1 2009-09-29 Piotr Drąg <piotrdrag@gmail.com>
3 * po/pl.po: Updated translations.
5 2009-09-21 Yulia Poyarkova <yulia.poyarkova@redhat.com>
7 * po/ru.po: Updated translations.
9 2009-09-17 Kiyoto Hashida <khashida@redhat.com>
11 * po/ja.po: Updated translations.
13 2009-09-17 Eunju Kim <eukim@redhat.com>
15 * po/ko.po: Updated translations.
17 2009-09-17 Yulia Poyarkova <yulia.poyarkova@redhat.com>
19 * po/ru.po: Updated translations.
21 2009-09-10 Steve Langasek <vorlon@debian.org>
23 * modules/pam_securetty/pam_securetty.c: pam_securetty should not
24 return PAM_USER_UNKNOWN when the tty is secure, regardless of what
25 was entered as a username.
26 Patch from Nicolas François <nicolas.francois@centraliens.net>.
28 2009-08-31 Steve Langasek <vorlon@debian.org>
30 * modules/pam_namespace/namespace.init: make this portable to POSIX
31 awk, instead of using GNU awk extensions.
33 2009-08-25 Steve Langasek <vorlon@debian.org>
35 * modules/pam_sepermit/pam_sepermit.8.xml: fix up one reference
36 to pam.d(8) left behind because I've forgotten how CVS works
37 * po/es.po: fix missing whitespace in password prompts.
39 2009-08-24 Steve Langasek <vorlon@debian.org>
41 * doc/pam_get_authtok.3.xml: grammar fix.
42 * doc/adg/Linux-PAM-ADG.xml: Likewise.
43 * doc/mwg/Linux-PAM_MWG.xml: Likewise.
44 * doc/man/pam_setcred.3.xml: fix a typo.
46 2009-07-21 Thorsten Kukuk <kukuk@thkukuk.de>
48 * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Delete
49 new token if it does not match strength criteria.
51 2009-06-29 Thorsten Kukuk <kukuk@thkukuk.de>
53 * modules/pam_unix/yppasswd_xdr.c: Remove unnecessary header files.
55 * modules/pam_unix/support.c (_unix_getpwnam): Only compile in NIS
56 support if all necessary functions exist.
58 * modules/pam_unix/pam_unix_passwd.c (getNISserver): Add debug
59 option, handle correct if OS has no NIS support.
61 * modules/pam_access/pam_access.c (netgroup_match): Check if
62 yp_get_default_domain and innetgr are available at compile time.
64 * configure.in: Check for functions: innetgr, getdomainname
65 check for headers: rpcsvc/ypclnt.h, rpcsvc/yp_prot.h.
67 2009-06-29 Thorsten Kukuk <kukuk@thkukuk.de>
69 * modules/pam_unix/pam_unix.8.xml: Fix blowfish description.
70 Reported by Diego E. “Flameeyes” Pettenò.
72 2009-06-26 Thorsten Kukuk <kukuk@thkukuk.de>
74 * modules/pam_namespace/Makefile.am: Fix make maintainer-clean,
75 fix docu dependencies.
77 * modules/pam_xauth/Makefile.am: Fix make maintainer-clean.
78 * modules/pam_access/Makefile.am: Likewise.
79 * modules/pam_debug/Makefile.am: Likewise.
80 * modules/pam_deny/Makefile.am: Likewise.
81 * modules/pam_echo/Makefile.am: Likewise.
82 * modules/pam_env/Makefile.am: Likewise.
83 * modules/pam_faildelay/Makefile.am: Likewise.
84 * modules/pam_ftp/Makefile.am: Likewise.
85 * modules/pam_group/Makefile.am: Likewise.
86 * modules/pam_issue/Makefile.am: Likewise.
87 * modules/pam_keyinit/Makefile.am: Likewise.
88 * modules/pam_lastlog/Makefile.am: Likewise.
89 * modules/pam_limits/Makefile.am: Likewise.
90 * modules/pam_listfile/Makefile.am: Likewise.
91 * modules/pam_localuser/Makefile.am: Likewise.
92 * modules/pam_loginuid/Makefile.am: Likewise.
93 * modules/pam_mail/Makefile.am: Likewise.
94 * modules/pam_mkhomedir/Makefile.am: Likewise.
95 * modules/pam_motd/Makefile.am: Likewise.
96 * modules/pam_nologin/Makefile.am: Likewise.
97 * modules/pam_pwhistory/Makefile.am: Likewise.
98 * modules/pam_rhosts/Makefile.am: Likewise.
99 * modules/pam_rootok/Makefile.am: Likewise.
100 * modules/pam_securetty/Makefile.am: Likewise.
101 * modules/pam_shells/Makefile.am: Likewise.
102 * modules/pam_succeed_if/Makefile.am: Likewise.
103 * modules/pam_tally2/Makefile.am: Likewise.
104 * modules/pam_tally/Makefile.am: Likewise.
105 * modules/pam_time/Makefile.am: Likewise.
106 * modules/pam_timestamp/Makefile.am: Likewise.
107 * modules/pam_tty_audit/Makefile.am: Likewise.
108 * modules/pam_umask/Makefile.am: Likewise.
109 * modules/pam_unix/Makefile.am: Likewise.
110 * modules/pam_warn/Makefile.am: Likewise.
111 * modules/pam_wheel/Makefile.am: Likewise.
112 * modules/pam_filter/Makefile.am: Likewise.
114 * configure.in: Make regeneration of docu configureable,
115 rename enable_man to enable_docu.
117 * modules/pam_env/pam_env.c (_pam_parse): Fix typo in debug
120 * modules/pam_cracklib/Makefile.am: Don't install docu if
121 module is disabled for building.
122 * modules/pam_userdb/Makefile.am: Likewise.
124 * modules/pam_unix/pam_unix_passwd.c: Remove dead SELinux
127 * modules/pam_lastlog/pam_lastlog.c (last_login_failed): Fix
128 usage of wrong variable [bug#2809661].
130 2009-06-25 Thorsten Kukuk <kukuk@thkukuk.de>
132 * configure.in: Rename crypt_gensalt_rn to crypt_gensalt_r
133 * modules/pam_unix/passverify.c: Likewise.
135 2009-06-19 Thorsten Kukuk <kukuk@thkukuk.de>
137 * release version 1.1.0
139 2009-06-16 Thorsten Kukuk <kukuk@thkukuk.de>
141 * doc/sag/Linux-PAM_SAG.xml: Fix typos.
142 * doc/adg/Linux-PAM_ADG.xml: Likewise.
143 * doc/mwg/Linux-PAM_MWG.xml: Likewise.
145 2009-06-08 Rajesh Ranjan <rajesh672@gmail.com>
147 * po/hi.po: Updated translations.
149 2009-06-01 Jaswinder Singh <jsingh@redhat.com>
151 * po/pa.po: Updated translations.
153 2009-06-01 Tomáš Mráz <t8m@centrum.cz>
155 * modules/pam_pwhistory/opasswd.c (save_old_password): Don't
156 call fclose() on NULL descriptor. Found by Steve Grubb.
158 2009-06-01 Ville Skyttä <ville.skytta@iki.fi>
160 * modules/pam_limits/pam_limits.8.xml: Only *.conf
161 files are parsed. Spelling fixes.
162 * modules/pam_access/pam_access.8.xml: Spelling fixes.
163 * modules/pam_cracklib/pam_cracklib.8.xml: Likewise.
164 * modules/pam_echo/pam_echo.8.xml: Likewise.
165 * modules/pam_env/pam_env.8.xml: Likewise.
166 * modules/pam_exec/pam_exec.8.xml: Likewise.
167 * modules/pam_filter/pam_filter.8.xml: Likewise.
168 * modules/pam_ftp/pam_ftp.8.xml: Likewise.
169 * modules/pam_group/pam_group.8.xml: Likewise.
170 * modules/pam_issue/pam_issue.8.xml: Likewise.
171 * modules/pam_lastlog/pam_lastlog.8.xml: Likewise.
172 * modules/pam_listfile/pam_listfile.8.xml: Likewise.
173 * modules/pam_localuser/pam_localuser.8.xml: Likewise.
174 * modules/pam_loginuid/pam_loginuid.8.xml: Likewise.
175 * modules/pam_mkhomedir/pam_mkhomedir.8.xml: Likewise.
176 * modules/pam_motd/pam_motd.8.xml: Likewise.
177 * modules/pam_namespace/pam_namespace.8.xml: Likewise.
178 * modules/pam_pwhistory/pam_pwhistory.8.xml: Likewise.
179 * modules/pam_selinux/pam_selinux.8.xml: Likewise.
180 * modules/pam_succeed_if/pam_succeed_if.8.xml: Likewise.
181 * modules/pam_tally/pam_tally.8.xml: Likewise.
182 * modules/pam_tally2/pam_tally2.8.xml: Likewise.
183 * modules/pam_time/pam_time.8.xml: Likewise.
184 * modules/pam_timestamp/pam_timestamp.8.xml: Likewise.
185 * modules/pam_timestamp/pam_timestamp_check.8.xml: Likewise.
186 * modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise.
187 * modules/pam_umask/pam_umask.8.xml: Likewise.
188 * modules/pam_unix/pam_unix.8.xml: Likewise.
189 * modules/pam_xauth/pam_xauth.8.xml: Likewise.
191 2009-05-28 Jaswinder Singh <jsingh@redhat.com>
193 * po/pa.po: Updated translations.
195 2009-05-21 Albert Carabasa Giribet <albertc@asic.udl.cat>
197 * po/ca.po: Updated translations.
199 2009-05-11 Ani Peter <anipeter@fedoraproject.org>
201 * po/ml.po: Updated translations.
203 2009-05-11 Charles-Antoine Couret <cacouret@wanadoo.fr>
205 * po/fr.po: Updated translations.
207 2009-05-11 Tomáš Mráz <t8m@centrum.cz>
209 * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): Remove
210 unnecessary setuid() call.
212 2009-05-05 Thorsten Kukuk <kukuk@thkukuk.de>
214 * release version 1.0.92
215 * libpamc/Makefile.am (libpamc_la_LDFLAGS): Increase revesion.
216 * configure.in: Increase version to 1.0.92.
218 2009-04-20 Mario Santagiuliana <mario@marionline.it>
220 * po/it.po: Updated translations.
222 2009-04-17 Fabian Affolter <fab@fedoraproject.org>
224 * po/de.po: Updated translations.
226 2009-04-16 Tomáš Mráz <t8m@centrum.cz>
228 * modules/pam_succeed_if/pam_succeed_if.c (evaluate): Add user
229 parameter. Use user instead of pwd->pw_name in comparsions.
230 (pam_sm_authenticate): Pass the original user to evaluate().
232 2009-04-14 Amitakhya Phukan <aphukan@fedoraproject.org>
234 * po/as.po: Updated translations.
236 2009-04-14 Runa Bhattacharjee <runab@fedoraproject.org>
238 * po/bn_IN.po: Updated translations.
240 2009-04-14 Sweta Kothari <swkothar@redhat.com>
242 * po/gu.po: Updated translations.
244 2009-04-14 Sandeep Shedmake <sandeep.shedmake@gmail.com>
246 * po/mr.po: Updated translations.
248 2009-04-14 Rui Gouveia <rui.gouveia@globaltek.pt>
250 * po/pt.po: Updated translations.
252 2009-04-14 I. Felix <ifelix@redhat.com>
254 * po/ta.po: Updated translations.
256 2009-04-14 Krishna Babu K <kkrothap@redhat.com>
258 * po/te.po: Updated translations.
260 2009-04-09 Thorsten Kukuk <kukuk@thkukuk.de>
262 * modules/pam_unix/yppasswd.h: Update license to GPLv2 or later
263 on request of Olaf Kirch (Author).
264 * modules/pam_unix/yppasswd_xdr.c: Likewise.
266 2009-04-06 R.E. van der Luit <nippur@fedoraproject.org>
268 * po/nl.po: Updated translations.
270 2009-04-06 Terry Chuang <tchuang@redhat.com>
272 * po/zh_TW.po: Updated translations.
274 2009-04-03 Shankar Prasad <svenkate@redhat.com>
276 * po/kn.po: Updated translations.
278 2009-04-03 Manoj Kumar Giri <mgiri@redhat.com>
280 * po/or.po: Updated translations.
282 2009-04-03 Miloš Komarčević <kmilos@gmail.com>
284 * po/sr.po: Updated translations.
285 * po/sr@latin.po: Updated translations.
287 2009-04-03 Leah Liu <lliu@redhat.com>
289 * po/zh_CN.po: Updated translations.
291 2009-04-03 Dmitry V. Levin <ldv@altlinux.org>
293 * libpamc/pamc_load.c (__pamc_exec_agent): Replace call to exit(3)
294 in child process with call to _exit(2).
295 * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Likewise.
296 * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary):
298 * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary):
300 * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
301 * modules/pam_xauth/pam_xauth.c (run_coprocess): Likewise.
302 * modules/pam_exec/pam_exec.c (call_exec): Replace all calls to
303 exit(3) in child process with calls to _exit(2).
304 * modules/pam_filter/pam_filter.c (set_filter): Likewise.
305 * modules/pam_namespace/pam_namespace.c (inst_init,
306 cleanup_tmpdirs): Likewise.
308 2009-03-27 Thorsten Kukuk <kukuk@thkukuk.de>
310 * modules/pam_unix/support.c (_unix_run_helper_binary): Don't
311 ignore return value of write().
313 * libpamc/include/security/pam_client.h (PAM_BP_ASSERT): Honour
315 * modules/pam_timestamp/pam_timestamp.c: don't ignore return
316 values of lchown and fchown.
318 2009-03-25 Thorsten Kukuk <kukuk@thkukuk.de>
320 * modules/pam_mkhomedir/pam_mkhomedir.c: Make option handling
322 (_pam_parse): Fix umask option.
324 * modules/pam_unix/passverify.c: Fix typo.
326 * modules/pam_issue/pam_issue.c: Fix compiler warning.
327 * modules/pam_ftp/pam_ftp.c: Likewise.
329 2009-03-25 Pavol Šimo <palo.simo@gmail.com>
331 * po/sk.po: Updated translations.
333 2009-03-24 Sulyok Péter <peti@sulyok.hu>
335 * po/hu.po: Updated translations.
337 2009-03-24 Domingo Becker <domingobecker@gmail.com>
339 * po/es.po: Updated translations.
341 2009-03-24 Diego Búrigo Zacarão <diegobz@projetofedora.org>
343 * po/pt_BR.po: Updated translations.
345 2009-03-24 Piotr Drąg <piotrdrag@gmail.com>
347 * po/pl.po: Updated translations.
349 2009-03-24 Tomas Mraz <t8m@centrum.cz>
351 * modules/pam_unix/passverify.c(save_old_password): Call fflush() and
353 (unix_update_passwd, unix_update_shadow): Likewise.
354 * modules/pam_pwhistory/opasswd.c(save_old_password): Likewise.
356 * po/cs.po: Updated translations.
358 2009-03-09 Thorsten Kukuk <kukuk@thkukuk.de>
360 * release version 1.0.91
362 * libpam/Makefile.am (libpam_la_LDFLAGS): Bump version number.
363 * xtests/Makefile.am: Add tst-pam_unix4.pamd, tst-pam_unix4.sh
366 2009-03-03 Dmitry V. Levin <ldv@altlinux.org>
368 * tests/tst-pam_mkargv.c (main): Fix for non-64bit architectures.
370 2009-03-03 Tomas Mraz <t8m@centrum.cz>
372 * modules/pam_unix/pam_unix_acct.c(_unix_run_verify_binary): Test
373 for abnormal exit of the helper binary.
374 * modules/pam_unix/pam_unix_passwd.c(_unix_run_update_binary): Likewise.
375 * modules/pam_unix/support.c(_unix_run_helper_binary): Likewise.
376 * modules/pam_mkhomedir/pam_mkhomedir.c(create_homedir): Likewise.
378 2009-02-27 Tomas Mraz <t8m@centrum.cz>
380 * modules/pam_mkhomedir/pam_mkhomedir.c(create_homedir): Replace
381 signal() with sigaction().
382 * modules/pam_namespace/pam_namespace.c(inst_init, cleanup_tmpdirs):
384 * modules/pam_unix/pam_unix_acct.c(_unix_run_verify_binary): Likewise.
385 * modules/pam_unix/pam_unix_passwd.c(_unix_run_update_binary):
387 * modules/pam_unix/passverify.c(su_sighandler): Likewise.
388 * modules/pam_unix/support.c(_unix_run_helper_binary): Likewise.
390 * modules/pam_tally2/Makefile.am: Link the pam_tally2 app to libpam
391 for auxiliary functions.
392 * modules/pam_tally2/pam_tally2.8.xml: Drop non-existing no_reset
393 option. Document new serialize option.
394 * modules/pam_tally2/pam_tally2.c: Add support for the new serialize
396 (_cleanup, tally_set_data, tally_get_data): Add tally file handle to
397 tally PAM data. Needed for fcntl() locking.
398 (get_tally): Use low level file access instead of stdio buffered FILE.
399 If serialize option is used lock the tally file access.
400 (set_tally, tally_bump, tally_reset): Use low level file access instead
401 of stdio buffered FILE. Close the file handle only when it is not owned
403 (pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt): Pass the tally
404 file handle to tally_set_data(). Get it from tally_get_data().
405 (main): Use low level file access instead of stdio buffered FILE.
407 2009-02-26 Tomas Mraz <t8m@centrum.cz>
409 * xtests/Makefile.am: Add tst-pam_unix4.
410 * xtests/tst-pam_unix4.c: New test for password change
411 and shadow min days limit.
412 * xtests/tst-pam_unix4.pamd: Likewise.
413 * xtests/tst-pam_unix4.sh: Likewise.
415 * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Ignore
416 PAM_AUTHTOK_ERR on shadow verification.
417 * modules/pam_unix/passverify.c (check_shadow_expiry): Return
418 PAM_AUTHTOK_ERR if sp_min limit for password change is defied.
420 2009-02-26 Timur Birsh <taem@linukz.org>
422 * po/LINGUAS: New Kazakh translation.
423 * po/kk.po: New Kazakh translation.
425 2009-02-25 Thorsten Kukuk <kukuk@thkukuk.de>
427 * libpam/pam_misc.c (_pam_StrTok): Use unsigned char
428 instead of int. Reported by Marcus Granado.
429 * tests/Makefile.am (TESTS): Add tst-pam_mkargv.
430 * tests/tst-pam_mkargv.c (main): Test case for
433 * po/de.po: Update fuzzy translations.
435 2009-02-25 Tomas Mraz <t8m@centrum.cz>
437 * xtests/access.conf: Add a line for name resolution test case.
438 * xtests/tst-pam_access4.c (main): Set PAM_RHOST for testing the LOCAL
439 keyword. Add a test case for name resolution.
441 * modules/pam_access/pam_access.c (from_match): Move name resolution
442 to network_netmask_match().
443 (network_netmask_match): Do a name resolution of the origin only if
444 matching against a real network/netmask.
446 2009-02-25 Fabian Affolter <fabian@bernewireless.net>
448 * po/de.po: Updated translations.
450 2009-02-25 Taylon Silmer Lacerda Silva <taylonsilva@gmail.com>
452 * po/pt_BR.po: Updated translations.
454 2009-02-25 Domingo Becker <domingobecker@gmail.com>
456 * po/es.po: Updated translations.
458 2009-02-20 Thorsten Kukuk <kukuk@thkukuk.de>
460 * modules/pam_limits/limits.conf.5.xml: Document that the kernel
461 can refuse values out of range for the local system.
462 * modules/pam_limits/pam_limits.c (setup_limits): Log if setrlimit
465 2009-02-18 Thorsten Kukuk <kukuk@thkukuk.de>
467 * libpam/pam_password.c (pam_chauthtok): Make sure applications
468 don't set internal flags.
470 2009-02-17 Thorsten Kukuk <kukuk@thkukuk.de>
472 * doc/man/pam_sm_chauthtok.3.xml: Document that sufficient
473 can break the PRELIM_CHECK chain.
475 * libpam/pam_dispatch.c: Don't freeze chain for chauthtok
476 [bugzilla.novell.com#470337]
478 2009-02-11 Daniel Nylander <po@danielnylander.se>
480 * po/sv.po: Updated translations.
482 2009-01-29 Thorsten Kukuk <kukuk@thkukuk.de>
484 * doc/man/pam_sm_setcred.3.xml: Document PAM_ESTABLISH_CRED.
486 2009-01-19 Tomas Mraz <t8m@centrum.cz>
488 * modules/pam_mkhomedir/Makefile.am: Add mkhomedir_helper.
489 * modules/pam_mkhomedir/mkhomedir_helper.8.xml: New file. Manual page
490 for mkhomedir_helper.
491 * modules/pam_mkhomedir/mkhomedir_helper.c: New file. Source
492 for mkhomedir_helper. Most of the code moved from pam_mkhomedir.c.
493 * modules/pam_mkhomedir/pam_mkhomedir.c (_pam_parse): Do not convert umask
495 (rec_mkdir): Moved to mkhomedir_helper.c.
496 (create_homedir): Just exec the helper.
497 (pam_sm_open_session): Improve logging.
499 2009-01-19 Daniel Cabrera <h.daniel.cabrera@gmail.com>
501 * po/es.po: Updated translations.
503 2009-01-14 Thorsten Kukuk <kukuk@thkukuk.de>
505 * po/de.po: Updated translations.
507 2009-01-07 Piotr Drąg <piotrdrag@gmail.com>
509 * po/pl.po: Updated translations.
511 2008-12-23 Piotr Drąg <piotrdrag@gmail.com>
513 * po/pl.po: Updated translations.
515 2008-12-18 Thorsten Kukuk <kukuk@thkukuk.de>
517 * modules/pam_pwhistory/pam_pwhistory.c (parse_option): Rename
518 type= option to authtok_type= (because of pam_get_authtok).
519 * modules/pam_pwhistory/pam_pwhistory.8.xml: Likewise.
521 2008-12-17 Tomas Mraz <t8m@centrum.cz>
523 * modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Do
524 not abort on unknown option. Avoid double free of old_status.
525 (pam_sm_close_session): Use LOG_DEBUG for restored status message.
527 * configure.in: Test for getseuser().
528 * modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Call getseuser()
529 instead of getseuserbyname() if the function is available.
531 2008-12-12 Thorsten Kukuk <kukuk@thkukuk.de>
533 * release version 1.0.90
535 * libpam_misc/Makefile.am: Increase version number of shared library.
536 * libpamc/Makefile.am: Likewise.
538 2008-12-12 Tomas Mraz <t8m@centrum.cz>
540 * modules/pam_tally2/pam_tally2.c (get_tally): Test for EACCES
542 * modules/pam_tally2/pam_tally2.8.xml: Fix documentation.
544 2008-12-10 Thorsten Kukuk <kukuk@thkukuk.de>
546 * doc/man/pam_item_types_ext.inc.xml: Document PAM_AUTHTOK_TYPE.
547 * libpam/pam_end.c (pam_end): Free authtok_type.
548 * tests/tst-pam_get_item.c: Add PAM_AUTHTOK_TYPE
550 * tests/tst-pam_set_item.c: Likewise.
551 * libpam/pam_start.c (pam_start): Initialize xdisplay,
552 xauth and authtok_type.
553 * libpam/pam_get_authtok.c (pam_get_authtok): Rename "type"
555 * modules/pam_cracklib/pam_cracklib.8.xml: Replace "type=" with
557 * doc/man/pam_get_authtok.3.xml: Document authtok_type argument.
558 * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Set
559 type= argument as PAM_AUTHTOK_TYPE item.
560 * libpam/pam_get_authtok.c (pam_get_authtok): If no type
561 argument given, use PAM_AUTHTOK_TYPE item.
562 * libpam/pam_item.c (pam_get_item): Fetch PAM_AUTHTOK_TYPE item.
563 (pam_set_item): Store PAM_AUTHTOK_TYPE item.
564 * libpam/pam_private.h: Add authtok_type to pam_handle.
565 * libpam/include/security/_pam_types.h (PAM_AUTHTOK_TYPE): New.
567 2008-12-03 Thorsten Kukuk <kukuk@thkukuk.de>
569 * modules/pam_access/access.conf.5.xml: Replace
570 2001:4ca0 with 2001:db8:: [bug#2356400].
572 * doc/man/Makefile.am: Add pam_get_authtok.3.xml.
573 * doc/man/pam_get_authtok.3.xml: New.
574 * libpam/Makefile.am: Add pam_get_authtok.c.
575 * libpam/libpam.map: Export pam_get_authtok.
576 * libpam/pam_get_authtok.c: New.
577 * libpam/pam_private.h: Add mod_argc and mod_argv to pam_handle.
578 * libpam_include/security/pam_ext.h: Add pam_get_authtok
580 * modules/pam_cracklib/pam_cracklib.c: Use pam_get_authtok.
581 * modules/pam_pwhistory/pam_pwhistory.c: Likewise.
582 * po/POTFILES.in: Add libpam/pam_get_authtok.c.
583 * xtests/tst-pam_cracklib1.c: Adjust error codes.
585 * modules/pam_timestamp/Makefile.am: Remove hmactest.c from
588 * po/*.po: Regenerated.
590 2008-12-02 Michael Calmer <mc@suse.de>
592 * modules/pam_limits/limits.conf.5.xml: Document valid values
593 for limits (bnc#448314).
595 2008-12-02 Thorsten Kukuk <kukuk@thkukuk.de>
597 * modules/pam_env/pam_env.c: Add support for user specific
598 environment file. Based on a patch from Ubuntu.
599 * modules/pam_env/pam_env.8.xml: Document new options.
601 2008-12-02 Olivier Fourdan <ofourdan@redhat.com>
603 * modules/pam_filter/pam_filter.c (master): Use /dev/ptmx
604 instead of the old BSD pseudoterminal API.
605 (set_filter): Call grantpt(), unlockpt() and ptsname(). Do not
606 close pseudoterminal handle in filter child.
607 * modules/pam_filter/upperLOWER/upperLOWER.c (main): Use
608 regular read() instead of pam_modutil_read() to allow for
611 2008-12-02 Tomas Mraz <t8m@centrum.cz>
613 * modules/pam_timestamp/Makefile.am: Add hmacfile to tests.
614 * modules/pam_timestamp/hmacfile.c: Do not try the short key
617 2008-12-01 Tomas Mraz <t8m@centrum.cz>
619 * modules/pam_unix/support.h: Fix masks for cipher algorithm
622 2008-12-01 Thorsten Kukuk <kukuk@thkukuk.de>
624 * modules/pam_unix/pam_unix.8.xml: Document blowfish option.
626 * configure.in: Check for crypt_gensalt_rn.
627 * modules/pam_unix/pam_unix_passwd.c: Pass pamh to
628 create_password_hash function.
629 * modules/pam_unix/passverify.c (create_password_hash): Add
631 * modules/pam_unix/passverify.h: Adjust create_password_hash
633 * modules/pam_unix/support.c: Add support for blowfish option.
634 * modules/pam_unix/support.h: Add defines for blowfish option.
635 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
637 2008-12-01 Tomas Mraz <t8m@centrum.cz>
639 * modules/pam_access/pam_access.8.xml: Fix description of nodefgroup
642 * modules/pam_group/pam_group.c (is_same): Fix check for correct
645 2008-11-29 Thorsten Kukuk <kukuk@thkukuk.de>
647 * configure.in: Check for xcrypt.h, fix typo in libaudit check.
648 * modules/pam_cracklib/pam_cracklib.c: Include xcrypt.h if
650 * modules/pam_unix/bigcrypt.c: Likewise.
651 * modules/pam_unix/passverify.c: Likewise.
652 * modules/pam_userdb/pam_userdb.c: Likewise.
653 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
655 * doc/man/pam_getenv.3.xml: Document that application should
656 not free return value.
658 * doc/man/pam.3.xml: Add Note about thread-safeness of libpam
661 2008-11-28 Tomas Mraz <t8m@centrum.cz>
663 * modules/pam_unix/unix_update.c (set_password): Allow root to change
664 passwords without verification of the old ones.
666 * modules/pam_tally2/pam_tally2.c (tally_check): Fix info format
667 to be the same as in pam_tally.
669 * configure.in: Add modules/pam_timestamp/Makefile.
670 * doc/sag/Linux-PAM_SAG.xml: Include pam_timestamp.xml.
671 * doc/sag/pam_timestamp.xml: New.
672 * libpam/pam_static_modules.h: Add pam_timestamp static struct.
673 * modules/Makefile.am: Add pam_timestamp directory.
674 * modules/pam_timestamp/Makefile.am: New.
675 * modules/pam_timestamp/README.xml: New.
676 * modules/pam_timestamp/hmacsha1.h: New.
677 * modules/pam_timestamp/sha1.h: New.
678 * modules/pam_timestamp/pam_timestamp.8.xml: New.
679 * modules/pam_timestamp/pam_timestamp_check.8.xml: New.
680 * modules/pam_timestamp/pam_timestamp.c: New.
681 * modules/pam_timestamp/pam_timestamp_check.c: New.
682 * modules/pam_timestamp/hmacfile.c: New.
683 * modules/pam_timestamp/hmacsha1.c: New.
684 * modules/pam_timestamp/sha1.c: New.
685 * modules/pam_timestamp/tst-pam_timestamp: New.
686 * po/POTFILES.in: Add pam_timestamp sources.
687 * po/*.po: Regenerate.
688 * po/cs.po: Updated translations.
690 2008-11-25 Thorsten Kukuk <kukuk@thkukuk.de>
692 * modules/pam_pwhistory/opasswd.c (save_old_password): Fix typo.
694 * modules/pam_time/pam_time.c (is_same): Fix check
695 of correct string length (debian bug #326407).
697 2008-11-24 Thorsten Kukuk <kukuk@thkukuk.de>
699 * xtests/Makefile.am: Add pam_time1 tests.
700 * xtests/tst-pam_time1.c: New test case.
701 * xtests/tst-pam_time1.pamd: New.
702 * xtests/time.conf: New.
703 * xtests/run-xtests.sh: Copy time.conf.
705 2008-11-24 Tomas Mraz <t8m@centrum.cz>
707 * libpam/pam_handlers.c (_pam_parse_conf_file): '-' at
708 beginning of type token marks silent module.
709 (_pam_load_module): Add handler_type parameter. Do not log
710 module load error if module is silent.
711 (_pam_add_handler): Pass handler_type to _pam_load_module().
712 * libpam/pam_private.h: Add PAM_HT_SILENT_MODULE.
713 * doc/man/pam.conf-syntax.xml: Document the '-' at beginning
716 * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Fix leaks
718 * modules/pam_env/pam_env.c (_parse_env_file): Remove superfluous
720 * modules/pam_group/pam_group.c (check_account): Fix leak
722 * modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): Fix leak
724 * modules/pam_securetty/pam_securetty.c (securetty_perform_check): Remove
725 superfluous condition.
726 * modules/pam_stress/pam_stress.c (stress_get_password,pam_sm_authenticate):
727 Remove superfluous conditions.
728 (pam_sm_chauthtok): Fix mistaken && for &.
729 * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Remove
730 superfluous condition.
731 All the problems fixed in this commit were found by Steve Grubb.
733 2008-11-20 Tomas Mraz <t8m@centrum.cz>
735 * modules/pam_sepermit/pam_sepermit.c (sepermit_match): Do not
736 call sepermit_lock() if sense is deny. Do not crash on NULL seuser
738 (pam_sm_authenticate): Try to call getseuserbyname() even if
741 2008-11-19 Thorsten Kukuk <kukuk@thkukuk.de>
743 * modules/pam_xauth/pam_xauth.c (pam_sm_open_session):
744 Preserve XAUTHLOCALHOSTNAME environment variable.
746 * modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Finish
747 implementation of type=STRING option.
749 * modules/pam_pwhistory/pam_pwhistory.8.xml: Document
750 "type=STRING" option.
752 2008-10-27 Thorsten Kukuk <kukuk@thkukuk.de>
754 * doc/man/pam_setcred.3.xml: Document when credentials
756 * po/ja.po: Fix syntax error.
757 * po/de.po: Update translations.
758 * po/*.po: Regenerate with pam_tally2 added.
760 2008-10-23 Taylon Silmer Lacerda Silva <taylonsilva@gmail.com>
762 * po/pt_BR.po: Updated translations.
764 2008-10-23 Krishna Babu K <kkrothap@redhat.com>
766 * po/LINGUAS: New language.
767 * po/te.po: New translation to Telugu.
769 2008-10-23 Manoj Kumar Giri <mgiri@redhat.com>
771 * po/or.po: Updated translations.
773 2008-10-21 Amitakhya Phukan <aphukan@redhat.com>
775 * po/as.po: Updated translations.
777 2008-10-21 Ondrej Sulek <feonsu@gmail.com>
779 * po/sk.po: Updated translations.
781 2008-10-21 Terry Chuang <tchuang@redhat.com>
783 * po/zh_TW.po: Updated translations.
785 2008-10-21 Kiyoto Hashida <khashida@redhat.com>
787 * po/ja.po: Updated translations.
789 2008-10-21 Francesco Valente <fvalen@redhat.com>
791 * po/it.po: Updated translations.
793 2008-10-21 Peter van Egdom <p.van.egdom@gmail.com>
795 * po/nl.po: Updated translations.
797 2008-10-20 Ani Peter <apeter@redhat.com>
799 * po/ml.po: Updated translations.
801 2008-10-20 Pablo Martin-Gomez <pablo.martin-gomez@laposte.net>
803 * po/fr.po: Updated translations.
805 2008-10-20 Runa Bhattacharjee <runab@redhat.com>
807 * po/bn_IN.po: Updated translations.
809 2008-10-20 Shankar Prasad <svenkate@redhat.com>
811 * po/kn.po: Updated translations.
813 2008-10-20 Leah Liu <lliu@redhat.com>
815 * po/zh_CN.po: Updated translations.
817 2008-10-20 Ondrej Sulek <feonsu@gmail.com>
819 * po/LINGUAS: New language.
820 * po/sk.po: New translation to Slovak.
822 2008-10-17 Tomas Mraz <t8m@centrum.cz>
824 * configure.in: Add modules/pam_tally2/Makefile.
825 * doc/sag/Linux-PAM_SAG.xml: Include pam_tally2.xml.
826 * doc/sag/pam_tally2.xml: New.
827 * libpam/pam_static_modules.h: Add pam_tally2 static struct.
828 * modules/Makefile.am: Add pam_tally2 directory.
829 * modules/pam_tally2/Makefile.am: New.
830 * modules/pam_tally2/README.xml: New.
831 * modules/pam_tally2/tallylog.h: New.
832 * modules/pam_tally2/pam_tally2.8.xml: New.
833 * modules/pam_tally2/pam_tally2.c: New.
834 * modules/pam_tally2/pam_tally2_app.c: New.
835 * modules/pam_tally2/tst-pam_tally2: New.
836 * po/POTFILES.in: Add pam_tally2 sources.
838 2008-10-17 Xavier Queralt Mateu <xqueralt@gmail.com>
840 * po/ca.po: Updated translations.
842 2008-10-15 Tomas Mraz <t8m@centrum.cz>
844 * modules/pam_keyinit/pam_keyinit.c (kill_keyrings): Save the old
845 euid to suid to be able to restore it.
847 2008-10-15 Piotr Drąg <piotrdrag@gmail.com>
849 * po/pl.po: Updated translations.
851 2008-10-13 Tomas Mraz <t8m@centrum.cz>
853 * po/LINGUAS: New languages.
854 * po/cs.po: Updated translations.
856 2008-10-13 Amitakhya Phukan <aphukan@redhat.com>
858 * po/as.po: Updated translations.
860 2008-10-13 Shankar Prasad <svenkate@redhat.com>
862 * po/kn.po: Updated translations.
864 2008-10-13 Sandeep Sheshrao Shedmake <sshedmak@redhat.com>
866 * po/mr.po: New translation to Marathi.
868 2008-10-13 Runa Bhattacharjee <runab@redhat.com>
870 * po/bn_IN.po: Updated translations.
872 2008-10-13 Sharuzzaman Ahmat Raslan <sharuzzaman@gmail.com>
874 * po/ms.po: New translation to Malay.
876 2008-10-10 Thorsten Kukuk <kukuk@thkukuk.de>
878 * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass):
879 Remove check for re-used passwords.
880 * modules/pam_cracklib/pam_cracklib.8.xml: Remove documentation
881 of re-used password check.
883 * configure.in: add modules/pam_pwhistory/Makefile.
884 * doc/sag/Linux-PAM_SAG.xml: Include pam_pwhistory.xml.
885 * doc/sag/pam_pwhistory.xml: New.
886 * libpam/pam_static_modules.h: Add pam_pwhistory data.
887 * modules/Makefile.am: Add pam_pwhistory directory.
888 * modules/pam_pwhistory/Makefile.am: New.
889 * modules/pam_pwhistory/README.xml: New.
890 * modules/pam_pwhistory/opasswd.c: New.
891 * modules/pam_pwhistory/opasswd.h: New.
892 * modules/pam_pwhistory/pam_pwhistory.8.xml: New.
893 * modules/pam_pwhistory/pam_pwhistory.c: New.
894 * modules/pam_pwhistory/tst-pam_pwhistory: New.
895 * xtests/Makefile.am: New.
896 * xtests/run-xtests.sh: New.
897 * xtests/tst-pam_pwhistory1.c: New.
898 * xtests/tst-pam_pwhistory1.pamd: New.
899 * xtests/tst-pam_pwhistory1.sh: New.
900 * po/POTFILES.in: Add modules/pam_pwhistory/.
901 * po/de.po: Update translations.
903 2008-10-02 Thorsten Kukuk <kukuk@thkukuk.de>
905 * po/de.po: Update translations.
907 2008-09-30 Manoj Kumar Giri <mgiri@redhat.com>
909 * po/or.po: Updated translations.
911 2008-09-30 Taylon Silmer Lacerda Silva <taylonsilva@gmail.com>
913 * po/pt_BR.po: Updated translations.
915 2008-09-30 Tomas Mraz <t8m@centrum.cz>
917 * modules/pam_lastlog/pam_lastlog.8.xml: Document new options
918 noupdate and showfailed.
919 * modules/pam_lastlog/pam_lastlog.c(pam_parse): Recognize the new
921 (last_login_read): New output parameter lltime. Do not display
922 the last login message if it would be empty.
923 (last_login_date): New output parameter lltime. Do not write the
924 last login info when LASTLOG_UPDATE is not set.
925 (last_login_failed): New function to display the last bad login
927 (pam_sm_open_session): Obtain lltime from last_login_date() and
928 call last_login_failed() when appropriate.
930 * po/Linux-pam.pot: Updated strings to translate.
933 2008-09-29 Thorsten Kukuk <kukuk@thkukuk.de>
935 * modules/pam_echo/pam_echo.8.xml: Fix format error.
937 2008-09-25 Tomas Mraz <t8m@centrum.cz>
939 * modules/pam_tally/pam_tally.c(get_tally): Fix syslog message.
940 (tally_check): Open faillog read only. Close file descriptor.
941 Fix typos in messages.
943 2008-09-25 Thorsten Kukuk <kukuk@thkukuk.de>
945 * modules/pam_mail/pam_mail.c (report_mail): Fix logic of
946 "quiet" option (Patch from Andreas Henriksson <andreas@fatal.se>)
948 * modules/pam_mail/pam_mail.8.xml: Fix typo.
950 2008-09-23 Tomas Mraz <t8m@centrum.cz>
952 * modules/pam_limits/limits.conf.5.xml: Comment that rss limit is
955 2008-09-19 Tomas Mraz <t8m@centrum.cz>
957 * modules/pam_cracklib/pam_cracklib.8.xml: Fix description
958 of the palindrome test. Document new options maxrepeat and
960 * modules/pam_cracklib/pam_cracklib.c(_pam_parse): Parse
961 the maxrepeat and reject_username options.
962 (password_check): Call the new tests usercheck() and
964 (_pam_unix_approve_pass): Pass user name to the password_check().
966 2008-09-16 Thorsten Kukuk <kukuk@thkukuk.de>
968 * modules/pam_cracklib/pam_cracklib.8.xml: Fix typo.
970 * modules/pam_unix/pam_unix.8.xml: Fix typo.
972 2008-09-03 Thorsten Kukuk <kukuk@thkukuk.de>
974 * modules/pam_exec/pam_exec.c: Expose authtok if requested,
975 provide environment variable containing service type.
976 * modules/pam_exec/pam_exec.8.xml: Document new option.
978 2008-08-29 Tomas Mraz <t8m@centrum.cz>
980 * modules/pam_loginuid/pam_loginuid.c(set_loginuid): Uids
983 2008-08-18 Thorsten Kukuk <kukuk@thkukuk.de>
985 * Makefile.am (M4_FILES): Adjust list.
987 * modules/pam_access/pam_access.8.xml: Fix module service
989 * modules/pam_cracklib/pam_cracklib.8.xml: Likewise.
990 * modules/pam_debug/pam_debug.8.xml: Likewise.
991 * modules/pam_deny/pam_deny.8.xml: Likewise.
992 * modules/pam_echo/pam_echo.8.xml: Likewise.
993 * modules/pam_env/pam_env.8.xml: Likewise.
994 * modules/pam_exec/pam_exec.8.xml: Likewise.
995 * modules/pam_faildelay/pam_faildelay.8.xml: Likewise.
996 * modules/pam_filter/pam_filter.8.xml: Likewise.
997 * modules/pam_ftp/pam_ftp.8.xml: Likewise.
998 * modules/pam_group/pam_group.8.xml: Likewise.
999 * modules/pam_issue/pam_issue.8.xml: Likewise.
1000 * modules/pam_keyinit/pam_keyinit.8.xml: Likewise.
1001 * modules/pam_lastlog/pam_lastlog.8.xml: Likewise.
1002 * modules/pam_limits/pam_limits.8.xml: Likewise.
1003 * modules/pam_listfile/pam_listfile.8.xml: Likewise.
1004 * modules/pam_localuser/pam_localuser.8.xml: Likewise.
1005 * modules/pam_loginuid/pam_loginuid.8.xml: Likewise.
1006 * modules/pam_mail/pam_mail.8.xml: Likewise.
1007 * modules/pam_mkhomedir/pam_mkhomedir.8.xml: Likewise.
1008 * modules/pam_motd/pam_motd.8.xml: Likewise.
1009 * modules/pam_namespace/pam_namespace.8.xml: Likewise.
1010 * modules/pam_nologin/pam_nologin.8.xml: Likewise.
1011 * modules/pam_permit/pam_permit.8.xml: Likewise.
1012 * modules/pam_rhosts/pam_rhosts.8.xml: Likewise.
1013 * modules/pam_rootok/pam_rootok.8.xml: Likewise.
1014 * modules/pam_securetty/pam_securetty.8.xml: Likewise.
1015 * modules/pam_selinux/pam_selinux.8.xml: Likewise.
1016 * modules/pam_sepermit/pam_sepermit.8.xml: Likewise.
1017 * modules/pam_shells/pam_shells.8.xml: Likewise.
1018 * modules/pam_succeed_if/pam_succeed_if.8.xml: Likewise.
1019 * modules/pam_tally/pam_tally.8.xml: Likewise.
1020 * modules/pam_time/pam_time.8.xml: Likewise.
1021 * modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise.
1022 * modules/pam_umask/pam_umask.8.xml: Likewise.
1023 * modules/pam_unix/pam_unix.8.xml: Likewise.
1024 * modules/pam_userdb/pam_userdb.8.xml: Likewise.
1025 * modules/pam_warn/pam_warn.8.xml: Likewise.
1026 * modules/pam_wheel/pam_wheel.8.xml: Likewise.
1027 * modules/pam_xauth/pam_xauth.8.xml: Likewise.
1029 2008-08-01 Thorsten Kukuk <kukuk@thkukuk.de>
1031 * configure.in: Add version for gettext, add search path
1032 for m4 directory, fix handling of --disable-* options.
1033 Patches from Diego Pettenò <flameeyes@gmail.com>.
1035 * configure.in: Run autoupdate on it.
1037 * acincludde.m4: Rename to ...
1038 * m4/jh_path_xml_catalog.m4: ... this.
1040 * m4/*.m4: Remove all autoconf m4 files.
1042 2008-07-29 Steve Langasek <vorlon@debian.org>
1044 * modules/pam_cracklib/pam_cracklib.8.xml: correct a typo,
1045 "Only he" -> "Only the"
1047 2008-07-28 Steve Langasek <vorlon@debian.org>
1049 * libpamc/test/regress/test.libpamc.c: use standard u_int8_t
1050 type instead of __u8, as elsewhere.
1051 Patch from Roger Leigh <rleigh@debian.org>.
1052 * modules/pam_unix/passverify.c: make save_old_password()
1053 thread-safe by using pam_modutil_getpwnam() instead of getpwnam()
1054 * modules/pam_unix/passverify.c, modules/pam_unix/passverify.h,
1055 modules/pam_unix/pam_unix_passwd.c: add pamh argument to
1058 2008-07-27 Steve Langasek <vorlon@debian.org>
1060 * modules/pam_*/pam_*.8.xml: fix up the references to pam.d,
1061 which is in manpage section 5, not 8.
1062 * modules/pam_env/environment, modules/pam_env/pam_env.8.xml:
1063 spelling fix, seperate -> separate
1065 2008-07-26 Steve Langasek <vorlon@debian.org>
1067 * modules/pam_env/pam_env.c: Fix module to skip over
1068 non-alphanumeric variable names, and to handle the case when
1069 asked to delete a non-existent variable.
1071 2008-07-13 Tomas Mraz <t8m@centrum.cz>
1073 * modules/pam_mail/pam_mail.8.xml: Module supports session and
1074 not account service (#1980773).
1076 2008-07-11 Tomas Mraz <t8m@centrum.cz>
1078 * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Do
1079 not close the pipe descriptor in borderline case (#2009766).
1080 * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary):
1082 * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
1083 * modules/pam_unix/support.h: Define upper limit of fds we will
1086 * modules/pam_selinux/pam_selinux.c (config_context): Do not
1087 ask for the level if use_current_range is set.
1088 (context_from_env): New function to obtain the context from
1089 PAM environment variables.
1090 (pam_sm_open_session): Call context_from_env() if env_params option
1091 is present. use_current_range now modifies behavior of the
1092 context_from_env and config_context options.
1093 * modules/pam_selinux/pam_selinux.8.xml: Describe the env_params
1094 option. Adjust description of use_current_range option.
1096 2008-07-09 Thorsten Kukuk <kukuk@thkukuk.de>
1098 * modules/pam_exec/pam_exec.c (call_exec): Move all variable
1099 declaration to begin of a block (#1976310).
1101 * xtests/tst-pam_group1.c (run_test): Move no_grps declaration
1102 to begin of function (#1976310).
1104 * modules/pam_securetty/pam_securetty.8.xml: Replace
1105 PAM_IGNORE with PAM_USER_UNKNOWN (#1994330).
1107 * modules/pam_tally/pam_tally.c: Add support for silent and
1108 no_log_info options.
1109 * modules/pam_tally/pam_tally.8.xml: Document silent and
1110 no_log_info options.
1112 2008-07-08 Thorsten Kukuk <kukuk@thkukuk.de>
1114 * modules/pam_unix/passverify.c (verify_pwd_hash): Adjust debug
1117 2008-06-22 Thorsten Kukuk <kukuk@thkukuk.de>
1119 * modules/pam_unix/unix_chkpwd.c (main): Fix compiling without
1122 * modules/pam_cracklib/pam_cracklib.8.xml: Fix typo in ucredit
1123 description (reported by Wayne Pollock <pollock@acm.org>)
1125 2008-06-19 Tomas Mraz <t8m@centrum.cz>
1127 * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate):
1128 Detect configuration errors. Fail on incomplete condition.
1130 2008-05-20 Tomas Mraz <t8m@centrum.cz>
1132 * configure.in: Work correctly with autoconf-2.62.
1134 2008-05-19 Tomas Mraz <t8m@centrum.cz>
1136 * doc/man/pam_getenv.3.xml: Correct the pam_getenv documentation.
1138 * doc/man/pam_prompt.3.xml: Add missing description.
1140 2008-05-14 Kjartan Maraas <kmaraas@gnome.org>
1142 * po/nb.po: Updated translation.
1144 2008-05-14 Sulyok Péter <peti@sulyok.hu>
1146 * po/hu.po: Updated translation.
1148 2008-05-14 Tomas Mraz <t8m@centrum.cz>
1150 * libpam/pam_modutil_getgrgid.c: Replace hardcoded constant with
1151 define PWD_LENGTH_SHIFT.
1152 * libpam/pam_modutil_getgrnam.c: Likewise.
1153 * libpam/pam_modutil_getpwnam.c: Likewise.
1154 * libpam/pam_modutil_getpwuid.c: Likewise.
1155 * libpam/pam_modutil_getspnam.c: Likewise.
1156 * libpam/pam_modutil_private.h: Adjust values for PWD_ constants.
1158 * modules/pam_unix/pam_unix_passwd.c(pam_sm_chauthtok): Unset authtok
1159 item when password is not approved.
1160 * modules/pam_unix/support.c(_unix_read_password): UNIX_USE_FIRST_PASS
1161 is always set when UNIX_AUTHTOK is set, change order of conditions.
1163 2008-05-02 Tomas Mraz <t8m@centrum.cz>
1165 * modules/pam_selinux/pam_selinux.c(query_response): Add handling
1167 (manual_context): Handle failed query_response() properly. Rename
1168 variable responses to response which is more correct name.
1169 (config_context): Likewise.
1170 (pam_sm_open_session): Do not base decision on whether there is a tty.
1172 2008-04-22 Tomas Mraz <t8m@centrum.cz>
1174 * modules/pam_selinux/pam_selinux.c(pam_sm_close_sesion): Fix
1175 regression from the change from 2008-03-20. setexeccon() must be
1176 called also with NULL prev_context.
1178 2008-04-21 Thorsten Kukuk <kukuk@thkukuk.de>
1180 * modules/pam_access/access.conf.5.xml: Document changed behavior
1182 * modules/pam_access/pam_access.c: Add from_remote_host to
1183 struct login_info to change behavior of LOCAL keyword: if
1184 PAM_RHOST is not set, LOCAL will be true.
1186 2008-04-18 Tomas Mraz <t8m@centrum.cz>
1188 * modules/pam_namespace/pam_namespace.c: New functions
1189 unprotect_dirs(), cleanup_protect_data(), protect_mount(),
1190 protect_dir() to protect directory by bind mount.
1191 (cleanup_data): Renamed to cleanup_polydir_data().
1192 (parse_create_params): Allow missing specification of mode
1194 (check_inst_parent): Call protect_dir() on the instance parent
1195 directory. The directory is created when it doesn't exist.
1196 (create_polydir): Protect and make the polydir by protect_dir(),
1197 remove potential races.
1198 (create_dirs): Renamed to create_instance(), remove call to
1200 (ns_setup): Call protect_dir() on the polydir if it already exists.
1201 Call inst_init() after the polydir is mounted.
1202 (setup_namespace): Set the namespace protect data to be cleaned up
1203 on pam_close_session()/pam_end().
1204 (pam_sm_open_session): Initialize the protect_dirs.
1205 (pam_sm_close_session): Cleanup namespace protect data.
1206 * modules/pam_namespace/pam_namespace.h: Define struct for the
1207 stack of protected dirs.
1208 * modules/pam_namespace/pam_namespace.8.xml: Document when the
1209 instance init script is called.
1210 * modules/pam_namespace/namespace.conf.5.xml: Likewise.
1212 2008-04-17 Tomas Mraz <t8m@centrum.cz>
1214 * modules/pam_access/pam_access.c(myhostname): Removed function.
1215 (user_match): Supply hostname of the machine to the netgroup_match().
1216 Use hostname from the loginfo instead of calling myhostname().
1217 (pam_sm_authenticate): Call gethostname() to fill hostname in the
1220 * modules/pam_sepermit/pam_sepermit.c(sepermit_match): Do not try
1221 to lock if euid != 0.
1223 2008-04-16 Tomas Mraz <t8m@centrum.cz>
1225 * modules/pam_unix/Makefile.am: Link unix_chkpwd with libaudit.
1226 * modules/pam_unix/unix_chkpwd.c(_audit_log): New function for audit.
1227 (main): Call _audit_log() when appropriate.
1229 * modules/pam_cracklib/pam_cracklib.c(_pam_parse): Recognize also
1230 try_first_pass and use_first_pass options.
1231 (pam_sm_chauthtok): Implement the new options.
1233 2008-04-08 Tomas Mraz <t8m@centrum.cz>
1235 * modules/pam_xauth/pam_xauth.c(run_coprocess): Avoid multiple
1236 calls to sysconf() (based on patch by Sami Farin).
1238 * libpam/pam_item.c (TRY_SET): Do not set when destination
1239 is identical to source.
1240 (pam_set_item): Do not overwrite destination when it
1241 is identical to source.
1243 2008-04-07 Miloš Komarčević <kmilos@gmail.com>
1245 * po/sr.po: New file with translation.
1246 * po/sr@latin.po: Likewise.
1247 * po/LINGUAS: Add sr and sr@latin.
1249 2008-04-03 Thorsten Kukuk <kukuk@thkukuk.de>
1251 * release version 1.0.0
1253 * configure.in: Set version number to 1.0.0.
1254 * libpam/Makefile.am: Bump patchlevel of libpam.
1255 * doc/adg/Linux-PAM_ADG.xml: Update version/date.
1256 * doc/mwg/Linux-PAM_MWG.xml: Likewise.
1257 * doc/sag/Linux-PAM_SAG.xml: Likewise.
1259 2008-03-31 Dan Walsh <dwalsh@redhat.com>
1261 * modules/pam_sepermit/pam_sepermit.c(sepermit_lock): Mark lock fd to
1264 2008-03-25 Leah Liu <lliu@redhat.com>
1266 * po/zh_CN.po: Updated translation.
1268 2008-03-20 Tomas Mraz <t8m@centrum.cz>
1270 * modules/pam_namespace/pam_namespace.c(poly_name): Switch to USER
1271 method only when appropriate.
1272 (setup_namespace): Do not umount when not mounted with RUSER.
1274 * modules/pam_selinux/pam_selinux.c(pam_sm_close_session): Call
1275 freecontext() after the context is logged not before.
1277 2008-03-18 Canniot Thomas <thomas.canniot@mrtomlinux.org>
1279 * po/fr.po: Updated translation.
1281 2008-03-13 Ankit Patel <ankit@redhat.com>
1283 * po/gu.po: Updated translation.
1285 2008-03-05 Tomas Mraz <t8m@centrum.cz>
1287 * modules/pam_cracklib/pam_cracklib.c(pam_sm_chauthtok): Avoid
1288 unnecessary x_strdup() of resp.
1289 * modules/pam_ftp/pam_ftp(pam_sm_authenticate): Call _pam_overwrite()
1290 before dropping password resp.
1292 2008-03-03 Tomas Mraz <t8m@centrum.cz>
1294 * modules/pam_selinux/pam_selinux.c: Do not translate syslog messages.
1295 * po/Linux-PAM.pot: Update.
1297 * libpam/pam_item.c(RESET): Rename to TRY_SET, handle strdup failure.
1298 (pam_set_item): Use TRY_SET() also for PAM_AUTHTOK and PAM_OLDAUTHTOK.
1299 Handle allocation failure for PAM_XAUTHDATA.
1300 (pam_get_user): Return error when conversation returns NULL user.
1301 Call pam_set_item() instead of RESET().
1303 2008-02-26 Tomas Mraz <t8m@centrum.cz>
1305 * modules/pam_unix/Makefile.am: Do not link to cracklib.
1306 * modules/pam_unix/pam_unix_passwd.c(_pam_unix_approve_pass):
1307 Do not call FascistCheck() from cracklib.
1309 2008-02-29 Fabian Affolter <fab@fedoraproject.org>
1311 * po/de.po: Updated translation.
1313 2008-02-28 Piotr Drąg <piotrdrag@gmail.com>
1315 * po/pl.po: Updated translation.
1317 2008-02-26 Tomas Mraz <t8m@centrum.cz>
1319 * po/LINUGAS: New languages added.
1320 * po/es.po: Updated translations.
1321 * po/fr.po: Likewise.
1322 * po/it.po: Likewise.
1323 * po/ja.po: Likewise.
1324 * po/nl.po: Likewise.
1325 * po/pl.po: Likewise.
1326 * po/pt_BR.po: Likewise.
1327 * po/ru.po: Likewise.
1328 * po/zh_CN.po: Likewise.
1329 * po/as.po: New file.
1330 * po/gu.po: Likewise.
1331 * po/hi.po: Likewise.
1332 * po/kn.po: Likewise.
1333 * po/ko.po: Likewise.
1334 * po/ml.po: Likewise.
1335 * po/or.po: Likewise.
1336 * po/si.po: Likewise.
1337 * po/ta.po: Likewise.
1339 2008-02-21 Tomas Mraz <t8m@centrum.cz>
1341 * libpam/pam_audit.c (_pam_audit_writelog): Silence syslog
1342 message on non-error return.
1344 * modules/pam_unix/unix_chkpwd.c (main): Proceed as unprivileged
1345 user when checking password of another user.
1346 * modules/pam_unix/unix_update.c: Fix comment.
1348 2008-02-18 Dmitry V. Levin <ldv@altlinux.org>
1350 * libpam/pam_handlers.c (_pam_assemble_line): Fix potential
1352 * xtests/tst-pam_assemble_line1.pamd: New test for
1354 * xtests/tst-pam_assemble_line1.sh: New script for
1355 tst-pam_assemble_line1.
1356 * xtests/Makefile.am (NOSRCTESTS): Add tst-pam_assemble_line1.
1357 (EXTRA_DIST): Add tst-pam_assemble_line1.pamd and
1358 tst-pam_assemble_line1.sh
1360 * modules/pam_exec/pam_exec.c (call_exec): Fix asprintf return
1363 2008-02-13 Thorsten Kukuk <kukuk@thkukuk.de>
1365 * release version 0.99.10.0
1367 * configure.in: set version number.
1369 * modules/pam_rhosts/Makefile.am: Remove pam_rhosts_auth.
1370 * modules/pam_rhosts/pam_rhosts_auth.c: Removed.
1371 * modules/pam_rhosts/tst-pam_rhosts_auth: Removed.
1373 * modules/pam_namespace/Makefile.am (noinst_HEADERS): Add
1376 2008-02-13 Tomas Mraz <t8m@centrum.cz>
1378 * modules/pam_namespace/Makefile.am: Add argv_parse files and namespace.d
1380 * modules/pam_namespace/argv_parse.c: New file.
1381 * modules/pam_namespace/argv_parse.h: New file.
1382 * modules/pam_namespace/namespace.conf.5.xml: Document new features.
1383 * modules/pam_namespace/pam_namespace.8.xml: Likewise.
1384 * modules/pam_namespace/pam_namespace.h: Use SECURECONF_DIR define.
1385 Define NAMESPACE_D_DIR and NAMESPACE_D_GLOB. Define new option flags
1387 (polydir_s): Add rdir, replace exclusive with flags, add init_script,
1388 owner, group, and mode.
1389 (instance_data): Add ruser, gid, and ruid.
1390 * modules/pam_namespace/pam_namespace.c: Remove now unused copy_ent().
1391 (add_polydir_entry): Add the entry directly, no copy.
1392 (del_polydir): New function.
1393 (del_polydir_list): Call del_polydir().
1394 (expand_variables, parse_create_params, parse_iscript_params,
1395 parse_method): New functions.
1396 (process_line): Call expand_variables() on polydir and instance prefix.
1397 Call argv_parse() instead of strtok_r(). Allocate struct polydir_s on heap.
1398 (parse_config_file): Parse .conf files from namespace.d dir after
1400 (form_context): Call getcon() or get_default_context_with_level() when
1401 appropriate flags are set.
1402 (poly_name): Handle shared polydir flag.
1403 (inst_init): Execute non-default init script when specified.
1404 (create_polydir): New function.
1405 (create_dirs): Remove the code which checks the polydir. Do not call
1406 inst_init() when noinit flag is set.
1407 (ns_setup): Check the polydir and eventually create it if the create flag
1409 (setup_namespace): Use ruser uid from idata. Set the namespace polydir
1410 pam data only when namespace was set up correctly. Unmount polydir
1412 (get_user_data): New function.
1413 (pam_sm_open_session): Check for use_current_context and
1414 use_default_context options. Call get_user_data().
1415 (pam_sm_close_session): Call get_user_data().
1417 2008-02-06 Thorsten Kukuk <kukuk@thkukuk.de>
1419 * po/de.po: Translate some more strings.
1421 2008-02-05 Thorsten Kukuk <kukuk@thkukuk.de>
1423 * modules/pam_unix/unix_update.c: Remove unused declarations.
1425 2008-02-04 Thorsten Kukuk <kukuk@thkukuk.de>
1427 * libpam/pam_static_modules.h: Add _pam_sepermit_modstruct.
1428 * modules/pam_sepermit/pam_sepermit.c: Fix typo.
1429 * modules/pam_sepermit/Makefile.am: Install config file only
1430 if we build the module.
1432 * README: Add --disable-pie to configure options for static library.
1434 * doc/man/Makefile.am: Fix building outside of src directory.
1436 * libpam/Makefile.am: Bump version number of libpam.
1438 * modules/Makefile.am: Add pam_sepermit.
1440 * doc/Makefile.am: Fix build out of source directory.
1442 * po/POTFILES.in: Add pam_sepermit.c.
1444 * modules/pam_exec/pam_exec.c: Set PAM environment variables and
1446 * modules/pam_exec/pam_exec.8.xml: Document new behavior.
1447 Patch from Julien Lecomte <julien@lecomte.at>.
1449 2008-02-01 Tomas Mraz <t8m@centrum.cz>
1451 * modules/pam_namespace/namespace.conf.5.xml: Add documentation for
1452 tmpfs and tmpdir polyinst and for ~ user list modifier.
1453 * modules/pam_namespace/namespace.init: Add documentation for the
1454 new init parameter. Add home directory initialization script.
1455 * modules/pam_namespace/pam_namespace.8.xml: Document the new
1456 init parameter of the namespace.init script.
1457 * modules/pam_namespace/pam_namespace.c(copy_ent): Copy exclusive flag.
1458 (cleanup_data): New function.
1459 (process_line): Set exclusive flag. Add tmpfs and tmpdir methods.
1460 (ns_override): Change behavior on the exclusive flag.
1461 (poly_name): Process tmpfs and tmpdir methods.
1462 (inst_init): Add flag for new directory initialization.
1463 (create_dirs): Process the tmpdir method, add the new directory
1465 (ns_setup): Remove unused code. Process the tmpfs method.
1466 (cleanup_tmpdirs): New function.
1467 (setup_namespace): Set data for proper cleanup. Cleanup the tmpdirs
1469 (pam_sm_close_session): Instead of parsing the config file again use
1470 the previously set data for cleanup.
1471 * modules/pam_namespace/pam_namespace.h: Add TMPFS and TMPDIR methods
1474 2008-01-29 Tomas Mraz <t8m@centrum.cz>
1476 * configure.in: Test for setkeycreatecon needs libselinux.
1477 Add new module pam_sepermit.
1478 * modules/Makefile.am: Add new module pam_sepermit.
1479 * modules/pam_sepermit/.cvsignore: New file.
1480 * modules/pam_sepermit/Makefile.am: Likewise.
1481 * modules/pam_sepermit/README.xml: Likewise.
1482 * modules/pam_sepermit/pam_sepermit.8.xml: Likewise.
1483 * modules/pam_sepermit/pam_sepermit.c: Likewise.
1484 * modules/pam_sepermit/sepermit.conf: Likewise.
1485 * modules/pam_sepermit/tst-pam_sepermit: Likewise.
1486 * doc/sag/pam_sepermit.xml: Likewise.
1488 * doc/sag/pam_tty_audit.xml: Add pam_tty_audit to SAG.
1490 2008-01-29 Miloslav Trmac <mitr@redhat.com>
1492 * modules/pam_tty_audit/README.xml: Add notes section.
1493 * modules/pam_tty_audit/pam_tty_audit.8.xml: Describe patterns
1494 support and open_only option. Add notes.
1495 * modules/pam_tty_audit/pam_tty_audit.c(pam_sm_open_session): Add
1496 support for pattern matching and the open_only option.
1498 2008-01-28 Thorsten Kukuk <kukuk@thkukuk.de>
1500 * libpam/pam_audit.c: Include pam_modutil_private.h.
1502 * libpam/pam_item.c (pam_set_item): Fix compiler warning.
1504 * libpam/pam_end.c (pam_end): Cast to correct pointer type.
1505 * libpam/include/security/_pam_macros.h (_pam_overwrite_n): Use
1508 * modules/pam_unix/passverify.c: Fix compiling without SELinux
1511 2008-01-24 Tomas Mraz <t8m@centrum.cz>
1513 * modules/pam_unix/bigcrypt.c (bigcrypt): Use crypt_r() when
1515 * modules/pam_unix/passverify.c (strip_hpux_aging): New function
1516 to strip HP/UX aging info from password hash.
1517 (verify_pwd_hash): Call strip_hpux_aging(), use crypt_r() when
1520 2008-01-23 Tomas Mraz <t8m@centrum.cz>
1522 * configure.in: Add test for crypt_r(). Add setting/disabling random
1525 * modules/pam_unix/Makefile.am: Add unix_update.8 manpage generated from
1526 XML, generate also unix_chkpwd.8 from XML.
1527 * modules/pam_unix/pam_unix_acct.c: Add rounds parameter to _set_ctrl().
1528 * modules/pam_unix/pam_unix_auth.c: Likewise.
1529 * modules/pam_unix/pam_unix_sess.c: Likewise.
1530 * modules/pam_unix/pam_unix_passwd.c: Likewise.
1531 * modules/pam_unix/support.c(_set_ctrl): Likewise.
1532 * modules/pam_unix/support.h: Likewise. Add UNIX_SHA256_PASS,
1533 UNIX_SHA512_PASS, and UNIX_ALGO_ROUNDS ctrls.
1534 (pam_sm_chauthtok): Refactor out new password encryption.
1535 * modules/pam_unix/passverify.c(crypt_make_salt): New function.
1536 (crypt_md5_wrapper): Call crypt_make_salt().
1537 (create_password_hash): New function refactored out of
1538 pam_sm_chauthtok(). Support for new password hashes.
1539 * modules/pam_unix/passverify.h: Drop ascii_to_bin() and bin_to_ascii()
1540 macros. Add prototype for create_password_hash().
1541 * modules/pam_unix/unix_update.8.xml: New file.
1542 * modules/pam_unix/unix_chkpwd.8.xml: Likewise.
1544 * modules/pam_unix/Makefile.am: Add unix_update helper.
1545 * modules/pam_unix/pam_unix_passwd.c: Move functions i64c(),
1546 crypt_md5_wrapper(), save_old_password(), _update_passwd() and
1547 _update_shadow() to passverify.c file. Rename _unix_run_shadow_binary()
1548 to _unix_run_update_binary(), which also verifies old password and
1550 (_do_setpass, pam_sm_chauthtok): lckpwdf()->lock_pwdf(), the same for unlock.
1551 Call _unix_run_update_binary() appropriately.
1552 _update_passwd()->unix_update_passwd(), the same for shadow.
1553 * modules/pam_unix/passverify.c: Add new functions moved from
1554 pam_unix_passwd.c and unix_chkpwd.c.
1555 * modules/pam_unix/passverify.h: Likewise.
1556 * modules/pam_unix/unix_chkpwd.c: Remove SELinux checks. Move
1557 su_sighandler(), setup_signals(), getuidname() to passverify.c.
1558 (main): Remove 'shadow' option. Refactor out read_passwords() and
1559 call it. More strict checking how the binary is called.
1560 * modules/pam_unix/unix_update.c: New helper binary - non-setuid,
1561 called from SELinux confined apps only.
1563 * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Return
1564 status and daysleft instead of fake shadow entry.
1565 (pam_sm_acct_mgmt): Call _unix_run_verify_binary() appropriately.
1566 * modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Call
1567 get_account_info() and check_shadow_expiry().
1568 * modules/pam_unix/support.h: Adjust _unix_run_verify_binary()
1570 * modules/pam_unix/support.c (_unix_run_helper_binary): Remove check
1571 on selinux enabled/disabled.
1572 * modules/pam_unix/unix_chkpwd.c (_verify_account): Rename to
1573 _check_expiry(), now checks shadow expiry info.
1574 (main): Remove check on selinux enabled/disabled. Check shadow
1575 expiry through _check_expiry().
1577 * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Call
1578 get_account_info() and check_shadow_expiry().
1579 * modules/pam_unix/passverify.c: Add get_account_info() to
1580 obtain shadow and passwd entry. Add check_shadow_expiry() to
1581 for shadow password expiry check.
1582 (get_pwd_hash): Call get_account_info().
1583 * modules/pam_unix/passverify.h: Add prototypes for get_account_info()
1584 and check_shadow_expiry().
1586 2008-01-08 Thorsten Kukuk <kukuk@thkukuk.de>
1588 * doc/man/Makefile.am: Fix manual page dependencies,
1589 add hack for bug in xsl stylestheets.
1591 2008-01-07 Thorsten Kukuk <kukuk@thkukuk.de>
1593 * po/it.po: Fix typos.
1594 * po/de.po: Few new translations.
1595 * po/POTFILES.in: Add pam_tty_audit.c and passverify.c.
1596 * doc/man/pam_xauth_data.3.xml: Added to CVS.
1597 * doc/man/pam_xauth_data.3: Likewise.
1598 * modules/pam_tty_audit/README: Likewise.
1599 * modules/pam_tty_audit/pam_tty_audit.8: Likewise.
1600 * po/sv.po: Update swedish translation [#1857531].
1601 * modules/pam_succeed_if/pam_succeed_if.8.xml: Fix
1602 cut & paste error [#1863490].
1604 2008-01-02 Petteri Räty <betelgeuse@gentoo.org>
1605 * modules/pam_limits/limits.conf: document allowed values for
1607 * modules/pam_limits/limits.conf.5.xml: Likewise.
1609 2007-12-18 Thorsten Kukuk <kukuk@thkukuk.de>
1611 * README: Document how to run make check with static modules
1614 2007-12-18 Peter Breitenlohner <peb@mppmu.mpg.de>
1615 * README: Document that "make check" requires a file
1616 /etc/pam.d/other (SF#1822764).
1618 2007-12-12 Eamon Walsh <ewalsh@tycho.nsa.gov>
1620 * doc/man/pam_item_types_ext.inc.xml: More appropriate wording
1621 for PAM_XDISPLAY doc.
1623 2007-12-07 Tomas Mraz <t8m@centrum.cz>
1625 * po/cs.po: Updated translations.
1627 * libpam/libpam.map: Add LIBPAM_MODUTIL_1.1 version.
1628 * libpam/pam_audit.c: Add _pam_audit_open() and
1629 pam_modutil_audit_write().
1630 (_pam_auditlog): Call _pam_audit_open().
1631 * libpam/include/security/pam_modutil.h: Add pam_modutil_audit_write().
1632 * modules/pam_access/pam_access.8.xml: Add noaudit option.
1634 * modules/pam_access/pam_access.c: Move fs, sep, pam_access_debug, and
1635 only_new_group_syntax variables to struct login_info. Add noaudit
1637 (_parse_args): Adjust for the move of variables and add support for
1639 (group_match): Add debug parameter.
1640 (string_match): Likewise.
1641 (network_netmask_match): Likewise.
1642 (login_access): Adjust for the move of variables. Add nonall_match.
1643 Add call to pam_modutil_audit_write().
1644 (list_match): Adjust for the move of variables.
1645 (user_match): Likewise.
1646 (from_match): Likewise.
1647 (pam_sm_authenticate): Call _parse_args() earlier.
1648 * modules/pam_limits/pam_limits.8.xml: Add noaudit option.
1650 * modules/pam_limits/pam_limits.c (_pam_parse): Add noaudit option.
1651 (setup_limits): Call pam_modutil_audit_write().
1652 * modules/pam_time/pam_time.8.xml: Add debug and noaudit options.
1654 * modules/pam_time/pam_time.c: Add option parsing (_pam_parse()).
1655 (check_account): Call _pam_parse(). Call pam_modutil_audit_write()
1656 and pam_syslog() on login denials.
1658 2007-12-07 Luca Bruno <luca.br@uno.it>
1660 * po/it.po: Updated translations.
1662 2007-12-06 Eamon Walsh <ewalsh@tycho.nsa.gov>
1664 * libpam/include/security/_pam_macros.h: Add _pam_overwrite_n()
1666 * libpam/include/security/_pam_types.h: Add PAM_XDISPLAY,
1667 PAM_XAUTHDATA items, pam_xauth_data struct.
1668 * libpam/pam_item.c (pam_set_item, pam_get_item): Handle
1669 PAM_XDISPLAY and PAM_XAUTHDATA items.
1670 * libpam/pam_end.c (pam_end): Destroy the new items.
1671 * libpam/pam_private.h (pam_handle): Add data members for new
1672 items. Add prototype for _pam_memdup.
1673 * libpam/pam_misc.c: Add _pam_memdup.
1674 * doc/man/Makefile.am: Add pam_xauth_data.3. Replace
1675 pam_item_types.inc.xml with pam_item_types_std.inc.xml and
1676 pam_item_types_ext.inc.xml.
1677 * doc/man/pam_get_item.3.xml: Replace pam_item_types.inc.xml
1678 with pam_item_types_std.inc.xml and pam_item_types_ext.inc.xml.
1679 * doc/man/pam_set_item.3.xml: Likewise.
1680 * doc/man/pam_item_types.inc.xml: Removed file.
1681 * doc/man/pam_item_types_ext.inc.xml: New file.
1682 * doc/man/pam_item_types_std.inc.xml: New file.
1684 2007-12-06 Tomas Mraz <t8m@centrum.cz>
1686 * modules/pam_tty_audit/pam_tty_audit.8.xml: Fix example.
1688 2007-12-05 Miloslav Trmac <mitr@redhat.com>
1690 * configure.in: Add test for audit_tty_status struct. Add
1691 pam_tty_audit module.
1692 * libpam/pam_static_modules.h: Add pam_tty_audit module.
1693 * modules/pam_tty_audit/Makefile.am: New file.
1694 * modules/pam_tty_audit/README.xml: Likewise.
1695 * modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise.
1696 * modules/pam_tty_audit/pam_tty_audit.c: Likewise.
1698 2007-12-05 Tomas Mraz <t8m@centrum.cz>
1700 * modules/pam_unix/Makefile.am: Add passverify.h and passverify.c
1701 as first part of pam_unix refactorization.
1702 * modules/pam_unix/pam_unix/pam_unix_acct.c: Include passverify.h.
1703 * modules/pam_unix/pam_unix_passwd.c: Likewise.
1704 * modules/pam_unix/passverify.c: New file with common functions.
1705 * modules/pam_unix/passverify.h: Prototypes for the common functions.
1706 * modules/pam_unix/support.c: Include passverify.h, move
1707 _unix_shadowed() to passverify.c.
1708 (_unix_verify_password): Refactor out verify_pwd_hash() function.
1709 * modules/pam_unix/support.h: Move _unix_shadowed() prototype to
1711 * modules/pam_unix/unix_chkpwd.c: Use _unix_shadowed() and
1712 verify_pwd_hash() from passverify.c.
1714 2007-11-20 Thorsten Kukuk <kukuk@thkukuk.de>
1716 * modules/pam_unix/Makefile.am (unix_chkpwd_LDADD): Don't link
1717 unix_chkpwd unnecessary against libpam (#1822779).
1719 * modules/pam_tally/pam_tally.c (tally_log): Map
1720 pam_modutil_getpwnam to getpwnam if we don't compile
1722 * modules/pam_tally/Makefile.am: Don't link pam_tally_app
1723 against libpam (#1822779).
1725 2007-11-06 Thorsten Kukuk <kukuk@thkukuk.de>
1727 * xtests/tst-pam_group1.c: Include stdlib.h
1728 * xtests/tst-pam_succeed_if1.c: Likewise.
1729 * xtests/tst-pam_limits1.c: Likewise.
1730 * xtests/tst-pam_access1.c: Likewise.
1731 * xtests/tst-pam_access2.c: Likewise.
1732 * xtests/tst-pam_access3.c: Likewise.
1733 * xtests/tst-pam_access4.c: Likewise.
1734 * xtests/tst-pam_unix1.c: Likewise.
1735 * xtests/tst-pam_unix2.c: Likewise.
1736 * xtests/tst-pam_unix3.c: Likewise.
1737 * xtests/tst-pam_cracklib1.c: Likewise.
1738 * xtests/tst-pam_cracklib2.c: Likewise.
1740 * libpam/pam_static_modules.h: Fix name of pam_namespace variable.
1742 2007-11-01 Peter Breitenlohner <peb@mppmu.mpg.de>
1744 * doc/man/pam_conv.3.xml: Correct typo.
1746 2007-10-30 Peter Breitenlohner <peb@mppmu.mpg.de>
1748 * modules/pam_rhosts/pam_rhosts_auth.c (__icheckhost): Correct
1749 misplaced parenthesis.
1750 * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Prevent use of
1751 dngettext() when NLS is disabled.
1752 * modules/pam_exec/pam_exec.c (call_exec): Avoid gcc warning.
1753 * doc/specs/parse_y.y (set_label, new_counter): Break trigraphs to
1755 * modules/pam_wheel/pam_wheel.c: Remove excessive initializer
1758 * modules/pam_cracklib/pam_cracklib.8.xml: Correct typo.
1759 * modules/pam_limits/limits.conf.5.xml: Likewise.
1760 * modules/pam_listfile/pam_listfile.8.xml: Likewise.
1761 * modules/pam_xauth/pam_xauth.8.xml: Likewise.
1763 * modules/pam_deny/pam_deny.8.xml: Correct spelling.
1764 * modules/pam_group/pam_group.8.xml: Likewise.
1765 * modules/pam_permit/pam_permit.8.xml: Likewise.
1766 * modules/pam_shells/pam_shells.8.xml: Likewise.
1767 * modules/pam_time/pam_time.8.xml: Likewise.
1768 * modules/pam_warn/pam_warn.8.xml: Likewise.
1770 * tests/tst-dlopen.c: Return 77 in case of static modules, such that
1771 all modules/pam_*/tst-pam_* tests yield SKIP instead of FAIL.
1772 * libpam/Makefile.am (libpam_la_LIBADD): Use "$(shell ls ...)" instead
1773 of "`ls ...`", to allow for static modules.
1774 * libpam/pam_static_modules.h: Make pam_keyinit module depend on
1775 HAVE_KEY_MANAGEMENT; correct name of pam_faildelay pam_module struct.
1776 * modules/pam_faildelay/pam_faildelay.c: Correct name of pam_module
1779 2007-10-25 Steve Langasek <vorlon@debian.org>
1781 * modules/pam_tally/pam_tally.c: fix the definition of OPT_AUDIT
1782 to be octal instead of decimal, so that it works properly in a
1783 bit field instead of forcing the "even_deny_root_account" and
1784 "no_reset" options to on.
1785 Patch from Corey Wright <undefined@pobox.com>.
1787 2007-10-19 Tomas Mraz <t8m@centrum.cz>
1789 * xtests/tst-pam_access1.c: Use different name for user and group.
1790 * xtests/tst-pam_access1.sh: Likewise.
1791 * xtests/tst-pam_access2.c: Likewise.
1792 * xtests/tst-pam_access2.sh: Likewise.
1793 * xtests/tst-pam_access4.c: Likewise.
1794 * xtests/tst-pam_access4.sh: Likewise.
1795 * xtests/group.conf: Likewise.
1796 * xtests/tst-pam_group1.c: Likewise.
1797 * xtests/tst-pam_group1.sh: Likewise.
1799 * libpam/pam_dispatch.c (_pam_dispatch_aux): Save states for substacks,
1800 record substack level, skip over virtual substack modules, implement
1801 evaluation of done, die, reset and jumps in substacks. Also fixes
1802 too far jumps in substacks.
1803 * libpam/pam_end.c (pam_end): Drop substack evaluation states.
1804 * libpam/pam_handlers.c (_pam_parse_conf_file): Add substack level
1805 parameter, instead of must_fail use handler_type needed for virtual
1807 (_pam_load_conf_file): Add substack level parameter.
1808 (_pam_init_handlers): Substack level parameter added to
1809 _pam_parse_conf_file() calls.
1810 (_pam_load_module): New function.
1811 (_pam_add_handler): Refactor code into the _pam_load_module(). Add
1812 support for virtual substack modules.
1813 * libpam/pam_private.h: Rename must_fail to handler_type, add stack_level
1814 to struct handler. Define handler type constants. Add struct
1815 for substack evaluation states. Define constant for maximum
1816 substack level. Add substack states pointer to former state struct.
1817 * libpam/pam_start.c (pam_start): Initialize pointer to substack states.
1818 * doc/man/pam.conf-syntax.xml: Document substack control.
1819 * xtests/Makefile.am: Add new tests for substack evaluation.
1820 * xtests/run_xtests.sh: Support multiple .pamd files in a test.
1821 * xtests/tst-pam_authfail.pamd: New tests for substack evaluation.
1822 * xtests/tst-pam_authsucceed.pamd: Likewise.
1823 * xtests/tst-pam_substack1.pamd: Likewise.
1824 * xtests/tst-pam_substack1a.pamd: Likewise.
1825 * xtests/tst-pam_substack1.sh: Likewise.
1826 * xtests/tst-pam_substack2.pamd: Likewise.
1827 * xtests/tst-pam_substack2a.pamd: Likewise.
1828 * xtests/tst-pam_substack2.sh: Likewise.
1829 * xtests/tst-pam_substack3.pamd: Likewise.
1830 * xtests/tst-pam_substack3a.pamd: Likewise.
1831 * xtests/tst-pam_substack3.sh: Likewise.
1832 * xtests/tst-pam_substack4.pamd: Likewise.
1833 * xtests/tst-pam_substack4a.pamd: Likewise.
1834 * xtests/tst-pam_substack4.sh: Likewise.
1835 * xtests/tst-pam_substack5.pamd: Likewise.
1836 * xtests/tst-pam_substack5a.pamd: Likewise.
1837 * xtests/tst-pam_substack5.sh: Likewise.
1839 2007-10-18 Tomas Mraz <t8m@centrum.cz>
1841 * xtests/tst-pam_dispatch4.c: Fix comment about the test.
1842 * xtests/tst-pam_dispatch4.pamd: Improve the testcase.
1843 * xtests/tst-pam_cracklib2.c: Make the testcase more robust.
1845 2007-10-12 Thorsten Kukuk <kukuk@thkukuk.de>
1847 * xtests/Makefile.am: Add tst-pam_dispatch5 sources
1848 * xtests/tst-pam_dispatch5.c: New test for jump too far.
1849 * xtests/tst-pam_dispatch5.pamd: New test configuration.
1851 2007-10-09 Tomas Mraz <t8m@centrum.cz>
1853 * modules/pam_tally/pam_tally.8.xml: Document audit option
1856 2007-10-09 Thorsten Kukuk <kukuk@thkukuk.de>
1858 * release version 0.99.9.0
1860 * configure.in: Increase vesion number.
1862 * libpam/Makefile.am: Increase release number.
1863 * libpam_misc/Makefile.am: Increase release number.
1865 * po/*.po: Regenerate.
1867 2007-10-08 Thorsten Kukuk <kukuk@thkukuk.de>
1869 * modules/pam_time/pam_time.c (is_same): Length of strings without
1870 wildcard needs to be the same.
1871 * modules/pam_group/pam_group.c (is_same): Likewise.
1873 2007-10-01 Thorsten Kukuk <kukuk@thkukuk.de>
1875 * xtests/tst-pam_group1.c: New test case for user compare in pam_group.
1876 * xtests/tst-pam_group1.sh: Script to run test case.
1877 * xtests/tst-pam_group1.pamd: Config for test case.
1878 * xtests/Makefile.am: Add tst-pam_group1 test case.
1879 * xtests/run-xtests.sh: Save/restore group.conf.
1880 * xtests/group.conf: New.
1882 * modules/pam_xauth/pam_xauth.c (pam_sm_open_session): Don't
1883 free arguments used for putenv().
1885 * doc/man/pam_putenv.3.xml: Document that application has to free
1888 2007-09-27 Tomas Mraz <t8m@centrum.cz>
1890 * modules/pam_succeed_if/pam_succeed_if.c (evaluate_inlist): Fix in
1891 operator rhbz #295151.
1892 * modules/pam_namespace/pam_namespace.c (poly_name): Do not try to
1893 get context when SELinux is disabled.
1895 2007-09-27 Thorsten Kukuk <kukuk@thkukuk.de>
1897 * xtests/tst-pam_succeed_if1.c: New test case for
1898 https://bugzilla.redhat.com/show_bug.cgi?id=295151
1899 * xtests/tst-pam_succeed_if1.sh: Script to run test case.
1900 * xtests/tst-pam_succeed_if1.pamd: Config for test case.
1901 * xtests/Makefile.am: Add tst-pam_succeed_if1 test case.
1903 * xtests/run-xtests.sh: Add support to skip tests.
1904 * xtests/tst-pam_limits1.c: Skip test if RLIMIT_NICE is not
1907 2007-09-03 Steve Langasek <vorlon@debian.org>
1909 * modules/pam_limits/pam_limits.c: remove a number of unnecessary
1910 string manipulations, including a strncpy() that was acting on
1913 * libpam_misc/misc_conv.c: don't block SIGINT in misc_conv; it's
1914 perfectly valid to allow the user to interrupt at a prompt. If
1915 an application wants prompts to not be interruptable, the
1916 application should take responsibility for blocking SIGINT.
1918 2007-09-02 Thorsten Kukuk <kukuk@thkukuk.de>
1920 * examples/Makefile.am: Fix usage of LIBADD, LDADD and LDFLAGS.
1921 * libpam/Makefile.am: Likewise.
1922 * modules/pam_access/Makefile.am: Likewise.
1923 * modules/pam_cracklib/Makefile.am: Likewise.
1924 * modules/pam_debug/Makefile.am: Likewise.
1925 * modules/pam_deny/Makefile.am: Likewise.
1926 * modules/pam_echo/Makefile.am: Likewise.
1927 * modules/pam_env/Makefile.am: Likewise.
1928 * modules/pam_exec/Makefile.am: Likewise.
1929 * modules/pam_faildelay/Makefile.am: Likewise.
1930 * modules/pam_filter/Makefile.am: Likewise.
1931 * modules/pam_filter/upperLOWER/Makefile.am: Likewise.
1932 * modules/pam_ftp/Makefile.am: Likewise.
1933 * modules/pam_group/Makefile.am: Likewise.
1934 * modules/pam_issue/Makefile.am: Likewise.
1935 * modules/pam_keyinit/Makefile.am: Likewise.
1936 * modules/pam_lastlog/Makefile.am: Likewise.
1937 * modules/pam_limits/Makefile.am: Likewise.
1938 * modules/pam_listfile/Makefile.am: Likewise.
1939 * modules/pam_localuser/Makefile.am: Likewise.
1940 * modules/pam_loginuid/Makefile.am: Likewise.
1941 * modules/pam_mail/Makefile.am: Likewise.
1942 * modules/pam_mkhomedir/Makefile.am: Likewise.
1943 * modules/pam_motd/Makefile.am: Likewise.
1944 * modules/pam_namespace/Makefile.am: Likewise.
1945 * modules/pam_nologin/Makefile.am: Likewise.
1946 * modules/pam_permit/Makefile.am: Likewise.
1947 * modules/pam_rhosts/Makefile.am: Likewise.
1948 * modules/pam_rootok/Makefile.am: Likewise.
1949 * modules/pam_securetty/Makefile.am: Likewise.
1950 * modules/pam_selinux/Makefile.am: Likewise.
1951 * modules/pam_shells/Makefile.am: Likewise.
1952 * modules/pam_stress/Makefile.am: Likewise.
1953 * modules/pam_succeed_if/Makefile.am: Likewise.
1954 * modules/pam_tally/Makefile.am: Likewise.
1955 * modules/pam_time/Makefile.am: Likewise.
1956 * modules/pam_umask/Makefile.am: Likewise.
1957 * modules/pam_unix/Makefile.am: Likewise.
1958 * tests/Makefile.am: Likewise.
1960 2007-08-31 Steve Langasek <vorlon@debian.org>
1962 * modules/pam_group/group.conf: don't use "games" as an example
1963 group, on some distros this is a pre-existing group that it would
1964 be a security hole to give users access to.
1966 2007-08-30 Thorsten Kukuk <kukuk@thkukuk.de>
1968 * modules/pam_limits/limits.conf.5.xml: Document that maxlogins
1969 is ignored for users with UID 0.
1971 2007-08-30 Steve Langasek <vorlon@debian.org>
1973 * modules/pam_unix/support.c, modules/pam_unix/unix_chkpwd.c:
1974 A wrong username doesn't need to be logged at LOG_ALERT;
1975 LOG_WARNING should be sufficient.
1976 Patch from Sam Hartman <hartmans@debian.org>.
1978 * modules/pam_cracklib/pam_cracklib.c:
1979 s/CRACKLIB_DICT/CRACKLIB_DICTS/, for consistency with existing
1982 2007-08-29 Steve Langasek <vorlon@debian.org>
1984 * libpam/pam_modutil_getgrgid.c, libpam/pam_modutil_getgrnam.c,
1985 libpam/pam_modutil_getpwnam.c, libpam/pam_modutil_getpwuid.c,
1986 libpam/pam_modutil_getspnam.c: don't use pthread mutexes in libpam
1987 unnecessarily; this avoids linking problems on non-Linux
1990 * modules/pam_listfile/pam_listfile.c, modules/pam_listfile/README,
1991 modules/pam_listfile/pam_listfile.8,
1992 modules/pam_listfile/pam_listfile.8.xml: add a 'quiet' option to
1993 avoid logging errors any time a user is refused service by this
1996 2007-08-29 Thorsten Kukuk <kukuk@thkukuk.de>
1998 * modules/pam_rhosts/pam_rhosts_auth.c: buflen needs to be size_t.
1999 (__icheckhost): Cast to int32_t to fix limited range error.
2001 * modules/pam_cracklib/pam_cracklib.c: Mark cracklib_dictpath
2004 2007-08-29 Steve Langasek <vorlon@debian.org>
2006 * modules/pam_rhosts/pam_rhosts_auth.c: getline returns -1 at
2007 EOF, not 0. Check accordingly to fix an infinite loop. Thanks
2008 to Stephan Springl <springl-rhosts@bfw-online.de> for catching
2011 2007-08-28 Steve Langasek <vorlon@debian.org>
2013 * configure.in: call AC_CHECK_HEADERS instead of AC_CHECK_HEADER
2014 for crack.h, so we get a HAVE_CRACK_H define.
2015 * modules/pam_cracklib/pam_cracklib.c: don't copy around the
2016 cracklib dictpath into a fixed-width buffer, when we can just
2017 point at the existing strings; and allow users to override the
2018 default cracklib path with -DCRACKLIB_DICT, required for
2019 compatibility with cracklib 2.7.
2021 2007-08-27 Steve Langasek <vorlon@debian.org>
2023 * modules/pam_limits/pam_limits.c: when building on non-Linux
2024 systems, give a warning only, not an error; no one seems to
2025 remember why this error was here in the first place, but leave
2026 something in that might still grab the attention of non-Linux
2028 Patch from Michal Suchanek <hramrach_l@centrum.cz>.
2029 * configure.in, modules/pam_rhosts/pam_rhosts_auth.c: check for
2030 the presence of net/if.h before using, required for Hurd
2032 Patch from Igor Khavkine <i_khavki@alcor.concordia.ca>.
2033 * modules/pam_limits/pam_limits.c: conditionalize the use of
2034 RLIMIT_AS, which is not present on the Hurd.
2035 Patch from Igor Khavkine <i_khavki@alcor.concordia.ca>.
2036 * modules/pam_rhosts/pam_rhosts_auth.c: use getline() instead of
2037 a static buffer when available; fixes the build on systems
2038 without MAXHOSTNAMELEN (i.e., the Hurd).
2039 * modules/pam_xauth/pam_xauth.c: make sure PATH_MAX is defined
2042 2007-08-26 Andrew Morgan <morgan@kernel.org>
2044 * doc/man/pam.conf-syntax.xml
2045 Minor fixes: '\[' -> '\]'.
2047 2007-08-25 Steve Langasek <vorlon@debian.org>
2049 * doc/man/pam.conf-syntax.xml, doc/man/pam.conf.5:
2050 Document "new" control options conv_again and incomplete, supported
2051 in pam.d's extended syntax.
2052 Patch from Ben Collins <bcollins@debian.org>.
2054 2007-08-15 Tomas Mraz <t8m@centrum.cz>
2056 * modules/pam_access/pam_access.c (list_match): Add explicit
2057 sptr argument for strtok_r, otherwise the code is not portable.
2059 2007-08-13 Olivier Blin <blino@mandriva.com>
2061 * doc/man/pam.3.xml: Fix typo.
2062 * doc/man/pam.3: Likewise.
2063 * doc/man/pam_end.3.xml: Likewise.
2064 * doc/man/pam_end.3: Likewise.
2066 2007-07-18 Thorsten Kukuk <kukuk@thkukuk.de>
2068 * release version 0.99.8.1
2070 * libpam/pam_audit.c: Include unistd.h for getuid().
2071 * libpam/Makefile.am: Bump version number.
2073 2007-07-12 Thorsten Kukuk <kukuk@thkukuk.de>
2075 * libpam/pam_audit.c (_pam_audit_writelog): Don't return
2076 error if application runs as normal user. Fixes regression
2077 introduced with last change.
2079 2007-07-10 Thorsten Kukuk <kukuk@thkukuk.de>
2081 * configure.in: Add --with-db-uniquename option to support
2082 db libraries and functions with unique name extension.
2083 Patch from Diego 'Flameeyes' Pettenò <flameeyes@gmail.com>.
2085 * modules/pam_limits/pam_limits.c: Include locale.h.
2087 2007-07-06 Thorsten Kukuk <kukuk@thkukuk.de>
2089 * release version 0.99.8.0
2091 * configure.in: Check for audit_log_acct_message instead of
2092 audit_log_user_message.
2093 * libpam/pam_audit.c: Use audit_log_acct_message.
2094 Based on patch from Mark J Cox <mjc@redhat.com>.
2095 * libpam/Makefile.am: Bump version number of libpam.
2097 * modules/pam_umask/pam_umask.c (set_umask): mode_t is 32bit,
2100 * xtests/tst-pam_limits1.c: Fix printf arguments.
2102 * po/*.po: Merge po files with latest code changes.
2104 2007-06-26 Thorsten Kukuk <kukuk@thkukuk.de>
2106 * modules/pam_limits/pam_limits.c (process_limit): Check upper and
2107 lower limit of nice value, fix off-by-one in conversation to rlim_t.
2108 * xtests/Makefile.am: Add new pam_limits test case.
2109 * xtests/limits.conf: New, config file for test case.
2110 * xtests/pam_limits1.c: New, test case for RLIMIT_NICE.
2111 * xtests/pam_limits1.sh: Likewise.
2112 * xtests/pam_limits1.pamd: Likewise.
2114 2007-06-25 Thorsten Kukuk <kukuk@thkukuk.de>
2116 * modules/pam_access/pam_access.c (list_match): Use saveptr of strtok_r
2117 result for recursive calls.
2118 * xtests/Makefile.am: Add new pam_access test cases.
2119 * xtests/pam_access1.c: New test case.
2120 * xtests/pam_access2.c: Likewise.
2121 * xtests/pam_access3.c: Likewise.
2122 * xtests/pam_access4.c: Likewise.
2123 * xtests/pam_access1.sh: Wrapper to create user accounts.
2124 * xtests/pam_access2.sh: Likewise.
2125 * xtests/pam_access3.sh: Likewise.
2126 * xtests/pam_access4.sh: Likewise.
2127 * xtests/pam_access1.pamd: PAM config file for pam_access tests.
2128 * xtests/pam_access2.pamd: Likewise.
2129 * xtests/pam_access3.pamd: Likewise.
2130 * xtests/pam_access4.pamd: Likewise.
2131 * xtests/access.conf: Config file for pam_access tests.
2132 * xtests/run-tests.sh: Install access.conf into system.
2134 2007-06-22 Thorsten Kukuk <kukuk@thkukuk.de>
2136 * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Print
2137 better error message if /proc/self/loginuid cannot be opened.
2139 * modules/pam_limits/pam_limits.c (process_limit): Check for
2140 variable overflow after multiplication [bnc#283001].
2142 * modules/pam_access/pam_access.c: Add new syntax for groups
2143 in access.conf to differentiate group names from account names.
2144 Based on patch from Julien Lecomte <julien@famille-lecomte.net>,
2145 solves feature request [#411390].
2146 * modules/pam_access/access.conf: Add example for new group
2148 * modules/pam_access/access.conf.5.xml: Document new syntax.
2150 2007-06-20 Thorsten Kukuk <kukuk@thkukuk.de>
2152 * modules/pam_cracklib/pam_cracklib.8.xml: Document new minclass
2154 * modules/pam_cracklib/pam_cracklib.c: Add support for minimum
2155 character classes [#1688777]. Based on patch from Keith Schincke.
2157 * xtests/tst-pam_cracklib2.c: New, test case for minclass option.
2158 * xtests/tst-pam_cracklib2.pamd: New, PAM config file for test case.
2159 * xtests/Makefile.am: Add new testcase.
2161 * xtests/pam_cracklib.c: Fix comment what this application tests.
2163 * configure.in: Use /lib64 on x86-64, ppc64, s390x, sparc64
2165 2007-06-15 Tomas Mraz <t8m@centrum.cz>
2167 * modules/pam_selinux/pam_selinux.8.xml: Remove multiple option,
2168 add select_context and use_current_range options.
2169 * modules/pam_selinux/pam_selinux.c (send_audit_message): Added
2170 function for auditing role/level changes.
2171 (query_response): Add default response.
2172 (select_context): Removed.
2173 (manual_context): Query only role and level.
2174 (mls_range_allowed): Added function for range check.
2175 (config_context): Added function for role and level override.
2176 (pam_sm_open_session): Remove multiple option, add select_context
2177 and use_current_range_options. Use getseuserbyname to obtain
2178 SELinux user and level. Audit role/level changes. Call setkeycreatecon
2179 to assign key creation context. Don't fail on errors when SELinux
2180 is not in enforcing mode.
2181 * configure.in: Check for setkeycreatecon().
2183 * modules/pam_namespace/README.xml: Avoid duplication of
2185 * modules/pam_namespace/namespace.conf: More real life example
2187 * modules/pam_namespace/namespace.conf.5.xml: Likewise plus
2188 properly describe how instance directory names are formed.
2189 * modules/pam_namespace/namespace.init: Preserve euid when
2190 called from setuid apps (su, newrole).
2191 * modules/pam_namespace/pam_namespace.8.xml: Added option
2192 no_unmount_on_close.
2193 * modules/pam_namespace/pam_namespace.c (process_line): Polyinst
2194 methods are now user, level and context. Fix crash on unknown
2195 override user in config file.
2196 (ns_override): Add explicit uid parameter.
2197 (form_context): Skip for user method. Implement level based
2199 (poly_name): Initialize contexts. Add level based polyinst,
2200 remove 'both' metod. Use raw contexts for instance names,
2201 truncate long instance names and add hash.
2202 (ns_setup): Hashing moved to poly_name().
2203 (setup_namespace): Handle correctly override users for
2204 su (when unmnt_remnt is used).
2205 (pam_sm_close_session): Added no_unmount_on_close option.
2206 * modules/pam_namespace/pam_namespace.h: Added
2207 no_unmount_on_close_option, level method, limit on instance
2208 directory name length.
2210 2007-05-04 Thorsten Kukuk <kukuk@suse.de>
2212 * xtests/run-xtests.sh: Use SRCDIR to find PAM config files.
2213 * xtests/Makefile.am: Call run-xtests.sh with srcdir as first
2215 Based on patch by Bernard Leak <thisisnotapipe@hotmail.com>.
2217 2007-04-30 Thorsten Kukuk <kukuk@thkukuk.de>
2219 * modules/pam_limits/limits.conf: Address space limit is KB.
2220 * modules/pam_limits/limits.conf.5.xml: Likewise.
2221 Reported by Thomas Vander Stichele <thomas@apestaart.org>.
2223 * modules/pam_mail/pam_mail.c (_do_mail): Remove duplicate
2224 check for PAM_SILENT and don't bail out if it is set [#1706247].
2226 2007-03-29 Tomas Mraz <t8m@centrum.cz>
2228 * modules/pam_access/pam_access.c (login_access, list_match):
2229 Replace strtok with strtok_r.
2230 * modules/pam_cracklib/pam_cracklib.c (check_old_password):
2232 * modules/pam_ftp/pam_ftp.c (lookup, pam_authenticate):
2234 * modules/pam_unix/pam_unix_passwd.c (check_old_password,
2235 save_old_password): Likewise.
2237 * modules/pam_limits/Makefile.am: Define limits.d dir and install it.
2238 * modules/pam_limits/pam_limits.8.xml: Describe limits.d parsing.
2239 * modules/pam_limits/pam_limits.c (pam_limit_s): Make conf_file ptr.
2240 (pam_parse): conf_file is now ptr.
2241 (pam_sm_open_session): Add parsing files from limits.d subdir using
2242 glob, change pl to pointer.
2244 2007-03-12 Thorsten Kukuk <kukuk@thkukuk.de>
2246 * po/ar.po: New translation.
2247 * po/ca.po: Likewise.
2248 * po/da.po: Likewise.
2249 * po/ru.po: Likewise.
2250 * po/sv.po: Likewise.
2251 * po/zu.po: Likewise.
2252 * po/LINGUAS: Add ar, ca, da, ru, sv, zu
2254 * po/hu.po: Update translation.
2256 2007-02-21 Tomas Mraz <t8m@centrum.cz>
2258 * modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Test for
2259 allocation failure in bigcrypt().
2261 * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Allow
2262 modification of '*' password by root.
2264 2007-02-06 Tomas Mraz <t8m@centrum.cz>
2266 * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Remove
2267 debug syslog message when loginuid doesn't exist.
2269 2007-02-01 Tomas Mraz <t8m@centrum.cz>
2271 * xtests/tst-pam_unix3.c: Fix typos in comments.
2273 * modules/pam_unix/support.c (_unix_verify_password): Explicitly
2274 disallow '!' in the beginning of password hash. Treat only
2275 13 bytes password hash specifically. (Suggested by Solar Designer.)
2276 Fix a warning and test for allocation failure.
2277 * modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Likewise.
2279 2007-01-31 Thorsten Kukuk <kukuk@thkukuk.de>
2281 * xtests/Makefile.am: Add new pam_unix.so tests
2282 * xtests/run-xtests.sh: Prefer shell scripts (wrapper)
2284 * xtests/tst-pam_cracklib1.c: Fix typo.
2285 * xtests/tst-pam_unix1.c: New, for sucurity fix.
2286 * xtests/tst-pam_unix1.pamd: New.
2287 * xtests/tst-pam_unix1.sh: New.
2288 * xtests/tst-pam_unix2.c: New, for crypt checks.
2289 * xtests/tst-pam_unix2.pamd: New.
2290 * xtests/tst-pam_unix2.sh: New.
2291 * xtests/tst-pam_unix3.c: New, for bigcrypt checks.
2292 * xtests/tst-pam_unix3.pamd: New.
2293 * xtests/tst-pam_unix3.sh: New.
2295 2007-01-23 Thorsten Kukuk <kukuk@suse.de>
2299 * configure.in: Set version number to 0.99.7.1
2301 2007-01-23 Thorsten Kukuk <kukuk@thukuk.de>
2302 Tomas Mraz <t8m@centrum.cz>
2304 * modules/pam_unix/support.c (_unix_verify_password): Always
2305 compare full encrypted passwords (CVE-2007-0003).
2307 2007-01-23 Tomas Mraz <t8m@centrum.cz>
2309 * modules/pam_loginuid/Makefile.am (AM_LDFLAGS): Add LIBAUDIT.
2311 * modules/pam_selinux/Makefile.am (pam_selinux_check_LDFLAGS): Add
2313 (pam_selinux_la_LDFLAGS): Likewise.
2315 2007-01-17 Thorsten Kukuk <kukuk@thkukuk.de>
2319 * configure.in: Set version number to 0.99.7.0
2321 * Makefile.am (M4_FILES): Replace GNU make extension by listing
2324 2007-01-17 Tomas Mraz <t8m@centrum.cz>
2326 * po/*.po: Updated strings to translate.
2327 * po/Linux-PAM.pot: Likewise.
2329 2007-01-16 Thorsten Kukuk <kukuk@thkukuk.de>
2331 * doc/man/pam.conf-syntax.xml: Improve documentation about
2332 sufficient keyword (Patch by Petteri Räty <betelgeuse@gentoo.org>)
2334 2006-12-20 Thorsten Kukuk <kukuk@thkukuk.de>
2336 * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Forbid
2337 only '+' and '-' as first characters for account names.
2338 * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise.
2340 2006-12-18 Thorsten Kukuk <kukuk@thkukuk.de>
2342 * configure.in: Fix ENOKEY check (specify errno.h as header
2345 * configure.in: Add AM_PROG_CC_C_O.
2346 * libpam/Makefile.am: Add content of AM_LDFLAGS to *_LDFLAGS.
2347 * modules/pam_tally/Makefile.am: Likewise.
2348 * modules/pam_unix/Makefile.am: Likewise.
2350 * modules/pam_stress/pam_stress.c (pam_sm_chauthtok): Fix
2351 localisation of message printed to user.
2352 * po/de.po: Adjust translation.
2354 2006-12-18 Tomas Mraz <t8m@centrum.cz>
2356 * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Localize
2357 message printed to user.
2359 * modules/pam_unix/support.c (_unix_verify_password): Use strncmp
2360 only for bigcrypt result.
2362 * modules/pam_keyinit/pam_keyinit.c (kill_keyrings): Switch to new
2363 egid first, euid next. Revert euid/egid to old euid/egid and not
2365 (pam_sm_open_session): Switch to new rgid first, ruid next.
2367 2006-12-13 Thorsten Kukuk <kukuk@thkukuk.de>
2369 * modules/pam_localuser/pam_localuser.c: Add support for session
2370 and chauthtok [SF#1606180].
2371 * modules/pam_localuser/pam_localuser.8.xml: Document last change.
2373 * libpam/pam_audit.c (_pam_audit_writelog): Print error message
2376 2006-12-12 Thorsten Kukuk <kukuk@thkukuk.de>
2378 * libpam/pam_audit.c (_pam_audit_writelog): Print error
2379 message on failure to syslog.
2381 2006-12-09 Thorsten Kukuk <kukuk@thkukuk.de>
2383 * modules/pam_umask/pam_umask.c: Use strtoul instead of strtol,
2384 fix overflow detection.
2386 2006-12-06 Thorsten Kukuk <kukuk@thkukuk.de>
2388 * modules/pam_mkhomedir/pam_mkhomedir.c (rec_mkdir): Fix
2389 handling of left-most path component [SF#1591598].
2390 (create_homedir): Mark user visible messages for translation.
2391 * po/de.po: Adjust german translation for pam_mkhomedir.
2393 * modules/pam_faildelay/pam_faildelay.c: If no argument is
2394 given, try to read FAIL_DELAY from /etc/login.defs.
2395 * modules/pam_faildelay/pam_faildelay.8.xml: Document usage
2398 2006-12-04 Tomas Mraz <t8m@centrun.cz>
2400 * po/jp.po: Fixed mistake in Password: message (from
2401 Peng Huang <phuang@redhat.com>).
2403 2006-11-28 Thorsten Kukuk <kukuk@thkukuk.de>
2405 * po/hu.po: Update hungarian translation (from
2406 Kalman Kemenczy <kkemenczy@novell.com>).
2408 * configure.in: Allow disabling support for cracklib, audit, libdb.
2410 * modules/pam_faildelay/pam_faildelay.8.xml: Correct name of Author.
2412 * configure.in: Remove --enable-docdir (obsolete by --docdir).
2413 * doc/Makefile.am: Don't overwrite htmldir.
2414 * doc/adg/Makefile.am: Use docdir, htmldir and pdfdir.
2415 * doc/mwg/Makefile.am: Likewise.
2416 * doc/sag/Makefile.am: Likewise.
2417 * doc/specs/Makefile.am: Use docdir.
2419 * tests/tst-pam_set_data.c: New test cases for pam_set_data().
2420 * tests/Makefile.am: Add pam_set_data test case.
2422 * libpam/pam_data.c: Add NULL pointer check for module_data_name.
2423 * libpam/Makefile.am: Bump revision of shared library.
2425 2006-11-08 Thorsten Kukuk <kukuk@thkukuk.de>
2427 * configure.in: Add modules/pam_faildelay/Makefile.
2428 * doc/sag/Linux-PAM_SAG.xml: Include pam_faildelay.xml.
2429 * doc/sag/pam_faildelay.xml: New.
2430 * libpam/pam_static_modules.h: Include static pam_faildelay data.
2431 * modules/Makefile.am: Add pam_faildelay directory.
2432 * modules/pam_faildelay/Makefile.am: New.
2433 * modules/pam_faildelay/README: New, generated from XML file.
2434 * modules/pam_faildelay/README.xml: New.
2435 * modules/pam_faildelay/pam_faildelay.8: New, generated from xml.
2436 * modules/pam_faildelay/pam_faildelay.8.xml: New.
2437 * modules/pam_faildelay/pam_faildelay.c: New.
2438 * modules/pam_faildelay/tst-pam_faildelay: New.
2440 * po/POTFILES.in: Add pam_faildelay.c and pam_loginuid.c.
2442 2006-11-07 Thorsten Kukuk <kukuk@thkukuk.de>
2444 * modules/pam_cracklib/pam_cracklib.c: PAM_DEBUG_ARG
2445 is a bit mask and not a boolean value (Reported by
2446 Jochen Voss <voss@seehuhn.de>).
2448 2006-10-26 Thorsten Kukuk <kukuk@thkukuk.de>
2450 * doc/man/pam.3.xml: Add pam_get_user function.
2452 * modules/pam_motd/pam_motd.8.xml: Fix typo.
2454 2006-10-24 Thorsten Kukuk <kukuk@thkukuk.de>
2456 * modules/pam_namespace/pam_namespace.c: Reserve space for
2459 2006-10-24 Thorsten Kukuk <kukuk@thkukuk.de>
2461 * modules/pam_unix/support.c (_unix_verify_password): Try system
2462 crypt() if we don't know the hash alogorithm.
2463 * modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Likewise.
2465 2006-10-13 Tomas Mraz <t8m@centrum.cz>
2467 * doc/mwg/Linux-PAM_MWG.xml: Add id[s] to section[s].
2468 * doc/sag/pam_access.xml: Likewise.
2469 * doc/sag/pam_echo.xml: Likewise.
2470 * doc/sag/pam_env.xml: Likewise.
2471 * doc/sag/pam_exec.xml: Likewise.
2472 * doc/sag/pam_group.xml: Likewise.
2473 * doc/sag/pam_limits.xml: Likewise.
2474 * doc/sag/pam_namespace.xml: Likewise.
2475 * doc/sag/pam_time.xml: Likewise.
2476 * doc/sag/Linux-PAM_SAG.xml: Add id to book.
2477 * doc/adg/Linux-PAM_ADG.xml: Add id to book.
2478 * doc/mwg/Linux-PAM_MWG.xml: Add id to book.
2481 2006-10-07 Thorsten Kukuk <kukuk@thkukuk.de>
2483 * po/hu.po: Updated hungarian translation (from
2484 Kalman Kemenczy <kkemenczy@novell.com>)
2486 2006-09-20 Thorsten Kukuk <kukuk@thkukuk.de>
2488 * doc/adg/Makefile.am: Add manual pages as dependency.
2489 * doc/mwg/Makefile.am: Likewise.
2490 * doc/sag/Makefile.am: Likewise.
2491 * doc/sag/Linux-PAM_SAG.xml: Include pam_unix.xml.
2492 * doc/sag/pam_unix.xml: New.
2493 * modules/pam_unix/Makefile.am: Generate pam_unix.8 manual page.
2494 * modules/pam_unix/README.xml: New.
2495 * modules/pam_unix/pam_unix.8.xml: New.
2496 * modules/pam_unix/README: Regenerate from XML.
2497 * modules/pam_unix/pam_unix.8: Generated from XML.
2499 2006-09-09 Dmitry V. Levin <ldv@altlinux.org>
2501 * modules/pam_wheel/pam_wheel.8.xml: Fix typo.
2502 * modules/pam_wheel/pam_wheel.8: Likewise.
2503 * modules/pam_wheel/README: Likewise.
2505 2006-09-08 Thorsten Kukuk <kukuk@thkukuk.de>
2507 * po/de.po: Fix typo.
2509 2006-09-06 Thorsten Kukuk <kukuk@thkukuk.de>
2511 * release version 0.99.6.3
2513 2006-09-01 Thorsten Kukuk <kukuk@thkukuk.de>
2515 * modules/pam_loginuid/pam_loginuid.8.xml: Fix typo in
2518 2006-08-31 Thorsten Kukuk <kukuk@thkukuk.de>
2520 * modules/pam_env/environment: New, dummy environment example
2523 * modules/pam_namespace/Makefile.am: Don't install
2524 manual page if we don't build module.
2526 * m4/ld-as-needed.m4: Don't set LDFLAGS if check failed.
2527 * m4/ld-O1: Likewise.
2529 2006-08-30 Tomas Mraz <t8m@centrum.cz>
2531 * modules/pam_access/pam_access.8.xml: All services supported.
2532 * modules/pam_access/pam_access.c (pam_sm_open_session): New.
2533 (pam_sm_close_session): New.
2534 (pam_sm_chauthtok): New.
2536 * modules/pam_access/pam_succeed_if.8.xml: All services supported.
2537 * modules/pam_access/pam_succeed_if.c (pam_sm_setcred): Return
2538 PAM_IGNORE rather than success.
2539 (pam_sm_open_session): New.
2540 (pam_sm_close_session): New.
2541 (pam_sm_chauthtok): New.
2543 2006-08-30 Thorsten Kukuk <kukuk@thkukuk.de>
2545 * xtests/Makefile.am: Move shell code to execute tests from here ...
2546 * xtests/run-xtests.sh: ... to here.
2547 * xtests/*.c: Include config.h.
2548 * tests/*.c: Likewise.
2550 * modules/pam_namespace/pam_namespace.c: Use pam_modutil_getpwnam()
2551 instead of getpwnam().
2553 2006-08-29 Thorsten Kukuk <kukuk@thkukuk.de>
2555 * doc/sag/pam_loginuid.xml: New.
2556 * doc/sag/Linux-PAM_SAG.xml: Include pam_loginuid.xml.
2558 * configure.in: Add modules/pam_loginuid/Makefile.
2559 * modules/Makefile.am: Add pam_loginuid sub directory.
2561 * libpam/pam_static_modules.h: Add pam_loginuid.
2563 * modules/pam_loginuid/Makefile.am: New.
2564 * modules/pam_loginuid/tst-pam_loginuid: New.
2565 * modules/pam_loginuid/pam_loginuid.8.xml: New.
2566 * modules/pam_loginuid/pam_loginuid.8: New, generated from XML source.
2567 * modules/pam_loginuid/pam_loginuid.c: New.
2568 * modules/pam_loginuid/README.xml: New.
2569 * modules/pam_loginuid/README: New, generated from XML source.
2571 2006-08-29 Dmitry V. Levin <ldv@altlinux.org>
2573 * modules/pam_exec/pam_exec.c (call_exec): Add required third
2574 argument to open() call with O_CREAT flag set.
2576 2006-08-28 Thorsten Kukuk <kukuk@thkukuk.de>
2578 * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Remove
2581 2006-08-24 Thorsten Kukuk <kukuk@thkukuk.de>
2583 * release version 0.99.6.2
2585 * modules/pam_lastlog/pam_lastlog.c (last_login_date): Create
2586 lastlog file if it does not exist.
2588 * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Check
2589 for error from getting second token.
2590 * xtests/Makefile.am: Add tst-pam_cracklib1
2591 * xtests/tst-pam_cracklib1.c: New, check for pam_cracklib seg.fault.
2592 * xtests/tst-pam_cracklib1.pamd: New, config for cracklib test.
2594 2006-08-24 Thorsten Kukuk <kukuk@thkukuk.de>
2596 * xtests/tst-pam_dispatch4.c: New test.
2597 * xtests/tst-pam_dispatch4.pamd: PAM config for new test.
2599 2006-08-09 Thorsten Kukuk <kukuk@thkukuk.de>
2601 * release version 0.99.6.1
2603 2006-08-09 David Howells <dhowells@redhat.com>
2605 * modules/pam_keyinit/pam_keyinit.c (kill_keyrings): Set real uid
2606 to user's before revoking.
2607 (pam_sm_open_session): Remember the uid.
2609 2006-08-06 Thorsten Kukuk <kukuk@thkukuk.de>
2611 * modules/pam_umask/pam_umask.c (setup_limits_from_gecos):
2613 * modules/pam_umask/pam_umask.8.xml: Document silent option.
2615 * xtests/Makefile.am: Fix includes for bootstrapping.
2616 Reported by Greg Schafer <gschafer@zip.com.au>.
2618 2006-08-05 Thorsten Kukuk <kukuk@thkukuk.de>
2620 * release version 0.99.6.0
2622 * modules/pam_limits/pam_limits.c (pam_sm_open_session): Use
2623 pam_modutil_getpwnam instead of getpwnam.
2625 * modules/pam_succeed_if/pam_succeed_if.c (evaluate): Cast
2626 svc variable to char pointer for snprintf.
2628 * configure.in: Generate xtests/Makefile.
2629 * Makefile.am (SUBDIRS): Add xtests.
2630 * README: Document make check and make xtests.
2631 * xtests/Makefile.am: New.
2632 * xtests/tst-pam_dispatch1.pamd: New.
2633 * xtests/tst-pam_dispatch2.pamd: New.
2634 * xtests/tst-pam_dispatch3.pamd: New.
2635 * xtests/tst-pam_dispatch1.c: New.
2636 * xtests/tst-pam_dispatch2.c: New.
2637 * xtests/tst-pam_dispatch3.c: New.
2639 2006-08-04 Ray Strode <rstrode@redhat.com>
2641 * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate):
2642 Return PAM_USER_UNKNOWN instead of PAM_SERVICE_ERR where appropriate.
2644 2006-08-03 David Howells <dhowells@redhat.com>
2646 * modules/pam_keyinit/pam_keyinit.c: Debug should be off by default.
2647 (init_keyrings): Properly handle multiple invocations of the module.
2648 (kill_keyrings, pam_sm_open_session, pam_sm_close_session): Likewise.
2650 2006-08-03 Tomas Mraz <t8m@centrum.cz>
2652 * modules/pam_succeed_if/pam_succeed_if.c (evaluate_inlist):
2653 New function for list matching.
2654 (evaluate_notinlist): Likewise.
2655 (evaluate): Add service value match, list matching.
2656 * modules/pam_succeed_if/pam_succeed_if.8.xml: Document the
2659 * modules/pam_selinux/pam_selinux.c (security_label_tty): Don't log
2660 relabelling error when the tty device doesn't exist (ENOENT).
2662 2006-08-01 Thorsten Kukuk <kukuk@thkukuk.de>
2664 * doc/man/pam_fail_delay.3.xml: Fix some Bugs and enhance
2665 rationale about when this function should be used and when not.
2667 * doc/index.html: Cleanup to look prettier.
2669 2006-08-01 Thorsten Kukuk <kukuk@thkukuk.de>
2671 * libpam/Makefile.am: Bump patchlevel of libpam.
2672 * libpam/pam_dispatch.c (_pam_dispatch_aux): If [return=die]
2673 or [return=bad] is used, don't return PAM_IGNORE. Based on
2674 patch by Tomas Mraz <t8m@centrum.cz>, [BRC#196859].
2676 2006-07-28 Thorsten Kukuk <kukuk@thkukuk.de>
2678 * ABOUT-NLS: Upgrade to gettext-0.15.
2679 * config.rpath: Likewise.
2680 * m4/gettext.m4: Upgrade to gettext-0.15.
2681 * m4/inttypes-h.m4: New file, from gettext-0.15.
2682 * m4/inttypes-pri.m4: Upgrade to gettext-0.15.
2683 * m4/lib-link.m4: Upgrade to gettext-0.15.
2684 * m4/lib-prefix.m4: Upgrade to gettext-0.15.
2685 * m4/lock.m4: New file, from gettext-0.15.
2686 * m4/longdouble.m4: Upgrade to gettext-0.15.
2687 * m4/nls.m4: Upgrade to gettext-0.15.
2688 * m4/po.m4: Upgrade to gettext-0.15.
2689 * m4/size_max.m4: Upgrade to gettext-0.15.
2690 * m4/visibility.m4: New file, from gettext-0.15.
2691 * po/Makefile.in.in: Upgrade to gettext-0.15.
2693 2006-07-24 David Quigley <dpquigl@tycho.nsa.gov>
2695 * modules/pam_namespace/Makefile.am: Add pam_namespace.h.
2696 * modules/pam_namespace/pam_namespace.c: Move includes and
2697 data structure definitions from here ...
2698 * modules/pam_namespace/pam_namespace.h: ... here. New file.
2700 * modules/pam_namespace/pam_namespace.c: Move large sections
2701 of code into new functions.
2703 2006-07-24 Thorsten Kukuk <kukuk@thkukuk.de>
2705 * doc/adg/Makefile.am: Add uninstall and distclean rules.
2706 * doc/mwg/Makefile.am: Likewise.
2707 * doc/sag/Makefile.am: Likewise.
2709 2006-07-08 Daniel Richard G. <skunk@iskunk.org>
2711 * conf/pam_conv1/Makefile.am: Fix rules for lex and yacc files.
2712 * conf/pam_conv1/pam_conv.lex: Rename to ...
2713 * conf/pam_conv1/pam_conv_l.l: ... this.
2714 * conf/pam_conv1/pam_conv.y: Rename to ...
2715 * conf/pam_conv1/pam_conv_y.y: ... this.
2716 * configure.in: Add AC_HELP_STRING()s to various AC_ARG_ENABLE()
2718 * doc/Makefile.am: Fix rule to install index.html.
2719 * doc/adg/Makefile.am: Fix test usage.
2720 * doc/mwg/Makefile.am: Likewise.
2721 * doc/sag/Makefile.am: Likewise.
2722 * doc/specs/Makefile.am: Fix rules for lex and yacc files.
2723 * specs/parse.lex: Rename to ...
2724 * doc/specs/parse_l.l: ... this.
2725 * doc/specs/parse.y: Rename to ...
2726 * doc/specs/parse_y.y: ... this.
2727 * libpam/pam_account.c: Fix #if vs. #ifdef.
2728 * libpam/pam_audit.c: Likewise.
2729 * libpam/pam_auth.c: Likewise.
2730 * libpam/pam_password.c: Likewise.
2731 * libpam/pam_private.h: Likewise.
2732 * libpam/pam_session.c: Likewise.
2733 * libpam/pam_start.c: Likewise.
2734 * libpam/pam_static.c: Fix "empty sourcefile" warning.
2735 * modules/pam_limits/pam_limits.c: Check for __linux, too.
2736 * modules/pam_userdb/Makefile.am: Don't run test if no
2738 * tests/tst-dlopen.c: Include config.h.
2740 2006-07-03 Dan Yefimov
2742 * configure.in: Fixed have_key_syscalls test.
2744 * modules/pam_access/pam_access.c (from_match): Fixed IPv4 network
2745 match, removed AI_ADDRCONFIG flag.
2747 2006-06-30 Tomas Mraz <t8m@centrum.cz>
2749 * modules/pam_namespace/Makefile.am(EXTRA_DIST): Add namespace.init.
2751 2006-06-29 Thorsten Kukuk <kukuk@thkukuk.de>
2753 * doc/Makefile.am (releasedocs): Fix directory layout.
2754 * doc/adg/Makefile.am: Likewise.
2755 * doc/mwg/Makefile.am: Likewise.
2756 * doc/sag/Makefile.am: Likewise.
2758 2006-06-28 Thorsten Kukuk <kukuk@thkukuk.de>
2760 * doc/sag: System Administrator Guide as XML source.
2761 * doc/sag/Makefile.am: New.
2762 * doc/sag/Linux-PAM_SAG.xml: New, main XML document.
2763 * doc/sag/pam_*.xml: New, wrapper to include module documentation.
2765 * doc/adg: Application Developers Guide as XML source.
2766 * doc/adg/Makefile.am: New.
2767 * doc/adg/Linux-PAM_ADG.xml: New, main XML document.
2768 * doc/adg/pam_*.xml: New, wrappers to include manual pages.
2770 * doc/mwg: Application Developers Guide as XML source.
2771 * doc/mwg/Makefile.am: New.
2772 * doc/mwg/Linux-PAM_MWG.xml: New, main XML document.
2773 * doc/mwg/pam_*.xml: New, wrappers to include manual pages.
2775 * doc/CREDITS: Removed.
2776 * doc/NOTES: Removed.
2777 * doc/pam_appl.sgml: Removed.
2778 * doc/pam_modules.sgml: Removed.
2779 * doc/pam_source.sgml: Removed.
2780 * doc/figs/pam_orient.txt: Removed.
2781 * doc/figs: Removed.
2783 * configure.in: Remove checks for sgml2* progrs, add sag, adg
2786 * doc/Makefile.am: Remove references to sgml, add sag, adg and mwg
2788 * doc/modules: Remove directory.
2789 * doc/html: Remove directory.
2790 * doc/ps: Remove directory.
2791 * doc/pdf: Remove directory.
2792 * doc/txts: Remove directory.
2793 * doc/index.html: Moved from html directory to here.
2795 2006-06-28 Thorsten Kukuk <kukuk@thkukuk.de>
2797 * release version 0.99.5.0
2799 * bump version number to 0.99.5.0
2801 * modules/pam_rhosts/pam_rhosts.c: New module, replaces
2803 * modules/pam_rhosts/pam_rhosts.8.xml: New.
2804 * modules/pam_rhosts/pam_rhosts.8: New, generated from XML source.
2805 * modules/pam_rhosts/tst-pam_rhosts: New.
2806 * modules/pam_rhosts/Makefile.am: Add pam_rhosts, generate
2807 manual page and README.
2808 * modules/pam_rhosts/README.xml: New.
2809 * modules/pam_rhosts/reADME: Regenerated from XML source.
2811 * doc/man/pam_sm_acct_mgmt.3.xml: Adjust syntax for module
2813 * doc/man/pam_sm_authenticate.3.xml: Likewise.
2814 * doc/man/pam_sm_chauthtok.3.xml: Likewise.
2815 * doc/man/pam_sm_close_session.3.xml: Likewise.
2816 * doc/man/pam_sm_open_session.3.xml: Likewise.
2817 * doc/man/pam_sm_setcred.3.xml: Likewise.
2819 * po/POTFILES.in: Add new source files.
2821 * libpam/pam_static_modules.h: Add new modules.
2823 * modules/pam_keyinit.c: Add _pam_keyinit_modstruct.
2825 * modules/pam_keyinit/Makefile.am (EXTRA_DIST): Add XML
2826 files and manual page.
2828 2006-06-27 Thorsten Kukuk <kukuk@thkukuk.de>
2830 * configure.in: Allow disabling of SELinux support, check for
2833 2006-06-27 Tomas Mraz <t8m@centrum.cz>
2835 * modules/pam_namespace/pam_namespace.c: New module
2836 originally written by Janak Desai.
2837 * modules/pam_namespace/Makefile.am: New.
2838 * modules/pam_namespace/README: New.
2839 * modules/pam_namespace/md5.c: New.
2840 * modules/pam_namespace/md5.h: New.
2841 * modules/pam_namespace/namespace.conf: New.
2842 * modules/pam_namespace/namespace.conf.5: New.
2843 * modules/pam_namespace/namespace.conf.5.xml: New.
2844 * modules/pam_namespace/namespace.init: New.
2845 * modules/pam_namespace/pam_namespace.8: New.
2846 * modules/pam_namespace/pam_namespace.8.xml: New.
2847 * modules/pam_namespace/tst-pam_namespace: New.
2848 * modules/Makefile.am: Added pam_namespace.
2849 * configure.in: Added pam_namespace, test for unshare
2852 2006-06-27 David Howells <dhowells@redhat.com>
2854 * modules/pam_keyinit/pam_keyinit.c: New module.
2855 * modules/pam_keyinit/pam_keyinit.8: New.
2856 * modules/pam_keyinit/pam_keyinit.8.xml: New.
2857 * modules/pam_keyinit/README: New.
2858 * modules/pam_keyinit/README.xml: New.
2859 * modules/pam_keyinit/Makefile.am: New.
2860 * modules/pam_keyinit/tst-pam_keyinit: New.
2861 * modules/Makefile.am: Added pam_keyinit.
2862 * configure.in: Added test for the key mgmt syscall.
2864 2006-06-27 Thorsten Kukuk <kukuk@thkukuk.de>
2866 * m4/libprelude.m4: Sync with upstream.
2868 2006-06-27 Tomas Mraz <t8m@centrum.cz>
2870 * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary):
2871 signal() fails with SIG_ERR return
2872 * modules/pam_unix/pam_unix_passwd.c(_unix_run_shadow_binary):
2874 * modules/pam_unix/support.c(_unix_run_helper_binary):
2877 2006-06-25 Thorsten Kukuk <kukuk@thkukuk.de>
2879 * doc/man/misc_conv.3.xml: New.
2880 * doc/man/misc_conv.3: New.
2881 * doc/man/pam_misc_paste_env.3.xml: New.
2882 * doc/man/pam_misc_paste_env.3: New.
2883 * doc/man/pam_misc_drop_env.3.xml: New.
2884 * doc/man/pam_misc_drop_env.3: New.
2885 * doc/man/pam_misc_setenv.3.xml: New.
2886 * doc/man/pam_misc_setenv.3: New.
2887 * doc/man/Makefile.am: Add new manual pages.
2889 * doc/man/pam_acct_mgmt.3.xml: Fix syntax for inclusion
2890 in Applicatoin Developer Guide.
2891 * doc/man/pam_authenticate.3.xml: Likewise
2892 * doc/man/pam_chauthtok.3.xml: Likewise
2893 * doc/man/pam_close_session.3.xml: Likewise
2894 * doc/man/pam_conv.3.xml: Likewise
2895 * doc/man/pam_end.3.xml: Likewise
2896 * doc/man/pam_fail_delay.3.xml: Likewise
2897 * doc/man/pam_getenv.3.xml: Likewise
2898 * doc/man/pam_getenvlist.3.xml: Likewise
2899 * doc/man/pam_open_session.3.xml: Likewise
2900 * doc/man/pam_putenv.3.xml: Likewise
2901 * doc/man/pam_setcred.3.xml: Likewise
2902 * doc/man/pam_start.3.xml: Likewise
2903 * doc/man/pam_strerror.3.xml: Likewise
2905 * doc/man/pam_acct_mgmt.3: Regenerate from XML source.
2906 * doc/man/pam_authenticate.3: Likewise
2907 * doc/man/pam_chauthtok.3: Likewise
2908 * doc/man/pam_close_session.3: Likewise
2909 * doc/man/pam_conv.3: Likewise
2910 * doc/man/pam_end.3: Likewise
2911 * doc/man/pam_fail_delay.3: Likewise
2912 * doc/man/pam_getenv.3: Likewise
2913 * doc/man/pam_getenvlist.3: Likewise
2914 * doc/man/pam_open_session.3: Likewise
2915 * doc/man/pam_putenv.3: Likewise
2916 * doc/man/pam_setcred.3: Likewise
2917 * doc/man/pam_sm_close_session.3: Likewise
2918 * doc/man/pam_start.3: Likewise
2919 * doc/man/pam_strerror.3: Likewise
2920 * doc/man/pam_syslog.3: Likewise
2921 * doc/man/PAM.8: Likewise
2923 2006-06-24 Thorsten Kukuk <kukuk@thkukuk.de>
2925 * modules/pam_limits/pam_limits.c (setup_limits): Don't
2926 reset priority for root.
2928 2006-06-23 Thorsten Kukuk <kukuk@thkukuk.de>
2930 * modules/pam_access/access.conf.5.xml: Fix syntax for SAG.
2931 * modules/pam_access/pam_access.8.xml: Likewise.
2932 * modules/pam_deny/pam_deny.8.xml: Likewise.
2933 * modules/pam_echo/pam_echo.8.xml: Likewise.
2934 * modules/pam_env/pam_env.8.xml: Likewise.
2935 * modules/pam_env/pam_env.conf.5.xml: Likewise.
2936 * modules/pam_group/group.conf.5.xml: Likewise.
2937 * modules/pam_group/pam_group.8.xml: Likewise.
2938 * modules/pam_limits/limits.conf.5.xml: Likewise.
2939 * modules/pam_listfile/pam_listfile.8.xml: Likewise.
2940 * modules/pam_succeed_if/pam_succeed_if.8.xml: Likewise.
2941 * modules/pam_time/pam_time.8.xml: Likewise.
2942 * modules/pam_time/time.conf.5.xml: Likewise.
2944 * modules/pam_access/access.conf.5: Regenerate.
2945 * modules/pam_access/pam_access.8: Likewise.
2946 * modules/pam_deny/pam_deny.8: Likewise.
2947 * modules/pam_echo/README: Likewise.
2948 * modules/pam_echo/pam_echo.8: Likewise.
2949 * modules/pam_env/pam_env.8: Likewise.
2950 * modules/pam_env/pam_env.conf.5: Likewise.
2951 * modules/pam_group/README: Likewise.
2952 * modules/pam_group/group.conf.5: Likewise.
2953 * modules/pam_group/pam_group.8: Likewise.
2954 * modules/pam_limits/limits.conf.5: Likewise.
2955 * modules/pam_listfile/README: Likewise.
2956 * modules/pam_listfile/pam_listfile.8: Likewise.
2957 * modules/pam_succeed_if/pam_succeed_if.8: Likewise.
2958 * modules/pam_time/pam_time.8: Likewise.
2959 * modules/pam_time/time.conf.5: Likewise.
2961 * doc/man/Makefile.am: Add pam.conf-desc.xml, pam.conf-dir.xml
2962 and pam.conf-syntax.xml.
2963 * doc/man/pam.conf.5.xml: Split into different pieces for SAG.
2964 * doc/man/pam.conf.5: Regenerated.
2965 * doc/man/pam.conf-desc.xml: New.
2966 * doc/man/pam.conf-dir.xml: New.
2967 * doc/man/pam.conf-syntax.xml: New.
2969 2006-06-21 Thorsten Kukuk <kukuk@thkukuk.de>
2971 * modules/pam_selinux/Makefile.am: Fix "make dist" if libselinux
2974 * modules/pam_issue/pam_issue.8.xml: Fix listing of escapes.
2975 * modules/pam_issue/pam_issue.8: Regenerate.
2977 2006-06-20 Thorsten Kukuk <kukuk@thkukuk.de>
2979 * configure.in: Remove unused check for libcap.
2981 * m4/ld-as-needed.m4: New.
2983 * configure.in: Call PAM_LD_AS_NEEDED and PAM_LD_O1,
2984 require docbook version 4.4.
2986 2006-06-19 Thorsten Kukuk <kukuk@thkukuk.de>
2988 * doc/man/pam.8.xml: Syntax cleanup.
2989 * doc/pam/PAM.8: Regenerated from xml source.
2990 * man/pam_sm_chauthtok.3: New.
2991 * man/pam_sm_chauthtok.3.xml: New.
2992 * man/pam_sm_close_session.3: New.
2993 * man/pam_sm_close_session.3.xml: New.
2994 * man/pam_sm_open_session.3: New.
2995 * man/pam_sm_open_session.3.xml: New.
2996 * man/pam_sm_authenticate.3: New.
2997 * man/pam_sm_authenticate.3.xml: New.
2998 * man/pam_sm_setcred.3: New.
2999 * man/pam_sm_setcred.3.xml: New.
3000 * man/Makefile.am: Add new pam_sm_* manual pages.
3002 * specs/Makefile.am: Fix rule to generate draft.
3004 2006-06-18 Thorsten Kukuk <kukuk@thkukuk.de>
3006 * modules/pam_tally/Makefile.am: Include Make.xml.rules.
3007 * modules/pam_tally/pam_tally.8.xml: New.
3008 * modules/pam_tally/pam_tally.8: New, generated from xml file.
3009 * modules/pam_tally/README.xml: New.
3010 * modules/pam_tally/README: Regenerated from xml file.
3012 * modules/pam_selinux/Makefile.am: Include Make.xml.rules.
3013 * modules/pam_selinux/pam_selinux.8.xml: New.
3014 * modules/pam_selinux/pam_selinux.8: Regenerated from xml file.
3015 * modules/pam_selinux/README.xml: New.
3016 * modules/pam_selinux/README: Regenerated from xml file.
3018 2006-06-17 Thorsten Kukuk <kukuk@thkukuk.de>
3020 * modules/pam_debug/Makefile.am: Include Make.xml.rules.
3021 * modules/pam_debug/pam_debug.8.xml: New.
3022 * modules/pam_debug/pam_debug.8: New, generated from xml file.
3023 * modules/pam_debug/README.xml: New.
3024 * modules/pam_debug/README: Regenerated from xml file.
3026 * examples/vpass.c: UID is unsigned on Linux.
3027 * modules/pam_exec/pam_exec.c: Likewise.
3028 * modules/pam_unix/pam_unix_acct.c: Likewise.
3029 * modules/pam_unix/pam_unix_sess.c: Likewise.
3031 * modules/pam_succeed_if/pam_succeed_if.8.xml: Fix syntax error.
3032 * modules/pam_succeed_if/pam_succeed_if.8: Regenerated.
3033 * modules/pam_succeed_if/README: Regenerated.
3035 * modules/pam_limits/Makefile.am: Include Make.xml.rules.
3036 * modules/pam_limits/limits.conf.5: New, generated from xml file.
3037 * modules/pam_limits/limits.conf.5.xml: New.
3038 * modules/pam_limits/pam_limits.8: New, generated from xml file.
3039 * modules/pam_limits/pam_limits.8.xml: New.
3040 * modules/pam_limits/README.xml: New.
3041 * modules/pam_limits/README: Regenerated from README.xml.
3043 2006-06-16 Thorsten Kukuk <kukuk@thkukuk.de>
3045 * modules/pam_unix/pam_unix_passwd.c (save_old_password): UIDs
3046 are unsigned on Linux, don't truncate them.
3047 (_do_setpass): err is of type clnt_stat, not int.
3049 * modules/pam_lastlog/pam_lastlog.c (last_login_read): Don't
3050 truncate UID for syslog output.
3052 * modules/pam_time/pam_time.c: Replace type boolean with int.
3053 * modules/pam_group/pam_group.c: Likewise.
3055 2006-06-15 Thorsten Kukuk <kukuk@thkukuk.de>
3057 * modules/pam_unix/bigcrypt.h: New.
3058 * modules/pam_unix/Makefile.am: Add bigcrypt.h.
3059 * modules/pam_unix/bigcrypt.c: Include bigcrypt.h.
3060 * modules/pam_unix/support.c: Include bigcrypt.h, remove
3062 * modules/pam_unix/bigcrypt_main.c: Include bigcrypt.h, remove
3064 * modules/pam_unix/pam_unix_passwd.c: Include bigcrypt.h, remove
3067 * modules/pam_time/pam_time.c (logic_member): Remove unused
3070 * modules/pam_group/pam_group.c (logic_field): Accept
3071 colon in tty name. [#1428276].
3072 (logic_member): Remove unused variable len.
3073 (check_account): Fix usage of err variable in debug code.
3075 * modules/pam_time/pam_time.c (logic_field): Likewise.
3077 * configure.in: Add special exceptions for icc: different
3078 compiler warnings, no PIE support.
3080 2006-06-14 Thorsten Kukuk <kukuk@thkukuk.de>
3082 * libpam/pam_misc.c (_pam_strdup): Use strlen and strcpy.
3084 * configure.in: Remove --enable-memory-debug, add option
3085 to disable prelude if installed.
3087 * modules/pam_tally/pam_tally.c: Remove MEMORY_DEBUG
3088 * modules/pam_filter/upperLOWER/upperLOWER.c: Likewise.
3089 * modules/pam_unix/unix_chkpwd.c: Likewise.
3090 * libpam/include/security/_pam_types.h: Likewise.
3091 * libpam/libpam.map: Remove LIBPAM_MALLOC_DEBUG export.
3092 * libpam/pam_malloc.c: Remove file.
3093 * libpam/Makefile.am: Remove pam_malloc.c and pam_malloc.h.
3095 * libpam/pam_handlers.c (extract_modulename): Use _pam_strdup
3098 * libpam/pam_private.h: Remove _pam_strCMP.
3099 * libpam/pam_misc.c: Likewise.
3100 * libpam/pam_handlers.c: Replaced _pam_strCMP with strcasecmp.
3102 2006-06-12 Thorsten Kukuk <kukuk@thkukuk.de>
3104 * modules/pam_tally/Makefile.am (AM_LDFLAGS): Remove flags
3105 for modules from main application.
3107 2006-06-09 Thorsten Kukuk <kukuk@thkukuk.de>
3109 * modules/pam_time/Makefile.am: Include Make.xml.rules.
3110 * modules/pam_time/time.conf.5: New, generated from xml file.
3111 * modules/pam_time/time.conf.5.xml: New.
3112 * modules/pam_time/pam_time.8: New, generated from xml file.
3113 * modules/pam_time/pam_time.8.xml: New.
3114 * modules/pam_time/README.xml: New.
3115 * modules/pam_time/README: Regenerated from README.xml.
3117 * modules/pam_wheel/Makefile.am: Include Make.xml.rules.
3118 * modules/pam_wheel/pam_wheel.8.xml: New.
3119 * modules/pam_wheel/pam_wheel.8: New, generated from xml file.
3120 * modules/pam_wheel/README.xml: New.
3121 * modules/pam_wheel/README: Regenerated from xml file.
3123 * modules/pam_xauth/Makefile.am: Include Make.xml.rules.
3124 * modules/pam_xauth/pam_xauth.8.xml: New.
3125 * modules/pam_xauth/pam_xauth.8: Regenerated from xml file.
3126 * modules/pam_xauth/README.xml: New.
3127 * modules/pam_xauth/README: Regenerated from xml file.
3129 * modules/pam_deny/pam_deny.8.xml: Fix syntax errors.
3130 * modules/pam_deny/pam_deny.8: Regenerate from xml file.
3131 * modules/pam_deny/README: Likewise.
3133 * modules/pam_warn/Makefile.am: Include Make.xml.rules.
3134 * modules/pam_warn/pam_warn.8.xml: New.
3135 * modules/pam_warn/pam_warn.8: New, generated from xml file.
3136 * modules/pam_warn/README.xml: New.
3137 * modules/pam_warn/README: Regenerated from xml file.
3139 * modules/pam_userdb/Makefile.am: Include Make.xml.rules.
3140 * modules/pam_userdb/pam_userdb.8.xml: New.
3141 * modules/pam_userdb/pam_userdb.8: New, generated from xml file.
3142 * modules/pam_userdb/README.xml: New.
3143 * modules/pam_userdb/README: Regenerated from xml file.
3145 2006-06-06 Thorsten Kukuk <kukuk@thkukuk.de>
3147 * modules/pam_shells/Makefile.am: Include Make.xml.rules.
3148 * modules/pam_shells/pam_shells.8.xml: New.
3149 * modules/pam_shells/pam_shells.8: New, generated from xml file.
3150 * modules/pam_shells/README.xml: New.
3151 * modules/pam_shells/README: Regenerated from xml file.
3153 * libpam/include/security/pam_malloc.h: Add missing license
3156 * libpam/include/security/pam_ext.h: Add brackets for C++.
3157 * libpam/include/security/pam_modutil.h: Likewise.
3159 * libpam/include/security/pam_modules.h: Document where to
3160 find the copyright/license informations.
3162 * libpam/include/security/pam_appl.h: Move _pam_compat.h
3163 include inside of brackets.
3165 2006-06-04 Thorsten Kukuk <kukuk@thkukuk.de>
3167 * modules/pam_securetty/Makefile.am: Include Make.xml.rules.
3168 * modules/pam_securetty/pam_securetty.8.xml: New.
3169 * modules/pam_securetty/pam_securetty.8: Regenerated from xml file.
3170 * modules/pam_securetty/README.xml: New.
3171 * modules/pam_securetty/README: Regenerated from xml file.
3173 * modules/pam_rootok/Makefile.am: Include Make.xml.rules.
3174 * modules/pam_rootok/pam_rootok.8.xml: New.
3175 * modules/pam_rootok/pam_rootok.8: New, generated from xml file.
3176 * modules/pam_rootok/README.xml: New.
3177 * modules/pam_rootok/README: Regenerated from xml file.
3179 * modules/pam_permit/Makefile.am: Include Make.xml.rules.
3180 * modules/pam_permit/pam_permit.8.xml: New.
3181 * modules/pam_permit/pam_permit.8: New, generated from xml file.
3182 * modules/pam_permit/README.xml: New.
3183 * modules/pam_permit/README: Regenerated from xml file.
3185 * modules/pam_nologin/Makefile.am: Include Make.xml.rules.
3186 * modules/pam_nologin/pam_nologin.8.xml: New.
3187 * modules/pam_nologin/pam_nologin.8: Regenerated from xml file.
3188 * modules/pam_nologin/README.xml: New.
3189 * modules/pam_nologin/README: Regenerated from xml file.
3191 2006-06-03 Thorsten Kukuk <kukuk@thkukuk.de>
3193 * modules/pam_motd/Makefile.am: Include Make.xml.rules.
3194 * modules/pam_motd/pam_motd.8.xml: New.
3195 * modules/pam_motd/pam_motd.8: New, generated from xml file.
3196 * modules/pam_motd/README.xml: New.
3197 * modules/pam_motd/README: New, generated from xml file.
3199 2006-06-02 Thorsten Kukuk <kukuk@thkukuk.de>
3201 * modules/pam_mail/Makefile.am: Include Make.xml.rules.
3202 * modules/pam_mail/pam_mail.8.xml: New.
3203 * modules/pam_mail/pam_mail.8: New, generated from xml file.
3204 * modules/pam_mail/README.xml: New.
3205 * modules/pam_mail/README: Regenerated from xml file.
3207 * modules/pam_localuser/Makefile.am: Include Make.xml.rules.
3208 * modules/pam_localuser/pam_localuser.8.xml: New.
3209 * modules/pam_localuser/pam_localuser.8: New, generated from xml file.
3210 * modules/pam_localuser/README.xml: New.
3211 * modules/pam_localuser/README: Regenerated from xml file.
3213 * doc/man/PAM.8: Regenerate with DocBook XSL Stylesheets v1.70.1.
3214 * doc/man/pam.3: Likewise.
3215 * doc/man/pam.conf.5: Likewise.
3216 * doc/man/pam_acct_mgmt.3: Likewise.
3217 * doc/man/pam_authenticate.3: Likewise.
3218 * doc/man/pam_chauthtok.3: Likewise.
3219 * doc/man/pam_close_session.3: Likewise.
3220 * doc/man/pam_conv.3: Likewise.
3221 * doc/man/pam_end.3: Likewise.
3222 * doc/man/pam_error.3: Likewise.
3223 * doc/man/pam_fail_delay.3: Likewise.
3224 * doc/man/pam_get_data.3: Likewise.
3225 * doc/man/pam_get_item.3: Likewise.
3226 * doc/man/pam_get_user.3: Likewise.
3227 * doc/man/pam_getenv.3: Likewise.
3228 * doc/man/pam_getenvlist.3: Likewise.
3229 * doc/man/pam_info.3: Likewise.
3230 * doc/man/pam_open_session.3: Likewise.
3231 * doc/man/pam_prompt.3: Likewise.
3232 * doc/man/pam_putenv.3: Likewise.
3233 * doc/man/pam_set_data.3: Likewise.
3234 * doc/man/pam_set_item.3: Likewise.
3235 * doc/man/pam_setcred.3: Likewise.
3236 * doc/man/pam_sm_acct_mgmt.3: Likewise.
3237 * doc/man/pam_start.3: Likewise.
3238 * doc/man/pam_strerror.3: Likewise.
3239 * doc/man/pam_syslog.3: Likewise.
3240 * modules/pam_access/access.conf.5: Likewise.
3241 * modules/pam_access/pam_access.8: Likewise.
3242 * modules/pam_cracklib/pam_cracklib.8: Likewise.
3243 * modules/pam_deny/pam_deny.8: Likewise.
3244 * modules/pam_echo/pam_echo.8: Likewise.
3245 * modules/pam_env/pam_env.8: Likewise.
3246 * modules/pam_env/pam_env.conf.5: Likewise.
3247 * modules/pam_exec/pam_exec.8: Likewise.
3248 * modules/pam_filter/pam_filter.8: Likewise.
3249 * modules/pam_ftp/pam_ftp.8: Likewise.
3250 * modules/pam_group/group.conf.5: Likewise.
3251 * modules/pam_group/pam_group.8: Likewise.
3252 * modules/pam_issue/pam_issue.8: Likewise.
3253 * modules/pam_lastlog/pam_lastlog.8: Likewise.
3254 * modules/pam_mkhomedir/pam_mkhomedir.8: Likewise.
3255 * modules/pam_succeed_if/pam_succeed_if.8: Likewise.
3256 * modules/pam_umask/pam_umask.8: Likewise.
3258 * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Use
3259 dngettext if available [#1427738].
3260 * configure.in: Check for dngettext [#1427738].
3261 * po/*.po: Update to dngettext usage.
3263 * modules/pam_listfile/Makefile.am: Include Make.xml.rules.
3264 * modules/pam_listfile/pam_listfile.8.xml: New.
3265 * modules/pam_listfile/pam_listfile.8: New, generated from xml file.
3266 * modules/pam_listfile/README.xml: New.
3267 * modules/pam_listfile/README: Regenerated from xml file.
3269 2006-06-01 Thorsten Kukuk <kukuk@thkukuk.de>
3271 * modules/pam_lastlog/Makefile.am: Include Make.xml.rules.
3272 * modules/pam_lastlog/pam_lastlog.8.xml: New.
3273 * modules/pam_lastlog/pam_lastlog.8: New, generated from xml file.
3274 * modules/pam_lastlog/README.xml: New.
3275 * modules/pam_lastlog/README: Regenerated from xml file.
3277 * modules/pam_group/Makefile.am: Include Make.xml.rules.
3278 * modules/pam_group/group.conf.5.xml: New.
3279 * modules/pam_group/group.conf.5: New, generated from xml file.
3280 * modules/pam_group/pam_group.8.xml: New.
3281 * modules/pam_group/pam_group.8: New, generated from xml file.
3282 * modules/pam_group/README.xml: New.
3283 * modules/pam_group/README: Regenerated from xml file.
3285 * modules/pam_ftp/Makefile.am: Include Make.xml.rules.
3286 * modules/pam_ftp/pam_ftp.8.xml: New.
3287 * modules/pam_ftp/pam_ftp.8: New, generated from xml file.
3288 * modules/pam_ftp/README.xml: New.
3289 * modules/pam_ftp/README: Regenerated from xml file.
3291 * modules/pam_issue/Makefile.am: Include Make.xml.rules.
3292 * modules/pam_issue/pam_issue.8.xml: New.
3293 * modules/pam_issue/pam_issue.8: New, generated from xml file.
3294 * modules/pam_issue/README.xml: New.
3295 * modules/pam_issue/README: Regenerated from xml file.
3297 * modules/pam_filter/Makefile.am: Include Make.xml.rules.
3298 * modules/pam_filter/pam_filter.8.xml: New.
3299 * modules/pam_filter/pam_filter.8: New, generated from xml file.
3300 * modules/pam_filter/README.xml: New.
3301 * modules/pam_filter/README: Regenerated from xml file.
3303 2006-05-30 Thorsten Kukuk <kukuk@thkukuk.de>
3305 * modules/pam_mkhomedir/pam_mkhomedir.8.xml: Fix umask and skel
3306 directory documentation.
3308 * modules/pam_umask/Makefile.am: Include Make.xml.rules.
3309 * modules/pam_umask/pam_umask.8.xml: New.
3310 * modules/pam_umask/pam_umask.8: New, generated from xml file.
3311 * modules/pam_umask/README.xml: New.
3312 * modules/pam_umask/README: Regenerated from xml file.
3314 2006-05-29 Thorsten Kukuk <kukuk@thkukuk.de>
3316 * modules/pam_mkhomedir/Makefile.am: Include Make.xml.rules.
3317 * modules/pam_mkhomedir/pam_mkhomedir.8.xml: New.
3318 * modules/pam_mkhomedir/pam_mkhomedir.8: New, generated from xml file.
3319 * modules/pam_mkhomedir/README.xml: New.
3320 * modules/pam_mkhomedir/README: Regenerated from xml file.
3322 2006-05-23 Thorsten Kukuk <kukuk@thkukuk.de>
3324 * modules/pam_echo/pam_echo.c (pam_echo): Use pam_modutil_read()
3327 2006-05-22 Thorsten Kukuk <kukuk@thkukuk.de>
3329 * modules/pam_listfile/pam_listfile.c (pam_sm_authenticate):
3330 Fix memory leaks, [#1490956] found by Coverity.
3332 * modules/pam_tally/pam_tally.c (pam_get_uid): Check return
3333 value of pam_get_user().
3334 (tally_get_data): Check if oldtime is not NULL.
3335 [#1489818] found by Coverity.
3337 * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Don't
3338 ignore return value of stat(). [#1489808] found by Coverity.
3340 * modules/pam_mail/pam_mail.c (get_folder): Fix a potential
3341 NULL pointer dereference. [#1489792] found by Coverity.
3343 * libpam/Makefile.am: bump release number of libpam.so.
3344 * libpam/pam_misc.c (_pam_mkargv): Fix memory leak,
3345 [#1489804] found by Coverity.
3347 * modules/pam_echo/pam_echo.c (replace_and_print): Initialize
3348 str, [#1489658] found by Coverity.
3350 * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Fix
3351 a potential NULL pointer dereference.
3352 (pam_sm_chauthtok): Remove dead code.
3353 [#1489634] found by Coverity.
3355 2006-05-04 Thorsten Kukuk <kukuk@thkukuk.de>
3357 * configure.in: Check for fseeko.
3358 * modules/pam_tally/pam_tally.c: Use fseeko if available
3359 (Based on patch by IBM).
3361 2006-05-04 Thorsten Kukuk <kukuk@thkukuk.de>
3363 * release version 0.99.4.0
3365 * libpam/pam_strerror.c: Unify error messages.
3367 * po/zh_TW.po: Adjust for last pam_strerror changes.
3368 * po/zh_CN.po: Likewise.
3369 * po/uk.po: Likewise.
3370 * po/tr.po: Likewise.
3371 * po/pt.po: Likewise.
3372 * po/pt_BR.po: Likewise.
3373 * po/pl.po: Likewise.
3374 * po/ja.po: Likewise.
3375 * po/nl.po: Likewise.
3376 * po/nb.po: Likewise.
3377 * po/it.po: Likewise.
3378 * po/hu.po: Likewise.
3379 * po/fr.po: Likewise.
3380 * po/fi.po: Likewise.
3381 * po/es.po: Likewise.
3382 * po/de.po: Likewise.
3383 * po/cs.po: Likewise.
3385 * doc/man/pam.3.xml: New.
3386 * doc/man/pam.3. New, generated from XML file.
3388 * doc/man/pam_sm_acct_mgmt.3.xml: New.
3389 * doc/man/pam_sm_acct_mgmt.3: New, generated from XML file.
3391 * doc/man/*.xml: Fix encoding and use always UTF-8, regenerate
3394 * doc/pam_modules.sgml (PAM_NEW_AUTHTOKEN_REQD): Fix typo.
3396 2006-05-02 Thorsten Kukuk <kukuk@thkukuk.de>
3398 * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Use
3399 different strings for plural or not [#1427738]
3401 * po/*.po: Adjust for pam_unix.so translation fix.
3403 * modules/pam_tally/pam_tally.c: Always close file handle
3404 in error case, don't close it depending on *TALLY value [#1478180]
3406 2006-04-21 Thorsten Kukuk <kukuk@thkukuk.de>
3408 * po/fr.po: Updated.
3410 2006-04-11 Thorsten Kukuk <kukuk@thkukuk.de>
3412 * po/km.po: Updated.
3414 2006-03-27 Thorsten Kukuk <kukuk@thkukuk.de>
3416 * po/LINGUAS: Add uk.
3419 * po/cs.po: Updated.
3420 * po/po/es.po: Updated.
3421 * po/fi.po: Updated.
3422 * po/fr.po: Updated.
3423 * po/hu.po: Updated.
3424 * po/it.po: Updated.
3425 * po/ja.po: Updated.
3426 * po/nb.po: Updated.
3427 * po/pl.po: Updated.
3428 * po/pt.po: Updated.
3429 * po/pt_BR.po: Updated.
3430 * po/zh_CN.po: Updated.
3431 * po/zh_TW.po: Updated.
3433 2006-03-21 Thorsten Kukuk <kukuk@thkukuk.de>
3435 * configure.in: Remove ALL_LINGUAS.
3437 * po/tr.po: New (from Ismail Donmez <ismail@pardus.org.tr>).
3439 2006-03-13 Thorsten Kukuk <kukuk@thkukuk.de>
3441 * doc/man/pam_error.3.xml: New.
3442 * doc/man/pam_error.3: New, generated from XML file.
3443 * doc/man/pam_verror.3: New, generated from XML file.
3444 * doc/man/Makefile.am: Add pam_error.3 and pam_verror.3.
3446 * modules/pam_lastlog/Makefile.am: Fix typo.
3448 * modules/pam_lastlog/pam_lastlog.c: Move comment for
3449 translators in right line.
3450 * po/*.po: Update po files with comment for translator.
3452 2006-03-12 Thorsten Kukuk <kukuk@thkukuk.de>
3454 * doc/man/Makefile.am: Add new manual pages.
3456 * doc/man/pam.conf.5.xml: Replace link with content
3458 * doc/man/pam.conf.5: Regenerated from XML file.
3460 * doc/man/pam_info.3.xml: New.
3461 * doc/man/pam_info.3: New, generated from XML file.
3462 * doc/man/pam_vinfo.3: New, generated from XML file.
3464 * doc/man/pam_conv.3.xml: New.
3465 * doc/man/pam_conv.3: New, generated from XML file.
3467 * doc/man/pam_putenv.3.xml: New.
3468 * doc/man/pam_putenv.3: New, generated from XML file.
3470 * doc/man/pam_getenv.3.xml: New.
3471 * doc/man/pam_getenv.3: New, generated from XML file.
3473 * doc/man/pam_getenvlist.3.xml: New.
3474 * doc/man/pam_getenvlist.3: New, generated from XML file.
3476 * libpam/pam_item.c (pam_get_user): Check for valid pamh before
3479 * configure.in: create tests/Makefile
3480 * Makefile.am (SUBDIRS): Add tests
3481 * tests/Makefile.am: New.
3482 * tests/tst-dlopen.c: New.
3483 * tests/tst-pam_acct_mgmt.c: New.
3484 * tests/tst-pam_authenticate.c: New.
3485 * tests/tst-pam_chauthtok.c: New.
3486 * tests/tst-pam_close_session.c: New.
3487 * tests/tst-pam_end.c: New.
3488 * tests/tst-pam_fail_delay.c: New.
3489 * tests/tst-pam_getenvlist.c: New.
3490 * tests/tst-pam_get_item.c: New.
3491 * tests/tst-pam_open_session.c: New.
3492 * tests/tst-pam_setcred.c: New.
3493 * tests/tst-pam_set_item.c: New.
3494 * tests/tst-pam_start.c: New.
3495 * tests/tst-pam_get_user.c: New.
3497 * modules/pam_access/Makefile.am: Add rules for make check
3498 * modules/pam_access/tst-pam_access: New
3499 * modules/pam_cracklib/Makefile.am: Add rules for make check
3500 * modules/pam_cracklib/tst-pam_cracklib: New
3501 * modules/pam_debug/Makefile.am: Add rules for make check
3502 * modules/pam_debug/tst-pam_debug: New
3503 * modules/pam_deny/Makefile.am: Add rules for make check
3504 * modules/pam_deny/tst-pam_deny: New
3505 * modules/pam_echo/Makefile.am: Add rules for make check
3506 * modules/pam_echo/tst-pam_echo: New
3507 * modules/pam_env/Makefile.am: Add rules for make check
3508 * modules/pam_env/tst-pam_env: New
3509 * modules/pam_exec/Makefile.am: Add rules for make check
3510 * modules/pam_exec/tst-pam_exec: New
3511 * modules/pam_filter/Makefile.am: Add rules for make check
3512 * modules/pam_filter/tst-pam_filter: New
3513 * modules/pam_ftp/Makefile.am: Add rules for make check
3514 * modules/pam_ftp/tst-pam_ftp: New
3515 * modules/pam_group/Makefile.am: Add rules for make check
3516 * modules/pam_group/tst-pam_group: New
3517 * modules/pam_issue/Makefile.am: Add rules for make check
3518 * modules/pam_issue/tst-pam_issue: New
3519 * modules/pam_lastlog/Makefile.am: Add rules for make check
3520 * modules/pam_lastlog/tst-pam_lastlog: New
3521 * modules/pam_limits/Makefile.am: Add rules for make check
3522 * modules/pam_limits/tst-pam_limits: New
3523 * modules/pam_listfile/Makefile.am: Add rules for make check
3524 * modules/pam_listfile/tst-pam_listfile: New
3525 * modules/pam_localuser/Makefile.am: Add rules for make check
3526 * modules/pam_localuser/tst-pam_localuser: New
3527 * modules/pam_mail/Makefile.am: Add rules for make check
3528 * modules/pam_mail/tst-pam_mail: New
3529 * modules/pam_mkhomedir/Makefile.am: Add rules for make check
3530 * modules/pam_mkhomedir/tst-pam_mkhomedir: New
3531 * modules/pam_motd/Makefile.am: Add rules for make check
3532 * modules/pam_motd/tst-pam_motd: New
3533 * modules/pam_nologin/Makefile.am: Add rules for make check
3534 * modules/pam_nologin/tst-pam_nologin: New
3535 * modules/pam_permit/Makefile.am: Add rules for make check
3536 * modules/pam_permit/tst-pam_permit: New
3537 * modules/pam_rhosts/Makefile.am: Add rules for make check
3538 * modules/pam_rhosts/tst-pam_rhosts: New
3539 * modules/pam_rootok/Makefile.am: Add rules for make check
3540 * modules/pam_rootok/tst-pam_rootok: New
3541 * modules/pam_securetty/Makefile.am: Add rules for make check
3542 * modules/pam_securetty/tst-pam_securetty: New
3543 * modules/pam_selinux/Makefile.am: Add rules for make check
3544 * modules/pam_selinux/tst-pam_selinux: New
3545 * modules/pam_shells/Makefile.am: Add rules for make check
3546 * modules/pam_shells/tst-pam_shells: New
3547 * modules/pam_stress/Makefile.am: Add rules for make check
3548 * modules/pam_stress/tst-pam_stress: New
3549 * modules/pam_succeed_if/Makefile.am: Add rules for make check
3550 * modules/pam_succeed_if/tst-pam_succeed_if: New
3551 * modules/pam_tally/Makefile.am: Add rules for make check
3552 * modules/pam_tally/tst-pam_tally: New
3553 * modules/pam_time/Makefile.am: Add rules for make check
3554 * modules/pam_time/tst-pam_time: New
3555 * modules/pam_umask/Makefile.am: Add rules for make check
3556 * modules/pam_umask/tst-pam_umask: New
3557 * modules/pam_unix/Makefile.am: Add rules for make check
3558 * modules/pam_unix/tst-pam_unix: New
3559 * modules/pam_userdb/Makefile.am: Add rules for make check
3560 * modules/pam_userdb/tst-pam_userdb: New
3561 * modules/pam_warn/Makefile.am: Add rules for make check
3562 * modules/pam_warn/tst-pam_warn: New
3563 * modules/pam_wheel/Makefile.am: Add rules for make check
3564 * modules/pam_wheel/tst-pam_wheel: New
3565 * modules/pam_xauth/Makefile.am: Add rules for make check
3566 * modules/pam_xauth/tst-pam_xauth: New
3568 2006-03-11 Thorsten Kukuk <kukuk@thkukuk.de>
3570 * doc/man/pam_fail_delay.3.xml: New.
3571 * doc/man/pam_fail_delay.3: New, generated from xml.
3572 * doc/man/pam_prompt.3.xml: New.
3573 * doc/man/pam_prompt.3: New, generated from xml.
3574 * doc/man/pam_syslog.3.xml: New.
3575 * doc/man/pam_syslog.3: New, generated from xml.
3576 * doc/man/pam_vprompt.3: New, generated from xml.
3577 * doc/man/pam_vsyslog.3: New, generated from xml.
3579 2006-02-24 Thorsten Kukuk <kukuk@thkukuk.de>
3581 * po/km.po: Update Khmer translation.
3583 2006-02-24 Thorsten Kukuk <kukuk@thkukuk.de>
3585 * modules/pam_succeed_if/pam_succeed_if.8.xml: New, based on
3586 version from #1425487.
3587 * modules/pam_succeed_if/pam_succeed_if.8: Regenerated from xml.
3588 * modules/pam_succeed_if/Makefile.am: Include XML rules.
3589 * modules/pam_succeed_if/README.xml: New.
3590 * modules/pam_succeed_if/README: Regenerated from xml.
3591 * modules/pam_succeed_if/pam_succeed_if.c: Fix comment about
3594 2006-02-22 Thorsten Kukuk <kukuk@thkukuk.de>
3596 * configure.in: Fix check for incomplete libaudit installations
3597 (Patch from Ruediger Oertel <ro@suse.de>).
3599 * modules/pam_lastlog/pam_lastlog.c (last_login_write): Initialize
3600 correct last_login field [#1427401].
3602 * modules/pam_lastlog/pam_lastlog.c (last_login_read): Mark strftime
3603 format string for translation to allow reorder [#1428269].
3604 * po/*.po: Update with last pam_lastlog change.
3607 2006-02-17 Thorsten Kukuk <kukuk@thkukuk.de>
3609 * doc/man/Makefile.am: Add new manual pages.
3610 * doc/man/pam_end.3: Regenerated from xml file.
3611 * doc/man/pam_end.3.xml: Document freeing of item data.
3612 * doc/man/pam_get_user.3: New.
3613 * doc/man/pam_get_user.3.xml: New.
3614 * modules/pam_access/access.conf.5.xml: Fix typos.
3615 * modules/pam_env/Makefile.am: Add new manual pages.
3616 * modules/pam_env/README: Regenerate from xml file.
3617 * modules/pam_env/README.xml: New.
3618 * modules/pam_env/pam_env.8: New.
3619 * modules/pam_env/pam_env.8.xml: New.
3620 * modules/pam_env/pam_env.conf.5: New.
3621 * modules/pam_env/pam_env.conf.5.xml New.
3623 2006-02-14 Thorsten Kukuk <kukuk@thkukuk.de>
3625 * po/fi.po: Updated translations.
3626 * po/pl.po: Likewise.
3627 * po/km.po: New translation.
3628 * configure.in: Add km as new language.
3630 2006-02-13 Thorsten Kukuk <kukuk@thkukuk.de>
3632 * modules/pam_echo/pam_echo.8.xml: New.
3633 * modules/pam_echo/pam_echo.8: Regenerated from xml file.
3634 * modules/pam_echo/Makefile.am: Include Make.xml.rules.
3635 * modules/pam_echo/pam_echo.c: Fix return value.
3637 * doc/modules/pam_chroot.sgml: Remove obsolete sgml file.
3639 2006-02-12 Thorsten Kukuk <kukuk@thkukuk.de>
3641 * configure.in: Add doc/man/Makefile.
3642 * Make.xml.rules: Enable xincludes for manual pages.
3643 * doc/Makefile.am (EXRA_DIST): Remove manual pages.
3644 (SUBDIR): Add man subdirectory.
3645 * doc/man/Makefile.am: New.
3646 * doc/man/pam_acct_mgmt.3: New.
3647 * doc/man/pam_acct_mgmt.3.xml: New.
3648 * doc/man/pam_get_data.3: New.
3649 * doc/man/pam_get_data.3.xml: New.
3650 * doc/man/pam_set_data.3: New.
3651 * doc/man/pam_set_data.3.xml: New.
3652 * doc/man/pam.8.xml: New.
3653 * doc/man/pam.8: Regenerated from xml file.
3654 * doc/man/pam_authenticate.3.xml: New.
3655 * doc/man/pam_authenticate.3: Regenerated from xml file.
3656 * doc/man/pam_chauthtok.3.xml: New.
3657 * doc/man/pam_chauthtok.3: Regenerated from xml file.
3658 * doc/man/pam_close_session.3.xml: New.
3659 * doc/man/pam_close_session.3: Regenerated from xml file.
3660 * doc/man/pam_end.3.xml: New.
3661 * doc/man/pam_end.3: Regenerated from xml file.
3662 * doc/man/pam_fail_delay.3.xml: New.
3663 * doc/man/pam_fail_delay.3: Regenerated from xml file.
3664 * doc/man/pam_get_item.3.xml: New.
3665 * doc/man/pam_get_item.3: Regenerated from xml file.
3666 * doc/man/pam_item_types.inc.xml: New.
3667 * doc/man/pam_open_session.3.xml: New.
3668 * doc/man/pam_open_session.3: Regenerated from xml file.
3669 * doc/man/pam_set_item.3.xml: New.
3670 * doc/man/pam_set_item.3: Regenerated from xml file.
3671 * doc/man/pam_setcred.3.xml: New.
3672 * doc/man/pam_setcred.3: Regenerated from xml file.
3673 * doc/man/pam_start.3.xml: New.
3674 * doc/man/pam_start.3: Regenerated from xml file.
3675 * doc/man/pam_strerror.3.xml: New.
3676 * doc/man/pam_strerror.3: Regenerated from xml file.
3677 * doc/man/template-man: Removed.
3679 2006-02-10 Thorsten Kukuk <kukuk@thkukuk.de>
3681 * configure.in: Remove pam_pwdb support.
3682 * modules/Makefile.am: remove pam_pwdb.
3683 * modules/pam_pwdb: Remove complete directory.
3684 * libpam/Makefile.am: Remove LIBPWDB references.
3685 * libpam/pam_static_modules.h: Remove pam_pwdb references.
3686 * doc/modules/pam_pwdb.sgml: Removed.
3687 * po/POTFILES.in: Remove modules/pam_pwdb/*.c entries.
3688 * doc/pam_source.sgml: Remove references to libpwdb.
3689 * doc/modules/pam_limits.sgml: Remove wrong reference to libpwdb.
3690 * doc/modules/pam_group.sgml: Likewise.
3691 * doc/modules/pam_cracklib.sgml: Replace pam_pwdb with pam_unix.
3692 * doc/modules/pam_userdb.sgml: Likewise.
3693 * modules/pam_cracklib/pam_cracklib.8.xml: Replace pam_pwdb
3695 * modules/pam_mkhomedir/pam_mkhomedir.c: Likewise.
3696 * modules/pam_group/pam_group.c: Remove dead code for libpwdb.
3698 * modules/pam_access/Makefile.am: Fix EXTRA_DIST.
3699 * modules/pam_cracklib/Makefile.am: Likewise.
3700 * modules/pam_deny/Makefile.am: Likewise.
3701 * modules/pam_exec/Makefile.am: Likewise.
3703 2006-02-07 Thorsten Kukuk <kukuk@thkukuk.de>
3705 * configure.in: Check for text browser.
3706 * Make.xml.rules: Add rule to generate README from README.xml.
3708 * modules/pam_access/Makefile.am: Include Make.xml.rules.
3709 * modules/pam_access/README: Regenerated from README.xml.
3710 * modules/pam_access/README.xml: New.
3711 * modules/pam_access/access.conf: Extended by new examples.
3712 * modules/pam_access/access.conf.5: New, generated from xml file.
3713 * modules/pam_access/access.conf.5.xml: New.
3714 * modules/pam_access/pam_access.8: New, generated from xml file.
3715 * modules/pam_access/pam_access.8.xml: New.
3716 * modules/pam_access/pam_access.c: Add rules for IPv6 and
3718 Based on patch from Mike Becher <Mike.Becher@lrz-muenchen.de>.
3720 * modules/pam_deny/Makefile.am: Include Make.xml.rules.
3721 * modules/pam_deny/pam_deny.8.xml: New.
3722 * modules/pam_deny/pam_deny.8: New, generated from xml file.
3723 * modules/pam_deny/README.xml: New.
3724 * modules/pam_deny/README: Regenerated from xml file.
3726 * modules/pam_cracklib/Makefile.am: Include Make.xml.rules.
3727 * modules/pam_cracklib/pam_cracklib.8.xml: New.
3728 * modules/pam_cracklib/pam_cracklib.8: New, generated from xml file.
3729 * modules/pam_cracklib/README.xml: New.
3730 * modules/pam_cracklib/README: Regenerated from xml file.
3732 * modules/pam_exec/Makefile.am: Add rule to generate README.
3733 * modules/pam_exec/README: Regenerated from xml file.
3734 * modules/pam_exec/pam_exec.8: Regenerated from xml file.
3735 * modules/pam_exec/pam_exec.8.xml: Syntax files.
3737 2006-02-06 Thorsten Kukuk <kukuk@thkukuk.de>
3740 * po/pt.po: Update translations.
3741 * configure.in: Add nl as new language.
3743 2006-01-30 Thorsten Kukuk <kukuk@thkukuk.de>
3745 * modules/pam_exec/pam_exec.8.xml: Fix syntax of Return Value section.
3746 * modules/pam_exec/Makefile.am: Include Make.xml.rules.
3748 * Make.xml.rules: New.
3750 * Makefile.am (EXTRA_DIST): Add Make.xml.rules.
3752 2006-01-27 Thorsten Kukuk <kukuk@thkukuk.de>
3754 * configure.in: Prefer libdb over libndbm, fix check for
3755 libcrack and remove not needed BACKUP_LIBS.
3757 2006-01-24 Thorsten Kukuk <kukuk@thkukuk.de>
3759 * modules/pam_debug/pam_debug.c: Fix name of pam_module struct.
3761 * po/de.po: Fix one translation.
3763 * configure.in: Add modules/pam_exec.
3764 * modules/Makefile.am: Add pam_exec subdirectory.
3765 * modules/pam_exec/README: New.
3766 * modules/pam_exec/Makefile.am: New.
3767 * modules/pam_exec/pam_exec.8: New.
3768 * modules/pam_exec/pam_exec.c: New.
3769 * modules/pam_exec/pam_exec.8.xml: New.
3770 * po/POTFILES.in: Add modules/pam_exec/pam_exec.c.
3771 * po/*.po: Merge new pam_exec strings.
3773 * libpam/pam_static_modules.h: New.
3774 * Makefile.am: Reorder subdirectories for static modules.
3775 * configure.in: Add --enable-static-modules option.
3776 * libpam/Makefile.am: Define WITH_SELINUX and WITH_PWDB if
3777 necessary, add pam_static_modules.h, link against all PAM
3778 module object files if STATIC_MODULES is defined.
3779 * libpam/pam_static.c: Remove old _static_module* includes,
3780 include pam_static_modules.h.
3782 * configure.in: Add checks for xsltproc, xmllint and docbook
3784 * m4/jh_path_xml_catalog.m4: New.
3786 2006-01-22 Thorsten Kukuk <kukuk@thkukuk.de>
3788 * modules/pam_succeed_if/pam_succeed_if.c: Add support for
3790 * modules/pam_xauth/pam_xauth.c: Likewise.
3792 * libpam/pam_static.c (_pam_open_static_handler): Add pamh
3794 * libpam/pam_private.h: Adjust prototype.
3795 * libpam/pam_handlers.c (_pam_add_handler): Add pamh to
3796 _pam_open_static_handler call.
3798 * configure.in: Don't define PAM_DYNAMIC.
3799 * libpam/pam_handlers.c: Get ride of PAM_DYNAMIC, don't
3800 include pam_dynamic.h
3801 * libpam/pam_dynamic.c: Don't include pam_dynamic.h,
3802 exclude functions if we compile with PAM_STATIC.
3803 * libpam/pam_dynamic.h: Remove.
3804 * libpam/pam_private.h: Add function prototypes from pam_dynamic.h.
3805 * libpam/Makefile.am: Bump version number of libpam, remove
3808 2006-01-21 Thorsten Kukuk <kukuk@thkukuk.de>
3810 * modules/pam_listfile/pam_listfile.c: Add support for session
3811 and password management.
3813 2006-01-19 Thorsten Kukuk <kukuk@thkukuk.de>
3815 * doc/specs/Makefile.am (spec): Add padout to fix parallel
3816 build (Reported by Andreas Haumer <andreas@xss.co.at>).
3818 2006-01-15 Thorsten Kukuk <kukuk@thkukuk.de>
3820 * modules/pam_echo/pam_echo.c: Define HOST_NAME_MAX if not
3823 2006-01-13 Thorsten Kukuk <kukuk@thkukuk.de>
3825 * release version 0.99.3.0
3827 * libpam_misc/misc_conv.c (misc_conv): Fix strict aliasing
3830 * modules/pam_umask/pam_umask.c (search_key): Don't ignore
3831 EOF/error return value from fgets().
3833 * configure.in: Check for getline and getdelim
3835 * po/fi.po: Add new translations.
3836 * po/de.po: Likewise.
3837 * po/es.po: Likewise.
3838 * po/fr.po: Likewise.
3839 * po/it.po: Likewise.
3840 * po/ja.po: Likewise.
3841 * po/pt_BR.po: Likewise.
3842 * po/zh_CH.po: Likewise.
3843 * po/zh_TW.po: Likewise.
3845 2006-01-13 Dmitry V. Levin <ldv@altlinux.org>
3847 * libpam/pam_audit.c (_pam_auditlog): Replace strerror(errno)
3848 call with %m specifier.
3850 2006-01-12 Thorsten Kukuk <kukuk@thkukuk.de>
3852 * configure.in: Add check for -fpie/-pie
3853 * modules/pam_filter/upperLOWER/Makefile.am: Compile/link
3854 upperLOWER with -fpie/-pie if supported.
3855 * modules/pam_unix/Makefile.am: Compile/link unix_chkpwd
3856 with -fpie/-pie if supported.
3858 2006-01-12 Steve Grubb <sgrubb@redhat.com>
3860 * configure.in: Add check for audit library.
3861 * libpam/Makefile.am (libpam_la_LDFLAGS): Add LIBAUDIT.
3862 (libpam_la_SOURCES): Add pam_audit.c.
3863 * libpam/pam_account.c (pam_acct_mgmt): Add _pam_auditlog() call.
3864 * libpam/pam_auth.c (pam_authenticate), (pam_setcred): Likewise.
3865 * libpam/pam_password.c (pam_chauthtok): Likewise.
3866 * libpam/pam_session.c (pam_open_session),
3867 (pam_close_session): Likewise.
3868 * libpam/pam_private.h: Add audit_state member to pam_handle,
3869 declare _pam_auditlog and _pam_audit_end.
3870 * libpam/pam_start.c (pam_start): Initialize audit_state.
3871 * libpam/pam_audit.c: New file with _pam_auditlog and _pam_audit_end
3873 * libpam/pam_end.c (pam_end): Add _pam_audit_end() call.
3874 * NEWS: Note about added auditing.
3876 2006-01-11 Thorsten Kukuk <kukuk@thkukuk.de>
3878 * libpam/Makefile.am (AM_CFLAGS): Define LIBPAM_COMPILE.
3880 * libpam/include/security/_pam_types.h: Don't define PAM_NONNULL
3881 if we compile libpam itself.
3883 * po/hu.po: Update with new translations.
3885 2006-01-08 Thorsten Kukuk <kukuk@thkukuk.de>
3887 * modules/pam_cracklib/pam_cracklib.c: Use PAM_AUTHTOK_RECOVERY_ERR
3888 instead of PAM_AUTHTOK_RECOVER_ERR.
3889 * modules/pam_pwdb/support.-c: Likewise.
3890 * modules/pam_unix/support.c: Likewise.
3891 * modules/pam_userdb/pam_userdb.c (pam_sm_authenticate): Likewise.
3892 * libpam/pam_strerror.c (pam_strerror): Likewise.
3894 * libpam/include/security/_pam_compat.h: Define
3895 PAM_AUTHTOK_RECOVER_ERR for backward compatibility.
3897 * libpam/include/security/_pam_types.h: Rename
3898 PAM_AUTHTOK_RECOVER_ERR to PAM_AUTHTOK_RECOVERY_ERR.
3900 2006-01-05 Thorsten Kukuk <kukuk@thkukuk.de>
3902 * libpam/include/security/_pam_types.h: Remove nonnull attribute
3903 from third paramter (item) of pam_get_item.
3904 * libpam/Makefile.am: Bump version number of shared library.
3906 2005-12-21 Tomas Mraz <t8m@centrum.cz>
3908 * modules/pam_succeed_if/pam_succeed_if.c (evaluate_ingroup),
3909 (evaluate_notingroup): Simplified.
3910 (evaluate_innetgr), (evaluate_notinnetgr): New functions.
3911 (evaluate): Added calls to evaluate_(not)innetgr().
3912 * modules/pam_succeed_if/README: Documented netgroup matching.
3913 * NEWS: Mentioned the added netgroup matching support.
3915 2005-12-20 Thorsten Kukuk <kukuk@thkukuk.de>
3917 * modules/pam_lastlog/pam_lastlog.c (last_login_read): Use
3918 strftime instead of ctime.
3920 * po/de.po: Fix typo.
3922 2005-12-19 Thorsten Kukuk <kukuk@thkukuk.de>
3924 * libpam/pam_syslog.c: Define LOG_AUTHPRIV as LOG_AUTH on Solaris.
3925 Reported by Charles_H_Bedford@nbc.gov.
3927 * modules/pam_time/pam_time.c (check_account): Implement
3928 support for netgroups.
3930 * modules/pam_time/time.conf: Document usage of netgroups.
3932 2005-12-16 Thorsten Kukuk <kukuk@thkukuk.de>
3934 * modules/pam_group/pam_group.c (check_account): Implement
3935 support for netgroups.
3937 * modules/pam_group/group.conf: Add all documentation to this
3938 example config file and don't reference to outdated configs.
3940 * modules/pam_group/README: New.
3942 * modules/pam_group/Makefile.am: Add README to EXTRADIST.
3944 2005-12-15 Thorsten Kukuk <kukuk@suse.de>
3946 * modules/pam_lastlog/pam_lastlog.c (last_login_read): Don't report an
3947 error if user logins the first time.
3949 * modules/pam_lastlog/README: New.
3951 * modules/pam_lastlog/Makefile.am: Add README to EXTRADIST.
3953 2005-12-14 Thorsten Kukuk <kukuk@suse.de>
3955 * modules/pam_deny/pam_deny.c: Fix comment.
3957 * doc/pam_appl.sgml: Fix typo.
3959 Reported by Russell Bateman <russ@windofkeltia.com>
3961 2005-12-12 Thorsten Kukuk <kukuk@thkukuk.de>
3963 * release version 0.99.2.1
3965 * po/de.po: Remove new fuzzy entry
3967 * NEWS: Add 0.99.2.1 changes
3969 * configure.in: bump version number to 0.99.2.1
3971 2005-12-12 Dmitry V. Levin <ldv@altlinux.org>
3973 Cleanup pam_syslog messages.
3975 * modules/pam_env/pam_env.c (_expand_arg): Fix compiler warning.
3976 * modules/pam_filter/pam_filter.c (set_filter): Append %m
3977 specifier to pam_syslog messages where appropriate.
3978 * modules/pam_group/pam_group.c (read_field): Likewise.
3979 * modules/pam_mkhomedir/pam_mkhomedir.c (make_remark): Remove.
3980 (create_homedir): Do not use make_remark() wrapper, call
3981 pam_info() directly. Call pam_syslog() right after failed
3982 operation and append %m specifier to pam_syslog messages where
3984 * modules/pam_rhosts/pam_rhosts_auth.c (pam_iruserok): Replace
3985 sequence of malloc(), strcpy() and strcat() calls with asprintf().
3986 Append %m specifier to pam_syslog messages where appropriate.
3987 * modules/pam_securetty/pam_securetty.c (securetty_perform_check):
3988 Append %m specifier to pam_syslog messages where appropriate.
3989 * modules/pam_shells/pam_shells.c (perform_check): Likewise.
3991 2005-12-12 Tomas Mraz <t8m@centrum.cz>
3993 * modules/pam_mail/pam_mail.c (report_mail): Fixed typo in string.
3994 * po/Linux-PAM.pot: Likewise.
3995 * po/de.po: Likewise.
3996 * po/es.po: Likewise.
3997 * po/fi.po: Likewise.
3998 * po/fr.po: Likewise.
3999 * po/hu.po: Likewise.
4000 * po/it.po: Likewise.
4001 * po/ja.po: Likewise.
4002 * po/nb.po: Likewise.
4003 * po/pa.po: Likewise.
4004 * po/pl.po: Likewise.
4005 * po/pt.po: Likewise.
4006 * po/pt_BR.po: Likewise.
4007 * po/zh_CN.po: Likewise.
4008 * po/zh_TW.po: Likewise.
4009 * po/de.po: Add new translation, fixed typo in string.
4011 2005-12-12 Mike Becher <Mike.Becher@lrz-muenchen.de>
4013 * doc/Makefile.am: Fixed install of PS, PDF, TXT and HTML files.
4015 2005-12-12 Thorsten Kukuk <kukuk@suse.de>
4017 * modules/pam_mail/README: Document "quiet" and "standard"
4020 2005-12-07 Thorsten Kukuk <kukuk@suse.de>
4022 * modules/pam_mail/pam_mail.c: Modify assembling of output
4023 for easier translation.
4025 * po/de.po: Translate new pam_mail messages.
4028 2005-11-24 Thorsten Kukuk <kukuk@thkukuk.de>
4030 * po/de.po: Add new translation, fix wrong format specifier.
4031 * po/cs.po: Fix wrong format specifier.
4032 * po/es.po: Likewise.
4033 * po/fi.po: Likewise.
4034 * po/fr.po: Likewise.
4035 * po/hu.po: Likewise.
4036 * po/it.po: Likewise.
4037 * po/ja.po: Likewise.
4038 * po/nb.po: Likewise.
4039 * po/pa.po: Likewise.
4040 * po/pl.po: Likewise.
4041 * po/pt.po: Likewise.
4042 * po/pt_BR.po: Likewise.
4043 * po/zh_CN.po: Likewise.
4044 * po/zh_TW.po: Likewise.
4046 2005-11-24 Dmitry V. Levin <ldv@altlinux.org>
4048 * config.h.in: Remove generated file.
4049 * .cvsignore: Add config.h.in.
4051 * configure.in: Do not check for strerror.
4052 * libpam_misc/misc_conv.c (read_string): Replace strerror()
4053 call with %m specifier.
4054 * libpamc/pamc_converse.c (pamc_converse): Likewise.
4055 * modules/pam_echo/pam_echo.c (pam_echo): Likewise.
4056 * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate):
4058 * modules/pam_selinux/pam_selinux.c (security_label_tty):
4060 (security_restorelabel_tty, security_label_tty): Append %m
4061 specifier where appropriate.
4062 * modules/pam_selinux/pam_selinux_check.c (main): Replace
4063 strerror() call with %m specifier.
4064 * modules/pam_unix/pam_unix_passwd.c (save_old_password,
4065 _update_passwd, _update_shadow): Likewise.
4066 * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
4067 * modules/pam_unix/unix_chkpwd.c (_update_shadow): Likewise.
4068 * po/Linux-PAM.pot: Update strings from pam_selinux.
4069 * po/cs.po: Likewise.
4070 * po/de.po: Likewise.
4071 * po/es.po: Likewise.
4072 * po/fi.po: Likewise.
4073 * po/fr.po: Likewise.
4074 * po/hu.po: Likewise.
4075 * po/it.po: Likewise.
4076 * po/ja.po: Likewise.
4077 * po/nb.po: Likewise.
4078 * po/pa.po: Likewise.
4079 * po/pl.po: Likewise.
4080 * po/pt.po: Likewise.
4081 * po/pt_BR.po: Likewise.
4082 * po/zh_CN.po: Likewise.
4083 * po/zh_TW.po: Likewise.
4085 2005-11-23 Thorsten Kukuk <kukuk@suse.de>
4087 * modules/pam_xauth/pam_xauth.c (pam_sm_open_session): Introduce
4088 new variable to fix compiler warning.
4090 * libpam/pam_modutil_getlogin.c (pam_modutil_getlogin): PAM_TTY
4091 don't need to start with /dev/.
4093 2005-11-21 Thorsten Kukuk <kukuk@thkukuk.de>
4095 * release version 0.99.2.0
4097 * libpam_misc/Makefile.am: Increase release number (for change
4100 * NEWS: Adjust for 0.99.2.0
4102 2005-11-17 Thorsten Kukuk <kukuk@thkukuk.de>
4104 * libpam/include/security/_pam_compat.h: Fix wrong #ifdef nesting.
4105 Redefine PAM_CHANGE_EXPIRED_AUTHTOK [#604380]
4107 2005-11-16 Thorsten Kukuk <kukuk@thkukuk.de>
4109 * libpam/pam_handlers.c: Replace code for all dlopen variants with
4111 * libpam/pam_dynamic.c: Implement generic wrapper for dlopen.
4112 * libpam/pam_dynamic.h: Provide prototypes.
4113 For Mac OS X support [#534205]
4115 2005-11-09 Tomas Mraz <t8m@centrum.cz>
4117 * modules/pam_access/pam_access.c (pam_sm_acct_mgmt): Parse correctly
4119 * modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Parse correctly
4120 full path tty name. Allow unset tty.
4121 (logic_member): Allow matching ':' in tty name.
4122 * modules/pam_group/pam_group.c (pam_sm_acct_mgmt): Parse correctly
4123 full path tty name. Allow unset tty.
4124 (logic_member): Allow matching ':' in tty name.
4126 * libpam_misc/misc_conv.c (read_string): Read only up to EOL if stdin
4129 2005-11-07 Thorsten Kukuk <kukuk@thkukuk.de>
4131 * modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Use
4132 correct variable names.
4134 2005-11-06 Steve Langasek <vorlon@debian.org>
4136 * modules/pam_env/pam_env.c: don't treat a missing
4137 /etc/environment as a fatal error when attempting to read it,
4138 and try to read this file by default; this restores the behavior
4139 from Linux-PAM 0.76.
4141 2005-11-02 Tomas Mraz <t8m@centrum.cz>
4143 * modules/pam_unix/support.c (_unix_getpwnam): Fix typo [#1224807]
4146 * modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Change the
4147 logic when comparing dates to handle corner cases better [#1245888].
4149 2005-10-31 Thorsten Kukuk <kukuk@suse.de>
4151 * modules/pam_filter/pam_filter.c: Use XCASE only if defined
4154 2005-10-27 Thorsten Kukuk <kukuk@suse.de>
4156 * doc/man/pam.8: Fix wording for authentication chapter [#1197444]
4158 2005-10-26 Tomas Mraz <t8m@centrum.cz>
4160 * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary),
4161 modules/pam_unix/pam_unix_passwd.c (_unix_run_shadow_binary),
4162 modules/pam_unix/support.c (_unix_run_shadow_binary_): Set real
4163 uid to 0 before executing the helper if SELinux is enabled.
4164 * modules/pam_unix/unix_chkpwd.c (main): Disable user check only
4165 if real uid is 0 (CVE-2005-2977). Log failed password check attempt.
4168 2005-10-20 Tomas Mraz <t8m@centrum.cz>
4170 * configure.in: Added check for xauth binary and --with-xauth option.
4171 * config.h.in: Added configurable PAM_PATH_XAUTH.
4172 * modules/pam_xauth/README,
4173 modules/pam_xauth/pam_xauth.8: Document where xauth is looked for.
4174 * modules/pam_xauth/pam_xauth.c (pam_sm_open_session): Implement
4175 searching xauth binary on multiple places.
4176 (run_coprocess): Don't use execvp as it can be a security risk.
4178 2005-10-04 Steve Langasek <vorlon@debian.org>
4180 * libpam/include/security/pam_malloc.h,
4181 libpam/include/security/pam_modules.h: Declare public header
4182 files extern "C" so that they are C++-safe.
4184 2005-10-02 Dmitry V. Levin <ldv@altlinux.org>
4185 Steve Langasek <vorlon@debian.org>
4187 Cleanup gratuitous use of strdup().
4188 Fix "missing argument" checks.
4190 * modules/pam_env/pam_env.c (_pam_parse): Add const qualifier
4191 to conffile and envfile arguments. Do not use x_strdup() for
4192 conffile and envfile initialization. Fix "missing argument"
4194 (_parse_config_file): Take conffile argument of type "const char *"
4195 instead of "char **". Do not free conffile.
4196 (_parse_env_file): Take env_file argument of type "const char *"
4197 instead of "char **". Do not free env_file.
4198 (pam_sm_setcred): Add const qualifier to conf_file and env_file.
4199 Pass conf_file and env_file to _parse_config_file() and
4200 _parse_env_file() by value.
4201 (pam_sm_open_session): Likewise.
4203 * modules/pam_ftp/pam_ftp.c (_pam_parse): Add const qualifier to
4204 users argument. Do not use x_strdup() for users initialization.
4205 (lookup): Add const qualifier to list argument.
4206 (pam_sm_authenticate): Add const qualifier to users argument.
4208 * modules/pam_mail/pam_mail.c (_pam_parse): Add const qualifier
4209 to maildir argument. Do not use x_strdup() for maildir
4210 initialization. Fix "missing argument" check.
4211 (get_folder): Take path_mail argument of type "const char *"
4212 instead of "char **". Do not free path_mail.
4213 (_do_mail): Add const qualifier to path_mail argument.
4214 Pass path_mail to get_folder() by value.
4216 * modules/pam_motd/pam_motd.c: Include <syslog.h>.
4217 (pam_sm_open_session): Add const qualifier to motd_path.
4218 Do not use x_strdup() for motd_path initialization. Do not
4219 free motd_path. Fix "missing argument" check. Add "unknown
4222 * modules/pam_userdb/pam_userdb.c (_pam_parse): Add const
4223 qualifier to database and cryptmode arguments. Fix "missing
4225 (pam_sm_authenticate): Add const qualifier to database and cryptmode.
4226 (pam_sm_acct_mgmt): Likewise.
4228 2005-10-01 Steve Langasek <vorlon@debian.org>
4230 * modules/pam_userdb/pam_userdb.c: spelling fix in log message.
4232 2005-09-30 Steve Langasek <vorlon@debian.org>
4234 * modules/pam_userdb/pam_userdb.c: Fix memory leak due to
4235 gratuitous use of strdup().
4237 2005-09-27 Thorsten Kukuk <kukuk@thkukuk.de>
4241 * doc/specs/Makefile.am (install-data-local): Install
4243 (all): Copy rfc if we build outside of source directory.
4245 2005-09-27 Thorsten Kukuk <kukuk@suse.de>
4247 * NEWS: Document removal of pam_radius.
4248 * autogen.sh: Make configure script executeable.
4250 * conv/pam_conv1/Makefile (EXTRA_DIST): Removed lex.yy.c
4251 (lex.yy.c): Fixed out of tree build.
4253 * conv/pam_conv1/pam_conv.y: Fix main prototype.
4257 * po/POTFILES.in: Remove files not distributed by tar archive
4258 and not containing strings for translation.
4260 2005-09-26 Tomas Mraz <t8m@centrum.cz>
4262 * NEWS: Add a few missing entries from CHANGELOG.
4264 * AUTHORS: Fixed entries for Toady and me.
4266 * Makefile.am (M4_FILES): Fixed out of tree build.
4267 * doc/specs/Makefile.am (EXTRA_DIST): Removed lex.yy.c
4268 (spec, lex.yy.c): Fixed out of tree build.
4270 * modules/pam_userdb/README: Document try_first_pass and
4271 use_first_pass options, remove use_authtok option.
4274 2005-09-26 Dmitry V. Levin <ldv@altlinux.org>
4276 * NEWS: Mention changes in pam_lastlog.
4278 2005-09-26 Thorsten Kukuk <kukuk@suse.de>
4281 * autogen.sh: Don't generate NEWS file.
4282 * CHANGELOG: Document it as obsolete.
4284 2005-09-26 Tomas Mraz <t8m@centrum.cz>
4286 * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary):
4287 _log_err() -> pam_syslog()
4288 (pam_sm_acct_mgmt): _log_err() -> pam_syslog(), fix warning.
4289 * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate):
4290 _log_err() -> pam_syslog()
4291 * modules/pam_unix/pam_unix_passwd.c: removed obsolete ifdef
4292 (getNISserver, _unix_run_shadow_binary, _update_passwd,
4293 _update_shadow, _do_setpass, _pam_unix_approve_pass,
4294 pam_sm_chauthtok): _log_err() -> pam_syslog()
4295 * modules/pam_unix/pam_unix_sess.c: removed obsolete ifdef
4296 (pam_sm_open_session, pam_sm_close_session):
4297 _log_err() -> pam_syslog()
4298 * modules/pam_unix/support.c (_log_err, converse): removed
4299 (_make_remark): use pam_prompt() instead of converse()
4300 (_set_ctrl, _cleanup_failures, _unix_run_helper_binary,
4301 _unix_verify_password, _unix_read_password):
4302 _log_err() -> pam_syslog()
4303 _cleanup(), _unix_cleanup(): Silence unused param warnings.
4304 (_cleanup_failures, _unix_verify_password, _unix_getpwnam,
4305 _unix_run_helper_binary): Silence incorrect type warnings.
4306 (_unix_read_password): Use multiple pam_prompt() and pam_info() calls
4307 instead of converse().
4308 * modules/pam_unix/support.h (_log_err): removed
4309 * modules/pam_unix/unix_chkpwd.c (_log_err): LOG_AUTH -> LOG_AUTHPRIV
4311 2005-09-26 Thorsten Kukuk <kukuk@suse.de>
4313 * configure.in: Add doc/specs/Makefile.
4314 * Makefile.am: Add releasedocs rule.
4315 * doc/Makefile.am: Add specs subdir, remove files from specs
4316 directory, add rfc86.0.txt to releasedocs.
4317 * doc/specs/Makefile.am: New file.
4318 * doc/specs/formatter/parse.y: move from here ...
4319 * doc/specs/parse.y: ... here.
4320 * doc/specs/formatter/parse.lex: move from here ...
4321 * doc/specs/parse.lex: ... here.
4323 * modules/pam_mail/pam_mail.c: Mark missing strings for translation
4324 * po/Linux-PAM.pot: Add new strings from pam_mail
4325 * po/cs.po: Likewise.
4326 * po/de.po: Likewise.
4327 * po/es.po: Likewise.
4328 * po/fi.po: Likewise.
4329 * po/fr.po: Likewise.
4330 * po/hu.po: Likewise.
4331 * po/it.po: Likewise.
4332 * po/ja.po: Likewise.
4333 * po/nb.po: Likewise.
4334 * po/pa.po: Likewise.
4335 * po/pl.po: Likewise.
4336 * po/pt.po: Likewise.
4337 * po/pt_BR.po: Likewise.
4338 * po/zh_CN.po: Likewise.
4339 * po/zh_TW.po: Likewise.
4341 2005-09-23 Tomas Mraz <t8m@centrum.cz>
4343 * modules/pam_access/pam_access.c (from_match): Support NULL from.
4344 (string_match): Support NULL string, add NONE keyword matching it.
4345 (pam_sm_acct_mgmt): Don't fail when ttyname returns NULL.
4346 * modules/pam_access/access.conf: NONE keyword description
4347 * modules/pam_access/README: NONE keyword description
4349 2005-09-22 Dmitry V. Levin <ldv@altlinux.org>
4351 * modules/pam_xauth/pam_xauth.c: (check_acl, pam_sm_open_session,
4352 pam_sm_close_session): Strip redundant "pam_xauth: " prefix from
4353 text of log messages.
4354 (pam_sm_open_session): Replace sequence of malloc(), strcpy()
4355 and strcat() calls with asprintf(). Replace syslog() calls
4358 * modules/pam_nologin/pam_nologin.c (parse_args): Use strncmp()
4359 instead of memcmp() for string comparison.
4361 2005-09-21 Dmitry V. Levin <ldv@altlinux.org>
4363 * modules/pam_nologin/pam_nologin.c: Include <syslog.h>.
4364 (parse_args): Add pam_handle_t* argument. Log unrecognized
4366 (perform_check): Log pam_get_user() and malloc() failures.
4367 (pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt):
4368 Pass pam_handle_t* to parse_args().
4370 * modules/pam_mail/pam_mail.c: Include <errno.h>.
4371 Remove YOUR_MAIL_VERBOSE_FORMAT, YOUR_MAIL_STANDARD_FORMAT and
4372 NO_MAIL_STANDARD_FORMAT macros.
4373 (parse_args, get_folder): Cleanup error messages.
4374 (get_folder): Fix leak of the path_mail variable in case of
4375 pam_get_user() failure. Cleanup memory management.
4376 (get_mail_status): Add pam_handle_t* argument. Fix leaks of
4377 namelist variable. Cleanup memory management. Log memory
4378 allocation failures. Remove 250-byte limit on Maildir pathname.
4379 (report_mail): Mark text messages for translation.
4380 (_do_mail): Cleanup memory management. Pass pam_handle_t*
4381 to get_mail_status().
4383 * po/Linux-PAM.pot: Update with new strings from pam_mail for
4385 * po/cs.po: Likewise.
4386 * po/de.po: Likewise.
4387 * po/es.po: Likewise.
4388 * po/fi.po: Likewise.
4389 * po/fr.po: Likewise.
4390 * po/hu.po: Likewise.
4391 * po/it.po: Likewise.
4392 * po/ja.po: Likewise.
4393 * po/nb.po: Likewise.
4394 * po/pa.po: Likewise.
4395 * po/pl.po: Likewise.
4396 * po/pt.po: Likewise.
4397 * po/pt_BR.po: Likewise.
4398 * po/zh_CN.po: Likewise.
4399 * po/zh_TW.po: Likewise.
4401 2005-09-20 Thorsten Kukuk <kukuk@suse.de>
4403 * configure.in: Add finish translation.
4406 * acinclude.m4: remove libprelude macros.
4407 * m4/libprelude.m4: New.
4409 * Makefile.am (EXTRA_DIST): make sure we include all m4 macros.
4411 * libpamc/Makefile.am (EXTRA_DIST): Add License.
4413 See CHANGELOG for earlier changes.
projects / linux-pam / blob