (get_mail_status): Add pam_handle_t* argument. Fix leaks of
276 namelist variable. Cleanup memory management. Log memory
277 allocation failures. Remove 250-byte limit on Maildir pathname.
278 (report_mail): Mark text messages for translation.
279 (_do_mail): Cleanup memory management. Pass pam_handle_t*
280 to get_mail_status().
282 * po/Linux-PAM.pot: Update with new strings from pam_mail for
284 * po/cs.po: Likewise.
285 * po/de.po: Likewise.
286 * po/es.po: Likewise.
287 * po/fi.po: Likewise.
288 * po/fr.po: Likewise.
289 * po/hu.po: Likewise.
290 * po/it.po: Likewise.
291 * po/ja.po: Likewise.
292 * po/nb.po: Likewise.
293 * po/pa.po: Likewise.
294 * po/pl.po: Likewise.
295 * po/pt.po: Likewise.
296 * po/pt_BR.po: Likewise.
297 * po/zh_CN.po: Likewise.
298 * po/zh_TW.po: Likewise.
300 2005-09-20 Thorsten Kukuk <kukuk@suse.de>
302 * configure.in: Add finish translation.
305 * acinclude.m4: remove libprelude macros.
306 * m4/libprelude.m4: New.
308 * Makefile.am (EXTRA_DIST): make sure we include all m4 macros.
310 * libpamc/Makefile.am (EXTRA_DIST): Add License.
312 See CHANGELOG for earlier changes.