diff options
| author | Dmitry V. Levin <ldv@strace.io> | 2024-05-11 08:00:00 +0000 |
|---|---|---|
| committer | Dmitry V. Levin <ldv@strace.io> | 2024-05-15 08:00:00 +0000 |
| commit | 0f6796ec4c9429494653be48a3cf13b45e55c86f (patch) | |
| tree | 7f83e3a7a14206970c7d9635e774df0e0adbd903 /ChangeLog.old | |
| parent | a7eb114974b20aa02ead19e8f905a863ef34ce55 (diff) | |
| download | pam-0f6796ec4c9429494653be48a3cf13b45e55c86f.tar.gz pam-0f6796ec4c9429494653be48a3cf13b45e55c86f.tar.bz2 pam-0f6796ec4c9429494653be48a3cf13b45e55c86f.zip | |
Move all historic changelog files to a top-level ChangeLog.old directory
Move all historic changelog files away to avoid confusion.
Diffstat (limited to 'ChangeLog.old')
| -rw-r--r-- | ChangeLog.old/CHANGELOG | 1765 | ||||
| -rw-r--r-- | ChangeLog.old/CHANGELOG-pam_unix | 54 | ||||
| -rw-r--r-- | ChangeLog.old/ChangeLog-CVS | 5099 |
3 files changed, 6918 insertions, 0 deletions
diff --git a/ChangeLog.old/CHANGELOG b/ChangeLog.old/CHANGELOG new file mode 100644 index 00000000..5f9bab2a --- /dev/null +++ b/ChangeLog.old/CHANGELOG @@ -0,0 +1,1765 @@ + +======================================================================= +======================================================================= + + This file is no longer used for tracking changes for Linux-PAM. For + user visible changes, please look at the NEWS file. A more verbose + list of changes can be found in ChangeLog. + +======================================================================= +======================================================================= + +----------------------------- + +TODO: + + - sanitize use of md5 throughout distribution.. Make a static + library for helping to develop modules that contains it and other + stuff. Also add sha-1 and ripemd-160 digest algorithms. + - once above is done. remove hacks from the secret@here module etc.. + - document PAM_INCOMPLETE changes + - verify that the PAM_INCOMPLETE interface is sensible. Can we + catch errors? should we permit item changing etc., between + pam_authenticate re-invocations? + - verify that the PAM_INCOMPLETE interface works (auth seems ok..) + - add PAM_INCOMPLETE support to modules (partially added to pam_pwdb) + - work on RFC. + - auth and acct support in pam_cracklib, "yes, I know the password + you just typed was valid, I just don't think it was very strong..." + +==================================================================== + +If you have found a bug in Linux-PAM (including a documentation bug, +or a new feature request and/or patch), please consider filing such a +bug report - outstanding bugs are listed here: + + http://sourceforge.net/tracker/?atid=106663&group_id=6663&func=browse + +(to file another bug see the 'submit bug' button on that page). + +==================================================================== + +0.81: please submit patches for this section with actual code/doc + patches! +* pam_umask: New module for setting umask from GECOS field, /etc/login.defs + or /etc/default/login (kukuk) +* configure/pam_strerror: Remove old ugly-hack option for pam_strerror + interface change (kukuk) +* configure.in: Fix AC_DEFINE usage for autoheader (kukuk) +* configure.in/_pam_aconf.h.in: Remove feature.h inclusion (kukuk) +* defs: Remove obsolete directory/content (kukuk) +* Rename _pam_aconf.h.in to config.h (kukuk) +* pam_unix: Don't ignore pam_get_item return value (kukuk) +* pam_userdb: Fix regression - crash when crypt param not specified (t8m) +* libpam: Remove pam_authenticate_secondary stub (kukuk) +* Use autoconf/automake/libtool (kukuk) +* pam_securetty: Be fail-close on user lookups, always log failures, + not just with "debug" (Solar Designer) +* Add gettext support +* Add translations for cs, de, es, fr, hu, it, ja, nb, pa, pt_BR, + pt, zh_CN and zh_TW +* pam_limits: Apply ALT Linux/Owl patch +* pam_motd: Apply ALT Linux/Owl patch +* libpam: Cache pam_get_user() failures +* libpam: Add pam_prompt,pam_vprompt,pam_error,pam_verror,pam_info + and pam_vinfo functions for use by modules as extension (kukuk). +* pam_cracklib: Make path to cracklib dicts an option (kukuk). +* libpam: Add pam_syslog function for unified syslog messages from + PAM modules (kukuk). +* pam_tally, pam_time, pam_userdb: use pam_syslog and pam_prompt (ldv) +* pam_issue: major cleanup (ldv) +* pam_echo: New PAM module for message output (kukuk) +* pam_limits: Fix regression from RLIMIT_NICE support (wrong limit + values for other limits are applied) patch by Anton Guda +* pam_unix: Always honor nis flag on password change (by Aaron Hope) +* libpam: Moved functions from pammodutil to libpam (t8m) +* pam_lastlog: Cleanup, fix broken logic in pam_parse, + modify wtmp by default, nowtmp option switches that off (ldv) + +0.80: Wed Jul 13 13:23:20 CEST 2005 +* pam_tally: test for NULL data before dereferencing them (t8m) +* pam_unix: fix regression introduced in 0.78 - both NIS and local password + should be changed if possible (t8m) +* misc_conv: flush input first then print the prompt - fixes problem + with expect scripts (t8m) +* pam_unix: nis option shouldn't clear the shadow option (t8m) +* cleanups and minor bugfixes by Steve Grubb (t8m) +* pam_private.h: set PAM_DEFAULT_PROMPT to "login: " (kukuk) +* pam_mkhomedir: Create parent directories if they do not already + exist (Bug 600351 - kukuk) +* pam_mkhomedir: Set owner/permissions of home directory after we + created all files (Bug 1032922 - kukuk) +* pam_rhosts: Get rid of static buffer for path (kukuk) +* pam_selinux/pam_unix/pam_rootok: Add SELinux support based on + patch from Red Hat (kukuk) +* pam_limits: Correct support of unlimited limits, use correct type + for rlimit value (Bug 945449 - kukuk, t8m) +* pam_xauth: Unset the XAUTHORITY variable when requesting user is + root and target user is not (t8m) +* pam_access: Add listsep option to set list element separator by + Richard Shaffer (t8m) +* pam_limits: Don't reset process priority if none is specified in + the config file (Novell #81690 - kukuk) +* Fix all occurrence of dereferencing type-punned pointer will break + strict-aliasing rules warnings (kukuk) +* pam_limits: Support new limits in linux 2.6.12 (t8m) +* pam_mkhomedir: change mode datatype (toady) +* pam_limits: Don't lowercase login names (kukuk) + +0.79: Thu Mar 31 16:48:45 CEST 2005 +* pam_tally: added audit option (toady) +* pam_unix: don't log user unknown failure when he can be properly + authenticated by another module (t8m) +* configure: don't abort if no cracklib dictinaries were found, but + warn user that pam_cracklib will not be built (kukuk) +* modules/pam_unix/support.c: Fix return value if user aborts while + changes the password (Bug 872945 - kukuk) +* modules/pam_unix/support.c: Fix return value for an unknown user + (Bug 872943 - kukuk) +* pam_limits: support for new Linux kernel 2.6 limits (from toby cabot + - t8m) +* pam_tally: major rewrite of the module (t8m) +* libpam: don't return PAM_IGNORE for OK or JUMP actions if using + cached chain (Bug 629251 - t8m) +* pam_nologin: don't overwrite return value with return from + pam_get_item (t8m) +* libpam: Add more checks for broken PAM configuration files to + avoid seg.faults (kukuk) +* pam_shells: correct README +* libpam: Fix debug code (kukuk) +* pam_limits: Fix order of LIMITS_DEF_* priorities (kukuk) +* pam_xauth: preserve DISPLAY variable (Novell #66885 - kukuk) +* libpam: Add prelude ids (http://www.prelude-ids.org) support, + as experimental. (toady) +* configure: Add the directory where new versions of cracklib is + installed (from Jim Gifford - toady) +* libpamc: Use standard u_intX_t types instead of __uX (kukuk) + +0.78: Do Nov 18 14:48:36 CET 2004 + +* pam_unix: change the order of trying password changes - local first, + NIS second (t8m) +* pam_wheel: add option only_root to make it affect authentication + to root account only +* pam_unix: test return values on renaming files and report error to + syslog and to user +* pam_unix: forced password change shouldn't trump account expiration +* pam_unix: remove the use of openlog (from debian - toady) +* pam_unix: NIS cleanup (patch from Philippe Troin) +* pam_access: you can now authenticate an explicit user on an explicit + tty (from debian - toady) +* pam_limits, pam_rhosts, pam_unix: fixed hurd portability issues + (patch from Igor Khavkine) +* pam_env: added comments in the configuration file to avoid errors + (from debian - toady) +* pam_mail: check PAM_NO_ENV to know if we can delete the environment + variable (from debian - toady) +* pam_filter: s/termio/termios/g (from debian - toady) +* pam_mkhomedir: no maxpathlen required (from debian - toady) +* pam_limits: applied patch to allow explicit limits for root + and remove limits on su. (from debian - toady) +* pam_unix: severe denial of service possible with this module since + it locked too aggressively. Bug report and testing help from Sascha + Loetz. (Bug 664290 - agmorgan) +* getlogin was spoofable: "/tmp/" and "/dev/" have the same number of + characters, so 'ln /dev/tty /tmp/tty1 ; bash < /tmp/tty1 ; logname' + attacks could potentially spoof pam_wheel with the 'trust' module + argument into granting access to a luser. Also, pam_unix gave + odd error messages in such a situation (logname != uid). This + problem was found by David Endler of iDefense.com (Bug 667584 - + agmorgan). +* added my new DSA public key to the pgp.keys.asc file. Also included + a signed copy of my new public key (1024D/D41A6DF2) made with my old + key (1024/2A398175). +* added "include" directive to config file syntax. + The whole idea is to create few "systemwide" pam configs and include + parts of them in application pam configs. + (patch by "Dmitry V. Levin" <ldv@altlinux.org>) (Bug 812567 - baggins). +* doc/modules/pam_mkhomedir.sgml: Remove wrong debug options + (Bug 591605 - kukuk) +* pam_unix: Call password checking helper whenever the password field + contains only one character (Bug 1027903 - kukuk) +* libpam/pam_start.c: All service names should be files below /etc/pam.d + and nothing else. Forbid paths. (Bug 1027912 - kukuk) +* pam_cracklib: Fix error in distance algorithm in the 0.9 pam_cracklib + module (Bug 1010142 - toady) +* pam_userdb: applied patch from Paul Walmsley <paul@booyaka.com> + it now indicates whether encrypted or plaintext passwords are stored + in the database needed for pam_userdb (BerliOS - toady) +* pam_group: The module should also ignore PAM_REINITIALIZE_CRED to + avoid spurious errors (from Linux distributors - kukuk) +* pam_cracklib: Clear the entire options structure (from Linux + distributors - kukuk) +* pam_issue: We write a NUL to prompt_tmp[tot_size] later, so make sure + that the destination is part of the allocated block, make do_prompt + static (from Linux distributors - kukuk) +* ldconfig: Only run full ldconfig, if we don't install into a FAKEROOT + environment, else let ldconfig only create the symlinks correct + (from Linux distributors - kukuk) +* pam_unix/pam_pwdb: Use SIG_DFL instead of SIG_IGN for SIGCHLD + (from Linux distributors - kukuk) +* Add most of Steve Grubb's resource leak and other fixes (from + Linux distributors - kukuk) +* doc/Makefile: Don't include .cvsignore files in tar ball (kukuk) +* libpam_misc/misc_conv.c: Differentiate between Ctrl-D and + <Return> (Bug 1032604 - kukuk) +* Make.Rules.in: Add targets for installing man pages for modules + (from Linux distributors - kukuk) +* Add pam_xauth module (Bug 436440 - kukuk) +* Add pam_localuser module (Bug 436444 - kukuk) +* Add pam_succeed_if module (from Linux distributors - kukuk) +* configure.in: Fix check for libcrypt (Bug 417704 - kukuk) +* Add the "broken_shadow" argument to pam_unix, for ignoring errors + reading shadow information (from Linux distributors - kukuk) +* Add patches to make PAM modules reentrant (Bug 440107 - kukuk) +* Merge patches from Red Hat (Bug 477000 and other - kukuk) +* Fix pam_rhosts option parsing (Bug 922648 - kukuk) +* Add $ISA support in config files (from Red Hat - kukuk) + +0.77: Mon Sep 23 10:25:42 PDT 2002 + +* documentation support for pdf files was not quite right - + installation was messed up. +* pam_wheel was too aggressive to grant access (in the case of the + 'deny' option you want to pay attention to 'trust'). Fix from + Nalin (Bugs 476951, 476953 - agmorgan) +* account management support for: pam_shells, pam_listfile, pam_wheel + and pam_securetty (+ static module fix for pam_nologin). Patch from + redhat through Harald Welte (Bug 436435 - agmorgan). +* pam_wheel feature from Nalin - can use the module to provide wheel + access to non-root accounts. Also from Nalin, a bugfix related to + the primary group of the applicant is the 'wheel' group. (Bugs + 476980, 476941 - agmorgan) +* pam_unix and pam_pwdb: by default turn off the SIGCHLD handler while + running the helper binary (patch from Nalin) added the "noreap" + module argument to both of these modules to turn off this new + default. Bugfix found by Silvan Minghetti for former module and + 521314 checkin. (Bugs 476963, 521314 - agmorgan). +* updated CHANGELOG and configure.in for 0.77 work. + +0.76: Mon Jul 8 21:44:59 PDT 2002 + +* pam_unix: fix for legacy crypt() support when the password entered + was long. (Bug 521314 - agmorgan). +* pam_access no longer include gethostname() prototype complaint from + David Lee (Bug 415423 - agmorgan). +* make pam_nologin more secure by default, added two new module + arguments etc. - acting on suggestion from Nico (Bug 419307 - + agmorgan) +* link in libpam to libpam_misc - since the latter uses functions in + the former it makes some sort of sense to do this (although, in the + static library case, I remain to be convinced). (Bug 565470 - + agmorgan). +* absorbed some of the proposed darwin (OS X) changes from Luke Howard + (of PADL software) - hopefully will get the rest (see Rob Braun's + 534205) by 0.77 (Bug 491466 - agmorgan). +* README fix for pam_unix from Nalin (Bug 476971 - agmorgan). +* add support for building pdf files from the documentation - request + from 'lolive' (Bug 471377 - agmorgan). +* documented the equivalent '[..]' expressions for "required" + etc. Request from Ross Patterson (Bug 529078 - agmorgan). +* '[...]' parsing: document it and also fix it to support '\]' escape + sequence. Feature request from Russell Kliese (Bug 517064 - + agmorgan). +* pam_rootok: compilation warning noted by Tony den Haan wrt no + prototype for strcmp() (Bug 557322 - agmorgan). +* documentation: (a few of mine in passing) and app documentation + suggestions regarding PAM environment variables and module + documentation changes regarding the conversation function from Jenn + Vesperman (Bug 527821, 527965 - agmorgan) +* documentation: pam_time.sgml typo fixed, pam_motd exists now, + correct Red Hat comment about config files (Bugs 554274, 554261, + 554182 - agmorgan) +* pam_limits: added '%' domain for maxlogins limiting, now '*' and @group + have the old meaning (every) and '%' the new one (all) + (Bug 533664 - baggins) +* pam_limits: put not so interesting log messages under debug arg + (Bug 533668 - baggins) +* pam_access: added the 'fieldsep=' argument (Bug 547051 - agmorgan), + made a PAM_RHOST of "" equivalent to NULL (Bug 547521 - agmorgan). +* pam_limits: keep well know behaviour of maxlogins default ('*') limit + (Bug 533664 - baggins) +* pam_unix: more from Nalin log password changes (Bug 517743 - agmorgan) +* pam_limits: make it use the priority value specified in config + (bug 530428 - baggins) +* pam_unix: removed broken code in password update code. Report from + Len Lattanzi (Bug 507379 - agmorgan) +* pam_mkhomedir: recurse directories. Patch from Nalin (Bug 476981 - + agmorgan) +* pam_limits can handle negative priority limits now (which can apply + to the superuser too) - based on patch from Nalin. Also cleanup the + error handling that was very sloppy before. Also, courtesy of Berend + De Schouwe get the math right on login counting (Bug 476990, 476987, + 493294 - agmorgan) +* documentation: random typo fixes from Nalin and more stuff from me + (Bug 476949, Tasks 43507, 17426 - agmorgan) +* A Tru64 fix (given other stuff has already resolved this, it + actually just a comment actually) from 'Eddie'. (Bug 418450 - + agmorgan) +* pam_handlers: BSD fix from Dag-Erling Smørgrav and Anton Berezin + (Bug 486063 - agmorgan) +* added the dynamic/* directory to the distribution. If you go in + there after building the rest of the tree, you'll make a pam.so + object that can be used by something like a java runtime with + dlopen. Its not very well tested - caveat emptor. (Bug 232194 - + agmorgan) +* somehow pam_unix has started forcing the user prompt to be "login: ". + This is entirely inapropriate as it overrides PAM_USER_PROMPT. (Bug + 486361 - agmorgan). +* added a static module helper library object includes a few changes + to examples/xsh.c for testing purposes (added a simple shell wrapper + for running xsh with the sandbox libraries), and also modified the + pam_rhosts_auth module to use this new library. (Bug 490938, 409852 + - agmorgan). +* pam_unix: fix 'likeauth' to kill off the memory leak once and for all. + (Bug 483959 - vorlon) +* pam_unix: restore handling of 'likeauth' argument to a known working + state; prettify AUTH_RETURN macro; remove redundant argv checks in + pam_sm_setcred() (Bugs 483959, 113596 - vorlon) +* pam_cracklib: another try at implementing similar() from Harald + Welte and Nalin (Bugs 436053, 476957 - agmorgan) +* pam_access: default access.conf file contained a type (console + instead of LOCAL) fix from Nalin (Bug 476934 - agmorgan) +* pam_unix: fixed bizarre memory leak pointed out by Fernando Trias + (Bug 483959 - agmorgan) +* misc string comparison length checking changes from Nalin. Modules + touched, pam_cracklib, pam_listfile, pam_unix, pam_wheel (Bug 476947 - + agmorgan) +* pam_userdb: require that all of typed password matches that in + database report and fix from Vladimir Pastukhov. (Bug 484252 - agmorgan) +* pam_malloc: revived malloc debugging code, now tied to + --enable-memory-debug and added strdup() support (Bug 485454 - agmorgan) +* pam_tally: Nalin's fix for lastlog corruption (Bug 476985 - agmorgan) +* pam_rhosts: Nalin adds support for '+hostname', and zdd fix + compilation warning. (Bug 476986 - agmorgan) +* pam_motd: Nalin fixed compiler warning. (Bug 476938 - agmorgan) +* pam_pwdb: Solar Designer pointed out that there was a problem with + the compatibility support for md5 password hashing. (Bug 460717, + 476961 - agmorgan) +* pam_issue: Nalin found segfaulting problems if the PAM_USER_PROMPT + is unset, found some similar problems with assumptions about + realloc. (Bug 476983 - agmorgan) +* pam_env: 'weichangyang of hotmail' pointed out a wild string with no + valid '\0' was leading to problems with sshd and suggested fix (Bug + 473034 - agmorgan) +* MANDIR cleanup. It defaults to /usr/share/man, but can be overridden + using the --enable-mandir ./configure option, similarly for DOCDIR + from Nalin (Bug 476940 - agmorgan) +* pam_filter cleanup (including moving the filter directory) Nalin + and Harald Welte (Bugs 436057, 476970 - agmorgan) +* db3 is now recognized as a libdb candidate (Bug 435764 - agmorgan) +* more changes (extracted from redhat version) courtesy of + Harald Welte (Bugs pam_limits=436061, pam_lastlog=436060, + pam_mkhomedir/pam_env=435991 - agmorgan) +* fix for legacy behavior of pam_setcred and pam_close_session in + the case that pam_authenticate and pam_open_session hadn't been + called - bug report from Seongwan Park. (Bug 468724 - agmorgan) +* some BSD updates and fixes from Mark Murray - including a slightly + more robust conversation function and some minimization of gcc + warnings. (Bugs 449203,463984 - agmorgan) +* verified that the setcred stack didn't suffer from the bug I was + nervous about, add a new module pam_debug to help me test this. + fixed a libpam/pam_dispatch.c instrumentation line that I tripped + over when testing. Also restructured pam_warn to help here (Bug + 424315 - agmorgan). +* pam_unix/support.c: sample use of reentrant NSS function. Not yet active, + because modules do not include _pam_aconf_h! (Bug 440107 - vorlon) +* doc/Makefile changes - use $(mandir) [courtesy Harald Welte] (Bug + 435760) and add some rules to make/delete the draft rfc I've been + working on (Task 17426 - agmorgan) +* pam_modules.sgml: sourceforge has changed its CVS viewing software + (Bug 460491 - agmorgan) +* pam_unix_passwd: got rid of an annoying warning (Bug 461089 - agmorgan) +* configure.in, _pam_aconf.h.in: set the stage for fully reentrant PAM + modules, with some infrastructure to detect getxxbyxx_r() functions + (Bug 440107 - vorlon) +* pam_unix: removed superfluous use of static variables in md5 and bigcrypt + routines, bringing us a step closer to thread-safeness. Eliminated + some variable indirection along the way. (Bug 440107 - vorlon) +* pam_tally: remove #include of stdlib.h, which isn't needed by anything + found in this module. Can be readded if we find a real need for it at + a later date. (Bug 436432 - vorlon) +* pam_tally: added an #include (was it really needed?) and made the + pam_tally app install (with more pretty printing and a corrected + Makefile dependency) motivated by a (red hat diff) courtesy of Harald + Welte (Bug 436432 - agmorgan) +* configure.in changes to help support non-Linux environments courtesy + of Scott T. Emery (Bug 422563 - agmorgan) +* made a pam_cracklib enhancement to interpret -ve limits in a + sensible fashion contributed by Werner Puschitz (Bug 413162 - + agmorgan) +* another fix for the latest number of rlimits available to pam_limits + (Bug 424060 - agmorgan) +* removed stale link from pam_pwdb documentation (Bug 433460 - agmorgan) +* pam_appl.sgml change - more discussion of choosing a service name + (Bug 417512 - agmorgan) +* more specific linking requirements for -lndbm for pam_userdb - from + David Lee (Bug 417339 - agmorgan) +* a large number of small changes to make AIX support better (Bug + 416229 - agmorgan) +* $(MAKE) instead of 'make' - from Scott T. Emery (Bug 422144 - + agmorgan) +* c++ header fixes for pam_misc.h and pam_client.h - from Alexandre + Sagala (Bug 420270 - agmorgan) +* pam_access fixes - looks out for trailing '.' - from Carlo Marcelo + Arenas Belon (Bug 419631 - agmorgan) +* don't zero out password strings during pam_unix's password changing + function (Bug 419803 - vorlon) +* propagate some definitions to the _pam_aconf.h file - from David Lee + (Bug 415419 - agmorgan) +* solaris GCC OS_CFLAGS change from David Lee (Bug 415412 - agmorgan) +* added a comment to this CHANGELOG to explain why most of the bugids + used below appear not to be known to sourceforge [try adding 100000 + to the bugid number.] (Bug 414943 - agmorgan) +* bumped version numbers and also added support for SONAME defines + that appear not to have survived the great autoconf experiment (Bug + 414669 - agmorgan). + +0.75: Sat Apr 7 23:10:50 PDT 2001 + + ** WARNING ** + +This release contains backwardly incompatible changes to +libpam. Prior versions were buggy - see bugfix for Bug 129775. + + ** WARNING ** + +* made 0.75 release (Bug 414665 - agmorgan) +* pam_pwdb has been removed from the suggested pam.conf template. I've + replaced it with pam_unix. (Bug 227565 - agmorgan) +* pam_limits - Richard M. Yumul reported that "<domain> -" didn't + work, first fix suggested by Werner Puschitz (Bug 404953 - agmorgan) +* Nicolay Pelov suggested a simple fix for freebsd support (Bug 407282 + - agmorgan) +* Michel D'HOOGE submitted documentation fixes (Bug 408961 - agmorgan) +* fix for module linking directions (Bug 133545 - agmorgan) +* fix for glibc-2.2.2 compilation of pam_issue (Bug 133542 - agmorgan) +* fix pam_userdb to make and link both .o files it needs - converse() + wasn't being linked! (Bug 132880 - agmorgan) +* added some sys-admin documentation for the pam_tally module (Bug + 126210 - agmorgan). +* added a link to module examples from the module writers doc (Bug + 131192 - agmorgan). +* fixed a small security hole (more of a user confusion issue) with + the unix and pwdb password helper binaries. The beef is described in + the bug report, but no uid change was possible so no-one should + think they need to issue a security bulletin over this one! (Bug + 112540 - agmorgan) +* pam_lastlog needs to be linked with -lutil, also removed ambiguity + from sysadmin guide regarding this module being a 'session' module + (Bug 131549 - agmorgan). +* pam_cracklib needs to be linked with -lcrypt (old password checking) + (Bug 131601 - agmorgan). +* fixes for static library builds and also the examples when linked + with the debugging build of the libraries. (Bug 131783 - agmorgan) +* fixed URL for original RFC to a cached kernel.org file. (Bug 131503 + - agmorgan) +* quoted the $CRACKLIB_DICTPATH test in configure.in (Bug 130130 - + agmorgan). +* improved handling of the setcred/close_session and update chauthtok + stack. *Warning* This is a backwardly incompatable change, but 'more + sane' than before. (Bug 129775 - agmorgan) +* bumped the version number, and added some code to assist in making + documentation releases (Bug 129644 - agmorgan). + +0.74: Sun Jan 21 22:36:08 PST 2001 + +* made 0.74 release (Bug 129642 - agmorgan) +* libpam - cleaned up a few non-static functions to be static and added + support for libpam to enforce things like pam_[gs]et_data() and + AUTHTOK rules for using the API. Also documented pam_[gs]et_item() + a little better including return codes (Bugs 129027, 128576 - + agmorgan). +* pam_access - fixed the non-default config file option (Bug 127561 - + agmorgan) +* pam.8 manual page clarified with respect to the default location for + finding modules, also added some text describing the [...] control + syntax. (Bug 127625 - agmorgan) +* md5.h ia64 fixes for pam_unix and pam_pwdb (Bug 127700 - agmorgan) +* removed requirement for c++ from the configure{.in,} files (Bug + 128298 - agmorgan) +* removed subdirectories from man page redirections (124396 - baggins) +* per David Lee, fixed non-POSIX shell command in modules/pam_filter/Makefile + (Bug 126440 - vorlon) +* modify format of pam_unix log messages to include service name + (Bug 126423 - vorlon) +* prevent pam_unix from logging unknown usernames (Bug 126431 - vorlon) +* changed format of pam_unix 'authentication failure' log messages to make + them clearer and more consistent (Bug 126036 - vorlon) +* improved portability of pam_unix by eliminating Linux-specific utmp + defines in PAM_getlogin() (Bug 125704 - vorlon) +* removed static variables from pam_tally (Bug 117434 - agmorgan) +* added copyright message to pam_access module from original logdaemon + sources (Bug 125022 - agmorgan) +* configure.in - removed the GCC -Wtraditional flag (Bug 124923 - agmorgan) +* pam_mail - use PAM_PATH_MAILDIR as the location of mail spool + (Bug 124397 - baggins) +* _pam_aconf.h.in, configure.in - added PAM_PATH_MAILDIR set via + --with-mailspool=dir option (default is _PAM_MAILDIR if defined + in paths.h otherwise /var/spool/mail (Bug 124397 - baggins) +* removed unnecessary CVS Log tags from all over the source + (Bug 124391 - baggins) +* pam_tally - check for PAM_TTY if PAM_RHOST is not set when writing + to faillog (Bug 124394 - baggins) +* use O_NOFOLLOW if available when opening debug log (Bug 124385 - baggins) +* pam_cracklib - removed comments about pam_unix not working with + pam_cracklib, added information about use_authtok parameter + (Bug 124388 - baggins) +* pam_userdb - fixed wrong definition of struct pam_module (was pam_wheel) + (Bug 124386 - baggins) +* fixed example/Makefile include path (Bug 124187, 127563(?) - agmorgan) +* pam_userdb compiles on RH5x. Also removed circular dependency on + configure.in. Also bumped revision number to 0.74. (Bug 124136 - + agmorgan) + +0.73: Sat Dec 2 00:04:04 PST 2000 + +* updated documentaion revisions and added 'make release' support + to the top level Makefile (Bug 124132 - agmorgan). +* documented Qmail support in pam_mail (Bug 109219 - baggins) +* add change_uid option to pam_limits, and set real uid only if + this option is present (Bug 124062 - baggins) +* pam_limits - set real uid to the user for who we set limits. + (Bug 123972 - baggins) +* removed static variables from pam_limits (thread safe now). (Bug + 117450 - agmorgan). +* removed static variable from pam_wheel (module should be thread safe + now). (Bug 112906 - agmorgan) +* added support for '/' symbols in pam_time and pam_group config files + (support for modern terminal devices). Fixed infinite loop problem + with '\\[^\n]' in these files. (Bug 116076 - agmorgan) +* avoid potential SIGPIPE when writing to helper binaries with (Bug + 123399 - agmorgan) +* replaced bogus logic in the pam_cracklib module for determining if + the replacement is too similar to the old password (Bug 115055 - + agmorgan) +* added accessconf=<filename> feature to pam_access - request from + Aldrin Martoq and Meelis Roos (Bugs 111927,117240 - agmorgan) +* fix for pam_limit module not dealing with all limits Adam J. Richter + (Bug 119554 - agmorgan) +* comment fix describing fail_delay callback in _pam_types.h (Bug + 112646 - agmorgan) +* "likeauth" fix for pam_unix and pam_pwdb which (Bug 113596 - agmorgan) +* fix for pam_unix (support.c) to avoid segfault with NULL password + (Bug 113238 - vorlon) +* fix to pam_unix_passwd: try repeatedly to get a lock on the password + file, instead of failing immediately (Bug 108845 - fix vorlon) +* fix to pam_shells: logged information was not formatted correctly + (extra comma) (Bug 111491 - fix vorlon) +* fix for C++ application support (Bug 111645 - fix agmorgan) +* fix for typo in pam_client.h (Bug 111648 - fix agmorgan) +* removal of -lpam from pam_mkhomedir Makefile (Bug 116380 - fix agmorgan) +* autoconf support [Task ID 15788, Bug ID 108297 - agmorgan with help!] + - bugfix for libpamc.h include file [Bug ID 117476 - agmorgan] + - bugfix for pam_filter.h inclusion [Bug ID 117474 - agmorgan] + +0.72: Mon Dec 13 22:41:11 PST 1999 + +* patches from Debian (Ben Collins): pam_ftp supports event driven + conversations now; pwdb_chkpwd cleanup; pam_warn static compile fix; + user_db compiler warnings removed; debian defs file; pam_mail can + now be used as a session module +* ndbm compilation option for user_db module (fix explained by Richard Khoo) +* pam_cracklib bug fix +* packaging fixes & build from scratch stuff (Konst Bulatnikov & Frodo + Looijaard) +* -ldl appended to the libpam.so compilation make rule. (Charles Seeger) +* Red Hat security patch for pam_pwdb forwarded by Debian! (Ben + Collins. Fix provided by Andrey as it caught the problem earlier in the + code.) +* heuristic to prevent leaking filedescriptors to an agent. [This needs + to be better supported perhaps by an additional libpamc API function?] +* pam_userdb segfault fix from (Ben Collins) +* PAM draft spec extras added at request of 'sen_ml' + +0.71: Sun Nov 7 20:21:19 PST 1999 + +* added -lc to linker pass for pam_nologin module (glibc is weird). +* various header changes to lower the number of warnings on glibc + systems (Dan Yefimov) +* merged a bunch of Debian fixes/patches/documentation (Ben Collins) + things touched: libpam (minor); doc/modules/pam_unix.sgml; pam_env + (plus docs); pam_mkhomedir (new module for new home directories on + the fly...); pam_motd (new module); pam_limits (adjust to match + docs); pam_issue (new module + doc) [Some of these were also + submitted by Thorsten Kukuk] +* small hack to lower the number of warnings that pam_client.h was + generating. +* debian and SuSE apparently can use the pam_ftp module, so + removed the obsolete comment about this from the docs. (Thorsten + Kukuk) + +0.70: Fri Oct 8 22:05:30 PDT 1999 + +* bug fix for parsing of value=action tokens in libpam/pam_misc.c was + segfaulting (Jan Rekorajski and independently Matthew Melvin) +* numerous fixes from Thorsten Kukuk (icluding much needed fixes for + bitrot in modules and some documentation) that got included in SuSE 6.2. +* reentrancy issues in pam_unix and pam_cracklib resolved (Jan Rekorajski) +* added hosts_equiv_rootok module option to pam_rhosts module (Tim Berger) +* added comment about 'expose_account' module argument to admin and + module writers' docs (request from Michael K Johnson). +* myriad of bug fixes for libpamc - library now built by default and + works with the biomouse fingerprint scanner agent/module + (distributed separately). + +0.69: Sun Aug 1 20:25:37 PDT 1999 + +* c++ header #ifdef'ing for pam_appl.h (Tuomo Pyhala) +* added pam_userdb module (Cristian Gafton) +* minor documentation changes +* added in revised pam_client library (libpamc). Not installed by + default yet, since the example agent/module combo is not very secure. +* glibc fixes (Thorsten Kukuk, Adam J. Richter) + +0.68: Sun Jul 4 23:04:13 PDT 1999 + +* completely new pam_unix module from Jan Rekorajski and Stephen Langasek +* Jan Rekorajski pam_mail - support for Maildir format mailboxes +* Jan Rekorajski pam_cracklib - support for old password comparison +* Jan Rekorajski bug fix for pam_pwdb setcred reusing auth retval +* Andrey's pam_tally patch (lstat -> fstat) +* Robert Milkowski's additional pam_tally patches to **change format of + /var/log/faillog** to one from shadow-utils, add new option "per_user" + for pam_tally module, failure time logging, support for fail_line + field, and support for fail_locktime field with new option + no_lock_time. +* pam_tally: clean up the tally application too. +* Marcin Korzonek added process priority settings to pam_limits (bonus + points for adding to documentation!) +* Andrey's pam_pwdb patch (cleanup + md5 endian fubar fix) +* more binary prompt preparations (make misc conv more compatible with spec) +* modified callback hook for fail delay to be more useful with event + driven applications (changed function prototype - suspect no one + will notice). Documented this in app developer guide. +* documentation for pam_access from Tim Berger +* syntax fixes for the documentation - a long time since I've built it :*( + added some more names to the CREDITS file. + +0.67: Sat Jun 19 14:01:24 PDT 1999 + +* [dropped libpam_client - libpamc will be in the next release and + conforms to the developing spec in doc/specs/draft-morgan-pam.raw. + Sorry if you are keeping a PAM tree in CVS. CVS is a pain for + directories, but this directory was actually not referenced by + anything so the disruption should be light.] +* updates to pam_tally from Tim +* multiple updates from Stephen Langasek to pam_unix +* pam_filter had some trouble compiling (bug report from Sridhar) +* pam_wheel now attempts to identify the wheel group for the local + system instead of blindly assuming it is gid=0. In the case that + there is no "wheel" group, we default to assuming gid=0 is what was + meant - former behavior. (courtesy of Sridhar) +* NIS+ changes to pam_unix module from Dmitry O Panov +* hopefully, a fix for redefinition of LOG_AUTHPRIV (bug report Luke + Kenneth Casson Leighton) +* fix for minor typo in pam_wheel documentation (Jacek Kopecky) +* slightly more explanation of the [x=y] pam.conf syntax in the sys + admin guide. + +0.66: Mon Dec 28 20:22:23 PST 1998 <morgan@linux.kernel.org> + +* Started using cvs to keep track of changes to Linux-PAM. This will + likely break some of the automated building stuff (RPMs etc..). +* security bug fix to pam_unix and pam_tally from Andrey. +* modules make file is now more automatic. It should be possible to + unpack an external module in the modules directory and have it automatically + added to the build process. Also added a modules/download-all script + that will make such downloading easier. I'm happy to receive patches to + this file, informing the distribution of places from which to enrich itself. +* removed pam_system_log stuff. Thought about it long and hard: a + bad idea. If libc cannot guarantee a thread safe syslog, it needs + to be fixed and compatibility with other PAM libraries was + unnecessarily strained. +* SAG documentation changes: Seth Chaiklin +* rhosts: problems with NIS lookup failures with the root-uid check. + As a work-around, I've partially eliminated the need for the lookup + by supplying two new arguments: no_uid_check, superuser=<username>. + As a general rule this is more pluggable, since this module might be + used as an authentication scheme for a network service that does not + need root privilege... +* authenticate retval -> setcred for pam_pwdb (likeauth arg). +* pam_pwdb event driven support +* non openlog pam_listfile logging +* BUGFIX: close filedescriptor in pam_group and pam_time (Emmanuel Galanos) +* Chris Adams' mailhash change for pam_mail module +* fixed malloc failure check in pam_handlers.c (follow up to comment + by Brad M. Garcia). +* update to _pam_compat.h (Brad M. Garcia) +* support static modules in libpam again (Brad M. Garcia) +* libpam/pam_misc.c for egcs to grok the code (Brad M. Garcia) +* added a solaris-2.5.1 defs file (revived by Derrick J Brashear) +* pam_listfile logs failed attempts +* added a comment (Michael K Johnson pointed it out) about sgml2latex + having a new syntax. I'll make it the change real when I upgrade... +* a little more text to the RFC, spelling fix from William J Buffam. +* minor changes to pam_securetty to accommodate event driven support. + +0.65: Sun Apr 5 22:29:09 PDT 1998 <morgan@linux.kernel.org> + +* added event driven programming extensions to libpam + - added PAM_INCOMPLETE handling to libpam/pam_dispatch.c + - added PAM_CONV_AGAIN which is a new conversation response that + should be mapped to PAM_INCOMPLETE by the module. + - ensured that the pam_get_user() function can resume + - changes to pam_strerror to accommodate above return codes + - clean up _pam_former_state at pam_end() + - ensured that former state is correctly initialized + - added resumption tests to pam_authenticate(), pam_chauthtok() + - added PAM_FAIL_DELAY item for pausing on failure + +* improved _pam_macros.h so that macros can be used as single commands + (Andrey) + +* reimplemented logging to avoid bad interactions with libc. Added + new functions, pam_[,v]system_log() to libpam's API. A programmer + can check for this function's availablility by checking if + HAVE_PAM_SYSTEM_LOG is #defined. + +* removed the reduce conflict from pam_conv1 creation -- I can sleep + again now. :^] + +* made building of static and dynamic libpam separate. This is + towards making it possible to build both under Solaris (for Derrick) + +* made USE_CRACKLIB a condition in unix module (Luke Kenneth Casson Leighton) + +* automated (quiet) config installation (Andrey) + +0.64: Thu Feb 19 23:30:24 PST 1998 Andrew Morgan <morgan@linux.kernel.org> + +* miscellaneous patches for building under Solaris (Derrick J Brashear) + +* removed STATIC support from a number of module Makefiles. Notably, + these modules are those that use libpwdb and caused difficulties + satisfying the build process. (Please submit patches to fix this...;) + +* reomved the union for binary packet conversations from + (_pam_types.h). This is now completely implemented in libpam_client. + +* Andrey's patch for working environment variable handling in + sh_secret module. + +* made the libpam_misc conversation function a bit more flexible with + respect to binary conversations. + +* added top level define (DEBUG_REL) for compiling in the form of + a debugging release. I use this on a Red Hat 4.2 system with little + chance of crashing the system as a whole. (Andrey has another + implementation of this -- with a spec file to match..) + +0.63: Wed Jan 28 22:55:30 PST 1998 Andrew Morgan <morgan@linux.kernel.org> + +* added libpam_client "convention" library. This makes explicit the + use of PAM_BINARY_PROMPT. It is a first cut, so don't take it too + seriously yet. Comments/suggestions for improvements are very + welcome. Note, this library does not compile by default. It will + be enabled when it is judged stable. The library comes with two + module/agent pairs and can be used with ssh using a patch available + from my pre-release directory [where you got this file.] + +* backward compatibility patch for libpam/pam_handlers.c (PAM_IGNORE + was working with neither "requistie" nor "required") and a DEBUG'ing + compile time bug with pam_dispatch.c (Savochkin Andrey Vladimirovich) + +* minor Makefile change from (Savochkin Andrey Vladimirovich) + +* added pam_afsauth, pam_afspass, pam_restrict, and pam_syslog hooks + (Derrick J Brashear) + +* pam_access use of uname(2) problematic (security problem + highlighted by Olaf Kirch). + +* pam_listfile went a bit crazy reading group membersips (problem + highlighted by Olaf Kirch and patched independently by Cristian + Gafton and Savochkin Andrey Vladimirovich) + +* compatibility hooks for solaris and hpux (Derrick J Brashear) + +* 64 bit Linux/alpha bug fixed in pam_rhosts (Andrew D. Isaacson) + +0.62: Wed Jan 14 14:10:55 PST 1998 Andrew Morgan <morgan@linux.kernel.org> + +* Derrick J Brashear's patches: adds the HP stuff missed in the first + patch; adds SunOS support; adds support for the Solaris native ld + instead of requiring gnu ld. + +* last line of .rhosts file need not contain a newline. (Bug reported by + Thompson Freeman.) + +0.61: Thu Jan 8 22:57:44 PST 1998 Andrew Morgan <morgan@linux.kernel.org> + +* complete rewrite of the "control flag" logic. Formerly, we were + limited to four flags: requisite, required, sufficient, optional. + We can now use these keywords _and_ a great deal more besides. + The extra logic was inspired by Vipin Samar, a preliminary patch was + written by Andy Berkheimer, but I "had some ideas of my own" and + that's what I've actually included. The basic idea is to allow the + admin to custom build a control flag with a series of token=value + pairs inside square brackets. Eg., '[default=die success=ok]' which + is pretty close to a synonym for 'requisite'. I'll try to document it + better in the sys-admin guide but I'm pretty sure it is a change for + the better.... If what is in the sys-admin guide is not good enough + for you, just take a look at the source for libpam ;^) + +0.59: Thu Jan 8 22:27:22 PST 1998 Andrew Morgan <morgan@linux.kernel.org> + +* better handling of empty lines in .rhosts file. (Formerly, we asked + the nameserver about them!) Fix from Hugh Daschbach. + +* _broke_some_binary_compatibility_ with previous versions to become + compliant with X/Open's XSSO spec. Specifically, this has been + by changing the prototype for pam_strerror(). + +* altered the convention for the conversation mechanism to agree + with that of Sun. (number of responses 'now=' number of messages + with help from Cristian for finding a bug.. Cristian also found a + nasty speradic segfault bug -- Thanks!) + +* added NIS+ support to pam_unix_* + +* fixed a "regular file checking" problem with the ~/.rhosts sanity + check. Added "privategroup" option to permit group write permission + on the ~/.rhosts file in the case that the group owner has the same + name as the authenticating user. :*) "promiscuous" and "suppress" + were not usable! + +* added glibc compatibility to pam_rhosts_auth (protected __USE_MISC + with #ifndef since my libc already defines it!). + +* Security fix from Savochkin Andrey Vladimirovich with suggested + modification from Olaf Seibert. + +* preC contains mostly code clean-ups and a number of changes to + _pam_macros. + +0.58: whenever + +* pam_getenvlist() has a more robust definition (XSSO) than was previously + thought. It would seem that we no longer need pam_misc_copy_env() + which was there to provide the robustness that pam_getenvlist() + lacked before... + + Accordingly, I have REMOVED the prototype from libpam_misc. (The + function, however, will remain in the library as a wrapper for + legacy apps, but will likely be removed from libpam_misc-1.0.) PLEASE + FIX YOUR APPS *BEFORE* WE GET THERE! + +* Alexy Nogin reported garbage output from pam_env in the case of + a non-existent environment variable. + +* 'fixed' pwdb compilation for pam_wheel. Not very cleanly + done.. Mmmm. Should really clean up the entire source tree... + +* added prototypes for mapping functions + + <**WARNING**> + + various constants have had there names changed. Numerical values have + been retained but be aware some source old modules/applications will + need to be fixed before recompilation. + + </**WARNING**> + +* appended documentation to README for pam_rhosts module (Nicolai + Langfeldt). + +* verified X/Open compatibility of header files - note, where we differ + it is at the level of compilation warnings and the use of 'const char *' + instead of 'char *'. Previously, Sun(X/open) have revised their spec + to be more 'const'-ervative in the light of comments from Linux-PAM + development. + +* Ooops! PAM_AUTHTOKEN_REQD should have been PAM_NEW_AUTHTOK_REQD. + + changed: pam_pwdb(pam_unix_acct) (also bug fix for + _shadow_acct_mgmt_exp() return value), pam_stress, + libpam/pam_dispatch, blank, xsh. + +* New: PAM_AUTHTOK_EXPIRED - password has expired. + +* Ooops! PAM_CRED_ESTABLISH (etc.) should have been PAM_ESTABLISH_CRED + etc... (changed - this may break some people's modules - PLEASE TAKE + NOTE!) + changed: pam_group, pam_mail, blank, xsh; module and appl + docs, pam_setcred manual page. + +* renamed internal _pam_handle structure to be pam_handle as per XSSO. + +* added PAM_RADIO_TYPE (for multiple choice input method). Also + added PAM_BINARY_{MSG,PROMPT} (for interaction out of sight of user + - this could be used for RSA type authentication but is currently + just there for experimental purposes). The _BINARY_ types are now + usable with hooks in the libpam_misc conversation function. Still + have to add PAM_RADIO_TYPE. + +* added pam_access module (Alexei Nogin) + +* added documentation for pam_lastlog. Also modified the module to + not (by default) print "welcome to your new account" when it cannot + find a utmp entry for the user (you can turn this on with the + "never" argument). + +* small correction to the pam_fail_delay manual page. Either the appl or + the modules header file will prototype this function. + +* added "bigcrypt" (DEC's C2) algorithm(0) to pam_pwdb. (Andy Phillips) + +* *BSD tweaking for various #include's etc. (pam_lastlog, pam_rhosts, + pam_wheel, libpam/pam_handlers). (Michael Smith) + +* added configuration directory $SCONFIGED for module specific + configuration files. + +* added two new "linked" man pages (pam.conf(8) and pam.d(8)) + +* included a reasonable default for /etc/pam.conf (which can be + translated to /etc/pam.d/* files with the pam_conv1 binary) + +* fixed the names of the new configuration files in + conf/pam_conv1/pam_conv.y + +* fixed make check. + +* pam_lastlog fixed to handle UID in virgin part of /var/log/lastlog + (bug report from Ronald Wahl). + +* grammar fix in pam_cracklib + +* segfault avoided in pam_pwdb (getting user). Updating of passwords + that are directed to a "new" database are more robust now (bug noted + by Michael K. Johnson). Added "unix" module argument for migrating + passwords from another database to /etc/passwd. (documentation + updated). Removed "bad username []" warning for empty passwords - + on again if you supply the 'debug' module argument. + +* ctrl-D respected in conversation function (libpam_misc) + +* Removed -DPAM_FAIL_DELAY_ON from top-level Makefile. Nothing in + the distribution uses it. I guess this change happened a while + back, basically I'm trying to make the module parts of the + distribution "source compatible" with the RFC definition of PAM. + This implementation of PAM is a superset of that definition. I have + added the following symbols to the Linux-PAM header files: + + PAM_DATA_SILENT (see _pam_types.h) + HAVE_PAM_FAIL_DELAY (see _pam_types.h) + PAM_DATA_REPLACE (see _pam_modules.h) + + Any module (or application) that wants to utilize these features, + should check (#ifdef) for these tokens before using the associated + functionality. (Credit to Michael K. Johnson for pointing out my + earlier omission: not documenting this change :*) + +* first stab at making modules more independent of full library + source. Modules converted: + pam_deny + pam_permit + pam_lastlog + pam_pwdb + +* pam_env.c: #include <errno.h> added to ease GNU libc use. (Michael + K. Johnson) + +* pam_unix_passwd fixes to shadow aging code (Eliot Frank) + +* added README for pam_tally + +0.57: Fri Apr 4 23:00:45 PST 1997 Andrew Morgan <morgan@parc.power.net> + +* added "nodelay" argument to pam_pwdb. This can be used to turn off + the call to pam_fail_delay that takes effect when the user fails to + authenticate themself. + +* added "suppress" argument to pam_rhosts_auth module. This will stop + printing the "rlogin failure message" when the user does not have a + .rhosts file. + +* Extra fixes for FAKEROOT in Makefiles (Savochkin Andrey + Vladimirovich) + +* pam_tally added to tree courtesy of Tim Baverstock + +* pam_rhosts_auth was failing to read NFS mounted .rhosts + files. (Fixed by Peter Allgeyer). Refixed and further enhanced + (netgroups) by Nicolai Langfeldt. [Credit also to G.Wilford for some + changes that were not actually included..] + +* optional (#ifdef PAM_READ_BOTH_CONFS) support for parsing of pam.d/ + AND pam.conf files (Elliot Lee). + +* Added (and signed) Cristian's PGP key. (I've never met him, but I am + convinced the key belongs to the guy that is making the PAM rpms and + also producing libpwdb. Please note, I will not be signing anyone + else's key without a personal introduction..) + +* fixed erroneous syslog warning in pam_listfile (Savochkin Andrey + Vladimirovich, whole file reformatted by Cristian) + +* modified pam_securetty to return PAM_IGNORE in the case that the user's + name is not known to the system (was previously, PAM_USER_UNKNOWN). The + Rationale is that pam_securetty's sole purpose is to prevent superuser + login anywhere other than at the console. It is not its concern that the + user is unknown - only that they are _not_ root. Returning + PAM_IGNORE, however, insures that the pam_securetty can never be used to + "authenticate" a non-existent user. (Cristian Gafton with bug report from + Roger Hu) + +* Modified pam_nologin to display the no-login message when the user + is not known. The return value in this case is still PAM_USER_UNKNOWN. + (Bug report from Cristian Gafton) + +* Added NEED_LCKPWD for pam_unix/ This is used to define the locking + functions and should only be turned on if you don't have them in + your libc. + +* tidied up pam_lastlog and pam_pwdb: removed function that was never used. + +* Note for package maintainers: I have added $(FAKEROOT) to the list of + environment variables. This should help greatly when you build PAM + in a subdirectory. I've gone through the tree and tried to make + everything compatible with it. + +* added pam_env (courtesy of Dave Kinchlea) + +* removed pam_passwd+ from the tree. It has not been maintained in a + long time and running a shell script was basically insecure. I've + indicated where you can pick up the source if you want it. + +* #define HAVE_PAM_FAIL_DELAY . Applications can conditionally compile + with this if they want to see if the facility is available. It is + now always available. (corresponding compilation cleanups..) + +* _pam_sanitize() added to pam_misc. It purges the PAM_AUTHTOK and + PAM_OLDAUTHTOK items. (calls replaced in pam_auth and pam_password) + +* pam_rhosts now knows about the '+' entry. Since I think this is a + dangerous thing, I have required that the sysadmin supply the + "promiscuous" flag for it in the corresponding configuration file + before it will work. + +* FULL_LINUX_PAM_SOURCE_TREE exported from the top level make file. + If you want to build a module, you can test for this to determine if + it should take its directions from above or supply default locations + for installation. Etc. + +0.56: Sat Feb 15 12:21:01 PST 1997 <morgan@parc.power.net> + +* pam_handlers.c can now interpret the pam.d/ service config tree: + - if /etc/pam.d/ exists /etc/pam.conf is IGNORED + (otherwise /etc/pam.conf is treated as before) + - given /etc/pam.d/ + . config files are named (in lower case) by service-name + . config files have same syntax as /etc/pam.conf except + that the "service-name" field is not present. (there + are thus three manditory fields (and arguments are + optional): + + module-type control-flag module-path optional-args... + + ) + +* included conf/pam_conv1 for converting pam.conf to a pam.d/ version + 1.0 directory tree. This program reads a pam.conf file on the + standard input stream and creates ./pam.d/ (in the local directory) + and fills it with ./pam.d/"service-name" files. + + *> Note: It will fail if ./pam.d/ already exists. + + PLEASE REPORT ANY BUGS WITH THIS CONVERSION PROGRAM... It currently + cannot retain comments from the old conf file, so take care to do this + by hand. Also, please email me with the fix that makes the + shift/reduce conflict go away... + +* Added default module path to libpam for modules (see pam_handlers.c) + it makes use of Makfile defined symbol: DEFAULT_MODULE_PATH which is + inhereted from the defs/* variable $(SECUREDIR). Removed module + paths from the sample pam.conf file as they are no longer needed. + +* pam_pwdb can now verify read protected passwords when it is not run + by root. This is via a helper binary that is setuid root. + +* pam_permit now prompts for a username if it is not already determined + +* pam_rhosts now honors "debug" and no longer hardwire's "root" as the + superuser's name. + +* pam_securetty now honors the "debug" flag + +* trouble parsing extra spaces fixed in pam_time and pam_group + +* added Michael K. Johnson's PGP key to the pgp.keys.asc list + +* pam_end->env not being free()'d: fixed + +* manuals relocated to section 3 + +* fixed bug in pam_mail.c, and enhanced to recognize '~' as a prefix + to indicate the $HOME of the user (courtesy David + Kinchlea). *Changed* from a "session" module to an "auth" + module. It cannot be used to authenticate a user, but it can be used + in setting credentials. + +* fixed a stupid bug in pam_warn.. Only PAM_SERVICE was being read :*( + +* pam_radius rewritten to exclusively make use of libpwdb. (minor fix + to Makefile for cleaning up - AGM) + +* pam_limits extended to limit the total number of logins on a system + at any given time. + +* libpam and libpam_misc use $(MAJOR_REL) and $(MINOR_REL) to set their + version numbers [defined in top level makefile] + +* bugfix in sed command in defs/redhat.defs (AGM's fault) + +* The following was related to a possibility of buffer overruns in + the syslogging code: removed fixed length array from syslogging + function in the following modules [capitalized the log identifier + so the sysadmin can "know" these are fixed on the local system], + + pam_ftp, pam_stress, pam_rootok, pam_securetty, + pam_listfile, pam_shells, pam_warn, pam_lastlog + and + pam_unix_passwd (where it was definitely _not_ exploitable) + +0.55: Sat Jan 4 14:43:02 PST 1997, Andrew Morgan <morgan@parc.power.net> + +* added "requisite" control_flag to /etc/pam.conf syntax. [See + Sys. Admin. Guide for explanation] changes to pam_handlers.c + +* completely new handling of garbled pam.conf lines. The modus + operandi now is to assume that any errors in the line are minor. + Errors of this sort should *most definitely* lead to the module + failing, however, just ignoring the line (as was the case + previously) can lead to gaping security holes(! Not foreseen by the + RFC). The "motivation" for the RFC's comments about ignoring garbled + lines is present in spirit in the new code: basically a garbled line + is treated like an instance of the pam_deny.so module. + changes to pam_handlers.c and pam_dispatch.c . + +* patched libpam, to (a) call _pam_init_handlers from pam_start() and + (b) to log a text error if there are no modules defined for a given + service when a call to a module is requested. [pam_start() and + pam_dispatch() were changed]. + +* patched pam_securetty to deal with "/dev/" prefix on PAM_TTY item. + +* reorganized the modules/Makefile to include *ALL* modules. It is now + the responsibility of the modules themselves to test whether they can + be compiled locally or not. + +* modified pam_group to add to the getgroups() list rather than overwrite + it. [In the case of "HAVE_LIBPWDB" we use the pwdb_..() calls to + translate the group names.]. Module now pays attention to + PAM_CRED_.. flag(!) + +* identified and removed bugs in field reading code of pam_time and + (thus) pam_group. + +* Cristian's patches to pam_listfile module, corresponding change to + documentation. + +* I've discovered &ero; for sgml! + Added pam_time documentation to the admin guide. + +* added manual pages: pam.8, pam_start.2(=pam_end.2), + pam_authenticate.2, pam_setcred.2, pam_strerror.2, + pam_open_session.2(=pam_close_session.2) and pam_chauthtok.2 . + +* added new modules: + + - pam_mail (tells the user if they have any new mail + and sets their MAIL env variable) + - pam_lastlog (reports on the last time this user called + this module) + +* new module hooks provided. + +* added a timeout feature to the conversation function in + libpam_misc. Documented it in the application developers' guide. + +* fixed bug in pam_misc_paste_env() function.. + +* slight modifications to wheel and rhosts writeup. + +* more security issues added to module and application guides. + +-- +Things present but not mentioned in previous release (sorry) + +* pam_pwdb module now resets the "last_change" entry before updating a + password. +-- + +Sat Nov 30 19:30:20 PST 1996, Andrew Morgan <morgan@parc.power.net> + +* added environment handling to libpam. involved change to _pam_types.h + also added supplementary functions to libpam_misc + +* added pam_radius - Cristian + +* slight speed up for pam_rhosts + +* significantly enhanced sys-admin documentation (8 p -> 41 p in + PostScript). Added to other documentation too. Mostly the changes + in the other docs concern the new PAM-environment support, there is + also some coverage of libpam_misc in the App. Developers' guide. + +* Cristian's patches to pam_limits and pam_pwdb. Fixing bugs. (MORE added) + +* adopted Cristian's _pam_macros.h file to help with common macros and + debugging stuff, gone through tree tidying up debugging lines to use + this [not complete]. + + - for consistency replaced DROP() with _pam_drop() + +* commented memory debugging in top level makefile + +* added the following modules + + - pam_warn log information to syslog(3) about service application + - pam_ftp if user is 'ftp' then set PAM_RUSER/PAM_RHOST with password + (comment about nologin added to last release's notes) + +* modified the pam_listfile module. It now declares a meaningful static + structure name. + +Sun Nov 10 13:26:39 PST 1996, Andrew Morgan <morgan@parc.power.net> + + **PLEASE *RE*AMEND YOUR PERSONAL LINKS** + + -------> http://parc.power.net/morgan/Linux-PAM/index.html <------- + + **PLEASE *RE*AMEND YOUR PERSONAL LINKS** + +A brief summary of what has changed: + +* many modules have been modified to accomodate fixing the pam_get_user() + change. Please take note if you have a module in this distribution. + +* pam_unix is now the pam_unix that Red Hat has been using and which + should be fairly well debugged. + + - I've added some #ifdef's to make it compile for me, and also + updated it with respect to the libpam-0.53, so have a look at the + .../modules/pam_unix/Makefile to enable cracklib and shadow features + + ** BECAUSE OF THIS, I cannot guarantee this code works as it ** + ** did for Red Hat. Please test and report any problems. ** + +* the pam_unix of .52 (renamed to pam_pwdb) has been enhanced and made + more flexible with by implementing it with respect to the new + "Password Database Library" see + + http://parc.power.net/morgan/libpwdb/index.html + + modules included in this release that require this library to + function are the following: + + - pam_pwdb (ne pam_unix-0.52 + some enhancements) + - pam_wheel + - pam_limits + - pam_nologin + +* Added some optional code for memory debugging. In order to support + this you have to enable MEMORY_DEBUG in the top level makefile and + also #define MEMORY_DEBUG in your applications when they are compiled. + The extra code resides in libpam (compiled if MEMORY_DEBUG is defined) + and the macros for malloc etc. are to be found at the end of + _pam_types.h + +* used above code to locate two memory leaks in pam_unix module and two + in libpam (pam_handlers.h) + +* pam_get_user() now sets the PAM_USER item. After reading the Sun + manual page again, it was clear that it should do this. Various + modules have been assuming this and now I have modified most of them + to account for this change. Additionally, pam_get_user() is now + located in the module include file; modules are supposed to be the + ones that use it(!) [Note, this is explicitly contrary to the Sun + manual page, but in the spirit of the Linux distribution to date.] + +* replaced -D"LINUX" with -D"LINUX_PAM" as this is more explicit and less + likely to be confused with -D"linux". + Also, modified the libpam #include files to behave more like the Sun + ones #ifndef LINUX_PAM. + +* removed <bf/ .. / from documentation titles. This was not giving + politically correct html.. + +----- My vvvvvvvvvvvvvvvvvvv was a long time ago ;*] ----- + +Wed Sep 4 23:57:19 PDT 1996 (Andrew Morgan <morgan@physics.ucla.edu> + +0. Before I begin, Linux-PAM has a new primary distribution site (kindly +donated by Power Net Inc., Los Angeles) + + **PLEASE AMMEND YOUR PERSONAL LINKS** + + -------> http://www.power.net/morgan/Linux-PAM <------- + + **PLEASE AMMEND YOUR PERSONAL LINKS** + +1. I'm hoping to make the next release a bug-fix release... So please find + all the bugs(! ;^) + +2. here are the changes for .52: + +* minor changes to module documentation [Incidently, it is now + available on-line from the WWW page above]. More changes to follow in + the next two releases. PLEASE EMAIL me or the list if there is + anything that isn't clear! + +* completely changed the unix module. Now a single module for all four + management groups (this meant that I could define all functions as + static that were not part of the pam_sm_... scheme. AGM) + + - Shadow support added +PASSWD - Elliot's account management included, and enhanced by Cristian Gafton. + - MD5 password support added by Cristian Gafton. + - maxtries for authentication now enforced. + - Password changing function in pam_unix now works! + Although obviously, I'm not going to *guarantee* it ;^) . + - stole Marek's locking code from the Red Hat unix module. + [ If you like you can #ifdef it in or out ... ] + + You can configure the module more from its Makefile in + 0.52/modules/pam_unix/ + + If you are nervous that it will destroy your /etc/passwd or shadow + files then EDIT the 0.52/modules/pam_unix/pam_unix_pass.-c file. + Here is the warning comment from this file... + +-------------8<----------------- +/* <WARNING> + * + * Uncomment the following #define if you are paranoid, and do not + * want to risk losing your /etc/passwd or shadow files. + * It works for me (AGM) but there are no guarantees. + * + * </WARNING> + */ +/* #define TMP__FILE */ +------------->8----------------- + + *** If anyone has any trouble, please *say*. Your problem will be + fixed in the next release. Also please feel free to scour the + code for race conditions etc... + +[* The above change requires that you purge your /usr/lib/security + directory of the old pam_unix_XXX.so modules: they will NOT be deleted + with a 'make remove'.] + +* the prototype for the cleanup function supplied to pam_set_data used + to return "int". According to Sun it should be "void". CHANGED. + +* added some definitions for the 'error_status' mask values that are + passed to the cleanup function associated with each + module-data-item. These numbers were needed to keep up with changing + a data item (see for example the code in pam_unix/support.-c that + manages the maximum number of retries so far). Will see what Sun says + (current indications are positive); this may be undone before 1.0 is + released. Here are the definitions (from pam_modules.h). + +#define PAM_DATA_SILENT 0x40000000 /* used to suppress messages... */ +#define PAM_DATA_REPLACE 0x20000000 /* used when replacing a data item */ + +* Changed the .../conf/pam.conf file. It now points to the new + pam_unix module for 'su' and 'passwd' [can get these as SimpleApps -- + I use them for testing. A more extensive selection of applications is + available from Red Hat...] + +* corrected a bug in pam_dispatch. Basically, the problem was that if + all the modules were "sufficient" then the return value for this + function was never set. The net effect was that _pam_dispatch_aux + returned success when all the sufficient modules failed. :^( I think + this is the correct fix to a problem that the Red Hat folks had + found... + +sopwith* Removed advisory locking from libpam (thanks for the POSIX patch + goes to Josh Wilmes's, my apologies for not using it in the + end.). Advisory locking did not seem sufficiently secure for libpam. + Thanks to Werner Almesberger for identifying the corresponding "denial + of service attack". :*( + +* related to fix, have introduced a lock file /var/lock/subsys/PAM + that can be used to indicate the system should pay attention to + advisory locking on /etc/pam.conf file. To implement this you need to + define PAM_LOCKING though. (see .52/libpam) + +* modified pam_fail_delay() function. Couldn't find the "not working" + problem indicated by Michael, but modified it to do pseudo-random + delays based on the values indicated by pam_fail_delay() -- the + function "that may eventually go away"... Although Sun is warming to + the idea. + +* new modules include: + + pam_shells - authentication for users with a shell listed in + /etc/shells. Erik Troan <ewt@redhat.com> + + pam_listfile - authentication based on the contents of files. + Set to be more general than the above in the + future. UNTESTED. Elliot Lee <@redhat.com> + [Note, this module compiles with a non-trivial + warning: AGM] + +Thu Aug 8 22:32:15 PDT 1996 (Andrew Morgan <morgan@physics.ucla.edu>) + +* modified makefiles to take more of their installation instructions + from the top level makefile. Desired for integration into the Debian + distribution, and generally a good idea. + +* fixed memory arithmetic in pam_handlers + -- still need to track down why failure to load modules can lead to + authentication succeding.. + +* added tags for new modules (smartcards from Alex -- just a promise + at this stage) and a new module from Elliot Lee; pam_securetty + +* I have not had time to smooth out the wrinkles with it, but Alex's + pam_unix modifications are provided in pam_unix-alex (in the modules + directory) they will not be compiled by 'make all' and I can't even + say if they do compile... I will try to look at them for .52 but, in + the mean time please feel free to study/fix/discuss what is there. + +* pam_rhosts module. Removed code for manually setting the ruser + etc. This was not very secure. + +* [remade .ps docs to be in letter format -- my printer complains + about a4] + +Sunday July, 7 12:45:00 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>) + +* No longer accompanying the Linux-PAM release with apps installed. + [Will provide what was here in a separate package.. (soon) +lib Also see http://www.redhat.com/pam for some more (in .rpm form...)] + +* renamed libmisc to libpam_misc. It is currently configured to only compile + the static library. For some strange reason (perhaps someone can + investigate) my Linux 2.0.0 kernel with RedHat 3.0.3 system + segfaults when I compile it to be a dynamic library. The segfault + seems to be inside the call to the ** dl_XXX ** function...!? + + There is a simple flag in the libpam_misc/Makefile to turn on dynamic + compiles. + +* Added a little unofficial code for delay support in libpam (will probably + disappear later..) There is some documentation for it in the pam_modules + doc now. That will obviously go too. + +* rewritten pam_time to use *logic* to specify the stringing together of + users/times/terminals etc.. (what was there before was superficially + logical but basically un-predictable!) + +* added pam_group. Its syntax is almost identical to pam_time but it + has another field added; a list of groups to make the user a member + of if they pass the previous tests. It seems to not co-exist too well + with the groups in the /etc/group but I hope to have that fixed by + the next release... + +* minor re-formatting of pam_modules documentation + +* removed ...// since it wasn't being used and didn't look like it + would be! + +GCCSunday 23 22:35:00 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>) + +* The major change is the addition of a new module: pam_time for + restricting access on terminals at given times for indicated users + it comes with its own configuration file /etc/security/time.conf + and the sample file simply restricts 'you' from satisfying the blank + application if they try to use blank from any tty* + +* Small changes include +- altered pam.conf to demonstrate above new module (try typing username: you) +- very minor changes to the docs (pam_appl and pam_modules) + +Saturday June 2 01:40:00 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>) + +*** PLEASE READ THE README, it has changed *** + +* NOTE, 'su' exhibits a "system error", when static linking is + used. This is because the pam_unix_... module currently only has + partial static linking support. This is likely to change on Monday + June 3, when Alex makes his latest version availible. I will include + the updated module in next release. + +changes for .42: + +* modified the way in which libpam/pam_modules.h defines prototypes for + the pam_sm_ functions. Now the module must declare which functions it + is to provide *before* the #include <security/pam_modules.h> line. + (for contrasting examples, see the pam_deny and pam_rootok modules) + This removed the ugly hack of defining functions that are never called + to overcome warnings... This seems much tidier. +insterted* updated the TODO list. (changed mailing list address) +* updated README in .../modules to reflect modifications to static + compliation protocol +* modified the pam_modules documentation to describe this. +* corrected last argument of pam_get_item( ... ) in + pam_appl/modules.sgml, to "const void **". +* altered GNU GPL's in the documentation, and various other parts of + the distribution. *Please check* that any code you are responsible for + is corrected. +* Added ./Copyright (please check that it is acceptable) +* updated ./README to make current and indicate the new mailing list + address +* have completely rewritten pam_filter. It now runs modular filter + executables (stored in /usr/sbin/pam_filter/) This should make it + trivial for others to write their own filters.. If you want yours + included in the distribution please email the list/me. +* changes to libpam; there was a silly bug with multiple arguments on a + pam.conf line that was broken with a '\<LF>'. +* 'su' rearranged code (to make better use of PAM) + *Also* now uses POSIX signals--this should help the Alpha port. +* 'passwd' now uses getlogin() to determine who's passwords to change. + +Sunday May 26 9:00:00 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>) + +* fixed module makefiles to create needed dynamic/static subdirectories + +Saturday May 25 20:30:27.8 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>) + +* LOTS has changed regarding how the modules/libpam are built. +* Michael's mostly complete changes for static support--see below + (Andrew got a little carried away and automated the static linking + of modules---bugs are likely mine ;( ) +* Thanks mostly to Michael, libpam now compiles without a single warning :^] +* made static modules/library optional. +CFLAGS* added 'make sterile' to top level makefile. This does extraclean and remove +* added Michael and Joseph to documentation credits (and a subsection for + future documentation of static module support in pam_modules.sgml) +* libpam; many changes to makefiles and also automated the inclusion of + static module objects in pam_static.c +* modified modules for automated static/dynamic support. Added static & + dynamic subdirectories, as instructed by Michael +* removed an annoying syslog message from pam_filter: "parent exited.." +* updated todo list (anyone know anything about svgalib/X? we probably should + have some support for these...) + +Friday May 24 16:30:15 EDT 1996 (Michael K. Johnson <johnsonm@redhat.com>) + +* Added first (incomplete) cut at static support. + This includes: + . changes in libpam, including a new file, pam_static.c + . changes to modules including exporting struct of function pointers + . static and dynamic linking can be combined + . right now, the only working combinations are just dynamic + linking and dynamic libpam.so with static modules linked + into libpam.so. That's on the list of things to fix... + . modules are built differently depending on whether they + are static or dynamic. Therefore, there are two directories + under each module directory, one for static, and one for + dynamic modules. +* Fixed random brokenness in the Makefiles. [ foo -nt bar ] is + rather redundant in a makefile, for instance. Also, passing + on the command line is broken because it cannot be + overridden in any way (even adding important parts) in lower-level + makefiles. +* Unfortunately, fixing some of the brokenness meant that I used + GNU-specific stuff. However, I *think* that there was GNU-specific + stuff already. And I think that we should just use the GNU + extensions, because any platform that GNU make doesn't port to + easily will be hard to port to anyway. It also won't be likely +passwd to handle autoconf, which was Ted's suggestion for getting + around limitations in standard make... + For now, I suggest that we just use some simple GNU-specific + extensions. + +Monday May 20 22:00:00 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>) + +* added some text to pam_modules.sgml +* corrected Marek's name in all documentation +* made pam_stress conform to chauthtok conventions -- ie can now request + old password before proceeding. +* included Alex's latest unix module +* included Al's + password strength checking module +* included pam_rootok module +* fixed too many bugs in libpam.. all subtly related to the argument lists + or use of syslog. Added more debugging lines here too. +* fixed the pam.conf file +* deleted pam_test module. It is pretty old and basically superceeded + by pam_stress + +Friday May 9 1:00:00 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>) + +* updated documentaion, added Al Longyear to credits and corrected the + spelling of Jeff's name(!). Most changes to pam.sgml (even added a figure!) +* new module pam_rhosts_auth (from Al Longyear) +* new apps rlogind and ftpd (a patch) from Al. +* modified 'passwd' to not call pam_authenticate (note, none of the + modules respect this convention yet!) +* fixed bug in libpam that caused trouble if the last line of a + pam.conf file ends with a module name and no newline character +* also made more compatable with documentation, in that bad lines in + pam.conf are now ignored rather than causing libpam to return an + error to the app. +* libpam now overwrites the AUTHTOKs when returning from + pam_authenticate and pam_chauthtok calls (as per Sun/RFC too) +* libpam is now installed as libpam.so.XXX in a way that ldconfig can + handle! + + +Wednesday May 1 22:00:00 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>) + +* removed .../test directory, use .../examples from now on. +* added .../apps directory for fully functional applications + - the apps directory contains directories that actually contain the apps. + the idea is to make application compilation conditional on the presence + of the directory. Note, there are entries in the Makefile for + 'login' and 'ftpd' that are ready for installation... Email me if + you want to reserve a directory name for an application you are + working on... +* similar changes to .../modules makefile [entries for pam_skey and + pam_kerberos created---awaiting the directories.] Email me if you + want to register another module... +* minor changes to docs.. Not really worth reprinting them quite yet! + [save the trees] +* added misc_conv to libmisc. it is a generic conversation function + for text based applications. [would be nice to see someone create + an Xlib and/or svgalib version] +* fixed ctrl-z/c bug with pam_filter module [try xsh with the default + pam.conf file] +* added 'required' argument to 'pam_stress' module. +* added a TODO list... other suggestions to the list please. + +Saturday April 7 00:00:00 PST 1996 ( Andrew Morgan <morgan@physics.ucla.edu> ) + +* Alex and Marek please note I have altered _pam_auth_unix a little, to + make it get the passwords with the "proper method" (and also fixed it + to not have as many compiler warnings) +* updated the conf/pam.conf file +* added new example application examples/xsh.c (like blank but invokes + /bin/sh) +* Marc's patches for examples/blank.c (and AGM's too) +* fixed stacking of modules in libpam/pam_handlers.c +* fixed RESETing in libpam/pam_item.c +* added new module modules/pam_filter/ to demonstrate the possibility + of inserting an arbitrary filter between the terminal and the + application that could do customized logging etc... (see use of + bin/xsh as defined in conf/pam.conf) + + +Saturday March 16 19:00:00 PST 1996 ( Andrew Morgan <morgan@physics.ucla.edu> ) + +These notes are for 0.3 I don't think I've left anything important +out, but I will use emacs 'C-x v a' next time! (Thanks Jeff) + + * not much has changed with the functionality of the Linux-PAM lib + .../libpam + - pam_password calls module twice with different arguments + - added const to some of the function arguments + - added PAM_MAX_MES_ to <security/_pam_types.h> + - was a lot over zealous about purging old passwords... + I have removed much of this from source to make it + more compatible with SUN. + - moved some PAM_... tokens to pam_modules.h from _pam_types.h + (no-one should notice) + + * added three modules: pam_permit pam_deny pam_stress + no prizes for guessing what the first two do. The third is + a reasonably complete (functional) module. Is intended for testing + applications with. + + * fixed a few pieces of examples/blank.c so that it works (with + pam_stress) + + * ammended the documentation. Looking better, but suggestions/comments + very welcome! + +Sunday March 10 10:50:00 PST 1996 ( Andrew Morgan <morgan@physics.ucla.edu> ) + +These notes are for Linux-PAM release 0.21. They cover what's changed +since I relased 0.2. + + * am now using RCS + * substantially changed ./README + * fixed bug reading \\\n in pam.conf file + * small changes to documentation + * added `blank' application to ./examples (could be viewed as + a `Linux-PAM aware' application template.) + * oops. now including pam_passwd.o and pam_session.o in pamlib.so + * compute md5 checksums for all the source when making a release + - added `make check' and `make RCScheck' to compute md5 checksums + * create a second tar file with all the RCS files in. + * removed the .html and .txt docs, supplying sgml sources instead. + - see README for info on where to get .ps files + +Thursday March 6 0:44:?? PST 1996 ( Andrew Morgan <morgan@physics.ucla.edu> ) + +These notes are for Linux-PAM release 0.2. They cover what's changed +since Marc Ewing relased 0.1. + +**** Please note. All of the directories in this release have been modified +**** slightly to conform to the new pamlib. A couple of new directories have +**** been added. As well as some documentation. If some of your code +**** was in the previous release. Feel free to update it, but please +**** try to conform to the new headers and Makefiles. + +* Andrew Morgan (morgan@physics.ucla.edu) is making this release + availible, Marc has been busy...! + +* Marc's pam-0.1/lib has been (quietly) enhanced and integrated into + Alex Yurie's collected tree of library and module code + (linux-pam.prop.1.tar.gz). Most of the changes are to do with error + checking. Some more robustness in the reading of the pam.conf file + and the addition of the pam_get_user() function. + +* The pam_*.h files have been reorganized to logically enforce the + separation of modules from applications. [Don't panic! Apart from + changing references of the form + + #include "pam_appl.h" + + to + + #include <security/pam_appl.h> + + The reorganization should be backwardly compatable (ie. a module + written for SUN will be as compatable as it was before with the + previous version ;)~ ] + + (All of the source in this tree now conforms to this scheme...) + + The new reorganization means that modules can be compiled with a + single header, <security/pam_modules.h>, and applications with + <security/pam_appl.h>. + +* I have tried to remove all the compiler warnings from the updated + "pamlib/*.c" files. On my system, (with a slightly modified <dlfcn.h> + email me if it interests you..) there are only two warnings that + remain: they are that ansi does not permit void --> fn ptr + assignment. K&Rv2 doesn't mention this....? As a matter of principle, + if anyone knows how to get rid of that warning... please + tell. Thanks! "-pedantic" + +* you can "make all" as a plain user, but + +* to "make install" you must be root. The include files are placed in + /usr/include/security. The libpam.so library is installed in /usr/lib + and the modules in /usr/lib/security. The two test binaries + are installed in the Linux-PAM-0.2/bin directory and a chance is given to + replace your /etc/pam.conf file with the one in Linux-PAM-0.2/conf. + +* I have included some documentation (pretty preliminary at the +moment) which I have been working on in .../doc . + +I have had a little trouble with the modules, but atleast there are no +segfaults! Please try it out and discuss your results... I actually +hope it all works for you. But, Email any bugs/suggestions to the +Linux-PAM list: linux-pam@mit.edu ..... + +Regards, + +Andrew Morgan +(morgan@physics.ucla.edu) + + +Sat Feb 17 17:30:24 EST 1996 (Alexander O. Yuriev alex@bach.cis.temple.edu) + + * conf directory created with example of pam_conf + * stable code from pam_unix is added to modules/pam_unix + * test/test.c now requests username and password and attempts + to perform authentication diff --git a/ChangeLog.old/CHANGELOG-pam_unix b/ChangeLog.old/CHANGELOG-pam_unix new file mode 100644 index 00000000..f8f70f59 --- /dev/null +++ b/ChangeLog.old/CHANGELOG-pam_unix @@ -0,0 +1,54 @@ +$Id$ + +* Mon Aug 16 1999 Jan Rękorajski <baggins@pld.org.pl> +- fixed reentrancy problems + +* Sun Jul 4 21:03:42 PDT 1999 + +- temporarily removed the crypt16 stuff. I'm really paranoid about + crypto stuff and exporting it, and there are a few too many 's-box' + references in the code for my liking.. + +* Wed Jun 30 1999 Steve Langasek <vorlon@netexpress.net> +- further NIS+ fixes + +* Sun Jun 27 1999 Steve Langasek <vorlon@netexpress.net> +- fix to uid-handling code for NIS+ + +* Sat Jun 26 1999 Jan Rękorajski <baggins@mimuw.edu.pl> +- merged MD5 fix and early failure syslog + by Andrey Vladimirovich Savochkin <saw@msu.ru> +- minor fixes +- added signal handler to unix_chkpwd + +* Fri Jun 25 1999 Stephen Langasek <vorlon@netexpress.net> +- reorganized the code to let it build as separate C files + +* Sun Jun 20 1999 Jan Rękorajski <baggins@mimuw.edu.pl> +- fixes in pam_unix_auth, it incorrectly saved and restored return + value when likeauth option was used + +* Tue Jun 15 1999 Jan Rękorajski <baggins@mimuw.edu.pl> +- added NIS+ support + +* Mon Jun 14 1999 Jan Rękorajski <baggins@mimuw.edu.pl> +- total rewrite based on pam_pwdb module, now there is ONE pam_unix.so + module, it accepts the same options as pam_pwdb - all of them correctly ;) + (pam_pwdb dosn't understand what DISALLOW_NULL_AUTHTOK means) + +* Tue Apr 20 1999 Jan Rękorajski <baggins@mimuw.edu.pl> +- Arghhh, pam_unix_passwd was not updating /etc/shadow when used with + pam_cracklib. + +* Mon Apr 19 1999 Jan Rękorajski <baggins@mimuw.edu.pl> +- added "remember=XXX" option that means 'remember XXX old passwords' + Old passwords are stored in /etc/security/opasswd, there can be + maximum of 400 passwords per user. + +* Sat Mar 27 1999 Jan Rękorajski <baggins@mimuw.edu.pl> +- added crypt16 to pam_unix_auth and pam_unix_passwd (check only, this algorithm + is too lame to use it in real life) + +* Sun Mar 21 1999 Jan Rękorajski <baggins@mimuw.edu.pl> +- pam_unix_auth now correctly behave when user has NULL AUTHTOK +- pam_unix_auth returns PAM_PERM_DENIED when seteuid fails diff --git a/ChangeLog.old/ChangeLog-CVS b/ChangeLog.old/ChangeLog-CVS new file mode 100644 index 00000000..47b54cea --- /dev/null +++ b/ChangeLog.old/ChangeLog-CVS @@ -0,0 +1,5099 @@ +2011-10-26 Dmitry V. Levin <ldv@altlinux.org> + + NB: ChangeLog file is no longer manually maintained. + See README-hacking for details. + +2011-10-25 Thorsten Kukuk <kukuk@thkukuk.de> + + * release version 1.1.5 + + * configure.in: Bump version number. + + * modules/pam_tally2/pam_tally2.8.xml: Remove never used option + "no_lock_time". + +2011-10-14 Kees Cook <kees@debian.org> + + * modules/pam_env/pam_env.c (_expand_arg): Abort when encountering an + overflowed environment variable expansion. + Fixes CVE-2011-3149. + Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874565 + + * modules/pam_env/pam_env.c (_assemble_line): Correctly count leading + whitespace. + Fixes CVE-2011-3148. + Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874469 + +2011-10-10 Tomas Mraz <tm@t8m.info> + + * modules/pam_access/pam_access.c: Add hostname resolution + cache. + (user_match): Clear the cache in fake_item. + (from_match): If from is not hostname, do not try to resolve it. + Cache the getaddrinfo() result. + (network_netmask_match): Cache the getaddrinfo() result. + (pam_sm_authenticate): Free the getaddrinfo() result. + + * modules/pam_access/pam_access.c (netgroup_match): If getdomainname() + fails or domainname not set use NULL as domain in innetgr(). + +2011-09-30 Tomas Mraz <tm@t8m.info> + + * doc/man/pam.conf-syntax.xml: Improve documentation of the + sufficient and requisite control values. (Red Hat Bug #742413) + +2011-08-25 Tomas Mraz <tm@t8m.info> + + * modules/pam_access/pam_access.c (user_match): Fix the split + on @ in the user field. (Red Hat Bug #732081) + + * modules/pam_loginuid/pam_loginuid.c: Correct the FSF address. + +2011-08-23 Tomas Mraz <tm@t8m.info> + + * modules/pam_env/pam_env.c (_pam_parse): Fix missing dereference. + +2011-06-22 Thorsten Kukuk <kukuk@thkukuk.de> + + * release version 1.1.4 + + * configure.in: Bump version number. + * NEWS: Document changes since 1.1.3 + * libpam/Makefile.am: Bump release number of shared library + * po/de.po: Translate new string. + + * modules/pam_unix/Makefile.am (pam_unix_la_LIBADD): Reorder + Libraries. + +2011-06-21 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_limits/pam_limits.c: Add set_all option, + read limits from PID one if no limit is specified and set_all + is set. + * modules/pam_limits/pam_limits.8.xml: Document set_all option. + Based on Patch by Kees Cook. + +2011-06-15 Tomas Mraz <tm@t8m.info> + + * modules/pam_sepermit/pam_sepermit.c (check_running): Avoid + leaking memory and dir handle on realloc failure. + (sepermit_unlock): Cast fcntl() and close() calls to void. + + * modules/pam_pwhistory/opasswd.c (check_old_password): Do not + needlessly call strdupa(). + (save_old_password): Avoid memleaks in error paths. Avoid memleak of + buf. Make the opasswd entry parsing more robust. + * modules/pam_pwhistory/pam_pwhistory.8.xml: Document the + special meaning of remember=0. + + * modules/pam_unix/support.c (_set_ctrl): Do not crash when remember, + minlen, or rounds options are used with wrong module type. + + * modules/pam_timestamp/pam_timestamp.c (pam_sm_authenticate): Avoid + memleak in error path. + (pam_sm_open_session): Avoid memleak and fd leak in error path. + + * modules/pam_access/pam_access.c (user_match): Initialize the + fake_item from item. + +2011-06-14 Thorsten Kukuk <kukuk@thkukuk.de> + + * configure.in: Check for libtirpc by default. + * libpam/Makefile.am: Add support for libtirpc. + * modules/pam_access/Makefile.am: Likewise. + * modules/pam_unix/Makefile.am: Likewise. + * modules/pam_unix/pam_unix_passwd.c: Change ifdefs for + new libtirpc support. + * modules/pam_unix/yppasswd_xdr.c: Only compile if we have rpc/rpc.h. + +2011-06-13 Tomas Mraz <tm@t8m.info> + + * modules/pam_securetty/pam_securetty.c (securetty_perform_check): Test + also whether the tty is in the /sys/class/tty/console/active file. + * modules/pam_securetty/pam_securetty.8.xml: Document the new check of + /sys/class/tty/console/active/file. + +2011-06-07 Tomas Mraz <tm@t8m.info> + + * modules/pam_namespace/pam_namespace.c (root_shared): New + function to detect shared / mount. + (pam_sm_open_session): Call the root_shared() and enable + private mounts based on that. + * modules/pam_namespace/pam_namespace.8.xml: Document the + automatic detection of shared / mount. + +2011-06-06 Tomas Mraz <tm@t8m.info> + + * modules/pam_group/pam_group.c (shift_bytes): Removed. + (shift_buf, trim_spaces): Added new functions. + (read_field): Thorough rewrite of the parsing. + (check_account): read_field() now uses state information. No + extra read_field() call at the end of configuration line. + * modules/pam_time/pam_time.c (shift_bytes): Removed. + (shift_buf, trim_spaces): Added new functions. + (read_field): Thorough rewrite of the parsing. + (check_account): read_field() now uses state information. No + extra read_field() call at the end of configuration line. + + * modules/pam_namespace/pam_namespace.h: Define the MS_PRIVATE and + MS_REC flags if they are not in sys/mount.h. + +2011-06-06 Nguyễn Thái Ngọc Duy <pclouds@gmail.com> + + * po/LINGUAS: Add vietnamese. + * po/vi.po: Add vietnamese translation. + +2011-06-02 Tomas Mraz <tm@t8m.info> + + * modules/pam_namespace/pam_namespace.c (protect_dir): Add parameter + to always do protect mount the last directory in the path. + (check_inst_parent, create_polydir): Update the protect_dir() call. + (ns_setup): Likewise and add the MS_PRIVATE mount() call. + (pam_sm_open_session): Check the mount_private option. + * modules/pam_namespace/pam_namespace.h: Add the PAMNS_MOUNT_PRIVATE. + * modules/pam_namespace/pam_namespace.8.xml: Document the mount_private + option. + + * modules/pam_cracklib/pam_cracklib.c (str_lower): Make it no-op + on NULL strings. + (password_check): Guard for NULLs returned from memory allocation. + + * modules/pam_filter/pam_filter.c (process_args): Guard for error return + from pam_get_user(). + + * modules/pam_echo/pam_echo.c (replace_and_print): Guard for error return + from pam_get_item(). + +2011-05-30 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_timestamp/pam_timestamp.c (main): Remove unsused + variable pretval. + + * modules/pam_stress/pam_stress.c (converse): **message is const. + (stress_get_password): pmsg is const. + (pam_sm_chauthtok): Likewise. + * libpam/pam_item.c (pam_get_user): Make pmsg const and remove + casts. + +2011-05-30 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_env/pam_env.c (_pam_parse): Implement debug option. + Based on patch by Tomas Mraz. + +2011-05-24 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): quiet + option has no argument, print no missing file if quiet is set + [sf#3194930]. + +2011-05-04 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_lastlog/pam_lastlog.c (last_login_failed): Don't + abort with error if btmp file does not exist. + +2011-03-21 Tomas Mraz <tm@t8m.info> + + * modules/pam_unix/md5.c (MD5Final): Clear the whole ctx. + +2011-03-18 Tomas Mraz <tm@t8m.info> + + * modules/pam_namespace/md5.c (MD5Final): Clear the whole ctx. + * modules/pam_namespace/pam_namespace.c (del_polydir): Guard for NULL poly. + (protect_dir): Guard for -1 passing to close(). + (ns_setup): Likewise. + (pam_sm_open_session): Correctly test for SELinux enabled flag. + +2011-03-17 Tomas Mraz <tm@t8m.info> + + * modules/pam_selinux/pam_selinux.c (config_context): Fix leak of type. + (manual_context): Likewise. + (context_from_env): Remove extraneous auditing in success case. + + * modules/pam_unix/support.c (_unix_run_helper_binary): Remove extra + close() call. + +2011-02-22 Tomas Mraz <tm@t8m.info> + + * modules/pam_nologin/pam_nologin.8.xml: Add missing space. + * modules/pam_limits/limits.conf.5.xml: Fix typo. + +2010-12-21 Tomas Mraz <tm@t8m.info> + + * modules/pam_selinux/pam_selinux.c (mls_range_allowed): Unhardcode + values for security class and av permission bit. + +2010-12-14 Tomas Mraz <tm@t8m.info> + + * modules/pam_limits/pam_limits.c (parse_uid_range): New function + to parse the range of uids or gids. + (parse_config_file): Call parse_uid_range() and if uid/gid range + is identified, setup the limits if the range matches. New parameters + containing user's uid and primary gid. + (pam_sm_open_session): Pass the user's uid and primary gid to + parse_config_file(). + * modules/pam_limits/limits.conf.5.xml: Document the uid/gid ranges. + +2010-12-14 Bahadır Kandemir <bahadir@pardus.org.tr> + + * po/tr.po: Updated translations. + +2010-11-25 Tomas Mraz <tm@t8m.info> + + * modules/pam_securetty/pam_securetty.8.xml: Improve documentation + of the kernel console feature and the noconsole option. + +2010-11-24 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_securetty/pam_securetty.c: Parse console= kernel + option, add noconsole option. + * modules/pam_securetty/pam_securetty.8.xml: Document new behavior + for serial console. + Patch from Lennart Poettering. + +2010-11-24 Tomas Mraz <tm@t8m.info> + + * modules/pam_limits/limits.conf.5.xml: Document the %group syntax. + +2010-11-18 Tomas Mraz <tm@t8m.info> + + * modules/pam_limits/pam_limits.c (pam_parse,pam_sm_open_session): + Drop obsolete and broken option change_uid. + * modules/pam_limits/pam_limits.8.xml: Likewise. + +2010-11-16 Tomas Mraz <tm@t8m.info> + + * modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Remove + dead and duplicate code. Return PAM_INCOMPLETE instead of + PAM_CONV_AGAIN. + +2010-11-11 Tomas Mraz <tm@t8m.info> + + * modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Fix + potential use after free in case SELinux is misconfigured. + + * modules/pam_namespace/pam_namespace.c (process_line): Fix memory + leak when parsing empty config file lines. + +2010-10-28 Thorsten Kukuk <kukuk@thkukuk.de> + + * release version 1.1.3 + + * configure.in: Increase version to 1.1.3 + + * NEWS: document visible changes + + * libpam/Makefile.am (libpam_la_LDFLAGS): Bump version number. + +2010-10-27 Thorsten Kukuk <kukuk@thkukuk.de> + + * doc/adg/Makefile.am: Use UTF-8 for html docu. + * doc/mwg/Makefile.am: Likewise. + * doc/sag/Makefile.am: Likewise. + +2010-10-22 Tomas Mraz <tm@t8m.info> + + * modules/pam_namespace/pam_namespace.c (inst_init): Use execle() + to execute the init script with clean environment. (CVE-2010-3853) + (cleanup_tmpdirs): Likewise for executing rm. + +2010-10-21 Dmitry V. Levin <ldv@altlinux.org> + + * modules/pam_mkhomedir/mkhomedir_helper.c (rec_mkdir): Remove. + (create_homedir): Use mkdir() instead of rec_mkdir(). + (make_parent_dirs): New function. + (main): Use make_parent_dirs() to create parent directories only + for the home directory itself. + +2010-10-21 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_unix/support.c (_unix_getpwnam): Don't allocate + unneeded buffer for uid/gid [sf#3059572]. + +2010-10-20 Thorsten Kukuk <kukuk@thkukuk.de> + + * doc/man/pam_get_authtok.3.xml: Fix xml code. + + * doc/man/Makefile.am: Fix build dependencys of pam_get_authtok.3. + + * xtests/Makefile.am: Only build xtests if we run xtests. + * configure.in: Check for libdb with symbol versions, too. + Patch from Diego Elio Pettenò. + + * modules/pam_mkhomedir/mkhomedir_helper.c (rec_mkdir): Create + parent directories always with mode 0755. + (create_homedir): Create main directory with mode 0700 at first. + +2010-10-19 Dmitry V. Levin <ldv@altlinux.org> + + * modules/pam_selinux/Makefile.am (pam_selinux_la_LIBADD): Add + @LIBAUDIT@. + + * m4/ld-O1.m4 (PAM_LD_O1): Fix typo. + + * m4/ld-no-undefined.m4: New file. + * configure.in: Use PAM_LD_NO_UNDEFINED. + * Makefile.am (M4_FILES): Add m4/ld-no-undefined.m4. + + * modules/pam_selinux/pam_selinux.c (verbose_message): Remove. + (pam_sm_open_session): Call send_text() instead of verbose_message(). + +2010-10-19 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_env/pam_env.8.xml: Document side effects of + environment variables in the stack. + * modules/pam_exec/pam_exec.8.xml: Document that user can + have controll over the environment. + +2010-10-07 Dmitry V. Levin <ldv@altlinux.org> + + * modules/pam_selinux/pam_selinux.c (verbose_message): Fix format + string. + +2010-10-04 Dmitry V. Levin <ldv@altlinux.org> + + * libpam/pam_modutil_priv.c: New file. + * libpam/Makefile.am (libpam_la_SOURCES): Add it. + * libpam/include/security/pam_modutil.h (struct pam_modutil_privs, + PAM_MODUTIL_DEF_PRIVS, pam_modutil_drop_priv, + pam_modutil_regain_priv): New declarations. + * libpam/libpam.map (LIBPAM_MODUTIL_1.1.3): New interface. + * modules/pam_env/pam_env.c (handle_env): Use new pam_modutil interface. + * modules/pam_mail/pam_mail.c (_do_mail): Likewise. + * modules/pam_xauth/pam_xauth.c (check_acl, pam_sm_open_session, + pam_sm_close_session): Likewise. + (pam_sm_open_session): Remove redundant fchown call. + Fixes CVE-2010-3430, CVE-2010-3431. + +2010-10-01 Thorsten Kukuk <kukuk@thkukuk.de> + + * configure.in: Extend cross compiling check. + * doc/specs/Makefile.am: Set CFLAGS and LDFLAGS to BUILD_CFLAGS + and BUILD_LDFLAGS. + Bug #3078936 / gentoo #339174 + +2010-09-30 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_xauth/pam_xauth.c (pam_sm_close_session): Warn if + unlink() fails. + +2010-09-27 Dmitry V. Levin <ldv@altlinux.org> + + * modules/pam_xauth/pam_xauth.c (pam_sm_close_session): Return + PAM_SUCCESS immediately if no cookie file is defined. Return + PAM_SESSION_ERR if cookie file is defined but target uid cannot be + determined. Do not modify cookiefile string returned by pam_get_data. + + * modules/pam_xauth/pam_xauth.c (check_acl): Ensure that the given + access control file is a regular file. + +2010-09-16 Dmitry V. Levin <ldv@altlinux.org> + + * modules/pam_env/pam_env.c (handle_env): Use setfsuid() return code. + * modules/pam_mail/pam_mail.c (_do_mail): Likewise. + * modules/pam_xauth/pam_xauth.c (check_acl, pam_sm_open_session, + pam_sm_close_session): Likewise. + +2010-08-31 Thorsten Kukuk <kukuk@thkukuk.de> + + * release version 1.1.2 + + * configure.in: Bump version number. + * NEWS: Document changes since 1.1.1. + * doc/adg/Linux-PAM_ADG.xml: Bump version number. + * doc/mwg/Linux-PAM_MWG.xml: Likewise. + * doc/sag/Linux-PAM_SAG.xml: Likewise. + * libpam/Makefile.am: Bump revision of shared library. + * po/*.po: Regenerate. + +2010-08-26 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_nologin/pam_nologin.c (perform_check): Try first + /var/run/nologin if the nologin file is not explicitly specified. + * modules/pam_nologin/pam_nologin.8.xml: Document that /var/run/nologin + is tried first. + +2010-08-26 Sweta Kothari <swkothar@redhat.com> + + * po/gu.po: Updated translations. + +2010-08-26 Geert Warrink <geert.warrink@onsnet.nu> + + * po/nl.po: Updated translations. + +2010-08-26 Thorsten Kukuk <kukuk@thkukuk.de> + + * doc/specs/Makefile.am: Use CC_FOR_BUILD as compiler (cross + compile support). + * configure.in: Check for host compiler if cross compiling. + Bug #2315432, debian#284854#42. + +2010-08-17 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_unix/pam_unix_passwd.c: Implement minlen option. + * modules/pam_unix/support.c: Likewise. + * modules/pam_unix/support.h: Likewise. + + * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Adjust + arguments for _set_ctrl call. + * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise. + * modules/pam_unix/pam_unix_session.c: Likewise. + + * modules/pam_unix/pam_unix.8.xml: Document minlen option. + Based on patch by Steve Langasek. + +2010-08-12 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_mail/pam_mail.c: Check for mail only with user + privilegs. + + * modules/pam_xauth/pam_xauth.c (run_coprocess): Check return + value of setgid, setgroups and setuid. + + * modules/pam_xauth/pam_xauth.c (check_acl): Save errno for + later usage. + + * modules/pam_env/pam_env.c (handle_env): Check if user exists, + read local user config only with user privilegs.` + +2010-08-09 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_tally/pam_tally.8.xml: Document that pam_tally is + deprecated. + + * modules/pam_tty_audit/Makefile.am (EXTRA_DIST): Fix make dist. + + * modules/pam_unix/passverify.c (check_shadow_expiry): Correct + check for expired date. + + * modules/pam_unix/pam_unix_passwd.c (_pam_unix_approve_pass): Remove + check for password length. Bug #2923437. + +2010-08-04 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_tally2/pam_tally2.c (get_tally): Create file + with correct permissions. Patch by Diego Elio “Flameeyes” Pettenò. + + * modules/pam_unix/passverify.c (PAMH_ARG_DECL): Don't request + password change if time is not yet set (1.1.1970). Bug #2730965. + + * modules/pam_access/pam_access.c (user_match): Make sure + that user@host will not match @@netgroup. Bug #3035919. + + * modules/pam_group/pam_group.c (check_account): Add '%' for + UNIX groups. + * modules/pam_group/group.conf: Add example for '%'. + * modules/pam_group/group.conf.5.xml: Document '%' syntax. + Bug #3002340, #3037155. + +2010-08-02 Steve Langasek <vorlon@debian.org> + + * modules/pam_mkhomedir/Makefile.am: don't pass --version-script + options when linking executables, only when linking libraries + Patch from Julien Cristau <jcristau@debian.org> + +2010-07-12 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Add + audit flag to enable logging about unknown user (#2917257). + * modules/pam_succeed_if/pam_succeed_if.8.xml: Document audit. + * modules/pam_succeed_if/pam_succeed_if.8: Regenerated from xml. + * modules/pam_succeed_if/README: Regenerated from xml. + +2010-06-22 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_umask/pam_umask.8.xml: Remove comparisation of + gid and uid for usergroups. + * modules/pam_umask/pam_umask.c (setup_limits_from_gecos): Likewise. + Bug #3004656 + + * configure.in: Don't check for libxcrypt if no xcrypt.h exists, + fix typo introduced with 1.1.1. + Reported by Diego Elio “Flameeyes” Pettenò. + +2010-06-15 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_xauth/pam_xauth.c (pam_sm_close_session): Call + setfsuid to be allowed to remove temporary files (#3010705). + (pam_sm_open_session): Call fchown with correct permissions. + +2010-06-09 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_tty_audit/Makefile.am (TESTS): Add tst-pam_tty_audit. + * modules/pam_tty_audit/tst-pam_tty_audit: New. + +2010-06-07 Steve Langasek <vorlon@debian.org> + + * modules/pam_tty_audit/Makefile.am: If we don't have the libraries + required for building pam_tty_audit, we shouldn't install the manpage + either. + +2010-05-27 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_userdb/pam_userdb.c: Define HAVE_DBM + for BerkDB 5.0 support. Patch by Diego Elio Pettenò. + +2010-04-15 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_exec/pam_exec.8.xml: Fix example. + +2010-04-13 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_pwhistory/opasswd.c: Fix compilation if + cyprt_r() is not available. + * configure.in: check for getutent_r. + * modules/pam_timestamp/pam_timestamp.c: Use getutent() + if getutent_r() does not exist. + Patch from Diego Elio “Flameeyes” Pettenò. + +2010-04-12 Thorsten Kukuk <kukuk@thkukuk.de> + + * doc/man/pam.conf-syntax.xml: Better documentation of + "actionN". Patch from Michal Soltys <soltys@ziu.info>. + +2010-04-06 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_rootok/pam_rootok.c: Add support for acct_mgmt + and chauthtok. + * modules/pam_rootok/pam_rootok.8.xml: Document new module + types. + +2010-03-29 Thorsten Kukuk <kukuk@thkukuk.de> + + * po/ar.po: Add missing Plural-Forms entry to header. + +2010-03-25 Daniel Nylander <po@danielnylander.se> + + * po/sv.po: Updated translations. + +2010-03-24 Ani Peter <anipeter@fedoraproject.org> + + * po/ml.po: Updated translations. + +2010-03-08 Yuri Chornoivan <yurchor@ukr.net> + + * po/uk.po: Updated translations. + +2010-02-09 Tomas Mraz <t8m@centrum.cz> + + * libpam/pam_get_authtok.c (pam_get_authtok_internal): Fix + regression in the new password prompt. + +2010-01-04 Elad <el.il@doom.co.il> + + * po/he.po: New translation to Hebrew. + * po/LINGUAS: Add Hebrew to the list. + +2009-12-16 Thorsten Kukuk <kukuk@thkukuk.de> + + * release version 1.1.1 + + * NEWS: Adjust for 1.1.1 + * configure.in: Likewise. + * doc/adg/Linux-PAM_ADG.xml: Likewise. + * doc/mwg/Linux-PAM_MWG.xml: Likewise. + * doc/sag/Linux-PAM_SAG.xml: Likewise. + * po/*.po: Regenerated. + +2009-12-08 Thorsten Kukuk <kukuk@thkukuk.de> + + * configure.in: Rename DEBUG to PAM_DEBUG. + * libpam/pam_env.c: Likewise + * libpam/pam_handlers.c: Likewise + * libpam/pam_miscc.c: Likewise + * libpam/pam_password.c: Likewise + * libpam/include/security/_pam_macros.h: Likewise + * libpamc/test/modules/pam_secret.c: Likewise + * modules/pam_group/pam_group.c: Likewise + * modules/pam_listfile/pam_listfile.c: Likewise + * modules/pam_unix/pam_unix_auth.c: Likewise + * modules/pam_unix/pam_unix_passwd.c: Likewise + +2009-12-08 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_unix/passverify.c(unix_update_shadow): Create a shadow + entry if not present in the file. + + * modules/pam_listfile/pam_listfile.c(pam_sm_authenticate): Remove + unused function and variable. + +2009-11-19 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_sepermit/pam_sepermit.c(sepermit_match): Return + PAM_AUTH_ERR from the module if sepermit_lock() fails. + +2009-11-18 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_access/pam_access.c(user_match): Revert the netgroup + match to the original behavior, add new syntax for adding the local + hostname. + * modules/pam_access/access.conf.5.xml: Document the new syntax + for adding the local hostname to the netgroup match. + +2009-11-10 Thorsten Kukuk <kukuk@suse.de> + + * doc/man/pam_get_authtok.3.xml: Document pam_get_authtok_noverify + and pam_get_authtok_verify. + + * libpam/Makefile.am (libpam_la_LDFLAGS): Bump revesion of libpam. + + * libpam/pam_get_authtok.c (pam_get_authtok_internal): Renamed + from pam_get_authtok, add flags argument, always check return + values. + + * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Use + pam_get_authtok_noverify and pam_get_authtok_verify. + + * libpam/include/security/pam_ext.h: Add prototypes for + pam_get_authtok_noverify and pam_get_authtok_verify. + + * libpam/libpam.map: Add new pam_get_authtok_* functions. + +2009-11-02 Ani Peter <anipeter@fedoraproject.org> + + * po/ml.po: Updated translations. + +2009-11-02 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_sepermit/Makefile.am: Add sepermit.conf(5) manual page. + * modules/pam_sepermit/pam_sepermit.8.xml: Add reference to + sepermit.conf(5). Drop some redundant text. + * modules/pam_sepermit/sepermit.conf.5.xml: New file. + + * modules/pam_sepermit/pam_sepermit.c(sepermit_match): Implement the ignore + option in sepermit.conf. + +2009-10-29 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_xauth/Makefile.am: Link with libselinux. + * modules/pam_xauth/pam_xauth.c(pam_sm_open_session): Call + setfscreatecon() if selinux is enabled to create the .xauth file + with the right label. Original idea by Dan Walsh. + +2009-10-08 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_tty_audit/pam_tty_audit.8.xml: Add notice about aureport + add SEE ALSO section. + +2009-10-06 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_listfile/pam_listfile.c(pam_sm_authenticate): Just + call pam_modutil_user_in_group_nam_nam() instead of reimplementation + of group matching. + +2009-10-05 Kris Thomsen <lakristho@gmail.com> + + * po/da.po: Updated translations. + +2009-09-29 Piotr Drąg <piotrdrag@gmail.com> + + * po/pl.po: Updated translations. + +2009-09-21 Yulia Poyarkova <yulia.poyarkova@redhat.com> + + * po/ru.po: Updated translations. + +2009-09-17 Kiyoto Hashida <khashida@redhat.com> + + * po/ja.po: Updated translations. + +2009-09-17 Eunju Kim <eukim@redhat.com> + + * po/ko.po: Updated translations. + +2009-09-17 Yulia Poyarkova <yulia.poyarkova@redhat.com> + + * po/ru.po: Updated translations. + +2009-09-10 Steve Langasek <vorlon@debian.org> + + * modules/pam_securetty/pam_securetty.c: pam_securetty should not + return PAM_USER_UNKNOWN when the tty is secure, regardless of what + was entered as a username. + Patch from Nicolas François <nicolas.francois@centraliens.net>. + +2009-08-31 Steve Langasek <vorlon@debian.org> + + * modules/pam_namespace/namespace.init: make this portable to POSIX + awk, instead of using GNU awk extensions. + +2009-08-25 Steve Langasek <vorlon@debian.org> + + * modules/pam_sepermit/pam_sepermit.8.xml: fix up one reference + to pam.d(8) left behind because I've forgotten how CVS works + * po/es.po: fix missing whitespace in password prompts. + +2009-08-24 Steve Langasek <vorlon@debian.org> + + * doc/pam_get_authtok.3.xml: grammar fix. + * doc/adg/Linux-PAM-ADG.xml: Likewise. + * doc/mwg/Linux-PAM_MWG.xml: Likewise. + * doc/man/pam_setcred.3.xml: fix a typo. + +2009-07-21 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Delete + new token if it does not match strength criteria. + +2009-06-29 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_unix/yppasswd_xdr.c: Remove unnecessary header files. + + * modules/pam_unix/support.c (_unix_getpwnam): Only compile in NIS + support if all necessary functions exist. + + * modules/pam_unix/pam_unix_passwd.c (getNISserver): Add debug + option, handle correct if OS has no NIS support. + + * modules/pam_access/pam_access.c (netgroup_match): Check if + yp_get_default_domain and innetgr are available at compile time. + + * configure.in: Check for functions: innetgr, getdomainname + check for headers: rpcsvc/ypclnt.h, rpcsvc/yp_prot.h. + +2009-06-29 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_unix/pam_unix.8.xml: Fix blowfish description. + Reported by Diego E. “Flameeyes” Pettenò. + +2009-06-26 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_namespace/Makefile.am: Fix make maintainer-clean, + fix docu dependencies. + + * modules/pam_xauth/Makefile.am: Fix make maintainer-clean. + * modules/pam_access/Makefile.am: Likewise. + * modules/pam_debug/Makefile.am: Likewise. + * modules/pam_deny/Makefile.am: Likewise. + * modules/pam_echo/Makefile.am: Likewise. + * modules/pam_env/Makefile.am: Likewise. + * modules/pam_faildelay/Makefile.am: Likewise. + * modules/pam_ftp/Makefile.am: Likewise. + * modules/pam_group/Makefile.am: Likewise. + * modules/pam_issue/Makefile.am: Likewise. + * modules/pam_keyinit/Makefile.am: Likewise. + * modules/pam_lastlog/Makefile.am: Likewise. + * modules/pam_limits/Makefile.am: Likewise. + * modules/pam_listfile/Makefile.am: Likewise. + * modules/pam_localuser/Makefile.am: Likewise. + * modules/pam_loginuid/Makefile.am: Likewise. + * modules/pam_mail/Makefile.am: Likewise. + * modules/pam_mkhomedir/Makefile.am: Likewise. + * modules/pam_motd/Makefile.am: Likewise. + * modules/pam_nologin/Makefile.am: Likewise. + * modules/pam_pwhistory/Makefile.am: Likewise. + * modules/pam_rhosts/Makefile.am: Likewise. + * modules/pam_rootok/Makefile.am: Likewise. + * modules/pam_securetty/Makefile.am: Likewise. + * modules/pam_shells/Makefile.am: Likewise. + * modules/pam_succeed_if/Makefile.am: Likewise. + * modules/pam_tally2/Makefile.am: Likewise. + * modules/pam_tally/Makefile.am: Likewise. + * modules/pam_time/Makefile.am: Likewise. + * modules/pam_timestamp/Makefile.am: Likewise. + * modules/pam_tty_audit/Makefile.am: Likewise. + * modules/pam_umask/Makefile.am: Likewise. + * modules/pam_unix/Makefile.am: Likewise. + * modules/pam_warn/Makefile.am: Likewise. + * modules/pam_wheel/Makefile.am: Likewise. + * modules/pam_filter/Makefile.am: Likewise. + + * configure.in: Make regeneration of docu configureable, + rename enable_man to enable_docu. + + * modules/pam_env/pam_env.c (_pam_parse): Fix typo in debug + code. + + * modules/pam_cracklib/Makefile.am: Don't install docu if + module is disabled for building. + * modules/pam_userdb/Makefile.am: Likewise. + + * modules/pam_unix/pam_unix_passwd.c: Remove dead SELinux + code. + + * modules/pam_lastlog/pam_lastlog.c (last_login_failed): Fix + usage of wrong variable [bug#2809661]. + +2009-06-25 Thorsten Kukuk <kukuk@thkukuk.de> + + * configure.in: Rename crypt_gensalt_rn to crypt_gensalt_r + * modules/pam_unix/passverify.c: Likewise. + +2009-06-19 Thorsten Kukuk <kukuk@thkukuk.de> + + * release version 1.1.0 + +2009-06-16 Thorsten Kukuk <kukuk@thkukuk.de> + + * doc/sag/Linux-PAM_SAG.xml: Fix typos. + * doc/adg/Linux-PAM_ADG.xml: Likewise. + * doc/mwg/Linux-PAM_MWG.xml: Likewise. + +2009-06-08 Rajesh Ranjan <rajesh672@gmail.com> + + * po/hi.po: Updated translations. + +2009-06-01 Jaswinder Singh <jsingh@redhat.com> + + * po/pa.po: Updated translations. + +2009-06-01 Tomáš Mráz <t8m@centrum.cz> + + * modules/pam_pwhistory/opasswd.c (save_old_password): Don't + call fclose() on NULL descriptor. Found by Steve Grubb. + +2009-06-01 Ville Skyttä <ville.skytta@iki.fi> + + * modules/pam_limits/pam_limits.8.xml: Only *.conf + files are parsed. Spelling fixes. + * modules/pam_access/pam_access.8.xml: Spelling fixes. + * modules/pam_cracklib/pam_cracklib.8.xml: Likewise. + * modules/pam_echo/pam_echo.8.xml: Likewise. + * modules/pam_env/pam_env.8.xml: Likewise. + * modules/pam_exec/pam_exec.8.xml: Likewise. + * modules/pam_filter/pam_filter.8.xml: Likewise. + * modules/pam_ftp/pam_ftp.8.xml: Likewise. + * modules/pam_group/pam_group.8.xml: Likewise. + * modules/pam_issue/pam_issue.8.xml: Likewise. + * modules/pam_lastlog/pam_lastlog.8.xml: Likewise. + * modules/pam_listfile/pam_listfile.8.xml: Likewise. + * modules/pam_localuser/pam_localuser.8.xml: Likewise. + * modules/pam_loginuid/pam_loginuid.8.xml: Likewise. + * modules/pam_mkhomedir/pam_mkhomedir.8.xml: Likewise. + * modules/pam_motd/pam_motd.8.xml: Likewise. + * modules/pam_namespace/pam_namespace.8.xml: Likewise. + * modules/pam_pwhistory/pam_pwhistory.8.xml: Likewise. + * modules/pam_selinux/pam_selinux.8.xml: Likewise. + * modules/pam_succeed_if/pam_succeed_if.8.xml: Likewise. + * modules/pam_tally/pam_tally.8.xml: Likewise. + * modules/pam_tally2/pam_tally2.8.xml: Likewise. + * modules/pam_time/pam_time.8.xml: Likewise. + * modules/pam_timestamp/pam_timestamp.8.xml: Likewise. + * modules/pam_timestamp/pam_timestamp_check.8.xml: Likewise. + * modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise. + * modules/pam_umask/pam_umask.8.xml: Likewise. + * modules/pam_unix/pam_unix.8.xml: Likewise. + * modules/pam_xauth/pam_xauth.8.xml: Likewise. + +2009-05-28 Jaswinder Singh <jsingh@redhat.com> + + * po/pa.po: Updated translations. + +2009-05-21 Albert Carabasa Giribet <albertc@asic.udl.cat> + + * po/ca.po: Updated translations. + +2009-05-11 Ani Peter <anipeter@fedoraproject.org> + + * po/ml.po: Updated translations. + +2009-05-11 Charles-Antoine Couret <cacouret@wanadoo.fr> + + * po/fr.po: Updated translations. + +2009-05-11 Tomáš Mráz <t8m@centrum.cz> + + * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): Remove + unnecessary setuid() call. + +2009-05-05 Thorsten Kukuk <kukuk@thkukuk.de> + + * release version 1.0.92 + * libpamc/Makefile.am (libpamc_la_LDFLAGS): Increase revesion. + * configure.in: Increase version to 1.0.92. + +2009-04-20 Mario Santagiuliana <mario@marionline.it> + + * po/it.po: Updated translations. + +2009-04-17 Fabian Affolter <fab@fedoraproject.org> + + * po/de.po: Updated translations. + +2009-04-16 Tomáš Mráz <t8m@centrum.cz> + + * modules/pam_succeed_if/pam_succeed_if.c (evaluate): Add user + parameter. Use user instead of pwd->pw_name in comparsions. + (pam_sm_authenticate): Pass the original user to evaluate(). + +2009-04-14 Amitakhya Phukan <aphukan@fedoraproject.org> + + * po/as.po: Updated translations. + +2009-04-14 Runa Bhattacharjee <runab@fedoraproject.org> + + * po/bn_IN.po: Updated translations. + +2009-04-14 Sweta Kothari <swkothar@redhat.com> + + * po/gu.po: Updated translations. + +2009-04-14 Sandeep Shedmake <sandeep.shedmake@gmail.com> + + * po/mr.po: Updated translations. + +2009-04-14 Rui Gouveia <rui.gouveia@globaltek.pt> + + * po/pt.po: Updated translations. + +2009-04-14 I. Felix <ifelix@redhat.com> + + * po/ta.po: Updated translations. + +2009-04-14 Krishna Babu K <kkrothap@redhat.com> + + * po/te.po: Updated translations. + +2009-04-09 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_unix/yppasswd.h: Update license to GPLv2 or later + on request of Olaf Kirch (Author). + * modules/pam_unix/yppasswd_xdr.c: Likewise. + +2009-04-06 R.E. van der Luit <nippur@fedoraproject.org> + + * po/nl.po: Updated translations. + +2009-04-06 Terry Chuang <tchuang@redhat.com> + + * po/zh_TW.po: Updated translations. + +2009-04-03 Shankar Prasad <svenkate@redhat.com> + + * po/kn.po: Updated translations. + +2009-04-03 Manoj Kumar Giri <mgiri@redhat.com> + + * po/or.po: Updated translations. + +2009-04-03 Miloš Komarčević <kmilos@gmail.com> + + * po/sr.po: Updated translations. + * po/sr@latin.po: Updated translations. + +2009-04-03 Leah Liu <lliu@redhat.com> + + * po/zh_CN.po: Updated translations. + +2009-04-03 Dmitry V. Levin <ldv@altlinux.org> + + * libpamc/pamc_load.c (__pamc_exec_agent): Replace call to exit(3) + in child process with call to _exit(2). + * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Likewise. + * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): + Likewise. + * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): + Likewise. + * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise. + * modules/pam_xauth/pam_xauth.c (run_coprocess): Likewise. + * modules/pam_exec/pam_exec.c (call_exec): Replace all calls to + exit(3) in child process with calls to _exit(2). + * modules/pam_filter/pam_filter.c (set_filter): Likewise. + * modules/pam_namespace/pam_namespace.c (inst_init, + cleanup_tmpdirs): Likewise. + +2009-03-27 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_unix/support.c (_unix_run_helper_binary): Don't + ignore return value of write(). + + * libpamc/include/security/pam_client.h (PAM_BP_ASSERT): Honour + NDEBUG. + * modules/pam_timestamp/pam_timestamp.c: don't ignore return + values of lchown and fchown. + +2009-03-25 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_mkhomedir/pam_mkhomedir.c: Make option handling + reentrant (#2487654) + (_pam_parse): Fix umask option. + + * modules/pam_unix/passverify.c: Fix typo. + + * modules/pam_issue/pam_issue.c: Fix compiler warning. + * modules/pam_ftp/pam_ftp.c: Likewise. + +2009-03-25 Pavol Šimo <palo.simo@gmail.com> + + * po/sk.po: Updated translations. + +2009-03-24 Sulyok Péter <peti@sulyok.hu> + + * po/hu.po: Updated translations. + +2009-03-24 Domingo Becker <domingobecker@gmail.com> + + * po/es.po: Updated translations. + +2009-03-24 Diego Búrigo Zacarão <diegobz@projetofedora.org> + + * po/pt_BR.po: Updated translations. + +2009-03-24 Piotr Drąg <piotrdrag@gmail.com> + + * po/pl.po: Updated translations. + +2009-03-24 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_unix/passverify.c(save_old_password): Call fflush() and + fsync(). + (unix_update_passwd, unix_update_shadow): Likewise. + * modules/pam_pwhistory/opasswd.c(save_old_password): Likewise. + + * po/cs.po: Updated translations. + +2009-03-09 Thorsten Kukuk <kukuk@thkukuk.de> + + * release version 1.0.91 + + * libpam/Makefile.am (libpam_la_LDFLAGS): Bump version number. + * xtests/Makefile.am: Add tst-pam_unix4.pamd, tst-pam_unix4.sh + and time.conf. + +2009-03-03 Dmitry V. Levin <ldv@altlinux.org> + + * tests/tst-pam_mkargv.c (main): Fix for non-64bit architectures. + +2009-03-03 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_unix/pam_unix_acct.c(_unix_run_verify_binary): Test + for abnormal exit of the helper binary. + * modules/pam_unix/pam_unix_passwd.c(_unix_run_update_binary): Likewise. + * modules/pam_unix/support.c(_unix_run_helper_binary): Likewise. + * modules/pam_mkhomedir/pam_mkhomedir.c(create_homedir): Likewise. + +2009-02-27 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_mkhomedir/pam_mkhomedir.c(create_homedir): Replace + signal() with sigaction(). + * modules/pam_namespace/pam_namespace.c(inst_init, cleanup_tmpdirs): + Likewise. + * modules/pam_unix/pam_unix_acct.c(_unix_run_verify_binary): Likewise. + * modules/pam_unix/pam_unix_passwd.c(_unix_run_update_binary): + Likewise. + * modules/pam_unix/passverify.c(su_sighandler): Likewise. + * modules/pam_unix/support.c(_unix_run_helper_binary): Likewise. + + * modules/pam_tally2/Makefile.am: Link the pam_tally2 app to libpam + for auxiliary functions. + * modules/pam_tally2/pam_tally2.8.xml: Drop non-existing no_reset + option. Document new serialize option. + * modules/pam_tally2/pam_tally2.c: Add support for the new serialize + option. + (_cleanup, tally_set_data, tally_get_data): Add tally file handle to + tally PAM data. Needed for fcntl() locking. + (get_tally): Use low level file access instead of stdio buffered FILE. + If serialize option is used lock the tally file access. + (set_tally, tally_bump, tally_reset): Use low level file access instead + of stdio buffered FILE. Close the file handle only when it is not owned + by PAM data. + (pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt): Pass the tally + file handle to tally_set_data(). Get it from tally_get_data(). + (main): Use low level file access instead of stdio buffered FILE. + +2009-02-26 Tomas Mraz <t8m@centrum.cz> + + * xtests/Makefile.am: Add tst-pam_unix4. + * xtests/tst-pam_unix4.c: New test for password change + and shadow min days limit. + * xtests/tst-pam_unix4.pamd: Likewise. + * xtests/tst-pam_unix4.sh: Likewise. + + * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Ignore + PAM_AUTHTOK_ERR on shadow verification. + * modules/pam_unix/passverify.c (check_shadow_expiry): Return + PAM_AUTHTOK_ERR if sp_min limit for password change is defied. + +2009-02-26 Timur Birsh <taem@linukz.org> + + * po/LINGUAS: New Kazakh translation. + * po/kk.po: New Kazakh translation. + +2009-02-25 Thorsten Kukuk <kukuk@thkukuk.de> + + * libpam/pam_misc.c (_pam_StrTok): Use unsigned char + instead of int. Reported by Marcus Granado. + * tests/Makefile.am (TESTS): Add tst-pam_mkargv. + * tests/tst-pam_mkargv.c (main): Test case for + _pam_mkargv. + + * po/de.po: Update fuzzy translations. + +2009-02-25 Tomas Mraz <t8m@centrum.cz> + + * xtests/access.conf: Add a line for name resolution test case. + * xtests/tst-pam_access4.c (main): Set PAM_RHOST for testing the LOCAL + keyword. Add a test case for name resolution. + + * modules/pam_access/pam_access.c (from_match): Move name resolution + to network_netmask_match(). + (network_netmask_match): Do a name resolution of the origin only if + matching against a real network/netmask. + +2009-02-25 Fabian Affolter <fabian@bernewireless.net> + + * po/de.po: Updated translations. + +2009-02-25 Taylon Silmer Lacerda Silva <taylonsilva@gmail.com> + + * po/pt_BR.po: Updated translations. + +2009-02-25 Domingo Becker <domingobecker@gmail.com> + + * po/es.po: Updated translations. + +2009-02-20 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_limits/limits.conf.5.xml: Document that the kernel + can refuse values out of range for the local system. + * modules/pam_limits/pam_limits.c (setup_limits): Log if setrlimit + fails. + +2009-02-18 Thorsten Kukuk <kukuk@thkukuk.de> + + * libpam/pam_password.c (pam_chauthtok): Make sure applications + don't set internal flags. + +2009-02-17 Thorsten Kukuk <kukuk@thkukuk.de> + + * doc/man/pam_sm_chauthtok.3.xml: Document that sufficient + can break the PRELIM_CHECK chain. + + * libpam/pam_dispatch.c: Don't freeze chain for chauthtok + [bugzilla.novell.com#470337] + +2009-02-11 Daniel Nylander <po@danielnylander.se> + + * po/sv.po: Updated translations. + +2009-01-29 Thorsten Kukuk <kukuk@thkukuk.de> + + * doc/man/pam_sm_setcred.3.xml: Document PAM_ESTABLISH_CRED. + +2009-01-19 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_mkhomedir/Makefile.am: Add mkhomedir_helper. + * modules/pam_mkhomedir/mkhomedir_helper.8.xml: New file. Manual page + for mkhomedir_helper. + * modules/pam_mkhomedir/mkhomedir_helper.c: New file. Source + for mkhomedir_helper. Most of the code moved from pam_mkhomedir.c. + * modules/pam_mkhomedir/pam_mkhomedir.c (_pam_parse): Do not convert umask + to integer. + (rec_mkdir): Moved to mkhomedir_helper.c. + (create_homedir): Just exec the helper. + (pam_sm_open_session): Improve logging. + +2009-01-19 Daniel Cabrera <h.daniel.cabrera@gmail.com> + + * po/es.po: Updated translations. + +2009-01-14 Thorsten Kukuk <kukuk@thkukuk.de> + + * po/de.po: Updated translations. + +2009-01-07 Piotr Drąg <piotrdrag@gmail.com> + + * po/pl.po: Updated translations. + +2008-12-23 Piotr Drąg <piotrdrag@gmail.com> + + * po/pl.po: Updated translations. + +2008-12-18 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_pwhistory/pam_pwhistory.c (parse_option): Rename + type= option to authtok_type= (because of pam_get_authtok). + * modules/pam_pwhistory/pam_pwhistory.8.xml: Likewise. + +2008-12-17 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Do + not abort on unknown option. Avoid double free of old_status. + (pam_sm_close_session): Use LOG_DEBUG for restored status message. + + * configure.in: Test for getseuser(). + * modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Call getseuser() + instead of getseuserbyname() if the function is available. + +2008-12-12 Thorsten Kukuk <kukuk@thkukuk.de> + + * release version 1.0.90 + + * libpam_misc/Makefile.am: Increase version number of shared library. + * libpamc/Makefile.am: Likewise. + +2008-12-12 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_tally2/pam_tally2.c (get_tally): Test for EACCES + instead of EPERM. + * modules/pam_tally2/pam_tally2.8.xml: Fix documentation. + +2008-12-10 Thorsten Kukuk <kukuk@thkukuk.de> + + * doc/man/pam_item_types_ext.inc.xml: Document PAM_AUTHTOK_TYPE. + * libpam/pam_end.c (pam_end): Free authtok_type. + * tests/tst-pam_get_item.c: Add PAM_AUTHTOK_TYPE + as test case. + * tests/tst-pam_set_item.c: Likewise. + * libpam/pam_start.c (pam_start): Initialize xdisplay, + xauth and authtok_type. + * libpam/pam_get_authtok.c (pam_get_authtok): Rename "type" + to "authtok_type". + * modules/pam_cracklib/pam_cracklib.8.xml: Replace "type=" with + "authtok_type=". + * doc/man/pam_get_authtok.3.xml: Document authtok_type argument. + * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Set + type= argument as PAM_AUTHTOK_TYPE item. + * libpam/pam_get_authtok.c (pam_get_authtok): If no type + argument given, use PAM_AUTHTOK_TYPE item. + * libpam/pam_item.c (pam_get_item): Fetch PAM_AUTHTOK_TYPE item. + (pam_set_item): Store PAM_AUTHTOK_TYPE item. + * libpam/pam_private.h: Add authtok_type to pam_handle. + * libpam/include/security/_pam_types.h (PAM_AUTHTOK_TYPE): New. + +2008-12-03 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_access/access.conf.5.xml: Replace + 2001:4ca0 with 2001:db8:: [bug#2356400]. + + * doc/man/Makefile.am: Add pam_get_authtok.3.xml. + * doc/man/pam_get_authtok.3.xml: New. + * libpam/Makefile.am: Add pam_get_authtok.c. + * libpam/libpam.map: Export pam_get_authtok. + * libpam/pam_get_authtok.c: New. + * libpam/pam_private.h: Add mod_argc and mod_argv to pam_handle. + * libpam_include/security/pam_ext.h: Add pam_get_authtok + prototype. + * modules/pam_cracklib/pam_cracklib.c: Use pam_get_authtok. + * modules/pam_pwhistory/pam_pwhistory.c: Likewise. + * po/POTFILES.in: Add libpam/pam_get_authtok.c. + * xtests/tst-pam_cracklib1.c: Adjust error codes. + + * modules/pam_timestamp/Makefile.am: Remove hmactest.c from + EXTRA_DIST. + + * po/*.po: Regenerated. + +2008-12-02 Michael Calmer <mc@suse.de> + + * modules/pam_limits/limits.conf.5.xml: Document valid values + for limits (bnc#448314). + +2008-12-02 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_env/pam_env.c: Add support for user specific + environment file. Based on a patch from Ubuntu. + * modules/pam_env/pam_env.8.xml: Document new options. + +2008-12-02 Olivier Fourdan <ofourdan@redhat.com> + + * modules/pam_filter/pam_filter.c (master): Use /dev/ptmx + instead of the old BSD pseudoterminal API. + (set_filter): Call grantpt(), unlockpt() and ptsname(). Do not + close pseudoterminal handle in filter child. + * modules/pam_filter/upperLOWER/upperLOWER.c (main): Use + regular read() instead of pam_modutil_read() to allow for + short reads. + +2008-12-02 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_timestamp/Makefile.am: Add hmacfile to tests. + * modules/pam_timestamp/hmacfile.c: Do not try the short key + testvector. + +2008-12-01 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_unix/support.h: Fix masks for cipher algorithm + flags. + +2008-12-01 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_unix/pam_unix.8.xml: Document blowfish option. + + * configure.in: Check for crypt_gensalt_rn. + * modules/pam_unix/pam_unix_passwd.c: Pass pamh to + create_password_hash function. + * modules/pam_unix/passverify.c (create_password_hash): Add + blowfish support. + * modules/pam_unix/passverify.h: Adjust create_password_hash + prototype. + * modules/pam_unix/support.c: Add support for blowfish option. + * modules/pam_unix/support.h: Add defines for blowfish option. + Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> + +2008-12-01 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_access/pam_access.8.xml: Fix description of nodefgroup + option. + + * modules/pam_group/pam_group.c (is_same): Fix check for correct + string length. + +2008-11-29 Thorsten Kukuk <kukuk@thkukuk.de> + + * configure.in: Check for xcrypt.h, fix typo in libaudit check. + * modules/pam_cracklib/pam_cracklib.c: Include xcrypt.h if + available. + * modules/pam_unix/bigcrypt.c: Likewise. + * modules/pam_unix/passverify.c: Likewise. + * modules/pam_userdb/pam_userdb.c: Likewise. + Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> + + * doc/man/pam_getenv.3.xml: Document that application should + not free return value. + + * doc/man/pam.3.xml: Add Note about thread-safeness of libpam + functions. + +2008-11-28 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_unix/unix_update.c (set_password): Allow root to change + passwords without verification of the old ones. + + * modules/pam_tally2/pam_tally2.c (tally_check): Fix info format + to be the same as in pam_tally. + + * configure.in: Add modules/pam_timestamp/Makefile. + * doc/sag/Linux-PAM_SAG.xml: Include pam_timestamp.xml. + * doc/sag/pam_timestamp.xml: New. + * libpam/pam_static_modules.h: Add pam_timestamp static struct. + * modules/Makefile.am: Add pam_timestamp directory. + * modules/pam_timestamp/Makefile.am: New. + * modules/pam_timestamp/README.xml: New. + * modules/pam_timestamp/hmacsha1.h: New. + * modules/pam_timestamp/sha1.h: New. + * modules/pam_timestamp/pam_timestamp.8.xml: New. + * modules/pam_timestamp/pam_timestamp_check.8.xml: New. + * modules/pam_timestamp/pam_timestamp.c: New. + * modules/pam_timestamp/pam_timestamp_check.c: New. + * modules/pam_timestamp/hmacfile.c: New. + * modules/pam_timestamp/hmacsha1.c: New. + * modules/pam_timestamp/sha1.c: New. + * modules/pam_timestamp/tst-pam_timestamp: New. + * po/POTFILES.in: Add pam_timestamp sources. + * po/*.po: Regenerate. + * po/cs.po: Updated translations. + +2008-11-25 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_pwhistory/opasswd.c (save_old_password): Fix typo. + + * modules/pam_time/pam_time.c (is_same): Fix check + of correct string length (debian bug #326407). + +2008-11-24 Thorsten Kukuk <kukuk@thkukuk.de> + + * xtests/Makefile.am: Add pam_time1 tests. + * xtests/tst-pam_time1.c: New test case. + * xtests/tst-pam_time1.pamd: New. + * xtests/time.conf: New. + * xtests/run-xtests.sh: Copy time.conf. + +2008-11-24 Tomas Mraz <t8m@centrum.cz> + + * libpam/pam_handlers.c (_pam_parse_conf_file): '-' at + beginning of type token marks silent module. + (_pam_load_module): Add handler_type parameter. Do not log + module load error if module is silent. + (_pam_add_handler): Pass handler_type to _pam_load_module(). + * libpam/pam_private.h: Add PAM_HT_SILENT_MODULE. + * doc/man/pam.conf-syntax.xml: Document the '-' at beginning + of type. + + * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Fix leaks + in error path. + * modules/pam_env/pam_env.c (_parse_env_file): Remove superfluous + condition. + * modules/pam_group/pam_group.c (check_account): Fix leak + in error path. + * modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): Fix leak + in error path. + * modules/pam_securetty/pam_securetty.c (securetty_perform_check): Remove + superfluous condition. + * modules/pam_stress/pam_stress.c (stress_get_password,pam_sm_authenticate): + Remove superfluous conditions. + (pam_sm_chauthtok): Fix mistaken && for &. + * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Remove + superfluous condition. + All the problems fixed in this commit were found by Steve Grubb. + +2008-11-20 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_sepermit/pam_sepermit.c (sepermit_match): Do not + call sepermit_lock() if sense is deny. Do not crash on NULL seuser + match. + (pam_sm_authenticate): Try to call getseuserbyname() even if + SELinux is disabled. + +2008-11-19 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_xauth/pam_xauth.c (pam_sm_open_session): + Preserve XAUTHLOCALHOSTNAME environment variable. + + * modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Finish + implementation of type=STRING option. + + * modules/pam_pwhistory/pam_pwhistory.8.xml: Document + "type=STRING" option. + +2008-10-27 Thorsten Kukuk <kukuk@thkukuk.de> + + * doc/man/pam_setcred.3.xml: Document when credentials + should be deleted. + * po/ja.po: Fix syntax error. + * po/de.po: Update translations. + * po/*.po: Regenerate with pam_tally2 added. + +2008-10-23 Taylon Silmer Lacerda Silva <taylonsilva@gmail.com> + + * po/pt_BR.po: Updated translations. + +2008-10-23 Krishna Babu K <kkrothap@redhat.com> + + * po/LINGUAS: New language. + * po/te.po: New translation to Telugu. + +2008-10-23 Manoj Kumar Giri <mgiri@redhat.com> + + * po/or.po: Updated translations. + +2008-10-21 Amitakhya Phukan <aphukan@redhat.com> + + * po/as.po: Updated translations. + +2008-10-21 Ondrej Sulek <feonsu@gmail.com> + + * po/sk.po: Updated translations. + +2008-10-21 Terry Chuang <tchuang@redhat.com> + + * po/zh_TW.po: Updated translations. + +2008-10-21 Kiyoto Hashida <khashida@redhat.com> + + * po/ja.po: Updated translations. + +2008-10-21 Francesco Valente <fvalen@redhat.com> + + * po/it.po: Updated translations. + +2008-10-21 Peter van Egdom <p.van.egdom@gmail.com> + + * po/nl.po: Updated translations. + +2008-10-20 Ani Peter <apeter@redhat.com> + + * po/ml.po: Updated translations. + +2008-10-20 Pablo Martin-Gomez <pablo.martin-gomez@laposte.net> + + * po/fr.po: Updated translations. + +2008-10-20 Runa Bhattacharjee <runab@redhat.com> + + * po/bn_IN.po: Updated translations. + +2008-10-20 Shankar Prasad <svenkate@redhat.com> + + * po/kn.po: Updated translations. + +2008-10-20 Leah Liu <lliu@redhat.com> + + * po/zh_CN.po: Updated translations. + +2008-10-20 Ondrej Sulek <feonsu@gmail.com> + + * po/LINGUAS: New language. + * po/sk.po: New translation to Slovak. + +2008-10-17 Tomas Mraz <t8m@centrum.cz> + + * configure.in: Add modules/pam_tally2/Makefile. + * doc/sag/Linux-PAM_SAG.xml: Include pam_tally2.xml. + * doc/sag/pam_tally2.xml: New. + * libpam/pam_static_modules.h: Add pam_tally2 static struct. + * modules/Makefile.am: Add pam_tally2 directory. + * modules/pam_tally2/Makefile.am: New. + * modules/pam_tally2/README.xml: New. + * modules/pam_tally2/tallylog.h: New. + * modules/pam_tally2/pam_tally2.8.xml: New. + * modules/pam_tally2/pam_tally2.c: New. + * modules/pam_tally2/pam_tally2_app.c: New. + * modules/pam_tally2/tst-pam_tally2: New. + * po/POTFILES.in: Add pam_tally2 sources. + +2008-10-17 Xavier Queralt Mateu <xqueralt@gmail.com> + + * po/ca.po: Updated translations. + +2008-10-15 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_keyinit/pam_keyinit.c (kill_keyrings): Save the old + euid to suid to be able to restore it. + +2008-10-15 Piotr Drąg <piotrdrag@gmail.com> + + * po/pl.po: Updated translations. + +2008-10-13 Tomas Mraz <t8m@centrum.cz> + + * po/LINGUAS: New languages. + * po/cs.po: Updated translations. + +2008-10-13 Amitakhya Phukan <aphukan@redhat.com> + + * po/as.po: Updated translations. + +2008-10-13 Shankar Prasad <svenkate@redhat.com> + + * po/kn.po: Updated translations. + +2008-10-13 Sandeep Sheshrao Shedmake <sshedmak@redhat.com> + + * po/mr.po: New translation to Marathi. + +2008-10-13 Runa Bhattacharjee <runab@redhat.com> + + * po/bn_IN.po: Updated translations. + +2008-10-13 Sharuzzaman Ahmat Raslan <sharuzzaman@gmail.com> + + * po/ms.po: New translation to Malay. + +2008-10-10 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): + Remove check for re-used passwords. + * modules/pam_cracklib/pam_cracklib.8.xml: Remove documentation + of re-used password check. + + * configure.in: add modules/pam_pwhistory/Makefile. + * doc/sag/Linux-PAM_SAG.xml: Include pam_pwhistory.xml. + * doc/sag/pam_pwhistory.xml: New. + * libpam/pam_static_modules.h: Add pam_pwhistory data. + * modules/Makefile.am: Add pam_pwhistory directory. + * modules/pam_pwhistory/Makefile.am: New. + * modules/pam_pwhistory/README.xml: New. + * modules/pam_pwhistory/opasswd.c: New. + * modules/pam_pwhistory/opasswd.h: New. + * modules/pam_pwhistory/pam_pwhistory.8.xml: New. + * modules/pam_pwhistory/pam_pwhistory.c: New. + * modules/pam_pwhistory/tst-pam_pwhistory: New. + * xtests/Makefile.am: New. + * xtests/run-xtests.sh: New. + * xtests/tst-pam_pwhistory1.c: New. + * xtests/tst-pam_pwhistory1.pamd: New. + * xtests/tst-pam_pwhistory1.sh: New. + * po/POTFILES.in: Add modules/pam_pwhistory/. + * po/de.po: Update translations. + +2008-10-02 Thorsten Kukuk <kukuk@thkukuk.de> + + * po/de.po: Update translations. + +2008-09-30 Manoj Kumar Giri <mgiri@redhat.com> + + * po/or.po: Updated translations. + +2008-09-30 Taylon Silmer Lacerda Silva <taylonsilva@gmail.com> + + * po/pt_BR.po: Updated translations. + +2008-09-30 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_lastlog/pam_lastlog.8.xml: Document new options + noupdate and showfailed. + * modules/pam_lastlog/pam_lastlog.c(pam_parse): Recognize the new + options. + (last_login_read): New output parameter lltime. Do not display + the last login message if it would be empty. + (last_login_date): New output parameter lltime. Do not write the + last login info when LASTLOG_UPDATE is not set. + (last_login_failed): New function to display the last bad login + attempt from btmp. + (pam_sm_open_session): Obtain lltime from last_login_date() and + call last_login_failed() when appropriate. + + * po/Linux-pam.pot: Updated strings to translate. + * po/*.po: Likewise. + +2008-09-29 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_echo/pam_echo.8.xml: Fix format error. + +2008-09-25 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_tally/pam_tally.c(get_tally): Fix syslog message. + (tally_check): Open faillog read only. Close file descriptor. + Fix typos in messages. + +2008-09-25 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_mail/pam_mail.c (report_mail): Fix logic of + "quiet" option (Patch from Andreas Henriksson <andreas@fatal.se>) + + * modules/pam_mail/pam_mail.8.xml: Fix typo. + +2008-09-23 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_limits/limits.conf.5.xml: Comment that rss limit is + ignored. + +2008-09-19 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_cracklib/pam_cracklib.8.xml: Fix description + of the palindrome test. Document new options maxrepeat and + reject_username. + * modules/pam_cracklib/pam_cracklib.c(_pam_parse): Parse + the maxrepeat and reject_username options. + (password_check): Call the new tests usercheck() and + consecutive(). + (_pam_unix_approve_pass): Pass user name to the password_check(). + +2008-09-16 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_cracklib/pam_cracklib.8.xml: Fix typo. + + * modules/pam_unix/pam_unix.8.xml: Fix typo. + +2008-09-03 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_exec/pam_exec.c: Expose authtok if requested, + provide environment variable containing service type. + * modules/pam_exec/pam_exec.8.xml: Document new option. + +2008-08-29 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_loginuid/pam_loginuid.c(set_loginuid): Uids + are unsigned. + +2008-08-18 Thorsten Kukuk <kukuk@thkukuk.de> + + * Makefile.am (M4_FILES): Adjust list. + + * modules/pam_access/pam_access.8.xml: Fix module service + vs. module type. + * modules/pam_cracklib/pam_cracklib.8.xml: Likewise. + * modules/pam_debug/pam_debug.8.xml: Likewise. + * modules/pam_deny/pam_deny.8.xml: Likewise. + * modules/pam_echo/pam_echo.8.xml: Likewise. + * modules/pam_env/pam_env.8.xml: Likewise. + * modules/pam_exec/pam_exec.8.xml: Likewise. + * modules/pam_faildelay/pam_faildelay.8.xml: Likewise. + * modules/pam_filter/pam_filter.8.xml: Likewise. + * modules/pam_ftp/pam_ftp.8.xml: Likewise. + * modules/pam_group/pam_group.8.xml: Likewise. + * modules/pam_issue/pam_issue.8.xml: Likewise. + * modules/pam_keyinit/pam_keyinit.8.xml: Likewise. + * modules/pam_lastlog/pam_lastlog.8.xml: Likewise. + * modules/pam_limits/pam_limits.8.xml: Likewise. + * modules/pam_listfile/pam_listfile.8.xml: Likewise. + * modules/pam_localuser/pam_localuser.8.xml: Likewise. + * modules/pam_loginuid/pam_loginuid.8.xml: Likewise. + * modules/pam_mail/pam_mail.8.xml: Likewise. + * modules/pam_mkhomedir/pam_mkhomedir.8.xml: Likewise. + * modules/pam_motd/pam_motd.8.xml: Likewise. + * modules/pam_namespace/pam_namespace.8.xml: Likewise. + * modules/pam_nologin/pam_nologin.8.xml: Likewise. + * modules/pam_permit/pam_permit.8.xml: Likewise. + * modules/pam_rhosts/pam_rhosts.8.xml: Likewise. + * modules/pam_rootok/pam_rootok.8.xml: Likewise. + * modules/pam_securetty/pam_securetty.8.xml: Likewise. + * modules/pam_selinux/pam_selinux.8.xml: Likewise. + * modules/pam_sepermit/pam_sepermit.8.xml: Likewise. + * modules/pam_shells/pam_shells.8.xml: Likewise. + * modules/pam_succeed_if/pam_succeed_if.8.xml: Likewise. + * modules/pam_tally/pam_tally.8.xml: Likewise. + * modules/pam_time/pam_time.8.xml: Likewise. + * modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise. + * modules/pam_umask/pam_umask.8.xml: Likewise. + * modules/pam_unix/pam_unix.8.xml: Likewise. + * modules/pam_userdb/pam_userdb.8.xml: Likewise. + * modules/pam_warn/pam_warn.8.xml: Likewise. + * modules/pam_wheel/pam_wheel.8.xml: Likewise. + * modules/pam_xauth/pam_xauth.8.xml: Likewise. + +2008-08-01 Thorsten Kukuk <kukuk@thkukuk.de> + + * configure.in: Add version for gettext, add search path + for m4 directory, fix handling of --disable-* options. + Patches from Diego Pettenò <flameeyes@gmail.com>. + + * configure.in: Run autoupdate on it. + + * acincludde.m4: Rename to ... + * m4/jh_path_xml_catalog.m4: ... this. + + * m4/*.m4: Remove all autoconf m4 files. + +2008-07-29 Steve Langasek <vorlon@debian.org> + + * modules/pam_cracklib/pam_cracklib.8.xml: correct a typo, + "Only he" -> "Only the" + +2008-07-28 Steve Langasek <vorlon@debian.org> + + * libpamc/test/regress/test.libpamc.c: use standard u_int8_t + type instead of __u8, as elsewhere. + Patch from Roger Leigh <rleigh@debian.org>. + * modules/pam_unix/passverify.c: make save_old_password() + thread-safe by using pam_modutil_getpwnam() instead of getpwnam() + * modules/pam_unix/passverify.c, modules/pam_unix/passverify.h, + modules/pam_unix/pam_unix_passwd.c: add pamh argument to + save_old_password() + +2008-07-27 Steve Langasek <vorlon@debian.org> + + * modules/pam_*/pam_*.8.xml: fix up the references to pam.d, + which is in manpage section 5, not 8. + * modules/pam_env/environment, modules/pam_env/pam_env.8.xml: + spelling fix, seperate -> separate + +2008-07-26 Steve Langasek <vorlon@debian.org> + + * modules/pam_env/pam_env.c: Fix module to skip over + non-alphanumeric variable names, and to handle the case when + asked to delete a non-existent variable. + +2008-07-13 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_mail/pam_mail.8.xml: Module supports session and + not account service (#1980773). + +2008-07-11 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Do + not close the pipe descriptor in borderline case (#2009766). + * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): + Likewise. + * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise. + * modules/pam_unix/support.h: Define upper limit of fds we will + attempt to close. + + * modules/pam_selinux/pam_selinux.c (config_context): Do not + ask for the level if use_current_range is set. + (context_from_env): New function to obtain the context from + PAM environment variables. + (pam_sm_open_session): Call context_from_env() if env_params option + is present. use_current_range now modifies behavior of the + context_from_env and config_context options. + * modules/pam_selinux/pam_selinux.8.xml: Describe the env_params + option. Adjust description of use_current_range option. + +2008-07-09 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_exec/pam_exec.c (call_exec): Move all variable + declaration to begin of a block (#1976310). + + * xtests/tst-pam_group1.c (run_test): Move no_grps declaration + to begin of function (#1976310). + + * modules/pam_securetty/pam_securetty.8.xml: Replace + PAM_IGNORE with PAM_USER_UNKNOWN (#1994330). + + * modules/pam_tally/pam_tally.c: Add support for silent and + no_log_info options. + * modules/pam_tally/pam_tally.8.xml: Document silent and + no_log_info options. + +2008-07-08 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_unix/passverify.c (verify_pwd_hash): Adjust debug + statement. + +2008-06-22 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_unix/unix_chkpwd.c (main): Fix compiling without + audit support. + + * modules/pam_cracklib/pam_cracklib.8.xml: Fix typo in ucredit + description (reported by Wayne Pollock <pollock@acm.org>) + +2008-06-19 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): + Detect configuration errors. Fail on incomplete condition. + +2008-05-20 Tomas Mraz <t8m@centrum.cz> + + * configure.in: Work correctly with autoconf-2.62. + +2008-05-19 Tomas Mraz <t8m@centrum.cz> + + * doc/man/pam_getenv.3.xml: Correct the pam_getenv documentation. + + * doc/man/pam_prompt.3.xml: Add missing description. + +2008-05-14 Kjartan Maraas <kmaraas@gnome.org> + + * po/nb.po: Updated translation. + +2008-05-14 Sulyok Péter <peti@sulyok.hu> + + * po/hu.po: Updated translation. + +2008-05-14 Tomas Mraz <t8m@centrum.cz> + + * libpam/pam_modutil_getgrgid.c: Replace hardcoded constant with + define PWD_LENGTH_SHIFT. + * libpam/pam_modutil_getgrnam.c: Likewise. + * libpam/pam_modutil_getpwnam.c: Likewise. + * libpam/pam_modutil_getpwuid.c: Likewise. + * libpam/pam_modutil_getspnam.c: Likewise. + * libpam/pam_modutil_private.h: Adjust values for PWD_ constants. + + * modules/pam_unix/pam_unix_passwd.c(pam_sm_chauthtok): Unset authtok + item when password is not approved. + * modules/pam_unix/support.c(_unix_read_password): UNIX_USE_FIRST_PASS + is always set when UNIX_AUTHTOK is set, change order of conditions. + +2008-05-02 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_selinux/pam_selinux.c(query_response): Add handling + for NULL response. + (manual_context): Handle failed query_response() properly. Rename + variable responses to response which is more correct name. + (config_context): Likewise. + (pam_sm_open_session): Do not base decision on whether there is a tty. + +2008-04-22 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_selinux/pam_selinux.c(pam_sm_close_sesion): Fix + regression from the change from 2008-03-20. setexeccon() must be + called also with NULL prev_context. + +2008-04-21 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_access/access.conf.5.xml: Document changed behavior + of LOCAL keyword. + * modules/pam_access/pam_access.c: Add from_remote_host to + struct login_info to change behavior of LOCAL keyword: if + PAM_RHOST is not set, LOCAL will be true. + +2008-04-18 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_namespace/pam_namespace.c: New functions + unprotect_dirs(), cleanup_protect_data(), protect_mount(), + protect_dir() to protect directory by bind mount. + (cleanup_data): Renamed to cleanup_polydir_data(). + (parse_create_params): Allow missing specification of mode + or owner. + (check_inst_parent): Call protect_dir() on the instance parent + directory. The directory is created when it doesn't exist. + (create_polydir): Protect and make the polydir by protect_dir(), + remove potential races. + (create_dirs): Renamed to create_instance(), remove call to + inst_init(). + (ns_setup): Call protect_dir() on the polydir if it already exists. + Call inst_init() after the polydir is mounted. + (setup_namespace): Set the namespace protect data to be cleaned up + on pam_close_session()/pam_end(). + (pam_sm_open_session): Initialize the protect_dirs. + (pam_sm_close_session): Cleanup namespace protect data. + * modules/pam_namespace/pam_namespace.h: Define struct for the + stack of protected dirs. + * modules/pam_namespace/pam_namespace.8.xml: Document when the + instance init script is called. + * modules/pam_namespace/namespace.conf.5.xml: Likewise. + +2008-04-17 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_access/pam_access.c(myhostname): Removed function. + (user_match): Supply hostname of the machine to the netgroup_match(). + Use hostname from the loginfo instead of calling myhostname(). + (pam_sm_authenticate): Call gethostname() to fill hostname in the + loginfo. + + * modules/pam_sepermit/pam_sepermit.c(sepermit_match): Do not try + to lock if euid != 0. + +2008-04-16 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_unix/Makefile.am: Link unix_chkpwd with libaudit. + * modules/pam_unix/unix_chkpwd.c(_audit_log): New function for audit. + (main): Call _audit_log() when appropriate. + + * modules/pam_cracklib/pam_cracklib.c(_pam_parse): Recognize also + try_first_pass and use_first_pass options. + (pam_sm_chauthtok): Implement the new options. + +2008-04-08 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_xauth/pam_xauth.c(run_coprocess): Avoid multiple + calls to sysconf() (based on patch by Sami Farin). + + * libpam/pam_item.c (TRY_SET): Do not set when destination + is identical to source. + (pam_set_item): Do not overwrite destination when it + is identical to source. + +2008-04-07 Miloš Komarčević <kmilos@gmail.com> + + * po/sr.po: New file with translation. + * po/sr@latin.po: Likewise. + * po/LINGUAS: Add sr and sr@latin. + +2008-04-03 Thorsten Kukuk <kukuk@thkukuk.de> + + * release version 1.0.0 + + * configure.in: Set version number to 1.0.0. + * libpam/Makefile.am: Bump patchlevel of libpam. + * doc/adg/Linux-PAM_ADG.xml: Update version/date. + * doc/mwg/Linux-PAM_MWG.xml: Likewise. + * doc/sag/Linux-PAM_SAG.xml: Likewise. + +2008-03-31 Dan Walsh <dwalsh@redhat.com> + + * modules/pam_sepermit/pam_sepermit.c(sepermit_lock): Mark lock fd to + be closed on exec. + +2008-03-25 Leah Liu <lliu@redhat.com> + + * po/zh_CN.po: Updated translation. + +2008-03-20 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_namespace/pam_namespace.c(poly_name): Switch to USER + method only when appropriate. + (setup_namespace): Do not umount when not mounted with RUSER. + + * modules/pam_selinux/pam_selinux.c(pam_sm_close_session): Call + freecontext() after the context is logged not before. + +2008-03-18 Canniot Thomas <thomas.canniot@mrtomlinux.org> + + * po/fr.po: Updated translation. + +2008-03-13 Ankit Patel <ankit@redhat.com> + + * po/gu.po: Updated translation. + +2008-03-05 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_cracklib/pam_cracklib.c(pam_sm_chauthtok): Avoid + unnecessary x_strdup() of resp. + * modules/pam_ftp/pam_ftp(pam_sm_authenticate): Call _pam_overwrite() + before dropping password resp. + +2008-03-03 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_selinux/pam_selinux.c: Do not translate syslog messages. + * po/Linux-PAM.pot: Update. + + * libpam/pam_item.c(RESET): Rename to TRY_SET, handle strdup failure. + (pam_set_item): Use TRY_SET() also for PAM_AUTHTOK and PAM_OLDAUTHTOK. + Handle allocation failure for PAM_XAUTHDATA. + (pam_get_user): Return error when conversation returns NULL user. + Call pam_set_item() instead of RESET(). + +2008-02-26 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_unix/Makefile.am: Do not link to cracklib. + * modules/pam_unix/pam_unix_passwd.c(_pam_unix_approve_pass): + Do not call FascistCheck() from cracklib. + +2008-02-29 Fabian Affolter <fab@fedoraproject.org> + + * po/de.po: Updated translation. + +2008-02-28 Piotr Drąg <piotrdrag@gmail.com> + + * po/pl.po: Updated translation. + +2008-02-26 Tomas Mraz <t8m@centrum.cz> + + * po/LINUGAS: New languages added. + * po/es.po: Updated translations. + * po/fr.po: Likewise. + * po/it.po: Likewise. + * po/ja.po: Likewise. + * po/nl.po: Likewise. + * po/pl.po: Likewise. + * po/pt_BR.po: Likewise. + * po/ru.po: Likewise. + * po/zh_CN.po: Likewise. + * po/as.po: New file. + * po/gu.po: Likewise. + * po/hi.po: Likewise. + * po/kn.po: Likewise. + * po/ko.po: Likewise. + * po/ml.po: Likewise. + * po/or.po: Likewise. + * po/si.po: Likewise. + * po/ta.po: Likewise. + +2008-02-21 Tomas Mraz <t8m@centrum.cz> + + * libpam/pam_audit.c (_pam_audit_writelog): Silence syslog + message on non-error return. + + * modules/pam_unix/unix_chkpwd.c (main): Proceed as unprivileged + user when checking password of another user. + * modules/pam_unix/unix_update.c: Fix comment. + +2008-02-18 Dmitry V. Levin <ldv@altlinux.org> + + * libpam/pam_handlers.c (_pam_assemble_line): Fix potential + buffer overflow. + * xtests/tst-pam_assemble_line1.pamd: New test for + _pam_assemble_line. + * xtests/tst-pam_assemble_line1.sh: New script for + tst-pam_assemble_line1. + * xtests/Makefile.am (NOSRCTESTS): Add tst-pam_assemble_line1. + (EXTRA_DIST): Add tst-pam_assemble_line1.pamd and + tst-pam_assemble_line1.sh + + * modules/pam_exec/pam_exec.c (call_exec): Fix asprintf return + code check. + +2008-02-13 Thorsten Kukuk <kukuk@thkukuk.de> + + * release version 0.99.10.0 + + * configure.in: set version number. + + * modules/pam_rhosts/Makefile.am: Remove pam_rhosts_auth. + * modules/pam_rhosts/pam_rhosts_auth.c: Removed. + * modules/pam_rhosts/tst-pam_rhosts_auth: Removed. + + * modules/pam_namespace/Makefile.am (noinst_HEADERS): Add + pam_namespace.h. + +2008-02-13 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_namespace/Makefile.am: Add argv_parse files and namespace.d + dir. + * modules/pam_namespace/argv_parse.c: New file. + * modules/pam_namespace/argv_parse.h: New file. + * modules/pam_namespace/namespace.conf.5.xml: Document new features. + * modules/pam_namespace/pam_namespace.8.xml: Likewise. + * modules/pam_namespace/pam_namespace.h: Use SECURECONF_DIR define. + Define NAMESPACE_D_DIR and NAMESPACE_D_GLOB. Define new option flags + and polydir flags. + (polydir_s): Add rdir, replace exclusive with flags, add init_script, + owner, group, and mode. + (instance_data): Add ruser, gid, and ruid. + * modules/pam_namespace/pam_namespace.c: Remove now unused copy_ent(). + (add_polydir_entry): Add the entry directly, no copy. + (del_polydir): New function. + (del_polydir_list): Call del_polydir(). + (expand_variables, parse_create_params, parse_iscript_params, + parse_method): New functions. + (process_line): Call expand_variables() on polydir and instance prefix. + Call argv_parse() instead of strtok_r(). Allocate struct polydir_s on heap. + (parse_config_file): Parse .conf files from namespace.d dir after + namespace.conf. + (form_context): Call getcon() or get_default_context_with_level() when + appropriate flags are set. + (poly_name): Handle shared polydir flag. + (inst_init): Execute non-default init script when specified. + (create_polydir): New function. + (create_dirs): Remove the code which checks the polydir. Do not call + inst_init() when noinit flag is set. + (ns_setup): Check the polydir and eventually create it if the create flag + is set. + (setup_namespace): Use ruser uid from idata. Set the namespace polydir + pam data only when namespace was set up correctly. Unmount polydir + based on ruser. + (get_user_data): New function. + (pam_sm_open_session): Check for use_current_context and + use_default_context options. Call get_user_data(). + (pam_sm_close_session): Call get_user_data(). + +2008-02-06 Thorsten Kukuk <kukuk@thkukuk.de> + + * po/de.po: Translate some more strings. + +2008-02-05 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_unix/unix_update.c: Remove unused declarations. + +2008-02-04 Thorsten Kukuk <kukuk@thkukuk.de> + + * libpam/pam_static_modules.h: Add _pam_sepermit_modstruct. + * modules/pam_sepermit/pam_sepermit.c: Fix typo. + * modules/pam_sepermit/Makefile.am: Install config file only + if we build the module. + + * README: Add --disable-pie to configure options for static library. + + * doc/man/Makefile.am: Fix building outside of src directory. + + * libpam/Makefile.am: Bump version number of libpam. + + * modules/Makefile.am: Add pam_sepermit. + + * doc/Makefile.am: Fix build out of source directory. + + * po/POTFILES.in: Add pam_sepermit.c. + + * modules/pam_exec/pam_exec.c: Set PAM environment variables and + add 'quiet' option. + * modules/pam_exec/pam_exec.8.xml: Document new behavior. + Patch from Julien Lecomte <julien@lecomte.at>. + +2008-02-01 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_namespace/namespace.conf.5.xml: Add documentation for + tmpfs and tmpdir polyinst and for ~ user list modifier. + * modules/pam_namespace/namespace.init: Add documentation for the + new init parameter. Add home directory initialization script. + * modules/pam_namespace/pam_namespace.8.xml: Document the new + init parameter of the namespace.init script. + * modules/pam_namespace/pam_namespace.c(copy_ent): Copy exclusive flag. + (cleanup_data): New function. + (process_line): Set exclusive flag. Add tmpfs and tmpdir methods. + (ns_override): Change behavior on the exclusive flag. + (poly_name): Process tmpfs and tmpdir methods. + (inst_init): Add flag for new directory initialization. + (create_dirs): Process the tmpdir method, add the new directory + flag. + (ns_setup): Remove unused code. Process the tmpfs method. + (cleanup_tmpdirs): New function. + (setup_namespace): Set data for proper cleanup. Cleanup the tmpdirs + on failures. + (pam_sm_close_session): Instead of parsing the config file again use + the previously set data for cleanup. + * modules/pam_namespace/pam_namespace.h: Add TMPFS and TMPDIR methods + and exclusive flag. + +2008-01-29 Tomas Mraz <t8m@centrum.cz> + + * configure.in: Test for setkeycreatecon needs libselinux. + Add new module pam_sepermit. + * modules/Makefile.am: Add new module pam_sepermit. + * modules/pam_sepermit/.cvsignore: New file. + * modules/pam_sepermit/Makefile.am: Likewise. + * modules/pam_sepermit/README.xml: Likewise. + * modules/pam_sepermit/pam_sepermit.8.xml: Likewise. + * modules/pam_sepermit/pam_sepermit.c: Likewise. + * modules/pam_sepermit/sepermit.conf: Likewise. + * modules/pam_sepermit/tst-pam_sepermit: Likewise. + * doc/sag/pam_sepermit.xml: Likewise. + + * doc/sag/pam_tty_audit.xml: Add pam_tty_audit to SAG. + +2008-01-29 Miloslav Trmac <mitr@redhat.com> + + * modules/pam_tty_audit/README.xml: Add notes section. + * modules/pam_tty_audit/pam_tty_audit.8.xml: Describe patterns + support and open_only option. Add notes. + * modules/pam_tty_audit/pam_tty_audit.c(pam_sm_open_session): Add + support for pattern matching and the open_only option. + +2008-01-28 Thorsten Kukuk <kukuk@thkukuk.de> + + * libpam/pam_audit.c: Include pam_modutil_private.h. + + * libpam/pam_item.c (pam_set_item): Fix compiler warning. + + * libpam/pam_end.c (pam_end): Cast to correct pointer type. + * libpam/include/security/_pam_macros.h (_pam_overwrite_n): Use + unsigned int. + + * modules/pam_unix/passverify.c: Fix compiling without SELinux + support. + +2008-01-24 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_unix/bigcrypt.c (bigcrypt): Use crypt_r() when + available. + * modules/pam_unix/passverify.c (strip_hpux_aging): New function + to strip HP/UX aging info from password hash. + (verify_pwd_hash): Call strip_hpux_aging(), use crypt_r() when + available. + +2008-01-23 Tomas Mraz <t8m@centrum.cz> + + * configure.in: Add test for crypt_r(). Add setting/disabling random + device support. + + * modules/pam_unix/Makefile.am: Add unix_update.8 manpage generated from + XML, generate also unix_chkpwd.8 from XML. + * modules/pam_unix/pam_unix_acct.c: Add rounds parameter to _set_ctrl(). + * modules/pam_unix/pam_unix_auth.c: Likewise. + * modules/pam_unix/pam_unix_sess.c: Likewise. + * modules/pam_unix/pam_unix_passwd.c: Likewise. + * modules/pam_unix/support.c(_set_ctrl): Likewise. + * modules/pam_unix/support.h: Likewise. Add UNIX_SHA256_PASS, + UNIX_SHA512_PASS, and UNIX_ALGO_ROUNDS ctrls. + (pam_sm_chauthtok): Refactor out new password encryption. + * modules/pam_unix/passverify.c(crypt_make_salt): New function. + (crypt_md5_wrapper): Call crypt_make_salt(). + (create_password_hash): New function refactored out of + pam_sm_chauthtok(). Support for new password hashes. + * modules/pam_unix/passverify.h: Drop ascii_to_bin() and bin_to_ascii() + macros. Add prototype for create_password_hash(). + * modules/pam_unix/unix_update.8.xml: New file. + * modules/pam_unix/unix_chkpwd.8.xml: Likewise. + + * modules/pam_unix/Makefile.am: Add unix_update helper. + * modules/pam_unix/pam_unix_passwd.c: Move functions i64c(), + crypt_md5_wrapper(), save_old_password(), _update_passwd() and + _update_shadow() to passverify.c file. Rename _unix_run_shadow_binary() + to _unix_run_update_binary(), which also verifies old password and + does all writing. + (_do_setpass, pam_sm_chauthtok): lckpwdf()->lock_pwdf(), the same for unlock. + Call _unix_run_update_binary() appropriately. + _update_passwd()->unix_update_passwd(), the same for shadow. + * modules/pam_unix/passverify.c: Add new functions moved from + pam_unix_passwd.c and unix_chkpwd.c. + * modules/pam_unix/passverify.h: Likewise. + * modules/pam_unix/unix_chkpwd.c: Remove SELinux checks. Move + su_sighandler(), setup_signals(), getuidname() to passverify.c. + (main): Remove 'shadow' option. Refactor out read_passwords() and + call it. More strict checking how the binary is called. + * modules/pam_unix/unix_update.c: New helper binary - non-setuid, + called from SELinux confined apps only. + + * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Return + status and daysleft instead of fake shadow entry. + (pam_sm_acct_mgmt): Call _unix_run_verify_binary() appropriately. + * modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Call + get_account_info() and check_shadow_expiry(). + * modules/pam_unix/support.h: Adjust _unix_run_verify_binary() + prototype. + * modules/pam_unix/support.c (_unix_run_helper_binary): Remove check + on selinux enabled/disabled. + * modules/pam_unix/unix_chkpwd.c (_verify_account): Rename to + _check_expiry(), now checks shadow expiry info. + (main): Remove check on selinux enabled/disabled. Check shadow + expiry through _check_expiry(). + + * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Call + get_account_info() and check_shadow_expiry(). + * modules/pam_unix/passverify.c: Add get_account_info() to + obtain shadow and passwd entry. Add check_shadow_expiry() to + for shadow password expiry check. + (get_pwd_hash): Call get_account_info(). + * modules/pam_unix/passverify.h: Add prototypes for get_account_info() + and check_shadow_expiry(). + +2008-01-08 Thorsten Kukuk <kukuk@thkukuk.de> + + * doc/man/Makefile.am: Fix manual page dependencies, + add hack for bug in xsl stylestheets. + +2008-01-07 Thorsten Kukuk <kukuk@thkukuk.de> + + * po/it.po: Fix typos. + * po/de.po: Few new translations. + * po/POTFILES.in: Add pam_tty_audit.c and passverify.c. + * doc/man/pam_xauth_data.3.xml: Added to CVS. + * doc/man/pam_xauth_data.3: Likewise. + * modules/pam_tty_audit/README: Likewise. + * modules/pam_tty_audit/pam_tty_audit.8: Likewise. + * po/sv.po: Update swedish translation [#1857531]. + * modules/pam_succeed_if/pam_succeed_if.8.xml: Fix + cut & paste error [#1863490]. + +2008-01-02 Petteri Räty <betelgeuse@gentoo.org> + * modules/pam_limits/limits.conf: document allowed values for + nice. + * modules/pam_limits/limits.conf.5.xml: Likewise. + +2007-12-18 Thorsten Kukuk <kukuk@thkukuk.de> + + * README: Document how to run make check with static modules + (SF#1822779). + +2007-12-18 Peter Breitenlohner <peb@mppmu.mpg.de> + * README: Document that "make check" requires a file + /etc/pam.d/other (SF#1822764). + +2007-12-12 Eamon Walsh <ewalsh@tycho.nsa.gov> + + * doc/man/pam_item_types_ext.inc.xml: More appropriate wording + for PAM_XDISPLAY doc. + +2007-12-07 Tomas Mraz <t8m@centrum.cz> + + * po/cs.po: Updated translations. + + * libpam/libpam.map: Add LIBPAM_MODUTIL_1.1 version. + * libpam/pam_audit.c: Add _pam_audit_open() and + pam_modutil_audit_write(). + (_pam_auditlog): Call _pam_audit_open(). + * libpam/include/security/pam_modutil.h: Add pam_modutil_audit_write(). + * modules/pam_access/pam_access.8.xml: Add noaudit option. + Document auditing. + * modules/pam_access/pam_access.c: Move fs, sep, pam_access_debug, and + only_new_group_syntax variables to struct login_info. Add noaudit + member. + (_parse_args): Adjust for the move of variables and add support for + noaudit option. + (group_match): Add debug parameter. + (string_match): Likewise. + (network_netmask_match): Likewise. + (login_access): Adjust for the move of variables. Add nonall_match. + Add call to pam_modutil_audit_write(). + (list_match): Adjust for the move of variables. + (user_match): Likewise. + (from_match): Likewise. + (pam_sm_authenticate): Call _parse_args() earlier. + * modules/pam_limits/pam_limits.8.xml: Add noaudit option. + Document auditing. + * modules/pam_limits/pam_limits.c (_pam_parse): Add noaudit option. + (setup_limits): Call pam_modutil_audit_write(). + * modules/pam_time/pam_time.8.xml: Add debug and noaudit options. + Document auditing. + * modules/pam_time/pam_time.c: Add option parsing (_pam_parse()). + (check_account): Call _pam_parse(). Call pam_modutil_audit_write() + and pam_syslog() on login denials. + +2007-12-07 Luca Bruno <luca.br@uno.it> + + * po/it.po: Updated translations. + +2007-12-06 Eamon Walsh <ewalsh@tycho.nsa.gov> + + * libpam/include/security/_pam_macros.h: Add _pam_overwrite_n() + macro. + * libpam/include/security/_pam_types.h: Add PAM_XDISPLAY, + PAM_XAUTHDATA items, pam_xauth_data struct. + * libpam/pam_item.c (pam_set_item, pam_get_item): Handle + PAM_XDISPLAY and PAM_XAUTHDATA items. + * libpam/pam_end.c (pam_end): Destroy the new items. + * libpam/pam_private.h (pam_handle): Add data members for new + items. Add prototype for _pam_memdup. + * libpam/pam_misc.c: Add _pam_memdup. + * doc/man/Makefile.am: Add pam_xauth_data.3. Replace + pam_item_types.inc.xml with pam_item_types_std.inc.xml and + pam_item_types_ext.inc.xml. + * doc/man/pam_get_item.3.xml: Replace pam_item_types.inc.xml + with pam_item_types_std.inc.xml and pam_item_types_ext.inc.xml. + * doc/man/pam_set_item.3.xml: Likewise. + * doc/man/pam_item_types.inc.xml: Removed file. + * doc/man/pam_item_types_ext.inc.xml: New file. + * doc/man/pam_item_types_std.inc.xml: New file. + +2007-12-06 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_tty_audit/pam_tty_audit.8.xml: Fix example. + +2007-12-05 Miloslav Trmac <mitr@redhat.com> + + * configure.in: Add test for audit_tty_status struct. Add + pam_tty_audit module. + * libpam/pam_static_modules.h: Add pam_tty_audit module. + * modules/pam_tty_audit/Makefile.am: New file. + * modules/pam_tty_audit/README.xml: Likewise. + * modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise. + * modules/pam_tty_audit/pam_tty_audit.c: Likewise. + +2007-12-05 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_unix/Makefile.am: Add passverify.h and passverify.c + as first part of pam_unix refactorization. + * modules/pam_unix/pam_unix/pam_unix_acct.c: Include passverify.h. + * modules/pam_unix/pam_unix_passwd.c: Likewise. + * modules/pam_unix/passverify.c: New file with common functions. + * modules/pam_unix/passverify.h: Prototypes for the common functions. + * modules/pam_unix/support.c: Include passverify.h, move + _unix_shadowed() to passverify.c. + (_unix_verify_password): Refactor out verify_pwd_hash() function. + * modules/pam_unix/support.h: Move _unix_shadowed() prototype to + passverify.h + * modules/pam_unix/unix_chkpwd.c: Use _unix_shadowed() and + verify_pwd_hash() from passverify.c. + +2007-11-20 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_unix/Makefile.am (unix_chkpwd_LDADD): Don't link + unix_chkpwd unnecessary against libpam (#1822779). + + * modules/pam_tally/pam_tally.c (tally_log): Map + pam_modutil_getpwnam to getpwnam if we don't compile + as module. + * modules/pam_tally/Makefile.am: Don't link pam_tally_app + against libpam (#1822779). + +2007-11-06 Thorsten Kukuk <kukuk@thkukuk.de> + + * xtests/tst-pam_group1.c: Include stdlib.h + * xtests/tst-pam_succeed_if1.c: Likewise. + * xtests/tst-pam_limits1.c: Likewise. + * xtests/tst-pam_access1.c: Likewise. + * xtests/tst-pam_access2.c: Likewise. + * xtests/tst-pam_access3.c: Likewise. + * xtests/tst-pam_access4.c: Likewise. + * xtests/tst-pam_unix1.c: Likewise. + * xtests/tst-pam_unix2.c: Likewise. + * xtests/tst-pam_unix3.c: Likewise. + * xtests/tst-pam_cracklib1.c: Likewise. + * xtests/tst-pam_cracklib2.c: Likewise. + + * libpam/pam_static_modules.h: Fix name of pam_namespace variable. + +2007-11-01 Peter Breitenlohner <peb@mppmu.mpg.de> + + * doc/man/pam_conv.3.xml: Correct typo. + +2007-10-30 Peter Breitenlohner <peb@mppmu.mpg.de> + + * modules/pam_rhosts/pam_rhosts_auth.c (__icheckhost): Correct + misplaced parenthesis. + * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Prevent use of + dngettext() when NLS is disabled. + * modules/pam_exec/pam_exec.c (call_exec): Avoid gcc warning. + * doc/specs/parse_y.y (set_label, new_counter): Break trigraphs to + avoid gcc warning. + * modules/pam_wheel/pam_wheel.c: Remove excessive initializer + elements. + + * modules/pam_cracklib/pam_cracklib.8.xml: Correct typo. + * modules/pam_limits/limits.conf.5.xml: Likewise. + * modules/pam_listfile/pam_listfile.8.xml: Likewise. + * modules/pam_xauth/pam_xauth.8.xml: Likewise. + + * modules/pam_deny/pam_deny.8.xml: Correct spelling. + * modules/pam_group/pam_group.8.xml: Likewise. + * modules/pam_permit/pam_permit.8.xml: Likewise. + * modules/pam_shells/pam_shells.8.xml: Likewise. + * modules/pam_time/pam_time.8.xml: Likewise. + * modules/pam_warn/pam_warn.8.xml: Likewise. + + * tests/tst-dlopen.c: Return 77 in case of static modules, such that + all modules/pam_*/tst-pam_* tests yield SKIP instead of FAIL. + * libpam/Makefile.am (libpam_la_LIBADD): Use "$(shell ls ...)" instead + of "`ls ...`", to allow for static modules. + * libpam/pam_static_modules.h: Make pam_keyinit module depend on + HAVE_KEY_MANAGEMENT; correct name of pam_faildelay pam_module struct. + * modules/pam_faildelay/pam_faildelay.c: Correct name of pam_module + struct. + +2007-10-25 Steve Langasek <vorlon@debian.org> + + * modules/pam_tally/pam_tally.c: fix the definition of OPT_AUDIT + to be octal instead of decimal, so that it works properly in a + bit field instead of forcing the "even_deny_root_account" and + "no_reset" options to on. + Patch from Corey Wright <undefined@pobox.com>. + +2007-10-19 Tomas Mraz <t8m@centrum.cz> + + * xtests/tst-pam_access1.c: Use different name for user and group. + * xtests/tst-pam_access1.sh: Likewise. + * xtests/tst-pam_access2.c: Likewise. + * xtests/tst-pam_access2.sh: Likewise. + * xtests/tst-pam_access4.c: Likewise. + * xtests/tst-pam_access4.sh: Likewise. + * xtests/group.conf: Likewise. + * xtests/tst-pam_group1.c: Likewise. + * xtests/tst-pam_group1.sh: Likewise. + + * libpam/pam_dispatch.c (_pam_dispatch_aux): Save states for substacks, + record substack level, skip over virtual substack modules, implement + evaluation of done, die, reset and jumps in substacks. Also fixes + too far jumps in substacks. + * libpam/pam_end.c (pam_end): Drop substack evaluation states. + * libpam/pam_handlers.c (_pam_parse_conf_file): Add substack level + parameter, instead of must_fail use handler_type needed for virtual + substack modules. + (_pam_load_conf_file): Add substack level parameter. + (_pam_init_handlers): Substack level parameter added to + _pam_parse_conf_file() calls. + (_pam_load_module): New function. + (_pam_add_handler): Refactor code into the _pam_load_module(). Add + support for virtual substack modules. + * libpam/pam_private.h: Rename must_fail to handler_type, add stack_level + to struct handler. Define handler type constants. Add struct + for substack evaluation states. Define constant for maximum + substack level. Add substack states pointer to former state struct. + * libpam/pam_start.c (pam_start): Initialize pointer to substack states. + * doc/man/pam.conf-syntax.xml: Document substack control. + * xtests/Makefile.am: Add new tests for substack evaluation. + * xtests/run_xtests.sh: Support multiple .pamd files in a test. + * xtests/tst-pam_authfail.pamd: New tests for substack evaluation. + * xtests/tst-pam_authsucceed.pamd: Likewise. + * xtests/tst-pam_substack1.pamd: Likewise. + * xtests/tst-pam_substack1a.pamd: Likewise. + * xtests/tst-pam_substack1.sh: Likewise. + * xtests/tst-pam_substack2.pamd: Likewise. + * xtests/tst-pam_substack2a.pamd: Likewise. + * xtests/tst-pam_substack2.sh: Likewise. + * xtests/tst-pam_substack3.pamd: Likewise. + * xtests/tst-pam_substack3a.pamd: Likewise. + * xtests/tst-pam_substack3.sh: Likewise. + * xtests/tst-pam_substack4.pamd: Likewise. + * xtests/tst-pam_substack4a.pamd: Likewise. + * xtests/tst-pam_substack4.sh: Likewise. + * xtests/tst-pam_substack5.pamd: Likewise. + * xtests/tst-pam_substack5a.pamd: Likewise. + * xtests/tst-pam_substack5.sh: Likewise. + +2007-10-18 Tomas Mraz <t8m@centrum.cz> + + * xtests/tst-pam_dispatch4.c: Fix comment about the test. + * xtests/tst-pam_dispatch4.pamd: Improve the testcase. + * xtests/tst-pam_cracklib2.c: Make the testcase more robust. + +2007-10-12 Thorsten Kukuk <kukuk@thkukuk.de> + + * xtests/Makefile.am: Add tst-pam_dispatch5 sources + * xtests/tst-pam_dispatch5.c: New test for jump too far. + * xtests/tst-pam_dispatch5.pamd: New test configuration. + +2007-10-09 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_tally/pam_tally.8.xml: Document audit option + correctly. + +2007-10-09 Thorsten Kukuk <kukuk@thkukuk.de> + + * release version 0.99.9.0 + + * configure.in: Increase vesion number. + + * libpam/Makefile.am: Increase release number. + * libpam_misc/Makefile.am: Increase release number. + + * po/*.po: Regenerate. + +2007-10-08 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_time/pam_time.c (is_same): Length of strings without + wildcard needs to be the same. + * modules/pam_group/pam_group.c (is_same): Likewise. + +2007-10-01 Thorsten Kukuk <kukuk@thkukuk.de> + + * xtests/tst-pam_group1.c: New test case for user compare in pam_group. + * xtests/tst-pam_group1.sh: Script to run test case. + * xtests/tst-pam_group1.pamd: Config for test case. + * xtests/Makefile.am: Add tst-pam_group1 test case. + * xtests/run-xtests.sh: Save/restore group.conf. + * xtests/group.conf: New. + + * modules/pam_xauth/pam_xauth.c (pam_sm_open_session): Don't + free arguments used for putenv(). + + * doc/man/pam_putenv.3.xml: Document that application has to free + the memory. + +2007-09-27 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_succeed_if/pam_succeed_if.c (evaluate_inlist): Fix in + operator rhbz #295151. + * modules/pam_namespace/pam_namespace.c (poly_name): Do not try to + get context when SELinux is disabled. + +2007-09-27 Thorsten Kukuk <kukuk@thkukuk.de> + + * xtests/tst-pam_succeed_if1.c: New test case for + https://bugzilla.redhat.com/show_bug.cgi?id=295151 + * xtests/tst-pam_succeed_if1.sh: Script to run test case. + * xtests/tst-pam_succeed_if1.pamd: Config for test case. + * xtests/Makefile.am: Add tst-pam_succeed_if1 test case. + + * xtests/run-xtests.sh: Add support to skip tests. + * xtests/tst-pam_limits1.c: Skip test if RLIMIT_NICE is not + defined. + +2007-09-03 Steve Langasek <vorlon@debian.org> + + * modules/pam_limits/pam_limits.c: remove a number of unnecessary + string manipulations, including a strncpy() that was acting on + overlapping memory. + + * libpam_misc/misc_conv.c: don't block SIGINT in misc_conv; it's + perfectly valid to allow the user to interrupt at a prompt. If + an application wants prompts to not be interruptable, the + application should take responsibility for blocking SIGINT. + +2007-09-02 Thorsten Kukuk <kukuk@thkukuk.de> + + * examples/Makefile.am: Fix usage of LIBADD, LDADD and LDFLAGS. + * libpam/Makefile.am: Likewise. + * modules/pam_access/Makefile.am: Likewise. + * modules/pam_cracklib/Makefile.am: Likewise. + * modules/pam_debug/Makefile.am: Likewise. + * modules/pam_deny/Makefile.am: Likewise. + * modules/pam_echo/Makefile.am: Likewise. + * modules/pam_env/Makefile.am: Likewise. + * modules/pam_exec/Makefile.am: Likewise. + * modules/pam_faildelay/Makefile.am: Likewise. + * modules/pam_filter/Makefile.am: Likewise. + * modules/pam_filter/upperLOWER/Makefile.am: Likewise. + * modules/pam_ftp/Makefile.am: Likewise. + * modules/pam_group/Makefile.am: Likewise. + * modules/pam_issue/Makefile.am: Likewise. + * modules/pam_keyinit/Makefile.am: Likewise. + * modules/pam_lastlog/Makefile.am: Likewise. + * modules/pam_limits/Makefile.am: Likewise. + * modules/pam_listfile/Makefile.am: Likewise. + * modules/pam_localuser/Makefile.am: Likewise. + * modules/pam_loginuid/Makefile.am: Likewise. + * modules/pam_mail/Makefile.am: Likewise. + * modules/pam_mkhomedir/Makefile.am: Likewise. + * modules/pam_motd/Makefile.am: Likewise. + * modules/pam_namespace/Makefile.am: Likewise. + * modules/pam_nologin/Makefile.am: Likewise. + * modules/pam_permit/Makefile.am: Likewise. + * modules/pam_rhosts/Makefile.am: Likewise. + * modules/pam_rootok/Makefile.am: Likewise. + * modules/pam_securetty/Makefile.am: Likewise. + * modules/pam_selinux/Makefile.am: Likewise. + * modules/pam_shells/Makefile.am: Likewise. + * modules/pam_stress/Makefile.am: Likewise. + * modules/pam_succeed_if/Makefile.am: Likewise. + * modules/pam_tally/Makefile.am: Likewise. + * modules/pam_time/Makefile.am: Likewise. + * modules/pam_umask/Makefile.am: Likewise. + * modules/pam_unix/Makefile.am: Likewise. + * tests/Makefile.am: Likewise. + +2007-08-31 Steve Langasek <vorlon@debian.org> + + * modules/pam_group/group.conf: don't use "games" as an example + group, on some distros this is a pre-existing group that it would + be a security hole to give users access to. + +2007-08-30 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_limits/limits.conf.5.xml: Document that maxlogins + is ignored for users with UID 0. + +2007-08-30 Steve Langasek <vorlon@debian.org> + + * modules/pam_unix/support.c, modules/pam_unix/unix_chkpwd.c: + A wrong username doesn't need to be logged at LOG_ALERT; + LOG_WARNING should be sufficient. + Patch from Sam Hartman <hartmans@debian.org>. + + * modules/pam_cracklib/pam_cracklib.c: + s/CRACKLIB_DICT/CRACKLIB_DICTS/, for consistency with existing + #define in pam_unix + +2007-08-29 Steve Langasek <vorlon@debian.org> + + * libpam/pam_modutil_getgrgid.c, libpam/pam_modutil_getgrnam.c, + libpam/pam_modutil_getpwnam.c, libpam/pam_modutil_getpwuid.c, + libpam/pam_modutil_getspnam.c: don't use pthread mutexes in libpam + unnecessarily; this avoids linking problems on non-Linux + platforms. + + * modules/pam_listfile/pam_listfile.c, modules/pam_listfile/README, + modules/pam_listfile/pam_listfile.8, + modules/pam_listfile/pam_listfile.8.xml: add a 'quiet' option to + avoid logging errors any time a user is refused service by this + module. + +2007-08-29 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_rhosts/pam_rhosts_auth.c: buflen needs to be size_t. + (__icheckhost): Cast to int32_t to fix limited range error. + + * modules/pam_cracklib/pam_cracklib.c: Mark cracklib_dictpath + as const. + +2007-08-29 Steve Langasek <vorlon@debian.org> + + * modules/pam_rhosts/pam_rhosts_auth.c: getline returns -1 at + EOF, not 0. Check accordingly to fix an infinite loop. Thanks + to Stephan Springl <springl-rhosts@bfw-online.de> for catching + this. + +2007-08-28 Steve Langasek <vorlon@debian.org> + + * configure.in: call AC_CHECK_HEADERS instead of AC_CHECK_HEADER + for crack.h, so we get a HAVE_CRACK_H define. + * modules/pam_cracklib/pam_cracklib.c: don't copy around the + cracklib dictpath into a fixed-width buffer, when we can just + point at the existing strings; and allow users to override the + default cracklib path with -DCRACKLIB_DICT, required for + compatibility with cracklib 2.7. + +2007-08-27 Steve Langasek <vorlon@debian.org> + + * modules/pam_limits/pam_limits.c: when building on non-Linux + systems, give a warning only, not an error; no one seems to + remember why this error was here in the first place, but leave + something in that might still grab the attention of non-Linux + users. + Patch from Michal Suchanek <hramrach_l@centrum.cz>. + * configure.in, modules/pam_rhosts/pam_rhosts_auth.c: check for + the presence of net/if.h before using, required for Hurd + compatibility. + Patch from Igor Khavkine <i_khavki@alcor.concordia.ca>. + * modules/pam_limits/pam_limits.c: conditionalize the use of + RLIMIT_AS, which is not present on the Hurd. + Patch from Igor Khavkine <i_khavki@alcor.concordia.ca>. + * modules/pam_rhosts/pam_rhosts_auth.c: use getline() instead of + a static buffer when available; fixes the build on systems + without MAXHOSTNAMELEN (i.e., the Hurd). + * modules/pam_xauth/pam_xauth.c: make sure PATH_MAX is defined + before using it. + +2007-08-26 Andrew Morgan <morgan@kernel.org> + + * doc/man/pam.conf-syntax.xml + Minor fixes: '\[' -> '\]'. + +2007-08-25 Steve Langasek <vorlon@debian.org> + + * doc/man/pam.conf-syntax.xml, doc/man/pam.conf.5: + Document "new" control options conv_again and incomplete, supported + in pam.d's extended syntax. + Patch from Ben Collins <bcollins@debian.org>. + +2007-08-15 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_access/pam_access.c (list_match): Add explicit + sptr argument for strtok_r, otherwise the code is not portable. + +2007-08-13 Olivier Blin <blino@mandriva.com> + + * doc/man/pam.3.xml: Fix typo. + * doc/man/pam.3: Likewise. + * doc/man/pam_end.3.xml: Likewise. + * doc/man/pam_end.3: Likewise. + +2007-07-18 Thorsten Kukuk <kukuk@thkukuk.de> + + * release version 0.99.8.1 + + * libpam/pam_audit.c: Include unistd.h for getuid(). + * libpam/Makefile.am: Bump version number. + +2007-07-12 Thorsten Kukuk <kukuk@thkukuk.de> + + * libpam/pam_audit.c (_pam_audit_writelog): Don't return + error if application runs as normal user. Fixes regression + introduced with last change. + +2007-07-10 Thorsten Kukuk <kukuk@thkukuk.de> + + * configure.in: Add --with-db-uniquename option to support + db libraries and functions with unique name extension. + Patch from Diego 'Flameeyes' Pettenò <flameeyes@gmail.com>. + + * modules/pam_limits/pam_limits.c: Include locale.h. + +2007-07-06 Thorsten Kukuk <kukuk@thkukuk.de> + + * release version 0.99.8.0 + + * configure.in: Check for audit_log_acct_message instead of + audit_log_user_message. + * libpam/pam_audit.c: Use audit_log_acct_message. + Based on patch from Mark J Cox <mjc@redhat.com>. + * libpam/Makefile.am: Bump version number of libpam. + + * modules/pam_umask/pam_umask.c (set_umask): mode_t is 32bit, + not 64bit. + + * xtests/tst-pam_limits1.c: Fix printf arguments. + + * po/*.po: Merge po files with latest code changes. + +2007-06-26 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_limits/pam_limits.c (process_limit): Check upper and + lower limit of nice value, fix off-by-one in conversation to rlim_t. + * xtests/Makefile.am: Add new pam_limits test case. + * xtests/limits.conf: New, config file for test case. + * xtests/pam_limits1.c: New, test case for RLIMIT_NICE. + * xtests/pam_limits1.sh: Likewise. + * xtests/pam_limits1.pamd: Likewise. + +2007-06-25 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_access/pam_access.c (list_match): Use saveptr of strtok_r + result for recursive calls. + * xtests/Makefile.am: Add new pam_access test cases. + * xtests/pam_access1.c: New test case. + * xtests/pam_access2.c: Likewise. + * xtests/pam_access3.c: Likewise. + * xtests/pam_access4.c: Likewise. + * xtests/pam_access1.sh: Wrapper to create user accounts. + * xtests/pam_access2.sh: Likewise. + * xtests/pam_access3.sh: Likewise. + * xtests/pam_access4.sh: Likewise. + * xtests/pam_access1.pamd: PAM config file for pam_access tests. + * xtests/pam_access2.pamd: Likewise. + * xtests/pam_access3.pamd: Likewise. + * xtests/pam_access4.pamd: Likewise. + * xtests/access.conf: Config file for pam_access tests. + * xtests/run-tests.sh: Install access.conf into system. + +2007-06-22 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Print + better error message if /proc/self/loginuid cannot be opened. + + * modules/pam_limits/pam_limits.c (process_limit): Check for + variable overflow after multiplication [bnc#283001]. + + * modules/pam_access/pam_access.c: Add new syntax for groups + in access.conf to differentiate group names from account names. + Based on patch from Julien Lecomte <julien@famille-lecomte.net>, + solves feature request [#411390]. + * modules/pam_access/access.conf: Add example for new group + syntax. + * modules/pam_access/access.conf.5.xml: Document new syntax. + +2007-06-20 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_cracklib/pam_cracklib.8.xml: Document new minclass + option. + * modules/pam_cracklib/pam_cracklib.c: Add support for minimum + character classes [#1688777]. Based on patch from Keith Schincke. + + * xtests/tst-pam_cracklib2.c: New, test case for minclass option. + * xtests/tst-pam_cracklib2.pamd: New, PAM config file for test case. + * xtests/Makefile.am: Add new testcase. + + * xtests/pam_cracklib.c: Fix comment what this application tests. + + * configure.in: Use /lib64 on x86-64, ppc64, s390x, sparc64 + +2007-06-15 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_selinux/pam_selinux.8.xml: Remove multiple option, + add select_context and use_current_range options. + * modules/pam_selinux/pam_selinux.c (send_audit_message): Added + function for auditing role/level changes. + (query_response): Add default response. + (select_context): Removed. + (manual_context): Query only role and level. + (mls_range_allowed): Added function for range check. + (config_context): Added function for role and level override. + (pam_sm_open_session): Remove multiple option, add select_context + and use_current_range_options. Use getseuserbyname to obtain + SELinux user and level. Audit role/level changes. Call setkeycreatecon + to assign key creation context. Don't fail on errors when SELinux + is not in enforcing mode. + * configure.in: Check for setkeycreatecon(). + + * modules/pam_namespace/README.xml: Avoid duplication of + documentation. + * modules/pam_namespace/namespace.conf: More real life example + from MLS support. + * modules/pam_namespace/namespace.conf.5.xml: Likewise plus + properly describe how instance directory names are formed. + * modules/pam_namespace/namespace.init: Preserve euid when + called from setuid apps (su, newrole). + * modules/pam_namespace/pam_namespace.8.xml: Added option + no_unmount_on_close. + * modules/pam_namespace/pam_namespace.c (process_line): Polyinst + methods are now user, level and context. Fix crash on unknown + override user in config file. + (ns_override): Add explicit uid parameter. + (form_context): Skip for user method. Implement level based + polyinstantiation. + (poly_name): Initialize contexts. Add level based polyinst, + remove 'both' metod. Use raw contexts for instance names, + truncate long instance names and add hash. + (ns_setup): Hashing moved to poly_name(). + (setup_namespace): Handle correctly override users for + su (when unmnt_remnt is used). + (pam_sm_close_session): Added no_unmount_on_close option. + * modules/pam_namespace/pam_namespace.h: Added + no_unmount_on_close_option, level method, limit on instance + directory name length. + +2007-05-04 Thorsten Kukuk <kukuk@suse.de> + + * xtests/run-xtests.sh: Use SRCDIR to find PAM config files. + * xtests/Makefile.am: Call run-xtests.sh with srcdir as first + argument. + Based on patch by Bernard Leak <thisisnotapipe@hotmail.com>. + +2007-04-30 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_limits/limits.conf: Address space limit is KB. + * modules/pam_limits/limits.conf.5.xml: Likewise. + Reported by Thomas Vander Stichele <thomas@apestaart.org>. + + * modules/pam_mail/pam_mail.c (_do_mail): Remove duplicate + check for PAM_SILENT and don't bail out if it is set [#1706247]. + +2007-03-29 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_access/pam_access.c (login_access, list_match): + Replace strtok with strtok_r. + * modules/pam_cracklib/pam_cracklib.c (check_old_password): + Likewise. + * modules/pam_ftp/pam_ftp.c (lookup, pam_authenticate): + Likewise. + * modules/pam_unix/pam_unix_passwd.c (check_old_password, + save_old_password): Likewise. + + * modules/pam_limits/Makefile.am: Define limits.d dir and install it. + * modules/pam_limits/pam_limits.8.xml: Describe limits.d parsing. + * modules/pam_limits/pam_limits.c (pam_limit_s): Make conf_file ptr. + (pam_parse): conf_file is now ptr. + (pam_sm_open_session): Add parsing files from limits.d subdir using + glob, change pl to pointer. + +2007-03-12 Thorsten Kukuk <kukuk@thkukuk.de> + + * po/ar.po: New translation. + * po/ca.po: Likewise. + * po/da.po: Likewise. + * po/ru.po: Likewise. + * po/sv.po: Likewise. + * po/zu.po: Likewise. + * po/LINGUAS: Add ar, ca, da, ru, sv, zu + + * po/hu.po: Update translation. + +2007-02-21 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Test for + allocation failure in bigcrypt(). + + * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Allow + modification of '*' password by root. + +2007-02-06 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Remove + debug syslog message when loginuid doesn't exist. + +2007-02-01 Tomas Mraz <t8m@centrum.cz> + + * xtests/tst-pam_unix3.c: Fix typos in comments. + + * modules/pam_unix/support.c (_unix_verify_password): Explicitly + disallow '!' in the beginning of password hash. Treat only + 13 bytes password hash specifically. (Suggested by Solar Designer.) + Fix a warning and test for allocation failure. + * modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Likewise. + +2007-01-31 Thorsten Kukuk <kukuk@thkukuk.de> + + * xtests/Makefile.am: Add new pam_unix.so tests + * xtests/run-xtests.sh: Prefer shell scripts (wrapper) + over binaries. + * xtests/tst-pam_cracklib1.c: Fix typo. + * xtests/tst-pam_unix1.c: New, for sucurity fix. + * xtests/tst-pam_unix1.pamd: New. + * xtests/tst-pam_unix1.sh: New. + * xtests/tst-pam_unix2.c: New, for crypt checks. + * xtests/tst-pam_unix2.pamd: New. + * xtests/tst-pam_unix2.sh: New. + * xtests/tst-pam_unix3.c: New, for bigcrypt checks. + * xtests/tst-pam_unix3.pamd: New. + * xtests/tst-pam_unix3.sh: New. + +2007-01-23 Thorsten Kukuk <kukuk@suse.de> + + * release 0.99.7.1 + + * configure.in: Set version number to 0.99.7.1 + +2007-01-23 Thorsten Kukuk <kukuk@thukuk.de> + Tomas Mraz <t8m@centrum.cz> + + * modules/pam_unix/support.c (_unix_verify_password): Always + compare full encrypted passwords (CVE-2007-0003). + +2007-01-23 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_loginuid/Makefile.am (AM_LDFLAGS): Add LIBAUDIT. + + * modules/pam_selinux/Makefile.am (pam_selinux_check_LDFLAGS): Add + AM_LDFLAGS. + (pam_selinux_la_LDFLAGS): Likewise. + +2007-01-17 Thorsten Kukuk <kukuk@thkukuk.de> + + * release 0.99.7.0 + + * configure.in: Set version number to 0.99.7.0 + + * Makefile.am (M4_FILES): Replace GNU make extension by listing + all m4 files. + +2007-01-17 Tomas Mraz <t8m@centrum.cz> + + * po/*.po: Updated strings to translate. + * po/Linux-PAM.pot: Likewise. + +2007-01-16 Thorsten Kukuk <kukuk@thkukuk.de> + + * doc/man/pam.conf-syntax.xml: Improve documentation about + sufficient keyword (Patch by Petteri Räty <betelgeuse@gentoo.org>) + +2006-12-20 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Forbid + only '+' and '-' as first characters for account names. + * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise. + +2006-12-18 Thorsten Kukuk <kukuk@thkukuk.de> + + * configure.in: Fix ENOKEY check (specify errno.h as header + file to search in). + + * configure.in: Add AM_PROG_CC_C_O. + * libpam/Makefile.am: Add content of AM_LDFLAGS to *_LDFLAGS. + * modules/pam_tally/Makefile.am: Likewise. + * modules/pam_unix/Makefile.am: Likewise. + + * modules/pam_stress/pam_stress.c (pam_sm_chauthtok): Fix + localisation of message printed to user. + * po/de.po: Adjust translation. + +2006-12-18 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Localize + message printed to user. + + * modules/pam_unix/support.c (_unix_verify_password): Use strncmp + only for bigcrypt result. + + * modules/pam_keyinit/pam_keyinit.c (kill_keyrings): Switch to new + egid first, euid next. Revert euid/egid to old euid/egid and not + ruid/rgid. + (pam_sm_open_session): Switch to new rgid first, ruid next. + +2006-12-13 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_localuser/pam_localuser.c: Add support for session + and chauthtok [SF#1606180]. + * modules/pam_localuser/pam_localuser.8.xml: Document last change. + + * libpam/pam_audit.c (_pam_audit_writelog): Print error message + only once. + +2006-12-12 Thorsten Kukuk <kukuk@thkukuk.de> + + * libpam/pam_audit.c (_pam_audit_writelog): Print error + message on failure to syslog. + +2006-12-09 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_umask/pam_umask.c: Use strtoul instead of strtol, + fix overflow detection. + +2006-12-06 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_mkhomedir/pam_mkhomedir.c (rec_mkdir): Fix + handling of left-most path component [SF#1591598]. + (create_homedir): Mark user visible messages for translation. + * po/de.po: Adjust german translation for pam_mkhomedir. + + * modules/pam_faildelay/pam_faildelay.c: If no argument is + given, try to read FAIL_DELAY from /etc/login.defs. + * modules/pam_faildelay/pam_faildelay.8.xml: Document usage + of /etc/login.defs. + +2006-12-04 Tomas Mraz <t8m@centrun.cz> + + * po/jp.po: Fixed mistake in Password: message (from + Peng Huang <phuang@redhat.com>). + +2006-11-28 Thorsten Kukuk <kukuk@thkukuk.de> + + * po/hu.po: Update hungarian translation (from + Kalman Kemenczy <kkemenczy@novell.com>). + + * configure.in: Allow disabling support for cracklib, audit, libdb. + + * modules/pam_faildelay/pam_faildelay.8.xml: Correct name of Author. + + * configure.in: Remove --enable-docdir (obsolete by --docdir). + * doc/Makefile.am: Don't overwrite htmldir. + * doc/adg/Makefile.am: Use docdir, htmldir and pdfdir. + * doc/mwg/Makefile.am: Likewise. + * doc/sag/Makefile.am: Likewise. + * doc/specs/Makefile.am: Use docdir. + + * tests/tst-pam_set_data.c: New test cases for pam_set_data(). + * tests/Makefile.am: Add pam_set_data test case. + + * libpam/pam_data.c: Add NULL pointer check for module_data_name. + * libpam/Makefile.am: Bump revision of shared library. + +2006-11-08 Thorsten Kukuk <kukuk@thkukuk.de> + + * configure.in: Add modules/pam_faildelay/Makefile. + * doc/sag/Linux-PAM_SAG.xml: Include pam_faildelay.xml. + * doc/sag/pam_faildelay.xml: New. + * libpam/pam_static_modules.h: Include static pam_faildelay data. + * modules/Makefile.am: Add pam_faildelay directory. + * modules/pam_faildelay/Makefile.am: New. + * modules/pam_faildelay/README: New, generated from XML file. + * modules/pam_faildelay/README.xml: New. + * modules/pam_faildelay/pam_faildelay.8: New, generated from xml. + * modules/pam_faildelay/pam_faildelay.8.xml: New. + * modules/pam_faildelay/pam_faildelay.c: New. + * modules/pam_faildelay/tst-pam_faildelay: New. + + * po/POTFILES.in: Add pam_faildelay.c and pam_loginuid.c. + +2006-11-07 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_cracklib/pam_cracklib.c: PAM_DEBUG_ARG + is a bit mask and not a boolean value (Reported by + Jochen Voss <voss@seehuhn.de>). + +2006-10-26 Thorsten Kukuk <kukuk@thkukuk.de> + + * doc/man/pam.3.xml: Add pam_get_user function. + + * modules/pam_motd/pam_motd.8.xml: Fix typo. + +2006-10-24 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_namespace/pam_namespace.c: Reserve space for + trailing zero. + +2006-10-24 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_unix/support.c (_unix_verify_password): Try system + crypt() if we don't know the hash alogorithm. + * modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Likewise. + +2006-10-13 Tomas Mraz <t8m@centrum.cz> + + * doc/mwg/Linux-PAM_MWG.xml: Add id[s] to section[s]. + * doc/sag/pam_access.xml: Likewise. + * doc/sag/pam_echo.xml: Likewise. + * doc/sag/pam_env.xml: Likewise. + * doc/sag/pam_exec.xml: Likewise. + * doc/sag/pam_group.xml: Likewise. + * doc/sag/pam_limits.xml: Likewise. + * doc/sag/pam_namespace.xml: Likewise. + * doc/sag/pam_time.xml: Likewise. + * doc/sag/Linux-PAM_SAG.xml: Add id to book. + * doc/adg/Linux-PAM_ADG.xml: Add id to book. + * doc/mwg/Linux-PAM_MWG.xml: Add id to book. + + +2006-10-07 Thorsten Kukuk <kukuk@thkukuk.de> + + * po/hu.po: Updated hungarian translation (from + Kalman Kemenczy <kkemenczy@novell.com>) + +2006-09-20 Thorsten Kukuk <kukuk@thkukuk.de> + + * doc/adg/Makefile.am: Add manual pages as dependency. + * doc/mwg/Makefile.am: Likewise. + * doc/sag/Makefile.am: Likewise. + * doc/sag/Linux-PAM_SAG.xml: Include pam_unix.xml. + * doc/sag/pam_unix.xml: New. + * modules/pam_unix/Makefile.am: Generate pam_unix.8 manual page. + * modules/pam_unix/README.xml: New. + * modules/pam_unix/pam_unix.8.xml: New. + * modules/pam_unix/README: Regenerate from XML. + * modules/pam_unix/pam_unix.8: Generated from XML. + +2006-09-09 Dmitry V. Levin <ldv@altlinux.org> + + * modules/pam_wheel/pam_wheel.8.xml: Fix typo. + * modules/pam_wheel/pam_wheel.8: Likewise. + * modules/pam_wheel/README: Likewise. + +2006-09-08 Thorsten Kukuk <kukuk@thkukuk.de> + + * po/de.po: Fix typo. + +2006-09-06 Thorsten Kukuk <kukuk@thkukuk.de> + + * release version 0.99.6.3 + +2006-09-01 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_loginuid/pam_loginuid.8.xml: Fix typo in + config name. + +2006-08-31 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_env/environment: New, dummy environment example + config file. + + * modules/pam_namespace/Makefile.am: Don't install + manual page if we don't build module. + + * m4/ld-as-needed.m4: Don't set LDFLAGS if check failed. + * m4/ld-O1: Likewise. + +2006-08-30 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_access/pam_access.8.xml: All services supported. + * modules/pam_access/pam_access.c (pam_sm_open_session): New. + (pam_sm_close_session): New. + (pam_sm_chauthtok): New. + + * modules/pam_access/pam_succeed_if.8.xml: All services supported. + * modules/pam_access/pam_succeed_if.c (pam_sm_setcred): Return + PAM_IGNORE rather than success. + (pam_sm_open_session): New. + (pam_sm_close_session): New. + (pam_sm_chauthtok): New. + +2006-08-30 Thorsten Kukuk <kukuk@thkukuk.de> + + * xtests/Makefile.am: Move shell code to execute tests from here ... + * xtests/run-xtests.sh: ... to here. + * xtests/*.c: Include config.h. + * tests/*.c: Likewise. + + * modules/pam_namespace/pam_namespace.c: Use pam_modutil_getpwnam() + instead of getpwnam(). + +2006-08-29 Thorsten Kukuk <kukuk@thkukuk.de> + + * doc/sag/pam_loginuid.xml: New. + * doc/sag/Linux-PAM_SAG.xml: Include pam_loginuid.xml. + + * configure.in: Add modules/pam_loginuid/Makefile. + * modules/Makefile.am: Add pam_loginuid sub directory. + + * libpam/pam_static_modules.h: Add pam_loginuid. + + * modules/pam_loginuid/Makefile.am: New. + * modules/pam_loginuid/tst-pam_loginuid: New. + * modules/pam_loginuid/pam_loginuid.8.xml: New. + * modules/pam_loginuid/pam_loginuid.8: New, generated from XML source. + * modules/pam_loginuid/pam_loginuid.c: New. + * modules/pam_loginuid/README.xml: New. + * modules/pam_loginuid/README: New, generated from XML source. + +2006-08-29 Dmitry V. Levin <ldv@altlinux.org> + + * modules/pam_exec/pam_exec.c (call_exec): Add required third + argument to open() call with O_CREAT flag set. + +2006-08-28 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Remove + duplicate code. + +2006-08-24 Thorsten Kukuk <kukuk@thkukuk.de> + + * release version 0.99.6.2 + + * modules/pam_lastlog/pam_lastlog.c (last_login_date): Create + lastlog file if it does not exist. + + * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Check + for error from getting second token. + * xtests/Makefile.am: Add tst-pam_cracklib1 + * xtests/tst-pam_cracklib1.c: New, check for pam_cracklib seg.fault. + * xtests/tst-pam_cracklib1.pamd: New, config for cracklib test. + +2006-08-24 Thorsten Kukuk <kukuk@thkukuk.de> + + * xtests/tst-pam_dispatch4.c: New test. + * xtests/tst-pam_dispatch4.pamd: PAM config for new test. + +2006-08-09 Thorsten Kukuk <kukuk@thkukuk.de> + + * release version 0.99.6.1 + +2006-08-09 David Howells <dhowells@redhat.com> + + * modules/pam_keyinit/pam_keyinit.c (kill_keyrings): Set real uid + to user's before revoking. + (pam_sm_open_session): Remember the uid. + +2006-08-06 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_umask/pam_umask.c (setup_limits_from_gecos): + Add error handling. + * modules/pam_umask/pam_umask.8.xml: Document silent option. + + * xtests/Makefile.am: Fix includes for bootstrapping. + Reported by Greg Schafer <gschafer@zip.com.au>. + +2006-08-05 Thorsten Kukuk <kukuk@thkukuk.de> + + * release version 0.99.6.0 + + * modules/pam_limits/pam_limits.c (pam_sm_open_session): Use + pam_modutil_getpwnam instead of getpwnam. + + * modules/pam_succeed_if/pam_succeed_if.c (evaluate): Cast + svc variable to char pointer for snprintf. + + * configure.in: Generate xtests/Makefile. + * Makefile.am (SUBDIRS): Add xtests. + * README: Document make check and make xtests. + * xtests/Makefile.am: New. + * xtests/tst-pam_dispatch1.pamd: New. + * xtests/tst-pam_dispatch2.pamd: New. + * xtests/tst-pam_dispatch3.pamd: New. + * xtests/tst-pam_dispatch1.c: New. + * xtests/tst-pam_dispatch2.c: New. + * xtests/tst-pam_dispatch3.c: New. + +2006-08-04 Ray Strode <rstrode@redhat.com> + + * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): + Return PAM_USER_UNKNOWN instead of PAM_SERVICE_ERR where appropriate. + +2006-08-03 David Howells <dhowells@redhat.com> + + * modules/pam_keyinit/pam_keyinit.c: Debug should be off by default. + (init_keyrings): Properly handle multiple invocations of the module. + (kill_keyrings, pam_sm_open_session, pam_sm_close_session): Likewise. + +2006-08-03 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_succeed_if/pam_succeed_if.c (evaluate_inlist): + New function for list matching. + (evaluate_notinlist): Likewise. + (evaluate): Add service value match, list matching. + * modules/pam_succeed_if/pam_succeed_if.8.xml: Document the + features. + + * modules/pam_selinux/pam_selinux.c (security_label_tty): Don't log + relabelling error when the tty device doesn't exist (ENOENT). + +2006-08-01 Thorsten Kukuk <kukuk@thkukuk.de> + + * doc/man/pam_fail_delay.3.xml: Fix some Bugs and enhance + rationale about when this function should be used and when not. + + * doc/index.html: Cleanup to look prettier. + +2006-08-01 Thorsten Kukuk <kukuk@thkukuk.de> + + * libpam/Makefile.am: Bump patchlevel of libpam. + * libpam/pam_dispatch.c (_pam_dispatch_aux): If [return=die] + or [return=bad] is used, don't return PAM_IGNORE. Based on + patch by Tomas Mraz <t8m@centrum.cz>, [BRC#196859]. + +2006-07-28 Thorsten Kukuk <kukuk@thkukuk.de> + + * ABOUT-NLS: Upgrade to gettext-0.15. + * config.rpath: Likewise. + * m4/gettext.m4: Upgrade to gettext-0.15. + * m4/inttypes-h.m4: New file, from gettext-0.15. + * m4/inttypes-pri.m4: Upgrade to gettext-0.15. + * m4/lib-link.m4: Upgrade to gettext-0.15. + * m4/lib-prefix.m4: Upgrade to gettext-0.15. + * m4/lock.m4: New file, from gettext-0.15. + * m4/longdouble.m4: Upgrade to gettext-0.15. + * m4/nls.m4: Upgrade to gettext-0.15. + * m4/po.m4: Upgrade to gettext-0.15. + * m4/size_max.m4: Upgrade to gettext-0.15. + * m4/visibility.m4: New file, from gettext-0.15. + * po/Makefile.in.in: Upgrade to gettext-0.15. + +2006-07-24 David Quigley <dpquigl@tycho.nsa.gov> + + * modules/pam_namespace/Makefile.am: Add pam_namespace.h. + * modules/pam_namespace/pam_namespace.c: Move includes and + data structure definitions from here ... + * modules/pam_namespace/pam_namespace.h: ... here. New file. + + * modules/pam_namespace/pam_namespace.c: Move large sections + of code into new functions. + +2006-07-24 Thorsten Kukuk <kukuk@thkukuk.de> + + * doc/adg/Makefile.am: Add uninstall and distclean rules. + * doc/mwg/Makefile.am: Likewise. + * doc/sag/Makefile.am: Likewise. + +2006-07-08 Daniel Richard G. <skunk@iskunk.org> + + * conf/pam_conv1/Makefile.am: Fix rules for lex and yacc files. + * conf/pam_conv1/pam_conv.lex: Rename to ... + * conf/pam_conv1/pam_conv_l.l: ... this. + * conf/pam_conv1/pam_conv.y: Rename to ... + * conf/pam_conv1/pam_conv_y.y: ... this. + * configure.in: Add AC_HELP_STRING()s to various AC_ARG_ENABLE() + calls. + * doc/Makefile.am: Fix rule to install index.html. + * doc/adg/Makefile.am: Fix test usage. + * doc/mwg/Makefile.am: Likewise. + * doc/sag/Makefile.am: Likewise. + * doc/specs/Makefile.am: Fix rules for lex and yacc files. + * specs/parse.lex: Rename to ... + * doc/specs/parse_l.l: ... this. + * doc/specs/parse.y: Rename to ... + * doc/specs/parse_y.y: ... this. + * libpam/pam_account.c: Fix #if vs. #ifdef. + * libpam/pam_audit.c: Likewise. + * libpam/pam_auth.c: Likewise. + * libpam/pam_password.c: Likewise. + * libpam/pam_private.h: Likewise. + * libpam/pam_session.c: Likewise. + * libpam/pam_start.c: Likewise. + * libpam/pam_static.c: Fix "empty sourcefile" warning. + * modules/pam_limits/pam_limits.c: Check for __linux, too. + * modules/pam_userdb/Makefile.am: Don't run test if no + libdb available. + * tests/tst-dlopen.c: Include config.h. + +2006-07-03 Dan Yefimov + + * configure.in: Fixed have_key_syscalls test. + + * modules/pam_access/pam_access.c (from_match): Fixed IPv4 network + match, removed AI_ADDRCONFIG flag. + +2006-06-30 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_namespace/Makefile.am(EXTRA_DIST): Add namespace.init. + +2006-06-29 Thorsten Kukuk <kukuk@thkukuk.de> + + * doc/Makefile.am (releasedocs): Fix directory layout. + * doc/adg/Makefile.am: Likewise. + * doc/mwg/Makefile.am: Likewise. + * doc/sag/Makefile.am: Likewise. + +2006-06-28 Thorsten Kukuk <kukuk@thkukuk.de> + + * doc/sag: System Administrator Guide as XML source. + * doc/sag/Makefile.am: New. + * doc/sag/Linux-PAM_SAG.xml: New, main XML document. + * doc/sag/pam_*.xml: New, wrapper to include module documentation. + + * doc/adg: Application Developers Guide as XML source. + * doc/adg/Makefile.am: New. + * doc/adg/Linux-PAM_ADG.xml: New, main XML document. + * doc/adg/pam_*.xml: New, wrappers to include manual pages. + + * doc/mwg: Application Developers Guide as XML source. + * doc/mwg/Makefile.am: New. + * doc/mwg/Linux-PAM_MWG.xml: New, main XML document. + * doc/mwg/pam_*.xml: New, wrappers to include manual pages. + + * doc/CREDITS: Removed. + * doc/NOTES: Removed. + * doc/pam_appl.sgml: Removed. + * doc/pam_modules.sgml: Removed. + * doc/pam_source.sgml: Removed. + * doc/figs/pam_orient.txt: Removed. + * doc/figs: Removed. + + * configure.in: Remove checks for sgml2* progrs, add sag, adg + and mwg Makefiles. + + * doc/Makefile.am: Remove references to sgml, add sag, adg and mwg + directories. + * doc/modules: Remove directory. + * doc/html: Remove directory. + * doc/ps: Remove directory. + * doc/pdf: Remove directory. + * doc/txts: Remove directory. + * doc/index.html: Moved from html directory to here. + +2006-06-28 Thorsten Kukuk <kukuk@thkukuk.de> + + * release version 0.99.5.0 + + * bump version number to 0.99.5.0 + + * modules/pam_rhosts/pam_rhosts.c: New module, replaces + pam_rhosts_auth.so. + * modules/pam_rhosts/pam_rhosts.8.xml: New. + * modules/pam_rhosts/pam_rhosts.8: New, generated from XML source. + * modules/pam_rhosts/tst-pam_rhosts: New. + * modules/pam_rhosts/Makefile.am: Add pam_rhosts, generate + manual page and README. + * modules/pam_rhosts/README.xml: New. + * modules/pam_rhosts/reADME: Regenerated from XML source. + + * doc/man/pam_sm_acct_mgmt.3.xml: Adjust syntax for module + writers guide. + * doc/man/pam_sm_authenticate.3.xml: Likewise. + * doc/man/pam_sm_chauthtok.3.xml: Likewise. + * doc/man/pam_sm_close_session.3.xml: Likewise. + * doc/man/pam_sm_open_session.3.xml: Likewise. + * doc/man/pam_sm_setcred.3.xml: Likewise. + + * po/POTFILES.in: Add new source files. + + * libpam/pam_static_modules.h: Add new modules. + + * modules/pam_keyinit.c: Add _pam_keyinit_modstruct. + + * modules/pam_keyinit/Makefile.am (EXTRA_DIST): Add XML + files and manual page. + +2006-06-27 Thorsten Kukuk <kukuk@thkukuk.de> + + * configure.in: Allow disabling of SELinux support, check for + rootok_af. + +2006-06-27 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_namespace/pam_namespace.c: New module + originally written by Janak Desai. + * modules/pam_namespace/Makefile.am: New. + * modules/pam_namespace/README: New. + * modules/pam_namespace/md5.c: New. + * modules/pam_namespace/md5.h: New. + * modules/pam_namespace/namespace.conf: New. + * modules/pam_namespace/namespace.conf.5: New. + * modules/pam_namespace/namespace.conf.5.xml: New. + * modules/pam_namespace/namespace.init: New. + * modules/pam_namespace/pam_namespace.8: New. + * modules/pam_namespace/pam_namespace.8.xml: New. + * modules/pam_namespace/tst-pam_namespace: New. + * modules/Makefile.am: Added pam_namespace. + * configure.in: Added pam_namespace, test for unshare + library call. + +2006-06-27 David Howells <dhowells@redhat.com> + + * modules/pam_keyinit/pam_keyinit.c: New module. + * modules/pam_keyinit/pam_keyinit.8: New. + * modules/pam_keyinit/pam_keyinit.8.xml: New. + * modules/pam_keyinit/README: New. + * modules/pam_keyinit/README.xml: New. + * modules/pam_keyinit/Makefile.am: New. + * modules/pam_keyinit/tst-pam_keyinit: New. + * modules/Makefile.am: Added pam_keyinit. + * configure.in: Added test for the key mgmt syscall. + +2006-06-27 Thorsten Kukuk <kukuk@thkukuk.de> + + * m4/libprelude.m4: Sync with upstream. + +2006-06-27 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): + signal() fails with SIG_ERR return + * modules/pam_unix/pam_unix_passwd.c(_unix_run_shadow_binary): + Likewise. + * modules/pam_unix/support.c(_unix_run_helper_binary): + Likewise. + +2006-06-25 Thorsten Kukuk <kukuk@thkukuk.de> + + * doc/man/misc_conv.3.xml: New. + * doc/man/misc_conv.3: New. + * doc/man/pam_misc_paste_env.3.xml: New. + * doc/man/pam_misc_paste_env.3: New. + * doc/man/pam_misc_drop_env.3.xml: New. + * doc/man/pam_misc_drop_env.3: New. + * doc/man/pam_misc_setenv.3.xml: New. + * doc/man/pam_misc_setenv.3: New. + * doc/man/Makefile.am: Add new manual pages. + + * doc/man/pam_acct_mgmt.3.xml: Fix syntax for inclusion + in Applicatoin Developer Guide. + * doc/man/pam_authenticate.3.xml: Likewise + * doc/man/pam_chauthtok.3.xml: Likewise + * doc/man/pam_close_session.3.xml: Likewise + * doc/man/pam_conv.3.xml: Likewise + * doc/man/pam_end.3.xml: Likewise + * doc/man/pam_fail_delay.3.xml: Likewise + * doc/man/pam_getenv.3.xml: Likewise + * doc/man/pam_getenvlist.3.xml: Likewise + * doc/man/pam_open_session.3.xml: Likewise + * doc/man/pam_putenv.3.xml: Likewise + * doc/man/pam_setcred.3.xml: Likewise + * doc/man/pam_start.3.xml: Likewise + * doc/man/pam_strerror.3.xml: Likewise + + * doc/man/pam_acct_mgmt.3: Regenerate from XML source. + * doc/man/pam_authenticate.3: Likewise + * doc/man/pam_chauthtok.3: Likewise + * doc/man/pam_close_session.3: Likewise + * doc/man/pam_conv.3: Likewise + * doc/man/pam_end.3: Likewise + * doc/man/pam_fail_delay.3: Likewise + * doc/man/pam_getenv.3: Likewise + * doc/man/pam_getenvlist.3: Likewise + * doc/man/pam_open_session.3: Likewise + * doc/man/pam_putenv.3: Likewise + * doc/man/pam_setcred.3: Likewise + * doc/man/pam_sm_close_session.3: Likewise + * doc/man/pam_start.3: Likewise + * doc/man/pam_strerror.3: Likewise + * doc/man/pam_syslog.3: Likewise + * doc/man/PAM.8: Likewise + +2006-06-24 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_limits/pam_limits.c (setup_limits): Don't + reset priority for root. + +2006-06-23 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_access/access.conf.5.xml: Fix syntax for SAG. + * modules/pam_access/pam_access.8.xml: Likewise. + * modules/pam_deny/pam_deny.8.xml: Likewise. + * modules/pam_echo/pam_echo.8.xml: Likewise. + * modules/pam_env/pam_env.8.xml: Likewise. + * modules/pam_env/pam_env.conf.5.xml: Likewise. + * modules/pam_group/group.conf.5.xml: Likewise. + * modules/pam_group/pam_group.8.xml: Likewise. + * modules/pam_limits/limits.conf.5.xml: Likewise. + * modules/pam_listfile/pam_listfile.8.xml: Likewise. + * modules/pam_succeed_if/pam_succeed_if.8.xml: Likewise. + * modules/pam_time/pam_time.8.xml: Likewise. + * modules/pam_time/time.conf.5.xml: Likewise. + + * modules/pam_access/access.conf.5: Regenerate. + * modules/pam_access/pam_access.8: Likewise. + * modules/pam_deny/pam_deny.8: Likewise. + * modules/pam_echo/README: Likewise. + * modules/pam_echo/pam_echo.8: Likewise. + * modules/pam_env/pam_env.8: Likewise. + * modules/pam_env/pam_env.conf.5: Likewise. + * modules/pam_group/README: Likewise. + * modules/pam_group/group.conf.5: Likewise. + * modules/pam_group/pam_group.8: Likewise. + * modules/pam_limits/limits.conf.5: Likewise. + * modules/pam_listfile/README: Likewise. + * modules/pam_listfile/pam_listfile.8: Likewise. + * modules/pam_succeed_if/pam_succeed_if.8: Likewise. + * modules/pam_time/pam_time.8: Likewise. + * modules/pam_time/time.conf.5: Likewise. + + * doc/man/Makefile.am: Add pam.conf-desc.xml, pam.conf-dir.xml + and pam.conf-syntax.xml. + * doc/man/pam.conf.5.xml: Split into different pieces for SAG. + * doc/man/pam.conf.5: Regenerated. + * doc/man/pam.conf-desc.xml: New. + * doc/man/pam.conf-dir.xml: New. + * doc/man/pam.conf-syntax.xml: New. + +2006-06-21 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_selinux/Makefile.am: Fix "make dist" if libselinux + is not installed. + + * modules/pam_issue/pam_issue.8.xml: Fix listing of escapes. + * modules/pam_issue/pam_issue.8: Regenerate. + +2006-06-20 Thorsten Kukuk <kukuk@thkukuk.de> + + * configure.in: Remove unused check for libcap. + + * m4/ld-as-needed.m4: New. + * m4/ld-O1.m4: New. + * configure.in: Call PAM_LD_AS_NEEDED and PAM_LD_O1, + require docbook version 4.4. + +2006-06-19 Thorsten Kukuk <kukuk@thkukuk.de> + + * doc/man/pam.8.xml: Syntax cleanup. + * doc/pam/PAM.8: Regenerated from xml source. + * man/pam_sm_chauthtok.3: New. + * man/pam_sm_chauthtok.3.xml: New. + * man/pam_sm_close_session.3: New. + * man/pam_sm_close_session.3.xml: New. + * man/pam_sm_open_session.3: New. + * man/pam_sm_open_session.3.xml: New. + * man/pam_sm_authenticate.3: New. + * man/pam_sm_authenticate.3.xml: New. + * man/pam_sm_setcred.3: New. + * man/pam_sm_setcred.3.xml: New. + * man/Makefile.am: Add new pam_sm_* manual pages. + + * specs/Makefile.am: Fix rule to generate draft. + +2006-06-18 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_tally/Makefile.am: Include Make.xml.rules. + * modules/pam_tally/pam_tally.8.xml: New. + * modules/pam_tally/pam_tally.8: New, generated from xml file. + * modules/pam_tally/README.xml: New. + * modules/pam_tally/README: Regenerated from xml file. + + * modules/pam_selinux/Makefile.am: Include Make.xml.rules. + * modules/pam_selinux/pam_selinux.8.xml: New. + * modules/pam_selinux/pam_selinux.8: Regenerated from xml file. + * modules/pam_selinux/README.xml: New. + * modules/pam_selinux/README: Regenerated from xml file. + +2006-06-17 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_debug/Makefile.am: Include Make.xml.rules. + * modules/pam_debug/pam_debug.8.xml: New. + * modules/pam_debug/pam_debug.8: New, generated from xml file. + * modules/pam_debug/README.xml: New. + * modules/pam_debug/README: Regenerated from xml file. + + * examples/vpass.c: UID is unsigned on Linux. + * modules/pam_exec/pam_exec.c: Likewise. + * modules/pam_unix/pam_unix_acct.c: Likewise. + * modules/pam_unix/pam_unix_sess.c: Likewise. + + * modules/pam_succeed_if/pam_succeed_if.8.xml: Fix syntax error. + * modules/pam_succeed_if/pam_succeed_if.8: Regenerated. + * modules/pam_succeed_if/README: Regenerated. + + * modules/pam_limits/Makefile.am: Include Make.xml.rules. + * modules/pam_limits/limits.conf.5: New, generated from xml file. + * modules/pam_limits/limits.conf.5.xml: New. + * modules/pam_limits/pam_limits.8: New, generated from xml file. + * modules/pam_limits/pam_limits.8.xml: New. + * modules/pam_limits/README.xml: New. + * modules/pam_limits/README: Regenerated from README.xml. + +2006-06-16 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_unix/pam_unix_passwd.c (save_old_password): UIDs + are unsigned on Linux, don't truncate them. + (_do_setpass): err is of type clnt_stat, not int. + + * modules/pam_lastlog/pam_lastlog.c (last_login_read): Don't + truncate UID for syslog output. + + * modules/pam_time/pam_time.c: Replace type boolean with int. + * modules/pam_group/pam_group.c: Likewise. + +2006-06-15 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_unix/bigcrypt.h: New. + * modules/pam_unix/Makefile.am: Add bigcrypt.h. + * modules/pam_unix/bigcrypt.c: Include bigcrypt.h. + * modules/pam_unix/support.c: Include bigcrypt.h, remove + own prototype. + * modules/pam_unix/bigcrypt_main.c: Include bigcrypt.h, remove + own prototype. + * modules/pam_unix/pam_unix_passwd.c: Include bigcrypt.h, remove + own prototype. + + * modules/pam_time/pam_time.c (logic_member): Remove unused + variable len. + + * modules/pam_group/pam_group.c (logic_field): Accept + colon in tty name. [#1428276]. + (logic_member): Remove unused variable len. + (check_account): Fix usage of err variable in debug code. + + * modules/pam_time/pam_time.c (logic_field): Likewise. + + * configure.in: Add special exceptions for icc: different + compiler warnings, no PIE support. + +2006-06-14 Thorsten Kukuk <kukuk@thkukuk.de> + + * libpam/pam_misc.c (_pam_strdup): Use strlen and strcpy. + + * configure.in: Remove --enable-memory-debug, add option + to disable prelude if installed. + + * modules/pam_tally/pam_tally.c: Remove MEMORY_DEBUG + * modules/pam_filter/upperLOWER/upperLOWER.c: Likewise. + * modules/pam_unix/unix_chkpwd.c: Likewise. + * libpam/include/security/_pam_types.h: Likewise. + * libpam/libpam.map: Remove LIBPAM_MALLOC_DEBUG export. + * libpam/pam_malloc.c: Remove file. + * libpam/Makefile.am: Remove pam_malloc.c and pam_malloc.h. + + * libpam/pam_handlers.c (extract_modulename): Use _pam_strdup + instead of strdup. + + * libpam/pam_private.h: Remove _pam_strCMP. + * libpam/pam_misc.c: Likewise. + * libpam/pam_handlers.c: Replaced _pam_strCMP with strcasecmp. + +2006-06-12 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_tally/Makefile.am (AM_LDFLAGS): Remove flags + for modules from main application. + +2006-06-09 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_time/Makefile.am: Include Make.xml.rules. + * modules/pam_time/time.conf.5: New, generated from xml file. + * modules/pam_time/time.conf.5.xml: New. + * modules/pam_time/pam_time.8: New, generated from xml file. + * modules/pam_time/pam_time.8.xml: New. + * modules/pam_time/README.xml: New. + * modules/pam_time/README: Regenerated from README.xml. + + * modules/pam_wheel/Makefile.am: Include Make.xml.rules. + * modules/pam_wheel/pam_wheel.8.xml: New. + * modules/pam_wheel/pam_wheel.8: New, generated from xml file. + * modules/pam_wheel/README.xml: New. + * modules/pam_wheel/README: Regenerated from xml file. + + * modules/pam_xauth/Makefile.am: Include Make.xml.rules. + * modules/pam_xauth/pam_xauth.8.xml: New. + * modules/pam_xauth/pam_xauth.8: Regenerated from xml file. + * modules/pam_xauth/README.xml: New. + * modules/pam_xauth/README: Regenerated from xml file. + + * modules/pam_deny/pam_deny.8.xml: Fix syntax errors. + * modules/pam_deny/pam_deny.8: Regenerate from xml file. + * modules/pam_deny/README: Likewise. + + * modules/pam_warn/Makefile.am: Include Make.xml.rules. + * modules/pam_warn/pam_warn.8.xml: New. + * modules/pam_warn/pam_warn.8: New, generated from xml file. + * modules/pam_warn/README.xml: New. + * modules/pam_warn/README: Regenerated from xml file. + + * modules/pam_userdb/Makefile.am: Include Make.xml.rules. + * modules/pam_userdb/pam_userdb.8.xml: New. + * modules/pam_userdb/pam_userdb.8: New, generated from xml file. + * modules/pam_userdb/README.xml: New. + * modules/pam_userdb/README: Regenerated from xml file. + +2006-06-06 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_shells/Makefile.am: Include Make.xml.rules. + * modules/pam_shells/pam_shells.8.xml: New. + * modules/pam_shells/pam_shells.8: New, generated from xml file. + * modules/pam_shells/README.xml: New. + * modules/pam_shells/README: Regenerated from xml file. + + * libpam/include/security/pam_malloc.h: Add missing license + informations. + + * libpam/include/security/pam_ext.h: Add brackets for C++. + * libpam/include/security/pam_modutil.h: Likewise. + + * libpam/include/security/pam_modules.h: Document where to + find the copyright/license informations. + + * libpam/include/security/pam_appl.h: Move _pam_compat.h + include inside of brackets. + +2006-06-04 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_securetty/Makefile.am: Include Make.xml.rules. + * modules/pam_securetty/pam_securetty.8.xml: New. + * modules/pam_securetty/pam_securetty.8: Regenerated from xml file. + * modules/pam_securetty/README.xml: New. + * modules/pam_securetty/README: Regenerated from xml file. + + * modules/pam_rootok/Makefile.am: Include Make.xml.rules. + * modules/pam_rootok/pam_rootok.8.xml: New. + * modules/pam_rootok/pam_rootok.8: New, generated from xml file. + * modules/pam_rootok/README.xml: New. + * modules/pam_rootok/README: Regenerated from xml file. + + * modules/pam_permit/Makefile.am: Include Make.xml.rules. + * modules/pam_permit/pam_permit.8.xml: New. + * modules/pam_permit/pam_permit.8: New, generated from xml file. + * modules/pam_permit/README.xml: New. + * modules/pam_permit/README: Regenerated from xml file. + + * modules/pam_nologin/Makefile.am: Include Make.xml.rules. + * modules/pam_nologin/pam_nologin.8.xml: New. + * modules/pam_nologin/pam_nologin.8: Regenerated from xml file. + * modules/pam_nologin/README.xml: New. + * modules/pam_nologin/README: Regenerated from xml file. + +2006-06-03 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_motd/Makefile.am: Include Make.xml.rules. + * modules/pam_motd/pam_motd.8.xml: New. + * modules/pam_motd/pam_motd.8: New, generated from xml file. + * modules/pam_motd/README.xml: New. + * modules/pam_motd/README: New, generated from xml file. + +2006-06-02 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_mail/Makefile.am: Include Make.xml.rules. + * modules/pam_mail/pam_mail.8.xml: New. + * modules/pam_mail/pam_mail.8: New, generated from xml file. + * modules/pam_mail/README.xml: New. + * modules/pam_mail/README: Regenerated from xml file. + + * modules/pam_localuser/Makefile.am: Include Make.xml.rules. + * modules/pam_localuser/pam_localuser.8.xml: New. + * modules/pam_localuser/pam_localuser.8: New, generated from xml file. + * modules/pam_localuser/README.xml: New. + * modules/pam_localuser/README: Regenerated from xml file. + + * doc/man/PAM.8: Regenerate with DocBook XSL Stylesheets v1.70.1. + * doc/man/pam.3: Likewise. + * doc/man/pam.conf.5: Likewise. + * doc/man/pam_acct_mgmt.3: Likewise. + * doc/man/pam_authenticate.3: Likewise. + * doc/man/pam_chauthtok.3: Likewise. + * doc/man/pam_close_session.3: Likewise. + * doc/man/pam_conv.3: Likewise. + * doc/man/pam_end.3: Likewise. + * doc/man/pam_error.3: Likewise. + * doc/man/pam_fail_delay.3: Likewise. + * doc/man/pam_get_data.3: Likewise. + * doc/man/pam_get_item.3: Likewise. + * doc/man/pam_get_user.3: Likewise. + * doc/man/pam_getenv.3: Likewise. + * doc/man/pam_getenvlist.3: Likewise. + * doc/man/pam_info.3: Likewise. + * doc/man/pam_open_session.3: Likewise. + * doc/man/pam_prompt.3: Likewise. + * doc/man/pam_putenv.3: Likewise. + * doc/man/pam_set_data.3: Likewise. + * doc/man/pam_set_item.3: Likewise. + * doc/man/pam_setcred.3: Likewise. + * doc/man/pam_sm_acct_mgmt.3: Likewise. + * doc/man/pam_start.3: Likewise. + * doc/man/pam_strerror.3: Likewise. + * doc/man/pam_syslog.3: Likewise. + * modules/pam_access/access.conf.5: Likewise. + * modules/pam_access/pam_access.8: Likewise. + * modules/pam_cracklib/pam_cracklib.8: Likewise. + * modules/pam_deny/pam_deny.8: Likewise. + * modules/pam_echo/pam_echo.8: Likewise. + * modules/pam_env/pam_env.8: Likewise. + * modules/pam_env/pam_env.conf.5: Likewise. + * modules/pam_exec/pam_exec.8: Likewise. + * modules/pam_filter/pam_filter.8: Likewise. + * modules/pam_ftp/pam_ftp.8: Likewise. + * modules/pam_group/group.conf.5: Likewise. + * modules/pam_group/pam_group.8: Likewise. + * modules/pam_issue/pam_issue.8: Likewise. + * modules/pam_lastlog/pam_lastlog.8: Likewise. + * modules/pam_mkhomedir/pam_mkhomedir.8: Likewise. + * modules/pam_succeed_if/pam_succeed_if.8: Likewise. + * modules/pam_umask/pam_umask.8: Likewise. + + * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Use + dngettext if available [#1427738]. + * configure.in: Check for dngettext [#1427738]. + * po/*.po: Update to dngettext usage. + + * modules/pam_listfile/Makefile.am: Include Make.xml.rules. + * modules/pam_listfile/pam_listfile.8.xml: New. + * modules/pam_listfile/pam_listfile.8: New, generated from xml file. + * modules/pam_listfile/README.xml: New. + * modules/pam_listfile/README: Regenerated from xml file. + +2006-06-01 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_lastlog/Makefile.am: Include Make.xml.rules. + * modules/pam_lastlog/pam_lastlog.8.xml: New. + * modules/pam_lastlog/pam_lastlog.8: New, generated from xml file. + * modules/pam_lastlog/README.xml: New. + * modules/pam_lastlog/README: Regenerated from xml file. + + * modules/pam_group/Makefile.am: Include Make.xml.rules. + * modules/pam_group/group.conf.5.xml: New. + * modules/pam_group/group.conf.5: New, generated from xml file. + * modules/pam_group/pam_group.8.xml: New. + * modules/pam_group/pam_group.8: New, generated from xml file. + * modules/pam_group/README.xml: New. + * modules/pam_group/README: Regenerated from xml file. + + * modules/pam_ftp/Makefile.am: Include Make.xml.rules. + * modules/pam_ftp/pam_ftp.8.xml: New. + * modules/pam_ftp/pam_ftp.8: New, generated from xml file. + * modules/pam_ftp/README.xml: New. + * modules/pam_ftp/README: Regenerated from xml file. + + * modules/pam_issue/Makefile.am: Include Make.xml.rules. + * modules/pam_issue/pam_issue.8.xml: New. + * modules/pam_issue/pam_issue.8: New, generated from xml file. + * modules/pam_issue/README.xml: New. + * modules/pam_issue/README: Regenerated from xml file. + + * modules/pam_filter/Makefile.am: Include Make.xml.rules. + * modules/pam_filter/pam_filter.8.xml: New. + * modules/pam_filter/pam_filter.8: New, generated from xml file. + * modules/pam_filter/README.xml: New. + * modules/pam_filter/README: Regenerated from xml file. + +2006-05-30 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_mkhomedir/pam_mkhomedir.8.xml: Fix umask and skel + directory documentation. + + * modules/pam_umask/Makefile.am: Include Make.xml.rules. + * modules/pam_umask/pam_umask.8.xml: New. + * modules/pam_umask/pam_umask.8: New, generated from xml file. + * modules/pam_umask/README.xml: New. + * modules/pam_umask/README: Regenerated from xml file. + +2006-05-29 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_mkhomedir/Makefile.am: Include Make.xml.rules. + * modules/pam_mkhomedir/pam_mkhomedir.8.xml: New. + * modules/pam_mkhomedir/pam_mkhomedir.8: New, generated from xml file. + * modules/pam_mkhomedir/README.xml: New. + * modules/pam_mkhomedir/README: Regenerated from xml file. + +2006-05-23 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_echo/pam_echo.c (pam_echo): Use pam_modutil_read() + instead of read(). + +2006-05-22 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): + Fix memory leaks, [#1490956] found by Coverity. + + * modules/pam_tally/pam_tally.c (pam_get_uid): Check return + value of pam_get_user(). + (tally_get_data): Check if oldtime is not NULL. + [#1489818] found by Coverity. + + * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Don't + ignore return value of stat(). [#1489808] found by Coverity. + + * modules/pam_mail/pam_mail.c (get_folder): Fix a potential + NULL pointer dereference. [#1489792] found by Coverity. + + * libpam/Makefile.am: bump release number of libpam.so. + * libpam/pam_misc.c (_pam_mkargv): Fix memory leak, + [#1489804] found by Coverity. + + * modules/pam_echo/pam_echo.c (replace_and_print): Initialize + str, [#1489658] found by Coverity. + + * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Fix + a potential NULL pointer dereference. + (pam_sm_chauthtok): Remove dead code. + [#1489634] found by Coverity. + +2006-05-04 Thorsten Kukuk <kukuk@thkukuk.de> + + * configure.in: Check for fseeko. + * modules/pam_tally/pam_tally.c: Use fseeko if available + (Based on patch by IBM). + +2006-05-04 Thorsten Kukuk <kukuk@thkukuk.de> + + * release version 0.99.4.0 + + * libpam/pam_strerror.c: Unify error messages. + + * po/zh_TW.po: Adjust for last pam_strerror changes. + * po/zh_CN.po: Likewise. + * po/uk.po: Likewise. + * po/tr.po: Likewise. + * po/pt.po: Likewise. + * po/pt_BR.po: Likewise. + * po/pl.po: Likewise. + * po/ja.po: Likewise. + * po/nl.po: Likewise. + * po/nb.po: Likewise. + * po/it.po: Likewise. + * po/hu.po: Likewise. + * po/fr.po: Likewise. + * po/fi.po: Likewise. + * po/es.po: Likewise. + * po/de.po: Likewise. + * po/cs.po: Likewise. + + * doc/man/pam.3.xml: New. + * doc/man/pam.3. New, generated from XML file. + + * doc/man/pam_sm_acct_mgmt.3.xml: New. + * doc/man/pam_sm_acct_mgmt.3: New, generated from XML file. + + * doc/man/*.xml: Fix encoding and use always UTF-8, regenerate + all manual pages. + + * doc/pam_modules.sgml (PAM_NEW_AUTHTOKEN_REQD): Fix typo. + +2006-05-02 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Use + different strings for plural or not [#1427738] + + * po/*.po: Adjust for pam_unix.so translation fix. + + * modules/pam_tally/pam_tally.c: Always close file handle + in error case, don't close it depending on *TALLY value [#1478180] + +2006-04-21 Thorsten Kukuk <kukuk@thkukuk.de> + + * po/fr.po: Updated. + +2006-04-11 Thorsten Kukuk <kukuk@thkukuk.de> + + * po/km.po: Updated. + +2006-03-27 Thorsten Kukuk <kukuk@thkukuk.de> + + * po/LINGUAS: Add uk. + + * po/uk.po: New. + * po/cs.po: Updated. + * po/po/es.po: Updated. + * po/fi.po: Updated. + * po/fr.po: Updated. + * po/hu.po: Updated. + * po/it.po: Updated. + * po/ja.po: Updated. + * po/nb.po: Updated. + * po/pl.po: Updated. + * po/pt.po: Updated. + * po/pt_BR.po: Updated. + * po/zh_CN.po: Updated. + * po/zh_TW.po: Updated. + +2006-03-21 Thorsten Kukuk <kukuk@thkukuk.de> + + * configure.in: Remove ALL_LINGUAS. + * po/LINGUAS: New. + * po/tr.po: New (from Ismail Donmez <ismail@pardus.org.tr>). + +2006-03-13 Thorsten Kukuk <kukuk@thkukuk.de> + + * doc/man/pam_error.3.xml: New. + * doc/man/pam_error.3: New, generated from XML file. + * doc/man/pam_verror.3: New, generated from XML file. + * doc/man/Makefile.am: Add pam_error.3 and pam_verror.3. + + * modules/pam_lastlog/Makefile.am: Fix typo. + + * modules/pam_lastlog/pam_lastlog.c: Move comment for + translators in right line. + * po/*.po: Update po files with comment for translator. + +2006-03-12 Thorsten Kukuk <kukuk@thkukuk.de> + + * doc/man/Makefile.am: Add new manual pages. + + * doc/man/pam.conf.5.xml: Replace link with content + of PAM admin guide. + * doc/man/pam.conf.5: Regenerated from XML file. + + * doc/man/pam_info.3.xml: New. + * doc/man/pam_info.3: New, generated from XML file. + * doc/man/pam_vinfo.3: New, generated from XML file. + + * doc/man/pam_conv.3.xml: New. + * doc/man/pam_conv.3: New, generated from XML file. + + * doc/man/pam_putenv.3.xml: New. + * doc/man/pam_putenv.3: New, generated from XML file. + + * doc/man/pam_getenv.3.xml: New. + * doc/man/pam_getenv.3: New, generated from XML file. + + * doc/man/pam_getenvlist.3.xml: New. + * doc/man/pam_getenvlist.3: New, generated from XML file. + + * libpam/pam_item.c (pam_get_user): Check for valid pamh before + using it. + + * configure.in: create tests/Makefile + * Makefile.am (SUBDIRS): Add tests + * tests/Makefile.am: New. + * tests/tst-dlopen.c: New. + * tests/tst-pam_acct_mgmt.c: New. + * tests/tst-pam_authenticate.c: New. + * tests/tst-pam_chauthtok.c: New. + * tests/tst-pam_close_session.c: New. + * tests/tst-pam_end.c: New. + * tests/tst-pam_fail_delay.c: New. + * tests/tst-pam_getenvlist.c: New. + * tests/tst-pam_get_item.c: New. + * tests/tst-pam_open_session.c: New. + * tests/tst-pam_setcred.c: New. + * tests/tst-pam_set_item.c: New. + * tests/tst-pam_start.c: New. + * tests/tst-pam_get_user.c: New. + + * modules/pam_access/Makefile.am: Add rules for make check + * modules/pam_access/tst-pam_access: New + * modules/pam_cracklib/Makefile.am: Add rules for make check + * modules/pam_cracklib/tst-pam_cracklib: New + * modules/pam_debug/Makefile.am: Add rules for make check + * modules/pam_debug/tst-pam_debug: New + * modules/pam_deny/Makefile.am: Add rules for make check + * modules/pam_deny/tst-pam_deny: New + * modules/pam_echo/Makefile.am: Add rules for make check + * modules/pam_echo/tst-pam_echo: New + * modules/pam_env/Makefile.am: Add rules for make check + * modules/pam_env/tst-pam_env: New + * modules/pam_exec/Makefile.am: Add rules for make check + * modules/pam_exec/tst-pam_exec: New + * modules/pam_filter/Makefile.am: Add rules for make check + * modules/pam_filter/tst-pam_filter: New + * modules/pam_ftp/Makefile.am: Add rules for make check + * modules/pam_ftp/tst-pam_ftp: New + * modules/pam_group/Makefile.am: Add rules for make check + * modules/pam_group/tst-pam_group: New + * modules/pam_issue/Makefile.am: Add rules for make check + * modules/pam_issue/tst-pam_issue: New + * modules/pam_lastlog/Makefile.am: Add rules for make check + * modules/pam_lastlog/tst-pam_lastlog: New + * modules/pam_limits/Makefile.am: Add rules for make check + * modules/pam_limits/tst-pam_limits: New + * modules/pam_listfile/Makefile.am: Add rules for make check + * modules/pam_listfile/tst-pam_listfile: New + * modules/pam_localuser/Makefile.am: Add rules for make check + * modules/pam_localuser/tst-pam_localuser: New + * modules/pam_mail/Makefile.am: Add rules for make check + * modules/pam_mail/tst-pam_mail: New + * modules/pam_mkhomedir/Makefile.am: Add rules for make check + * modules/pam_mkhomedir/tst-pam_mkhomedir: New + * modules/pam_motd/Makefile.am: Add rules for make check + * modules/pam_motd/tst-pam_motd: New + * modules/pam_nologin/Makefile.am: Add rules for make check + * modules/pam_nologin/tst-pam_nologin: New + * modules/pam_permit/Makefile.am: Add rules for make check + * modules/pam_permit/tst-pam_permit: New + * modules/pam_rhosts/Makefile.am: Add rules for make check + * modules/pam_rhosts/tst-pam_rhosts: New + * modules/pam_rootok/Makefile.am: Add rules for make check + * modules/pam_rootok/tst-pam_rootok: New + * modules/pam_securetty/Makefile.am: Add rules for make check + * modules/pam_securetty/tst-pam_securetty: New + * modules/pam_selinux/Makefile.am: Add rules for make check + * modules/pam_selinux/tst-pam_selinux: New + * modules/pam_shells/Makefile.am: Add rules for make check + * modules/pam_shells/tst-pam_shells: New + * modules/pam_stress/Makefile.am: Add rules for make check + * modules/pam_stress/tst-pam_stress: New + * modules/pam_succeed_if/Makefile.am: Add rules for make check + * modules/pam_succeed_if/tst-pam_succeed_if: New + * modules/pam_tally/Makefile.am: Add rules for make check + * modules/pam_tally/tst-pam_tally: New + * modules/pam_time/Makefile.am: Add rules for make check + * modules/pam_time/tst-pam_time: New + * modules/pam_umask/Makefile.am: Add rules for make check + * modules/pam_umask/tst-pam_umask: New + * modules/pam_unix/Makefile.am: Add rules for make check + * modules/pam_unix/tst-pam_unix: New + * modules/pam_userdb/Makefile.am: Add rules for make check + * modules/pam_userdb/tst-pam_userdb: New + * modules/pam_warn/Makefile.am: Add rules for make check + * modules/pam_warn/tst-pam_warn: New + * modules/pam_wheel/Makefile.am: Add rules for make check + * modules/pam_wheel/tst-pam_wheel: New + * modules/pam_xauth/Makefile.am: Add rules for make check + * modules/pam_xauth/tst-pam_xauth: New + +2006-03-11 Thorsten Kukuk <kukuk@thkukuk.de> + + * doc/man/pam_fail_delay.3.xml: New. + * doc/man/pam_fail_delay.3: New, generated from xml. + * doc/man/pam_prompt.3.xml: New. + * doc/man/pam_prompt.3: New, generated from xml. + * doc/man/pam_syslog.3.xml: New. + * doc/man/pam_syslog.3: New, generated from xml. + * doc/man/pam_vprompt.3: New, generated from xml. + * doc/man/pam_vsyslog.3: New, generated from xml. + +2006-02-24 Thorsten Kukuk <kukuk@thkukuk.de> + + * po/km.po: Update Khmer translation. + +2006-02-24 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_succeed_if/pam_succeed_if.8.xml: New, based on + version from #1425487. + * modules/pam_succeed_if/pam_succeed_if.8: Regenerated from xml. + * modules/pam_succeed_if/Makefile.am: Include XML rules. + * modules/pam_succeed_if/README.xml: New. + * modules/pam_succeed_if/README: Regenerated from xml. + * modules/pam_succeed_if/pam_succeed_if.c: Fix comment about + return values. + +2006-02-22 Thorsten Kukuk <kukuk@thkukuk.de> + + * configure.in: Fix check for incomplete libaudit installations + (Patch from Ruediger Oertel <ro@suse.de>). + + * modules/pam_lastlog/pam_lastlog.c (last_login_write): Initialize + correct last_login field [#1427401]. + + * modules/pam_lastlog/pam_lastlog.c (last_login_read): Mark strftime + format string for translation to allow reorder [#1428269]. + * po/*.po: Update with last pam_lastlog change. + + +2006-02-17 Thorsten Kukuk <kukuk@thkukuk.de> + + * doc/man/Makefile.am: Add new manual pages. + * doc/man/pam_end.3: Regenerated from xml file. + * doc/man/pam_end.3.xml: Document freeing of item data. + * doc/man/pam_get_user.3: New. + * doc/man/pam_get_user.3.xml: New. + * modules/pam_access/access.conf.5.xml: Fix typos. + * modules/pam_env/Makefile.am: Add new manual pages. + * modules/pam_env/README: Regenerate from xml file. + * modules/pam_env/README.xml: New. + * modules/pam_env/pam_env.8: New. + * modules/pam_env/pam_env.8.xml: New. + * modules/pam_env/pam_env.conf.5: New. + * modules/pam_env/pam_env.conf.5.xml New. + +2006-02-14 Thorsten Kukuk <kukuk@thkukuk.de> + + * po/fi.po: Updated translations. + * po/pl.po: Likewise. + * po/km.po: New translation. + * configure.in: Add km as new language. + +2006-02-13 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_echo/pam_echo.8.xml: New. + * modules/pam_echo/pam_echo.8: Regenerated from xml file. + * modules/pam_echo/Makefile.am: Include Make.xml.rules. + * modules/pam_echo/pam_echo.c: Fix return value. + + * doc/modules/pam_chroot.sgml: Remove obsolete sgml file. + +2006-02-12 Thorsten Kukuk <kukuk@thkukuk.de> + + * configure.in: Add doc/man/Makefile. + * Make.xml.rules: Enable xincludes for manual pages. + * doc/Makefile.am (EXRA_DIST): Remove manual pages. + (SUBDIR): Add man subdirectory. + * doc/man/Makefile.am: New. + * doc/man/pam_acct_mgmt.3: New. + * doc/man/pam_acct_mgmt.3.xml: New. + * doc/man/pam_get_data.3: New. + * doc/man/pam_get_data.3.xml: New. + * doc/man/pam_set_data.3: New. + * doc/man/pam_set_data.3.xml: New. + * doc/man/pam.8.xml: New. + * doc/man/pam.8: Regenerated from xml file. + * doc/man/pam_authenticate.3.xml: New. + * doc/man/pam_authenticate.3: Regenerated from xml file. + * doc/man/pam_chauthtok.3.xml: New. + * doc/man/pam_chauthtok.3: Regenerated from xml file. + * doc/man/pam_close_session.3.xml: New. + * doc/man/pam_close_session.3: Regenerated from xml file. + * doc/man/pam_end.3.xml: New. + * doc/man/pam_end.3: Regenerated from xml file. + * doc/man/pam_fail_delay.3.xml: New. + * doc/man/pam_fail_delay.3: Regenerated from xml file. + * doc/man/pam_get_item.3.xml: New. + * doc/man/pam_get_item.3: Regenerated from xml file. + * doc/man/pam_item_types.inc.xml: New. + * doc/man/pam_open_session.3.xml: New. + * doc/man/pam_open_session.3: Regenerated from xml file. + * doc/man/pam_set_item.3.xml: New. + * doc/man/pam_set_item.3: Regenerated from xml file. + * doc/man/pam_setcred.3.xml: New. + * doc/man/pam_setcred.3: Regenerated from xml file. + * doc/man/pam_start.3.xml: New. + * doc/man/pam_start.3: Regenerated from xml file. + * doc/man/pam_strerror.3.xml: New. + * doc/man/pam_strerror.3: Regenerated from xml file. + * doc/man/template-man: Removed. + +2006-02-10 Thorsten Kukuk <kukuk@thkukuk.de> + + * configure.in: Remove pam_pwdb support. + * modules/Makefile.am: remove pam_pwdb. + * modules/pam_pwdb: Remove complete directory. + * libpam/Makefile.am: Remove LIBPWDB references. + * libpam/pam_static_modules.h: Remove pam_pwdb references. + * doc/modules/pam_pwdb.sgml: Removed. + * po/POTFILES.in: Remove modules/pam_pwdb/*.c entries. + * doc/pam_source.sgml: Remove references to libpwdb. + * doc/modules/pam_limits.sgml: Remove wrong reference to libpwdb. + * doc/modules/pam_group.sgml: Likewise. + * doc/modules/pam_cracklib.sgml: Replace pam_pwdb with pam_unix. + * doc/modules/pam_userdb.sgml: Likewise. + * modules/pam_cracklib/pam_cracklib.8.xml: Replace pam_pwdb + with pam_unix. + * modules/pam_mkhomedir/pam_mkhomedir.c: Likewise. + * modules/pam_group/pam_group.c: Remove dead code for libpwdb. + + * modules/pam_access/Makefile.am: Fix EXTRA_DIST. + * modules/pam_cracklib/Makefile.am: Likewise. + * modules/pam_deny/Makefile.am: Likewise. + * modules/pam_exec/Makefile.am: Likewise. + +2006-02-07 Thorsten Kukuk <kukuk@thkukuk.de> + + * configure.in: Check for text browser. + * Make.xml.rules: Add rule to generate README from README.xml. + + * modules/pam_access/Makefile.am: Include Make.xml.rules. + * modules/pam_access/README: Regenerated from README.xml. + * modules/pam_access/README.xml: New. + * modules/pam_access/access.conf: Extended by new examples. + * modules/pam_access/access.conf.5: New, generated from xml file. + * modules/pam_access/access.conf.5.xml: New. + * modules/pam_access/pam_access.8: New, generated from xml file. + * modules/pam_access/pam_access.8.xml: New. + * modules/pam_access/pam_access.c: Add rules for IPv6 and + netmasks. + Based on patch from Mike Becher <Mike.Becher@lrz-muenchen.de>. + + * modules/pam_deny/Makefile.am: Include Make.xml.rules. + * modules/pam_deny/pam_deny.8.xml: New. + * modules/pam_deny/pam_deny.8: New, generated from xml file. + * modules/pam_deny/README.xml: New. + * modules/pam_deny/README: Regenerated from xml file. + + * modules/pam_cracklib/Makefile.am: Include Make.xml.rules. + * modules/pam_cracklib/pam_cracklib.8.xml: New. + * modules/pam_cracklib/pam_cracklib.8: New, generated from xml file. + * modules/pam_cracklib/README.xml: New. + * modules/pam_cracklib/README: Regenerated from xml file. + + * modules/pam_exec/Makefile.am: Add rule to generate README. + * modules/pam_exec/README: Regenerated from xml file. + * modules/pam_exec/pam_exec.8: Regenerated from xml file. + * modules/pam_exec/pam_exec.8.xml: Syntax files. + +2006-02-06 Thorsten Kukuk <kukuk@thkukuk.de> + + * po/nl.po: New. + * po/pt.po: Update translations. + * configure.in: Add nl as new language. + +2006-01-30 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_exec/pam_exec.8.xml: Fix syntax of Return Value section. + * modules/pam_exec/Makefile.am: Include Make.xml.rules. + + * Make.xml.rules: New. + + * Makefile.am (EXTRA_DIST): Add Make.xml.rules. + +2006-01-27 Thorsten Kukuk <kukuk@thkukuk.de> + + * configure.in: Prefer libdb over libndbm, fix check for + libcrack and remove not needed BACKUP_LIBS. + +2006-01-24 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_debug/pam_debug.c: Fix name of pam_module struct. + + * po/de.po: Fix one translation. + + * configure.in: Add modules/pam_exec. + * modules/Makefile.am: Add pam_exec subdirectory. + * modules/pam_exec/README: New. + * modules/pam_exec/Makefile.am: New. + * modules/pam_exec/pam_exec.8: New. + * modules/pam_exec/pam_exec.c: New. + * modules/pam_exec/pam_exec.8.xml: New. + * po/POTFILES.in: Add modules/pam_exec/pam_exec.c. + * po/*.po: Merge new pam_exec strings. + + * libpam/pam_static_modules.h: New. + * Makefile.am: Reorder subdirectories for static modules. + * configure.in: Add --enable-static-modules option. + * libpam/Makefile.am: Define WITH_SELINUX and WITH_PWDB if + necessary, add pam_static_modules.h, link against all PAM + module object files if STATIC_MODULES is defined. + * libpam/pam_static.c: Remove old _static_module* includes, + include pam_static_modules.h. + + * configure.in: Add checks for xsltproc, xmllint and docbook + xsl stylesheet. + * m4/jh_path_xml_catalog.m4: New. + +2006-01-22 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_succeed_if/pam_succeed_if.c: Add support for + static modules. + * modules/pam_xauth/pam_xauth.c: Likewise. + + * libpam/pam_static.c (_pam_open_static_handler): Add pamh + as argument. + * libpam/pam_private.h: Adjust prototype. + * libpam/pam_handlers.c (_pam_add_handler): Add pamh to + _pam_open_static_handler call. + + * configure.in: Don't define PAM_DYNAMIC. + * libpam/pam_handlers.c: Get ride of PAM_DYNAMIC, don't + include pam_dynamic.h + * libpam/pam_dynamic.c: Don't include pam_dynamic.h, + exclude functions if we compile with PAM_STATIC. + * libpam/pam_dynamic.h: Remove. + * libpam/pam_private.h: Add function prototypes from pam_dynamic.h. + * libpam/Makefile.am: Bump version number of libpam, remove + pam_dynamic.h. + +2006-01-21 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_listfile/pam_listfile.c: Add support for session + and password management. + +2006-01-19 Thorsten Kukuk <kukuk@thkukuk.de> + + * doc/specs/Makefile.am (spec): Add padout to fix parallel + build (Reported by Andreas Haumer <andreas@xss.co.at>). + +2006-01-15 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_echo/pam_echo.c: Define HOST_NAME_MAX if not + already defined. + +2006-01-13 Thorsten Kukuk <kukuk@thkukuk.de> + + * release version 0.99.3.0 + + * libpam_misc/misc_conv.c (misc_conv): Fix strict aliasing + error. + + * modules/pam_umask/pam_umask.c (search_key): Don't ignore + EOF/error return value from fgets(). + + * configure.in: Check for getline and getdelim + + * po/fi.po: Add new translations. + * po/de.po: Likewise. + * po/es.po: Likewise. + * po/fr.po: Likewise. + * po/it.po: Likewise. + * po/ja.po: Likewise. + * po/pt_BR.po: Likewise. + * po/zh_CH.po: Likewise. + * po/zh_TW.po: Likewise. + +2006-01-13 Dmitry V. Levin <ldv@altlinux.org> + + * libpam/pam_audit.c (_pam_auditlog): Replace strerror(errno) + call with %m specifier. + +2006-01-12 Thorsten Kukuk <kukuk@thkukuk.de> + + * configure.in: Add check for -fpie/-pie + * modules/pam_filter/upperLOWER/Makefile.am: Compile/link + upperLOWER with -fpie/-pie if supported. + * modules/pam_unix/Makefile.am: Compile/link unix_chkpwd + with -fpie/-pie if supported. + +2006-01-12 Steve Grubb <sgrubb@redhat.com> + + * configure.in: Add check for audit library. + * libpam/Makefile.am (libpam_la_LDFLAGS): Add LIBAUDIT. + (libpam_la_SOURCES): Add pam_audit.c. + * libpam/pam_account.c (pam_acct_mgmt): Add _pam_auditlog() call. + * libpam/pam_auth.c (pam_authenticate), (pam_setcred): Likewise. + * libpam/pam_password.c (pam_chauthtok): Likewise. + * libpam/pam_session.c (pam_open_session), + (pam_close_session): Likewise. + * libpam/pam_private.h: Add audit_state member to pam_handle, + declare _pam_auditlog and _pam_audit_end. + * libpam/pam_start.c (pam_start): Initialize audit_state. + * libpam/pam_audit.c: New file with _pam_auditlog and _pam_audit_end + implementation. + * libpam/pam_end.c (pam_end): Add _pam_audit_end() call. + * NEWS: Note about added auditing. + +2006-01-11 Thorsten Kukuk <kukuk@thkukuk.de> + + * libpam/Makefile.am (AM_CFLAGS): Define LIBPAM_COMPILE. + + * libpam/include/security/_pam_types.h: Don't define PAM_NONNULL + if we compile libpam itself. + + * po/hu.po: Update with new translations. + +2006-01-08 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_cracklib/pam_cracklib.c: Use PAM_AUTHTOK_RECOVERY_ERR + instead of PAM_AUTHTOK_RECOVER_ERR. + * modules/pam_pwdb/support.-c: Likewise. + * modules/pam_unix/support.c: Likewise. + * modules/pam_userdb/pam_userdb.c (pam_sm_authenticate): Likewise. + * libpam/pam_strerror.c (pam_strerror): Likewise. + + * libpam/include/security/_pam_compat.h: Define + PAM_AUTHTOK_RECOVER_ERR for backward compatibility. + + * libpam/include/security/_pam_types.h: Rename + PAM_AUTHTOK_RECOVER_ERR to PAM_AUTHTOK_RECOVERY_ERR. + +2006-01-05 Thorsten Kukuk <kukuk@thkukuk.de> + + * libpam/include/security/_pam_types.h: Remove nonnull attribute + from third paramter (item) of pam_get_item. + * libpam/Makefile.am: Bump version number of shared library. + +2005-12-21 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_succeed_if/pam_succeed_if.c (evaluate_ingroup), + (evaluate_notingroup): Simplified. + (evaluate_innetgr), (evaluate_notinnetgr): New functions. + (evaluate): Added calls to evaluate_(not)innetgr(). + * modules/pam_succeed_if/README: Documented netgroup matching. + * NEWS: Mentioned the added netgroup matching support. + +2005-12-20 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_lastlog/pam_lastlog.c (last_login_read): Use + strftime instead of ctime. + + * po/de.po: Fix typo. + +2005-12-19 Thorsten Kukuk <kukuk@thkukuk.de> + + * libpam/pam_syslog.c: Define LOG_AUTHPRIV as LOG_AUTH on Solaris. + Reported by Charles_H_Bedford@nbc.gov. + + * modules/pam_time/pam_time.c (check_account): Implement + support for netgroups. + + * modules/pam_time/time.conf: Document usage of netgroups. + +2005-12-16 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_group/pam_group.c (check_account): Implement + support for netgroups. + + * modules/pam_group/group.conf: Add all documentation to this + example config file and don't reference to outdated configs. + + * modules/pam_group/README: New. + + * modules/pam_group/Makefile.am: Add README to EXTRADIST. + +2005-12-15 Thorsten Kukuk <kukuk@suse.de> + + * modules/pam_lastlog/pam_lastlog.c (last_login_read): Don't report an + error if user logins the first time. + + * modules/pam_lastlog/README: New. + + * modules/pam_lastlog/Makefile.am: Add README to EXTRADIST. + +2005-12-14 Thorsten Kukuk <kukuk@suse.de> + + * modules/pam_deny/pam_deny.c: Fix comment. + + * doc/pam_appl.sgml: Fix typo. + + Reported by Russell Bateman <russ@windofkeltia.com> + +2005-12-12 Thorsten Kukuk <kukuk@thkukuk.de> + + * release version 0.99.2.1 + + * po/de.po: Remove new fuzzy entry + + * NEWS: Add 0.99.2.1 changes + + * configure.in: bump version number to 0.99.2.1 + +2005-12-12 Dmitry V. Levin <ldv@altlinux.org> + + Cleanup pam_syslog messages. + + * modules/pam_env/pam_env.c (_expand_arg): Fix compiler warning. + * modules/pam_filter/pam_filter.c (set_filter): Append %m + specifier to pam_syslog messages where appropriate. + * modules/pam_group/pam_group.c (read_field): Likewise. + * modules/pam_mkhomedir/pam_mkhomedir.c (make_remark): Remove. + (create_homedir): Do not use make_remark() wrapper, call + pam_info() directly. Call pam_syslog() right after failed + operation and append %m specifier to pam_syslog messages where + appropriate. + * modules/pam_rhosts/pam_rhosts_auth.c (pam_iruserok): Replace + sequence of malloc(), strcpy() and strcat() calls with asprintf(). + Append %m specifier to pam_syslog messages where appropriate. + * modules/pam_securetty/pam_securetty.c (securetty_perform_check): + Append %m specifier to pam_syslog messages where appropriate. + * modules/pam_shells/pam_shells.c (perform_check): Likewise. + +2005-12-12 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_mail/pam_mail.c (report_mail): Fixed typo in string. + * po/Linux-PAM.pot: Likewise. + * po/de.po: Likewise. + * po/es.po: Likewise. + * po/fi.po: Likewise. + * po/fr.po: Likewise. + * po/hu.po: Likewise. + * po/it.po: Likewise. + * po/ja.po: Likewise. + * po/nb.po: Likewise. + * po/pa.po: Likewise. + * po/pl.po: Likewise. + * po/pt.po: Likewise. + * po/pt_BR.po: Likewise. + * po/zh_CN.po: Likewise. + * po/zh_TW.po: Likewise. + * po/de.po: Add new translation, fixed typo in string. + +2005-12-12 Mike Becher <Mike.Becher@lrz-muenchen.de> + + * doc/Makefile.am: Fixed install of PS, PDF, TXT and HTML files. + +2005-12-12 Thorsten Kukuk <kukuk@suse.de> + + * modules/pam_mail/README: Document "quiet" and "standard" + options. + +2005-12-07 Thorsten Kukuk <kukuk@suse.de> + + * modules/pam_mail/pam_mail.c: Modify assembling of output + for easier translation. + + * po/de.po: Translate new pam_mail messages. + + +2005-11-24 Thorsten Kukuk <kukuk@thkukuk.de> + + * po/de.po: Add new translation, fix wrong format specifier. + * po/cs.po: Fix wrong format specifier. + * po/es.po: Likewise. + * po/fi.po: Likewise. + * po/fr.po: Likewise. + * po/hu.po: Likewise. + * po/it.po: Likewise. + * po/ja.po: Likewise. + * po/nb.po: Likewise. + * po/pa.po: Likewise. + * po/pl.po: Likewise. + * po/pt.po: Likewise. + * po/pt_BR.po: Likewise. + * po/zh_CN.po: Likewise. + * po/zh_TW.po: Likewise. + +2005-11-24 Dmitry V. Levin <ldv@altlinux.org> + + * config.h.in: Remove generated file. + * .cvsignore: Add config.h.in. + + * configure.in: Do not check for strerror. + * libpam_misc/misc_conv.c (read_string): Replace strerror() + call with %m specifier. + * libpamc/pamc_converse.c (pamc_converse): Likewise. + * modules/pam_echo/pam_echo.c (pam_echo): Likewise. + * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): + Likewise. + * modules/pam_selinux/pam_selinux.c (security_label_tty): + Likewise. + (security_restorelabel_tty, security_label_tty): Append %m + specifier where appropriate. + * modules/pam_selinux/pam_selinux_check.c (main): Replace + strerror() call with %m specifier. + * modules/pam_unix/pam_unix_passwd.c (save_old_password, + _update_passwd, _update_shadow): Likewise. + * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise. + * modules/pam_unix/unix_chkpwd.c (_update_shadow): Likewise. + * po/Linux-PAM.pot: Update strings from pam_selinux. + * po/cs.po: Likewise. + * po/de.po: Likewise. + * po/es.po: Likewise. + * po/fi.po: Likewise. + * po/fr.po: Likewise. + * po/hu.po: Likewise. + * po/it.po: Likewise. + * po/ja.po: Likewise. + * po/nb.po: Likewise. + * po/pa.po: Likewise. + * po/pl.po: Likewise. + * po/pt.po: Likewise. + * po/pt_BR.po: Likewise. + * po/zh_CN.po: Likewise. + * po/zh_TW.po: Likewise. + +2005-11-23 Thorsten Kukuk <kukuk@suse.de> + + * modules/pam_xauth/pam_xauth.c (pam_sm_open_session): Introduce + new variable to fix compiler warning. + + * libpam/pam_modutil_getlogin.c (pam_modutil_getlogin): PAM_TTY + don't need to start with /dev/. + +2005-11-21 Thorsten Kukuk <kukuk@thkukuk.de> + + * release version 0.99.2.0 + + * libpam_misc/Makefile.am: Increase release number (for change + from 2005-11-09) + + * NEWS: Adjust for 0.99.2.0 + +2005-11-17 Thorsten Kukuk <kukuk@thkukuk.de> + + * libpam/include/security/_pam_compat.h: Fix wrong #ifdef nesting. + Redefine PAM_CHANGE_EXPIRED_AUTHTOK [#604380] + +2005-11-16 Thorsten Kukuk <kukuk@thkukuk.de> + + * libpam/pam_handlers.c: Replace code for all dlopen variants with + a generic wrapper. + * libpam/pam_dynamic.c: Implement generic wrapper for dlopen. + * libpam/pam_dynamic.h: Provide prototypes. + For Mac OS X support [#534205] + +2005-11-09 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_access/pam_access.c (pam_sm_acct_mgmt): Parse correctly + full path tty name. + * modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Parse correctly + full path tty name. Allow unset tty. + (logic_member): Allow matching ':' in tty name. + * modules/pam_group/pam_group.c (pam_sm_acct_mgmt): Parse correctly + full path tty name. Allow unset tty. + (logic_member): Allow matching ':' in tty name. + + * libpam_misc/misc_conv.c (read_string): Read only up to EOL if stdin + is not terminal. + +2005-11-07 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Use + correct variable names. + +2005-11-06 Steve Langasek <vorlon@debian.org> + + * modules/pam_env/pam_env.c: don't treat a missing + /etc/environment as a fatal error when attempting to read it, + and try to read this file by default; this restores the behavior + from Linux-PAM 0.76. + +2005-11-02 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_unix/support.c (_unix_getpwnam): Fix typo [#1224807] + by ohyajapn. + + * modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Change the + logic when comparing dates to handle corner cases better [#1245888]. + +2005-10-31 Thorsten Kukuk <kukuk@suse.de> + + * modules/pam_filter/pam_filter.c: Use XCASE only if defined + [#624214] + +2005-10-27 Thorsten Kukuk <kukuk@suse.de> + + * doc/man/pam.8: Fix wording for authentication chapter [#1197444] + +2005-10-26 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary), + modules/pam_unix/pam_unix_passwd.c (_unix_run_shadow_binary), + modules/pam_unix/support.c (_unix_run_shadow_binary_): Set real + uid to 0 before executing the helper if SELinux is enabled. + * modules/pam_unix/unix_chkpwd.c (main): Disable user check only + if real uid is 0 (CVE-2005-2977). Log failed password check attempt. + + +2005-10-20 Tomas Mraz <t8m@centrum.cz> + + * configure.in: Added check for xauth binary and --with-xauth option. + * config.h.in: Added configurable PAM_PATH_XAUTH. + * modules/pam_xauth/README, + modules/pam_xauth/pam_xauth.8: Document where xauth is looked for. + * modules/pam_xauth/pam_xauth.c (pam_sm_open_session): Implement + searching xauth binary on multiple places. + (run_coprocess): Don't use execvp as it can be a security risk. + +2005-10-04 Steve Langasek <vorlon@debian.org> + + * libpam/include/security/pam_malloc.h, + libpam/include/security/pam_modules.h: Declare public header + files extern "C" so that they are C++-safe. + +2005-10-02 Dmitry V. Levin <ldv@altlinux.org> + Steve Langasek <vorlon@debian.org> + + Cleanup gratuitous use of strdup(). + Fix "missing argument" checks. + + * modules/pam_env/pam_env.c (_pam_parse): Add const qualifier + to conffile and envfile arguments. Do not use x_strdup() for + conffile and envfile initialization. Fix "missing argument" + checks. + (_parse_config_file): Take conffile argument of type "const char *" + instead of "char **". Do not free conffile. + (_parse_env_file): Take env_file argument of type "const char *" + instead of "char **". Do not free env_file. + (pam_sm_setcred): Add const qualifier to conf_file and env_file. + Pass conf_file and env_file to _parse_config_file() and + _parse_env_file() by value. + (pam_sm_open_session): Likewise. + + * modules/pam_ftp/pam_ftp.c (_pam_parse): Add const qualifier to + users argument. Do not use x_strdup() for users initialization. + (lookup): Add const qualifier to list argument. + (pam_sm_authenticate): Add const qualifier to users argument. + + * modules/pam_mail/pam_mail.c (_pam_parse): Add const qualifier + to maildir argument. Do not use x_strdup() for maildir + initialization. Fix "missing argument" check. + (get_folder): Take path_mail argument of type "const char *" + instead of "char **". Do not free path_mail. + (_do_mail): Add const qualifier to path_mail argument. + Pass path_mail to get_folder() by value. + + * modules/pam_motd/pam_motd.c: Include <syslog.h>. + (pam_sm_open_session): Add const qualifier to motd_path. + Do not use x_strdup() for motd_path initialization. Do not + free motd_path. Fix "missing argument" check. Add "unknown + option" warning. + + * modules/pam_userdb/pam_userdb.c (_pam_parse): Add const + qualifier to database and cryptmode arguments. Fix "missing + argument" checks. + (pam_sm_authenticate): Add const qualifier to database and cryptmode. + (pam_sm_acct_mgmt): Likewise. + +2005-10-01 Steve Langasek <vorlon@debian.org> + + * modules/pam_userdb/pam_userdb.c: spelling fix in log message. + +2005-09-30 Steve Langasek <vorlon@debian.org> + + * modules/pam_userdb/pam_userdb.c: Fix memory leak due to + gratuitous use of strdup(). + +2005-09-27 Thorsten Kukuk <kukuk@thkukuk.de> + + * release 0.99.1.0 + + * doc/specs/Makefile.am (install-data-local): Install + rfc and draft. + (all): Copy rfc if we build outside of source directory. + +2005-09-27 Thorsten Kukuk <kukuk@suse.de> + + * NEWS: Document removal of pam_radius. + * autogen.sh: Make configure script executeable. + + * conv/pam_conv1/Makefile (EXTRA_DIST): Removed lex.yy.c + (lex.yy.c): Fixed out of tree build. + + * conv/pam_conv1/pam_conv.y: Fix main prototype. + + * README: Adjust. + + * po/POTFILES.in: Remove files not distributed by tar archive + and not containing strings for translation. + +2005-09-26 Tomas Mraz <t8m@centrum.cz> + + * NEWS: Add a few missing entries from CHANGELOG. + + * AUTHORS: Fixed entries for Toady and me. + + * Makefile.am (M4_FILES): Fixed out of tree build. + * doc/specs/Makefile.am (EXTRA_DIST): Removed lex.yy.c + (spec, lex.yy.c): Fixed out of tree build. + + * modules/pam_userdb/README: Document try_first_pass and + use_first_pass options, remove use_authtok option. + + +2005-09-26 Dmitry V. Levin <ldv@altlinux.org> + + * NEWS: Mention changes in pam_lastlog. + +2005-09-26 Thorsten Kukuk <kukuk@suse.de> + + * NEWS: New file. + * autogen.sh: Don't generate NEWS file. + * CHANGELOG: Document it as obsolete. + +2005-09-26 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): + _log_err() -> pam_syslog() + (pam_sm_acct_mgmt): _log_err() -> pam_syslog(), fix warning. + * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): + _log_err() -> pam_syslog() + * modules/pam_unix/pam_unix_passwd.c: removed obsolete ifdef + (getNISserver, _unix_run_shadow_binary, _update_passwd, + _update_shadow, _do_setpass, _pam_unix_approve_pass, + pam_sm_chauthtok): _log_err() -> pam_syslog() + * modules/pam_unix/pam_unix_sess.c: removed obsolete ifdef + (pam_sm_open_session, pam_sm_close_session): + _log_err() -> pam_syslog() + * modules/pam_unix/support.c (_log_err, converse): removed + (_make_remark): use pam_prompt() instead of converse() + (_set_ctrl, _cleanup_failures, _unix_run_helper_binary, + _unix_verify_password, _unix_read_password): + _log_err() -> pam_syslog() + _cleanup(), _unix_cleanup(): Silence unused param warnings. + (_cleanup_failures, _unix_verify_password, _unix_getpwnam, + _unix_run_helper_binary): Silence incorrect type warnings. + (_unix_read_password): Use multiple pam_prompt() and pam_info() calls + instead of converse(). + * modules/pam_unix/support.h (_log_err): removed + * modules/pam_unix/unix_chkpwd.c (_log_err): LOG_AUTH -> LOG_AUTHPRIV + +2005-09-26 Thorsten Kukuk <kukuk@suse.de> + + * configure.in: Add doc/specs/Makefile. + * Makefile.am: Add releasedocs rule. + * doc/Makefile.am: Add specs subdir, remove files from specs + directory, add rfc86.0.txt to releasedocs. + * doc/specs/Makefile.am: New file. + * doc/specs/formatter/parse.y: move from here ... + * doc/specs/parse.y: ... here. + * doc/specs/formatter/parse.lex: move from here ... + * doc/specs/parse.lex: ... here. + + * modules/pam_mail/pam_mail.c: Mark missing strings for translation + * po/Linux-PAM.pot: Add new strings from pam_mail + * po/cs.po: Likewise. + * po/de.po: Likewise. + * po/es.po: Likewise. + * po/fi.po: Likewise. + * po/fr.po: Likewise. + * po/hu.po: Likewise. + * po/it.po: Likewise. + * po/ja.po: Likewise. + * po/nb.po: Likewise. + * po/pa.po: Likewise. + * po/pl.po: Likewise. + * po/pt.po: Likewise. + * po/pt_BR.po: Likewise. + * po/zh_CN.po: Likewise. + * po/zh_TW.po: Likewise. + +2005-09-23 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_access/pam_access.c (from_match): Support NULL from. + (string_match): Support NULL string, add NONE keyword matching it. + (pam_sm_acct_mgmt): Don't fail when ttyname returns NULL. + * modules/pam_access/access.conf: NONE keyword description + * modules/pam_access/README: NONE keyword description + +2005-09-22 Dmitry V. Levin <ldv@altlinux.org> + + * modules/pam_xauth/pam_xauth.c: (check_acl, pam_sm_open_session, + pam_sm_close_session): Strip redundant "pam_xauth: " prefix from + text of log messages. + (pam_sm_open_session): Replace sequence of malloc(), strcpy() + and strcat() calls with asprintf(). Replace syslog() calls + with pam_syslog(). + + * modules/pam_nologin/pam_nologin.c (parse_args): Use strncmp() + instead of memcmp() for string comparison. + +2005-09-21 Dmitry V. Levin <ldv@altlinux.org> + + * modules/pam_nologin/pam_nologin.c: Include <syslog.h>. + (parse_args): Add pam_handle_t* argument. Log unrecognized + options. + (perform_check): Log pam_get_user() and malloc() failures. + (pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt): + Pass pam_handle_t* to parse_args(). + + * modules/pam_mail/pam_mail.c: Include <errno.h>. + Remove YOUR_MAIL_VERBOSE_FORMAT, YOUR_MAIL_STANDARD_FORMAT and + NO_MAIL_STANDARD_FORMAT macros. + (parse_args, get_folder): Cleanup error messages. + (get_folder): Fix leak of the path_mail variable in case of + pam_get_user() failure. Cleanup memory management. + (get_mail_status): Add pam_handle_t* argument. Fix leaks of + namelist variable. Cleanup memory management. Log memory + allocation failures. Remove 250-byte limit on Maildir pathname. + (report_mail): Mark text messages for translation. + (_do_mail): Cleanup memory management. Pass pam_handle_t* + to get_mail_status(). + + * po/Linux-PAM.pot: Update with new strings from pam_mail for + translation. + * po/cs.po: Likewise. + * po/de.po: Likewise. + * po/es.po: Likewise. + * po/fi.po: Likewise. + * po/fr.po: Likewise. + * po/hu.po: Likewise. + * po/it.po: Likewise. + * po/ja.po: Likewise. + * po/nb.po: Likewise. + * po/pa.po: Likewise. + * po/pl.po: Likewise. + * po/pt.po: Likewise. + * po/pt_BR.po: Likewise. + * po/zh_CN.po: Likewise. + * po/zh_TW.po: Likewise. + +2005-09-20 Thorsten Kukuk <kukuk@suse.de> + + * configure.in: Add finish translation. + * po/fi.po: New. + + * acinclude.m4: remove libprelude macros. + * m4/libprelude.m4: New. + + * Makefile.am (EXTRA_DIST): make sure we include all m4 macros. + + * libpamc/Makefile.am (EXTRA_DIST): Add License. + +See CHANGELOG for earlier changes. |