aboutsummaryrefslogtreecommitdiff
path: root/modules/pam_unix/support.c
Commit message (Collapse)AuthorAgeFilesLines
* Introduce pam_modutil_sanitize_helper_fdsDmitry V. Levin2014-01-271-11/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change introduces pam_modutil_sanitize_helper_fds - a new function that redirects standard descriptors and closes all other descriptors. pam_modutil_sanitize_helper_fds supports three types of input and output redirection: - PAM_MODUTIL_IGNORE_FD: do not redirect at all. - PAM_MODUTIL_PIPE_FD: redirect to a pipe. For stdin, it is implemented by creating a pipe, closing its write end, and redirecting stdin to its read end. Likewise, for stdout/stderr it is implemented by creating a pipe, closing its read end, and redirecting to its write end. Unlike stdin redirection, stdout/stderr redirection to a pipe has a side effect that a process writing to such descriptor should be prepared to handle SIGPIPE appropriately. - PAM_MODUTIL_NULL_FD: redirect to /dev/null. For stdin, it is implemented via PAM_MODUTIL_PIPE_FD because there is no functional difference. For stdout/stderr, it is classic redirection to /dev/null. PAM_MODUTIL_PIPE_FD is usually more suitable due to linux kernel security restrictions, but when the helper process might be writing to the corresponding descriptor and termination of the helper process by SIGPIPE is not desirable, one should choose PAM_MODUTIL_NULL_FD. * libpam/pam_modutil_sanitize.c: New file. * libpam/Makefile.am (libpam_la_SOURCES): Add it. * libpam/include/security/pam_modutil.h (pam_modutil_redirect_fd, pam_modutil_sanitize_helper_fds): New declarations. * libpam/libpam.map (LIBPAM_MODUTIL_1.1.9): New interface. * modules/pam_exec/pam_exec.c (call_exec): Use pam_modutil_sanitize_helper_fds. * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Likewise. * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Likewise. * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): Likewise. * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise. * modules/pam_xauth/pam_xauth.c (run_coprocess): Likewise. * modules/pam_unix/support.h (MAX_FD_NO): Remove.
* Fix gratuitous use of strdup and x_strdupDmitry V. Levin2014-01-271-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | | There is no need to copy strings passed as arguments to execve, the only potentially noticeable effect of using strdup/x_strdup would be a malformed argument list in case of memory allocation error. Also, x_strdup, being a thin wrapper around strdup, is of no benefit when its argument is known to be non-NULL, and should not be used in such cases. * modules/pam_cracklib/pam_cracklib.c (password_check): Use strdup instead of x_strdup, the latter is of no benefit in this case. * modules/pam_ftp/pam_ftp.c (lookup): Likewise. * modules/pam_userdb/pam_userdb.c (user_lookup): Likewise. * modules/pam_userdb/pam_userdb.h (x_strdup): Remove. * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Do not use x_strdup for strings passed as arguments to execve. * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Likewise. * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): Likewise. * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise. (_unix_verify_password): Use strdup instead of x_strdup, the latter is of no benefit in this case. * modules/pam_xauth/pam_xauth.c (run_coprocess): Do not use strdup for strings passed as arguments to execv.
* Check return value of setuid to remove glibc warnings.Thorsten Kukuk2013-09-161-1/+4
| | | | | * modules/pam_unix/pam_unix_acct.c: Check setuid return value. * modules/pam_unix/support.c: Likewise.
* Write to *rounds only if non-NULL.Tomas Mraz2013-09-131-1/+1
| | | | modules/pam_unix/support.c(_set_ctrl): Write to *rounds only if non-NULL.
* Restart waitpid if it returns with EINTR (ticket #17)Thorsten Kukuk2013-08-291-1/+2
| | | | | | * modules/pam_unix/pam_unix_acct.c: run waitpid in a while loop. * modules/pam_unix/pam_unix_passwd.c: Likewise. * modules/pam_unix/support.c: Likewise.
* Use hash from /etc/login.defs as default if noThorsten Kukuk2013-06-181-1/+105
| | | | | | | | | other one is specified as argument. * modules/pam_unix/support.c: Add search_key, call from __set_ctrl * modules/pam_unix/support.h: Add define for /etc/login.defs * modules/pam_unix/pam_unix.8.xml: Document new behavior. * modules/pam_umask/pam_umask.c: Add missing NULL pointer check
* Fix whitespace issuesDmitry V. Levin2011-10-261-2/+2
| | | | | | Cleanup trailing whitespaces, indentation that uses spaces before tabs, and blank lines at EOF. Make the project free of warnings reported by git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD
* Do not crash when remember, minlen, or rounds options are used with wrong ↵Tomas Mraz2011-06-151-11/+24
| | | | module type.
* Relevant BUGIDs:Tomas Mraz2011-03-171-2/+0
| | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2011-03-17 Tomas Mraz <tm@t8m.info> * modules/pam_selinux/pam_selinux.c (config_context): Fix leak of type. (manual_context): Likewise. (context_from_env): Remove extraneous auditing in success case. * modules/pam_unix/support.c (_unix_run_helper_binary): Remove extra close() call.
* Relevant BUGIDs:Thorsten Kukuk2010-10-211-2/+0
| | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-10-21 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_unix/support.c (_unix_getpwnam): Don't allocate unneeded buffer for uid/gid [sf#3059572].
* Relevant BUGIDs:Thorsten Kukuk2010-08-171-10/+18
| | | | | | | | | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2010-08-17 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_unix/pam_unix_passwd.c: Implement minlen option. * modules/pam_unix/support.c: Likewise. * modules/pam_unix/support.h: Likewise. * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Adjust arguments for _set_ctrl call. * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise. * modules/pam_unix/pam_unix_session.c: Likewise. * modules/pam_unix/pam_unix.8.xml: Document minlen option. Based on patch by Steve Langasek.
* Relevant BUGIDs:Thorsten Kukuk2009-06-301-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- This makes Linux-PAM compile able with uClibc or on embedded systems without full libc/libnsl. 2009-06-29 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_unix/yppasswd_xdr.c: Remove unnecessary header files. * modules/pam_unix/support.c (_unix_getpwnam): Only compile in NIS support if all necessary functions exist. * modules/pam_unix/pam_unix_passwd.c (getNISserver): Add debug option, handle correct if OS has no NIS support. * modules/pam_access/pam_access.c (netgroup_match): Check if yp_get_default_domain and innetgr are available at compile time. * configure.in: Check for functions: innetgr, getdomainname check for headers: rpcsvc/ypclnt.h, rpcsvc/yp_prot.h.
* Relevant BUGIDs:Dmitry V. Levin2009-04-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2009-04-03 Dmitry V. Levin <ldv@altlinux.org> * libpamc/pamc_load.c (__pamc_exec_agent): Replace call to exit(3) in child process with call to _exit(2). * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Likewise. * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Likewise. * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): Likewise. * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise. * modules/pam_xauth/pam_xauth.c (run_coprocess): Likewise. * modules/pam_exec/pam_exec.c (call_exec): Replace all calls to exit(3) in child process with calls to _exit(2). * modules/pam_filter/pam_filter.c (set_filter): Likewise. * modules/pam_namespace/pam_namespace.c (inst_init, cleanup_tmpdirs): Likewise.
* Relevant BUGIDs:Thorsten Kukuk2009-03-271-6/+14
| | | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2009-03-27 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_unix/support.c (_unix_run_helper_binary): Don't ignore return value of write(). * libpamc/include/security/pam_client.h (PAM_BP_ASSERT): Honour NDEBUG. * modules/pam_timestamp/pam_timestamp.c: don't ignore return values of lchown and fchown.
* Relevant BUGIDs:Tomas Mraz2009-03-031-0/+3
| | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2009-03-03 Tomas Mraz <t8m@centrum.cz> * modules/pam_unix/pam_unix_acct.c(_unix_run_verify_binary): Test for abnormal exit of the helper binary. * modules/pam_unix/pam_unix_passwd.c(_unix_run_update_binary): Likewise. * modules/pam_unix/support.c(_unix_run_helper_binary): Likewise. * modules/pam_mkhomedir/pam_mkhomedir.c(create_homedir): Likewise.
* Relevant BUGIDs:Tomas Mraz2009-02-271-4/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2009-02-27 Tomas Mraz <t8m@centrum.cz> * modules/pam_mkhomedir/pam_mkhomedir.c(create_homedir): Replace signal() with sigaction(). * modules/pam_namespace/pam_namespace.c(inst_init, cleanup_tmpdirs): Likewise. * modules/pam_unix/pam_unix_acct.c(_unix_run_verify_binary): Likewise. * modules/pam_unix/pam_unix_passwd.c(_unix_run_update_binary): Likewise. * modules/pam_unix/passverify.c(su_sighandler): Likewise. * modules/pam_unix/support.c(_unix_run_helper_binary): Likewise. * modules/pam_tally2/Makefile.am: Link the pam_tally2 app to libpam for auxiliary functions. * modules/pam_tally2/pam_tally2.8.xml: Drop non-existing no_reset option. Document new serialize option. * modules/pam_tally2/pam_tally2.c: Add support for the new serialize option. (_cleanup, tally_set_data, tally_get_data): Add tally file handle to tally PAM data. Needed for fcntl() locking. (get_tally): Use low level file access instead of stdio buffered FILE. If serialize option is used lock the tally file access. (set_tally, tally_bump, tally_reset): Use low level file access instead of stdio buffered FILE. Close the file handle only when it is not owned by PAM data. (pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt): Pass the tally file handle to tally_set_data(). Get it from tally_get_data(). (main): Use low level file access instead of stdio buffered FILE.
* Relevant BUGIDs:Thorsten Kukuk2008-12-011-10/+22
| | | | | | | | | | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2008-12-01 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_unix/pam_unix.8.xml: Document blowfish option. * configure.in: Check for crypt_gensalt_rn. * modules/pam_unix/pam_unix_passwd.c: Pass pamh to create_password_hash function. * modules/pam_unix/passverify.c (create_password_hash): Add blowfish support. * modules/pam_unix/passverify.h: Adjust create_password_hash prototype. * modules/pam_unix/support.c: Add support for blowfish option. * modules/pam_unix/support.h: Add defines for blowfish option. Patch from Diego Flameeyes Pettenò <flameeyes@gmail.com>
* Relevant BUGIDs: #2009766Tomas Mraz2008-07-111-4/+4
| | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2008-07-11 Tomas Mraz <t8m@centrum.cz> * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Do not close the pipe descriptor in borderline case (#2009766) * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): Likewise. * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise. * modules/pam_unix/support.h: Define upper limit of fds we will attempt to close.
* Relevant BUGIDs:Tomas Mraz2008-05-141-2/+2
| | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2008-05-14 Tomas Mraz <t8m@centrum.cz> * modules/pam_unix/pam_unix_passwd.c(pam_sm_chauthtok): Unset authtok item when password is not approved. * modules/pam_unix/support.c(_unix_read_password): UNIX_USE_FIRST_PASS is always set when UNIX_AUTHTOK is set, change order of conditions.
* Relevant BUGIDs:Tomas Mraz2008-01-231-144/+72
| | | | | | | | | | Purpose of commit: cleanup, new feature Commit summary: --------------- Merging the the refactorization pam_unix_ref branch into the trunk. Added support for sha256 and sha512 password hashes to pam_unix when the libcrypt supports them.
* Relevant BUGIDs:Tomas Mraz2007-12-051-62/+2
| | | | | | | | | | | | | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2007-12-05 Tomas Mraz <t8m@centrum.cz> * modules/pam_unix/Makefile.am: Add passverify.h and passverify.c as first part of pam_unix refactorization. * modules/pam_unix/pam_unix/pam_unix_acct.c: Include passverify.h. * modules/pam_unix/pam_unix_passwd.c: Likewise. * modules/pam_unix/passverify.c: New file with common functions. * modules/pam_unix/passverify.h: Prototypes for the common functions. * modules/pam_unix/support.c: Include passverify.h, move _unix_shadowed() to passverify.c. (_unix_verify_password): Refactor out verify_pwd_hash() function. * modules/pam_unix/support.h: Move _unix_shadowed() prototype to passverify.h * modules/pam_unix/unix_chkpwd.c: Use _unix_shadowed() and verify_pwd_hash() from passverify.c.
* Relevant BUGIDs: Debian bugs #95220, #175900Steve Langasek2007-08-301-2/+2
| | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2007-08-30 Steve Langasek <vorlon@debian.org> * modules/pam_unix/support.c, modules/pam_unix/unix_chkpwd.c: A wrong username doesn't need to be logged at LOG_ALERT; LOG_WARNING should be sufficient. Patch from Sam Hartman <hartmans@debian.org>.
* Relevant BUGIDs:Tomas Mraz2007-02-011-6/+6
| | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2007-02-01 Tomas Mraz <t8m@centrum.cz> * xtests/tst-pam_unix3.c: Fix typos in comments. * modules/pam_unix/support.c (_unix_verify_password): Explicitly disallow '!' in the beginning of password hash. Treat only 13 bytes password hash specifically. (Suggested by Solar Designer.) Fix a warning and test for allocation failure. * modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Likewise.
* Relevant BUGIDs:Thorsten Kukuk2007-01-231-16/+7
| | | | | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2007-01-23 Thorsten Kukuk <kukuk@suse.de> * release 0.99.7.1 * configure.in: Set version number to 0.99.7.1 2007-01-23 Thorsten Kukuk <kukuk@thukuk.de> Tomas Mraz <t2m@centrum.cz> * modules/pam_unix/support.c (_unix_verify_password): Always compare full encrypted passwords.
* Relevant BUGIDs:Tomas Mraz2006-12-181-1/+4
| | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- Truncated passwords in shadow do not make sense for other variants than bigcrypt. 2006-12-18 Tomas Mraz <t8m@centrum.cz> * modules/pam_unix/support.c (_unix_verify_password): Use strncmp only for bigcrypt result.
* Relevant BUGIDs:Thorsten Kukuk2006-10-241-1/+7
| | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2006-10-24 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_unix/support.c (_unix_verify_password): Try system crypt() if we don't know the hash alogorithm. * modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Likewise.
* Relevant BUGIDs:Tomas Mraz2006-06-271-1/+1
| | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): signal() fails with SIG_ERR return * modules/pam_unix/pam_unix_passwd.c(_unix_run_shadow_binary): Likewise. * modules/pam_unix/support.c(_unix_run_helper_binary): Likewise.
* Relevant BUGIDs:Thorsten Kukuk2006-06-151-5/+4
| | | | | | | | | | | | | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- Put bigcrypt prototype in own header instead of an external declaration in every single file calling bigcrypt: 2006-06-15 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_unix/bigcrypt.h: New. * modules/pam_unix/Makefile.am: Add bigcrypt.h. * modules/pam_unix/bigcrypt.c: Include bigcrypt.h. * modules/pam_unix/support.c: Include bigcrypt.h, remove own prototype. * modules/pam_unix/bigcrypt_main.c: Include bigcrypt.h, remove own prototype. * modules/pam_unix/pam_unix_passwd.c: Include bigcrypt.h, remove own prototype.
* Relevant BUGIDs:Thorsten Kukuk2006-01-081-10/+8
| | | | | | | | | | | | | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2006-01-08 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_cracklib/pam_cracklib.c: Use PAM_AUTHTOK_RECOVERY_ERR instead of PAM_AUTHTOK_RECOVER_ERR. * modules/pam_pwdb/support.-c: Likewise. * modules/pam_unix/support.c: Likewise. * modules/pam_userdb/pam_userdb.c (pam_sm_authenticate): Likewise. * libpam/pam_strerror.c (pam_strerror): Likewise. * libpam/include/security/_pam_compat.h: Define PAM_AUTHTOK_RECOVER_ERR for backward compatibility. * libpam/include/security/_pam_types.h: Rename PAM_AUTHTOK_RECOVER_ERR to PAM_AUTHTOK_RECOVERY_ERR.
* Relevant BUGIDs: noneDmitry V. Levin2005-11-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2005-11-24 Dmitry V. Levin <ldv@altlinux.org> * configure.in: Do not check for strerror. * libpam_misc/misc_conv.c (read_string): Replace strerror() call with %m specifier. * libpamc/pamc_converse.c (pamc_converse): Likewise. * modules/pam_echo/pam_echo.c (pam_echo): Likewise. * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Likewise. * modules/pam_selinux/pam_selinux.c (security_label_tty): Likewise. (security_restorelabel_tty, security_label_tty): Append %m specifier where appropriate. * modules/pam_selinux/pam_selinux_check.c (main): Replace strerror() call with %m specifier. * modules/pam_unix/pam_unix_passwd.c (save_old_password, _update_passwd, _update_shadow): Likewise. * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise. * modules/pam_unix/unix_chkpwd.c (_update_shadow): Likewise. * po/Linux-PAM.pot: Update strings from pam_selinux. * po/cs.po: Likewise. * po/de.po: Likewise. * po/es.po: Likewise. * po/fi.po: Likewise. * po/fr.po: Likewise. * po/hu.po: Likewise. * po/it.po: Likewise. * po/ja.po: Likewise. * po/nb.po: Likewise. * po/pa.po: Likewise. * po/pl.po: Likewise. * po/pt.po: Likewise. * po/pt_BR.po: Likewise. * po/zh_CN.po: Likewise. * po/zh_TW.po: Likewise.
* Relevant BUGIDs: 1224807Tomas Mraz2005-11-021-1/+1
| | | | | | | | Purpose of commit: bugfix Commit summary: --------------- Fix a typo - strlen of a wrong variable.
* Relevant BUGIDs: Red Hat bz 168180Tomas Mraz2005-10-261-0/+7
| | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2005-10-26 Tomas Mraz <t8m@centrum.cz> * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary), modules/pam_unix/pam_unix_passwd.c (_unix_run_shadow_binary), modules/pam_unix/support.c (_unix_run_shadow_binary_): Set real uid to 0 before executing the helper if SELinux is enabled. * modules/pam_unix/unix_chkpwd.c (main): Disable user check only if real uid is 0 (CVE-2005-2977). Log failed password check attempt.
* Relevant BUGIDs:Tomas Mraz2005-09-261-145/+62
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2005-09-26 Tomas Mraz <t8m@centrum.cz> * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): _log_err() -> pam_syslog() (pam_sm_acct_mgmt): _log_err() -> pam_syslog(), fix warning. * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): _log_err() -> pam_syslog() * modules/pam_unix/pam_unix_passwd.c: removed obsolete ifdef (getNISserver, _unix_run_shadow_binary, _update_passwd, _update_shadow, _do_setpass, _pam_unix_approve_pass, pam_sm_chauthtok): _log_err() -> pam_syslog() * modules/pam_unix/pam_unix_sess.c: removed obsolete ifdef (pam_sm_open_session, pam_sm_close_session): _log_err() -> pam_syslog() * modules/pam_unix/support.c (_log_err, converse): removed (_make_remark): use pam_prompt() instead of converse() (_set_ctrl, _cleanup_failures, _unix_run_helper_binary, _unix_verify_password, _unix_read_password): _log_err() -> pam_syslog() _cleanup(), _unix_cleanup(): Silence unused param warnings. (_cleanup_failures, _unix_verify_password, _unix_getpwnam, _unix_run_helper_binary): Silence incorrect type warnings. (_unix_read_password): Use multiple pam_prompt() and pam_info() calls instead of converse(). * modules/pam_unix/support.h (_log_err): removed * modules/pam_unix/unix_chkpwd.c (_log_err): LOG_AUTH -> LOG_AUTHPRIV
* Relevant BUGIDs:Tomas Mraz2005-09-211-8/+8
| | | | | | | | Purpose of commit: new feature Commit summary: --------------- Moved functions from pammodutil to libpam.
* Relevant BUGIDs: noneThorsten Kukuk2005-08-291-0/+1
| | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- cleanup the header files, don't include allways all other header files.
* Relevant BUGIDs: noneThorsten Kukuk2005-08-181-1/+1
| | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- configure should set _GNU_SOURCE/_BSD_SOURCE
* Relevant BUGIDs: mailing listThorsten Kukuk2005-07-261-2/+5
| | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- Don't ignore return values of pam_get_item
* Relevant BUGIDs: see mailinglistThorsten Kukuk2005-07-221-0/+1
| | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- Include sys/resource.h for the RLIMIT stuff.
* Relevant BUGIDs:Tomas Mraz2005-07-081-6/+1
| | | | | | | | Purpose of commit: cleanup Commit summary: --------------- Fix for LSB compliance when SELinux enabled.
* Relevant BUGIDs: noneThorsten Kukuk2005-06-091-36/+40
| | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- Fix all occurrence of dereferencing type-punned pointer will break strict-aliasing rules warnings
* Relevant BUGIDs: noneThorsten Kukuk2005-05-161-10/+34
| | | | | | | | | Purpose of commit: new feature Commit summary: --------------- Add SELinux support, based on Patch from Red Hat
* Relevant BUGIDs: 872943Thorsten Kukuk2005-01-101-1/+4
| | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- Fix return value for unknown user (This is PAM_USER_UNKNOWN and not PAM_AUTHINFO_UNAVAIL).
* Relevant BUGIDs: 872945Thorsten Kukuk2005-01-051-1/+1
| | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- Calling pam_chauthtok of pam_unix and entering the correct old password, but abort on typing the new one, PAM_AUTHTOK_RECOVER_ERR is returned. Since we got the old token, PAM_AUTHTOK_ERR needs to be returned. Found by LSB PAM testsuite.
* Relevant BUGIDs: Red Hat bz 120694Tomas Mraz2005-01-041-4/+10
| | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- skip logging of 'user unknown' authentication failure if the user has passwd entry
* Relevant BUGIDs: Red Hat bz 140451Tomas Mraz2004-11-231-2/+2
| | | | | | | | Purpose of commit: bugfix Commit summary: --------------- Convert uid gid from passwd entry always as decimal. Test failure.
* Relevant BUGIDs:Thorsten Kukuk2004-10-061-8/+186
| | | | | | | | | Purpose of commit: Commit summary: --------------- bugfix: Last part of fixes from Red Hat
* Relevant BUGIDs:Thorsten Kukuk2004-09-241-39/+8
| | | | | | | | | | Purpose of commit: Commit summary: --------------- bugfix: 440107: Add various patches from Linux Distibutors to make PAM modules reentrant.
* Relevant BUGIDs:Thorsten Kukuk2004-09-151-1/+1
| | | | | | | | | Purpose of commit: Commit summary: --------------- bugfix: Add parts of Steve Grubb's resource leak and other fixes
* Relevant BUGIDs:Thorsten Kukuk2004-09-141-1/+1
| | | | | | | | | Purpose of commit: Commit summary: --------------- bugfix: Bug 1027903 and 1027912
* Relevant BUGIDs: 849498Thorsten Kukuk2003-11-261-1/+1
| | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- The type of remember in support.c is int, not long. But we compare remember with LONG_MIN and LONG_MAX. While this works on 32bit architectures, this fails on 64bit one. INT_MIN and INT_MAX should be used.
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-16 15:59:00 +0000