]> granicus.if.org Git - linux-pam/log
linux-pam
16 years agoRelevant BUGIDs:
Thorsten Kukuk [Wed, 13 Feb 2008 14:39:41 +0000 (14:39 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2008-02-13  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_rhosts/Makefile.am: Remove pam_rhosts_auth.
        * modules/pam_rhosts/pam_rhosts_auth.c: Removed.
        * modules/pam_rhosts/tst-pam_rhosts_auth: Removed.

        * modules/pam_namespace/Makefile.am (noinst_HEADERS): Add
        pam_namespace.h.

16 years agoRelevant BUGIDs:
Tomas Mraz [Wed, 13 Feb 2008 12:49:43 +0000 (12:49 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix, new feature

Commit summary:
---------------
2008-02-13  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_namespace/Makefile.am: Add argv_parse files and namespace.d
        dir.
        * modules/pam_namespace/argv_parse.c: New file.
        * modules/pam_namespace/argv_parse.h: New file.
        * modules/pam_namespace/namespace.conf.5.xml: Document new features.
        * modules/pam_namespace/pam_namespace.8.xml: Likewise.
        * modules/pam_namespace/pam_namespace.h: Use SECURECONF_DIR define.
        Define NAMESPACE_D_DIR and NAMESPACE_D_GLOB. Define new option flags
        and polydir flags.
        (polydir_s): Add rdir, replace exclusive with flags, add init_script,
        owner, group, and mode.
        (instance_data): Add ruser, gid, and ruid.
        * modules/pam_namespace/pam_namespace.c: Remove now unused copy_ent().
        (add_polydir_entry): Add the entry directly, no copy.
        (del_polydir): New function.
        (del_polydir_list): Call del_polydir().
        (expand_variables, parse_create_params, parse_iscript_params,
        parse_method): New functions.
        (process_line): Call expand_variables() on polydir and instance prefix.
        Call argv_parse() instead of strtok_r(). Allocate struct polydir_s on heap.
        (parse_config_file): Parse .conf files from namespace.d dir after
        namespace.conf.
        (form_context): Call getcon() or get_default_context_with_level() when
        appropriate flags are set.
        (poly_name): Handle shared polydir flag.
        (inst_init): Execute non-default init script when specified.
        (create_polydir): New function.
        (create_dirs): Remove the code which checks the polydir. Do not call
        inst_init() when noinit flag is set.
        (ns_setup): Check the polydir and eventually create it if the create flag
        is set.
        (setup_namespace): Use ruser uid from idata. Set the namespace polydir
        pam data only when namespace was set up correctly. Unmount polydir
        based on ruser.
        (get_user_data): New function.
        (pam_sm_open_session): Check for use_current_context and
        use_default_context options. Call get_user_data().
        (pam_sm_close_session): Call get_user_data().

16 years agoRelevant BUGIDs:
Thorsten Kukuk [Mon, 4 Feb 2008 15:27:31 +0000 (15:27 +0000)]
Relevant BUGIDs:

Purpose of commit: new feature

Commit summary:
---------------

2008-02-04  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_exec/pam_exec.c: Set PAM environment variables and
        add 'quiet' option.
        * modules/pam_exec/pam_exec.8.xml: Document new behavior.
        Patch from Julien Lecomte <julien@lecomte.at>.

16 years agoRelevant BUGIDs:
Thorsten Kukuk [Mon, 4 Feb 2008 15:05:51 +0000 (15:05 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfixes

Commit summary:
---------------

2008-02-04  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_sepermit/Makefile.am: Install config file only
        if we build the module.

        * doc/Makefile.am: Fix build out of source directory.

        * po/POTFILES.in: Add pam_sepermit.c.

16 years agoRelevant BUGIDs:
Thorsten Kukuk [Mon, 4 Feb 2008 14:00:20 +0000 (14:00 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2008-02-04  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/Makefile.am: Add pam_sepermit.

16 years agoRelevant BUGIDs:
Thorsten Kukuk [Mon, 4 Feb 2008 13:37:35 +0000 (13:37 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfixes

Commit summary:
---------------

2008-02-04  Thorsten Kukuk  <kukuk@thkukuk.de>

        * libpam/pam_static_modules.h: Add _pam_sepermit_modstruct.
        * modules/pam_sepermit/pam_sepermit.c: Fix typo.

        * README: Add --disable-pie to configure options for static library.

        * doc/man/Makefile.am: Fix building outside of src directory.

16 years agoRelevant BUGIDs:
Tomas Mraz [Fri, 1 Feb 2008 16:22:23 +0000 (16:22 +0000)]
Relevant BUGIDs:

Purpose of commit: new feature

Commit summary:
---------------
2008-02-01  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_namespace/namespace.conf.5.xml: Add documentation for
        tmpfs and tmpdir polyinst and for ~ user list modifier.
        * modules/pam_namespace/namespace.init: Add documentation for the
        new init parameter. Add home directory initialization script.
        * modules/pam_namespace/pam_namespace.8.xml: Document the new
        init parameter of the namespace.init script.
        * modules/pam_namespace/pam_namespace.c(copy_ent): Copy exclusive flag.
        (cleanup_data): New function.
        (process_line): Set exclusive flag. Add tmpfs and tmpdir methods.
        (ns_override): Change behavior on the exclusive flag.
        (poly_name): Process tmpfs and tmpdir methods.
        (inst_init): Add flag for new directory initialization.
        (create_dirs): Process the tmpdir method, add the new directory
        flag.
        (ns_setup): Remove unused code. Process the tmpfs method.
        (cleanup_tmpdirs): New function.
        (setup_namespace): Set data for proper cleanup. Cleanup the tmpdirs
        on failures.
        (pam_sm_close_session): Instead of parsing the config file again use
        the previously set data for cleanup.
        * modules/pam_namespace/pam_namespace.h: Add TMPFS and TMPDIR methods
        and exclusive flag.

16 years agoRelevant BUGIDs:
Tomas Mraz [Tue, 29 Jan 2008 15:38:34 +0000 (15:38 +0000)]
Relevant BUGIDs:

Purpose of commit: new feature

Commit summary:
---------------
2008-01-29  Tomas Mraz  <t8m@centrum.cz>

        * configure.in: Test for setkeycreatecon needs libselinux.
        Add new module pam_sepermit.
        * modules/Makefile.am: Add new module pam_sepermit.
        * modules/pam_sepermit/.cvsignore: New file.
        * modules/pam_sepermit/Makefile.am: Likewise.
        * modules/pam_sepermit/README.xml: Likewise.
        * modules/pam_sepermit/pam_sepermit.8.xml: Likewise.
        * modules/pam_sepermit/pam_sepermit.c: Likewise.
        * modules/pam_sepermit/sepermit.conf: Likewise.
        * modules/pam_sepermit/tst-pam_sepermit: Likewise.
        * doc/sag/pam_sepermit.xml: Likewise.

        * doc/sag/pam_tty_audit.xml: Add pam_tty_audit to SAG.

16 years agoRelevant BUGIDs:
Tomas Mraz [Tue, 29 Jan 2008 15:09:29 +0000 (15:09 +0000)]
Relevant BUGIDs:

Purpose of commit: new feature

Commit summary:
---------------
2008-01-29  Miloslav Trmac  <mitr@redhat.com>

        * modules/pam_tty_audit/README.xml: Add notes section.
        * modules/pam_tty_audit/pam_tty_audit.8.xml: Describe patterns
        support and open_only option. Add notes.
        * modules/pam_tty_audit/pam_tty_audit.c(pam_sm_open_session): Add
        support for pattern matching and the open_only option.

16 years agoRelevant BUGIDs:
Thorsten Kukuk [Mon, 28 Jan 2008 14:50:21 +0000 (14:50 +0000)]
Relevant BUGIDs:

Purpose of commit: cleanup

Commit summary:
---------------

2008-01-28  Thorsten Kukuk  <kukuk@thkukuk.de>

        * libpam/pam_audit.c: Include pam_modutil_private.h.

        * libpam/pam_item.c (pam_set_item): Fix compiler warning.

        * libpam/pam_end.c (pam_end): Cast to correct pointer type.
        * libpam/include/security/_pam_macros.h (_pam_overwrite_n): Use
        unsigned int.

16 years agoRelevant BUGIDs:
Thorsten Kukuk [Mon, 28 Jan 2008 13:20:29 +0000 (13:20 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2008-01-28  Thorsten Kukuk  <kukuk@suse.de>

        * modules/pam_unix/passverify.c: Fix compiling without SELinux
        support.

16 years agoRelevant BUGIDs: 1836981
Tomas Mraz [Thu, 24 Jan 2008 16:42:58 +0000 (16:42 +0000)]
Relevant BUGIDs: 1836981

Purpose of commit: bugfix

Commit summary:
---------------
2008-01-24  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_unix/bigcrypt.c (bigcrypt): Use crypt_r() when
        available.
        * modules/pam_unix/passverify.c (strip_hpux_aging): New function
        to strip HP/UX aging info from password hash.
        (verify_pwd_hash): Call strip_hpux_aging(), use crypt_r() when
        available.

16 years agoRelevant BUGIDs:
Tomas Mraz [Wed, 23 Jan 2008 15:35:12 +0000 (15:35 +0000)]
Relevant BUGIDs:

Purpose of commit: cleanup, new feature

Commit summary:
---------------
Merging the the refactorization pam_unix_ref branch into the trunk.
Added support for sha256 and sha512 password hashes to pam_unix
when the libcrypt supports them.

16 years agoRelevant BUGIDs:
Thorsten Kukuk [Tue, 8 Jan 2008 14:49:05 +0000 (14:49 +0000)]
Relevant BUGIDs:

Purpose of commit: bigfix

Commit summary:
---------------

2008-01-08  Thorsten Kukuk  <kukuk@thkukuk.de>

        * doc/man/Makefile.am: Fix manual page dependencies,
        add hack for bug in xsl stylestheets.

2008-01-02  Petteri Räty  <betelgeuse@gentoo.org>
        * modules/pam_limits/limits.conf: document allowed values for
        nice.
        * modules/pam_limits/limits.conf.5.xml: Likewise.

and readd files wrongly deleted before.

16 years agoRelevant BUGIDs:
Thorsten Kukuk [Tue, 8 Jan 2008 12:44:15 +0000 (12:44 +0000)]
Relevant BUGIDs:

Purpose of commit: cleanup

Commit summary:
---------------

Remove autogenerated documentation from CVS

16 years agoRelevant BUGIDs: 1863490
Thorsten Kukuk [Mon, 7 Jan 2008 14:54:50 +0000 (14:54 +0000)]
Relevant BUGIDs: 1863490

Purpose of commit: bugfix

Commit summary:
---------------

2008-01-07  Thorsten Kukuk <kukuk@thkukuk.de>
        * modules/pam_succeed_if/pam_succeed_if.8.xml: Fix
        cut & paste error [#1863490].

16 years agoRelevant BUGIDs: 1857531
Thorsten Kukuk [Mon, 7 Jan 2008 14:48:38 +0000 (14:48 +0000)]
Relevant BUGIDs: 1857531

Purpose of commit: cleanup

Commit summary:
---------------

2008-01-07  Thorsten Kukuk <kukuk@thkukuk.de>
        * po/sv.po: Update swedish translation [#1857531]

16 years agoRelevant BUGIDs:
Thorsten Kukuk [Mon, 7 Jan 2008 14:30:37 +0000 (14:30 +0000)]
Relevant BUGIDs:

Purpose of commit: cleanup

Commit summary:
---------------

2008-01-07  Thorsten Kukuk <kukuk@thkukuk.de>

        * po/it.po: Fix typos.
        * po/de.po: Few new translations.
        * po/POTFILES.in: Add pam_tty_audit.c and passverify.c.
        * doc/man/pam_xauth_data.3.xml: Added to CVS.
        * doc/man/pam_xauth_data.3: Likewise.
        * modules/pam_tty_audit/README: Likewise.
        * modules/pam_tty_audit/pam_tty_audit.8: Likewise.

16 years agoRelevant BUGIDs: 1822779, 1822764
Thorsten Kukuk [Tue, 18 Dec 2007 12:55:38 +0000 (12:55 +0000)]
Relevant BUGIDs: 18227791822764

Purpose of commit: docufix

Commit summary:
---------------

2007-12-18  Thorsten Kukuk <kukuk@thkukuk.de>

        * README: Document how to run make check with static modules
        (SF#1822779).

2007-12-18  Peter Breitenlohner <peb@mppmu.mpg.de>
        * README: Document that "make check" requires a file
        /etc/pam.d/other (SF#1822764).

16 years agoRelevant BUGIDs:
Tomas Mraz [Wed, 12 Dec 2007 19:34:05 +0000 (19:34 +0000)]
Relevant BUGIDs:

Purpose of commit: cleanup

Commit summary:
---------------
2007-12-12  Eamon Walsh <ewalsh@tycho.nsa.gov>

        * doc/man/pam_item_types_ext.inc.xml: More appropriate wording
        for PAM_XDISPLAY doc.

16 years agoRelevant BUGIDs:
Tomas Mraz [Fri, 7 Dec 2007 15:40:01 +0000 (15:40 +0000)]
Relevant BUGIDs:

Purpose of commit: new feature and cleanup

Commit summary:
---------------
2007-12-07  Tomas Mraz  <t8m@centrum.cz>

        * libpam/libpam.map: Add LIBPAM_MODUTIL_1.1 version.
        * libpam/pam_audit.c: Add _pam_audit_open() and
        pam_modutil_audit_write().
        (_pam_auditlog): Call _pam_audit_open().
        * libpam/include/security/pam_modutil.h: Add pam_modutil_audit_write().
        * modules/pam_access/pam_access.8.xml: Add noaudit option.
        Document auditing.
        * modules/pam_access/pam_access.c: Move fs, sep, pam_access_debug, and
        only_new_group_syntax variables to struct login_info. Add noaudit
        member.
        (_parse_args): Adjust for the move of variables and add support for
        noaudit option.
        (group_match): Add debug parameter.
        (string_match): Likewise.
        (network_netmask_match): Likewise.
        (login_access): Adjust for the move of variables. Add nonall_match.
        Add call to pam_modutil_audit_write().
        (list_match): Adjust for the move of variables.
        (user_match): Likewise.
        (from_match): Likewise.
        (pam_sm_authenticate): Call _parse_args() earlier.
        * modules/pam_limits/pam_limits.8.xml: Add noaudit option.
        Document auditing.
        * modules/pam_limits/pam_limits.c (_pam_parse): Add noaudit option.
        (setup_limits): Call pam_modutil_audit_write().
        * modules/pam_time/pam_time.8.xml: Add debug and noaudit options.
        Document auditing.
        * modules/pam_time/pam_time.c: Add option parsing (_pam_parse()).
        (check_account): Call _pam_parse(). Call pam_modutil_audit_write()
        and pam_syslog() on login denials.

16 years agoRelevant BUGIDs:
Tomas Mraz [Fri, 7 Dec 2007 14:56:49 +0000 (14:56 +0000)]
Relevant BUGIDs:

Purpose of commit: translations

Commit summary:
---------------
2007-12-07  Tomas Mraz  <t8m@centrum.cz>

        * po/cs.po: Updated translations.

16 years agoRelevant BUGIDs:
Tomas Mraz [Fri, 7 Dec 2007 13:50:55 +0000 (13:50 +0000)]
Relevant BUGIDs:

Purpose of commit: translations

Commit summary:
---------------
2007-12-07  Luca Bruno <luca.br@uno.it>

        * po/it.po: Updated translations.

16 years agoRelevant BUGIDs:
Tomas Mraz [Thu, 6 Dec 2007 20:20:07 +0000 (20:20 +0000)]
Relevant BUGIDs:

Purpose of commit: new feature

Commit summary:
---------------
2007-12-06  Eamon Walsh <ewalsh@tycho.nsa.gov>

        * libpam/include/security/_pam_macros.h: Add _pam_overwrite_n()
        macro.
        * libpam/include/security/_pam_types.h: Add PAM_XDISPLAY,
        PAM_XAUTHDATA items, pam_xauth_data struct.
        * libpam/pam_item.c (pam_set_item, pam_get_item): Handle
        PAM_XDISPLAY and PAM_XAUTHDATA items.
        * libpam/pam_end.c (pam_end): Destroy the new items.
        * libpam/pam_private.h (pam_handle): Add data members for new
        items. Add prototype for _pam_memdup.
        * libpam/pam_misc.c: Add _pam_memdup.
        * doc/man/Makefile.am: Add pam_xauth_data.3. Replace
        pam_item_types.inc.xml with pam_item_types_std.inc.xml and
        pam_item_types_ext.inc.xml.
        * doc/man/pam_get_item.3.xml: Replace pam_item_types.inc.xml
        with pam_item_types_std.inc.xml and pam_item_types_ext.inc.xml.
        * doc/man/pam_set_item.3.xml: Likewise.
        * doc/man/pam_item_types.inc.xml: Removed file.
        * doc/man/pam_item_types_ext.inc.xml: New file.
        * doc/man/pam_item_types_std.inc.xml: New file.

16 years agoRelevant BUGIDs:
Tomas Mraz [Thu, 6 Dec 2007 07:24:23 +0000 (07:24 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
2007-12-05  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_tty_audit/pam_tty_audit.8.xml: Fix example.

16 years agoRelevant BUGIDs:
Tomas Mraz [Wed, 5 Dec 2007 20:08:57 +0000 (20:08 +0000)]
Relevant BUGIDs:

Purpose of commit: new feature

Commit summary:
---------------
2007-12-05  Miloslav Trmac  <mitr@redhat.com>

        * configure.in: Add test for audit_tty_status struct. Add
        pam_tty_audit module.
        * libpam/pam_static_modules.h: Add pam_tty_audit module.
        * modules/pam_tty_audit/Makefile.am: New file.
        * modules/pam_tty_audit/README.xml: Likewise.
        * modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise.
        * modules/pam_tty_audit/pam_tty_audit.c: Likewise.

16 years agoRelevant BUGIDs: pam_unix_refactor
Tomas Mraz [Wed, 5 Dec 2007 10:03:29 +0000 (10:03 +0000)]
Relevant BUGIDs:

Purpose of commit: cleanup

Commit summary:
---------------
2007-12-05  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_unix/Makefile.am: Add passverify.h and passverify.c
        as first part of pam_unix refactorization.
        * modules/pam_unix/pam_unix/pam_unix_acct.c: Include passverify.h.
        * modules/pam_unix/pam_unix_passwd.c: Likewise.
        * modules/pam_unix/passverify.c: New file with common functions.
        * modules/pam_unix/passverify.h: Prototypes for the common functions.
        * modules/pam_unix/support.c: Include passverify.h, move
        _unix_shadowed() to passverify.c.
        (_unix_verify_password): Refactor out verify_pwd_hash() function.
        * modules/pam_unix/support.h: Move _unix_shadowed() prototype to
        passverify.h
        * modules/pam_unix/unix_chkpwd.c: Use _unix_shadowed() and
        verify_pwd_hash() from passverify.c.

16 years agoRelevant BUGIDs: 1822779
Thorsten Kukuk [Tue, 20 Nov 2007 11:01:23 +0000 (11:01 +0000)]
Relevant BUGIDs: 1822779

Purpose of commit: bugfix

Commit summary:
---------------

2007-11-20  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_unix/Makefile.am (unix_chkpwd_LDADD): Don't link
        unix_chkpwd unnecessary against libpam (#1822779).

16 years agoRelevant BUGIDs: 1822779
Thorsten Kukuk [Tue, 20 Nov 2007 10:58:10 +0000 (10:58 +0000)]
Relevant BUGIDs: 1822779

Purpose of commit: bugfix

Commit summary:
---------------

Don't link pam_tally application against libpam, if linked static,
libpam is not yet available.

2007-11-20  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_tally/pam_tally.c (tally_log): Map
        pam_modutil_getpwnam to getpwnam if we don't compile
        as module.
        * modules/pam_tally/Makefile.am: Don't link pam_tally_app
        against libpam (#1822779).

17 years agoRelevant BUGIDs: 1822761
Thorsten Kukuk [Tue, 6 Nov 2007 15:24:26 +0000 (15:24 +0000)]
Relevant BUGIDs: 1822761

Purpose of commit: bugfix

Commit summary:
---------------

2007-11-06  Thorsten Kukuk  <kukuk@thkukuk.de>

        * xtests/tst-pam_group1.c: Include stdlib.h
        * xtests/tst-pam_succeed_if1.c: Likewise.
        * xtests/tst-pam_limits1.c: Likewise.
        * xtests/tst-pam_access1.c: Likewise.
        * xtests/tst-pam_access2.c: Likewise.
        * xtests/tst-pam_access3.c: Likewise.
        * xtests/tst-pam_access4.c: Likewise.
        * xtests/tst-pam_unix1.c: Likewise.
        * xtests/tst-pam_unix2.c: Likewise.
        * xtests/tst-pam_unix3.c: Likewise.
        * xtests/tst-pam_cracklib1.c: Likewise.
        * xtests/tst-pam_cracklib2.c: Likewise.

2007-10-30  Peter Breitenlohner <peb@mppmu.mpg.de>

        * modules/pam_rhosts/pam_rhosts_auth.c (__icheckhost): Correct
        misplaced parenthesis.
        * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Prevent use of
        dngettext() when NLS is disabled.
        * modules/pam_exec/pam_exec.c (call_exec): Avoid gcc warning.
        * doc/specs/parse_y.y (set_label, new_counter): Break trigraphs to
        avoid gcc warning.
        * modules/pam_wheel/pam_wheel.c: Remove excessive initializer
        elements.

17 years agoRelevant BUGIDs: 1822762
Thorsten Kukuk [Tue, 6 Nov 2007 14:58:53 +0000 (14:58 +0000)]
Relevant BUGIDs: 1822762

Purpose of commit: bugfix

Commit summary:
---------------

2007-11-01  Peter Breitenlohner <peb@mppmu.mpg.de>

        * doc/man/pam_conv.3.xml: Correct typo.

2007-10-30  Peter Breitenlohner <peb@mppmu.mpg.de>

        * modules/pam_cracklib/pam_cracklib.8.xml: Correct typo.
        * modules/pam_limits/limits.conf.5.xml: Likewise.
        * modules/pam_listfile/pam_listfile.8.xml: Likewise.
        * modules/pam_xauth/pam_xauth.8.xml: Likewise.

        * modules/pam_deny/pam_deny.8.xml: Correct spelling.
        * modules/pam_group/pam_group.8.xml: Likewise.
        * modules/pam_permit/pam_permit.8.xml: Likewise.
        * modules/pam_shells/pam_shells.8.xml: Likewise.
        * modules/pam_time/pam_time.8.xml: Likewise.
        * modules/pam_warn/pam_warn.8.xml: Likewise.

17 years agoRelevant BUGIDs: 1822779
Thorsten Kukuk [Tue, 6 Nov 2007 14:46:57 +0000 (14:46 +0000)]
Relevant BUGIDs: 1822779

Purpose of commit: bugfix

Commit summary:
---------------

2007-11-06  Thorsten Kukuk  <kukuk@thkukuk.de>

        * libpam/pam_static_modules.h: Fix name of pam_namespace variable.

2007-10-30  Peter Breitenlohner <peb@mppmu.mpg.de>

        * tests/tst-dlopen.c: Return 77 in case of static modules, such that
        all modules/pam_*/tst-pam_* tests yield SKIP instead of FAIL.
        * libpam/Makefile.am (libpam_la_LIBADD): Use "$(shell ls ...)" instead
        of "`ls ...`", to allow for static modules.
        * libpam/pam_static_modules.h: Make pam_keyinit module depend on
        HAVE_KEY_MANAGEMENT; correct name of pam_faildelay pam_module struct.
        * modules/pam_faildelay/pam_faildelay.c: Correct name of pam_module
        struct.

17 years agoRelevant BUGIDs: Debian bug #446327
Steve Langasek [Thu, 25 Oct 2007 21:32:48 +0000 (21:32 +0000)]
Relevant BUGIDs: Debian bug #446327

Purpose of commit: bugfix

Commit summary:
---------------
2007-10-25  Steve Langasek  <vorlon@debian.org>

* modules/pam_tally/pam_tally.c: fix the definition of OPT_AUDIT
to be octal instead of decimal, so that it works properly in a
bit field instead of forcing the "even_deny_root_account" and
"no_reset" options to on.
Patch from Corey Wright <undefined@pobox.com>.

17 years agoRelevant BUGIDs:
Tomas Mraz [Fri, 19 Oct 2007 17:06:29 +0000 (17:06 +0000)]
Relevant BUGIDs:

Purpose of commit: new feature

Commit summary:
---------------
2007-10-19  Tomas Mraz  <t8m@centrum.cz>

        * xtests/tst-pam_access1.c: Use different name for user and group.
        * xtests/tst-pam_access1.sh: Likewise.
        * xtests/tst-pam_access2.c: Likewise.
        * xtests/tst-pam_access2.sh: Likewise.
        * xtests/tst-pam_access4.c: Likewise.
        * xtests/tst-pam_access4.sh: Likewise.
        * xtests/group.conf: Likewise.
        * xtests/tst-pam_group1.c: Likewise.
        * xtests/tst-pam_group1.sh: Likewise.

        * libpam/pam_dispatch.c (_pam_dispatch_aux): Save states for substacks,
        record substack level, skip over virtual substack modules, implement
        evaluation of done, die, reset and jumps in substacks. Also fixes
        too far jumps in substacks.
        * libpam/pam_end.c (pam_end): Drop substack evaluation states.
        * libpam/pam_handlers.c (_pam_parse_conf_file): Add substack level
        parameter, instead of must_fail use handler_type needed for virtual
        substack modules.
        (_pam_load_conf_file): Add substack level parameter.
        (_pam_init_handlers): Substack level parameter added to
        _pam_parse_conf_file() calls.
        (_pam_load_module): New function.
        (_pam_add_handler): Refactor code into the _pam_load_module(). Add
        support for virtual substack modules.
        * libpam/pam_private.h: Rename must_fail to handler_type, add stack_level
        to struct handler. Define handler type constants. Add struct
        for substack evaluation states. Define constant for maximum
        substack level. Add substack states pointer to former state struct.
        * libpam/pam_start.c (pam_start): Initialize pointer to substack states.
        * doc/man/pam.conf-syntax.xml: Document substack control.
        * xtests/Makefile.am: Add new tests for substack evaluation.
        * xtests/run_xtests.sh: Support multiple .pamd files in a test.
        * xtests/tst-pam_authfail.pamd: New tests for substack evaluation.
        * xtests/tst-pam_authsucceed.pamd: Likewise.
        * xtests/tst-pam_substack1.pamd: Likewise.
        * xtests/tst-pam_substack1a.pamd: Likewise.
        * xtests/tst-pam_substack1.sh: Likewise.
        * xtests/tst-pam_substack2.pamd: Likewise.
        * xtests/tst-pam_substack2a.pamd: Likewise.
        * xtests/tst-pam_substack2.sh: Likewise.
        * xtests/tst-pam_substack3.pamd: Likewise.
        * xtests/tst-pam_substack3a.pamd: Likewise.
        * xtests/tst-pam_substack3.sh: Likewise.
        * xtests/tst-pam_substack4.pamd: Likewise.
        * xtests/tst-pam_substack4a.pamd: Likewise.
        * xtests/tst-pam_substack4.sh: Likewise.
        * xtests/tst-pam_substack5.pamd: Likewise.
        * xtests/tst-pam_substack5a.pamd: Likewise.
        * xtests/tst-pam_substack5.sh: Likewise.

17 years agoRelevant BUGIDs:
Tomas Mraz [Thu, 18 Oct 2007 12:33:16 +0000 (12:33 +0000)]
Relevant BUGIDs:

Purpose of commit: testcase

Commit summary:
---------------
        * xtests/tst-pam_cracklib2.c: Make the testcase more robust.

17 years agoRelevant BUGIDs:
Tomas Mraz [Thu, 18 Oct 2007 11:02:57 +0000 (11:02 +0000)]
Relevant BUGIDs:

Purpose of commit: testcase

Commit summary:
---------------
2007-10-18  Tomas Mraz  <t8m@centrum.cz>
        * xtests/tst-pam_dispatch4.c: Fix comment about the test.
        * xtests/tst-pam_dispatch4.pamd: Improve the testcase.

17 years agoRelevant BUGIDs:
Thorsten Kukuk [Thu, 18 Oct 2007 10:02:33 +0000 (10:02 +0000)]
Relevant BUGIDs:

Purpose of commit: cleanup

Commit summary:
---------------

Add new tests to .cvsignore

17 years agoRelevant BUGIDs:
Thorsten Kukuk [Fri, 12 Oct 2007 10:46:25 +0000 (10:46 +0000)]
Relevant BUGIDs:

Purpose of commit: new testcase

Commit summary:
---------------

2007-10-12  Thorsten Kukuk  <kukuk@thkukuk.de>

        * xtests/Makefile.am: Add tst-pam_dispatch5 sources
        * xtests/tst-pam_dispatch5.c: New test for jump too far.
        * xtests/tst-pam_dispatch5.pamd: New test configuration.

17 years agoRelevant BUGIDs:
Tomas Mraz [Wed, 10 Oct 2007 14:10:06 +0000 (14:10 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
2007-10-09  Tomas Mraz  <t8m@centrum.cz>
        * modules/pam_tally/pam_tally.8.xml: Document audit option
        correctly.

17 years agoRelevant BUGIDs: Linux-PAM-0_99_9_0
Thorsten Kukuk [Tue, 9 Oct 2007 12:50:40 +0000 (12:50 +0000)]
Relevant BUGIDs:

Purpose of commit: release

Commit summary:
---------------

2007-10-09  Thorsten Kukuk  <kukuk@thkukuk.de>

        * release version 0.99.9.0

        * configure.in: Increase vesion number.

        * libpam/Makefile.am: Increase release number.
        * libpam_misc/Makefile.am: Increase release number.

        * po/*.po: Regenerate.

17 years agoRelevant BUGIDs:
Thorsten Kukuk [Mon, 8 Oct 2007 15:05:36 +0000 (15:05 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2007-10-08  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_time/pam_time.c (is_same): Length of strings without
        wildcard needs to be the same.
        * modules/pam_group/pam_group.c (is_same): Likewise.

17 years agoRelevant BUGIDs:
Thorsten Kukuk [Mon, 1 Oct 2007 12:10:11 +0000 (12:10 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

Fix type.

17 years agoRelevant BUGIDs:
Thorsten Kukuk [Mon, 1 Oct 2007 09:43:09 +0000 (09:43 +0000)]
Relevant BUGIDs:

Purpose of commit: new testcase

Commit summary:
---------------

Forgot to add.

17 years agoRelevant BUGIDs:
Thorsten Kukuk [Mon, 1 Oct 2007 09:41:32 +0000 (09:41 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2007-10-01  Thorsten Kukuk  <kukuk@thkukuk.de>

        * xtests/tst-pam_group1.c: New test case for user compare in pam_group.
        * xtests/tst-pam_group1.sh: Script to run test case.
        * xtests/tst-pam_group1.pamd: Config for test case.
        * xtests/Makefile.am: Add tst-pam_group1 test case.
        * xtests/run-xtests.sh: Save/restore group.conf.
        * xtests/group.conf: New.

        * modules/pam_xauth/pam_xauth.c (pam_sm_open_session): Don't
        free arguments used for putenv().

        * doc/man/pam_putenv.3.xml: Document that application has to free
        the memory.

17 years agoRelevant BUGIDs:
Thorsten Kukuk [Thu, 27 Sep 2007 14:16:32 +0000 (14:16 +0000)]
Relevant BUGIDs:

Purpose of commit:

Commit summary:
---------------

Really commit now ...

17 years agoRelevant BUGIDs: rhbz #306901, rhbz #295151
Tomas Mraz [Thu, 27 Sep 2007 11:54:43 +0000 (11:54 +0000)]
Relevant BUGIDs: rhbz #306901, rhbz #295151

Purpose of commit: bugfix

Commit summary:
---------------
2007-09-27  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_succeed_if/pam_succeed_if.c (evaluate_inlist): Fix in
        operator rhbz #295151.
        * modules/pam_namespace/pam_namespace.c (poly_name): Do not try to
        get context when SELinux is disabled rhbz #306901.

17 years agoRelevant BUGIDs: Red Hat #295151
Thorsten Kukuk [Thu, 27 Sep 2007 11:21:11 +0000 (11:21 +0000)]
Relevant BUGIDs: Red Hat #295151

Purpose of commit: testcase

Commit summary:
---------------

2007-09-27  Thorsten Kukuk  <kukuk@thkukuk.de>

        * xtests/tst-pam_succeed_if1.c: New test case for
        https://bugzilla.redhat.com/show_bug.cgi?id=295151
        * xtests/tst-pam_succeed_if1.sh: Script to run test case.
        * xtests/tst-pam_succeed_if1.pamd: Config for test case.
        * xtests/Makefile.am: Add tst-pam_succeed_if1 test case.

17 years agoRelevant BUGIDs:
Thorsten Kukuk [Thu, 27 Sep 2007 10:22:06 +0000 (10:22 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2007-09-27  Thorsten Kukuk  <kukuk@thkukuk.de>

        * xtests/run-xtests.sh: Add support to skip tests.
        * xtests/tst-pam_limits1.c: Skip test if RLIMIT_NICE is not
        defined.

17 years agoRelevant BUGIDs: Debian bug #331278
Steve Langasek [Mon, 3 Sep 2007 21:58:44 +0000 (21:58 +0000)]
Relevant BUGIDs: Debian bug #331278

Purpose of commit: bugfix/cleanup

Commit summary:
---------------
2007-09-03  Steve Langasek  <vorlon@debian.org>

        * modules/pam_limits/pam_limits.c: remove a number of unnecessary
        string manipulations, including a strncpy() that was acting on
        overlapping memory.

17 years agoRelevant BUGIDs: Debian bug #1708
Steve Langasek [Mon, 3 Sep 2007 21:45:04 +0000 (21:45 +0000)]
Relevant BUGIDs: Debian bug #1708

Purpose of commit: cleanup (behavior change)

Commit summary:
---------------
2007-09-03  Steve Langasek  <vorlon@debian.org>

        * libpam_misc/misc_conv.c: don't block SIGINT in misc_conv; it's
        perfectly valid to allow the user to interrupt at a prompt.  If
        an application wants prompts to not be interruptable, the
        application should take responsibility for blocking SIGINT.

17 years agoRelevant BUGIDs:
Thorsten Kukuk [Sun, 2 Sep 2007 17:02:53 +0000 (17:02 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2007-09-02  Thorsten Kukuk  <kukuk@thkukuk.de>

        * examples/Makefile.am: Fix usage of LIBADD, LDADD and LDFLAGS.
        * libpam/Makefile.am: Likewise.
        * modules/pam_access/Makefile.am: Likewise.
        * modules/pam_cracklib/Makefile.am: Likewise.
        * modules/pam_debug/Makefile.am: Likewise.
        * modules/pam_deny/Makefile.am: Likewise.
        * modules/pam_echo/Makefile.am: Likewise.
        * modules/pam_env/Makefile.am: Likewise.
        * modules/pam_exec/Makefile.am: Likewise.
        * modules/pam_faildelay/Makefile.am: Likewise.
        * modules/pam_filter/Makefile.am: Likewise.
        * modules/pam_filter/upperLOWER/Makefile.am: Likewise.
        * modules/pam_ftp/Makefile.am: Likewise.
        * modules/pam_group/Makefile.am: Likewise.
        * modules/pam_issue/Makefile.am: Likewise.
        * modules/pam_keyinit/Makefile.am: Likewise.
        * modules/pam_lastlog/Makefile.am: Likewise.
        * modules/pam_limits/Makefile.am: Likewise.
        * modules/pam_listfile/Makefile.am: Likewise.
        * modules/pam_localuser/Makefile.am: Likewise.
        * modules/pam_loginuid/Makefile.am: Likewise.
        * modules/pam_mail/Makefile.am: Likewise.
        * modules/pam_mkhomedir/Makefile.am: Likewise.
        * modules/pam_motd/Makefile.am: Likewise.
        * modules/pam_namespace/Makefile.am: Likewise.
        * modules/pam_nologin/Makefile.am: Likewise.
        * modules/pam_permit/Makefile.am: Likewise.
        * modules/pam_rhosts/Makefile.am: Likewise.
        * modules/pam_rootok/Makefile.am: Likewise.
        * modules/pam_securetty/Makefile.am: Likewise.
        * modules/pam_selinux/Makefile.am: Likewise.
        * modules/pam_shells/Makefile.am: Likewise.
        * modules/pam_stress/Makefile.am: Likewise.
        * modules/pam_succeed_if/Makefile.am: Likewise.
        * modules/pam_tally/Makefile.am: Likewise.
        * modules/pam_time/Makefile.am: Likewise.
        * modules/pam_umask/Makefile.am: Likewise.
        * modules/pam_unix/Makefile.am: Likewise.
        * tests/Makefile.am: Likewise.

17 years agoRelevant BUGIDs: Debian bug #197080
Steve Langasek [Sat, 1 Sep 2007 02:10:32 +0000 (02:10 +0000)]
Relevant BUGIDs: Debian bug #197080

Purpose of commit: cleanup

Commit summary:
---------------
2007-08-31  Steve Langasek  <vorlon@debian.org>

        * modules/pam_group/group.conf: don't use "games" as an example
        group, on some distros this is a pre-existing group that it would
        be a security hole to give users access to.

17 years agoRelevant BUGIDs: Debian bugs #95220, #175900
Steve Langasek [Thu, 30 Aug 2007 15:15:41 +0000 (15:15 +0000)]
Relevant BUGIDs: Debian bugs #95220, #175900

Purpose of commit: bugfix

Commit summary:
---------------
2007-08-30  Steve Langasek  <vorlon@debian.org>

        * modules/pam_unix/support.c, modules/pam_unix/unix_chkpwd.c:
        A wrong username doesn't need to be logged at LOG_ALERT;
        LOG_WARNING should be sufficient.
        Patch from Sam Hartman <hartmans@debian.org>.

17 years agoRelevant BUGIDs:
Thorsten Kukuk [Thu, 30 Aug 2007 14:47:56 +0000 (14:47 +0000)]
Relevant BUGIDs:

Purpose of commit: documentation fix

Commit summary:
---------------

2007-08-30  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_limits/limits.conf.5.xml: Document that maxlogins
        is ignored for users with UID 0.

17 years agoRelevant BUGIDs:
Steve Langasek [Thu, 30 Aug 2007 07:37:31 +0000 (07:37 +0000)]
Relevant BUGIDs:

Purpose of commit: cleanup

Commit summary:
---------------
2007-08-30  Steve Langasek  <vorlon@debian.org>

        * modules/pam_cracklib/pam_cracklib.c:
        s/CRACKLIB_DICT/CRACKLIB_DICTS/, for consistency with existing
        #define in pam_unix

17 years agoRelevant BUGIDs:
Steve Langasek [Thu, 30 Aug 2007 04:00:39 +0000 (04:00 +0000)]
Relevant BUGIDs:

Purpose of commit: portability, cleanup

Commit summary:
---------------
2007-08-29  Steve Langasek  <vorlon@debian.org>

        * libpam/pam_modutil_getgrgid.c, libpam/pam_modutil_getgrnam.c,
        libpam/pam_modutil_getpwnam.c, libpam/pam_modutil_getpwuid.c,
        libpam/pam_modutil_getspnam.c: don't use pthread mutexes in libpam
        unnecessarily; this avoids linking problems on non-Linux
        platforms.

17 years agoRelevant BUGIDs: Debian bug #84428
Steve Langasek [Thu, 30 Aug 2007 00:11:15 +0000 (00:11 +0000)]
Relevant BUGIDs: Debian bug #84428

Purpose of commit: new feature

Commit summary:
---------------
2007-08-29  Steve Langasek  <vorlon@debian.org>

        * modules/pam_listfile/pam_listfile.c, modules/pam_listfile/README,
        modules/pam_listfile/pam_listfile.8,
        modules/pam_listfile/pam_listfile.8.xml: add a 'quiet' option to
        avoid logging errors any time a user is refused service by this
        module.

17 years agoRelevant BUGIDs:
Thorsten Kukuk [Wed, 29 Aug 2007 14:51:23 +0000 (14:51 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2007-08-29  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_rhosts/pam_rhosts_auth.c: buflen needs to be size_t.
        (__icheckhost): Cast to int32_t to fix limited range error.

        * modules/pam_cracklib/pam_cracklib.c: Mark cracklib_dictpath
        as const.

17 years agoRelevant BUGIDs: Debian bug #440019
Steve Langasek [Wed, 29 Aug 2007 10:30:11 +0000 (10:30 +0000)]
Relevant BUGIDs: Debian bug #440019

Purpose of commit: bugfix

Commit summary:
---------------
2007-08-29  Steve Langasek <vorlon@debian.org>

        * modules/pam_rhosts/pam_rhosts_auth.c: getline returns -1 at
        EOF, not 0.  Check accordingly to fix an infinite loop.  Thanks
        to Stephan Springl <springl-rhosts@bfw-online.de> for catching
        this.

17 years agoRelevant BUGIDs:
Steve Langasek [Wed, 29 Aug 2007 00:14:57 +0000 (00:14 +0000)]
Relevant BUGIDs:

Purpose of commit: cleanup

Commit summary:
---------------
2007-08-28  Steve Langasek <vorlon@debian.org>

        * configure.in: call AC_CHECK_HEADERS instead of AC_CHECK_HEADER
        for crack.h, so we get a HAVE_CRACK_H define.
        * modules/pam_cracklib/pam_cracklib.c: don't copy around the
        cracklib dictpath into a fixed-width buffer, when we can just
        point at the existing strings; and allow users to override the
        default cracklib path with -DCRACKLIB_DICT, required for
        compatibility with cracklib 2.7.

17 years agoRelevant BUGIDs: Debian bugs #76119, #165066
Steve Langasek [Tue, 28 Aug 2007 02:27:17 +0000 (02:27 +0000)]
Relevant BUGIDs: Debian bugs #76119, #165066

Purpose of commit: portability

Commit summary:
---------------
2007-08-27  Steve Langasek  <vorlon@debian.org>

* modules/pam_limits/pam_limits.c: when building on non-Linux
systems, give a warning only, not an error; no one seems to
remember why this error was here in the first place, but leave
something in that might still grab the attention of non-Linux
users.
Patch from Michal Suchanek <hramrach_l@centrum.cz>.
* configure.in, modules/pam_rhosts/pam_rhosts_auth.c: check for
the presence of net/if.h before using, required for Hurd
compatibility.
Patch from Igor Khavkine <i_khavki@alcor.concordia.ca>.
* modules/pam_limits/pam_limits.c: conditionalize the use of
RLIMIT_AS, which is not present on the Hurd.
Patch from Igor Khavkine <i_khavki@alcor.concordia.ca>.
* modules/pam_rhosts/pam_rhosts_auth.c: use getline() instead of
a static buffer when available; fixes the build on systems
without MAXHOSTNAMELEN (i.e., the Hurd).
* modules/pam_xauth/pam_xauth.c: make sure PATH_MAX is defined
before using it.

17 years agoRelevant BUGIDs:
Andrew G. Morgan [Sun, 26 Aug 2007 22:44:51 +0000 (22:44 +0000)]
Relevant BUGIDs:

Purpose of commit: minor typo fix

Commit summary:
---------------
Noticed the \[ vs \] documentation error when replying to a user about
jumps in the config syntax.

17 years agoRelevant BUGIDs:
Steve Langasek [Sat, 25 Aug 2007 12:11:30 +0000 (12:11 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2007-08-25  Steve Langasek  <vorlon@debian.org>

        * doc/man/pam.conf-syntax.xml, doc/man/pam.conf.5:
        Document "new" control options conv_again and incomplete, supported
        in pam.d's extended syntax.
        Patch from Ben Collins <bcollins@debian.org>.

17 years agoRelevant BUGIDs:
Tomas Mraz [Wed, 15 Aug 2007 20:44:55 +0000 (20:44 +0000)]
Relevant BUGIDs:

Purpose of commit: cleanup

Commit summary:
---------------
2007-08-15  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_access/pam_access.c (list_match): Add explicit
        sptr argument for strtok_r, otherwise the code is not portable.

17 years agoRelevant BUGIDs:
Tomas Mraz [Mon, 13 Aug 2007 08:43:06 +0000 (08:43 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
2007-08-13  Olivier Blin <blino@mandriva.com>

        * doc/man/pam.3.xml: Fix typo.
        * doc/man/pam.3: Likewise.
        * doc/man/pam_end.3.xml: Likewise.
        * doc/man/pam_end.3: Likewise.

17 years agoRelevant BUGIDs: Linux-PAM-0_99_8_1
Thorsten Kukuk [Wed, 18 Jul 2007 09:44:16 +0000 (09:44 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2007-07-18  Thorsten Kukuk  <kukuk@thkukuk.de>

        * release version 0.99.8.1

        * libpam/pam_audit.c: Include unistd.h for getuid().
        * libpam/Makefile.am: Bump version number.

17 years agoRelevant BUGIDs:
Thorsten Kukuk [Thu, 12 Jul 2007 19:37:48 +0000 (19:37 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2007-07-12  Thorsten Kukuk  <kukuk@thkukuk.de>

        * libpam/pam_audit.c (_pam_audit_writelog): Don't return
        error if application runs as normal user. Fixes regression
        introduced with last change.

17 years agoRelevant BUGIDs:
Thorsten Kukuk [Tue, 10 Jul 2007 13:30:39 +0000 (13:30 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix/new feature

Commit summary:
---------------

2007-07-10  Thorsten Kukuk  <kukuk@thkukuk.de>

        * configure.in: Add --with-db-uniquename option to support
        db libraries and functions with unique name extension.
        Patch from Diego 'Flameeyes' Pettenò <flameeyes@gmail.com>.

        * modules/pam_limits/pam_limits.c: Include locale.h.

17 years agoRelevant BUGIDs: Linux-PAM-0_99_8_0
Thorsten Kukuk [Fri, 6 Jul 2007 08:35:28 +0000 (08:35 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

Fix version number

17 years agoRelevant BUGIDs:
Thorsten Kukuk [Fri, 6 Jul 2007 08:23:13 +0000 (08:23 +0000)]
Relevant BUGIDs:

Purpose of commit:  bugfix, release

Commit summary:
---------------

2007-07-06  Thorsten Kukuk  <kukuk@thkukuk.de>

        * release version 0.99.8.0

        * configure.in: Check for audit_log_acct_message instead of
        audit_log_user_message.
        * libpam/pam_audit.c: Use audit_log_acct_message.
        Based on patch from Mark J Cox <mjc@redhat.com>.
        * libpam/Makefile.am: Bump version number of libpam.

        * modules/pam_umask/pam_umask.c (set_umask): mode_t is 32bit,
        not 64bit.

        * xtests/tst-pam_limits1.c: Fix printf arguments.

        * po/*.po: Merge po files with latest code changes.

17 years agoRelevant BUGIDs:
Thorsten Kukuk [Tue, 26 Jun 2007 10:45:42 +0000 (10:45 +0000)]
Relevant BUGIDs:

Purpose of commit:

Commit summary:
---------------

forgot to commit ...

17 years agoRelevant BUGIDs:
Thorsten Kukuk [Tue, 26 Jun 2007 10:44:28 +0000 (10:44 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2007-06-26  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_limits/pam_limits.c (process_limit): Check upper and
        lower limit of nice value, fix off-by-one in conversation to rlim_t.
        * xtests/Makefile.am: Add new pam_limits test case.
        * xtests/limits.conf: New, config file for test case.
        * xtests/pam_limits1.c: New, test case for RLIMIT_NICE.
        * xtests/pam_limits1.sh: Likewise.
        * xtests/pam_limits1.pamd: Likewise.

17 years agoRelevant BUGIDs:
Thorsten Kukuk [Mon, 25 Jun 2007 11:09:32 +0000 (11:09 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2007-06-25  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_access/pam_access.c (list_match): Use saveptr of strtok_r
        result for recursive calls.
        * xtests/Makefile.am: Add new pam_access test cases.
        * xtests/pam_access1.c: New test case.
        * xtests/pam_access2.c: Likewise.
        * xtests/pam_access3.c: Likewise.
        * xtests/pam_access4.c: Likewise.
        * xtests/pam_access1.sh: Wrapper to create user accounts.
        * xtests/pam_access2.sh: Likewise.
        * xtests/pam_access3.sh: Likewise.
        * xtests/pam_access4.sh: Likewise.
        * xtests/pam_access1.pamd: PAM config file for pam_access tests.
        * xtests/pam_access2.pamd: Likewise.
        * xtests/pam_access3.pamd: Likewise.
        * xtests/pam_access4.pamd: Likewise.
        * xtests/access.conf: Config file for pam_access tests.
        * xtests/run-tests.sh: Install access.conf into system.

17 years agoRelevant BUGIDs:
Thorsten Kukuk [Fri, 22 Jun 2007 23:30:36 +0000 (23:30 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2007-06-22  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Print
        better error message if /proc/self/loginuid cannot be opened.

        * modules/pam_limits/pam_limits.c (process_limit): Check for
        variable overflow after multiplication [bnc#283001].

17 years agoRelevant BUGIDs: 411390
Thorsten Kukuk [Fri, 22 Jun 2007 09:49:03 +0000 (09:49 +0000)]
Relevant BUGIDs: 411390

Purpose of commit: new feature

Commit summary:
---------------

2007-06-22  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_access/pam_access.c: Add new syntax for groups
        in access.conf to differentiate group names from account names.
        Based on patch from Julien Lecomte <julien@famille-lecomte.net>,
        solves feature request [#411390].
        * modules/pam_access/access.conf: Add example for new group
        syntax.
        * modules/pam_access/access.conf.5.xml: Document new syntax.

17 years agoRelevant BUGIDs: 1688777
Thorsten Kukuk [Wed, 20 Jun 2007 13:54:08 +0000 (13:54 +0000)]
Relevant BUGIDs: 1688777

Purpose of commit: new features

Commit summary:
---------------

2007-06-20  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_cracklib/pam_cracklib.8.xml: Document new minclass
        option.
        * modules/pam_cracklib/pam_cracklib.c: Add support for minimum
        character classes [#1688777]. Based on patch from Keith Schincke.

        * xtests/tst-pam_cracklib2.c: New, test case for minclass option.
        * xtests/tst-pam_cracklib2.pamd: New, PAM config file for test case.
        * xtests/Makefile.am: Add new testcase.

        * xtests/pam_cracklib.c: Fix comment what this application tests.

        * configure.in: Use /lib64 on x86-64, ppc64, s390x, sparc64

17 years agoRelevant BUGIDs:
Tomas Mraz [Fri, 15 Jun 2007 13:50:11 +0000 (13:50 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
2007-06-15  Tomas Mraz  <t8m@centrum.cz>

        * configure.in: Check for setkeycreatecon().

17 years agoRelevant BUGIDs:
Tomas Mraz [Fri, 15 Jun 2007 10:17:22 +0000 (10:17 +0000)]
Relevant BUGIDs:

Purpose of commit: new feature

Commit summary:
---------------
2007-06-15  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_selinux/pam_selinux.8.xml: Remove multiple option,
        add select_context and use_current_range options.
        * modules/pam_selinux/pam_selinux.c (send_audit_message): Added
        function for auditing role/level changes.
        (query_response): Add default response.
        (select_context): Removed.
        (manual_context): Query only role and level.
        (mls_range_allowed): Added function for range check.
        (config_context): Added function for role and level override.
        (pam_sm_open_session): Remove multiple option, add select_context
        and use_current_range_options. Use getseuserbyname to obtain
        SELinux user and level. Audit role/level changes. Call setkeycreatecon
        to assign key creation context. Don't fail on errors when SELinux
        is not in enforcing mode.

17 years agoRelevant BUGIDs:
Tomas Mraz [Fri, 15 Jun 2007 09:38:11 +0000 (09:38 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix, new feature

Commit summary:
---------------
2007-06-15  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_namespace/README.xml: Avoid duplication of
        documentation.
        * modules/pam_namespace/namespace.conf: More real life example
        from MLS support.
        * modules/pam_namespace/namespace.conf.5.xml: Likewise plus
        properly describe how instance directory names are formed.
        * modules/pam_namespace/namespace.init: Preserve euid when
        called from setuid apps (su, newrole).
        * modules/pam_namespace/pam_namespace.8.xml: Added option
        no_unmount_on_close.
        * modules/pam_namespace/pam_namespace.c (process_line): Polyinst
        methods are now user, level and context. Fix crash on unknown
        override user in config file.
        (ns_override): Add explicit uid parameter.
        (form_context): Skip for user method. Implement level based
        polyinstantiation.
        (poly_name): Initialize contexts. Add level based polyinst,
        remove 'both' metod. Use raw contexts for instance names,
        truncate long instance names and add hash.
        (ns_setup): Hashing moved to poly_name().
        (setup_namespace): Handle correctly override users for
        su (when unmnt_remnt is used).
        (pam_sm_close_session): Added no_unmount_on_close option.
        * modules/pam_namespace/pam_namespace.h: Added
        no_unmount_on_close_option, level method, limit on instance
        directory name length.

17 years agoRelevant BUGIDs:
Thorsten Kukuk [Fri, 4 May 2007 11:36:08 +0000 (11:36 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2007-05-04  Thorsten Kukuk  <kukuk@suse.de>

        * xtests/run-xtests.sh: Use SRCDIR to find PAM config files.
        * xtests/Makefile.am:Call run-xtests.sh with srcdir as first
        argument.
        Based on patch by Bernard Leak <thisisnotapipe@hotmail.com>.

17 years agoRelevant BUGIDs:
Thorsten Kukuk [Mon, 30 Apr 2007 11:25:09 +0000 (11:25 +0000)]
Relevant BUGIDs:

Purpose of commit: documentation fix

Commit summary:
---------------

2007-04-30  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_limits/limits.conf: Address space limit is KB.
        * modules/pam_limits/limits.conf.5.xml: Likewise.
        Reported by Thomas Vander Stichele <thomas@apestaart.org>.

17 years agoRelevant BUGIDs: 1706247
Thorsten Kukuk [Mon, 30 Apr 2007 10:56:24 +0000 (10:56 +0000)]
Relevant BUGIDs: 1706247

Purpose of commit: bugfix

Commit summary:
---------------

2007-04-30  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_mail/pam_mail.c (_do_mail): Remove duplicate
        check for PAM_SILENT and don't bail out if it is set [#1706247].

17 years agoRelevant BUGIDs:
Thorsten Kukuk [Fri, 6 Apr 2007 05:43:01 +0000 (05:43 +0000)]
Relevant BUGIDs:

Purpose of commit:

Commit summary:
---------------

Fix typos in ChangeLog

17 years agoRelevant BUGIDs:
Tomas Mraz [Thu, 29 Mar 2007 20:33:07 +0000 (20:33 +0000)]
Relevant BUGIDs:

Purpose of commit: new feature

Commit summary:
---------------
        * modules/pam_limits/Makefile.am: Define limits.d dir and install it.
        * modules/pam_limits/pam_limits.8.xml: Describe limits.d parsing.
        * modules/pam_limits/pam_limits.c (pam_limit_s): Make conf_file ptr.
        (pam_parse): conf_file is now ptr.
        (pam_sm_open_session): Add parsing files from limits.d subdir using
        glob, change pl to pointer.

17 years agoRelevant BUGIDs:
Tomas Mraz [Thu, 29 Mar 2007 13:45:38 +0000 (13:45 +0000)]
Relevant BUGIDs:

Purpose of commit: cleanup

Commit summary:
---------------
2007-03-29  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_access/pam_access.c (login_access, list_match):
        Replace strtok with strtok_r.
        * modules/pam_cracklib/pam_cracklib.c (check_old_password):
        Likewise.
        * modules/pam_ftp/pam_ftp.c (lookup, pam_authenticate):
        Likewise.
        * modules/pam_unix/pam_unix_passwd.c (check_old_password,
        save_old_password): Likewise.

17 years agoRelevant BUGIDs:
Thorsten Kukuk [Mon, 12 Mar 2007 14:36:40 +0000 (14:36 +0000)]
Relevant BUGIDs:

Purpose of commit: translations

Commit summary:
---------------

2007-03-12  Thorsten Kukuk  <kukuk@thkukuk.de>

        * po/ar.po: New translation.
        * po/ca.po: Likewise.
        * po/da.po: Likewise.
        * po/ru.po: Likewise.
        * po/sv.po: Likewise.
        * po/zu.po: Likewise.
        * po/LINGUAS: Add ar, ca, da, ru, sv, zu

        * po/hu.po: Update translation.

17 years agoRelevant BUGIDs:
Tomas Mraz [Wed, 21 Feb 2007 20:27:28 +0000 (20:27 +0000)]
Relevant BUGIDs:

Purpose of commit: cleanup

Commit summary:
---------------
2007-02-21  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Test for
        allocation failure in bigcrypt().

        * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Allow modification
        of '*' password by root.

17 years agoRelevant BUGIDs:
Tomas Mraz [Tue, 6 Feb 2007 15:01:58 +0000 (15:01 +0000)]
Relevant BUGIDs:

Purpose of commit: cleanup

Commit summary:
---------------
2007-02-06  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Remove
        debug syslog message when loginuid doesn't exist.

17 years agoRelevant BUGIDs:
Tomas Mraz [Thu, 1 Feb 2007 21:54:58 +0000 (21:54 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
2007-02-01  Tomas Mraz  <t8m@centrum.cz>

        * xtests/tst-pam_unix3.c: Fix typos in comments.

        * modules/pam_unix/support.c (_unix_verify_password): Explicitly
        disallow '!' in the beginning of password hash. Treat only
        13 bytes password hash specifically. (Suggested by Solar Designer.)
        Fix a warning and test for allocation failure.
        * modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Likewise.

17 years agoRelevant BUGIDs:
Thorsten Kukuk [Wed, 31 Jan 2007 19:19:44 +0000 (19:19 +0000)]
Relevant BUGIDs:

Purpose of commit: new feature

Commit summary:
---------------

2007-01-31  Thorsten Kukuk  <kukuk@thkukuk.de>

        * xtests/Makefile.am: Add new pam_unix.so tests
        * xtests/run-xtests.sh: Prefer shell scripts (wrapper)
        over binaries.
        * xtests/tst-pam_cracklib1.c: Fix typo.
        * xtests/tst-pam_unix1.c: New, for sucurity fix.
        * xtests/tst-pam_unix1.pamd: New.
        * xtests/tst-pam_unix1.sh: New.
        * xtests/tst-pam_unix2.c: New, for crypt checks.
        * xtests/tst-pam_unix2.pamd: New.
        * xtests/tst-pam_unix2.sh: New.
        * xtests/tst-pam_unix3.c: New, for bigcrypt checks.
        * xtests/tst-pam_unix3.pamd: New.
        * xtests/tst-pam_unix3.sh: New.

17 years agoRelevant BUGIDs: Linux-PAM-0_99_7_1
Thorsten Kukuk [Tue, 23 Jan 2007 10:19:32 +0000 (10:19 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2007-01-23  Thorsten Kukuk  <kukuk@suse.de>

        * release 0.99.7.1

        * configure.in: Set version number to 0.99.7.1

2007-01-23  Thorsten Kukuk  <kukuk@thukuk.de>
            Tomas Mraz  <t2m@centrum.cz>

        * modules/pam_unix/support.c (_unix_verify_password): Always
        compare full encrypted passwords.

17 years agoRelevant BUGIDs:
Tomas Mraz [Tue, 23 Jan 2007 09:41:17 +0000 (09:41 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
2007-01-23  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_loginuid/Makefile.am (AM_LDFLAGS): Add LIBAUDIT.

        * modules/pam_selinux/Makefile.am (pam_selinux_check_LDFLAGS): Add
        AM_LDFLAGS.
        (pam_selinux_la_LDFLAGS): Likewise.

17 years agoRelevant BUGIDs: Linux-PAM-0_99_7_0
Thorsten Kukuk [Wed, 17 Jan 2007 14:18:33 +0000 (14:18 +0000)]
Relevant BUGIDs:

Purpose of commit: release

Commit summary:
---------------

2007-01-17  Thorsten Kukuk  <kukuk@thkukuk.de>

        * release 0.99.7.0

        * configure.in: Set version number to 0.99.7.0

        * Makefile.am (M4_FILES): Replace GNU make extension by listing
        all m4 files.

17 years agoRelevant BUGIDs:
Tomas Mraz [Wed, 17 Jan 2007 11:04:03 +0000 (11:04 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
2007-07-17  Tomas Mraz  <t8m@centrum.cz>

        * po/*.po: Updated strings to translate.
        * po/Linux-PAM.pot: Likewise.

17 years agoRelevant BUGIDs:
Thorsten Kukuk [Tue, 16 Jan 2007 16:25:11 +0000 (16:25 +0000)]
Relevant BUGIDs:

Purpose of commit: new feature

Commit summary:
---------------

2007-07-16  Thorsten Kukuk  <kukuk@thkukuk.de>

        * doc/man/pam.conf-syntax.xml: Improve documentation about
        sufficient keyword (Patch by Petteri Räty <betelgeuse@gentoo.org>)

17 years agoRelevant BUGIDs:
Thorsten Kukuk [Wed, 20 Dec 2006 14:56:08 +0000 (14:56 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

Don't be more restrictive than useradd for account names:

2006-12-20  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Forbid
        only '+' and '-' as first characters for account names.
        * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise.

17 years agoRelevant BUGIDs:
Tomas Mraz [Mon, 18 Dec 2006 21:07:42 +0000 (21:07 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
2006-12-18  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_keyinit/pam_keyinit.c (kill_keyrings): Switch to new
        egid first, euid next. Revert euid/egid to old euid/egid and not
        ruid/rgid.
        (pam_sm_open_session): Switch to new rgid first, ruid next.

17 years agoRelevant BUGIDs:
Tomas Mraz [Mon, 18 Dec 2006 20:09:33 +0000 (20:09 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
Truncated passwords in shadow do not make sense for other variants than bigcrypt.

2006-12-18  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_unix/support.c (_unix_verify_password): Use strncmp
        only for bigcrypt result.

17 years agoRelevant BUGIDs:
Thorsten Kukuk [Mon, 18 Dec 2006 19:26:21 +0000 (19:26 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2006-12-18  Thorsten Kukuk  <kukuk@thkukuk.de>

        * configure.in: Fix ENOKEY check (specify errno.h as header
        file to search in).

17 years agoRelevant BUGIDs:
Thorsten Kukuk [Mon, 18 Dec 2006 18:54:55 +0000 (18:54 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2006-12-18  Thorsten Kukuk  <kukuk@thkukuk.de>

        * configure.in: Add AM_PROG_CC_C_O.
        * libpam/Makefile.am: Add content of AM_LDFLAGS to *_LDFLAGS.
        * modules/pam_tally/Makefile.am: Likewise.
        * modules/pam_unix/Makefile.am: Likewise.