1 2009-01-19 Tomas Mraz <t8m@centrum.cz>
3 * modules/pam_mkhomedir/Makefile.am: Add mkhomedir_helper.
4 * modules/pam_mkhomedir/mkhomedir_helper.8.xml: New file. Manual page
6 * modules/pam_mkhomedir/mkhomedir_helper.c: New file. Source
7 for mkhomedir_helper. Most of the code moved from pam_mkhomedir.c.
8 * modules/pam_mkhomedir/pam_mkhomedir.c (_pam_parse): Do not convert umask
10 (rec_mkdir): Moved to mkhomedir_helper.c.
11 (create_homedir): Just exec the helper.
12 (pam_sm_open_session): Improve logging.
14 2009-01-19 Daniel Cabrera <h.daniel.cabrera@gmail.com>
16 * po/es.po: Updated translations.
18 2009-01-14 Thorsten Kukuk <kukuk@thkukuk.de>
20 * po/de.po: Updated translations.
22 2009-01-07 Piotr Drąg <piotrdrag@gmail.com>
24 * po/pl.po: Updated translations.
26 2008-12-23 Piotr Drąg <piotrdrag@gmail.com>
28 * po/pl.po: Updated translations.
30 2008-12-18 Thorsten Kukuk <kukuk@thkukuk.de>
32 * modules/pam_pwhistory/pam_pwhistory.c (parse_option): Rename
33 type= option to authtok_type= (because of pam_get_authtok).
34 * modules/pam_pwhistory/pam_pwhistory.8.xml: Likewise.
36 2008-12-17 Tomas Mraz <t8m@centrum.cz>
38 * modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Do
39 not abort on unknown option. Avoid double free of old_status.
40 (pam_sm_close_session): Use LOG_DEBUG for restored status message.
42 * configure.in: Test for getseuser().
43 * modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Call getseuser()
44 instead of getseuserbyname() if the function is available.
46 2008-12-12 Thorsten Kukuk <kukuk@thkukuk.de>
48 * release version 1.0.90
50 * libpam_misc/Makefile.am: Increase version number of shared library.
51 * libpamc/Makefile.am: Likewise.
53 2008-12-12 Tomas Mraz <t8m@centrum.cz>
55 * modules/pam_tally2/pam_tally2.c (get_tally): Test for EACCES
57 * modules/pam_tally2/pam_tally2.8.xml: Fix documentation.
59 2008-12-10 Thorsten Kukuk <kukuk@thkukuk.de>
61 * doc/man/pam_item_types_ext.inc.xml: Document PAM_AUTHTOK_TYPE.
62 * libpam/pam_end.c (pam_end): Free authtok_type.
63 * tests/tst-pam_get_item.c: Add PAM_AUTHTOK_TYPE
65 * tests/tst-pam_set_item.c: Likewise.
66 * libpam/pam_start.c (pam_start): Initialize xdisplay,
67 xauth and authtok_type.
68 * libpam/pam_get_authtok.c (pam_get_authtok): Rename "type"
70 * modules/pam_cracklib/pam_cracklib.8.xml: Replace "type=" with
72 * doc/man/pam_get_authtok.3.xml: Document authtok_type argument.
73 * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Set
74 type= argument as PAM_AUTHTOK_TYPE item.
75 * libpam/pam_get_authtok.c (pam_get_authtok): If no type
76 argument given, use PAM_AUTHTOK_TYPE item.
77 * libpam/pam_item.c (pam_get_item): Fetch PAM_AUTHTOK_TYPE item.
78 (pam_set_item): Store PAM_AUTHTOK_TYPE item.
79 * libpam/pam_private.h: Add authtok_type to pam_handle.
80 * libpam/include/security/_pam_types.h (PAM_AUTHTOK_TYPE): New.
82 2008-12-03 Thorsten Kukuk <kukuk@thkukuk.de>
84 * modules/pam_access/access.conf.5.xml: Replace
85 2001:4ca0 with 2001:db8:: [bug#2356400].
87 * doc/man/Makefile.am: Add pam_get_authtok.3.xml.
88 * doc/man/pam_get_authtok.3.xml: New.
89 * libpam/Makefile.am: Add pam_get_authtok.c.
90 * libpam/libpam.map: Export pam_get_authtok.
91 * libpam/pam_get_authtok.c: New.
92 * libpam/pam_private.h: Add mod_argc and mod_argv to pam_handle.
93 * libpam_include/security/pam_ext.h: Add pam_get_authtok
95 * modules/pam_cracklib/pam_cracklib.c: Use pam_get_authtok.
96 * modules/pam_pwhistory/pam_pwhistory.c: Likewise.
97 * po/POTFILES.in: Add libpam/pam_get_authtok.c.
98 * xtests/tst-pam_cracklib1.c: Adjust error codes.
100 * modules/pam_timestamp/Makefile.am: Remove hmactest.c from
103 * po/*.po: Regenerated.
105 2008-12-02 Michael Calmer <mc@suse.de>
107 * modules/pam_limits/limits.conf.5.xml: Document valid values
108 for limits (bnc#448314).
110 2008-12-02 Thorsten Kukuk <kukuk@thkukuk.de>
112 * modules/pam_env/pam_env.c: Add support for user specific
113 environment file. Based on a patch from Ubuntu.
114 * modules/pam_env/pam_env.8.xml: Document new options.
116 2008-12-02 Olivier Fourdan <ofourdan@redhat.com>
118 * modules/pam_filter/pam_filter.c (master): Use /dev/ptmx
119 instead of the old BSD pseudoterminal API.
120 (set_filter): Call grantpt(), unlockpt() and ptsname(). Do not
121 close pseudoterminal handle in filter child.
122 * modules/pam_filter/upperLOWER/upperLOWER.c (main): Use
123 regular read() instead of pam_modutil_read() to allow for
126 2008-12-02 Tomas Mraz <t8m@centrum.cz>
128 * modules/pam_timestamp/Makefile.am: Add hmacfile to tests.
129 * modules/pam_timestamp/hmacfile.c: Do not try the short key
132 2008-12-01 Tomas Mraz <t8m@centrum.cz>
134 * modules/pam_unix/support.h: Fix masks for cipher algorithm
137 2008-12-01 Thorsten Kukuk <kukuk@thkukuk.de>
139 * modules/pam_unix/pam_unix.8.xml: Document blowfish option.
141 * configure.in: Check for crypt_gensalt_rn.
142 * modules/pam_unix/pam_unix_passwd.c: Pass pamh to
143 create_password_hash function.
144 * modules/pam_unix/passverify.c (create_password_hash): Add
146 * modules/pam_unix/passverify.h: Adjust create_password_hash
148 * modules/pam_unix/support.c: Add support for blowfish option.
149 * modules/pam_unix/support.h: Add defines for blowfish option.
150 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
152 2008-12-01 Tomas Mraz <t8m@centrum.cz>
154 * modules/pam_access/pam_access.8.xml: Fix description of nodefgroup
157 * modules/pam_group/pam_group.c (is_same): Fix check for correct
160 2008-11-29 Thorsten Kukuk <kukuk@thkukuk.de>
162 * configure.in: Check for xcrypt.h, fix typo in libaudit check.
163 * modules/pam_cracklib/pam_cracklib.c: Include xcrypt.h if
165 * modules/pam_unix/bigcrypt.c: Likewise.
166 * modules/pam_unix/passverify.c: Likewise.
167 * modules/pam_userdb/pam_userdb.c: Likewise.
168 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
170 * doc/man/pam_getenv.3.xml: Document that application should
171 not free return value.
173 * doc/man/pam.3.xml: Add Note about thread-safeness of libpam
176 2008-11-28 Tomas Mraz <t8m@centrum.cz>
178 * modules/pam_unix/unix_update.c (set_password): Allow root to change
179 passwords without verification of the old ones.
181 * modules/pam_tally2/pam_tally2.c (tally_check): Fix info format
182 to be the same as in pam_tally.
184 * configure.in: Add modules/pam_timestamp/Makefile.
185 * doc/sag/Linux-PAM_SAG.xml: Include pam_timestamp.xml.
186 * doc/sag/pam_timestamp.xml: New.
187 * libpam/pam_static_modules.h: Add pam_timestamp static struct.
188 * modules/Makefile.am: Add pam_timestamp directory.
189 * modules/pam_timestamp/Makefile.am: New.
190 * modules/pam_timestamp/README.xml: New.
191 * modules/pam_timestamp/hmacsha1.h: New.
192 * modules/pam_timestamp/sha1.h: New.
193 * modules/pam_timestamp/pam_timestamp.8.xml: New.
194 * modules/pam_timestamp/pam_timestamp_check.8.xml: New.
195 * modules/pam_timestamp/pam_timestamp.c: New.
196 * modules/pam_timestamp/pam_timestamp_check.c: New.
197 * modules/pam_timestamp/hmacfile.c: New.
198 * modules/pam_timestamp/hmacsha1.c: New.
199 * modules/pam_timestamp/sha1.c: New.
200 * modules/pam_timestamp/tst-pam_timestamp: New.
201 * po/POTFILES.in: Add pam_timestamp sources.
202 * po/*.po: Regenerate.
203 * po/cs.po: Updated translations.
205 2008-11-25 Thorsten Kukuk <kukuk@thkukuk.de>
207 * modules/pam_pwhistory/opasswd.c (save_old_password): Fix typo.
209 * modules/pam_time/pam_time.c (is_same): Fix check
210 of correct string length (debian bug #326407).
212 2008-11-24 Thorsten Kukuk <kukuk@thkukuk.de>
214 * xtests/Makefile.am: Add pam_time1 tests.
215 * xtests/tst-pam_time1.c: New test case.
216 * xtests/tst-pam_time1.pamd: New.
217 * xtests/time.conf: New.
218 * xtests/run-xtests.sh: Copy time.conf.
220 2008-11-24 Tomas Mraz <t8m@centrum.cz>
222 * libpam/pam_handlers.c (_pam_parse_conf_file): '-' at
223 beginning of type token marks silent module.
224 (_pam_load_module): Add handler_type parameter. Do not log
225 module load error if module is silent.
226 (_pam_add_handler): Pass handler_type to _pam_load_module().
227 * libpam/pam_private.h: Add PAM_HT_SILENT_MODULE.
228 * doc/man/pam.conf-syntax.xml: Document the '-' at beginning
231 * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Fix leaks
233 * modules/pam_env/pam_env.c (_parse_env_file): Remove superfluous
235 * modules/pam_group/pam_group.c (check_account): Fix leak
237 * modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): Fix leak
239 * modules/pam_securetty/pam_securetty.c (securetty_perform_check): Remove
240 superfluous condition.
241 * modules/pam_stress/pam_stress.c (stress_get_password,pam_sm_authenticate):
242 Remove superfluous conditions.
243 (pam_sm_chauthtok): Fix mistaken && for &.
244 * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Remove
245 superfluous condition.
246 All the problems fixed in this commit were found by Steve Grubb.
248 2008-11-20 Tomas Mraz <t8m@centrum.cz>
250 * modules/pam_sepermit/pam_sepermit.c (sepermit_match): Do not
251 call sepermit_lock() if sense is deny. Do not crash on NULL seuser
253 (pam_sm_authenticate): Try to call getseuserbyname() even if
256 2008-11-19 Thorsten Kukuk <kukuk@thkukuk.de>
258 * modules/pam_xauth/pam_xauth.c (pam_sm_open_session):
259 Preserve XAUTHLOCALHOSTNAME environment variable.
261 * modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Finish
262 implementation of type=STRING option.
264 * modules/pam_pwhistory/pam_pwhistory.8.xml: Document
265 "type=STRING" option.
267 2008-10-27 Thorsten Kukuk <kukuk@thkukuk.de>
269 * doc/man/pam_setcred.3.xml: Document when credentials
271 * po/ja.po: Fix syntax error.
272 * po/de.po: Update translations.
273 * po/*.po: Regenerate with pam_tally2 added.
275 2008-10-23 Taylon Silmer Lacerda Silva <taylonsilva@gmail.com>
277 * po/pt_BR.po: Updated translations.
279 2008-10-23 Krishna Babu K <kkrothap@redhat.com>
281 * po/LINGUAS: New language.
282 * po/te.po: New translation to Telugu.
284 2008-10-23 Manoj Kumar Giri <mgiri@redhat.com>
286 * po/or.po: Updated translations.
288 2008-10-21 Amitakhya Phukan <aphukan@redhat.com>
290 * po/as.po: Updated translations.
292 2008-10-21 Ondrej Sulek <feonsu@gmail.com>
294 * po/sk.po: Updated translations.
296 2008-10-21 Terry Chuang <tchuang@redhat.com>
298 * po/zh_TW.po: Updated translations.
300 2008-10-21 Kiyoto Hashida <khashida@redhat.com>
302 * po/ja.po: Updated translations.
304 2008-10-21 Francesco Valente <fvalen@redhat.com>
306 * po/it.po: Updated translations.
308 2008-10-21 Peter van Egdom <p.van.egdom@gmail.com>
310 * po/nl.po: Updated translations.
312 2008-10-20 Ani Peter <apeter@redhat.com>
314 * po/ml.po: Updated translations.
316 2008-10-20 Pablo Martin-Gomez <pablo.martin-gomez@laposte.net>
318 * po/fr.po: Updated translations.
320 2008-10-20 Runa Bhattacharjee <runab@redhat.com>
322 * po/bn_IN.po: Updated translations.
324 2008-10-20 Shankar Prasad <svenkate@redhat.com>
326 * po/kn.po: Updated translations.
328 2008-10-20 Leah Liu <lliu@redhat.com>
330 * po/zh_CN.po: Updated translations.
332 2008-10-20 Ondrej Sulek <feonsu@gmail.com>
334 * po/LINGUAS: New language.
335 * po/sk.po: New translation to Slovak.
337 2008-10-17 Tomas Mraz <t8m@centrum.cz>
339 * configure.in: Add modules/pam_tally2/Makefile.
340 * doc/sag/Linux-PAM_SAG.xml: Include pam_tally2.xml.
341 * doc/sag/pam_tally2.xml: New.
342 * libpam/pam_static_modules.h: Add pam_tally2 static struct.
343 * modules/Makefile.am: Add pam_tally2 directory.
344 * modules/pam_tally2/Makefile.am: New.
345 * modules/pam_tally2/README.xml: New.
346 * modules/pam_tally2/tallylog.h: New.
347 * modules/pam_tally2/pam_tally2.8.xml: New.
348 * modules/pam_tally2/pam_tally2.c: New.
349 * modules/pam_tally2/pam_tally2_app.c: New.
350 * modules/pam_tally2/tst-pam_tally2: New.
351 * po/POTFILES.in: Add pam_tally2 sources.
353 2008-10-17 Xavier Queralt Mateu <xqueralt@gmail.com>
355 * po/ca.po: Updated translations.
357 2008-10-15 Tomas Mraz <t8m@centrum.cz>
359 * modules/pam_keyinit/pam_keyinit.c (kill_keyrings): Save the old
360 euid to suid to be able to restore it.
362 2008-10-15 Piotr Drąg <piotrdrag@gmail.com>
364 * po/pl.po: Updated translations.
366 2008-10-13 Tomas Mraz <t8m@centrum.cz>
368 * po/LINGUAS: New languages.
369 * po/cs.po: Updated translations.
371 2008-10-13 Amitakhya Phukan <aphukan@redhat.com>
373 * po/as.po: Updated translations.
375 2008-10-13 Shankar Prasad <svenkate@redhat.com>
377 * po/kn.po: Updated translations.
379 2008-10-13 Sandeep Sheshrao Shedmake <sshedmak@redhat.com>
381 * po/mr.po: New translation to Marathi.
383 2008-10-13 Runa Bhattacharjee <runab@redhat.com>
385 * po/bn_IN.po: Updated translations.
387 2008-10-13 Sharuzzaman Ahmat Raslan <sharuzzaman@gmail.com>
389 * po/ms.po: New translation to Malay.
391 2008-10-10 Thorsten Kukuk <kukuk@thkukuk.de>
393 * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass):
394 Remove check for re-used passwords.
395 * modules/pam_cracklib/pam_cracklib.8.xml: Remove documentation
396 of re-used password check.
398 * configure.in: add modules/pam_pwhistory/Makefile.
399 * doc/sag/Linux-PAM_SAG.xml: Include pam_pwhistory.xml.
400 * doc/sag/pam_pwhistory.xml: New.
401 * libpam/pam_static_modules.h: Add pam_pwhistory data.
402 * modules/Makefile.am: Add pam_pwhistory directory.
403 * modules/pam_pwhistory/Makefile.am: New.
404 * modules/pam_pwhistory/README.xml: New.
405 * modules/pam_pwhistory/opasswd.c: New.
406 * modules/pam_pwhistory/opasswd.h: New.
407 * modules/pam_pwhistory/pam_pwhistory.8.xml: New.
408 * modules/pam_pwhistory/pam_pwhistory.c: New.
409 * modules/pam_pwhistory/tst-pam_pwhistory: New.
410 * xtests/Makefile.am: New.
411 * xtests/run-xtests.sh: New.
412 * xtests/tst-pam_pwhistory1.c: New.
413 * xtests/tst-pam_pwhistory1.pamd: New.
414 * xtests/tst-pam_pwhistory1.sh: New.
415 * po/POTFILES.in: Add modules/pam_pwhistory/.
416 * po/de.po: Update translations.
418 2008-10-02 Thorsten Kukuk <kukuk@thkukuk.de>
420 * po/de.po: Update translations.
422 2008-09-30 Manoj Kumar Giri <mgiri@redhat.com>
424 * po/or.po: Updated translations.
426 2008-09-30 Taylon Silmer Lacerda Silva <taylonsilva@gmail.com>
428 * po/pt_BR.po: Updated translations.
430 2008-09-30 Tomas Mraz <t8m@centrum.cz>
432 * modules/pam_lastlog/pam_lastlog.8.xml: Document new options
433 noupdate and showfailed.
434 * modules/pam_lastlog/pam_lastlog.c(pam_parse): Recognize the new
436 (last_login_read): New output parameter lltime. Do not display
437 the last login message if it would be empty.
438 (last_login_date): New output parameter lltime. Do not write the
439 last login info when LASTLOG_UPDATE is not set.
440 (last_login_failed): New function to display the last bad login
442 (pam_sm_open_session): Obtain lltime from last_login_date() and
443 call last_login_failed() when appropriate.
445 * po/Linux-pam.pot: Updated strings to translate.
448 2008-09-29 Thorsten Kukuk <kukuk@thkukuk.de>
450 * modules/pam_echo/pam_echo.8.xml: Fix format error.
452 2008-09-25 Tomas Mraz <t8m@centrum.cz>
454 * modules/pam_tally/pam_tally.c(get_tally): Fix syslog message.
455 (tally_check): Open faillog read only. Close file descriptor.
456 Fix typos in messages.
458 2008-09-25 Thorsten Kukuk <kukuk@thkukuk.de>
460 * modules/pam_mail/pam_mail.c (report_mail): Fix logic of
461 "quiet" option (Patch from Andreas Henriksson <andreas@fatal.se>)
463 * modules/pam_mail/pam_mail.8.xml: Fix typo.
465 2008-09-23 Tomas Mraz <t8m@centrum.cz>
467 * modules/pam_limits/limits.conf.5.xml: Comment that rss limit is
470 2008-09-19 Tomas Mraz <t8m@centrum.cz>
472 * modules/pam_cracklib/pam_cracklib.8.xml: Fix description
473 of the palindrome test. Document new options maxrepeat and
475 * modules/pam_cracklib/pam_cracklib.c(_pam_parse): Parse
476 the maxrepeat and reject_username options.
477 (password_check): Call the new tests usercheck() and
479 (_pam_unix_approve_pass): Pass user name to the password_check().
481 2008-09-16 Thorsten Kukuk <kukuk@thkukuk.de>
483 * modules/pam_cracklib/pam_cracklib.8.xml: Fix typo.
485 * modules/pam_unix/pam_unix.8.xml: Fix typo.
487 2008-09-03 Thorsten Kukuk <kukuk@thkukuk.de>
489 * modules/pam_exec/pam_exec.c: Expose authtok if requested,
490 provide environment variable containing service type.
491 * modules/pam_exec/pam_exec.8.xml: Document new option.
493 2008-08-29 Tomas Mraz <t8m@centrum.cz>
495 * modules/pam_loginuid/pam_loginuid.c(set_loginuid): Uids
498 2008-08-18 Thorsten Kukuk <kukuk@thkukuk.de>
500 * Makefile.am (M4_FILES): Adjust list.
502 * modules/pam_access/pam_access.8.xml: Fix module service
504 * modules/pam_cracklib/pam_cracklib.8.xml: Likewise.
505 * modules/pam_debug/pam_debug.8.xml: Likewise.
506 * modules/pam_deny/pam_deny.8.xml: Likewise.
507 * modules/pam_echo/pam_echo.8.xml: Likewise.
508 * modules/pam_env/pam_env.8.xml: Likewise.
509 * modules/pam_exec/pam_exec.8.xml: Likewise.
510 * modules/pam_faildelay/pam_faildelay.8.xml: Likewise.
511 * modules/pam_filter/pam_filter.8.xml: Likewise.
512 * modules/pam_ftp/pam_ftp.8.xml: Likewise.
513 * modules/pam_group/pam_group.8.xml: Likewise.
514 * modules/pam_issue/pam_issue.8.xml: Likewise.
515 * modules/pam_keyinit/pam_keyinit.8.xml: Likewise.
516 * modules/pam_lastlog/pam_lastlog.8.xml: Likewise.
517 * modules/pam_limits/pam_limits.8.xml: Likewise.
518 * modules/pam_listfile/pam_listfile.8.xml: Likewise.
519 * modules/pam_localuser/pam_localuser.8.xml: Likewise.
520 * modules/pam_loginuid/pam_loginuid.8.xml: Likewise.
521 * modules/pam_mail/pam_mail.8.xml: Likewise.
522 * modules/pam_mkhomedir/pam_mkhomedir.8.xml: Likewise.
523 * modules/pam_motd/pam_motd.8.xml: Likewise.
524 * modules/pam_namespace/pam_namespace.8.xml: Likewise.
525 * modules/pam_nologin/pam_nologin.8.xml: Likewise.
526 * modules/pam_permit/pam_permit.8.xml: Likewise.
527 * modules/pam_rhosts/pam_rhosts.8.xml: Likewise.
528 * modules/pam_rootok/pam_rootok.8.xml: Likewise.
529 * modules/pam_securetty/pam_securetty.8.xml: Likewise.
530 * modules/pam_selinux/pam_selinux.8.xml: Likewise.
531 * modules/pam_sepermit/pam_sepermit.8.xml: Likewise.
532 * modules/pam_shells/pam_shells.8.xml: Likewise.
533 * modules/pam_succeed_if/pam_succeed_if.8.xml: Likewise.
534 * modules/pam_tally/pam_tally.8.xml: Likewise.
535 * modules/pam_time/pam_time.8.xml: Likewise.
536 * modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise.
537 * modules/pam_umask/pam_umask.8.xml: Likewise.
538 * modules/pam_unix/pam_unix.8.xml: Likewise.
539 * modules/pam_userdb/pam_userdb.8.xml: Likewise.
540 * modules/pam_warn/pam_warn.8.xml: Likewise.
541 * modules/pam_wheel/pam_wheel.8.xml: Likewise.
542 * modules/pam_xauth/pam_xauth.8.xml: Likewise.
544 2008-08-01 Thorsten Kukuk <kukuk@thkukuk.de>
546 * configure.in: Add version for gettext, add search path
547 for m4 directory, fix handling of --disable-* options.
548 Patches from Diego Pettenò <flameeyes@gmail.com>.
550 * configure.in: Run autoupdate on it.
552 * acincludde.m4: Rename to ...
553 * m4/jh_path_xml_catalog.m4: ... this.
555 * m4/*.m4: Remove all autoconf m4 files.
557 2008-07-29 Steve Langasek <vorlon@debian.org>
559 * modules/pam_cracklib/pam_cracklib.8.xml: correct a typo,
560 "Only he" -> "Only the"
562 2008-07-28 Steve Langasek <vorlon@debian.org>
564 * libpamc/test/regress/test.libpamc.c: use standard u_int8_t
565 type instead of __u8, as elsewhere.
566 Patch from Roger Leigh <rleigh@debian.org>.
567 * modules/pam_unix/passverify.c: make save_old_password()
568 thread-safe by using pam_modutil_getpwnam() instead of getpwnam()
569 * modules/pam_unix/passverify.c, modules/pam_unix/passverify.h,
570 modules/pam_unix/pam_unix_passwd.c: add pamh argument to
573 2008-07-27 Steve Langasek <vorlon@debian.org>
575 * modules/pam_*/pam_*.8.xml: fix up the references to pam.d,
576 which is in manpage section 5, not 8.
577 * modules/pam_env/environment, modules/pam_env/pam_env.8.xml:
578 spelling fix, seperate -> separate
580 2008-07-26 Steve Langasek <vorlon@debian.org>
582 * modules/pam_env/pam_env.c: Fix module to skip over
583 non-alphanumeric variable names, and to handle the case when
584 asked to delete a non-existent variable.
586 2008-07-13 Tomas Mraz <t8m@centrum.cz>
588 * modules/pam_mail/pam_mail.8.xml: Module supports session and
589 not account service (#1980773).
591 2008-07-11 Tomas Mraz <t8m@centrum.cz>
593 * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Do
594 not close the pipe descriptor in borderline case (#2009766).
595 * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary):
597 * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
598 * modules/pam_unix/support.h: Define upper limit of fds we will
601 * modules/pam_selinux/pam_selinux.c (config_context): Do not
602 ask for the level if use_current_range is set.
603 (context_from_env): New function to obtain the context from
604 PAM environment variables.
605 (pam_sm_open_session): Call context_from_env() if env_params option
606 is present. use_current_range now modifies behavior of the
607 context_from_env and config_context options.
608 * modules/pam_selinux/pam_selinux.8.xml: Describe the env_params
609 option. Adjust description of use_current_range option.
611 2008-07-09 Thorsten Kukuk <kukuk@thkukuk.de>
613 * modules/pam_exec/pam_exec.c (call_exec): Move all variable
614 declaration to begin of a block (#1976310).
616 * xtests/tst-pam_group1.c (run_test): Move no_grps declaration
617 to begin of function (#1976310).
619 * modules/pam_securetty/pam_securetty.8.xml: Replace
620 PAM_IGNORE with PAM_USER_UNKNOWN (#1994330).
622 * modules/pam_tally/pam_tally.c: Add support for silent and
624 * modules/pam_tally/pam_tally.8.xml: Document silent and
627 2008-07-08 Thorsten Kukuk <kukuk@thkukuk.de>
629 * modules/pam_unix/passverify.c (verify_pwd_hash): Adjust debug
632 2008-06-22 Thorsten Kukuk <kukuk@thkukuk.de>
634 * modules/pam_unix/unix_chkpwd.c (main): Fix compiling without
637 * modules/pam_cracklib/pam_cracklib.8.xml: Fix typo in ucredit
638 description (reported by Wayne Pollock <pollock@acm.org>)
640 2008-06-19 Tomas Mraz <t8m@centrum.cz>
642 * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate):
643 Detect configuration errors. Fail on incomplete condition.
645 2008-05-20 Tomas Mraz <t8m@centrum.cz>
647 * configure.in: Work correctly with autoconf-2.62.
649 2008-05-19 Tomas Mraz <t8m@centrum.cz>
651 * doc/man/pam_getenv.3.xml: Correct the pam_getenv documentation.
653 * doc/man/pam_prompt.3.xml: Add missing description.
655 2008-05-14 Kjartan Maraas <kmaraas@gnome.org>
657 * po/nb.po: Updated translation.
659 2008-05-14 Sulyok Péter <peti@sulyok.hu>
661 * po/hu.po: Updated translation.
663 2008-05-14 Tomas Mraz <t8m@centrum.cz>
665 * libpam/pam_modutil_getgrgid.c: Replace hardcoded constant with
666 define PWD_LENGTH_SHIFT.
667 * libpam/pam_modutil_getgrnam.c: Likewise.
668 * libpam/pam_modutil_getpwnam.c: Likewise.
669 * libpam/pam_modutil_getpwuid.c: Likewise.
670 * libpam/pam_modutil_getspnam.c: Likewise.
671 * libpam/pam_modutil_private.h: Adjust values for PWD_ constants.
673 * modules/pam_unix/pam_unix_passwd.c(pam_sm_chauthtok): Unset authtok
674 item when password is not approved.
675 * modules/pam_unix/support.c(_unix_read_password): UNIX_USE_FIRST_PASS
676 is always set when UNIX_AUTHTOK is set, change order of conditions.
678 2008-05-02 Tomas Mraz <t8m@centrum.cz>
680 * modules/pam_selinux/pam_selinux.c(query_response): Add handling
682 (manual_context): Handle failed query_response() properly. Rename
683 variable responses to response which is more correct name.
684 (config_context): Likewise.
685 (pam_sm_open_session): Do not base decision on whether there is a tty.
687 2008-04-22 Tomas Mraz <t8m@centrum.cz>
689 * modules/pam_selinux/pam_selinux.c(pam_sm_close_sesion): Fix
690 regression from the change from 2008-03-20. setexeccon() must be
691 called also with NULL prev_context.
693 2008-04-21 Thorsten Kukuk <kukuk@thkukuk.de>
695 * modules/pam_access/access.conf.5.xml: Document changed behavior
697 * modules/pam_access/pam_access.c: Add from_remote_host to
698 struct login_info to change behavior of LOCAL keyword: if
699 PAM_RHOST is not set, LOCAL will be true.
701 2008-04-18 Tomas Mraz <t8m@centrum.cz>
703 * modules/pam_namespace/pam_namespace.c: New functions
704 unprotect_dirs(), cleanup_protect_data(), protect_mount(),
705 protect_dir() to protect directory by bind mount.
706 (cleanup_data): Renamed to cleanup_polydir_data().
707 (parse_create_params): Allow missing specification of mode
709 (check_inst_parent): Call protect_dir() on the instance parent
710 directory. The directory is created when it doesn't exist.
711 (create_polydir): Protect and make the polydir by protect_dir(),
712 remove potential races.
713 (create_dirs): Renamed to create_instance(), remove call to
715 (ns_setup): Call protect_dir() on the polydir if it already exists.
716 Call inst_init() after the polydir is mounted.
717 (setup_namespace): Set the namespace protect data to be cleaned up
718 on pam_close_session()/pam_end().
719 (pam_sm_open_session): Initialize the protect_dirs.
720 (pam_sm_close_session): Cleanup namespace protect data.
721 * modules/pam_namespace/pam_namespace.h: Define struct for the
722 stack of protected dirs.
723 * modules/pam_namespace/pam_namespace.8.xml: Document when the
724 instance init script is called.
725 * modules/pam_namespace/namespace.conf.5.xml: Likewise.
727 2008-04-17 Tomas Mraz <t8m@centrum.cz>
729 * modules/pam_access/pam_access.c(myhostname): Removed function.
730 (user_match): Supply hostname of the machine to the netgroup_match().
731 Use hostname from the loginfo instead of calling myhostname().
732 (pam_sm_authenticate): Call gethostname() to fill hostname in the
735 * modules/pam_sepermit/pam_sepermit.c(sepermit_match): Do not try
736 to lock if euid != 0.
738 2008-04-16 Tomas Mraz <t8m@centrum.cz>
740 * modules/pam_unix/Makefile.am: Link unix_chkpwd with libaudit.
741 * modules/pam_unix/unix_chkpwd.c(_audit_log): New function for audit.
742 (main): Call _audit_log() when appropriate.
744 * modules/pam_cracklib/pam_cracklib.c(_pam_parse): Recognize also
745 try_first_pass and use_first_pass options.
746 (pam_sm_chauthtok): Implement the new options.
748 2008-04-08 Tomas Mraz <t8m@centrum.cz>
750 * modules/pam_xauth/pam_xauth.c(run_coprocess): Avoid multiple
751 calls to sysconf() (based on patch by Sami Farin).
753 * libpam/pam_item.c (TRY_SET): Do not set when destination
754 is identical to source.
755 (pam_set_item): Do not overwrite destination when it
756 is identical to source.
758 2008-04-07 Miloš Komarčević <kmilos@gmail.com>
760 * po/sr.po: New file with translation.
761 * po/sr@latin.po: Likewise.
762 * po/LINGUAS: Add sr and sr@latin.
764 2008-04-03 Thorsten Kukuk <kukuk@thkukuk.de>
766 * release version 1.0.0
768 * configure.in: Set version number to 1.0.0.
769 * libpam/Makefile.am: Bump patchlevel of libpam.
770 * doc/adg/Linux-PAM_ADG.xml: Update version/date.
771 * doc/mwg/Linux-PAM_MWG.xml: Likewise.
772 * doc/sag/Linux-PAM_SAG.xml: Likewise.
774 2008-03-31 Dan Walsh <dwalsh@redhat.com>
776 * modules/pam_sepermit/pam_sepermit.c(sepermit_lock): Mark lock fd to
779 2008-03-25 Leah Liu <lliu@redhat.com>
781 * po/zh_CN.po: Updated translation.
783 2008-03-20 Tomas Mraz <t8m@centrum.cz>
785 * modules/pam_namespace/pam_namespace.c(poly_name): Switch to USER
786 method only when appropriate.
787 (setup_namespace): Do not umount when not mounted with RUSER.
789 * modules/pam_selinux/pam_selinux.c(pam_sm_close_session): Call
790 freecontext() after the context is logged not before.
792 2008-03-18 Canniot Thomas <thomas.canniot@mrtomlinux.org>
794 * po/fr.po: Updated translation.
796 2008-03-13 Ankit Patel <ankit@redhat.com>
798 * po/gu.po: Updated translation.
800 2008-03-05 Tomas Mraz <t8m@centrum.cz>
802 * modules/pam_cracklib/pam_cracklib.c(pam_sm_chauthtok): Avoid
803 unnecessary x_strdup() of resp.
804 * modules/pam_ftp/pam_ftp(pam_sm_authenticate): Call _pam_overwrite()
805 before dropping password resp.
807 2008-03-03 Tomas Mraz <t8m@centrum.cz>
809 * modules/pam_selinux/pam_selinux.c: Do not translate syslog messages.
810 * po/Linux-PAM.pot: Update.
812 * libpam/pam_item.c(RESET): Rename to TRY_SET, handle strdup failure.
813 (pam_set_item): Use TRY_SET() also for PAM_AUTHTOK and PAM_OLDAUTHTOK.
814 Handle allocation failure for PAM_XAUTHDATA.
815 (pam_get_user): Return error when conversation returns NULL user.
816 Call pam_set_item() instead of RESET().
818 2008-02-26 Tomas Mraz <t8m@centrum.cz>
820 * modules/pam_unix/Makefile.am: Do not link to cracklib.
821 * modules/pam_unix/pam_unix_passwd.c(_pam_unix_approve_pass):
822 Do not call FascistCheck() from cracklib.
824 2008-02-29 Fabian Affolter <fab@fedoraproject.org>
826 * po/de.po: Updated translation.
828 2008-02-28 Piotr Drąg <piotrdrag@gmail.com>
830 * po/pl.po: Updated translation.
832 2008-02-26 Tomas Mraz <t8m@centrum.cz>
834 * po/LINUGAS: New languages added.
835 * po/es.po: Updated translations.
836 * po/fr.po: Likewise.
837 * po/it.po: Likewise.
838 * po/ja.po: Likewise.
839 * po/nl.po: Likewise.
840 * po/pl.po: Likewise.
841 * po/pt_BR.po: Likewise.
842 * po/ru.po: Likewise.
843 * po/zh_CN.po: Likewise.
844 * po/as.po: New file.
845 * po/gu.po: Likewise.
846 * po/hi.po: Likewise.
847 * po/kn.po: Likewise.
848 * po/ko.po: Likewise.
849 * po/ml.po: Likewise.
850 * po/or.po: Likewise.
851 * po/si.po: Likewise.
852 * po/ta.po: Likewise.
854 2008-02-21 Tomas Mraz <t8m@centrum.cz>
856 * libpam/pam_audit.c (_pam_audit_writelog): Silence syslog
857 message on non-error return.
859 * modules/pam_unix/unix_chkpwd.c (main): Proceed as unprivileged
860 user when checking password of another user.
861 * modules/pam_unix/unix_update.c: Fix comment.
863 2008-02-18 Dmitry V. Levin <ldv@altlinux.org>
865 * libpam/pam_handlers.c (_pam_assemble_line): Fix potential
867 * xtests/tst-pam_assemble_line1.pamd: New test for
869 * xtests/tst-pam_assemble_line1.sh: New script for
870 tst-pam_assemble_line1.
871 * xtests/Makefile.am (NOSRCTESTS): Add tst-pam_assemble_line1.
872 (EXTRA_DIST): Add tst-pam_assemble_line1.pamd and
873 tst-pam_assemble_line1.sh
875 * modules/pam_exec/pam_exec.c (call_exec): Fix asprintf return
878 2008-02-13 Thorsten Kukuk <kukuk@thkukuk.de>
880 * release version 0.99.10.0
882 * configure.in: set version number.
884 * modules/pam_rhosts/Makefile.am: Remove pam_rhosts_auth.
885 * modules/pam_rhosts/pam_rhosts_auth.c: Removed.
886 * modules/pam_rhosts/tst-pam_rhosts_auth: Removed.
888 * modules/pam_namespace/Makefile.am (noinst_HEADERS): Add
891 2008-02-13 Tomas Mraz <t8m@centrum.cz>
893 * modules/pam_namespace/Makefile.am: Add argv_parse files and namespace.d
895 * modules/pam_namespace/argv_parse.c: New file.
896 * modules/pam_namespace/argv_parse.h: New file.
897 * modules/pam_namespace/namespace.conf.5.xml: Document new features.
898 * modules/pam_namespace/pam_namespace.8.xml: Likewise.
899 * modules/pam_namespace/pam_namespace.h: Use SECURECONF_DIR define.
900 Define NAMESPACE_D_DIR and NAMESPACE_D_GLOB. Define new option flags
902 (polydir_s): Add rdir, replace exclusive with flags, add init_script,
903 owner, group, and mode.
904 (instance_data): Add ruser, gid, and ruid.
905 * modules/pam_namespace/pam_namespace.c: Remove now unused copy_ent().
906 (add_polydir_entry): Add the entry directly, no copy.
907 (del_polydir): New function.
908 (del_polydir_list): Call del_polydir().
909 (expand_variables, parse_create_params, parse_iscript_params,
910 parse_method): New functions.
911 (process_line): Call expand_variables() on polydir and instance prefix.
912 Call argv_parse() instead of strtok_r(). Allocate struct polydir_s on heap.
913 (parse_config_file): Parse .conf files from namespace.d dir after
915 (form_context): Call getcon() or get_default_context_with_level() when
916 appropriate flags are set.
917 (poly_name): Handle shared polydir flag.
918 (inst_init): Execute non-default init script when specified.
919 (create_polydir): New function.
920 (create_dirs): Remove the code which checks the polydir. Do not call
921 inst_init() when noinit flag is set.
922 (ns_setup): Check the polydir and eventually create it if the create flag
924 (setup_namespace): Use ruser uid from idata. Set the namespace polydir
925 pam data only when namespace was set up correctly. Unmount polydir
927 (get_user_data): New function.
928 (pam_sm_open_session): Check for use_current_context and
929 use_default_context options. Call get_user_data().
930 (pam_sm_close_session): Call get_user_data().
932 2008-02-06 Thorsten Kukuk <kukuk@thkukuk.de>
934 * po/de.po: Translate some more strings.
936 2008-02-05 Thorsten Kukuk <kukuk@thkukuk.de>
938 * modules/pam_unix/unix_update.c: Remove unused declarations.
940 2008-02-04 Thorsten Kukuk <kukuk@thkukuk.de>
942 * libpam/pam_static_modules.h: Add _pam_sepermit_modstruct.
943 * modules/pam_sepermit/pam_sepermit.c: Fix typo.
944 * modules/pam_sepermit/Makefile.am: Install config file only
945 if we build the module.
947 * README: Add --disable-pie to configure options for static library.
949 * doc/man/Makefile.am: Fix building outside of src directory.
951 * libpam/Makefile.am: Bump version number of libpam.
953 * modules/Makefile.am: Add pam_sepermit.
955 * doc/Makefile.am: Fix build out of source directory.
957 * po/POTFILES.in: Add pam_sepermit.c.
959 * modules/pam_exec/pam_exec.c: Set PAM environment variables and
961 * modules/pam_exec/pam_exec.8.xml: Document new behavior.
962 Patch from Julien Lecomte <julien@lecomte.at>.
964 2008-02-01 Tomas Mraz <t8m@centrum.cz>
966 * modules/pam_namespace/namespace.conf.5.xml: Add documentation for
967 tmpfs and tmpdir polyinst and for ~ user list modifier.
968 * modules/pam_namespace/namespace.init: Add documentation for the
969 new init parameter. Add home directory initialization script.
970 * modules/pam_namespace/pam_namespace.8.xml: Document the new
971 init parameter of the namespace.init script.
972 * modules/pam_namespace/pam_namespace.c(copy_ent): Copy exclusive flag.
973 (cleanup_data): New function.
974 (process_line): Set exclusive flag. Add tmpfs and tmpdir methods.
975 (ns_override): Change behavior on the exclusive flag.
976 (poly_name): Process tmpfs and tmpdir methods.
977 (inst_init): Add flag for new directory initialization.
978 (create_dirs): Process the tmpdir method, add the new directory
980 (ns_setup): Remove unused code. Process the tmpfs method.
981 (cleanup_tmpdirs): New function.
982 (setup_namespace): Set data for proper cleanup. Cleanup the tmpdirs
984 (pam_sm_close_session): Instead of parsing the config file again use
985 the previously set data for cleanup.
986 * modules/pam_namespace/pam_namespace.h: Add TMPFS and TMPDIR methods
989 2008-01-29 Tomas Mraz <t8m@centrum.cz>
991 * configure.in: Test for setkeycreatecon needs libselinux.
992 Add new module pam_sepermit.
993 * modules/Makefile.am: Add new module pam_sepermit.
994 * modules/pam_sepermit/.cvsignore: New file.
995 * modules/pam_sepermit/Makefile.am: Likewise.
996 * modules/pam_sepermit/README.xml: Likewise.
997 * modules/pam_sepermit/pam_sepermit.8.xml: Likewise.
998 * modules/pam_sepermit/pam_sepermit.c: Likewise.
999 * modules/pam_sepermit/sepermit.conf: Likewise.
1000 * modules/pam_sepermit/tst-pam_sepermit: Likewise.
1001 * doc/sag/pam_sepermit.xml: Likewise.
1003 * doc/sag/pam_tty_audit.xml: Add pam_tty_audit to SAG.
1005 2008-01-29 Miloslav Trmac <mitr@redhat.com>
1007 * modules/pam_tty_audit/README.xml: Add notes section.
1008 * modules/pam_tty_audit/pam_tty_audit.8.xml: Describe patterns
1009 support and open_only option. Add notes.
1010 * modules/pam_tty_audit/pam_tty_audit.c(pam_sm_open_session): Add
1011 support for pattern matching and the open_only option.
1013 2008-01-28 Thorsten Kukuk <kukuk@thkukuk.de>
1015 * libpam/pam_audit.c: Include pam_modutil_private.h.
1017 * libpam/pam_item.c (pam_set_item): Fix compiler warning.
1019 * libpam/pam_end.c (pam_end): Cast to correct pointer type.
1020 * libpam/include/security/_pam_macros.h (_pam_overwrite_n): Use
1023 * modules/pam_unix/passverify.c: Fix compiling without SELinux
1026 2008-01-24 Tomas Mraz <t8m@centrum.cz>
1028 * modules/pam_unix/bigcrypt.c (bigcrypt): Use crypt_r() when
1030 * modules/pam_unix/passverify.c (strip_hpux_aging): New function
1031 to strip HP/UX aging info from password hash.
1032 (verify_pwd_hash): Call strip_hpux_aging(), use crypt_r() when
1035 2008-01-23 Tomas Mraz <t8m@centrum.cz>
1037 * configure.in: Add test for crypt_r(). Add setting/disabling random
1040 * modules/pam_unix/Makefile.am: Add unix_update.8 manpage generated from
1041 XML, generate also unix_chkpwd.8 from XML.
1042 * modules/pam_unix/pam_unix_acct.c: Add rounds parameter to _set_ctrl().
1043 * modules/pam_unix/pam_unix_auth.c: Likewise.
1044 * modules/pam_unix/pam_unix_sess.c: Likewise.
1045 * modules/pam_unix/pam_unix_passwd.c: Likewise.
1046 * modules/pam_unix/support.c(_set_ctrl): Likewise.
1047 * modules/pam_unix/support.h: Likewise. Add UNIX_SHA256_PASS,
1048 UNIX_SHA512_PASS, and UNIX_ALGO_ROUNDS ctrls.
1049 (pam_sm_chauthtok): Refactor out new password encryption.
1050 * modules/pam_unix/passverify.c(crypt_make_salt): New function.
1051 (crypt_md5_wrapper): Call crypt_make_salt().
1052 (create_password_hash): New function refactored out of
1053 pam_sm_chauthtok(). Support for new password hashes.
1054 * modules/pam_unix/passverify.h: Drop ascii_to_bin() and bin_to_ascii()
1055 macros. Add prototype for create_password_hash().
1056 * modules/pam_unix/unix_update.8.xml: New file.
1057 * modules/pam_unix/unix_chkpwd.8.xml: Likewise.
1059 * modules/pam_unix/Makefile.am: Add unix_update helper.
1060 * modules/pam_unix/pam_unix_passwd.c: Move functions i64c(),
1061 crypt_md5_wrapper(), save_old_password(), _update_passwd() and
1062 _update_shadow() to passverify.c file. Rename _unix_run_shadow_binary()
1063 to _unix_run_update_binary(), which also verifies old password and
1065 (_do_setpass, pam_sm_chauthtok): lckpwdf()->lock_pwdf(), the same for unlock.
1066 Call _unix_run_update_binary() appropriately.
1067 _update_passwd()->unix_update_passwd(), the same for shadow.
1068 * modules/pam_unix/passverify.c: Add new functions moved from
1069 pam_unix_passwd.c and unix_chkpwd.c.
1070 * modules/pam_unix/passverify.h: Likewise.
1071 * modules/pam_unix/unix_chkpwd.c: Remove SELinux checks. Move
1072 su_sighandler(), setup_signals(), getuidname() to passverify.c.
1073 (main): Remove 'shadow' option. Refactor out read_passwords() and
1074 call it. More strict checking how the binary is called.
1075 * modules/pam_unix/unix_update.c: New helper binary - non-setuid,
1076 called from SELinux confined apps only.
1078 * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Return
1079 status and daysleft instead of fake shadow entry.
1080 (pam_sm_acct_mgmt): Call _unix_run_verify_binary() appropriately.
1081 * modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Call
1082 get_account_info() and check_shadow_expiry().
1083 * modules/pam_unix/support.h: Adjust _unix_run_verify_binary()
1085 * modules/pam_unix/support.c (_unix_run_helper_binary): Remove check
1086 on selinux enabled/disabled.
1087 * modules/pam_unix/unix_chkpwd.c (_verify_account): Rename to
1088 _check_expiry(), now checks shadow expiry info.
1089 (main): Remove check on selinux enabled/disabled. Check shadow
1090 expiry through _check_expiry().
1092 * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Call
1093 get_account_info() and check_shadow_expiry().
1094 * modules/pam_unix/passverify.c: Add get_account_info() to
1095 obtain shadow and passwd entry. Add check_shadow_expiry() to
1096 for shadow password expiry check.
1097 (get_pwd_hash): Call get_account_info().
1098 * modules/pam_unix/passverify.h: Add prototypes for get_account_info()
1099 and check_shadow_expiry().
1101 2008-01-08 Thorsten Kukuk <kukuk@thkukuk.de>
1103 * doc/man/Makefile.am: Fix manual page dependencies,
1104 add hack for bug in xsl stylestheets.
1106 2008-01-07 Thorsten Kukuk <kukuk@thkukuk.de>
1108 * po/it.po: Fix typos.
1109 * po/de.po: Few new translations.
1110 * po/POTFILES.in: Add pam_tty_audit.c and passverify.c.
1111 * doc/man/pam_xauth_data.3.xml: Added to CVS.
1112 * doc/man/pam_xauth_data.3: Likewise.
1113 * modules/pam_tty_audit/README: Likewise.
1114 * modules/pam_tty_audit/pam_tty_audit.8: Likewise.
1115 * po/sv.po: Update swedish translation [#1857531].
1116 * modules/pam_succeed_if/pam_succeed_if.8.xml: Fix
1117 cut & paste error [#1863490].
1119 2008-01-02 Petteri Räty <betelgeuse@gentoo.org>
1120 * modules/pam_limits/limits.conf: document allowed values for
1122 * modules/pam_limits/limits.conf.5.xml: Likewise.
1124 2007-12-18 Thorsten Kukuk <kukuk@thkukuk.de>
1126 * README: Document how to run make check with static modules
1129 2007-12-18 Peter Breitenlohner <peb@mppmu.mpg.de>
1130 * README: Document that "make check" requires a file
1131 /etc/pam.d/other (SF#1822764).
1133 2007-12-12 Eamon Walsh <ewalsh@tycho.nsa.gov>
1135 * doc/man/pam_item_types_ext.inc.xml: More appropriate wording
1136 for PAM_XDISPLAY doc.
1138 2007-12-07 Tomas Mraz <t8m@centrum.cz>
1140 * po/cs.po: Updated translations.
1142 * libpam/libpam.map: Add LIBPAM_MODUTIL_1.1 version.
1143 * libpam/pam_audit.c: Add _pam_audit_open() and
1144 pam_modutil_audit_write().
1145 (_pam_auditlog): Call _pam_audit_open().
1146 * libpam/include/security/pam_modutil.h: Add pam_modutil_audit_write().
1147 * modules/pam_access/pam_access.8.xml: Add noaudit option.
1149 * modules/pam_access/pam_access.c: Move fs, sep, pam_access_debug, and
1150 only_new_group_syntax variables to struct login_info. Add noaudit
1152 (_parse_args): Adjust for the move of variables and add support for
1154 (group_match): Add debug parameter.
1155 (string_match): Likewise.
1156 (network_netmask_match): Likewise.
1157 (login_access): Adjust for the move of variables. Add nonall_match.
1158 Add call to pam_modutil_audit_write().
1159 (list_match): Adjust for the move of variables.
1160 (user_match): Likewise.
1161 (from_match): Likewise.
1162 (pam_sm_authenticate): Call _parse_args() earlier.
1163 * modules/pam_limits/pam_limits.8.xml: Add noaudit option.
1165 * modules/pam_limits/pam_limits.c (_pam_parse): Add noaudit option.
1166 (setup_limits): Call pam_modutil_audit_write().
1167 * modules/pam_time/pam_time.8.xml: Add debug and noaudit options.
1169 * modules/pam_time/pam_time.c: Add option parsing (_pam_parse()).
1170 (check_account): Call _pam_parse(). Call pam_modutil_audit_write()
1171 and pam_syslog() on login denials.
1173 2007-12-07 Luca Bruno <luca.br@uno.it>
1175 * po/it.po: Updated translations.
1177 2007-12-06 Eamon Walsh <ewalsh@tycho.nsa.gov>
1179 * libpam/include/security/_pam_macros.h: Add _pam_overwrite_n()
1181 * libpam/include/security/_pam_types.h: Add PAM_XDISPLAY,
1182 PAM_XAUTHDATA items, pam_xauth_data struct.
1183 * libpam/pam_item.c (pam_set_item, pam_get_item): Handle
1184 PAM_XDISPLAY and PAM_XAUTHDATA items.
1185 * libpam/pam_end.c (pam_end): Destroy the new items.
1186 * libpam/pam_private.h (pam_handle): Add data members for new
1187 items. Add prototype for _pam_memdup.
1188 * libpam/pam_misc.c: Add _pam_memdup.
1189 * doc/man/Makefile.am: Add pam_xauth_data.3. Replace
1190 pam_item_types.inc.xml with pam_item_types_std.inc.xml and
1191 pam_item_types_ext.inc.xml.
1192 * doc/man/pam_get_item.3.xml: Replace pam_item_types.inc.xml
1193 with pam_item_types_std.inc.xml and pam_item_types_ext.inc.xml.
1194 * doc/man/pam_set_item.3.xml: Likewise.
1195 * doc/man/pam_item_types.inc.xml: Removed file.
1196 * doc/man/pam_item_types_ext.inc.xml: New file.
1197 * doc/man/pam_item_types_std.inc.xml: New file.
1199 2007-12-06 Tomas Mraz <t8m@centrum.cz>
1201 * modules/pam_tty_audit/pam_tty_audit.8.xml: Fix example.
1203 2007-12-05 Miloslav Trmac <mitr@redhat.com>
1205 * configure.in: Add test for audit_tty_status struct. Add
1206 pam_tty_audit module.
1207 * libpam/pam_static_modules.h: Add pam_tty_audit module.
1208 * modules/pam_tty_audit/Makefile.am: New file.
1209 * modules/pam_tty_audit/README.xml: Likewise.
1210 * modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise.
1211 * modules/pam_tty_audit/pam_tty_audit.c: Likewise.
1213 2007-12-05 Tomas Mraz <t8m@centrum.cz>
1215 * modules/pam_unix/Makefile.am: Add passverify.h and passverify.c
1216 as first part of pam_unix refactorization.
1217 * modules/pam_unix/pam_unix/pam_unix_acct.c: Include passverify.h.
1218 * modules/pam_unix/pam_unix_passwd.c: Likewise.
1219 * modules/pam_unix/passverify.c: New file with common functions.
1220 * modules/pam_unix/passverify.h: Prototypes for the common functions.
1221 * modules/pam_unix/support.c: Include passverify.h, move
1222 _unix_shadowed() to passverify.c.
1223 (_unix_verify_password): Refactor out verify_pwd_hash() function.
1224 * modules/pam_unix/support.h: Move _unix_shadowed() prototype to
1226 * modules/pam_unix/unix_chkpwd.c: Use _unix_shadowed() and
1227 verify_pwd_hash() from passverify.c.
1229 2007-11-20 Thorsten Kukuk <kukuk@thkukuk.de>
1231 * modules/pam_unix/Makefile.am (unix_chkpwd_LDADD): Don't link
1232 unix_chkpwd unnecessary against libpam (#1822779).
1234 * modules/pam_tally/pam_tally.c (tally_log): Map
1235 pam_modutil_getpwnam to getpwnam if we don't compile
1237 * modules/pam_tally/Makefile.am: Don't link pam_tally_app
1238 against libpam (#1822779).
1240 2007-11-06 Thorsten Kukuk <kukuk@thkukuk.de>
1242 * xtests/tst-pam_group1.c: Include stdlib.h
1243 * xtests/tst-pam_succeed_if1.c: Likewise.
1244 * xtests/tst-pam_limits1.c: Likewise.
1245 * xtests/tst-pam_access1.c: Likewise.
1246 * xtests/tst-pam_access2.c: Likewise.
1247 * xtests/tst-pam_access3.c: Likewise.
1248 * xtests/tst-pam_access4.c: Likewise.
1249 * xtests/tst-pam_unix1.c: Likewise.
1250 * xtests/tst-pam_unix2.c: Likewise.
1251 * xtests/tst-pam_unix3.c: Likewise.
1252 * xtests/tst-pam_cracklib1.c: Likewise.
1253 * xtests/tst-pam_cracklib2.c: Likewise.
1255 * libpam/pam_static_modules.h: Fix name of pam_namespace variable.
1257 2007-11-01 Peter Breitenlohner <peb@mppmu.mpg.de>
1259 * doc/man/pam_conv.3.xml: Correct typo.
1261 2007-10-30 Peter Breitenlohner <peb@mppmu.mpg.de>
1263 * modules/pam_rhosts/pam_rhosts_auth.c (__icheckhost): Correct
1264 misplaced parenthesis.
1265 * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Prevent use of
1266 dngettext() when NLS is disabled.
1267 * modules/pam_exec/pam_exec.c (call_exec): Avoid gcc warning.
1268 * doc/specs/parse_y.y (set_label, new_counter): Break trigraphs to
1270 * modules/pam_wheel/pam_wheel.c: Remove excessive initializer
1273 * modules/pam_cracklib/pam_cracklib.8.xml: Correct typo.
1274 * modules/pam_limits/limits.conf.5.xml: Likewise.
1275 * modules/pam_listfile/pam_listfile.8.xml: Likewise.
1276 * modules/pam_xauth/pam_xauth.8.xml: Likewise.
1278 * modules/pam_deny/pam_deny.8.xml: Correct spelling.
1279 * modules/pam_group/pam_group.8.xml: Likewise.
1280 * modules/pam_permit/pam_permit.8.xml: Likewise.
1281 * modules/pam_shells/pam_shells.8.xml: Likewise.
1282 * modules/pam_time/pam_time.8.xml: Likewise.
1283 * modules/pam_warn/pam_warn.8.xml: Likewise.
1285 * tests/tst-dlopen.c: Return 77 in case of static modules, such that
1286 all modules/pam_*/tst-pam_* tests yield SKIP instead of FAIL.
1287 * libpam/Makefile.am (libpam_la_LIBADD): Use "$(shell ls ...)" instead
1288 of "`ls ...`", to allow for static modules.
1289 * libpam/pam_static_modules.h: Make pam_keyinit module depend on
1290 HAVE_KEY_MANAGEMENT; correct name of pam_faildelay pam_module struct.
1291 * modules/pam_faildelay/pam_faildelay.c: Correct name of pam_module
1294 2007-10-25 Steve Langasek <vorlon@debian.org>
1296 * modules/pam_tally/pam_tally.c: fix the definition of OPT_AUDIT
1297 to be octal instead of decimal, so that it works properly in a
1298 bit field instead of forcing the "even_deny_root_account" and
1299 "no_reset" options to on.
1300 Patch from Corey Wright <undefined@pobox.com>.
1302 2007-10-19 Tomas Mraz <t8m@centrum.cz>
1304 * xtests/tst-pam_access1.c: Use different name for user and group.
1305 * xtests/tst-pam_access1.sh: Likewise.
1306 * xtests/tst-pam_access2.c: Likewise.
1307 * xtests/tst-pam_access2.sh: Likewise.
1308 * xtests/tst-pam_access4.c: Likewise.
1309 * xtests/tst-pam_access4.sh: Likewise.
1310 * xtests/group.conf: Likewise.
1311 * xtests/tst-pam_group1.c: Likewise.
1312 * xtests/tst-pam_group1.sh: Likewise.
1314 * libpam/pam_dispatch.c (_pam_dispatch_aux): Save states for substacks,
1315 record substack level, skip over virtual substack modules, implement
1316 evaluation of done, die, reset and jumps in substacks. Also fixes
1317 too far jumps in substacks.
1318 * libpam/pam_end.c (pam_end): Drop substack evaluation states.
1319 * libpam/pam_handlers.c (_pam_parse_conf_file): Add substack level
1320 parameter, instead of must_fail use handler_type needed for virtual
1322 (_pam_load_conf_file): Add substack level parameter.
1323 (_pam_init_handlers): Substack level parameter added to
1324 _pam_parse_conf_file() calls.
1325 (_pam_load_module): New function.
1326 (_pam_add_handler): Refactor code into the _pam_load_module(). Add
1327 support for virtual substack modules.
1328 * libpam/pam_private.h: Rename must_fail to handler_type, add stack_level
1329 to struct handler. Define handler type constants. Add struct
1330 for substack evaluation states. Define constant for maximum
1331 substack level. Add substack states pointer to former state struct.
1332 * libpam/pam_start.c (pam_start): Initialize pointer to substack states.
1333 * doc/man/pam.conf-syntax.xml: Document substack control.
1334 * xtests/Makefile.am: Add new tests for substack evaluation.
1335 * xtests/run_xtests.sh: Support multiple .pamd files in a test.
1336 * xtests/tst-pam_authfail.pamd: New tests for substack evaluation.
1337 * xtests/tst-pam_authsucceed.pamd: Likewise.
1338 * xtests/tst-pam_substack1.pamd: Likewise.
1339 * xtests/tst-pam_substack1a.pamd: Likewise.
1340 * xtests/tst-pam_substack1.sh: Likewise.
1341 * xtests/tst-pam_substack2.pamd: Likewise.
1342 * xtests/tst-pam_substack2a.pamd: Likewise.
1343 * xtests/tst-pam_substack2.sh: Likewise.
1344 * xtests/tst-pam_substack3.pamd: Likewise.
1345 * xtests/tst-pam_substack3a.pamd: Likewise.
1346 * xtests/tst-pam_substack3.sh: Likewise.
1347 * xtests/tst-pam_substack4.pamd: Likewise.
1348 * xtests/tst-pam_substack4a.pamd: Likewise.
1349 * xtests/tst-pam_substack4.sh: Likewise.
1350 * xtests/tst-pam_substack5.pamd: Likewise.
1351 * xtests/tst-pam_substack5a.pamd: Likewise.
1352 * xtests/tst-pam_substack5.sh: Likewise.
1354 2007-10-18 Tomas Mraz <t8m@centrum.cz>
1356 * xtests/tst-pam_dispatch4.c: Fix comment about the test.
1357 * xtests/tst-pam_dispatch4.pamd: Improve the testcase.
1358 * xtests/tst-pam_cracklib2.c: Make the testcase more robust.
1360 2007-10-12 Thorsten Kukuk <kukuk@thkukuk.de>
1362 * xtests/Makefile.am: Add tst-pam_dispatch5 sources
1363 * xtests/tst-pam_dispatch5.c: New test for jump too far.
1364 * xtests/tst-pam_dispatch5.pamd: New test configuration.
1366 2007-10-09 Tomas Mraz <t8m@centrum.cz>
1368 * modules/pam_tally/pam_tally.8.xml: Document audit option
1371 2007-10-09 Thorsten Kukuk <kukuk@thkukuk.de>
1373 * release version 0.99.9.0
1375 * configure.in: Increase vesion number.
1377 * libpam/Makefile.am: Increase release number.
1378 * libpam_misc/Makefile.am: Increase release number.
1380 * po/*.po: Regenerate.
1382 2007-10-08 Thorsten Kukuk <kukuk@thkukuk.de>
1384 * modules/pam_time/pam_time.c (is_same): Length of strings without
1385 wildcard needs to be the same.
1386 * modules/pam_group/pam_group.c (is_same): Likewise.
1388 2007-10-01 Thorsten Kukuk <kukuk@thkukuk.de>
1390 * xtests/tst-pam_group1.c: New test case for user compare in pam_group.
1391 * xtests/tst-pam_group1.sh: Script to run test case.
1392 * xtests/tst-pam_group1.pamd: Config for test case.
1393 * xtests/Makefile.am: Add tst-pam_group1 test case.
1394 * xtests/run-xtests.sh: Save/restore group.conf.
1395 * xtests/group.conf: New.
1397 * modules/pam_xauth/pam_xauth.c (pam_sm_open_session): Don't
1398 free arguments used for putenv().
1400 * doc/man/pam_putenv.3.xml: Document that application has to free
1403 2007-09-27 Tomas Mraz <t8m@centrum.cz>
1405 * modules/pam_succeed_if/pam_succeed_if.c (evaluate_inlist): Fix in
1406 operator rhbz #295151.
1407 * modules/pam_namespace/pam_namespace.c (poly_name): Do not try to
1408 get context when SELinux is disabled.
1410 2007-09-27 Thorsten Kukuk <kukuk@thkukuk.de>
1412 * xtests/tst-pam_succeed_if1.c: New test case for
1413 https://bugzilla.redhat.com/show_bug.cgi?id=295151
1414 * xtests/tst-pam_succeed_if1.sh: Script to run test case.
1415 * xtests/tst-pam_succeed_if1.pamd: Config for test case.
1416 * xtests/Makefile.am: Add tst-pam_succeed_if1 test case.
1418 * xtests/run-xtests.sh: Add support to skip tests.
1419 * xtests/tst-pam_limits1.c: Skip test if RLIMIT_NICE is not
1422 2007-09-03 Steve Langasek <vorlon@debian.org>
1424 * modules/pam_limits/pam_limits.c: remove a number of unnecessary
1425 string manipulations, including a strncpy() that was acting on
1428 * libpam_misc/misc_conv.c: don't block SIGINT in misc_conv; it's
1429 perfectly valid to allow the user to interrupt at a prompt. If
1430 an application wants prompts to not be interruptable, the
1431 application should take responsibility for blocking SIGINT.
1433 2007-09-02 Thorsten Kukuk <kukuk@thkukuk.de>
1435 * examples/Makefile.am: Fix usage of LIBADD, LDADD and LDFLAGS.
1436 * libpam/Makefile.am: Likewise.
1437 * modules/pam_access/Makefile.am: Likewise.
1438 * modules/pam_cracklib/Makefile.am: Likewise.
1439 * modules/pam_debug/Makefile.am: Likewise.
1440 * modules/pam_deny/Makefile.am: Likewise.
1441 * modules/pam_echo/Makefile.am: Likewise.
1442 * modules/pam_env/Makefile.am: Likewise.
1443 * modules/pam_exec/Makefile.am: Likewise.
1444 * modules/pam_faildelay/Makefile.am: Likewise.
1445 * modules/pam_filter/Makefile.am: Likewise.
1446 * modules/pam_filter/upperLOWER/Makefile.am: Likewise.
1447 * modules/pam_ftp/Makefile.am: Likewise.
1448 * modules/pam_group/Makefile.am: Likewise.
1449 * modules/pam_issue/Makefile.am: Likewise.
1450 * modules/pam_keyinit/Makefile.am: Likewise.
1451 * modules/pam_lastlog/Makefile.am: Likewise.
1452 * modules/pam_limits/Makefile.am: Likewise.
1453 * modules/pam_listfile/Makefile.am: Likewise.
1454 * modules/pam_localuser/Makefile.am: Likewise.
1455 * modules/pam_loginuid/Makefile.am: Likewise.
1456 * modules/pam_mail/Makefile.am: Likewise.
1457 * modules/pam_mkhomedir/Makefile.am: Likewise.
1458 * modules/pam_motd/Makefile.am: Likewise.
1459 * modules/pam_namespace/Makefile.am: Likewise.
1460 * modules/pam_nologin/Makefile.am: Likewise.
1461 * modules/pam_permit/Makefile.am: Likewise.
1462 * modules/pam_rhosts/Makefile.am: Likewise.
1463 * modules/pam_rootok/Makefile.am: Likewise.
1464 * modules/pam_securetty/Makefile.am: Likewise.
1465 * modules/pam_selinux/Makefile.am: Likewise.
1466 * modules/pam_shells/Makefile.am: Likewise.
1467 * modules/pam_stress/Makefile.am: Likewise.
1468 * modules/pam_succeed_if/Makefile.am: Likewise.
1469 * modules/pam_tally/Makefile.am: Likewise.
1470 * modules/pam_time/Makefile.am: Likewise.
1471 * modules/pam_umask/Makefile.am: Likewise.
1472 * modules/pam_unix/Makefile.am: Likewise.
1473 * tests/Makefile.am: Likewise.
1475 2007-08-31 Steve Langasek <vorlon@debian.org>
1477 * modules/pam_group/group.conf: don't use "games" as an example
1478 group, on some distros this is a pre-existing group that it would
1479 be a security hole to give users access to.
1481 2007-08-30 Thorsten Kukuk <kukuk@thkukuk.de>
1483 * modules/pam_limits/limits.conf.5.xml: Document that maxlogins
1484 is ignored for users with UID 0.
1486 2007-08-30 Steve Langasek <vorlon@debian.org>
1488 * modules/pam_unix/support.c, modules/pam_unix/unix_chkpwd.c:
1489 A wrong username doesn't need to be logged at LOG_ALERT;
1490 LOG_WARNING should be sufficient.
1491 Patch from Sam Hartman <hartmans@debian.org>.
1493 * modules/pam_cracklib/pam_cracklib.c:
1494 s/CRACKLIB_DICT/CRACKLIB_DICTS/, for consistency with existing
1497 2007-08-29 Steve Langasek <vorlon@debian.org>
1499 * libpam/pam_modutil_getgrgid.c, libpam/pam_modutil_getgrnam.c,
1500 libpam/pam_modutil_getpwnam.c, libpam/pam_modutil_getpwuid.c,
1501 libpam/pam_modutil_getspnam.c: don't use pthread mutexes in libpam
1502 unnecessarily; this avoids linking problems on non-Linux
1505 * modules/pam_listfile/pam_listfile.c, modules/pam_listfile/README,
1506 modules/pam_listfile/pam_listfile.8,
1507 modules/pam_listfile/pam_listfile.8.xml: add a 'quiet' option to
1508 avoid logging errors any time a user is refused service by this
1511 2007-08-29 Thorsten Kukuk <kukuk@thkukuk.de>
1513 * modules/pam_rhosts/pam_rhosts_auth.c: buflen needs to be size_t.
1514 (__icheckhost): Cast to int32_t to fix limited range error.
1516 * modules/pam_cracklib/pam_cracklib.c: Mark cracklib_dictpath
1519 2007-08-29 Steve Langasek <vorlon@debian.org>
1521 * modules/pam_rhosts/pam_rhosts_auth.c: getline returns -1 at
1522 EOF, not 0. Check accordingly to fix an infinite loop. Thanks
1523 to Stephan Springl <springl-rhosts@bfw-online.de> for catching
1526 2007-08-28 Steve Langasek <vorlon@debian.org>
1528 * configure.in: call AC_CHECK_HEADERS instead of AC_CHECK_HEADER
1529 for crack.h, so we get a HAVE_CRACK_H define.
1530 * modules/pam_cracklib/pam_cracklib.c: don't copy around the
1531 cracklib dictpath into a fixed-width buffer, when we can just
1532 point at the existing strings; and allow users to override the
1533 default cracklib path with -DCRACKLIB_DICT, required for
1534 compatibility with cracklib 2.7.
1536 2007-08-27 Steve Langasek <vorlon@debian.org>
1538 * modules/pam_limits/pam_limits.c: when building on non-Linux
1539 systems, give a warning only, not an error; no one seems to
1540 remember why this error was here in the first place, but leave
1541 something in that might still grab the attention of non-Linux
1543 Patch from Michal Suchanek <hramrach_l@centrum.cz>.
1544 * configure.in, modules/pam_rhosts/pam_rhosts_auth.c: check for
1545 the presence of net/if.h before using, required for Hurd
1547 Patch from Igor Khavkine <i_khavki@alcor.concordia.ca>.
1548 * modules/pam_limits/pam_limits.c: conditionalize the use of
1549 RLIMIT_AS, which is not present on the Hurd.
1550 Patch from Igor Khavkine <i_khavki@alcor.concordia.ca>.
1551 * modules/pam_rhosts/pam_rhosts_auth.c: use getline() instead of
1552 a static buffer when available; fixes the build on systems
1553 without MAXHOSTNAMELEN (i.e., the Hurd).
1554 * modules/pam_xauth/pam_xauth.c: make sure PATH_MAX is defined
1557 2007-08-26 Andrew Morgan <morgan@kernel.org>
1559 * doc/man/pam.conf-syntax.xml
1560 Minor fixes: '\[' -> '\]'.
1562 2007-08-25 Steve Langasek <vorlon@debian.org>
1564 * doc/man/pam.conf-syntax.xml, doc/man/pam.conf.5:
1565 Document "new" control options conv_again and incomplete, supported
1566 in pam.d's extended syntax.
1567 Patch from Ben Collins <bcollins@debian.org>.
1569 2007-08-15 Tomas Mraz <t8m@centrum.cz>
1571 * modules/pam_access/pam_access.c (list_match): Add explicit
1572 sptr argument for strtok_r, otherwise the code is not portable.
1574 2007-08-13 Olivier Blin <blino@mandriva.com>
1576 * doc/man/pam.3.xml: Fix typo.
1577 * doc/man/pam.3: Likewise.
1578 * doc/man/pam_end.3.xml: Likewise.
1579 * doc/man/pam_end.3: Likewise.
1581 2007-07-18 Thorsten Kukuk <kukuk@thkukuk.de>
1583 * release version 0.99.8.1
1585 * libpam/pam_audit.c: Include unistd.h for getuid().
1586 * libpam/Makefile.am: Bump version number.
1588 2007-07-12 Thorsten Kukuk <kukuk@thkukuk.de>
1590 * libpam/pam_audit.c (_pam_audit_writelog): Don't return
1591 error if application runs as normal user. Fixes regression
1592 introduced with last change.
1594 2007-07-10 Thorsten Kukuk <kukuk@thkukuk.de>
1596 * configure.in: Add --with-db-uniquename option to support
1597 db libraries and functions with unique name extension.
1598 Patch from Diego 'Flameeyes' Pettenò <flameeyes@gmail.com>.
1600 * modules/pam_limits/pam_limits.c: Include locale.h.
1602 2007-07-06 Thorsten Kukuk <kukuk@thkukuk.de>
1604 * release version 0.99.8.0
1606 * configure.in: Check for audit_log_acct_message instead of
1607 audit_log_user_message.
1608 * libpam/pam_audit.c: Use audit_log_acct_message.
1609 Based on patch from Mark J Cox <mjc@redhat.com>.
1610 * libpam/Makefile.am: Bump version number of libpam.
1612 * modules/pam_umask/pam_umask.c (set_umask): mode_t is 32bit,
1615 * xtests/tst-pam_limits1.c: Fix printf arguments.
1617 * po/*.po: Merge po files with latest code changes.
1619 2007-06-26 Thorsten Kukuk <kukuk@thkukuk.de>
1621 * modules/pam_limits/pam_limits.c (process_limit): Check upper and
1622 lower limit of nice value, fix off-by-one in conversation to rlim_t.
1623 * xtests/Makefile.am: Add new pam_limits test case.
1624 * xtests/limits.conf: New, config file for test case.
1625 * xtests/pam_limits1.c: New, test case for RLIMIT_NICE.
1626 * xtests/pam_limits1.sh: Likewise.
1627 * xtests/pam_limits1.pamd: Likewise.
1629 2007-06-25 Thorsten Kukuk <kukuk@thkukuk.de>
1631 * modules/pam_access/pam_access.c (list_match): Use saveptr of strtok_r
1632 result for recursive calls.
1633 * xtests/Makefile.am: Add new pam_access test cases.
1634 * xtests/pam_access1.c: New test case.
1635 * xtests/pam_access2.c: Likewise.
1636 * xtests/pam_access3.c: Likewise.
1637 * xtests/pam_access4.c: Likewise.
1638 * xtests/pam_access1.sh: Wrapper to create user accounts.
1639 * xtests/pam_access2.sh: Likewise.
1640 * xtests/pam_access3.sh: Likewise.
1641 * xtests/pam_access4.sh: Likewise.
1642 * xtests/pam_access1.pamd: PAM config file for pam_access tests.
1643 * xtests/pam_access2.pamd: Likewise.
1644 * xtests/pam_access3.pamd: Likewise.
1645 * xtests/pam_access4.pamd: Likewise.
1646 * xtests/access.conf: Config file for pam_access tests.
1647 * xtests/run-tests.sh: Install access.conf into system.
1649 2007-06-22 Thorsten Kukuk <kukuk@thkukuk.de>
1651 * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Print
1652 better error message if /proc/self/loginuid cannot be opened.
1654 * modules/pam_limits/pam_limits.c (process_limit): Check for
1655 variable overflow after multiplication [bnc#283001].
1657 * modules/pam_access/pam_access.c: Add new syntax for groups
1658 in access.conf to differentiate group names from account names.
1659 Based on patch from Julien Lecomte <julien@famille-lecomte.net>,
1660 solves feature request [#411390].
1661 * modules/pam_access/access.conf: Add example for new group
1663 * modules/pam_access/access.conf.5.xml: Document new syntax.
1665 2007-06-20 Thorsten Kukuk <kukuk@thkukuk.de>
1667 * modules/pam_cracklib/pam_cracklib.8.xml: Document new minclass
1669 * modules/pam_cracklib/pam_cracklib.c: Add support for minimum
1670 character classes [#1688777]. Based on patch from Keith Schincke.
1672 * xtests/tst-pam_cracklib2.c: New, test case for minclass option.
1673 * xtests/tst-pam_cracklib2.pamd: New, PAM config file for test case.
1674 * xtests/Makefile.am: Add new testcase.
1676 * xtests/pam_cracklib.c: Fix comment what this application tests.
1678 * configure.in: Use /lib64 on x86-64, ppc64, s390x, sparc64
1680 2007-06-15 Tomas Mraz <t8m@centrum.cz>
1682 * modules/pam_selinux/pam_selinux.8.xml: Remove multiple option,
1683 add select_context and use_current_range options.
1684 * modules/pam_selinux/pam_selinux.c (send_audit_message): Added
1685 function for auditing role/level changes.
1686 (query_response): Add default response.
1687 (select_context): Removed.
1688 (manual_context): Query only role and level.
1689 (mls_range_allowed): Added function for range check.
1690 (config_context): Added function for role and level override.
1691 (pam_sm_open_session): Remove multiple option, add select_context
1692 and use_current_range_options. Use getseuserbyname to obtain
1693 SELinux user and level. Audit role/level changes. Call setkeycreatecon
1694 to assign key creation context. Don't fail on errors when SELinux
1695 is not in enforcing mode.
1696 * configure.in: Check for setkeycreatecon().
1698 * modules/pam_namespace/README.xml: Avoid duplication of
1700 * modules/pam_namespace/namespace.conf: More real life example
1702 * modules/pam_namespace/namespace.conf.5.xml: Likewise plus
1703 properly describe how instance directory names are formed.
1704 * modules/pam_namespace/namespace.init: Preserve euid when
1705 called from setuid apps (su, newrole).
1706 * modules/pam_namespace/pam_namespace.8.xml: Added option
1707 no_unmount_on_close.
1708 * modules/pam_namespace/pam_namespace.c (process_line): Polyinst
1709 methods are now user, level and context. Fix crash on unknown
1710 override user in config file.
1711 (ns_override): Add explicit uid parameter.
1712 (form_context): Skip for user method. Implement level based
1714 (poly_name): Initialize contexts. Add level based polyinst,
1715 remove 'both' metod. Use raw contexts for instance names,
1716 truncate long instance names and add hash.
1717 (ns_setup): Hashing moved to poly_name().
1718 (setup_namespace): Handle correctly override users for
1719 su (when unmnt_remnt is used).
1720 (pam_sm_close_session): Added no_unmount_on_close option.
1721 * modules/pam_namespace/pam_namespace.h: Added
1722 no_unmount_on_close_option, level method, limit on instance
1723 directory name length.
1725 2007-05-04 Thorsten Kukuk <kukuk@suse.de>
1727 * xtests/run-xtests.sh: Use SRCDIR to find PAM config files.
1728 * xtests/Makefile.am: Call run-xtests.sh with srcdir as first
1730 Based on patch by Bernard Leak <thisisnotapipe@hotmail.com>.
1732 2007-04-30 Thorsten Kukuk <kukuk@thkukuk.de>
1734 * modules/pam_limits/limits.conf: Address space limit is KB.
1735 * modules/pam_limits/limits.conf.5.xml: Likewise.
1736 Reported by Thomas Vander Stichele <thomas@apestaart.org>.
1738 * modules/pam_mail/pam_mail.c (_do_mail): Remove duplicate
1739 check for PAM_SILENT and don't bail out if it is set [#1706247].
1741 2007-03-29 Tomas Mraz <t8m@centrum.cz>
1743 * modules/pam_access/pam_access.c (login_access, list_match):
1744 Replace strtok with strtok_r.
1745 * modules/pam_cracklib/pam_cracklib.c (check_old_password):
1747 * modules/pam_ftp/pam_ftp.c (lookup, pam_authenticate):
1749 * modules/pam_unix/pam_unix_passwd.c (check_old_password,
1750 save_old_password): Likewise.
1752 * modules/pam_limits/Makefile.am: Define limits.d dir and install it.
1753 * modules/pam_limits/pam_limits.8.xml: Describe limits.d parsing.
1754 * modules/pam_limits/pam_limits.c (pam_limit_s): Make conf_file ptr.
1755 (pam_parse): conf_file is now ptr.
1756 (pam_sm_open_session): Add parsing files from limits.d subdir using
1757 glob, change pl to pointer.
1759 2007-03-12 Thorsten Kukuk <kukuk@thkukuk.de>
1761 * po/ar.po: New translation.
1762 * po/ca.po: Likewise.
1763 * po/da.po: Likewise.
1764 * po/ru.po: Likewise.
1765 * po/sv.po: Likewise.
1766 * po/zu.po: Likewise.
1767 * po/LINGUAS: Add ar, ca, da, ru, sv, zu
1769 * po/hu.po: Update translation.
1771 2007-02-21 Tomas Mraz <t8m@centrum.cz>
1773 * modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Test for
1774 allocation failure in bigcrypt().
1776 * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Allow
1777 modification of '*' password by root.
1779 2007-02-06 Tomas Mraz <t8m@centrum.cz>
1781 * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Remove
1782 debug syslog message when loginuid doesn't exist.
1784 2007-02-01 Tomas Mraz <t8m@centrum.cz>
1786 * xtests/tst-pam_unix3.c: Fix typos in comments.
1788 * modules/pam_unix/support.c (_unix_verify_password): Explicitly
1789 disallow '!' in the beginning of password hash. Treat only
1790 13 bytes password hash specifically. (Suggested by Solar Designer.)
1791 Fix a warning and test for allocation failure.
1792 * modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Likewise.
1794 2007-01-31 Thorsten Kukuk <kukuk@thkukuk.de>
1796 * xtests/Makefile.am: Add new pam_unix.so tests
1797 * xtests/run-xtests.sh: Prefer shell scripts (wrapper)
1799 * xtests/tst-pam_cracklib1.c: Fix typo.
1800 * xtests/tst-pam_unix1.c: New, for sucurity fix.
1801 * xtests/tst-pam_unix1.pamd: New.
1802 * xtests/tst-pam_unix1.sh: New.
1803 * xtests/tst-pam_unix2.c: New, for crypt checks.
1804 * xtests/tst-pam_unix2.pamd: New.
1805 * xtests/tst-pam_unix2.sh: New.
1806 * xtests/tst-pam_unix3.c: New, for bigcrypt checks.
1807 * xtests/tst-pam_unix3.pamd: New.
1808 * xtests/tst-pam_unix3.sh: New.
1810 2007-01-23 Thorsten Kukuk <kukuk@suse.de>
1814 * configure.in: Set version number to 0.99.7.1
1816 2007-01-23 Thorsten Kukuk <kukuk@thukuk.de>
1817 Tomas Mraz <t8m@centrum.cz>
1819 * modules/pam_unix/support.c (_unix_verify_password): Always
1820 compare full encrypted passwords (CVE-2007-0003).
1822 2007-01-23 Tomas Mraz <t8m@centrum.cz>
1824 * modules/pam_loginuid/Makefile.am (AM_LDFLAGS): Add LIBAUDIT.
1826 * modules/pam_selinux/Makefile.am (pam_selinux_check_LDFLAGS): Add
1828 (pam_selinux_la_LDFLAGS): Likewise.
1830 2007-01-17 Thorsten Kukuk <kukuk@thkukuk.de>
1834 * configure.in: Set version number to 0.99.7.0
1836 * Makefile.am (M4_FILES): Replace GNU make extension by listing
1839 2007-01-17 Tomas Mraz <t8m@centrum.cz>
1841 * po/*.po: Updated strings to translate.
1842 * po/Linux-PAM.pot: Likewise.
1844 2007-01-16 Thorsten Kukuk <kukuk@thkukuk.de>
1846 * doc/man/pam.conf-syntax.xml: Improve documentation about
1847 sufficient keyword (Patch by Petteri Räty <betelgeuse@gentoo.org>)
1849 2006-12-20 Thorsten Kukuk <kukuk@thkukuk.de>
1851 * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Forbid
1852 only '+' and '-' as first characters for account names.
1853 * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise.
1855 2006-12-18 Thorsten Kukuk <kukuk@thkukuk.de>
1857 * configure.in: Fix ENOKEY check (specify errno.h as header
1860 * configure.in: Add AM_PROG_CC_C_O.
1861 * libpam/Makefile.am: Add content of AM_LDFLAGS to *_LDFLAGS.
1862 * modules/pam_tally/Makefile.am: Likewise.
1863 * modules/pam_unix/Makefile.am: Likewise.
1865 * modules/pam_stress/pam_stress.c (pam_sm_chauthtok): Fix
1866 localisation of message printed to user.
1867 * po/de.po: Adjust translation.
1869 2006-12-18 Tomas Mraz <t8m@centrum.cz>
1871 * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Localize
1872 message printed to user.
1874 * modules/pam_unix/support.c (_unix_verify_password): Use strncmp
1875 only for bigcrypt result.
1877 * modules/pam_keyinit/pam_keyinit.c (kill_keyrings): Switch to new
1878 egid first, euid next. Revert euid/egid to old euid/egid and not
1880 (pam_sm_open_session): Switch to new rgid first, ruid next.
1882 2006-12-13 Thorsten Kukuk <kukuk@thkukuk.de>
1884 * modules/pam_localuser/pam_localuser.c: Add support for session
1885 and chauthtok [SF#1606180].
1886 * modules/pam_localuser/pam_localuser.8.xml: Document last change.
1888 * libpam/pam_audit.c (_pam_audit_writelog): Print error message
1891 2006-12-12 Thorsten Kukuk <kukuk@thkukuk.de>
1893 * libpam/pam_audit.c (_pam_audit_writelog): Print error
1894 message on failure to syslog.
1896 2006-12-09 Thorsten Kukuk <kukuk@thkukuk.de>
1898 * modules/pam_umask/pam_umask.c: Use strtoul instead of strtol,
1899 fix overflow detection.
1901 2006-12-06 Thorsten Kukuk <kukuk@thkukuk.de>
1903 * modules/pam_mkhomedir/pam_mkhomedir.c (rec_mkdir): Fix
1904 handling of left-most path component [SF#1591598].
1905 (create_homedir): Mark user visible messages for translation.
1906 * po/de.po: Adjust german translation for pam_mkhomedir.
1908 * modules/pam_faildelay/pam_faildelay.c: If no argument is
1909 given, try to read FAIL_DELAY from /etc/login.defs.
1910 * modules/pam_faildelay/pam_faildelay.8.xml: Document usage
1913 2006-12-04 Tomas Mraz <t8m@centrun.cz>
1915 * po/jp.po: Fixed mistake in Password: message (from
1916 Peng Huang <phuang@redhat.com>).
1918 2006-11-28 Thorsten Kukuk <kukuk@thkukuk.de>
1920 * po/hu.po: Update hungarian translation (from
1921 Kalman Kemenczy <kkemenczy@novell.com>).
1923 * configure.in: Allow disabling support for cracklib, audit, libdb.
1925 * modules/pam_faildelay/pam_faildelay.8.xml: Correct name of Author.
1927 * configure.in: Remove --enable-docdir (obsolete by --docdir).
1928 * doc/Makefile.am: Don't overwrite htmldir.
1929 * doc/adg/Makefile.am: Use docdir, htmldir and pdfdir.
1930 * doc/mwg/Makefile.am: Likewise.
1931 * doc/sag/Makefile.am: Likewise.
1932 * doc/specs/Makefile.am: Use docdir.
1934 * tests/tst-pam_set_data.c: New test cases for pam_set_data().
1935 * tests/Makefile.am: Add pam_set_data test case.
1937 * libpam/pam_data.c: Add NULL pointer check for module_data_name.
1938 * libpam/Makefile.am: Bump revision of shared library.
1940 2006-11-08 Thorsten Kukuk <kukuk@thkukuk.de>
1942 * configure.in: Add modules/pam_faildelay/Makefile.
1943 * doc/sag/Linux-PAM_SAG.xml: Include pam_faildelay.xml.
1944 * doc/sag/pam_faildelay.xml: New.
1945 * libpam/pam_static_modules.h: Include static pam_faildelay data.
1946 * modules/Makefile.am: Add pam_faildelay directory.
1947 * modules/pam_faildelay/Makefile.am: New.
1948 * modules/pam_faildelay/README: New, generated from XML file.
1949 * modules/pam_faildelay/README.xml: New.
1950 * modules/pam_faildelay/pam_faildelay.8: New, generated from xml.
1951 * modules/pam_faildelay/pam_faildelay.8.xml: New.
1952 * modules/pam_faildelay/pam_faildelay.c: New.
1953 * modules/pam_faildelay/tst-pam_faildelay: New.
1955 * po/POTFILES.in: Add pam_faildelay.c and pam_loginuid.c.
1957 2006-11-07 Thorsten Kukuk <kukuk@thkukuk.de>
1959 * modules/pam_cracklib/pam_cracklib.c: PAM_DEBUG_ARG
1960 is a bit mask and not a boolean value (Reported by
1961 Jochen Voss <voss@seehuhn.de>).
1963 2006-10-26 Thorsten Kukuk <kukuk@thkukuk.de>
1965 * doc/man/pam.3.xml: Add pam_get_user function.
1967 * modules/pam_motd/pam_motd.8.xml: Fix typo.
1969 2006-10-24 Thorsten Kukuk <kukuk@thkukuk.de>
1971 * modules/pam_namespace/pam_namespace.c: Reserve space for
1974 2006-10-24 Thorsten Kukuk <kukuk@thkukuk.de>
1976 * modules/pam_unix/support.c (_unix_verify_password): Try system
1977 crypt() if we don't know the hash alogorithm.
1978 * modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Likewise.
1980 2006-10-13 Tomas Mraz <t8m@centrum.cz>
1982 * doc/mwg/Linux-PAM_MWG.xml: Add id[s] to section[s].
1983 * doc/sag/pam_access.xml: Likewise.
1984 * doc/sag/pam_echo.xml: Likewise.
1985 * doc/sag/pam_env.xml: Likewise.
1986 * doc/sag/pam_exec.xml: Likewise.
1987 * doc/sag/pam_group.xml: Likewise.
1988 * doc/sag/pam_limits.xml: Likewise.
1989 * doc/sag/pam_namespace.xml: Likewise.
1990 * doc/sag/pam_time.xml: Likewise.
1991 * doc/sag/Linux-PAM_SAG.xml: Add id to book.
1992 * doc/adg/Linux-PAM_ADG.xml: Add id to book.
1993 * doc/mwg/Linux-PAM_MWG.xml: Add id to book.
1996 2006-10-07 Thorsten Kukuk <kukuk@thkukuk.de>
1998 * po/hu.po: Updated hungarian translation (from
1999 Kalman Kemenczy <kkemenczy@novell.com>)
2001 2006-09-20 Thorsten Kukuk <kukuk@thkukuk.de>
2003 * doc/adg/Makefile.am: Add manual pages as dependency.
2004 * doc/mwg/Makefile.am: Likewise.
2005 * doc/sag/Makefile.am: Likewise.
2006 * doc/sag/Linux-PAM_SAG.xml: Include pam_unix.xml.
2007 * doc/sag/pam_unix.xml: New.
2008 * modules/pam_unix/Makefile.am: Generate pam_unix.8 manual page.
2009 * modules/pam_unix/README.xml: New.
2010 * modules/pam_unix/pam_unix.8.xml: New.
2011 * modules/pam_unix/README: Regenerate from XML.
2012 * modules/pam_unix/pam_unix.8: Generated from XML.
2014 2006-09-09 Dmitry V. Levin <ldv@altlinux.org>
2016 * modules/pam_wheel/pam_wheel.8.xml: Fix typo.
2017 * modules/pam_wheel/pam_wheel.8: Likewise.
2018 * modules/pam_wheel/README: Likewise.
2020 2006-09-08 Thorsten Kukuk <kukuk@thkukuk.de>
2022 * po/de.po: Fix typo.
2024 2006-09-06 Thorsten Kukuk <kukuk@thkukuk.de>
2026 * release version 0.99.6.3
2028 2006-09-01 Thorsten Kukuk <kukuk@thkukuk.de>
2030 * modules/pam_loginuid/pam_loginuid.8.xml: Fix typo in
2033 2006-08-31 Thorsten Kukuk <kukuk@thkukuk.de>
2035 * modules/pam_env/environment: New, dummy environment example
2038 * modules/pam_namespace/Makefile.am: Don't install
2039 manual page if we don't build module.
2041 * m4/ld-as-needed.m4: Don't set LDFLAGS if check failed.
2042 * m4/ld-O1: Likewise.
2044 2006-08-30 Tomas Mraz <t8m@centrum.cz>
2046 * modules/pam_access/pam_access.8.xml: All services supported.
2047 * modules/pam_access/pam_access.c (pam_sm_open_session): New.
2048 (pam_sm_close_session): New.
2049 (pam_sm_chauthtok): New.
2051 * modules/pam_access/pam_succeed_if.8.xml: All services supported.
2052 * modules/pam_access/pam_succeed_if.c (pam_sm_setcred): Return
2053 PAM_IGNORE rather than success.
2054 (pam_sm_open_session): New.
2055 (pam_sm_close_session): New.
2056 (pam_sm_chauthtok): New.
2058 2006-08-30 Thorsten Kukuk <kukuk@thkukuk.de>
2060 * xtests/Makefile.am: Move shell code to execute tests from here ...
2061 * xtests/run-xtests.sh: ... to here.
2062 * xtests/*.c: Include config.h.
2063 * tests/*.c: Likewise.
2065 * modules/pam_namespace/pam_namespace.c: Use pam_modutil_getpwnam()
2066 instead of getpwnam().
2068 2006-08-29 Thorsten Kukuk <kukuk@thkukuk.de>
2070 * doc/sag/pam_loginuid.xml: New.
2071 * doc/sag/Linux-PAM_SAG.xml: Include pam_loginuid.xml.
2073 * configure.in: Add modules/pam_loginuid/Makefile.
2074 * modules/Makefile.am: Add pam_loginuid sub directory.
2076 * libpam/pam_static_modules.h: Add pam_loginuid.
2078 * modules/pam_loginuid/Makefile.am: New.
2079 * modules/pam_loginuid/tst-pam_loginuid: New.
2080 * modules/pam_loginuid/pam_loginuid.8.xml: New.
2081 * modules/pam_loginuid/pam_loginuid.8: New, generated from XML source.
2082 * modules/pam_loginuid/pam_loginuid.c: New.
2083 * modules/pam_loginuid/README.xml: New.
2084 * modules/pam_loginuid/README: New, generated from XML source.
2086 2006-08-29 Dmitry V. Levin <ldv@altlinux.org>
2088 * modules/pam_exec/pam_exec.c (call_exec): Add required third
2089 argument to open() call with O_CREAT flag set.
2091 2006-08-28 Thorsten Kukuk <kukuk@thkukuk.de>
2093 * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Remove
2096 2006-08-24 Thorsten Kukuk <kukuk@thkukuk.de>
2098 * release version 0.99.6.2
2100 * modules/pam_lastlog/pam_lastlog.c (last_login_date): Create
2101 lastlog file if it does not exist.
2103 * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Check
2104 for error from getting second token.
2105 * xtests/Makefile.am: Add tst-pam_cracklib1
2106 * xtests/tst-pam_cracklib1.c: New, check for pam_cracklib seg.fault.
2107 * xtests/tst-pam_cracklib1.pamd: New, config for cracklib test.
2109 2006-08-24 Thorsten Kukuk <kukuk@thkukuk.de>
2111 * xtests/tst-pam_dispatch4.c: New test.
2112 * xtests/tst-pam_dispatch4.pamd: PAM config for new test.
2114 2006-08-09 Thorsten Kukuk <kukuk@thkukuk.de>
2116 * release version 0.99.6.1
2118 2006-08-09 David Howells <dhowells@redhat.com>
2120 * modules/pam_keyinit/pam_keyinit.c (kill_keyrings): Set real uid
2121 to user's before revoking.
2122 (pam_sm_open_session): Remember the uid.
2124 2006-08-06 Thorsten Kukuk <kukuk@thkukuk.de>
2126 * modules/pam_umask/pam_umask.c (setup_limits_from_gecos):
2128 * modules/pam_umask/pam_umask.8.xml: Document silent option.
2130 * xtests/Makefile.am: Fix includes for bootstrapping.
2131 Reported by Greg Schafer <gschafer@zip.com.au>.
2133 2006-08-05 Thorsten Kukuk <kukuk@thkukuk.de>
2135 * release version 0.99.6.0
2137 * modules/pam_limits/pam_limits.c (pam_sm_open_session): Use
2138 pam_modutil_getpwnam instead of getpwnam.
2140 * modules/pam_succeed_if/pam_succeed_if.c (evaluate): Cast
2141 svc variable to char pointer for snprintf.
2143 * configure.in: Generate xtests/Makefile.
2144 * Makefile.am (SUBDIRS): Add xtests.
2145 * README: Document make check and make xtests.
2146 * xtests/Makefile.am: New.
2147 * xtests/tst-pam_dispatch1.pamd: New.
2148 * xtests/tst-pam_dispatch2.pamd: New.
2149 * xtests/tst-pam_dispatch3.pamd: New.
2150 * xtests/tst-pam_dispatch1.c: New.
2151 * xtests/tst-pam_dispatch2.c: New.
2152 * xtests/tst-pam_dispatch3.c: New.
2154 2006-08-04 Ray Strode <rstrode@redhat.com>
2156 * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate):
2157 Return PAM_USER_UNKNOWN instead of PAM_SERVICE_ERR where appropriate.
2159 2006-08-03 David Howells <dhowells@redhat.com>
2161 * modules/pam_keyinit/pam_keyinit.c: Debug should be off by default.
2162 (init_keyrings): Properly handle multiple invocations of the module.
2163 (kill_keyrings, pam_sm_open_session, pam_sm_close_session): Likewise.
2165 2006-08-03 Tomas Mraz <t8m@centrum.cz>
2167 * modules/pam_succeed_if/pam_succeed_if.c (evaluate_inlist):
2168 New function for list matching.
2169 (evaluate_notinlist): Likewise.
2170 (evaluate): Add service value match, list matching.
2171 * modules/pam_succeed_if/pam_succeed_if.8.xml: Document the
2174 * modules/pam_selinux/pam_selinux.c (security_label_tty): Don't log
2175 relabelling error when the tty device doesn't exist (ENOENT).
2177 2006-08-01 Thorsten Kukuk <kukuk@thkukuk.de>
2179 * doc/man/pam_fail_delay.3.xml: Fix some Bugs and enhance
2180 rationale about when this function should be used and when not.
2182 * doc/index.html: Cleanup to look prettier.
2184 2006-08-01 Thorsten Kukuk <kukuk@thkukuk.de>
2186 * libpam/Makefile.am: Bump patchlevel of libpam.
2187 * libpam/pam_dispatch.c (_pam_dispatch_aux): If [return=die]
2188 or [return=bad] is used, don't return PAM_IGNORE. Based on
2189 patch by Tomas Mraz <t8m@centrum.cz>, [BRC#196859].
2191 2006-07-28 Thorsten Kukuk <kukuk@thkukuk.de>
2193 * ABOUT-NLS: Upgrade to gettext-0.15.
2194 * config.rpath: Likewise.
2195 * m4/gettext.m4: Upgrade to gettext-0.15.
2196 * m4/inttypes-h.m4: New file, from gettext-0.15.
2197 * m4/inttypes-pri.m4: Upgrade to gettext-0.15.
2198 * m4/lib-link.m4: Upgrade to gettext-0.15.
2199 * m4/lib-prefix.m4: Upgrade to gettext-0.15.
2200 * m4/lock.m4: New file, from gettext-0.15.
2201 * m4/longdouble.m4: Upgrade to gettext-0.15.
2202 * m4/nls.m4: Upgrade to gettext-0.15.
2203 * m4/po.m4: Upgrade to gettext-0.15.
2204 * m4/size_max.m4: Upgrade to gettext-0.15.
2205 * m4/visibility.m4: New file, from gettext-0.15.
2206 * po/Makefile.in.in: Upgrade to gettext-0.15.
2208 2006-07-24 David Quigley <dpquigl@tycho.nsa.gov>
2210 * modules/pam_namespace/Makefile.am: Add pam_namespace.h.
2211 * modules/pam_namespace/pam_namespace.c: Move includes and
2212 data structure definitions from here ...
2213 * modules/pam_namespace/pam_namespace.h: ... here. New file.
2215 * modules/pam_namespace/pam_namespace.c: Move large sections
2216 of code into new functions.
2218 2006-07-24 Thorsten Kukuk <kukuk@thkukuk.de>
2220 * doc/adg/Makefile.am: Add uninstall and distclean rules.
2221 * doc/mwg/Makefile.am: Likewise.
2222 * doc/sag/Makefile.am: Likewise.
2224 2006-07-08 Daniel Richard G. <skunk@iskunk.org>
2226 * conf/pam_conv1/Makefile.am: Fix rules for lex and yacc files.
2227 * conf/pam_conv1/pam_conv.lex: Rename to ...
2228 * conf/pam_conv1/pam_conv_l.l: ... this.
2229 * conf/pam_conv1/pam_conv.y: Rename to ...
2230 * conf/pam_conv1/pam_conv_y.y: ... this.
2231 * configure.in: Add AC_HELP_STRING()s to various AC_ARG_ENABLE()
2233 * doc/Makefile.am: Fix rule to install index.html.
2234 * doc/adg/Makefile.am: Fix test usage.
2235 * doc/mwg/Makefile.am: Likewise.
2236 * doc/sag/Makefile.am: Likewise.
2237 * doc/specs/Makefile.am: Fix rules for lex and yacc files.
2238 * specs/parse.lex: Rename to ...
2239 * doc/specs/parse_l.l: ... this.
2240 * doc/specs/parse.y: Rename to ...
2241 * doc/specs/parse_y.y: ... this.
2242 * libpam/pam_account.c: Fix #if vs. #ifdef.
2243 * libpam/pam_audit.c: Likewise.
2244 * libpam/pam_auth.c: Likewise.
2245 * libpam/pam_password.c: Likewise.
2246 * libpam/pam_private.h: Likewise.
2247 * libpam/pam_session.c: Likewise.
2248 * libpam/pam_start.c: Likewise.
2249 * libpam/pam_static.c: Fix "empty sourcefile" warning.
2250 * modules/pam_limits/pam_limits.c: Check for __linux, too.
2251 * modules/pam_userdb/Makefile.am: Don't run test if no
2253 * tests/tst-dlopen.c: Include config.h.
2255 2006-07-03 Dan Yefimov <dan@D00M.lightwave.net.ru>
2257 * configure.in: Fixed have_key_syscalls test.
2259 * modules/pam_access/pam_access.c (from_match): Fixed IPv4 network
2260 match, removed AI_ADDRCONFIG flag.
2262 2006-06-30 Tomas Mraz <t8m@centrum.cz>
2264 * modules/pam_namespace/Makefile.am(EXTRA_DIST): Add namespace.init.
2266 2006-06-29 Thorsten Kukuk <kukuk@thkukuk.de>
2268 * doc/Makefile.am (releasedocs): Fix directory layout.
2269 * doc/adg/Makefile.am: Likewise.
2270 * doc/mwg/Makefile.am: Likewise.
2271 * doc/sag/Makefile.am: Likewise.
2273 2006-06-28 Thorsten Kukuk <kukuk@thkukuk.de>
2275 * doc/sag: System Administrator Guide as XML source.
2276 * doc/sag/Makefile.am: New.
2277 * doc/sag/Linux-PAM_SAG.xml: New, main XML document.
2278 * doc/sag/pam_*.xml: New, wrapper to include module documentation.
2280 * doc/adg: Application Developers Guide as XML source.
2281 * doc/adg/Makefile.am: New.
2282 * doc/adg/Linux-PAM_ADG.xml: New, main XML document.
2283 * doc/adg/pam_*.xml: New, wrappers to include manual pages.
2285 * doc/mwg: Application Developers Guide as XML source.
2286 * doc/mwg/Makefile.am: New.
2287 * doc/mwg/Linux-PAM_MWG.xml: New, main XML document.
2288 * doc/mwg/pam_*.xml: New, wrappers to include manual pages.
2290 * doc/CREDITS: Removed.
2291 * doc/NOTES: Removed.
2292 * doc/pam_appl.sgml: Removed.
2293 * doc/pam_modules.sgml: Removed.
2294 * doc/pam_source.sgml: Removed.
2295 * doc/figs/pam_orient.txt: Removed.
2296 * doc/figs: Removed.
2298 * configure.in: Remove checks for sgml2* progrs, add sag, adg
2301 * doc/Makefile.am: Remove references to sgml, add sag, adg and mwg
2303 * doc/modules: Remove directory.
2304 * doc/html: Remove directory.
2305 * doc/ps: Remove directory.
2306 * doc/pdf: Remove directory.
2307 * doc/txts: Remove directory.
2308 * doc/index.html: Moved from html directory to here.
2310 2006-06-28 Thorsten Kukuk <kukuk@thkukuk.de>
2312 * release version 0.99.5.0
2314 * bump version number to 0.99.5.0
2316 * modules/pam_rhosts/pam_rhosts.c: New module, replaces
2318 * modules/pam_rhosts/pam_rhosts.8.xml: New.
2319 * modules/pam_rhosts/pam_rhosts.8: New, generated from XML source.
2320 * modules/pam_rhosts/tst-pam_rhosts: New.
2321 * modules/pam_rhosts/Makefile.am: Add pam_rhosts, generate
2322 manual page and README.
2323 * modules/pam_rhosts/README.xml: New.
2324 * modules/pam_rhosts/reADME: Regenerated from XML source.
2326 * doc/man/pam_sm_acct_mgmt.3.xml: Adjust syntax for module
2328 * doc/man/pam_sm_authenticate.3.xml: Likewise.
2329 * doc/man/pam_sm_chauthtok.3.xml: Likewise.
2330 * doc/man/pam_sm_close_session.3.xml: Likewise.
2331 * doc/man/pam_sm_open_session.3.xml: Likewise.
2332 * doc/man/pam_sm_setcred.3.xml: Likewise.
2334 * po/POTFILES.in: Add new source files.
2336 * libpam/pam_static_modules.h: Add new modules.
2338 * modules/pam_keyinit.c: Add _pam_keyinit_modstruct.
2340 * modules/pam_keyinit/Makefile.am (EXTRA_DIST): Add XML
2341 files and manual page.
2343 2006-06-27 Thorsten Kukuk <kukuk@thkukuk.de>
2345 * configure.in: Allow disabling of SELinux support, check for
2348 2006-06-27 Tomas Mraz <t8m@centrum.cz>
2350 * modules/pam_namespace/pam_namespace.c: New module
2351 originally written by Janak Desai.
2352 * modules/pam_namespace/Makefile.am: New.
2353 * modules/pam_namespace/README: New.
2354 * modules/pam_namespace/md5.c: New.
2355 * modules/pam_namespace/md5.h: New.
2356 * modules/pam_namespace/namespace.conf: New.
2357 * modules/pam_namespace/namespace.conf.5: New.
2358 * modules/pam_namespace/namespace.conf.5.xml: New.
2359 * modules/pam_namespace/namespace.init: New.
2360 * modules/pam_namespace/pam_namespace.8: New.
2361 * modules/pam_namespace/pam_namespace.8.xml: New.
2362 * modules/pam_namespace/tst-pam_namespace: New.
2363 * modules/Makefile.am: Added pam_namespace.
2364 * configure.in: Added pam_namespace, test for unshare
2367 2006-06-27 David Howells <dhowells@redhat.com>
2369 * modules/pam_keyinit/pam_keyinit.c: New module.
2370 * modules/pam_keyinit/pam_keyinit.8: New.
2371 * modules/pam_keyinit/pam_keyinit.8.xml: New.
2372 * modules/pam_keyinit/README: New.
2373 * modules/pam_keyinit/README.xml: New.
2374 * modules/pam_keyinit/Makefile.am: New.
2375 * modules/pam_keyinit/tst-pam_keyinit: New.
2376 * modules/Makefile.am: Added pam_keyinit.
2377 * configure.in: Added test for the key mgmt syscall.
2379 2006-06-27 Thorsten Kukuk <kukuk@thkukuk.de>
2381 * m4/libprelude.m4: Sync with upstream.
2383 2006-06-27 Tomas Mraz <t8m@centrum.cz>
2385 * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary):
2386 signal() fails with SIG_ERR return
2387 * modules/pam_unix/pam_unix_passwd.c(_unix_run_shadow_binary):
2389 * modules/pam_unix/support.c(_unix_run_helper_binary):
2392 2006-06-25 Thorsten Kukuk <kukuk@thkukuk.de>
2394 * doc/man/misc_conv.3.xml: New.
2395 * doc/man/misc_conv.3: New.
2396 * doc/man/pam_misc_paste_env.3.xml: New.
2397 * doc/man/pam_misc_paste_env.3: New.
2398 * doc/man/pam_misc_drop_env.3.xml: New.
2399 * doc/man/pam_misc_drop_env.3: New.
2400 * doc/man/pam_misc_setenv.3.xml: New.
2401 * doc/man/pam_misc_setenv.3: New.
2402 * doc/man/Makefile.am: Add new manual pages.
2404 * doc/man/pam_acct_mgmt.3.xml: Fix syntax for inclusion
2405 in Applicatoin Developer Guide.
2406 * doc/man/pam_authenticate.3.xml: Likewise
2407 * doc/man/pam_chauthtok.3.xml: Likewise
2408 * doc/man/pam_close_session.3.xml: Likewise
2409 * doc/man/pam_conv.3.xml: Likewise
2410 * doc/man/pam_end.3.xml: Likewise
2411 * doc/man/pam_fail_delay.3.xml: Likewise
2412 * doc/man/pam_getenv.3.xml: Likewise
2413 * doc/man/pam_getenvlist.3.xml: Likewise
2414 * doc/man/pam_open_session.3.xml: Likewise
2415 * doc/man/pam_putenv.3.xml: Likewise
2416 * doc/man/pam_setcred.3.xml: Likewise
2417 * doc/man/pam_start.3.xml: Likewise
2418 * doc/man/pam_strerror.3.xml: Likewise
2420 * doc/man/pam_acct_mgmt.3: Regenerate from XML source.
2421 * doc/man/pam_authenticate.3: Likewise
2422 * doc/man/pam_chauthtok.3: Likewise
2423 * doc/man/pam_close_session.3: Likewise
2424 * doc/man/pam_conv.3: Likewise
2425 * doc/man/pam_end.3: Likewise
2426 * doc/man/pam_fail_delay.3: Likewise
2427 * doc/man/pam_getenv.3: Likewise
2428 * doc/man/pam_getenvlist.3: Likewise
2429 * doc/man/pam_open_session.3: Likewise
2430 * doc/man/pam_putenv.3: Likewise
2431 * doc/man/pam_setcred.3: Likewise
2432 * doc/man/pam_sm_close_session.3: Likewise
2433 * doc/man/pam_start.3: Likewise
2434 * doc/man/pam_strerror.3: Likewise
2435 * doc/man/pam_syslog.3: Likewise
2436 * doc/man/PAM.8: Likewise
2438 2006-06-24 Thorsten Kukuk <kukuk@thkukuk.de>
2440 * modules/pam_limits/pam_limits.c (setup_limits): Don't
2441 reset priority for root.
2443 2006-06-23 Thorsten Kukuk <kukuk@thkukuk.de>
2445 * modules/pam_access/access.conf.5.xml: Fix syntax for SAG.
2446 * modules/pam_access/pam_access.8.xml: Likewise.
2447 * modules/pam_deny/pam_deny.8.xml: Likewise.
2448 * modules/pam_echo/pam_echo.8.xml: Likewise.
2449 * modules/pam_env/pam_env.8.xml: Likewise.
2450 * modules/pam_env/pam_env.conf.5.xml: Likewise.
2451 * modules/pam_group/group.conf.5.xml: Likewise.
2452 * modules/pam_group/pam_group.8.xml: Likewise.
2453 * modules/pam_limits/limits.conf.5.xml: Likewise.
2454 * modules/pam_listfile/pam_listfile.8.xml: Likewise.
2455 * modules/pam_succeed_if/pam_succeed_if.8.xml: Likewise.
2456 * modules/pam_time/pam_time.8.xml: Likewise.
2457 * modules/pam_time/time.conf.5.xml: Likewise.
2459 * modules/pam_access/access.conf.5: Regenerate.
2460 * modules/pam_access/pam_access.8: Likewise.
2461 * modules/pam_deny/pam_deny.8: Likewise.
2462 * modules/pam_echo/README: Likewise.
2463 * modules/pam_echo/pam_echo.8: Likewise.
2464 * modules/pam_env/pam_env.8: Likewise.
2465 * modules/pam_env/pam_env.conf.5: Likewise.
2466 * modules/pam_group/README: Likewise.
2467 * modules/pam_group/group.conf.5: Likewise.
2468 * modules/pam_group/pam_group.8: Likewise.
2469 * modules/pam_limits/limits.conf.5: Likewise.
2470 * modules/pam_listfile/README: Likewise.
2471 * modules/pam_listfile/pam_listfile.8: Likewise.
2472 * modules/pam_succeed_if/pam_succeed_if.8: Likewise.
2473 * modules/pam_time/pam_time.8: Likewise.
2474 * modules/pam_time/time.conf.5: Likewise.
2476 * doc/man/Makefile.am: Add pam.conf-desc.xml, pam.conf-dir.xml
2477 and pam.conf-syntax.xml.
2478 * doc/man/pam.conf.5.xml: Split into different pieces for SAG.
2479 * doc/man/pam.conf.5: Regenerated.
2480 * doc/man/pam.conf-desc.xml: New.
2481 * doc/man/pam.conf-dir.xml: New.
2482 * doc/man/pam.conf-syntax.xml: New.
2484 2006-06-21 Thorsten Kukuk <kukuk@thkukuk.de>
2486 * modules/pam_selinux/Makefile.am: Fix "make dist" if libselinux
2489 * modules/pam_issue/pam_issue.8.xml: Fix listing of escapes.
2490 * modules/pam_issue/pam_issue.8: Regenerate.
2492 2006-06-20 Thorsten Kukuk <kukuk@thkukuk.de>
2494 * configure.in: Remove unused check for libcap.
2496 * m4/ld-as-needed.m4: New.
2498 * configure.in: Call PAM_LD_AS_NEEDED and PAM_LD_O1,
2499 require docbook version 4.4.
2501 2006-06-19 Thorsten Kukuk <kukuk@thkukuk.de>
2503 * doc/man/pam.8.xml: Syntax cleanup.
2504 * doc/pam/PAM.8: Regenerated from xml source.
2505 * man/pam_sm_chauthtok.3: New.
2506 * man/pam_sm_chauthtok.3.xml: New.
2507 * man/pam_sm_close_session.3: New.
2508 * man/pam_sm_close_session.3.xml: New.
2509 * man/pam_sm_open_session.3: New.
2510 * man/pam_sm_open_session.3.xml: New.
2511 * man/pam_sm_authenticate.3: New.
2512 * man/pam_sm_authenticate.3.xml: New.
2513 * man/pam_sm_setcred.3: New.
2514 * man/pam_sm_setcred.3.xml: New.
2515 * man/Makefile.am: Add new pam_sm_* manual pages.
2517 * specs/Makefile.am: Fix rule to generate draft.
2519 2006-06-18 Thorsten Kukuk <kukuk@thkukuk.de>
2521 * modules/pam_tally/Makefile.am: Include Make.xml.rules.
2522 * modules/pam_tally/pam_tally.8.xml: New.
2523 * modules/pam_tally/pam_tally.8: New, generated from xml file.
2524 * modules/pam_tally/README.xml: New.
2525 * modules/pam_tally/README: Regenerated from xml file.
2527 * modules/pam_selinux/Makefile.am: Include Make.xml.rules.
2528 * modules/pam_selinux/pam_selinux.8.xml: New.
2529 * modules/pam_selinux/pam_selinux.8: Regenerated from xml file.
2530 * modules/pam_selinux/README.xml: New.
2531 * modules/pam_selinux/README: Regenerated from xml file.
2533 2006-06-17 Thorsten Kukuk <kukuk@thkukuk.de>
2535 * modules/pam_debug/Makefile.am: Include Make.xml.rules.
2536 * modules/pam_debug/pam_debug.8.xml: New.
2537 * modules/pam_debug/pam_debug.8: New, generated from xml file.
2538 * modules/pam_debug/README.xml: New.
2539 * modules/pam_debug/README: Regenerated from xml file.
2541 * examples/vpass.c: UID is unsigned on Linux.
2542 * modules/pam_exec/pam_exec.c: Likewise.
2543 * modules/pam_unix/pam_unix_acct.c: Likewise.
2544 * modules/pam_unix/pam_unix_sess.c: Likewise.
2546 * modules/pam_succeed_if/pam_succeed_if.8.xml: Fix syntax error.
2547 * modules/pam_succeed_if/pam_succeed_if.8: Regenerated.
2548 * modules/pam_succeed_if/README: Regenerated.
2550 * modules/pam_limits/Makefile.am: Include Make.xml.rules.
2551 * modules/pam_limits/limits.conf.5: New, generated from xml file.
2552 * modules/pam_limits/limits.conf.5.xml: New.
2553 * modules/pam_limits/pam_limits.8: New, generated from xml file.
2554 * modules/pam_limits/pam_limits.8.xml: New.
2555 * modules/pam_limits/README.xml: New.
2556 * modules/pam_limits/README: Regenerated from README.xml.
2558 2006-06-16 Thorsten Kukuk <kukuk@thkukuk.de>
2560 * modules/pam_unix/pam_unix_passwd.c (save_old_password): UIDs
2561 are unsigned on Linux, don't truncate them.
2562 (_do_setpass): err is of type clnt_stat, not int.
2564 * modules/pam_lastlog/pam_lastlog.c (last_login_read): Don't
2565 truncate UID for syslog output.
2567 * modules/pam_time/pam_time.c: Replace type boolean with int.
2568 * modules/pam_group/pam_group.c: Likewise.
2570 2006-06-15 Thorsten Kukuk <kukuk@thkukuk.de>
2572 * modules/pam_unix/bigcrypt.h: New.
2573 * modules/pam_unix/Makefile.am: Add bigcrypt.h.
2574 * modules/pam_unix/bigcrypt.c: Include bigcrypt.h.
2575 * modules/pam_unix/support.c: Include bigcrypt.h, remove
2577 * modules/pam_unix/bigcrypt_main.c: Include bigcrypt.h, remove
2579 * modules/pam_unix/pam_unix_passwd.c: Include bigcrypt.h, remove
2582 * modules/pam_time/pam_time.c (logic_member): Remove unused
2585 * modules/pam_group/pam_group.c (logic_field): Accept
2586 colon in tty name. [#1428276].
2587 (logic_member): Remove unused variable len.
2588 (check_account): Fix usage of err variable in debug code.
2590 * modules/pam_time/pam_time.c (logic_field): Likewise.
2592 * configure.in: Add special exceptions for icc: different
2593 compiler warnings, no PIE support.
2595 2006-06-14 Thorsten Kukuk <kukuk@thkukuk.de>
2597 * libpam/pam_misc.c (_pam_strdup): Use strlen and strcpy.
2599 * configure.in: Remove --enable-memory-debug, add option
2600 to disable prelude if installed.
2602 * modules/pam_tally/pam_tally.c: Remove MEMORY_DEBUG
2603 * modules/pam_filter/upperLOWER/upperLOWER.c: Likewise.
2604 * modules/pam_unix/unix_chkpwd.c: Likewise.
2605 * libpam/include/security/_pam_types.h: Likewise.
2606 * libpam/libpam.map: Remove LIBPAM_MALLOC_DEBUG export.
2607 * libpam/pam_malloc.c: Remove file.
2608 * libpam/Makefile.am: Remove pam_malloc.c and pam_malloc.h.
2610 * libpam/pam_handlers.c (extract_modulename): Use _pam_strdup
2613 * libpam/pam_private.h: Remove _pam_strCMP.
2614 * libpam/pam_misc.c: Likewise.
2615 * libpam/pam_handlers.c: Replaced _pam_strCMP with strcasecmp.
2617 2006-06-12 Thorsten Kukuk <kukuk@thkukuk.de>
2619 * modules/pam_tally/Makefile.am (AM_LDFLAGS): Remove flags
2620 for modules from main application.
2622 2006-06-09 Thorsten Kukuk <kukuk@thkukuk.de>
2624 * modules/pam_time/Makefile.am: Include Make.xml.rules.
2625 * modules/pam_time/time.conf.5: New, generated from xml file.
2626 * modules/pam_time/time.conf.5.xml: New.
2627 * modules/pam_time/pam_time.8: New, generated from xml file.
2628 * modules/pam_time/pam_time.8.xml: New.
2629 * modules/pam_time/README.xml: New.
2630 * modules/pam_time/README: Regenerated from README.xml.
2632 * modules/pam_wheel/Makefile.am: Include Make.xml.rules.
2633 * modules/pam_wheel/pam_wheel.8.xml: New.
2634 * modules/pam_wheel/pam_wheel.8: New, generated from xml file.
2635 * modules/pam_wheel/README.xml: New.
2636 * modules/pam_wheel/README: Regenerated from xml file.
2638 * modules/pam_xauth/Makefile.am: Include Make.xml.rules.
2639 * modules/pam_xauth/pam_xauth.8.xml: New.
2640 * modules/pam_xauth/pam_xauth.8: Regenerated from xml file.
2641 * modules/pam_xauth/README.xml: New.
2642 * modules/pam_xauth/README: Regenerated from xml file.
2644 * modules/pam_deny/pam_deny.8.xml: Fix syntax errors.
2645 * modules/pam_deny/pam_deny.8: Regenerate from xml file.
2646 * modules/pam_deny/README: Likewise.
2648 * modules/pam_warn/Makefile.am: Include Make.xml.rules.
2649 * modules/pam_warn/pam_warn.8.xml: New.
2650 * modules/pam_warn/pam_warn.8: New, generated from xml file.
2651 * modules/pam_warn/README.xml: New.
2652 * modules/pam_warn/README: Regenerated from xml file.
2654 * modules/pam_userdb/Makefile.am: Include Make.xml.rules.
2655 * modules/pam_userdb/pam_userdb.8.xml: New.
2656 * modules/pam_userdb/pam_userdb.8: New, generated from xml file.
2657 * modules/pam_userdb/README.xml: New.
2658 * modules/pam_userdb/README: Regenerated from xml file.
2660 2006-06-06 Thorsten Kukuk <kukuk@thkukuk.de>
2662 * modules/pam_shells/Makefile.am: Include Make.xml.rules.
2663 * modules/pam_shells/pam_shells.8.xml: New.
2664 * modules/pam_shells/pam_shells.8: New, generated from xml file.
2665 * modules/pam_shells/README.xml: New.
2666 * modules/pam_shells/README: Regenerated from xml file.
2668 * libpam/include/security/pam_malloc.h: Add missing license
2671 * libpam/include/security/pam_ext.h: Add brackets for C++.
2672 * libpam/include/security/pam_modutil.h: Likewise.
2674 * libpam/include/security/pam_modules.h: Document where to
2675 find the copyright/license informations.
2677 * libpam/include/security/pam_appl.h: Move _pam_compat.h
2678 include inside of brackets.
2680 2006-06-04 Thorsten Kukuk <kukuk@thkukuk.de>
2682 * modules/pam_securetty/Makefile.am: Include Make.xml.rules.
2683 * modules/pam_securetty/pam_securetty.8.xml: New.
2684 * modules/pam_securetty/pam_securetty.8: Regenerated from xml file.
2685 * modules/pam_securetty/README.xml: New.
2686 * modules/pam_securetty/README: Regenerated from xml file.
2688 * modules/pam_rootok/Makefile.am: Include Make.xml.rules.
2689 * modules/pam_rootok/pam_rootok.8.xml: New.
2690 * modules/pam_rootok/pam_rootok.8: New, generated from xml file.
2691 * modules/pam_rootok/README.xml: New.
2692 * modules/pam_rootok/README: Regenerated from xml file.
2694 * modules/pam_permit/Makefile.am: Include Make.xml.rules.
2695 * modules/pam_permit/pam_permit.8.xml: New.
2696 * modules/pam_permit/pam_permit.8: New, generated from xml file.
2697 * modules/pam_permit/README.xml: New.
2698 * modules/pam_permit/README: Regenerated from xml file.
2700 * modules/pam_nologin/Makefile.am: Include Make.xml.rules.
2701 * modules/pam_nologin/pam_nologin.8.xml: New.
2702 * modules/pam_nologin/pam_nologin.8: Regenerated from xml file.
2703 * modules/pam_nologin/README.xml: New.
2704 * modules/pam_nologin/README: Regenerated from xml file.
2706 2006-06-03 Thorsten Kukuk <kukuk@thkukuk.de>
2708 * modules/pam_motd/Makefile.am: Include Make.xml.rules.
2709 * modules/pam_motd/pam_motd.8.xml: New.
2710 * modules/pam_motd/pam_motd.8: New, generated from xml file.
2711 * modules/pam_motd/README.xml: New.
2712 * modules/pam_motd/README: New, generated from xml file.
2714 2006-06-02 Thorsten Kukuk <kukuk@thkukuk.de>
2716 * modules/pam_mail/Makefile.am: Include Make.xml.rules.
2717 * modules/pam_mail/pam_mail.8.xml: New.
2718 * modules/pam_mail/pam_mail.8: New, generated from xml file.
2719 * modules/pam_mail/README.xml: New.
2720 * modules/pam_mail/README: Regenerated from xml file.
2722 * modules/pam_localuser/Makefile.am: Include Make.xml.rules.
2723 * modules/pam_localuser/pam_localuser.8.xml: New.
2724 * modules/pam_localuser/pam_localuser.8: New, generated from xml file.
2725 * modules/pam_localuser/README.xml: New.
2726 * modules/pam_localuser/README: Regenerated from xml file.
2728 * doc/man/PAM.8: Regenerate with DocBook XSL Stylesheets v1.70.1.
2729 * doc/man/pam.3: Likewise.
2730 * doc/man/pam.conf.5: Likewise.
2731 * doc/man/pam_acct_mgmt.3: Likewise.
2732 * doc/man/pam_authenticate.3: Likewise.
2733 * doc/man/pam_chauthtok.3: Likewise.
2734 * doc/man/pam_close_session.3: Likewise.
2735 * doc/man/pam_conv.3: Likewise.
2736 * doc/man/pam_end.3: Likewise.
2737 * doc/man/pam_error.3: Likewise.
2738 * doc/man/pam_fail_delay.3: Likewise.
2739 * doc/man/pam_get_data.3: Likewise.
2740 * doc/man/pam_get_item.3: Likewise.
2741 * doc/man/pam_get_user.3: Likewise.
2742 * doc/man/pam_getenv.3: Likewise.
2743 * doc/man/pam_getenvlist.3: Likewise.
2744 * doc/man/pam_info.3: Likewise.
2745 * doc/man/pam_open_session.3: Likewise.
2746 * doc/man/pam_prompt.3: Likewise.
2747 * doc/man/pam_putenv.3: Likewise.
2748 * doc/man/pam_set_data.3: Likewise.
2749 * doc/man/pam_set_item.3: Likewise.
2750 * doc/man/pam_setcred.3: Likewise.
2751 * doc/man/pam_sm_acct_mgmt.3: Likewise.
2752 * doc/man/pam_start.3: Likewise.
2753 * doc/man/pam_strerror.3: Likewise.
2754 * doc/man/pam_syslog.3: Likewise.
2755 * modules/pam_access/access.conf.5: Likewise.
2756 * modules/pam_access/pam_access.8: Likewise.
2757 * modules/pam_cracklib/pam_cracklib.8: Likewise.
2758 * modules/pam_deny/pam_deny.8: Likewise.
2759 * modules/pam_echo/pam_echo.8: Likewise.
2760 * modules/pam_env/pam_env.8: Likewise.
2761 * modules/pam_env/pam_env.conf.5: Likewise.
2762 * modules/pam_exec/pam_exec.8: Likewise.
2763 * modules/pam_filter/pam_filter.8: Likewise.
2764 * modules/pam_ftp/pam_ftp.8: Likewise.
2765 * modules/pam_group/group.conf.5: Likewise.
2766 * modules/pam_group/pam_group.8: Likewise.
2767 * modules/pam_issue/pam_issue.8: Likewise.
2768 * modules/pam_lastlog/pam_lastlog.8: Likewise.
2769 * modules/pam_mkhomedir/pam_mkhomedir.8: Likewise.
2770 * modules/pam_succeed_if/pam_succeed_if.8: Likewise.
2771 * modules/pam_umask/pam_umask.8: Likewise.
2773 * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Use
2774 dngettext if available [#1427738].
2775 * configure.in: Check for dngettext [#1427738].
2776 * po/*.po: Update to dngettext usage.
2778 * modules/pam_listfile/Makefile.am: Include Make.xml.rules.
2779 * modules/pam_listfile/pam_listfile.8.xml: New.
2780 * modules/pam_listfile/pam_listfile.8: New, generated from xml file.
2781 * modules/pam_listfile/README.xml: New.
2782 * modules/pam_listfile/README: Regenerated from xml file.
2784 2006-06-01 Thorsten Kukuk <kukuk@thkukuk.de>
2786 * modules/pam_lastlog/Makefile.am: Include Make.xml.rules.
2787 * modules/pam_lastlog/pam_lastlog.8.xml: New.
2788 * modules/pam_lastlog/pam_lastlog.8: New, generated from xml file.
2789 * modules/pam_lastlog/README.xml: New.
2790 * modules/pam_lastlog/README: Regenerated from xml file.
2792 * modules/pam_group/Makefile.am: Include Make.xml.rules.
2793 * modules/pam_group/group.conf.5.xml: New.
2794 * modules/pam_group/group.conf.5: New, generated from xml file.
2795 * modules/pam_group/pam_group.8.xml: New.
2796 * modules/pam_group/pam_group.8: New, generated from xml file.
2797 * modules/pam_group/README.xml: New.
2798 * modules/pam_group/README: Regenerated from xml file.
2800 * modules/pam_ftp/Makefile.am: Include Make.xml.rules.
2801 * modules/pam_ftp/pam_ftp.8.xml: New.
2802 * modules/pam_ftp/pam_ftp.8: New, generated from xml file.
2803 * modules/pam_ftp/README.xml: New.
2804 * modules/pam_ftp/README: Regenerated from xml file.
2806 * modules/pam_issue/Makefile.am: Include Make.xml.rules.
2807 * modules/pam_issue/pam_issue.8.xml: New.
2808 * modules/pam_issue/pam_issue.8: New, generated from xml file.
2809 * modules/pam_issue/README.xml: New.
2810 * modules/pam_issue/README: Regenerated from xml file.
2812 * modules/pam_filter/Makefile.am: Include Make.xml.rules.
2813 * modules/pam_filter/pam_filter.8.xml: New.
2814 * modules/pam_filter/pam_filter.8: New, generated from xml file.
2815 * modules/pam_filter/README.xml: New.
2816 * modules/pam_filter/README: Regenerated from xml file.
2818 2006-05-30 Thorsten Kukuk <kukuk@thkukuk.de>
2820 * modules/pam_mkhomedir/pam_mkhomedir.8.xml: Fix umask and skel
2821 directory documentation.
2823 * modules/pam_umask/Makefile.am: Include Make.xml.rules.
2824 * modules/pam_umask/pam_umask.8.xml: New.
2825 * modules/pam_umask/pam_umask.8: New, generated from xml file.
2826 * modules/pam_umask/README.xml: New.
2827 * modules/pam_umask/README: Regenerated from xml file.
2829 2006-05-29 Thorsten Kukuk <kukuk@thkukuk.de>
2831 * modules/pam_mkhomedir/Makefile.am: Include Make.xml.rules.
2832 * modules/pam_mkhomedir/pam_mkhomedir.8.xml: New.
2833 * modules/pam_mkhomedir/pam_mkhomedir.8: New, generated from xml file.
2834 * modules/pam_mkhomedir/README.xml: New.
2835 * modules/pam_mkhomedir/README: Regenerated from xml file.
2837 2006-05-23 Thorsten Kukuk <kukuk@thkukuk.de>
2839 * modules/pam_echo/pam_echo.c (pam_echo): Use pam_modutil_read()
2842 2006-05-22 Thorsten Kukuk <kukuk@thkukuk.de>
2844 * modules/pam_listfile/pam_listfile.c (pam_sm_authenticate):
2845 Fix memory leaks, [#1490956] found by Coverity.
2847 * modules/pam_tally/pam_tally.c (pam_get_uid): Check return
2848 value of pam_get_user().
2849 (tally_get_data): Check if oldtime is not NULL.
2850 [#1489818] found by Coverity.
2852 * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Don't
2853 ignore return value of stat(). [#1489808] found by Coverity.
2855 * modules/pam_mail/pam_mail.c (get_folder): Fix a potential
2856 NULL pointer dereference. [#1489792] found by Coverity.
2858 * libpam/Makefile.am: bump release number of libpam.so.
2859 * libpam/pam_misc.c (_pam_mkargv): Fix memory leak,
2860 [#1489804] found by Coverity.
2862 * modules/pam_echo/pam_echo.c (replace_and_print): Initialize
2863 str, [#1489658] found by Coverity.
2865 * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Fix
2866 a potential NULL pointer dereference.
2867 (pam_sm_chauthtok): Remove dead code.
2868 [#1489634] found by Coverity.
2870 2006-05-04 Thorsten Kukuk <kukuk@thkukuk.de>
2872 * configure.in: Check for fseeko.
2873 * modules/pam_tally/pam_tally.c: Use fseeko if available
2874 (Based on patch by IBM).
2876 2006-05-04 Thorsten Kukuk <kukuk@thkukuk.de>
2878 * release version 0.99.4.0
2880 * libpam/pam_strerror.c: Unify error messages.
2882 * po/zh_TW.po: Adjust for last pam_strerror changes.
2883 * po/zh_CN.po: Likewise.
2884 * po/uk.po: Likewise.
2885 * po/tr.po: Likewise.
2886 * po/pt.po: Likewise.
2887 * po/pt_BR.po: Likewise.
2888 * po/pl.po: Likewise.
2889 * po/ja.po: Likewise.
2890 * po/nl.po: Likewise.
2891 * po/nb.po: Likewise.
2892 * po/it.po: Likewise.
2893 * po/hu.po: Likewise.
2894 * po/fr.po: Likewise.
2895 * po/fi.po: Likewise.
2896 * po/es.po: Likewise.
2897 * po/de.po: Likewise.
2898 * po/cs.po: Likewise.
2900 * doc/man/pam.3.xml: New.
2901 * doc/man/pam.3. New, generated from XML file.
2903 * doc/man/pam_sm_acct_mgmt.3.xml: New.
2904 * doc/man/pam_sm_acct_mgmt.3: New, generated from XML file.
2906 * doc/man/*.xml: Fix encoding and use always UTF-8, regenerate
2909 * doc/pam_modules.sgml (PAM_NEW_AUTHTOKEN_REQD): Fix typo.
2911 2006-05-02 Thorsten Kukuk <kukuk@thkukuk.de>
2913 * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Use
2914 different strings for plural or not [#1427738]
2916 * po/*.po: Adjust for pam_unix.so translation fix.
2918 * modules/pam_tally/pam_tally.c: Always close file handle
2919 in error case, don't close it depending on *TALLY value [#1478180]
2921 2006-04-21 Thorsten Kukuk <kukuk@thkukuk.de>
2923 * po/fr.po: Updated.
2925 2006-04-11 Thorsten Kukuk <kukuk@thkukuk.de>
2927 * po/km.po: Updated.
2929 2006-03-27 Thorsten Kukuk <kukuk@thkukuk.de>
2931 * po/LINGUAS: Add uk.
2934 * po/cs.po: Updated.
2935 * po/po/es.po: Updated.
2936 * po/fi.po: Updated.
2937 * po/fr.po: Updated.
2938 * po/hu.po: Updated.
2939 * po/it.po: Updated.
2940 * po/ja.po: Updated.
2941 * po/nb.po: Updated.
2942 * po/pl.po: Updated.
2943 * po/pt.po: Updated.
2944 * po/pt_BR.po: Updated.
2945 * po/zh_CN.po: Updated.
2946 * po/zh_TW.po: Updated.
2948 2006-03-21 Thorsten Kukuk <kukuk@thkukuk.de>
2950 * configure.in: Remove ALL_LINGUAS.
2952 * po/tr.po: New (from Ismail Donmez <ismail@pardus.org.tr>).
2954 2006-03-13 Thorsten Kukuk <kukuk@thkukuk.de>
2956 * doc/man/pam_error.3.xml: New.
2957 * doc/man/pam_error.3: New, generated from XML file.
2958 * doc/man/pam_verror.3: New, generated from XML file.
2959 * doc/man/Makefile.am: Add pam_error.3 and pam_verror.3.
2961 * modules/pam_lastlog/Makefile.am: Fix typo.
2963 * modules/pam_lastlog/pam_lastlog.c: Move comment for
2964 translators in right line.
2965 * po/*.po: Update po files with comment for translator.
2967 2006-03-12 Thorsten Kukuk <kukuk@thkukuk.de>
2969 * doc/man/Makefile.am: Add new manual pages.
2971 * doc/man/pam.conf.5.xml: Replace link with content
2973 * doc/man/pam.conf.5: Regenerated from XML file.
2975 * doc/man/pam_info.3.xml: New.
2976 * doc/man/pam_info.3: New, generated from XML file.
2977 * doc/man/pam_vinfo.3: New, generated from XML file.
2979 * doc/man/pam_conv.3.xml: New.
2980 * doc/man/pam_conv.3: New, generated from XML file.
2982 * doc/man/pam_putenv.3.xml: New.
2983 * doc/man/pam_putenv.3: New, generated from XML file.
2985 * doc/man/pam_getenv.3.xml: New.
2986 * doc/man/pam_getenv.3: New, generated from XML file.
2988 * doc/man/pam_getenvlist.3.xml: New.
2989 * doc/man/pam_getenvlist.3: New, generated from XML file.
2991 * libpam/pam_item.c (pam_get_user): Check for valid pamh before
2994 * configure.in: create tests/Makefile
2995 * Makefile.am (SUBDIRS): Add tests
2996 * tests/Makefile.am: New.
2997 * tests/tst-dlopen.c: New.
2998 * tests/tst-pam_acct_mgmt.c: New.
2999 * tests/tst-pam_authenticate.c: New.
3000 * tests/tst-pam_chauthtok.c: New.
3001 * tests/tst-pam_close_session.c: New.
3002 * tests/tst-pam_end.c: New.
3003 * tests/tst-pam_fail_delay.c: New.
3004 * tests/tst-pam_getenvlist.c: New.
3005 * tests/tst-pam_get_item.c: New.
3006 * tests/tst-pam_open_session.c: New.
3007 * tests/tst-pam_setcred.c: New.
3008 * tests/tst-pam_set_item.c: New.
3009 * tests/tst-pam_start.c: New.
3010 * tests/tst-pam_get_user.c: New.
3012 * modules/pam_access/Makefile.am: Add rules for make check
3013 * modules/pam_access/tst-pam_access: New
3014 * modules/pam_cracklib/Makefile.am: Add rules for make check
3015 * modules/pam_cracklib/tst-pam_cracklib: New
3016 * modules/pam_debug/Makefile.am: Add rules for make check
3017 * modules/pam_debug/tst-pam_debug: New
3018 * modules/pam_deny/Makefile.am: Add rules for make check
3019 * modules/pam_deny/tst-pam_deny: New
3020 * modules/pam_echo/Makefile.am: Add rules for make check
3021 * modules/pam_echo/tst-pam_echo: New
3022 * modules/pam_env/Makefile.am: Add rules for make check
3023 * modules/pam_env/tst-pam_env: New
3024 * modules/pam_exec/Makefile.am: Add rules for make check
3025 * modules/pam_exec/tst-pam_exec: New
3026 * modules/pam_filter/Makefile.am: Add rules for make check
3027 * modules/pam_filter/tst-pam_filter: New
3028 * modules/pam_ftp/Makefile.am: Add rules for make check
3029 * modules/pam_ftp/tst-pam_ftp: New
3030 * modules/pam_group/Makefile.am: Add rules for make check
3031 * modules/pam_group/tst-pam_group: New
3032 * modules/pam_issue/Makefile.am: Add rules for make check
3033 * modules/pam_issue/tst-pam_issue: New
3034 * modules/pam_lastlog/Makefile.am: Add rules for make check
3035 * modules/pam_lastlog/tst-pam_lastlog: New
3036 * modules/pam_limits/Makefile.am: Add rules for make check
3037 * modules/pam_limits/tst-pam_limits: New
3038 * modules/pam_listfile/Makefile.am: Add rules for make check
3039 * modules/pam_listfile/tst-pam_listfile: New
3040 * modules/pam_localuser/Makefile.am: Add rules for make check
3041 * modules/pam_localuser/tst-pam_localuser: New
3042 * modules/pam_mail/Makefile.am: Add rules for make check
3043 * modules/pam_mail/tst-pam_mail: New
3044 * modules/pam_mkhomedir/Makefile.am: Add rules for make check
3045 * modules/pam_mkhomedir/tst-pam_mkhomedir: New
3046 * modules/pam_motd/Makefile.am: Add rules for make check
3047 * modules/pam_motd/tst-pam_motd: New
3048 * modules/pam_nologin/Makefile.am: Add rules for make check
3049 * modules/pam_nologin/tst-pam_nologin: New
3050 * modules/pam_permit/Makefile.am: Add rules for make check
3051 * modules/pam_permit/tst-pam_permit: New
3052 * modules/pam_rhosts/Makefile.am: Add rules for make check
3053 * modules/pam_rhosts/tst-pam_rhosts: New
3054 * modules/pam_rootok/Makefile.am: Add rules for make check
3055 * modules/pam_rootok/tst-pam_rootok: New
3056 * modules/pam_securetty/Makefile.am: Add rules for make check
3057 * modules/pam_securetty/tst-pam_securetty: New
3058 * modules/pam_selinux/Makefile.am: Add rules for make check
3059 * modules/pam_selinux/tst-pam_selinux: New
3060 * modules/pam_shells/Makefile.am: Add rules for make check
3061 * modules/pam_shells/tst-pam_shells: New
3062 * modules/pam_stress/Makefile.am: Add rules for make check
3063 * modules/pam_stress/tst-pam_stress: New
3064 * modules/pam_succeed_if/Makefile.am: Add rules for make check
3065 * modules/pam_succeed_if/tst-pam_succeed_if: New
3066 * modules/pam_tally/Makefile.am: Add rules for make check
3067 * modules/pam_tally/tst-pam_tally: New
3068 * modules/pam_time/Makefile.am: Add rules for make check
3069 * modules/pam_time/tst-pam_time: New
3070 * modules/pam_umask/Makefile.am: Add rules for make check
3071 * modules/pam_umask/tst-pam_umask: New
3072 * modules/pam_unix/Makefile.am: Add rules for make check
3073 * modules/pam_unix/tst-pam_unix: New
3074 * modules/pam_userdb/Makefile.am: Add rules for make check
3075 * modules/pam_userdb/tst-pam_userdb: New
3076 * modules/pam_warn/Makefile.am: Add rules for make check
3077 * modules/pam_warn/tst-pam_warn: New
3078 * modules/pam_wheel/Makefile.am: Add rules for make check
3079 * modules/pam_wheel/tst-pam_wheel: New
3080 * modules/pam_xauth/Makefile.am: Add rules for make check
3081 * modules/pam_xauth/tst-pam_xauth: New
3083 2006-03-11 Thorsten Kukuk <kukuk@thkukuk.de>
3085 * doc/man/pam_fail_delay.3.xml: New.
3086 * doc/man/pam_fail_delay.3: New, generated from xml.
3087 * doc/man/pam_prompt.3.xml: New.
3088 * doc/man/pam_prompt.3: New, generated from xml.
3089 * doc/man/pam_syslog.3.xml: New.
3090 * doc/man/pam_syslog.3: New, generated from xml.
3091 * doc/man/pam_vprompt.3: New, generated from xml.
3092 * doc/man/pam_vsyslog.3: New, generated from xml.
3094 2006-02-24 Thorsten Kukuk <kukuk@thkukuk.de>
3096 * po/km.po: Update Khmer translation.
3098 2006-02-24 Thorsten Kukuk <kukuk@thkukuk.de>
3100 * modules/pam_succeed_if/pam_succeed_if.8.xml: New, based on
3101 version from #1425487.
3102 * modules/pam_succeed_if/pam_succeed_if.8: Regenerated from xml.
3103 * modules/pam_succeed_if/Makefile.am: Include XML rules.
3104 * modules/pam_succeed_if/README.xml: New.
3105 * modules/pam_succeed_if/README: Regenerated from xml.
3106 * modules/pam_succeed_if/pam_succeed_if.c: Fix comment about
3109 2006-02-22 Thorsten Kukuk <kukuk@thkukuk.de>
3111 * configure.in: Fix check for incomplete libaudit installations
3112 (Patch from Ruediger Oertel <ro@suse.de>).
3114 * modules/pam_lastlog/pam_lastlog.c (last_login_write): Initialize
3115 correct last_login field [#1427401].
3117 * modules/pam_lastlog/pam_lastlog.c (last_login_read): Mark strftime
3118 format string for translation to allow reorder [#1428269].
3119 * po/*.po: Update with last pam_lastlog change.
3122 2006-02-17 Thorsten Kukuk <kukuk@thkukuk.de>
3124 * doc/man/Makefile.am: Add new manual pages.
3125 * doc/man/pam_end.3: Regenerated from xml file.
3126 * doc/man/pam_end.3.xml: Document freeing of item data.
3127 * doc/man/pam_get_user.3: New.
3128 * doc/man/pam_get_user.3.xml: New.
3129 * modules/pam_access/access.conf.5.xml: Fix typos.
3130 * modules/pam_env/Makefile.am: Add new manual pages.
3131 * modules/pam_env/README: Regenerate from xml file.
3132 * modules/pam_env/README.xml: New.
3133 * modules/pam_env/pam_env.8: New.
3134 * modules/pam_env/pam_env.8.xml: New.
3135 * modules/pam_env/pam_env.conf.5: New.
3136 * modules/pam_env/pam_env.conf.5.xml New.
3138 2006-02-14 Thorsten Kukuk <kukuk@thkukuk.de>
3140 * po/fi.po: Updated translations.
3141 * po/pl.po: Likewise.
3142 * po/km.po: New translation.
3143 * configure.in: Add km as new language.
3145 2006-02-13 Thorsten Kukuk <kukuk@thkukuk.de>
3147 * modules/pam_echo/pam_echo.8.xml: New.
3148 * modules/pam_echo/pam_echo.8: Regenerated from xml file.
3149 * modules/pam_echo/Makefile.am: Include Make.xml.rules.
3150 * modules/pam_echo/pam_echo.c: Fix return value.
3152 * doc/modules/pam_chroot.sgml: Remove obsolete sgml file.
3154 2006-02-12 Thorsten Kukuk <kukuk@thkukuk.de>
3156 * configure.in: Add doc/man/Makefile.
3157 * Make.xml.rules: Enable xincludes for manual pages.
3158 * doc/Makefile.am (EXRA_DIST): Remove manual pages.
3159 (SUBDIR): Add man subdirectory.
3160 * doc/man/Makefile.am: New.
3161 * doc/man/pam_acct_mgmt.3: New.
3162 * doc/man/pam_acct_mgmt.3.xml: New.
3163 * doc/man/pam_get_data.3: New.
3164 * doc/man/pam_get_data.3.xml: New.
3165 * doc/man/pam_set_data.3: New.
3166 * doc/man/pam_set_data.3.xml: New.
3167 * doc/man/pam.8.xml: New.
3168 * doc/man/pam.8: Regenerated from xml file.
3169 * doc/man/pam_authenticate.3.xml: New.
3170 * doc/man/pam_authenticate.3: Regenerated from xml file.
3171 * doc/man/pam_chauthtok.3.xml: New.
3172 * doc/man/pam_chauthtok.3: Regenerated from xml file.
3173 * doc/man/pam_close_session.3.xml: New.
3174 * doc/man/pam_close_session.3: Regenerated from xml file.
3175 * doc/man/pam_end.3.xml: New.
3176 * doc/man/pam_end.3: Regenerated from xml file.
3177 * doc/man/pam_fail_delay.3.xml: New.
3178 * doc/man/pam_fail_delay.3: Regenerated from xml file.
3179 * doc/man/pam_get_item.3.xml: New.
3180 * doc/man/pam_get_item.3: Regenerated from xml file.
3181 * doc/man/pam_item_types.inc.xml: New.
3182 * doc/man/pam_open_session.3.xml: New.
3183 * doc/man/pam_open_session.3: Regenerated from xml file.
3184 * doc/man/pam_set_item.3.xml: New.
3185 * doc/man/pam_set_item.3: Regenerated from xml file.
3186 * doc/man/pam_setcred.3.xml: New.
3187 * doc/man/pam_setcred.3: Regenerated from xml file.
3188 * doc/man/pam_start.3.xml: New.
3189 * doc/man/pam_start.3: Regenerated from xml file.
3190 * doc/man/pam_strerror.3.xml: New.
3191 * doc/man/pam_strerror.3: Regenerated from xml file.
3192 * doc/man/template-man: Removed.
3194 2006-02-10 Thorsten Kukuk <kukuk@thkukuk.de>
3196 * configure.in: Remove pam_pwdb support.
3197 * modules/Makefile.am: remove pam_pwdb.
3198 * modules/pam_pwdb: Remove complete directory.
3199 * libpam/Makefile.am: Remove LIBPWDB references.
3200 * libpam/pam_static_modules.h: Remove pam_pwdb references.
3201 * doc/modules/pam_pwdb.sgml: Removed.
3202 * po/POTFILES.in: Remove modules/pam_pwdb/*.c entries.
3203 * doc/pam_source.sgml: Remove references to libpwdb.
3204 * doc/modules/pam_limits.sgml: Remove wrong reference to libpwdb.
3205 * doc/modules/pam_group.sgml: Likewise.
3206 * doc/modules/pam_cracklib.sgml: Replace pam_pwdb with pam_unix.
3207 * doc/modules/pam_userdb.sgml: Likewise.
3208 * modules/pam_cracklib/pam_cracklib.8.xml: Replace pam_pwdb
3210 * modules/pam_mkhomedir/pam_mkhomedir.c: Likewise.
3211 * modules/pam_group/pam_group.c: Remove dead code for libpwdb.
3213 * modules/pam_access/Makefile.am: Fix EXTRA_DIST.
3214 * modules/pam_cracklib/Makefile.am: Likewise.
3215 * modules/pam_deny/Makefile.am: Likewise.
3216 * modules/pam_exec/Makefile.am: Likewise.
3218 2006-02-07 Thorsten Kukuk <kukuk@thkukuk.de>
3220 * configure.in: Check for text browser.
3221 * Make.xml.rules: Add rule to generate README from README.xml.
3223 * modules/pam_access/Makefile.am: Include Make.xml.rules.
3224 * modules/pam_access/README: Regenerated from README.xml.
3225 * modules/pam_access/README.xml: New.
3226 * modules/pam_access/access.conf: Extended by new examples.
3227 * modules/pam_access/access.conf.5: New, generated from xml file.
3228 * modules/pam_access/access.conf.5.xml: New.
3229 * modules/pam_access/pam_access.8: New, generated from xml file.
3230 * modules/pam_access/pam_access.8.xml: New.
3231 * modules/pam_access/pam_access.c: Add rules for IPv6 and
3233 Based on patch from Mike Becher <Mike.Becher@lrz-muenchen.de>.
3235 * modules/pam_deny/Makefile.am: Include Make.xml.rules.
3236 * modules/pam_deny/pam_deny.8.xml: New.
3237 * modules/pam_deny/pam_deny.8: New, generated from xml file.
3238 * modules/pam_deny/README.xml: New.
3239 * modules/pam_deny/README: Regenerated from xml file.
3241 * modules/pam_cracklib/Makefile.am: Include Make.xml.rules.
3242 * modules/pam_cracklib/pam_cracklib.8.xml: New.
3243 * modules/pam_cracklib/pam_cracklib.8: New, generated from xml file.
3244 * modules/pam_cracklib/README.xml: New.
3245 * modules/pam_cracklib/README: Regenerated from xml file.
3247 * modules/pam_exec/Makefile.am: Add rule to generate README.
3248 * modules/pam_exec/README: Regenerated from xml file.
3249 * modules/pam_exec/pam_exec.8: Regenerated from xml file.
3250 * modules/pam_exec/pam_exec.8.xml: Syntax files.
3252 2006-02-06 Thorsten Kukuk <kukuk@thkukuk.de>
3255 * po/pt.po: Update translations.
3256 * configure.in: Add nl as new language.
3258 2006-01-30 Thorsten Kukuk <kukuk@thkukuk.de>
3260 * modules/pam_exec/pam_exec.8.xml: Fix syntax of Return Value section.
3261 * modules/pam_exec/Makefile.am: Include Make.xml.rules.
3263 * Make.xml.rules: New.
3265 * Makefile.am (EXTRA_DIST): Add Make.xml.rules.
3267 2006-01-27 Thorsten Kukuk <kukuk@thkukuk.de>
3269 * configure.in: Prefer libdb over libndbm, fix check for
3270 libcrack and remove not needed BACKUP_LIBS.
3272 2006-01-24 Thorsten Kukuk <kukuk@thkukuk.de>
3274 * modules/pam_debug/pam_debug.c: Fix name of pam_module struct.
3276 * po/de.po: Fix one translation.
3278 * configure.in: Add modules/pam_exec.
3279 * modules/Makefile.am: Add pam_exec subdirectory.
3280 * modules/pam_exec/README: New.
3281 * modules/pam_exec/Makefile.am: New.
3282 * modules/pam_exec/pam_exec.8: New.
3283 * modules/pam_exec/pam_exec.c: New.
3284 * modules/pam_exec/pam_exec.8.xml: New.
3285 * po/POTFILES.in: Add modules/pam_exec/pam_exec.c.
3286 * po/*.po: Merge new pam_exec strings.
3288 * libpam/pam_static_modules.h: New.
3289 * Makefile.am: Reorder subdirectories for static modules.
3290 * configure.in: Add --enable-static-modules option.
3291 * libpam/Makefile.am: Define WITH_SELINUX and WITH_PWDB if
3292 necessary, add pam_static_modules.h, link against all PAM
3293 module object files if STATIC_MODULES is defined.
3294 * libpam/pam_static.c: Remove old _static_module* includes,
3295 include pam_static_modules.h.
3297 * configure.in: Add checks for xsltproc, xmllint and docbook
3299 * m4/jh_path_xml_catalog.m4: New.
3301 2006-01-22 Thorsten Kukuk <kukuk@thkukuk.de>
3303 * modules/pam_succeed_if/pam_succeed_if.c: Add support for
3305 * modules/pam_xauth/pam_xauth.c: Likewise.
3307 * libpam/pam_static.c (_pam_open_static_handler): Add pamh
3309 * libpam/pam_private.h: Adjust prototype.
3310 * libpam/pam_handlers.c (_pam_add_handler): Add pamh to
3311 _pam_open_static_handler call.
3313 * configure.in: Don't define PAM_DYNAMIC.
3314 * libpam/pam_handlers.c: Get ride of PAM_DYNAMIC, don't
3315 include pam_dynamic.h
3316 * libpam/pam_dynamic.c: Don't include pam_dynamic.h,
3317 exclude functions if we compile with PAM_STATIC.
3318 * libpam/pam_dynamic.h: Remove.
3319 * libpam/pam_private.h: Add function prototypes from pam_dynamic.h.
3320 * libpam/Makefile.am: Bump version number of libpam, remove
3323 2006-01-21 Thorsten Kukuk <kukuk@thkukuk.de>
3325 * modules/pam_listfile/pam_listfile.c: Add support for session
3326 and password management.
3328 2006-01-19 Thorsten Kukuk <kukuk@thkukuk.de>
3330 * doc/specs/Makefile.am (spec): Add padout to fix parallel
3331 build (Reported by Andreas Haumer <andreas@xss.co.at>).
3333 2006-01-15 Thorsten Kukuk <kukuk@thkukuk.de>
3335 * modules/pam_echo/pam_echo.c: Define HOST_NAME_MAX if not
3338 2006-01-13 Thorsten Kukuk <kukuk@thkukuk.de>
3340 * release version 0.99.3.0
3342 * libpam_misc/misc_conv.c (misc_conv): Fix strict aliasing
3345 * modules/pam_umask/pam_umask.c (search_key): Don't ignore
3346 EOF/error return value from fgets().
3348 * configure.in: Check for getline and getdelim
3350 * po/fi.po: Add new translations.
3351 * po/de.po: Likewise.
3352 * po/es.po: Likewise.
3353 * po/fr.po: Likewise.
3354 * po/it.po: Likewise.
3355 * po/ja.po: Likewise.
3356 * po/pt_BR.po: Likewise.
3357 * po/zh_CH.po: Likewise.
3358 * po/zh_TW.po: Likewise.
3360 2006-01-13 Dmitry V. Levin <ldv@altlinux.org>
3362 * libpam/pam_audit.c (_pam_auditlog): Replace strerror(errno)
3363 call with %m specifier.
3365 2006-01-12 Thorsten Kukuk <kukuk@thkukuk.de>
3367 * configure.in: Add check for -fpie/-pie
3368 * modules/pam_filter/upperLOWER/Makefile.am: Compile/link
3369 upperLOWER with -fpie/-pie if supported.
3370 * modules/pam_unix/Makefile.am: Compile/link unix_chkpwd
3371 with -fpie/-pie if supported.
3373 2006-01-12 Steve Grubb <sgrubb@redhat.com>
3375 * configure.in: Add check for audit library.
3376 * libpam/Makefile.am (libpam_la_LDFLAGS): Add LIBAUDIT.
3377 (libpam_la_SOURCES): Add pam_audit.c.
3378 * libpam/pam_account.c (pam_acct_mgmt): Add _pam_auditlog() call.
3379 * libpam/pam_auth.c (pam_authenticate), (pam_setcred): Likewise.
3380 * libpam/pam_password.c (pam_chauthtok): Likewise.
3381 * libpam/pam_session.c (pam_open_session),
3382 (pam_close_session): Likewise.
3383 * libpam/pam_private.h: Add audit_state member to pam_handle,
3384 declare _pam_auditlog and _pam_audit_end.
3385 * libpam/pam_start.c (pam_start): Initialize audit_state.
3386 * libpam/pam_audit.c: New file with _pam_auditlog and _pam_audit_end
3388 * libpam/pam_end.c (pam_end): Add _pam_audit_end() call.
3389 * NEWS: Note about added auditing.
3391 2006-01-11 Thorsten Kukuk <kukuk@thkukuk.de>
3393 * libpam/Makefile.am (AM_CFLAGS): Define LIBPAM_COMPILE.
3395 * libpam/include/security/_pam_types.h: Don't define PAM_NONNULL
3396 if we compile libpam itself.
3398 * po/hu.po: Update with new translations.
3400 2006-01-08 Thorsten Kukuk <kukuk@thkukuk.de>
3402 * modules/pam_cracklib/pam_cracklib.c: Use PAM_AUTHTOK_RECOVERY_ERR
3403 instead of PAM_AUTHTOK_RECOVER_ERR.
3404 * modules/pam_pwdb/support.-c: Likewise.
3405 * modules/pam_unix/support.c: Likewise.
3406 * modules/pam_userdb/pam_userdb.c (pam_sm_authenticate): Likewise.
3407 * libpam/pam_strerror.c (pam_strerror): Likewise.
3409 * libpam/include/security/_pam_compat.h: Define
3410 PAM_AUTHTOK_RECOVER_ERR for backward compatibility.
3412 * libpam/include/security/_pam_types.h: Rename
3413 PAM_AUTHTOK_RECOVER_ERR to PAM_AUTHTOK_RECOVERY_ERR.
3415 2006-01-05 Thorsten Kukuk <kukuk@thkukuk.de>
3417 * libpam/include/security/_pam_types.h: Remove nonnull attribute
3418 from third paramter (item) of pam_get_item.
3419 * libpam/Makefile.am: Bump version number of shared library.
3421 2005-12-21 Tomas Mraz <t8m@centrum.cz>
3423 * modules/pam_succeed_if/pam_succeed_if.c (evaluate_ingroup),
3424 (evaluate_notingroup): Simplified.
3425 (evaluate_innetgr), (evaluate_notinnetgr): New functions.
3426 (evaluate): Added calls to evaluate_(not)innetgr().
3427 * modules/pam_succeed_if/README: Documented netgroup matching.
3428 * NEWS: Mentioned the added netgroup matching support.
3430 2005-12-20 Thorsten Kukuk <kukuk@thkukuk.de>
3432 * modules/pam_lastlog/pam_lastlog.c (last_login_read): Use
3433 strftime instead of ctime.
3435 * po/de.po: Fix typo.
3437 2005-12-19 Thorsten Kukuk <kukuk@thkukuk.de>
3439 * libpam/pam_syslog.c: Define LOG_AUTHPRIV as LOG_AUTH on Solaris.
3440 Reported by Charles_H_Bedford@nbc.gov.
3442 * modules/pam_time/pam_time.c (check_account): Implement
3443 support for netgroups.
3445 * modules/pam_time/time.conf: Document usage of netgroups.
3447 2005-12-16 Thorsten Kukuk <kukuk@thkukuk.de>
3449 * modules/pam_group/pam_group.c (check_account): Implement
3450 support for netgroups.
3452 * modules/pam_group/group.conf: Add all documentation to this
3453 example config file and don't reference to outdated configs.
3455 * modules/pam_group/README: New.
3457 * modules/pam_group/Makefile.am: Add README to EXTRADIST.
3459 2005-12-15 Thorsten Kukuk <kukuk@suse.de>
3461 * modules/pam_lastlog/pam_lastlog.c (last_login_read): Don't report an
3462 error if user logins the first time.
3464 * modules/pam_lastlog/README: New.
3466 * modules/pam_lastlog/Makefile.am: Add README to EXTRADIST.
3468 2005-12-14 Thorsten Kukuk <kukuk@suse.de>
3470 * modules/pam_deny/pam_deny.c: Fix comment.
3472 * doc/pam_appl.sgml: Fix typo.
3474 Reported by Russell Bateman <russ@windofkeltia.com>
3476 2005-12-12 Thorsten Kukuk <kukuk@thkukuk.de>
3478 * release version 0.99.2.1
3480 * po/de.po: Remove new fuzzy entry
3482 * NEWS: Add 0.99.2.1 changes
3484 * configure.in: bump version number to 0.99.2.1
3486 2005-12-12 Dmitry V. Levin <ldv@altlinux.org>
3488 Cleanup pam_syslog messages.
3490 * modules/pam_env/pam_env.c (_expand_arg): Fix compiler warning.
3491 * modules/pam_filter/pam_filter.c (set_filter): Append %m
3492 specifier to pam_syslog messages where appropriate.
3493 * modules/pam_group/pam_group.c (read_field): Likewise.
3494 * modules/pam_mkhomedir/pam_mkhomedir.c (make_remark): Remove.
3495 (create_homedir): Do not use make_remark() wrapper, call
3496 pam_info() directly. Call pam_syslog() right after failed
3497 operation and append %m specifier to pam_syslog messages where
3499 * modules/pam_rhosts/pam_rhosts_auth.c (pam_iruserok): Replace
3500 sequence of malloc(), strcpy() and strcat() calls with asprintf().
3501 Append %m specifier to pam_syslog messages where appropriate.
3502 * modules/pam_securetty/pam_securetty.c (securetty_perform_check):
3503 Append %m specifier to pam_syslog messages where appropriate.
3504 * modules/pam_shells/pam_shells.c (perform_check): Likewise.
3506 2005-12-12 Tomas Mraz <t8m@centrum.cz>
3508 * modules/pam_mail/pam_mail.c (report_mail): Fixed typo in string.
3509 * po/Linux-PAM.pot: Likewise.
3510 * po/de.po: Likewise.
3511 * po/es.po: Likewise.
3512 * po/fi.po: Likewise.
3513 * po/fr.po: Likewise.
3514 * po/hu.po: Likewise.
3515 * po/it.po: Likewise.
3516 * po/ja.po: Likewise.
3517 * po/nb.po: Likewise.
3518 * po/pa.po: Likewise.
3519 * po/pl.po: Likewise.
3520 * po/pt.po: Likewise.
3521 * po/pt_BR.po: Likewise.
3522 * po/zh_CN.po: Likewise.
3523 * po/zh_TW.po: Likewise.
3524 * po/de.po: Add new translation, fixed typo in string.
3526 2005-12-12 Mike Becher <Mike.Becher@lrz-muenchen.de>
3528 * doc/Makefile.am: Fixed install of PS, PDF, TXT and HTML files.
3530 2005-12-12 Thorsten Kukuk <kukuk@suse.de>
3532 * modules/pam_mail/README: Document "quiet" and "standard"
3535 2005-12-07 Thorsten Kukuk <kukuk@suse.de>
3537 * modules/pam_mail/pam_mail.c: Modify assembling of output
3538 for easier translation.
3540 * po/de.po: Translate new pam_mail messages.
3543 2005-11-24 Thorsten Kukuk <kukuk@thkukuk.de>
3545 * po/de.po: Add new translation, fix wrong format specifier.
3546 * po/cs.po: Fix wrong format specifier.
3547 * po/es.po: Likewise.
3548 * po/fi.po: Likewise.
3549 * po/fr.po: Likewise.
3550 * po/hu.po: Likewise.
3551 * po/it.po: Likewise.
3552 * po/ja.po: Likewise.
3553 * po/nb.po: Likewise.
3554 * po/pa.po: Likewise.
3555 * po/pl.po: Likewise.
3556 * po/pt.po: Likewise.
3557 * po/pt_BR.po: Likewise.
3558 * po/zh_CN.po: Likewise.
3559 * po/zh_TW.po: Likewise.
3561 2005-11-24 Dmitry V. Levin <ldv@altlinux.org>
3563 * config.h.in: Remove generated file.
3564 * .cvsignore: Add config.h.in.
3566 * configure.in: Do not check for strerror.
3567 * libpam_misc/misc_conv.c (read_string): Replace strerror()
3568 call with %m specifier.
3569 * libpamc/pamc_converse.c (pamc_converse): Likewise.
3570 * modules/pam_echo/pam_echo.c (pam_echo): Likewise.
3571 * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate):
3573 * modules/pam_selinux/pam_selinux.c (security_label_tty):
3575 (security_restorelabel_tty, security_label_tty): Append %m
3576 specifier where appropriate.
3577 * modules/pam_selinux/pam_selinux_check.c (main): Replace
3578 strerror() call with %m specifier.
3579 * modules/pam_unix/pam_unix_passwd.c (save_old_password,
3580 _update_passwd, _update_shadow): Likewise.
3581 * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
3582 * modules/pam_unix/unix_chkpwd.c (_update_shadow): Likewise.
3583 * po/Linux-PAM.pot: Update strings from pam_selinux.
3584 * po/cs.po: Likewise.
3585 * po/de.po: Likewise.
3586 * po/es.po: Likewise.
3587 * po/fi.po: Likewise.
3588 * po/fr.po: Likewise.
3589 * po/hu.po: Likewise.
3590 * po/it.po: Likewise.
3591 * po/ja.po: Likewise.
3592 * po/nb.po: Likewise.
3593 * po/pa.po: Likewise.
3594 * po/pl.po: Likewise.
3595 * po/pt.po: Likewise.
3596 * po/pt_BR.po: Likewise.
3597 * po/zh_CN.po: Likewise.
3598 * po/zh_TW.po: Likewise.
3600 2005-11-23 Thorsten Kukuk <kukuk@suse.de>
3602 * modules/pam_xauth/pam_xauth.c (pam_sm_open_session): Introduce
3603 new variable to fix compiler warning.
3605 * libpam/pam_modutil_getlogin.c (pam_modutil_getlogin): PAM_TTY
3606 don't need to start with /dev/.
3608 2005-11-21 Thorsten Kukuk <kukuk@thkukuk.de>
3610 * release version 0.99.2.0
3612 * libpam_misc/Makefile.am: Increase release number (for change
3615 * NEWS: Adjust for 0.99.2.0
3617 2005-11-17 Thorsten Kukuk <kukuk@thkukuk.de>
3619 * libpam/include/security/_pam_compat.h: Fix wrong #ifdef nesting.
3620 Redefine PAM_CHANGE_EXPIRED_AUTHTOK [#604380]
3622 2005-11-16 Thorsten Kukuk <kukuk@thkukuk.de>
3624 * libpam/pam_handlers.c: Replace code for all dlopen variants with
3626 * libpam/pam_dynamic.c: Implement generic wrapper for dlopen.
3627 * libpam/pam_dynamic.h: Provide prototypes.
3628 For Mac OS X support [#534205]
3630 2005-11-09 Tomas Mraz <t8m@centrum.cz>
3632 * modules/pam_access/pam_access.c (pam_sm_acct_mgmt): Parse correctly
3634 * modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Parse correctly
3635 full path tty name. Allow unset tty.
3636 (logic_member): Allow matching ':' in tty name.
3637 * modules/pam_group/pam_group.c (pam_sm_acct_mgmt): Parse correctly
3638 full path tty name. Allow unset tty.
3639 (logic_member): Allow matching ':' in tty name.
3641 * libpam_misc/misc_conv.c (read_string): Read only up to EOL if stdin
3644 2005-11-07 Thorsten Kukuk <kukuk@thkukuk.de>
3646 * modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Use
3647 correct variable names.
3649 2005-11-06 Steve Langasek <vorlon@debian.org>
3651 * modules/pam_env/pam_env.c: don't treat a missing
3652 /etc/environment as a fatal error when attempting to read it,
3653 and try to read this file by default; this restores the behavior
3654 from Linux-PAM 0.76.
3656 2005-11-02 Tomas Mraz <t8m@centrum.cz>
3658 * modules/pam_unix/support.c (_unix_getpwnam): Fix typo [#1224807]
3661 * modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Change the
3662 logic when comparing dates to handle corner cases better [#1245888].
3664 2005-10-31 Thorsten Kukuk <kukuk@suse.de>
3666 * modules/pam_filter/pam_filter.c: Use XCASE only if defined
3669 2005-10-27 Thorsten Kukuk <kukuk@suse.de>
3671 * doc/man/pam.8: Fix wording for authentication chapter [#1197444]
3673 2005-10-26 Tomas Mraz <t8m@centrum.cz>
3675 * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary),
3676 modules/pam_unix/pam_unix_passwd.c (_unix_run_shadow_binary),
3677 modules/pam_unix/support.c (_unix_run_shadow_binary_): Set real
3678 uid to 0 before executing the helper if SELinux is enabled.
3679 * modules/pam_unix/unix_chkpwd.c (main): Disable user check only
3680 if real uid is 0 (CVE-2005-2977). Log failed password check attempt.
3683 2005-10-20 Tomas Mraz <t8m@centrum.cz>
3685 * configure.in: Added check for xauth binary and --with-xauth option.
3686 * config.h.in: Added configurable PAM_PATH_XAUTH.
3687 * modules/pam_xauth/README,
3688 modules/pam_xauth/pam_xauth.8: Document where xauth is looked for.
3689 * modules/pam_xauth/pam_xauth.c (pam_sm_open_session): Implement
3690 searching xauth binary on multiple places.
3691 (run_coprocess): Don't use execvp as it can be a security risk.
3693 2005-10-04 Steve Langasek <vorlon@debian.org>
3695 * libpam/include/security/pam_malloc.h,
3696 libpam/include/security/pam_modules.h: Declare public header
3697 files extern "C" so that they are C++-safe.
3699 2005-10-02 Dmitry V. Levin <ldv@altlinux.org>
3700 Steve Langasek <vorlon@debian.org>
3702 Cleanup gratuitous use of strdup().
3703 Fix "missing argument" checks.
3705 * modules/pam_env/pam_env.c (_pam_parse): Add const qualifier
3706 to conffile and envfile arguments. Do not use x_strdup() for
3707 conffile and envfile initialization. Fix "missing argument"
3709 (_parse_config_file): Take conffile argument of type "const char *"
3710 instead of "char **". Do not free conffile.
3711 (_parse_env_file): Take env_file argument of type "const char *"
3712 instead of "char **". Do not free env_file.
3713 (pam_sm_setcred): Add const qualifier to conf_file and env_file.
3714 Pass conf_file and env_file to _parse_config_file() and
3715 _parse_env_file() by value.
3716 (pam_sm_open_session): Likewise.
3718 * modules/pam_ftp/pam_ftp.c (_pam_parse): Add const qualifier to
3719 users argument. Do not use x_strdup() for users initialization.
3720 (lookup): Add const qualifier to list argument.
3721 (pam_sm_authenticate): Add const qualifier to users argument.
3723 * modules/pam_mail/pam_mail.c (_pam_parse): Add const qualifier
3724 to maildir argument. Do not use x_strdup() for maildir
3725 initialization. Fix "missing argument" check.
3726 (get_folder): Take path_mail argument of type "const char *"
3727 instead of "char **". Do not free path_mail.
3728 (_do_mail): Add const qualifier to path_mail argument.
3729 Pass path_mail to get_folder() by value.
3731 * modules/pam_motd/pam_motd.c: Include <syslog.h>.
3732 (pam_sm_open_session): Add const qualifier to motd_path.
3733 Do not use x_strdup() for motd_path initialization. Do not
3734 free motd_path. Fix "missing argument" check. Add "unknown
3737 * modules/pam_userdb/pam_userdb.c (_pam_parse): Add const
3738 qualifier to database and cryptmode arguments. Fix "missing
3740 (pam_sm_authenticate): Add const qualifier to database and cryptmode.
3741 (pam_sm_acct_mgmt): Likewise.
3743 2005-10-01 Steve Langasek <vorlon@debian.org>
3745 * modules/pam_userdb/pam_userdb.c: spelling fix in log message.
3747 2005-09-30 Steve Langasek <vorlon@debian.org>
3749 * modules/pam_userdb/pam_userdb.c: Fix memory leak due to
3750 gratuitous use of strdup().
3752 2005-09-27 Thorsten Kukuk <kukuk@thkukuk.de>
3756 * doc/specs/Makefile.am (install-data-local): Install
3758 (all): Copy rfc if we build outside of source directory.
3760 2005-09-27 Thorsten Kukuk <kukuk@suse.de>
3762 * NEWS: Document removal of pam_radius.
3763 * autogen.sh: Make configure script executeable.
3765 * conv/pam_conv1/Makefile (EXTRA_DIST): Removed lex.yy.c
3766 (lex.yy.c): Fixed out of tree build.
3768 * conv/pam_conv1/pam_conv.y: Fix main prototype.
3772 * po/POTFILES.in: Remove files not distributed by tar archive
3773 and not containing strings for translation.
3775 2005-09-26 Tomas Mraz <t8m@centrum.cz>
3777 * NEWS: Add a few missing entries from CHANGELOG.
3779 * AUTHORS: Fixed entries for Toady and me.
3781 * Makefile.am (M4_FILES): Fixed out of tree build.
3782 * doc/specs/Makefile.am (EXTRA_DIST): Removed lex.yy.c
3783 (spec, lex.yy.c): Fixed out of tree build.
3785 * modules/pam_userdb/README: Document try_first_pass and
3786 use_first_pass options, remove use_authtok option.
3789 2005-09-26 Dmitry V. Levin <ldv@altlinux.org>
3791 * NEWS: Mention changes in pam_lastlog.
3793 2005-09-26 Thorsten Kukuk <kukuk@suse.de>
3796 * autogen.sh: Don't generate NEWS file.
3797 * CHANGELOG: Document it as obsolete.
3799 2005-09-26 Tomas Mraz <t8m@centrum.cz>
3801 * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary):
3802 _log_err() -> pam_syslog()
3803 (pam_sm_acct_mgmt): _log_err() -> pam_syslog(), fix warning.
3804 * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate):
3805 _log_err() -> pam_syslog()
3806 * modules/pam_unix/pam_unix_passwd.c: removed obsolete ifdef
3807 (getNISserver, _unix_run_shadow_binary, _update_passwd,
3808 _update_shadow, _do_setpass, _pam_unix_approve_pass,
3809 pam_sm_chauthtok): _log_err() -> pam_syslog()
3810 * modules/pam_unix/pam_unix_sess.c: removed obsolete ifdef
3811 (pam_sm_open_session, pam_sm_close_session):
3812 _log_err() -> pam_syslog()
3813 * modules/pam_unix/support.c (_log_err, converse): removed
3814 (_make_remark): use pam_prompt() instead of converse()
3815 (_set_ctrl, _cleanup_failures, _unix_run_helper_binary,
3816 _unix_verify_password, _unix_read_password):
3817 _log_err() -> pam_syslog()
3818 _cleanup(), _unix_cleanup(): Silence unused param warnings.
3819 (_cleanup_failures, _unix_verify_password, _unix_getpwnam,
3820 _unix_run_helper_binary): Silence incorrect type warnings.
3821 (_unix_read_password): Use multiple pam_prompt() and pam_info() calls
3822 instead of converse().
3823 * modules/pam_unix/support.h (_log_err): removed
3824 * modules/pam_unix/unix_chkpwd.c (_log_err): LOG_AUTH -> LOG_AUTHPRIV
3826 2005-09-26 Thorsten Kukuk <kukuk@suse.de>
3828 * configure.in: Add doc/specs/Makefile.
3829 * Makefile.am: Add releasedocs rule.
3830 * doc/Makefile.am: Add specs subdir, remove files from specs
3831 directory, add rfc86.0.txt to releasedocs.
3832 * doc/specs/Makefile.am: New file.
3833 * doc/specs/formatter/parse.y: move from here ...
3834 * doc/specs/parse.y: ... here.
3835 * doc/specs/formatter/parse.lex: move from here ...
3836 * doc/specs/parse.lex: ... here.
3838 * modules/pam_mail/pam_mail.c: Mark missing strings for translation
3839 * po/Linux-PAM.pot: Add new strings from pam_mail
3840 * po/cs.po: Likewise.
3841 * po/de.po: Likewise.
3842 * po/es.po: Likewise.
3843 * po/fi.po: Likewise.
3844 * po/fr.po: Likewise.
3845 * po/hu.po: Likewise.
3846 * po/it.po: Likewise.
3847 * po/ja.po: Likewise.
3848 * po/nb.po: Likewise.
3849 * po/pa.po: Likewise.
3850 * po/pl.po: Likewise.
3851 * po/pt.po: Likewise.
3852 * po/pt_BR.po: Likewise.
3853 * po/zh_CN.po: Likewise.
3854 * po/zh_TW.po: Likewise.
3856 2005-09-23 Tomas Mraz <t8m@centrum.cz>
3858 * modules/pam_access/pam_access.c (from_match): Support NULL from.
3859 (string_match): Support NULL string, add NONE keyword matching it.
3860 (pam_sm_acct_mgmt): Don't fail when ttyname returns NULL.
3861 * modules/pam_access/access.conf: NONE keyword description
3862 * modules/pam_access/README: NONE keyword description
3864 2005-09-22 Dmitry V. Levin <ldv@altlinux.org>
3866 * modules/pam_xauth/pam_xauth.c: (check_acl, pam_sm_open_session,
3867 pam_sm_close_session): Strip redundant "pam_xauth: " prefix from
3868 text of log messages.
3869 (pam_sm_open_session): Replace sequence of malloc(), strcpy()
3870 and strcat() calls with asprintf(). Replace syslog() calls
3873 * modules/pam_nologin/pam_nologin.c (parse_args): Use strncmp()
3874 instead of memcmp() for string comparison.
3876 2005-09-21 Dmitry V. Levin <ldv@altlinux.org>
3878 * modules/pam_nologin/pam_nologin.c: Include <syslog.h>.
3879 (parse_args): Add pam_handle_t* argument. Log unrecognized
3881 (perform_check): Log pam_get_user() and malloc() failures.
3882 (pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt):
3883 Pass pam_handle_t* to parse_args().
3885 * modules/pam_mail/pam_mail.c: Include <errno.h>.
3886 Remove YOUR_MAIL_VERBOSE_FORMAT, YOUR_MAIL_STANDARD_FORMAT and
3887 NO_MAIL_STANDARD_FORMAT macros.
3888 (parse_args, get_folder): Cleanup error messages.
3889 (get_folder): Fix leak of the path_mail variable in case of
3890 pam_get_user() failure. Cleanup memory management.
3891 (get_mail_status): Add pam_handle_t* argument. Fix leaks of
3892 namelist variable. Cleanup memory management. Log memory
3893 allocation failures. Remove 250-byte limit on Maildir pathname.
3894 (report_mail): Mark text messages for translation.
3895 (_do_mail): Cleanup memory management. Pass pam_handle_t*
3896 to get_mail_status().
3898 * po/Linux-PAM.pot: Update with new strings from pam_mail for
3900 * po/cs.po: Likewise.
3901 * po/de.po: Likewise.
3902 * po/es.po: Likewise.
3903 * po/fi.po: Likewise.
3904 * po/fr.po: Likewise.
3905 * po/hu.po: Likewise.
3906 * po/it.po: Likewise.
3907 * po/ja.po: Likewise.
3908 * po/nb.po: Likewise.
3909 * po/pa.po: Likewise.
3910 * po/pl.po: Likewise.
3911 * po/pt.po: Likewise.
3912 * po/pt_BR.po: Likewise.
3913 * po/zh_CN.po: Likewise.
3914 * po/zh_TW.po: Likewise.
3916 2005-09-20 Thorsten Kukuk <kukuk@suse.de>
3918 * configure.in: Add finish translation.
3921 * acinclude.m4: remove libprelude macros.
3922 * m4/libprelude.m4: New.
3924 * Makefile.am (EXTRA_DIST): make sure we include all m4 macros.
3926 * libpamc/Makefile.am (EXTRA_DIST): Add License.
3928 See CHANGELOG for earlier changes.