1 2008-07-28 Steve Langasek <vorlon@debian.org>
3 * libpamc/test/regress/test.libpamc.c: use standard u_int8_t
4 type instead of __u8, as elsewhere.
5 Patch from Roger Leigh <rleigh@debian.org>.
7 2008-07-27 Steve Langasek <vorlon@debian.org>
9 * modules/pam_*/pam_*.8.xml: fix up the references to pam.d,
10 which is in manpage section 5, not 8.
11 * modules/pam_env/environment, modules/pam_env/pam_env.8.xml:
12 spelling fix, seperate -> separate
14 2008-07-26 Steve Langasek <vorlon@debian.org>
16 * modules/pam_env/pam_env.c: Fix module to skip over
17 non-alphanumeric variable names, and to handle the case when
18 asked to delete a non-existent variable.
20 2008-07-13 Tomas Mraz <t8m@centrum.cz>
22 * modules/pam_mail/pam_mail.8.xml: Module supports session and
23 not account service (#1980773).
25 2008-07-11 Tomas Mraz <t8m@centrum.cz>
27 * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Do
28 not close the pipe descriptor in borderline case (#2009766).
29 * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary):
31 * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
32 * modules/pam_unix/support.h: Define upper limit of fds we will
35 * modules/pam_selinux/pam_selinux.c (config_context): Do not
36 ask for the level if use_current_range is set.
37 (context_from_env): New function to obtain the context from
38 PAM environment variables.
39 (pam_sm_open_session): Call context_from_env() if env_params option
40 is present. use_current_range now modifies behavior of the
41 context_from_env and config_context options.
42 * modules/pam_selinux/pam_selinux.8.xml: Describe the env_params
43 option. Adjust description of use_current_range option.
45 2008-07-09 Thorsten Kukuk <kukuk@thkukuk.de>
47 * modules/pam_exec/pam_exec.c (call_exec): Move all variable
48 declaration to begin of a block (#1976310).
50 * xtests/tst-pam_group1.c (run_test): Move no_grps declaration
51 to begin of function (#1976310).
53 * modules/pam_securetty/pam_securetty.8.xml: Replace
54 PAM_IGNORE with PAM_USER_UNKNOWN (#1994330).
56 * modules/pam_tally/pam_tally.c: Add support for silent and
58 * modules/pam_tally/pam_tally.8.xml: Document silent and
61 2008-07-08 Thorsten Kukuk <kukuk@thkukuk.de>
63 * modules/pam_unix/passverify.c (verify_pwd_hash): Adjust debug
66 2008-06-22 Thorsten Kukuk <kukuk@thkukuk.de>
68 * modules/pam_unix/unix_chkpwd.c (main): Fix compiling without
71 * modules/pam_cracklib/pam_cracklib.8.xml: Fix typo in ucredit
72 description (reported by Wayne Pollock <pollock@acm.org>)
74 2008-06-19 Tomas Mraz <t8m@centrum.cz>
76 * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate):
77 Detect configuration errors. Fail on incomplete condition.
79 2008-05-20 Tomas Mraz <t8m@centrum.cz>
81 * configure.in: Work correctly with autoconf-2.62.
83 2008-05-19 Tomas Mraz <t8m@centrum.cz>
85 * doc/man/pam_getenv.3.xml: Correct the pam_getenv documentation.
87 * doc/man/pam_prompt.3.xml: Add missing description.
89 2008-05-14 Kjartan Maraas <kmaraas@gnome.org>
91 * po/nb.po: Updated translation.
93 2008-05-14 Sulyok Péter <peti@sulyok.hu>
95 * po/hu.po: Updated translation.
97 2008-05-14 Tomas Mraz <t8m@centrum.cz>
99 * libpam/pam_modutil_getgrgid.c: Replace hardcoded constant with
100 define PWD_LENGTH_SHIFT.
101 * libpam/pam_modutil_getgrnam.c: Likewise.
102 * libpam/pam_modutil_getpwnam.c: Likewise.
103 * libpam/pam_modutil_getpwuid.c: Likewise.
104 * libpam/pam_modutil_getspnam.c: Likewise.
105 * libpam/pam_modutil_private.h: Adjust values for PWD_ constants.
107 * modules/pam_unix/pam_unix_passwd.c(pam_sm_chauthtok): Unset authtok
108 item when password is not approved.
109 * modules/pam_unix/support.c(_unix_read_password): UNIX_USE_FIRST_PASS
110 is always set when UNIX_AUTHTOK is set, change order of conditions.
112 2008-05-02 Tomas Mraz <t8m@centrum.cz>
114 * modules/pam_selinux/pam_selinux.c(query_response): Add handling
116 (manual_context): Handle failed query_response() properly. Rename
117 variable responses to response which is more correct name.
118 (config_context): Likewise.
119 (pam_sm_open_session): Do not base decision on whether there is a tty.
121 2008-04-22 Tomas Mraz <t8m@centrum.cz>
123 * modules/pam_selinux/pam_selinux.c(pam_sm_close_sesion): Fix
124 regression from the change from 2008-03-20. setexeccon() must be
125 called also with NULL prev_context.
127 2008-04-21 Thorsten Kukuk <kukuk@thkukuk.de>
129 * modules/pam_access/access.conf.5.xml: Document changed behavior
131 * modules/pam_access/pam_access.c: Add from_remote_host to
132 struct login_info to change behavior of LOCAL keyword: if
133 PAM_RHOST is not set, LOCAL will be true.
135 2008-04-18 Tomas Mraz <t8m@centrum.cz>
137 * modules/pam_namespace/pam_namespace.c: New functions
138 unprotect_dirs(), cleanup_protect_data(), protect_mount(),
139 protect_dir() to protect directory by bind mount.
140 (cleanup_data): Renamed to cleanup_polydir_data().
141 (parse_create_params): Allow missing specification of mode
143 (check_inst_parent): Call protect_dir() on the instance parent
144 directory. The directory is created when it doesn't exist.
145 (create_polydir): Protect and make the polydir by protect_dir(),
146 remove potential races.
147 (create_dirs): Renamed to create_instance(), remove call to
149 (ns_setup): Call protect_dir() on the polydir if it already exists.
150 Call inst_init() after the polydir is mounted.
151 (setup_namespace): Set the namespace protect data to be cleaned up
152 on pam_close_session()/pam_end().
153 (pam_sm_open_session): Initialize the protect_dirs.
154 (pam_sm_close_session): Cleanup namespace protect data.
155 * modules/pam_namespace/pam_namespace.h: Define struct for the
156 stack of protected dirs.
157 * modules/pam_namespace/pam_namespace.8.xml: Document when the
158 instance init script is called.
159 * modules/pam_namespace/namespace.conf.5.xml: Likewise.
161 2008-04-17 Tomas Mraz <t8m@centrum.cz>
163 * modules/pam_access/pam_access.c(myhostname): Removed function.
164 (user_match): Supply hostname of the machine to the netgroup_match().
165 Use hostname from the loginfo instead of calling myhostname().
166 (pam_sm_authenticate): Call gethostname() to fill hostname in the
169 * modules/pam_sepermit/pam_sepermit.c(sepermit_match): Do not try
170 to lock if euid != 0.
172 2008-04-16 Tomas Mraz <t8m@centrum.cz>
174 * modules/pam_unix/Makefile.am: Link unix_chkpwd with libaudit.
175 * modules/pam_unix/unix_chkpwd.c(_audit_log): New function for audit.
176 (main): Call _audit_log() when appropriate.
178 * modules/pam_cracklib/pam_cracklib.c(_pam_parse): Recognize also
179 try_first_pass and use_first_pass options.
180 (pam_sm_chauthtok): Implement the new options.
182 2008-04-08 Tomas Mraz <t8m@centrum.cz>
184 * modules/pam_xauth/pam_xauth.c(run_coprocess): Avoid multiple
185 calls to sysconf() (based on patch by Sami Farin).
187 * libpam/pam_item.c (TRY_SET): Do not set when destination
188 is identical to source.
189 (pam_set_item): Do not overwrite destination when it
190 is identical to source.
192 2008-04-07 Miloš Komarčević <kmilos@gmail.com>
194 * po/sr.po: New file with translation.
195 * po/sr@latin.po: Likewise.
196 * po/LINGUAS: Add sr and sr@latin.
198 2008-04-03 Thorsten Kukuk <kukuk@thkukuk.de>
200 * release version 1.0.0
202 * configure.in: Set version number to 1.0.0.
203 * libpam/Makefile.am: Bump patchlevel of libpam.
204 * doc/adg/Linux-PAM_ADG.xml: Update version/date.
205 * doc/mwg/Linux-PAM_MWG.xml: Likewise.
206 * doc/sag/Linux-PAM_SAG.xml: Likewise.
208 2008-03-31 Dan Walsh <dwalsh@redhat.com>
210 * modules/pam_sepermit/pam_sepermit.c(sepermit_lock): Mark lock fd to
213 2008-03-25 Leah Liu <lliu@redhat.com>
215 * po/zh_CN.po: Updated translation.
217 2008-03-20 Tomas Mraz <t8m@centrum.cz>
219 * modules/pam_namespace/pam_namespace.c(poly_name): Switch to USER
220 method only when appropriate.
221 (setup_namespace): Do not umount when not mounted with RUSER.
223 * modules/pam_selinux/pam_selinux.c(pam_sm_close_session): Call
224 freecontext() after the context is logged not before.
226 2008-03-18 Canniot Thomas <thomas.canniot@mrtomlinux.org>
228 * po/fr.po: Updated translation.
230 2008-03-13 Ankit Patel <ankit@redhat.com>
232 * po/gu.po: Updated translation.
234 2008-03-05 Tomas Mraz <t8m@centrum.cz>
236 * modules/pam_cracklib/pam_cracklib.c(pam_sm_chauthtok): Avoid
237 unnecessary x_strdup() of resp.
238 * modules/pam_ftp/pam_ftp(pam_sm_authenticate): Call _pam_overwrite()
239 before dropping password resp.
241 2008-03-03 Tomas Mraz <t8m@centrum.cz>
243 * modules/pam_selinux/pam_selinux.c: Do not translate syslog messages.
244 * po/Linux-PAM.pot: Update.
246 * libpam/pam_item.c(RESET): Rename to TRY_SET, handle strdup failure.
247 (pam_set_item): Use TRY_SET() also for PAM_AUTHTOK and PAM_OLDAUTHTOK.
248 Handle allocation failure for PAM_XAUTHDATA.
249 (pam_get_user): Return error when conversation returns NULL user.
250 Call pam_set_item() instead of RESET().
252 2008-02-26 Tomas Mraz <t8m@centrum.cz>
254 * modules/pam_unix/Makefile.am: Do not link to cracklib.
255 * modules/pam_unix/pam_unix_passwd.c(_pam_unix_approve_pass):
256 Do not call FascistCheck() from cracklib.
258 2008-02-29 Fabian Affolter <fab@fedoraproject.org>
260 * po/de.po: Updated translation.
262 2008-02-28 Piotr Drąg <piotrdrag@gmail.com>
264 * po/pl.po: Updated translation.
266 2008-02-26 Tomas Mraz <t8m@centrum.cz>
268 * po/LINUGAS: New languages added.
269 * po/es.po: Updated translations.
270 * po/fr.po: Likewise.
271 * po/it.po: Likewise.
272 * po/ja.po: Likewise.
273 * po/nl.po: Likewise.
274 * po/pl.po: Likewise.
275 * po/pt_BR.po: Likewise.
276 * po/ru.po: Likewise.
277 * po/zh_CN.po: Likewise.
278 * po/as.po: New file.
279 * po/gu.po: Likewise.
280 * po/hi.po: Likewise.
281 * po/kn.po: Likewise.
282 * po/ko.po: Likewise.
283 * po/ml.po: Likewise.
284 * po/or.po: Likewise.
285 * po/si.po: Likewise.
286 * po/ta.po: Likewise.
288 2008-02-21 Tomas Mraz <t8m@centrum.cz>
290 * libpam/pam_audit.c (_pam_audit_writelog): Silence syslog
291 message on non-error return.
293 * modules/pam_unix/unix_chkpwd.c (main): Proceed as unprivileged
294 user when checking password of another user.
295 * modules/pam_unix/unix_update.c: Fix comment.
297 2008-02-18 Dmitry V. Levin <ldv@altlinux.org>
299 * libpam/pam_handlers.c (_pam_assemble_line): Fix potential
301 * xtests/tst-pam_assemble_line1.pamd: New test for
303 * xtests/tst-pam_assemble_line1.sh: New script for
304 tst-pam_assemble_line1.
305 * xtests/Makefile.am (NOSRCTESTS): Add tst-pam_assemble_line1.
306 (EXTRA_DIST): Add tst-pam_assemble_line1.pamd and
307 tst-pam_assemble_line1.sh
309 * modules/pam_exec/pam_exec.c (call_exec): Fix asprintf return
312 2008-02-13 Thorsten Kukuk <kukuk@thkukuk.de>
314 * release version 0.99.10.0
316 * configure.in: set version number.
318 * modules/pam_rhosts/Makefile.am: Remove pam_rhosts_auth.
319 * modules/pam_rhosts/pam_rhosts_auth.c: Removed.
320 * modules/pam_rhosts/tst-pam_rhosts_auth: Removed.
322 * modules/pam_namespace/Makefile.am (noinst_HEADERS): Add
325 2008-02-13 Tomas Mraz <t8m@centrum.cz>
327 * modules/pam_namespace/Makefile.am: Add argv_parse files and namespace.d
329 * modules/pam_namespace/argv_parse.c: New file.
330 * modules/pam_namespace/argv_parse.h: New file.
331 * modules/pam_namespace/namespace.conf.5.xml: Document new features.
332 * modules/pam_namespace/pam_namespace.8.xml: Likewise.
333 * modules/pam_namespace/pam_namespace.h: Use SECURECONF_DIR define.
334 Define NAMESPACE_D_DIR and NAMESPACE_D_GLOB. Define new option flags
336 (polydir_s): Add rdir, replace exclusive with flags, add init_script,
337 owner, group, and mode.
338 (instance_data): Add ruser, gid, and ruid.
339 * modules/pam_namespace/pam_namespace.c: Remove now unused copy_ent().
340 (add_polydir_entry): Add the entry directly, no copy.
341 (del_polydir): New function.
342 (del_polydir_list): Call del_polydir().
343 (expand_variables, parse_create_params, parse_iscript_params,
344 parse_method): New functions.
345 (process_line): Call expand_variables() on polydir and instance prefix.
346 Call argv_parse() instead of strtok_r(). Allocate struct polydir_s on heap.
347 (parse_config_file): Parse .conf files from namespace.d dir after
349 (form_context): Call getcon() or get_default_context_with_level() when
350 appropriate flags are set.
351 (poly_name): Handle shared polydir flag.
352 (inst_init): Execute non-default init script when specified.
353 (create_polydir): New function.
354 (create_dirs): Remove the code which checks the polydir. Do not call
355 inst_init() when noinit flag is set.
356 (ns_setup): Check the polydir and eventually create it if the create flag
358 (setup_namespace): Use ruser uid from idata. Set the namespace polydir
359 pam data only when namespace was set up correctly. Unmount polydir
361 (get_user_data): New function.
362 (pam_sm_open_session): Check for use_current_context and
363 use_default_context options. Call get_user_data().
364 (pam_sm_close_session): Call get_user_data().
366 2008-02-06 Thorsten Kukuk <kukuk@thkukuk.de>
368 * po/de.po: Translate some more strings.
370 2008-02-05 Thorsten Kukuk <kukuk@thkukuk.de>
372 * modules/pam_unix/unix_update.c: Remove unused declarations.
374 2008-02-04 Thorsten Kukuk <kukuk@thkukuk.de>
376 * libpam/pam_static_modules.h: Add _pam_sepermit_modstruct.
377 * modules/pam_sepermit/pam_sepermit.c: Fix typo.
378 * modules/pam_sepermit/Makefile.am: Install config file only
379 if we build the module.
381 * README: Add --disable-pie to configure options for static library.
383 * doc/man/Makefile.am: Fix building outside of src directory.
385 * libpam/Makefile.am: Bump version number of libpam.
387 * modules/Makefile.am: Add pam_sepermit.
389 * doc/Makefile.am: Fix build out of source directory.
391 * po/POTFILES.in: Add pam_sepermit.c.
393 * modules/pam_exec/pam_exec.c: Set PAM environment variables and
395 * modules/pam_exec/pam_exec.8.xml: Document new behavior.
396 Patch from Julien Lecomte <julien@lecomte.at>.
398 2008-02-01 Tomas Mraz <t8m@centrum.cz>
400 * modules/pam_namespace/namespace.conf.5.xml: Add documentation for
401 tmpfs and tmpdir polyinst and for ~ user list modifier.
402 * modules/pam_namespace/namespace.init: Add documentation for the
403 new init parameter. Add home directory initialization script.
404 * modules/pam_namespace/pam_namespace.8.xml: Document the new
405 init parameter of the namespace.init script.
406 * modules/pam_namespace/pam_namespace.c(copy_ent): Copy exclusive flag.
407 (cleanup_data): New function.
408 (process_line): Set exclusive flag. Add tmpfs and tmpdir methods.
409 (ns_override): Change behavior on the exclusive flag.
410 (poly_name): Process tmpfs and tmpdir methods.
411 (inst_init): Add flag for new directory initialization.
412 (create_dirs): Process the tmpdir method, add the new directory
414 (ns_setup): Remove unused code. Process the tmpfs method.
415 (cleanup_tmpdirs): New function.
416 (setup_namespace): Set data for proper cleanup. Cleanup the tmpdirs
418 (pam_sm_close_session): Instead of parsing the config file again use
419 the previously set data for cleanup.
420 * modules/pam_namespace/pam_namespace.h: Add TMPFS and TMPDIR methods
423 2008-01-29 Tomas Mraz <t8m@centrum.cz>
425 * configure.in: Test for setkeycreatecon needs libselinux.
426 Add new module pam_sepermit.
427 * modules/Makefile.am: Add new module pam_sepermit.
428 * modules/pam_sepermit/.cvsignore: New file.
429 * modules/pam_sepermit/Makefile.am: Likewise.
430 * modules/pam_sepermit/README.xml: Likewise.
431 * modules/pam_sepermit/pam_sepermit.8.xml: Likewise.
432 * modules/pam_sepermit/pam_sepermit.c: Likewise.
433 * modules/pam_sepermit/sepermit.conf: Likewise.
434 * modules/pam_sepermit/tst-pam_sepermit: Likewise.
435 * doc/sag/pam_sepermit.xml: Likewise.
437 * doc/sag/pam_tty_audit.xml: Add pam_tty_audit to SAG.
439 2008-01-29 Miloslav Trmac <mitr@redhat.com>
441 * modules/pam_tty_audit/README.xml: Add notes section.
442 * modules/pam_tty_audit/pam_tty_audit.8.xml: Describe patterns
443 support and open_only option. Add notes.
444 * modules/pam_tty_audit/pam_tty_audit.c(pam_sm_open_session): Add
445 support for pattern matching and the open_only option.
447 2008-01-28 Thorsten Kukuk <kukuk@thkukuk.de>
449 * libpam/pam_audit.c: Include pam_modutil_private.h.
451 * libpam/pam_item.c (pam_set_item): Fix compiler warning.
453 * libpam/pam_end.c (pam_end): Cast to correct pointer type.
454 * libpam/include/security/_pam_macros.h (_pam_overwrite_n): Use
457 * modules/pam_unix/passverify.c: Fix compiling without SELinux
460 2008-01-24 Tomas Mraz <t8m@centrum.cz>
462 * modules/pam_unix/bigcrypt.c (bigcrypt): Use crypt_r() when
464 * modules/pam_unix/passverify.c (strip_hpux_aging): New function
465 to strip HP/UX aging info from password hash.
466 (verify_pwd_hash): Call strip_hpux_aging(), use crypt_r() when
469 2008-01-23 Tomas Mraz <t8m@centrum.cz>
471 * configure.in: Add test for crypt_r(). Add setting/disabling random
474 * modules/pam_unix/Makefile.am: Add unix_update.8 manpage generated from
475 XML, generate also unix_chkpwd.8 from XML.
476 * modules/pam_unix/pam_unix_acct.c: Add rounds parameter to _set_ctrl().
477 * modules/pam_unix/pam_unix_auth.c: Likewise.
478 * modules/pam_unix/pam_unix_sess.c: Likewise.
479 * modules/pam_unix/pam_unix_passwd.c: Likewise.
480 * modules/pam_unix/support.c(_set_ctrl): Likewise.
481 * modules/pam_unix/support.h: Likewise. Add UNIX_SHA256_PASS,
482 UNIX_SHA512_PASS, and UNIX_ALGO_ROUNDS ctrls.
483 (pam_sm_chauthtok): Refactor out new password encryption.
484 * modules/pam_unix/passverify.c(crypt_make_salt): New function.
485 (crypt_md5_wrapper): Call crypt_make_salt().
486 (create_password_hash): New function refactored out of
487 pam_sm_chauthtok(). Support for new password hashes.
488 * modules/pam_unix/passverify.h: Drop ascii_to_bin() and bin_to_ascii()
489 macros. Add prototype for create_password_hash().
490 * modules/pam_unix/unix_update.8.xml: New file.
491 * modules/pam_unix/unix_chkpwd.8.xml: Likewise.
493 * modules/pam_unix/Makefile.am: Add unix_update helper.
494 * modules/pam_unix/pam_unix_passwd.c: Move functions i64c(),
495 crypt_md5_wrapper(), save_old_password(), _update_passwd() and
496 _update_shadow() to passverify.c file. Rename _unix_run_shadow_binary()
497 to _unix_run_update_binary(), which also verifies old password and
499 (_do_setpass, pam_sm_chauthtok): lckpwdf()->lock_pwdf(), the same for unlock.
500 Call _unix_run_update_binary() appropriately.
501 _update_passwd()->unix_update_passwd(), the same for shadow.
502 * modules/pam_unix/passverify.c: Add new functions moved from
503 pam_unix_passwd.c and unix_chkpwd.c.
504 * modules/pam_unix/passverify.h: Likewise.
505 * modules/pam_unix/unix_chkpwd.c: Remove SELinux checks. Move
506 su_sighandler(), setup_signals(), getuidname() to passverify.c.
507 (main): Remove 'shadow' option. Refactor out read_passwords() and
508 call it. More strict checking how the binary is called.
509 * modules/pam_unix/unix_update.c: New helper binary - non-setuid,
510 called from SELinux confined apps only.
512 * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Return
513 status and daysleft instead of fake shadow entry.
514 (pam_sm_acct_mgmt): Call _unix_run_verify_binary() appropriately.
515 * modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Call
516 get_account_info() and check_shadow_expiry().
517 * modules/pam_unix/support.h: Adjust _unix_run_verify_binary()
519 * modules/pam_unix/support.c (_unix_run_helper_binary): Remove check
520 on selinux enabled/disabled.
521 * modules/pam_unix/unix_chkpwd.c (_verify_account): Rename to
522 _check_expiry(), now checks shadow expiry info.
523 (main): Remove check on selinux enabled/disabled. Check shadow
524 expiry through _check_expiry().
526 * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Call
527 get_account_info() and check_shadow_expiry().
528 * modules/pam_unix/passverify.c: Add get_account_info() to
529 obtain shadow and passwd entry. Add check_shadow_expiry() to
530 for shadow password expiry check.
531 (get_pwd_hash): Call get_account_info().
532 * modules/pam_unix/passverify.h: Add prototypes for get_account_info()
533 and check_shadow_expiry().
535 2008-01-08 Thorsten Kukuk <kukuk@thkukuk.de>
537 * doc/man/Makefile.am: Fix manual page dependencies,
538 add hack for bug in xsl stylestheets.
540 2008-01-07 Thorsten Kukuk <kukuk@thkukuk.de>
542 * po/it.po: Fix typos.
543 * po/de.po: Few new translations.
544 * po/POTFILES.in: Add pam_tty_audit.c and passverify.c.
545 * doc/man/pam_xauth_data.3.xml: Added to CVS.
546 * doc/man/pam_xauth_data.3: Likewise.
547 * modules/pam_tty_audit/README: Likewise.
548 * modules/pam_tty_audit/pam_tty_audit.8: Likewise.
549 * po/sv.po: Update swedish translation [#1857531].
550 * modules/pam_succeed_if/pam_succeed_if.8.xml: Fix
551 cut & paste error [#1863490].
553 2008-01-02 Petteri Räty <betelgeuse@gentoo.org>
554 * modules/pam_limits/limits.conf: document allowed values for
556 * modules/pam_limits/limits.conf.5.xml: Likewise.
558 2007-12-18 Thorsten Kukuk <kukuk@thkukuk.de>
560 * README: Document how to run make check with static modules
563 2007-12-18 Peter Breitenlohner <peb@mppmu.mpg.de>
564 * README: Document that "make check" requires a file
565 /etc/pam.d/other (SF#1822764).
567 2007-12-12 Eamon Walsh <ewalsh@tycho.nsa.gov>
569 * doc/man/pam_item_types_ext.inc.xml: More appropriate wording
570 for PAM_XDISPLAY doc.
572 2007-12-07 Tomas Mraz <t8m@centrum.cz>
574 * po/cs.po: Updated translations.
576 * libpam/libpam.map: Add LIBPAM_MODUTIL_1.1 version.
577 * libpam/pam_audit.c: Add _pam_audit_open() and
578 pam_modutil_audit_write().
579 (_pam_auditlog): Call _pam_audit_open().
580 * libpam/include/security/pam_modutil.h: Add pam_modutil_audit_write().
581 * modules/pam_access/pam_access.8.xml: Add noaudit option.
583 * modules/pam_access/pam_access.c: Move fs, sep, pam_access_debug, and
584 only_new_group_syntax variables to struct login_info. Add noaudit
586 (_parse_args): Adjust for the move of variables and add support for
588 (group_match): Add debug parameter.
589 (string_match): Likewise.
590 (network_netmask_match): Likewise.
591 (login_access): Adjust for the move of variables. Add nonall_match.
592 Add call to pam_modutil_audit_write().
593 (list_match): Adjust for the move of variables.
594 (user_match): Likewise.
595 (from_match): Likewise.
596 (pam_sm_authenticate): Call _parse_args() earlier.
597 * modules/pam_limits/pam_limits.8.xml: Add noaudit option.
599 * modules/pam_limits/pam_limits.c (_pam_parse): Add noaudit option.
600 (setup_limits): Call pam_modutil_audit_write().
601 * modules/pam_time/pam_time.8.xml: Add debug and noaudit options.
603 * modules/pam_time/pam_time.c: Add option parsing (_pam_parse()).
604 (check_account): Call _pam_parse(). Call pam_modutil_audit_write()
605 and pam_syslog() on login denials.
607 2007-12-07 Luca Bruno <luca.br@uno.it>
609 * po/it.po: Updated translations.
611 2007-12-06 Eamon Walsh <ewalsh@tycho.nsa.gov>
613 * libpam/include/security/_pam_macros.h: Add _pam_overwrite_n()
615 * libpam/include/security/_pam_types.h: Add PAM_XDISPLAY,
616 PAM_XAUTHDATA items, pam_xauth_data struct.
617 * libpam/pam_item.c (pam_set_item, pam_get_item): Handle
618 PAM_XDISPLAY and PAM_XAUTHDATA items.
619 * libpam/pam_end.c (pam_end): Destroy the new items.
620 * libpam/pam_private.h (pam_handle): Add data members for new
621 items. Add prototype for _pam_memdup.
622 * libpam/pam_misc.c: Add _pam_memdup.
623 * doc/man/Makefile.am: Add pam_xauth_data.3. Replace
624 pam_item_types.inc.xml with pam_item_types_std.inc.xml and
625 pam_item_types_ext.inc.xml.
626 * doc/man/pam_get_item.3.xml: Replace pam_item_types.inc.xml
627 with pam_item_types_std.inc.xml and pam_item_types_ext.inc.xml.
628 * doc/man/pam_set_item.3.xml: Likewise.
629 * doc/man/pam_item_types.inc.xml: Removed file.
630 * doc/man/pam_item_types_ext.inc.xml: New file.
631 * doc/man/pam_item_types_std.inc.xml: New file.
633 2007-12-06 Tomas Mraz <t8m@centrum.cz>
635 * modules/pam_tty_audit/pam_tty_audit.8.xml: Fix example.
637 2007-12-05 Miloslav Trmac <mitr@redhat.com>
639 * configure.in: Add test for audit_tty_status struct. Add
640 pam_tty_audit module.
641 * libpam/pam_static_modules.h: Add pam_tty_audit module.
642 * modules/pam_tty_audit/Makefile.am: New file.
643 * modules/pam_tty_audit/README.xml: Likewise.
644 * modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise.
645 * modules/pam_tty_audit/pam_tty_audit.c: Likewise.
647 2007-12-05 Tomas Mraz <t8m@centrum.cz>
649 * modules/pam_unix/Makefile.am: Add passverify.h and passverify.c
650 as first part of pam_unix refactorization.
651 * modules/pam_unix/pam_unix/pam_unix_acct.c: Include passverify.h.
652 * modules/pam_unix/pam_unix_passwd.c: Likewise.
653 * modules/pam_unix/passverify.c: New file with common functions.
654 * modules/pam_unix/passverify.h: Prototypes for the common functions.
655 * modules/pam_unix/support.c: Include passverify.h, move
656 _unix_shadowed() to passverify.c.
657 (_unix_verify_password): Refactor out verify_pwd_hash() function.
658 * modules/pam_unix/support.h: Move _unix_shadowed() prototype to
660 * modules/pam_unix/unix_chkpwd.c: Use _unix_shadowed() and
661 verify_pwd_hash() from passverify.c.
663 2007-11-20 Thorsten Kukuk <kukuk@thkukuk.de>
665 * modules/pam_unix/Makefile.am (unix_chkpwd_LDADD): Don't link
666 unix_chkpwd unnecessary against libpam (#1822779).
668 * modules/pam_tally/pam_tally.c (tally_log): Map
669 pam_modutil_getpwnam to getpwnam if we don't compile
671 * modules/pam_tally/Makefile.am: Don't link pam_tally_app
672 against libpam (#1822779).
674 2007-11-06 Thorsten Kukuk <kukuk@thkukuk.de>
676 * xtests/tst-pam_group1.c: Include stdlib.h
677 * xtests/tst-pam_succeed_if1.c: Likewise.
678 * xtests/tst-pam_limits1.c: Likewise.
679 * xtests/tst-pam_access1.c: Likewise.
680 * xtests/tst-pam_access2.c: Likewise.
681 * xtests/tst-pam_access3.c: Likewise.
682 * xtests/tst-pam_access4.c: Likewise.
683 * xtests/tst-pam_unix1.c: Likewise.
684 * xtests/tst-pam_unix2.c: Likewise.
685 * xtests/tst-pam_unix3.c: Likewise.
686 * xtests/tst-pam_cracklib1.c: Likewise.
687 * xtests/tst-pam_cracklib2.c: Likewise.
689 * libpam/pam_static_modules.h: Fix name of pam_namespace variable.
691 2007-11-01 Peter Breitenlohner <peb@mppmu.mpg.de>
693 * doc/man/pam_conv.3.xml: Correct typo.
695 2007-10-30 Peter Breitenlohner <peb@mppmu.mpg.de>
697 * modules/pam_rhosts/pam_rhosts_auth.c (__icheckhost): Correct
698 misplaced parenthesis.
699 * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Prevent use of
700 dngettext() when NLS is disabled.
701 * modules/pam_exec/pam_exec.c (call_exec): Avoid gcc warning.
702 * doc/specs/parse_y.y (set_label, new_counter): Break trigraphs to
704 * modules/pam_wheel/pam_wheel.c: Remove excessive initializer
707 * modules/pam_cracklib/pam_cracklib.8.xml: Correct typo.
708 * modules/pam_limits/limits.conf.5.xml: Likewise.
709 * modules/pam_listfile/pam_listfile.8.xml: Likewise.
710 * modules/pam_xauth/pam_xauth.8.xml: Likewise.
712 * modules/pam_deny/pam_deny.8.xml: Correct spelling.
713 * modules/pam_group/pam_group.8.xml: Likewise.
714 * modules/pam_permit/pam_permit.8.xml: Likewise.
715 * modules/pam_shells/pam_shells.8.xml: Likewise.
716 * modules/pam_time/pam_time.8.xml: Likewise.
717 * modules/pam_warn/pam_warn.8.xml: Likewise.
719 * tests/tst-dlopen.c: Return 77 in case of static modules, such that
720 all modules/pam_*/tst-pam_* tests yield SKIP instead of FAIL.
721 * libpam/Makefile.am (libpam_la_LIBADD): Use "$(shell ls ...)" instead
722 of "`ls ...`", to allow for static modules.
723 * libpam/pam_static_modules.h: Make pam_keyinit module depend on
724 HAVE_KEY_MANAGEMENT; correct name of pam_faildelay pam_module struct.
725 * modules/pam_faildelay/pam_faildelay.c: Correct name of pam_module
728 2007-10-25 Steve Langasek <vorlon@debian.org>
730 * modules/pam_tally/pam_tally.c: fix the definition of OPT_AUDIT
731 to be octal instead of decimal, so that it works properly in a
732 bit field instead of forcing the "even_deny_root_account" and
733 "no_reset" options to on.
734 Patch from Corey Wright <undefined@pobox.com>.
736 2007-10-19 Tomas Mraz <t8m@centrum.cz>
738 * xtests/tst-pam_access1.c: Use different name for user and group.
739 * xtests/tst-pam_access1.sh: Likewise.
740 * xtests/tst-pam_access2.c: Likewise.
741 * xtests/tst-pam_access2.sh: Likewise.
742 * xtests/tst-pam_access4.c: Likewise.
743 * xtests/tst-pam_access4.sh: Likewise.
744 * xtests/group.conf: Likewise.
745 * xtests/tst-pam_group1.c: Likewise.
746 * xtests/tst-pam_group1.sh: Likewise.
748 * libpam/pam_dispatch.c (_pam_dispatch_aux): Save states for substacks,
749 record substack level, skip over virtual substack modules, implement
750 evaluation of done, die, reset and jumps in substacks. Also fixes
751 too far jumps in substacks.
752 * libpam/pam_end.c (pam_end): Drop substack evaluation states.
753 * libpam/pam_handlers.c (_pam_parse_conf_file): Add substack level
754 parameter, instead of must_fail use handler_type needed for virtual
756 (_pam_load_conf_file): Add substack level parameter.
757 (_pam_init_handlers): Substack level parameter added to
758 _pam_parse_conf_file() calls.
759 (_pam_load_module): New function.
760 (_pam_add_handler): Refactor code into the _pam_load_module(). Add
761 support for virtual substack modules.
762 * libpam/pam_private.h: Rename must_fail to handler_type, add stack_level
763 to struct handler. Define handler type constants. Add struct
764 for substack evaluation states. Define constant for maximum
765 substack level. Add substack states pointer to former state struct.
766 * libpam/pam_start.c (pam_start): Initialize pointer to substack states.
767 * doc/man/pam.conf-syntax.xml: Document substack control.
768 * xtests/Makefile.am: Add new tests for substack evaluation.
769 * xtests/run_xtests.sh: Support multiple .pamd files in a test.
770 * xtests/tst-pam_authfail.pamd: New tests for substack evaluation.
771 * xtests/tst-pam_authsucceed.pamd: Likewise.
772 * xtests/tst-pam_substack1.pamd: Likewise.
773 * xtests/tst-pam_substack1a.pamd: Likewise.
774 * xtests/tst-pam_substack1.sh: Likewise.
775 * xtests/tst-pam_substack2.pamd: Likewise.
776 * xtests/tst-pam_substack2a.pamd: Likewise.
777 * xtests/tst-pam_substack2.sh: Likewise.
778 * xtests/tst-pam_substack3.pamd: Likewise.
779 * xtests/tst-pam_substack3a.pamd: Likewise.
780 * xtests/tst-pam_substack3.sh: Likewise.
781 * xtests/tst-pam_substack4.pamd: Likewise.
782 * xtests/tst-pam_substack4a.pamd: Likewise.
783 * xtests/tst-pam_substack4.sh: Likewise.
784 * xtests/tst-pam_substack5.pamd: Likewise.
785 * xtests/tst-pam_substack5a.pamd: Likewise.
786 * xtests/tst-pam_substack5.sh: Likewise.
788 2007-10-18 Tomas Mraz <t8m@centrum.cz>
790 * xtests/tst-pam_dispatch4.c: Fix comment about the test.
791 * xtests/tst-pam_dispatch4.pamd: Improve the testcase.
792 * xtests/tst-pam_cracklib2.c: Make the testcase more robust.
794 2007-10-12 Thorsten Kukuk <kukuk@thkukuk.de>
796 * xtests/Makefile.am: Add tst-pam_dispatch5 sources
797 * xtests/tst-pam_dispatch5.c: New test for jump too far.
798 * xtests/tst-pam_dispatch5.pamd: New test configuration.
800 2007-10-09 Tomas Mraz <t8m@centrum.cz>
802 * modules/pam_tally/pam_tally.8.xml: Document audit option
805 2007-10-09 Thorsten Kukuk <kukuk@thkukuk.de>
807 * release version 0.99.9.0
809 * configure.in: Increase vesion number.
811 * libpam/Makefile.am: Increase release number.
812 * libpam_misc/Makefile.am: Increase release number.
814 * po/*.po: Regenerate.
816 2007-10-08 Thorsten Kukuk <kukuk@thkukuk.de>
818 * modules/pam_time/pam_time.c (is_same): Length of strings without
819 wildcard needs to be the same.
820 * modules/pam_group/pam_group.c (is_same): Likewise.
822 2007-10-01 Thorsten Kukuk <kukuk@thkukuk.de>
824 * xtests/tst-pam_group1.c: New test case for user compare in pam_group.
825 * xtests/tst-pam_group1.sh: Script to run test case.
826 * xtests/tst-pam_group1.pamd: Config for test case.
827 * xtests/Makefile.am: Add tst-pam_group1 test case.
828 * xtests/run-xtests.sh: Save/restore group.conf.
829 * xtests/group.conf: New.
831 * modules/pam_xauth/pam_xauth.c (pam_sm_open_session): Don't
832 free arguments used for putenv().
834 * doc/man/pam_putenv.3.xml: Document that application has to free
837 2007-09-27 Tomas Mraz <t8m@centrum.cz>
839 * modules/pam_succeed_if/pam_succeed_if.c (evaluate_inlist): Fix in
840 operator rhbz #295151.
841 * modules/pam_namespace/pam_namespace.c (poly_name): Do not try to
842 get context when SELinux is disabled.
844 2007-09-27 Thorsten Kukuk <kukuk@thkukuk.de>
846 * xtests/tst-pam_succeed_if1.c: New test case for
847 https://bugzilla.redhat.com/show_bug.cgi?id=295151
848 * xtests/tst-pam_succeed_if1.sh: Script to run test case.
849 * xtests/tst-pam_succeed_if1.pamd: Config for test case.
850 * xtests/Makefile.am: Add tst-pam_succeed_if1 test case.
852 * xtests/run-xtests.sh: Add support to skip tests.
853 * xtests/tst-pam_limits1.c: Skip test if RLIMIT_NICE is not
856 2007-09-03 Steve Langasek <vorlon@debian.org>
858 * modules/pam_limits/pam_limits.c: remove a number of unnecessary
859 string manipulations, including a strncpy() that was acting on
862 * libpam_misc/misc_conv.c: don't block SIGINT in misc_conv; it's
863 perfectly valid to allow the user to interrupt at a prompt. If
864 an application wants prompts to not be interruptable, the
865 application should take responsibility for blocking SIGINT.
867 2007-09-02 Thorsten Kukuk <kukuk@thkukuk.de>
869 * examples/Makefile.am: Fix usage of LIBADD, LDADD and LDFLAGS.
870 * libpam/Makefile.am: Likewise.
871 * modules/pam_access/Makefile.am: Likewise.
872 * modules/pam_cracklib/Makefile.am: Likewise.
873 * modules/pam_debug/Makefile.am: Likewise.
874 * modules/pam_deny/Makefile.am: Likewise.
875 * modules/pam_echo/Makefile.am: Likewise.
876 * modules/pam_env/Makefile.am: Likewise.
877 * modules/pam_exec/Makefile.am: Likewise.
878 * modules/pam_faildelay/Makefile.am: Likewise.
879 * modules/pam_filter/Makefile.am: Likewise.
880 * modules/pam_filter/upperLOWER/Makefile.am: Likewise.
881 * modules/pam_ftp/Makefile.am: Likewise.
882 * modules/pam_group/Makefile.am: Likewise.
883 * modules/pam_issue/Makefile.am: Likewise.
884 * modules/pam_keyinit/Makefile.am: Likewise.
885 * modules/pam_lastlog/Makefile.am: Likewise.
886 * modules/pam_limits/Makefile.am: Likewise.
887 * modules/pam_listfile/Makefile.am: Likewise.
888 * modules/pam_localuser/Makefile.am: Likewise.
889 * modules/pam_loginuid/Makefile.am: Likewise.
890 * modules/pam_mail/Makefile.am: Likewise.
891 * modules/pam_mkhomedir/Makefile.am: Likewise.
892 * modules/pam_motd/Makefile.am: Likewise.
893 * modules/pam_namespace/Makefile.am: Likewise.
894 * modules/pam_nologin/Makefile.am: Likewise.
895 * modules/pam_permit/Makefile.am: Likewise.
896 * modules/pam_rhosts/Makefile.am: Likewise.
897 * modules/pam_rootok/Makefile.am: Likewise.
898 * modules/pam_securetty/Makefile.am: Likewise.
899 * modules/pam_selinux/Makefile.am: Likewise.
900 * modules/pam_shells/Makefile.am: Likewise.
901 * modules/pam_stress/Makefile.am: Likewise.
902 * modules/pam_succeed_if/Makefile.am: Likewise.
903 * modules/pam_tally/Makefile.am: Likewise.
904 * modules/pam_time/Makefile.am: Likewise.
905 * modules/pam_umask/Makefile.am: Likewise.
906 * modules/pam_unix/Makefile.am: Likewise.
907 * tests/Makefile.am: Likewise.
909 2007-08-31 Steve Langasek <vorlon@debian.org>
911 * modules/pam_group/group.conf: don't use "games" as an example
912 group, on some distros this is a pre-existing group that it would
913 be a security hole to give users access to.
915 2007-08-30 Thorsten Kukuk <kukuk@thkukuk.de>
917 * modules/pam_limits/limits.conf.5.xml: Document that maxlogins
918 is ignored for users with UID 0.
920 2007-08-30 Steve Langasek <vorlon@debian.org>
922 * modules/pam_unix/support.c, modules/pam_unix/unix_chkpwd.c:
923 A wrong username doesn't need to be logged at LOG_ALERT;
924 LOG_WARNING should be sufficient.
925 Patch from Sam Hartman <hartmans@debian.org>.
927 * modules/pam_cracklib/pam_cracklib.c:
928 s/CRACKLIB_DICT/CRACKLIB_DICTS/, for consistency with existing
931 2007-08-29 Steve Langasek <vorlon@debian.org>
933 * libpam/pam_modutil_getgrgid.c, libpam/pam_modutil_getgrnam.c,
934 libpam/pam_modutil_getpwnam.c, libpam/pam_modutil_getpwuid.c,
935 libpam/pam_modutil_getspnam.c: don't use pthread mutexes in libpam
936 unnecessarily; this avoids linking problems on non-Linux
939 * modules/pam_listfile/pam_listfile.c, modules/pam_listfile/README,
940 modules/pam_listfile/pam_listfile.8,
941 modules/pam_listfile/pam_listfile.8.xml: add a 'quiet' option to
942 avoid logging errors any time a user is refused service by this
945 2007-08-29 Thorsten Kukuk <kukuk@thkukuk.de>
947 * modules/pam_rhosts/pam_rhosts_auth.c: buflen needs to be size_t.
948 (__icheckhost): Cast to int32_t to fix limited range error.
950 * modules/pam_cracklib/pam_cracklib.c: Mark cracklib_dictpath
953 2007-08-29 Steve Langasek <vorlon@debian.org>
955 * modules/pam_rhosts/pam_rhosts_auth.c: getline returns -1 at
956 EOF, not 0. Check accordingly to fix an infinite loop. Thanks
957 to Stephan Springl <springl-rhosts@bfw-online.de> for catching
960 2007-08-28 Steve Langasek <vorlon@debian.org>
962 * configure.in: call AC_CHECK_HEADERS instead of AC_CHECK_HEADER
963 for crack.h, so we get a HAVE_CRACK_H define.
964 * modules/pam_cracklib/pam_cracklib.c: don't copy around the
965 cracklib dictpath into a fixed-width buffer, when we can just
966 point at the existing strings; and allow users to override the
967 default cracklib path with -DCRACKLIB_DICT, required for
968 compatibility with cracklib 2.7.
970 2007-08-27 Steve Langasek <vorlon@debian.org>
972 * modules/pam_limits/pam_limits.c: when building on non-Linux
973 systems, give a warning only, not an error; no one seems to
974 remember why this error was here in the first place, but leave
975 something in that might still grab the attention of non-Linux
977 Patch from Michal Suchanek <hramrach_l@centrum.cz>.
978 * configure.in, modules/pam_rhosts/pam_rhosts_auth.c: check for
979 the presence of net/if.h before using, required for Hurd
981 Patch from Igor Khavkine <i_khavki@alcor.concordia.ca>.
982 * modules/pam_limits/pam_limits.c: conditionalize the use of
983 RLIMIT_AS, which is not present on the Hurd.
984 Patch from Igor Khavkine <i_khavki@alcor.concordia.ca>.
985 * modules/pam_rhosts/pam_rhosts_auth.c: use getline() instead of
986 a static buffer when available; fixes the build on systems
987 without MAXHOSTNAMELEN (i.e., the Hurd).
988 * modules/pam_xauth/pam_xauth.c: make sure PATH_MAX is defined
991 2007-08-26 Andrew Morgan <morgan@kernel.org>
993 * doc/man/pam.conf-syntax.xml
994 Minor fixes: '\[' -> '\]'.
996 2007-08-25 Steve Langasek <vorlon@debian.org>
998 * doc/man/pam.conf-syntax.xml, doc/man/pam.conf.5:
999 Document "new" control options conv_again and incomplete, supported
1000 in pam.d's extended syntax.
1001 Patch from Ben Collins <bcollins@debian.org>.
1003 2007-08-15 Tomas Mraz <t8m@centrum.cz>
1005 * modules/pam_access/pam_access.c (list_match): Add explicit
1006 sptr argument for strtok_r, otherwise the code is not portable.
1008 2007-08-13 Olivier Blin <blino@mandriva.com>
1010 * doc/man/pam.3.xml: Fix typo.
1011 * doc/man/pam.3: Likewise.
1012 * doc/man/pam_end.3.xml: Likewise.
1013 * doc/man/pam_end.3: Likewise.
1015 2007-07-18 Thorsten Kukuk <kukuk@thkukuk.de>
1017 * release version 0.99.8.1
1019 * libpam/pam_audit.c: Include unistd.h for getuid().
1020 * libpam/Makefile.am: Bump version number.
1022 2007-07-12 Thorsten Kukuk <kukuk@thkukuk.de>
1024 * libpam/pam_audit.c (_pam_audit_writelog): Don't return
1025 error if application runs as normal user. Fixes regression
1026 introduced with last change.
1028 2007-07-10 Thorsten Kukuk <kukuk@thkukuk.de>
1030 * configure.in: Add --with-db-uniquename option to support
1031 db libraries and functions with unique name extension.
1032 Patch from Diego 'Flameeyes' Pettenò <flameeyes@gmail.com>.
1034 * modules/pam_limits/pam_limits.c: Include locale.h.
1036 2007-07-06 Thorsten Kukuk <kukuk@thkukuk.de>
1038 * release version 0.99.8.0
1040 * configure.in: Check for audit_log_acct_message instead of
1041 audit_log_user_message.
1042 * libpam/pam_audit.c: Use audit_log_acct_message.
1043 Based on patch from Mark J Cox <mjc@redhat.com>.
1044 * libpam/Makefile.am: Bump version number of libpam.
1046 * modules/pam_umask/pam_umask.c (set_umask): mode_t is 32bit,
1049 * xtests/tst-pam_limits1.c: Fix printf arguments.
1051 * po/*.po: Merge po files with latest code changes.
1053 2007-06-26 Thorsten Kukuk <kukuk@thkukuk.de>
1055 * modules/pam_limits/pam_limits.c (process_limit): Check upper and
1056 lower limit of nice value, fix off-by-one in conversation to rlim_t.
1057 * xtests/Makefile.am: Add new pam_limits test case.
1058 * xtests/limits.conf: New, config file for test case.
1059 * xtests/pam_limits1.c: New, test case for RLIMIT_NICE.
1060 * xtests/pam_limits1.sh: Likewise.
1061 * xtests/pam_limits1.pamd: Likewise.
1063 2007-06-25 Thorsten Kukuk <kukuk@thkukuk.de>
1065 * modules/pam_access/pam_access.c (list_match): Use saveptr of strtok_r
1066 result for recursive calls.
1067 * xtests/Makefile.am: Add new pam_access test cases.
1068 * xtests/pam_access1.c: New test case.
1069 * xtests/pam_access2.c: Likewise.
1070 * xtests/pam_access3.c: Likewise.
1071 * xtests/pam_access4.c: Likewise.
1072 * xtests/pam_access1.sh: Wrapper to create user accounts.
1073 * xtests/pam_access2.sh: Likewise.
1074 * xtests/pam_access3.sh: Likewise.
1075 * xtests/pam_access4.sh: Likewise.
1076 * xtests/pam_access1.pamd: PAM config file for pam_access tests.
1077 * xtests/pam_access2.pamd: Likewise.
1078 * xtests/pam_access3.pamd: Likewise.
1079 * xtests/pam_access4.pamd: Likewise.
1080 * xtests/access.conf: Config file for pam_access tests.
1081 * xtests/run-tests.sh: Install access.conf into system.
1083 2007-06-22 Thorsten Kukuk <kukuk@thkukuk.de>
1085 * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Print
1086 better error message if /proc/self/loginuid cannot be opened.
1088 * modules/pam_limits/pam_limits.c (process_limit): Check for
1089 variable overflow after multiplication [bnc#283001].
1091 * modules/pam_access/pam_access.c: Add new syntax for groups
1092 in access.conf to differentiate group names from account names.
1093 Based on patch from Julien Lecomte <julien@famille-lecomte.net>,
1094 solves feature request [#411390].
1095 * modules/pam_access/access.conf: Add example for new group
1097 * modules/pam_access/access.conf.5.xml: Document new syntax.
1099 2007-06-20 Thorsten Kukuk <kukuk@thkukuk.de>
1101 * modules/pam_cracklib/pam_cracklib.8.xml: Document new minclass
1103 * modules/pam_cracklib/pam_cracklib.c: Add support for minimum
1104 character classes [#1688777]. Based on patch from Keith Schincke.
1106 * xtests/tst-pam_cracklib2.c: New, test case for minclass option.
1107 * xtests/tst-pam_cracklib2.pamd: New, PAM config file for test case.
1108 * xtests/Makefile.am: Add new testcase.
1110 * xtests/pam_cracklib.c: Fix comment what this application tests.
1112 * configure.in: Use /lib64 on x86-64, ppc64, s390x, sparc64
1114 2007-06-15 Tomas Mraz <t8m@centrum.cz>
1116 * modules/pam_selinux/pam_selinux.8.xml: Remove multiple option,
1117 add select_context and use_current_range options.
1118 * modules/pam_selinux/pam_selinux.c (send_audit_message): Added
1119 function for auditing role/level changes.
1120 (query_response): Add default response.
1121 (select_context): Removed.
1122 (manual_context): Query only role and level.
1123 (mls_range_allowed): Added function for range check.
1124 (config_context): Added function for role and level override.
1125 (pam_sm_open_session): Remove multiple option, add select_context
1126 and use_current_range_options. Use getseuserbyname to obtain
1127 SELinux user and level. Audit role/level changes. Call setkeycreatecon
1128 to assign key creation context. Don't fail on errors when SELinux
1129 is not in enforcing mode.
1130 * configure.in: Check for setkeycreatecon().
1132 * modules/pam_namespace/README.xml: Avoid duplication of
1134 * modules/pam_namespace/namespace.conf: More real life example
1136 * modules/pam_namespace/namespace.conf.5.xml: Likewise plus
1137 properly describe how instance directory names are formed.
1138 * modules/pam_namespace/namespace.init: Preserve euid when
1139 called from setuid apps (su, newrole).
1140 * modules/pam_namespace/pam_namespace.8.xml: Added option
1141 no_unmount_on_close.
1142 * modules/pam_namespace/pam_namespace.c (process_line): Polyinst
1143 methods are now user, level and context. Fix crash on unknown
1144 override user in config file.
1145 (ns_override): Add explicit uid parameter.
1146 (form_context): Skip for user method. Implement level based
1148 (poly_name): Initialize contexts. Add level based polyinst,
1149 remove 'both' metod. Use raw contexts for instance names,
1150 truncate long instance names and add hash.
1151 (ns_setup): Hashing moved to poly_name().
1152 (setup_namespace): Handle correctly override users for
1153 su (when unmnt_remnt is used).
1154 (pam_sm_close_session): Added no_unmount_on_close option.
1155 * modules/pam_namespace/pam_namespace.h: Added
1156 no_unmount_on_close_option, level method, limit on instance
1157 directory name length.
1159 2007-05-04 Thorsten Kukuk <kukuk@suse.de>
1161 * xtests/run-xtests.sh: Use SRCDIR to find PAM config files.
1162 * xtests/Makefile.am: Call run-xtests.sh with srcdir as first
1164 Based on patch by Bernard Leak <thisisnotapipe@hotmail.com>.
1166 2007-04-30 Thorsten Kukuk <kukuk@thkukuk.de>
1168 * modules/pam_limits/limits.conf: Address space limit is KB.
1169 * modules/pam_limits/limits.conf.5.xml: Likewise.
1170 Reported by Thomas Vander Stichele <thomas@apestaart.org>.
1172 * modules/pam_mail/pam_mail.c (_do_mail): Remove duplicate
1173 check for PAM_SILENT and don't bail out if it is set [#1706247].
1175 2007-03-29 Tomas Mraz <t8m@centrum.cz>
1177 * modules/pam_access/pam_access.c (login_access, list_match):
1178 Replace strtok with strtok_r.
1179 * modules/pam_cracklib/pam_cracklib.c (check_old_password):
1181 * modules/pam_ftp/pam_ftp.c (lookup, pam_authenticate):
1183 * modules/pam_unix/pam_unix_passwd.c (check_old_password,
1184 save_old_password): Likewise.
1186 * modules/pam_limits/Makefile.am: Define limits.d dir and install it.
1187 * modules/pam_limits/pam_limits.8.xml: Describe limits.d parsing.
1188 * modules/pam_limits/pam_limits.c (pam_limit_s): Make conf_file ptr.
1189 (pam_parse): conf_file is now ptr.
1190 (pam_sm_open_session): Add parsing files from limits.d subdir using
1191 glob, change pl to pointer.
1193 2007-03-12 Thorsten Kukuk <kukuk@thkukuk.de>
1195 * po/ar.po: New translation.
1196 * po/ca.po: Likewise.
1197 * po/da.po: Likewise.
1198 * po/ru.po: Likewise.
1199 * po/sv.po: Likewise.
1200 * po/zu.po: Likewise.
1201 * po/LINGUAS: Add ar, ca, da, ru, sv, zu
1203 * po/hu.po: Update translation.
1205 2007-02-21 Tomas Mraz <t8m@centrum.cz>
1207 * modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Test for
1208 allocation failure in bigcrypt().
1210 * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Allow
1211 modification of '*' password by root.
1213 2007-02-06 Tomas Mraz <t8m@centrum.cz>
1215 * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Remove
1216 debug syslog message when loginuid doesn't exist.
1218 2007-02-01 Tomas Mraz <t8m@centrum.cz>
1220 * xtests/tst-pam_unix3.c: Fix typos in comments.
1222 * modules/pam_unix/support.c (_unix_verify_password): Explicitly
1223 disallow '!' in the beginning of password hash. Treat only
1224 13 bytes password hash specifically. (Suggested by Solar Designer.)
1225 Fix a warning and test for allocation failure.
1226 * modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Likewise.
1228 2007-01-31 Thorsten Kukuk <kukuk@thkukuk.de>
1230 * xtests/Makefile.am: Add new pam_unix.so tests
1231 * xtests/run-xtests.sh: Prefer shell scripts (wrapper)
1233 * xtests/tst-pam_cracklib1.c: Fix typo.
1234 * xtests/tst-pam_unix1.c: New, for sucurity fix.
1235 * xtests/tst-pam_unix1.pamd: New.
1236 * xtests/tst-pam_unix1.sh: New.
1237 * xtests/tst-pam_unix2.c: New, for crypt checks.
1238 * xtests/tst-pam_unix2.pamd: New.
1239 * xtests/tst-pam_unix2.sh: New.
1240 * xtests/tst-pam_unix3.c: New, for bigcrypt checks.
1241 * xtests/tst-pam_unix3.pamd: New.
1242 * xtests/tst-pam_unix3.sh: New.
1244 2007-01-23 Thorsten Kukuk <kukuk@suse.de>
1248 * configure.in: Set version number to 0.99.7.1
1250 2007-01-23 Thorsten Kukuk <kukuk@thukuk.de>
1251 Tomas Mraz <t8m@centrum.cz>
1253 * modules/pam_unix/support.c (_unix_verify_password): Always
1254 compare full encrypted passwords (CVE-2007-0003).
1256 2007-01-23 Tomas Mraz <t8m@centrum.cz>
1258 * modules/pam_loginuid/Makefile.am (AM_LDFLAGS): Add LIBAUDIT.
1260 * modules/pam_selinux/Makefile.am (pam_selinux_check_LDFLAGS): Add
1262 (pam_selinux_la_LDFLAGS): Likewise.
1264 2007-01-17 Thorsten Kukuk <kukuk@thkukuk.de>
1268 * configure.in: Set version number to 0.99.7.0
1270 * Makefile.am (M4_FILES): Replace GNU make extension by listing
1273 2007-01-17 Tomas Mraz <t8m@centrum.cz>
1275 * po/*.po: Updated strings to translate.
1276 * po/Linux-PAM.pot: Likewise.
1278 2007-01-16 Thorsten Kukuk <kukuk@thkukuk.de>
1280 * doc/man/pam.conf-syntax.xml: Improve documentation about
1281 sufficient keyword (Patch by Petteri Räty <betelgeuse@gentoo.org>)
1283 2006-12-20 Thorsten Kukuk <kukuk@thkukuk.de>
1285 * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Forbid
1286 only '+' and '-' as first characters for account names.
1287 * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise.
1289 2006-12-18 Thorsten Kukuk <kukuk@thkukuk.de>
1291 * configure.in: Fix ENOKEY check (specify errno.h as header
1294 * configure.in: Add AM_PROG_CC_C_O.
1295 * libpam/Makefile.am: Add content of AM_LDFLAGS to *_LDFLAGS.
1296 * modules/pam_tally/Makefile.am: Likewise.
1297 * modules/pam_unix/Makefile.am: Likewise.
1299 * modules/pam_stress/pam_stress.c (pam_sm_chauthtok): Fix
1300 localisation of message printed to user.
1301 * po/de.po: Adjust translation.
1303 2006-12-18 Tomas Mraz <t8m@centrum.cz>
1305 * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Localize
1306 message printed to user.
1308 * modules/pam_unix/support.c (_unix_verify_password): Use strncmp
1309 only for bigcrypt result.
1311 * modules/pam_keyinit/pam_keyinit.c (kill_keyrings): Switch to new
1312 egid first, euid next. Revert euid/egid to old euid/egid and not
1314 (pam_sm_open_session): Switch to new rgid first, ruid next.
1316 2006-12-13 Thorsten Kukuk <kukuk@thkukuk.de>
1318 * modules/pam_localuser/pam_localuser.c: Add support for session
1319 and chauthtok [SF#1606180].
1320 * modules/pam_localuser/pam_localuser.8.xml: Document last change.
1322 * libpam/pam_audit.c (_pam_audit_writelog): Print error message
1325 2006-12-12 Thorsten Kukuk <kukuk@thkukuk.de>
1327 * libpam/pam_audit.c (_pam_audit_writelog): Print error
1328 message on failure to syslog.
1330 2006-12-09 Thorsten Kukuk <kukuk@thkukuk.de>
1332 * modules/pam_umask/pam_umask.c: Use strtoul instead of strtol,
1333 fix overflow detection.
1335 2006-12-06 Thorsten Kukuk <kukuk@thkukuk.de>
1337 * modules/pam_mkhomedir/pam_mkhomedir.c (rec_mkdir): Fix
1338 handling of left-most path component [SF#1591598].
1339 (create_homedir): Mark user visible messages for translation.
1340 * po/de.po: Adjust german translation for pam_mkhomedir.
1342 * modules/pam_faildelay/pam_faildelay.c: If no argument is
1343 given, try to read FAIL_DELAY from /etc/login.defs.
1344 * modules/pam_faildelay/pam_faildelay.8.xml: Document usage
1347 2006-12-04 Tomas Mraz <t8m@centrun.cz>
1349 * po/jp.po: Fixed mistake in Password: message (from
1350 Peng Huang <phuang@redhat.com>).
1352 2006-11-28 Thorsten Kukuk <kukuk@thkukuk.de>
1354 * po/hu.po: Update hungarian translation (from
1355 Kalman Kemenczy <kkemenczy@novell.com>).
1357 * configure.in: Allow disabling support for cracklib, audit, libdb.
1359 * modules/pam_faildelay/pam_faildelay.8.xml: Correct name of Author.
1361 * configure.in: Remove --enable-docdir (obsolete by --docdir).
1362 * doc/Makefile.am: Don't overwrite htmldir.
1363 * doc/adg/Makefile.am: Use docdir, htmldir and pdfdir.
1364 * doc/mwg/Makefile.am: Likewise.
1365 * doc/sag/Makefile.am: Likewise.
1366 * doc/specs/Makefile.am: Use docdir.
1368 * tests/tst-pam_set_data.c: New test cases for pam_set_data().
1369 * tests/Makefile.am: Add pam_set_data test case.
1371 * libpam/pam_data.c: Add NULL pointer check for module_data_name.
1372 * libpam/Makefile.am: Bump revision of shared library.
1374 2006-11-08 Thorsten Kukuk <kukuk@thkukuk.de>
1376 * configure.in: Add modules/pam_faildelay/Makefile.
1377 * doc/sag/Linux-PAM_SAG.xml: Include pam_faildelay.xml.
1378 * doc/sag/pam_faildelay.xml: New.
1379 * libpam/pam_static_modules.h: Include static pam_faildelay data.
1380 * modules/Makefile.am: Add pam_faildelay directory.
1381 * modules/pam_faildelay/Makefile.am: New.
1382 * modules/pam_faildelay/README: New, generated from XML file.
1383 * modules/pam_faildelay/README.xml: New.
1384 * modules/pam_faildelay/pam_faildelay.8: New, generated from xml.
1385 * modules/pam_faildelay/pam_faildelay.8.xml: New.
1386 * modules/pam_faildelay/pam_faildelay.c: New.
1387 * modules/pam_faildelay/tst-pam_faildelay: New.
1389 * po/POTFILES.in: Add pam_faildelay.c and pam_loginuid.c.
1391 2006-11-07 Thorsten Kukuk <kukuk@thkukuk.de>
1393 * modules/pam_cracklib/pam_cracklib.c: PAM_DEBUG_ARG
1394 is a bit mask and not a boolean value (Reported by
1395 Jochen Voss <voss@seehuhn.de>).
1397 2006-10-26 Thorsten Kukuk <kukuk@thkukuk.de>
1399 * doc/man/pam.3.xml: Add pam_get_user function.
1401 * modules/pam_motd/pam_motd.8.xml: Fix typo.
1403 2006-10-24 Thorsten Kukuk <kukuk@thkukuk.de>
1405 * modules/pam_namespace/pam_namespace.c: Reserve space for
1408 2006-10-24 Thorsten Kukuk <kukuk@thkukuk.de>
1410 * modules/pam_unix/support.c (_unix_verify_password): Try system
1411 crypt() if we don't know the hash alogorithm.
1412 * modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Likewise.
1414 2006-10-13 Tomas Mraz <t8m@centrum.cz>
1416 * doc/mwg/Linux-PAM_MWG.xml: Add id[s] to section[s].
1417 * doc/sag/pam_access.xml: Likewise.
1418 * doc/sag/pam_echo.xml: Likewise.
1419 * doc/sag/pam_env.xml: Likewise.
1420 * doc/sag/pam_exec.xml: Likewise.
1421 * doc/sag/pam_group.xml: Likewise.
1422 * doc/sag/pam_limits.xml: Likewise.
1423 * doc/sag/pam_namespace.xml: Likewise.
1424 * doc/sag/pam_time.xml: Likewise.
1425 * doc/sag/Linux-PAM_SAG.xml: Add id to book.
1426 * doc/adg/Linux-PAM_ADG.xml: Add id to book.
1427 * doc/mwg/Linux-PAM_MWG.xml: Add id to book.
1430 2006-10-07 Thorsten Kukuk <kukuk@thkukuk.de>
1432 * po/hu.po: Updated hungarian translation (from
1433 Kalman Kemenczy <kkemenczy@novell.com>)
1435 2006-09-20 Thorsten Kukuk <kukuk@thkukuk.de>
1437 * doc/adg/Makefile.am: Add manual pages as dependency.
1438 * doc/mwg/Makefile.am: Likewise.
1439 * doc/sag/Makefile.am: Likewise.
1440 * doc/sag/Linux-PAM_SAG.xml: Include pam_unix.xml.
1441 * doc/sag/pam_unix.xml: New.
1442 * modules/pam_unix/Makefile.am: Generate pam_unix.8 manual page.
1443 * modules/pam_unix/README.xml: New.
1444 * modules/pam_unix/pam_unix.8.xml: New.
1445 * modules/pam_unix/README: Regenerate from XML.
1446 * modules/pam_unix/pam_unix.8: Generated from XML.
1448 2006-09-09 Dmitry V. Levin <ldv@altlinux.org>
1450 * modules/pam_wheel/pam_wheel.8.xml: Fix typo.
1451 * modules/pam_wheel/pam_wheel.8: Likewise.
1452 * modules/pam_wheel/README: Likewise.
1454 2006-09-08 Thorsten Kukuk <kukuk@thkukuk.de>
1456 * po/de.po: Fix typo.
1458 2006-09-06 Thorsten Kukuk <kukuk@thkukuk.de>
1460 * release version 0.99.6.3
1462 2006-09-01 Thorsten Kukuk <kukuk@thkukuk.de>
1464 * modules/pam_loginuid/pam_loginuid.8.xml: Fix typo in
1467 2006-08-31 Thorsten Kukuk <kukuk@thkukuk.de>
1469 * modules/pam_env/environment: New, dummy environment example
1472 * modules/pam_namespace/Makefile.am: Don't install
1473 manual page if we don't build module.
1475 * m4/ld-as-needed.m4: Don't set LDFLAGS if check failed.
1476 * m4/ld-O1: Likewise.
1478 2006-08-30 Tomas Mraz <t8m@centrum.cz>
1480 * modules/pam_access/pam_access.8.xml: All services supported.
1481 * modules/pam_access/pam_access.c (pam_sm_open_session): New.
1482 (pam_sm_close_session): New.
1483 (pam_sm_chauthtok): New.
1485 * modules/pam_access/pam_succeed_if.8.xml: All services supported.
1486 * modules/pam_access/pam_succeed_if.c (pam_sm_setcred): Return
1487 PAM_IGNORE rather than success.
1488 (pam_sm_open_session): New.
1489 (pam_sm_close_session): New.
1490 (pam_sm_chauthtok): New.
1492 2006-08-30 Thorsten Kukuk <kukuk@thkukuk.de>
1494 * xtests/Makefile.am: Move shell code to execute tests from here ...
1495 * xtests/run-xtests.sh: ... to here.
1496 * xtests/*.c: Include config.h.
1497 * tests/*.c: Likewise.
1499 * modules/pam_namespace/pam_namespace.c: Use pam_modutil_getpwnam()
1500 instead of getpwnam().
1502 2006-08-29 Thorsten Kukuk <kukuk@thkukuk.de>
1504 * doc/sag/pam_loginuid.xml: New.
1505 * doc/sag/Linux-PAM_SAG.xml: Include pam_loginuid.xml.
1507 * configure.in: Add modules/pam_loginuid/Makefile.
1508 * modules/Makefile.am: Add pam_loginuid sub directory.
1510 * libpam/pam_static_modules.h: Add pam_loginuid.
1512 * modules/pam_loginuid/Makefile.am: New.
1513 * modules/pam_loginuid/tst-pam_loginuid: New.
1514 * modules/pam_loginuid/pam_loginuid.8.xml: New.
1515 * modules/pam_loginuid/pam_loginuid.8: New, generated from XML source.
1516 * modules/pam_loginuid/pam_loginuid.c: New.
1517 * modules/pam_loginuid/README.xml: New.
1518 * modules/pam_loginuid/README: New, generated from XML source.
1520 2006-08-29 Dmitry V. Levin <ldv@altlinux.org>
1522 * modules/pam_exec/pam_exec.c (call_exec): Add required third
1523 argument to open() call with O_CREAT flag set.
1525 2006-08-28 Thorsten Kukuk <kukuk@thkukuk.de>
1527 * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Remove
1530 2006-08-24 Thorsten Kukuk <kukuk@thkukuk.de>
1532 * release version 0.99.6.2
1534 * modules/pam_lastlog/pam_lastlog.c (last_login_date): Create
1535 lastlog file if it does not exist.
1537 * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Check
1538 for error from getting second token.
1539 * xtests/Makefile.am: Add tst-pam_cracklib1
1540 * xtests/tst-pam_cracklib1.c: New, check for pam_cracklib seg.fault.
1541 * xtests/tst-pam_cracklib1.pamd: New, config for cracklib test.
1543 2006-08-24 Thorsten Kukuk <kukuk@thkukuk.de>
1545 * xtests/tst-pam_dispatch4.c: New test.
1546 * xtests/tst-pam_dispatch4.pamd: PAM config for new test.
1548 2006-08-09 Thorsten Kukuk <kukuk@thkukuk.de>
1550 * release version 0.99.6.1
1552 2006-08-09 David Howells <dhowells@redhat.com>
1554 * modules/pam_keyinit/pam_keyinit.c (kill_keyrings): Set real uid
1555 to user's before revoking.
1556 (pam_sm_open_session): Remember the uid.
1558 2006-08-06 Thorsten Kukuk <kukuk@thkukuk.de>
1560 * modules/pam_umask/pam_umask.c (setup_limits_from_gecos):
1562 * modules/pam_umask/pam_umask.8.xml: Document silent option.
1564 * xtests/Makefile.am: Fix includes for bootstrapping.
1565 Reported by Greg Schafer <gschafer@zip.com.au>.
1567 2006-08-05 Thorsten Kukuk <kukuk@thkukuk.de>
1569 * release version 0.99.6.0
1571 * modules/pam_limits/pam_limits.c (pam_sm_open_session): Use
1572 pam_modutil_getpwnam instead of getpwnam.
1574 * modules/pam_succeed_if/pam_succeed_if.c (evaluate): Cast
1575 svc variable to char pointer for snprintf.
1577 * configure.in: Generate xtests/Makefile.
1578 * Makefile.am (SUBDIRS): Add xtests.
1579 * README: Document make check and make xtests.
1580 * xtests/Makefile.am: New.
1581 * xtests/tst-pam_dispatch1.pamd: New.
1582 * xtests/tst-pam_dispatch2.pamd: New.
1583 * xtests/tst-pam_dispatch3.pamd: New.
1584 * xtests/tst-pam_dispatch1.c: New.
1585 * xtests/tst-pam_dispatch2.c: New.
1586 * xtests/tst-pam_dispatch3.c: New.
1588 2006-08-04 Ray Strode <rstrode@redhat.com>
1590 * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate):
1591 Return PAM_USER_UNKNOWN instead of PAM_SERVICE_ERR where appropriate.
1593 2006-08-03 David Howells <dhowells@redhat.com>
1595 * modules/pam_keyinit/pam_keyinit.c: Debug should be off by default.
1596 (init_keyrings): Properly handle multiple invocations of the module.
1597 (kill_keyrings, pam_sm_open_session, pam_sm_close_session): Likewise.
1599 2006-08-03 Tomas Mraz <t8m@centrum.cz>
1601 * modules/pam_succeed_if/pam_succeed_if.c (evaluate_inlist):
1602 New function for list matching.
1603 (evaluate_notinlist): Likewise.
1604 (evaluate): Add service value match, list matching.
1605 * modules/pam_succeed_if/pam_succeed_if.8.xml: Document the
1608 * modules/pam_selinux/pam_selinux.c (security_label_tty): Don't log
1609 relabelling error when the tty device doesn't exist (ENOENT).
1611 2006-08-01 Thorsten Kukuk <kukuk@thkukuk.de>
1613 * doc/man/pam_fail_delay.3.xml: Fix some Bugs and enhance
1614 rationale about when this function should be used and when not.
1616 * doc/index.html: Cleanup to look prettier.
1618 2006-08-01 Thorsten Kukuk <kukuk@thkukuk.de>
1620 * libpam/Makefile.am: Bump patchlevel of libpam.
1621 * libpam/pam_dispatch.c (_pam_dispatch_aux): If [return=die]
1622 or [return=bad] is used, don't return PAM_IGNORE. Based on
1623 patch by Tomas Mraz <t8m@centrum.cz>, [BRC#196859].
1625 2006-07-28 Thorsten Kukuk <kukuk@thkukuk.de>
1627 * ABOUT-NLS: Upgrade to gettext-0.15.
1628 * config.rpath: Likewise.
1629 * m4/gettext.m4: Upgrade to gettext-0.15.
1630 * m4/inttypes-h.m4: New file, from gettext-0.15.
1631 * m4/inttypes-pri.m4: Upgrade to gettext-0.15.
1632 * m4/lib-link.m4: Upgrade to gettext-0.15.
1633 * m4/lib-prefix.m4: Upgrade to gettext-0.15.
1634 * m4/lock.m4: New file, from gettext-0.15.
1635 * m4/longdouble.m4: Upgrade to gettext-0.15.
1636 * m4/nls.m4: Upgrade to gettext-0.15.
1637 * m4/po.m4: Upgrade to gettext-0.15.
1638 * m4/size_max.m4: Upgrade to gettext-0.15.
1639 * m4/visibility.m4: New file, from gettext-0.15.
1640 * po/Makefile.in.in: Upgrade to gettext-0.15.
1642 2006-07-24 David Quigley <dpquigl@tycho.nsa.gov>
1644 * modules/pam_namespace/Makefile.am: Add pam_namespace.h.
1645 * modules/pam_namespace/pam_namespace.c: Move includes and
1646 data structure definitions from here ...
1647 * modules/pam_namespace/pam_namespace.h: ... here. New file.
1649 * modules/pam_namespace/pam_namespace.c: Move large sections
1650 of code into new functions.
1652 2006-07-24 Thorsten Kukuk <kukuk@thkukuk.de>
1654 * doc/adg/Makefile.am: Add uninstall and distclean rules.
1655 * doc/mwg/Makefile.am: Likewise.
1656 * doc/sag/Makefile.am: Likewise.
1658 2006-07-08 Daniel Richard G. <skunk@iskunk.org>
1660 * conf/pam_conv1/Makefile.am: Fix rules for lex and yacc files.
1661 * conf/pam_conv1/pam_conv.lex: Rename to ...
1662 * conf/pam_conv1/pam_conv_l.l: ... this.
1663 * conf/pam_conv1/pam_conv.y: Rename to ...
1664 * conf/pam_conv1/pam_conv_y.y: ... this.
1665 * configure.in: Add AC_HELP_STRING()s to various AC_ARG_ENABLE()
1667 * doc/Makefile.am: Fix rule to install index.html.
1668 * doc/adg/Makefile.am: Fix test usage.
1669 * doc/mwg/Makefile.am: Likewise.
1670 * doc/sag/Makefile.am: Likewise.
1671 * doc/specs/Makefile.am: Fix rules for lex and yacc files.
1672 * specs/parse.lex: Rename to ...
1673 * doc/specs/parse_l.l: ... this.
1674 * doc/specs/parse.y: Rename to ...
1675 * doc/specs/parse_y.y: ... this.
1676 * libpam/pam_account.c: Fix #if vs. #ifdef.
1677 * libpam/pam_audit.c: Likewise.
1678 * libpam/pam_auth.c: Likewise.
1679 * libpam/pam_password.c: Likewise.
1680 * libpam/pam_private.h: Likewise.
1681 * libpam/pam_session.c: Likewise.
1682 * libpam/pam_start.c: Likewise.
1683 * libpam/pam_static.c: Fix "empty sourcefile" warning.
1684 * modules/pam_limits/pam_limits.c: Check for __linux, too.
1685 * modules/pam_userdb/Makefile.am: Don't run test if no
1687 * tests/tst-dlopen.c: Include config.h.
1689 2006-07-03 Dan Yefimov <dan@D00M.lightwave.net.ru>
1691 * configure.in: Fixed have_key_syscalls test.
1693 * modules/pam_access/pam_access.c (from_match): Fixed IPv4 network
1694 match, removed AI_ADDRCONFIG flag.
1696 2006-06-30 Tomas Mraz <t8m@centrum.cz>
1698 * modules/pam_namespace/Makefile.am(EXTRA_DIST): Add namespace.init.
1700 2006-06-29 Thorsten Kukuk <kukuk@thkukuk.de>
1702 * doc/Makefile.am (releasedocs): Fix directory layout.
1703 * doc/adg/Makefile.am: Likewise.
1704 * doc/mwg/Makefile.am: Likewise.
1705 * doc/sag/Makefile.am: Likewise.
1707 2006-06-28 Thorsten Kukuk <kukuk@thkukuk.de>
1709 * doc/sag: System Administrator Guide as XML source.
1710 * doc/sag/Makefile.am: New.
1711 * doc/sag/Linux-PAM_SAG.xml: New, main XML document.
1712 * doc/sag/pam_*.xml: New, wrapper to include module documentation.
1714 * doc/adg: Application Developers Guide as XML source.
1715 * doc/adg/Makefile.am: New.
1716 * doc/adg/Linux-PAM_ADG.xml: New, main XML document.
1717 * doc/adg/pam_*.xml: New, wrappers to include manual pages.
1719 * doc/mwg: Application Developers Guide as XML source.
1720 * doc/mwg/Makefile.am: New.
1721 * doc/mwg/Linux-PAM_MWG.xml: New, main XML document.
1722 * doc/mwg/pam_*.xml: New, wrappers to include manual pages.
1724 * doc/CREDITS: Removed.
1725 * doc/NOTES: Removed.
1726 * doc/pam_appl.sgml: Removed.
1727 * doc/pam_modules.sgml: Removed.
1728 * doc/pam_source.sgml: Removed.
1729 * doc/figs/pam_orient.txt: Removed.
1730 * doc/figs: Removed.
1732 * configure.in: Remove checks for sgml2* progrs, add sag, adg
1735 * doc/Makefile.am: Remove references to sgml, add sag, adg and mwg
1737 * doc/modules: Remove directory.
1738 * doc/html: Remove directory.
1739 * doc/ps: Remove directory.
1740 * doc/pdf: Remove directory.
1741 * doc/txts: Remove directory.
1742 * doc/index.html: Moved from html directory to here.
1744 2006-06-28 Thorsten Kukuk <kukuk@thkukuk.de>
1746 * release version 0.99.5.0
1748 * bump version number to 0.99.5.0
1750 * modules/pam_rhosts/pam_rhosts.c: New module, replaces
1752 * modules/pam_rhosts/pam_rhosts.8.xml: New.
1753 * modules/pam_rhosts/pam_rhosts.8: New, generated from XML source.
1754 * modules/pam_rhosts/tst-pam_rhosts: New.
1755 * modules/pam_rhosts/Makefile.am: Add pam_rhosts, generate
1756 manual page and README.
1757 * modules/pam_rhosts/README.xml: New.
1758 * modules/pam_rhosts/reADME: Regenerated from XML source.
1760 * doc/man/pam_sm_acct_mgmt.3.xml: Adjust syntax for module
1762 * doc/man/pam_sm_authenticate.3.xml: Likewise.
1763 * doc/man/pam_sm_chauthtok.3.xml: Likewise.
1764 * doc/man/pam_sm_close_session.3.xml: Likewise.
1765 * doc/man/pam_sm_open_session.3.xml: Likewise.
1766 * doc/man/pam_sm_setcred.3.xml: Likewise.
1768 * po/POTFILES.in: Add new source files.
1770 * libpam/pam_static_modules.h: Add new modules.
1772 * modules/pam_keyinit.c: Add _pam_keyinit_modstruct.
1774 * modules/pam_keyinit/Makefile.am (EXTRA_DIST): Add XML
1775 files and manual page.
1777 2006-06-27 Thorsten Kukuk <kukuk@thkukuk.de>
1779 * configure.in: Allow disabling of SELinux support, check for
1782 2006-06-27 Tomas Mraz <t8m@centrum.cz>
1784 * modules/pam_namespace/pam_namespace.c: New module
1785 originally written by Janak Desai.
1786 * modules/pam_namespace/Makefile.am: New.
1787 * modules/pam_namespace/README: New.
1788 * modules/pam_namespace/md5.c: New.
1789 * modules/pam_namespace/md5.h: New.
1790 * modules/pam_namespace/namespace.conf: New.
1791 * modules/pam_namespace/namespace.conf.5: New.
1792 * modules/pam_namespace/namespace.conf.5.xml: New.
1793 * modules/pam_namespace/namespace.init: New.
1794 * modules/pam_namespace/pam_namespace.8: New.
1795 * modules/pam_namespace/pam_namespace.8.xml: New.
1796 * modules/pam_namespace/tst-pam_namespace: New.
1797 * modules/Makefile.am: Added pam_namespace.
1798 * configure.in: Added pam_namespace, test for unshare
1801 2006-06-27 David Howells <dhowells@redhat.com>
1803 * modules/pam_keyinit/pam_keyinit.c: New module.
1804 * modules/pam_keyinit/pam_keyinit.8: New.
1805 * modules/pam_keyinit/pam_keyinit.8.xml: New.
1806 * modules/pam_keyinit/README: New.
1807 * modules/pam_keyinit/README.xml: New.
1808 * modules/pam_keyinit/Makefile.am: New.
1809 * modules/pam_keyinit/tst-pam_keyinit: New.
1810 * modules/Makefile.am: Added pam_keyinit.
1811 * configure.in: Added test for the key mgmt syscall.
1813 2006-06-27 Thorsten Kukuk <kukuk@thkukuk.de>
1815 * m4/libprelude.m4: Sync with upstream.
1817 2006-06-27 Tomas Mraz <t8m@centrum.cz>
1819 * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary):
1820 signal() fails with SIG_ERR return
1821 * modules/pam_unix/pam_unix_passwd.c(_unix_run_shadow_binary):
1823 * modules/pam_unix/support.c(_unix_run_helper_binary):
1826 2006-06-25 Thorsten Kukuk <kukuk@thkukuk.de>
1828 * doc/man/misc_conv.3.xml: New.
1829 * doc/man/misc_conv.3: New.
1830 * doc/man/pam_misc_paste_env.3.xml: New.
1831 * doc/man/pam_misc_paste_env.3: New.
1832 * doc/man/pam_misc_drop_env.3.xml: New.
1833 * doc/man/pam_misc_drop_env.3: New.
1834 * doc/man/pam_misc_setenv.3.xml: New.
1835 * doc/man/pam_misc_setenv.3: New.
1836 * doc/man/Makefile.am: Add new manual pages.
1838 * doc/man/pam_acct_mgmt.3.xml: Fix syntax for inclusion
1839 in Applicatoin Developer Guide.
1840 * doc/man/pam_authenticate.3.xml: Likewise
1841 * doc/man/pam_chauthtok.3.xml: Likewise
1842 * doc/man/pam_close_session.3.xml: Likewise
1843 * doc/man/pam_conv.3.xml: Likewise
1844 * doc/man/pam_end.3.xml: Likewise
1845 * doc/man/pam_fail_delay.3.xml: Likewise
1846 * doc/man/pam_getenv.3.xml: Likewise
1847 * doc/man/pam_getenvlist.3.xml: Likewise
1848 * doc/man/pam_open_session.3.xml: Likewise
1849 * doc/man/pam_putenv.3.xml: Likewise
1850 * doc/man/pam_setcred.3.xml: Likewise
1851 * doc/man/pam_start.3.xml: Likewise
1852 * doc/man/pam_strerror.3.xml: Likewise
1854 * doc/man/pam_acct_mgmt.3: Regenerate from XML source.
1855 * doc/man/pam_authenticate.3: Likewise
1856 * doc/man/pam_chauthtok.3: Likewise
1857 * doc/man/pam_close_session.3: Likewise
1858 * doc/man/pam_conv.3: Likewise
1859 * doc/man/pam_end.3: Likewise
1860 * doc/man/pam_fail_delay.3: Likewise
1861 * doc/man/pam_getenv.3: Likewise
1862 * doc/man/pam_getenvlist.3: Likewise
1863 * doc/man/pam_open_session.3: Likewise
1864 * doc/man/pam_putenv.3: Likewise
1865 * doc/man/pam_setcred.3: Likewise
1866 * doc/man/pam_sm_close_session.3: Likewise
1867 * doc/man/pam_start.3: Likewise
1868 * doc/man/pam_strerror.3: Likewise
1869 * doc/man/pam_syslog.3: Likewise
1870 * doc/man/PAM.8: Likewise
1872 2006-06-24 Thorsten Kukuk <kukuk@thkukuk.de>
1874 * modules/pam_limits/pam_limits.c (setup_limits): Don't
1875 reset priority for root.
1877 2006-06-23 Thorsten Kukuk <kukuk@thkukuk.de>
1879 * modules/pam_access/access.conf.5.xml: Fix syntax for SAG.
1880 * modules/pam_access/pam_access.8.xml: Likewise.
1881 * modules/pam_deny/pam_deny.8.xml: Likewise.
1882 * modules/pam_echo/pam_echo.8.xml: Likewise.
1883 * modules/pam_env/pam_env.8.xml: Likewise.
1884 * modules/pam_env/pam_env.conf.5.xml: Likewise.
1885 * modules/pam_group/group.conf.5.xml: Likewise.
1886 * modules/pam_group/pam_group.8.xml: Likewise.
1887 * modules/pam_limits/limits.conf.5.xml: Likewise.
1888 * modules/pam_listfile/pam_listfile.8.xml: Likewise.
1889 * modules/pam_succeed_if/pam_succeed_if.8.xml: Likewise.
1890 * modules/pam_time/pam_time.8.xml: Likewise.
1891 * modules/pam_time/time.conf.5.xml: Likewise.
1893 * modules/pam_access/access.conf.5: Regenerate.
1894 * modules/pam_access/pam_access.8: Likewise.
1895 * modules/pam_deny/pam_deny.8: Likewise.
1896 * modules/pam_echo/README: Likewise.
1897 * modules/pam_echo/pam_echo.8: Likewise.
1898 * modules/pam_env/pam_env.8: Likewise.
1899 * modules/pam_env/pam_env.conf.5: Likewise.
1900 * modules/pam_group/README: Likewise.
1901 * modules/pam_group/group.conf.5: Likewise.
1902 * modules/pam_group/pam_group.8: Likewise.
1903 * modules/pam_limits/limits.conf.5: Likewise.
1904 * modules/pam_listfile/README: Likewise.
1905 * modules/pam_listfile/pam_listfile.8: Likewise.
1906 * modules/pam_succeed_if/pam_succeed_if.8: Likewise.
1907 * modules/pam_time/pam_time.8: Likewise.
1908 * modules/pam_time/time.conf.5: Likewise.
1910 * doc/man/Makefile.am: Add pam.conf-desc.xml, pam.conf-dir.xml
1911 and pam.conf-syntax.xml.
1912 * doc/man/pam.conf.5.xml: Split into different pieces for SAG.
1913 * doc/man/pam.conf.5: Regenerated.
1914 * doc/man/pam.conf-desc.xml: New.
1915 * doc/man/pam.conf-dir.xml: New.
1916 * doc/man/pam.conf-syntax.xml: New.
1918 2006-06-21 Thorsten Kukuk <kukuk@thkukuk.de>
1920 * modules/pam_selinux/Makefile.am: Fix "make dist" if libselinux
1923 * modules/pam_issue/pam_issue.8.xml: Fix listing of escapes.
1924 * modules/pam_issue/pam_issue.8: Regenerate.
1926 2006-06-20 Thorsten Kukuk <kukuk@thkukuk.de>
1928 * configure.in: Remove unused check for libcap.
1930 * m4/ld-as-needed.m4: New.
1932 * configure.in: Call PAM_LD_AS_NEEDED and PAM_LD_O1,
1933 require docbook version 4.4.
1935 2006-06-19 Thorsten Kukuk <kukuk@thkukuk.de>
1937 * doc/man/pam.8.xml: Syntax cleanup.
1938 * doc/pam/PAM.8: Regenerated from xml source.
1939 * man/pam_sm_chauthtok.3: New.
1940 * man/pam_sm_chauthtok.3.xml: New.
1941 * man/pam_sm_close_session.3: New.
1942 * man/pam_sm_close_session.3.xml: New.
1943 * man/pam_sm_open_session.3: New.
1944 * man/pam_sm_open_session.3.xml: New.
1945 * man/pam_sm_authenticate.3: New.
1946 * man/pam_sm_authenticate.3.xml: New.
1947 * man/pam_sm_setcred.3: New.
1948 * man/pam_sm_setcred.3.xml: New.
1949 * man/Makefile.am: Add new pam_sm_* manual pages.
1951 * specs/Makefile.am: Fix rule to generate draft.
1953 2006-06-18 Thorsten Kukuk <kukuk@thkukuk.de>
1955 * modules/pam_tally/Makefile.am: Include Make.xml.rules.
1956 * modules/pam_tally/pam_tally.8.xml: New.
1957 * modules/pam_tally/pam_tally.8: New, generated from xml file.
1958 * modules/pam_tally/README.xml: New.
1959 * modules/pam_tally/README: Regenerated from xml file.
1961 * modules/pam_selinux/Makefile.am: Include Make.xml.rules.
1962 * modules/pam_selinux/pam_selinux.8.xml: New.
1963 * modules/pam_selinux/pam_selinux.8: Regenerated from xml file.
1964 * modules/pam_selinux/README.xml: New.
1965 * modules/pam_selinux/README: Regenerated from xml file.
1967 2006-06-17 Thorsten Kukuk <kukuk@thkukuk.de>
1969 * modules/pam_debug/Makefile.am: Include Make.xml.rules.
1970 * modules/pam_debug/pam_debug.8.xml: New.
1971 * modules/pam_debug/pam_debug.8: New, generated from xml file.
1972 * modules/pam_debug/README.xml: New.
1973 * modules/pam_debug/README: Regenerated from xml file.
1975 * examples/vpass.c: UID is unsigned on Linux.
1976 * modules/pam_exec/pam_exec.c: Likewise.
1977 * modules/pam_unix/pam_unix_acct.c: Likewise.
1978 * modules/pam_unix/pam_unix_sess.c: Likewise.
1980 * modules/pam_succeed_if/pam_succeed_if.8.xml: Fix syntax error.
1981 * modules/pam_succeed_if/pam_succeed_if.8: Regenerated.
1982 * modules/pam_succeed_if/README: Regenerated.
1984 * modules/pam_limits/Makefile.am: Include Make.xml.rules.
1985 * modules/pam_limits/limits.conf.5: New, generated from xml file.
1986 * modules/pam_limits/limits.conf.5.xml: New.
1987 * modules/pam_limits/pam_limits.8: New, generated from xml file.
1988 * modules/pam_limits/pam_limits.8.xml: New.
1989 * modules/pam_limits/README.xml: New.
1990 * modules/pam_limits/README: Regenerated from README.xml.
1992 2006-06-16 Thorsten Kukuk <kukuk@thkukuk.de>
1994 * modules/pam_unix/pam_unix_passwd.c (save_old_password): UIDs
1995 are unsigned on Linux, don't truncate them.
1996 (_do_setpass): err is of type clnt_stat, not int.
1998 * modules/pam_lastlog/pam_lastlog.c (last_login_read): Don't
1999 truncate UID for syslog output.
2001 * modules/pam_time/pam_time.c: Replace type boolean with int.
2002 * modules/pam_group/pam_group.c: Likewise.
2004 2006-06-15 Thorsten Kukuk <kukuk@thkukuk.de>
2006 * modules/pam_unix/bigcrypt.h: New.
2007 * modules/pam_unix/Makefile.am: Add bigcrypt.h.
2008 * modules/pam_unix/bigcrypt.c: Include bigcrypt.h.
2009 * modules/pam_unix/support.c: Include bigcrypt.h, remove
2011 * modules/pam_unix/bigcrypt_main.c: Include bigcrypt.h, remove
2013 * modules/pam_unix/pam_unix_passwd.c: Include bigcrypt.h, remove
2016 * modules/pam_time/pam_time.c (logic_member): Remove unused
2019 * modules/pam_group/pam_group.c (logic_field): Accept
2020 colon in tty name. [#1428276].
2021 (logic_member): Remove unused variable len.
2022 (check_account): Fix usage of err variable in debug code.
2024 * modules/pam_time/pam_time.c (logic_field): Likewise.
2026 * configure.in: Add special exceptions for icc: different
2027 compiler warnings, no PIE support.
2029 2006-06-14 Thorsten Kukuk <kukuk@thkukuk.de>
2031 * libpam/pam_misc.c (_pam_strdup): Use strlen and strcpy.
2033 * configure.in: Remove --enable-memory-debug, add option
2034 to disable prelude if installed.
2036 * modules/pam_tally/pam_tally.c: Remove MEMORY_DEBUG
2037 * modules/pam_filter/upperLOWER/upperLOWER.c: Likewise.
2038 * modules/pam_unix/unix_chkpwd.c: Likewise.
2039 * libpam/include/security/_pam_types.h: Likewise.
2040 * libpam/libpam.map: Remove LIBPAM_MALLOC_DEBUG export.
2041 * libpam/pam_malloc.c: Remove file.
2042 * libpam/Makefile.am: Remove pam_malloc.c and pam_malloc.h.
2044 * libpam/pam_handlers.c (extract_modulename): Use _pam_strdup
2047 * libpam/pam_private.h: Remove _pam_strCMP.
2048 * libpam/pam_misc.c: Likewise.
2049 * libpam/pam_handlers.c: Replaced _pam_strCMP with strcasecmp.
2051 2006-06-12 Thorsten Kukuk <kukuk@thkukuk.de>
2053 * modules/pam_tally/Makefile.am (AM_LDFLAGS): Remove flags
2054 for modules from main application.
2056 2006-06-09 Thorsten Kukuk <kukuk@thkukuk.de>
2058 * modules/pam_time/Makefile.am: Include Make.xml.rules.
2059 * modules/pam_time/time.conf.5: New, generated from xml file.
2060 * modules/pam_time/time.conf.5.xml: New.
2061 * modules/pam_time/pam_time.8: New, generated from xml file.
2062 * modules/pam_time/pam_time.8.xml: New.
2063 * modules/pam_time/README.xml: New.
2064 * modules/pam_time/README: Regenerated from README.xml.
2066 * modules/pam_wheel/Makefile.am: Include Make.xml.rules.
2067 * modules/pam_wheel/pam_wheel.8.xml: New.
2068 * modules/pam_wheel/pam_wheel.8: New, generated from xml file.
2069 * modules/pam_wheel/README.xml: New.
2070 * modules/pam_wheel/README: Regenerated from xml file.
2072 * modules/pam_xauth/Makefile.am: Include Make.xml.rules.
2073 * modules/pam_xauth/pam_xauth.8.xml: New.
2074 * modules/pam_xauth/pam_xauth.8: Regenerated from xml file.
2075 * modules/pam_xauth/README.xml: New.
2076 * modules/pam_xauth/README: Regenerated from xml file.
2078 * modules/pam_deny/pam_deny.8.xml: Fix syntax errors.
2079 * modules/pam_deny/pam_deny.8: Regenerate from xml file.
2080 * modules/pam_deny/README: Likewise.
2082 * modules/pam_warn/Makefile.am: Include Make.xml.rules.
2083 * modules/pam_warn/pam_warn.8.xml: New.
2084 * modules/pam_warn/pam_warn.8: New, generated from xml file.
2085 * modules/pam_warn/README.xml: New.
2086 * modules/pam_warn/README: Regenerated from xml file.
2088 * modules/pam_userdb/Makefile.am: Include Make.xml.rules.
2089 * modules/pam_userdb/pam_userdb.8.xml: New.
2090 * modules/pam_userdb/pam_userdb.8: New, generated from xml file.
2091 * modules/pam_userdb/README.xml: New.
2092 * modules/pam_userdb/README: Regenerated from xml file.
2094 2006-06-06 Thorsten Kukuk <kukuk@thkukuk.de>
2096 * modules/pam_shells/Makefile.am: Include Make.xml.rules.
2097 * modules/pam_shells/pam_shells.8.xml: New.
2098 * modules/pam_shells/pam_shells.8: New, generated from xml file.
2099 * modules/pam_shells/README.xml: New.
2100 * modules/pam_shells/README: Regenerated from xml file.
2102 * libpam/include/security/pam_malloc.h: Add missing license
2105 * libpam/include/security/pam_ext.h: Add brackets for C++.
2106 * libpam/include/security/pam_modutil.h: Likewise.
2108 * libpam/include/security/pam_modules.h: Document where to
2109 find the copyright/license informations.
2111 * libpam/include/security/pam_appl.h: Move _pam_compat.h
2112 include inside of brackets.
2114 2006-06-04 Thorsten Kukuk <kukuk@thkukuk.de>
2116 * modules/pam_securetty/Makefile.am: Include Make.xml.rules.
2117 * modules/pam_securetty/pam_securetty.8.xml: New.
2118 * modules/pam_securetty/pam_securetty.8: Regenerated from xml file.
2119 * modules/pam_securetty/README.xml: New.
2120 * modules/pam_securetty/README: Regenerated from xml file.
2122 * modules/pam_rootok/Makefile.am: Include Make.xml.rules.
2123 * modules/pam_rootok/pam_rootok.8.xml: New.
2124 * modules/pam_rootok/pam_rootok.8: New, generated from xml file.
2125 * modules/pam_rootok/README.xml: New.
2126 * modules/pam_rootok/README: Regenerated from xml file.
2128 * modules/pam_permit/Makefile.am: Include Make.xml.rules.
2129 * modules/pam_permit/pam_permit.8.xml: New.
2130 * modules/pam_permit/pam_permit.8: New, generated from xml file.
2131 * modules/pam_permit/README.xml: New.
2132 * modules/pam_permit/README: Regenerated from xml file.
2134 * modules/pam_nologin/Makefile.am: Include Make.xml.rules.
2135 * modules/pam_nologin/pam_nologin.8.xml: New.
2136 * modules/pam_nologin/pam_nologin.8: Regenerated from xml file.
2137 * modules/pam_nologin/README.xml: New.
2138 * modules/pam_nologin/README: Regenerated from xml file.
2140 2006-06-03 Thorsten Kukuk <kukuk@thkukuk.de>
2142 * modules/pam_motd/Makefile.am: Include Make.xml.rules.
2143 * modules/pam_motd/pam_motd.8.xml: New.
2144 * modules/pam_motd/pam_motd.8: New, generated from xml file.
2145 * modules/pam_motd/README.xml: New.
2146 * modules/pam_motd/README: New, generated from xml file.
2148 2006-06-02 Thorsten Kukuk <kukuk@thkukuk.de>
2150 * modules/pam_mail/Makefile.am: Include Make.xml.rules.
2151 * modules/pam_mail/pam_mail.8.xml: New.
2152 * modules/pam_mail/pam_mail.8: New, generated from xml file.
2153 * modules/pam_mail/README.xml: New.
2154 * modules/pam_mail/README: Regenerated from xml file.
2156 * modules/pam_localuser/Makefile.am: Include Make.xml.rules.
2157 * modules/pam_localuser/pam_localuser.8.xml: New.
2158 * modules/pam_localuser/pam_localuser.8: New, generated from xml file.
2159 * modules/pam_localuser/README.xml: New.
2160 * modules/pam_localuser/README: Regenerated from xml file.
2162 * doc/man/PAM.8: Regenerate with DocBook XSL Stylesheets v1.70.1.
2163 * doc/man/pam.3: Likewise.
2164 * doc/man/pam.conf.5: Likewise.
2165 * doc/man/pam_acct_mgmt.3: Likewise.
2166 * doc/man/pam_authenticate.3: Likewise.
2167 * doc/man/pam_chauthtok.3: Likewise.
2168 * doc/man/pam_close_session.3: Likewise.
2169 * doc/man/pam_conv.3: Likewise.
2170 * doc/man/pam_end.3: Likewise.
2171 * doc/man/pam_error.3: Likewise.
2172 * doc/man/pam_fail_delay.3: Likewise.
2173 * doc/man/pam_get_data.3: Likewise.
2174 * doc/man/pam_get_item.3: Likewise.
2175 * doc/man/pam_get_user.3: Likewise.
2176 * doc/man/pam_getenv.3: Likewise.
2177 * doc/man/pam_getenvlist.3: Likewise.
2178 * doc/man/pam_info.3: Likewise.
2179 * doc/man/pam_open_session.3: Likewise.
2180 * doc/man/pam_prompt.3: Likewise.
2181 * doc/man/pam_putenv.3: Likewise.
2182 * doc/man/pam_set_data.3: Likewise.
2183 * doc/man/pam_set_item.3: Likewise.
2184 * doc/man/pam_setcred.3: Likewise.
2185 * doc/man/pam_sm_acct_mgmt.3: Likewise.
2186 * doc/man/pam_start.3: Likewise.
2187 * doc/man/pam_strerror.3: Likewise.
2188 * doc/man/pam_syslog.3: Likewise.
2189 * modules/pam_access/access.conf.5: Likewise.
2190 * modules/pam_access/pam_access.8: Likewise.
2191 * modules/pam_cracklib/pam_cracklib.8: Likewise.
2192 * modules/pam_deny/pam_deny.8: Likewise.
2193 * modules/pam_echo/pam_echo.8: Likewise.
2194 * modules/pam_env/pam_env.8: Likewise.
2195 * modules/pam_env/pam_env.conf.5: Likewise.
2196 * modules/pam_exec/pam_exec.8: Likewise.
2197 * modules/pam_filter/pam_filter.8: Likewise.
2198 * modules/pam_ftp/pam_ftp.8: Likewise.
2199 * modules/pam_group/group.conf.5: Likewise.
2200 * modules/pam_group/pam_group.8: Likewise.
2201 * modules/pam_issue/pam_issue.8: Likewise.
2202 * modules/pam_lastlog/pam_lastlog.8: Likewise.
2203 * modules/pam_mkhomedir/pam_mkhomedir.8: Likewise.
2204 * modules/pam_succeed_if/pam_succeed_if.8: Likewise.
2205 * modules/pam_umask/pam_umask.8: Likewise.
2207 * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Use
2208 dngettext if available [#1427738].
2209 * configure.in: Check for dngettext [#1427738].
2210 * po/*.po: Update to dngettext usage.
2212 * modules/pam_listfile/Makefile.am: Include Make.xml.rules.
2213 * modules/pam_listfile/pam_listfile.8.xml: New.
2214 * modules/pam_listfile/pam_listfile.8: New, generated from xml file.
2215 * modules/pam_listfile/README.xml: New.
2216 * modules/pam_listfile/README: Regenerated from xml file.
2218 2006-06-01 Thorsten Kukuk <kukuk@thkukuk.de>
2220 * modules/pam_lastlog/Makefile.am: Include Make.xml.rules.
2221 * modules/pam_lastlog/pam_lastlog.8.xml: New.
2222 * modules/pam_lastlog/pam_lastlog.8: New, generated from xml file.
2223 * modules/pam_lastlog/README.xml: New.
2224 * modules/pam_lastlog/README: Regenerated from xml file.
2226 * modules/pam_group/Makefile.am: Include Make.xml.rules.
2227 * modules/pam_group/group.conf.5.xml: New.
2228 * modules/pam_group/group.conf.5: New, generated from xml file.
2229 * modules/pam_group/pam_group.8.xml: New.
2230 * modules/pam_group/pam_group.8: New, generated from xml file.
2231 * modules/pam_group/README.xml: New.
2232 * modules/pam_group/README: Regenerated from xml file.
2234 * modules/pam_ftp/Makefile.am: Include Make.xml.rules.
2235 * modules/pam_ftp/pam_ftp.8.xml: New.
2236 * modules/pam_ftp/pam_ftp.8: New, generated from xml file.
2237 * modules/pam_ftp/README.xml: New.
2238 * modules/pam_ftp/README: Regenerated from xml file.
2240 * modules/pam_issue/Makefile.am: Include Make.xml.rules.
2241 * modules/pam_issue/pam_issue.8.xml: New.
2242 * modules/pam_issue/pam_issue.8: New, generated from xml file.
2243 * modules/pam_issue/README.xml: New.
2244 * modules/pam_issue/README: Regenerated from xml file.
2246 * modules/pam_filter/Makefile.am: Include Make.xml.rules.
2247 * modules/pam_filter/pam_filter.8.xml: New.
2248 * modules/pam_filter/pam_filter.8: New, generated from xml file.
2249 * modules/pam_filter/README.xml: New.
2250 * modules/pam_filter/README: Regenerated from xml file.
2252 2006-05-30 Thorsten Kukuk <kukuk@thkukuk.de>
2254 * modules/pam_mkhomedir/pam_mkhomedir.8.xml: Fix umask and skel
2255 directory documentation.
2257 * modules/pam_umask/Makefile.am: Include Make.xml.rules.
2258 * modules/pam_umask/pam_umask.8.xml: New.
2259 * modules/pam_umask/pam_umask.8: New, generated from xml file.
2260 * modules/pam_umask/README.xml: New.
2261 * modules/pam_umask/README: Regenerated from xml file.
2263 2006-05-29 Thorsten Kukuk <kukuk@thkukuk.de>
2265 * modules/pam_mkhomedir/Makefile.am: Include Make.xml.rules.
2266 * modules/pam_mkhomedir/pam_mkhomedir.8.xml: New.
2267 * modules/pam_mkhomedir/pam_mkhomedir.8: New, generated from xml file.
2268 * modules/pam_mkhomedir/README.xml: New.
2269 * modules/pam_mkhomedir/README: Regenerated from xml file.
2271 2006-05-23 Thorsten Kukuk <kukuk@thkukuk.de>
2273 * modules/pam_echo/pam_echo.c (pam_echo): Use pam_modutil_read()
2276 2006-05-22 Thorsten Kukuk <kukuk@thkukuk.de>
2278 * modules/pam_listfile/pam_listfile.c (pam_sm_authenticate):
2279 Fix memory leaks, [#1490956] found by Coverity.
2281 * modules/pam_tally/pam_tally.c (pam_get_uid): Check return
2282 value of pam_get_user().
2283 (tally_get_data): Check if oldtime is not NULL.
2284 [#1489818] found by Coverity.
2286 * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Don't
2287 ignore return value of stat(). [#1489808] found by Coverity.
2289 * modules/pam_mail/pam_mail.c (get_folder): Fix a potential
2290 NULL pointer dereference. [#1489792] found by Coverity.
2292 * libpam/Makefile.am: bump release number of libpam.so.
2293 * libpam/pam_misc.c (_pam_mkargv): Fix memory leak,
2294 [#1489804] found by Coverity.
2296 * modules/pam_echo/pam_echo.c (replace_and_print): Initialize
2297 str, [#1489658] found by Coverity.
2299 * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Fix
2300 a potential NULL pointer dereference.
2301 (pam_sm_chauthtok): Remove dead code.
2302 [#1489634] found by Coverity.
2304 2006-05-04 Thorsten Kukuk <kukuk@thkukuk.de>
2306 * configure.in: Check for fseeko.
2307 * modules/pam_tally/pam_tally.c: Use fseeko if available
2308 (Based on patch by IBM).
2310 2006-05-04 Thorsten Kukuk <kukuk@thkukuk.de>
2312 * release version 0.99.4.0
2314 * libpam/pam_strerror.c: Unify error messages.
2316 * po/zh_TW.po: Adjust for last pam_strerror changes.
2317 * po/zh_CN.po: Likewise.
2318 * po/uk.po: Likewise.
2319 * po/tr.po: Likewise.
2320 * po/pt.po: Likewise.
2321 * po/pt_BR.po: Likewise.
2322 * po/pl.po: Likewise.
2323 * po/ja.po: Likewise.
2324 * po/nl.po: Likewise.
2325 * po/nb.po: Likewise.
2326 * po/it.po: Likewise.
2327 * po/hu.po: Likewise.
2328 * po/fr.po: Likewise.
2329 * po/fi.po: Likewise.
2330 * po/es.po: Likewise.
2331 * po/de.po: Likewise.
2332 * po/cs.po: Likewise.
2334 * doc/man/pam.3.xml: New.
2335 * doc/man/pam.3. New, generated from XML file.
2337 * doc/man/pam_sm_acct_mgmt.3.xml: New.
2338 * doc/man/pam_sm_acct_mgmt.3: New, generated from XML file.
2340 * doc/man/*.xml: Fix encoding and use always UTF-8, regenerate
2343 * doc/pam_modules.sgml (PAM_NEW_AUTHTOKEN_REQD): Fix typo.
2345 2006-05-02 Thorsten Kukuk <kukuk@thkukuk.de>
2347 * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Use
2348 different strings for plural or not [#1427738]
2350 * po/*.po: Adjust for pam_unix.so translation fix.
2352 * modules/pam_tally/pam_tally.c: Always close file handle
2353 in error case, don't close it depending on *TALLY value [#1478180]
2355 2006-04-21 Thorsten Kukuk <kukuk@thkukuk.de>
2357 * po/fr.po: Updated.
2359 2006-04-11 Thorsten Kukuk <kukuk@thkukuk.de>
2361 * po/km.po: Updated.
2363 2006-03-27 Thorsten Kukuk <kukuk@thkukuk.de>
2365 * po/LINGUAS: Add uk.
2368 * po/cs.po: Updated.
2369 * po/po/es.po: Updated.
2370 * po/fi.po: Updated.
2371 * po/fr.po: Updated.
2372 * po/hu.po: Updated.
2373 * po/it.po: Updated.
2374 * po/ja.po: Updated.
2375 * po/nb.po: Updated.
2376 * po/pl.po: Updated.
2377 * po/pt.po: Updated.
2378 * po/pt_BR.po: Updated.
2379 * po/zh_CN.po: Updated.
2380 * po/zh_TW.po: Updated.
2382 2006-03-21 Thorsten Kukuk <kukuk@thkukuk.de>
2384 * configure.in: Remove ALL_LINGUAS.
2386 * po/tr.po: New (from Ismail Donmez <ismail@pardus.org.tr>).
2388 2006-03-13 Thorsten Kukuk <kukuk@thkukuk.de>
2390 * doc/man/pam_error.3.xml: New.
2391 * doc/man/pam_error.3: New, generated from XML file.
2392 * doc/man/pam_verror.3: New, generated from XML file.
2393 * doc/man/Makefile.am: Add pam_error.3 and pam_verror.3.
2395 * modules/pam_lastlog/Makefile.am: Fix typo.
2397 * modules/pam_lastlog/pam_lastlog.c: Move comment for
2398 translators in right line.
2399 * po/*.po: Update po files with comment for translator.
2401 2006-03-12 Thorsten Kukuk <kukuk@thkukuk.de>
2403 * doc/man/Makefile.am: Add new manual pages.
2405 * doc/man/pam.conf.5.xml: Replace link with content
2407 * doc/man/pam.conf.5: Regenerated from XML file.
2409 * doc/man/pam_info.3.xml: New.
2410 * doc/man/pam_info.3: New, generated from XML file.
2411 * doc/man/pam_vinfo.3: New, generated from XML file.
2413 * doc/man/pam_conv.3.xml: New.
2414 * doc/man/pam_conv.3: New, generated from XML file.
2416 * doc/man/pam_putenv.3.xml: New.
2417 * doc/man/pam_putenv.3: New, generated from XML file.
2419 * doc/man/pam_getenv.3.xml: New.
2420 * doc/man/pam_getenv.3: New, generated from XML file.
2422 * doc/man/pam_getenvlist.3.xml: New.
2423 * doc/man/pam_getenvlist.3: New, generated from XML file.
2425 * libpam/pam_item.c (pam_get_user): Check for valid pamh before
2428 * configure.in: create tests/Makefile
2429 * Makefile.am (SUBDIRS): Add tests
2430 * tests/Makefile.am: New.
2431 * tests/tst-dlopen.c: New.
2432 * tests/tst-pam_acct_mgmt.c: New.
2433 * tests/tst-pam_authenticate.c: New.
2434 * tests/tst-pam_chauthtok.c: New.
2435 * tests/tst-pam_close_session.c: New.
2436 * tests/tst-pam_end.c: New.
2437 * tests/tst-pam_fail_delay.c: New.
2438 * tests/tst-pam_getenvlist.c: New.
2439 * tests/tst-pam_get_item.c: New.
2440 * tests/tst-pam_open_session.c: New.
2441 * tests/tst-pam_setcred.c: New.
2442 * tests/tst-pam_set_item.c: New.
2443 * tests/tst-pam_start.c: New.
2444 * tests/tst-pam_get_user.c: New.
2446 * modules/pam_access/Makefile.am: Add rules for make check
2447 * modules/pam_access/tst-pam_access: New
2448 * modules/pam_cracklib/Makefile.am: Add rules for make check
2449 * modules/pam_cracklib/tst-pam_cracklib: New
2450 * modules/pam_debug/Makefile.am: Add rules for make check
2451 * modules/pam_debug/tst-pam_debug: New
2452 * modules/pam_deny/Makefile.am: Add rules for make check
2453 * modules/pam_deny/tst-pam_deny: New
2454 * modules/pam_echo/Makefile.am: Add rules for make check
2455 * modules/pam_echo/tst-pam_echo: New
2456 * modules/pam_env/Makefile.am: Add rules for make check
2457 * modules/pam_env/tst-pam_env: New
2458 * modules/pam_exec/Makefile.am: Add rules for make check
2459 * modules/pam_exec/tst-pam_exec: New
2460 * modules/pam_filter/Makefile.am: Add rules for make check
2461 * modules/pam_filter/tst-pam_filter: New
2462 * modules/pam_ftp/Makefile.am: Add rules for make check
2463 * modules/pam_ftp/tst-pam_ftp: New
2464 * modules/pam_group/Makefile.am: Add rules for make check
2465 * modules/pam_group/tst-pam_group: New
2466 * modules/pam_issue/Makefile.am: Add rules for make check
2467 * modules/pam_issue/tst-pam_issue: New
2468 * modules/pam_lastlog/Makefile.am: Add rules for make check
2469 * modules/pam_lastlog/tst-pam_lastlog: New
2470 * modules/pam_limits/Makefile.am: Add rules for make check
2471 * modules/pam_limits/tst-pam_limits: New
2472 * modules/pam_listfile/Makefile.am: Add rules for make check
2473 * modules/pam_listfile/tst-pam_listfile: New
2474 * modules/pam_localuser/Makefile.am: Add rules for make check
2475 * modules/pam_localuser/tst-pam_localuser: New
2476 * modules/pam_mail/Makefile.am: Add rules for make check
2477 * modules/pam_mail/tst-pam_mail: New
2478 * modules/pam_mkhomedir/Makefile.am: Add rules for make check
2479 * modules/pam_mkhomedir/tst-pam_mkhomedir: New
2480 * modules/pam_motd/Makefile.am: Add rules for make check
2481 * modules/pam_motd/tst-pam_motd: New
2482 * modules/pam_nologin/Makefile.am: Add rules for make check
2483 * modules/pam_nologin/tst-pam_nologin: New
2484 * modules/pam_permit/Makefile.am: Add rules for make check
2485 * modules/pam_permit/tst-pam_permit: New
2486 * modules/pam_rhosts/Makefile.am: Add rules for make check
2487 * modules/pam_rhosts/tst-pam_rhosts: New
2488 * modules/pam_rootok/Makefile.am: Add rules for make check
2489 * modules/pam_rootok/tst-pam_rootok: New
2490 * modules/pam_securetty/Makefile.am: Add rules for make check
2491 * modules/pam_securetty/tst-pam_securetty: New
2492 * modules/pam_selinux/Makefile.am: Add rules for make check
2493 * modules/pam_selinux/tst-pam_selinux: New
2494 * modules/pam_shells/Makefile.am: Add rules for make check
2495 * modules/pam_shells/tst-pam_shells: New
2496 * modules/pam_stress/Makefile.am: Add rules for make check
2497 * modules/pam_stress/tst-pam_stress: New
2498 * modules/pam_succeed_if/Makefile.am: Add rules for make check
2499 * modules/pam_succeed_if/tst-pam_succeed_if: New
2500 * modules/pam_tally/Makefile.am: Add rules for make check
2501 * modules/pam_tally/tst-pam_tally: New
2502 * modules/pam_time/Makefile.am: Add rules for make check
2503 * modules/pam_time/tst-pam_time: New
2504 * modules/pam_umask/Makefile.am: Add rules for make check
2505 * modules/pam_umask/tst-pam_umask: New
2506 * modules/pam_unix/Makefile.am: Add rules for make check
2507 * modules/pam_unix/tst-pam_unix: New
2508 * modules/pam_userdb/Makefile.am: Add rules for make check
2509 * modules/pam_userdb/tst-pam_userdb: New
2510 * modules/pam_warn/Makefile.am: Add rules for make check
2511 * modules/pam_warn/tst-pam_warn: New
2512 * modules/pam_wheel/Makefile.am: Add rules for make check
2513 * modules/pam_wheel/tst-pam_wheel: New
2514 * modules/pam_xauth/Makefile.am: Add rules for make check
2515 * modules/pam_xauth/tst-pam_xauth: New
2517 2006-03-11 Thorsten Kukuk <kukuk@thkukuk.de>
2519 * doc/man/pam_fail_delay.3.xml: New.
2520 * doc/man/pam_fail_delay.3: New, generated from xml.
2521 * doc/man/pam_prompt.3.xml: New.
2522 * doc/man/pam_prompt.3: New, generated from xml.
2523 * doc/man/pam_syslog.3.xml: New.
2524 * doc/man/pam_syslog.3: New, generated from xml.
2525 * doc/man/pam_vprompt.3: New, generated from xml.
2526 * doc/man/pam_vsyslog.3: New, generated from xml.
2528 2006-02-24 Thorsten Kukuk <kukuk@thkukuk.de>
2530 * po/km.po: Update Khmer translation.
2532 2006-02-24 Thorsten Kukuk <kukuk@thkukuk.de>
2534 * modules/pam_succeed_if/pam_succeed_if.8.xml: New, based on
2535 version from #1425487.
2536 * modules/pam_succeed_if/pam_succeed_if.8: Regenerated from xml.
2537 * modules/pam_succeed_if/Makefile.am: Include XML rules.
2538 * modules/pam_succeed_if/README.xml: New.
2539 * modules/pam_succeed_if/README: Regenerated from xml.
2540 * modules/pam_succeed_if/pam_succeed_if.c: Fix comment about
2543 2006-02-22 Thorsten Kukuk <kukuk@thkukuk.de>
2545 * configure.in: Fix check for incomplete libaudit installations
2546 (Patch from Ruediger Oertel <ro@suse.de>).
2548 * modules/pam_lastlog/pam_lastlog.c (last_login_write): Initialize
2549 correct last_login field [#1427401].
2551 * modules/pam_lastlog/pam_lastlog.c (last_login_read): Mark strftime
2552 format string for translation to allow reorder [#1428269].
2553 * po/*.po: Update with last pam_lastlog change.
2556 2006-02-17 Thorsten Kukuk <kukuk@thkukuk.de>
2558 * doc/man/Makefile.am: Add new manual pages.
2559 * doc/man/pam_end.3: Regenerated from xml file.
2560 * doc/man/pam_end.3.xml: Document freeing of item data.
2561 * doc/man/pam_get_user.3: New.
2562 * doc/man/pam_get_user.3.xml: New.
2563 * modules/pam_access/access.conf.5.xml: Fix typos.
2564 * modules/pam_env/Makefile.am: Add new manual pages.
2565 * modules/pam_env/README: Regenerate from xml file.
2566 * modules/pam_env/README.xml: New.
2567 * modules/pam_env/pam_env.8: New.
2568 * modules/pam_env/pam_env.8.xml: New.
2569 * modules/pam_env/pam_env.conf.5: New.
2570 * modules/pam_env/pam_env.conf.5.xml New.
2572 2006-02-14 Thorsten Kukuk <kukuk@thkukuk.de>
2574 * po/fi.po: Updated translations.
2575 * po/pl.po: Likewise.
2576 * po/km.po: New translation.
2577 * configure.in: Add km as new language.
2579 2006-02-13 Thorsten Kukuk <kukuk@thkukuk.de>
2581 * modules/pam_echo/pam_echo.8.xml: New.
2582 * modules/pam_echo/pam_echo.8: Regenerated from xml file.
2583 * modules/pam_echo/Makefile.am: Include Make.xml.rules.
2584 * modules/pam_echo/pam_echo.c: Fix return value.
2586 * doc/modules/pam_chroot.sgml: Remove obsolete sgml file.
2588 2006-02-12 Thorsten Kukuk <kukuk@thkukuk.de>
2590 * configure.in: Add doc/man/Makefile.
2591 * Make.xml.rules: Enable xincludes for manual pages.
2592 * doc/Makefile.am (EXRA_DIST): Remove manual pages.
2593 (SUBDIR): Add man subdirectory.
2594 * doc/man/Makefile.am: New.
2595 * doc/man/pam_acct_mgmt.3: New.
2596 * doc/man/pam_acct_mgmt.3.xml: New.
2597 * doc/man/pam_get_data.3: New.
2598 * doc/man/pam_get_data.3.xml: New.
2599 * doc/man/pam_set_data.3: New.
2600 * doc/man/pam_set_data.3.xml: New.
2601 * doc/man/pam.8.xml: New.
2602 * doc/man/pam.8: Regenerated from xml file.
2603 * doc/man/pam_authenticate.3.xml: New.
2604 * doc/man/pam_authenticate.3: Regenerated from xml file.
2605 * doc/man/pam_chauthtok.3.xml: New.
2606 * doc/man/pam_chauthtok.3: Regenerated from xml file.
2607 * doc/man/pam_close_session.3.xml: New.
2608 * doc/man/pam_close_session.3: Regenerated from xml file.
2609 * doc/man/pam_end.3.xml: New.
2610 * doc/man/pam_end.3: Regenerated from xml file.
2611 * doc/man/pam_fail_delay.3.xml: New.
2612 * doc/man/pam_fail_delay.3: Regenerated from xml file.
2613 * doc/man/pam_get_item.3.xml: New.
2614 * doc/man/pam_get_item.3: Regenerated from xml file.
2615 * doc/man/pam_item_types.inc.xml: New.
2616 * doc/man/pam_open_session.3.xml: New.
2617 * doc/man/pam_open_session.3: Regenerated from xml file.
2618 * doc/man/pam_set_item.3.xml: New.
2619 * doc/man/pam_set_item.3: Regenerated from xml file.
2620 * doc/man/pam_setcred.3.xml: New.
2621 * doc/man/pam_setcred.3: Regenerated from xml file.
2622 * doc/man/pam_start.3.xml: New.
2623 * doc/man/pam_start.3: Regenerated from xml file.
2624 * doc/man/pam_strerror.3.xml: New.
2625 * doc/man/pam_strerror.3: Regenerated from xml file.
2626 * doc/man/template-man: Removed.
2628 2006-02-10 Thorsten Kukuk <kukuk@thkukuk.de>
2630 * configure.in: Remove pam_pwdb support.
2631 * modules/Makefile.am: remove pam_pwdb.
2632 * modules/pam_pwdb: Remove complete directory.
2633 * libpam/Makefile.am: Remove LIBPWDB references.
2634 * libpam/pam_static_modules.h: Remove pam_pwdb references.
2635 * doc/modules/pam_pwdb.sgml: Removed.
2636 * po/POTFILES.in: Remove modules/pam_pwdb/*.c entries.
2637 * doc/pam_source.sgml: Remove references to libpwdb.
2638 * doc/modules/pam_limits.sgml: Remove wrong reference to libpwdb.
2639 * doc/modules/pam_group.sgml: Likewise.
2640 * doc/modules/pam_cracklib.sgml: Replace pam_pwdb with pam_unix.
2641 * doc/modules/pam_userdb.sgml: Likewise.
2642 * modules/pam_cracklib/pam_cracklib.8.xml: Replace pam_pwdb
2644 * modules/pam_mkhomedir/pam_mkhomedir.c: Likewise.
2645 * modules/pam_group/pam_group.c: Remove dead code for libpwdb.
2647 * modules/pam_access/Makefile.am: Fix EXTRA_DIST.
2648 * modules/pam_cracklib/Makefile.am: Likewise.
2649 * modules/pam_deny/Makefile.am: Likewise.
2650 * modules/pam_exec/Makefile.am: Likewise.
2652 2006-02-07 Thorsten Kukuk <kukuk@thkukuk.de>
2654 * configure.in: Check for text browser.
2655 * Make.xml.rules: Add rule to generate README from README.xml.
2657 * modules/pam_access/Makefile.am: Include Make.xml.rules.
2658 * modules/pam_access/README: Regenerated from README.xml.
2659 * modules/pam_access/README.xml: New.
2660 * modules/pam_access/access.conf: Extended by new examples.
2661 * modules/pam_access/access.conf.5: New, generated from xml file.
2662 * modules/pam_access/access.conf.5.xml: New.
2663 * modules/pam_access/pam_access.8: New, generated from xml file.
2664 * modules/pam_access/pam_access.8.xml: New.
2665 * modules/pam_access/pam_access.c: Add rules for IPv6 and
2667 Based on patch from Mike Becher <Mike.Becher@lrz-muenchen.de>.
2669 * modules/pam_deny/Makefile.am: Include Make.xml.rules.
2670 * modules/pam_deny/pam_deny.8.xml: New.
2671 * modules/pam_deny/pam_deny.8: New, generated from xml file.
2672 * modules/pam_deny/README.xml: New.
2673 * modules/pam_deny/README: Regenerated from xml file.
2675 * modules/pam_cracklib/Makefile.am: Include Make.xml.rules.
2676 * modules/pam_cracklib/pam_cracklib.8.xml: New.
2677 * modules/pam_cracklib/pam_cracklib.8: New, generated from xml file.
2678 * modules/pam_cracklib/README.xml: New.
2679 * modules/pam_cracklib/README: Regenerated from xml file.
2681 * modules/pam_exec/Makefile.am: Add rule to generate README.
2682 * modules/pam_exec/README: Regenerated from xml file.
2683 * modules/pam_exec/pam_exec.8: Regenerated from xml file.
2684 * modules/pam_exec/pam_exec.8.xml: Syntax files.
2686 2006-02-06 Thorsten Kukuk <kukuk@thkukuk.de>
2689 * po/pt.po: Update translations.
2690 * configure.in: Add nl as new language.
2692 2006-01-30 Thorsten Kukuk <kukuk@thkukuk.de>
2694 * modules/pam_exec/pam_exec.8.xml: Fix syntax of Return Value section.
2695 * modules/pam_exec/Makefile.am: Include Make.xml.rules.
2697 * Make.xml.rules: New.
2699 * Makefile.am (EXTRA_DIST): Add Make.xml.rules.
2701 2006-01-27 Thorsten Kukuk <kukuk@thkukuk.de>
2703 * configure.in: Prefer libdb over libndbm, fix check for
2704 libcrack and remove not needed BACKUP_LIBS.
2706 2006-01-24 Thorsten Kukuk <kukuk@thkukuk.de>
2708 * modules/pam_debug/pam_debug.c: Fix name of pam_module struct.
2710 * po/de.po: Fix one translation.
2712 * configure.in: Add modules/pam_exec.
2713 * modules/Makefile.am: Add pam_exec subdirectory.
2714 * modules/pam_exec/README: New.
2715 * modules/pam_exec/Makefile.am: New.
2716 * modules/pam_exec/pam_exec.8: New.
2717 * modules/pam_exec/pam_exec.c: New.
2718 * modules/pam_exec/pam_exec.8.xml: New.
2719 * po/POTFILES.in: Add modules/pam_exec/pam_exec.c.
2720 * po/*.po: Merge new pam_exec strings.
2722 * libpam/pam_static_modules.h: New.
2723 * Makefile.am: Reorder subdirectories for static modules.
2724 * configure.in: Add --enable-static-modules option.
2725 * libpam/Makefile.am: Define WITH_SELINUX and WITH_PWDB if
2726 necessary, add pam_static_modules.h, link against all PAM
2727 module object files if STATIC_MODULES is defined.
2728 * libpam/pam_static.c: Remove old _static_module* includes,
2729 include pam_static_modules.h.
2731 * configure.in: Add checks for xsltproc, xmllint and docbook
2733 * m4/jh_path_xml_catalog.m4: New.
2735 2006-01-22 Thorsten Kukuk <kukuk@thkukuk.de>
2737 * modules/pam_succeed_if/pam_succeed_if.c: Add support for
2739 * modules/pam_xauth/pam_xauth.c: Likewise.
2741 * libpam/pam_static.c (_pam_open_static_handler): Add pamh
2743 * libpam/pam_private.h: Adjust prototype.
2744 * libpam/pam_handlers.c (_pam_add_handler): Add pamh to
2745 _pam_open_static_handler call.
2747 * configure.in: Don't define PAM_DYNAMIC.
2748 * libpam/pam_handlers.c: Get ride of PAM_DYNAMIC, don't
2749 include pam_dynamic.h
2750 * libpam/pam_dynamic.c: Don't include pam_dynamic.h,
2751 exclude functions if we compile with PAM_STATIC.
2752 * libpam/pam_dynamic.h: Remove.
2753 * libpam/pam_private.h: Add function prototypes from pam_dynamic.h.
2754 * libpam/Makefile.am: Bump version number of libpam, remove
2757 2006-01-21 Thorsten Kukuk <kukuk@thkukuk.de>
2759 * modules/pam_listfile/pam_listfile.c: Add support for session
2760 and password management.
2762 2006-01-19 Thorsten Kukuk <kukuk@thkukuk.de>
2764 * doc/specs/Makefile.am (spec): Add padout to fix parallel
2765 build (Reported by Andreas Haumer <andreas@xss.co.at>).
2767 2006-01-15 Thorsten Kukuk <kukuk@thkukuk.de>
2769 * modules/pam_echo/pam_echo.c: Define HOST_NAME_MAX if not
2772 2006-01-13 Thorsten Kukuk <kukuk@thkukuk.de>
2774 * release version 0.99.3.0
2776 * libpam_misc/misc_conv.c (misc_conv): Fix strict aliasing
2779 * modules/pam_umask/pam_umask.c (search_key): Don't ignore
2780 EOF/error return value from fgets().
2782 * configure.in: Check for getline and getdelim
2784 * po/fi.po: Add new translations.
2785 * po/de.po: Likewise.
2786 * po/es.po: Likewise.
2787 * po/fr.po: Likewise.
2788 * po/it.po: Likewise.
2789 * po/ja.po: Likewise.
2790 * po/pt_BR.po: Likewise.
2791 * po/zh_CH.po: Likewise.
2792 * po/zh_TW.po: Likewise.
2794 2006-01-13 Dmitry V. Levin <ldv@altlinux.org>
2796 * libpam/pam_audit.c (_pam_auditlog): Replace strerror(errno)
2797 call with %m specifier.
2799 2006-01-12 Thorsten Kukuk <kukuk@thkukuk.de>
2801 * configure.in: Add check for -fpie/-pie
2802 * modules/pam_filter/upperLOWER/Makefile.am: Compile/link
2803 upperLOWER with -fpie/-pie if supported.
2804 * modules/pam_unix/Makefile.am: Compile/link unix_chkpwd
2805 with -fpie/-pie if supported.
2807 2006-01-12 Steve Grubb <sgrubb@redhat.com>
2809 * configure.in: Add check for audit library.
2810 * libpam/Makefile.am (libpam_la_LDFLAGS): Add LIBAUDIT.
2811 (libpam_la_SOURCES): Add pam_audit.c.
2812 * libpam/pam_account.c (pam_acct_mgmt): Add _pam_auditlog() call.
2813 * libpam/pam_auth.c (pam_authenticate), (pam_setcred): Likewise.
2814 * libpam/pam_password.c (pam_chauthtok): Likewise.
2815 * libpam/pam_session.c (pam_open_session),
2816 (pam_close_session): Likewise.
2817 * libpam/pam_private.h: Add audit_state member to pam_handle,
2818 declare _pam_auditlog and _pam_audit_end.
2819 * libpam/pam_start.c (pam_start): Initialize audit_state.
2820 * libpam/pam_audit.c: New file with _pam_auditlog and _pam_audit_end
2822 * libpam/pam_end.c (pam_end): Add _pam_audit_end() call.
2823 * NEWS: Note about added auditing.
2825 2006-01-11 Thorsten Kukuk <kukuk@thkukuk.de>
2827 * libpam/Makefile.am (AM_CFLAGS): Define LIBPAM_COMPILE.
2829 * libpam/include/security/_pam_types.h: Don't define PAM_NONNULL
2830 if we compile libpam itself.
2832 * po/hu.po: Update with new translations.
2834 2006-01-08 Thorsten Kukuk <kukuk@thkukuk.de>
2836 * modules/pam_cracklib/pam_cracklib.c: Use PAM_AUTHTOK_RECOVERY_ERR
2837 instead of PAM_AUTHTOK_RECOVER_ERR.
2838 * modules/pam_pwdb/support.-c: Likewise.
2839 * modules/pam_unix/support.c: Likewise.
2840 * modules/pam_userdb/pam_userdb.c (pam_sm_authenticate): Likewise.
2841 * libpam/pam_strerror.c (pam_strerror): Likewise.
2843 * libpam/include/security/_pam_compat.h: Define
2844 PAM_AUTHTOK_RECOVER_ERR for backward compatibility.
2846 * libpam/include/security/_pam_types.h: Rename
2847 PAM_AUTHTOK_RECOVER_ERR to PAM_AUTHTOK_RECOVERY_ERR.
2849 2006-01-05 Thorsten Kukuk <kukuk@thkukuk.de>
2851 * libpam/include/security/_pam_types.h: Remove nonnull attribute
2852 from third paramter (item) of pam_get_item.
2853 * libpam/Makefile.am: Bump version number of shared library.
2855 2005-12-21 Tomas Mraz <t8m@centrum.cz>
2857 * modules/pam_succeed_if/pam_succeed_if.c (evaluate_ingroup),
2858 (evaluate_notingroup): Simplified.
2859 (evaluate_innetgr), (evaluate_notinnetgr): New functions.
2860 (evaluate): Added calls to evaluate_(not)innetgr().
2861 * modules/pam_succeed_if/README: Documented netgroup matching.
2862 * NEWS: Mentioned the added netgroup matching support.
2864 2005-12-20 Thorsten Kukuk <kukuk@thkukuk.de>
2866 * modules/pam_lastlog/pam_lastlog.c (last_login_read): Use
2867 strftime instead of ctime.
2869 * po/de.po: Fix typo.
2871 2005-12-19 Thorsten Kukuk <kukuk@thkukuk.de>
2873 * libpam/pam_syslog.c: Define LOG_AUTHPRIV as LOG_AUTH on Solaris.
2874 Reported by Charles_H_Bedford@nbc.gov.
2876 * modules/pam_time/pam_time.c (check_account): Implement
2877 support for netgroups.
2879 * modules/pam_time/time.conf: Document usage of netgroups.
2881 2005-12-16 Thorsten Kukuk <kukuk@thkukuk.de>
2883 * modules/pam_group/pam_group.c (check_account): Implement
2884 support for netgroups.
2886 * modules/pam_group/group.conf: Add all documentation to this
2887 example config file and don't reference to outdated configs.
2889 * modules/pam_group/README: New.
2891 * modules/pam_group/Makefile.am: Add README to EXTRADIST.
2893 2005-12-15 Thorsten Kukuk <kukuk@suse.de>
2895 * modules/pam_lastlog/pam_lastlog.c (last_login_read): Don't report an
2896 error if user logins the first time.
2898 * modules/pam_lastlog/README: New.
2900 * modules/pam_lastlog/Makefile.am: Add README to EXTRADIST.
2902 2005-12-14 Thorsten Kukuk <kukuk@suse.de>
2904 * modules/pam_deny/pam_deny.c: Fix comment.
2906 * doc/pam_appl.sgml: Fix typo.
2908 Reported by Russell Bateman <russ@windofkeltia.com>
2910 2005-12-12 Thorsten Kukuk <kukuk@thkukuk.de>
2912 * release version 0.99.2.1
2914 * po/de.po: Remove new fuzzy entry
2916 * NEWS: Add 0.99.2.1 changes
2918 * configure.in: bump version number to 0.99.2.1
2920 2005-12-12 Dmitry V. Levin <ldv@altlinux.org>
2922 Cleanup pam_syslog messages.
2924 * modules/pam_env/pam_env.c (_expand_arg): Fix compiler warning.
2925 * modules/pam_filter/pam_filter.c (set_filter): Append %m
2926 specifier to pam_syslog messages where appropriate.
2927 * modules/pam_group/pam_group.c (read_field): Likewise.
2928 * modules/pam_mkhomedir/pam_mkhomedir.c (make_remark): Remove.
2929 (create_homedir): Do not use make_remark() wrapper, call
2930 pam_info() directly. Call pam_syslog() right after failed
2931 operation and append %m specifier to pam_syslog messages where
2933 * modules/pam_rhosts/pam_rhosts_auth.c (pam_iruserok): Replace
2934 sequence of malloc(), strcpy() and strcat() calls with asprintf().
2935 Append %m specifier to pam_syslog messages where appropriate.
2936 * modules/pam_securetty/pam_securetty.c (securetty_perform_check):
2937 Append %m specifier to pam_syslog messages where appropriate.
2938 * modules/pam_shells/pam_shells.c (perform_check): Likewise.
2940 2005-12-12 Tomas Mraz <t8m@centrum.cz>
2942 * modules/pam_mail/pam_mail.c (report_mail): Fixed typo in string.
2943 * po/Linux-PAM.pot: Likewise.
2944 * po/de.po: Likewise.
2945 * po/es.po: Likewise.
2946 * po/fi.po: Likewise.
2947 * po/fr.po: Likewise.
2948 * po/hu.po: Likewise.
2949 * po/it.po: Likewise.
2950 * po/ja.po: Likewise.
2951 * po/nb.po: Likewise.
2952 * po/pa.po: Likewise.
2953 * po/pl.po: Likewise.
2954 * po/pt.po: Likewise.
2955 * po/pt_BR.po: Likewise.
2956 * po/zh_CN.po: Likewise.
2957 * po/zh_TW.po: Likewise.
2958 * po/de.po: Add new translation, fixed typo in string.
2960 2005-12-12 Mike Becher <Mike.Becher@lrz-muenchen.de>
2962 * doc/Makefile.am: Fixed install of PS, PDF, TXT and HTML files.
2964 2005-12-12 Thorsten Kukuk <kukuk@suse.de>
2966 * modules/pam_mail/README: Document "quiet" and "standard"
2969 2005-12-07 Thorsten Kukuk <kukuk@suse.de>
2971 * modules/pam_mail/pam_mail.c: Modify assembling of output
2972 for easier translation.
2974 * po/de.po: Translate new pam_mail messages.
2977 2005-11-24 Thorsten Kukuk <kukuk@thkukuk.de>
2979 * po/de.po: Add new translation, fix wrong format specifier.
2980 * po/cs.po: Fix wrong format specifier.
2981 * po/es.po: Likewise.
2982 * po/fi.po: Likewise.
2983 * po/fr.po: Likewise.
2984 * po/hu.po: Likewise.
2985 * po/it.po: Likewise.
2986 * po/ja.po: Likewise.
2987 * po/nb.po: Likewise.
2988 * po/pa.po: Likewise.
2989 * po/pl.po: Likewise.
2990 * po/pt.po: Likewise.
2991 * po/pt_BR.po: Likewise.
2992 * po/zh_CN.po: Likewise.
2993 * po/zh_TW.po: Likewise.
2995 2005-11-24 Dmitry V. Levin <ldv@altlinux.org>
2997 * config.h.in: Remove generated file.
2998 * .cvsignore: Add config.h.in.
3000 * configure.in: Do not check for strerror.
3001 * libpam_misc/misc_conv.c (read_string): Replace strerror()
3002 call with %m specifier.
3003 * libpamc/pamc_converse.c (pamc_converse): Likewise.
3004 * modules/pam_echo/pam_echo.c (pam_echo): Likewise.
3005 * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate):
3007 * modules/pam_selinux/pam_selinux.c (security_label_tty):
3009 (security_restorelabel_tty, security_label_tty): Append %m
3010 specifier where appropriate.
3011 * modules/pam_selinux/pam_selinux_check.c (main): Replace
3012 strerror() call with %m specifier.
3013 * modules/pam_unix/pam_unix_passwd.c (save_old_password,
3014 _update_passwd, _update_shadow): Likewise.
3015 * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
3016 * modules/pam_unix/unix_chkpwd.c (_update_shadow): Likewise.
3017 * po/Linux-PAM.pot: Update strings from pam_selinux.
3018 * po/cs.po: Likewise.
3019 * po/de.po: Likewise.
3020 * po/es.po: Likewise.
3021 * po/fi.po: Likewise.
3022 * po/fr.po: Likewise.
3023 * po/hu.po: Likewise.
3024 * po/it.po: Likewise.
3025 * po/ja.po: Likewise.
3026 * po/nb.po: Likewise.
3027 * po/pa.po: Likewise.
3028 * po/pl.po: Likewise.
3029 * po/pt.po: Likewise.
3030 * po/pt_BR.po: Likewise.
3031 * po/zh_CN.po: Likewise.
3032 * po/zh_TW.po: Likewise.
3034 2005-11-23 Thorsten Kukuk <kukuk@suse.de>
3036 * modules/pam_xauth/pam_xauth.c (pam_sm_open_session): Introduce
3037 new variable to fix compiler warning.
3039 * libpam/pam_modutil_getlogin.c (pam_modutil_getlogin): PAM_TTY
3040 don't need to start with /dev/.
3042 2005-11-21 Thorsten Kukuk <kukuk@thkukuk.de>
3044 * release version 0.99.2.0
3046 * libpam_misc/Makefile.am: Increase release number (for change
3049 * NEWS: Adjust for 0.99.2.0
3051 2005-11-17 Thorsten Kukuk <kukuk@thkukuk.de>
3053 * libpam/include/security/_pam_compat.h: Fix wrong #ifdef nesting.
3054 Redefine PAM_CHANGE_EXPIRED_AUTHTOK [#604380]
3056 2005-11-16 Thorsten Kukuk <kukuk@thkukuk.de>
3058 * libpam/pam_handlers.c: Replace code for all dlopen variants with
3060 * libpam/pam_dynamic.c: Implement generic wrapper for dlopen.
3061 * libpam/pam_dynamic.h: Provide prototypes.
3062 For Mac OS X support [#534205]
3064 2005-11-09 Tomas Mraz <t8m@centrum.cz>
3066 * modules/pam_access/pam_access.c (pam_sm_acct_mgmt): Parse correctly
3068 * modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Parse correctly
3069 full path tty name. Allow unset tty.
3070 (logic_member): Allow matching ':' in tty name.
3071 * modules/pam_group/pam_group.c (pam_sm_acct_mgmt): Parse correctly
3072 full path tty name. Allow unset tty.
3073 (logic_member): Allow matching ':' in tty name.
3075 * libpam_misc/misc_conv.c (read_string): Read only up to EOL if stdin
3078 2005-11-07 Thorsten Kukuk <kukuk@thkukuk.de>
3080 * modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Use
3081 correct variable names.
3083 2005-11-06 Steve Langasek <vorlon@debian.org>
3085 * modules/pam_env/pam_env.c: don't treat a missing
3086 /etc/environment as a fatal error when attempting to read it,
3087 and try to read this file by default; this restores the behavior
3088 from Linux-PAM 0.76.
3090 2005-11-02 Tomas Mraz <t8m@centrum.cz>
3092 * modules/pam_unix/support.c (_unix_getpwnam): Fix typo [#1224807]
3095 * modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Change the
3096 logic when comparing dates to handle corner cases better [#1245888].
3098 2005-10-31 Thorsten Kukuk <kukuk@suse.de>
3100 * modules/pam_filter/pam_filter.c: Use XCASE only if defined
3103 2005-10-27 Thorsten Kukuk <kukuk@suse.de>
3105 * doc/man/pam.8: Fix wording for authentication chapter [#1197444]
3107 2005-10-26 Tomas Mraz <t8m@centrum.cz>
3109 * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary),
3110 modules/pam_unix/pam_unix_passwd.c (_unix_run_shadow_binary),
3111 modules/pam_unix/support.c (_unix_run_shadow_binary_): Set real
3112 uid to 0 before executing the helper if SELinux is enabled.
3113 * modules/pam_unix/unix_chkpwd.c (main): Disable user check only
3114 if real uid is 0 (CVE-2005-2977). Log failed password check attempt.
3117 2005-10-20 Tomas Mraz <t8m@centrum.cz>
3119 * configure.in: Added check for xauth binary and --with-xauth option.
3120 * config.h.in: Added configurable PAM_PATH_XAUTH.
3121 * modules/pam_xauth/README,
3122 modules/pam_xauth/pam_xauth.8: Document where xauth is looked for.
3123 * modules/pam_xauth/pam_xauth.c (pam_sm_open_session): Implement
3124 searching xauth binary on multiple places.
3125 (run_coprocess): Don't use execvp as it can be a security risk.
3127 2005-10-04 Steve Langasek <vorlon@debian.org>
3129 * libpam/include/security/pam_malloc.h,
3130 libpam/include/security/pam_modules.h: Declare public header
3131 files extern "C" so that they are C++-safe.
3133 2005-10-02 Dmitry V. Levin <ldv@altlinux.org>
3134 Steve Langasek <vorlon@debian.org>
3136 Cleanup gratuitous use of strdup().
3137 Fix "missing argument" checks.
3139 * modules/pam_env/pam_env.c (_pam_parse): Add const qualifier
3140 to conffile and envfile arguments. Do not use x_strdup() for
3141 conffile and envfile initialization. Fix "missing argument"
3143 (_parse_config_file): Take conffile argument of type "const char *"
3144 instead of "char **". Do not free conffile.
3145 (_parse_env_file): Take env_file argument of type "const char *"
3146 instead of "char **". Do not free env_file.
3147 (pam_sm_setcred): Add const qualifier to conf_file and env_file.
3148 Pass conf_file and env_file to _parse_config_file() and
3149 _parse_env_file() by value.
3150 (pam_sm_open_session): Likewise.
3152 * modules/pam_ftp/pam_ftp.c (_pam_parse): Add const qualifier to
3153 users argument. Do not use x_strdup() for users initialization.
3154 (lookup): Add const qualifier to list argument.
3155 (pam_sm_authenticate): Add const qualifier to users argument.
3157 * modules/pam_mail/pam_mail.c (_pam_parse): Add const qualifier
3158 to maildir argument. Do not use x_strdup() for maildir
3159 initialization. Fix "missing argument" check.
3160 (get_folder): Take path_mail argument of type "const char *"
3161 instead of "char **". Do not free path_mail.
3162 (_do_mail): Add const qualifier to path_mail argument.
3163 Pass path_mail to get_folder() by value.
3165 * modules/pam_motd/pam_motd.c: Include <syslog.h>.
3166 (pam_sm_open_session): Add const qualifier to motd_path.
3167 Do not use x_strdup() for motd_path initialization. Do not
3168 free motd_path. Fix "missing argument" check. Add "unknown
3171 * modules/pam_userdb/pam_userdb.c (_pam_parse): Add const
3172 qualifier to database and cryptmode arguments. Fix "missing
3174 (pam_sm_authenticate): Add const qualifier to database and cryptmode.
3175 (pam_sm_acct_mgmt): Likewise.
3177 2005-10-01 Steve Langasek <vorlon@debian.org>
3179 * modules/pam_userdb/pam_userdb.c: spelling fix in log message.
3181 2005-09-30 Steve Langasek <vorlon@debian.org>
3183 * modules/pam_userdb/pam_userdb.c: Fix memory leak due to
3184 gratuitous use of strdup().
3186 2005-09-27 Thorsten Kukuk <kukuk@thkukuk.de>
3190 * doc/specs/Makefile.am (install-data-local): Install
3192 (all): Copy rfc if we build outside of source directory.
3194 2005-09-27 Thorsten Kukuk <kukuk@suse.de>
3196 * NEWS: Document removal of pam_radius.
3197 * autogen.sh: Make configure script executeable.
3199 * conv/pam_conv1/Makefile (EXTRA_DIST): Removed lex.yy.c
3200 (lex.yy.c): Fixed out of tree build.
3202 * conv/pam_conv1/pam_conv.y: Fix main prototype.
3206 * po/POTFILES.in: Remove files not distributed by tar archive
3207 and not containing strings for translation.
3209 2005-09-26 Tomas Mraz <t8m@centrum.cz>
3211 * NEWS: Add a few missing entries from CHANGELOG.
3213 * AUTHORS: Fixed entries for Toady and me.
3215 * Makefile.am (M4_FILES): Fixed out of tree build.
3216 * doc/specs/Makefile.am (EXTRA_DIST): Removed lex.yy.c
3217 (spec, lex.yy.c): Fixed out of tree build.
3219 * modules/pam_userdb/README: Document try_first_pass and
3220 use_first_pass options, remove use_authtok option.
3223 2005-09-26 Dmitry V. Levin <ldv@altlinux.org>
3225 * NEWS: Mention changes in pam_lastlog.
3227 2005-09-26 Thorsten Kukuk <kukuk@suse.de>
3230 * autogen.sh: Don't generate NEWS file.
3231 * CHANGELOG: Document it as obsolete.
3233 2005-09-26 Tomas Mraz <t8m@centrum.cz>
3235 * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary):
3236 _log_err() -> pam_syslog()
3237 (pam_sm_acct_mgmt): _log_err() -> pam_syslog(), fix warning.
3238 * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate):
3239 _log_err() -> pam_syslog()
3240 * modules/pam_unix/pam_unix_passwd.c: removed obsolete ifdef
3241 (getNISserver, _unix_run_shadow_binary, _update_passwd,
3242 _update_shadow, _do_setpass, _pam_unix_approve_pass,
3243 pam_sm_chauthtok): _log_err() -> pam_syslog()
3244 * modules/pam_unix/pam_unix_sess.c: removed obsolete ifdef
3245 (pam_sm_open_session, pam_sm_close_session):
3246 _log_err() -> pam_syslog()
3247 * modules/pam_unix/support.c (_log_err, converse): removed
3248 (_make_remark): use pam_prompt() instead of converse()
3249 (_set_ctrl, _cleanup_failures, _unix_run_helper_binary,
3250 _unix_verify_password, _unix_read_password):
3251 _log_err() -> pam_syslog()
3252 _cleanup(), _unix_cleanup(): Silence unused param warnings.
3253 (_cleanup_failures, _unix_verify_password, _unix_getpwnam,
3254 _unix_run_helper_binary): Silence incorrect type warnings.
3255 (_unix_read_password): Use multiple pam_prompt() and pam_info() calls
3256 instead of converse().
3257 * modules/pam_unix/support.h (_log_err): removed
3258 * modules/pam_unix/unix_chkpwd.c (_log_err): LOG_AUTH -> LOG_AUTHPRIV
3260 2005-09-26 Thorsten Kukuk <kukuk@suse.de>
3262 * configure.in: Add doc/specs/Makefile.
3263 * Makefile.am: Add releasedocs rule.
3264 * doc/Makefile.am: Add specs subdir, remove files from specs
3265 directory, add rfc86.0.txt to releasedocs.
3266 * doc/specs/Makefile.am: New file.
3267 * doc/specs/formatter/parse.y: move from here ...
3268 * doc/specs/parse.y: ... here.
3269 * doc/specs/formatter/parse.lex: move from here ...
3270 * doc/specs/parse.lex: ... here.
3272 * modules/pam_mail/pam_mail.c: Mark missing strings for translation
3273 * po/Linux-PAM.pot: Add new strings from pam_mail
3274 * po/cs.po: Likewise.
3275 * po/de.po: Likewise.
3276 * po/es.po: Likewise.
3277 * po/fi.po: Likewise.
3278 * po/fr.po: Likewise.
3279 * po/hu.po: Likewise.
3280 * po/it.po: Likewise.
3281 * po/ja.po: Likewise.
3282 * po/nb.po: Likewise.
3283 * po/pa.po: Likewise.
3284 * po/pl.po: Likewise.
3285 * po/pt.po: Likewise.
3286 * po/pt_BR.po: Likewise.
3287 * po/zh_CN.po: Likewise.
3288 * po/zh_TW.po: Likewise.
3290 2005-09-23 Tomas Mraz <t8m@centrum.cz>
3292 * modules/pam_access/pam_access.c (from_match): Support NULL from.
3293 (string_match): Support NULL string, add NONE keyword matching it.
3294 (pam_sm_acct_mgmt): Don't fail when ttyname returns NULL.
3295 * modules/pam_access/access.conf: NONE keyword description
3296 * modules/pam_access/README: NONE keyword description
3298 2005-09-22 Dmitry V. Levin <ldv@altlinux.org>
3300 * modules/pam_xauth/pam_xauth.c: (check_acl, pam_sm_open_session,
3301 pam_sm_close_session): Strip redundant "pam_xauth: " prefix from
3302 text of log messages.
3303 (pam_sm_open_session): Replace sequence of malloc(), strcpy()
3304 and strcat() calls with asprintf(). Replace syslog() calls
3307 * modules/pam_nologin/pam_nologin.c (parse_args): Use strncmp()
3308 instead of memcmp() for string comparison.
3310 2005-09-21 Dmitry V. Levin <ldv@altlinux.org>
3312 * modules/pam_nologin/pam_nologin.c: Include <syslog.h>.
3313 (parse_args): Add pam_handle_t* argument. Log unrecognized
3315 (perform_check): Log pam_get_user() and malloc() failures.
3316 (pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt):
3317 Pass pam_handle_t* to parse_args().
3319 * modules/pam_mail/pam_mail.c: Include <errno.h>.
3320 Remove YOUR_MAIL_VERBOSE_FORMAT, YOUR_MAIL_STANDARD_FORMAT and
3321 NO_MAIL_STANDARD_FORMAT macros.
3322 (parse_args, get_folder): Cleanup error messages.
3323 (get_folder): Fix leak of the path_mail variable in case of
3324 pam_get_user() failure. Cleanup memory management.
3325 (get_mail_status): Add pam_handle_t* argument. Fix leaks of
3326 namelist variable. Cleanup memory management. Log memory
3327 allocation failures. Remove 250-byte limit on Maildir pathname.
3328 (report_mail): Mark text messages for translation.
3329 (_do_mail): Cleanup memory management. Pass pam_handle_t*
3330 to get_mail_status().
3332 * po/Linux-PAM.pot: Update with new strings from pam_mail for
3334 * po/cs.po: Likewise.
3335 * po/de.po: Likewise.
3336 * po/es.po: Likewise.
3337 * po/fi.po: Likewise.
3338 * po/fr.po: Likewise.
3339 * po/hu.po: Likewise.
3340 * po/it.po: Likewise.
3341 * po/ja.po: Likewise.
3342 * po/nb.po: Likewise.
3343 * po/pa.po: Likewise.
3344 * po/pl.po: Likewise.
3345 * po/pt.po: Likewise.
3346 * po/pt_BR.po: Likewise.
3347 * po/zh_CN.po: Likewise.
3348 * po/zh_TW.po: Likewise.
3350 2005-09-20 Thorsten Kukuk <kukuk@suse.de>
3352 * configure.in: Add finish translation.
3355 * acinclude.m4: remove libprelude macros.
3356 * m4/libprelude.m4: New.
3358 * Makefile.am (EXTRA_DIST): make sure we include all m4 macros.
3360 * libpamc/Makefile.am (EXTRA_DIST): Add License.
3362 See CHANGELOG for earlier changes.