| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
* modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): quiet
option has no argument, print no missing file if quiet is set
[sf#3194930].
|
| |
|
|
|
| |
* modules/pam_lastlog/pam_lastlog.c (last_login_failed): Don't
abort with error if btmp file does not exist.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2011-03-18 Tomas Mraz <tm@t8m.info>
* modules/pam_namespace/md5.c (MD5Final): Clear the whole ctx.
* modules/pam_namespace/pam_namespace.c (del_polydir): Guard for NULL poly.
(protect_dir): Guard for -1 passing to close().
(ns_setup): Likewise.
(pam_sm_open_session): Correctly test for SELinux enabled flag.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2011-03-17 Tomas Mraz <tm@t8m.info>
* modules/pam_selinux/pam_selinux.c (config_context): Fix leak of type.
(manual_context): Likewise.
(context_from_env): Remove extraneous auditing in success case.
* modules/pam_unix/support.c (_unix_run_helper_binary): Remove extra
close() call.
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: docfix
Commit summary:
---------------
2011-02-22 Tomas Mraz <tm@t8m.info>
* modules/pam_nologin/pam_nologin.8.xml: Add missing space.
* modules/pam_limits/limits.conf.5.xml: Fix typo.
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-12-21 Tomas Mraz <tm@t8m.info>
* modules/pam_selinux/pam_selinux.c (mls_range_allowed): Unhardcode
values for security class and av permission bit.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2010-12-14 Tomas Mraz <tm@t8m.info>
* modules/pam_limits/pam_limits.c (parse_uid_range): New function
to parse the range of uids or gids.
(parse_config_file): Call parse_uid_range() and if uid/gid range
is identified, setup the limits if the range matches. New parameters
containing user's uid and primary gid.
(pam_sm_open_session): Pass the user's uid and primary gid to
parse_config_file().
* modules/pam_limits/limits.conf.5.xml: Document the uid/gid ranges.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: translations
Commit summary:
---------------
2010-12-14 Bahadır Kandemir <bahadir@pardus.org.tr>
* po/tr.po: Updated translations.
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: docfix
Commit summary:
---------------
2010-11-25 Tomas Mraz <tm@t8m.info>
* modules/pam_securetty/pam_securetty.8.xml: Improve documentation
of the kernel console feature and the noconsole option.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2010-11-24 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_securetty/pam_securetty.c: Parse console= kernel
option, add noconsole option.
* modules/pam_securetty/pam_securetty.8.xml: Document new behavior
for serial console.
Patch from Lennart Poettering.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: docfix
Commit summary:
---------------
2010-11-24 Tomas Mraz <tm@t8m.info>
* modules/pam_limits/limits.conf.5.xml: Document the %group syntax.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2010-11-18 Tomas Mraz <tm@t8m.info>
* modules/pam_limits/pam_limits.c (pam_parse,pam_sm_open_session):
Drop obsolete and broken option change_uid.
* modules/pam_limits/pam_limits.8.xml: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-11-16 Tomas Mraz <tm@t8m.info>
* modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Remove
dead and duplicate code. Return PAM_INCOMPLETE instead of
PAM_CONV_AGAIN.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-11-11 Tomas Mraz <tm@t8m.info>
* modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Fix
potential use after free in case SELinux is misconfigured.
* modules/pam_namespace/pam_namespace.c (process_line): Fix memory
leak when parsing empty config file lines.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: release
Commit summary:
---------------
2010-10-28 Thorsten Kukuk <kukuk@thkukuk.de>
* release version 1.1.3
* configure.in: Increase version to 1.1.3
* NEWS: document visible changes
* libpam/Makefile.am (libpam_la_LDFLAGS): Bump version number.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-27 Thorsten Kukuk <kukuk@thkukuk.de>
* doc/adg/Makefile.am: Use UTF-8 for html docu.
* doc/mwg/Makefile.am: Likewise.
* doc/sag/Makefile.am: Likewise.
kernel.org webserver is using UTF-8
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-22 Tomas Mraz <tm@t8m.info>
* modules/pam_namespace/pam_namespace.c (inst_init): Use execle()
to execute the init script with clean environment. (CVE-2010-3853)
(cleanup_tmpdirs): Likewise for executing rm.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2010-10-21 Dmitry V. Levin <ldv@altlinux.org>
* modules/pam_mkhomedir/mkhomedir_helper.c (rec_mkdir): Remove.
(create_homedir): Use mkdir() instead of rec_mkdir().
(make_parent_dirs): New function.
(main): Use make_parent_dirs() to create parent directories only
for the home directory itself.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-21 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/support.c (_unix_getpwnam): Don't allocate
unneeded buffer for uid/gid [sf#3059572].
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-20 Thorsten Kukuk <kukuk@thkukuk.de>
* doc/man/pam_get_authtok.3.xml: Fix xml code.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-20 Thorsten Kukuk <kukuk@thkukuk.de>
* doc/man/Makefile.am: Fix build dependencys of pam_get_authtok.3.
* xtests/Makefile.am: Only build xtests if we run xtests.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-20 Thorsten Kukuk <kukuk@thkukuk.de>
* configure.in: Check for libdb with symbol versions, too.
Patch from Diego Elio Pettenò.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-20 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_mkhomedir/mkhomedir_helper.c (rec_mkdir): Create
parent directories always with mode 0755.
(create_homedir): Create main directory with mode 0700 at first.
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2010-10-19 Dmitry V. Levin <ldv@altlinux.org>
* modules/pam_selinux/pam_selinux.c (verbose_message): Remove.
(pam_sm_open_session): Call send_text() instead of verbose_message().
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2010-10-19 Dmitry V. Levin <ldv@altlinux.org>
* m4/ld-no-undefined.m4: New file.
* configure.in: Use PAM_LD_NO_UNDEFINED.
* Makefile.am (M4_FILES): Add m4/ld-no-undefined.m4.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-19 Dmitry V. Levin <ldv@altlinux.org>
* m4/ld-O1.m4 (PAM_LD_O1): Fix typo.
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-19 Dmitry V. Levin <ldv@altlinux.org>
* modules/pam_selinux/Makefile.am (pam_selinux_la_LIBADD): Add
@LIBAUDIT@.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: documentation
Commit summary:
---------------
2010-10-19 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_env/pam_env.8.xml: Document side effects of
environment variables in the stack.
* modules/pam_exec/pam_exec.8.xml: Document that user can
have controll over the environment.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-11 Tomas Mraz <t8m@centrum.cz>
* modules/pam_env/pam_env.c: Change default for user_readenv to 0.
* modules/pam_env/pam_env.8.xml: Document the new default for user_readenv.
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-07 Dmitry V. Levin <ldv@altlinux.org>
* modules/pam_selinux/pam_selinux.c (verbose_message): Fix format
string.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-04 Dmitry V. Levin <ldv@altlinux.org>
* libpam/pam_modutil_priv.c: New file.
* libpam/Makefile.am (libpam_la_SOURCES): Add it.
* libpam/include/security/pam_modutil.h (struct pam_modutil_privs,
PAM_MODUTIL_DEF_PRIVS, pam_modutil_drop_priv,
pam_modutil_regain_priv): New declarations.
* libpam/libpam.map (LIBPAM_MODUTIL_1.1.3): New interface.
* modules/pam_env/pam_env.c (handle_env): Use new pam_modutil interface.
* modules/pam_mail/pam_mail.c (_do_mail): Likewise.
* modules/pam_xauth/pam_xauth.c (check_acl, pam_sm_open_session,
pam_sm_close_session): Likewise.
(pam_sm_open_session): Remove redundant fchown call.
Fixes CVE-2010-3430, CVE-2010-3431.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-01 Thorsten Kukuk <kukuk@thkukuk.de>
* configure.in: Extend cross compiling check.
* doc/specs/Makefile.am: Set CFLAGS and LDFLAGS to BUILD_CFLAGS
and BUILD_LDFLAGS.
Bug #3078936 / gentoo #339174
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2010-09-30 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_xauth/pam_xauth.c (pam_sm_close_session): Warn if
unlink() fails.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-09-27 Dmitry V. Levin <ldv@altlinux.org>
* modules/pam_xauth/pam_xauth.c (pam_sm_close_session): Return
PAM_SUCCESS immediately if no cookie file is defined. Return
PAM_SESSION_ERR if cookie file is defined but target uid cannot be
determined. Do not modify cookiefile string returned by pam_get_data.
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-09-27 Dmitry V. Levin <ldv@altlinux.org>
* modules/pam_xauth/pam_xauth.c (check_acl): Check that the given
access control file is a regular file.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2010-09-16 Dmitry V. Levin <ldv@altlinux.org>
* modules/pam_env/pam_env.c (handle_env): Use setfsuid() return code.
* modules/pam_mail/pam_mail.c (_do_mail): Likewise.
* modules/pam_xauth/pam_xauth.c (check_acl, pam_sm_open_session,
pam_sm_close_session): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new release
Commit summary:
---------------
2010-08-31 Thorsten Kukuk <kukuk@thkukuk.de>
* release version 1.1.2
* configure.in: Bump version number.
* NEWS: Document changes since 1.1.1.
* doc/adg/Linux-PAM_ADG.xml: Bump version number.
* doc/mwg/Linux-PAM_MWG.xml: Likewise.
* doc/sag/Linux-PAM_SAG.xml: Likewise.
* libpam/Makefile.am: Bump revision of shared library.
* po/*.po: Regenerate.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2010-08-26 Tomas Mraz <t8m@centrum.cz>
* modules/pam_nologin/pam_nologin.c (perform_check): Try first
/var/run/nologin if the nologin file is not explicitly specified.
* modules/pam_nologin/pam_nologin.8.xml: Document that /var/run/nologin
is tried first.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: translation
Commit summary:
---------------
2010-08-26 Sweta Kothari <swkothar@redhat.com>
* po/gu.po: Updated translations.
2010-08-26 Geert Warrink <geert.warrink@onsnet.nu>
* po/nl.po: Updated translations.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-08-26 Thorsten Kukuk <kukuk@thkukuk.de>
* doc/specs/Makefile.am: Use CC_FOR_BUILD as compiler (cross
compile support).
* configure.in: Check for host compiler if cross compiling.
Bug #2315432, debian#284854#42.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2010-08-17 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/pam_unix_passwd.c: Implement minlen option.
* modules/pam_unix/support.c: Likewise.
* modules/pam_unix/support.h: Likewise.
* modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Adjust
arguments for _set_ctrl call.
* modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise.
* modules/pam_unix/pam_unix_session.c: Likewise.
* modules/pam_unix/pam_unix.8.xml: Document minlen option.
Based on patch by Steve Langasek.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-08-12 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_mail/pam_mail.c: Check for mail only with user
privilegs.
* modules/pam_xauth/pam_xauth.c (run_coprocess): Check return
value of setgid, setgroups and setuid.
* modules/pam_xauth/pam_xauth.c (check_acl): Save errno for
later usage.
* modules/pam_env/pam_env.c (handle_env): Check if user exists,
read local user config only with user privilegs.`
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix/cleanup
Commit summary:
---------------
2010-08-09 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_tally/pam_tally.8.xml: Document that pam_tally is
deprecated.
* modules/pam_tty_audit/Makefile.am (EXTRA_DIST): Fix make dist.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-08-09 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/passverify.c (check_shadow_expiry): Correct
check for expired date.
* modules/pam_unix/pam_unix_passwd.c (_pam_unix_approve_pass): Remove
check for password length. Bug #2923437.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-08-04 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_tally2/pam_tally2.c (get_tally): Create file
with correct permissions. Patch by Diego Elio "Flameeyes" Pettenò.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: workaround
Commit summary:
---------------
2010-08-04 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/passverify.c (PAMH_ARG_DECL): Don't request
password change if time is not yet set (1.1.1970). Bug #2730965.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-08-04 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_access/pam_access.c (user_match): Make sure
that user@host will not match @@netgroup. Bug #3035919.
* modules/pam_group/pam_group.c (check_account): Add '%' for
UNIX groups.
* modules/pam_group/group.conf: Add example for '%'.
* modules/pam_group/group.conf.5.xml: Document '%' syntax.
Bug #3002340, #3037155.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Don't pass --version-script options when linking executables, only when
linking libraries
Patch from Julien Cristau <jcristau@debian.org>
|
