1 2006-02-22 Thorsten Kukuk <kukuk@thkukuk.de>
3 * configure.in: Fix check for incomplete libaudit installations
4 (Patch from Ruediger Oertel <ro@suse.de>).
6 * modules/pam_lastlog/pam_lastlog.c (last_login_write): Initialize
7 correct last_login field [#1427401].
9 * modules/pam_lastlog/pam_lastlog.c (last_login_read): Mark strftime
10 format string for translation to allow reorder [#1428269].
11 * po/*.po: Update with last pam_lastlog change.
14 2006-02-17 Thorsten Kukuk <kukuk@thkukuk.de>
16 * doc/man/Makefile.am: Add new manual pages.
17 * doc/man/pam_end.3: Regenerated from xml file.
18 * doc/man/pam_end.3.xml: Document freeing of item data.
19 * doc/man/pam_get_user.3: New.
20 * doc/man/pam_get_user.3.xml: New.
21 * modules/pam_access/access.conf.5.xml: Fix typos.
22 * modules/pam_env/Makefile.am: Add new manual pages.
23 * modules/pam_env/README: Regenerate from xml file.
24 * modules/pam_env/README.xml: New.
25 * modules/pam_env/pam_env.8: New.
26 * modules/pam_env/pam_env.8.xml: New.
27 * modules/pam_env/pam_env.conf.5: New.
28 * modules/pam_env/pam_env.conf.5.xml New.
30 2006-02-14 Thorsten Kukuk <kukuk@thkukuk.de>
32 * po/fi.po: Updated translations.
34 * po/km.po: New translation.
35 * configure.in: Add km as new language.
37 2006-02-13 Thorsten Kukuk <kukuk@thkukuk.de>
39 * modules/pam_echo/pam_echo.8.xml: New.
40 * modules/pam_echo/pam_echo.8: Regenerated from xml file.
41 * modules/pam_echo/Makefile.am: Include Make.xml.rules.
42 * modules/pam_echo/pam_echo.c: Fix return value.
44 * doc/modules/pam_chroot.sgml: Remove obsolete sgml file.
46 2006-02-12 Thorsten Kukuk <kukuk@thkukuk.de>
48 * configure.in: Add doc/man/Makefile.
49 * Make.xml.rules: Enable xincludes for manual pages.
50 * doc/Makefile.am (EXRA_DIST): Remove manual pages.
51 (SUBDIR): Add man subdirectory.
52 * doc/man/Makefile.am: New.
53 * doc/man/pam_acct_mgmt.3: New.
54 * doc/man/pam_acct_mgmt.3.xml: New.
55 * doc/man/pam_get_data.3: New.
56 * doc/man/pam_get_data.3.xml: New.
57 * doc/man/pam_set_data.3: New.
58 * doc/man/pam_set_data.3.xml: New.
59 * doc/man/pam.8.xml: New.
60 * doc/man/pam.8: Regenerated from xml file.
61 * doc/man/pam_authenticate.3.xml: New.
62 * doc/man/pam_authenticate.3: Regenerated from xml file.
63 * doc/man/pam_chauthtok.3.xml: New.
64 * doc/man/pam_chauthtok.3: Regenerated from xml file.
65 * doc/man/pam_close_session.3.xml: New.
66 * doc/man/pam_close_session.3: Regenerated from xml file.
67 * doc/man/pam_end.3.xml: New.
68 * doc/man/pam_end.3: Regenerated from xml file.
69 * doc/man/pam_fail_delay.3.xml: New.
70 * doc/man/pam_fail_delay.3: Regenerated from xml file.
71 * doc/man/pam_get_item.3.xml: New.
72 * doc/man/pam_get_item.3: Regenerated from xml file.
73 * doc/man/pam_item_types.inc.xml: New.
74 * doc/man/pam_open_session.3.xml: New.
75 * doc/man/pam_open_session.3: Regenerated from xml file.
76 * doc/man/pam_set_item.3.xml: New.
77 * doc/man/pam_set_item.3: Regenerated from xml file.
78 * doc/man/pam_setcred.3.xml: New.
79 * doc/man/pam_setcred.3: Regenerated from xml file.
80 * doc/man/pam_start.3.xml: New.
81 * doc/man/pam_start.3: Regenerated from xml file.
82 * doc/man/pam_strerror.3.xml: New.
83 * doc/man/pam_strerror.3: Regenerated from xml file.
84 * doc/man/template-man: Removed.
86 2006-02-10 Thorsten Kukuk <kukuk@thkukuk.de>
88 * configure.in: Remove pam_pwdb support.
89 * modules/Makefile.am: remove pam_pwdb.
90 * modules/pam_pwdb: Remove complete directory.
91 * libpam/Makefile.am: Remove LIBPWDB references.
92 * libpam/pam_static_modules.h: Remove pam_pwdb references.
93 * doc/modules/pam_pwdb.sgml: Removed.
94 * po/POTFILES.in: Remove modules/pam_pwdb/*.c entries.
95 * doc/pam_source.sgml: Remove references to libpwdb.
96 * doc/modules/pam_limits.sgml: Remove wrong reference to libpwdb.
97 * doc/modules/pam_group.sgml: Likewise.
98 * doc/modules/pam_cracklib.sgml: Replace pam_pwdb with pam_unix.
99 * doc/modules/pam_userdb.sgml: Likewise.
100 * modules/pam_cracklib/pam_cracklib.8.xml: Replace pam_pwdb
102 * modules/pam_mkhomedir/pam_mkhomedir.c: Likewise.
103 * modules/pam_group/pam_group.c: Remove dead code for libpwdb.
105 * modules/pam_access/Makefile.am: Fix EXTRA_DIST.
106 * modules/pam_cracklib/Makefile.am: Likewise.
107 * modules/pam_deny/Makefile.am: Likewise.
108 * modules/pam_exec/Makefile.am: Likewise.
110 2006-02-07 Thorsten Kukuk <kukuk@thkukuk.de>
112 * configure.in: Check for text browser.
113 * Make.xml.rules: Add rule to generate README from README.xml.
115 * modules/pam_access/Makefile.am: Include Make.xml.rules.
116 * modules/pam_access/README: Regenerated from README.xml.
117 * modules/pam_access/README.xml: New.
118 * modules/pam_access/access.conf: Extended by new examples.
119 * modules/pam_access/access.conf.5: New, generated from xml file.
120 * modules/pam_access/access.conf.5.xml: New.
121 * modules/pam_access/pam_access.8: New, generated from xml file.
122 * modules/pam_access/pam_access.8.xml: New.
123 * modules/pam_access/pam_access.c: Add rules for IPv6 and
125 Based on patch from Mike Becher <Mike.Becher@lrz-muenchen.de>.
127 * modules/pam_deny/Makefile.am: Include Make.xml.rules.
128 * modules/pam_deny/pam_deny.8.xml: New.
129 * modules/pam_deny/pam_deny.8: New, generated from xml file.
130 * modules/pam_deny/README.xml: New.
131 * modules/pam_deny/README: Regenerated from xml file.
133 * modules/pam_cracklib/Makefile.am: Include Make.xml.rules.
134 * modules/pam_cracklib/pam_cracklib.8.xml: New.
135 * modules/pam_cracklib/pam_cracklib.8: New, generated from xml file.
136 * modules/pam_cracklib/README.xml: New.
137 * modules/pam_cracklib/README: Regenerated from xml file.
139 * modules/pam_exec/Makefile.am: Add rule to generate README.
140 * modules/pam_exec/README: Regenerated from xml file.
141 * modules/pam_exec/pam_exec.8: Regenerated from xml file.
142 * modules/pam_exec/pam_exec.8.xml: Syntax files.
144 2006-02-06 Thorsten Kukuk <kukuk@thkukuk.de>
147 * po/pt.po: Update translations.
148 * configure.in: Add nl as new language.
150 2006-01-30 Thorsten Kukuk <kukuk@thkukuk.de>
152 * modules/pam_exec/pam_exec.8.xml: Fix syntax of Return Value section.
153 * modules/pam_exec/Makefile.am: Include Make.xml.rules.
155 * Make.xml.rules: New.
157 * Makefile.am (EXTRA_DIST): Add Make.xml.rules.
159 2006-01-27 Thorsten Kukuk <kukuk@thkukuk.de>
161 * configure.in: Prefer libdb over libndbm, fix check for
162 libcrack and remove not needed BACKUP_LIBS.
164 2006-01-24 Thorsten Kukuk <kukuk@thkukuk.de>
166 * modules/pam_debug/pam_debug.c: Fix name of pam_module struct.
168 * po/de.po: Fix one translation.
170 * configure.in: Add modules/pam_exec.
171 * modules/Makefile.am: Add pam_exec subdirectory.
172 * modules/pam_exec/README: New.
173 * modules/pam_exec/Makefile.am: New.
174 * modules/pam_exec/pam_exec.8: New.
175 * modules/pam_exec/pam_exec.c: New.
176 * modules/pam_exec/pam_exec.8.xml: New.
177 * po/POTFILES.in: Add modules/pam_exec/pam_exec.c.
178 * po/*.po: Merge new pam_exec strings.
180 * libpam/pam_static_modules.h: New.
181 * Makefile.am: Reorder subdirectories for static modules.
182 * configure.in: Add --enable-static-modules option.
183 * libpam/Makefile.am: Define WITH_SELINUX and WITH_PWDB if
184 necessary, add pam_static_modules.h, link against all PAM
185 module object files if STATIC_MODULES is defined.
186 * libpam/pam_static.c: Remove old _static_module* includes,
187 include pam_static_modules.h.
189 * configure.in: Add checks for xsltproc, xmllint and docbook
191 * m4/jh_path_xml_catalog.m4: New.
193 2006-01-22 Thorsten Kukuk <kukuk@thkukuk.de>
195 * modules/pam_succeed_if/pam_succeed_if.c: Add support for
197 * modules/pam_xauth/pam_xauth.c: Likewise.
199 * libpam/pam_static.c (_pam_open_static_handler): Add pamh
201 * libpam/pam_private.h: Adjust prototype.
202 * libpam/pam_handlers.c (_pam_add_handler): Add pamh to
203 _pam_open_static_handler call.
205 * configure.in: Don't define PAM_DYNAMIC.
206 * libpam/pam_handlers.c: Get ride of PAM_DYNAMIC, don't
207 include pam_dynamic.h
208 * libpam/pam_dynamic.c: Don't include pam_dynamic.h,
209 exclude functions if we compile with PAM_STATIC.
210 * libpam/pam_dynamic.h: Remove.
211 * libpam/pam_private.h: Add function prototypes from pam_dynamic.h.
212 * libpam/Makefile.am: Bump version number of libpam, remove
215 2006-01-21 Thorsten Kukuk <kukuk@thkukuk.de>
217 * modules/pam_listfile/pam_listfile.c: Add support for session
218 and password management.
220 2006-01-19 Thorsten Kukuk <kukuk@suse.de>
222 * doc/specs/Makefile.am (spec): Add padout to fix parallel
223 build (Reported by Andreas Haumer <andreas@xss.co.at>).
225 2006-01-15 Thorsten Kukuk <kukuk@thkukuk.de>
227 * modules/pam_echo/pam_echo.c: Define HOST_NAME_MAX if not
230 2006-01-13 Thorsten Kukuk <kukuk@thkukuk.de>
232 * release version 0.99.3.0
234 * libpam_misc/misc_conv.c (misc_conv): Fix strict aliasing
237 * modules/pam_umask/pam_umask.c (search_key): Don't ignore
238 EOF/error return value from fgets().
240 * configure.in: Check for getline and getdelim
242 * po/fi.po: Add new translations.
243 * po/de.po: Likewise.
244 * po/es.po: Likewise.
245 * po/fr.po: Likewise.
246 * po/it.po: Likewise.
247 * po/ja.po: Likewise.
248 * po/pt_BR.po: Likewise.
249 * po/zh_CH.po: Likewise.
250 * po/zh_TW.po: Likewise.
252 2006-01-13 Dmitry V. Levin <ldv@altlinux.org>
254 * libpam/pam_audit.c (_pam_auditlog): Replace strerror(errno)
255 call with %m specifier.
257 2006-01-12 Thorsten Kukuk <kukuk@thkukuk.de>
259 * configure.in: Add check for -fpie/-pie
260 * modules/pam_filter/upperLOWER/Makefile.am: Compile/link
261 upperLOWER with -fpie/-pie if supported.
262 * modules/pam_unix/Makefile.am: Compile/link unix_chkpwd
263 with -fpie/-pie if supported.
265 2006-01-12 Steve Grubb <sgrubb@redhat.com>
267 * configure.in: Add check for audit library.
268 * libpam/Makefile.am (libpam_la_LDFLAGS): Add LIBAUDIT.
269 (libpam_la_SOURCES): Add pam_audit.c.
270 * libpam/pam_account.c (pam_acct_mgmt): Add _pam_auditlog() call.
271 * libpam/pam_auth.c (pam_authenticate), (pam_setcred): Likewise.
272 * libpam/pam_password.c (pam_chauthtok): Likewise.
273 * libpam/pam_session.c (pam_open_session),
274 (pam_close_session): Likewise.
275 * libpam/pam_private.h: Add audit_state member to pam_handle,
276 declare _pam_auditlog and _pam_audit_end.
277 * libpam/pam_start.c (pam_start): Initialize audit_state.
278 * libpam/pam_audit.c: New file with _pam_auditlog and _pam_audit_end
280 * libpam/pam_end.c (pam_end): Add _pam_audit_end() call.
281 * NEWS: Note about added auditing.
283 2006-01-11 Thorsten Kukuk <kukuk@thkukuk.de>
285 * libpam/Makefile.am (AM_CFLAGS): Define LIBPAM_COMPILE.
287 * libpam/include/security/_pam_types.h: Don't define PAM_NONNULL
288 if we compile libpam itself.
290 * po/hu.po: Update with new translations.
292 2006-01-08 Thorsten Kukuk <kukuk@thkukuk.de>
294 * modules/pam_cracklib/pam_cracklib.c: Use PAM_AUTHTOK_RECOVERY_ERR
295 instead of PAM_AUTHTOK_RECOVER_ERR.
296 * modules/pam_pwdb/support.-c: Likewise.
297 * modules/pam_unix/support.c: Likewise.
298 * modules/pam_userdb/pam_userdb.c (pam_sm_authenticate): Likewise.
299 * libpam/pam_strerror.c (pam_strerror): Likewise.
301 * libpam/include/security/_pam_compat.h: Define
302 PAM_AUTHTOK_RECOVER_ERR for backward compatibility.
304 * libpam/include/security/_pam_types.h: Rename
305 PAM_AUTHTOK_RECOVER_ERR to PAM_AUTHTOK_RECOVERY_ERR.
307 2006-01-05 Thorsten Kukuk <kukuk@thkukuk.de>
309 * libpam/include/security/_pam_types.h: Remove nonnull attribute
310 from third paramter (item) of pam_get_item.
311 * libpam/Makefile.am: Bump version number of shared library.
313 2005-12-21 Tomas Mraz <t8m@centrum.cz>
315 * modules/pam_succeed_if/pam_succeed_if.c (evaluate_ingroup),
316 (evaluate_notingroup): Simplified.
317 (evaluate_innetgr), (evaluate_notinnetgr): New functions.
318 (evaluate): Added calls to evaluate_(not)innetgr().
319 * modules/pam_succeed_if/README: Documented netgroup matching.
320 * NEWS: Mentioned the added netgroup matching support.
322 2005-12-20 Thorsten Kukuk <kukuk@thkukuk.de>
324 * modules/pam_lastlog/pam_lastlog.c (last_login_read): Use
325 strftime instead of ctime.
327 * po/de.po: Fix typo.
329 2005-12-19 Thorsten Kukuk <kukuk@thkukuk.de>
331 * libpam/pam_syslog.c: Define LOG_AUTHPRIV as LOG_AUTH on Solaris.
332 Reported by Charles_H_Bedford@nbc.gov.
334 * modules/pam_time/pam_time.c (check_account): Implement
335 support for netgroups.
337 * modules/pam_time/time.conf: Document usage of netgroups.
339 2005-12-16 Thorsten Kukuk <kukuk@thkukuk.de>
341 * modules/pam_group/pam_group.c (check_account): Implement
342 support for netgroups.
344 * modules/pam_group/group.conf: Add all documentation to this
345 example config file and don't reference to outdated configs.
347 * modules/pam_group/README: New.
349 * modules/pam_group/Makefile.am: Add README to EXTRADIST.
351 2005-12-15 Thorsten Kukuk <kukuk@suse.de>
353 * modules/pam_lastlog/pam_lastlog.c (last_login_read): Don't report an
354 error if user logins the first time.
356 * modules/pam_lastlog/README: New.
358 * modules/pam_lastlog/Makefile.am: Add README to EXTRADIST.
360 2005-12-14 Thorsten Kukuk <kukuk@suse.de>
362 * modules/pam_deny/pam_deny.c: Fix comment.
364 * doc/pam_appl.sgml: Fix typo.
366 Reported by Russell Bateman <russ@windofkeltia.com>
368 2005-12-12 Thorsten Kukuk <kukuk@thkukuk.de>
370 * release version 0.99.2.1
372 * po/de.po: Remove new fuzzy entry
374 * NEWS: Add 0.99.2.1 changes
376 * configure.in: bump version number to 0.99.2.1
378 2005-12-12 Dmitry V. Levin <ldv@altlinux.org>
380 Cleanup pam_syslog messages.
382 * modules/pam_env/pam_env.c (_expand_arg): Fix compiler warning.
383 * modules/pam_filter/pam_filter.c (set_filter): Append %m
384 specifier to pam_syslog messages where appropriate.
385 * modules/pam_group/pam_group.c (read_field): Likewise.
386 * modules/pam_mkhomedir/pam_mkhomedir.c (make_remark): Remove.
387 (create_homedir): Do not use make_remark() wrapper, call
388 pam_info() directly. Call pam_syslog() right after failed
389 operation and append %m specifier to pam_syslog messages where
391 * modules/pam_rhosts/pam_rhosts_auth.c (pam_iruserok): Replace
392 sequence of malloc(), strcpy() and strcat() calls with asprintf().
393 Append %m specifier to pam_syslog messages where appropriate.
394 * modules/pam_securetty/pam_securetty.c (securetty_perform_check):
395 Append %m specifier to pam_syslog messages where appropriate.
396 * modules/pam_shells/pam_shells.c (perform_check): Likewise.
398 2005-12-12 Tomas Mraz <t8m@centrum.cz>
400 * modules/pam_mail/pam_mail.c (report_mail): Fixed typo in string.
401 * po/Linux-PAM.pot: Likewise.
402 * po/de.po: Likewise.
403 * po/es.po: Likewise.
404 * po/fi.po: Likewise.
405 * po/fr.po: Likewise.
406 * po/hu.po: Likewise.
407 * po/it.po: Likewise.
408 * po/ja.po: Likewise.
409 * po/nb.po: Likewise.
410 * po/pa.po: Likewise.
411 * po/pl.po: Likewise.
412 * po/pt.po: Likewise.
413 * po/pt_BR.po: Likewise.
414 * po/zh_CN.po: Likewise.
415 * po/zh_TW.po: Likewise.
416 * po/de.po: Add new translation, fixed typo in string.
418 2005-12-12 Mike Becher <Mike.Becher@lrz-muenchen.de>
420 * doc/Makefile.am: Fixed install of PS, PDF, TXT and HTML files.
422 2005-12-12 Thorsten Kukuk <kukuk@suse.de>
424 * modules/pam_mail/README: Document "quiet" and "standard"
427 2005-12-07 Thorsten Kukuk <kukuk@suse.de>
429 * modules/pam_mail/pam_mail.c: Modify assembling of output
430 for easier translation.
432 * po/de.po: Translate new pam_mail messages.
435 2005-11-24 Thorsten Kukuk <kukuk@thkukuk.de>
437 * po/de.po: Add new translation, fix wrong format specifier.
438 * po/cs.po: Fix wrong format specifier.
439 * po/es.po: Likewise.
440 * po/fi.po: Likewise.
441 * po/fr.po: Likewise.
442 * po/hu.po: Likewise.
443 * po/it.po: Likewise.
444 * po/ja.po: Likewise.
445 * po/nb.po: Likewise.
446 * po/pa.po: Likewise.
447 * po/pl.po: Likewise.
448 * po/pt.po: Likewise.
449 * po/pt_BR.po: Likewise.
450 * po/zh_CN.po: Likewise.
451 * po/zh_TW.po: Likewise.
453 2005-11-24 Dmitry V. Levin <ldv@altlinux.org>
455 * config.h.in: Remove generated file.
456 * .cvsignore: Add config.h.in.
458 * configure.in: Do not check for strerror.
459 * libpam_misc/misc_conv.c (read_string): Replace strerror()
460 call with %m specifier.
461 * libpamc/pamc_converse.c (pamc_converse): Likewise.
462 * modules/pam_echo/pam_echo.c (pam_echo): Likewise.
463 * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate):
465 * modules/pam_selinux/pam_selinux.c (security_label_tty):
467 (security_restorelabel_tty, security_label_tty): Append %m
468 specifier where appropriate.
469 * modules/pam_selinux/pam_selinux_check.c (main): Replace
470 strerror() call with %m specifier.
471 * modules/pam_unix/pam_unix_passwd.c (save_old_password,
472 _update_passwd, _update_shadow): Likewise.
473 * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
474 * modules/pam_unix/unix_chkpwd.c (_update_shadow): Likewise.
475 * po/Linux-PAM.pot: Update strings from pam_selinux.
476 * po/cs.po: Likewise.
477 * po/de.po: Likewise.
478 * po/es.po: Likewise.
479 * po/fi.po: Likewise.
480 * po/fr.po: Likewise.
481 * po/hu.po: Likewise.
482 * po/it.po: Likewise.
483 * po/ja.po: Likewise.
484 * po/nb.po: Likewise.
485 * po/pa.po: Likewise.
486 * po/pl.po: Likewise.
487 * po/pt.po: Likewise.
488 * po/pt_BR.po: Likewise.
489 * po/zh_CN.po: Likewise.
490 * po/zh_TW.po: Likewise.
492 2005-11-23 Thorsten Kukuk <kukuk@suse.de>
494 * modules/pam_xauth/pam_xauth.c (pam_sm_open_session): Introduce
495 new variable to fix compiler warning.
497 * libpam/pam_modutil_getlogin.c (pam_modutil_getlogin): PAM_TTY
498 don't need to start with /dev/.
500 2005-11-21 Thorsten Kukuk <kukuk@thkukuk.de>
502 * release version 0.99.2.0
504 * libpam_misc/Makefile.am: Increase release number (for change
507 * NEWS: Adjust for 0.99.2.0
509 2005-11-17 Thorsten Kukuk <kukuk@thkukuk.de>
511 * libpam/include/security/_pam_compat.h: Fix wrong #ifdef nesting.
512 Redefine PAM_CHANGE_EXPIRED_AUTHTOK [#604380]
514 2005-11-16 Thorsten Kukuk <kukuk@thkukuk.de>
516 * libpam/pam_handlers.c: Replace code for all dlopen variants with
518 * libpam/pam_dynamic.c: Implement generic wrapper for dlopen.
519 * libpam/pam_dynamic.h: Provide prototypes.
520 For Mac OS X support [#534205]
522 2005-11-09 Tomas Mraz <t8m@centrum.cz>
524 * modules/pam_access/pam_access.c (pam_sm_acct_mgmt): Parse correctly
526 * modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Parse correctly
527 full path tty name. Allow unset tty.
528 (logic_member): Allow matching ':' in tty name.
529 * modules/pam_group/pam_group.c (pam_sm_acct_mgmt): Parse correctly
530 full path tty name. Allow unset tty.
531 (logic_member): Allow matching ':' in tty name.
533 * libpam_misc/misc_conv.c (read_string): Read only up to EOL if stdin
536 2005-11-07 Thorsten Kukuk <kukuk@thkukuk.de>
538 * modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Use
539 correct variable names.
541 2005-11-06 Steve Langasek <vorlon@debian.org>
543 * modules/pam_env/pam_env.c: don't treat a missing
544 /etc/environment as a fatal error when attempting to read it,
545 and try to read this file by default; this restores the behavior
548 2005-11-02 Tomas Mraz <t8m@centrum.cz>
550 * modules/pam_unix/support.c (_unix_getpwnam): Fix typo [#1224807]
553 * modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Change the
554 logic when comparing dates to handle corner cases better [#1245888].
556 2005-10-31 Thorsten Kukuk <kukuk@suse.de>
558 * modules/pam_filter/pam_filter.c: Use XCASE only if defined
561 2005-10-27 Thorsten Kukuk <kukuk@suse.de>
563 * doc/man/pam.8: Fix wording for authentication chapter [#1197444]
565 2005-10-26 Tomas Mraz <t8m@centrum.cz>
567 * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary),
568 modules/pam_unix/pam_unix_passwd.c (_unix_run_shadow_binary),
569 modules/pam_unix/support.c (_unix_run_shadow_binary_): Set real
570 uid to 0 before executing the helper if SELinux is enabled.
571 * modules/pam_unix/unix_chkpwd.c (main): Disable user check only
572 if real uid is 0 (CVE-2005-2977). Log failed password check attempt.
575 2005-10-20 Tomas Mraz <t8m@centrum.cz>
577 * configure.in: Added check for xauth binary and --with-xauth option.
578 * config.h.in: Added configurable PAM_PATH_XAUTH.
579 * modules/pam_xauth/README,
580 modules/pam_xauth/pam_xauth.8: Document where xauth is looked for.
581 * modules/pam_xauth/pam_xauth.c (pam_sm_open_session): Implement
582 searching xauth binary on multiple places.
583 (run_coprocess): Don't use execvp as it can be a security risk.
585 2005-10-04 Steve Langasek <vorlon@debian.org>
587 * libpam/include/security/pam_malloc.h,
588 libpam/include/security/pam_modules.h: Declare public header
589 files extern "C" so that they are C++-safe.
591 2005-10-02 Dmitry V. Levin <ldv@altlinux.org>
592 Steve Langasek <vorlon@debian.org>
594 Cleanup gratuitous use of strdup().
595 Fix "missing argument" checks.
597 * modules/pam_env/pam_env.c (_pam_parse): Add const qualifier
598 to conffile and envfile arguments. Do not use x_strdup() for
599 conffile and envfile initialization. Fix "missing argument"
601 (_parse_config_file): Take conffile argument of type "const char *"
602 instead of "char **". Do not free conffile.
603 (_parse_env_file): Take env_file argument of type "const char *"
604 instead of "char **". Do not free env_file.
605 (pam_sm_setcred): Add const qualifier to conf_file and env_file.
606 Pass conf_file and env_file to _parse_config_file() and
607 _parse_env_file() by value.
608 (pam_sm_open_session): Likewise.
610 * modules/pam_ftp/pam_ftp.c (_pam_parse): Add const qualifier to
611 users argument. Do not use x_strdup() for users initialization.
612 (lookup): Add const qualifier to list argument.
613 (pam_sm_authenticate): Add const qualifier to users argument.
615 * modules/pam_mail/pam_mail.c (_pam_parse): Add const qualifier
616 to maildir argument. Do not use x_strdup() for maildir
617 initialization. Fix "missing argument" check.
618 (get_folder): Take path_mail argument of type "const char *"
619 instead of "char **". Do not free path_mail.
620 (_do_mail): Add const qualifier to path_mail argument.
621 Pass path_mail to get_folder() by value.
623 * modules/pam_motd/pam_motd.c: Include <syslog.h>.
624 (pam_sm_open_session): Add const qualifier to motd_path.
625 Do not use x_strdup() for motd_path initialization. Do not
626 free motd_path. Fix "missing argument" check. Add "unknown
629 * modules/pam_userdb/pam_userdb.c (_pam_parse): Add const
630 qualifier to database and cryptmode arguments. Fix "missing
632 (pam_sm_authenticate): Add const qualifier to database and cryptmode.
633 (pam_sm_acct_mgmt): Likewise.
635 2005-10-01 Steve Langasek <vorlon@debian.org>
637 * modules/pam_userdb/pam_userdb.c: spelling fix in log message.
639 2005-09-30 Steve Langasek <vorlon@debian.org>
641 * modules/pam_userdb/pam_userdb.c: Fix memory leak due to
642 gratuitous use of strdup().
644 2005-09-27 Thorsten Kukuk <kukuk@thkukuk.de>
648 * doc/specs/Makefile.am (install-data-local): Install
650 (all): Copy rfc if we build outside of source directory.
652 2005-09-27 Thorsten Kukuk <kukuk@suse.de>
654 * NEWS: Document removal of pam_radius.
655 * autogen.sh: Make configure script executeable.
657 * conv/pam_conv1/Makefile (EXTRA_DIST): Removed lex.yy.c
658 (lex.yy.c): Fixed out of tree build.
660 * conv/pam_conv1/pam_conv.y: Fix main prototype.
664 * po/POTFILES.in: Remove files not distributed by tar archive
665 and not containing strings for translation.
667 2005-09-26 Tomas Mraz <t8m@centrum.cz>
669 * NEWS: Add a few missing entries from CHANGELOG.
671 * AUTHORS: Fixed entries for Toady and me.
673 * Makefile.am (M4_FILES): Fixed out of tree build.
674 * doc/specs/Makefile.am (EXTRA_DIST): Removed lex.yy.c
675 (spec, lex.yy.c): Fixed out of tree build.
677 * modules/pam_userdb/README: Document try_first_pass and
678 use_first_pass options, remove use_authtok option.
681 2005-09-26 Dmitry V. Levin <ldv@altlinux.org>
683 * NEWS: Mention changes in pam_lastlog.
685 2005-09-26 Thorsten Kukuk <kukuk@suse.de>
688 * autogen.sh: Don't generate NEWS file.
689 * CHANGELOG: Document it as obsolete.
691 2005-09-26 Tomas Mraz <t8m@centrum.cz>
693 * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary):
694 _log_err() -> pam_syslog()
695 (pam_sm_acct_mgmt): _log_err() -> pam_syslog(), fix warning.
696 * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate):
697 _log_err() -> pam_syslog()
698 * modules/pam_unix/pam_unix_passwd.c: removed obsolete ifdef
699 (getNISserver, _unix_run_shadow_binary, _update_passwd,
700 _update_shadow, _do_setpass, _pam_unix_approve_pass,
701 pam_sm_chauthtok): _log_err() -> pam_syslog()
702 * modules/pam_unix/pam_unix_sess.c: removed obsolete ifdef
703 (pam_sm_open_session, pam_sm_close_session):
704 _log_err() -> pam_syslog()
705 * modules/pam_unix/support.c (_log_err, converse): removed
706 (_make_remark): use pam_prompt() instead of converse()
707 (_set_ctrl, _cleanup_failures, _unix_run_helper_binary,
708 _unix_verify_password, _unix_read_password):
709 _log_err() -> pam_syslog()
710 _cleanup(), _unix_cleanup(): Silence unused param warnings.
711 (_cleanup_failures, _unix_verify_password, _unix_getpwnam,
712 _unix_run_helper_binary): Silence incorrect type warnings.
713 (_unix_read_password): Use multiple pam_prompt() and pam_info() calls
714 instead of converse().
715 * modules/pam_unix/support.h (_log_err): removed
716 * modules/pam_unix/unix_chkpwd.c (_log_err): LOG_AUTH -> LOG_AUTHPRIV
718 2005-09-26 Thorsten Kukuk <kukuk@suse.de>
720 * configure.in: Add doc/specs/Makefile.
721 * Makefile.am: Add releasedocs rule.
722 * doc/Makefile.am: Add specs subdir, remove files from specs
723 directory, add rfc86.0.txt to releasedocs.
724 * doc/specs/Makefile.am: New file.
725 * doc/specs/formatter/parse.y: move from here ...
726 * doc/specs/parse.y: ... here.
727 * doc/specs/formatter/parse.lex: move from here ...
728 * doc/specs/parse.lex: ... here.
730 * modules/pam_mail/pam_mail.c: Mark missing strings for translation
731 * po/Linux-PAM.pot: Add new strings from pam_mail
732 * po/cs.po: Likewise.
733 * po/de.po: Likewise.
734 * po/es.po: Likewise.
735 * po/fi.po: Likewise.
736 * po/fr.po: Likewise.
737 * po/hu.po: Likewise.
738 * po/it.po: Likewise.
739 * po/ja.po: Likewise.
740 * po/nb.po: Likewise.
741 * po/pa.po: Likewise.
742 * po/pl.po: Likewise.
743 * po/pt.po: Likewise.
744 * po/pt_BR.po: Likewise.
745 * po/zh_CN.po: Likewise.
746 * po/zh_TW.po: Likewise.
748 2005-09-23 Tomas Mraz <t8m@centrum.cz>
750 * modules/pam_access/pam_access.c (from_match): Support NULL from.
751 (string_match): Support NULL string, add NONE keyword matching it.
752 (pam_sm_acct_mgmt): Don't fail when ttyname returns NULL.
753 * modules/pam_access/access.conf: NONE keyword description
754 * modules/pam_access/README: NONE keyword description
756 2005-09-22 Dmitry V. Levin <ldv@altlinux.org>
758 * modules/pam_xauth/pam_xauth.c: (check_acl, pam_sm_open_session,
759 pam_sm_close_session): Strip redundant "pam_xauth: " prefix from
760 text of log messages.
761 (pam_sm_open_session): Replace sequence of malloc(), strcpy()
762 and strcat() calls with asprintf(). Replace syslog() calls
765 * modules/pam_nologin/pam_nologin.c (parse_args): Use strncmp()
766 instead of memcmp() for string comparison.
768 2005-09-21 Dmitry V. Levin <ldv@altlinux.org>
770 * modules/pam_nologin/pam_nologin.c: Include <syslog.h>.
771 (parse_args): Add pam_handle_t* argument. Log unrecognized
773 (perform_check): Log pam_get_user() and malloc() failures.
774 (pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt):
775 Pass pam_handle_t* to parse_args().
777 * modules/pam_mail/pam_mail.c: Include <errno.h>.
778 Remove YOUR_MAIL_VERBOSE_FORMAT, YOUR_MAIL_STANDARD_FORMAT and
779 NO_MAIL_STANDARD_FORMAT macros.
780 (parse_args, get_folder): Cleanup error messages.
781 (get_folder): Fix leak of the path_mail variable in case of
782 pam_get_user() failure. Cleanup memory management.
783 (get_mail_status): Add pam_handle_t* argument. Fix leaks of
784 namelist variable. Cleanup memory management. Log memory
785 allocation failures. Remove 250-byte limit on Maildir pathname.
786 (report_mail): Mark text messages for translation.
787 (_do_mail): Cleanup memory management. Pass pam_handle_t*
788 to get_mail_status().
790 * po/Linux-PAM.pot: Update with new strings from pam_mail for
792 * po/cs.po: Likewise.
793 * po/de.po: Likewise.
794 * po/es.po: Likewise.
795 * po/fi.po: Likewise.
796 * po/fr.po: Likewise.
797 * po/hu.po: Likewise.
798 * po/it.po: Likewise.
799 * po/ja.po: Likewise.
800 * po/nb.po: Likewise.
801 * po/pa.po: Likewise.
802 * po/pl.po: Likewise.
803 * po/pt.po: Likewise.
804 * po/pt_BR.po: Likewise.
805 * po/zh_CN.po: Likewise.
806 * po/zh_TW.po: Likewise.
808 2005-09-20 Thorsten Kukuk <kukuk@suse.de>
810 * configure.in: Add finish translation.
813 * acinclude.m4: remove libprelude macros.
814 * m4/libprelude.m4: New.
816 * Makefile.am (EXTRA_DIST): make sure we include all m4 macros.
818 * libpamc/Makefile.am (EXTRA_DIST): Add License.
820 See CHANGELOG for earlier changes.