Commit summary:
---------------
A little closer to supporting AIX. These changes are not all of the
suggested changes in the bug report that I will close as a result
of this checkin, but they are all the changes that I feel happy making
right now. I've avoided some of the more gratutitous changes, hoping
that the submitter will reevaluate what they need in the light of what
I have committed here.
Andrew G. Morgan [Sun, 15 Apr 2001 06:32:08 +0000 (06:32 +0000)]
Relevant BUGIDs: 414943
Purpose of commit: comment about bug ids
Commit summary:
---------------
Sourceforge bumped all the bugids by 100000 at some point and this
made earlier entries in this CHANGELOG off by that amount. I've
added a comment about this to help the reader in trying to track
each interesting bug down.
Commit summary:
---------------
Bumped the version number.
Fixed a lack of SONAME definitions that were causing the libraries
not to be installed correctly.
Andrew G. Morgan [Sun, 11 Feb 2001 06:33:53 +0000 (06:33 +0000)]
Relevant BUGIDs: 112540
Purpose of commit: minor security bugfix
Commit summary:
---------------
Fixes for the password helper binaries.
Before, there was no check that the password entered was actually that
of the intended user being authenticated. Instead, the password was
checked for the requesting user. While this disstinction sounds like a
security hole, its actually not been a problem in practice. The helper
binaries have only been used in the case that the application is not
setuid-0 and as such even if an improper authentication succeeded, the
application could not change its uid from that of the requesting user.
Commit summary:
---------------
This bugfix leads to backwardly incompatable behavior with earlier
releases of Linux-PAM.
Note, this cleans up the setcred/session and chauthtok stacks in
such a way that it is no longer preferred that the setcred module
always return the same error code as the auth components of said
modules did.
This means behavior should be a great deal more sane. It also gives
meaning to the unique return codes that are available to pam_sm_setcred.
[I'm sure that when we add support for credential relevant events,
this change will be critical.]
Andrew G. Morgan [Mon, 22 Jan 2001 06:07:28 +0000 (06:07 +0000)]
Relevant BUGIDs: 129027, 128576
Purpose of commit: new feature + documentation
Commit summary:
---------------
Cleaned up the handling of AUTHTOK items and pam_[gs]et_data() functions.
Added more clear documentation about the pam_[gs]et_item() functions to
the pam_appl and pam_modules programmer guides.
Andrew G. Morgan [Sat, 20 Jan 2001 23:47:07 +0000 (23:47 +0000)]
Relevant BUGIDs: 127625
Purpose of commit: documentation
Commit summary:
---------------
added a note to this man page explaining that we do support a
default directory for modules. Also added some text describing
the alternative control syntax for pam configuration files.
Andrew G. Morgan [Sat, 20 Jan 2001 23:06:05 +0000 (23:06 +0000)]
Relevant BUGIDs: 127700
Purpose of commit: bugfix
Commit summary:
---------------
ia64 support - it behaves like an alpha wrt md5, but then unsigned int
is 32 bits everywhere(*) these days, so just remove the #ifdef nonsense.
Steve Langasek [Wed, 20 Dec 2000 05:15:05 +0000 (05:15 +0000)]
Relevant BUGIDs: 126431, 126423
Purpose of commit: new feature / bugfix
Commit summary:
---------------
This changes the format of pam_unix log messages, per bug 126423. The
change is extensive (every call to _log_err() now has an additional
argument) but straightforward.
These changes to the logging code incidentally fix the problem reported in
bug 126431.
Commit summary:
---------------
Remove the -Wtraditional flag from the GCC options. It causes strange and
annoying spam. Also reordered the progs verses argument parsing stuff
to avoid a warning from autoconf (back to one strange warning again).
Jan Rekorajski [Mon, 4 Dec 2000 20:56:10 +0000 (20:56 +0000)]
Relevant BUGIDs: 124397
Purpose of commit: new feature
Commit summary:
---------------
* _pam_aconf.h.in, configure.in - added PAM_PATH_MAILDIR set via
--with-mailspool=dir option (default is _PAM_MAILDIR if defined
in paths.h otherwise /var/spool/mail
Commit summary:
---------------
Time to generate a release of Linux-PAM (0.73).
Its almost been 12 months, and I'd really hate to actually have it
hit a year exactly!
[Let's hope subsequent releases will be more frequent.]
Andrew G. Morgan [Sun, 26 Nov 2000 07:32:39 +0000 (07:32 +0000)]
Relevant BUGIDs: 116076
Purpose of commit: bugfix
Commit summary:
---------------
Added pam_time/pam_group fixes for infinite loop when reading
'\\[^\n]' in their config files and also added support for '/'.
The latter makes both of these modules support modern tty handling.
Andrew G. Morgan [Sat, 25 Nov 2000 01:48:05 +0000 (01:48 +0000)]
Relevant BUGIDs: 111927, 117240
Purpose of commit: new feature
Commit summary:
---------------
Added accessconf= option to the module to override the
default access.conf file.
Feature request from Aldrin Martoq and Meelis Roos.
Andrew G. Morgan [Sat, 25 Nov 2000 00:12:33 +0000 (00:12 +0000)]
Relevant BUGIDs: 119554
Purpose of commit: cleanup
Commit summary:
---------------
The pam_limits module did not allow support for a changed number
of limits recognized by the kernel.
Bug identified and resolved by Adam J. Richter of Yggdrasil.
Commit summary:
---------------
This is a merge of the autoconf support that was developed against
a 0-72 branch.
[Note, because CVS has some issues, this is actually only 95% of
the actual commit. The other files were actually committed when
the preparation branch Linux-PAM-0-73pre-autoconf was updated.
Hopefully, this will complete the merge.]
Commit summary:
---------------
this is a merge of the 0-72 autoconf branch to something more
up to date. This commit will be followed by merging this
Linux-PAM-0-73pre-autoconf branch to the main trunk.
Steve Langasek [Thu, 31 Aug 2000 17:15:30 +0000 (17:15 +0000)]
Relevant BUGIDs: 113238
Purpose of commit: bugfix to pam_unix
Commit summary:
---------------
Fixed case where pam_unix would segfault if the app's conversation function
returned a null pointer as the password. Since a null pointer can never be
a valid password unless the password file also has a null field (which we
already check for), we now check for a valid pointer and return PAM_AUTH_ERR
if we don't have one.
Andrew G. Morgan [Fri, 11 Aug 2000 05:11:04 +0000 (05:11 +0000)]
Relevant BUGIDs: 111645
Purpose of commit: bugfix
Commit summary:
---------------
C++ support was broken for PAM-applications, this checkin should fix it.
I've received this bug report from numerous folk.
Steve Langasek [Wed, 9 Aug 2000 15:49:51 +0000 (15:49 +0000)]
Relevant BUGIDs: 111491
Purpose of commit: bugfix for pam_shells under Solaris
Commit summary:
---------------
Solaris' C compiler doesn't seem to respect concatenation of strings in
a function argument list. Changed arguments to _pam_log() in the pam_shells
command to get around this.
Steve Langasek [Thu, 3 Aug 2000 19:03:52 +0000 (19:03 +0000)]
Relevant BUGIDs: 111035
Purpose of commit: bugfix to pam_unix_auth
Commit summary:
---------------
Fix for 'likeauth' handling in the pam_unix_auth module. If pam_setcred
needs to return the same value as returned by pam_authenticate, malloc()
space for this return value and pass its address to pam_set_data().
Also, changes pam_sm_setcred() so that it reads this value properly.
Steve Langasek [Tue, 4 Jul 2000 04:39:35 +0000 (04:39 +0000)]
Relevant BUGIDs: 108845
Purpose of commit: bugfix
Commit summary:
---------------
Fix to pam_unix password changing code: if the password file is locked,
retry repeatedly to reduce the risk of leaving other authentication
databases in an inconsistent state when we fail.