aboutsummaryrefslogtreecommitdiff
path: root/libpam
Commit message (Collapse)AuthorAgeFilesLines
* Add grantor field to audit records of libpam.Tomas Mraz2014-09-058-46/+119
| | | | | | | | | | | | | | | | | | | | | | | | | | | The grantor field gives audit trail of PAM modules which granted access for successful return from libpam calls. In case of failed return the grantor field is set to '?'. libpam/pam_account.c (pam_acct_mgmt): Remove _pam_auditlog() call. libpam/pam_auth.c (pam_authenticate, pam_setcred): Likewise. libpam/pam_password.c (pam_chauthtok): Likewise. libpam/pam_session.c (pam_open_session, pam_close_session): Likewise. libpam/pam_audit.c (_pam_audit_writelog): Add grantors parameter, add grantor= field to the message if grantors is set. (_pam_list_grantors): New function creating the string with grantors list. (_pam_auditlog): Add struct handler pointer parameter, call _pam_list_grantors() to list the grantors from the handler list. (_pam_audit_end): Add NULL handler parameter to _pam_auditlog() call. (pam_modutil_audit_write): Add NULL grantors parameter to _pam_audit_writelog(). libpam/pam_dispatch.c (_pam_dispatch_aux): Set h->grantor where appropriate. (_pam_clear_grantors): New function to clear grantor field of handler. (_pam_dispatch): Call _pam_clear_grantors() before executing the stack. Call _pam_auditlog() when appropriate. libpam/pam_handlers.c (extract_modulename): Do not allow empty module name or just "?" to avoid confusing audit trail. (_pam_add_handler): Test for NULL return from extract_modulename(). Clear grantor field of handler. libpam/pam_private.h: Add grantor field to struct handler, add handler pointer parameter to _pam_auditlog().
* Introduce pam_modutil_sanitize_helper_fdsDmitry V. Levin2014-01-274-1/+194
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change introduces pam_modutil_sanitize_helper_fds - a new function that redirects standard descriptors and closes all other descriptors. pam_modutil_sanitize_helper_fds supports three types of input and output redirection: - PAM_MODUTIL_IGNORE_FD: do not redirect at all. - PAM_MODUTIL_PIPE_FD: redirect to a pipe. For stdin, it is implemented by creating a pipe, closing its write end, and redirecting stdin to its read end. Likewise, for stdout/stderr it is implemented by creating a pipe, closing its read end, and redirecting to its write end. Unlike stdin redirection, stdout/stderr redirection to a pipe has a side effect that a process writing to such descriptor should be prepared to handle SIGPIPE appropriately. - PAM_MODUTIL_NULL_FD: redirect to /dev/null. For stdin, it is implemented via PAM_MODUTIL_PIPE_FD because there is no functional difference. For stdout/stderr, it is classic redirection to /dev/null. PAM_MODUTIL_PIPE_FD is usually more suitable due to linux kernel security restrictions, but when the helper process might be writing to the corresponding descriptor and termination of the helper process by SIGPIPE is not desirable, one should choose PAM_MODUTIL_NULL_FD. * libpam/pam_modutil_sanitize.c: New file. * libpam/Makefile.am (libpam_la_SOURCES): Add it. * libpam/include/security/pam_modutil.h (pam_modutil_redirect_fd, pam_modutil_sanitize_helper_fds): New declarations. * libpam/libpam.map (LIBPAM_MODUTIL_1.1.9): New interface. * modules/pam_exec/pam_exec.c (call_exec): Use pam_modutil_sanitize_helper_fds. * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Likewise. * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Likewise. * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): Likewise. * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise. * modules/pam_xauth/pam_xauth.c (run_coprocess): Likewise. * modules/pam_unix/support.h (MAX_FD_NO): Remove.
* Respect PAM_AUTHTOK_TYPE in pam_get_authtok_verify().Tomas Mraz2012-08-131-0/+5
| | | | | | libpam/pam_get_authtok.c (pam_get_authtok_internal): Set the PAM_AUTHTOK_TYPE item when obtained from module options. (pam_get_authtok_verify): Use the PAM_AUTHTOK_TYPE item when prompting.
* pam_unix: make configuration consistent in --enable-static-modules modeDmitry V. Levin2012-02-031-8/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In --enable-static-modules mode, it was not possible to use "pam_unix" in PAM config files. Instead, different names had to be used for each management group: pam_unix_auth, pam_unix_acct, pam_unix_passwd and pam_unix_session. This change makes pam_unix configuration consistent with other PAM modules. * README: Remove the paragraph describing pam_unix distinctions in --enable-static-modules mode. * libpam/pam_static_modules.h (_pam_unix_acct_modstruct, _pam_unix_auth_modstruct, _pam_unix_passwd_modstruct, _pam_unix_session_modstruct): Remove. (_pam_unix_modstruct): New pam_module declaration. * modules/pam_unix/pam_unix_static.h: New file. * modules/pam_unix/pam_unix_static.c: Likewise. * modules/pam_unix/Makefile.am (noinst_HEADERS): Add pam_unix_static.h (pam_unix_la_SOURCES) [STATIC_MODULES]: Add pam_unix_static.c * modules/pam_unix/pam_unix_acct.c [PAM_STATIC]: Include pam_unix_static.h [PAM_STATIC] (_pam_unix_acct_modstruct): Remove. * modules/pam_unix/pam_unix_auth.c [PAM_STATIC]: Include pam_unix_static.h [PAM_STATIC] (_pam_unix_auth_modstruct): Remove. * modules/pam_unix/pam_unix_passwd.c [PAM_STATIC]: Include pam_unix_static.h [PAM_STATIC] (_pam_unix_passwd_modstruct): Remove. * modules/pam_unix/pam_unix_sess.c [PAM_STATIC]: Include pam_unix_static.h [PAM_STATIC] (_pam_unix_session_modstruct): Remove. Suggested-by: Matveychikov Ilya <i.matveychikov@securitycode.ru>
* Make --disable-cracklib compatible with --enable-static-modules modeDmitry V. Levin2012-01-271-0/+2
| | | | | | * configure.in: Define HAVE_LIBCRACK when cracklib is enabled. * libpam/pam_static_modules.h (static_modules): Guard the use of _pam_cracklib_modstruct by HAVE_LIBCRACK macro.
* Add missing includes for types used in the pam_modutil.h.Tomas Mraz2012-02-101-0/+5
| | | | * libpam/include/security/pam_modutil.h: Add missing includes for used types.
* Fix compile time errors in --enable-static-modules modeMatveychikov Ilya2012-01-271-2/+0
| | | | | | | | | | | | | | | * libpam/pam_static_modules.h (_pam_rhosts_auth_modstruct): Remove obsolete declaration. (static_modules): Remove undefined reference to _pam_rhosts_auth_modstruct. * modules/pam_pwhistory/opasswd.h: Rename {save,check}_old_password to {save,check}_old_pass in order to avoid conflicts with pam_unix. * modules/pam_pwhistory/opasswd.c: Likewise. * modules/pam_pwhistory/pam_pwhistory.c: Likewise. * modules/pam_tally2/pam_tally2.c: Rename _pam_tally_modstruct to _pam_tally2_modstruct. Signed-off-by: Matveychikov Ilya <i.matveychikov@securitycode.ru>
* pam_start: fix memory leak on error pathDmitry V. Levin2011-12-261-0/+2
| | | | | | | | * libpam/pam_start.c (pam_start): If _pam_make_env() or _pam_init_handlers() returned an error, release the memory allocated for pam_conv structure. Patch-by: cancel <suntsu@yandex.ru>.
* Update .gitignore filesDmitry V. Levin2011-10-271-8/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * .gitignore: Add common ignore patterns. * m4/.gitignore: Unignore local m4 files. * dynamic/.gitignore: Unignore Makefile. * libpamc/test/modules/.gitignore: Likewise. * libpamc/test/regress/.gitignore: Likewise. * po/.gitignore: Add Makevars.template. * conf/.gitignore: Remove common ignore patterns. * conf/pam_conv1/.gitignore: Likewise. * doc/.gitignore: Likewise. * doc/specs/.gitignore: Likewise. * doc/specs/formatter/.gitignore: Likewise. * examples/.gitignore: Likewise. * modules/pam_filter/upperLOWER/.gitignore: Likewise. * modules/pam_mkhomedir/.gitignore: Likewise. * modules/pam_selinux/.gitignore: Likewise. * modules/pam_stress/.gitignore: Likewise. * modules/pam_tally/.gitignore: Likewise. * modules/pam_tally2/.gitignore: Likewise. * modules/pam_timestamp/.gitignore: Likewise. * modules/pam_unix/.gitignore: Likewise. * tests/.gitignore: Likewise. * xtests/.gitignore: Likewise. * doc/adg/.gitignore: Remove. * doc/man/.gitignore: Remove. * doc/mwg/.gitignore: Remove. * doc/sag/.gitignore: Remove. * libpamc/.gitignore: Remove. * libpamc/test/.gitignore: Remove. * libpam/.gitignore: Remove. * libpam_misc/.gitignore: Remove. * modules/.gitignore: Remove. * modules/pam_access/.gitignore: Remove. * modules/pam_cracklib/.gitignore: Remove. * modules/pam_debug/.gitignore: Remove. * modules/pam_deny/.gitignore: Remove. * modules/pam_echo/.gitignore: Remove. * modules/pam_env/.gitignore: Remove. * modules/pam_exec/.gitignore: Remove. * modules/pam_faildelay/.gitignore: Remove. * modules/pam_filter/.gitignore: Remove. * modules/pam_ftp/.gitignore: Remove. * modules/pam_group/.gitignore: Remove. * modules/pam_issue/.gitignore: Remove. * modules/pam_keyinit/.gitignore: Remove. * modules/pam_lastlog/.gitignore: Remove. * modules/pam_limits/.gitignore: Remove. * modules/pam_listfile/.gitignore: Remove. * modules/pam_localuser/.gitignore: Remove. * modules/pam_loginuid/.gitignore: Remove. * modules/pam_mail/.gitignore: Remove. * modules/pam_motd/.gitignore: Remove. * modules/pam_namespace/.gitignore: Remove. * modules/pam_nologin/.gitignore: Remove. * modules/pam_permit/.gitignore: Remove. * modules/pam_pwhistory/.gitignore: Remove. * modules/pam_rhosts/.gitignore: Remove. * modules/pam_rootok/.gitignore: Remove. * modules/pam_securetty/.gitignore: Remove. * modules/pam_sepermit/.gitignore: Remove. * modules/pam_shells/.gitignore: Remove. * modules/pam_succeed_if/.gitignore: Remove. * modules/pam_time/.gitignore: Remove. * modules/pam_tty_audit/.gitignore: Remove. * modules/pam_umask/.gitignore: Remove. * modules/pam_userdb/.gitignore: Remove. * modules/pam_warn/.gitignore: Remove. * modules/pam_wheel/.gitignore: Remove. * modules/pam_xauth/.gitignore: Remove.
* Rename all .cvsignore files to .gitignoreDmitry V. Levin2011-10-271-0/+0
|
* Fix whitespace issuesDmitry V. Levin2011-10-2617-55/+52
| | | | | | Cleanup trailing whitespaces, indentation that uses spaces before tabs, and blank lines at EOF. Make the project free of warnings reported by git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD
* 2011-06-22 Thorsten Kukuk <kukuk@thkukuk.de>Thorsten Kukuk2011-06-211-1/+1
| | | | | | | | | * release version 1.1.4 * configure.in: Bump version number. * NEWS: Document changes since 1.1.3 * libpam/Makefile.am: Bump release number of shared library * po/de.po: Translate new string.
* 2011-06-14 Thorsten Kukuk <kukuk@thkukuk.de>Thorsten Kukuk2011-06-141-1/+2
| | | | | | | | | | * configure.in: Check for libtirpc bye default. * libpam/Makefile.am: Add support for libtirpc. * modules/pam_access/Makefile.am: Likewise. * modules/pam_unix/Makefile.am: Likewise. * modules/pam_unix/pam_unix_passwd.c: Change ifdefs for new libtirpc support. * modules/pam_unix/yppasswd_xdr.c: Only compile if we have rpc/rpc.h.
* 2011-05-30 Thorsten Kukuk <kukuk@thkukuk.de>Thorsten Kukuk2011-05-301-3/+3
| | | | | | | | | | | * modules/pam_timestamp/pam_timestamp.c (main): Remove unsused variable pretval. * modules/pam_stress/pam_stress.c (converse): **message is const. (stress_get_password): pmsg is const. (pam_sm_chauthtok): Likewise. * libpam/pam_item.c (pam_get_user): Make pmsg const and remove casts.
* Relevant BUGIDs:Thorsten Kukuk2010-10-281-1/+1
| | | | | | | | | | | | | | | | | Purpose of commit: release Commit summary: --------------- 2010-10-28 Thorsten Kukuk <kukuk@thkukuk.de> * release version 1.1.3 * configure.in: Increase version to 1.1.3 * NEWS: document visible changes * libpam/Makefile.am (libpam_la_LDFLAGS): Bump version number.
* Relevant BUGIDs:Dmitry V. Levin2010-10-034-1/+202
| | | | | | | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-10-04 Dmitry V. Levin <ldv@altlinux.org> * libpam/pam_modutil_priv.c: New file. * libpam/Makefile.am (libpam_la_SOURCES): Add it. * libpam/include/security/pam_modutil.h (struct pam_modutil_privs, PAM_MODUTIL_DEF_PRIVS, pam_modutil_drop_priv, pam_modutil_regain_priv): New declarations. * libpam/libpam.map (LIBPAM_MODUTIL_1.1.3): New interface. * modules/pam_env/pam_env.c (handle_env): Use new pam_modutil interface. * modules/pam_mail/pam_mail.c (_do_mail): Likewise. * modules/pam_xauth/pam_xauth.c (check_acl, pam_sm_open_session, pam_sm_close_session): Likewise. (pam_sm_open_session): Remove redundant fchown call. Fixes CVE-2010-3430, CVE-2010-3431.
* Relevant BUGIDs:Thorsten Kukuk2010-08-311-1/+1
| | | | | | | | | | | | | | | | | | | Purpose of commit: new release Commit summary: --------------- 2010-08-31 Thorsten Kukuk <kukuk@thkukuk.de> * release version 1.1.2 * configure.in: Bump version number. * NEWS: Document changes since 1.1.1. * doc/adg/Linux-PAM_ADG.xml: Bump version number. * doc/mwg/Linux-PAM_MWG.xml: Likewise. * doc/sag/Linux-PAM_SAG.xml: Likewise. * libpam/Makefile.am: Bump revision of shared library. * po/*.po: Regenerate.
* Relevant BUGIDs:Tomas Mraz2010-02-091-9/+10
| | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-02-09 Tomas Mraz <t8m@centrum.cz> * libpam/pam_get_authtok.c (pam_get_authtok_internal): Fix regression in the new password prompt.
* Relevant BUGIDs: 2892529Thorsten Kukuk2009-12-085-7/+5
| | | | | | | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2009-12-08 Thorsten Kukuk <kukuk@thkukuk.de> * configure.in: Rename DEBUG to PAM_DEBUG. * libpam/pam_env.c: Likewise * libpam/pam_handlers.c: Likewise * libpam/pam_miscc.c: Likewise * libpam/pam_password.c: Likewise * libpam/include/security/_pam_macros.h: Likewise * libpamc/test/modules/pam_secret.c: Likewise * modules/pam_group/pam_group.c: Likewise * modules/pam_listfile/pam_listfile.c: Likewise * modules/pam_unix/pam_unix_auth.c: Likewise * modules/pam_unix/pam_unix_passwd.c: Likewise
* Relevant BUGIDs:Thorsten Kukuk2009-11-104-9/+93
| | | | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: regression fix Commit summary: --------------- 2009-11-10 Thorsten Kukuk <kukuk@suse.de> * doc/man/pam_get_authtok.3.xml: Document pam_get_authtok_noverify and pam_get_authtok_verify. * libpam/Makefile.am (libpam_la_LDFLAGS): Bump revesion of libpam. * libpam/pam_get_authtok.c (pam_get_authtok_internal): Renamed from pam_get_authtok, add flags argument, always check return values. * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Use pam_get_authtok_noverify and pam_get_authtok_verify. * libpam/include/security/pam_ext.h: Add prototypes for pam_get_authtok_noverify and pam_get_authtok_verify. * libpam/libpam.map: Add new pam_get_authtok_* functions.
* Relevant BUGIDs:Thorsten Kukuk2009-03-091-1/+1
| | | | | | | | | | | | | | | Purpose of commit: release Commit summary: --------------- 2009-03-09 Thorsten Kukuk <kukuk@thkukuk.de> * release version 1.0.91 * libpam/Makefile.am (libpam_la_LDFLAGS): Bump version number. * xtests/Makefile.am: Add tst-pam_unix4.pamd, tst-pam_unix4.sh and time.conf.
* Relevant BUGIDs:Thorsten Kukuk2009-02-251-3/+4
| | | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2009-02-25 Thorsten Kukuk <kukuk@thkukuk.de> * libpam/pam_misc.c (_pam_StrTok): Use unsigned char instead of int. Reported by Marcus Granado. * tests/Makefile.am (TESTS): Add tst-pam_mkargv. * tests/tst-pam_mkargv.c (main): Test case for _pam_mkargv. * po/de.po: Update fuzzy translations.
* Relevant BUGIDs:Thorsten Kukuk2009-02-181-1/+7
| | | | | | | | | | | | Purpose of commit: sanity check Commit summary: --------------- 2009-02-18 Thorsten Kukuk <kukuk@thkukuk.de> * libpam/pam_password.c (pam_chauthtok): Make sure applications don't set internal flags.
* Relevant BUGIDs: bugzilla.novell.com#470337Thorsten Kukuk2009-02-171-8/+4
| | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2009-02-17 Thorsten Kukuk <kukuk@thkukuk.de> * doc/man/pam_sm_chauthtok.3.xml: Document that sufficient can break the PRELIM_CHECK chain. * libpam/pam_dispatch.c: Don't freeze chain for chauthtok [bugzilla.novell.com#470337]
* Relevant BUGIDs:Thorsten Kukuk2008-12-116-11/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2008-12-10 Thorsten Kukuk <kukuk@thkukuk.de> * doc/man/pam_item_types_ext.inc.xml: Document PAM_AUTHTOK_TYPE. * libpam/pam_end.c (pam_end): Free authtok_type. * tests/tst-pam_get_item.c: Add PAM_AUTHTOK_TYPE as test case. * tests/tst-pam_set_item.c: Likewise. * libpam/pam_start.c (pam_start): Initialize xdisplay, xauth and authtok_type. * libpam/pam_get_authtok.c (pam_get_authtok): Rename "type" to "authtok_type". * modules/pam_cracklib/pam_cracklib.8.xml: Replace "type=" with "authtok_type=". * doc/man/pam_get_authtok.3.xml: Document authtok_type argument. * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Set type= argument as PAM_AUTHTOK_TYPE item. * libpam/pam_get_authtok.c (pam_get_authtok): If no type argument given, use PAM_AUTHTOK_TYPE item. * libpam/pam_item.c (pam_get_item): Fetch PAM_AUTHTOK_TYPE item. (pam_set_item): Store PAM_AUTHTOK_TYPE item. * libpam/pam_private.h: Add authtok_type to pam_handle. * libpam/include/security/_pam_types.h (PAM_AUTHTOK_TYPE): New.
* Relevant BUGIDs:Thorsten Kukuk2008-12-036-5/+186
| | | | | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2008-12-03 Thorsten Kukuk <kukuk@suse.de> * doc/man/Makefile.am: Add pam_get_authtok.3.xml. * doc/man/pam_get_authtok.3.xml: New. * libpam/Makefile.am: Add pam_get_authtok.c. * libpam/libpam.map: Export pam_get_authtok. * libpam/pam_get_authtok.c: New. * libpam/pam_private.h: Add mod_argc and mod_argv to pam_handle. * libpam_include/security/pam_ext.h: Add pam_get_authtok prototype. * modules/pam_cracklib/pam_cracklib.c: Use pam_get_authtok. * modules/pam_pwhistory/pam_pwhistory.c: Likewise. * po/POTFILES.in: Add libpam/pam_get_authtok.c. * xtests/tst-pam_cracklib1.c: Adjust error codes. * modules/pam_timestamp/Makefile.am: Remove hmactest.c from EXTRA_DIST. * po/*.po: Regenerated.
* Relevant BUGIDs:Tomas Mraz2008-11-281-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2008-11-28 Tomas Mraz <t8m@centrum.cz> * modules/pam_tally2/pam_tally2.c (tally_check): Fix info format to be the same as in pam_tally. * configure.in: Add modules/pam_timestamp/Makefile. * doc/sag/Linux-PAM_SAG.xml: Include pam_timestamp.xml. * doc/sag/pam_timestamp.xml: New. * libpam/pam_static_modules.h: Add pam_timestamp static struct. * modules/Makefile.am: Add pam_timestamp directory. * modules/pam_timestamp/Makefile.am: New. * modules/pam_timestamp/README.xml: New. * modules/pam_timestamp/hmacsha1.h: New. * modules/pam_timestamp/sha1.h: New. * modules/pam_timestamp/pam_timestamp.8.xml: New. * modules/pam_timestamp/pam_timestamp_check.8.xml: New. * modules/pam_timestamp/pam_timestamp.c: New. * modules/pam_timestamp/pam_timestamp_check.c: New. * modules/pam_timestamp/hmacfile.c: New. * modules/pam_timestamp/hmacsha1.c: New. * modules/pam_timestamp/sha1.c: New. * modules/pam_timestamp/tst-pam_timestamp: New. * po/POTFILES.in: Add pam_timestamp sources. * po/*.po: Regenerate. * po/cs.po: Updated translations.
* Relevant BUGIDs: rhbz#471762Tomas Mraz2008-11-242-23/+34
| | | | | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2008-11-24 Tomas Mraz <t8m@centrum.cz> * libpam/pam_handlers.c (_pam_parse_conf_file): '-' at beginning of type token marks silent module. (_pam_load_module): Add handler_type parameter. Do not log module load error if module is silent. (_pam_add_handler): Pass handler_type to _pam_load_module(). * libpam/pam_private.h: Add PAM_HT_SILENT_MODULE. * doc/man/pam.conf-syntax.xml: Document the '-' at beginning of type.
* Relevant BUGIDs:Tomas Mraz2008-10-171-0/+2
| | | | | | | | | | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2008-10-17 Tomas Mraz <t8m@centrum.cz> * configure.in: Add modules/pam_tally2/Makefile. * doc/sag/Linux-PAM_SAG.xml: Include pam_tally2.xml. * doc/sag/pam_tally2.xml: New. * libpam/pam_static_modules.h: Add pam_tally2 static struct. * modules/Makefile.am: Add pam_tally2 directory. * modules/pam_tally2/Makefile.am: New. * modules/pam_tally2/README.xml: New. * modules/pam_tally2/tallylog.h: New. * modules/pam_tally2/pam_tally2.8.xml: New. * modules/pam_tally2/pam_tally2.c: New. * modules/pam_tally2/pam_tally2_app.c: New. * modules/pam_tally2/tst-pam_tally2: New. * po/POTFILES.in: Add pam_tally2 sources.
* Relevant BUGIDs:Thorsten Kukuk2008-10-101-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2008-10-10 Thorsten Kukuk <kukuk@thkukuk.de> * configure.in: add modules/pam_pwhistory/Makefile. * doc/sag/Linux-PAM_SAG.xml: Include pam_pwhistory.xml. * doc/sag/pam_pwhistory.xml: New. * libpam/pam_static_modules.h: Add pam_pwhistory data. * modules/Makefile.am: Add pam_pwhistory directory. * modules/pam_pwhistory/Makefile.am: New. * modules/pam_pwhistory/README.xml: New. * modules/pam_pwhistory/opasswd.c: New. * modules/pam_pwhistory/opasswd.h: New. * modules/pam_pwhistory/pam_pwhistory.8.xml: New. * modules/pam_pwhistory/pam_pwhistory.c: New. * modules/pam_pwhistory/tst-pam_pwhistory: New. * xtests/Makefile.am: New. * xtests/run-xtests.sh: New. * xtests/tst-pam_pwhistory1.c: New. * xtests/tst-pam_pwhistory1.pamd: New. * xtests/tst-pam_pwhistory1.sh: New. * po/POTFILES.in: Add modules/pam_pwhistory/. * po/de.po: Update translations.
* Relevant BUGIDs:Tomas Mraz2008-05-146-7/+8
| | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2008-05-14 Tomas Mraz <t8m@centrum.cz> * libpam/pam_modutil_getgrgid.c: Replace hardcoded constant with define PWD_LENGTH_SHIFT. * libpam/pam_modutil_getgrnam.c: Likewise. * libpam/pam_modutil_getpwnam.c: Likewise. * libpam/pam_modutil_getpwuid.c: Likewise. * libpam/pam_modutil_getspnam.c: Likewise. * libpam/pam_modutil_private.h: Adjust values for PWD_ constants.
* Relevant BUGIDs:Tomas Mraz2008-04-081-11/+19
| | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2008-04-08 Tomas Mraz <t8m@centrum.cz> * libpam/pam_item.c (TRY_SET): Do not set when destination is identical to source. (pam_set_item): Do not overwrite destination when it is identical to source.
* Relevant BUGIDs:Thorsten Kukuk2008-04-041-1/+1
| | | | | | | | | | | | | | | | | | | Purpose of commit: release Commit summary: --------------- Release Version 1.0.0 2008-04-03 Thorsten Kukuk <kukuk@thkukuk.de> * release version 1.0.0 * configure.in: Set version number to 1.0.0. * libpam/Makefile.am: Bump patchlevel of libpam. * doc/adg/Linux-PAM_ADG.xml: Update version/date. * doc/mwg/Linux-PAM_MWG.xml: Likewise. * doc/sag/Linux-PAM_SAG.xml: Likewise.
* Relevant BUGIDs:Tomas Mraz2008-03-031-35/+31
| | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2008-03-03 Tomas Mraz <t8m@centrum.cz> * libpam/pam_item.c(RESET): Rename to TRY_SET, handle strdup failure. (pam_set_item): Use TRY_SET() also for PAM_AUTHTOK and PAM_OLDAUTHTOK. Handle allocation failure for PAM_XAUTHDATA. (pam_get_user): Return error when conversation returns NULL user. Call pam_set_item() instead of RESET().
* Relevant BUGIDs: rhbz#433459Tomas Mraz2008-02-211-10/+9
| | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2008-02-21 Tomas Mraz <t8m@centrum.cz> * libpam/pam_audit.c (_pam_audit_writelog): Silence syslog message on non-error return. * modules/pam_unix/unix_chkpwd.c (main): Proceed as unprivileged user when checking password of another user. * modules/pam_unix/unix_update.c: Fix comment.
* Relevant BUGIDs:Dmitry V. Levin2008-02-181-2/+3
| | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2008-02-18 Dmitry V. Levin <ldv@altlinux.org> * libpam/pam_handlers.c (_pam_assemble_line): Fix potential buffer overflow. * xtests/tst-pam_assemble_line.pamd: New test for _pam_assemble_line. * xtests/tst-pam_assemble_line.sh: New script for tst-pam_assemble_line. * xtests/Makefile.am (NOSRCTESTS): Add tst-pam_assemble_line.
* Relevant BUGIDs:Thorsten Kukuk2008-02-042-1/+3
| | | | | | | | | | | | | | | | Purpose of commit: bugfixes Commit summary: --------------- 2008-02-04 Thorsten Kukuk <kukuk@thkukuk.de> * libpam/pam_static_modules.h: Add _pam_sepermit_modstruct. * modules/pam_sepermit/pam_sepermit.c: Fix typo. * README: Add --disable-pie to configure options for static library. * doc/man/Makefile.am: Fix building outside of src directory.
* Relevant BUGIDs:Thorsten Kukuk2008-01-284-7/+9
| | | | | | | | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2008-01-28 Thorsten Kukuk <kukuk@thkukuk.de> * libpam/pam_audit.c: Include pam_modutil_private.h. * libpam/pam_item.c (pam_set_item): Fix compiler warning. * libpam/pam_end.c (pam_end): Cast to correct pointer type. * libpam/include/security/_pam_macros.h (_pam_overwrite_n): Use unsigned int.
* Relevant BUGIDs:Tomas Mraz2007-12-073-6/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: new feature and cleanup Commit summary: --------------- 2007-12-07 Tomas Mraz <t8m@centrum.cz> * libpam/libpam.map: Add LIBPAM_MODUTIL_1.1 version. * libpam/pam_audit.c: Add _pam_audit_open() and pam_modutil_audit_write(). (_pam_auditlog): Call _pam_audit_open(). * libpam/include/security/pam_modutil.h: Add pam_modutil_audit_write(). * modules/pam_access/pam_access.8.xml: Add noaudit option. Document auditing. * modules/pam_access/pam_access.c: Move fs, sep, pam_access_debug, and only_new_group_syntax variables to struct login_info. Add noaudit member. (_parse_args): Adjust for the move of variables and add support for noaudit option. (group_match): Add debug parameter. (string_match): Likewise. (network_netmask_match): Likewise. (login_access): Adjust for the move of variables. Add nonall_match. Add call to pam_modutil_audit_write(). (list_match): Adjust for the move of variables. (user_match): Likewise. (from_match): Likewise. (pam_sm_authenticate): Call _parse_args() earlier. * modules/pam_limits/pam_limits.8.xml: Add noaudit option. Document auditing. * modules/pam_limits/pam_limits.c (_pam_parse): Add noaudit option. (setup_limits): Call pam_modutil_audit_write(). * modules/pam_time/pam_time.8.xml: Add debug and noaudit options. Document auditing. * modules/pam_time/pam_time.c: Add option parsing (_pam_parse()). (check_account): Call _pam_parse(). Call pam_modutil_audit_write() and pam_syslog() on login denials.
* Relevant BUGIDs:Tomas Mraz2007-12-066-0/+84
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2007-12-06 Eamon Walsh <ewalsh@tycho.nsa.gov> * libpam/include/security/_pam_macros.h: Add _pam_overwrite_n() macro. * libpam/include/security/_pam_types.h: Add PAM_XDISPLAY, PAM_XAUTHDATA items, pam_xauth_data struct. * libpam/pam_item.c (pam_set_item, pam_get_item): Handle PAM_XDISPLAY and PAM_XAUTHDATA items. * libpam/pam_end.c (pam_end): Destroy the new items. * libpam/pam_private.h (pam_handle): Add data members for new items. Add prototype for _pam_memdup. * libpam/pam_misc.c: Add _pam_memdup. * doc/man/Makefile.am: Add pam_xauth_data.3. Replace pam_item_types.inc.xml with pam_item_types_std.inc.xml and pam_item_types_ext.inc.xml. * doc/man/pam_get_item.3.xml: Replace pam_item_types.inc.xml with pam_item_types_std.inc.xml and pam_item_types_ext.inc.xml. * doc/man/pam_set_item.3.xml: Likewise. * doc/man/pam_item_types.inc.xml: Removed file. * doc/man/pam_item_types_ext.inc.xml: New file. * doc/man/pam_item_types_std.inc.xml: New file.
* Relevant BUGIDs:Tomas Mraz2007-12-051-0/+6
| | | | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2007-12-05 Miloslav Trmac <mitr@redhat.com> * configure.in: Add test for audit_tty_status struct. Add pam_tty_audit module. * libpam/pam_static_modules.h: Add pam_tty_audit module. * modules/pam_tty_audit/Makefile.am: New file. * modules/pam_tty_audit/README.xml: Likewise. * modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise. * modules/pam_tty_audit/pam_tty_audit.c: Likewise.
* Relevant BUGIDs: 1822779Thorsten Kukuk2007-11-062-4/+8
| | | | | | | | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2007-11-06 Thorsten Kukuk <kukuk@thkukuk.de> * libpam/pam_static_modules.h: Fix name of pam_namespace variable. 2007-10-30 Peter Breitenlohner <peb@mppmu.mpg.de> * tests/tst-dlopen.c: Return 77 in case of static modules, such that all modules/pam_*/tst-pam_* tests yield SKIP instead of FAIL. * libpam/Makefile.am (libpam_la_LIBADD): Use "$(shell ls ...)" instead of "`ls ...`", to allow for static modules. * libpam/pam_static_modules.h: Make pam_keyinit module depend on HAVE_KEY_MANAGEMENT; correct name of pam_faildelay pam_module struct. * modules/pam_faildelay/pam_faildelay.c: Correct name of pam_module struct.
* Relevant BUGIDs:Tomas Mraz2007-10-195-106/+191
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2007-10-19 Tomas Mraz <t8m@centrum.cz> * xtests/tst-pam_access1.c: Use different name for user and group. * xtests/tst-pam_access1.sh: Likewise. * xtests/tst-pam_access2.c: Likewise. * xtests/tst-pam_access2.sh: Likewise. * xtests/tst-pam_access4.c: Likewise. * xtests/tst-pam_access4.sh: Likewise. * xtests/group.conf: Likewise. * xtests/tst-pam_group1.c: Likewise. * xtests/tst-pam_group1.sh: Likewise. * libpam/pam_dispatch.c (_pam_dispatch_aux): Save states for substacks, record substack level, skip over virtual substack modules, implement evaluation of done, die, reset and jumps in substacks. Also fixes too far jumps in substacks. * libpam/pam_end.c (pam_end): Drop substack evaluation states. * libpam/pam_handlers.c (_pam_parse_conf_file): Add substack level parameter, instead of must_fail use handler_type needed for virtual substack modules. (_pam_load_conf_file): Add substack level parameter. (_pam_init_handlers): Substack level parameter added to _pam_parse_conf_file() calls. (_pam_load_module): New function. (_pam_add_handler): Refactor code into the _pam_load_module(). Add support for virtual substack modules. * libpam/pam_private.h: Rename must_fail to handler_type, add stack_level to struct handler. Define handler type constants. Add struct for substack evaluation states. Define constant for maximum substack level. Add substack states pointer to former state struct. * libpam/pam_start.c (pam_start): Initialize pointer to substack states. * doc/man/pam.conf-syntax.xml: Document substack control. * xtests/Makefile.am: Add new tests for substack evaluation. * xtests/run_xtests.sh: Support multiple .pamd files in a test. * xtests/tst-pam_authfail.pamd: New tests for substack evaluation. * xtests/tst-pam_authsucceed.pamd: Likewise. * xtests/tst-pam_substack1.pamd: Likewise. * xtests/tst-pam_substack1a.pamd: Likewise. * xtests/tst-pam_substack1.sh: Likewise. * xtests/tst-pam_substack2.pamd: Likewise. * xtests/tst-pam_substack2a.pamd: Likewise. * xtests/tst-pam_substack2.sh: Likewise. * xtests/tst-pam_substack3.pamd: Likewise. * xtests/tst-pam_substack3a.pamd: Likewise. * xtests/tst-pam_substack3.sh: Likewise. * xtests/tst-pam_substack4.pamd: Likewise. * xtests/tst-pam_substack4a.pamd: Likewise. * xtests/tst-pam_substack4.sh: Likewise. * xtests/tst-pam_substack5.pamd: Likewise. * xtests/tst-pam_substack5a.pamd: Likewise. * xtests/tst-pam_substack5.sh: Likewise.
* Relevant BUGIDs:Thorsten Kukuk2007-10-091-1/+1
| | | | | | | | | | | | | | | | | | Purpose of commit: release Commit summary: --------------- 2007-10-09 Thorsten Kukuk <kukuk@thkukuk.de> * release version 0.99.9.0 * configure.in: Increase vesion number. * libpam/Makefile.am: Increase release number. * libpam_misc/Makefile.am: Increase release number. * po/*.po: Regenerate.
* Relevant BUGIDs:Thorsten Kukuk2007-09-021-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2007-09-02 Thorsten Kukuk <kukuk@thkukuk.de> * examples/Makefile.am: Fix usage of LIBADD, LDADD and LDFLAGS. * libpam/Makefile.am: Likewise. * modules/pam_access/Makefile.am: Likewise. * modules/pam_cracklib/Makefile.am: Likewise. * modules/pam_debug/Makefile.am: Likewise. * modules/pam_deny/Makefile.am: Likewise. * modules/pam_echo/Makefile.am: Likewise. * modules/pam_env/Makefile.am: Likewise. * modules/pam_exec/Makefile.am: Likewise. * modules/pam_faildelay/Makefile.am: Likewise. * modules/pam_filter/Makefile.am: Likewise. * modules/pam_filter/upperLOWER/Makefile.am: Likewise. * modules/pam_ftp/Makefile.am: Likewise. * modules/pam_group/Makefile.am: Likewise. * modules/pam_issue/Makefile.am: Likewise. * modules/pam_keyinit/Makefile.am: Likewise. * modules/pam_lastlog/Makefile.am: Likewise. * modules/pam_limits/Makefile.am: Likewise. * modules/pam_listfile/Makefile.am: Likewise. * modules/pam_localuser/Makefile.am: Likewise. * modules/pam_loginuid/Makefile.am: Likewise. * modules/pam_mail/Makefile.am: Likewise. * modules/pam_mkhomedir/Makefile.am: Likewise. * modules/pam_motd/Makefile.am: Likewise. * modules/pam_namespace/Makefile.am: Likewise. * modules/pam_nologin/Makefile.am: Likewise. * modules/pam_permit/Makefile.am: Likewise. * modules/pam_rhosts/Makefile.am: Likewise. * modules/pam_rootok/Makefile.am: Likewise. * modules/pam_securetty/Makefile.am: Likewise. * modules/pam_selinux/Makefile.am: Likewise. * modules/pam_shells/Makefile.am: Likewise. * modules/pam_stress/Makefile.am: Likewise. * modules/pam_succeed_if/Makefile.am: Likewise. * modules/pam_tally/Makefile.am: Likewise. * modules/pam_time/Makefile.am: Likewise. * modules/pam_umask/Makefile.am: Likewise. * modules/pam_unix/Makefile.am: Likewise. * tests/Makefile.am: Likewise.
* Relevant BUGIDs:Steve Langasek2007-08-305-65/+0
| | | | | | | | | | | | | | Purpose of commit: portability, cleanup Commit summary: --------------- 2007-08-29 Steve Langasek <vorlon@debian.org> * libpam/pam_modutil_getgrgid.c, libpam/pam_modutil_getgrnam.c, libpam/pam_modutil_getpwnam.c, libpam/pam_modutil_getpwuid.c, libpam/pam_modutil_getspnam.c: don't use pthread mutexes in libpam unnecessarily; this avoids linking problems on non-Linux platforms.
* Relevant BUGIDs:Thorsten Kukuk2007-07-182-2/+3
| | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2007-07-18 Thorsten Kukuk <kukuk@thkukuk.de> * release version 0.99.8.1 * libpam/pam_audit.c: Include unistd.h for getuid(). * libpam/Makefile.am: Bump version number.
* Relevant BUGIDs:Thorsten Kukuk2007-07-121-2/+12
| | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2007-07-12 Thorsten Kukuk <kukuk@thkukuk.de> * libpam/pam_audit.c (_pam_audit_writelog): Don't return error if application runs as normal user. Fixes regression introduced with last change.
* Relevant BUGIDs:Thorsten Kukuk2007-07-062-9/+9
| | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: bugfix, release Commit summary: --------------- 2007-07-06 Thorsten Kukuk <kukuk@thkukuk.de> * release version 0.99.8.0 * configure.in: Check for audit_log_acct_message instead of audit_log_user_message. * libpam/pam_audit.c: Use audit_log_acct_message. Based on patch from Mark J Cox <mjc@redhat.com>. * libpam/Makefile.am: Bump version number of libpam. * modules/pam_umask/pam_umask.c (set_umask): mode_t is 32bit, not 64bit. * xtests/tst-pam_limits1.c: Fix printf arguments. * po/*.po: Merge po files with latest code changes.
* Relevant BUGIDs:Thorsten Kukuk2006-12-181-5/+6
| | | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- automake 1.10 ignores AM_LDFLAGS if object specific LDFLAGS are used, too. 2006-12-18 Thorsten Kukuk <kukuk@thkukuk.de> * configure.in: Add AM_PROG_CC_C_O. * libpam/Makefile.am: Add content of AM_LDFLAGS to *_LDFLAGS. * modules/pam_tally/Makefile.am: Likewise. * modules/pam_unix/Makefile.am: Likewise.
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-15 08:00:14 +0000