| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Potential failures of strdup(3) were ignored, fix this by not using
strdup(3) at all.
* modules/pam_umask/pam_umask.c (struct options_t): Add const to umask
field, add login_umask field.
(parse_option): Do not use strdup.
(get_options): Assign pam_modutil_search_key return values
to options->login_umask.
(pam_sm_open_session): Free options.login_umask instead of
options.umask.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* modules/pam_faillock/pam_faillock.c (get_pam_user): Downgrade
the syslog level for diagnostics of errors returned by
pam_modutil_getpwnam for users returned by pam_get_user
from LOG_ERR to LOG_NOTICE.
* modules/pam_keyinit/pam_keyinit.c (do_keyinit): Likewise.
* modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise.
* modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): Likewise.
* modules/pam_loginuid/pam_loginuid.c (_pam_loginuid): Likewise.
* modules/pam_mail/pam_mail.c (_do_mail): Likewise.
* modules/pam_sepermit/pam_sepermit.c (sepermit_lock): Likewise.
* modules/pam_tally/pam_tally.c (pam_get_uid): Likewise.
* modules/pam_tally2/pam_tally2.c (pam_get_uid): Likewise.
* modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise.
* modules/pam_xauth/pam_xauth.c (pam_sm_open_session,
pam_sm_close_session): Likewise.
* modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Downgrade
the syslog level for diagnostics of errors returned by
pam_modutil_getpwnam for users returned by pam_get_user
from LOG_WARNING to LOG_NOTICE.
Suggested-by: Tomáš Mráz <tmraz@fedoraproject.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* modules/pam_access/pam_access.c (pam_sm_authenticate): Downgrade
the syslog level for pam_get_user errors from LOG_ERR to LOG_NOTICE.
* modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Likewise.
* modules/pam_ftp/pam_ftp.c (pam_sm_authenticate): Likewise.
* modules/pam_group/pam_group.c (pam_sm_setcred): Likewise.
* modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise.
* modules/pam_loginuid/pam_loginuid.c (_pam_loginuid): Likewise.
* modules/pam_mail/pam_mail.c (_do_mail): Likewise.
* modules/pam_nologin/pam_nologin.c (perform_check): Likewise.
* modules/pam_rhosts/pam_rhosts.c (pam_sm_authenticate): Likewise.
* modules/pam_sepermit/pam_sepermit.c (pam_sm_authenticate): Likewise.
* modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Likewise.
* modules/pam_tally/pam_tally.c (pam_get_uid): Likewise.
* modules/pam_tally2/pam_tally2.c (pam_get_uid): Likewise.
* modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Likewise.
* modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Likewise.
* modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise.
* modules/pam_userdb/pam_userdb.c (pam_sm_authenticate,
pam_sm_acct_mgmt): Likewise.
* modules/pam_usertype/pam_usertype.c (pam_usertype_get_uid): Likewise.
* modules/pam_xauth/pam_xauth.c (pam_sm_open_session,
pam_sm_close_session): Likewise.
* modules/pam_securetty/pam_securetty.c (securetty_perform_check):
Downgrade the syslog level for pam_get_user errors from LOG_WARNING
to LOG_NOTICE.
* modules/pam_stress/pam_stress.c (pam_sm_authenticate): Likewise.
Suggested-by: Tomáš Mráz <tmraz@fedoraproject.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pam_modutil_getpwnam
pam_modutil_getpwnam is perfectly capable of handling empty strings as
user names, no need to double check that.
* modules/pam_access/pam_access.c (pam_sm_authenticate): Do not check
the user name for emptyness before passing it to pam_modutil_getpwnam.
* modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise.
* modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Likewise.
* modules/pam_shells/pam_shells.c (perform_check): Likewise.
* modules/pam_tally/pam_tally.c (pam_get_uid): Likewise.
* modules/pam_tally2/pam_tally2.c (pam_get_uid): Likewise.
* modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If pam_get_user returned PAM_SUCCESS, the user name is guaranteed
to be a valid C string, no need to double check that.
* modules/pam_access/pam_access.c (pam_sm_authenticate): Do not check
for NULL the user name returned by pam_get_user when the latter returned
PAM_SUCCESS.
* modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Likewise.
* modules/pam_debug/pam_debug.c (pam_sm_authenticate): Likewise.
* modules/pam_filter/pam_filter.c (process_args): Likewise.
* modules/pam_ftp/pam_ftp.c (pam_sm_authenticate): Likewise.
* modules/pam_group/pam_group.c (pam_sm_setcred): Likewise.
* modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise.
* modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): Likewise.
* modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Likewise.
* modules/pam_mail/pam_mail.c (_do_mail): Likewise.
* modules/pam_nologin/pam_nologin.c (perform_check): Likewise.
* modules/pam_permit/pam_permit.c (pam_sm_authenticate): Likewise.
* modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Likewise.
* modules/pam_rhosts/pam_rhosts.c (pam_sm_authenticate): Likewise.
* modules/pam_securetty/pam_securetty.c (pam_sm_authenticate): Likewise.
* modules/pam_sepermit/pam_sepermit.c (pam_sm_authenticate): Likewise.
* modules/pam_shells/pam_shells.c (perform_check): Likewise.
* modules/pam_stress/pam_stress.c (pam_sm_authenticate): Likewise.
* modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Likewise.
* modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Likewise.
* modules/pam_timestamp/pam_timestamp.c (get_timestamp_name): Likewise.
* modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise.
* modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise.
* modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Likewise.
* modules/pam_usertype/pam_usertype.c (pam_usertype_get_uid): Likewise.
* modules/pam_wheel/pam_wheel.c (perform_check): Likewise.
* modules/pam_userdb/pam_userdb.c (pam_sm_authenticate, pam_sm_acct_mgmt):
Likewise.
|
| |
|
|
|
|
| |
Starting with commit a684595c0bbd88df71285f43fb27630e3829121e aka
Linux-PAM-1.3.0~14 (Remove "--enable-static-modules" option and support
from Linux-PAM), PAM_SM_* macros have no effect.
|
| |
|
|
|
|
| |
* modules/pam_umask/pam_umask.c: Include "pam_inline.h".
(parse_option, setup_limits_from_gecos): Use pam_str_skip_icase_prefix
instead of ugly strncasecmp invocations.
|
| |
|
|
|
|
|
|
|
|
| |
This is particularly useful when pam has been built with the new
--enable-usergroups configure switch, allowing users to override
the default-enabled state and disabling usergroups at runtime.
This is synonymous but opposite to current and previous pam_umask
default that could be changed to enabled at runtime with the usergroups
argument.
|
| |
|
|
|
|
|
|
|
|
| |
This change adds a configure option to set the default value of the
usergroups option (of the pam_umask module) at build-time.
Distributions usually makes the decision if usergroups should be used or
not. This allows them to control the built-in default value, without
having to ship the value in a config file (cluttering up the view
of actually relevant user/system configuration overrides).
|
| |
|
|
|
| |
* modules/pam_unix/pam_unix_auth.c: Use LOG_NOTICE instead of LOG_ERR.
* modules/pam_unix/pam_unix_passwd.c: Likewise.
* modules/pam_umask/pam_umask.c: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
| |
* libpam/pam_modutil_searchkey.c: New source file with pam_modutil_search_key().
* libpam/Makefile.am: Add the pam_modutil_searchkey.c.
* libpam/include/security/pam_modutil.h: Add the pam_modutil_search_key() prototype.
* libpam/libpam.map: Add the pam_modutil_search_key() into a new version.
* modules/pam_faildelay/pam_faildelay.c: Drop search_key() and use
pam_modutil_search_key().
* modules/pam_umask/pam_umask.c: Likewise.
* modules/pam_unix/support.c: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Linux-PAM. It was never official supported and was broken since years.
* configure.ac: Remove --enable-static-modules option.
* doc/man/pam_sm_acct_mgmt.3.xml: Remove PAM_EXTERN.
* doc/man/pam_sm_authenticate.3.xml: Likewise.
* doc/man/pam_sm_chauthtok.3.xml: Likewise.
* doc/man/pam_sm_close_session.3.xml: Likewise.
* doc/man/pam_sm_open_session.3.xml: Likewise.
* doc/man/pam_sm_setcred.3.xml: Likewise.
* libpam/Makefile.am: Remove STATIC_MODULES cases.
* libpam/include/security/pam_modules.h: Remove PAM_STATIC parts.
* libpam/pam_dynamic.c: Likewise.
* libpam/pam_handlers.c: Likewise.
* libpam/pam_private.h: Likewise.
* libpam/pam_static.c: Remove file.
* libpam/pam_static_modules.h: Remove header file.
* modules/pam_access/pam_access.c: Remove PAM_EXTERN and PAM_STATIC parts.
* modules/pam_cracklib/pam_cracklib.c: Likewise.
* modules/pam_debug/pam_debug.c: Likewise.
* modules/pam_deny/pam_deny.c: Likewise.
* modules/pam_echo/pam_echo.c: Likewise.
* modules/pam_env/pam_env.c: Likewise.
* modules/pam_exec/pam_exec.c: Likewise.
* modules/pam_faildelay/pam_faildelay.c: Likewise.
* modules/pam_filter/pam_filter.c: Likewise.
* modules/pam_ftp/pam_ftp.c: Likewise.
* modules/pam_group/pam_group.c: Likewise.
* modules/pam_issue/pam_issue.c: Likewise.
* modules/pam_keyinit/pam_keyinit.c: Likewise.
* modules/pam_lastlog/pam_lastlog.c: Likewise.
* modules/pam_limits/pam_limits.c: Likewise.
* modules/pam_listfile/pam_listfile.c: Likewise.
* modules/pam_localuser/pam_localuser.c: Likewise.
* modules/pam_loginuid/pam_loginuid.c: Likewise.
* modules/pam_mail/pam_mail.c: Likewise.
* modules/pam_mkhomedir/pam_mkhomedir.c: Likewise.
* modules/pam_motd/pam_motd.c: Likewise.
* modules/pam_namespace/pam_namespace.c: Likewise.
* modules/pam_nologin/pam_nologin.c: Likewise.
* modules/pam_permit/pam_permit.c: Likewise.
* modules/pam_pwhistory/pam_pwhistory.c: Likewise.
* modules/pam_rhosts/pam_rhosts.c: Likewise.
* modules/pam_rootok/pam_rootok.c: Likewise.
* modules/pam_securetty/pam_securetty.c: Likewise.
* modules/pam_selinux/pam_selinux.c: Likewise.
* modules/pam_sepermit/pam_sepermit.c: Likewise.
* modules/pam_shells/pam_shells.c: Likewise.
* modules/pam_stress/pam_stress.c: Likewise.
* modules/pam_succeed_if/pam_succeed_if.c: Likewise.
* modules/pam_tally/pam_tally.c: Likewise.
* modules/pam_tally2/pam_tally2.c: Likewise.
* modules/pam_time/pam_time.c: Likewise.
* modules/pam_timestamp/pam_timestamp.c: Likewise.
* modules/pam_tty_audit/pam_tty_audit.c: Likewise.
* modules/pam_umask/pam_umask.c: Likewise.
* modules/pam_userdb/pam_userdb.c: Likewise.
* modules/pam_warn/pam_warn.c: Likewise.
* modules/pam_wheel/pam_wheel.c: Likewise.
* modules/pam_xauth/pam_xauth.c: Likewise.
* modules/pam_unix/Makefile.am: Remove STATIC_MODULES part.
* modules/pam_unix/pam_unix_acct.c: Remove PAM_STATIC part.
* modules/pam_unix/pam_unix_auth.c: Likewise.
* modules/pam_unix/pam_unix_passwd.c: Likewise.
* modules/pam_unix/pam_unix_sess.c: Likewise.
* modules/pam_unix/pam_unix_static.c: Removed.
* modules/pam_unix/pam_unix_static.h: Removed.
* po/POTFILES.in: Remove removed files.
* tests/tst-dlopen.c: Remove PAM_STATIC part.
|
| |
|
|
|
|
|
|
|
| |
other one is specified as argument.
* modules/pam_unix/support.c: Add search_key, call from __set_ctrl
* modules/pam_unix/support.h: Add define for /etc/login.defs
* modules/pam_unix/pam_unix.8.xml: Document new behavior.
* modules/pam_umask/pam_umask.c: Add missing NULL pointer check
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-06-22 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_umask/pam_umask.8.xml: Remove comparisation of
gid and uid for usergroups.
* modules/pam_umask/pam_umask.c (setup_limits_from_gecos): Likewise.
Bug #3004656
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix, release
Commit summary:
---------------
2007-07-06 Thorsten Kukuk <kukuk@thkukuk.de>
* release version 0.99.8.0
* configure.in: Check for audit_log_acct_message instead of
audit_log_user_message.
* libpam/pam_audit.c: Use audit_log_acct_message.
Based on patch from Mark J Cox <mjc@redhat.com>.
* libpam/Makefile.am: Bump version number of libpam.
* modules/pam_umask/pam_umask.c (set_umask): mode_t is 32bit,
not 64bit.
* xtests/tst-pam_limits1.c: Fix printf arguments.
* po/*.po: Merge po files with latest code changes.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2006-12-09 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_umask/pam_umask.c: Use strtoul instead of strtol,
fix overflow detection.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2006-08-06 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_umask/pam_umask.c (setup_limits_from_gecos):
Add error handling.
* modules/pam_umask/pam_umask.8.xml: Document silent option.
* xtests/Makefile.am: Fix includes for bootstrapping.
Reported by Greg Schafer <gschafer@zip.com.au>.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2006-01-13 Thorsten Kukuk <kukuk@thkukuk.de>
* libpam_misc/misc_conv.c (misc_conv): Fix strict aliasing
error.
* modules/pam_umask/pam_umask.c (search_key): Don't ignore
EOF/error return value from fgets().
* configure.in: Check for getline and getdelim
|
| |
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
Moved functions from pammodutil to libpam.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
Use pam_syslog
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
cleanup the header files, don't include allways all other header files.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
configure should set _GNU_SOURCE/_BSD_SOURCE
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
Rename _pam_aconf.h to config.h.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
kill features.h inclusion in _pam_aconf.h
|
| |
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
Remove duplicate/wrong place of _pam_aconf.h inclusion
|
|
|
Purpose of commit: new feature
Commit summary:
---------------
Add new PAM module for setting umask
|
