aboutsummaryrefslogtreecommitdiff
path: root/modules
Commit message (Collapse)AuthorAgeFilesLines
* Clear the whole MD5 context.Tomas Mraz2011-03-211-1/+1
|
* Relevant BUGIDs:Tomas Mraz2011-03-183-19/+29
| | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2011-03-18 Tomas Mraz <tm@t8m.info> * modules/pam_namespace/md5.c (MD5Final): Clear the whole ctx. * modules/pam_namespace/pam_namespace.c (del_polydir): Guard for NULL poly. (protect_dir): Guard for -1 passing to close(). (ns_setup): Likewise. (pam_sm_open_session): Correctly test for SELinux enabled flag.
* Relevant BUGIDs:Tomas Mraz2011-03-172-9/+12
| | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2011-03-17 Tomas Mraz <tm@t8m.info> * modules/pam_selinux/pam_selinux.c (config_context): Fix leak of type. (manual_context): Likewise. (context_from_env): Remove extraneous auditing in success case. * modules/pam_unix/support.c (_unix_run_helper_binary): Remove extra close() call.
* Relevant BUGIDs:Tomas Mraz2011-02-222-2/+2
| | | | | | | | | | | Purpose of commit: docfix Commit summary: --------------- 2011-02-22 Tomas Mraz <tm@t8m.info> * modules/pam_nologin/pam_nologin.8.xml: Add missing space. * modules/pam_limits/limits.conf.5.xml: Fix typo.
* Relevant BUGIDs:Tomas Mraz2010-12-211-5/+21
| | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-12-21 Tomas Mraz <tm@t8m.info> * modules/pam_selinux/pam_selinux.c (mls_range_allowed): Unhardcode values for security class and av permission bit.
* Relevant BUGIDs:Tomas Mraz2010-12-142-26/+204
| | | | | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2010-12-14 Tomas Mraz <tm@t8m.info> * modules/pam_limits/pam_limits.c (parse_uid_range): New function to parse the range of uids or gids. (parse_config_file): Call parse_uid_range() and if uid/gid range is identified, setup the limits if the range matches. New parameters containing user's uid and primary gid. (pam_sm_open_session): Pass the user's uid and primary gid to parse_config_file(). * modules/pam_limits/limits.conf.5.xml: Document the uid/gid ranges.
* Relevant BUGIDs:Tomas Mraz2010-11-251-5/+6
| | | | | | | | | | | Purpose of commit: docfix Commit summary: --------------- 2010-11-25 Tomas Mraz <tm@t8m.info> * modules/pam_securetty/pam_securetty.8.xml: Improve documentation of the kernel console feature and the noconsole option.
* Relevant BUGIDs:Thorsten Kukuk2010-11-242-0/+52
| | | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2010-11-24 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_securetty/pam_securetty.c: Parse console= kernel option, add noconsole option. * modules/pam_securetty/pam_securetty.8.xml: Document new behavior for serial console. Patch from Lennart Poettering.
* Relevant BUGIDs:Tomas Mraz2010-11-241-2/+6
| | | | | | | | | | Purpose of commit: docfix Commit summary: --------------- 2010-11-24 Tomas Mraz <tm@t8m.info> * modules/pam_limits/limits.conf.5.xml: Document the %group syntax.
* Relevant BUGIDs:Tomas Mraz2010-11-182-23/+0
| | | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2010-11-18 Tomas Mraz <tm@t8m.info> * modules/pam_limits/pam_limits.c (pam_parse,pam_sm_open_session): Drop obsolete and broken option change_uid. * modules/pam_limits/pam_limits.8.xml: Likewise.
* Relevant BUGIDs:Tomas Mraz2010-11-161-13/+8
| | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-11-16 Tomas Mraz <tm@t8m.info> * modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Remove dead and duplicate code. Return PAM_INCOMPLETE instead of PAM_CONV_AGAIN.
* Relevant BUGIDs:Tomas Mraz2010-11-112-6/+9
| | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-11-11 Tomas Mraz <tm@t8m.info> * modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Fix potential use after free in case SELinux is misconfigured. * modules/pam_namespace/pam_namespace.c (process_line): Fix memory leak when parsing empty config file lines.
* Relevant BUGIDs:Tomas Mraz2010-10-221-3/+5
| | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-10-22 Tomas Mraz <tm@t8m.info> * modules/pam_namespace/pam_namespace.c (inst_init): Use execle() to execute the init script with clean environment. (CVE-2010-3853) (cleanup_tmpdirs): Likewise for executing rm.
* Relevant BUGIDs:Dmitry V. Levin2010-10-211-34/+31
| | | | | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2010-10-21 Dmitry V. Levin <ldv@altlinux.org> * modules/pam_mkhomedir/mkhomedir_helper.c (rec_mkdir): Remove. (create_homedir): Use mkdir() instead of rec_mkdir(). (make_parent_dirs): New function. (main): Use make_parent_dirs() to create parent directories only for the home directory itself.
* Relevant BUGIDs:Thorsten Kukuk2010-10-211-2/+0
| | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-10-21 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_unix/support.c (_unix_getpwnam): Don't allocate unneeded buffer for uid/gid [sf#3059572].
* Relevant BUGIDs:Thorsten Kukuk2010-10-201-3/+2
| | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-10-20 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_mkhomedir/mkhomedir_helper.c (rec_mkdir): Create parent directories always with mode 0755. (create_homedir): Create main directory with mode 0700 at first.
* Relevant BUGIDs:Dmitry V. Levin2010-10-191-12/+2
| | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2010-10-19 Dmitry V. Levin <ldv@altlinux.org> * modules/pam_selinux/pam_selinux.c (verbose_message): Remove. (pam_sm_open_session): Call send_text() instead of verbose_message().
* Relevant BUGIDs:Dmitry V. Levin2010-10-191-1/+1
| | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-10-19 Dmitry V. Levin <ldv@altlinux.org> * modules/pam_selinux/Makefile.am (pam_selinux_la_LIBADD): Add @LIBAUDIT@.
* Relevant BUGIDs:Thorsten Kukuk2010-10-192-0/+9
| | | | | | | | | | | | | | Purpose of commit: documentation Commit summary: --------------- 2010-10-19 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_env/pam_env.8.xml: Document side effects of environment variables in the stack. * modules/pam_exec/pam_exec.8.xml: Document that user can have controll over the environment.
* revert preceding patch; under discussion, no consensusSteve Langasek2010-10-112-5/+2
|
* Relevant BUGIDs:Tomas Mraz2010-10-112-2/+5
| | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-10-11 Tomas Mraz <t8m@centrum.cz> * modules/pam_env/pam_env.c: Change default for user_readenv to 0. * modules/pam_env/pam_env.8.xml: Document the new default for user_readenv.
* Relevant BUGIDs:Dmitry V. Levin2010-10-081-2/+2
| | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-10-07 Dmitry V. Levin <ldv@altlinux.org> * modules/pam_selinux/pam_selinux.c (verbose_message): Fix format string.
* Relevant BUGIDs:Dmitry V. Levin2010-10-033-38/+52
| | | | | | | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-10-04 Dmitry V. Levin <ldv@altlinux.org> * libpam/pam_modutil_priv.c: New file. * libpam/Makefile.am (libpam_la_SOURCES): Add it. * libpam/include/security/pam_modutil.h (struct pam_modutil_privs, PAM_MODUTIL_DEF_PRIVS, pam_modutil_drop_priv, pam_modutil_regain_priv): New declarations. * libpam/libpam.map (LIBPAM_MODUTIL_1.1.3): New interface. * modules/pam_env/pam_env.c (handle_env): Use new pam_modutil interface. * modules/pam_mail/pam_mail.c (_do_mail): Likewise. * modules/pam_xauth/pam_xauth.c (check_acl, pam_sm_open_session, pam_sm_close_session): Likewise. (pam_sm_open_session): Remove redundant fchown call. Fixes CVE-2010-3430, CVE-2010-3431.
* Relevant BUGIDs:Thorsten Kukuk2010-09-301-1/+2
| | | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2010-09-30 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_xauth/pam_xauth.c (pam_sm_close_session): Warn if unlink() fails.
* Relevant BUGIDs:Dmitry V. Levin2010-09-281-39/+32
| | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-09-27 Dmitry V. Levin <ldv@altlinux.org> * modules/pam_xauth/pam_xauth.c (pam_sm_close_session): Return PAM_SUCCESS immediately if no cookie file is defined. Return PAM_SESSION_ERR if cookie file is defined but target uid cannot be determined. Do not modify cookiefile string returned by pam_get_data.
* Relevant BUGIDs:Dmitry V. Levin2010-09-281-4/+25
| | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-09-27 Dmitry V. Levin <ldv@altlinux.org> * modules/pam_xauth/pam_xauth.c (check_acl): Check that the given access control file is a regular file.
* Relevant BUGIDs:Dmitry V. Levin2010-09-203-21/+17
| | | | | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2010-09-16 Dmitry V. Levin <ldv@altlinux.org> * modules/pam_env/pam_env.c (handle_env): Use setfsuid() return code. * modules/pam_mail/pam_mail.c (_do_mail): Likewise. * modules/pam_xauth/pam_xauth.c (check_acl, pam_sm_open_session, pam_sm_close_session): Likewise.
* Relevant BUGIDs:Tomas Mraz2010-08-262-8/+19
| | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2010-08-26 Tomas Mraz <t8m@centrum.cz> * modules/pam_nologin/pam_nologin.c (perform_check): Try first /var/run/nologin if the nologin file is not explicitly specified. * modules/pam_nologin/pam_nologin.8.xml: Document that /var/run/nologin is tried first.
* Relevant BUGIDs:Thorsten Kukuk2010-08-177-21/+53
| | | | | | | | | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2010-08-17 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_unix/pam_unix_passwd.c: Implement minlen option. * modules/pam_unix/support.c: Likewise. * modules/pam_unix/support.h: Likewise. * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Adjust arguments for _set_ctrl call. * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise. * modules/pam_unix/pam_unix_session.c: Likewise. * modules/pam_unix/pam_unix.8.xml: Document minlen option. Based on patch by Steve Langasek.
* Relevant BUGIDs:Thorsten Kukuk2010-08-133-39/+62
| | | | | | | | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-08-12 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_mail/pam_mail.c: Check for mail only with user privilegs. * modules/pam_xauth/pam_xauth.c (run_coprocess): Check return value of setgid, setgroups and setuid. * modules/pam_xauth/pam_xauth.c (check_acl): Save errno for later usage. * modules/pam_env/pam_env.c (handle_env): Check if user exists, read local user config only with user privilegs.`
* Relevant BUGIDs:Thorsten Kukuk2010-08-092-3/+9
| | | | | | | | | | | | | | Purpose of commit: bugfix/cleanup Commit summary: --------------- 2010-08-09 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_tally/pam_tally.8.xml: Document that pam_tally is deprecated. * modules/pam_tty_audit/Makefile.am (EXTRA_DIST): Fix make dist.
* Relevant BUGIDs: 2923437Thorsten Kukuk2010-08-092-4/+1
| | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-08-09 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_unix/passverify.c (check_shadow_expiry): Correct check for expired date. * modules/pam_unix/pam_unix_passwd.c (_pam_unix_approve_pass): Remove check for password length. Bug #2923437.
* Relevant BUGIDs:Thorsten Kukuk2010-08-041-20/+20
| | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-08-04 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_tally2/pam_tally2.c (get_tally): Create file with correct permissions. Patch by Diego Elio "Flameeyes" Pettenò.
* Relevant BUGIDs: 2730965Thorsten Kukuk2010-08-041-0/+6
| | | | | | | | | | | | Purpose of commit: workaround Commit summary: --------------- 2010-08-04 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_unix/passverify.c (PAMH_ARG_DECL): Don't request password change if time is not yet set (1.1.1970). Bug #2730965.
* Relevant BUGIDs: #3035919, #3002340, #3037155Thorsten Kukuk2010-08-044-5/+26
| | | | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-08-04 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_access/pam_access.c (user_match): Make sure that user@host will not match @@netgroup. Bug #3035919. * modules/pam_group/pam_group.c (check_account): Add '%' for UNIX groups. * modules/pam_group/group.conf: Add example for '%'. * modules/pam_group/group.conf.5.xml: Document '%' syntax. Bug #3002340, #3037155.
* Relevant BUGIDs: Debian bug #582362Steve Langasek2010-08-021-4/+4
| | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- Don't pass --version-script options when linking executables, only when linking libraries Patch from Julien Cristau <jcristau@debian.org>
* Relevant BUGIDs: 2917257Thorsten Kukuk2010-07-122-4/+20
| | | | | | | | | | | | | | | Purpose of commit: enhancement Commit summary: --------------- 2010-07-12 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Add audit flag to enable logging about unknown user (#2917257). * modules/pam_succeed_if/pam_succeed_if.8.xml: Document audit. * modules/pam_succeed_if/pam_succeed_if.8: Regenerated from xml. * modules/pam_succeed_if/README: Regenerated from xml.
* Relevant BUGIDs: 3004656Thorsten Kukuk2010-06-222-9/+8
| | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-06-22 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_umask/pam_umask.8.xml: Remove comparisation of gid and uid for usergroups. * modules/pam_umask/pam_umask.c (setup_limits_from_gecos): Likewise. Bug #3004656
* Relevant BUGIDs: 3010705Thorsten Kukuk2010-06-151-1/+20
| | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-06-15 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_xauth/pam_xauth.c (pam_sm_close_session): Call setfsuid to be allowed to remove temporary files (#3010705). (pam_sm_open_session): Call fchown with correct permissions.
* Relevant BUGIDs:Thorsten Kukuk2010-06-092-0/+3
| | | | | | | | | | | | | | | Purpose of commit: bugfix Add test case for unresolved symbols 2010-06-09 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_tty_audit/Makefile.am (TESTS): Add tst-pam_tty_audit. * modules/pam_tty_audit/tst-pam_tty_audit: New. Commit summary: ---------------
* Relevant BUGIDs: Ubuntu bug #588547Steve Langasek2010-06-071-2/+4
| | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-06-07 Steve Langasek <vorlon@debian.org> * modules/pam_tty_audit/Makefile.am: If we don't have the libraries required for building pam_tty_audit, we shouldn't install the manpage either.
* Relevant BUGIDs:Thorsten Kukuk2010-05-271-0/+1
| | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-05-27 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_userdb/pam_userdb.c: Define HAVE_DBM for BerkDB 5.0 support. Patch by Diego Elio Pettenò.
* Relevant BUGIDs:Thorsten Kukuk2010-05-051-1/+1
| | | | | | | | | | | Purpose of commit: docu fix Commit summary: --------------- 2010-04-15 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_exec/pam_exec.8.xml: Fix example.
* Relevant BUGIDs:Thorsten Kukuk2010-04-142-5/+25
| | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-04-13 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_pwhistory/opasswd.c: Fix compilation if cyprt_r() is not available. * configure.in: check for getutent_r. * modules/pam_timestamp/pam_timestamp.c: Use getutent() if getutent_r() does not exist. Patch from Diego Elio "Flameeyes" Pettenò.
* Relevant BUGIDs:Thorsten Kukuk2010-04-062-12/+42
| | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2010-04-06 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_rootok/pam_rootok.c: Add support for acct_mgmt and chauthtok. * modules/pam_rootok/pam_rootok.8.xml: Document new module types.
* Relevant BUGIDs: 2892529Thorsten Kukuk2009-12-084-15/+13
| | | | | | | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2009-12-08 Thorsten Kukuk <kukuk@thkukuk.de> * configure.in: Rename DEBUG to PAM_DEBUG. * libpam/pam_env.c: Likewise * libpam/pam_handlers.c: Likewise * libpam/pam_miscc.c: Likewise * libpam/pam_password.c: Likewise * libpam/include/security/_pam_macros.h: Likewise * libpamc/test/modules/pam_secret.c: Likewise * modules/pam_group/pam_group.c: Likewise * modules/pam_listfile/pam_listfile.c: Likewise * modules/pam_unix/pam_unix_auth.c: Likewise * modules/pam_unix/pam_unix_passwd.c: Likewise
* Relevant BUGIDs: rhbz#545053Tomas Mraz2009-12-081-7/+18
| | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2009-12-08 Tomas Mraz <t8m@centrum.cz> * modules/pam_unix/passverify.c(unix_update_shadow): Create a shadow entry if not present in the file.
* Relevant BUGIDs:Tomas Mraz2009-12-081-12/+0
| | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2009-12-08 Tomas Mraz <t8m@centrum.cz> * modules/pam_listfile/pam_listfile.c(pam_sm_authenticate): Remove unused function and variable.
* Relevant BUGIDs:Tomas Mraz2009-11-191-1/+2
| | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2009-11-19 Tomas Mraz <t8m@centrum.cz> * modules/pam_sepermit/pam_sepermit.c(sepermit_match): Return PAM_AUTH_ERR from the module if sepermit_lock() fails.
* Relevant BUGIDs: 2892189Tomas Mraz2009-11-182-4/+14
| | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2009-11-18 Tomas Mraz <t8m@centrum.cz> * modules/pam_access/pam_access.c(user_match): Revert the netgroup match to the original behavior, add new syntax for adding the local hostname. * modules/pam_access/access.conf.5.xml: Document the new syntax for adding the local hostname to the netgroup match.
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-14 10:11:12 +0000