1 2008-10-10 Thorsten Kukuk <kukuk@thkukuk.de>
3 * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass):
4 Remove check for re-used passwords.
5 * modules/pam_cracklib/pam_cracklib.8.xml: Remove documentation
6 of re-used password check.
8 * configure.in: add modules/pam_pwhistory/Makefile.
9 * doc/sag/Linux-PAM_SAG.xml: Include pam_pwhistory.xml.
10 * doc/sag/pam_pwhistory.xml: New.
11 * libpam/pam_static_modules.h: Add pam_pwhistory data.
12 * modules/Makefile.am: Add pam_pwhistory directory.
13 * modules/pam_pwhistory/Makefile.am: New.
14 * modules/pam_pwhistory/README.xml: New.
15 * modules/pam_pwhistory/opasswd.c: New.
16 * modules/pam_pwhistory/opasswd.h: New.
17 * modules/pam_pwhistory/pam_pwhistory.8.xml: New.
18 * modules/pam_pwhistory/pam_pwhistory.c: New.
19 * modules/pam_pwhistory/tst-pam_pwhistory: New.
20 * xtests/Makefile.am: New.
21 * xtests/run-xtests.sh: New.
22 * xtests/tst-pam_pwhistory1.c: New.
23 * xtests/tst-pam_pwhistory1.pamd: New.
24 * xtests/tst-pam_pwhistory1.sh: New.
25 * po/POTFILES.in: Add modules/pam_pwhistory/.
26 * po/de.po: Update translations.
28 2008-10-02 Thorsten Kukuk <kukuk@thkukuk.de>
30 * po/de.po: Update translations.
32 2008-09-30 Manoj Kumar Giri <mgiri@redhat.com>
34 * po/or.po: Updated translations.
36 2008-09-30 Sharuzzaman Ahmat Raslan <sharuzzaman@gmail.com>
38 * po/ms.po: New translation to Malay.
40 2008-09-30 Taylon Silmer Lacerda Silva <taylonsilva@gmail.com>
42 * po/pt_BR.po: Updated translations.
44 2008-09-30 Tomas Mraz <t8m@centrum.cz>
46 * modules/pam_lastlog/pam_lastlog.8.xml: Document new options
47 noupdate and showfailed.
48 * modules/pam_lastlog/pam_lastlog.c(pam_parse): Recognize the new
50 (last_login_read): New output parameter lltime. Do not display
51 the last login message if it would be empty.
52 (last_login_date): New output parameter lltime. Do not write the
53 last login info when LASTLOG_UPDATE is not set.
54 (last_login_failed): New function to display the last bad login
56 (pam_sm_open_session): Obtain lltime from last_login_date() and
57 call last_login_failed() when appropriate.
59 * po/Linux-pam.pot: Updated strings to translate.
62 2008-09-29 Thorsten Kukuk <kukuk@thkukuk.de>
64 * modules/pam_echo/pam_echo.8.xml: Fix format error.
66 2008-09-25 Tomas Mraz <t8m@centrum.cz>
68 * modules/pam_tally/pam_tally.c(get_tally): Fix syslog message.
69 (tally_check): Open faillog read only. Close file descriptor.
70 Fix typos in messages.
72 2008-09-25 Thorsten Kukuk <kukuk@thkukuk.de>
74 * modules/pam_mail/pam_mail.c (report_mail): Fix logic of
75 "quiet" option (Patch from Andreas Henriksson <andreas@fatal.se>)
77 * modules/pam_mail/pam_mail.8.xml: Fix typo.
79 2008-09-23 Tomas Mraz <t8m@centrum.cz>
81 * modules/pam_limits/limits.conf.5.xml: Comment that rss limit is
84 2008-09-19 Tomas Mraz <t8m@centrum.cz>
86 * modules/pam_cracklib/pam_cracklib.8.xml: Fix description
87 of the palindrome test. Document new options maxrepeat and
89 * modules/pam_cracklib/pam_cracklib.c(_pam_parse): Parse
90 the maxrepeat and reject_username options.
91 (password_check): Call the new tests usercheck() and
93 (_pam_unix_approve_pass): Pass user name to the password_check().
95 2008-09-16 Thorsten Kukuk <kukuk@thkukuk.de>
97 * modules/pam_cracklib/pam_cracklib.8.xml: Fix typo.
99 * modules/pam_unix/pam_unix.8.xml: Fix typo.
101 2008-09-03 Thorsten Kukuk <kukuk@thkukuk.de>
103 * modules/pam_exec/pam_exec.c: Expose authtok if requested,
104 provide environment variable containing service type.
105 * modules/pam_exec/pam_exec.8.xml: Document new option.
107 2008-08-29 Tomas Mraz <t8m@centrum.cz>
109 * modules/pam_loginuid/pam_loginuid.c(set_loginuid): Uids
112 2008-08-18 Thorsten Kukuk <kukuk@thkukuk.de>
114 * Makefile.am (M4_FILES): Adjust list.
116 * modules/pam_access/pam_access.8.xml: Fix module service
118 * modules/pam_cracklib/pam_cracklib.8.xml: Likewise.
119 * modules/pam_debug/pam_debug.8.xml: Likewise.
120 * modules/pam_deny/pam_deny.8.xml: Likewise.
121 * modules/pam_echo/pam_echo.8.xml: Likewise.
122 * modules/pam_env/pam_env.8.xml: Likewise.
123 * modules/pam_exec/pam_exec.8.xml: Likewise.
124 * modules/pam_faildelay/pam_faildelay.8.xml: Likewise.
125 * modules/pam_filter/pam_filter.8.xml: Likewise.
126 * modules/pam_ftp/pam_ftp.8.xml: Likewise.
127 * modules/pam_group/pam_group.8.xml: Likewise.
128 * modules/pam_issue/pam_issue.8.xml: Likewise.
129 * modules/pam_keyinit/pam_keyinit.8.xml: Likewise.
130 * modules/pam_lastlog/pam_lastlog.8.xml: Likewise.
131 * modules/pam_limits/pam_limits.8.xml: Likewise.
132 * modules/pam_listfile/pam_listfile.8.xml: Likewise.
133 * modules/pam_localuser/pam_localuser.8.xml: Likewise.
134 * modules/pam_loginuid/pam_loginuid.8.xml: Likewise.
135 * modules/pam_mail/pam_mail.8.xml: Likewise.
136 * modules/pam_mkhomedir/pam_mkhomedir.8.xml: Likewise.
137 * modules/pam_motd/pam_motd.8.xml: Likewise.
138 * modules/pam_namespace/pam_namespace.8.xml: Likewise.
139 * modules/pam_nologin/pam_nologin.8.xml: Likewise.
140 * modules/pam_permit/pam_permit.8.xml: Likewise.
141 * modules/pam_rhosts/pam_rhosts.8.xml: Likewise.
142 * modules/pam_rootok/pam_rootok.8.xml: Likewise.
143 * modules/pam_securetty/pam_securetty.8.xml: Likewise.
144 * modules/pam_selinux/pam_selinux.8.xml: Likewise.
145 * modules/pam_sepermit/pam_sepermit.8.xml: Likewise.
146 * modules/pam_shells/pam_shells.8.xml: Likewise.
147 * modules/pam_succeed_if/pam_succeed_if.8.xml: Likewise.
148 * modules/pam_tally/pam_tally.8.xml: Likewise.
149 * modules/pam_time/pam_time.8.xml: Likewise.
150 * modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise.
151 * modules/pam_umask/pam_umask.8.xml: Likewise.
152 * modules/pam_unix/pam_unix.8.xml: Likewise.
153 * modules/pam_userdb/pam_userdb.8.xml: Likewise.
154 * modules/pam_warn/pam_warn.8.xml: Likewise.
155 * modules/pam_wheel/pam_wheel.8.xml: Likewise.
156 * modules/pam_xauth/pam_xauth.8.xml: Likewise.
158 2008-08-01 Thorsten Kukuk <kukuk@thkukuk.de>
160 * configure.in: Add version for gettext, add search path
161 for m4 directory, fix handling of --disable-* options.
162 Patches from Diego Pettenò <flameeyes@gmail.com>.
164 * configure.in: Run autoupdate on it.
166 * acincludde.m4: Rename to ...
167 * m4/jh_path_xml_catalog.m4: ... this.
169 * m4/*.m4: Remove all autoconf m4 files.
171 2008-07-29 Steve Langasek <vorlon@debian.org>
173 * modules/pam_cracklib/pam_cracklib.8.xml: correct a typo,
174 "Only he" -> "Only the"
176 2008-07-28 Steve Langasek <vorlon@debian.org>
178 * libpamc/test/regress/test.libpamc.c: use standard u_int8_t
179 type instead of __u8, as elsewhere.
180 Patch from Roger Leigh <rleigh@debian.org>.
181 * modules/pam_unix/passverify.c: make save_old_password()
182 thread-safe by using pam_modutil_getpwnam() instead of getpwnam()
183 * modules/pam_unix/passverify.c, modules/pam_unix/passverify.h,
184 modules/pam_unix/pam_unix_passwd.c: add pamh argument to
187 2008-07-27 Steve Langasek <vorlon@debian.org>
189 * modules/pam_*/pam_*.8.xml: fix up the references to pam.d,
190 which is in manpage section 5, not 8.
191 * modules/pam_env/environment, modules/pam_env/pam_env.8.xml:
192 spelling fix, seperate -> separate
194 2008-07-26 Steve Langasek <vorlon@debian.org>
196 * modules/pam_env/pam_env.c: Fix module to skip over
197 non-alphanumeric variable names, and to handle the case when
198 asked to delete a non-existent variable.
200 2008-07-13 Tomas Mraz <t8m@centrum.cz>
202 * modules/pam_mail/pam_mail.8.xml: Module supports session and
203 not account service (#1980773).
205 2008-07-11 Tomas Mraz <t8m@centrum.cz>
207 * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Do
208 not close the pipe descriptor in borderline case (#2009766).
209 * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary):
211 * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
212 * modules/pam_unix/support.h: Define upper limit of fds we will
215 * modules/pam_selinux/pam_selinux.c (config_context): Do not
216 ask for the level if use_current_range is set.
217 (context_from_env): New function to obtain the context from
218 PAM environment variables.
219 (pam_sm_open_session): Call context_from_env() if env_params option
220 is present. use_current_range now modifies behavior of the
221 context_from_env and config_context options.
222 * modules/pam_selinux/pam_selinux.8.xml: Describe the env_params
223 option. Adjust description of use_current_range option.
225 2008-07-09 Thorsten Kukuk <kukuk@thkukuk.de>
227 * modules/pam_exec/pam_exec.c (call_exec): Move all variable
228 declaration to begin of a block (#1976310).
230 * xtests/tst-pam_group1.c (run_test): Move no_grps declaration
231 to begin of function (#1976310).
233 * modules/pam_securetty/pam_securetty.8.xml: Replace
234 PAM_IGNORE with PAM_USER_UNKNOWN (#1994330).
236 * modules/pam_tally/pam_tally.c: Add support for silent and
238 * modules/pam_tally/pam_tally.8.xml: Document silent and
241 2008-07-08 Thorsten Kukuk <kukuk@thkukuk.de>
243 * modules/pam_unix/passverify.c (verify_pwd_hash): Adjust debug
246 2008-06-22 Thorsten Kukuk <kukuk@thkukuk.de>
248 * modules/pam_unix/unix_chkpwd.c (main): Fix compiling without
251 * modules/pam_cracklib/pam_cracklib.8.xml: Fix typo in ucredit
252 description (reported by Wayne Pollock <pollock@acm.org>)
254 2008-06-19 Tomas Mraz <t8m@centrum.cz>
256 * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate):
257 Detect configuration errors. Fail on incomplete condition.
259 2008-05-20 Tomas Mraz <t8m@centrum.cz>
261 * configure.in: Work correctly with autoconf-2.62.
263 2008-05-19 Tomas Mraz <t8m@centrum.cz>
265 * doc/man/pam_getenv.3.xml: Correct the pam_getenv documentation.
267 * doc/man/pam_prompt.3.xml: Add missing description.
269 2008-05-14 Kjartan Maraas <kmaraas@gnome.org>
271 * po/nb.po: Updated translation.
273 2008-05-14 Sulyok Péter <peti@sulyok.hu>
275 * po/hu.po: Updated translation.
277 2008-05-14 Tomas Mraz <t8m@centrum.cz>
279 * libpam/pam_modutil_getgrgid.c: Replace hardcoded constant with
280 define PWD_LENGTH_SHIFT.
281 * libpam/pam_modutil_getgrnam.c: Likewise.
282 * libpam/pam_modutil_getpwnam.c: Likewise.
283 * libpam/pam_modutil_getpwuid.c: Likewise.
284 * libpam/pam_modutil_getspnam.c: Likewise.
285 * libpam/pam_modutil_private.h: Adjust values for PWD_ constants.
287 * modules/pam_unix/pam_unix_passwd.c(pam_sm_chauthtok): Unset authtok
288 item when password is not approved.
289 * modules/pam_unix/support.c(_unix_read_password): UNIX_USE_FIRST_PASS
290 is always set when UNIX_AUTHTOK is set, change order of conditions.
292 2008-05-02 Tomas Mraz <t8m@centrum.cz>
294 * modules/pam_selinux/pam_selinux.c(query_response): Add handling
296 (manual_context): Handle failed query_response() properly. Rename
297 variable responses to response which is more correct name.
298 (config_context): Likewise.
299 (pam_sm_open_session): Do not base decision on whether there is a tty.
301 2008-04-22 Tomas Mraz <t8m@centrum.cz>
303 * modules/pam_selinux/pam_selinux.c(pam_sm_close_sesion): Fix
304 regression from the change from 2008-03-20. setexeccon() must be
305 called also with NULL prev_context.
307 2008-04-21 Thorsten Kukuk <kukuk@thkukuk.de>
309 * modules/pam_access/access.conf.5.xml: Document changed behavior
311 * modules/pam_access/pam_access.c: Add from_remote_host to
312 struct login_info to change behavior of LOCAL keyword: if
313 PAM_RHOST is not set, LOCAL will be true.
315 2008-04-18 Tomas Mraz <t8m@centrum.cz>
317 * modules/pam_namespace/pam_namespace.c: New functions
318 unprotect_dirs(), cleanup_protect_data(), protect_mount(),
319 protect_dir() to protect directory by bind mount.
320 (cleanup_data): Renamed to cleanup_polydir_data().
321 (parse_create_params): Allow missing specification of mode
323 (check_inst_parent): Call protect_dir() on the instance parent
324 directory. The directory is created when it doesn't exist.
325 (create_polydir): Protect and make the polydir by protect_dir(),
326 remove potential races.
327 (create_dirs): Renamed to create_instance(), remove call to
329 (ns_setup): Call protect_dir() on the polydir if it already exists.
330 Call inst_init() after the polydir is mounted.
331 (setup_namespace): Set the namespace protect data to be cleaned up
332 on pam_close_session()/pam_end().
333 (pam_sm_open_session): Initialize the protect_dirs.
334 (pam_sm_close_session): Cleanup namespace protect data.
335 * modules/pam_namespace/pam_namespace.h: Define struct for the
336 stack of protected dirs.
337 * modules/pam_namespace/pam_namespace.8.xml: Document when the
338 instance init script is called.
339 * modules/pam_namespace/namespace.conf.5.xml: Likewise.
341 2008-04-17 Tomas Mraz <t8m@centrum.cz>
343 * modules/pam_access/pam_access.c(myhostname): Removed function.
344 (user_match): Supply hostname of the machine to the netgroup_match().
345 Use hostname from the loginfo instead of calling myhostname().
346 (pam_sm_authenticate): Call gethostname() to fill hostname in the
349 * modules/pam_sepermit/pam_sepermit.c(sepermit_match): Do not try
350 to lock if euid != 0.
352 2008-04-16 Tomas Mraz <t8m@centrum.cz>
354 * modules/pam_unix/Makefile.am: Link unix_chkpwd with libaudit.
355 * modules/pam_unix/unix_chkpwd.c(_audit_log): New function for audit.
356 (main): Call _audit_log() when appropriate.
358 * modules/pam_cracklib/pam_cracklib.c(_pam_parse): Recognize also
359 try_first_pass and use_first_pass options.
360 (pam_sm_chauthtok): Implement the new options.
362 2008-04-08 Tomas Mraz <t8m@centrum.cz>
364 * modules/pam_xauth/pam_xauth.c(run_coprocess): Avoid multiple
365 calls to sysconf() (based on patch by Sami Farin).
367 * libpam/pam_item.c (TRY_SET): Do not set when destination
368 is identical to source.
369 (pam_set_item): Do not overwrite destination when it
370 is identical to source.
372 2008-04-07 Miloš Komarčević <kmilos@gmail.com>
374 * po/sr.po: New file with translation.
375 * po/sr@latin.po: Likewise.
376 * po/LINGUAS: Add sr and sr@latin.
378 2008-04-03 Thorsten Kukuk <kukuk@thkukuk.de>
380 * release version 1.0.0
382 * configure.in: Set version number to 1.0.0.
383 * libpam/Makefile.am: Bump patchlevel of libpam.
384 * doc/adg/Linux-PAM_ADG.xml: Update version/date.
385 * doc/mwg/Linux-PAM_MWG.xml: Likewise.
386 * doc/sag/Linux-PAM_SAG.xml: Likewise.
388 2008-03-31 Dan Walsh <dwalsh@redhat.com>
390 * modules/pam_sepermit/pam_sepermit.c(sepermit_lock): Mark lock fd to
393 2008-03-25 Leah Liu <lliu@redhat.com>
395 * po/zh_CN.po: Updated translation.
397 2008-03-20 Tomas Mraz <t8m@centrum.cz>
399 * modules/pam_namespace/pam_namespace.c(poly_name): Switch to USER
400 method only when appropriate.
401 (setup_namespace): Do not umount when not mounted with RUSER.
403 * modules/pam_selinux/pam_selinux.c(pam_sm_close_session): Call
404 freecontext() after the context is logged not before.
406 2008-03-18 Canniot Thomas <thomas.canniot@mrtomlinux.org>
408 * po/fr.po: Updated translation.
410 2008-03-13 Ankit Patel <ankit@redhat.com>
412 * po/gu.po: Updated translation.
414 2008-03-05 Tomas Mraz <t8m@centrum.cz>
416 * modules/pam_cracklib/pam_cracklib.c(pam_sm_chauthtok): Avoid
417 unnecessary x_strdup() of resp.
418 * modules/pam_ftp/pam_ftp(pam_sm_authenticate): Call _pam_overwrite()
419 before dropping password resp.
421 2008-03-03 Tomas Mraz <t8m@centrum.cz>
423 * modules/pam_selinux/pam_selinux.c: Do not translate syslog messages.
424 * po/Linux-PAM.pot: Update.
426 * libpam/pam_item.c(RESET): Rename to TRY_SET, handle strdup failure.
427 (pam_set_item): Use TRY_SET() also for PAM_AUTHTOK and PAM_OLDAUTHTOK.
428 Handle allocation failure for PAM_XAUTHDATA.
429 (pam_get_user): Return error when conversation returns NULL user.
430 Call pam_set_item() instead of RESET().
432 2008-02-26 Tomas Mraz <t8m@centrum.cz>
434 * modules/pam_unix/Makefile.am: Do not link to cracklib.
435 * modules/pam_unix/pam_unix_passwd.c(_pam_unix_approve_pass):
436 Do not call FascistCheck() from cracklib.
438 2008-02-29 Fabian Affolter <fab@fedoraproject.org>
440 * po/de.po: Updated translation.
442 2008-02-28 Piotr Drąg <piotrdrag@gmail.com>
444 * po/pl.po: Updated translation.
446 2008-02-26 Tomas Mraz <t8m@centrum.cz>
448 * po/LINUGAS: New languages added.
449 * po/es.po: Updated translations.
450 * po/fr.po: Likewise.
451 * po/it.po: Likewise.
452 * po/ja.po: Likewise.
453 * po/nl.po: Likewise.
454 * po/pl.po: Likewise.
455 * po/pt_BR.po: Likewise.
456 * po/ru.po: Likewise.
457 * po/zh_CN.po: Likewise.
458 * po/as.po: New file.
459 * po/gu.po: Likewise.
460 * po/hi.po: Likewise.
461 * po/kn.po: Likewise.
462 * po/ko.po: Likewise.
463 * po/ml.po: Likewise.
464 * po/or.po: Likewise.
465 * po/si.po: Likewise.
466 * po/ta.po: Likewise.
468 2008-02-21 Tomas Mraz <t8m@centrum.cz>
470 * libpam/pam_audit.c (_pam_audit_writelog): Silence syslog
471 message on non-error return.
473 * modules/pam_unix/unix_chkpwd.c (main): Proceed as unprivileged
474 user when checking password of another user.
475 * modules/pam_unix/unix_update.c: Fix comment.
477 2008-02-18 Dmitry V. Levin <ldv@altlinux.org>
479 * libpam/pam_handlers.c (_pam_assemble_line): Fix potential
481 * xtests/tst-pam_assemble_line1.pamd: New test for
483 * xtests/tst-pam_assemble_line1.sh: New script for
484 tst-pam_assemble_line1.
485 * xtests/Makefile.am (NOSRCTESTS): Add tst-pam_assemble_line1.
486 (EXTRA_DIST): Add tst-pam_assemble_line1.pamd and
487 tst-pam_assemble_line1.sh
489 * modules/pam_exec/pam_exec.c (call_exec): Fix asprintf return
492 2008-02-13 Thorsten Kukuk <kukuk@thkukuk.de>
494 * release version 0.99.10.0
496 * configure.in: set version number.
498 * modules/pam_rhosts/Makefile.am: Remove pam_rhosts_auth.
499 * modules/pam_rhosts/pam_rhosts_auth.c: Removed.
500 * modules/pam_rhosts/tst-pam_rhosts_auth: Removed.
502 * modules/pam_namespace/Makefile.am (noinst_HEADERS): Add
505 2008-02-13 Tomas Mraz <t8m@centrum.cz>
507 * modules/pam_namespace/Makefile.am: Add argv_parse files and namespace.d
509 * modules/pam_namespace/argv_parse.c: New file.
510 * modules/pam_namespace/argv_parse.h: New file.
511 * modules/pam_namespace/namespace.conf.5.xml: Document new features.
512 * modules/pam_namespace/pam_namespace.8.xml: Likewise.
513 * modules/pam_namespace/pam_namespace.h: Use SECURECONF_DIR define.
514 Define NAMESPACE_D_DIR and NAMESPACE_D_GLOB. Define new option flags
516 (polydir_s): Add rdir, replace exclusive with flags, add init_script,
517 owner, group, and mode.
518 (instance_data): Add ruser, gid, and ruid.
519 * modules/pam_namespace/pam_namespace.c: Remove now unused copy_ent().
520 (add_polydir_entry): Add the entry directly, no copy.
521 (del_polydir): New function.
522 (del_polydir_list): Call del_polydir().
523 (expand_variables, parse_create_params, parse_iscript_params,
524 parse_method): New functions.
525 (process_line): Call expand_variables() on polydir and instance prefix.
526 Call argv_parse() instead of strtok_r(). Allocate struct polydir_s on heap.
527 (parse_config_file): Parse .conf files from namespace.d dir after
529 (form_context): Call getcon() or get_default_context_with_level() when
530 appropriate flags are set.
531 (poly_name): Handle shared polydir flag.
532 (inst_init): Execute non-default init script when specified.
533 (create_polydir): New function.
534 (create_dirs): Remove the code which checks the polydir. Do not call
535 inst_init() when noinit flag is set.
536 (ns_setup): Check the polydir and eventually create it if the create flag
538 (setup_namespace): Use ruser uid from idata. Set the namespace polydir
539 pam data only when namespace was set up correctly. Unmount polydir
541 (get_user_data): New function.
542 (pam_sm_open_session): Check for use_current_context and
543 use_default_context options. Call get_user_data().
544 (pam_sm_close_session): Call get_user_data().
546 2008-02-06 Thorsten Kukuk <kukuk@thkukuk.de>
548 * po/de.po: Translate some more strings.
550 2008-02-05 Thorsten Kukuk <kukuk@thkukuk.de>
552 * modules/pam_unix/unix_update.c: Remove unused declarations.
554 2008-02-04 Thorsten Kukuk <kukuk@thkukuk.de>
556 * libpam/pam_static_modules.h: Add _pam_sepermit_modstruct.
557 * modules/pam_sepermit/pam_sepermit.c: Fix typo.
558 * modules/pam_sepermit/Makefile.am: Install config file only
559 if we build the module.
561 * README: Add --disable-pie to configure options for static library.
563 * doc/man/Makefile.am: Fix building outside of src directory.
565 * libpam/Makefile.am: Bump version number of libpam.
567 * modules/Makefile.am: Add pam_sepermit.
569 * doc/Makefile.am: Fix build out of source directory.
571 * po/POTFILES.in: Add pam_sepermit.c.
573 * modules/pam_exec/pam_exec.c: Set PAM environment variables and
575 * modules/pam_exec/pam_exec.8.xml: Document new behavior.
576 Patch from Julien Lecomte <julien@lecomte.at>.
578 2008-02-01 Tomas Mraz <t8m@centrum.cz>
580 * modules/pam_namespace/namespace.conf.5.xml: Add documentation for
581 tmpfs and tmpdir polyinst and for ~ user list modifier.
582 * modules/pam_namespace/namespace.init: Add documentation for the
583 new init parameter. Add home directory initialization script.
584 * modules/pam_namespace/pam_namespace.8.xml: Document the new
585 init parameter of the namespace.init script.
586 * modules/pam_namespace/pam_namespace.c(copy_ent): Copy exclusive flag.
587 (cleanup_data): New function.
588 (process_line): Set exclusive flag. Add tmpfs and tmpdir methods.
589 (ns_override): Change behavior on the exclusive flag.
590 (poly_name): Process tmpfs and tmpdir methods.
591 (inst_init): Add flag for new directory initialization.
592 (create_dirs): Process the tmpdir method, add the new directory
594 (ns_setup): Remove unused code. Process the tmpfs method.
595 (cleanup_tmpdirs): New function.
596 (setup_namespace): Set data for proper cleanup. Cleanup the tmpdirs
598 (pam_sm_close_session): Instead of parsing the config file again use
599 the previously set data for cleanup.
600 * modules/pam_namespace/pam_namespace.h: Add TMPFS and TMPDIR methods
603 2008-01-29 Tomas Mraz <t8m@centrum.cz>
605 * configure.in: Test for setkeycreatecon needs libselinux.
606 Add new module pam_sepermit.
607 * modules/Makefile.am: Add new module pam_sepermit.
608 * modules/pam_sepermit/.cvsignore: New file.
609 * modules/pam_sepermit/Makefile.am: Likewise.
610 * modules/pam_sepermit/README.xml: Likewise.
611 * modules/pam_sepermit/pam_sepermit.8.xml: Likewise.
612 * modules/pam_sepermit/pam_sepermit.c: Likewise.
613 * modules/pam_sepermit/sepermit.conf: Likewise.
614 * modules/pam_sepermit/tst-pam_sepermit: Likewise.
615 * doc/sag/pam_sepermit.xml: Likewise.
617 * doc/sag/pam_tty_audit.xml: Add pam_tty_audit to SAG.
619 2008-01-29 Miloslav Trmac <mitr@redhat.com>
621 * modules/pam_tty_audit/README.xml: Add notes section.
622 * modules/pam_tty_audit/pam_tty_audit.8.xml: Describe patterns
623 support and open_only option. Add notes.
624 * modules/pam_tty_audit/pam_tty_audit.c(pam_sm_open_session): Add
625 support for pattern matching and the open_only option.
627 2008-01-28 Thorsten Kukuk <kukuk@thkukuk.de>
629 * libpam/pam_audit.c: Include pam_modutil_private.h.
631 * libpam/pam_item.c (pam_set_item): Fix compiler warning.
633 * libpam/pam_end.c (pam_end): Cast to correct pointer type.
634 * libpam/include/security/_pam_macros.h (_pam_overwrite_n): Use
637 * modules/pam_unix/passverify.c: Fix compiling without SELinux
640 2008-01-24 Tomas Mraz <t8m@centrum.cz>
642 * modules/pam_unix/bigcrypt.c (bigcrypt): Use crypt_r() when
644 * modules/pam_unix/passverify.c (strip_hpux_aging): New function
645 to strip HP/UX aging info from password hash.
646 (verify_pwd_hash): Call strip_hpux_aging(), use crypt_r() when
649 2008-01-23 Tomas Mraz <t8m@centrum.cz>
651 * configure.in: Add test for crypt_r(). Add setting/disabling random
654 * modules/pam_unix/Makefile.am: Add unix_update.8 manpage generated from
655 XML, generate also unix_chkpwd.8 from XML.
656 * modules/pam_unix/pam_unix_acct.c: Add rounds parameter to _set_ctrl().
657 * modules/pam_unix/pam_unix_auth.c: Likewise.
658 * modules/pam_unix/pam_unix_sess.c: Likewise.
659 * modules/pam_unix/pam_unix_passwd.c: Likewise.
660 * modules/pam_unix/support.c(_set_ctrl): Likewise.
661 * modules/pam_unix/support.h: Likewise. Add UNIX_SHA256_PASS,
662 UNIX_SHA512_PASS, and UNIX_ALGO_ROUNDS ctrls.
663 (pam_sm_chauthtok): Refactor out new password encryption.
664 * modules/pam_unix/passverify.c(crypt_make_salt): New function.
665 (crypt_md5_wrapper): Call crypt_make_salt().
666 (create_password_hash): New function refactored out of
667 pam_sm_chauthtok(). Support for new password hashes.
668 * modules/pam_unix/passverify.h: Drop ascii_to_bin() and bin_to_ascii()
669 macros. Add prototype for create_password_hash().
670 * modules/pam_unix/unix_update.8.xml: New file.
671 * modules/pam_unix/unix_chkpwd.8.xml: Likewise.
673 * modules/pam_unix/Makefile.am: Add unix_update helper.
674 * modules/pam_unix/pam_unix_passwd.c: Move functions i64c(),
675 crypt_md5_wrapper(), save_old_password(), _update_passwd() and
676 _update_shadow() to passverify.c file. Rename _unix_run_shadow_binary()
677 to _unix_run_update_binary(), which also verifies old password and
679 (_do_setpass, pam_sm_chauthtok): lckpwdf()->lock_pwdf(), the same for unlock.
680 Call _unix_run_update_binary() appropriately.
681 _update_passwd()->unix_update_passwd(), the same for shadow.
682 * modules/pam_unix/passverify.c: Add new functions moved from
683 pam_unix_passwd.c and unix_chkpwd.c.
684 * modules/pam_unix/passverify.h: Likewise.
685 * modules/pam_unix/unix_chkpwd.c: Remove SELinux checks. Move
686 su_sighandler(), setup_signals(), getuidname() to passverify.c.
687 (main): Remove 'shadow' option. Refactor out read_passwords() and
688 call it. More strict checking how the binary is called.
689 * modules/pam_unix/unix_update.c: New helper binary - non-setuid,
690 called from SELinux confined apps only.
692 * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Return
693 status and daysleft instead of fake shadow entry.
694 (pam_sm_acct_mgmt): Call _unix_run_verify_binary() appropriately.
695 * modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Call
696 get_account_info() and check_shadow_expiry().
697 * modules/pam_unix/support.h: Adjust _unix_run_verify_binary()
699 * modules/pam_unix/support.c (_unix_run_helper_binary): Remove check
700 on selinux enabled/disabled.
701 * modules/pam_unix/unix_chkpwd.c (_verify_account): Rename to
702 _check_expiry(), now checks shadow expiry info.
703 (main): Remove check on selinux enabled/disabled. Check shadow
704 expiry through _check_expiry().
706 * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Call
707 get_account_info() and check_shadow_expiry().
708 * modules/pam_unix/passverify.c: Add get_account_info() to
709 obtain shadow and passwd entry. Add check_shadow_expiry() to
710 for shadow password expiry check.
711 (get_pwd_hash): Call get_account_info().
712 * modules/pam_unix/passverify.h: Add prototypes for get_account_info()
713 and check_shadow_expiry().
715 2008-01-08 Thorsten Kukuk <kukuk@thkukuk.de>
717 * doc/man/Makefile.am: Fix manual page dependencies,
718 add hack for bug in xsl stylestheets.
720 2008-01-07 Thorsten Kukuk <kukuk@thkukuk.de>
722 * po/it.po: Fix typos.
723 * po/de.po: Few new translations.
724 * po/POTFILES.in: Add pam_tty_audit.c and passverify.c.
725 * doc/man/pam_xauth_data.3.xml: Added to CVS.
726 * doc/man/pam_xauth_data.3: Likewise.
727 * modules/pam_tty_audit/README: Likewise.
728 * modules/pam_tty_audit/pam_tty_audit.8: Likewise.
729 * po/sv.po: Update swedish translation [#1857531].
730 * modules/pam_succeed_if/pam_succeed_if.8.xml: Fix
731 cut & paste error [#1863490].
733 2008-01-02 Petteri Räty <betelgeuse@gentoo.org>
734 * modules/pam_limits/limits.conf: document allowed values for
736 * modules/pam_limits/limits.conf.5.xml: Likewise.
738 2007-12-18 Thorsten Kukuk <kukuk@thkukuk.de>
740 * README: Document how to run make check with static modules
743 2007-12-18 Peter Breitenlohner <peb@mppmu.mpg.de>
744 * README: Document that "make check" requires a file
745 /etc/pam.d/other (SF#1822764).
747 2007-12-12 Eamon Walsh <ewalsh@tycho.nsa.gov>
749 * doc/man/pam_item_types_ext.inc.xml: More appropriate wording
750 for PAM_XDISPLAY doc.
752 2007-12-07 Tomas Mraz <t8m@centrum.cz>
754 * po/cs.po: Updated translations.
756 * libpam/libpam.map: Add LIBPAM_MODUTIL_1.1 version.
757 * libpam/pam_audit.c: Add _pam_audit_open() and
758 pam_modutil_audit_write().
759 (_pam_auditlog): Call _pam_audit_open().
760 * libpam/include/security/pam_modutil.h: Add pam_modutil_audit_write().
761 * modules/pam_access/pam_access.8.xml: Add noaudit option.
763 * modules/pam_access/pam_access.c: Move fs, sep, pam_access_debug, and
764 only_new_group_syntax variables to struct login_info. Add noaudit
766 (_parse_args): Adjust for the move of variables and add support for
768 (group_match): Add debug parameter.
769 (string_match): Likewise.
770 (network_netmask_match): Likewise.
771 (login_access): Adjust for the move of variables. Add nonall_match.
772 Add call to pam_modutil_audit_write().
773 (list_match): Adjust for the move of variables.
774 (user_match): Likewise.
775 (from_match): Likewise.
776 (pam_sm_authenticate): Call _parse_args() earlier.
777 * modules/pam_limits/pam_limits.8.xml: Add noaudit option.
779 * modules/pam_limits/pam_limits.c (_pam_parse): Add noaudit option.
780 (setup_limits): Call pam_modutil_audit_write().
781 * modules/pam_time/pam_time.8.xml: Add debug and noaudit options.
783 * modules/pam_time/pam_time.c: Add option parsing (_pam_parse()).
784 (check_account): Call _pam_parse(). Call pam_modutil_audit_write()
785 and pam_syslog() on login denials.
787 2007-12-07 Luca Bruno <luca.br@uno.it>
789 * po/it.po: Updated translations.
791 2007-12-06 Eamon Walsh <ewalsh@tycho.nsa.gov>
793 * libpam/include/security/_pam_macros.h: Add _pam_overwrite_n()
795 * libpam/include/security/_pam_types.h: Add PAM_XDISPLAY,
796 PAM_XAUTHDATA items, pam_xauth_data struct.
797 * libpam/pam_item.c (pam_set_item, pam_get_item): Handle
798 PAM_XDISPLAY and PAM_XAUTHDATA items.
799 * libpam/pam_end.c (pam_end): Destroy the new items.
800 * libpam/pam_private.h (pam_handle): Add data members for new
801 items. Add prototype for _pam_memdup.
802 * libpam/pam_misc.c: Add _pam_memdup.
803 * doc/man/Makefile.am: Add pam_xauth_data.3. Replace
804 pam_item_types.inc.xml with pam_item_types_std.inc.xml and
805 pam_item_types_ext.inc.xml.
806 * doc/man/pam_get_item.3.xml: Replace pam_item_types.inc.xml
807 with pam_item_types_std.inc.xml and pam_item_types_ext.inc.xml.
808 * doc/man/pam_set_item.3.xml: Likewise.
809 * doc/man/pam_item_types.inc.xml: Removed file.
810 * doc/man/pam_item_types_ext.inc.xml: New file.
811 * doc/man/pam_item_types_std.inc.xml: New file.
813 2007-12-06 Tomas Mraz <t8m@centrum.cz>
815 * modules/pam_tty_audit/pam_tty_audit.8.xml: Fix example.
817 2007-12-05 Miloslav Trmac <mitr@redhat.com>
819 * configure.in: Add test for audit_tty_status struct. Add
820 pam_tty_audit module.
821 * libpam/pam_static_modules.h: Add pam_tty_audit module.
822 * modules/pam_tty_audit/Makefile.am: New file.
823 * modules/pam_tty_audit/README.xml: Likewise.
824 * modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise.
825 * modules/pam_tty_audit/pam_tty_audit.c: Likewise.
827 2007-12-05 Tomas Mraz <t8m@centrum.cz>
829 * modules/pam_unix/Makefile.am: Add passverify.h and passverify.c
830 as first part of pam_unix refactorization.
831 * modules/pam_unix/pam_unix/pam_unix_acct.c: Include passverify.h.
832 * modules/pam_unix/pam_unix_passwd.c: Likewise.
833 * modules/pam_unix/passverify.c: New file with common functions.
834 * modules/pam_unix/passverify.h: Prototypes for the common functions.
835 * modules/pam_unix/support.c: Include passverify.h, move
836 _unix_shadowed() to passverify.c.
837 (_unix_verify_password): Refactor out verify_pwd_hash() function.
838 * modules/pam_unix/support.h: Move _unix_shadowed() prototype to
840 * modules/pam_unix/unix_chkpwd.c: Use _unix_shadowed() and
841 verify_pwd_hash() from passverify.c.
843 2007-11-20 Thorsten Kukuk <kukuk@thkukuk.de>
845 * modules/pam_unix/Makefile.am (unix_chkpwd_LDADD): Don't link
846 unix_chkpwd unnecessary against libpam (#1822779).
848 * modules/pam_tally/pam_tally.c (tally_log): Map
849 pam_modutil_getpwnam to getpwnam if we don't compile
851 * modules/pam_tally/Makefile.am: Don't link pam_tally_app
852 against libpam (#1822779).
854 2007-11-06 Thorsten Kukuk <kukuk@thkukuk.de>
856 * xtests/tst-pam_group1.c: Include stdlib.h
857 * xtests/tst-pam_succeed_if1.c: Likewise.
858 * xtests/tst-pam_limits1.c: Likewise.
859 * xtests/tst-pam_access1.c: Likewise.
860 * xtests/tst-pam_access2.c: Likewise.
861 * xtests/tst-pam_access3.c: Likewise.
862 * xtests/tst-pam_access4.c: Likewise.
863 * xtests/tst-pam_unix1.c: Likewise.
864 * xtests/tst-pam_unix2.c: Likewise.
865 * xtests/tst-pam_unix3.c: Likewise.
866 * xtests/tst-pam_cracklib1.c: Likewise.
867 * xtests/tst-pam_cracklib2.c: Likewise.
869 * libpam/pam_static_modules.h: Fix name of pam_namespace variable.
871 2007-11-01 Peter Breitenlohner <peb@mppmu.mpg.de>
873 * doc/man/pam_conv.3.xml: Correct typo.
875 2007-10-30 Peter Breitenlohner <peb@mppmu.mpg.de>
877 * modules/pam_rhosts/pam_rhosts_auth.c (__icheckhost): Correct
878 misplaced parenthesis.
879 * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Prevent use of
880 dngettext() when NLS is disabled.
881 * modules/pam_exec/pam_exec.c (call_exec): Avoid gcc warning.
882 * doc/specs/parse_y.y (set_label, new_counter): Break trigraphs to
884 * modules/pam_wheel/pam_wheel.c: Remove excessive initializer
887 * modules/pam_cracklib/pam_cracklib.8.xml: Correct typo.
888 * modules/pam_limits/limits.conf.5.xml: Likewise.
889 * modules/pam_listfile/pam_listfile.8.xml: Likewise.
890 * modules/pam_xauth/pam_xauth.8.xml: Likewise.
892 * modules/pam_deny/pam_deny.8.xml: Correct spelling.
893 * modules/pam_group/pam_group.8.xml: Likewise.
894 * modules/pam_permit/pam_permit.8.xml: Likewise.
895 * modules/pam_shells/pam_shells.8.xml: Likewise.
896 * modules/pam_time/pam_time.8.xml: Likewise.
897 * modules/pam_warn/pam_warn.8.xml: Likewise.
899 * tests/tst-dlopen.c: Return 77 in case of static modules, such that
900 all modules/pam_*/tst-pam_* tests yield SKIP instead of FAIL.
901 * libpam/Makefile.am (libpam_la_LIBADD): Use "$(shell ls ...)" instead
902 of "`ls ...`", to allow for static modules.
903 * libpam/pam_static_modules.h: Make pam_keyinit module depend on
904 HAVE_KEY_MANAGEMENT; correct name of pam_faildelay pam_module struct.
905 * modules/pam_faildelay/pam_faildelay.c: Correct name of pam_module
908 2007-10-25 Steve Langasek <vorlon@debian.org>
910 * modules/pam_tally/pam_tally.c: fix the definition of OPT_AUDIT
911 to be octal instead of decimal, so that it works properly in a
912 bit field instead of forcing the "even_deny_root_account" and
913 "no_reset" options to on.
914 Patch from Corey Wright <undefined@pobox.com>.
916 2007-10-19 Tomas Mraz <t8m@centrum.cz>
918 * xtests/tst-pam_access1.c: Use different name for user and group.
919 * xtests/tst-pam_access1.sh: Likewise.
920 * xtests/tst-pam_access2.c: Likewise.
921 * xtests/tst-pam_access2.sh: Likewise.
922 * xtests/tst-pam_access4.c: Likewise.
923 * xtests/tst-pam_access4.sh: Likewise.
924 * xtests/group.conf: Likewise.
925 * xtests/tst-pam_group1.c: Likewise.
926 * xtests/tst-pam_group1.sh: Likewise.
928 * libpam/pam_dispatch.c (_pam_dispatch_aux): Save states for substacks,
929 record substack level, skip over virtual substack modules, implement
930 evaluation of done, die, reset and jumps in substacks. Also fixes
931 too far jumps in substacks.
932 * libpam/pam_end.c (pam_end): Drop substack evaluation states.
933 * libpam/pam_handlers.c (_pam_parse_conf_file): Add substack level
934 parameter, instead of must_fail use handler_type needed for virtual
936 (_pam_load_conf_file): Add substack level parameter.
937 (_pam_init_handlers): Substack level parameter added to
938 _pam_parse_conf_file() calls.
939 (_pam_load_module): New function.
940 (_pam_add_handler): Refactor code into the _pam_load_module(). Add
941 support for virtual substack modules.
942 * libpam/pam_private.h: Rename must_fail to handler_type, add stack_level
943 to struct handler. Define handler type constants. Add struct
944 for substack evaluation states. Define constant for maximum
945 substack level. Add substack states pointer to former state struct.
946 * libpam/pam_start.c (pam_start): Initialize pointer to substack states.
947 * doc/man/pam.conf-syntax.xml: Document substack control.
948 * xtests/Makefile.am: Add new tests for substack evaluation.
949 * xtests/run_xtests.sh: Support multiple .pamd files in a test.
950 * xtests/tst-pam_authfail.pamd: New tests for substack evaluation.
951 * xtests/tst-pam_authsucceed.pamd: Likewise.
952 * xtests/tst-pam_substack1.pamd: Likewise.
953 * xtests/tst-pam_substack1a.pamd: Likewise.
954 * xtests/tst-pam_substack1.sh: Likewise.
955 * xtests/tst-pam_substack2.pamd: Likewise.
956 * xtests/tst-pam_substack2a.pamd: Likewise.
957 * xtests/tst-pam_substack2.sh: Likewise.
958 * xtests/tst-pam_substack3.pamd: Likewise.
959 * xtests/tst-pam_substack3a.pamd: Likewise.
960 * xtests/tst-pam_substack3.sh: Likewise.
961 * xtests/tst-pam_substack4.pamd: Likewise.
962 * xtests/tst-pam_substack4a.pamd: Likewise.
963 * xtests/tst-pam_substack4.sh: Likewise.
964 * xtests/tst-pam_substack5.pamd: Likewise.
965 * xtests/tst-pam_substack5a.pamd: Likewise.
966 * xtests/tst-pam_substack5.sh: Likewise.
968 2007-10-18 Tomas Mraz <t8m@centrum.cz>
970 * xtests/tst-pam_dispatch4.c: Fix comment about the test.
971 * xtests/tst-pam_dispatch4.pamd: Improve the testcase.
972 * xtests/tst-pam_cracklib2.c: Make the testcase more robust.
974 2007-10-12 Thorsten Kukuk <kukuk@thkukuk.de>
976 * xtests/Makefile.am: Add tst-pam_dispatch5 sources
977 * xtests/tst-pam_dispatch5.c: New test for jump too far.
978 * xtests/tst-pam_dispatch5.pamd: New test configuration.
980 2007-10-09 Tomas Mraz <t8m@centrum.cz>
982 * modules/pam_tally/pam_tally.8.xml: Document audit option
985 2007-10-09 Thorsten Kukuk <kukuk@thkukuk.de>
987 * release version 0.99.9.0
989 * configure.in: Increase vesion number.
991 * libpam/Makefile.am: Increase release number.
992 * libpam_misc/Makefile.am: Increase release number.
994 * po/*.po: Regenerate.
996 2007-10-08 Thorsten Kukuk <kukuk@thkukuk.de>
998 * modules/pam_time/pam_time.c (is_same): Length of strings without
999 wildcard needs to be the same.
1000 * modules/pam_group/pam_group.c (is_same): Likewise.
1002 2007-10-01 Thorsten Kukuk <kukuk@thkukuk.de>
1004 * xtests/tst-pam_group1.c: New test case for user compare in pam_group.
1005 * xtests/tst-pam_group1.sh: Script to run test case.
1006 * xtests/tst-pam_group1.pamd: Config for test case.
1007 * xtests/Makefile.am: Add tst-pam_group1 test case.
1008 * xtests/run-xtests.sh: Save/restore group.conf.
1009 * xtests/group.conf: New.
1011 * modules/pam_xauth/pam_xauth.c (pam_sm_open_session): Don't
1012 free arguments used for putenv().
1014 * doc/man/pam_putenv.3.xml: Document that application has to free
1017 2007-09-27 Tomas Mraz <t8m@centrum.cz>
1019 * modules/pam_succeed_if/pam_succeed_if.c (evaluate_inlist): Fix in
1020 operator rhbz #295151.
1021 * modules/pam_namespace/pam_namespace.c (poly_name): Do not try to
1022 get context when SELinux is disabled.
1024 2007-09-27 Thorsten Kukuk <kukuk@thkukuk.de>
1026 * xtests/tst-pam_succeed_if1.c: New test case for
1027 https://bugzilla.redhat.com/show_bug.cgi?id=295151
1028 * xtests/tst-pam_succeed_if1.sh: Script to run test case.
1029 * xtests/tst-pam_succeed_if1.pamd: Config for test case.
1030 * xtests/Makefile.am: Add tst-pam_succeed_if1 test case.
1032 * xtests/run-xtests.sh: Add support to skip tests.
1033 * xtests/tst-pam_limits1.c: Skip test if RLIMIT_NICE is not
1036 2007-09-03 Steve Langasek <vorlon@debian.org>
1038 * modules/pam_limits/pam_limits.c: remove a number of unnecessary
1039 string manipulations, including a strncpy() that was acting on
1042 * libpam_misc/misc_conv.c: don't block SIGINT in misc_conv; it's
1043 perfectly valid to allow the user to interrupt at a prompt. If
1044 an application wants prompts to not be interruptable, the
1045 application should take responsibility for blocking SIGINT.
1047 2007-09-02 Thorsten Kukuk <kukuk@thkukuk.de>
1049 * examples/Makefile.am: Fix usage of LIBADD, LDADD and LDFLAGS.
1050 * libpam/Makefile.am: Likewise.
1051 * modules/pam_access/Makefile.am: Likewise.
1052 * modules/pam_cracklib/Makefile.am: Likewise.
1053 * modules/pam_debug/Makefile.am: Likewise.
1054 * modules/pam_deny/Makefile.am: Likewise.
1055 * modules/pam_echo/Makefile.am: Likewise.
1056 * modules/pam_env/Makefile.am: Likewise.
1057 * modules/pam_exec/Makefile.am: Likewise.
1058 * modules/pam_faildelay/Makefile.am: Likewise.
1059 * modules/pam_filter/Makefile.am: Likewise.
1060 * modules/pam_filter/upperLOWER/Makefile.am: Likewise.
1061 * modules/pam_ftp/Makefile.am: Likewise.
1062 * modules/pam_group/Makefile.am: Likewise.
1063 * modules/pam_issue/Makefile.am: Likewise.
1064 * modules/pam_keyinit/Makefile.am: Likewise.
1065 * modules/pam_lastlog/Makefile.am: Likewise.
1066 * modules/pam_limits/Makefile.am: Likewise.
1067 * modules/pam_listfile/Makefile.am: Likewise.
1068 * modules/pam_localuser/Makefile.am: Likewise.
1069 * modules/pam_loginuid/Makefile.am: Likewise.
1070 * modules/pam_mail/Makefile.am: Likewise.
1071 * modules/pam_mkhomedir/Makefile.am: Likewise.
1072 * modules/pam_motd/Makefile.am: Likewise.
1073 * modules/pam_namespace/Makefile.am: Likewise.
1074 * modules/pam_nologin/Makefile.am: Likewise.
1075 * modules/pam_permit/Makefile.am: Likewise.
1076 * modules/pam_rhosts/Makefile.am: Likewise.
1077 * modules/pam_rootok/Makefile.am: Likewise.
1078 * modules/pam_securetty/Makefile.am: Likewise.
1079 * modules/pam_selinux/Makefile.am: Likewise.
1080 * modules/pam_shells/Makefile.am: Likewise.
1081 * modules/pam_stress/Makefile.am: Likewise.
1082 * modules/pam_succeed_if/Makefile.am: Likewise.
1083 * modules/pam_tally/Makefile.am: Likewise.
1084 * modules/pam_time/Makefile.am: Likewise.
1085 * modules/pam_umask/Makefile.am: Likewise.
1086 * modules/pam_unix/Makefile.am: Likewise.
1087 * tests/Makefile.am: Likewise.
1089 2007-08-31 Steve Langasek <vorlon@debian.org>
1091 * modules/pam_group/group.conf: don't use "games" as an example
1092 group, on some distros this is a pre-existing group that it would
1093 be a security hole to give users access to.
1095 2007-08-30 Thorsten Kukuk <kukuk@thkukuk.de>
1097 * modules/pam_limits/limits.conf.5.xml: Document that maxlogins
1098 is ignored for users with UID 0.
1100 2007-08-30 Steve Langasek <vorlon@debian.org>
1102 * modules/pam_unix/support.c, modules/pam_unix/unix_chkpwd.c:
1103 A wrong username doesn't need to be logged at LOG_ALERT;
1104 LOG_WARNING should be sufficient.
1105 Patch from Sam Hartman <hartmans@debian.org>.
1107 * modules/pam_cracklib/pam_cracklib.c:
1108 s/CRACKLIB_DICT/CRACKLIB_DICTS/, for consistency with existing
1111 2007-08-29 Steve Langasek <vorlon@debian.org>
1113 * libpam/pam_modutil_getgrgid.c, libpam/pam_modutil_getgrnam.c,
1114 libpam/pam_modutil_getpwnam.c, libpam/pam_modutil_getpwuid.c,
1115 libpam/pam_modutil_getspnam.c: don't use pthread mutexes in libpam
1116 unnecessarily; this avoids linking problems on non-Linux
1119 * modules/pam_listfile/pam_listfile.c, modules/pam_listfile/README,
1120 modules/pam_listfile/pam_listfile.8,
1121 modules/pam_listfile/pam_listfile.8.xml: add a 'quiet' option to
1122 avoid logging errors any time a user is refused service by this
1125 2007-08-29 Thorsten Kukuk <kukuk@thkukuk.de>
1127 * modules/pam_rhosts/pam_rhosts_auth.c: buflen needs to be size_t.
1128 (__icheckhost): Cast to int32_t to fix limited range error.
1130 * modules/pam_cracklib/pam_cracklib.c: Mark cracklib_dictpath
1133 2007-08-29 Steve Langasek <vorlon@debian.org>
1135 * modules/pam_rhosts/pam_rhosts_auth.c: getline returns -1 at
1136 EOF, not 0. Check accordingly to fix an infinite loop. Thanks
1137 to Stephan Springl <springl-rhosts@bfw-online.de> for catching
1140 2007-08-28 Steve Langasek <vorlon@debian.org>
1142 * configure.in: call AC_CHECK_HEADERS instead of AC_CHECK_HEADER
1143 for crack.h, so we get a HAVE_CRACK_H define.
1144 * modules/pam_cracklib/pam_cracklib.c: don't copy around the
1145 cracklib dictpath into a fixed-width buffer, when we can just
1146 point at the existing strings; and allow users to override the
1147 default cracklib path with -DCRACKLIB_DICT, required for
1148 compatibility with cracklib 2.7.
1150 2007-08-27 Steve Langasek <vorlon@debian.org>
1152 * modules/pam_limits/pam_limits.c: when building on non-Linux
1153 systems, give a warning only, not an error; no one seems to
1154 remember why this error was here in the first place, but leave
1155 something in that might still grab the attention of non-Linux
1157 Patch from Michal Suchanek <hramrach_l@centrum.cz>.
1158 * configure.in, modules/pam_rhosts/pam_rhosts_auth.c: check for
1159 the presence of net/if.h before using, required for Hurd
1161 Patch from Igor Khavkine <i_khavki@alcor.concordia.ca>.
1162 * modules/pam_limits/pam_limits.c: conditionalize the use of
1163 RLIMIT_AS, which is not present on the Hurd.
1164 Patch from Igor Khavkine <i_khavki@alcor.concordia.ca>.
1165 * modules/pam_rhosts/pam_rhosts_auth.c: use getline() instead of
1166 a static buffer when available; fixes the build on systems
1167 without MAXHOSTNAMELEN (i.e., the Hurd).
1168 * modules/pam_xauth/pam_xauth.c: make sure PATH_MAX is defined
1171 2007-08-26 Andrew Morgan <morgan@kernel.org>
1173 * doc/man/pam.conf-syntax.xml
1174 Minor fixes: '\[' -> '\]'.
1176 2007-08-25 Steve Langasek <vorlon@debian.org>
1178 * doc/man/pam.conf-syntax.xml, doc/man/pam.conf.5:
1179 Document "new" control options conv_again and incomplete, supported
1180 in pam.d's extended syntax.
1181 Patch from Ben Collins <bcollins@debian.org>.
1183 2007-08-15 Tomas Mraz <t8m@centrum.cz>
1185 * modules/pam_access/pam_access.c (list_match): Add explicit
1186 sptr argument for strtok_r, otherwise the code is not portable.
1188 2007-08-13 Olivier Blin <blino@mandriva.com>
1190 * doc/man/pam.3.xml: Fix typo.
1191 * doc/man/pam.3: Likewise.
1192 * doc/man/pam_end.3.xml: Likewise.
1193 * doc/man/pam_end.3: Likewise.
1195 2007-07-18 Thorsten Kukuk <kukuk@thkukuk.de>
1197 * release version 0.99.8.1
1199 * libpam/pam_audit.c: Include unistd.h for getuid().
1200 * libpam/Makefile.am: Bump version number.
1202 2007-07-12 Thorsten Kukuk <kukuk@thkukuk.de>
1204 * libpam/pam_audit.c (_pam_audit_writelog): Don't return
1205 error if application runs as normal user. Fixes regression
1206 introduced with last change.
1208 2007-07-10 Thorsten Kukuk <kukuk@thkukuk.de>
1210 * configure.in: Add --with-db-uniquename option to support
1211 db libraries and functions with unique name extension.
1212 Patch from Diego 'Flameeyes' Pettenò <flameeyes@gmail.com>.
1214 * modules/pam_limits/pam_limits.c: Include locale.h.
1216 2007-07-06 Thorsten Kukuk <kukuk@thkukuk.de>
1218 * release version 0.99.8.0
1220 * configure.in: Check for audit_log_acct_message instead of
1221 audit_log_user_message.
1222 * libpam/pam_audit.c: Use audit_log_acct_message.
1223 Based on patch from Mark J Cox <mjc@redhat.com>.
1224 * libpam/Makefile.am: Bump version number of libpam.
1226 * modules/pam_umask/pam_umask.c (set_umask): mode_t is 32bit,
1229 * xtests/tst-pam_limits1.c: Fix printf arguments.
1231 * po/*.po: Merge po files with latest code changes.
1233 2007-06-26 Thorsten Kukuk <kukuk@thkukuk.de>
1235 * modules/pam_limits/pam_limits.c (process_limit): Check upper and
1236 lower limit of nice value, fix off-by-one in conversation to rlim_t.
1237 * xtests/Makefile.am: Add new pam_limits test case.
1238 * xtests/limits.conf: New, config file for test case.
1239 * xtests/pam_limits1.c: New, test case for RLIMIT_NICE.
1240 * xtests/pam_limits1.sh: Likewise.
1241 * xtests/pam_limits1.pamd: Likewise.
1243 2007-06-25 Thorsten Kukuk <kukuk@thkukuk.de>
1245 * modules/pam_access/pam_access.c (list_match): Use saveptr of strtok_r
1246 result for recursive calls.
1247 * xtests/Makefile.am: Add new pam_access test cases.
1248 * xtests/pam_access1.c: New test case.
1249 * xtests/pam_access2.c: Likewise.
1250 * xtests/pam_access3.c: Likewise.
1251 * xtests/pam_access4.c: Likewise.
1252 * xtests/pam_access1.sh: Wrapper to create user accounts.
1253 * xtests/pam_access2.sh: Likewise.
1254 * xtests/pam_access3.sh: Likewise.
1255 * xtests/pam_access4.sh: Likewise.
1256 * xtests/pam_access1.pamd: PAM config file for pam_access tests.
1257 * xtests/pam_access2.pamd: Likewise.
1258 * xtests/pam_access3.pamd: Likewise.
1259 * xtests/pam_access4.pamd: Likewise.
1260 * xtests/access.conf: Config file for pam_access tests.
1261 * xtests/run-tests.sh: Install access.conf into system.
1263 2007-06-22 Thorsten Kukuk <kukuk@thkukuk.de>
1265 * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Print
1266 better error message if /proc/self/loginuid cannot be opened.
1268 * modules/pam_limits/pam_limits.c (process_limit): Check for
1269 variable overflow after multiplication [bnc#283001].
1271 * modules/pam_access/pam_access.c: Add new syntax for groups
1272 in access.conf to differentiate group names from account names.
1273 Based on patch from Julien Lecomte <julien@famille-lecomte.net>,
1274 solves feature request [#411390].
1275 * modules/pam_access/access.conf: Add example for new group
1277 * modules/pam_access/access.conf.5.xml: Document new syntax.
1279 2007-06-20 Thorsten Kukuk <kukuk@thkukuk.de>
1281 * modules/pam_cracklib/pam_cracklib.8.xml: Document new minclass
1283 * modules/pam_cracklib/pam_cracklib.c: Add support for minimum
1284 character classes [#1688777]. Based on patch from Keith Schincke.
1286 * xtests/tst-pam_cracklib2.c: New, test case for minclass option.
1287 * xtests/tst-pam_cracklib2.pamd: New, PAM config file for test case.
1288 * xtests/Makefile.am: Add new testcase.
1290 * xtests/pam_cracklib.c: Fix comment what this application tests.
1292 * configure.in: Use /lib64 on x86-64, ppc64, s390x, sparc64
1294 2007-06-15 Tomas Mraz <t8m@centrum.cz>
1296 * modules/pam_selinux/pam_selinux.8.xml: Remove multiple option,
1297 add select_context and use_current_range options.
1298 * modules/pam_selinux/pam_selinux.c (send_audit_message): Added
1299 function for auditing role/level changes.
1300 (query_response): Add default response.
1301 (select_context): Removed.
1302 (manual_context): Query only role and level.
1303 (mls_range_allowed): Added function for range check.
1304 (config_context): Added function for role and level override.
1305 (pam_sm_open_session): Remove multiple option, add select_context
1306 and use_current_range_options. Use getseuserbyname to obtain
1307 SELinux user and level. Audit role/level changes. Call setkeycreatecon
1308 to assign key creation context. Don't fail on errors when SELinux
1309 is not in enforcing mode.
1310 * configure.in: Check for setkeycreatecon().
1312 * modules/pam_namespace/README.xml: Avoid duplication of
1314 * modules/pam_namespace/namespace.conf: More real life example
1316 * modules/pam_namespace/namespace.conf.5.xml: Likewise plus
1317 properly describe how instance directory names are formed.
1318 * modules/pam_namespace/namespace.init: Preserve euid when
1319 called from setuid apps (su, newrole).
1320 * modules/pam_namespace/pam_namespace.8.xml: Added option
1321 no_unmount_on_close.
1322 * modules/pam_namespace/pam_namespace.c (process_line): Polyinst
1323 methods are now user, level and context. Fix crash on unknown
1324 override user in config file.
1325 (ns_override): Add explicit uid parameter.
1326 (form_context): Skip for user method. Implement level based
1328 (poly_name): Initialize contexts. Add level based polyinst,
1329 remove 'both' metod. Use raw contexts for instance names,
1330 truncate long instance names and add hash.
1331 (ns_setup): Hashing moved to poly_name().
1332 (setup_namespace): Handle correctly override users for
1333 su (when unmnt_remnt is used).
1334 (pam_sm_close_session): Added no_unmount_on_close option.
1335 * modules/pam_namespace/pam_namespace.h: Added
1336 no_unmount_on_close_option, level method, limit on instance
1337 directory name length.
1339 2007-05-04 Thorsten Kukuk <kukuk@suse.de>
1341 * xtests/run-xtests.sh: Use SRCDIR to find PAM config files.
1342 * xtests/Makefile.am: Call run-xtests.sh with srcdir as first
1344 Based on patch by Bernard Leak <thisisnotapipe@hotmail.com>.
1346 2007-04-30 Thorsten Kukuk <kukuk@thkukuk.de>
1348 * modules/pam_limits/limits.conf: Address space limit is KB.
1349 * modules/pam_limits/limits.conf.5.xml: Likewise.
1350 Reported by Thomas Vander Stichele <thomas@apestaart.org>.
1352 * modules/pam_mail/pam_mail.c (_do_mail): Remove duplicate
1353 check for PAM_SILENT and don't bail out if it is set [#1706247].
1355 2007-03-29 Tomas Mraz <t8m@centrum.cz>
1357 * modules/pam_access/pam_access.c (login_access, list_match):
1358 Replace strtok with strtok_r.
1359 * modules/pam_cracklib/pam_cracklib.c (check_old_password):
1361 * modules/pam_ftp/pam_ftp.c (lookup, pam_authenticate):
1363 * modules/pam_unix/pam_unix_passwd.c (check_old_password,
1364 save_old_password): Likewise.
1366 * modules/pam_limits/Makefile.am: Define limits.d dir and install it.
1367 * modules/pam_limits/pam_limits.8.xml: Describe limits.d parsing.
1368 * modules/pam_limits/pam_limits.c (pam_limit_s): Make conf_file ptr.
1369 (pam_parse): conf_file is now ptr.
1370 (pam_sm_open_session): Add parsing files from limits.d subdir using
1371 glob, change pl to pointer.
1373 2007-03-12 Thorsten Kukuk <kukuk@thkukuk.de>
1375 * po/ar.po: New translation.
1376 * po/ca.po: Likewise.
1377 * po/da.po: Likewise.
1378 * po/ru.po: Likewise.
1379 * po/sv.po: Likewise.
1380 * po/zu.po: Likewise.
1381 * po/LINGUAS: Add ar, ca, da, ru, sv, zu
1383 * po/hu.po: Update translation.
1385 2007-02-21 Tomas Mraz <t8m@centrum.cz>
1387 * modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Test for
1388 allocation failure in bigcrypt().
1390 * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Allow
1391 modification of '*' password by root.
1393 2007-02-06 Tomas Mraz <t8m@centrum.cz>
1395 * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Remove
1396 debug syslog message when loginuid doesn't exist.
1398 2007-02-01 Tomas Mraz <t8m@centrum.cz>
1400 * xtests/tst-pam_unix3.c: Fix typos in comments.
1402 * modules/pam_unix/support.c (_unix_verify_password): Explicitly
1403 disallow '!' in the beginning of password hash. Treat only
1404 13 bytes password hash specifically. (Suggested by Solar Designer.)
1405 Fix a warning and test for allocation failure.
1406 * modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Likewise.
1408 2007-01-31 Thorsten Kukuk <kukuk@thkukuk.de>
1410 * xtests/Makefile.am: Add new pam_unix.so tests
1411 * xtests/run-xtests.sh: Prefer shell scripts (wrapper)
1413 * xtests/tst-pam_cracklib1.c: Fix typo.
1414 * xtests/tst-pam_unix1.c: New, for sucurity fix.
1415 * xtests/tst-pam_unix1.pamd: New.
1416 * xtests/tst-pam_unix1.sh: New.
1417 * xtests/tst-pam_unix2.c: New, for crypt checks.
1418 * xtests/tst-pam_unix2.pamd: New.
1419 * xtests/tst-pam_unix2.sh: New.
1420 * xtests/tst-pam_unix3.c: New, for bigcrypt checks.
1421 * xtests/tst-pam_unix3.pamd: New.
1422 * xtests/tst-pam_unix3.sh: New.
1424 2007-01-23 Thorsten Kukuk <kukuk@suse.de>
1428 * configure.in: Set version number to 0.99.7.1
1430 2007-01-23 Thorsten Kukuk <kukuk@thukuk.de>
1431 Tomas Mraz <t8m@centrum.cz>
1433 * modules/pam_unix/support.c (_unix_verify_password): Always
1434 compare full encrypted passwords (CVE-2007-0003).
1436 2007-01-23 Tomas Mraz <t8m@centrum.cz>
1438 * modules/pam_loginuid/Makefile.am (AM_LDFLAGS): Add LIBAUDIT.
1440 * modules/pam_selinux/Makefile.am (pam_selinux_check_LDFLAGS): Add
1442 (pam_selinux_la_LDFLAGS): Likewise.
1444 2007-01-17 Thorsten Kukuk <kukuk@thkukuk.de>
1448 * configure.in: Set version number to 0.99.7.0
1450 * Makefile.am (M4_FILES): Replace GNU make extension by listing
1453 2007-01-17 Tomas Mraz <t8m@centrum.cz>
1455 * po/*.po: Updated strings to translate.
1456 * po/Linux-PAM.pot: Likewise.
1458 2007-01-16 Thorsten Kukuk <kukuk@thkukuk.de>
1460 * doc/man/pam.conf-syntax.xml: Improve documentation about
1461 sufficient keyword (Patch by Petteri Räty <betelgeuse@gentoo.org>)
1463 2006-12-20 Thorsten Kukuk <kukuk@thkukuk.de>
1465 * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Forbid
1466 only '+' and '-' as first characters for account names.
1467 * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise.
1469 2006-12-18 Thorsten Kukuk <kukuk@thkukuk.de>
1471 * configure.in: Fix ENOKEY check (specify errno.h as header
1474 * configure.in: Add AM_PROG_CC_C_O.
1475 * libpam/Makefile.am: Add content of AM_LDFLAGS to *_LDFLAGS.
1476 * modules/pam_tally/Makefile.am: Likewise.
1477 * modules/pam_unix/Makefile.am: Likewise.
1479 * modules/pam_stress/pam_stress.c (pam_sm_chauthtok): Fix
1480 localisation of message printed to user.
1481 * po/de.po: Adjust translation.
1483 2006-12-18 Tomas Mraz <t8m@centrum.cz>
1485 * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Localize
1486 message printed to user.
1488 * modules/pam_unix/support.c (_unix_verify_password): Use strncmp
1489 only for bigcrypt result.
1491 * modules/pam_keyinit/pam_keyinit.c (kill_keyrings): Switch to new
1492 egid first, euid next. Revert euid/egid to old euid/egid and not
1494 (pam_sm_open_session): Switch to new rgid first, ruid next.
1496 2006-12-13 Thorsten Kukuk <kukuk@thkukuk.de>
1498 * modules/pam_localuser/pam_localuser.c: Add support for session
1499 and chauthtok [SF#1606180].
1500 * modules/pam_localuser/pam_localuser.8.xml: Document last change.
1502 * libpam/pam_audit.c (_pam_audit_writelog): Print error message
1505 2006-12-12 Thorsten Kukuk <kukuk@thkukuk.de>
1507 * libpam/pam_audit.c (_pam_audit_writelog): Print error
1508 message on failure to syslog.
1510 2006-12-09 Thorsten Kukuk <kukuk@thkukuk.de>
1512 * modules/pam_umask/pam_umask.c: Use strtoul instead of strtol,
1513 fix overflow detection.
1515 2006-12-06 Thorsten Kukuk <kukuk@thkukuk.de>
1517 * modules/pam_mkhomedir/pam_mkhomedir.c (rec_mkdir): Fix
1518 handling of left-most path component [SF#1591598].
1519 (create_homedir): Mark user visible messages for translation.
1520 * po/de.po: Adjust german translation for pam_mkhomedir.
1522 * modules/pam_faildelay/pam_faildelay.c: If no argument is
1523 given, try to read FAIL_DELAY from /etc/login.defs.
1524 * modules/pam_faildelay/pam_faildelay.8.xml: Document usage
1527 2006-12-04 Tomas Mraz <t8m@centrun.cz>
1529 * po/jp.po: Fixed mistake in Password: message (from
1530 Peng Huang <phuang@redhat.com>).
1532 2006-11-28 Thorsten Kukuk <kukuk@thkukuk.de>
1534 * po/hu.po: Update hungarian translation (from
1535 Kalman Kemenczy <kkemenczy@novell.com>).
1537 * configure.in: Allow disabling support for cracklib, audit, libdb.
1539 * modules/pam_faildelay/pam_faildelay.8.xml: Correct name of Author.
1541 * configure.in: Remove --enable-docdir (obsolete by --docdir).
1542 * doc/Makefile.am: Don't overwrite htmldir.
1543 * doc/adg/Makefile.am: Use docdir, htmldir and pdfdir.
1544 * doc/mwg/Makefile.am: Likewise.
1545 * doc/sag/Makefile.am: Likewise.
1546 * doc/specs/Makefile.am: Use docdir.
1548 * tests/tst-pam_set_data.c: New test cases for pam_set_data().
1549 * tests/Makefile.am: Add pam_set_data test case.
1551 * libpam/pam_data.c: Add NULL pointer check for module_data_name.
1552 * libpam/Makefile.am: Bump revision of shared library.
1554 2006-11-08 Thorsten Kukuk <kukuk@thkukuk.de>
1556 * configure.in: Add modules/pam_faildelay/Makefile.
1557 * doc/sag/Linux-PAM_SAG.xml: Include pam_faildelay.xml.
1558 * doc/sag/pam_faildelay.xml: New.
1559 * libpam/pam_static_modules.h: Include static pam_faildelay data.
1560 * modules/Makefile.am: Add pam_faildelay directory.
1561 * modules/pam_faildelay/Makefile.am: New.
1562 * modules/pam_faildelay/README: New, generated from XML file.
1563 * modules/pam_faildelay/README.xml: New.
1564 * modules/pam_faildelay/pam_faildelay.8: New, generated from xml.
1565 * modules/pam_faildelay/pam_faildelay.8.xml: New.
1566 * modules/pam_faildelay/pam_faildelay.c: New.
1567 * modules/pam_faildelay/tst-pam_faildelay: New.
1569 * po/POTFILES.in: Add pam_faildelay.c and pam_loginuid.c.
1571 2006-11-07 Thorsten Kukuk <kukuk@thkukuk.de>
1573 * modules/pam_cracklib/pam_cracklib.c: PAM_DEBUG_ARG
1574 is a bit mask and not a boolean value (Reported by
1575 Jochen Voss <voss@seehuhn.de>).
1577 2006-10-26 Thorsten Kukuk <kukuk@thkukuk.de>
1579 * doc/man/pam.3.xml: Add pam_get_user function.
1581 * modules/pam_motd/pam_motd.8.xml: Fix typo.
1583 2006-10-24 Thorsten Kukuk <kukuk@thkukuk.de>
1585 * modules/pam_namespace/pam_namespace.c: Reserve space for
1588 2006-10-24 Thorsten Kukuk <kukuk@thkukuk.de>
1590 * modules/pam_unix/support.c (_unix_verify_password): Try system
1591 crypt() if we don't know the hash alogorithm.
1592 * modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Likewise.
1594 2006-10-13 Tomas Mraz <t8m@centrum.cz>
1596 * doc/mwg/Linux-PAM_MWG.xml: Add id[s] to section[s].
1597 * doc/sag/pam_access.xml: Likewise.
1598 * doc/sag/pam_echo.xml: Likewise.
1599 * doc/sag/pam_env.xml: Likewise.
1600 * doc/sag/pam_exec.xml: Likewise.
1601 * doc/sag/pam_group.xml: Likewise.
1602 * doc/sag/pam_limits.xml: Likewise.
1603 * doc/sag/pam_namespace.xml: Likewise.
1604 * doc/sag/pam_time.xml: Likewise.
1605 * doc/sag/Linux-PAM_SAG.xml: Add id to book.
1606 * doc/adg/Linux-PAM_ADG.xml: Add id to book.
1607 * doc/mwg/Linux-PAM_MWG.xml: Add id to book.
1610 2006-10-07 Thorsten Kukuk <kukuk@thkukuk.de>
1612 * po/hu.po: Updated hungarian translation (from
1613 Kalman Kemenczy <kkemenczy@novell.com>)
1615 2006-09-20 Thorsten Kukuk <kukuk@thkukuk.de>
1617 * doc/adg/Makefile.am: Add manual pages as dependency.
1618 * doc/mwg/Makefile.am: Likewise.
1619 * doc/sag/Makefile.am: Likewise.
1620 * doc/sag/Linux-PAM_SAG.xml: Include pam_unix.xml.
1621 * doc/sag/pam_unix.xml: New.
1622 * modules/pam_unix/Makefile.am: Generate pam_unix.8 manual page.
1623 * modules/pam_unix/README.xml: New.
1624 * modules/pam_unix/pam_unix.8.xml: New.
1625 * modules/pam_unix/README: Regenerate from XML.
1626 * modules/pam_unix/pam_unix.8: Generated from XML.
1628 2006-09-09 Dmitry V. Levin <ldv@altlinux.org>
1630 * modules/pam_wheel/pam_wheel.8.xml: Fix typo.
1631 * modules/pam_wheel/pam_wheel.8: Likewise.
1632 * modules/pam_wheel/README: Likewise.
1634 2006-09-08 Thorsten Kukuk <kukuk@thkukuk.de>
1636 * po/de.po: Fix typo.
1638 2006-09-06 Thorsten Kukuk <kukuk@thkukuk.de>
1640 * release version 0.99.6.3
1642 2006-09-01 Thorsten Kukuk <kukuk@thkukuk.de>
1644 * modules/pam_loginuid/pam_loginuid.8.xml: Fix typo in
1647 2006-08-31 Thorsten Kukuk <kukuk@thkukuk.de>
1649 * modules/pam_env/environment: New, dummy environment example
1652 * modules/pam_namespace/Makefile.am: Don't install
1653 manual page if we don't build module.
1655 * m4/ld-as-needed.m4: Don't set LDFLAGS if check failed.
1656 * m4/ld-O1: Likewise.
1658 2006-08-30 Tomas Mraz <t8m@centrum.cz>
1660 * modules/pam_access/pam_access.8.xml: All services supported.
1661 * modules/pam_access/pam_access.c (pam_sm_open_session): New.
1662 (pam_sm_close_session): New.
1663 (pam_sm_chauthtok): New.
1665 * modules/pam_access/pam_succeed_if.8.xml: All services supported.
1666 * modules/pam_access/pam_succeed_if.c (pam_sm_setcred): Return
1667 PAM_IGNORE rather than success.
1668 (pam_sm_open_session): New.
1669 (pam_sm_close_session): New.
1670 (pam_sm_chauthtok): New.
1672 2006-08-30 Thorsten Kukuk <kukuk@thkukuk.de>
1674 * xtests/Makefile.am: Move shell code to execute tests from here ...
1675 * xtests/run-xtests.sh: ... to here.
1676 * xtests/*.c: Include config.h.
1677 * tests/*.c: Likewise.
1679 * modules/pam_namespace/pam_namespace.c: Use pam_modutil_getpwnam()
1680 instead of getpwnam().
1682 2006-08-29 Thorsten Kukuk <kukuk@thkukuk.de>
1684 * doc/sag/pam_loginuid.xml: New.
1685 * doc/sag/Linux-PAM_SAG.xml: Include pam_loginuid.xml.
1687 * configure.in: Add modules/pam_loginuid/Makefile.
1688 * modules/Makefile.am: Add pam_loginuid sub directory.
1690 * libpam/pam_static_modules.h: Add pam_loginuid.
1692 * modules/pam_loginuid/Makefile.am: New.
1693 * modules/pam_loginuid/tst-pam_loginuid: New.
1694 * modules/pam_loginuid/pam_loginuid.8.xml: New.
1695 * modules/pam_loginuid/pam_loginuid.8: New, generated from XML source.
1696 * modules/pam_loginuid/pam_loginuid.c: New.
1697 * modules/pam_loginuid/README.xml: New.
1698 * modules/pam_loginuid/README: New, generated from XML source.
1700 2006-08-29 Dmitry V. Levin <ldv@altlinux.org>
1702 * modules/pam_exec/pam_exec.c (call_exec): Add required third
1703 argument to open() call with O_CREAT flag set.
1705 2006-08-28 Thorsten Kukuk <kukuk@thkukuk.de>
1707 * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Remove
1710 2006-08-24 Thorsten Kukuk <kukuk@thkukuk.de>
1712 * release version 0.99.6.2
1714 * modules/pam_lastlog/pam_lastlog.c (last_login_date): Create
1715 lastlog file if it does not exist.
1717 * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Check
1718 for error from getting second token.
1719 * xtests/Makefile.am: Add tst-pam_cracklib1
1720 * xtests/tst-pam_cracklib1.c: New, check for pam_cracklib seg.fault.
1721 * xtests/tst-pam_cracklib1.pamd: New, config for cracklib test.
1723 2006-08-24 Thorsten Kukuk <kukuk@thkukuk.de>
1725 * xtests/tst-pam_dispatch4.c: New test.
1726 * xtests/tst-pam_dispatch4.pamd: PAM config for new test.
1728 2006-08-09 Thorsten Kukuk <kukuk@thkukuk.de>
1730 * release version 0.99.6.1
1732 2006-08-09 David Howells <dhowells@redhat.com>
1734 * modules/pam_keyinit/pam_keyinit.c (kill_keyrings): Set real uid
1735 to user's before revoking.
1736 (pam_sm_open_session): Remember the uid.
1738 2006-08-06 Thorsten Kukuk <kukuk@thkukuk.de>
1740 * modules/pam_umask/pam_umask.c (setup_limits_from_gecos):
1742 * modules/pam_umask/pam_umask.8.xml: Document silent option.
1744 * xtests/Makefile.am: Fix includes for bootstrapping.
1745 Reported by Greg Schafer <gschafer@zip.com.au>.
1747 2006-08-05 Thorsten Kukuk <kukuk@thkukuk.de>
1749 * release version 0.99.6.0
1751 * modules/pam_limits/pam_limits.c (pam_sm_open_session): Use
1752 pam_modutil_getpwnam instead of getpwnam.
1754 * modules/pam_succeed_if/pam_succeed_if.c (evaluate): Cast
1755 svc variable to char pointer for snprintf.
1757 * configure.in: Generate xtests/Makefile.
1758 * Makefile.am (SUBDIRS): Add xtests.
1759 * README: Document make check and make xtests.
1760 * xtests/Makefile.am: New.
1761 * xtests/tst-pam_dispatch1.pamd: New.
1762 * xtests/tst-pam_dispatch2.pamd: New.
1763 * xtests/tst-pam_dispatch3.pamd: New.
1764 * xtests/tst-pam_dispatch1.c: New.
1765 * xtests/tst-pam_dispatch2.c: New.
1766 * xtests/tst-pam_dispatch3.c: New.
1768 2006-08-04 Ray Strode <rstrode@redhat.com>
1770 * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate):
1771 Return PAM_USER_UNKNOWN instead of PAM_SERVICE_ERR where appropriate.
1773 2006-08-03 David Howells <dhowells@redhat.com>
1775 * modules/pam_keyinit/pam_keyinit.c: Debug should be off by default.
1776 (init_keyrings): Properly handle multiple invocations of the module.
1777 (kill_keyrings, pam_sm_open_session, pam_sm_close_session): Likewise.
1779 2006-08-03 Tomas Mraz <t8m@centrum.cz>
1781 * modules/pam_succeed_if/pam_succeed_if.c (evaluate_inlist):
1782 New function for list matching.
1783 (evaluate_notinlist): Likewise.
1784 (evaluate): Add service value match, list matching.
1785 * modules/pam_succeed_if/pam_succeed_if.8.xml: Document the
1788 * modules/pam_selinux/pam_selinux.c (security_label_tty): Don't log
1789 relabelling error when the tty device doesn't exist (ENOENT).
1791 2006-08-01 Thorsten Kukuk <kukuk@thkukuk.de>
1793 * doc/man/pam_fail_delay.3.xml: Fix some Bugs and enhance
1794 rationale about when this function should be used and when not.
1796 * doc/index.html: Cleanup to look prettier.
1798 2006-08-01 Thorsten Kukuk <kukuk@thkukuk.de>
1800 * libpam/Makefile.am: Bump patchlevel of libpam.
1801 * libpam/pam_dispatch.c (_pam_dispatch_aux): If [return=die]
1802 or [return=bad] is used, don't return PAM_IGNORE. Based on
1803 patch by Tomas Mraz <t8m@centrum.cz>, [BRC#196859].
1805 2006-07-28 Thorsten Kukuk <kukuk@thkukuk.de>
1807 * ABOUT-NLS: Upgrade to gettext-0.15.
1808 * config.rpath: Likewise.
1809 * m4/gettext.m4: Upgrade to gettext-0.15.
1810 * m4/inttypes-h.m4: New file, from gettext-0.15.
1811 * m4/inttypes-pri.m4: Upgrade to gettext-0.15.
1812 * m4/lib-link.m4: Upgrade to gettext-0.15.
1813 * m4/lib-prefix.m4: Upgrade to gettext-0.15.
1814 * m4/lock.m4: New file, from gettext-0.15.
1815 * m4/longdouble.m4: Upgrade to gettext-0.15.
1816 * m4/nls.m4: Upgrade to gettext-0.15.
1817 * m4/po.m4: Upgrade to gettext-0.15.
1818 * m4/size_max.m4: Upgrade to gettext-0.15.
1819 * m4/visibility.m4: New file, from gettext-0.15.
1820 * po/Makefile.in.in: Upgrade to gettext-0.15.
1822 2006-07-24 David Quigley <dpquigl@tycho.nsa.gov>
1824 * modules/pam_namespace/Makefile.am: Add pam_namespace.h.
1825 * modules/pam_namespace/pam_namespace.c: Move includes and
1826 data structure definitions from here ...
1827 * modules/pam_namespace/pam_namespace.h: ... here. New file.
1829 * modules/pam_namespace/pam_namespace.c: Move large sections
1830 of code into new functions.
1832 2006-07-24 Thorsten Kukuk <kukuk@thkukuk.de>
1834 * doc/adg/Makefile.am: Add uninstall and distclean rules.
1835 * doc/mwg/Makefile.am: Likewise.
1836 * doc/sag/Makefile.am: Likewise.
1838 2006-07-08 Daniel Richard G. <skunk@iskunk.org>
1840 * conf/pam_conv1/Makefile.am: Fix rules for lex and yacc files.
1841 * conf/pam_conv1/pam_conv.lex: Rename to ...
1842 * conf/pam_conv1/pam_conv_l.l: ... this.
1843 * conf/pam_conv1/pam_conv.y: Rename to ...
1844 * conf/pam_conv1/pam_conv_y.y: ... this.
1845 * configure.in: Add AC_HELP_STRING()s to various AC_ARG_ENABLE()
1847 * doc/Makefile.am: Fix rule to install index.html.
1848 * doc/adg/Makefile.am: Fix test usage.
1849 * doc/mwg/Makefile.am: Likewise.
1850 * doc/sag/Makefile.am: Likewise.
1851 * doc/specs/Makefile.am: Fix rules for lex and yacc files.
1852 * specs/parse.lex: Rename to ...
1853 * doc/specs/parse_l.l: ... this.
1854 * doc/specs/parse.y: Rename to ...
1855 * doc/specs/parse_y.y: ... this.
1856 * libpam/pam_account.c: Fix #if vs. #ifdef.
1857 * libpam/pam_audit.c: Likewise.
1858 * libpam/pam_auth.c: Likewise.
1859 * libpam/pam_password.c: Likewise.
1860 * libpam/pam_private.h: Likewise.
1861 * libpam/pam_session.c: Likewise.
1862 * libpam/pam_start.c: Likewise.
1863 * libpam/pam_static.c: Fix "empty sourcefile" warning.
1864 * modules/pam_limits/pam_limits.c: Check for __linux, too.
1865 * modules/pam_userdb/Makefile.am: Don't run test if no
1867 * tests/tst-dlopen.c: Include config.h.
1869 2006-07-03 Dan Yefimov <dan@D00M.lightwave.net.ru>
1871 * configure.in: Fixed have_key_syscalls test.
1873 * modules/pam_access/pam_access.c (from_match): Fixed IPv4 network
1874 match, removed AI_ADDRCONFIG flag.
1876 2006-06-30 Tomas Mraz <t8m@centrum.cz>
1878 * modules/pam_namespace/Makefile.am(EXTRA_DIST): Add namespace.init.
1880 2006-06-29 Thorsten Kukuk <kukuk@thkukuk.de>
1882 * doc/Makefile.am (releasedocs): Fix directory layout.
1883 * doc/adg/Makefile.am: Likewise.
1884 * doc/mwg/Makefile.am: Likewise.
1885 * doc/sag/Makefile.am: Likewise.
1887 2006-06-28 Thorsten Kukuk <kukuk@thkukuk.de>
1889 * doc/sag: System Administrator Guide as XML source.
1890 * doc/sag/Makefile.am: New.
1891 * doc/sag/Linux-PAM_SAG.xml: New, main XML document.
1892 * doc/sag/pam_*.xml: New, wrapper to include module documentation.
1894 * doc/adg: Application Developers Guide as XML source.
1895 * doc/adg/Makefile.am: New.
1896 * doc/adg/Linux-PAM_ADG.xml: New, main XML document.
1897 * doc/adg/pam_*.xml: New, wrappers to include manual pages.
1899 * doc/mwg: Application Developers Guide as XML source.
1900 * doc/mwg/Makefile.am: New.
1901 * doc/mwg/Linux-PAM_MWG.xml: New, main XML document.
1902 * doc/mwg/pam_*.xml: New, wrappers to include manual pages.
1904 * doc/CREDITS: Removed.
1905 * doc/NOTES: Removed.
1906 * doc/pam_appl.sgml: Removed.
1907 * doc/pam_modules.sgml: Removed.
1908 * doc/pam_source.sgml: Removed.
1909 * doc/figs/pam_orient.txt: Removed.
1910 * doc/figs: Removed.
1912 * configure.in: Remove checks for sgml2* progrs, add sag, adg
1915 * doc/Makefile.am: Remove references to sgml, add sag, adg and mwg
1917 * doc/modules: Remove directory.
1918 * doc/html: Remove directory.
1919 * doc/ps: Remove directory.
1920 * doc/pdf: Remove directory.
1921 * doc/txts: Remove directory.
1922 * doc/index.html: Moved from html directory to here.
1924 2006-06-28 Thorsten Kukuk <kukuk@thkukuk.de>
1926 * release version 0.99.5.0
1928 * bump version number to 0.99.5.0
1930 * modules/pam_rhosts/pam_rhosts.c: New module, replaces
1932 * modules/pam_rhosts/pam_rhosts.8.xml: New.
1933 * modules/pam_rhosts/pam_rhosts.8: New, generated from XML source.
1934 * modules/pam_rhosts/tst-pam_rhosts: New.
1935 * modules/pam_rhosts/Makefile.am: Add pam_rhosts, generate
1936 manual page and README.
1937 * modules/pam_rhosts/README.xml: New.
1938 * modules/pam_rhosts/reADME: Regenerated from XML source.
1940 * doc/man/pam_sm_acct_mgmt.3.xml: Adjust syntax for module
1942 * doc/man/pam_sm_authenticate.3.xml: Likewise.
1943 * doc/man/pam_sm_chauthtok.3.xml: Likewise.
1944 * doc/man/pam_sm_close_session.3.xml: Likewise.
1945 * doc/man/pam_sm_open_session.3.xml: Likewise.
1946 * doc/man/pam_sm_setcred.3.xml: Likewise.
1948 * po/POTFILES.in: Add new source files.
1950 * libpam/pam_static_modules.h: Add new modules.
1952 * modules/pam_keyinit.c: Add _pam_keyinit_modstruct.
1954 * modules/pam_keyinit/Makefile.am (EXTRA_DIST): Add XML
1955 files and manual page.
1957 2006-06-27 Thorsten Kukuk <kukuk@thkukuk.de>
1959 * configure.in: Allow disabling of SELinux support, check for
1962 2006-06-27 Tomas Mraz <t8m@centrum.cz>
1964 * modules/pam_namespace/pam_namespace.c: New module
1965 originally written by Janak Desai.
1966 * modules/pam_namespace/Makefile.am: New.
1967 * modules/pam_namespace/README: New.
1968 * modules/pam_namespace/md5.c: New.
1969 * modules/pam_namespace/md5.h: New.
1970 * modules/pam_namespace/namespace.conf: New.
1971 * modules/pam_namespace/namespace.conf.5: New.
1972 * modules/pam_namespace/namespace.conf.5.xml: New.
1973 * modules/pam_namespace/namespace.init: New.
1974 * modules/pam_namespace/pam_namespace.8: New.
1975 * modules/pam_namespace/pam_namespace.8.xml: New.
1976 * modules/pam_namespace/tst-pam_namespace: New.
1977 * modules/Makefile.am: Added pam_namespace.
1978 * configure.in: Added pam_namespace, test for unshare
1981 2006-06-27 David Howells <dhowells@redhat.com>
1983 * modules/pam_keyinit/pam_keyinit.c: New module.
1984 * modules/pam_keyinit/pam_keyinit.8: New.
1985 * modules/pam_keyinit/pam_keyinit.8.xml: New.
1986 * modules/pam_keyinit/README: New.
1987 * modules/pam_keyinit/README.xml: New.
1988 * modules/pam_keyinit/Makefile.am: New.
1989 * modules/pam_keyinit/tst-pam_keyinit: New.
1990 * modules/Makefile.am: Added pam_keyinit.
1991 * configure.in: Added test for the key mgmt syscall.
1993 2006-06-27 Thorsten Kukuk <kukuk@thkukuk.de>
1995 * m4/libprelude.m4: Sync with upstream.
1997 2006-06-27 Tomas Mraz <t8m@centrum.cz>
1999 * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary):
2000 signal() fails with SIG_ERR return
2001 * modules/pam_unix/pam_unix_passwd.c(_unix_run_shadow_binary):
2003 * modules/pam_unix/support.c(_unix_run_helper_binary):
2006 2006-06-25 Thorsten Kukuk <kukuk@thkukuk.de>
2008 * doc/man/misc_conv.3.xml: New.
2009 * doc/man/misc_conv.3: New.
2010 * doc/man/pam_misc_paste_env.3.xml: New.
2011 * doc/man/pam_misc_paste_env.3: New.
2012 * doc/man/pam_misc_drop_env.3.xml: New.
2013 * doc/man/pam_misc_drop_env.3: New.
2014 * doc/man/pam_misc_setenv.3.xml: New.
2015 * doc/man/pam_misc_setenv.3: New.
2016 * doc/man/Makefile.am: Add new manual pages.
2018 * doc/man/pam_acct_mgmt.3.xml: Fix syntax for inclusion
2019 in Applicatoin Developer Guide.
2020 * doc/man/pam_authenticate.3.xml: Likewise
2021 * doc/man/pam_chauthtok.3.xml: Likewise
2022 * doc/man/pam_close_session.3.xml: Likewise
2023 * doc/man/pam_conv.3.xml: Likewise
2024 * doc/man/pam_end.3.xml: Likewise
2025 * doc/man/pam_fail_delay.3.xml: Likewise
2026 * doc/man/pam_getenv.3.xml: Likewise
2027 * doc/man/pam_getenvlist.3.xml: Likewise
2028 * doc/man/pam_open_session.3.xml: Likewise
2029 * doc/man/pam_putenv.3.xml: Likewise
2030 * doc/man/pam_setcred.3.xml: Likewise
2031 * doc/man/pam_start.3.xml: Likewise
2032 * doc/man/pam_strerror.3.xml: Likewise
2034 * doc/man/pam_acct_mgmt.3: Regenerate from XML source.
2035 * doc/man/pam_authenticate.3: Likewise
2036 * doc/man/pam_chauthtok.3: Likewise
2037 * doc/man/pam_close_session.3: Likewise
2038 * doc/man/pam_conv.3: Likewise
2039 * doc/man/pam_end.3: Likewise
2040 * doc/man/pam_fail_delay.3: Likewise
2041 * doc/man/pam_getenv.3: Likewise
2042 * doc/man/pam_getenvlist.3: Likewise
2043 * doc/man/pam_open_session.3: Likewise
2044 * doc/man/pam_putenv.3: Likewise
2045 * doc/man/pam_setcred.3: Likewise
2046 * doc/man/pam_sm_close_session.3: Likewise
2047 * doc/man/pam_start.3: Likewise
2048 * doc/man/pam_strerror.3: Likewise
2049 * doc/man/pam_syslog.3: Likewise
2050 * doc/man/PAM.8: Likewise
2052 2006-06-24 Thorsten Kukuk <kukuk@thkukuk.de>
2054 * modules/pam_limits/pam_limits.c (setup_limits): Don't
2055 reset priority for root.
2057 2006-06-23 Thorsten Kukuk <kukuk@thkukuk.de>
2059 * modules/pam_access/access.conf.5.xml: Fix syntax for SAG.
2060 * modules/pam_access/pam_access.8.xml: Likewise.
2061 * modules/pam_deny/pam_deny.8.xml: Likewise.
2062 * modules/pam_echo/pam_echo.8.xml: Likewise.
2063 * modules/pam_env/pam_env.8.xml: Likewise.
2064 * modules/pam_env/pam_env.conf.5.xml: Likewise.
2065 * modules/pam_group/group.conf.5.xml: Likewise.
2066 * modules/pam_group/pam_group.8.xml: Likewise.
2067 * modules/pam_limits/limits.conf.5.xml: Likewise.
2068 * modules/pam_listfile/pam_listfile.8.xml: Likewise.
2069 * modules/pam_succeed_if/pam_succeed_if.8.xml: Likewise.
2070 * modules/pam_time/pam_time.8.xml: Likewise.
2071 * modules/pam_time/time.conf.5.xml: Likewise.
2073 * modules/pam_access/access.conf.5: Regenerate.
2074 * modules/pam_access/pam_access.8: Likewise.
2075 * modules/pam_deny/pam_deny.8: Likewise.
2076 * modules/pam_echo/README: Likewise.
2077 * modules/pam_echo/pam_echo.8: Likewise.
2078 * modules/pam_env/pam_env.8: Likewise.
2079 * modules/pam_env/pam_env.conf.5: Likewise.
2080 * modules/pam_group/README: Likewise.
2081 * modules/pam_group/group.conf.5: Likewise.
2082 * modules/pam_group/pam_group.8: Likewise.
2083 * modules/pam_limits/limits.conf.5: Likewise.
2084 * modules/pam_listfile/README: Likewise.
2085 * modules/pam_listfile/pam_listfile.8: Likewise.
2086 * modules/pam_succeed_if/pam_succeed_if.8: Likewise.
2087 * modules/pam_time/pam_time.8: Likewise.
2088 * modules/pam_time/time.conf.5: Likewise.
2090 * doc/man/Makefile.am: Add pam.conf-desc.xml, pam.conf-dir.xml
2091 and pam.conf-syntax.xml.
2092 * doc/man/pam.conf.5.xml: Split into different pieces for SAG.
2093 * doc/man/pam.conf.5: Regenerated.
2094 * doc/man/pam.conf-desc.xml: New.
2095 * doc/man/pam.conf-dir.xml: New.
2096 * doc/man/pam.conf-syntax.xml: New.
2098 2006-06-21 Thorsten Kukuk <kukuk@thkukuk.de>
2100 * modules/pam_selinux/Makefile.am: Fix "make dist" if libselinux
2103 * modules/pam_issue/pam_issue.8.xml: Fix listing of escapes.
2104 * modules/pam_issue/pam_issue.8: Regenerate.
2106 2006-06-20 Thorsten Kukuk <kukuk@thkukuk.de>
2108 * configure.in: Remove unused check for libcap.
2110 * m4/ld-as-needed.m4: New.
2112 * configure.in: Call PAM_LD_AS_NEEDED and PAM_LD_O1,
2113 require docbook version 4.4.
2115 2006-06-19 Thorsten Kukuk <kukuk@thkukuk.de>
2117 * doc/man/pam.8.xml: Syntax cleanup.
2118 * doc/pam/PAM.8: Regenerated from xml source.
2119 * man/pam_sm_chauthtok.3: New.
2120 * man/pam_sm_chauthtok.3.xml: New.
2121 * man/pam_sm_close_session.3: New.
2122 * man/pam_sm_close_session.3.xml: New.
2123 * man/pam_sm_open_session.3: New.
2124 * man/pam_sm_open_session.3.xml: New.
2125 * man/pam_sm_authenticate.3: New.
2126 * man/pam_sm_authenticate.3.xml: New.
2127 * man/pam_sm_setcred.3: New.
2128 * man/pam_sm_setcred.3.xml: New.
2129 * man/Makefile.am: Add new pam_sm_* manual pages.
2131 * specs/Makefile.am: Fix rule to generate draft.
2133 2006-06-18 Thorsten Kukuk <kukuk@thkukuk.de>
2135 * modules/pam_tally/Makefile.am: Include Make.xml.rules.
2136 * modules/pam_tally/pam_tally.8.xml: New.
2137 * modules/pam_tally/pam_tally.8: New, generated from xml file.
2138 * modules/pam_tally/README.xml: New.
2139 * modules/pam_tally/README: Regenerated from xml file.
2141 * modules/pam_selinux/Makefile.am: Include Make.xml.rules.
2142 * modules/pam_selinux/pam_selinux.8.xml: New.
2143 * modules/pam_selinux/pam_selinux.8: Regenerated from xml file.
2144 * modules/pam_selinux/README.xml: New.
2145 * modules/pam_selinux/README: Regenerated from xml file.
2147 2006-06-17 Thorsten Kukuk <kukuk@thkukuk.de>
2149 * modules/pam_debug/Makefile.am: Include Make.xml.rules.
2150 * modules/pam_debug/pam_debug.8.xml: New.
2151 * modules/pam_debug/pam_debug.8: New, generated from xml file.
2152 * modules/pam_debug/README.xml: New.
2153 * modules/pam_debug/README: Regenerated from xml file.
2155 * examples/vpass.c: UID is unsigned on Linux.
2156 * modules/pam_exec/pam_exec.c: Likewise.
2157 * modules/pam_unix/pam_unix_acct.c: Likewise.
2158 * modules/pam_unix/pam_unix_sess.c: Likewise.
2160 * modules/pam_succeed_if/pam_succeed_if.8.xml: Fix syntax error.
2161 * modules/pam_succeed_if/pam_succeed_if.8: Regenerated.
2162 * modules/pam_succeed_if/README: Regenerated.
2164 * modules/pam_limits/Makefile.am: Include Make.xml.rules.
2165 * modules/pam_limits/limits.conf.5: New, generated from xml file.
2166 * modules/pam_limits/limits.conf.5.xml: New.
2167 * modules/pam_limits/pam_limits.8: New, generated from xml file.
2168 * modules/pam_limits/pam_limits.8.xml: New.
2169 * modules/pam_limits/README.xml: New.
2170 * modules/pam_limits/README: Regenerated from README.xml.
2172 2006-06-16 Thorsten Kukuk <kukuk@thkukuk.de>
2174 * modules/pam_unix/pam_unix_passwd.c (save_old_password): UIDs
2175 are unsigned on Linux, don't truncate them.
2176 (_do_setpass): err is of type clnt_stat, not int.
2178 * modules/pam_lastlog/pam_lastlog.c (last_login_read): Don't
2179 truncate UID for syslog output.
2181 * modules/pam_time/pam_time.c: Replace type boolean with int.
2182 * modules/pam_group/pam_group.c: Likewise.
2184 2006-06-15 Thorsten Kukuk <kukuk@thkukuk.de>
2186 * modules/pam_unix/bigcrypt.h: New.
2187 * modules/pam_unix/Makefile.am: Add bigcrypt.h.
2188 * modules/pam_unix/bigcrypt.c: Include bigcrypt.h.
2189 * modules/pam_unix/support.c: Include bigcrypt.h, remove
2191 * modules/pam_unix/bigcrypt_main.c: Include bigcrypt.h, remove
2193 * modules/pam_unix/pam_unix_passwd.c: Include bigcrypt.h, remove
2196 * modules/pam_time/pam_time.c (logic_member): Remove unused
2199 * modules/pam_group/pam_group.c (logic_field): Accept
2200 colon in tty name. [#1428276].
2201 (logic_member): Remove unused variable len.
2202 (check_account): Fix usage of err variable in debug code.
2204 * modules/pam_time/pam_time.c (logic_field): Likewise.
2206 * configure.in: Add special exceptions for icc: different
2207 compiler warnings, no PIE support.
2209 2006-06-14 Thorsten Kukuk <kukuk@thkukuk.de>
2211 * libpam/pam_misc.c (_pam_strdup): Use strlen and strcpy.
2213 * configure.in: Remove --enable-memory-debug, add option
2214 to disable prelude if installed.
2216 * modules/pam_tally/pam_tally.c: Remove MEMORY_DEBUG
2217 * modules/pam_filter/upperLOWER/upperLOWER.c: Likewise.
2218 * modules/pam_unix/unix_chkpwd.c: Likewise.
2219 * libpam/include/security/_pam_types.h: Likewise.
2220 * libpam/libpam.map: Remove LIBPAM_MALLOC_DEBUG export.
2221 * libpam/pam_malloc.c: Remove file.
2222 * libpam/Makefile.am: Remove pam_malloc.c and pam_malloc.h.
2224 * libpam/pam_handlers.c (extract_modulename): Use _pam_strdup
2227 * libpam/pam_private.h: Remove _pam_strCMP.
2228 * libpam/pam_misc.c: Likewise.
2229 * libpam/pam_handlers.c: Replaced _pam_strCMP with strcasecmp.
2231 2006-06-12 Thorsten Kukuk <kukuk@thkukuk.de>
2233 * modules/pam_tally/Makefile.am (AM_LDFLAGS): Remove flags
2234 for modules from main application.
2236 2006-06-09 Thorsten Kukuk <kukuk@thkukuk.de>
2238 * modules/pam_time/Makefile.am: Include Make.xml.rules.
2239 * modules/pam_time/time.conf.5: New, generated from xml file.
2240 * modules/pam_time/time.conf.5.xml: New.
2241 * modules/pam_time/pam_time.8: New, generated from xml file.
2242 * modules/pam_time/pam_time.8.xml: New.
2243 * modules/pam_time/README.xml: New.
2244 * modules/pam_time/README: Regenerated from README.xml.
2246 * modules/pam_wheel/Makefile.am: Include Make.xml.rules.
2247 * modules/pam_wheel/pam_wheel.8.xml: New.
2248 * modules/pam_wheel/pam_wheel.8: New, generated from xml file.
2249 * modules/pam_wheel/README.xml: New.
2250 * modules/pam_wheel/README: Regenerated from xml file.
2252 * modules/pam_xauth/Makefile.am: Include Make.xml.rules.
2253 * modules/pam_xauth/pam_xauth.8.xml: New.
2254 * modules/pam_xauth/pam_xauth.8: Regenerated from xml file.
2255 * modules/pam_xauth/README.xml: New.
2256 * modules/pam_xauth/README: Regenerated from xml file.
2258 * modules/pam_deny/pam_deny.8.xml: Fix syntax errors.
2259 * modules/pam_deny/pam_deny.8: Regenerate from xml file.
2260 * modules/pam_deny/README: Likewise.
2262 * modules/pam_warn/Makefile.am: Include Make.xml.rules.
2263 * modules/pam_warn/pam_warn.8.xml: New.
2264 * modules/pam_warn/pam_warn.8: New, generated from xml file.
2265 * modules/pam_warn/README.xml: New.
2266 * modules/pam_warn/README: Regenerated from xml file.
2268 * modules/pam_userdb/Makefile.am: Include Make.xml.rules.
2269 * modules/pam_userdb/pam_userdb.8.xml: New.
2270 * modules/pam_userdb/pam_userdb.8: New, generated from xml file.
2271 * modules/pam_userdb/README.xml: New.
2272 * modules/pam_userdb/README: Regenerated from xml file.
2274 2006-06-06 Thorsten Kukuk <kukuk@thkukuk.de>
2276 * modules/pam_shells/Makefile.am: Include Make.xml.rules.
2277 * modules/pam_shells/pam_shells.8.xml: New.
2278 * modules/pam_shells/pam_shells.8: New, generated from xml file.
2279 * modules/pam_shells/README.xml: New.
2280 * modules/pam_shells/README: Regenerated from xml file.
2282 * libpam/include/security/pam_malloc.h: Add missing license
2285 * libpam/include/security/pam_ext.h: Add brackets for C++.
2286 * libpam/include/security/pam_modutil.h: Likewise.
2288 * libpam/include/security/pam_modules.h: Document where to
2289 find the copyright/license informations.
2291 * libpam/include/security/pam_appl.h: Move _pam_compat.h
2292 include inside of brackets.
2294 2006-06-04 Thorsten Kukuk <kukuk@thkukuk.de>
2296 * modules/pam_securetty/Makefile.am: Include Make.xml.rules.
2297 * modules/pam_securetty/pam_securetty.8.xml: New.
2298 * modules/pam_securetty/pam_securetty.8: Regenerated from xml file.
2299 * modules/pam_securetty/README.xml: New.
2300 * modules/pam_securetty/README: Regenerated from xml file.
2302 * modules/pam_rootok/Makefile.am: Include Make.xml.rules.
2303 * modules/pam_rootok/pam_rootok.8.xml: New.
2304 * modules/pam_rootok/pam_rootok.8: New, generated from xml file.
2305 * modules/pam_rootok/README.xml: New.
2306 * modules/pam_rootok/README: Regenerated from xml file.
2308 * modules/pam_permit/Makefile.am: Include Make.xml.rules.
2309 * modules/pam_permit/pam_permit.8.xml: New.
2310 * modules/pam_permit/pam_permit.8: New, generated from xml file.
2311 * modules/pam_permit/README.xml: New.
2312 * modules/pam_permit/README: Regenerated from xml file.
2314 * modules/pam_nologin/Makefile.am: Include Make.xml.rules.
2315 * modules/pam_nologin/pam_nologin.8.xml: New.
2316 * modules/pam_nologin/pam_nologin.8: Regenerated from xml file.
2317 * modules/pam_nologin/README.xml: New.
2318 * modules/pam_nologin/README: Regenerated from xml file.
2320 2006-06-03 Thorsten Kukuk <kukuk@thkukuk.de>
2322 * modules/pam_motd/Makefile.am: Include Make.xml.rules.
2323 * modules/pam_motd/pam_motd.8.xml: New.
2324 * modules/pam_motd/pam_motd.8: New, generated from xml file.
2325 * modules/pam_motd/README.xml: New.
2326 * modules/pam_motd/README: New, generated from xml file.
2328 2006-06-02 Thorsten Kukuk <kukuk@thkukuk.de>
2330 * modules/pam_mail/Makefile.am: Include Make.xml.rules.
2331 * modules/pam_mail/pam_mail.8.xml: New.
2332 * modules/pam_mail/pam_mail.8: New, generated from xml file.
2333 * modules/pam_mail/README.xml: New.
2334 * modules/pam_mail/README: Regenerated from xml file.
2336 * modules/pam_localuser/Makefile.am: Include Make.xml.rules.
2337 * modules/pam_localuser/pam_localuser.8.xml: New.
2338 * modules/pam_localuser/pam_localuser.8: New, generated from xml file.
2339 * modules/pam_localuser/README.xml: New.
2340 * modules/pam_localuser/README: Regenerated from xml file.
2342 * doc/man/PAM.8: Regenerate with DocBook XSL Stylesheets v1.70.1.
2343 * doc/man/pam.3: Likewise.
2344 * doc/man/pam.conf.5: Likewise.
2345 * doc/man/pam_acct_mgmt.3: Likewise.
2346 * doc/man/pam_authenticate.3: Likewise.
2347 * doc/man/pam_chauthtok.3: Likewise.
2348 * doc/man/pam_close_session.3: Likewise.
2349 * doc/man/pam_conv.3: Likewise.
2350 * doc/man/pam_end.3: Likewise.
2351 * doc/man/pam_error.3: Likewise.
2352 * doc/man/pam_fail_delay.3: Likewise.
2353 * doc/man/pam_get_data.3: Likewise.
2354 * doc/man/pam_get_item.3: Likewise.
2355 * doc/man/pam_get_user.3: Likewise.
2356 * doc/man/pam_getenv.3: Likewise.
2357 * doc/man/pam_getenvlist.3: Likewise.
2358 * doc/man/pam_info.3: Likewise.
2359 * doc/man/pam_open_session.3: Likewise.
2360 * doc/man/pam_prompt.3: Likewise.
2361 * doc/man/pam_putenv.3: Likewise.
2362 * doc/man/pam_set_data.3: Likewise.
2363 * doc/man/pam_set_item.3: Likewise.
2364 * doc/man/pam_setcred.3: Likewise.
2365 * doc/man/pam_sm_acct_mgmt.3: Likewise.
2366 * doc/man/pam_start.3: Likewise.
2367 * doc/man/pam_strerror.3: Likewise.
2368 * doc/man/pam_syslog.3: Likewise.
2369 * modules/pam_access/access.conf.5: Likewise.
2370 * modules/pam_access/pam_access.8: Likewise.
2371 * modules/pam_cracklib/pam_cracklib.8: Likewise.
2372 * modules/pam_deny/pam_deny.8: Likewise.
2373 * modules/pam_echo/pam_echo.8: Likewise.
2374 * modules/pam_env/pam_env.8: Likewise.
2375 * modules/pam_env/pam_env.conf.5: Likewise.
2376 * modules/pam_exec/pam_exec.8: Likewise.
2377 * modules/pam_filter/pam_filter.8: Likewise.
2378 * modules/pam_ftp/pam_ftp.8: Likewise.
2379 * modules/pam_group/group.conf.5: Likewise.
2380 * modules/pam_group/pam_group.8: Likewise.
2381 * modules/pam_issue/pam_issue.8: Likewise.
2382 * modules/pam_lastlog/pam_lastlog.8: Likewise.
2383 * modules/pam_mkhomedir/pam_mkhomedir.8: Likewise.
2384 * modules/pam_succeed_if/pam_succeed_if.8: Likewise.
2385 * modules/pam_umask/pam_umask.8: Likewise.
2387 * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Use
2388 dngettext if available [#1427738].
2389 * configure.in: Check for dngettext [#1427738].
2390 * po/*.po: Update to dngettext usage.
2392 * modules/pam_listfile/Makefile.am: Include Make.xml.rules.
2393 * modules/pam_listfile/pam_listfile.8.xml: New.
2394 * modules/pam_listfile/pam_listfile.8: New, generated from xml file.
2395 * modules/pam_listfile/README.xml: New.
2396 * modules/pam_listfile/README: Regenerated from xml file.
2398 2006-06-01 Thorsten Kukuk <kukuk@thkukuk.de>
2400 * modules/pam_lastlog/Makefile.am: Include Make.xml.rules.
2401 * modules/pam_lastlog/pam_lastlog.8.xml: New.
2402 * modules/pam_lastlog/pam_lastlog.8: New, generated from xml file.
2403 * modules/pam_lastlog/README.xml: New.
2404 * modules/pam_lastlog/README: Regenerated from xml file.
2406 * modules/pam_group/Makefile.am: Include Make.xml.rules.
2407 * modules/pam_group/group.conf.5.xml: New.
2408 * modules/pam_group/group.conf.5: New, generated from xml file.
2409 * modules/pam_group/pam_group.8.xml: New.
2410 * modules/pam_group/pam_group.8: New, generated from xml file.
2411 * modules/pam_group/README.xml: New.
2412 * modules/pam_group/README: Regenerated from xml file.
2414 * modules/pam_ftp/Makefile.am: Include Make.xml.rules.
2415 * modules/pam_ftp/pam_ftp.8.xml: New.
2416 * modules/pam_ftp/pam_ftp.8: New, generated from xml file.
2417 * modules/pam_ftp/README.xml: New.
2418 * modules/pam_ftp/README: Regenerated from xml file.
2420 * modules/pam_issue/Makefile.am: Include Make.xml.rules.
2421 * modules/pam_issue/pam_issue.8.xml: New.
2422 * modules/pam_issue/pam_issue.8: New, generated from xml file.
2423 * modules/pam_issue/README.xml: New.
2424 * modules/pam_issue/README: Regenerated from xml file.
2426 * modules/pam_filter/Makefile.am: Include Make.xml.rules.
2427 * modules/pam_filter/pam_filter.8.xml: New.
2428 * modules/pam_filter/pam_filter.8: New, generated from xml file.
2429 * modules/pam_filter/README.xml: New.
2430 * modules/pam_filter/README: Regenerated from xml file.
2432 2006-05-30 Thorsten Kukuk <kukuk@thkukuk.de>
2434 * modules/pam_mkhomedir/pam_mkhomedir.8.xml: Fix umask and skel
2435 directory documentation.
2437 * modules/pam_umask/Makefile.am: Include Make.xml.rules.
2438 * modules/pam_umask/pam_umask.8.xml: New.
2439 * modules/pam_umask/pam_umask.8: New, generated from xml file.
2440 * modules/pam_umask/README.xml: New.
2441 * modules/pam_umask/README: Regenerated from xml file.
2443 2006-05-29 Thorsten Kukuk <kukuk@thkukuk.de>
2445 * modules/pam_mkhomedir/Makefile.am: Include Make.xml.rules.
2446 * modules/pam_mkhomedir/pam_mkhomedir.8.xml: New.
2447 * modules/pam_mkhomedir/pam_mkhomedir.8: New, generated from xml file.
2448 * modules/pam_mkhomedir/README.xml: New.
2449 * modules/pam_mkhomedir/README: Regenerated from xml file.
2451 2006-05-23 Thorsten Kukuk <kukuk@thkukuk.de>
2453 * modules/pam_echo/pam_echo.c (pam_echo): Use pam_modutil_read()
2456 2006-05-22 Thorsten Kukuk <kukuk@thkukuk.de>
2458 * modules/pam_listfile/pam_listfile.c (pam_sm_authenticate):
2459 Fix memory leaks, [#1490956] found by Coverity.
2461 * modules/pam_tally/pam_tally.c (pam_get_uid): Check return
2462 value of pam_get_user().
2463 (tally_get_data): Check if oldtime is not NULL.
2464 [#1489818] found by Coverity.
2466 * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Don't
2467 ignore return value of stat(). [#1489808] found by Coverity.
2469 * modules/pam_mail/pam_mail.c (get_folder): Fix a potential
2470 NULL pointer dereference. [#1489792] found by Coverity.
2472 * libpam/Makefile.am: bump release number of libpam.so.
2473 * libpam/pam_misc.c (_pam_mkargv): Fix memory leak,
2474 [#1489804] found by Coverity.
2476 * modules/pam_echo/pam_echo.c (replace_and_print): Initialize
2477 str, [#1489658] found by Coverity.
2479 * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Fix
2480 a potential NULL pointer dereference.
2481 (pam_sm_chauthtok): Remove dead code.
2482 [#1489634] found by Coverity.
2484 2006-05-04 Thorsten Kukuk <kukuk@thkukuk.de>
2486 * configure.in: Check for fseeko.
2487 * modules/pam_tally/pam_tally.c: Use fseeko if available
2488 (Based on patch by IBM).
2490 2006-05-04 Thorsten Kukuk <kukuk@thkukuk.de>
2492 * release version 0.99.4.0
2494 * libpam/pam_strerror.c: Unify error messages.
2496 * po/zh_TW.po: Adjust for last pam_strerror changes.
2497 * po/zh_CN.po: Likewise.
2498 * po/uk.po: Likewise.
2499 * po/tr.po: Likewise.
2500 * po/pt.po: Likewise.
2501 * po/pt_BR.po: Likewise.
2502 * po/pl.po: Likewise.
2503 * po/ja.po: Likewise.
2504 * po/nl.po: Likewise.
2505 * po/nb.po: Likewise.
2506 * po/it.po: Likewise.
2507 * po/hu.po: Likewise.
2508 * po/fr.po: Likewise.
2509 * po/fi.po: Likewise.
2510 * po/es.po: Likewise.
2511 * po/de.po: Likewise.
2512 * po/cs.po: Likewise.
2514 * doc/man/pam.3.xml: New.
2515 * doc/man/pam.3. New, generated from XML file.
2517 * doc/man/pam_sm_acct_mgmt.3.xml: New.
2518 * doc/man/pam_sm_acct_mgmt.3: New, generated from XML file.
2520 * doc/man/*.xml: Fix encoding and use always UTF-8, regenerate
2523 * doc/pam_modules.sgml (PAM_NEW_AUTHTOKEN_REQD): Fix typo.
2525 2006-05-02 Thorsten Kukuk <kukuk@thkukuk.de>
2527 * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Use
2528 different strings for plural or not [#1427738]
2530 * po/*.po: Adjust for pam_unix.so translation fix.
2532 * modules/pam_tally/pam_tally.c: Always close file handle
2533 in error case, don't close it depending on *TALLY value [#1478180]
2535 2006-04-21 Thorsten Kukuk <kukuk@thkukuk.de>
2537 * po/fr.po: Updated.
2539 2006-04-11 Thorsten Kukuk <kukuk@thkukuk.de>
2541 * po/km.po: Updated.
2543 2006-03-27 Thorsten Kukuk <kukuk@thkukuk.de>
2545 * po/LINGUAS: Add uk.
2548 * po/cs.po: Updated.
2549 * po/po/es.po: Updated.
2550 * po/fi.po: Updated.
2551 * po/fr.po: Updated.
2552 * po/hu.po: Updated.
2553 * po/it.po: Updated.
2554 * po/ja.po: Updated.
2555 * po/nb.po: Updated.
2556 * po/pl.po: Updated.
2557 * po/pt.po: Updated.
2558 * po/pt_BR.po: Updated.
2559 * po/zh_CN.po: Updated.
2560 * po/zh_TW.po: Updated.
2562 2006-03-21 Thorsten Kukuk <kukuk@thkukuk.de>
2564 * configure.in: Remove ALL_LINGUAS.
2566 * po/tr.po: New (from Ismail Donmez <ismail@pardus.org.tr>).
2568 2006-03-13 Thorsten Kukuk <kukuk@thkukuk.de>
2570 * doc/man/pam_error.3.xml: New.
2571 * doc/man/pam_error.3: New, generated from XML file.
2572 * doc/man/pam_verror.3: New, generated from XML file.
2573 * doc/man/Makefile.am: Add pam_error.3 and pam_verror.3.
2575 * modules/pam_lastlog/Makefile.am: Fix typo.
2577 * modules/pam_lastlog/pam_lastlog.c: Move comment for
2578 translators in right line.
2579 * po/*.po: Update po files with comment for translator.
2581 2006-03-12 Thorsten Kukuk <kukuk@thkukuk.de>
2583 * doc/man/Makefile.am: Add new manual pages.
2585 * doc/man/pam.conf.5.xml: Replace link with content
2587 * doc/man/pam.conf.5: Regenerated from XML file.
2589 * doc/man/pam_info.3.xml: New.
2590 * doc/man/pam_info.3: New, generated from XML file.
2591 * doc/man/pam_vinfo.3: New, generated from XML file.
2593 * doc/man/pam_conv.3.xml: New.
2594 * doc/man/pam_conv.3: New, generated from XML file.
2596 * doc/man/pam_putenv.3.xml: New.
2597 * doc/man/pam_putenv.3: New, generated from XML file.
2599 * doc/man/pam_getenv.3.xml: New.
2600 * doc/man/pam_getenv.3: New, generated from XML file.
2602 * doc/man/pam_getenvlist.3.xml: New.
2603 * doc/man/pam_getenvlist.3: New, generated from XML file.
2605 * libpam/pam_item.c (pam_get_user): Check for valid pamh before
2608 * configure.in: create tests/Makefile
2609 * Makefile.am (SUBDIRS): Add tests
2610 * tests/Makefile.am: New.
2611 * tests/tst-dlopen.c: New.
2612 * tests/tst-pam_acct_mgmt.c: New.
2613 * tests/tst-pam_authenticate.c: New.
2614 * tests/tst-pam_chauthtok.c: New.
2615 * tests/tst-pam_close_session.c: New.
2616 * tests/tst-pam_end.c: New.
2617 * tests/tst-pam_fail_delay.c: New.
2618 * tests/tst-pam_getenvlist.c: New.
2619 * tests/tst-pam_get_item.c: New.
2620 * tests/tst-pam_open_session.c: New.
2621 * tests/tst-pam_setcred.c: New.
2622 * tests/tst-pam_set_item.c: New.
2623 * tests/tst-pam_start.c: New.
2624 * tests/tst-pam_get_user.c: New.
2626 * modules/pam_access/Makefile.am: Add rules for make check
2627 * modules/pam_access/tst-pam_access: New
2628 * modules/pam_cracklib/Makefile.am: Add rules for make check
2629 * modules/pam_cracklib/tst-pam_cracklib: New
2630 * modules/pam_debug/Makefile.am: Add rules for make check
2631 * modules/pam_debug/tst-pam_debug: New
2632 * modules/pam_deny/Makefile.am: Add rules for make check
2633 * modules/pam_deny/tst-pam_deny: New
2634 * modules/pam_echo/Makefile.am: Add rules for make check
2635 * modules/pam_echo/tst-pam_echo: New
2636 * modules/pam_env/Makefile.am: Add rules for make check
2637 * modules/pam_env/tst-pam_env: New
2638 * modules/pam_exec/Makefile.am: Add rules for make check
2639 * modules/pam_exec/tst-pam_exec: New
2640 * modules/pam_filter/Makefile.am: Add rules for make check
2641 * modules/pam_filter/tst-pam_filter: New
2642 * modules/pam_ftp/Makefile.am: Add rules for make check
2643 * modules/pam_ftp/tst-pam_ftp: New
2644 * modules/pam_group/Makefile.am: Add rules for make check
2645 * modules/pam_group/tst-pam_group: New
2646 * modules/pam_issue/Makefile.am: Add rules for make check
2647 * modules/pam_issue/tst-pam_issue: New
2648 * modules/pam_lastlog/Makefile.am: Add rules for make check
2649 * modules/pam_lastlog/tst-pam_lastlog: New
2650 * modules/pam_limits/Makefile.am: Add rules for make check
2651 * modules/pam_limits/tst-pam_limits: New
2652 * modules/pam_listfile/Makefile.am: Add rules for make check
2653 * modules/pam_listfile/tst-pam_listfile: New
2654 * modules/pam_localuser/Makefile.am: Add rules for make check
2655 * modules/pam_localuser/tst-pam_localuser: New
2656 * modules/pam_mail/Makefile.am: Add rules for make check
2657 * modules/pam_mail/tst-pam_mail: New
2658 * modules/pam_mkhomedir/Makefile.am: Add rules for make check
2659 * modules/pam_mkhomedir/tst-pam_mkhomedir: New
2660 * modules/pam_motd/Makefile.am: Add rules for make check
2661 * modules/pam_motd/tst-pam_motd: New
2662 * modules/pam_nologin/Makefile.am: Add rules for make check
2663 * modules/pam_nologin/tst-pam_nologin: New
2664 * modules/pam_permit/Makefile.am: Add rules for make check
2665 * modules/pam_permit/tst-pam_permit: New
2666 * modules/pam_rhosts/Makefile.am: Add rules for make check
2667 * modules/pam_rhosts/tst-pam_rhosts: New
2668 * modules/pam_rootok/Makefile.am: Add rules for make check
2669 * modules/pam_rootok/tst-pam_rootok: New
2670 * modules/pam_securetty/Makefile.am: Add rules for make check
2671 * modules/pam_securetty/tst-pam_securetty: New
2672 * modules/pam_selinux/Makefile.am: Add rules for make check
2673 * modules/pam_selinux/tst-pam_selinux: New
2674 * modules/pam_shells/Makefile.am: Add rules for make check
2675 * modules/pam_shells/tst-pam_shells: New
2676 * modules/pam_stress/Makefile.am: Add rules for make check
2677 * modules/pam_stress/tst-pam_stress: New
2678 * modules/pam_succeed_if/Makefile.am: Add rules for make check
2679 * modules/pam_succeed_if/tst-pam_succeed_if: New
2680 * modules/pam_tally/Makefile.am: Add rules for make check
2681 * modules/pam_tally/tst-pam_tally: New
2682 * modules/pam_time/Makefile.am: Add rules for make check
2683 * modules/pam_time/tst-pam_time: New
2684 * modules/pam_umask/Makefile.am: Add rules for make check
2685 * modules/pam_umask/tst-pam_umask: New
2686 * modules/pam_unix/Makefile.am: Add rules for make check
2687 * modules/pam_unix/tst-pam_unix: New
2688 * modules/pam_userdb/Makefile.am: Add rules for make check
2689 * modules/pam_userdb/tst-pam_userdb: New
2690 * modules/pam_warn/Makefile.am: Add rules for make check
2691 * modules/pam_warn/tst-pam_warn: New
2692 * modules/pam_wheel/Makefile.am: Add rules for make check
2693 * modules/pam_wheel/tst-pam_wheel: New
2694 * modules/pam_xauth/Makefile.am: Add rules for make check
2695 * modules/pam_xauth/tst-pam_xauth: New
2697 2006-03-11 Thorsten Kukuk <kukuk@thkukuk.de>
2699 * doc/man/pam_fail_delay.3.xml: New.
2700 * doc/man/pam_fail_delay.3: New, generated from xml.
2701 * doc/man/pam_prompt.3.xml: New.
2702 * doc/man/pam_prompt.3: New, generated from xml.
2703 * doc/man/pam_syslog.3.xml: New.
2704 * doc/man/pam_syslog.3: New, generated from xml.
2705 * doc/man/pam_vprompt.3: New, generated from xml.
2706 * doc/man/pam_vsyslog.3: New, generated from xml.
2708 2006-02-24 Thorsten Kukuk <kukuk@thkukuk.de>
2710 * po/km.po: Update Khmer translation.
2712 2006-02-24 Thorsten Kukuk <kukuk@thkukuk.de>
2714 * modules/pam_succeed_if/pam_succeed_if.8.xml: New, based on
2715 version from #1425487.
2716 * modules/pam_succeed_if/pam_succeed_if.8: Regenerated from xml.
2717 * modules/pam_succeed_if/Makefile.am: Include XML rules.
2718 * modules/pam_succeed_if/README.xml: New.
2719 * modules/pam_succeed_if/README: Regenerated from xml.
2720 * modules/pam_succeed_if/pam_succeed_if.c: Fix comment about
2723 2006-02-22 Thorsten Kukuk <kukuk@thkukuk.de>
2725 * configure.in: Fix check for incomplete libaudit installations
2726 (Patch from Ruediger Oertel <ro@suse.de>).
2728 * modules/pam_lastlog/pam_lastlog.c (last_login_write): Initialize
2729 correct last_login field [#1427401].
2731 * modules/pam_lastlog/pam_lastlog.c (last_login_read): Mark strftime
2732 format string for translation to allow reorder [#1428269].
2733 * po/*.po: Update with last pam_lastlog change.
2736 2006-02-17 Thorsten Kukuk <kukuk@thkukuk.de>
2738 * doc/man/Makefile.am: Add new manual pages.
2739 * doc/man/pam_end.3: Regenerated from xml file.
2740 * doc/man/pam_end.3.xml: Document freeing of item data.
2741 * doc/man/pam_get_user.3: New.
2742 * doc/man/pam_get_user.3.xml: New.
2743 * modules/pam_access/access.conf.5.xml: Fix typos.
2744 * modules/pam_env/Makefile.am: Add new manual pages.
2745 * modules/pam_env/README: Regenerate from xml file.
2746 * modules/pam_env/README.xml: New.
2747 * modules/pam_env/pam_env.8: New.
2748 * modules/pam_env/pam_env.8.xml: New.
2749 * modules/pam_env/pam_env.conf.5: New.
2750 * modules/pam_env/pam_env.conf.5.xml New.
2752 2006-02-14 Thorsten Kukuk <kukuk@thkukuk.de>
2754 * po/fi.po: Updated translations.
2755 * po/pl.po: Likewise.
2756 * po/km.po: New translation.
2757 * configure.in: Add km as new language.
2759 2006-02-13 Thorsten Kukuk <kukuk@thkukuk.de>
2761 * modules/pam_echo/pam_echo.8.xml: New.
2762 * modules/pam_echo/pam_echo.8: Regenerated from xml file.
2763 * modules/pam_echo/Makefile.am: Include Make.xml.rules.
2764 * modules/pam_echo/pam_echo.c: Fix return value.
2766 * doc/modules/pam_chroot.sgml: Remove obsolete sgml file.
2768 2006-02-12 Thorsten Kukuk <kukuk@thkukuk.de>
2770 * configure.in: Add doc/man/Makefile.
2771 * Make.xml.rules: Enable xincludes for manual pages.
2772 * doc/Makefile.am (EXRA_DIST): Remove manual pages.
2773 (SUBDIR): Add man subdirectory.
2774 * doc/man/Makefile.am: New.
2775 * doc/man/pam_acct_mgmt.3: New.
2776 * doc/man/pam_acct_mgmt.3.xml: New.
2777 * doc/man/pam_get_data.3: New.
2778 * doc/man/pam_get_data.3.xml: New.
2779 * doc/man/pam_set_data.3: New.
2780 * doc/man/pam_set_data.3.xml: New.
2781 * doc/man/pam.8.xml: New.
2782 * doc/man/pam.8: Regenerated from xml file.
2783 * doc/man/pam_authenticate.3.xml: New.
2784 * doc/man/pam_authenticate.3: Regenerated from xml file.
2785 * doc/man/pam_chauthtok.3.xml: New.
2786 * doc/man/pam_chauthtok.3: Regenerated from xml file.
2787 * doc/man/pam_close_session.3.xml: New.
2788 * doc/man/pam_close_session.3: Regenerated from xml file.
2789 * doc/man/pam_end.3.xml: New.
2790 * doc/man/pam_end.3: Regenerated from xml file.
2791 * doc/man/pam_fail_delay.3.xml: New.
2792 * doc/man/pam_fail_delay.3: Regenerated from xml file.
2793 * doc/man/pam_get_item.3.xml: New.
2794 * doc/man/pam_get_item.3: Regenerated from xml file.
2795 * doc/man/pam_item_types.inc.xml: New.
2796 * doc/man/pam_open_session.3.xml: New.
2797 * doc/man/pam_open_session.3: Regenerated from xml file.
2798 * doc/man/pam_set_item.3.xml: New.
2799 * doc/man/pam_set_item.3: Regenerated from xml file.
2800 * doc/man/pam_setcred.3.xml: New.
2801 * doc/man/pam_setcred.3: Regenerated from xml file.
2802 * doc/man/pam_start.3.xml: New.
2803 * doc/man/pam_start.3: Regenerated from xml file.
2804 * doc/man/pam_strerror.3.xml: New.
2805 * doc/man/pam_strerror.3: Regenerated from xml file.
2806 * doc/man/template-man: Removed.
2808 2006-02-10 Thorsten Kukuk <kukuk@thkukuk.de>
2810 * configure.in: Remove pam_pwdb support.
2811 * modules/Makefile.am: remove pam_pwdb.
2812 * modules/pam_pwdb: Remove complete directory.
2813 * libpam/Makefile.am: Remove LIBPWDB references.
2814 * libpam/pam_static_modules.h: Remove pam_pwdb references.
2815 * doc/modules/pam_pwdb.sgml: Removed.
2816 * po/POTFILES.in: Remove modules/pam_pwdb/*.c entries.
2817 * doc/pam_source.sgml: Remove references to libpwdb.
2818 * doc/modules/pam_limits.sgml: Remove wrong reference to libpwdb.
2819 * doc/modules/pam_group.sgml: Likewise.
2820 * doc/modules/pam_cracklib.sgml: Replace pam_pwdb with pam_unix.
2821 * doc/modules/pam_userdb.sgml: Likewise.
2822 * modules/pam_cracklib/pam_cracklib.8.xml: Replace pam_pwdb
2824 * modules/pam_mkhomedir/pam_mkhomedir.c: Likewise.
2825 * modules/pam_group/pam_group.c: Remove dead code for libpwdb.
2827 * modules/pam_access/Makefile.am: Fix EXTRA_DIST.
2828 * modules/pam_cracklib/Makefile.am: Likewise.
2829 * modules/pam_deny/Makefile.am: Likewise.
2830 * modules/pam_exec/Makefile.am: Likewise.
2832 2006-02-07 Thorsten Kukuk <kukuk@thkukuk.de>
2834 * configure.in: Check for text browser.
2835 * Make.xml.rules: Add rule to generate README from README.xml.
2837 * modules/pam_access/Makefile.am: Include Make.xml.rules.
2838 * modules/pam_access/README: Regenerated from README.xml.
2839 * modules/pam_access/README.xml: New.
2840 * modules/pam_access/access.conf: Extended by new examples.
2841 * modules/pam_access/access.conf.5: New, generated from xml file.
2842 * modules/pam_access/access.conf.5.xml: New.
2843 * modules/pam_access/pam_access.8: New, generated from xml file.
2844 * modules/pam_access/pam_access.8.xml: New.
2845 * modules/pam_access/pam_access.c: Add rules for IPv6 and
2847 Based on patch from Mike Becher <Mike.Becher@lrz-muenchen.de>.
2849 * modules/pam_deny/Makefile.am: Include Make.xml.rules.
2850 * modules/pam_deny/pam_deny.8.xml: New.
2851 * modules/pam_deny/pam_deny.8: New, generated from xml file.
2852 * modules/pam_deny/README.xml: New.
2853 * modules/pam_deny/README: Regenerated from xml file.
2855 * modules/pam_cracklib/Makefile.am: Include Make.xml.rules.
2856 * modules/pam_cracklib/pam_cracklib.8.xml: New.
2857 * modules/pam_cracklib/pam_cracklib.8: New, generated from xml file.
2858 * modules/pam_cracklib/README.xml: New.
2859 * modules/pam_cracklib/README: Regenerated from xml file.
2861 * modules/pam_exec/Makefile.am: Add rule to generate README.
2862 * modules/pam_exec/README: Regenerated from xml file.
2863 * modules/pam_exec/pam_exec.8: Regenerated from xml file.
2864 * modules/pam_exec/pam_exec.8.xml: Syntax files.
2866 2006-02-06 Thorsten Kukuk <kukuk@thkukuk.de>
2869 * po/pt.po: Update translations.
2870 * configure.in: Add nl as new language.
2872 2006-01-30 Thorsten Kukuk <kukuk@thkukuk.de>
2874 * modules/pam_exec/pam_exec.8.xml: Fix syntax of Return Value section.
2875 * modules/pam_exec/Makefile.am: Include Make.xml.rules.
2877 * Make.xml.rules: New.
2879 * Makefile.am (EXTRA_DIST): Add Make.xml.rules.
2881 2006-01-27 Thorsten Kukuk <kukuk@thkukuk.de>
2883 * configure.in: Prefer libdb over libndbm, fix check for
2884 libcrack and remove not needed BACKUP_LIBS.
2886 2006-01-24 Thorsten Kukuk <kukuk@thkukuk.de>
2888 * modules/pam_debug/pam_debug.c: Fix name of pam_module struct.
2890 * po/de.po: Fix one translation.
2892 * configure.in: Add modules/pam_exec.
2893 * modules/Makefile.am: Add pam_exec subdirectory.
2894 * modules/pam_exec/README: New.
2895 * modules/pam_exec/Makefile.am: New.
2896 * modules/pam_exec/pam_exec.8: New.
2897 * modules/pam_exec/pam_exec.c: New.
2898 * modules/pam_exec/pam_exec.8.xml: New.
2899 * po/POTFILES.in: Add modules/pam_exec/pam_exec.c.
2900 * po/*.po: Merge new pam_exec strings.
2902 * libpam/pam_static_modules.h: New.
2903 * Makefile.am: Reorder subdirectories for static modules.
2904 * configure.in: Add --enable-static-modules option.
2905 * libpam/Makefile.am: Define WITH_SELINUX and WITH_PWDB if
2906 necessary, add pam_static_modules.h, link against all PAM
2907 module object files if STATIC_MODULES is defined.
2908 * libpam/pam_static.c: Remove old _static_module* includes,
2909 include pam_static_modules.h.
2911 * configure.in: Add checks for xsltproc, xmllint and docbook
2913 * m4/jh_path_xml_catalog.m4: New.
2915 2006-01-22 Thorsten Kukuk <kukuk@thkukuk.de>
2917 * modules/pam_succeed_if/pam_succeed_if.c: Add support for
2919 * modules/pam_xauth/pam_xauth.c: Likewise.
2921 * libpam/pam_static.c (_pam_open_static_handler): Add pamh
2923 * libpam/pam_private.h: Adjust prototype.
2924 * libpam/pam_handlers.c (_pam_add_handler): Add pamh to
2925 _pam_open_static_handler call.
2927 * configure.in: Don't define PAM_DYNAMIC.
2928 * libpam/pam_handlers.c: Get ride of PAM_DYNAMIC, don't
2929 include pam_dynamic.h
2930 * libpam/pam_dynamic.c: Don't include pam_dynamic.h,
2931 exclude functions if we compile with PAM_STATIC.
2932 * libpam/pam_dynamic.h: Remove.
2933 * libpam/pam_private.h: Add function prototypes from pam_dynamic.h.
2934 * libpam/Makefile.am: Bump version number of libpam, remove
2937 2006-01-21 Thorsten Kukuk <kukuk@thkukuk.de>
2939 * modules/pam_listfile/pam_listfile.c: Add support for session
2940 and password management.
2942 2006-01-19 Thorsten Kukuk <kukuk@thkukuk.de>
2944 * doc/specs/Makefile.am (spec): Add padout to fix parallel
2945 build (Reported by Andreas Haumer <andreas@xss.co.at>).
2947 2006-01-15 Thorsten Kukuk <kukuk@thkukuk.de>
2949 * modules/pam_echo/pam_echo.c: Define HOST_NAME_MAX if not
2952 2006-01-13 Thorsten Kukuk <kukuk@thkukuk.de>
2954 * release version 0.99.3.0
2956 * libpam_misc/misc_conv.c (misc_conv): Fix strict aliasing
2959 * modules/pam_umask/pam_umask.c (search_key): Don't ignore
2960 EOF/error return value from fgets().
2962 * configure.in: Check for getline and getdelim
2964 * po/fi.po: Add new translations.
2965 * po/de.po: Likewise.
2966 * po/es.po: Likewise.
2967 * po/fr.po: Likewise.
2968 * po/it.po: Likewise.
2969 * po/ja.po: Likewise.
2970 * po/pt_BR.po: Likewise.
2971 * po/zh_CH.po: Likewise.
2972 * po/zh_TW.po: Likewise.
2974 2006-01-13 Dmitry V. Levin <ldv@altlinux.org>
2976 * libpam/pam_audit.c (_pam_auditlog): Replace strerror(errno)
2977 call with %m specifier.
2979 2006-01-12 Thorsten Kukuk <kukuk@thkukuk.de>
2981 * configure.in: Add check for -fpie/-pie
2982 * modules/pam_filter/upperLOWER/Makefile.am: Compile/link
2983 upperLOWER with -fpie/-pie if supported.
2984 * modules/pam_unix/Makefile.am: Compile/link unix_chkpwd
2985 with -fpie/-pie if supported.
2987 2006-01-12 Steve Grubb <sgrubb@redhat.com>
2989 * configure.in: Add check for audit library.
2990 * libpam/Makefile.am (libpam_la_LDFLAGS): Add LIBAUDIT.
2991 (libpam_la_SOURCES): Add pam_audit.c.
2992 * libpam/pam_account.c (pam_acct_mgmt): Add _pam_auditlog() call.
2993 * libpam/pam_auth.c (pam_authenticate), (pam_setcred): Likewise.
2994 * libpam/pam_password.c (pam_chauthtok): Likewise.
2995 * libpam/pam_session.c (pam_open_session),
2996 (pam_close_session): Likewise.
2997 * libpam/pam_private.h: Add audit_state member to pam_handle,
2998 declare _pam_auditlog and _pam_audit_end.
2999 * libpam/pam_start.c (pam_start): Initialize audit_state.
3000 * libpam/pam_audit.c: New file with _pam_auditlog and _pam_audit_end
3002 * libpam/pam_end.c (pam_end): Add _pam_audit_end() call.
3003 * NEWS: Note about added auditing.
3005 2006-01-11 Thorsten Kukuk <kukuk@thkukuk.de>
3007 * libpam/Makefile.am (AM_CFLAGS): Define LIBPAM_COMPILE.
3009 * libpam/include/security/_pam_types.h: Don't define PAM_NONNULL
3010 if we compile libpam itself.
3012 * po/hu.po: Update with new translations.
3014 2006-01-08 Thorsten Kukuk <kukuk@thkukuk.de>
3016 * modules/pam_cracklib/pam_cracklib.c: Use PAM_AUTHTOK_RECOVERY_ERR
3017 instead of PAM_AUTHTOK_RECOVER_ERR.
3018 * modules/pam_pwdb/support.-c: Likewise.
3019 * modules/pam_unix/support.c: Likewise.
3020 * modules/pam_userdb/pam_userdb.c (pam_sm_authenticate): Likewise.
3021 * libpam/pam_strerror.c (pam_strerror): Likewise.
3023 * libpam/include/security/_pam_compat.h: Define
3024 PAM_AUTHTOK_RECOVER_ERR for backward compatibility.
3026 * libpam/include/security/_pam_types.h: Rename
3027 PAM_AUTHTOK_RECOVER_ERR to PAM_AUTHTOK_RECOVERY_ERR.
3029 2006-01-05 Thorsten Kukuk <kukuk@thkukuk.de>
3031 * libpam/include/security/_pam_types.h: Remove nonnull attribute
3032 from third paramter (item) of pam_get_item.
3033 * libpam/Makefile.am: Bump version number of shared library.
3035 2005-12-21 Tomas Mraz <t8m@centrum.cz>
3037 * modules/pam_succeed_if/pam_succeed_if.c (evaluate_ingroup),
3038 (evaluate_notingroup): Simplified.
3039 (evaluate_innetgr), (evaluate_notinnetgr): New functions.
3040 (evaluate): Added calls to evaluate_(not)innetgr().
3041 * modules/pam_succeed_if/README: Documented netgroup matching.
3042 * NEWS: Mentioned the added netgroup matching support.
3044 2005-12-20 Thorsten Kukuk <kukuk@thkukuk.de>
3046 * modules/pam_lastlog/pam_lastlog.c (last_login_read): Use
3047 strftime instead of ctime.
3049 * po/de.po: Fix typo.
3051 2005-12-19 Thorsten Kukuk <kukuk@thkukuk.de>
3053 * libpam/pam_syslog.c: Define LOG_AUTHPRIV as LOG_AUTH on Solaris.
3054 Reported by Charles_H_Bedford@nbc.gov.
3056 * modules/pam_time/pam_time.c (check_account): Implement
3057 support for netgroups.
3059 * modules/pam_time/time.conf: Document usage of netgroups.
3061 2005-12-16 Thorsten Kukuk <kukuk@thkukuk.de>
3063 * modules/pam_group/pam_group.c (check_account): Implement
3064 support for netgroups.
3066 * modules/pam_group/group.conf: Add all documentation to this
3067 example config file and don't reference to outdated configs.
3069 * modules/pam_group/README: New.
3071 * modules/pam_group/Makefile.am: Add README to EXTRADIST.
3073 2005-12-15 Thorsten Kukuk <kukuk@suse.de>
3075 * modules/pam_lastlog/pam_lastlog.c (last_login_read): Don't report an
3076 error if user logins the first time.
3078 * modules/pam_lastlog/README: New.
3080 * modules/pam_lastlog/Makefile.am: Add README to EXTRADIST.
3082 2005-12-14 Thorsten Kukuk <kukuk@suse.de>
3084 * modules/pam_deny/pam_deny.c: Fix comment.
3086 * doc/pam_appl.sgml: Fix typo.
3088 Reported by Russell Bateman <russ@windofkeltia.com>
3090 2005-12-12 Thorsten Kukuk <kukuk@thkukuk.de>
3092 * release version 0.99.2.1
3094 * po/de.po: Remove new fuzzy entry
3096 * NEWS: Add 0.99.2.1 changes
3098 * configure.in: bump version number to 0.99.2.1
3100 2005-12-12 Dmitry V. Levin <ldv@altlinux.org>
3102 Cleanup pam_syslog messages.
3104 * modules/pam_env/pam_env.c (_expand_arg): Fix compiler warning.
3105 * modules/pam_filter/pam_filter.c (set_filter): Append %m
3106 specifier to pam_syslog messages where appropriate.
3107 * modules/pam_group/pam_group.c (read_field): Likewise.
3108 * modules/pam_mkhomedir/pam_mkhomedir.c (make_remark): Remove.
3109 (create_homedir): Do not use make_remark() wrapper, call
3110 pam_info() directly. Call pam_syslog() right after failed
3111 operation and append %m specifier to pam_syslog messages where
3113 * modules/pam_rhosts/pam_rhosts_auth.c (pam_iruserok): Replace
3114 sequence of malloc(), strcpy() and strcat() calls with asprintf().
3115 Append %m specifier to pam_syslog messages where appropriate.
3116 * modules/pam_securetty/pam_securetty.c (securetty_perform_check):
3117 Append %m specifier to pam_syslog messages where appropriate.
3118 * modules/pam_shells/pam_shells.c (perform_check): Likewise.
3120 2005-12-12 Tomas Mraz <t8m@centrum.cz>
3122 * modules/pam_mail/pam_mail.c (report_mail): Fixed typo in string.
3123 * po/Linux-PAM.pot: Likewise.
3124 * po/de.po: Likewise.
3125 * po/es.po: Likewise.
3126 * po/fi.po: Likewise.
3127 * po/fr.po: Likewise.
3128 * po/hu.po: Likewise.
3129 * po/it.po: Likewise.
3130 * po/ja.po: Likewise.
3131 * po/nb.po: Likewise.
3132 * po/pa.po: Likewise.
3133 * po/pl.po: Likewise.
3134 * po/pt.po: Likewise.
3135 * po/pt_BR.po: Likewise.
3136 * po/zh_CN.po: Likewise.
3137 * po/zh_TW.po: Likewise.
3138 * po/de.po: Add new translation, fixed typo in string.
3140 2005-12-12 Mike Becher <Mike.Becher@lrz-muenchen.de>
3142 * doc/Makefile.am: Fixed install of PS, PDF, TXT and HTML files.
3144 2005-12-12 Thorsten Kukuk <kukuk@suse.de>
3146 * modules/pam_mail/README: Document "quiet" and "standard"
3149 2005-12-07 Thorsten Kukuk <kukuk@suse.de>
3151 * modules/pam_mail/pam_mail.c: Modify assembling of output
3152 for easier translation.
3154 * po/de.po: Translate new pam_mail messages.
3157 2005-11-24 Thorsten Kukuk <kukuk@thkukuk.de>
3159 * po/de.po: Add new translation, fix wrong format specifier.
3160 * po/cs.po: Fix wrong format specifier.
3161 * po/es.po: Likewise.
3162 * po/fi.po: Likewise.
3163 * po/fr.po: Likewise.
3164 * po/hu.po: Likewise.
3165 * po/it.po: Likewise.
3166 * po/ja.po: Likewise.
3167 * po/nb.po: Likewise.
3168 * po/pa.po: Likewise.
3169 * po/pl.po: Likewise.
3170 * po/pt.po: Likewise.
3171 * po/pt_BR.po: Likewise.
3172 * po/zh_CN.po: Likewise.
3173 * po/zh_TW.po: Likewise.
3175 2005-11-24 Dmitry V. Levin <ldv@altlinux.org>
3177 * config.h.in: Remove generated file.
3178 * .cvsignore: Add config.h.in.
3180 * configure.in: Do not check for strerror.
3181 * libpam_misc/misc_conv.c (read_string): Replace strerror()
3182 call with %m specifier.
3183 * libpamc/pamc_converse.c (pamc_converse): Likewise.
3184 * modules/pam_echo/pam_echo.c (pam_echo): Likewise.
3185 * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate):
3187 * modules/pam_selinux/pam_selinux.c (security_label_tty):
3189 (security_restorelabel_tty, security_label_tty): Append %m
3190 specifier where appropriate.
3191 * modules/pam_selinux/pam_selinux_check.c (main): Replace
3192 strerror() call with %m specifier.
3193 * modules/pam_unix/pam_unix_passwd.c (save_old_password,
3194 _update_passwd, _update_shadow): Likewise.
3195 * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
3196 * modules/pam_unix/unix_chkpwd.c (_update_shadow): Likewise.
3197 * po/Linux-PAM.pot: Update strings from pam_selinux.
3198 * po/cs.po: Likewise.
3199 * po/de.po: Likewise.
3200 * po/es.po: Likewise.
3201 * po/fi.po: Likewise.
3202 * po/fr.po: Likewise.
3203 * po/hu.po: Likewise.
3204 * po/it.po: Likewise.
3205 * po/ja.po: Likewise.
3206 * po/nb.po: Likewise.
3207 * po/pa.po: Likewise.
3208 * po/pl.po: Likewise.
3209 * po/pt.po: Likewise.
3210 * po/pt_BR.po: Likewise.
3211 * po/zh_CN.po: Likewise.
3212 * po/zh_TW.po: Likewise.
3214 2005-11-23 Thorsten Kukuk <kukuk@suse.de>
3216 * modules/pam_xauth/pam_xauth.c (pam_sm_open_session): Introduce
3217 new variable to fix compiler warning.
3219 * libpam/pam_modutil_getlogin.c (pam_modutil_getlogin): PAM_TTY
3220 don't need to start with /dev/.
3222 2005-11-21 Thorsten Kukuk <kukuk@thkukuk.de>
3224 * release version 0.99.2.0
3226 * libpam_misc/Makefile.am: Increase release number (for change
3229 * NEWS: Adjust for 0.99.2.0
3231 2005-11-17 Thorsten Kukuk <kukuk@thkukuk.de>
3233 * libpam/include/security/_pam_compat.h: Fix wrong #ifdef nesting.
3234 Redefine PAM_CHANGE_EXPIRED_AUTHTOK [#604380]
3236 2005-11-16 Thorsten Kukuk <kukuk@thkukuk.de>
3238 * libpam/pam_handlers.c: Replace code for all dlopen variants with
3240 * libpam/pam_dynamic.c: Implement generic wrapper for dlopen.
3241 * libpam/pam_dynamic.h: Provide prototypes.
3242 For Mac OS X support [#534205]
3244 2005-11-09 Tomas Mraz <t8m@centrum.cz>
3246 * modules/pam_access/pam_access.c (pam_sm_acct_mgmt): Parse correctly
3248 * modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Parse correctly
3249 full path tty name. Allow unset tty.
3250 (logic_member): Allow matching ':' in tty name.
3251 * modules/pam_group/pam_group.c (pam_sm_acct_mgmt): Parse correctly
3252 full path tty name. Allow unset tty.
3253 (logic_member): Allow matching ':' in tty name.
3255 * libpam_misc/misc_conv.c (read_string): Read only up to EOL if stdin
3258 2005-11-07 Thorsten Kukuk <kukuk@thkukuk.de>
3260 * modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Use
3261 correct variable names.
3263 2005-11-06 Steve Langasek <vorlon@debian.org>
3265 * modules/pam_env/pam_env.c: don't treat a missing
3266 /etc/environment as a fatal error when attempting to read it,
3267 and try to read this file by default; this restores the behavior
3268 from Linux-PAM 0.76.
3270 2005-11-02 Tomas Mraz <t8m@centrum.cz>
3272 * modules/pam_unix/support.c (_unix_getpwnam): Fix typo [#1224807]
3275 * modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Change the
3276 logic when comparing dates to handle corner cases better [#1245888].
3278 2005-10-31 Thorsten Kukuk <kukuk@suse.de>
3280 * modules/pam_filter/pam_filter.c: Use XCASE only if defined
3283 2005-10-27 Thorsten Kukuk <kukuk@suse.de>
3285 * doc/man/pam.8: Fix wording for authentication chapter [#1197444]
3287 2005-10-26 Tomas Mraz <t8m@centrum.cz>
3289 * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary),
3290 modules/pam_unix/pam_unix_passwd.c (_unix_run_shadow_binary),
3291 modules/pam_unix/support.c (_unix_run_shadow_binary_): Set real
3292 uid to 0 before executing the helper if SELinux is enabled.
3293 * modules/pam_unix/unix_chkpwd.c (main): Disable user check only
3294 if real uid is 0 (CVE-2005-2977). Log failed password check attempt.
3297 2005-10-20 Tomas Mraz <t8m@centrum.cz>
3299 * configure.in: Added check for xauth binary and --with-xauth option.
3300 * config.h.in: Added configurable PAM_PATH_XAUTH.
3301 * modules/pam_xauth/README,
3302 modules/pam_xauth/pam_xauth.8: Document where xauth is looked for.
3303 * modules/pam_xauth/pam_xauth.c (pam_sm_open_session): Implement
3304 searching xauth binary on multiple places.
3305 (run_coprocess): Don't use execvp as it can be a security risk.
3307 2005-10-04 Steve Langasek <vorlon@debian.org>
3309 * libpam/include/security/pam_malloc.h,
3310 libpam/include/security/pam_modules.h: Declare public header
3311 files extern "C" so that they are C++-safe.
3313 2005-10-02 Dmitry V. Levin <ldv@altlinux.org>
3314 Steve Langasek <vorlon@debian.org>
3316 Cleanup gratuitous use of strdup().
3317 Fix "missing argument" checks.
3319 * modules/pam_env/pam_env.c (_pam_parse): Add const qualifier
3320 to conffile and envfile arguments. Do not use x_strdup() for
3321 conffile and envfile initialization. Fix "missing argument"
3323 (_parse_config_file): Take conffile argument of type "const char *"
3324 instead of "char **". Do not free conffile.
3325 (_parse_env_file): Take env_file argument of type "const char *"
3326 instead of "char **". Do not free env_file.
3327 (pam_sm_setcred): Add const qualifier to conf_file and env_file.
3328 Pass conf_file and env_file to _parse_config_file() and
3329 _parse_env_file() by value.
3330 (pam_sm_open_session): Likewise.
3332 * modules/pam_ftp/pam_ftp.c (_pam_parse): Add const qualifier to
3333 users argument. Do not use x_strdup() for users initialization.
3334 (lookup): Add const qualifier to list argument.
3335 (pam_sm_authenticate): Add const qualifier to users argument.
3337 * modules/pam_mail/pam_mail.c (_pam_parse): Add const qualifier
3338 to maildir argument. Do not use x_strdup() for maildir
3339 initialization. Fix "missing argument" check.
3340 (get_folder): Take path_mail argument of type "const char *"
3341 instead of "char **". Do not free path_mail.
3342 (_do_mail): Add const qualifier to path_mail argument.
3343 Pass path_mail to get_folder() by value.
3345 * modules/pam_motd/pam_motd.c: Include <syslog.h>.
3346 (pam_sm_open_session): Add const qualifier to motd_path.
3347 Do not use x_strdup() for motd_path initialization. Do not
3348 free motd_path. Fix "missing argument" check. Add "unknown
3351 * modules/pam_userdb/pam_userdb.c (_pam_parse): Add const
3352 qualifier to database and cryptmode arguments. Fix "missing
3354 (pam_sm_authenticate): Add const qualifier to database and cryptmode.
3355 (pam_sm_acct_mgmt): Likewise.
3357 2005-10-01 Steve Langasek <vorlon@debian.org>
3359 * modules/pam_userdb/pam_userdb.c: spelling fix in log message.
3361 2005-09-30 Steve Langasek <vorlon@debian.org>
3363 * modules/pam_userdb/pam_userdb.c: Fix memory leak due to
3364 gratuitous use of strdup().
3366 2005-09-27 Thorsten Kukuk <kukuk@thkukuk.de>
3370 * doc/specs/Makefile.am (install-data-local): Install
3372 (all): Copy rfc if we build outside of source directory.
3374 2005-09-27 Thorsten Kukuk <kukuk@suse.de>
3376 * NEWS: Document removal of pam_radius.
3377 * autogen.sh: Make configure script executeable.
3379 * conv/pam_conv1/Makefile (EXTRA_DIST): Removed lex.yy.c
3380 (lex.yy.c): Fixed out of tree build.
3382 * conv/pam_conv1/pam_conv.y: Fix main prototype.
3386 * po/POTFILES.in: Remove files not distributed by tar archive
3387 and not containing strings for translation.
3389 2005-09-26 Tomas Mraz <t8m@centrum.cz>
3391 * NEWS: Add a few missing entries from CHANGELOG.
3393 * AUTHORS: Fixed entries for Toady and me.
3395 * Makefile.am (M4_FILES): Fixed out of tree build.
3396 * doc/specs/Makefile.am (EXTRA_DIST): Removed lex.yy.c
3397 (spec, lex.yy.c): Fixed out of tree build.
3399 * modules/pam_userdb/README: Document try_first_pass and
3400 use_first_pass options, remove use_authtok option.
3403 2005-09-26 Dmitry V. Levin <ldv@altlinux.org>
3405 * NEWS: Mention changes in pam_lastlog.
3407 2005-09-26 Thorsten Kukuk <kukuk@suse.de>
3410 * autogen.sh: Don't generate NEWS file.
3411 * CHANGELOG: Document it as obsolete.
3413 2005-09-26 Tomas Mraz <t8m@centrum.cz>
3415 * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary):
3416 _log_err() -> pam_syslog()
3417 (pam_sm_acct_mgmt): _log_err() -> pam_syslog(), fix warning.
3418 * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate):
3419 _log_err() -> pam_syslog()
3420 * modules/pam_unix/pam_unix_passwd.c: removed obsolete ifdef
3421 (getNISserver, _unix_run_shadow_binary, _update_passwd,
3422 _update_shadow, _do_setpass, _pam_unix_approve_pass,
3423 pam_sm_chauthtok): _log_err() -> pam_syslog()
3424 * modules/pam_unix/pam_unix_sess.c: removed obsolete ifdef
3425 (pam_sm_open_session, pam_sm_close_session):
3426 _log_err() -> pam_syslog()
3427 * modules/pam_unix/support.c (_log_err, converse): removed
3428 (_make_remark): use pam_prompt() instead of converse()
3429 (_set_ctrl, _cleanup_failures, _unix_run_helper_binary,
3430 _unix_verify_password, _unix_read_password):
3431 _log_err() -> pam_syslog()
3432 _cleanup(), _unix_cleanup(): Silence unused param warnings.
3433 (_cleanup_failures, _unix_verify_password, _unix_getpwnam,
3434 _unix_run_helper_binary): Silence incorrect type warnings.
3435 (_unix_read_password): Use multiple pam_prompt() and pam_info() calls
3436 instead of converse().
3437 * modules/pam_unix/support.h (_log_err): removed
3438 * modules/pam_unix/unix_chkpwd.c (_log_err): LOG_AUTH -> LOG_AUTHPRIV
3440 2005-09-26 Thorsten Kukuk <kukuk@suse.de>
3442 * configure.in: Add doc/specs/Makefile.
3443 * Makefile.am: Add releasedocs rule.
3444 * doc/Makefile.am: Add specs subdir, remove files from specs
3445 directory, add rfc86.0.txt to releasedocs.
3446 * doc/specs/Makefile.am: New file.
3447 * doc/specs/formatter/parse.y: move from here ...
3448 * doc/specs/parse.y: ... here.
3449 * doc/specs/formatter/parse.lex: move from here ...
3450 * doc/specs/parse.lex: ... here.
3452 * modules/pam_mail/pam_mail.c: Mark missing strings for translation
3453 * po/Linux-PAM.pot: Add new strings from pam_mail
3454 * po/cs.po: Likewise.
3455 * po/de.po: Likewise.
3456 * po/es.po: Likewise.
3457 * po/fi.po: Likewise.
3458 * po/fr.po: Likewise.
3459 * po/hu.po: Likewise.
3460 * po/it.po: Likewise.
3461 * po/ja.po: Likewise.
3462 * po/nb.po: Likewise.
3463 * po/pa.po: Likewise.
3464 * po/pl.po: Likewise.
3465 * po/pt.po: Likewise.
3466 * po/pt_BR.po: Likewise.
3467 * po/zh_CN.po: Likewise.
3468 * po/zh_TW.po: Likewise.
3470 2005-09-23 Tomas Mraz <t8m@centrum.cz>
3472 * modules/pam_access/pam_access.c (from_match): Support NULL from.
3473 (string_match): Support NULL string, add NONE keyword matching it.
3474 (pam_sm_acct_mgmt): Don't fail when ttyname returns NULL.
3475 * modules/pam_access/access.conf: NONE keyword description
3476 * modules/pam_access/README: NONE keyword description
3478 2005-09-22 Dmitry V. Levin <ldv@altlinux.org>
3480 * modules/pam_xauth/pam_xauth.c: (check_acl, pam_sm_open_session,
3481 pam_sm_close_session): Strip redundant "pam_xauth: " prefix from
3482 text of log messages.
3483 (pam_sm_open_session): Replace sequence of malloc(), strcpy()
3484 and strcat() calls with asprintf(). Replace syslog() calls
3487 * modules/pam_nologin/pam_nologin.c (parse_args): Use strncmp()
3488 instead of memcmp() for string comparison.
3490 2005-09-21 Dmitry V. Levin <ldv@altlinux.org>
3492 * modules/pam_nologin/pam_nologin.c: Include <syslog.h>.
3493 (parse_args): Add pam_handle_t* argument. Log unrecognized
3495 (perform_check): Log pam_get_user() and malloc() failures.
3496 (pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt):
3497 Pass pam_handle_t* to parse_args().
3499 * modules/pam_mail/pam_mail.c: Include <errno.h>.
3500 Remove YOUR_MAIL_VERBOSE_FORMAT, YOUR_MAIL_STANDARD_FORMAT and
3501 NO_MAIL_STANDARD_FORMAT macros.
3502 (parse_args, get_folder): Cleanup error messages.
3503 (get_folder): Fix leak of the path_mail variable in case of
3504 pam_get_user() failure. Cleanup memory management.
3505 (get_mail_status): Add pam_handle_t* argument. Fix leaks of
3506 namelist variable. Cleanup memory management. Log memory
3507 allocation failures. Remove 250-byte limit on Maildir pathname.
3508 (report_mail): Mark text messages for translation.
3509 (_do_mail): Cleanup memory management. Pass pam_handle_t*
3510 to get_mail_status().
3512 * po/Linux-PAM.pot: Update with new strings from pam_mail for
3514 * po/cs.po: Likewise.
3515 * po/de.po: Likewise.
3516 * po/es.po: Likewise.
3517 * po/fi.po: Likewise.
3518 * po/fr.po: Likewise.
3519 * po/hu.po: Likewise.
3520 * po/it.po: Likewise.
3521 * po/ja.po: Likewise.
3522 * po/nb.po: Likewise.
3523 * po/pa.po: Likewise.
3524 * po/pl.po: Likewise.
3525 * po/pt.po: Likewise.
3526 * po/pt_BR.po: Likewise.
3527 * po/zh_CN.po: Likewise.
3528 * po/zh_TW.po: Likewise.
3530 2005-09-20 Thorsten Kukuk <kukuk@suse.de>
3532 * configure.in: Add finish translation.
3535 * acinclude.m4: remove libprelude macros.
3536 * m4/libprelude.m4: New.
3538 * Makefile.am (EXTRA_DIST): make sure we include all m4 macros.
3540 * libpamc/Makefile.am (EXTRA_DIST): Add License.
3542 See CHANGELOG for earlier changes.