| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit:
Commit summary:
---------------
bugfix:
* Merge patches from Red Hat (Bug 477000 and other - kukuk)
* Fix pam_rhosts option parsing (Bug 922648 - kukuk)
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit:
Commit summary:
---------------
bugfix: 440107: Add various patches from Linux Distibutors to make
PAM modules reentrant.
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit:
Commit summary:
---------------
bugfix: Fix lot of compiler warnings
new feature: add broken_shadow option to pam_unix (patch from Linux
distributions)
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit:
Commit summary:
---------------
bugfix: Add rest of Steve Grubb's resource leak and other fixes
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit:
Commit summary:
---------------
bugfix: Add parts of Steve Grubb's resource leak and other fixes
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit:
Commit summary:
---------------
bugfix: Bug 1027903 and 1027912
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
The type of remember in support.c is int, not
long. But we compare remember with LONG_MIN
and LONG_MAX. While this works on 32bit
architectures, this fails on 64bit one.
INT_MIN and INT_MAX should be used.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Patch from Sam Hartman to fix handling of module linking on Linux:
modules should be linked against libpam if they call any functions from
the library, since not all platforms will correctly resolve symbol
references otherwise. Also, make sure we use gcc, not ld, when linking,
since there's additional linker glue that gcc will pull in for us.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Patch from Nalin Dahyabhai: when updating /etc/{passwd,shadow}, always
respect any admin-specified permissions on the existing files.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Two bug fixes in one: don't trust getlogin() and sanely lower the
time the password databases are locked in pam_unix.
|
| |
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
This code is needed to complete this bugfix.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
some applications are not prepared to get a SIGCHLD from a child
process they didn't think they launched, so we now suppress
this signal for the duration of use of the helper binary.
The 'noreap' module argument is provided to override this new
default.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
bigcrypt does not match crypt when password length is too long.
This led to a pam_unix problem when the module had not set the
password in bigcrypt mode, but was trying to compare with bigcrypt
output. The fix is to use the stored password as a guide to how much
of the encrypted password to compare against.
|
| |
|
|
|
|
|
|
| |
Purpose of commit: documentation
Commit summary:
---------------
typo/correctness fixes from Nalin.
|
| |
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
pam_pwdb did it, so make pam_unix log when a passowrd is changed.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
there were some dangling file descriptors and unclear pass/fail
properties of some of the password updating code in pam_unix.
Bug report from Len Lattanzi.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
pam_unix is too generic a module to override the PAM_USER_PROMPT item.
(More modifications to xsh to help me test this change.)
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
The malloc debugging stuff appears to have had a few residual issues
that I've fixed (trying to resolve another checkin!).
|
| |
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
pam_unix: fix 'likeauth' to kill off the memory leak once and for all.
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
* Restore pam_unix's handling of 'likeauth' argument to a known working
state
* prettify AUTH_RETURN macro
* remove redundant argv checks in pam_sm_setcred()
|
| |
|
|
|
|
|
|
| |
Purpose of commit: documentation fixes
Commit summary:
---------------
Fix some typos noted by Nalin.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: fix memory leak
Commit summary:
---------------
Fernando Trias pointed out a silly memory leak in pam_unix.so. It looks
like some allocated memory that is simply not needed for anything.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
be more confident that strings are being initialized correctly
from Nalin.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: module reentrancy
Commit summary:
---------------
Commit sample code that uses getpwnam_r instead of getpwnam. All code is
#ifdef'ed out right now.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: module reentrancy
Commit summary:
---------------
Commit sample code that uses getpwnam_r instead of getpwnam. All code is
#ifdef'ed out right now.
|
| |
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
remove a compilation warning.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix/cleanup
Commit summary:
---------------
Removed superfluous use of static variables in md5 and bigcrypt routines,
bringing us a step closer to thread-safeness. Eliminated some variable
indirection along the way.
|
| |
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Fix pam_unix to not zero out password strings that it doesn't own!
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: minor security bugfix
Commit summary:
---------------
Fixes for the password helper binaries.
Before, there was no check that the password entered was actually that
of the intended user being authenticated. Instead, the password was
checked for the requesting user. While this disstinction sounds like a
security hole, its actually not been a problem in practice. The helper
binaries have only been used in the case that the application is not
setuid-0 and as such even if an improper authentication succeeded, the
application could not change its uid from that of the requesting user.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
ia64 support - it behaves like an alpha wrt md5, but then unsigned int
is 32 bits everywhere(*) these days, so just remove the #ifdef nonsense.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature / bugfix
Commit summary:
---------------
This changes the format of pam_unix log messages, per bug 126423. The
change is extensive (every call to _log_err() now has an additional
argument) but straightforward.
These changes to the logging code incidentally fix the problem reported in
bug 126431.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
Changes format of pam_unix 'authentication failure' log messages for
purposes of consistency and clarity.
Note that we do not log the 'user=' item in the case of an invalid username
unless the audit flag is turned on.
Note also that the way we currently log these failures isn't i18n-friendly.
I imagine this will need correcting at some point in the future.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: portable handling of utmp in pam_unix
Commit summary:
---------------
Fixes problem with PAM_getlogin() on Solaris (and hopefully other Unices),
as per David Lee's report.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
avoid possibility of SIGPIPE from helper binary non-invocation or
early exit.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: autoconf support for Linux-PAM
Commit summary:
---------------
This is a merge of the autoconf support that was developed against
a 0-72 branch.
[Note, because CVS has some issues, this is actually only 95% of
the actual commit. The other files were actually committed when
the preparation branch Linux-PAM-0-73pre-autoconf was updated.
Hopefully, this will complete the merge.]
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: merge in the autoconf stuff
Commit summary:
---------------
this is a merge of the 0-72 autoconf branch to something more
up to date. This commit will be followed by merging this
Linux-PAM-0-73pre-autoconf branch to the main trunk.
|
| |
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
The "likeauth" module argument did not work for pam_pwdb and
pam_unix. This commit fixes it.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix to pam_unix
Commit summary:
---------------
Fixed case where pam_unix would segfault if the app's conversation function
returned a null pointer as the password. Since a null pointer can never be
a valid password unless the password file also has a null field (which we
already check for), we now check for a valid pointer and return PAM_AUTH_ERR
if we don't have one.
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix to pam_unix_auth
Commit summary:
---------------
Fix for 'likeauth' handling in the pam_unix_auth module. If pam_setcred
needs to return the same value as returned by pam_authenticate, malloc()
space for this return value and pass its address to pam_set_data().
Also, changes pam_sm_setcred() so that it reads this value properly.
|
| |
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Fix to pam_unix password changing code: if the password file is locked,
retry repeatedly to reduce the risk of leaving other authentication
databases in an inconsistent state when we fail.
|
| |
|
