| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2009-03-03 Dmitry V. Levin <ldv@altlinux.org>
* tests/tst-pam_mkargv.c (main): Fix for non-64bit architectures.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2009-03-03 Tomas Mraz <t8m@centrum.cz>
* modules/pam_unix/pam_unix_acct.c(_unix_run_verify_binary): Test
for abnormal exit of the helper binary.
* modules/pam_unix/pam_unix_passwd.c(_unix_run_update_binary): Likewise.
* modules/pam_unix/support.c(_unix_run_helper_binary): Likewise.
* modules/pam_mkhomedir/pam_mkhomedir.c(create_homedir): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2009-02-27 Tomas Mraz <t8m@centrum.cz>
* modules/pam_mkhomedir/pam_mkhomedir.c(create_homedir): Replace
signal() with sigaction().
* modules/pam_namespace/pam_namespace.c(inst_init, cleanup_tmpdirs):
Likewise.
* modules/pam_unix/pam_unix_acct.c(_unix_run_verify_binary): Likewise.
* modules/pam_unix/pam_unix_passwd.c(_unix_run_update_binary):
Likewise.
* modules/pam_unix/passverify.c(su_sighandler): Likewise.
* modules/pam_unix/support.c(_unix_run_helper_binary): Likewise.
* modules/pam_tally2/Makefile.am: Link the pam_tally2 app to libpam
for auxiliary functions.
* modules/pam_tally2/pam_tally2.8.xml: Drop non-existing no_reset
option. Document new serialize option.
* modules/pam_tally2/pam_tally2.c: Add support for the new serialize
option.
(_cleanup, tally_set_data, tally_get_data): Add tally file handle to
tally PAM data. Needed for fcntl() locking.
(get_tally): Use low level file access instead of stdio buffered FILE.
If serialize option is used lock the tally file access.
(set_tally, tally_bump, tally_reset): Use low level file access instead
of stdio buffered FILE. Close the file handle only when it is not owned
by PAM data.
(pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt): Pass the tally
file handle to tally_set_data(). Get it from tally_get_data().
(main): Use low level file access instead of stdio buffered FILE.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2009-02-26 Tomas Mraz <t8m@centrum.cz>
* xtests/Makefile.am: Add tst-pam_unix4.
* xtests/tst-pam_unix4.c: New test for password change
and shadow min days limit.
* xtests/tst-pam_unix4.pamd: Likewise.
* xtests/tst-pam_unix4.sh: Likewise.
* modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Ignore
PAM_AUTHTOK_ERR on shadow verification.
* modules/pam_unix/passverify.c (check_shadow_expiry): Return
PAM_AUTHTOK_ERR if sp_min limit for password change is defied.
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: translation
Commit summary:
---------------
2009-02-26 Timur Birsh <taem@linukz.org>
* po/LINGUAS: New Kazakh translation.
* po/kk.po: New Kazakh translation.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2009-02-25 Thorsten Kukuk <kukuk@thkukuk.de>
* libpam/pam_misc.c (_pam_StrTok): Use unsigned char
instead of int. Reported by Marcus Granado.
* tests/Makefile.am (TESTS): Add tst-pam_mkargv.
* tests/tst-pam_mkargv.c (main): Test case for
_pam_mkargv.
* po/de.po: Update fuzzy translations.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2009-02-25 Tomas Mraz <t8m@centrum.cz>
* xtests/access.conf: Add a line for name resolution test case.
* xtests/tst-pam_access4.c (main): Set PAM_RHOST for testing the LOCAL
keyword. Add a test case for name resolution.
* modules/pam_access/pam_access.c (from_match): Move name resolution
to network_netmask_match().
(network_netmask_match): Do a name resolution of the origin only if
matching against a real network/netmask.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: translations
Commit summary:
---------------
2009-02-25 Fabian Affolter <fabian@bernewireless.net>
* po/de.po: Updated translations.
2009-02-25 Taylon Silmer Lacerda Silva <taylonsilva@gmail.com>
* po/pt_BR.po: Updated translations.
2009-02-25 Domingo Becker <domingobecker@gmail.com>
* po/es.po: Updated translations.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: enhancement
Commit summary:
---------------
2009-02-20 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_limits/limits.conf.5.xml: Document that the kernel
can refuse values out of range for the local system.
* modules/pam_limits/pam_limits.c (setup_limits): Log if setrlimit
fails.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: sanity check
Commit summary:
---------------
2009-02-18 Thorsten Kukuk <kukuk@thkukuk.de>
* libpam/pam_password.c (pam_chauthtok): Make sure applications
don't set internal flags.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2009-02-17 Thorsten Kukuk <kukuk@thkukuk.de>
* doc/man/pam_sm_chauthtok.3.xml: Document that sufficient
can break the PRELIM_CHECK chain.
* libpam/pam_dispatch.c: Don't freeze chain for chauthtok
[bugzilla.novell.com#470337]
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: translations
Commit summary:
---------------
2009-02-11 Daniel Nylander <po@danielnylander.se>
* po/sv.po: Updated translations.
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2009-01-29 Thorsten Kukuk <kukuk@thkukuk.de>
* doc/man/pam_sm_setcred.3.xml: Document PAM_ESTABLISHED_CRED.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2009-01-19 Tomas Mraz <t8m@centrum.cz>
* modules/pam_mkhomedir/Makefile.am: Add mkhomedir_helper.
* modules/pam_mkhomedir/mkhomedir_helper.8.xml: New file. Manual page
for mkhomedir_helper.
* modules/pam_mkhomedir/mkhomedir_helper.c: New file. Source
for mkhomedir_helper. Most of the code moved from pam_mkhomedir.c.
* modules/pam_mkhomedir/pam_mkhomedir.c (_pam_parse): Do not convert umask
to integer.
(rec_mkdir): Moved to mkhomedir_helper.c.
(create_homedir): Just exec the helper.
(pam_sm_open_session): Improve logging.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: translations
Commit summary:
---------------
2009-01-19 Daniel Cabrera <h.daniel.cabrera@gmail.com>
* po/es.po: Updated translations.
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: translation
Commit summary:
---------------
2009-01-14 Thorsten Kukuk <kukuk@thkukuk.de>
* po/de.po: Updated translations.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: translations
Commit summary:
---------------
2009-01-07 Piotr Drąg <piotrdrag@gmail.com>
* po/pl.po: Updated translations.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: translations
Commit summary:
---------------
2008-12-23 Piotr Drąg <piotrdrag@gmail.com>
* po/pl.po: Updated translations.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-12-18 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_pwhistory/pam_pwhistory.c (parse_option): Rename
type= option to authtok_type= (because of pam_get_authtok).
* modules/pam_pwhistory/pam_pwhistory.8.xml: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-12-17 Tomas Mraz <t8m@centrum.cz>
* modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Do
not abort on unknown option. Avoid double free of old_status.
(pam_sm_close_session): Use LOG_DEBUG for restored status message.
* configure.in: Test for getseuser().
* modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Call getseuser()
instead of getseuserbyname() if the function is available.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-12-17 Tomas Mraz <t8m@centrum.cz>
* modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Do
not abort on unknown option. Avoid double free of old_status.
(pam_sm_close_session): Use LOG_DEBUG for restored status message.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: release
Commit summary:
---------------
2008-12-12 Thorsten Kukuk <kukuk@thkukuk.de>
* release version 1.0.90
* libpam_misc/Makefile.am: Increase version number of shared library.
* libpamc/Makefile.am: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-12-12 Tomas Mraz <t8m@centrum.cz>
* modules/pam_tally2/pam_tally2.c (get_tally): Test for EACCES
instead of EPERM.
* modules/pam_tally2/pam_tally2.8.xml: Fix documentation.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-12-10 Thorsten Kukuk <kukuk@thkukuk.de>
* doc/man/pam_item_types_ext.inc.xml: Document PAM_AUTHTOK_TYPE.
* libpam/pam_end.c (pam_end): Free authtok_type.
* tests/tst-pam_get_item.c: Add PAM_AUTHTOK_TYPE
as test case.
* tests/tst-pam_set_item.c: Likewise.
* libpam/pam_start.c (pam_start): Initialize xdisplay,
xauth and authtok_type.
* libpam/pam_get_authtok.c (pam_get_authtok): Rename "type"
to "authtok_type".
* modules/pam_cracklib/pam_cracklib.8.xml: Replace "type=" with
"authtok_type=".
* doc/man/pam_get_authtok.3.xml: Document authtok_type argument.
* modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Set
type= argument as PAM_AUTHTOK_TYPE item.
* libpam/pam_get_authtok.c (pam_get_authtok): If no type
argument given, use PAM_AUTHTOK_TYPE item.
* libpam/pam_item.c (pam_get_item): Fetch PAM_AUTHTOK_TYPE item.
(pam_set_item): Store PAM_AUTHTOK_TYPE item.
* libpam/pam_private.h: Add authtok_type to pam_handle.
* libpam/include/security/_pam_types.h (PAM_AUTHTOK_TYPE): New.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-12-03 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_access/access.conf.5.xml: Replace
2001:4ca0 with 2001:db8:: [bug#2356400].
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-12-03 Thorsten Kukuk <kukuk@suse.de>
* doc/man/Makefile.am: Add pam_get_authtok.3.xml.
* doc/man/pam_get_authtok.3.xml: New.
* libpam/Makefile.am: Add pam_get_authtok.c.
* libpam/libpam.map: Export pam_get_authtok.
* libpam/pam_get_authtok.c: New.
* libpam/pam_private.h: Add mod_argc and mod_argv to pam_handle.
* libpam_include/security/pam_ext.h: Add pam_get_authtok
prototype.
* modules/pam_cracklib/pam_cracklib.c: Use pam_get_authtok.
* modules/pam_pwhistory/pam_pwhistory.c: Likewise.
* po/POTFILES.in: Add libpam/pam_get_authtok.c.
* xtests/tst-pam_cracklib1.c: Adjust error codes.
* modules/pam_timestamp/Makefile.am: Remove hmactest.c from
EXTRA_DIST.
* po/*.po: Regenerated.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: enhancement
Commit summary:
---------------
2008-12-02 Michael Calmer <mc@suse.de>
* modules/pam_limits/limits.conf.5.xml: Document valid values
for limits (bnc#448314).
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new features
Commit summary:
---------------
2008-12-02 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_env/pam_env.c: Add support for user specific
environment file. Based on a patch from Ubuntu.
* modules/pam_env/pam_env.8.xml: Document new options.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-12-02 Olivier Fourdan <ofourdan@redhat.com>
* modules/pam_filter/pam_filter.c (master): Use /dev/ptmx
instead of the old BSD pseudoterminal API.
(set_filter): Call grantpt(), unlockpt() and ptsname(). Do not
close pseudoterminal handle in filter child.
* modules/pam_filter/upperLOWER/upperLOWER.c (main): Use
regular read() instead of pam_modutil_read() to allow for
short reads.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2008-12-02 Tomas Mraz <t8m@centrum.cz>
* modules/pam_timestamp/Makefile.am: Add hmacfile to tests.
* modules/pam_timestamp/hmacfile.c: Do not try the short key
testvector.
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-12-01 Tomas Mraz <t8m@centrum.cz>
* modules/pam_unix/support.h: Fix masks for cipher algorithm
flags.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Fix author of last patches
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-12-01 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/pam_unix.8.xml: Document blowfish option.
* configure.in: Check for crypt_gensalt_rn.
* modules/pam_unix/pam_unix_passwd.c: Pass pamh to
create_password_hash function.
* modules/pam_unix/passverify.c (create_password_hash): Add
blowfish support.
* modules/pam_unix/passverify.h: Adjust create_password_hash
prototype.
* modules/pam_unix/support.c: Add support for blowfish option.
* modules/pam_unix/support.h: Add defines for blowfish option.
Patch from Diego Flameeyes Pettenò <flameeyes@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-12-01 Tomas Mraz <t8m@centrum.cz>
* modules/pam_access/pam_access.8.xml: Fix description of nodefgroup
option.
* modules/pam_group/pam_group.c (is_same): Fix check for correct
string length.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
Add .cvsignore file
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-11-29 Thorsten Kukuk <kukuk@thkukuk.de>
* configure.in: Check for xcrypt.h, fix typo in libaudit check.
* modules/pam_cracklib/pam_cracklib.c: Include xcrypt.h if
available.
* modules/pam_unix/bigcrypt.c: Likewise.
* modules/pam_unix/passverify.c: Likewise.
* modules/pam_userdb/pam_userdb.c: Likewise.
Patch from Diego Flameeyes Pettenò <flameeyes@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-11-29 Thorsten Kukuk <kukuk@thkukuk.de>
* doc/man/pam_getenv.3.xml: Document that application should
not free return value.
* doc/man/pam.3.xml: Add Note about thread-safeness of libpam
functions.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-11-28 Tomas Mraz <t8m@centrum.cz>
* modules/pam_tally2/pam_tally2.c (tally_check): Fix info format
to be the same as in pam_tally.
* configure.in: Add modules/pam_timestamp/Makefile.
* doc/sag/Linux-PAM_SAG.xml: Include pam_timestamp.xml.
* doc/sag/pam_timestamp.xml: New.
* libpam/pam_static_modules.h: Add pam_timestamp static struct.
* modules/Makefile.am: Add pam_timestamp directory.
* modules/pam_timestamp/Makefile.am: New.
* modules/pam_timestamp/README.xml: New.
* modules/pam_timestamp/hmacsha1.h: New.
* modules/pam_timestamp/sha1.h: New.
* modules/pam_timestamp/pam_timestamp.8.xml: New.
* modules/pam_timestamp/pam_timestamp_check.8.xml: New.
* modules/pam_timestamp/pam_timestamp.c: New.
* modules/pam_timestamp/pam_timestamp_check.c: New.
* modules/pam_timestamp/hmacfile.c: New.
* modules/pam_timestamp/hmacsha1.c: New.
* modules/pam_timestamp/sha1.c: New.
* modules/pam_timestamp/tst-pam_timestamp: New.
* po/POTFILES.in: Add pam_timestamp sources.
* po/*.po: Regenerate.
* po/cs.po: Updated translations.
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-11-28 Tomas Mraz <t8m@centrum.cz>
* modules/pam_unix/unix_update.c (set_password): Allow root to change
passwords without verification of the old ones.
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-11-25 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_pwhistory/opasswd.c (save_old_password): Fix typo.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-11-25 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_time/pam_time.c (is_same): Fix check
of correct string length (debian bug #326407).
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Fix last commit
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new testcase
Commit summary:
---------------
User entries with "|" don't work as expected.
2008-11-24 Thorsten Kukuk <kukuk@thkukuk.de>
* xtests/Makefile.am: Add pam_time1 tests.
* xtests/tst-pam_time1.c: New test case.
* xtests/tst-pam_time1.pamd: New.
* xtests/time.conf: New.
* xtests/run-xtests.sh: Copy time.conf.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-11-24 Tomas Mraz <t8m@centrum.cz>
* modules/pam_cracklib/pam_cracklib.c(pam_sm_chauthtok): Fix leaks
in error path.
* modules/pam_env/pam_env.c(_parse_env_file): Remove superfluous
condition.
* modules/pam_group/pam_group.c(check_account): Fix leak
in error path.
* modules/pam_listfile/pam_listfile.c(pam_sm_authenticate): Fix leak
in error path.
* modules/pam_securetty/pam_securetty.c(securetty_perform_check): Remove
superfluous condition.
* modules/pam_stress/pam_stress.c(stress_get_password,pam_sm_authenticate):
Remove superfluous conditions.
(pam_sm_chauthtok): Fix mistaken && for &.
* modules/pam_unix/pam_unix_auth.c(pam_sm_authenticate): Remove
superfluous condition.
All the problems fixed in this commit were found by Steve Grubb.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-11-24 Tomas Mraz <t8m@centrum.cz>
* libpam/pam_handlers.c (_pam_parse_conf_file): '-' at
beginning of type token marks silent module.
(_pam_load_module): Add handler_type parameter. Do not log
module load error if module is silent.
(_pam_add_handler): Pass handler_type to _pam_load_module().
* libpam/pam_private.h: Add PAM_HT_SILENT_MODULE.
* doc/man/pam.conf-syntax.xml: Document the '-' at beginning
of type.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-11-20 Tomas Mraz <t8m@centrum.cz>
* modules/pam_sepermit/pam_sepermit.c (sepermit_match): Do not
call sepermit_lock() if sense is deny. Do not crash on NULL seuser
match.
(pam_sm_authenticate): Try to call getseuserbyname() even if
SELinux is disabled.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: fix
Commit summary:
---------------
Revert wrong commitment
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-11-19 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_xauth/pam_xauth.c (pam_sm_open_session):
Preserve XAUTHLOCALHOSTNAME environment variable.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: missing part of new feature
Commit summary:
---------------
2008-11-19 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Finish
implementation of type=STRING option.
* modules/pam_pwhistory/pam_pwhistory.8.xml: Document
"type=STRING" option.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit:
Commit summary:
---------------
2008-10-27 Thorsten Kukuk <kukuk@thkukuk.de>
* doc/man/pam_setcred.3.xml: Document when credentials
should be deleted.
* po/ja.po: Fix syntax error.
* po/de.po: Update translations.
* po/*.po: Regenerate with pam_tally2 added.
|
