| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
While building any documentation requires xsltproc, only the PDF
documentation requires fop, which is dependency-heavy, and not always
available (e.g. it is not included in RHEL). This allows the HTML
documentation to be built while skipping the PDFs.
|
| |
|
|
|
|
|
| |
Add 'native: true' to the build config of padout.
Resolves: https://github.com/linux-pam/linux-pam/issues/850
Signed-off-by: Sietse <sietse@wizdom.nu>
|
| |
|
|
| |
There is no point in supporting two different build systems.
|
| |
|
|
|
|
| |
This also prevents a potential NULL pointer dereference in
pam_get_authtok_internal and pam_get_authtok_verify when
the pamh argument they access is set to NULL.
|
| |
|
|
|
|
|
|
|
|
| |
On my non-representative hardware, the full build using autotools
(./autogen.sh && CFLAGS=-O2 ./configure && make -j`nproc` && make -j`nproc` install)
takes about 45 seconds.
On the same hardware, the full build using meson
(meson setup -Doptimization=2 dir && meson compile -C dir && meson install -C dir)
takes just about 7.5 seconds.
|
| |
|
|
|
|
| |
doc/specs/formatter/.gitignore became irrelevant along with the whole
doc/specs/formatter directory after commit
96eb2dc401f785e2b35a2089dda24416ff9bb305 back in 2005.
|
| |
|
|
|
|
|
|
| |
Given that in most places config.h is included unconditionally,
there is no point in keeping remaining HAVE_CONFIG_H checks.
Public header files do not use config.h and therefore
are not affected by this change anyway.
|
| |
|
|
|
|
|
|
|
|
| |
* doc/custom-html.xsl.in: Remove.
* configure.ac: Do not generate doc/custom-html.xsl file.
* doc/.gitignore: Remove custom-html.xsl.
* doc/Makefile.am (DISTCLEANFILES): Remove custom-html.xsl.
(EXTRA_DIST): Remove custom-html.xsl.in.
Complements: cf2fc5ff7b4a ("doc: Update PAM documentation from DockBook 4 to DocBook 5")
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
pam_get_data manual page used to claim that PAM_NO_MODULE_DATA is
returned not only when no module specific data is present but also
when there is a corresponding data entry with NULL value.
As this claim is in contradiction with the implementation and with the
pam manual page, fix pam_get_data manual page.
* doc/man/pam_get_data.3.xml (PAM_NO_MODULE_DATA): Sync with
the implementation and with the pam manual page.
Resolves: https://github.com/linux-pam/linux-pam/pull/780
|
| | |
|
| |
|
|
|
|
|
|
| |
The two files custom-html.xsl and custom-man.xsl are created at
configure time. Only delete them on `make distclean` instead of
`make clean` to be able to re-generate manual pages afterwards.
Fixes: b285afe0ea45 ("doc: remove generated files during cleanup")
|
| |
|
|
| |
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
| |
Since pam.d.5 is a generated file, the test for existence in srcdir can
be removed.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
|
|
|
|
|
| |
Building outside of source directory fails if --disable-doc is not
explicitly chosen.
This happens because generated files are sometimes expected in the
source directory, where they won't exist.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
| |
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
| |
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
| |
|
|
|
| |
The C standard guarantees that if the argument of free() is a null
pointer, no action occurs.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This module uses the name of the user obtained via pam_get_user(3)
as a key to query the password database, and replaces PAM_USER
with the pw_name value that has been returned.
The main usage scenario is systems where a user name is used in several
distinct authentication systems, some of them being case sensitive while
others are not.
* configure.ac (AC_CONFIG_FILES): Add
modules/pam_canonicalize_user/Makefile.
* doc/sag/pam_canonicalize_user.xml: New file.
* doc/sag/Linux-PAM_SAG.xml: Add a reference to
pam_canonicalize_user.xml.
* modules/Makefile.am (SUBDIRS): Add pam_canonicalize_user.
* modules/pam_canonicalize_user/Makefile.am: New file.
* modules/pam_canonicalize_user/README.xml: New file.
* modules/pam_canonicalize_user/pam_canonicalize_user.8.xml: New file.
* modules/pam_canonicalize_user/pam_canonicalize_user.c: New file.
* modules/pam_canonicalize_user/tst-pam_canonicalize_user: New file.
|
| |
|
|
|
|
| |
pam_end.3 has additional and important information about PAM_DATA_SILENT,
copy it to pam_set_data.3 since that describes the cleanup callback where
it will be set.
|
| |
|
|
|
| |
doc/Makefile.am: Replace custom-html.xsl and custom-man.xsl with
custom-html.xsl.in and custom-man.xsl.in EXTRA_DIST
|
| |
|
|
|
|
| |
man/pam_item_types_std.inc.xml: In the past, PAM_TTY was used for tty
devices and $DISPLAY variables for X-based applications. With the
introduction of PAM_DISPLAY PAM_TTY should only be used for devices.
|
| |
|
|
|
|
|
|
|
|
| |
Make /usr/lib/pam.d and <vendordir>/pam.d more visible in the standard
manual pages, so that people don't assume there is only /etc/pam.d
* doc/man/pam.8.xml: Don't always speak about /etc/pam.d only
* doc/man/pam.conf-desc.xml: Don't always speak about /etc/pam.d only
* doc/man/pam.conf-dir.xml: Explain search path for pam config files
* doc/man/pam.conf.5.xml: Add filelist with all pam.d directories
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changed files
--------------
Make.xml.rules.in:
- Using RNG file instead of DTD file for checking XML files.
- Taking the correct stylesheet for README files.
doc/sag/Makefile.am, doc/adg/Makefile.am, doc/mwg/Makefile.am:
- Using RNG file instead of DTD file for checking XML files.
configure.ac:
- Adding a new option for selecting RNG check file (-enable-docbook-rng)
- Switching stylesheets to docbook 5
- Checking DocBook 5 environment instead of DocBook 4 environment
*.xml:
Update from DockBook 4 to DocBook 5
|
| |
|
|
|
| |
The XMLS list of xml sources for the manual pages missed some xml files
and instead contained some nroff sources.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before this change, all stylesheets were hardcoded.
With this change, stylesheets can be defined at configure stage.
* configure.ac: Add new options to configure stylesheets:
--enable-html-stylesheet=FILE
--enable-txt-stylesheet=FILE
--enable-pdf-stylesheet=FILE
--enable-man-stylesheet=FILE
* doc/custom-html.xsl: Rename to doc/custom-html.xsl.in, parametrize html
stylesheet.
* doc/custom-man.xsl: Rename to doc/custom-man.xsl.in, parametrize man
stylesheet.
* doc/.gitignore: Add custom-man.xsl and custom-html.xsl.
* doc/adg/Makefile.am: Use stylesheet variables.
* doc/mwg/Makefile.am: Likewise.
* doc/sag/Makefile.am: Likewise.
Resolves: https://github.com/linux-pam/linux-pam/pull/499
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sha1 is no longer recommended as a cryptographic algorithm for
authentication. Thus, the idea of this change is to replace the
implementation provided by hmacsha1 included in pam_timestamp module by
the one in the openssl library. This way, there's no need to maintain
the cryptographic algorithm implementation and it can be easily changed
with a single configuration change.
modules/pam_timestamp/hmac_openssl_wrapper.c: implement wrapper
functions around openssl's hmac implementation. Moreover, manage the key
generation and its read and write in a file. Include an option to
configure the cryptographic algorithm in login.defs file.
modules/pam_timestamp/hmac_openssl_wrapper.h: likewise.
modules/pam_timestamp/pam_timestamp.c: replace calls to functions
provided by hmacsha1 by functions provided by openssl's wrapper.
configure.ac: include openssl dependecy if it is enabled.
modules/pam_timestamp/Makefile.am: include new files and openssl library
to compilation.
ci/install-dependencies.sh: include openssl library to dependencies.
NEWS: add new item to next release.
Make.xml.rules.in: add stringparam profiling for hmac
doc/custom-man.xsl: change import docbook to one with profiling
modules/pam_timestamp/pam_timestamp.8.xml: add conditional paragraph to
indicate the value in /etc/login.defs that holds the value for the
encryption algorithm
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1947294
|
| |
|
|
|
|
|
|
| |
Add short blurbs explaining that if a return code is not specified in
the "[value1=action1 value2=action2 ...]" form and "default=action" is
not specified, that return code's action defaults to "bad".
Signed-off-by: Jeff Squyres <jsquyres@cisco.com>
|
| |
|
|
| |
* doc/man/pam_end.3.xml: Fix repeated words.
|
| |
|
|
|
|
|
|
|
| |
The done action does not terminate the stack processing in case
there is a failing module with bad action up in the stack.
Fixes #307
* doc/man/pam.conf-syntax.xml: Clarify the effect of 'done'.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* ci/run-build-and-tests.sh (DISTCHECK_CONFIGURE_FLAGS): Remove
--enable-tally --enable-tally2.
* configure.ac: Remove --enable-tally and --enable-tally2 options.
(AM_CONDITIONAL): Remove COND_BUILD_PAM_TALLY and COND_BUILD_PAM_TALLY2.
(AC_CONFIG_FILES): Remove modules/pam_tally/Makefile and
modules/pam_tally2/Makefile.
* doc/sag/pam_tally.xml: Remove.
* doc/sag/pam_tally2.xml: Likewise.
* doc/sag/Linux-PAM_SAG.xml: Do not include pam_tally.xml and
pam_tally2.xml.
* modules/Makefile.am (MAYBE_PAM_TALLY, MAYBE_PAM_TALLY2): Remove.
(SUBDIRS): Remove MAYBE_PAM_TALLY and MAYBE_PAM_TALLY2.
* modules/pam_tally/.gitignore: Remove.
* modules/pam_tally/Makefile.am: Likewise.
* modules/pam_tally/README.xml: Likewise.
* modules/pam_tally/faillog.h: Likewise.
* modules/pam_tally/pam_tally.8.xml: Likewise.
* modules/pam_tally/pam_tally.c: Likewise.
* modules/pam_tally/pam_tally_app.c: Likewise.
* modules/pam_tally/tst-pam_tally: Likewise.
* modules/pam_tally2/.gitignore: Likewise.
* modules/pam_tally2/Makefile.am: Likewise.
* modules/pam_tally2/README.xml: Likewise.
* modules/pam_tally2/pam_tally2.8.xml: Likewise.
* modules/pam_tally2/pam_tally2.c: Likewise.
* modules/pam_tally2/pam_tally2_app.c: Likewise.
* modules/pam_tally2/tallylog.h: Likewise.
* modules/pam_tally2/tst-pam_tally2: Likewise.
* modules/pam_timestamp/pam_timestamp_check.8.xml: Fix typo by replacing
pam_tally with pam_timestamp.
* po/POTFILES.in: Remove ./modules/pam_tally/pam_tally_app.c,
./modules/pam_tally/pam_tally.c, ./modules/pam_tally2/pam_tally2_app.c,
and ./modules/pam_tally2/pam_tally2.c.
* NEWS: Document this change.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* ci/install-dependencies.sh: Remove libcrack2-dev.
* ci/run-build-and-tests.sh (DISTCHECK_CONFIGURE_FLAGS): Remove
--enable-cracklib=check.
* conf/pam.conf: Remove references to pam_cracklib.so.
* configure.ac: Remove --enable-cracklib option.
(AC_SUBST): Remove LIBCRACK.
(AM_CONDITIONAL): Remove COND_BUILD_PAM_CRACKLIB.
(AC_CONFIG_FILES): Remove modules/pam_cracklib/Makefile.
* doc/sag/pam_cracklib.xml: Remove.
* doc/sag/Linux-PAM_SAG.xml: Do not include pam_cracklib.xml.
* modules/Makefile.am (MAYBE_PAM_CRACKLIB): Remove.
(SUBDIRS): Remove MAYBE_PAM_CRACKLIB.
* modules/pam_cracklib/Makefile.am: Remove.
* modules/pam_cracklib/README.xml: Likewise.
* modules/pam_cracklib/pam_cracklib.8.xml: Likewise.
* modules/pam_cracklib/pam_cracklib.c: Likewise.
* modules/pam_cracklib/tst-pam_cracklib: Likewise.
* xtests/tst-pam_cracklib1.c: Likewise.
* xtests/tst-pam_cracklib1.pamd: Likewise.
* xtests/tst-pam_cracklib2.c: Likewise.
* xtests/tst-pam_cracklib2.pamd: Likewise.
* modules/pam_pwhistory/pam_pwhistory.8.xml: Replace pam_cracklib
in examples with pam_passwdqc.
* modules/pam_unix/pam_unix.8.xml: Likewise.
* po/POTFILES.in: Remove ./modules/pam_cracklib/pam_cracklib.c.
* xtests/.gitignore: Remove tst-pam_cracklib1 and tst-pam_cracklib2.
* xtests/Makefile.am (EXTRA_DIST): Remove tst-pam_cracklib1.pamd
and tst-pam_cracklib2.pamd.
(XTESTS): Remove tst-pam_cracklib1 and tst-pam_cracklib2.
* NEWS: Document this change.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Every stack jump, besides the jump itself, has a side effect which is
one of 'ignore', 'ok', or 'bad'. Unfortunately, the side effect is far
from obvious because it depends on the PAM function call, and the
documentation that contradicts the implementation does not help either.
* doc/man/pam.conf-syntax.xml (actionN): Rewrite the description
of stack jump effects to match the implementation.
Fixes: 871a6e14d65c3c446ae0af51166dabc7a47a2b56
|
| |
|
|
|
| |
* doc/man/pam_get_user.3.xml (pam_get_user-return_values): Add
PAM_BUF_ERR, PAM_ABORT, and PAM_CONV_AGAIN.
|
| |
|
|
|
|
| |
Starting with commit a684595c0bbd88df71285f43fb27630e3829121e aka
Linux-PAM-1.3.0~14 (Remove "--enable-static-modules" option and support
from Linux-PAM), PAM_SM_* macros have no effect.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since Make.xml.rules is the only place where XSLTPROC_CUSTOM was used,
remove stereotypic definitions from other Makefiles, this way we no
longer have to worry about vendordir being used somewhere else in
documentation files.
Likewise, define VENDORDIR in config.h and remove stereotypic
-DVENDORDIR= additions from other Makefiles, this way we no longer
have to worry about VENDORDIR being used somewhere else in the code.
* configure.ac (AM_CONDITIONAL): Remove HAVE_VENDORDIR.
(AC_DEFINE_UNQUOTED): Add VENDORDIR.
(AC_SUBST): Remove VENDORDIR, add STRINGPARAM_VENDORDIR.
* Make.xml.rules.in: Replace $(XSLTPROC_CUSTOM) with
@STRINGPARAM_VENDORDIR@.
* doc/man/Makefile.am (XSLTPROC_CUSTOM): Remove.
* libpam/Makefile.am [HAVE_VENDORDIR]: Remove.
* modules/pam_securetty/Makefile.am [HAVE_VENDORDIR]: Remove.
(XSLTPROC_CUSTOM): Remove.
* modules/pam_securetty/pam_securetty.c: Move definitions of local
macros after config.h to benefit from macros defined there.
|
| |
|
|
|
|
|
| |
This makes disk quotas usable with central user databases, such as MySQL or
LDAP.
Resolves: https://github.com/linux-pam/linux-pam/issues/92
|
| | |
|
| |
|
|
| |
To load PAM stack configurations from specified directory
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove trailing whitespace introduced by commit
f9c9c72121eada731e010ab3620762bcf63db08f.
Remove blank lines at EOF introduced by commit
65d6735c5949ec233df9813f734e918a93fa36cf.
This makes the project free of warnings reported by
git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD
* doc/custom-html.xsl: Remove blank line at EOF.
* doc/custom-man.xsl: Likewise.
* modules/pam_motd/pam_motd.c: Remove trailing whitespace.
|
| |
|
|
|
|
| |
Signed-off-by: Russ Allbery <rra@debian.org>
Bug-Debian: https://bugs.debian.org/651560
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
To be able to set CFLAGS from make command-line but not to lose the
warning flags.
* configure.ac: Put warning flags to WARN_CFLAGS instead of CFLAGS.
* */Makefile.am: Apply WARN_CFLAGS to AM_CFLAGS.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* conf/pam_conv1/Makefile.am: Add -Wno-unused-function -Wno-sign-compare to CFLAGS.
* doc/specs/Makefile.am: Likewise.
* libpamc/include/security/pam_client.h: Explicitly compare old_p with NULL.
* modules/pam_access/pam_access.c: Avoid double const.
* modules/pam_filter/pam_filter.c: Avoid arbitrary constants. Avoid strncpy()
without copying the NUL byte.
* modules/pam_group/pam_group.c: Mark switch fallthrough with comment.
* modules/pam_time/pam_time.c: Likewise.
* modules/pam_limits/pam_limits.c: Remove unused units variable.
* modules/pam_listfile/pam_listfile.c: Avoid unnecessary strncpy, use pointers.
* modules/pam_rootok/pam_rootok.c (log_callback): Mark unused parameter.
* modules/pam_selinux/pam_selinux.c: Use string_to_security_class() instead
of hardcoded value.
* modules/pam_sepermit/pam_sepermit.c: Properly cast when comparing.
* modules/pam_succeed_if/pam_succeed_if.c: Mark unused parameters.
* modules/pam_unix/pam_unix_passwd.c: Remove unused variables and properly
cast for comparison.
* modules/pam_unix/support.c: Remove unused function.
|
| | |
|
