| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2005-11-24 Dmitry V. Levin <ldv@altlinux.org>
* configure.in: Do not check for strerror.
* libpam_misc/misc_conv.c (read_string): Replace strerror()
call with %m specifier.
* libpamc/pamc_converse.c (pamc_converse): Likewise.
* modules/pam_echo/pam_echo.c (pam_echo): Likewise.
* modules/pam_localuser/pam_localuser.c (pam_sm_authenticate):
Likewise.
* modules/pam_selinux/pam_selinux.c (security_label_tty):
Likewise.
(security_restorelabel_tty, security_label_tty): Append %m
specifier where appropriate.
* modules/pam_selinux/pam_selinux_check.c (main): Replace
strerror() call with %m specifier.
* modules/pam_unix/pam_unix_passwd.c (save_old_password,
_update_passwd, _update_shadow): Likewise.
* modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
* modules/pam_unix/unix_chkpwd.c (_update_shadow): Likewise.
* po/Linux-PAM.pot: Update strings from pam_selinux.
* po/cs.po: Likewise.
* po/de.po: Likewise.
* po/es.po: Likewise.
* po/fi.po: Likewise.
* po/fr.po: Likewise.
* po/hu.po: Likewise.
* po/it.po: Likewise.
* po/ja.po: Likewise.
* po/nb.po: Likewise.
* po/pa.po: Likewise.
* po/pl.po: Likewise.
* po/pt.po: Likewise.
* po/pt_BR.po: Likewise.
* po/zh_CN.po: Likewise.
* po/zh_TW.po: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2005-11-07 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Use
correct variable names.
And adjust .cvsignore files for libtool generated files.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
* modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Change the
logic when comparing dates to handle corner cases better [#1245888].
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2005-10-26 Tomas Mraz <t8m@centrum.cz>
* modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary),
modules/pam_unix/pam_unix_passwd.c (_unix_run_shadow_binary),
modules/pam_unix/support.c (_unix_run_shadow_binary_): Set real
uid to 0 before executing the helper if SELinux is enabled.
* modules/pam_unix/unix_chkpwd.c (main): Disable user check only
if real uid is 0 (CVE-2005-2977). Log failed password check attempt.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2005-09-26 Tomas Mraz <t8m@centrum.cz>
* modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary):
_log_err() -> pam_syslog()
(pam_sm_acct_mgmt): _log_err() -> pam_syslog(), fix warning.
* modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate):
_log_err() -> pam_syslog()
* modules/pam_unix/pam_unix_passwd.c: removed obsolete ifdef
(getNISserver, _unix_run_shadow_binary, _update_passwd,
_update_shadow, _do_setpass, _pam_unix_approve_pass,
pam_sm_chauthtok): _log_err() -> pam_syslog()
* modules/pam_unix/pam_unix_sess.c: removed obsolete ifdef
(pam_sm_open_session, pam_sm_close_session):
_log_err() -> pam_syslog()
* modules/pam_unix/support.c (_log_err, converse): removed
(_make_remark): use pam_prompt() instead of converse()
(_set_ctrl, _cleanup_failures, _unix_run_helper_binary,
_unix_verify_password, _unix_read_password):
_log_err() -> pam_syslog()
_cleanup(), _unix_cleanup(): Silence unused param warnings.
(_cleanup_failures, _unix_verify_password, _unix_getpwnam,
_unix_run_helper_binary): Silence incorrect type warnings.
(_unix_read_password): Use multiple pam_prompt() and pam_info() calls
instead of converse().
* modules/pam_unix/support.h (_log_err): removed
* modules/pam_unix/unix_chkpwd.c (_log_err): LOG_AUTH -> LOG_AUTHPRIV
|
| |
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
Moved functions from pammodutil to libpam.
|
| |
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
pam_unix: Always honor nis flag on password change (by Aaron Hope)
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Mark missing strings for translations (login and password)
Fix \a problem with pot/po files
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
Big "automake/autoconf/libtool" commit
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
Mark message strings for translation
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
Rename _pam_aconf.h to config.h.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
Fix all occurrence of dereferencing type-punned pointer will break
strict-aliasing rules warnings
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
Add SELinux support, based on Patch from Red Hat
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit:
Commit summary:
---------------
pam_unix: fix regression introduced in 0.78 - both NIS and local password
should be changed if possible - see the analysis in the RH bugzilla
|
| |
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Convert uid gid from passwd entry always as decimal. Test failure.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Test return value of renames for failure so user knows
that his password wasn't really changed.
Also report error when /etc/security/opasswd is missing and
pam_unix module is called with remember=x.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
I've forgot to remove some selinux specific part when changing
locking in pam_unix_passwd
|
| |
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Change the order of password change (first try local, then NIS)
|
| |
|
|
|
|
|
|
| |
Purpose of commit:
bugfix
Commit summary:
---------------
Fix locking in pam_unix_passwd to avoid race on changing passwords
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit:
Commit summary:
---------------
bugfix: Last part of fixes from Red Hat
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit:
Commit summary:
---------------
bugfix: Preserve permissions of shadow/passwd file. From Red Hat.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit:
Commit summary:
---------------
bugfix: 440107: Add various patches from Linux Distibutors to make
PAM modules reentrant.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Patch from Nalin Dahyabhai: when updating /etc/{passwd,shadow}, always
respect any admin-specified permissions on the existing files.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Two bug fixes in one: don't trust getlogin() and sanely lower the
time the password databases are locked in pam_unix.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
bigcrypt does not match crypt when password length is too long.
This led to a pam_unix problem when the module had not set the
password in bigcrypt mode, but was trying to compare with bigcrypt
output. The fix is to use the stored password as a guide to how much
of the encrypted password to compare against.
|
| |
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
pam_pwdb did it, so make pam_unix log when a passowrd is changed.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
there were some dangling file descriptors and unclear pass/fail
properties of some of the password updating code in pam_unix.
Bug report from Len Lattanzi.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
be more confident that strings are being initialized correctly
from Nalin.
|
| |
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
remove a compilation warning.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix/cleanup
Commit summary:
---------------
Removed superfluous use of static variables in md5 and bigcrypt routines,
bringing us a step closer to thread-safeness. Eliminated some variable
indirection along the way.
|
| |
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Fix pam_unix to not zero out password strings that it doesn't own!
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: minor security bugfix
Commit summary:
---------------
Fixes for the password helper binaries.
Before, there was no check that the password entered was actually that
of the intended user being authenticated. Instead, the password was
checked for the requesting user. While this disstinction sounds like a
security hole, its actually not been a problem in practice. The helper
binaries have only been used in the case that the application is not
setuid-0 and as such even if an improper authentication succeeded, the
application could not change its uid from that of the requesting user.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature / bugfix
Commit summary:
---------------
This changes the format of pam_unix log messages, per bug 126423. The
change is extensive (every call to _log_err() now has an additional
argument) but straightforward.
These changes to the logging code incidentally fix the problem reported in
bug 126431.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: autoconf support for Linux-PAM
Commit summary:
---------------
This is a merge of the autoconf support that was developed against
a 0-72 branch.
[Note, because CVS has some issues, this is actually only 95% of
the actual commit. The other files were actually committed when
the preparation branch Linux-PAM-0-73pre-autoconf was updated.
Hopefully, this will complete the merge.]
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Fix to pam_unix password changing code: if the password file is locked,
retry repeatedly to reduce the risk of leaving other authentication
databases in an inconsistent state when we fail.
|
| |
|
