pam.git - Unnamed repository; edit this file 'description' to name the repository.

	Commit message (Collapse)	Author	Age	Files	Lines
*	pam_pwhistory: fix passing NULL filename argument to pwhistory helper	Md Zain Hasib	2023-10-04	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This change fixes a bug when pwhistory_helper is invoked from pam_pwhistory with an NULL filename, pwhistory_helper receives a short circuited argc count of 3, ignoring the rest of the arguments passed due to filename being NULL. To resolve the issue, an empty string is passed in case the filename is empty, which is later changed back to NULL in pwhistory_helper so that it can be passed to opasswd to read the default opasswd file. * modules/pam_pwhistory/pam_pwhistory.c (run_save_helper, run_check_helper): Replace NULL filename argument with an empty string. * modules/pam_pwhistory/pwhistory_helper.c (main): Replace empty string filename argument with NULL. Fixes: 11c35109a67f ("pam_pwhistory: Enable alternate location for password history file (#396)") Signed-off-by: Dmitry V. Levin <ldv@strace.io>
*	modules: make use of secure memory erasure	Christian Göttsche	2023-02-28	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Use empty initialization of structs to minimize the memset() usage, to reduce the amount of calls which are not sensitive. Non trivial changes: - pam_env: * erase environment variables where possible - pam_exec: * erase responce on error * erase auth token - pam_pwhistory: * erase buffers containing old passwords - pam_selinux: skip overwriting data structure consisting of only pointers to insensitive data, which also gets free'd afterwards (so it currently does not protect against double-free or use-after-free on the member pointers) - pam_unix: erase cipher data in more places - pam_userdb: erase password hashes
*	pam_pwhistory: Enable alternate location for password history file (#396)	Martyn Welch	2022-02-07	1	-9/+11
\| \| \| \| \| \| \| \| \| \| \| \|	Sometimes, especially in embedded devices, the /etc directory can be read-only and/or not saved over upgrades. In order to ensure password policies are maintained across upgrades and the module functions on read-only file systems, allow the location of the password history file to be set in the PAM configuration. Signed-off-by: Edward <jinzhou.zhu1@ge.com> [Martyn Welch: Updated commit message and ported to latest version] Signed-off-by: Martyn Welch <martyn.welch@collabora.com> Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
*	pam_pwhistory: add helper to handle SELinux	ikerexxe	2020-07-20	1	-0/+119
	The purpose of the helper is to enable tighter confinement of login and password changing services. The helper is thus called only when SELinux is enabled on the system. Resolves: https://github.com/linux-pam/linux-pam/pull/247