]> granicus.if.org Git - linux-pam/log
linux-pam
13 years agoCheck for return value of pam_get_item() in pam_echo module.
Tomas Mraz [Thu, 2 Jun 2011 19:57:31 +0000 (21:57 +0200)]
Check for return value of pam_get_item() in pam_echo module.

13 years agoGuard for pam_get_user() error in pam_filter module.
Tomas Mraz [Thu, 2 Jun 2011 19:55:41 +0000 (21:55 +0200)]
Guard for pam_get_user() error in pam_filter module.

13 years agoGuards for memory allocation errors in pam_cracklib module.
Tomas Mraz [Thu, 2 Jun 2011 19:53:55 +0000 (21:53 +0200)]
Guards for memory allocation errors in pam_cracklib module.

13 years agoAdd support for the mount_private option to pam_namespace.
Tomas Mraz [Thu, 2 Jun 2011 19:50:11 +0000 (21:50 +0200)]
Add support for the mount_private option to pam_namespace.

13 years ago2011-05-30 Thorsten Kukuk <kukuk@thkukuk.de>
Thorsten Kukuk [Mon, 30 May 2011 17:36:56 +0000 (19:36 +0200)]
2011-05-30  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_timestamp/pam_timestamp.c (main): Remove unsused
        variable pretval.

        * modules/pam_stress/pam_stress.c (converse): **message is const.
        (stress_get_password): pmsg is const.
        (pam_sm_chauthtok): Likewise.
        * libpam/pam_item.c (pam_get_user): Make pmsg const and remove
        casts.

13 years ago2011-05-30 Thorsten Kukuk <kukuk@thkukuk.de>
Thorsten Kukuk [Mon, 30 May 2011 09:12:30 +0000 (11:12 +0200)]
2011-05-30  Thorsten Kukuk  <kukuk@thkukuk.de>

* modules/pam_env/pam_env.c (_pam_parse): Implement debug option.
Based on patch by Tomas Mraz.

13 years ago2011-05-24 Thorsten Kukuk <kukuk@thkukuk.de>
Thorsten Kukuk [Tue, 24 May 2011 14:48:11 +0000 (16:48 +0200)]
2011-05-24  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): quiet
        option has no argument, print no missing file if quiet is set
        [sf#3194930].

13 years ago2011-05-04 Thorsten Kukuk <kukuk@thkukuk.de>
kukuk [Wed, 4 May 2011 15:26:16 +0000 (17:26 +0200)]
2011-05-04  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_lastlog/pam_lastlog.c (last_login_failed): Don't
        abort with error if btmp file does not exist.

13 years agoClear the whole MD5 context.
Tomas Mraz [Mon, 21 Mar 2011 21:02:16 +0000 (22:02 +0100)]
Clear the whole MD5 context.

13 years agoRelevant BUGIDs:
Tomas Mraz [Fri, 18 Mar 2011 23:15:54 +0000 (23:15 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
2011-03-18  Tomas Mraz  <tm@t8m.info>

        * modules/pam_namespace/md5.c (MD5Final): Clear the whole ctx.
        * modules/pam_namespace/pam_namespace.c (del_polydir): Guard for NULL poly.
        (protect_dir): Guard for -1 passing to close().
        (ns_setup): Likewise.
        (pam_sm_open_session): Correctly test for SELinux enabled flag.

13 years agoRelevant BUGIDs:
Tomas Mraz [Thu, 17 Mar 2011 17:04:34 +0000 (17:04 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
2011-03-17  Tomas Mraz  <tm@t8m.info>

        * modules/pam_selinux/pam_selinux.c (config_context): Fix leak of type.
        (manual_context): Likewise.
        (context_from_env): Remove extraneous auditing in success case.

        * modules/pam_unix/support.c (_unix_run_helper_binary): Remove extra
        close() call.

13 years agoRelevant BUGIDs:
Tomas Mraz [Tue, 22 Feb 2011 22:44:39 +0000 (22:44 +0000)]
Relevant BUGIDs:

Purpose of commit: docfix

Commit summary:
---------------
2011-02-22  Tomas Mraz  <tm@t8m.info>

        * modules/pam_nologin/pam_nologin.8.xml: Add missing space.
        * modules/pam_limits/limits.conf.5.xml: Fix typo.

14 years agoRelevant BUGIDs:
Tomas Mraz [Tue, 21 Dec 2010 08:54:14 +0000 (08:54 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
2010-12-21  Tomas Mraz  <tm@t8m.info>

        * modules/pam_selinux/pam_selinux.c (mls_range_allowed): Unhardcode
        values for security class and av permission bit.

14 years agoRelevant BUGIDs:
Tomas Mraz [Tue, 14 Dec 2010 08:40:40 +0000 (08:40 +0000)]
Relevant BUGIDs:

Purpose of commit: new feature

Commit summary:
---------------
2010-12-14  Tomas Mraz  <tm@t8m.info>

        * modules/pam_limits/pam_limits.c (parse_uid_range): New function
        to parse the range of uids or gids.
        (parse_config_file): Call parse_uid_range() and if uid/gid range
        is identified, setup the limits if the range matches. New parameters
        containing user's uid and primary gid.
        (pam_sm_open_session): Pass the user's uid and primary gid to
        parse_config_file().
        * modules/pam_limits/limits.conf.5.xml: Document the uid/gid ranges.

14 years agoRelevant BUGIDs:
Tomas Mraz [Tue, 14 Dec 2010 08:28:38 +0000 (08:28 +0000)]
Relevant BUGIDs:

Purpose of commit: translations

Commit summary:
---------------
2010-12-14  Bahadır Kandemir <bahadir@pardus.org.tr>

        * po/tr.po: Updated translations.

14 years agoRelevant BUGIDs:
Tomas Mraz [Thu, 25 Nov 2010 16:58:59 +0000 (16:58 +0000)]
Relevant BUGIDs:

Purpose of commit: docfix

Commit summary:
---------------
2010-11-25  Tomas Mraz  <tm@t8m.info>

        * modules/pam_securetty/pam_securetty.8.xml: Improve documentation
        of the kernel console feature and the noconsole option.

14 years agoRelevant BUGIDs:
Thorsten Kukuk [Wed, 24 Nov 2010 12:28:01 +0000 (12:28 +0000)]
Relevant BUGIDs:

Purpose of commit: new feature

Commit summary:
---------------

2010-11-24  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_securetty/pam_securetty.c: Parse console= kernel
        option, add noconsole option.
        * modules/pam_securetty/pam_securetty.8.xml: Document new behavior
        for serial console.
        Patch from Lennart Poettering.

14 years agoRelevant BUGIDs:
Tomas Mraz [Wed, 24 Nov 2010 08:49:30 +0000 (08:49 +0000)]
Relevant BUGIDs:

Purpose of commit: docfix

Commit summary:
---------------
2010-11-24  Tomas Mraz  <tm@t8m.info>

        * modules/pam_limits/limits.conf.5.xml: Document the %group syntax.

14 years agoRelevant BUGIDs:
Tomas Mraz [Thu, 18 Nov 2010 09:37:31 +0000 (09:37 +0000)]
Relevant BUGIDs:

Purpose of commit: cleanup

Commit summary:
---------------
2010-11-18  Tomas Mraz  <tm@t8m.info>

        * modules/pam_limits/pam_limits.c (pam_parse,pam_sm_open_session):
        Drop obsolete and broken option change_uid.
        * modules/pam_limits/pam_limits.8.xml: Likewise.

14 years agoRelevant BUGIDs: Linux-PAM-1_1-branch
Tomas Mraz [Tue, 16 Nov 2010 09:51:50 +0000 (09:51 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
2010-11-16  Tomas Mraz  <tm@t8m.info>

        * modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Remove
        dead and duplicate code. Return PAM_INCOMPLETE instead of
        PAM_CONV_AGAIN.

14 years agoRelevant BUGIDs:
Tomas Mraz [Thu, 11 Nov 2010 16:15:52 +0000 (16:15 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
2010-11-11  Tomas Mraz  <tm@t8m.info>

        * modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Fix
        potential use after free in case SELinux is misconfigured.

        * modules/pam_namespace/pam_namespace.c (process_line): Fix memory
        leak when parsing empty config file lines.

14 years agoRelevant BUGIDs: Linux-PAM-1_1_3
Thorsten Kukuk [Thu, 28 Oct 2010 09:36:25 +0000 (09:36 +0000)]
Relevant BUGIDs:

Purpose of commit: release

Commit summary:
---------------

2010-10-28  Thorsten Kukuk  <kukuk@thkukuk.de>

        * release version 1.1.3

        * configure.in: Increase version to 1.1.3

        * NEWS: document visible changes

        * libpam/Makefile.am (libpam_la_LDFLAGS): Bump version number.

14 years agoRelevant BUGIDs:
Thorsten Kukuk [Wed, 27 Oct 2010 13:18:50 +0000 (13:18 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2010-10-27  Thorsten Kukuk <kukuk@thkukuk.de>

        * doc/adg/Makefile.am: Use UTF-8 for html docu.
        * doc/mwg/Makefile.am: Likewise.
        * doc/sag/Makefile.am: Likewise.

kernel.org webserver is using UTF-8

14 years agoRelevant BUGIDs:
Tomas Mraz [Fri, 22 Oct 2010 07:18:07 +0000 (07:18 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
2010-10-22  Tomas Mraz  <tm@t8m.info>

        * modules/pam_namespace/pam_namespace.c (inst_init): Use execle()
        to execute the init script with clean environment. (CVE-2010-3853)
        (cleanup_tmpdirs): Likewise for executing rm.

14 years agoRelevant BUGIDs:
Dmitry V. Levin [Thu, 21 Oct 2010 15:00:12 +0000 (15:00 +0000)]
Relevant BUGIDs:

Purpose of commit: cleanup

Commit summary:
---------------
2010-10-21  Dmitry V. Levin  <ldv@altlinux.org>

* modules/pam_mkhomedir/mkhomedir_helper.c (rec_mkdir): Remove.
(create_homedir): Use mkdir() instead of rec_mkdir().
(make_parent_dirs): New function.
(main): Use make_parent_dirs() to create parent directories only
for the home directory itself.

14 years agoRelevant BUGIDs:
Thorsten Kukuk [Thu, 21 Oct 2010 13:24:31 +0000 (13:24 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2010-10-21  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_unix/support.c (_unix_getpwnam): Don't allocate
        unneeded buffer for uid/gid [sf#3059572].

14 years agoRelevant BUGIDs:
Thorsten Kukuk [Wed, 20 Oct 2010 13:21:52 +0000 (13:21 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2010-10-20  Thorsten Kukuk  <kukuk@thkukuk.de>

        * doc/man/pam_get_authtok.3.xml: Fix xml code.

14 years agoRelevant BUGIDs:
Thorsten Kukuk [Wed, 20 Oct 2010 13:11:30 +0000 (13:11 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2010-10-20  Thorsten Kukuk  <kukuk@thkukuk.de>

        * doc/man/Makefile.am: Fix build dependencys of pam_get_authtok.3.

        * xtests/Makefile.am: Only build xtests if we run xtests.

14 years agoRelevant BUGIDs:
Thorsten Kukuk [Wed, 20 Oct 2010 12:11:38 +0000 (12:11 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2010-10-20  Thorsten Kukuk  <kukuk@thkukuk.de>

        * configure.in: Check for libdb with symbol versions, too.
        Patch from Diego Elio Pettenò.

14 years agoRelevant BUGIDs:
Thorsten Kukuk [Wed, 20 Oct 2010 11:58:17 +0000 (11:58 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2010-10-20  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_mkhomedir/mkhomedir_helper.c (rec_mkdir): Create
        parent directories always with mode 0755.
        (create_homedir): Create main directory with mode 0700 at first.

14 years agoRelevant BUGIDs:
Dmitry V. Levin [Tue, 19 Oct 2010 23:33:02 +0000 (23:33 +0000)]
Relevant BUGIDs:

Purpose of commit: cleanup

Commit summary:
---------------
2010-10-19  Dmitry V. Levin  <ldv@altlinux.org>

* modules/pam_selinux/pam_selinux.c (verbose_message): Remove.
(pam_sm_open_session): Call send_text() instead of verbose_message().

14 years agoRelevant BUGIDs:
Dmitry V. Levin [Tue, 19 Oct 2010 16:48:32 +0000 (16:48 +0000)]
Relevant BUGIDs:

Purpose of commit: new feature

Commit summary:
---------------
2010-10-19  Dmitry V. Levin  <ldv@altlinux.org>

* m4/ld-no-undefined.m4: New file.
* configure.in: Use PAM_LD_NO_UNDEFINED.
* Makefile.am (M4_FILES): Add m4/ld-no-undefined.m4.

14 years agoRelevant BUGIDs:
Dmitry V. Levin [Tue, 19 Oct 2010 16:41:20 +0000 (16:41 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
2010-10-19  Dmitry V. Levin  <ldv@altlinux.org>

* m4/ld-O1.m4 (PAM_LD_O1): Fix typo.

14 years agoRelevant BUGIDs:
Dmitry V. Levin [Tue, 19 Oct 2010 16:36:35 +0000 (16:36 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
2010-10-19  Dmitry V. Levin  <ldv@altlinux.org>

* modules/pam_selinux/Makefile.am (pam_selinux_la_LIBADD): Add
@LIBAUDIT@.

14 years agoRelevant BUGIDs:
Thorsten Kukuk [Tue, 19 Oct 2010 15:24:34 +0000 (15:24 +0000)]
Relevant BUGIDs:

Purpose of commit: documentation

Commit summary:
---------------

2010-10-19  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_env/pam_env.8.xml: Document side effects of
        environment variables in the stack.
        * modules/pam_exec/pam_exec.8.xml: Document that user can
        have controll over the environment.

14 years agorevert preceding patch; under discussion, no consensus
Steve Langasek [Mon, 11 Oct 2010 19:33:44 +0000 (19:33 +0000)]
revert preceding patch; under discussion, no consensus

14 years agoRelevant BUGIDs:
Tomas Mraz [Mon, 11 Oct 2010 14:24:30 +0000 (14:24 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
2010-10-11  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_env/pam_env.c: Change default for user_readenv to 0.
        * modules/pam_env/pam_env.8.xml: Document the new default for user_readenv.

14 years agoRelevant BUGIDs:
Dmitry V. Levin [Fri, 8 Oct 2010 11:53:38 +0000 (11:53 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
2010-10-07  Dmitry V. Levin  <ldv@altlinux.org>

* modules/pam_selinux/pam_selinux.c (verbose_message): Fix format
string.

14 years agoRelevant BUGIDs:
Dmitry V. Levin [Sun, 3 Oct 2010 21:00:53 +0000 (21:00 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
2010-10-04  Dmitry V. Levin  <ldv@altlinux.org>

* libpam/pam_modutil_priv.c: New file.
* libpam/Makefile.am (libpam_la_SOURCES): Add it.
* libpam/include/security/pam_modutil.h (struct pam_modutil_privs,
PAM_MODUTIL_DEF_PRIVS, pam_modutil_drop_priv,
pam_modutil_regain_priv): New declarations.
* libpam/libpam.map (LIBPAM_MODUTIL_1.1.3): New interface.
* modules/pam_env/pam_env.c (handle_env): Use new pam_modutil interface.
* modules/pam_mail/pam_mail.c (_do_mail): Likewise.
* modules/pam_xauth/pam_xauth.c (check_acl, pam_sm_open_session,
pam_sm_close_session): Likewise.
(pam_sm_open_session): Remove redundant fchown call.
Fixes CVE-2010-3430, CVE-2010-3431.

14 years agoRelevant BUGIDs: #3078936
Thorsten Kukuk [Fri, 1 Oct 2010 11:05:45 +0000 (11:05 +0000)]
Relevant BUGIDs: #3078936

Purpose of commit: bugfix

Commit summary:
---------------

2010-10-01  Thorsten Kukuk  <kukuk@thkukuk.de>

        * configure.in: Extend cross compiling check.
        * doc/specs/Makefile.am: Set CFLAGS and LDFLAGS to BUILD_CFLAGS
        and BUILD_LDFLAGS.
        Bug #3078936 / gentoo #339174

14 years agoRelevant BUGIDs:
Thorsten Kukuk [Thu, 30 Sep 2010 13:47:14 +0000 (13:47 +0000)]
Relevant BUGIDs:

Purpose of commit: cleanup

Commit summary:
---------------

2010-09-30  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_xauth/pam_xauth.c (pam_sm_close_session): Warn if
        unlink() fails.

14 years agoRelevant BUGIDs:
Dmitry V. Levin [Tue, 28 Sep 2010 17:19:42 +0000 (17:19 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
2010-09-27  Dmitry V. Levin  <ldv@altlinux.org>

* modules/pam_xauth/pam_xauth.c (pam_sm_close_session): Return
PAM_SUCCESS immediately if no cookie file is defined.  Return
PAM_SESSION_ERR if cookie file is defined but target uid cannot be
determined.  Do not modify cookiefile string returned by pam_get_data.

14 years agoRelevant BUGIDs:
Dmitry V. Levin [Tue, 28 Sep 2010 17:11:36 +0000 (17:11 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
2010-09-27  Dmitry V. Levin  <ldv@altlinux.org>

* modules/pam_xauth/pam_xauth.c (check_acl): Check that the given
access control file is a regular file.

14 years agoRelevant BUGIDs:
Dmitry V. Levin [Mon, 20 Sep 2010 20:16:30 +0000 (20:16 +0000)]
Relevant BUGIDs:

Purpose of commit: cleanup

Commit summary:
---------------

2010-09-16  Dmitry V. Levin  <ldv@altlinux.org>

* modules/pam_env/pam_env.c (handle_env): Use setfsuid() return code.
* modules/pam_mail/pam_mail.c (_do_mail): Likewise.
* modules/pam_xauth/pam_xauth.c (check_acl, pam_sm_open_session,
pam_sm_close_session): Likewise.

14 years agoRelevant BUGIDs: Linux-PAM-1_1_2
Thorsten Kukuk [Tue, 31 Aug 2010 11:20:59 +0000 (11:20 +0000)]
Relevant BUGIDs:

Purpose of commit: new release

Commit summary:
---------------

2010-08-31  Thorsten Kukuk  <kukuk@thkukuk.de>

        * release version 1.1.2

        * configure.in: Bump version number.
        * NEWS: Document changes since 1.1.1.
        * doc/adg/Linux-PAM_ADG.xml: Bump version number.
        * doc/mwg/Linux-PAM_MWG.xml: Likewise.
        * doc/sag/Linux-PAM_SAG.xml: Likewise.
        * libpam/Makefile.am: Bump revision of shared library.
        * po/*.po: Regenerate.

14 years agoRelevant BUGIDs:
Tomas Mraz [Thu, 26 Aug 2010 19:16:18 +0000 (19:16 +0000)]
Relevant BUGIDs:

Purpose of commit: new feature

Commit summary:
---------------
2010-08-26  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_nologin/pam_nologin.c (perform_check): Try first
         /var/run/nologin if the nologin file is not explicitly specified.
        * modules/pam_nologin/pam_nologin.8.xml: Document that /var/run/nologin
        is tried first.

14 years agoRelevant BUGIDs:
Tomas Mraz [Thu, 26 Aug 2010 19:11:51 +0000 (19:11 +0000)]
Relevant BUGIDs:

Purpose of commit: translation

Commit summary:
---------------
2010-08-26  Sweta Kothari  <swkothar@redhat.com>

        * po/gu.po: Updated translations.

2010-08-26  Geert Warrink  <geert.warrink@onsnet.nu>

        * po/nl.po: Updated translations.

14 years agoRelevant BUGIDs: #2315432, debian#284854#42.
Thorsten Kukuk [Thu, 26 Aug 2010 13:49:33 +0000 (13:49 +0000)]
Relevant BUGIDs: #2315432, debian#284854#42.

Purpose of commit: bugfix

Commit summary:
---------------

2010-08-26  Thorsten Kukuk  <kukuk@thkukuk.de>

* doc/specs/Makefile.am: Use CC_FOR_BUILD as compiler (cross
compile support).
* configure.in: Check for host compiler if cross compiling.
Bug #2315432, debian#284854#42.

14 years agoRelevant BUGIDs:
Thorsten Kukuk [Tue, 17 Aug 2010 11:15:32 +0000 (11:15 +0000)]
Relevant BUGIDs:

Purpose of commit: new feature

Commit summary:
---------------

2010-08-17  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_unix/pam_unix_passwd.c: Implement minlen option.
        * modules/pam_unix/support.c: Likewise.
        * modules/pam_unix/support.h: Likewise.

        * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Adjust
        arguments for _set_ctrl call.
        * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise.
        * modules/pam_unix/pam_unix_session.c: Likewise.

        * modules/pam_unix/pam_unix.8.xml: Document minlen option.
        Based on patch by Steve Langasek.

14 years agoRelevant BUGIDs:
Thorsten Kukuk [Fri, 13 Aug 2010 08:59:53 +0000 (08:59 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2010-08-12  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_mail/pam_mail.c: Check for mail only with user
        privilegs.

        * modules/pam_xauth/pam_xauth.c (run_coprocess): Check return
        value of setgid, setgroups and setuid.

        * modules/pam_xauth/pam_xauth.c (check_acl): Save errno for
        later usage.

        * modules/pam_env/pam_env.c (handle_env): Check if user exists,
        read local user config only with user privilegs.`

14 years agoRelevant BUGIDs:
Thorsten Kukuk [Mon, 9 Aug 2010 15:36:48 +0000 (15:36 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix/cleanup

Commit summary:
---------------

2010-08-09  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_tally/pam_tally.8.xml: Document that pam_tally is
        deprecated.

        * modules/pam_tty_audit/Makefile.am (EXTRA_DIST): Fix make dist.

14 years agoRelevant BUGIDs: 2923437
Thorsten Kukuk [Mon, 9 Aug 2010 14:16:25 +0000 (14:16 +0000)]
Relevant BUGIDs: 2923437

Purpose of commit: bugfix

Commit summary:
---------------

2010-08-09  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_unix/passverify.c (check_shadow_expiry): Correct
        check for expired date.

        * modules/pam_unix/pam_unix_passwd.c (_pam_unix_approve_pass): Remove
        check for password length. Bug #2923437.

14 years agoRelevant BUGIDs:
Thorsten Kukuk [Wed, 4 Aug 2010 14:51:45 +0000 (14:51 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2010-08-04  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_tally2/pam_tally2.c (get_tally): Create file
        with correct permissions. Patch by Diego Elio "Flameeyes" Pettenò.

14 years agoRelevant BUGIDs: 2730965
Thorsten Kukuk [Wed, 4 Aug 2010 13:54:02 +0000 (13:54 +0000)]
Relevant BUGIDs: 2730965

Purpose of commit: workaround

Commit summary:
---------------

2010-08-04  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_unix/passverify.c (PAMH_ARG_DECL): Don't request
        password change if time is not yet set (1.1.1970). Bug #2730965.

14 years agoRelevant BUGIDs: #3035919, #3002340, #3037155
Thorsten Kukuk [Wed, 4 Aug 2010 13:00:59 +0000 (13:00 +0000)]
Relevant BUGIDs: #3035919, #3002340, #3037155

Purpose of commit: bugfix

Commit summary:
---------------

2010-08-04  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_access/pam_access.c (user_match): Make sure
        that user@host will not match @@netgroup. Bug #3035919.

        * modules/pam_group/pam_group.c (check_account): Add '%' for
        UNIX groups.
        * modules/pam_group/group.conf: Add example for '%'.
        * modules/pam_group/group.conf.5.xml: Document '%' syntax.
        Bug #3002340, #3037155.

14 years agoRelevant BUGIDs: Debian bug #582362
Steve Langasek [Mon, 2 Aug 2010 13:59:02 +0000 (13:59 +0000)]
Relevant BUGIDs: Debian bug #582362

Purpose of commit: bugfix

Commit summary:
---------------
Don't pass --version-script options when linking executables, only when
linking libraries
Patch from Julien Cristau <jcristau@debian.org>

14 years agoRelevant BUGIDs: 2917257
Thorsten Kukuk [Mon, 12 Jul 2010 14:47:11 +0000 (14:47 +0000)]
Relevant BUGIDs: 2917257

Purpose of commit: enhancement

Commit summary:
---------------

2010-07-12  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Add
        audit flag to enable logging about unknown user (#2917257).
        * modules/pam_succeed_if/pam_succeed_if.8.xml: Document audit.
        * modules/pam_succeed_if/pam_succeed_if.8: Regenerated from xml.
        * modules/pam_succeed_if/README: Regenerated from xml.

14 years agoRelevant BUGIDs: 3004656
Thorsten Kukuk [Tue, 22 Jun 2010 16:26:28 +0000 (16:26 +0000)]
Relevant BUGIDs: 3004656

Purpose of commit: bugfix

Commit summary:
---------------

2010-06-22  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_umask/pam_umask.8.xml: Remove comparisation of
        gid and uid for usergroups.
        * modules/pam_umask/pam_umask.c (setup_limits_from_gecos): Likewise.
        Bug #3004656

14 years agoRelevant BUGIDs:
Thorsten Kukuk [Tue, 22 Jun 2010 14:57:44 +0000 (14:57 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2010-06-22  Thorsten Kukuk  <kukuk@thkukuk.de>

        * configure.in: Don't check for libxcrypt if no xcrypt.h exists,
        fix typo introduced with 1.1.1.
        Reported by Diego Elio "Flameeyes" Pettenò.

14 years agoRelevant BUGIDs: 3010705
Thorsten Kukuk [Tue, 15 Jun 2010 14:27:13 +0000 (14:27 +0000)]
Relevant BUGIDs: 3010705

Purpose of commit: bugfix

Commit summary:
---------------

2010-06-15  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_xauth/pam_xauth.c (pam_sm_close_session): Call
        setfsuid to be allowed to remove temporary files (#3010705).
        (pam_sm_open_session): Call fchown with correct permissions.

14 years agoRelevant BUGIDs:
Thorsten Kukuk [Wed, 9 Jun 2010 08:58:06 +0000 (08:58 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Add test case for unresolved symbols

2010-06-09  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_tty_audit/Makefile.am (TESTS): Add tst-pam_tty_audit.
        * modules/pam_tty_audit/tst-pam_tty_audit: New.

Commit summary:
---------------

14 years agoRelevant BUGIDs: Ubuntu bug #588547
Steve Langasek [Mon, 7 Jun 2010 19:30:34 +0000 (19:30 +0000)]
Relevant BUGIDs: Ubuntu bug #588547

Purpose of commit: bugfix

Commit summary:
---------------

2010-06-07  Steve Langasek  <vorlon@debian.org>

* modules/pam_tty_audit/Makefile.am: If we don't have the libraries
required for building pam_tty_audit, we shouldn't install the manpage
either.

14 years agoRelevant BUGIDs:
Thorsten Kukuk [Thu, 27 May 2010 12:49:22 +0000 (12:49 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2010-05-27  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_userdb/pam_userdb.c: Define HAVE_DBM
        for BerkDB 5.0 support. Patch by Diego Elio Pettenò.

14 years agoRelevant BUGIDs:
Thorsten Kukuk [Wed, 5 May 2010 08:05:04 +0000 (08:05 +0000)]
Relevant BUGIDs:

Purpose of commit: docu fix

Commit summary:
---------------

2010-04-15  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_exec/pam_exec.8.xml: Fix example.

14 years agoRelevant BUGIDs:
Thorsten Kukuk [Wed, 14 Apr 2010 10:22:10 +0000 (10:22 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2010-04-13  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_pwhistory/opasswd.c: Fix compilation if
        cyprt_r() is not available.
        * configure.in: check for getutent_r.
        * modules/pam_timestamp/pam_timestamp.c: Use getutent()
        if getutent_r() does not exist.
        Patch from Diego Elio "Flameeyes" Pettenò.

14 years agoRelevant BUGIDs:
Thorsten Kukuk [Mon, 12 Apr 2010 13:55:21 +0000 (13:55 +0000)]
Relevant BUGIDs:

Purpose of commit: enhancement

Commit summary:
---------------

2010-04-12  Thorsten Kukuk  <kukuk@thkukuk.de>

        * doc/man/pam.conf-syntax.xml: Better documentation of
        "actionN". Patch from Michal Soltys <soltys@ziu.info>.

14 years agoRelevant BUGIDs:
Thorsten Kukuk [Tue, 6 Apr 2010 08:07:11 +0000 (08:07 +0000)]
Relevant BUGIDs:

Purpose of commit: new feature

Commit summary:
---------------

2010-04-06  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_rootok/pam_rootok.c: Add support for acct_mgmt
        and chauthtok.
        * modules/pam_rootok/pam_rootok.8.xml: Document new module
        types.

14 years agoRelevant BUGIDs:
Thorsten Kukuk [Mon, 29 Mar 2010 14:43:40 +0000 (14:43 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

po/ar.po: Add missing Plural-Forms entry to header.

14 years agoRelevant BUGIDs:
Tomas Mraz [Thu, 25 Mar 2010 20:08:42 +0000 (20:08 +0000)]
Relevant BUGIDs:

Purpose of commit: translation

Commit summary:
---------------
2010-03-25  Daniel Nylander <po@danielnylander.se>

        * po/sv.po: Updated translations.

14 years agoRelevant BUGIDs:
Tomas Mraz [Wed, 24 Mar 2010 13:57:50 +0000 (13:57 +0000)]
Relevant BUGIDs:

Purpose of commit: translation

Commit summary:
---------------
2010-03-24  Ani Peter  <anipeter@fedoraproject.org>

        * po/ml.po: Updated translations.

14 years agoRelevant BUGIDs:
Tomas Mraz [Mon, 8 Mar 2010 07:29:39 +0000 (07:29 +0000)]
Relevant BUGIDs:

Purpose of commit: translations

Commit summary:
---------------
2010-03-08  Yuri Chornoivan  <yurchor@ukr.net>

        * po/uk.po: Updated translations.

14 years agoRelevant BUGIDs:
Tomas Mraz [Tue, 9 Feb 2010 15:08:59 +0000 (15:08 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
2010-02-09  Tomas Mraz  <t8m@centrum.cz>

        * libpam/pam_get_authtok.c (pam_get_authtok_internal): Fix
        regression in the new password prompt.

14 years agoRelevant BUGIDs:
Tomas Mraz [Mon, 4 Jan 2010 17:00:33 +0000 (17:00 +0000)]
Relevant BUGIDs:

Purpose of commit: translation

Commit summary:
---------------
2010-01-04  Elad <el.il@doom.co.il>

        * po/he.po: New translation to Hebrew.
        * po/LINGUAS: Add Hebrew to the list.

15 years agoRelevant BUGIDs: Linux-PAM-1_1_1
Thorsten Kukuk [Wed, 16 Dec 2009 13:17:13 +0000 (13:17 +0000)]
Relevant BUGIDs:

Purpose of commit: release

Commit summary:
---------------

2009-12-16  Thorsten Kukuk  <kukuk@suse.de>

        * release version 1.1.1

        * NEWS: Adjust for 1.1.1
        * configure.in: Likewise.
        * doc/adg/Linux-PAM_ADG.xml: Likewise.
        * doc/mwg/Linux-PAM_MWG.xml: Likewise.
        * doc/sag/Linux-PAM_SAG.xml: Likewise.
        * po/*.po: Regenerated.

15 years agoRelevant BUGIDs: 2892529
Thorsten Kukuk [Tue, 8 Dec 2009 14:41:40 +0000 (14:41 +0000)]
Relevant BUGIDs: 2892529

Purpose of commit: bugfix

Commit summary:
---------------

2009-12-08  Thorsten Kukuk  <kukuk@thkukuk.de>

        * configure.in: Rename DEBUG to PAM_DEBUG.
        * libpam/pam_env.c: Likewise
        * libpam/pam_handlers.c: Likewise
        * libpam/pam_miscc.c: Likewise
        * libpam/pam_password.c: Likewise
        * libpam/include/security/_pam_macros.h: Likewise
        * libpamc/test/modules/pam_secret.c: Likewise
        * modules/pam_group/pam_group.c: Likewise
        * modules/pam_listfile/pam_listfile.c: Likewise
        * modules/pam_unix/pam_unix_auth.c: Likewise
        * modules/pam_unix/pam_unix_passwd.c: Likewise

15 years agoRelevant BUGIDs: rhbz#545053
Tomas Mraz [Tue, 8 Dec 2009 09:15:51 +0000 (09:15 +0000)]
Relevant BUGIDs: rhbz#545053

Purpose of commit: new feature

Commit summary:
---------------
2009-12-08  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_unix/passverify.c(unix_update_shadow): Create a shadow
        entry if not present in the file.

15 years agoRelevant BUGIDs:
Tomas Mraz [Tue, 8 Dec 2009 09:06:46 +0000 (09:06 +0000)]
Relevant BUGIDs:

Purpose of commit: cleanup

Commit summary:
---------------
2009-12-08  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_listfile/pam_listfile.c(pam_sm_authenticate): Remove
        unused function and variable.

15 years agoRelevant BUGIDs:
Tomas Mraz [Thu, 19 Nov 2009 10:43:23 +0000 (10:43 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
2009-11-19  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_sepermit/pam_sepermit.c(sepermit_match): Return
        PAM_AUTH_ERR from the module if sepermit_lock() fails.

15 years agoRelevant BUGIDs: 2892189
Tomas Mraz [Wed, 18 Nov 2009 16:06:53 +0000 (16:06 +0000)]
Relevant BUGIDs: 2892189

Purpose of commit: bugfix

Commit summary:
---------------
2009-11-18  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_access/pam_access.c(user_match): Revert the netgroup
        match to the original behavior, add new syntax for adding the local
        hostname.
        * modules/pam_access/access.conf.5.xml: Document the new syntax
for adding the local hostname to the netgroup match.

15 years agoRelevant BUGIDs:
Thorsten Kukuk [Tue, 10 Nov 2009 15:52:20 +0000 (15:52 +0000)]
Relevant BUGIDs:

Purpose of commit: regression fix

Commit summary:
---------------

2009-11-10  Thorsten Kukuk  <kukuk@suse.de>

        * doc/man/pam_get_authtok.3.xml: Document pam_get_authtok_noverify
        and pam_get_authtok_verify.

        * libpam/Makefile.am (libpam_la_LDFLAGS): Bump revesion of libpam.

        * libpam/pam_get_authtok.c (pam_get_authtok_internal): Renamed
        from pam_get_authtok, add flags argument, always check return
        values.

        * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Use
        pam_get_authtok_noverify and pam_get_authtok_verify.

        * libpam/include/security/pam_ext.h: Add prototypes for
        pam_get_authtok_noverify and pam_get_authtok_verify.

        * libpam/libpam.map: Add new pam_get_authtok_* functions.

15 years agoRelevant BUGIDs:
Thorsten Kukuk [Wed, 4 Nov 2009 14:07:44 +0000 (14:07 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

Add new manual page.

15 years agoRelevant BUGIDs:
Tomas Mraz [Mon, 2 Nov 2009 16:12:56 +0000 (16:12 +0000)]
Relevant BUGIDs:

Purpose of commit: translation

Commit summary:
---------------
2009-11-02  Ani Peter <anipeter@fedoraproject.org>

        * po/ml.po: Updated translations.

15 years agoRelevant BUGIDs:
Tomas Mraz [Mon, 2 Nov 2009 16:09:07 +0000 (16:09 +0000)]
Relevant BUGIDs:

Purpose of commit: new feature

Commit summary:
---------------
2009-11-02  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_sepermit/Makefile.am: Add sepermit.conf(5) manual page.
        * modules/pam_sepermit/pam_sepermit.8.xml: Add reference to
        sepermit.conf(5). Drop some redundant text.
        * modules/pam_sepermit/sepermit.conf.5.xml: New file.

        * modules/pam_sepermit/pam_sepermit.c(sepermit_match): Implement the ignore
        option in sepermit.conf.

15 years agoRelevant BUGIDs: rhbz#531530
Tomas Mraz [Thu, 29 Oct 2009 15:26:50 +0000 (15:26 +0000)]
Relevant BUGIDs: rhbz#531530

Purpose of commit: bugfix

Commit summary:
---------------
2009-10-29  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_xauth/Makefile.am: Link with libselinux.
        * modules/pam_xauth/pam_xauth.c(pam_sm_open_session): Call
        setfscreatecon() if selinux is enabled to create the .xauth file
        with the right label. Original idea by Dan Walsh.

15 years agoRelevant BUGIDs:
Tomas Mraz [Thu, 8 Oct 2009 15:19:41 +0000 (15:19 +0000)]
Relevant BUGIDs:

Purpose of commit: documentation

Commit summary:
---------------
2009-10-08  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_tty_audit/pam_tty_audit.8.xml: Add notice about aureport
        add SEE ALSO section.

15 years agoRelevant BUGIDs:
Tomas Mraz [Tue, 6 Oct 2009 12:26:05 +0000 (12:26 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
2009-10-06  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_listfile/pam_listfile.c(pam_sm_authenticate): Just
        call pam_modutil_user_in_group_nam_nam() instead of reimplementation
        of group matching.

15 years agoRelevant BUGIDs:
Tomas Mraz [Mon, 5 Oct 2009 06:57:53 +0000 (06:57 +0000)]
Relevant BUGIDs:

Purpose of commit: translation

Commit summary:
---------------
2009-10-05  Kris Thomsen  <lakristho@gmail.com>

        * po/da.po: Updated translations.

15 years agoRelevant BUGIDs:
Tomas Mraz [Tue, 29 Sep 2009 10:58:33 +0000 (10:58 +0000)]
Relevant BUGIDs:

Purpose of commit: translation

Commit summary:
---------------
2009-09-29  Piotr Drąg <piotrdrag@gmail.com>

        * po/pl.po: Updated translations.

15 years agoRelevant BUGIDs:
Tomas Mraz [Mon, 21 Sep 2009 07:11:16 +0000 (07:11 +0000)]
Relevant BUGIDs:

Purpose of commit: translation

Commit summary:
---------------
2009-09-21  Yulia Poyarkova  <yulia.poyarkova@redhat.com>

* po/ru.po: Updated translations.

15 years agoRelevant BUGIDs:
Tomas Mraz [Thu, 17 Sep 2009 08:11:11 +0000 (08:11 +0000)]
Relevant BUGIDs:

Purpose of commit: translation

Commit summary:
---------------
2009-09-17  Kiyoto Hashida  <khashida@redhat.com>

        * po/ja.po: Updated translations.

15 years agoRelevant BUGIDs:
Tomas Mraz [Thu, 17 Sep 2009 08:08:48 +0000 (08:08 +0000)]
Relevant BUGIDs:

Purpose of commit: translation

Commit summary:
---------------
2009-09-18  Eunju Kim  <eukim@redhat.com>

        * po/ko.po: Updated translations.

15 years agoRelevant BUGIDs:
Tomas Mraz [Thu, 17 Sep 2009 08:04:14 +0000 (08:04 +0000)]
Relevant BUGIDs:

Purpose of commit: translation

Commit summary:
---------------
2009-09-17  Yulia Poyarkova <yulia.poyarkova@redhat.com>

        * po/ru.po: Updated translations.

15 years agoRelevant BUGIDs: Debian bug #537848
Steve Langasek [Thu, 10 Sep 2009 10:19:57 +0000 (10:19 +0000)]
Relevant BUGIDs: Debian bug #537848

Purpose of commit: bugfix

Commit summary:
---------------
2009-09-10  Steve Langasek  <vorlon@debian.org>

* modules/pam_securetty/pam_securetty.c: pam_securetty should not
return PAM_USER_UNKNOWN when the tty is secure, regardless of what
was entered as a username.
Patch from Nicolas François <nicolas.francois@centraliens.net>.

15 years agoRelevant BUGIDs: Debian bug #518908
Steve Langasek [Mon, 31 Aug 2009 22:09:44 +0000 (22:09 +0000)]
Relevant BUGIDs: Debian bug #518908

Purpose of commit: portability

Commit summary:
---------------
2009-08-31  Steve Langasek  <vorlon@debian.org>

* modules/pam_namespace/namespace.init: make this portable to POSIX
awk, instead of using GNU awk extensions.

15 years agoRelevant BUGIDs: Debian bug #470096
Steve Langasek [Tue, 25 Aug 2009 07:54:15 +0000 (07:54 +0000)]
Relevant BUGIDs: Debian bug #470096

Purpose of commit: bugfix

Commit summary:
---------------
2009-08-25  Steve Langasek  <vorlon@debian.org>

        * po/es.po: fix missing whitespace in password prompts.

15 years agoRelevant BUGIDs: Debian bug #470137
Steve Langasek [Tue, 25 Aug 2009 07:32:55 +0000 (07:32 +0000)]
Relevant BUGIDs: Debian bug #470137

Purpose of commit: bugfix

Commit summary:
---------------
2009-08-25  Steve Langasek <vorlon@debian.org>

* modules/pam_sepermit/pam_sepermit.8.xml: fix up one reference
to pam.d(8) left behind because I've forgotten how CVS works

15 years agoRelevant BUGIDs:
Steve Langasek [Mon, 24 Aug 2009 21:26:18 +0000 (21:26 +0000)]
Relevant BUGIDs:

Purpose of commit: cleanup

Commit summary:
---------------
sesseion -> session

15 years agoRelevant BUGIDs:
Steve Langasek [Mon, 24 Aug 2009 07:48:26 +0000 (07:48 +0000)]
Relevant BUGIDs:

Purpose of commit: grammar fixes

Commit summary:
---------------
"successful" -> "successfully"; "them self" -> "themself" - the use of
"themself" as a gender-indeterminate reflexive pronoun in English is
disputed and somewhat awkward, but "them self" is 100% wrong.

15 years agoRelevant BUGIDs:
Thorsten Kukuk [Tue, 21 Jul 2009 13:59:24 +0000 (13:59 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2009-07-21  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Delete
        new token if it does not match strength criteria.

15 years agoRelevant BUGIDs:
Thorsten Kukuk [Tue, 30 Jun 2009 10:28:53 +0000 (10:28 +0000)]
Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

This makes Linux-PAM compile able with uClibc or on embedded systems
without full libc/libnsl.

2009-06-29  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_unix/yppasswd_xdr.c: Remove unnecessary header files.

        * modules/pam_unix/support.c (_unix_getpwnam): Only compile in NIS
        support if all necessary functions exist.

        * modules/pam_unix/pam_unix_passwd.c (getNISserver): Add debug
        option, handle correct if OS has no NIS support.

        * modules/pam_access/pam_access.c (netgroup_match): Check if
        yp_get_default_domain and innetgr are available at compile time.

        * configure.in: Check for functions: innetgr, getdomainname
        check for headers: rpcsvc/ypclnt.h, rpcsvc/yp_prot.h.