| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-06-22 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/unix_chkpwd.c (main): Fix compiling without
audit support.
* modules/pam_cracklib/pam_cracklib.8.xml: Fix typo in ucredit
description (reported by Wayne Pollock <pollock@acm.org>)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-04-16 Tomas Mraz <t8m@centrum.cz>
* modules/pam_unix/Makefile.am: Link unix_chkpwd with libaudit.
* modules/pam_unix/unix_chkpwd.c(_audit_log): New function for audit.
(main): Call _audit_log() when appropriate.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-02-21 Tomas Mraz <t8m@centrum.cz>
* libpam/pam_audit.c (_pam_audit_writelog): Silence syslog
message on non-error return.
* modules/pam_unix/unix_chkpwd.c (main): Proceed as unprivileged
user when checking password of another user.
* modules/pam_unix/unix_update.c: Fix comment.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup, new feature
Commit summary:
---------------
Merging the the refactorization pam_unix_ref branch into the trunk.
Added support for sha256 and sha512 password hashes to pam_unix
when the libcrypt supports them.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2007-12-05 Tomas Mraz <t8m@centrum.cz>
* modules/pam_unix/Makefile.am: Add passverify.h and passverify.c
as first part of pam_unix refactorization.
* modules/pam_unix/pam_unix/pam_unix_acct.c: Include passverify.h.
* modules/pam_unix/pam_unix_passwd.c: Likewise.
* modules/pam_unix/passverify.c: New file with common functions.
* modules/pam_unix/passverify.h: Prototypes for the common functions.
* modules/pam_unix/support.c: Include passverify.h, move
_unix_shadowed() to passverify.c.
(_unix_verify_password): Refactor out verify_pwd_hash() function.
* modules/pam_unix/support.h: Move _unix_shadowed() prototype to
passverify.h
* modules/pam_unix/unix_chkpwd.c: Use _unix_shadowed() and
verify_pwd_hash() from passverify.c.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2007-08-30 Steve Langasek <vorlon@debian.org>
* modules/pam_unix/support.c, modules/pam_unix/unix_chkpwd.c:
A wrong username doesn't need to be logged at LOG_ALERT;
LOG_WARNING should be sufficient.
Patch from Sam Hartman <hartmans@debian.org>.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2007-02-21 Tomas Mraz <t8m@centrum.cz>
* modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Test for
allocation failure in bigcrypt().
* modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Allow modification
of '*' password by root.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2007-02-01 Tomas Mraz <t8m@centrum.cz>
* xtests/tst-pam_unix3.c: Fix typos in comments.
* modules/pam_unix/support.c (_unix_verify_password): Explicitly
disallow '!' in the beginning of password hash. Treat only
13 bytes password hash specifically. (Suggested by Solar Designer.)
Fix a warning and test for allocation failure.
* modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2006-10-24 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/support.c (_unix_verify_password): Try system
crypt() if we don't know the hash alogorithm.
* modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2006-06-14 Thorsten Kukuk <kukuk@thkukuk.de>
* configure.in: Remove --enable-memory-debug, add option
to disable prelude if installed.
* modules/pam_tally/pam_tally.c: Remove MEMORY_DEBUG
* modules/pam_filter/upperLOWER/upperLOWER.c: Likewise.
* modules/pam_unix/unix_chkpwd.c: Likewise.
* libpam/include/security/_pam_types.h: Likewise.
* libpam/libpam.map: Remove LIBPAM_MALLOC_DEBUG export.
* libpam/pam_malloc.c: Remove file.
* libpam/Makefile.am: Remove pam_malloc.c and pam_malloc.h.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2005-11-24 Dmitry V. Levin <ldv@altlinux.org>
* configure.in: Do not check for strerror.
* libpam_misc/misc_conv.c (read_string): Replace strerror()
call with %m specifier.
* libpamc/pamc_converse.c (pamc_converse): Likewise.
* modules/pam_echo/pam_echo.c (pam_echo): Likewise.
* modules/pam_localuser/pam_localuser.c (pam_sm_authenticate):
Likewise.
* modules/pam_selinux/pam_selinux.c (security_label_tty):
Likewise.
(security_restorelabel_tty, security_label_tty): Append %m
specifier where appropriate.
* modules/pam_selinux/pam_selinux_check.c (main): Replace
strerror() call with %m specifier.
* modules/pam_unix/pam_unix_passwd.c (save_old_password,
_update_passwd, _update_shadow): Likewise.
* modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
* modules/pam_unix/unix_chkpwd.c (_update_shadow): Likewise.
* po/Linux-PAM.pot: Update strings from pam_selinux.
* po/cs.po: Likewise.
* po/de.po: Likewise.
* po/es.po: Likewise.
* po/fi.po: Likewise.
* po/fr.po: Likewise.
* po/hu.po: Likewise.
* po/it.po: Likewise.
* po/ja.po: Likewise.
* po/nb.po: Likewise.
* po/pa.po: Likewise.
* po/pl.po: Likewise.
* po/pt.po: Likewise.
* po/pt_BR.po: Likewise.
* po/zh_CN.po: Likewise.
* po/zh_TW.po: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2005-10-26 Tomas Mraz <t8m@centrum.cz>
* modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary),
modules/pam_unix/pam_unix_passwd.c (_unix_run_shadow_binary),
modules/pam_unix/support.c (_unix_run_shadow_binary_): Set real
uid to 0 before executing the helper if SELinux is enabled.
* modules/pam_unix/unix_chkpwd.c (main): Disable user check only
if real uid is 0 (CVE-2005-2977). Log failed password check attempt.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2005-09-26 Tomas Mraz <t8m@centrum.cz>
* modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary):
_log_err() -> pam_syslog()
(pam_sm_acct_mgmt): _log_err() -> pam_syslog(), fix warning.
* modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate):
_log_err() -> pam_syslog()
* modules/pam_unix/pam_unix_passwd.c: removed obsolete ifdef
(getNISserver, _unix_run_shadow_binary, _update_passwd,
_update_shadow, _do_setpass, _pam_unix_approve_pass,
pam_sm_chauthtok): _log_err() -> pam_syslog()
* modules/pam_unix/pam_unix_sess.c: removed obsolete ifdef
(pam_sm_open_session, pam_sm_close_session):
_log_err() -> pam_syslog()
* modules/pam_unix/support.c (_log_err, converse): removed
(_make_remark): use pam_prompt() instead of converse()
(_set_ctrl, _cleanup_failures, _unix_run_helper_binary,
_unix_verify_password, _unix_read_password):
_log_err() -> pam_syslog()
_cleanup(), _unix_cleanup(): Silence unused param warnings.
(_cleanup_failures, _unix_verify_password, _unix_getpwnam,
_unix_run_helper_binary): Silence incorrect type warnings.
(_unix_read_password): Use multiple pam_prompt() and pam_info() calls
instead of converse().
* modules/pam_unix/support.h (_log_err): removed
* modules/pam_unix/unix_chkpwd.c (_log_err): LOG_AUTH -> LOG_AUTHPRIV
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
Rename _pam_aconf.h to config.h.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
Add SELinux support, based on Patch from Red Hat
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit:
Commit summary:
---------------
bugfix: Last part of fixes from Red Hat
|
| |
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
This code is needed to complete this bugfix.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
bigcrypt does not match crypt when password length is too long.
This led to a pam_unix problem when the module had not set the
password in bigcrypt mode, but was trying to compare with bigcrypt
output. The fix is to use the stored password as a guide to how much
of the encrypted password to compare against.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
The malloc debugging stuff appears to have had a few residual issues
that I've fixed (trying to resolve another checkin!).
|
| |
|
|
|
|
|
|
| |
Purpose of commit: documentation fixes
Commit summary:
---------------
Fix some typos noted by Nalin.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
be more confident that strings are being initialized correctly
from Nalin.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix/cleanup
Commit summary:
---------------
Removed superfluous use of static variables in md5 and bigcrypt routines,
bringing us a step closer to thread-safeness. Eliminated some variable
indirection along the way.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: minor security bugfix
Commit summary:
---------------
Fixes for the password helper binaries.
Before, there was no check that the password entered was actually that
of the intended user being authenticated. Instead, the password was
checked for the requesting user. While this disstinction sounds like a
security hole, its actually not been a problem in practice. The helper
binaries have only been used in the case that the application is not
setuid-0 and as such even if an improper authentication succeeded, the
application could not change its uid from that of the requesting user.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: autoconf support for Linux-PAM
Commit summary:
---------------
This is a merge of the autoconf support that was developed against
a 0-72 branch.
[Note, because CVS has some issues, this is actually only 95% of
the actual commit. The other files were actually committed when
the preparation branch Linux-PAM-0-73pre-autoconf was updated.
Hopefully, this will complete the merge.]
|
| |
|
