]>
granicus.if.org Git - linux-pam/log
Tomas Mraz [Thu, 2 Jun 2011 19:57:31 +0000 (21:57 +0200)]
Check for return value of pam_get_item() in pam_echo module.
Tomas Mraz [Thu, 2 Jun 2011 19:55:41 +0000 (21:55 +0200)]
Guard for pam_get_user() error in pam_filter module.
Tomas Mraz [Thu, 2 Jun 2011 19:53:55 +0000 (21:53 +0200)]
Guards for memory allocation errors in pam_cracklib module.
Tomas Mraz [Thu, 2 Jun 2011 19:50:11 +0000 (21:50 +0200)]
Add support for the mount_private option to pam_namespace.
Thorsten Kukuk [Mon, 30 May 2011 17:36:56 +0000 (19:36 +0200)]
2011-05-30 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_timestamp/pam_timestamp.c (main): Remove unsused
variable pretval.
* modules/pam_stress/pam_stress.c (converse): **message is const.
(stress_get_password): pmsg is const.
(pam_sm_chauthtok): Likewise.
* libpam/pam_item.c (pam_get_user): Make pmsg const and remove
casts.
Thorsten Kukuk [Mon, 30 May 2011 09:12:30 +0000 (11:12 +0200)]
2011-05-30 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_env/pam_env.c (_pam_parse): Implement debug option.
Based on patch by Tomas Mraz.
Thorsten Kukuk [Tue, 24 May 2011 14:48:11 +0000 (16:48 +0200)]
2011-05-24 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): quiet
option has no argument, print no missing file if quiet is set
[sf#
3194930 ].
kukuk [Wed, 4 May 2011 15:26:16 +0000 (17:26 +0200)]
2011-05-04 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_lastlog/pam_lastlog.c (last_login_failed): Don't
abort with error if btmp file does not exist.
Tomas Mraz [Mon, 21 Mar 2011 21:02:16 +0000 (22:02 +0100)]
Clear the whole MD5 context.
Tomas Mraz [Fri, 18 Mar 2011 23:15:54 +0000 (23:15 +0000)]
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2011-03-18 Tomas Mraz <tm@t8m.info>
* modules/pam_namespace/md5.c (MD5Final): Clear the whole ctx.
* modules/pam_namespace/pam_namespace.c (del_polydir): Guard for NULL poly.
(protect_dir): Guard for -1 passing to close().
(ns_setup): Likewise.
(pam_sm_open_session): Correctly test for SELinux enabled flag.
Tomas Mraz [Thu, 17 Mar 2011 17:04:34 +0000 (17:04 +0000)]
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2011-03-17 Tomas Mraz <tm@t8m.info>
* modules/pam_selinux/pam_selinux.c (config_context): Fix leak of type.
(manual_context): Likewise.
(context_from_env): Remove extraneous auditing in success case.
* modules/pam_unix/support.c (_unix_run_helper_binary): Remove extra
close() call.
Tomas Mraz [Tue, 22 Feb 2011 22:44:39 +0000 (22:44 +0000)]
Relevant BUGIDs:
Purpose of commit: docfix
Commit summary:
---------------
2011-02-22 Tomas Mraz <tm@t8m.info>
* modules/pam_nologin/pam_nologin.8.xml: Add missing space.
* modules/pam_limits/limits.conf.5.xml: Fix typo.
Tomas Mraz [Tue, 21 Dec 2010 08:54:14 +0000 (08:54 +0000)]
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2010-12-21 Tomas Mraz <tm@t8m.info>
* modules/pam_selinux/pam_selinux.c (mls_range_allowed): Unhardcode
values for security class and av permission bit.
Tomas Mraz [Tue, 14 Dec 2010 08:40:40 +0000 (08:40 +0000)]
Relevant BUGIDs:
Purpose of commit: new feature
Commit summary:
---------------
2010-12-14 Tomas Mraz <tm@t8m.info>
* modules/pam_limits/pam_limits.c (parse_uid_range): New function
to parse the range of uids or gids.
(parse_config_file): Call parse_uid_range() and if uid/gid range
is identified, setup the limits if the range matches. New parameters
containing user's uid and primary gid.
(pam_sm_open_session): Pass the user's uid and primary gid to
parse_config_file().
* modules/pam_limits/limits.conf.5.xml: Document the uid/gid ranges.
Tomas Mraz [Tue, 14 Dec 2010 08:28:38 +0000 (08:28 +0000)]
Relevant BUGIDs:
Purpose of commit: translations
Commit summary:
---------------
2010-12-14 Bahadır Kandemir <bahadir@pardus.org.tr>
* po/tr.po: Updated translations.
Tomas Mraz [Thu, 25 Nov 2010 16:58:59 +0000 (16:58 +0000)]
Relevant BUGIDs:
Purpose of commit: docfix
Commit summary:
---------------
2010-11-25 Tomas Mraz <tm@t8m.info>
* modules/pam_securetty/pam_securetty.8.xml: Improve documentation
of the kernel console feature and the noconsole option.
Thorsten Kukuk [Wed, 24 Nov 2010 12:28:01 +0000 (12:28 +0000)]
Relevant BUGIDs:
Purpose of commit: new feature
Commit summary:
---------------
2010-11-24 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_securetty/pam_securetty.c: Parse console= kernel
option, add noconsole option.
* modules/pam_securetty/pam_securetty.8.xml: Document new behavior
for serial console.
Patch from Lennart Poettering.
Tomas Mraz [Wed, 24 Nov 2010 08:49:30 +0000 (08:49 +0000)]
Relevant BUGIDs:
Purpose of commit: docfix
Commit summary:
---------------
2010-11-24 Tomas Mraz <tm@t8m.info>
* modules/pam_limits/limits.conf.5.xml: Document the %group syntax.
Tomas Mraz [Thu, 18 Nov 2010 09:37:31 +0000 (09:37 +0000)]
Relevant BUGIDs:
Purpose of commit: cleanup
Commit summary:
---------------
2010-11-18 Tomas Mraz <tm@t8m.info>
* modules/pam_limits/pam_limits.c (pam_parse,pam_sm_open_session):
Drop obsolete and broken option change_uid.
* modules/pam_limits/pam_limits.8.xml: Likewise.
Tomas Mraz [Tue, 16 Nov 2010 09:51:50 +0000 (09:51 +0000)]
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2010-11-16 Tomas Mraz <tm@t8m.info>
* modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Remove
dead and duplicate code. Return PAM_INCOMPLETE instead of
PAM_CONV_AGAIN.
Tomas Mraz [Thu, 11 Nov 2010 16:15:52 +0000 (16:15 +0000)]
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2010-11-11 Tomas Mraz <tm@t8m.info>
* modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Fix
potential use after free in case SELinux is misconfigured.
* modules/pam_namespace/pam_namespace.c (process_line): Fix memory
leak when parsing empty config file lines.
Thorsten Kukuk [Thu, 28 Oct 2010 09:36:25 +0000 (09:36 +0000)]
Relevant BUGIDs:
Purpose of commit: release
Commit summary:
---------------
2010-10-28 Thorsten Kukuk <kukuk@thkukuk.de>
* release version 1.1.3
* configure.in: Increase version to 1.1.3
* NEWS: document visible changes
* libpam/Makefile.am (libpam_la_LDFLAGS): Bump version number.
Thorsten Kukuk [Wed, 27 Oct 2010 13:18:50 +0000 (13:18 +0000)]
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-27 Thorsten Kukuk <kukuk@thkukuk.de>
* doc/adg/Makefile.am: Use UTF-8 for html docu.
* doc/mwg/Makefile.am: Likewise.
* doc/sag/Makefile.am: Likewise.
kernel.org webserver is using UTF-8
Tomas Mraz [Fri, 22 Oct 2010 07:18:07 +0000 (07:18 +0000)]
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-22 Tomas Mraz <tm@t8m.info>
* modules/pam_namespace/pam_namespace.c (inst_init): Use execle()
to execute the init script with clean environment. (CVE-2010-3853)
(cleanup_tmpdirs): Likewise for executing rm.
Dmitry V. Levin [Thu, 21 Oct 2010 15:00:12 +0000 (15:00 +0000)]
Relevant BUGIDs:
Purpose of commit: cleanup
Commit summary:
---------------
2010-10-21 Dmitry V. Levin <ldv@altlinux.org>
* modules/pam_mkhomedir/mkhomedir_helper.c (rec_mkdir): Remove.
(create_homedir): Use mkdir() instead of rec_mkdir().
(make_parent_dirs): New function.
(main): Use make_parent_dirs() to create parent directories only
for the home directory itself.
Thorsten Kukuk [Thu, 21 Oct 2010 13:24:31 +0000 (13:24 +0000)]
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-21 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/support.c (_unix_getpwnam): Don't allocate
unneeded buffer for uid/gid [sf#
3059572 ].
Thorsten Kukuk [Wed, 20 Oct 2010 13:21:52 +0000 (13:21 +0000)]
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-20 Thorsten Kukuk <kukuk@thkukuk.de>
* doc/man/pam_get_authtok.3.xml: Fix xml code.
Thorsten Kukuk [Wed, 20 Oct 2010 13:11:30 +0000 (13:11 +0000)]
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-20 Thorsten Kukuk <kukuk@thkukuk.de>
* doc/man/Makefile.am: Fix build dependencys of pam_get_authtok.3.
* xtests/Makefile.am: Only build xtests if we run xtests.
Thorsten Kukuk [Wed, 20 Oct 2010 12:11:38 +0000 (12:11 +0000)]
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-20 Thorsten Kukuk <kukuk@thkukuk.de>
* configure.in: Check for libdb with symbol versions, too.
Patch from Diego Elio Pettenò.
Thorsten Kukuk [Wed, 20 Oct 2010 11:58:17 +0000 (11:58 +0000)]
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-20 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_mkhomedir/mkhomedir_helper.c (rec_mkdir): Create
parent directories always with mode 0755.
(create_homedir): Create main directory with mode 0700 at first.
Dmitry V. Levin [Tue, 19 Oct 2010 23:33:02 +0000 (23:33 +0000)]
Relevant BUGIDs:
Purpose of commit: cleanup
Commit summary:
---------------
2010-10-19 Dmitry V. Levin <ldv@altlinux.org>
* modules/pam_selinux/pam_selinux.c (verbose_message): Remove.
(pam_sm_open_session): Call send_text() instead of verbose_message().
Dmitry V. Levin [Tue, 19 Oct 2010 16:48:32 +0000 (16:48 +0000)]
Relevant BUGIDs:
Purpose of commit: new feature
Commit summary:
---------------
2010-10-19 Dmitry V. Levin <ldv@altlinux.org>
* m4/ld-no-undefined.m4: New file.
* configure.in: Use PAM_LD_NO_UNDEFINED.
* Makefile.am (M4_FILES): Add m4/ld-no-undefined.m4.
Dmitry V. Levin [Tue, 19 Oct 2010 16:41:20 +0000 (16:41 +0000)]
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-19 Dmitry V. Levin <ldv@altlinux.org>
* m4/ld-O1.m4 (PAM_LD_O1): Fix typo.
Dmitry V. Levin [Tue, 19 Oct 2010 16:36:35 +0000 (16:36 +0000)]
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-19 Dmitry V. Levin <ldv@altlinux.org>
* modules/pam_selinux/Makefile.am (pam_selinux_la_LIBADD): Add
@LIBAUDIT@.
Thorsten Kukuk [Tue, 19 Oct 2010 15:24:34 +0000 (15:24 +0000)]
Relevant BUGIDs:
Purpose of commit: documentation
Commit summary:
---------------
2010-10-19 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_env/pam_env.8.xml: Document side effects of
environment variables in the stack.
* modules/pam_exec/pam_exec.8.xml: Document that user can
have controll over the environment.
Steve Langasek [Mon, 11 Oct 2010 19:33:44 +0000 (19:33 +0000)]
revert preceding patch; under discussion, no consensus
Tomas Mraz [Mon, 11 Oct 2010 14:24:30 +0000 (14:24 +0000)]
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-11 Tomas Mraz <t8m@centrum.cz>
* modules/pam_env/pam_env.c: Change default for user_readenv to 0.
* modules/pam_env/pam_env.8.xml: Document the new default for user_readenv.
Dmitry V. Levin [Fri, 8 Oct 2010 11:53:38 +0000 (11:53 +0000)]
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-07 Dmitry V. Levin <ldv@altlinux.org>
* modules/pam_selinux/pam_selinux.c (verbose_message): Fix format
string.
Dmitry V. Levin [Sun, 3 Oct 2010 21:00:53 +0000 (21:00 +0000)]
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-04 Dmitry V. Levin <ldv@altlinux.org>
* libpam/pam_modutil_priv.c: New file.
* libpam/Makefile.am (libpam_la_SOURCES): Add it.
* libpam/include/security/pam_modutil.h (struct pam_modutil_privs,
PAM_MODUTIL_DEF_PRIVS, pam_modutil_drop_priv,
pam_modutil_regain_priv): New declarations.
* libpam/libpam.map (LIBPAM_MODUTIL_1.1.3): New interface.
* modules/pam_env/pam_env.c (handle_env): Use new pam_modutil interface.
* modules/pam_mail/pam_mail.c (_do_mail): Likewise.
* modules/pam_xauth/pam_xauth.c (check_acl, pam_sm_open_session,
pam_sm_close_session): Likewise.
(pam_sm_open_session): Remove redundant fchown call.
Fixes CVE-2010-3430, CVE-2010-3431.
Thorsten Kukuk [Fri, 1 Oct 2010 11:05:45 +0000 (11:05 +0000)]
Relevant BUGIDs: #
3078936
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-01 Thorsten Kukuk <kukuk@thkukuk.de>
* configure.in: Extend cross compiling check.
* doc/specs/Makefile.am: Set CFLAGS and LDFLAGS to BUILD_CFLAGS
and BUILD_LDFLAGS.
Bug #
3078936 / gentoo #339174
Thorsten Kukuk [Thu, 30 Sep 2010 13:47:14 +0000 (13:47 +0000)]
Relevant BUGIDs:
Purpose of commit: cleanup
Commit summary:
---------------
2010-09-30 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_xauth/pam_xauth.c (pam_sm_close_session): Warn if
unlink() fails.
Dmitry V. Levin [Tue, 28 Sep 2010 17:19:42 +0000 (17:19 +0000)]
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2010-09-27 Dmitry V. Levin <ldv@altlinux.org>
* modules/pam_xauth/pam_xauth.c (pam_sm_close_session): Return
PAM_SUCCESS immediately if no cookie file is defined. Return
PAM_SESSION_ERR if cookie file is defined but target uid cannot be
determined. Do not modify cookiefile string returned by pam_get_data.
Dmitry V. Levin [Tue, 28 Sep 2010 17:11:36 +0000 (17:11 +0000)]
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2010-09-27 Dmitry V. Levin <ldv@altlinux.org>
* modules/pam_xauth/pam_xauth.c (check_acl): Check that the given
access control file is a regular file.
Dmitry V. Levin [Mon, 20 Sep 2010 20:16:30 +0000 (20:16 +0000)]
Relevant BUGIDs:
Purpose of commit: cleanup
Commit summary:
---------------
2010-09-16 Dmitry V. Levin <ldv@altlinux.org>
* modules/pam_env/pam_env.c (handle_env): Use setfsuid() return code.
* modules/pam_mail/pam_mail.c (_do_mail): Likewise.
* modules/pam_xauth/pam_xauth.c (check_acl, pam_sm_open_session,
pam_sm_close_session): Likewise.
Thorsten Kukuk [Tue, 31 Aug 2010 11:20:59 +0000 (11:20 +0000)]
Relevant BUGIDs:
Purpose of commit: new release
Commit summary:
---------------
2010-08-31 Thorsten Kukuk <kukuk@thkukuk.de>
* release version 1.1.2
* configure.in: Bump version number.
* NEWS: Document changes since 1.1.1.
* doc/adg/Linux-PAM_ADG.xml: Bump version number.
* doc/mwg/Linux-PAM_MWG.xml: Likewise.
* doc/sag/Linux-PAM_SAG.xml: Likewise.
* libpam/Makefile.am: Bump revision of shared library.
* po/*.po: Regenerate.
Tomas Mraz [Thu, 26 Aug 2010 19:16:18 +0000 (19:16 +0000)]
Relevant BUGIDs:
Purpose of commit: new feature
Commit summary:
---------------
2010-08-26 Tomas Mraz <t8m@centrum.cz>
* modules/pam_nologin/pam_nologin.c (perform_check): Try first
/var/run/nologin if the nologin file is not explicitly specified.
* modules/pam_nologin/pam_nologin.8.xml: Document that /var/run/nologin
is tried first.
Tomas Mraz [Thu, 26 Aug 2010 19:11:51 +0000 (19:11 +0000)]
Relevant BUGIDs:
Purpose of commit: translation
Commit summary:
---------------
2010-08-26 Sweta Kothari <swkothar@redhat.com>
* po/gu.po: Updated translations.
2010-08-26 Geert Warrink <geert.warrink@onsnet.nu>
* po/nl.po: Updated translations.
Thorsten Kukuk [Thu, 26 Aug 2010 13:49:33 +0000 (13:49 +0000)]
Relevant BUGIDs: #
2315432 , debian#284854#42.
Purpose of commit: bugfix
Commit summary:
---------------
2010-08-26 Thorsten Kukuk <kukuk@thkukuk.de>
* doc/specs/Makefile.am: Use CC_FOR_BUILD as compiler (cross
compile support).
* configure.in: Check for host compiler if cross compiling.
Bug #
2315432 , debian#284854#42.
Thorsten Kukuk [Tue, 17 Aug 2010 11:15:32 +0000 (11:15 +0000)]
Relevant BUGIDs:
Purpose of commit: new feature
Commit summary:
---------------
2010-08-17 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/pam_unix_passwd.c: Implement minlen option.
* modules/pam_unix/support.c: Likewise.
* modules/pam_unix/support.h: Likewise.
* modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Adjust
arguments for _set_ctrl call.
* modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise.
* modules/pam_unix/pam_unix_session.c: Likewise.
* modules/pam_unix/pam_unix.8.xml: Document minlen option.
Based on patch by Steve Langasek.
Thorsten Kukuk [Fri, 13 Aug 2010 08:59:53 +0000 (08:59 +0000)]
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2010-08-12 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_mail/pam_mail.c: Check for mail only with user
privilegs.
* modules/pam_xauth/pam_xauth.c (run_coprocess): Check return
value of setgid, setgroups and setuid.
* modules/pam_xauth/pam_xauth.c (check_acl): Save errno for
later usage.
* modules/pam_env/pam_env.c (handle_env): Check if user exists,
read local user config only with user privilegs.`
Thorsten Kukuk [Mon, 9 Aug 2010 15:36:48 +0000 (15:36 +0000)]
Relevant BUGIDs:
Purpose of commit: bugfix/cleanup
Commit summary:
---------------
2010-08-09 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_tally/pam_tally.8.xml: Document that pam_tally is
deprecated.
* modules/pam_tty_audit/Makefile.am (EXTRA_DIST): Fix make dist.
Thorsten Kukuk [Mon, 9 Aug 2010 14:16:25 +0000 (14:16 +0000)]
Relevant BUGIDs:
2923437
Purpose of commit: bugfix
Commit summary:
---------------
2010-08-09 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/passverify.c (check_shadow_expiry): Correct
check for expired date.
* modules/pam_unix/pam_unix_passwd.c (_pam_unix_approve_pass): Remove
check for password length. Bug #
2923437 .
Thorsten Kukuk [Wed, 4 Aug 2010 14:51:45 +0000 (14:51 +0000)]
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2010-08-04 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_tally2/pam_tally2.c (get_tally): Create file
with correct permissions. Patch by Diego Elio "Flameeyes" Pettenò.
Thorsten Kukuk [Wed, 4 Aug 2010 13:54:02 +0000 (13:54 +0000)]
Relevant BUGIDs:
2730965
Purpose of commit: workaround
Commit summary:
---------------
2010-08-04 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/passverify.c (PAMH_ARG_DECL): Don't request
password change if time is not yet set (1.1.1970). Bug #
2730965 .
Thorsten Kukuk [Wed, 4 Aug 2010 13:00:59 +0000 (13:00 +0000)]
Relevant BUGIDs: #
3035919 , #
3002340 , #
3037155
Purpose of commit: bugfix
Commit summary:
---------------
2010-08-04 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_access/pam_access.c (user_match): Make sure
that user@host will not match @@netgroup. Bug #
3035919 .
* modules/pam_group/pam_group.c (check_account): Add '%' for
UNIX groups.
* modules/pam_group/group.conf: Add example for '%'.
* modules/pam_group/group.conf.5.xml: Document '%' syntax.
Bug #
3002340 , #
3037155 .
Steve Langasek [Mon, 2 Aug 2010 13:59:02 +0000 (13:59 +0000)]
Relevant BUGIDs: Debian bug #582362
Purpose of commit: bugfix
Commit summary:
---------------
Don't pass --version-script options when linking executables, only when
linking libraries
Patch from Julien Cristau <jcristau@debian.org>
Thorsten Kukuk [Mon, 12 Jul 2010 14:47:11 +0000 (14:47 +0000)]
Relevant BUGIDs:
2917257
Purpose of commit: enhancement
Commit summary:
---------------
2010-07-12 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Add
audit flag to enable logging about unknown user (#
2917257 ).
* modules/pam_succeed_if/pam_succeed_if.8.xml: Document audit.
* modules/pam_succeed_if/pam_succeed_if.8: Regenerated from xml.
* modules/pam_succeed_if/README: Regenerated from xml.
Thorsten Kukuk [Tue, 22 Jun 2010 16:26:28 +0000 (16:26 +0000)]
Relevant BUGIDs:
3004656
Purpose of commit: bugfix
Commit summary:
---------------
2010-06-22 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_umask/pam_umask.8.xml: Remove comparisation of
gid and uid for usergroups.
* modules/pam_umask/pam_umask.c (setup_limits_from_gecos): Likewise.
Bug #
3004656
Thorsten Kukuk [Tue, 22 Jun 2010 14:57:44 +0000 (14:57 +0000)]
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2010-06-22 Thorsten Kukuk <kukuk@thkukuk.de>
* configure.in: Don't check for libxcrypt if no xcrypt.h exists,
fix typo introduced with 1.1.1.
Reported by Diego Elio "Flameeyes" Pettenò.
Thorsten Kukuk [Tue, 15 Jun 2010 14:27:13 +0000 (14:27 +0000)]
Relevant BUGIDs:
3010705
Purpose of commit: bugfix
Commit summary:
---------------
2010-06-15 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_xauth/pam_xauth.c (pam_sm_close_session): Call
setfsuid to be allowed to remove temporary files (#
3010705 ).
(pam_sm_open_session): Call fchown with correct permissions.
Thorsten Kukuk [Wed, 9 Jun 2010 08:58:06 +0000 (08:58 +0000)]
Relevant BUGIDs:
Purpose of commit: bugfix
Add test case for unresolved symbols
2010-06-09 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_tty_audit/Makefile.am (TESTS): Add tst-pam_tty_audit.
* modules/pam_tty_audit/tst-pam_tty_audit: New.
Commit summary:
---------------
Steve Langasek [Mon, 7 Jun 2010 19:30:34 +0000 (19:30 +0000)]
Relevant BUGIDs: Ubuntu bug #588547
Purpose of commit: bugfix
Commit summary:
---------------
2010-06-07 Steve Langasek <vorlon@debian.org>
* modules/pam_tty_audit/Makefile.am: If we don't have the libraries
required for building pam_tty_audit, we shouldn't install the manpage
either.
Thorsten Kukuk [Thu, 27 May 2010 12:49:22 +0000 (12:49 +0000)]
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2010-05-27 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_userdb/pam_userdb.c: Define HAVE_DBM
for BerkDB 5.0 support. Patch by Diego Elio Pettenò.
Thorsten Kukuk [Wed, 5 May 2010 08:05:04 +0000 (08:05 +0000)]
Relevant BUGIDs:
Purpose of commit: docu fix
Commit summary:
---------------
2010-04-15 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_exec/pam_exec.8.xml: Fix example.
Thorsten Kukuk [Wed, 14 Apr 2010 10:22:10 +0000 (10:22 +0000)]
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2010-04-13 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_pwhistory/opasswd.c: Fix compilation if
cyprt_r() is not available.
* configure.in: check for getutent_r.
* modules/pam_timestamp/pam_timestamp.c: Use getutent()
if getutent_r() does not exist.
Patch from Diego Elio "Flameeyes" Pettenò.
Thorsten Kukuk [Mon, 12 Apr 2010 13:55:21 +0000 (13:55 +0000)]
Relevant BUGIDs:
Purpose of commit: enhancement
Commit summary:
---------------
2010-04-12 Thorsten Kukuk <kukuk@thkukuk.de>
* doc/man/pam.conf-syntax.xml: Better documentation of
"actionN". Patch from Michal Soltys <soltys@ziu.info>.
Thorsten Kukuk [Tue, 6 Apr 2010 08:07:11 +0000 (08:07 +0000)]
Relevant BUGIDs:
Purpose of commit: new feature
Commit summary:
---------------
2010-04-06 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_rootok/pam_rootok.c: Add support for acct_mgmt
and chauthtok.
* modules/pam_rootok/pam_rootok.8.xml: Document new module
types.
Thorsten Kukuk [Mon, 29 Mar 2010 14:43:40 +0000 (14:43 +0000)]
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
po/ar.po: Add missing Plural-Forms entry to header.
Tomas Mraz [Thu, 25 Mar 2010 20:08:42 +0000 (20:08 +0000)]
Relevant BUGIDs:
Purpose of commit: translation
Commit summary:
---------------
2010-03-25 Daniel Nylander <po@danielnylander.se>
* po/sv.po: Updated translations.
Tomas Mraz [Wed, 24 Mar 2010 13:57:50 +0000 (13:57 +0000)]
Relevant BUGIDs:
Purpose of commit: translation
Commit summary:
---------------
2010-03-24 Ani Peter <anipeter@fedoraproject.org>
* po/ml.po: Updated translations.
Tomas Mraz [Mon, 8 Mar 2010 07:29:39 +0000 (07:29 +0000)]
Relevant BUGIDs:
Purpose of commit: translations
Commit summary:
---------------
2010-03-08 Yuri Chornoivan <yurchor@ukr.net>
* po/uk.po: Updated translations.
Tomas Mraz [Tue, 9 Feb 2010 15:08:59 +0000 (15:08 +0000)]
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2010-02-09 Tomas Mraz <t8m@centrum.cz>
* libpam/pam_get_authtok.c (pam_get_authtok_internal): Fix
regression in the new password prompt.
Tomas Mraz [Mon, 4 Jan 2010 17:00:33 +0000 (17:00 +0000)]
Relevant BUGIDs:
Purpose of commit: translation
Commit summary:
---------------
2010-01-04 Elad <el.il@doom.co.il>
* po/he.po: New translation to Hebrew.
* po/LINGUAS: Add Hebrew to the list.
Thorsten Kukuk [Wed, 16 Dec 2009 13:17:13 +0000 (13:17 +0000)]
Relevant BUGIDs:
Purpose of commit: release
Commit summary:
---------------
2009-12-16 Thorsten Kukuk <kukuk@suse.de>
* release version 1.1.1
* NEWS: Adjust for 1.1.1
* configure.in: Likewise.
* doc/adg/Linux-PAM_ADG.xml: Likewise.
* doc/mwg/Linux-PAM_MWG.xml: Likewise.
* doc/sag/Linux-PAM_SAG.xml: Likewise.
* po/*.po: Regenerated.
Thorsten Kukuk [Tue, 8 Dec 2009 14:41:40 +0000 (14:41 +0000)]
Relevant BUGIDs:
2892529
Purpose of commit: bugfix
Commit summary:
---------------
2009-12-08 Thorsten Kukuk <kukuk@thkukuk.de>
* configure.in: Rename DEBUG to PAM_DEBUG.
* libpam/pam_env.c: Likewise
* libpam/pam_handlers.c: Likewise
* libpam/pam_miscc.c: Likewise
* libpam/pam_password.c: Likewise
* libpam/include/security/_pam_macros.h: Likewise
* libpamc/test/modules/pam_secret.c: Likewise
* modules/pam_group/pam_group.c: Likewise
* modules/pam_listfile/pam_listfile.c: Likewise
* modules/pam_unix/pam_unix_auth.c: Likewise
* modules/pam_unix/pam_unix_passwd.c: Likewise
Tomas Mraz [Tue, 8 Dec 2009 09:15:51 +0000 (09:15 +0000)]
Relevant BUGIDs: rhbz#545053
Purpose of commit: new feature
Commit summary:
---------------
2009-12-08 Tomas Mraz <t8m@centrum.cz>
* modules/pam_unix/passverify.c(unix_update_shadow): Create a shadow
entry if not present in the file.
Tomas Mraz [Tue, 8 Dec 2009 09:06:46 +0000 (09:06 +0000)]
Relevant BUGIDs:
Purpose of commit: cleanup
Commit summary:
---------------
2009-12-08 Tomas Mraz <t8m@centrum.cz>
* modules/pam_listfile/pam_listfile.c(pam_sm_authenticate): Remove
unused function and variable.
Tomas Mraz [Thu, 19 Nov 2009 10:43:23 +0000 (10:43 +0000)]
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2009-11-19 Tomas Mraz <t8m@centrum.cz>
* modules/pam_sepermit/pam_sepermit.c(sepermit_match): Return
PAM_AUTH_ERR from the module if sepermit_lock() fails.
Tomas Mraz [Wed, 18 Nov 2009 16:06:53 +0000 (16:06 +0000)]
Relevant BUGIDs:
2892189
Purpose of commit: bugfix
Commit summary:
---------------
2009-11-18 Tomas Mraz <t8m@centrum.cz>
* modules/pam_access/pam_access.c(user_match): Revert the netgroup
match to the original behavior, add new syntax for adding the local
hostname.
* modules/pam_access/access.conf.5.xml: Document the new syntax
for adding the local hostname to the netgroup match.
Thorsten Kukuk [Tue, 10 Nov 2009 15:52:20 +0000 (15:52 +0000)]
Relevant BUGIDs:
Purpose of commit: regression fix
Commit summary:
---------------
2009-11-10 Thorsten Kukuk <kukuk@suse.de>
* doc/man/pam_get_authtok.3.xml: Document pam_get_authtok_noverify
and pam_get_authtok_verify.
* libpam/Makefile.am (libpam_la_LDFLAGS): Bump revesion of libpam.
* libpam/pam_get_authtok.c (pam_get_authtok_internal): Renamed
from pam_get_authtok, add flags argument, always check return
values.
* modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Use
pam_get_authtok_noverify and pam_get_authtok_verify.
* libpam/include/security/pam_ext.h: Add prototypes for
pam_get_authtok_noverify and pam_get_authtok_verify.
* libpam/libpam.map: Add new pam_get_authtok_* functions.
Thorsten Kukuk [Wed, 4 Nov 2009 14:07:44 +0000 (14:07 +0000)]
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
Add new manual page.
Tomas Mraz [Mon, 2 Nov 2009 16:12:56 +0000 (16:12 +0000)]
Relevant BUGIDs:
Purpose of commit: translation
Commit summary:
---------------
2009-11-02 Ani Peter <anipeter@fedoraproject.org>
* po/ml.po: Updated translations.
Tomas Mraz [Mon, 2 Nov 2009 16:09:07 +0000 (16:09 +0000)]
Relevant BUGIDs:
Purpose of commit: new feature
Commit summary:
---------------
2009-11-02 Tomas Mraz <t8m@centrum.cz>
* modules/pam_sepermit/Makefile.am: Add sepermit.conf(5) manual page.
* modules/pam_sepermit/pam_sepermit.8.xml: Add reference to
sepermit.conf(5). Drop some redundant text.
* modules/pam_sepermit/sepermit.conf.5.xml: New file.
* modules/pam_sepermit/pam_sepermit.c(sepermit_match): Implement the ignore
option in sepermit.conf.
Tomas Mraz [Thu, 29 Oct 2009 15:26:50 +0000 (15:26 +0000)]
Relevant BUGIDs: rhbz#531530
Purpose of commit: bugfix
Commit summary:
---------------
2009-10-29 Tomas Mraz <t8m@centrum.cz>
* modules/pam_xauth/Makefile.am: Link with libselinux.
* modules/pam_xauth/pam_xauth.c(pam_sm_open_session): Call
setfscreatecon() if selinux is enabled to create the .xauth file
with the right label. Original idea by Dan Walsh.
Tomas Mraz [Thu, 8 Oct 2009 15:19:41 +0000 (15:19 +0000)]
Relevant BUGIDs:
Purpose of commit: documentation
Commit summary:
---------------
2009-10-08 Tomas Mraz <t8m@centrum.cz>
* modules/pam_tty_audit/pam_tty_audit.8.xml: Add notice about aureport
add SEE ALSO section.
Tomas Mraz [Tue, 6 Oct 2009 12:26:05 +0000 (12:26 +0000)]
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2009-10-06 Tomas Mraz <t8m@centrum.cz>
* modules/pam_listfile/pam_listfile.c(pam_sm_authenticate): Just
call pam_modutil_user_in_group_nam_nam() instead of reimplementation
of group matching.
Tomas Mraz [Mon, 5 Oct 2009 06:57:53 +0000 (06:57 +0000)]
Relevant BUGIDs:
Purpose of commit: translation
Commit summary:
---------------
2009-10-05 Kris Thomsen <lakristho@gmail.com>
* po/da.po: Updated translations.
Tomas Mraz [Tue, 29 Sep 2009 10:58:33 +0000 (10:58 +0000)]
Relevant BUGIDs:
Purpose of commit: translation
Commit summary:
---------------
2009-09-29 Piotr Drąg <piotrdrag@gmail.com>
* po/pl.po: Updated translations.
Tomas Mraz [Mon, 21 Sep 2009 07:11:16 +0000 (07:11 +0000)]
Relevant BUGIDs:
Purpose of commit: translation
Commit summary:
---------------
2009-09-21 Yulia Poyarkova <yulia.poyarkova@redhat.com>
* po/ru.po: Updated translations.
Tomas Mraz [Thu, 17 Sep 2009 08:11:11 +0000 (08:11 +0000)]
Relevant BUGIDs:
Purpose of commit: translation
Commit summary:
---------------
2009-09-17 Kiyoto Hashida <khashida@redhat.com>
* po/ja.po: Updated translations.
Tomas Mraz [Thu, 17 Sep 2009 08:08:48 +0000 (08:08 +0000)]
Relevant BUGIDs:
Purpose of commit: translation
Commit summary:
---------------
2009-09-18 Eunju Kim <eukim@redhat.com>
* po/ko.po: Updated translations.
Tomas Mraz [Thu, 17 Sep 2009 08:04:14 +0000 (08:04 +0000)]
Relevant BUGIDs:
Purpose of commit: translation
Commit summary:
---------------
2009-09-17 Yulia Poyarkova <yulia.poyarkova@redhat.com>
* po/ru.po: Updated translations.
Steve Langasek [Thu, 10 Sep 2009 10:19:57 +0000 (10:19 +0000)]
Relevant BUGIDs: Debian bug #537848
Purpose of commit: bugfix
Commit summary:
---------------
2009-09-10 Steve Langasek <vorlon@debian.org>
* modules/pam_securetty/pam_securetty.c: pam_securetty should not
return PAM_USER_UNKNOWN when the tty is secure, regardless of what
was entered as a username.
Patch from Nicolas François <nicolas.francois@centraliens.net>.
Steve Langasek [Mon, 31 Aug 2009 22:09:44 +0000 (22:09 +0000)]
Relevant BUGIDs: Debian bug #518908
Purpose of commit: portability
Commit summary:
---------------
2009-08-31 Steve Langasek <vorlon@debian.org>
* modules/pam_namespace/namespace.init: make this portable to POSIX
awk, instead of using GNU awk extensions.
Steve Langasek [Tue, 25 Aug 2009 07:54:15 +0000 (07:54 +0000)]
Relevant BUGIDs: Debian bug #470096
Purpose of commit: bugfix
Commit summary:
---------------
2009-08-25 Steve Langasek <vorlon@debian.org>
* po/es.po: fix missing whitespace in password prompts.
Steve Langasek [Tue, 25 Aug 2009 07:32:55 +0000 (07:32 +0000)]
Relevant BUGIDs: Debian bug #470137
Purpose of commit: bugfix
Commit summary:
---------------
2009-08-25 Steve Langasek <vorlon@debian.org>
* modules/pam_sepermit/pam_sepermit.8.xml: fix up one reference
to pam.d(8) left behind because I've forgotten how CVS works
Steve Langasek [Mon, 24 Aug 2009 21:26:18 +0000 (21:26 +0000)]
Relevant BUGIDs:
Purpose of commit: cleanup
Commit summary:
---------------
sesseion -> session
Steve Langasek [Mon, 24 Aug 2009 07:48:26 +0000 (07:48 +0000)]
Relevant BUGIDs:
Purpose of commit: grammar fixes
Commit summary:
---------------
"successful" -> "successfully"; "them self" -> "themself" - the use of
"themself" as a gender-indeterminate reflexive pronoun in English is
disputed and somewhat awkward, but "them self" is 100% wrong.
Thorsten Kukuk [Tue, 21 Jul 2009 13:59:24 +0000 (13:59 +0000)]
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2009-07-21 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Delete
new token if it does not match strength criteria.
Thorsten Kukuk [Tue, 30 Jun 2009 10:28:53 +0000 (10:28 +0000)]
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
This makes Linux-PAM compile able with uClibc or on embedded systems
without full libc/libnsl.
2009-06-29 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/yppasswd_xdr.c: Remove unnecessary header files.
* modules/pam_unix/support.c (_unix_getpwnam): Only compile in NIS
support if all necessary functions exist.
* modules/pam_unix/pam_unix_passwd.c (getNISserver): Add debug
option, handle correct if OS has no NIS support.
* modules/pam_access/pam_access.c (netgroup_match): Check if
yp_get_default_domain and innetgr are available at compile time.
* configure.in: Check for functions: innetgr, getdomainname
check for headers: rpcsvc/ypclnt.h, rpcsvc/yp_prot.h.