| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Do not include <libintl.h> and other i18n stuff via config.h which is
included into every compilation unit, include "pam_i18n.h" explicitly
where necessary.
* configure.ac (AH_BOTTOM): Remove.
* libpam/pam_get_authtok.c: Include "pam_i18n.h".
* libpam/pam_item.c: Likewise.
* libpam/pam_strerror.c: Likewise.
* libpam_misc/misc_conv.c: Likewise.
* modules/pam_exec/pam_exec.c: Likewise.
* modules/pam_faillock/main.c: Likewise.
* modules/pam_faillock/pam_faillock.c: Likewise.
* modules/pam_lastlog/pam_lastlog.c: Likewise.
* modules/pam_limits/pam_limits.c: Likewise.
* modules/pam_mail/pam_mail.c: Likewise.
* modules/pam_mkhomedir/pam_mkhomedir.c: Likewise.
* modules/pam_pwhistory/pam_pwhistory.c: Likewise.
* modules/pam_selinux/pam_selinux.c: Likewise.
* modules/pam_selinux/pam_selinux_check.c: Likewise.
* modules/pam_timestamp/pam_timestamp.c: Likewise.
* modules/pam_unix/pam_unix_acct.c: Likewise.
* modules/pam_unix/pam_unix_passwd.c: Likewise.
* modules/pam_userdb/pam_userdb.c: Likewise.
|
| |
|
|
|
|
|
|
|
| |
Given that utmp.h is included unconditionally in other modules,
and neither utmpx.h nor lastlog.h is used nowadays, remove obsolete
checks.
* configure.ac (AC_CHECK_HEADERS): Remove lastlog.h, utmp.h, and utmpx.h.
* modules/pam_lastlog/pam_lastlog.c: Include <utmp.h> unconditionally.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Calling an exported function from the module is unsafe as there is no
guarantee that the function that will be actually called is the one that
is provided by the module.
* modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Rename to
pam_auth, add static qualifier, remove "flags" argument.
Update all callers. Add a new pam_sm_authenticate as a thin wrapper
around pam_auth.
|
| |
|
|
|
|
|
|
| |
While the underlying type for setting the user was correct, the
additional output neglected to include the type cast necessary when
actually printing the data. This is rectified here.
Signed-off-by: Benny Baumann <BenBE@geshi.org>
|
| |
|
|
|
|
|
|
| |
Character handling functions, like isspace(3), expect a value
representable as unsigned char or equal to EOF. Otherwise the behavior
is undefined.
See https://wiki.sei.cmu.edu/confluence/display/c/STR37-C.+Arguments+to+character-handling+functions+must+be+representable+as+an+unsigned+char
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use empty initialization of structs to minimize the memset() usage, to
reduce the amount of calls which are not sensitive.
Non trivial changes:
- pam_env:
* erase environment variables where possible
- pam_exec:
* erase responce on error
* erase auth token
- pam_pwhistory:
* erase buffers containing old passwords
- pam_selinux: skip overwriting data structure consisting of only
pointers to insensitive data, which also gets free'd afterwards (so
it currently does not protect against double-free or use-after-free on
the member pointers)
- pam_unix: erase cipher data in more places
- pam_userdb: erase password hashes
|
| |
|
|
|
|
|
|
|
|
| |
Fixed 2 instances in the pam_lastlog module where file locks were
not being enforced when reading and writing last login records.
* modules/pam_lastlog/pam_lastlog.c (last_login_write): The write lock
failure is fatal after 3 tries.
(last_login_read): The read lock failure is non-fatal after 3 tries.
It is non-fatal in the read case due to concerns about a possible DoS.
|
| |
|
|
|
|
|
|
|
| |
Check the return value of localtime_r() before calling strftime(). This
function crashes if the argument is NULL.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2012871
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* modules/pam_faillock/pam_faillock.c (get_pam_user): Downgrade
the syslog level for diagnostics of errors returned by
pam_modutil_getpwnam for users returned by pam_get_user
from LOG_ERR to LOG_NOTICE.
* modules/pam_keyinit/pam_keyinit.c (do_keyinit): Likewise.
* modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise.
* modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): Likewise.
* modules/pam_loginuid/pam_loginuid.c (_pam_loginuid): Likewise.
* modules/pam_mail/pam_mail.c (_do_mail): Likewise.
* modules/pam_sepermit/pam_sepermit.c (sepermit_lock): Likewise.
* modules/pam_tally/pam_tally.c (pam_get_uid): Likewise.
* modules/pam_tally2/pam_tally2.c (pam_get_uid): Likewise.
* modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise.
* modules/pam_xauth/pam_xauth.c (pam_sm_open_session,
pam_sm_close_session): Likewise.
* modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Downgrade
the syslog level for diagnostics of errors returned by
pam_modutil_getpwnam for users returned by pam_get_user
from LOG_WARNING to LOG_NOTICE.
Suggested-by: Tomáš Mráz <tmraz@fedoraproject.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* modules/pam_access/pam_access.c (pam_sm_authenticate): Downgrade
the syslog level for pam_get_user errors from LOG_ERR to LOG_NOTICE.
* modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Likewise.
* modules/pam_ftp/pam_ftp.c (pam_sm_authenticate): Likewise.
* modules/pam_group/pam_group.c (pam_sm_setcred): Likewise.
* modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise.
* modules/pam_loginuid/pam_loginuid.c (_pam_loginuid): Likewise.
* modules/pam_mail/pam_mail.c (_do_mail): Likewise.
* modules/pam_nologin/pam_nologin.c (perform_check): Likewise.
* modules/pam_rhosts/pam_rhosts.c (pam_sm_authenticate): Likewise.
* modules/pam_sepermit/pam_sepermit.c (pam_sm_authenticate): Likewise.
* modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Likewise.
* modules/pam_tally/pam_tally.c (pam_get_uid): Likewise.
* modules/pam_tally2/pam_tally2.c (pam_get_uid): Likewise.
* modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Likewise.
* modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Likewise.
* modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise.
* modules/pam_userdb/pam_userdb.c (pam_sm_authenticate,
pam_sm_acct_mgmt): Likewise.
* modules/pam_usertype/pam_usertype.c (pam_usertype_get_uid): Likewise.
* modules/pam_xauth/pam_xauth.c (pam_sm_open_session,
pam_sm_close_session): Likewise.
* modules/pam_securetty/pam_securetty.c (securetty_perform_check):
Downgrade the syslog level for pam_get_user errors from LOG_WARNING
to LOG_NOTICE.
* modules/pam_stress/pam_stress.c (pam_sm_authenticate): Likewise.
Suggested-by: Tomáš Mráz <tmraz@fedoraproject.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pam_modutil_getpwnam
pam_modutil_getpwnam is perfectly capable of handling empty strings as
user names, no need to double check that.
* modules/pam_access/pam_access.c (pam_sm_authenticate): Do not check
the user name for emptyness before passing it to pam_modutil_getpwnam.
* modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise.
* modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Likewise.
* modules/pam_shells/pam_shells.c (perform_check): Likewise.
* modules/pam_tally/pam_tally.c (pam_get_uid): Likewise.
* modules/pam_tally2/pam_tally2.c (pam_get_uid): Likewise.
* modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If pam_get_user returned PAM_SUCCESS, the user name is guaranteed
to be a valid C string, no need to double check that.
* modules/pam_access/pam_access.c (pam_sm_authenticate): Do not check
for NULL the user name returned by pam_get_user when the latter returned
PAM_SUCCESS.
* modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Likewise.
* modules/pam_debug/pam_debug.c (pam_sm_authenticate): Likewise.
* modules/pam_filter/pam_filter.c (process_args): Likewise.
* modules/pam_ftp/pam_ftp.c (pam_sm_authenticate): Likewise.
* modules/pam_group/pam_group.c (pam_sm_setcred): Likewise.
* modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise.
* modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): Likewise.
* modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Likewise.
* modules/pam_mail/pam_mail.c (_do_mail): Likewise.
* modules/pam_nologin/pam_nologin.c (perform_check): Likewise.
* modules/pam_permit/pam_permit.c (pam_sm_authenticate): Likewise.
* modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Likewise.
* modules/pam_rhosts/pam_rhosts.c (pam_sm_authenticate): Likewise.
* modules/pam_securetty/pam_securetty.c (pam_sm_authenticate): Likewise.
* modules/pam_sepermit/pam_sepermit.c (pam_sm_authenticate): Likewise.
* modules/pam_shells/pam_shells.c (perform_check): Likewise.
* modules/pam_stress/pam_stress.c (pam_sm_authenticate): Likewise.
* modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Likewise.
* modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Likewise.
* modules/pam_timestamp/pam_timestamp.c (get_timestamp_name): Likewise.
* modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise.
* modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise.
* modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Likewise.
* modules/pam_usertype/pam_usertype.c (pam_usertype_get_uid): Likewise.
* modules/pam_wheel/pam_wheel.c (perform_check): Likewise.
* modules/pam_userdb/pam_userdb.c (pam_sm_authenticate, pam_sm_acct_mgmt):
Likewise.
|
| |
|
|
|
|
| |
Starting with commit a684595c0bbd88df71285f43fb27630e3829121e aka
Linux-PAM-1.3.0~14 (Remove "--enable-static-modules" option and support
from Linux-PAM), PAM_SM_* macros have no effect.
|
| | |
|
| |
|
|
|
|
| |
* modules/pam_lastlog/pam_lastlog.c: Include "pam_inline.h".
(_pam_auth_parse, get_tty): Use pam_str_skip_prefix instead of ugly
strncmp invocations.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It a reduced fsize limit is set in /etc/security/limits.conf and
pam_limits is in use pam_lastlog may cause a crash, e.g.
----- begin /etc/pam.d/su ----
auth sufficient pam_rootok.so
auth required pam_wheel.so use_uid
auth required pam_env.so
auth required pam_unix.so nullok
account required pam_unix.so
password required pam_unix.so nullok
session required pam_limits.so
session required pam_env.so
session required pam_unix.so
session optional pam_lastlog.so
----- end /etc/pam.d/su -----
----- begin /etc/security/limits.d/fsize.conf -----
* soft fsize 1710
* hard fsize 1710
----- end /etc/security/limits.d/fsize.conf -----
# id user1
uid=1000(user1) gid=1000(user1) groups=1000(user1)
# su - user1
Last login: Wed Sep 11 01:52:44 UTC 2019 on console
$ exit
# id user2
uid=60000(user2) gid=60000(user2) groups=60000(user2)
# su - user2
File size limit exceeded
This happens because pam_limits sets RLIMIT_FSIZE before pam_lastlog
attempts to write /var/log/lastlog, leading to a SIGXFSZ signal.
In order to fix this, and an 'unlimited' option, which leads to saving
the 'fsize' limit and set it to unlimited before writing lastlog. After
that, restore the saved value. If 'fsize' is already unlimited nothing
is done.
Failing to set the 'fsize' limit is not a fatal error. With luck the
configured limit will suffice, so we try to write lastlog anyway, even
under the risk of dying due to a SIGXFSZ.
Failing to restore the 'fsize' limit is a fatal error, since we don't
want to keep it unlimited.
Signed-off-by: Carlos Santos <casantos@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pam_lastlog module will not log info about failed login if the session
was opened with PAM_SILENT flag.
Example use case enabled by this change:
sudo --non-interactive program
If this command is run by another program expecting specific output from
the command run by sudo, the unexpected info about failed logins will
break this program.
* modules/pam_lastlog/pam_lastlog.c: Respect silent option.
(_pam_session_parse): Unset LASTLOG_BTMP if PAM_SILENT is set.
|
| |
|
|
|
|
|
|
| |
* modules/pam_lastlog/pam_lastlog.8.xml: Add the documentation of the
LASTLOG_UID_MAX option.
* modules/pam_lastlog/pam_lastlog.c: New function get_lastlog_uid_max().
(last_login_date): Check the uid against the get_lastlog_uid_max().
(pam_authenticate): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* libpam/pam_handlers.c: Make memory allocation failures LOG_CRIT.
* libpam/pam_modutil_priv.c: Make memory allocation failures LOG_CRIT.
* modules/pam_echo/pam_echo.c: Make memory allocation failures LOG_CRIT.
* modules/pam_env/pam_env.c: Make memory allocation failures LOG_CRIT.
* modules/pam_exec/pam_exec.c: Make memory allocation failures LOG_CRIT.
* modules/pam_filter/pam_filter.c: Make all non-memory call errors LOG_ERR.
* modules/pam_group/pam_group.c: Make memory allocation failures LOG_CRIT.
* modules/pam_issue/pam_issue.c: Make memory allocation failures LOG_CRIT.
* modules/pam_lastlog/pam_lastlog.c: The lastlog file creation is syslogged
with LOG_NOTICE, memory allocation errors with LOG_CRIT, other errors
with LOG_ERR.
* modules/pam_limits/pam_limits.c: User login limit messages are syslogged
with LOG_NOTICE, stale utmp entry with LOG_INFO, non-memory errors with
LOG_ERR.
* modules/pam_listfile/pam_listfile.c: Rejection of user is syslogged
with LOG_NOTICE.
* modules/pam_namespace/pam_namespace.c: Make memory allocation failures
LOG_CRIT.
* modules/pam_nologin/pam_nologin.c: Make memory allocation failures
LOG_CRIT, other errors LOG_ERR.
* modules/pam_securetty/pam_securetty.c: Rejection of access is syslogged
with LOG_NOTICE, non-memory errors with LOG_ERR.
* modules/pam_selinux/pam_selinux.c: Make memory allocation failures LOG_CRIT.
* modules/pam_succeed_if/pam_succeed_if.c: Make all non-memory call errors
LOG_ERR.
* modules/pam_time/pam_time.c: Make memory allocation failures LOG_CRIT.
* modules/pam_timestamp/pam_timestamp.c: Make memory allocation failures
LOG_CRIT.
* modules/pam_unix/pam_unix_acct.c: Make all non-memory call errors LOG_ERR.
* modules/pam_unix/pam_unix_passwd.c: Make memory allocation failures LOG_CRIT,
other errors LOG_ERR.
* modules/pam_unix/pam_unix_sess.c: Make all non-memory call errors LOG_ERR.
* modules/pam_unix/passverify.c: Unknown user is syslogged with LOG_NOTICE.
* modules/pam_unix/support.c: Unknown user is syslogged with LOG_NOTICE and
max retries ignorance by application likewise.
* modules/pam_unix/unix_chkpwd.c: Make all non-memory call errors LOG_ERR.
* modules/pam_userdb/pam_userdb.c: Password authentication error is syslogged
with LOG_NOTICE.
* modules/pam_xauth/pam_xauth.c: Make memory allocation failures LOG_CRIT.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Linux-PAM. It was never official supported and was broken since years.
* configure.ac: Remove --enable-static-modules option.
* doc/man/pam_sm_acct_mgmt.3.xml: Remove PAM_EXTERN.
* doc/man/pam_sm_authenticate.3.xml: Likewise.
* doc/man/pam_sm_chauthtok.3.xml: Likewise.
* doc/man/pam_sm_close_session.3.xml: Likewise.
* doc/man/pam_sm_open_session.3.xml: Likewise.
* doc/man/pam_sm_setcred.3.xml: Likewise.
* libpam/Makefile.am: Remove STATIC_MODULES cases.
* libpam/include/security/pam_modules.h: Remove PAM_STATIC parts.
* libpam/pam_dynamic.c: Likewise.
* libpam/pam_handlers.c: Likewise.
* libpam/pam_private.h: Likewise.
* libpam/pam_static.c: Remove file.
* libpam/pam_static_modules.h: Remove header file.
* modules/pam_access/pam_access.c: Remove PAM_EXTERN and PAM_STATIC parts.
* modules/pam_cracklib/pam_cracklib.c: Likewise.
* modules/pam_debug/pam_debug.c: Likewise.
* modules/pam_deny/pam_deny.c: Likewise.
* modules/pam_echo/pam_echo.c: Likewise.
* modules/pam_env/pam_env.c: Likewise.
* modules/pam_exec/pam_exec.c: Likewise.
* modules/pam_faildelay/pam_faildelay.c: Likewise.
* modules/pam_filter/pam_filter.c: Likewise.
* modules/pam_ftp/pam_ftp.c: Likewise.
* modules/pam_group/pam_group.c: Likewise.
* modules/pam_issue/pam_issue.c: Likewise.
* modules/pam_keyinit/pam_keyinit.c: Likewise.
* modules/pam_lastlog/pam_lastlog.c: Likewise.
* modules/pam_limits/pam_limits.c: Likewise.
* modules/pam_listfile/pam_listfile.c: Likewise.
* modules/pam_localuser/pam_localuser.c: Likewise.
* modules/pam_loginuid/pam_loginuid.c: Likewise.
* modules/pam_mail/pam_mail.c: Likewise.
* modules/pam_mkhomedir/pam_mkhomedir.c: Likewise.
* modules/pam_motd/pam_motd.c: Likewise.
* modules/pam_namespace/pam_namespace.c: Likewise.
* modules/pam_nologin/pam_nologin.c: Likewise.
* modules/pam_permit/pam_permit.c: Likewise.
* modules/pam_pwhistory/pam_pwhistory.c: Likewise.
* modules/pam_rhosts/pam_rhosts.c: Likewise.
* modules/pam_rootok/pam_rootok.c: Likewise.
* modules/pam_securetty/pam_securetty.c: Likewise.
* modules/pam_selinux/pam_selinux.c: Likewise.
* modules/pam_sepermit/pam_sepermit.c: Likewise.
* modules/pam_shells/pam_shells.c: Likewise.
* modules/pam_stress/pam_stress.c: Likewise.
* modules/pam_succeed_if/pam_succeed_if.c: Likewise.
* modules/pam_tally/pam_tally.c: Likewise.
* modules/pam_tally2/pam_tally2.c: Likewise.
* modules/pam_time/pam_time.c: Likewise.
* modules/pam_timestamp/pam_timestamp.c: Likewise.
* modules/pam_tty_audit/pam_tty_audit.c: Likewise.
* modules/pam_umask/pam_umask.c: Likewise.
* modules/pam_userdb/pam_userdb.c: Likewise.
* modules/pam_warn/pam_warn.c: Likewise.
* modules/pam_wheel/pam_wheel.c: Likewise.
* modules/pam_xauth/pam_xauth.c: Likewise.
* modules/pam_unix/Makefile.am: Remove STATIC_MODULES part.
* modules/pam_unix/pam_unix_acct.c: Remove PAM_STATIC part.
* modules/pam_unix/pam_unix_auth.c: Likewise.
* modules/pam_unix/pam_unix_passwd.c: Likewise.
* modules/pam_unix/pam_unix_sess.c: Likewise.
* modules/pam_unix/pam_unix_static.c: Removed.
* modules/pam_unix/pam_unix_static.h: Removed.
* po/POTFILES.in: Remove removed files.
* tests/tst-dlopen.c: Remove PAM_STATIC part.
|
| |
|
|
|
|
|
| |
* modules/pam_lastlog/pam_lastlog.c (last_login_read): Check for localtime_r
returning NULL.
* modules/pam_tally2/pam_tally2.c (print_one): Check for localtime returning
NULL.
|
| |
|
|
|
| |
modules/pam_lastlog/pam_lastlog.c (last_login_write): Properly clean up last_login
structure before use.
|
| |
|
|
|
|
|
|
| |
gcc -Wformat justly complains:
format '%d' expects argument of type 'int', but argument 5 has type 'time_t'
* modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Fix format
string.
|
| |
|
|
|
| |
modules/pam_lastlog/pam_lastlog.c (last_login_failed): Just warn, not fail
on short read or read error.
|
| |
|
|
|
|
| |
modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Return PAM_SUCCESS if
uid==0.
modules/pam_lastlog/pam_lastlog.8.xml: Improve documentation.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* modules/pam_lastlog/pam_lastlog.8.xml: Document the new functionality and
option.
* modules/pam_lastlog/pam_lastlog.c: Add the inactive user lock out.
(_pam_session_parse): Renamed from _pam_parse.
(_pam_auth_parse): New function to parse auth arguments.
(_last_login_open): Factor out opening of the lastlog file.
(_last_login_read): Factor out opening of the lastlog file.
(pam_sm_authenticate): Implement the lockout functionality.
(pam_sm_setcred): Just return PAM_SUCCESS.
(pam_sm_acct_mgmt): Call pam_sm_authenticate().
|
| |
|
|
|
| |
* modules/pam_lastlog/pam_lastlog.c (last_login_failed): Don't
abort with error if btmp file does not exist.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Fix compiling with --disable-nls:
2009-06-26 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_lastlog/pam_lastlog.c (last_login_failed): Fix
usage of wrong variable [bug#2809661].
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-09-30 Tomas Mraz <t8m@centrum.cz>
* modules/pam_lastlog/pam_lastlog.8.xml: Document new options
noupdate and showfailed.
* modules/pam_lastlog/pam_lastlog.c(pam_parse): Recognize the new
options.
(last_login_read): New output parameter lltime. Do not display
the last login message if it would be empty.
(last_login_date): New output parameter lltime. Do not write the
last login info when LASTLOG_UPDATE is not set.
(last_login_failed): New function to display the last bad login
attempt from btmp.
(pam_sm_open_session): Obtain lltime from last_login_date() and
call last_login_failed() when appropriate.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Of course, it should be LOG_WARNING and not LOG_WARN ...
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2006-08-24 Thorsten Kukuk <kukuk@thkukuk.de>
* release version 0.99.6.2
* modules/pam_lastlog/pam_lastlog.c (last_login_date): Create
lastlog file if it does not exist.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2006-06-16 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_lastlog/pam_lastlog.c (last_login_read): Don't
truncate UID for syslog output.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Fix typo in last commit
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2006-03-13 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_lastlog/pam_lastlog.c: Move comment for
translators in right line.
* po/*.po: Update po files with comment for translator.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2006-02-22 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_lastlog/pam_lastlog.c (last_login_read): Mark strftime
format string for translation to allow reorder [#1428269].
* po/*.po: Update with last pam_lastlog change.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2006-02-22 Thorsten Kukuk <kukuk@thkukuk.de>
* configure.in: Fix check for incomplete libaudit installations
(Patch from Ruediger Oertel <ro@suse.de>)
* modules/pam_lastlog/pam_lastlog.c (last_login_write): Initialize
correct last_login field [#1427401]
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2005-12-20 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_lastlog/pam_lastlog.c (last_login_read): Use
strftime instead of ctime.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2005-12-15 Thorsten Kukuk <kukuk@suse.de>
* modules/pam_lastlog/pam_lastlog.c (last_login_read): Don't report an
error if user logins the first time.
* modules/pam_lastlog/README: New.
* modules/pam_lastlog/Makefile.am: Add README to EXTRADIST.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix, new feature
Commit summary:
---------------
pam_lastlog: Cleanup, fix broken logic in pam_parse,
modify wtmp by default, nowtmp option switches that off (patch by ldv)
|
| |
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
Moved functions from pammodutil to libpam.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
Convert pam_ftp and pam_lastlog to use pam_info/pam_syslog
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
Big "automake/autoconf/libtool" commit
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
Rename _pam_aconf.h to config.h.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
Fix all occurrence of dereferencing type-punned pointer will break
strict-aliasing rules warnings
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit:
Commit summary:
---------------
bugfix: 440107: Add various patches from Linux Distibutors to make
PAM modules reentrant.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit:
Commit summary:
---------------
bugfix: Fix compiler warnings
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit:
Commit summary:
---------------
bugfix: Add rest of Steve Grubb's resource leak and other fixes
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit:
bugfix
Commit summary:
---------------
Don't use ll_time from utmp struct as argument for ctime/time,
this does not work on new 64bit architectures. Instead use a
temporary copy.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: paranoia fix
Commit summary:
---------------
Remove possibility of an un-nul terminated string. (Patch from Red Hat
release courtesy of Harald Welte.)
|
