Thorsten Kukuk [Mon, 21 Feb 2005 09:52:05 +0000 (09:52 +0000)]
Relevant BUGIDs: mail
Purpose of commit: bugfix
Commit summary:
---------------
The following reported by mail was fixed:
"I've been in trouble using the '%group' feature in the limits.conf file.
There are priorities when settings the limits and the order is as
enumerated here. The problem is that the initial value is
LIMITS_DEF_NONE, so neither LIMITS_DEF_ALL nor LIMITS_DEF_ALLGROUP
can ever be set."
Tomas Mraz [Fri, 7 Jan 2005 15:31:26 +0000 (15:31 +0000)]
Relevant BUGIDs: 629251, Red Hat bz 143750
Purpose of commit: bugfix
Commit summary:
---------------
libpam: don't return PAM_IGNORE if the impression is positive and
using cached chain
pam_nologin: don't overwrite return value with return from pam_get_item
Thorsten Kukuk [Wed, 5 Jan 2005 16:15:26 +0000 (16:15 +0000)]
Relevant BUGIDs: 872945
Purpose of commit: bugfix
Commit summary:
---------------
Calling pam_chauthtok of pam_unix and entering the correct old password,
but abort on typing the new one, PAM_AUTHTOK_RECOVER_ERR is returned.
Since we got the old token, PAM_AUTHTOK_ERR needs to be returned.
Found by LSB PAM testsuite.
Tomas Mraz [Thu, 11 Nov 2004 13:19:34 +0000 (13:19 +0000)]
Relevant BUGIDs: Red Hat bz 77646
Purpose of commit: bugfix
Commit summary:
---------------
Test return value of renames for failure so user knows
that his password wasn't really changed.
Also report error when /etc/security/opasswd is missing and
pam_unix module is called with remember=x.
Tomas Mraz [Thu, 4 Nov 2004 08:12:38 +0000 (08:12 +0000)]
Relevant BUGIDs:
Purpose of commit:
bugfix
Commit summary:
---------------
Revert the change in previous pam_limits.c commit it's already
compensated by count=1 assignment
Thorsten Kukuk [Thu, 27 Nov 2003 07:54:20 +0000 (07:54 +0000)]
Relevant BUGIDs: 850092
Purpose of commit: bugfix
Commit summary:
---------------
Using the fakeroot option as normal user does not work, since
we call ldconfig, which aborts with an error message if not
called as root due missing permissions.
Fixed by calling ldconfig with -n library path option if FAKEROOT
is set.
Thorsten Kukuk [Wed, 26 Nov 2003 11:05:55 +0000 (11:05 +0000)]
Relevant BUGIDs: 808022
Purpose of commit: bugfix
Commit summary:
---------------
_pam_aconf.h will be no longer installed.
It's a configuration header generated by autoconf, and could
interfere with applications which might include it. None of the
other installed headers include it, either, so it doesn't
serve any purpose.
Thorsten Kukuk [Wed, 26 Nov 2003 10:31:10 +0000 (10:31 +0000)]
Relevant BUGIDs: 849545
Purpose of commit: bugfix/cleanup
Commit summary:
---------------
CFLAGS from configure run is ignored by Make.Rules.
modules should build after libpam, so that we can link against libpam.
In one place, "ar" instead of "$(AR)" is used.
Thorsten Kukuk [Wed, 26 Nov 2003 08:50:59 +0000 (08:50 +0000)]
Relevant BUGIDs: 849498
Purpose of commit: bugfix
Commit summary:
---------------
The type of remember in support.c is int, not
long. But we compare remember with LONG_MIN
and LONG_MAX. While this works on 32bit
architectures, this fails on 64bit one.
INT_MIN and INT_MAX should be used.
Thorsten Kukuk [Tue, 25 Nov 2003 09:06:54 +0000 (09:06 +0000)]
Relevant BUGIDs: 848337
Purpose of commit: bugfix
Commit summary:
---------------
pam_shells uses strlen/strcmp, but does not
include the corresponding string.h header file.
This could lead to problems on architectures,
where gcc needs a correct prototype to generate
correct calling code.
pam_stress.c complains about a redefined
__USE_BSD symbol. This is a internal glibc
define and should not be used in source code.
Thorsten Kukuk [Mon, 24 Nov 2003 14:46:06 +0000 (14:46 +0000)]
Relevant BUGIDs:
Purpose of commit:
bugfix for pam_securetty
Commit summary:
---------------
Move the first usage of uttyname ofter the initialisation
(Bug # 848316). This move was forgetten with the last changes.
Jan Rekorajski [Thu, 25 Sep 2003 17:54:44 +0000 (17:54 +0000)]
Relevant BUGIDs: 812567
Purpose of commit: new feature
Commit summary:
---------------
Implementation of "include" directive for pam config file syntax.
- added module type PAM_T_ANY needed to know if we are loading included file or main one
- let _pam_parse_conf_file() know of new directive
- new function _pam_load_conf_file() used to load "included" configs
Steve Langasek [Sun, 13 Jul 2003 20:01:44 +0000 (20:01 +0000)]
Relevant BUGIDs: 770645
Purpose of commit: cleanup
Commit summary:
---------------
Fix the many compile-time warnings caused by features.h being included
before our _pam_aconf.h. This should make it much easier to find other
bugs.
Also, call config.status instead of configure, to allow rebuilding
generated files with the same options.
Steve Langasek [Sun, 13 Jul 2003 18:41:04 +0000 (18:41 +0000)]
Relevant BUGIDs: 643357
Purpose of commit: bugfix
Commit summary:
---------------
Patch from Sam Hartman to fix handling of module linking on Linux:
modules should be linked against libpam if they call any functions from
the library, since not all platforms will correctly resolve symbol
references otherwise. Also, make sure we use gcc, not ld, when linking,
since there's additional linker glue that gcc will pull in for us.
Steve Langasek [Sun, 13 Jul 2003 06:43:04 +0000 (06:43 +0000)]
Relevant BUGIDs: patch 476984
Purpose of commit: bugfix
Commit summary:
---------------
Patch from Nalin Dahyabhai: always compare tty names without the "/dev",
working around inconsistent handling among apps.
Also, make minor adjustments for robustness (handle DOS EOL chars, and
don't hardcode array sizes).
Steve Langasek [Sun, 13 Jul 2003 06:34:15 +0000 (06:34 +0000)]
Relevant BUGIDs: patch 476976
Purpose of commit: bugfix
Commit summary:
---------------
Patch from Nalin Dahyabhai: when updating /etc/{passwd,shadow}, always
respect any admin-specified permissions on the existing files.
Steve Langasek [Sun, 13 Jul 2003 06:16:13 +0000 (06:16 +0000)]
Relevant BUGIDs: patch 476968
Purpose of commit: bugfix
Commit summary:
---------------
Patch from Nalin Dahyabhai to prevent a buffer overflow in pam_issue
(rare, but could be triggered by a race condition when the admin updates
/etc/issue).
Steve Langasek [Sun, 13 Jul 2003 05:14:08 +0000 (05:14 +0000)]
Relevant BUGIDs: patch 476936
Purpose of commit: cleanup
Commit summary:
---------------
Variant on Nalin's patch: 'unsigned int' is /usually/ 32 bits, but
uint32_t is /always/ 32 bits -- where present. Since C99 is fairly
recent, we may need some autoconf support for older platforms, but
should at least be covered for Linux & Solaris. (Still a better choice
than the non-standard sys/types.h, though.)
Andrew G. Morgan [Sat, 13 Jul 2002 05:48:19 +0000 (05:48 +0000)]
Relevant BUGIDs: 476951, 476953
Purpose of commit: bugfix
Commit summary:
---------------
Be more careful when using the deny option - pay attention to the trust
option before you grant access.
Fix from Nalin.
Andrew G. Morgan [Thu, 11 Jul 2002 06:22:45 +0000 (06:22 +0000)]
Relevant BUGIDs: 476941, 476980
Purpose of commit: bugfix and new feature
Commit summary:
---------------
fix case that wheel is the primary group of the user
add support for passwordless transitions from a trusted user to another
non-root user.
Andrew G. Morgan [Thu, 11 Jul 2002 05:43:50 +0000 (05:43 +0000)]
Relevant BUGIDs: 476963
Purpose of commit: new feature
Commit summary:
---------------
some applications are not prepared to get a SIGCHLD from a child
process they didn't think they launched, so we now suppress
this signal for the duration of use of the helper binary.
The 'noreap' module argument is provided to override this new
default.
Commit summary:
---------------
bigcrypt does not match crypt when password length is too long.
This led to a pam_unix problem when the module had not set the
password in bigcrypt mode, but was trying to compare with bigcrypt
output. The fix is to use the stored password as a guide to how much
of the encrypted password to compare against.
Andrew G. Morgan [Thu, 27 Jun 2002 05:54:05 +0000 (05:54 +0000)]
Relevant BUGIDs: 415423
Purpose of commit: cleanup
Commit summary:
---------------
Shouldn't explicitly include prototype in the file - it conflicts with
common defaults and thus should not be there. (Request for removal from
David Lee.)
Andrew G. Morgan [Thu, 27 Jun 2002 05:43:28 +0000 (05:43 +0000)]
Relevant BUGIDs: 419307
Purpose of commit: new feature/cleanup
Commit summary:
---------------
made pam_nologin more secure by changing the default behavior and
adding some more features. General code clean up in the process.
Andrew G. Morgan [Thu, 27 Jun 2002 04:04:54 +0000 (04:04 +0000)]
Relevant BUGIDs: 565470
Purpose of commit: bugfix
Commit summary:
---------------
It seems that configure was barfing on some packages because libpam_misc
could not compile without also being linked to libpam.
Andrew G. Morgan [Wed, 29 May 2002 06:35:46 +0000 (06:35 +0000)]
Relevant BUGIDs: 491466
Purpose of commit: cleanup
Commit summary:
---------------
These were all suggestions from the OS X patch provided by Luke Howard.
There is another proposed patch for OS X support which promises to be
a little cleaner with the heavy stuff, so I am committing these simple
changes now, with the intention of moving to the other patch for the
big stuff (see 534205).
Andrew G. Morgan [Wed, 29 May 2002 04:51:07 +0000 (04:51 +0000)]
Relevant BUGIDs: 490938, 409852
Purpose of commit: debugging
Commit summary:
---------------
Added a simple wrapper to make it easier to test xsh with the sandbox
libraries (no help with modules - besides editing your personal pam.d/xsh
file).
Andrew G. Morgan [Wed, 29 May 2002 04:44:43 +0000 (04:44 +0000)]
Relevant BUGIDs: 424315
Purpose of commit: cleanup
Commit summary:
---------------
This was a reimplementation of pam_warn to be more useful. I did it in
conjuction with testing the new setcred behavior.
projects / linux-pam / log