From 71ef5e4a1c83fed2bb6f9753afc6a8a7c81ee0ba Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Wed, 16 Apr 2008 07:50:09 +0000 Subject: Relevant BUGIDs: Purpose of commit: new feature Commit summary: --------------- 2008-04-16 Tomas Mraz * modules/pam_unix/Makefile.am: Link unix_chkpwd with libaudit. * modules/pam_unix/unix_chkpwd.c(_audit_log): New function for audit. (main): Call _audit_log() when appropriate. --- modules/pam_unix/Makefile.am | 2 +- modules/pam_unix/unix_chkpwd.c | 48 +++++++++++++++++++++++++++++++++++++++--- 2 files changed, 46 insertions(+), 4 deletions(-) (limited to 'modules/pam_unix') diff --git a/modules/pam_unix/Makefile.am b/modules/pam_unix/Makefile.am index 61a3b0ce..c4f746c9 100644 --- a/modules/pam_unix/Makefile.am +++ b/modules/pam_unix/Makefile.am @@ -50,7 +50,7 @@ unix_chkpwd_SOURCES = unix_chkpwd.c md5_good.c md5_broken.c bigcrypt.c \ passverify.c unix_chkpwd_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@ -DHELPER_COMPILE=\"unix_chkpwd\" unix_chkpwd_LDFLAGS = @PIE_LDFLAGS@ -unix_chkpwd_LDADD = @LIBCRYPT@ @LIBSELINUX@ +unix_chkpwd_LDADD = @LIBCRYPT@ @LIBSELINUX@ @LIBAUDIT@ unix_update_SOURCES = unix_update.c md5_good.c md5_broken.c bigcrypt.c \ passverify.c diff --git a/modules/pam_unix/unix_chkpwd.c b/modules/pam_unix/unix_chkpwd.c index 5f872d27..b4f9b3df 100644 --- a/modules/pam_unix/unix_chkpwd.c +++ b/modules/pam_unix/unix_chkpwd.c @@ -24,6 +24,10 @@ #include #include #include +#include +#ifdef HAVE_LIBAUDIT +#include +#endif #include #include @@ -54,6 +58,37 @@ static int _check_expiry(const char *uname) return retval; } +static int _audit_log(int type, const char *uname, int rc) +{ +#ifdef HAVE_LIBAUDIT + int audit_fd; + + audit_fd = audit_open(); + if (audit_fd < 0) { + /* You get these error codes only when the kernel doesn't have + * audit compiled in. */ + if (errno == EINVAL || errno == EPROTONOSUPPORT || + errno == EAFNOSUPPORT) + return PAM_SUCCESS; + + helper_log_err(LOG_CRIT, "audit_open() failed: %m"); + return PAM_AUTH_ERR; + } + + rc = audit_log_acct_message(audit_fd, type, NULL, "PAM:unix_chkpwd", + uname, -1, NULL, NULL, NULL, rc == PAM_SUCCESS); + if (rc == -EPERM && geteuid() != 0) { + rc = 0; + } + + audit_close(audit_fd); + + return rc < 0 ? PAM_AUTH_ERR : PAM_SUCCESS; +#else + return PAM_SUCCESS; +#endif +} + int main(int argc, char *argv[]) { char pass[MAXPASS + 1]; @@ -82,6 +117,7 @@ int main(int argc, char *argv[]) helper_log_err(LOG_NOTICE ,"inappropriate use of Unix helper binary [UID=%d]" ,getuid()); + _audit_log(AUDIT_ANOM_EXEC, getuidname(getuid()), PAM_SYSTEM_ERR); fprintf(stderr ,"This binary is not designed for running in this way\n" "-- the system administrator has been informed\n"); @@ -118,9 +154,10 @@ int main(int argc, char *argv[]) nullok = 1; else if (strcmp(option, "nonull") == 0) nullok = 0; - else + else { + _audit_log(AUDIT_ANOM_EXEC, getuidname(getuid()), PAM_SYSTEM_ERR); return PAM_SYSTEM_ERR; - + } /* read the password from stdin (a pipe from the pam_unix module) */ npass = read_passwords(STDIN_FILENO, 1, passwords); @@ -141,11 +178,16 @@ int main(int argc, char *argv[]) /* return pass or fail */ if (retval != PAM_SUCCESS) { - if (!nullok || !blankpass) + if (!nullok || !blankpass) { /* no need to log blank pass test */ + if (getuid() != 0) + _audit_log(AUDIT_USER_AUTH, user, PAM_AUTH_ERR); helper_log_err(LOG_NOTICE, "password check failed for user (%s)", user); + } return PAM_AUTH_ERR; } else { + if (getuid() != 0) + return _audit_log(AUDIT_USER_AUTH, user, PAM_SUCCESS); return PAM_SUCCESS; } } -- cgit v1.2.3 From cf90454cdde0b0a905877dd0b02042347184729c Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Wed, 14 May 2008 13:03:39 +0000 Subject: Relevant BUGIDs: Purpose of commit: bugfix Commit summary: --------------- 2008-05-14 Tomas Mraz * modules/pam_unix/pam_unix_passwd.c(pam_sm_chauthtok): Unset authtok item when password is not approved. * modules/pam_unix/support.c(_unix_read_password): UNIX_USE_FIRST_PASS is always set when UNIX_AUTHTOK is set, change order of conditions. --- ChangeLog | 5 +++++ modules/pam_unix/pam_unix_passwd.c | 4 ++++ modules/pam_unix/support.c | 4 ++-- 3 files changed, 11 insertions(+), 2 deletions(-) (limited to 'modules/pam_unix') diff --git a/ChangeLog b/ChangeLog index 0546b9c7..d3268d61 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,11 @@ * libpam/pam_modutil_getspnam.c: Likewise. * libpam/pam_modutil_private.h: Adjust values for PWD_ constants. + * modules/pam_unix/pam_unix_passwd.c(pam_sm_chauthtok): Unset authtok + item when password is not approved. + * modules/pam_unix/support.c(_unix_read_password): UNIX_USE_FIRST_PASS + is always set when UNIX_AUTHTOK is set, change order of conditions. + 2008-05-02 Tomas Mraz * modules/pam_selinux/pam_selinux.c(query_response): Add handling diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index d221220f..0a429756 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -699,6 +699,10 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, pass_new = NULL; } retval = _pam_unix_approve_pass(pamh, ctrl, pass_old, pass_new); + + if (retval != PAM_SUCCESS && off(UNIX_NOT_SET_PASS, ctrl)) { + pam_set_item(pamh, PAM_AUTHTOK, NULL); + } } if (retval != PAM_SUCCESS) { diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index b82cad26..781d0006 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -743,11 +743,11 @@ int _unix_read_password(pam_handle_t * pamh return retval; } else if (*pass != NULL) { /* we have a password! */ return PAM_SUCCESS; - } else if (on(UNIX_USE_FIRST_PASS, ctrl)) { - return PAM_AUTHTOK_RECOVERY_ERR; /* didn't work */ } else if (on(UNIX_USE_AUTHTOK, ctrl) && off(UNIX__OLD_PASSWD, ctrl)) { return PAM_AUTHTOK_ERR; + } else if (on(UNIX_USE_FIRST_PASS, ctrl)) { + return PAM_AUTHTOK_RECOVERY_ERR; /* didn't work */ } } /* -- cgit v1.2.3 From 8f0abb6a4553664074d27bd6c6ddea09598c7e72 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Sun, 22 Jun 2008 09:13:39 +0000 Subject: Relevant BUGIDs: Purpose of commit: bugfix Commit summary: --------------- 2008-06-22 Thorsten Kukuk * modules/pam_unix/unix_chkpwd.c (main): Fix compiling without audit support. * modules/pam_cracklib/pam_cracklib.8.xml: Fix typo in ucredit description (reported by Wayne Pollock ) --- ChangeLog | 8 ++++++++ modules/pam_cracklib/pam_cracklib.8.xml | 2 +- modules/pam_unix/unix_chkpwd.c | 23 ++++++++++++++++------- 3 files changed, 25 insertions(+), 8 deletions(-) (limited to 'modules/pam_unix') diff --git a/ChangeLog b/ChangeLog index f01c7cec..19237f55 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2008-06-22 Thorsten Kukuk + + * modules/pam_unix/unix_chkpwd.c (main): Fix compiling without + audit support. + + * modules/pam_cracklib/pam_cracklib.8.xml: Fix typo in ucredit + description (reported by Wayne Pollock ) + 2008-06-19 Tomas Mraz * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): diff --git a/modules/pam_cracklib/pam_cracklib.8.xml b/modules/pam_cracklib/pam_cracklib.8.xml index 589e7b44..823a0bce 100644 --- a/modules/pam_cracklib/pam_cracklib.8.xml +++ b/modules/pam_cracklib/pam_cracklib.8.xml @@ -281,7 +281,7 @@ than 10. - (N > 0) This is the minimum number of upper + (N < 0) This is the minimum number of upper case letters that must be met for a new password. diff --git a/modules/pam_unix/unix_chkpwd.c b/modules/pam_unix/unix_chkpwd.c index b4f9b3df..61675ed2 100644 --- a/modules/pam_unix/unix_chkpwd.c +++ b/modules/pam_unix/unix_chkpwd.c @@ -47,7 +47,7 @@ static int _check_expiry(const char *uname) printf("-1\n"); return retval; } - + if (spent == NULL) { printf("-1\n"); return retval; @@ -58,9 +58,9 @@ static int _check_expiry(const char *uname) return retval; } +#ifdef HAVE_LIBAUDIT static int _audit_log(int type, const char *uname, int rc) { -#ifdef HAVE_LIBAUDIT int audit_fd; audit_fd = audit_open(); @@ -84,10 +84,8 @@ static int _audit_log(int type, const char *uname, int rc) audit_close(audit_fd); return rc < 0 ? PAM_AUTH_ERR : PAM_SUCCESS; -#else - return PAM_SUCCESS; -#endif } +#endif int main(int argc, char *argv[]) { @@ -117,7 +115,9 @@ int main(int argc, char *argv[]) helper_log_err(LOG_NOTICE ,"inappropriate use of Unix helper binary [UID=%d]" ,getuid()); +#ifdef HAVE_LIBAUDIT _audit_log(AUDIT_ANOM_EXEC, getuidname(getuid()), PAM_SYSTEM_ERR); +#endif fprintf(stderr ,"This binary is not designed for running in this way\n" "-- the system administrator has been informed\n"); @@ -148,14 +148,16 @@ int main(int argc, char *argv[]) if (strcmp(option, "chkexpiry") == 0) /* Check account information from the shadow file */ - return _check_expiry(argv[1]); + return _check_expiry(argv[1]); /* read the nullok/nonull option */ else if (strcmp(option, "nullok") == 0) nullok = 1; else if (strcmp(option, "nonull") == 0) nullok = 0; else { +#ifdef HAVE_LIBAUDIT _audit_log(AUDIT_ANOM_EXEC, getuidname(getuid()), PAM_SYSTEM_ERR); +#endif return PAM_SYSTEM_ERR; } /* read the password from stdin (a pipe from the pam_unix module) */ @@ -180,14 +182,21 @@ int main(int argc, char *argv[]) if (retval != PAM_SUCCESS) { if (!nullok || !blankpass) { /* no need to log blank pass test */ +#ifdef HAVE_LIBAUDIT if (getuid() != 0) _audit_log(AUDIT_USER_AUTH, user, PAM_AUTH_ERR); +#endif helper_log_err(LOG_NOTICE, "password check failed for user (%s)", user); } return PAM_AUTH_ERR; } else { - if (getuid() != 0) + if (getuid() != 0) { +#ifdef HAVE_LIBAUDIT return _audit_log(AUDIT_USER_AUTH, user, PAM_SUCCESS); +#else + return PAM_SUCCESS; +#endif + } return PAM_SUCCESS; } } -- cgit v1.2.3 From a56a27d91b53f6029760d6a0e38b44b46f086f87 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Tue, 8 Jul 2008 11:20:25 +0000 Subject: Relevant BUGIDs: Purpose of commit: bugfix Commit summary: --------------- 2008-07-08 Thorsten Kukuk * modules/pam_unix/passverify.c (verify_pwd_hash): Adjust debug statement. --- ChangeLog | 5 +++++ modules/pam_unix/passverify.c | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) (limited to 'modules/pam_unix') diff --git a/ChangeLog b/ChangeLog index 19237f55..3a443060 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2008-07-08 Thorsten Kukuk + + * modules/pam_unix/passverify.c (verify_pwd_hash): Adjust debug + statement. + 2008-06-22 Thorsten Kukuk * modules/pam_unix/unix_chkpwd.c (main): Fix compiling without diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 6d588e63..ce5bc450 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -117,7 +117,7 @@ verify_pwd_hash(const char *p, char *hash, unsigned int nullok) p = NULL; /* no longer needed here */ /* the moment of truth -- do we agree with the password? */ - D(("comparing state of pp[%s] and salt[%s]", pp, salt)); + D(("comparing state of pp[%s] and hash[%s]", pp, hash)); if (pp && strcmp(pp, hash) == 0) { retval = PAM_SUCCESS; -- cgit v1.2.3 From 0323cbc3d94badc4d5e941a8fb679444dcb72bbb Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Fri, 11 Jul 2008 15:29:00 +0000 Subject: Relevant BUGIDs: #2009766 Purpose of commit: bugfix Commit summary: --------------- 2008-07-11 Tomas Mraz * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Do not close the pipe descriptor in borderline case (#2009766) * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): Likewise. * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise. * modules/pam_unix/support.h: Define upper limit of fds we will attempt to close. --- ChangeLog | 10 ++++++++++ modules/pam_unix/pam_unix_acct.c | 13 ++++++------- modules/pam_unix/pam_unix_passwd.c | 10 +++++----- modules/pam_unix/support.c | 8 ++++---- modules/pam_unix/support.h | 2 +- 5 files changed, 26 insertions(+), 17 deletions(-) (limited to 'modules/pam_unix') diff --git a/ChangeLog b/ChangeLog index 52841d5b..0301b581 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,13 @@ +2008-07-11 Tomas Mraz + + * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Do + not close the pipe descriptor in borderline case (#2009766) + * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): + Likewise. + * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise. + * modules/pam_unix/support.h: Define upper limit of fds we will + attempt to close. + 2008-07-09 Thorsten Kukuk * modules/pam_exec/pam_exec.c (call_exec): Move all variable diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index c09bc175..3a40d8d3 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -91,21 +91,21 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, /* fork */ child = fork(); if (child == 0) { - size_t i=0; + int i=0; struct rlimit rlim; static char *envp[] = { NULL }; char *args[] = { NULL, NULL, NULL, NULL }; - close(0); close(1); - /* reopen stdin as pipe */ - close(fds[0]); + /* reopen stdout as pipe */ dup2(fds[1], STDOUT_FILENO); /* XXX - should really tidy up PAM here too */ if (getrlimit(RLIMIT_NOFILE,&rlim)==0) { - for (i=2; i < rlim.rlim_max; i++) { - if ((unsigned int)fds[1] != i) { + if (rlim.rlim_max >= MAX_FD_NO) + rlim.rlim_max = MAX_FD_NO; + for (i=0; i < (int)rlim.rlim_max; i++) { + if (i != STDOUT_FILENO) { close(i); } } @@ -126,7 +126,6 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, pam_syslog(pamh, LOG_ERR, "helper binary execve failed: %m"); /* should not get here: exit with error */ - close (fds[1]); D(("helper binary is not available")); printf("-1\n"); exit(PAM_AUTHINFO_UNAVAIL); diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 0a429756..abb04c53 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -163,7 +163,7 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const /* fork */ child = fork(); if (child == 0) { - size_t i=0; + int i=0; struct rlimit rlim; static char *envp[] = { NULL }; char *args[] = { NULL, NULL, NULL, NULL, NULL, NULL }; @@ -171,14 +171,14 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const /* XXX - should really tidy up PAM here too */ - close(0); close(1); /* reopen stdin as pipe */ - close(fds[1]); dup2(fds[0], STDIN_FILENO); if (getrlimit(RLIMIT_NOFILE,&rlim)==0) { - for (i=2; i < rlim.rlim_max; i++) { - if ((unsigned int)fds[0] != i) + if (rlim.rlim_max >= MAX_FD_NO) + rlim.rlim_max = MAX_FD_NO; + for (i=0; i < (int)rlim.rlim_max; i++) { + if (i != STDIN_FILENO) close(i); } } diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 781d0006..db630f51 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -427,14 +427,14 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, /* XXX - should really tidy up PAM here too */ - close(0); close(1); /* reopen stdin as pipe */ - close(fds[1]); dup2(fds[0], STDIN_FILENO); if (getrlimit(RLIMIT_NOFILE,&rlim)==0) { - for (i=2; i < (int)rlim.rlim_max; i++) { - if (fds[0] != i) + if (rlim.rlim_max >= MAX_FD_NO) + rlim.rlim_max = MAX_FD_NO; + for (i=0; i < (int)rlim.rlim_max; i++) { + if (i != STDIN_FILENO) close(i); } } diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h index 9d4f8b85..a33dadaa 100644 --- a/modules/pam_unix/support.h +++ b/modules/pam_unix/support.h @@ -91,7 +91,6 @@ typedef struct { /* -------------- */ #define UNIX_CTRLS_ 26 /* number of ctrl arguments defined */ - static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = { /* symbol token name ctrl mask ctrl * @@ -127,6 +126,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) +#define MAX_FD_NO 2000000 /* use this to free strings. ESPECIALLY password strings */ -- cgit v1.2.3 From 498944b7863f188fa1d8e3c4c620bb1681294fee Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Sun, 27 Jul 2008 09:11:48 +0000 Subject: Relevant BUGIDs: Debian bug #470137 Purpose of commit: bugfix Commit summary: --------------- 2008-07-27 Steve Langasek * modules/pam_*/pam_*.8.xml: fix up the references to pam.d, which is in manpage section 5, not 8. --- ChangeLog | 5 +++++ modules/pam_access/pam_access.8.xml | 2 +- modules/pam_cracklib/pam_cracklib.8.xml | 2 +- modules/pam_debug/pam_debug.8.xml | 2 +- modules/pam_deny/pam_deny.8.xml | 2 +- modules/pam_echo/pam_echo.8.xml | 2 +- modules/pam_env/pam_env.8.xml | 2 +- modules/pam_exec/pam_exec.8.xml | 2 +- modules/pam_faildelay/pam_faildelay.8.xml | 2 +- modules/pam_filter/pam_filter.8.xml | 2 +- modules/pam_ftp/pam_ftp.8.xml | 2 +- modules/pam_group/pam_group.8.xml | 2 +- modules/pam_issue/pam_issue.8.xml | 2 +- modules/pam_keyinit/pam_keyinit.8.xml | 2 +- modules/pam_lastlog/pam_lastlog.8.xml | 2 +- modules/pam_limits/pam_limits.8.xml | 2 +- modules/pam_listfile/pam_listfile.8.xml | 2 +- modules/pam_localuser/pam_localuser.8.xml | 2 +- modules/pam_loginuid/pam_loginuid.8.xml | 2 +- modules/pam_mail/pam_mail.8.xml | 2 +- modules/pam_mkhomedir/pam_mkhomedir.8.xml | 2 +- modules/pam_motd/pam_motd.8.xml | 2 +- modules/pam_namespace/pam_namespace.8.xml | 2 +- modules/pam_nologin/pam_nologin.8.xml | 2 +- modules/pam_permit/pam_permit.8.xml | 2 +- modules/pam_rhosts/pam_rhosts.8.xml | 2 +- modules/pam_rootok/pam_rootok.8.xml | 2 +- modules/pam_securetty/pam_securetty.8.xml | 2 +- modules/pam_selinux/pam_selinux.8.xml | 2 +- modules/pam_shells/pam_shells.8.xml | 2 +- modules/pam_tally/pam_tally.8.xml | 2 +- modules/pam_time/pam_time.8.xml | 2 +- modules/pam_umask/pam_umask.8.xml | 2 +- modules/pam_unix/pam_unix.8.xml | 2 +- modules/pam_userdb/pam_userdb.8.xml | 2 +- modules/pam_warn/pam_warn.8.xml | 2 +- modules/pam_wheel/pam_wheel.8.xml | 2 +- modules/pam_xauth/pam_xauth.8.xml | 2 +- 38 files changed, 42 insertions(+), 37 deletions(-) (limited to 'modules/pam_unix') diff --git a/ChangeLog b/ChangeLog index 57ec8afd..411a1fba 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2008-07-27 Steve Langasek + + * modules/pam_*/pam_*.8.xml: fix up the references to pam.d, + which is in manpage section 5, not 8. + 2008-07-26 Steve Langasek * modules/pam_env/pam_env.c: Fix module to skip over diff --git a/modules/pam_access/pam_access.8.xml b/modules/pam_access/pam_access.8.xml index 21970d49..68f21bab 100644 --- a/modules/pam_access/pam_access.8.xml +++ b/modules/pam_access/pam_access.8.xml @@ -231,7 +231,7 @@ access.conf5 , - pam.d8 + pam.d5 , pam8 diff --git a/modules/pam_cracklib/pam_cracklib.8.xml b/modules/pam_cracklib/pam_cracklib.8.xml index 823a0bce..c1731d29 100644 --- a/modules/pam_cracklib/pam_cracklib.8.xml +++ b/modules/pam_cracklib/pam_cracklib.8.xml @@ -495,7 +495,7 @@ password required pam_unix.so use_authtok nullok md5 pam.conf5 , - pam.d8 + pam.d5 , pam8 diff --git a/modules/pam_debug/pam_debug.8.xml b/modules/pam_debug/pam_debug.8.xml index 65519852..db775067 100644 --- a/modules/pam_debug/pam_debug.8.xml +++ b/modules/pam_debug/pam_debug.8.xml @@ -213,7 +213,7 @@ auth sufficient pam_debug.so auth=success cred=success pam.conf5 , - pam.d8 + pam.d5 , pam8 diff --git a/modules/pam_deny/pam_deny.8.xml b/modules/pam_deny/pam_deny.8.xml index e50beb2d..4f45fa9a 100644 --- a/modules/pam_deny/pam_deny.8.xml +++ b/modules/pam_deny/pam_deny.8.xml @@ -117,7 +117,7 @@ other session required pam_deny.so pam.conf5 , - pam.d8 + pam.d5 , pam8 diff --git a/modules/pam_echo/pam_echo.8.xml b/modules/pam_echo/pam_echo.8.xml index 4a495195..4f4c2428 100644 --- a/modules/pam_echo/pam_echo.8.xml +++ b/modules/pam_echo/pam_echo.8.xml @@ -154,7 +154,7 @@ password required pam_unix.so pam.conf8 , - pam.d8 + pam.d5 , pam8 diff --git a/modules/pam_env/pam_env.8.xml b/modules/pam_env/pam_env.8.xml index 731c20b2..1187d507 100644 --- a/modules/pam_env/pam_env.8.xml +++ b/modules/pam_env/pam_env.8.xml @@ -189,7 +189,7 @@ pam_env.conf5 , - pam.d8 + pam.d5 , pam8 diff --git a/modules/pam_exec/pam_exec.8.xml b/modules/pam_exec/pam_exec.8.xml index f4dc1e15..3ee5315e 100644 --- a/modules/pam_exec/pam_exec.8.xml +++ b/modules/pam_exec/pam_exec.8.xml @@ -199,7 +199,7 @@ pam.conf5 , - pam.d8 + pam.d5 , pam8 diff --git a/modules/pam_faildelay/pam_faildelay.8.xml b/modules/pam_faildelay/pam_faildelay.8.xml index d2dfd266..57b3305a 100644 --- a/modules/pam_faildelay/pam_faildelay.8.xml +++ b/modules/pam_faildelay/pam_faildelay.8.xml @@ -118,7 +118,7 @@ auth optional pam_faildelay.so delay=10000000 pam.conf5 , - pam.d8 + pam.d5 , pam8 diff --git a/modules/pam_filter/pam_filter.8.xml b/modules/pam_filter/pam_filter.8.xml index d15d7e97..faf97911 100644 --- a/modules/pam_filter/pam_filter.8.xml +++ b/modules/pam_filter/pam_filter.8.xml @@ -243,7 +243,7 @@ pam.conf5 , - pam.d8 + pam.d5 , pam8 diff --git a/modules/pam_ftp/pam_ftp.8.xml b/modules/pam_ftp/pam_ftp.8.xml index aca21694..f99256c0 100644 --- a/modules/pam_ftp/pam_ftp.8.xml +++ b/modules/pam_ftp/pam_ftp.8.xml @@ -165,7 +165,7 @@ auth required pam_listfile.so \ pam.conf5 , - pam.d8 + pam.d5 , pam8 diff --git a/modules/pam_group/pam_group.8.xml b/modules/pam_group/pam_group.8.xml index f7488fb3..114d0c51 100644 --- a/modules/pam_group/pam_group.8.xml +++ b/modules/pam_group/pam_group.8.xml @@ -145,7 +145,7 @@ group.conf5 , - pam.d8 + pam.d5 , pam8 diff --git a/modules/pam_issue/pam_issue.8.xml b/modules/pam_issue/pam_issue.8.xml index fd0d06ae..916dd5e7 100644 --- a/modules/pam_issue/pam_issue.8.xml +++ b/modules/pam_issue/pam_issue.8.xml @@ -216,7 +216,7 @@ pam.conf5 , - pam.d8 + pam.d5 , pam8 diff --git a/modules/pam_keyinit/pam_keyinit.8.xml b/modules/pam_keyinit/pam_keyinit.8.xml index c7dddf54..f3e64b3d 100644 --- a/modules/pam_keyinit/pam_keyinit.8.xml +++ b/modules/pam_keyinit/pam_keyinit.8.xml @@ -220,7 +220,7 @@ session required pam_keyinit.so pam.conf5 , - pam.d8 + pam.d5 , pam8 diff --git a/modules/pam_lastlog/pam_lastlog.8.xml b/modules/pam_lastlog/pam_lastlog.8.xml index 066eff58..a738402c 100644 --- a/modules/pam_lastlog/pam_lastlog.8.xml +++ b/modules/pam_lastlog/pam_lastlog.8.xml @@ -213,7 +213,7 @@ pam.conf5 , - pam.d8 + pam.d5 , pam8 diff --git a/modules/pam_limits/pam_limits.8.xml b/modules/pam_limits/pam_limits.8.xml index 98afdcd4..05c4d160 100644 --- a/modules/pam_limits/pam_limits.8.xml +++ b/modules/pam_limits/pam_limits.8.xml @@ -239,7 +239,7 @@ session required pam_limits.so limits.conf5 , - pam.d8 + pam.d5 , pam8 diff --git a/modules/pam_listfile/pam_listfile.8.xml b/modules/pam_listfile/pam_listfile.8.xml index e54e80a4..d33cdb1e 100644 --- a/modules/pam_listfile/pam_listfile.8.xml +++ b/modules/pam_listfile/pam_listfile.8.xml @@ -278,7 +278,7 @@ auth required pam_listfile.so \ pam.conf5 , - pam.d8 + pam.d5 , pam8 diff --git a/modules/pam_localuser/pam_localuser.8.xml b/modules/pam_localuser/pam_localuser.8.xml index ac00ce99..cae98ca1 100644 --- a/modules/pam_localuser/pam_localuser.8.xml +++ b/modules/pam_localuser/pam_localuser.8.xml @@ -155,7 +155,7 @@ account required pam_wheel.so pam.conf5 , - pam.d8 + pam.d5 , pam8 diff --git a/modules/pam_loginuid/pam_loginuid.8.xml b/modules/pam_loginuid/pam_loginuid.8.xml index f50336d0..801c88f9 100644 --- a/modules/pam_loginuid/pam_loginuid.8.xml +++ b/modules/pam_loginuid/pam_loginuid.8.xml @@ -101,7 +101,7 @@ session required pam_loginuid.so pam.conf5 , - pam.d8 + pam.d5 , pam8 diff --git a/modules/pam_mail/pam_mail.8.xml b/modules/pam_mail/pam_mail.8.xml index 2e97d999..17677c73 100644 --- a/modules/pam_mail/pam_mail.8.xml +++ b/modules/pam_mail/pam_mail.8.xml @@ -262,7 +262,7 @@ session optional pam_mail.so standard pam.conf5 , - pam.d8 + pam.d5 , pam8 diff --git a/modules/pam_mkhomedir/pam_mkhomedir.8.xml b/modules/pam_mkhomedir/pam_mkhomedir.8.xml index 3c40de15..aeb619f0 100644 --- a/modules/pam_mkhomedir/pam_mkhomedir.8.xml +++ b/modules/pam_mkhomedir/pam_mkhomedir.8.xml @@ -186,7 +186,7 @@ SEE ALSO - pam.d8 + pam.d5 , pam8 diff --git a/modules/pam_motd/pam_motd.8.xml b/modules/pam_motd/pam_motd.8.xml index 7bd6798c..69e9efd8 100644 --- a/modules/pam_motd/pam_motd.8.xml +++ b/modules/pam_motd/pam_motd.8.xml @@ -96,7 +96,7 @@ session optional pam_motd.so motd=/etc/motd pam.conf5 , - pam.d8 + pam.d5 , pam8 diff --git a/modules/pam_namespace/pam_namespace.8.xml b/modules/pam_namespace/pam_namespace.8.xml index 787aba4a..bb9b3e34 100644 --- a/modules/pam_namespace/pam_namespace.8.xml +++ b/modules/pam_namespace/pam_namespace.8.xml @@ -365,7 +365,7 @@ namespace.conf5 , - pam.d8 + pam.d5 , mount8 diff --git a/modules/pam_nologin/pam_nologin.8.xml b/modules/pam_nologin/pam_nologin.8.xml index 9710df9d..c9a81792 100644 --- a/modules/pam_nologin/pam_nologin.8.xml +++ b/modules/pam_nologin/pam_nologin.8.xml @@ -156,7 +156,7 @@ auth required pam_nologin.so pam.conf5 , - pam.d8 + pam.d5 , pam8 diff --git a/modules/pam_permit/pam_permit.8.xml b/modules/pam_permit/pam_permit.8.xml index 4db7a963..6ecc34ac 100644 --- a/modules/pam_permit/pam_permit.8.xml +++ b/modules/pam_permit/pam_permit.8.xml @@ -87,7 +87,7 @@ account required pam_permit.so pam.conf5 , - pam.d8 + pam.d5 , pam8 diff --git a/modules/pam_rhosts/pam_rhosts.8.xml b/modules/pam_rhosts/pam_rhosts.8.xml index e559f315..194f956e 100644 --- a/modules/pam_rhosts/pam_rhosts.8.xml +++ b/modules/pam_rhosts/pam_rhosts.8.xml @@ -153,7 +153,7 @@ auth required pam_unix.so pam.conf5 , - pam.d8 + pam.d5 , pam8 diff --git a/modules/pam_rootok/pam_rootok.8.xml b/modules/pam_rootok/pam_rootok.8.xml index ec8dee43..ed26d357 100644 --- a/modules/pam_rootok/pam_rootok.8.xml +++ b/modules/pam_rootok/pam_rootok.8.xml @@ -112,7 +112,7 @@ auth required pam_unix.so pam.conf5 , - pam.d8 + pam.d5 , pam8 diff --git a/modules/pam_securetty/pam_securetty.8.xml b/modules/pam_securetty/pam_securetty.8.xml index ef8562ea..0ba44413 100644 --- a/modules/pam_securetty/pam_securetty.8.xml +++ b/modules/pam_securetty/pam_securetty.8.xml @@ -149,7 +149,7 @@ auth required pam_unix.so pam.conf5 , - pam.d8 + pam.d5 , pam8 diff --git a/modules/pam_selinux/pam_selinux.8.xml b/modules/pam_selinux/pam_selinux.8.xml index ab368a87..d9ff1770 100644 --- a/modules/pam_selinux/pam_selinux.8.xml +++ b/modules/pam_selinux/pam_selinux.8.xml @@ -223,7 +223,7 @@ session optional pam_selinux.so pam.conf5 , - pam.d8 + pam.d5 , pam8 diff --git a/modules/pam_shells/pam_shells.8.xml b/modules/pam_shells/pam_shells.8.xml index abbd5cbd..72191da8 100644 --- a/modules/pam_shells/pam_shells.8.xml +++ b/modules/pam_shells/pam_shells.8.xml @@ -99,7 +99,7 @@ auth required pam_shells.so pam.conf5 , - pam.d8 + pam.d5 , pam8 diff --git a/modules/pam_tally/pam_tally.8.xml b/modules/pam_tally/pam_tally.8.xml index 68b69a30..bd86e80f 100644 --- a/modules/pam_tally/pam_tally.8.xml +++ b/modules/pam_tally/pam_tally.8.xml @@ -435,7 +435,7 @@ session optional pam_mail.so standard pam.conf5 , - pam.d8 + pam.d5 , pam8 diff --git a/modules/pam_time/pam_time.8.xml b/modules/pam_time/pam_time.8.xml index e0b149a7..490a793c 100644 --- a/modules/pam_time/pam_time.8.xml +++ b/modules/pam_time/pam_time.8.xml @@ -166,7 +166,7 @@ login account required pam_time.so time.conf5 , - pam.d8 + pam.d5 , pam8 diff --git a/modules/pam_umask/pam_umask.8.xml b/modules/pam_umask/pam_umask.8.xml index d65e6660..43eba83b 100644 --- a/modules/pam_umask/pam_umask.8.xml +++ b/modules/pam_umask/pam_umask.8.xml @@ -202,7 +202,7 @@ pam.conf5 , - pam.d8 + pam.d5 , pam8 diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml index 290cb2b9..e6a5e7fc 100644 --- a/modules/pam_unix/pam_unix.8.xml +++ b/modules/pam_unix/pam_unix.8.xml @@ -361,7 +361,7 @@ session required pam_unix.so pam.conf5 , - pam.d8 + pam.d5 , pam8 diff --git a/modules/pam_userdb/pam_userdb.8.xml b/modules/pam_userdb/pam_userdb.8.xml index 70b416b3..ea2ebfe6 100644 --- a/modules/pam_userdb/pam_userdb.8.xml +++ b/modules/pam_userdb/pam_userdb.8.xml @@ -274,7 +274,7 @@ auth sufficient pam_userdb.so icase db=/etc/dbtest.db pam.conf5 , - pam.d8 + pam.d5 , pam8 diff --git a/modules/pam_warn/pam_warn.8.xml b/modules/pam_warn/pam_warn.8.xml index b3261b86..04f29283 100644 --- a/modules/pam_warn/pam_warn.8.xml +++ b/modules/pam_warn/pam_warn.8.xml @@ -86,7 +86,7 @@ other session required pam_deny.so pam.conf5 , - pam.d8 + pam.d5 , pam8 diff --git a/modules/pam_wheel/pam_wheel.8.xml b/modules/pam_wheel/pam_wheel.8.xml index bf8b7349..1a344d08 100644 --- a/modules/pam_wheel/pam_wheel.8.xml +++ b/modules/pam_wheel/pam_wheel.8.xml @@ -224,7 +224,7 @@ su auth required pam_unix.so pam.conf5 , - pam.d8 + pam.d5 , pam8 diff --git a/modules/pam_xauth/pam_xauth.8.xml b/modules/pam_xauth/pam_xauth.8.xml index f6323f26..78184fdb 100644 --- a/modules/pam_xauth/pam_xauth.8.xml +++ b/modules/pam_xauth/pam_xauth.8.xml @@ -273,7 +273,7 @@ session optional pam_xauth.so pam.conf5 , - pam.d8 + pam.d5 , pam8 -- cgit v1.2.3 From b4a78564bec722ef5b17dbba4b2830b2c8d2085b Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Mon, 28 Jul 2008 20:51:56 +0000 Subject: Relevant BUGIDs: Purpose of commit: bugfix (thread safety) Commit summary: --------------- 2008-07-28 Steve Langasek * modules/pam_unix/passverify.c: make save_old_password() thread-safe by using pam_modutil_getpwnam() instead of getpwnam() * modules/pam_unix/passverify.c, modules/pam_unix/passverify.h, modules/pam_unix/pam_unix_passwd.c: add pamh argument to save_old_password() --- ChangeLog | 5 +++++ modules/pam_unix/pam_unix_passwd.c | 2 +- modules/pam_unix/passverify.c | 8 +++++++- modules/pam_unix/passverify.h | 6 ++++++ 4 files changed, 19 insertions(+), 2 deletions(-) (limited to 'modules/pam_unix') diff --git a/ChangeLog b/ChangeLog index 677224a7..f178342f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,11 @@ * libpamc/test/regress/test.libpamc.c: use standard u_int8_t type instead of __u8, as elsewhere. Patch from Roger Leigh . + * modules/pam_unix/passverify.c: make save_old_password() + thread-safe by using pam_modutil_getpwnam() instead of getpwnam() + * modules/pam_unix/passverify.c, modules/pam_unix/passverify.h, + modules/pam_unix/pam_unix_passwd.c: add pamh argument to + save_old_password() 2008-07-27 Steve Langasek diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index abb04c53..240caddb 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -378,7 +378,7 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho, return _unix_run_update_binary(pamh, ctrl, forwho, fromwhat, towhat, remember); #endif /* first, save old password */ - if (save_old_password(forwho, fromwhat, remember)) { + if (save_old_password(pamh, forwho, fromwhat, remember)) { retval = PAM_AUTHTOK_ERR; goto done; } diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index ce5bc450..0f58b019 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -535,9 +535,15 @@ unlock_pwdf(void) } #endif +#ifdef HELPER_COMPILE int save_old_password(const char *forwho, const char *oldpass, int howmany) +#else +int +save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass, + int howmany) +#endif { static char buf[16384]; static char nbuf[16384]; @@ -653,7 +659,7 @@ save_old_password(const char *forwho, const char *oldpass, fclose(opwfile); if (!found) { - pwd = getpwnam(forwho); + pwd = pam_modutil_getpwnam(pamh, forwho); if (pwd == NULL) { err = 1; } else { diff --git a/modules/pam_unix/passverify.h b/modules/pam_unix/passverify.h index e8e112d0..21bb9232 100644 --- a/modules/pam_unix/passverify.h +++ b/modules/pam_unix/passverify.h @@ -33,9 +33,15 @@ lock_pwdf(void); void unlock_pwdf(void); +#ifdef HELPER_COMPILE int save_old_password(const char *forwho, const char *oldpass, int howmany); +#else +int +save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass, + int howmany); +#endif #ifdef HELPER_COMPILE void -- cgit v1.2.3 From 374a7652e6ebeb9b731c41cf48aa83b603faae3e Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Mon, 18 Aug 2008 13:29:21 +0000 Subject: Relevant BUGIDs: Purpose of commit: bugfix Commit summary: --------------- 2008-08-18 Thorsten Kukuk * Makefile.am (M4_FILES): Adjust list. * modules/pam_access/pam_access.8.xml: Fix module service vs. module type. * modules/pam_cracklib/pam_cracklib.8.xml: Likewise. * modules/pam_debug/pam_debug.8.xml: Likewise. * modules/pam_deny/pam_deny.8.xml: Likewise. * modules/pam_echo/pam_echo.8.xml: Likewise. * modules/pam_env/pam_env.8.xml: Likewise. * modules/pam_exec/pam_exec.8.xml: Likewise. * modules/pam_faildelay/pam_faildelay.8.xml: Likewise. * modules/pam_filter/pam_filter.8.xml: Likewise. * modules/pam_ftp/pam_ftp.8.xml: Likewise. * modules/pam_group/pam_group.8.xml: Likewise. * modules/pam_issue/pam_issue.8.xml: Likewise. * modules/pam_keyinit/pam_keyinit.8.xml: Likewise. * modules/pam_lastlog/pam_lastlog.8.xml: Likewise. * modules/pam_limits/pam_limits.8.xml: Likewise. * modules/pam_listfile/pam_listfile.8.xml: Likewise. * modules/pam_localuser/pam_localuser.8.xml: Likewise. * modules/pam_loginuid/pam_loginuid.8.xml: Likewise. * modules/pam_mail/pam_mail.8.xml: Likewise. * modules/pam_mkhomedir/pam_mkhomedir.8.xml: Likewise. * modules/pam_motd/pam_motd.8.xml: Likewise. * modules/pam_namespace/pam_namespace.8.xml: Likewise. * modules/pam_nologin/pam_nologin.8.xml: Likewise. * modules/pam_permit/pam_permit.8.xml: Likewise. * modules/pam_rhosts/pam_rhosts.8.xml: Likewise. * modules/pam_rootok/pam_rootok.8.xml: Likewise. * modules/pam_securetty/pam_securetty.8.xml: Likewise. * modules/pam_selinux/pam_selinux.8.xml: Likewise. * modules/pam_sepermit/pam_sepermit.8.xml: Likewise. * modules/pam_shells/pam_shells.8.xml: Likewise. * modules/pam_succeed_if/pam_succeed_if.8.xml: Likewise. * modules/pam_tally/pam_tally.8.xml: Likewise. * modules/pam_time/pam_time.8.xml: Likewise. * modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise. * modules/pam_umask/pam_umask.8.xml: Likewise. * modules/pam_unix/pam_unix.8.xml: Likewise. * modules/pam_userdb/pam_userdb.8.xml: Likewise. * modules/pam_warn/pam_warn.8.xml: Likewise. * modules/pam_wheel/pam_wheel.8.xml: Likewise. * modules/pam_xauth/pam_xauth.8.xml: Likewise. --- ChangeLog | 90 +++++++++++++++++++++++++++++ Makefile.am | 13 ++--- configure.in | 2 +- doc/sag/pam_access.xml | 4 +- doc/sag/pam_cracklib.xml | 4 +- doc/sag/pam_debug.xml | 4 +- doc/sag/pam_deny.xml | 4 +- doc/sag/pam_echo.xml | 4 +- doc/sag/pam_env.xml | 4 +- doc/sag/pam_exec.xml | 4 +- doc/sag/pam_faildelay.xml | 4 +- doc/sag/pam_filter.xml | 4 +- doc/sag/pam_ftp.xml | 4 +- doc/sag/pam_group.xml | 4 +- doc/sag/pam_issue.xml | 4 +- doc/sag/pam_keyinit.xml | 4 +- doc/sag/pam_lastlog.xml | 4 +- doc/sag/pam_limits.xml | 4 +- doc/sag/pam_listfile.xml | 4 +- doc/sag/pam_localuser.xml | 4 +- doc/sag/pam_loginuid.xml | 4 +- doc/sag/pam_mail.xml | 4 +- doc/sag/pam_mkhomedir.xml | 4 +- doc/sag/pam_motd.xml | 4 +- doc/sag/pam_namespace.xml | 4 +- doc/sag/pam_nologin.xml | 4 +- doc/sag/pam_permit.xml | 4 +- doc/sag/pam_rhosts.xml | 4 +- doc/sag/pam_rootok.xml | 4 +- doc/sag/pam_securetty.xml | 4 +- doc/sag/pam_selinux.xml | 4 +- doc/sag/pam_sepermit.xml | 4 +- doc/sag/pam_shells.xml | 4 +- doc/sag/pam_succeed_if.xml | 4 +- doc/sag/pam_tally.xml | 4 +- doc/sag/pam_time.xml | 4 +- doc/sag/pam_tty_audit.xml | 4 +- doc/sag/pam_umask.xml | 4 +- doc/sag/pam_unix.xml | 4 +- doc/sag/pam_userdb.xml | 4 +- doc/sag/pam_warn.xml | 4 +- doc/sag/pam_wheel.xml | 4 +- doc/sag/pam_xauth.xml | 4 +- modules/pam_access/pam_access.8.xml | 9 +-- modules/pam_cracklib/pam_cracklib.8.xml | 6 +- modules/pam_debug/pam_debug.8.xml | 8 +-- modules/pam_deny/pam_deny.8.xml | 8 +-- modules/pam_echo/pam_echo.8.xml | 8 ++- modules/pam_env/pam_env.8.xml | 8 +-- modules/pam_exec/pam_exec.8.xml | 8 +-- modules/pam_faildelay/pam_faildelay.8.xml | 6 +- modules/pam_filter/pam_filter.8.xml | 8 +-- modules/pam_ftp/pam_ftp.8.xml | 6 +- modules/pam_group/pam_group.8.xml | 6 +- modules/pam_issue/pam_issue.8.xml | 6 +- modules/pam_keyinit/pam_keyinit.8.xml | 6 +- modules/pam_lastlog/pam_lastlog.8.xml | 6 +- modules/pam_limits/pam_limits.8.xml | 6 +- modules/pam_listfile/pam_listfile.8.xml | 8 +-- modules/pam_localuser/pam_localuser.8.xml | 8 +-- modules/pam_loginuid/pam_loginuid.8.xml | 6 +- modules/pam_mail/pam_mail.8.xml | 10 ++-- modules/pam_mkhomedir/pam_mkhomedir.8.xml | 6 +- modules/pam_motd/pam_motd.8.xml | 6 +- modules/pam_namespace/pam_namespace.8.xml | 8 +-- modules/pam_nologin/pam_nologin.8.xml | 8 +-- modules/pam_permit/pam_permit.8.xml | 9 +-- modules/pam_rhosts/pam_rhosts.8.xml | 6 +- modules/pam_rootok/pam_rootok.8.xml | 6 +- modules/pam_securetty/pam_securetty.8.xml | 6 +- modules/pam_selinux/pam_selinux.8.xml | 8 +-- modules/pam_sepermit/pam_sepermit.8.xml | 8 +-- modules/pam_shells/pam_shells.8.xml | 8 +-- modules/pam_succeed_if/pam_succeed_if.8.xml | 7 ++- modules/pam_tally/pam_tally.8.xml | 8 +-- modules/pam_time/pam_time.8.xml | 8 +-- modules/pam_tty_audit/pam_tty_audit.8.xml | 6 +- modules/pam_umask/pam_umask.8.xml | 6 +- modules/pam_unix/pam_unix.8.xml | 9 +-- modules/pam_userdb/pam_userdb.8.xml | 8 +-- modules/pam_warn/pam_warn.8.xml | 9 +-- modules/pam_wheel/pam_wheel.8.xml | 6 +- modules/pam_xauth/pam_xauth.8.xml | 6 +- po/Linux-PAM.pot | 67 +++++++++++---------- 84 files changed, 359 insertions(+), 262 deletions(-) (limited to 'modules/pam_unix') diff --git a/ChangeLog b/ChangeLog index 19714fbd..027417cf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,93 @@ +2008-08-18 Thorsten Kukuk + + * Makefile.am (M4_FILES): Adjust list. + + * modules/pam_access/pam_access.8.xml: Fix module service + vs. module type. + * modules/pam_cracklib/pam_cracklib.8.xml: Likewise. + * modules/pam_debug/pam_debug.8.xml: Likewise. + * modules/pam_deny/pam_deny.8.xml: Likewise. + * modules/pam_echo/pam_echo.8.xml: Likewise. + * modules/pam_env/pam_env.8.xml: Likewise. + * modules/pam_exec/pam_exec.8.xml: Likewise. + * modules/pam_faildelay/pam_faildelay.8.xml: Likewise. + * modules/pam_filter/pam_filter.8.xml: Likewise. + * modules/pam_ftp/pam_ftp.8.xml: Likewise. + * modules/pam_group/pam_group.8.xml: Likewise. + * modules/pam_issue/pam_issue.8.xml: Likewise. + * modules/pam_keyinit/pam_keyinit.8.xml: Likewise. + * modules/pam_lastlog/pam_lastlog.8.xml: Likewise. + * modules/pam_limits/pam_limits.8.xml: Likewise. + * modules/pam_listfile/pam_listfile.8.xml: Likewise. + * modules/pam_localuser/pam_localuser.8.xml: Likewise. + * modules/pam_loginuid/pam_loginuid.8.xml: Likewise. + * modules/pam_mail/pam_mail.8.xml: Likewise. + * modules/pam_mkhomedir/pam_mkhomedir.8.xml: Likewise. + * modules/pam_motd/pam_motd.8.xml: Likewise. + * modules/pam_namespace/pam_namespace.8.xml: Likewise. + * modules/pam_nologin/pam_nologin.8.xml: Likewise. + * modules/pam_permit/pam_permit.8.xml: Likewise. + * modules/pam_rhosts/pam_rhosts.8.xml: Likewise. + * modules/pam_rootok/pam_rootok.8.xml: Likewise. + * modules/pam_securetty/pam_securetty.8.xml: Likewise. + * modules/pam_selinux/pam_selinux.8.xml: Likewise. + * modules/pam_sepermit/pam_sepermit.8.xml: Likewise. + * modules/pam_shells/pam_shells.8.xml: Likewise. + * modules/pam_succeed_if/pam_succeed_if.8.xml: Likewise. + * modules/pam_tally/pam_tally.8.xml: Likewise. + * modules/pam_time/pam_time.8.xml: Likewise. + * modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise. + * modules/pam_umask/pam_umask.8.xml: Likewise. + * modules/pam_unix/pam_unix.8.xml: Likewise. + * modules/pam_userdb/pam_userdb.8.xml: Likewise. + * modules/pam_warn/pam_warn.8.xml: Likewise. + * modules/pam_wheel/pam_wheel.8.xml: Likewise. + * modules/pam_xauth/pam_xauth.8.xml: Likewise. + +2008-08-05 Thorsten Kukuk + + * modules/pam_access/pam_access.8.xml: Fix module service + vs. module type. + * modules/pam_cracklib/pam_cracklib.8.xml: Likewise. + * modules/pam_debug/pam_debug.8.xml: Likewise. + * modules/pam_deny/pam_deny.8.xml: Likewise. + * modules/pam_echo/pam_echo.8.xml: Likewise. + * modules/pam_env/pam_env.8.xml: Likewise. + * modules/pam_exec/pam_exec.8.xml: Likewise. + * modules/pam_faildelay/pam_faildelay.8.xml: Likewise. + * modules/pam_filter/pam_filter.8.xml: Likewise. + * modules/pam_ftp/pam_ftp.8.xml: Likewise. + * modules/pam_group/pam_group.8.xml: Likewise. + * modules/pam_issue/pam_issue.8.xml: Likewise. + * modules/pam_keyinit/pam_keyinit.8.xml: Likewise. + * modules/pam_lastlog/pam_lastlog.8.xml: Likewise. + * modules/pam_limits/pam_limits.8.xml: Likewise. + * modules/pam_listfile/pam_listfile.8.xml: Likewise. + * modules/pam_localuser/pam_localuser.8.xml: Likewise. + * modules/pam_loginuid/pam_loginuid.8.xml: Likewise. + * modules/pam_mail/pam_mail.8.xml: Likewise. + * modules/pam_mkhomedir/pam_mkhomedir.8.xml: Likewise. + * modules/pam_motd/pam_motd.8.xml: Likewise. + * modules/pam_namespace/pam_namespace.8.xml: Likewise. + * modules/pam_nologin/pam_nologin.8.xml: Likewise. + * modules/pam_permit/pam_permit.8.xml: Likewise. + * modules/pam_rhosts/pam_rhosts.8.xml: Likewise. + * modules/pam_rootok/pam_rootok.8.xml: Likewise. + * modules/pam_securetty/pam_securetty.8.xml: Likewise. + * modules/pam_selinux/pam_selinux.8.xml: Likewise. + * modules/pam_sepermit/pam_sepermit.8.xml: Likewise. + * modules/pam_shells/pam_shells.8.xml: Likewise. + * modules/pam_succeed_if/pam_succeed_if.8.xml: Likewise. + * modules/pam_tally/pam_tally.8.xml: Likewise. + * modules/pam_time/pam_time.8.xml: Likewise. + * modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise. + * modules/pam_umask/pam_umask.8.xml: Likewise. + * modules/pam_unix/pam_unix.8.xml: Likewise. + * modules/pam_userdb/pam_userdb.8.xml: Likewise. + * modules/pam_warn/pam_warn.8.xml: Likewise. + * modules/pam_wheel/pam_wheel.8.xml: Likewise. + * modules/pam_xauth/pam_xauth.8.xml: Likewise. + 2008-08-01 Thorsten Kukuk * configure.in: Add version for gettext, add search path diff --git a/Makefile.am b/Makefile.am index b0fd70fa..796a9507 100644 --- a/Makefile.am +++ b/Makefile.am @@ -12,16 +12,11 @@ endif CLEANFILES = *~ -M4_FILES = m4/codeset.m4 m4/gettext.m4 m4/glibc21.m4 m4/glibc2.m4 \ - m4/iconv.m4 m4/intdiv0.m4 m4/intmax.m4 m4/inttypes_h.m4 \ - m4/inttypes-h.m4 m4/inttypes.m4 m4/inttypes-pri.m4 \ - m4/isc-posix.m4 m4/jh_path_xml_catalog.m4 m4/lcmessage.m4 \ +M4_FILES = m4/gettext.m4 m4/iconv.m4 m4/intlmacosx.m4 \ + m4/japhar_grep_cflags.m4 m4/jh_path_xml_catalog.m4 \ m4/ld-as-needed.m4 m4/ld-O1.m4 m4/lib-ld.m4 m4/lib-link.m4 \ - m4/lib-prefix.m4 m4/libprelude.m4 m4/lock.m4 m4/longdouble.m4 \ - m4/longlong.m4 m4/nls.m4 m4/po.m4 m4/printf-posix.m4 \ - m4/progtest.m4 m4/signed.m4 m4/size_max.m4 m4/stdint_h.m4 \ - m4/uintmax_t.m4 m4/ulonglong.m4 m4/visibility.m4 \ - m4/wchar_t.m4 m4/wint_t.m4 m4/xsize.m4 + m4/lib-prefix.m4 m4/libprelude.m4 m4/libtool.m4 m4/nls.m4 \ + m4/po.m4 m4/progtest.m4 EXTRA_DIST = config.rpath mkinstalldirs pgp.keys.asc CHANGELOG \ Copyright $(M4_FILES) Make.xml.rules diff --git a/configure.in b/configure.in index ca64c52b..9461fd7d 100644 --- a/configure.in +++ b/configure.in @@ -3,7 +3,7 @@ AC_INIT AC_CONFIG_SRCDIR([conf/pam_conv1/pam_conv_y.y]) AM_INIT_AUTOMAKE("Linux-PAM", 1.0.90) AC_PREREQ(2.61) -AM_CONFIG_HEADER(config.h) +AC_CONFIG_HEADERS([config.h]) AC_CONFIG_MACRO_DIR([m4]) AC_CANONICAL_HOST diff --git a/doc/sag/pam_access.xml b/doc/sag/pam_access.xml index 9e2837ca..b9bf39d0 100644 --- a/doc/sag/pam_access.xml +++ b/doc/sag/pam_access.xml @@ -19,9 +19,9 @@ -
+
+ href="../../modules/pam_access/pam_access.8.xml" xpointer='xpointer(//refsect1[@id = "pam_access-types"]/*)'/>
-
+
+ href="../../modules/pam_cracklib/pam_cracklib.8.xml" xpointer='xpointer(//refsect1[@id = "pam_cracklib-types"]/*)'/>
-
+
+ href="../../modules/pam_debug/pam_debug.8.xml" xpointer='xpointer(//refsect1[@id = "pam_debug-types"]/*)'/>
-
+
+ href="../../modules/pam_deny/pam_deny.8.xml" xpointer='xpointer(//refsect1[@id = "pam_deny-types"]/*)'/>
-
+
+ href="../../modules/pam_echo/pam_echo.8.xml" xpointer='xpointer(//refsect1[@id = "pam_echo-types"]/*)'/>
-
+
+ href="../../modules/pam_env/pam_env.8.xml" xpointer='xpointer(//refsect1[@id = "pam_env-types"]/*)'/>
-
+
+ href="../../modules/pam_exec/pam_exec.8.xml" xpointer='xpointer(//refsect1[@id = "pam_exec-types"]/*)'/>
-
+
+ href="../../modules/pam_faildelay/pam_faildelay.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faildelay-types"]/*)'/>
-
+
+ href="../../modules/pam_filter/pam_filter.8.xml" xpointer='xpointer(//refsect1[@id = "pam_filter-types"]/*)'/>
-
+
+ href="../../modules/pam_ftp/pam_ftp.8.xml" xpointer='xpointer(//refsect1[@id = "pam_ftp-types"]/*)'/>
-
+
+ href="../../modules/pam_group/pam_group.8.xml" xpointer='xpointer(//refsect1[@id = "pam_group-types"]/*)'/>
-
+
+ href="../../modules/pam_issue/pam_issue.8.xml" xpointer='xpointer(//refsect1[@id = "pam_issue-types"]/*)'/>
-
+
+ href="../../modules/pam_keyinit/pam_keyinit.8.xml" xpointer='xpointer(//refsect1[@id = "pam_keyinit-types"]/*)'/>
-
+
+ href="../../modules/pam_lastlog/pam_lastlog.8.xml" xpointer='xpointer(//refsect1[@id = "pam_lastlog-types"]/*)'/>
-
+
+ href="../../modules/pam_limits/pam_limits.8.xml" xpointer='xpointer(//refsect1[@id = "pam_limits-types"]/*)'/>
-
+
+ href="../../modules/pam_listfile/pam_listfile.8.xml" xpointer='xpointer(//refsect1[@id = "pam_listfile-types"]/*)'/>
-
+
+ href="../../modules/pam_localuser/pam_localuser.8.xml" xpointer='xpointer(//refsect1[@id = "pam_localuser-types"]/*)'/>
-
+
+ href="../../modules/pam_loginuid/pam_loginuid.8.xml" xpointer='xpointer(//refsect1[@id = "pam_loginuid-types"]/*)'/>
-
+
+ href="../../modules/pam_mail/pam_mail.8.xml" xpointer='xpointer(//refsect1[@id = "pam_mail-types"]/*)'/>
-
+
+ href="../../modules/pam_mkhomedir/pam_mkhomedir.8.xml" xpointer='xpointer(//refsect1[@id = "pam_mkhomedir-types"]/*)'/>
-
+
+ href="../../modules/pam_motd/pam_motd.8.xml" xpointer='xpointer(//refsect1[@id = "pam_motd-types"]/*)'/>
-
+
+ href="../../modules/pam_namespace/pam_namespace.8.xml" xpointer='xpointer(//refsect1[@id = "pam_namespace-types"]/*)'/>
-
+
+ href="../../modules/pam_nologin/pam_nologin.8.xml" xpointer='xpointer(//refsect1[@id = "pam_nologin-types"]/*)'/>
-
+
+ href="../../modules/pam_permit/pam_permit.8.xml" xpointer='xpointer(//refsect1[@id = "pam_permit-types"]/*)'/>
-
+
+ href="../../modules/pam_rhosts/pam_rhosts.8.xml" xpointer='xpointer(//refsect1[@id = "pam_rhosts-types"]/*)'/>
-
+
+ href="../../modules/pam_rootok/pam_rootok.8.xml" xpointer='xpointer(//refsect1[@id = "pam_rootok-types"]/*)'/>
-
+
+ href="../../modules/pam_securetty/pam_securetty.8.xml" xpointer='xpointer(//refsect1[@id = "pam_securetty-types"]/*)'/>
-
+
+ href="../../modules/pam_selinux/pam_selinux.8.xml" xpointer='xpointer(//refsect1[@id = "pam_selinux-types"]/*)'/>
-
+
+ href="../../modules/pam_sepermit/pam_sepermit.8.xml" xpointer='xpointer(//refsect1[@id = "pam_sepermit-types"]/*)'/>
-
+
+ href="../../modules/pam_shells/pam_shells.8.xml" xpointer='xpointer(//refsect1[@id = "pam_shells-types"]/*)'/>
-
+
+ href="../../modules/pam_succeed_if/pam_succeed_if.8.xml" xpointer='xpointer(//refsect1[@id = "pam_succeed_if-types"]/*)'/>
-
+
+ href="../../modules/pam_tally/pam_tally.8.xml" xpointer='xpointer(//refsect1[@id = "pam_tally-types"]/*)'/>
-
+
+ href="../../modules/pam_time/pam_time.8.xml" xpointer='xpointer(//refsect1[@id = "pam_time-types"]/*)'/>
-
+
+ href="../../modules/pam_tty_audit/pam_tty_audit.8.xml" xpointer='xpointer(//refsect1[@id = "pam_tty_audit-types"]/*)'/>
-
+
+ href="../../modules/pam_umask/pam_umask.8.xml" xpointer='xpointer(//refsect1[@id = "pam_umask-types"]/*)'/>
-
+
+ href="../../modules/pam_unix/pam_unix.8.xml" xpointer='xpointer(//refsect1[@id = "pam_unix-types"]/*)'/>
-
+
+ href="../../modules/pam_userdb/pam_userdb.8.xml" xpointer='xpointer(//refsect1[@id = "pam_userdb-types"]/*)'/>
-
+
+ href="../../modules/pam_warn/pam_warn.8.xml" xpointer='xpointer(//refsect1[@id = "pam_warn-types"]/*)'/>
-
+
+ href="../../modules/pam_wheel/pam_wheel.8.xml" xpointer='xpointer(//refsect1[@id = "pam_wheel-types"]/*)'/>
-
+
+ href="../../modules/pam_xauth/pam_xauth.8.xml" xpointer='xpointer(//refsect1[@id = "pam_xauth-types"]/*)'/>
If Linux PAM is compiled with audit support the module will report - when it denies access based on origin (host or tty). + when it denies access based on origin (host or tty). @@ -159,10 +159,11 @@ - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - All services are supported. + All module types (, , + and ) are provided. diff --git a/modules/pam_cracklib/pam_cracklib.8.xml b/modules/pam_cracklib/pam_cracklib.8.xml index ee9a5917..2f1eecbc 100644 --- a/modules/pam_cracklib/pam_cracklib.8.xml +++ b/modules/pam_cracklib/pam_cracklib.8.xml @@ -376,10 +376,10 @@ - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - Only the service is supported. + Only the module type is provided. diff --git a/modules/pam_debug/pam_debug.8.xml b/modules/pam_debug/pam_debug.8.xml index db775067..3d85f4d8 100644 --- a/modules/pam_debug/pam_debug.8.xml +++ b/modules/pam_debug/pam_debug.8.xml @@ -171,11 +171,11 @@ - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - The services , , - and are supported. + All module types (, , + and ) are provided. diff --git a/modules/pam_deny/pam_deny.8.xml b/modules/pam_deny/pam_deny.8.xml index 4f45fa9a..a9283582 100644 --- a/modules/pam_deny/pam_deny.8.xml +++ b/modules/pam_deny/pam_deny.8.xml @@ -38,11 +38,11 @@ This module does not recognise any options. - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - All services (, , - and ) are supported. + All module types (, , + and ) are provided. diff --git a/modules/pam_echo/pam_echo.8.xml b/modules/pam_echo/pam_echo.8.xml index 4f4c2428..d2873cc1 100644 --- a/modules/pam_echo/pam_echo.8.xml +++ b/modules/pam_echo/pam_echo.8.xml @@ -96,10 +96,12 @@ - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - All services are supported. + All module types (, , + and ) are provided. + diff --git a/modules/pam_env/pam_env.8.xml b/modules/pam_env/pam_env.8.xml index ecf0355a..9e9a96a5 100644 --- a/modules/pam_env/pam_env.8.xml +++ b/modules/pam_env/pam_env.8.xml @@ -118,11 +118,11 @@ - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - The and services - are supported. + The and module + types are provided. diff --git a/modules/pam_exec/pam_exec.8.xml b/modules/pam_exec/pam_exec.8.xml index 3ee5315e..1ee25cab 100644 --- a/modules/pam_exec/pam_exec.8.xml +++ b/modules/pam_exec/pam_exec.8.xml @@ -123,11 +123,11 @@ - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - The services , , - and are supported. + All module types (, , + and ) are provided. diff --git a/modules/pam_faildelay/pam_faildelay.8.xml b/modules/pam_faildelay/pam_faildelay.8.xml index 57b3305a..57107203 100644 --- a/modules/pam_faildelay/pam_faildelay.8.xml +++ b/modules/pam_faildelay/pam_faildelay.8.xml @@ -68,10 +68,10 @@ - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - Only the service is supported. + Only the module type is provided. diff --git a/modules/pam_filter/pam_filter.8.xml b/modules/pam_filter/pam_filter.8.xml index faf97911..9a9d69b9 100644 --- a/modules/pam_filter/pam_filter.8.xml +++ b/modules/pam_filter/pam_filter.8.xml @@ -188,11 +188,11 @@ - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - The services , , - and are supported. + All module types (, , + and ) are provided. diff --git a/modules/pam_ftp/pam_ftp.8.xml b/modules/pam_ftp/pam_ftp.8.xml index f99256c0..ea985c0d 100644 --- a/modules/pam_ftp/pam_ftp.8.xml +++ b/modules/pam_ftp/pam_ftp.8.xml @@ -105,10 +105,10 @@ - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - Only the service is supported. + Only the module type is provided. diff --git a/modules/pam_group/pam_group.8.xml b/modules/pam_group/pam_group.8.xml index 114d0c51..8c0770b8 100644 --- a/modules/pam_group/pam_group.8.xml +++ b/modules/pam_group/pam_group.8.xml @@ -65,10 +65,10 @@ This module does not recognise any options. - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - Only the service is supported. + Only the module type is provided. diff --git a/modules/pam_issue/pam_issue.8.xml b/modules/pam_issue/pam_issue.8.xml index 916dd5e7..4254ea61 100644 --- a/modules/pam_issue/pam_issue.8.xml +++ b/modules/pam_issue/pam_issue.8.xml @@ -146,10 +146,10 @@ - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - Only the service is supported. + Only the module type is provided. diff --git a/modules/pam_keyinit/pam_keyinit.8.xml b/modules/pam_keyinit/pam_keyinit.8.xml index f3e64b3d..bcc50964 100644 --- a/modules/pam_keyinit/pam_keyinit.8.xml +++ b/modules/pam_keyinit/pam_keyinit.8.xml @@ -121,10 +121,10 @@ - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - Only the session service is supported. + Only the module type is provided. diff --git a/modules/pam_lastlog/pam_lastlog.8.xml b/modules/pam_lastlog/pam_lastlog.8.xml index a738402c..f066ac6a 100644 --- a/modules/pam_lastlog/pam_lastlog.8.xml +++ b/modules/pam_lastlog/pam_lastlog.8.xml @@ -140,10 +140,10 @@ - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - Only the service is supported. + Only the module type is provided. diff --git a/modules/pam_limits/pam_limits.8.xml b/modules/pam_limits/pam_limits.8.xml index 05c4d160..a4375e22 100644 --- a/modules/pam_limits/pam_limits.8.xml +++ b/modules/pam_limits/pam_limits.8.xml @@ -132,10 +132,10 @@ - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - Only the service is supported. + Only the module type is provided. diff --git a/modules/pam_listfile/pam_listfile.8.xml b/modules/pam_listfile/pam_listfile.8.xml index d33cdb1e..4c1fb1fd 100644 --- a/modules/pam_listfile/pam_listfile.8.xml +++ b/modules/pam_listfile/pam_listfile.8.xml @@ -175,11 +175,11 @@ - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - The services , , - and are supported. + All module types (, , + and ) are provided. diff --git a/modules/pam_localuser/pam_localuser.8.xml b/modules/pam_localuser/pam_localuser.8.xml index cae98ca1..861fc35a 100644 --- a/modules/pam_localuser/pam_localuser.8.xml +++ b/modules/pam_localuser/pam_localuser.8.xml @@ -80,11 +80,11 @@ - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - All services (, , - and ) are supported. + All module types (, , + and ) are provided. diff --git a/modules/pam_loginuid/pam_loginuid.8.xml b/modules/pam_loginuid/pam_loginuid.8.xml index 801c88f9..2a146b2c 100644 --- a/modules/pam_loginuid/pam_loginuid.8.xml +++ b/modules/pam_loginuid/pam_loginuid.8.xml @@ -57,10 +57,10 @@ - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - The service is supported. + Only the module type is provided. diff --git a/modules/pam_mail/pam_mail.8.xml b/modules/pam_mail/pam_mail.8.xml index 17677c73..a6dff870 100644 --- a/modules/pam_mail/pam_mail.8.xml +++ b/modules/pam_mail/pam_mail.8.xml @@ -193,12 +193,12 @@ - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - The session and - auth (on establishment and - deletion of credentials) services are supported. + The and + (on establishment and + deletion of credentials) module types are provided. diff --git a/modules/pam_mkhomedir/pam_mkhomedir.8.xml b/modules/pam_mkhomedir/pam_mkhomedir.8.xml index aeb619f0..5d66ee23 100644 --- a/modules/pam_mkhomedir/pam_mkhomedir.8.xml +++ b/modules/pam_mkhomedir/pam_mkhomedir.8.xml @@ -95,10 +95,10 @@ - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - Only the service is supported. + Only the module type is provided. diff --git a/modules/pam_motd/pam_motd.8.xml b/modules/pam_motd/pam_motd.8.xml index 69e9efd8..7b9b2437 100644 --- a/modules/pam_motd/pam_motd.8.xml +++ b/modules/pam_motd/pam_motd.8.xml @@ -55,10 +55,10 @@ - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - Only the service is supported. + Only the module type is provided. diff --git a/modules/pam_namespace/pam_namespace.8.xml b/modules/pam_namespace/pam_namespace.8.xml index bb9b3e34..81328476 100644 --- a/modules/pam_namespace/pam_namespace.8.xml +++ b/modules/pam_namespace/pam_namespace.8.xml @@ -237,11 +237,11 @@ - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - The service is supported. The module must not - be called from multithreaded processes. + Only the module type is provided. + The module must not be called from multithreaded processes. diff --git a/modules/pam_nologin/pam_nologin.8.xml b/modules/pam_nologin/pam_nologin.8.xml index c9a81792..b30b6bed 100644 --- a/modules/pam_nologin/pam_nologin.8.xml +++ b/modules/pam_nologin/pam_nologin.8.xml @@ -68,11 +68,11 @@ - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - The and services are - supported. + The and module + types are provided. diff --git a/modules/pam_permit/pam_permit.8.xml b/modules/pam_permit/pam_permit.8.xml index 6ecc34ac..6bb49658 100644 --- a/modules/pam_permit/pam_permit.8.xml +++ b/modules/pam_permit/pam_permit.8.xml @@ -47,11 +47,12 @@ This module does not recognise any options. - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - The services , , - and are supported. + The , , + and + module types are provided. diff --git a/modules/pam_rhosts/pam_rhosts.8.xml b/modules/pam_rhosts/pam_rhosts.8.xml index 194f956e..eb96371d 100644 --- a/modules/pam_rhosts/pam_rhosts.8.xml +++ b/modules/pam_rhosts/pam_rhosts.8.xml @@ -89,10 +89,10 @@ - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - Only the service is supported. + Only the module type is provided. diff --git a/modules/pam_rootok/pam_rootok.8.xml b/modules/pam_rootok/pam_rootok.8.xml index ed26d357..e2d2441f 100644 --- a/modules/pam_rootok/pam_rootok.8.xml +++ b/modules/pam_rootok/pam_rootok.8.xml @@ -54,10 +54,10 @@ - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - Only the service is supported. + Only the type is provided. diff --git a/modules/pam_securetty/pam_securetty.8.xml b/modules/pam_securetty/pam_securetty.8.xml index 0ba44413..dd57705b 100644 --- a/modules/pam_securetty/pam_securetty.8.xml +++ b/modules/pam_securetty/pam_securetty.8.xml @@ -64,10 +64,10 @@ - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - Only the service is supported. + Only the module type is provided. diff --git a/modules/pam_selinux/pam_selinux.8.xml b/modules/pam_selinux/pam_selinux.8.xml index d9ff1770..3db26d04 100644 --- a/modules/pam_selinux/pam_selinux.8.xml +++ b/modules/pam_selinux/pam_selinux.8.xml @@ -170,10 +170,10 @@ - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - Only the service is supported. + Only the module type is provided. @@ -211,7 +211,7 @@ EXAMPLES auth required pam_unix.so -session required pam_permit.so +session required pam_permit.so session optional pam_selinux.so diff --git a/modules/pam_sepermit/pam_sepermit.8.xml b/modules/pam_sepermit/pam_sepermit.8.xml index c2546b62..da4153bf 100644 --- a/modules/pam_sepermit/pam_sepermit.8.xml +++ b/modules/pam_sepermit/pam_sepermit.8.xml @@ -87,11 +87,11 @@ - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - Only the and - services are supported. + The and + module types are provided. diff --git a/modules/pam_shells/pam_shells.8.xml b/modules/pam_shells/pam_shells.8.xml index 72191da8..c197a989 100644 --- a/modules/pam_shells/pam_shells.8.xml +++ b/modules/pam_shells/pam_shells.8.xml @@ -41,11 +41,11 @@ This module does not recognise any options. - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - The services and - are supported. + The and + module types are provided. diff --git a/modules/pam_succeed_if/pam_succeed_if.8.xml b/modules/pam_succeed_if/pam_succeed_if.8.xml index e377ae86..c99f6be5 100644 --- a/modules/pam_succeed_if/pam_succeed_if.8.xml +++ b/modules/pam_succeed_if/pam_succeed_if.8.xml @@ -215,10 +215,11 @@ - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - All services are supported. + All module types (, , + and ) are provided. diff --git a/modules/pam_tally/pam_tally.8.xml b/modules/pam_tally/pam_tally.8.xml index bd86e80f..831ee1a5 100644 --- a/modules/pam_tally/pam_tally.8.xml +++ b/modules/pam_tally/pam_tally.8.xml @@ -119,7 +119,7 @@ This can be used for auth and - account services. + account module types. @@ -348,11 +348,11 @@ - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED The and - services are supported. + module types are provided. diff --git a/modules/pam_time/pam_time.8.xml b/modules/pam_time/pam_time.8.xml index 490a793c..8e7f222c 100644 --- a/modules/pam_time/pam_time.8.xml +++ b/modules/pam_time/pam_time.8.xml @@ -49,7 +49,7 @@ If Linux PAM is compiled with audit support the module will report - when it denies access. + when it denies access. @@ -83,10 +83,10 @@ - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - Only the service is supported. + Only the type is provided. diff --git a/modules/pam_tty_audit/pam_tty_audit.8.xml b/modules/pam_tty_audit/pam_tty_audit.8.xml index f6f0602f..005d2e85 100644 --- a/modules/pam_tty_audit/pam_tty_audit.8.xml +++ b/modules/pam_tty_audit/pam_tty_audit.8.xml @@ -80,10 +80,10 @@ - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - Only the session service is supported. + Only the session type is supported. diff --git a/modules/pam_umask/pam_umask.8.xml b/modules/pam_umask/pam_umask.8.xml index 43eba83b..b2858b57 100644 --- a/modules/pam_umask/pam_umask.8.xml +++ b/modules/pam_umask/pam_umask.8.xml @@ -141,10 +141,10 @@ - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - Only the service is supported. + Only the type is provided. diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml index e6a5e7fc..32565b1f 100644 --- a/modules/pam_unix/pam_unix.8.xml +++ b/modules/pam_unix/pam_unix.8.xml @@ -85,7 +85,7 @@ - The session component of this module logs when a user logins + The session component of this module logs when a user logins or leave the system. @@ -314,10 +314,11 @@ - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - All service are supported. + All module types (, , + and ) are provided. diff --git a/modules/pam_userdb/pam_userdb.8.xml b/modules/pam_userdb/pam_userdb.8.xml index ea2ebfe6..ba971526 100644 --- a/modules/pam_userdb/pam_userdb.8.xml +++ b/modules/pam_userdb/pam_userdb.8.xml @@ -189,11 +189,11 @@ - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - The services and - are supported. + The and module + types are provided. diff --git a/modules/pam_warn/pam_warn.8.xml b/modules/pam_warn/pam_warn.8.xml index 04f29283..1764ec92 100644 --- a/modules/pam_warn/pam_warn.8.xml +++ b/modules/pam_warn/pam_warn.8.xml @@ -38,11 +38,12 @@ This module does not recognise any options. - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - The services , , - and are supported. + The , , + and module + types are provided. diff --git a/modules/pam_wheel/pam_wheel.8.xml b/modules/pam_wheel/pam_wheel.8.xml index 1a344d08..c0ae68c6 100644 --- a/modules/pam_wheel/pam_wheel.8.xml +++ b/modules/pam_wheel/pam_wheel.8.xml @@ -130,11 +130,11 @@ - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED The auth and - account services are supported. + account module types are provided. diff --git a/modules/pam_xauth/pam_xauth.8.xml b/modules/pam_xauth/pam_xauth.8.xml index 78184fdb..353f1b6e 100644 --- a/modules/pam_xauth/pam_xauth.8.xml +++ b/modules/pam_xauth/pam_xauth.8.xml @@ -147,10 +147,10 @@ - - MODULE SERVICES PROVIDED + + MODULE TYPES PROVIDED - Only the session service is supported. + Only the session type is provided. diff --git a/po/Linux-PAM.pot b/po/Linux-PAM.pot index be4181a5..1d88241e 100644 --- a/po/Linux-PAM.pot +++ b/po/Linux-PAM.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2008-04-18 14:20+0200\n" +"POT-Creation-Date: 2008-08-14 17:06+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -228,17 +228,17 @@ msgstr "" msgid "BAD PASSWORD: %s" msgstr "" -#: modules/pam_exec/pam_exec.c:134 +#: modules/pam_exec/pam_exec.c:135 #, c-format msgid "%s failed: exit code %d" msgstr "" -#: modules/pam_exec/pam_exec.c:143 +#: modules/pam_exec/pam_exec.c:144 #, c-format msgid "%s failed: caught signal %d%s" msgstr "" -#: modules/pam_exec/pam_exec.c:152 +#: modules/pam_exec/pam_exec.c:153 #, c-format msgid "%s failed: unknown status 0x%x" msgstr "" @@ -321,51 +321,47 @@ msgstr "" msgid "Unable to create directory %s: %m" msgstr "" -#: modules/pam_selinux/pam_selinux.c:164 +#: modules/pam_selinux/pam_selinux.c:172 msgid "Would you like to enter a security context? [N] " msgstr "" -#: modules/pam_selinux/pam_selinux.c:181 modules/pam_selinux/pam_selinux.c:265 +#: modules/pam_selinux/pam_selinux.c:191 modules/pam_selinux/pam_selinux.c:282 msgid "role:" msgstr "" -#: modules/pam_selinux/pam_selinux.c:193 modules/pam_selinux/pam_selinux.c:282 +#: modules/pam_selinux/pam_selinux.c:204 modules/pam_selinux/pam_selinux.c:316 msgid "level:" msgstr "" -#: modules/pam_selinux/pam_selinux.c:206 modules/pam_selinux/pam_selinux.c:313 +#: modules/pam_selinux/pam_selinux.c:219 modules/pam_selinux/pam_selinux.c:349 msgid "Not a valid security context" msgstr "" -#: modules/pam_selinux/pam_selinux.c:251 +#: modules/pam_selinux/pam_selinux.c:265 #, c-format msgid "Default Security Context %s\n" msgstr "" -#: modules/pam_selinux/pam_selinux.c:255 +#: modules/pam_selinux/pam_selinux.c:269 msgid "Would you like to enter a different role or level?" msgstr "" -#: modules/pam_selinux/pam_selinux.c:269 +#: modules/pam_selinux/pam_selinux.c:285 #, c-format msgid "No default type for role %s\n" msgstr "" -#: modules/pam_selinux/pam_selinux.c:522 +#: modules/pam_selinux/pam_selinux.c:661 #, c-format msgid "Unable to get valid context for %s" msgstr "" -#: modules/pam_selinux/pam_selinux.c:578 -msgid "Requested MLS level not in permitted range" -msgstr "" - -#: modules/pam_selinux/pam_selinux.c:628 +#: modules/pam_selinux/pam_selinux.c:712 #, c-format msgid "Security Context %s Assigned" msgstr "" -#: modules/pam_selinux/pam_selinux.c:649 +#: modules/pam_selinux/pam_selinux.c:733 #, c-format msgid "Key Creation Context %s Assigned" msgstr "" @@ -402,56 +398,65 @@ msgstr "" msgid "Verification mis-typed; password unchanged" msgstr "" -#: modules/pam_tally/pam_tally.c:746 +#: modules/pam_tally/pam_tally.c:537 +#, c-format +msgid "Account temporary locked (%lds seconds left)" +msgstr "" + +#: modules/pam_tally/pam_tally.c:562 +msgid "Accounted locked due to " +msgstr "" + +#: modules/pam_tally/pam_tally.c:773 msgid "Authentication error" msgstr "" -#: modules/pam_tally/pam_tally.c:747 +#: modules/pam_tally/pam_tally.c:774 msgid "Service error" msgstr "" -#: modules/pam_tally/pam_tally.c:748 +#: modules/pam_tally/pam_tally.c:775 msgid "Unknown user" msgstr "" -#: modules/pam_tally/pam_tally.c:749 +#: modules/pam_tally/pam_tally.c:776 msgid "Unknown error" msgstr "" -#: modules/pam_tally/pam_tally.c:765 +#: modules/pam_tally/pam_tally.c:792 #, c-format msgid "%s: Bad number given to --reset=\n" msgstr "" -#: modules/pam_tally/pam_tally.c:769 +#: modules/pam_tally/pam_tally.c:796 #, c-format msgid "%s: Unrecognised option %s\n" msgstr "" -#: modules/pam_tally/pam_tally.c:781 +#: modules/pam_tally/pam_tally.c:808 #, c-format msgid "" "%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n" msgstr "" -#: modules/pam_tally/pam_tally.c:855 +#: modules/pam_tally/pam_tally.c:882 #, c-format msgid "%s: Can't reset all users to non-zero\n" msgstr "" -#: modules/pam_unix/pam_unix_acct.c:229 modules/pam_unix/pam_unix_acct.c:251 +#: modules/pam_unix/pam_unix_acct.c:228 modules/pam_unix/pam_unix_acct.c:250 msgid "Your account has expired; please contact your system administrator" msgstr "" -#: modules/pam_unix/pam_unix_acct.c:237 +#: modules/pam_unix/pam_unix_acct.c:236 msgid "You are required to change your password immediately (root enforced)" msgstr "" -#: modules/pam_unix/pam_unix_acct.c:243 +#: modules/pam_unix/pam_unix_acct.c:242 msgid "You are required to change your password immediately (password aged)" msgstr "" -#: modules/pam_unix/pam_unix_acct.c:261 modules/pam_unix/pam_unix_acct.c:268 +#: modules/pam_unix/pam_unix_acct.c:260 modules/pam_unix/pam_unix_acct.c:267 #, c-format msgid "Warning: your password will expire in %d day" msgid_plural "Warning: your password will expire in %d days" @@ -459,7 +464,7 @@ msgstr[0] "" msgstr[1] "" #. TRANSLATORS: only used if dngettext is not supported -#: modules/pam_unix/pam_unix_acct.c:273 +#: modules/pam_unix/pam_unix_acct.c:272 #, c-format msgid "Warning: your password will expire in %d days" msgstr "" -- cgit v1.2.3 From 152576cd900a64319c74b569cd606d888b9cd235 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Tue, 16 Sep 2008 14:44:02 +0000 Subject: Relevant BUGIDs: Purpose of commit: bugfix Commit summary: --------------- 2008-09-16 Thorsten Kukuk * modules/pam_unix/pam_unix.8.xml: Fix typo. --- ChangeLog | 4 ++++ modules/pam_unix/pam_unix.8.xml | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) (limited to 'modules/pam_unix') diff --git a/ChangeLog b/ChangeLog index 1c22a2aa..28959791 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2008-09-16 Thorsten Kukuk + + * modules/pam_unix/pam_unix.8.xml: Fix typo. + 2008-09-03 Thorsten Kukuk * modules/pam_exec/pam_exec.c: Expose authtok if requested, diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml index 32565b1f..e08edfcc 100644 --- a/modules/pam_unix/pam_unix.8.xml +++ b/modules/pam_unix/pam_unix.8.xml @@ -187,7 +187,7 @@ password to the one provided by a previously stacked module (this is used in the example of the stacking of the pam_cracklib - module documented above). + module documented below). -- cgit v1.2.3 From b66f2f941f5dd41710b0e3f3251d5d664602911f Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Mon, 24 Nov 2008 14:06:15 +0000 Subject: Relevant BUGIDs: Purpose of commit: bugfix Commit summary: --------------- 2008-11-24 Tomas Mraz * modules/pam_cracklib/pam_cracklib.c(pam_sm_chauthtok): Fix leaks in error path. * modules/pam_env/pam_env.c(_parse_env_file): Remove superfluous condition. * modules/pam_group/pam_group.c(check_account): Fix leak in error path. * modules/pam_listfile/pam_listfile.c(pam_sm_authenticate): Fix leak in error path. * modules/pam_securetty/pam_securetty.c(securetty_perform_check): Remove superfluous condition. * modules/pam_stress/pam_stress.c(stress_get_password,pam_sm_authenticate): Remove superfluous conditions. (pam_sm_chauthtok): Fix mistaken && for &. * modules/pam_unix/pam_unix_auth.c(pam_sm_authenticate): Remove superfluous condition. All the problems fixed in this commit were found by Steve Grubb. --- ChangeLog | 28 ++++++++++++++++++++++++++++ modules/pam_cracklib/pam_cracklib.c | 2 ++ modules/pam_env/pam_env.c | 2 +- modules/pam_group/pam_group.c | 2 +- modules/pam_listfile/pam_listfile.c | 1 + modules/pam_securetty/pam_securetty.c | 2 +- modules/pam_stress/pam_stress.c | 7 +++---- modules/pam_unix/pam_unix_auth.c | 2 +- 8 files changed, 38 insertions(+), 8 deletions(-) (limited to 'modules/pam_unix') diff --git a/ChangeLog b/ChangeLog index f8757df7..f86b86d5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,31 @@ +2008-11-24 Tomas Mraz + + * libpam/pam_handlers.c (_pam_parse_conf_file): '-' at + beginning of type token marks silent module. + (_pam_load_module): Add handler_type parameter. Do not log + module load error if module is silent. + (_pam_add_handler): Pass handler_type to _pam_load_module(). + * libpam/pam_private.h: Add PAM_HT_SILENT_MODULE. + * doc/man/pam.conf-syntax.xml: Document the '-' at beginning + of type. + + * modules/pam_cracklib/pam_cracklib.c(pam_sm_chauthtok): Fix leaks + in error path. + * modules/pam_env/pam_env.c(_parse_env_file): Remove superfluous + condition. + * modules/pam_group/pam_group.c(check_account): Fix leak + in error path. + * modules/pam_listfile/pam_listfile.c(pam_sm_authenticate): Fix leak + in error path. + * modules/pam_securetty/pam_securetty.c(securetty_perform_check): Remove + superfluous condition. + * modules/pam_stress/pam_stress.c(stress_get_password,pam_sm_authenticate): + Remove superfluous conditions. + (pam_sm_chauthtok): Fix mistaken && for &. + * modules/pam_unix/pam_unix_auth.c(pam_sm_authenticate): Remove + superfluous condition. + All the problems fixed in this commit were found by Steve Grubb. + 2008-11-20 Tomas Mraz * modules/pam_sepermit/pam_sepermit.c (sepermit_match): Do not diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c index 2c4cd4a0..b94f8596 100644 --- a/modules/pam_cracklib/pam_cracklib.c +++ b/modules/pam_cracklib/pam_cracklib.c @@ -692,6 +692,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, } if (retval != PAM_SUCCESS) { + token1 = _pam_delete(token1); if (ctrl & PAM_DEBUG_ARG) pam_syslog(pamh,LOG_DEBUG,"unable to obtain a password"); continue; @@ -756,6 +757,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, if (retval != PAM_SUCCESS) { if (ctrl & PAM_DEBUG_ARG) pam_syslog(pamh,LOG_DEBUG,"unable to obtain retyped password"); + token1 = _pam_delete(token1); continue; } diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c index 80a20cd6..a8cd2c8f 100644 --- a/modules/pam_env/pam_env.c +++ b/modules/pam_env/pam_env.c @@ -211,7 +211,7 @@ _parse_env_file(pam_handle_t *pamh, int ctrl, const char *env_file) key += strspn(key, " \n\t"); /* skip blanks lines and comments */ - if (!key || key[0] == '#') + if (key[0] == '#') continue; /* skip over "export " if present so we can be compat with diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c index 4a54da14..bddcf1cb 100644 --- a/modules/pam_group/pam_group.c +++ b/modules/pam_group/pam_group.c @@ -603,7 +603,7 @@ static int check_account(pam_handle_t *pamh, const char *service, if (getgroups(no_grps, grps) < 0) { D(("getgroups call failed")); no_grps = 0; - grps = NULL; + _pam_drop(grps); } #ifdef DEBUG { diff --git a/modules/pam_listfile/pam_listfile.c b/modules/pam_listfile/pam_listfile.c index f276e5b8..dbd92058 100644 --- a/modules/pam_listfile/pam_listfile.c +++ b/modules/pam_listfile/pam_listfile.c @@ -239,6 +239,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, retval = pam_get_item(pamh,citem,&void_citemp); citemp = void_citemp; if(retval != PAM_SUCCESS) { + free(ifname); return onerr; } if((citem == PAM_USER) && !citemp) { diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c index 9dbe9bc4..ec796d9e 100644 --- a/modules/pam_securetty/pam_securetty.c +++ b/modules/pam_securetty/pam_securetty.c @@ -152,7 +152,7 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl, retval = PAM_AUTH_ERR; } else { - if ((retval == PAM_SUCCESS) && (ctrl & PAM_DEBUG_ARG)) { + if (ctrl & PAM_DEBUG_ARG) { pam_syslog(pamh, LOG_DEBUG, "access allowed for '%s' on '%s'", username, uttyname); } diff --git a/modules/pam_stress/pam_stress.c b/modules/pam_stress/pam_stress.c index c254868f..01587fea 100644 --- a/modules/pam_stress/pam_stress.c +++ b/modules/pam_stress/pam_stress.c @@ -197,8 +197,7 @@ static int stress_get_password(pam_handle_t *pamh, int flags } return PAM_CONV_ERR; } - if (resp) - free(resp); + free(resp); } *password = pass; /* this *MUST* be free()'d by this module */ @@ -238,7 +237,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, retval = PAM_USER_UNKNOWN; /* username was null */ return retval; } - else if ((ctrl & PAM_ST_DEBUG) && (retval == PAM_SUCCESS)) { + else if (ctrl & PAM_ST_DEBUG) { pam_syslog(pamh, LOG_DEBUG, "pam_sm_authenticate: username = %s", username); } @@ -426,7 +425,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, if (ctrl & PAM_ST_FAIL_1) return PAM_AUTHTOK_LOCK_BUSY; - if ( !(ctrl && PAM_ST_EXPIRED) + if ( !(ctrl & PAM_ST_EXPIRED) && (flags & PAM_CHANGE_EXPIRED_AUTHTOK) && (pam_get_data(pamh,"stress_new_pwd", &text) != PAM_SUCCESS || strcmp(text,"yes"))) { diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c index dfedd608..05b5ec6c 100644 --- a/modules/pam_unix/pam_unix_auth.c +++ b/modules/pam_unix/pam_unix_auth.c @@ -132,7 +132,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags retval = PAM_USER_UNKNOWN; AUTH_RETURN; } - if (retval == PAM_SUCCESS && on(UNIX_DEBUG, ctrl)) + if (on(UNIX_DEBUG, ctrl)) D(("username [%s] obtained", name)); } else { D(("trouble reading username")); -- cgit v1.2.3 From 51a9be048c75f86e2d2493a47b1f6fd25f5e549d Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Fri, 28 Nov 2008 12:48:43 +0000 Subject: Relevant BUGIDs: Purpose of commit: bugfix Commit summary: --------------- 2008-11-28 Tomas Mraz * modules/pam_unix/unix_update.c (set_password): Allow root to change passwords without verification of the old ones. --- ChangeLog | 19 ++++++++++++------- modules/pam_unix/unix_update.c | 13 ++++++++----- 2 files changed, 20 insertions(+), 12 deletions(-) (limited to 'modules/pam_unix') diff --git a/ChangeLog b/ChangeLog index 7bffdbcf..dc4ef37f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2008-11-28 Tomas Mraz + + * modules/pam_unix/unix_update.c (set_password): Allow root to change + passwords without verification of the old ones. + 2008-11-25 Thorsten Kukuk * modules/pam_pwhistory/opasswd.c (save_old_password): Fix typo. @@ -24,20 +29,20 @@ * doc/man/pam.conf-syntax.xml: Document the '-' at beginning of type. - * modules/pam_cracklib/pam_cracklib.c(pam_sm_chauthtok): Fix leaks + * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Fix leaks in error path. - * modules/pam_env/pam_env.c(_parse_env_file): Remove superfluous + * modules/pam_env/pam_env.c (_parse_env_file): Remove superfluous condition. - * modules/pam_group/pam_group.c(check_account): Fix leak + * modules/pam_group/pam_group.c (check_account): Fix leak in error path. - * modules/pam_listfile/pam_listfile.c(pam_sm_authenticate): Fix leak + * modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): Fix leak in error path. - * modules/pam_securetty/pam_securetty.c(securetty_perform_check): Remove + * modules/pam_securetty/pam_securetty.c (securetty_perform_check): Remove superfluous condition. - * modules/pam_stress/pam_stress.c(stress_get_password,pam_sm_authenticate): + * modules/pam_stress/pam_stress.c (stress_get_password,pam_sm_authenticate): Remove superfluous conditions. (pam_sm_chauthtok): Fix mistaken && for &. - * modules/pam_unix/pam_unix_auth.c(pam_sm_authenticate): Remove + * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Remove superfluous condition. All the problems fixed in this commit were found by Steve Grubb. diff --git a/modules/pam_unix/unix_update.c b/modules/pam_unix/unix_update.c index f54a59ce..702912d0 100644 --- a/modules/pam_unix/unix_update.c +++ b/modules/pam_unix/unix_update.c @@ -71,11 +71,14 @@ set_password(const char *forwho, const char *shadow, const char *remember) goto done; } - /* does pass agree with the official one? - we always allow change from null pass */ - retval = helper_verify_password(forwho, pass, 1); - if (retval != PAM_SUCCESS) { - goto done; + /* If real caller uid is not root we must verify that + received old pass agrees with the current one. + We always allow change from null pass. */ + if (getuid()) { + retval = helper_verify_password(forwho, pass, 1); + if (retval != PAM_SUCCESS) { + goto done; + } } /* first, save old password */ -- cgit v1.2.3 From ca0f93a7e6a1b3e0d2d94b658d84e9b34b17577b Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Sun, 30 Nov 2008 17:13:58 +0000 Subject: Relevant BUGIDs: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Purpose of commit: bugfix Commit summary: --------------- 2008-11-29 Thorsten Kukuk * configure.in: Check for xcrypt.h, fix typo in libaudit check. * modules/pam_cracklib/pam_cracklib.c: Include xcrypt.h if available. * modules/pam_unix/bigcrypt.c: Likewise. * modules/pam_unix/passverify.c: Likewise. * modules/pam_userdb/pam_userdb.c: Likewise. Patch from Diego Flameeyes Pettenò --- ChangeLog | 8 ++++++++ configure.in | 8 +++++--- modules/pam_cracklib/pam_cracklib.c | 4 +++- modules/pam_unix/bigcrypt.c | 4 +++- modules/pam_unix/passverify.c | 4 +++- modules/pam_userdb/pam_userdb.c | 4 +++- 6 files changed, 25 insertions(+), 7 deletions(-) (limited to 'modules/pam_unix') diff --git a/ChangeLog b/ChangeLog index 43329736..3c055f91 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,13 @@ 2008-11-29 Thorsten Kukuk + * configure.in: Check for xcrypt.h, fix typo in libaudit check. + * modules/pam_cracklib/pam_cracklib.c: Include xcrypt.h if + available. + * modules/pam_unix/bigcrypt.c: Likewise. + * modules/pam_unix/passverify.c: Likewise. + * modules/pam_userdb/pam_userdb.c: Likewise. + Patch from Diego Flameeyes Pettenò + * doc/man/pam_getenv.3.xml: Document that application should not free return value. diff --git a/configure.in b/configure.in index b220a9a2..e16bd44f 100644 --- a/configure.in +++ b/configure.in @@ -347,7 +347,7 @@ if test x"$WITH_LIBAUDIT" != xno ; then [HAVE_AUDIT_TTY_STATUS=""], [#include ])] ) - if test ! -z "$LIBAUDIT" -a "ac_cv_header_libaudit_h" != "no" ; then + if test ! -z "$LIBAUDIT" -a "$ac_cv_header_libaudit_h" != "no" ; then AC_DEFINE([HAVE_LIBAUDIT], 1, [Define to 1 if audit support should be compiled in.]) fi if test ! -z "$HAVE_AUDIT_TTY_STATUS" ; then @@ -360,11 +360,15 @@ AC_SUBST(LIBAUDIT) AM_CONDITIONAL([HAVE_AUDIT_TTY_STATUS], [test "x$HAVE_AUDIT_TTY_STATUS" = xyes]) +AC_CHECK_HEADERS(xcrypt.h crypt.h) BACKUP_LIBS=$LIBS AC_SEARCH_LIBS([crypt],[xcrypt crypt], LIBCRYPT="-l$ac_lib", LIBCRYPT="") AC_CHECK_FUNCS(crypt_r) LIBS=$BACKUP_LIBS AC_SUBST(LIBCRYPT) +if test "$LIBCRYPT" = "-lxcrypt" -a "$ac_cv_header_xcrypt_h" = "yes" ; then + AC_DEFINE([HAVE_LIBXCRYPT], 1, [Define to 1 if xcrypt support should be compiled in.]) +fi AC_ARG_WITH([randomdev], AS_HELP_STRING([--with-randomdev=(|yes|no)],[use specified random device instead of /dev/urandom or 'no' to disable]), opt_randomdev=$withval) if test "$opt_randomdev" = yes -o -z "$opt_randomdev"; then @@ -433,8 +437,6 @@ AC_HEADER_STDC AC_HEADER_SYS_WAIT AC_CHECK_HEADERS(fcntl.h limits.h malloc.h sys/file.h sys/ioctl.h sys/time.h syslog.h net/if.h termio.h unistd.h sys/fsuid.h inittypes.h) -AC_CHECK_HEADERS(crypt.h) - dnl For module/pam_lastlog AC_CHECK_HEADERS(lastlog.h utmp.h utmpx.h) diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c index b94f8596..4b2052fc 100644 --- a/modules/pam_cracklib/pam_cracklib.c +++ b/modules/pam_cracklib/pam_cracklib.c @@ -37,7 +37,9 @@ #include "config.h" #include -#ifdef HAVE_CRYPT_H +#ifdef HAVE_LIBXCRYPT +# include +#elif defined(HAVE_CRYPT_H) # include #endif #include diff --git a/modules/pam_unix/bigcrypt.c b/modules/pam_unix/bigcrypt.c index 9cd55384..9922d177 100644 --- a/modules/pam_unix/bigcrypt.c +++ b/modules/pam_unix/bigcrypt.c @@ -29,7 +29,9 @@ #include #include #include -#ifdef HAVE_CRYPT_H +#ifdef HAVE_LIBXCRYPT +#include +#elif defined(HAVE_CRYPT_H) #include #endif diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 0f58b019..eae1e24c 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -19,7 +19,9 @@ #include #include #include -#ifdef HAVE_CRYPT_H +#ifdef HAVE_LIBXCRYPT +#include +#elif defined(HAVE_CRYPT_H) #include #endif diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c index a796b15e..2d39123b 100644 --- a/modules/pam_userdb/pam_userdb.c +++ b/modules/pam_userdb/pam_userdb.c @@ -17,7 +17,9 @@ #include #include #include -#ifdef HAVE_CRYPT_H +#ifdef HAVE_LIBXCRYPT +#include +#elif defined(HAVE_CRYPT_H) #include #endif -- cgit v1.2.3 From 090693e116fc6ea0dfb649e11a01af08e19b33d9 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Mon, 1 Dec 2008 12:40:40 +0000 Subject: Relevant BUGIDs: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Purpose of commit: new feature Commit summary: --------------- 2008-12-01 Thorsten Kukuk * modules/pam_unix/pam_unix.8.xml: Document blowfish option. * configure.in: Check for crypt_gensalt_rn. * modules/pam_unix/pam_unix_passwd.c: Pass pamh to create_password_hash function. * modules/pam_unix/passverify.c (create_password_hash): Add blowfish support. * modules/pam_unix/passverify.h: Adjust create_password_hash prototype. * modules/pam_unix/support.c: Add support for blowfish option. * modules/pam_unix/support.h: Add defines for blowfish option. Patch from Diego Flameeyes Pettenò --- ChangeLog | 15 ++++++ NEWS | 1 + configure.in | 2 +- modules/pam_unix/pam_unix.8.xml | 28 ++++++++-- modules/pam_unix/pam_unix_passwd.c | 2 +- modules/pam_unix/passverify.c | 107 +++++++++++++++---------------------- modules/pam_unix/passverify.h | 51 +++++++----------- modules/pam_unix/support.c | 32 +++++++---- modules/pam_unix/support.h | 4 +- 9 files changed, 130 insertions(+), 112 deletions(-) (limited to 'modules/pam_unix') diff --git a/ChangeLog b/ChangeLog index 5f452a1b..fb585bcd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,18 @@ +2008-12-01 Thorsten Kukuk + + * modules/pam_unix/pam_unix.8.xml: Document blowfish option. + + * configure.in: Check for crypt_gensalt_rn. + * modules/pam_unix/pam_unix_passwd.c: Pass pamh to + create_password_hash function. + * modules/pam_unix/passverify.c (create_password_hash): Add + blowfish support. + * modules/pam_unix/passverify.h: Adjust create_password_hash + prototype. + * modules/pam_unix/support.c: Add support for blowfish option. + * modules/pam_unix/support.h: Add defines for blowfish option. + Patch from Diego Flameeyes Pettenò + 2008-12-01 Tomas Mraz * modules/pam_access/pam_access.8.xml: Fix description of nodefgroup diff --git a/NEWS b/NEWS index e3f5623c..a480eeb1 100644 --- a/NEWS +++ b/NEWS @@ -20,6 +20,7 @@ Release 1.0.90 * Make libpam not log missing module if its type is prepended with '-' * New pam_timestamp module for authentication based on recent successful login. +* Add blowfish support to pam_unix. Release 1.0.2 diff --git a/configure.in b/configure.in index e16bd44f..ff14401c 100644 --- a/configure.in +++ b/configure.in @@ -363,7 +363,7 @@ AM_CONDITIONAL([HAVE_AUDIT_TTY_STATUS], AC_CHECK_HEADERS(xcrypt.h crypt.h) BACKUP_LIBS=$LIBS AC_SEARCH_LIBS([crypt],[xcrypt crypt], LIBCRYPT="-l$ac_lib", LIBCRYPT="") -AC_CHECK_FUNCS(crypt_r) +AC_CHECK_FUNCS(crypt_r crypt_gensalt_rn) LIBS=$BACKUP_LIBS AC_SUBST(LIBCRYPT) if test "$LIBCRYPT" = "-lxcrypt" -a "$ac_cv_header_xcrypt_h" = "yes" ; then diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml index e08edfcc..cc3affd9 100644 --- a/modules/pam_unix/pam_unix.8.xml +++ b/modules/pam_unix/pam_unix.8.xml @@ -266,7 +266,9 @@ When a user changes their password next, encrypt it with the SHA256 algorithm. If the - SHA256 algorithm is not known to the libcrypt, + SHA256 algorithm is not known to the + crypt3 + function, fall back to MD5. @@ -279,7 +281,24 @@ When a user changes their password next, encrypt it with the SHA512 algorithm. If the - SHA512 algorithm is not known to the libcrypt, + SHA512 algorithm is not known to the + crypt3 + function, + fall back to MD5. + + + + + + + + + + When a user changes their password next, + encrypt it with the blowfish algorithm. If the + SHA512 algorithm is not known to the + crypt3 + function, fall back to MD5. @@ -290,8 +309,9 @@ - Set the optional number of rounds of the SHA256 and SHA512 - password hashing algorithms to n. + Set the optional number of rounds of the SHA256, SHA512 + and blowfish password hashing algorithms to + n. diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 240caddb..b8da9913 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -749,7 +749,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, * First we encrypt the new password. */ - tpass = create_password_hash(pass_new, ctrl, rounds); + tpass = create_password_hash(pamh, pass_new, ctrl, rounds); if (tpass == NULL) { pam_syslog(pamh, LOG_CRIT, "out of memory for password"); diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index eae1e24c..281716e0 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -151,15 +151,8 @@ is_pwd_shadowed(const struct passwd *pwd) return 0; } -#ifdef HELPER_COMPILE -int -get_account_info(const char *name, - struct passwd **pwd, struct spwd **spwdent) -#else -int -get_account_info(pam_handle_t *pamh, const char *name, - struct passwd **pwd, struct spwd **spwdent) -#endif +PAMH_ARG_DECL(int get_account_info, + const char *name, struct passwd **pwd, struct spwd **spwdent) { /* UNIX passwords area */ *pwd = pam_modutil_getpwnam(pamh, name); /* Get password file entry... */ @@ -219,24 +212,13 @@ get_account_info(pam_handle_t *pamh, const char *name, return PAM_SUCCESS; } -#ifdef HELPER_COMPILE -int -get_pwd_hash(const char *name, - struct passwd **pwd, char **hash) -#else -int -get_pwd_hash(pam_handle_t *pamh, const char *name, - struct passwd **pwd, char **hash) -#endif +PAMH_ARG_DECL(int get_pwd_hash, + const char *name, struct passwd **pwd, char **hash) { int retval; struct spwd *spwdent = NULL; -#ifdef HELPER_COMPILE - retval = get_account_info(name, pwd, &spwdent); -#else - retval = get_account_info(pamh, name, pwd, &spwdent); -#endif + retval = get_account_info(PAMH_ARG(name, pwd, &spwdent)); if (retval != PAM_SUCCESS) { return retval; } @@ -251,13 +233,8 @@ get_pwd_hash(pam_handle_t *pamh, const char *name, return PAM_SUCCESS; } -#ifdef HELPER_COMPILE -int -check_shadow_expiry(struct spwd *spent, int *daysleft) -#else -int -check_shadow_expiry(pam_handle_t *pamh, struct spwd *spent, int *daysleft) -#endif +PAMH_ARG_DECL(int check_shadow_expiry, + struct spwd *spent, int *daysleft) { long int curdays; *daysleft = -1; @@ -386,17 +363,19 @@ crypt_md5_wrapper(const char *pass_new) return cp; } -char * -create_password_hash(const char *password, unsigned int ctrl, int rounds) +PAMH_ARG_DECL(char * create_password_hash, + const char *password, unsigned int ctrl, int rounds) { const char *algoid; char salt[64]; /* contains rounds number + max 16 bytes of salt + algo id */ char *sp; if (on(UNIX_MD5_PASS, ctrl)) { + /* algoid = "$1" */ return crypt_md5_wrapper(password); - } - if (on(UNIX_SHA256_PASS, ctrl)) { + } else if (on(UNIX_BLOWFISH_PASS, ctrl)) { + algoid = "$2a$"; + } else if (on(UNIX_SHA256_PASS, ctrl)) { algoid = "$5$"; } else if (on(UNIX_SHA512_PASS, ctrl)) { algoid = "$6$"; @@ -416,17 +395,35 @@ create_password_hash(const char *password, unsigned int ctrl, int rounds) return crypted; } - sp = stpcpy(salt, algoid); - if (on(UNIX_ALGO_ROUNDS, ctrl)) { - sp += snprintf(sp, sizeof(salt) - 3, "rounds=%u$", rounds); +#ifdef HAVE_CRYPT_GENSALT_RN + if (on(UNIX_BLOWFISH_PASS, ctrl)) { + char entropy[17]; + crypt_make_salt(entropy, sizeof(entropy) - 1); + sp = crypt_gensalt_rn(algoid, rounds, + entropy, sizeof(entropy), + salt, sizeof(salt)); + } else { +#endif + sp = stpcpy(salt, algoid); + if (on(UNIX_ALGO_ROUNDS, ctrl)) { + sp += snprintf(sp, sizeof(salt) - 3, "rounds=%u$", rounds); + } + crypt_make_salt(sp, 8); + /* For now be conservative so the resulting hashes + * are not too long. 8 bytes of salt prevents dictionary + * attacks well enough. */ +#ifdef HAVE_CRYPT_GENSALT_RN } - crypt_make_salt(sp, 8); - /* For now be conservative so the resulting hashes - * are not too long. 8 bytes of salt prevents dictionary - * attacks well enough. */ +#endif sp = crypt(password, salt); if (strncmp(algoid, sp, strlen(algoid)) != 0) { - /* libc doesn't know the algorithm, use MD5 */ + /* libxcrypt/libc doesn't know the algorithm, use MD5 */ + pam_syslog(pamh, LOG_ERR, + "Algo %s not supported by the crypto backend, " + "falling back to MD5\n", + on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" : + on(UNIX_SHA256_PASS, ctrl) ? "sha256" : + on(UNIX_SHA512_PASS, ctrl) ? "sha512" : algoid); memset(sp, '\0', strlen(sp)); return crypt_md5_wrapper(password); } @@ -703,13 +700,8 @@ done: } } -#ifdef HELPER_COMPILE -int -unix_update_passwd(const char *forwho, const char *towhat) -#else -int -unix_update_passwd(pam_handle_t *pamh, const char *forwho, const char *towhat) -#endif +PAMH_ARG_DECL(int unix_update_passwd, + const char *forwho, const char *towhat) { struct passwd *tmpent = NULL; struct stat st; @@ -803,11 +795,7 @@ unix_update_passwd(pam_handle_t *pamh, const char *forwho, const char *towhat) done: if (!err) { if (!rename(PW_TMPFILE, "/etc/passwd")) -#ifdef HELPER_COMPILE - helper_log_err( -#else pam_syslog(pamh, -#endif LOG_NOTICE, "password changed for %s", forwho); else err = 1; @@ -830,13 +818,8 @@ done: } } -#ifdef HELPER_COMPILE -int -unix_update_shadow(const char *forwho, char *towhat) -#else -int -unix_update_shadow(pam_handle_t *pamh, const char *forwho, char *towhat) -#endif +PAMH_ARG_DECL(int unix_update_shadow, + const char *forwho, char *towhat) { struct spwd *spwdent = NULL, *stmpent = NULL; struct stat st; @@ -933,11 +916,7 @@ unix_update_shadow(pam_handle_t *pamh, const char *forwho, char *towhat) done: if (!err) { if (!rename(SH_TMPFILE, "/etc/shadow")) -#ifdef HELPER_COMPILE - helper_log_err( -#else pam_syslog(pamh, -#endif LOG_NOTICE, "password changed for %s", forwho); else err = 1; diff --git a/modules/pam_unix/passverify.h b/modules/pam_unix/passverify.h index 21bb9232..3de67593 100644 --- a/modules/pam_unix/passverify.h +++ b/modules/pam_unix/passverify.h @@ -21,9 +21,6 @@ is_pwd_shadowed(const struct passwd *pwd); char * crypt_md5_wrapper(const char *pass_new); -char * -create_password_hash(const char *password, unsigned int ctrl, int rounds); - int unix_selinux_confined(void); @@ -58,41 +55,33 @@ getuidname(uid_t uid); int read_passwords(int fd, int npass, char **passwords); +#endif -int -get_account_info(const char *name, - struct passwd **pwd, struct spwd **spwdent); - -int -get_pwd_hash(const char *name, - struct passwd **pwd, char **hash); - -int -check_shadow_expiry(struct spwd *spent, int *daysleft); +#ifdef HELPER_COMPILE +#define PAMH_ARG_DECL(fname, ...) fname(__VA_ARGS__) +#define PAMH_ARG(...) __VA_ARGS__ +#else +#define PAMH_ARG_DECL(fname, ...) fname(pam_handle_t *pamh, __VA_ARGS__) +#define PAMH_ARG(...) pamh, __VA_ARGS__ +#endif -int -unix_update_passwd(const char *forwho, const char *towhat); +PAMH_ARG_DECL(char * create_password_hash, + const char *password, unsigned int ctrl, int rounds); -int -unix_update_shadow(const char *forwho, char *towhat); -#else -int -get_account_info(pam_handle_t *pamh, const char *name, - struct passwd **pwd, struct spwd **spwdent); +PAMH_ARG_DECL(int get_account_info, + const char *name, struct passwd **pwd, struct spwd **spwdent); -int -get_pwd_hash(pam_handle_t *pamh, const char *name, - struct passwd **pwd, char **hash); +PAMH_ARG_DECL(int get_pwd_hash, + const char *name, struct passwd **pwd, char **hash); -int -check_shadow_expiry(pam_handle_t *pamh, struct spwd *spent, int *daysleft); +PAMH_ARG_DECL(int check_shadow_expiry, + struct spwd *spent, int *daysleft); -int -unix_update_passwd(pam_handle_t *pamh, const char *forwho, const char *towhat); +PAMH_ARG_DECL(int unix_update_passwd, + const char *forwho, const char *towhat); -int -unix_update_shadow(pam_handle_t *pamh, const char *forwho, char *towhat); -#endif +PAMH_ARG_DECL(int unix_update_shadow, + const char *forwho, char *towhat); /* ****************************************************************** * * Copyright (c) Red Hat, Inc. 2007. diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index db630f51..faec20dc 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -109,16 +109,8 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, *remember = 400; } } - if (rounds != NULL) { - if (j == UNIX_ALGO_ROUNDS) { - *rounds = strtol(*argv + 7, NULL, 10); - if ((*rounds < 1000) || (*rounds == INT_MAX)) - /* don't care about bogus values */ - unset(UNIX_ALGO_ROUNDS, ctrl); - if (*rounds >= 10000000) - *rounds = 9999999; - } - } + if (rounds != NULL && j == UNIX_ALGO_ROUNDS) + *rounds = strtol(*argv + 7, NULL, 10); } ++argv; /* step to next argument */ @@ -128,6 +120,26 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, D(("DISALLOW_NULL_AUTHTOK")); set(UNIX__NONULL, ctrl); } + + /* Set default rounds for blowfish */ + if (on(UNIX_BLOWFISH_PASS, ctrl) && off(UNIX_ALGO_ROUNDS, ctrl)) { + *rounds = 5; + set(UNIX_ALGO_ROUNDS, ctrl); + } + + /* Enforce sane "rounds" values */ + if (on(UNIX_ALGO_ROUNDS, ctrl)) { + if (on(UNIX_BLOWFISH_PASS, ctrl)) { + if (*rounds < 4 || *rounds > 31) + *rounds = 5; + } else if (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl)) { + if ((*rounds < 1000) || (*rounds == INT_MAX)) + /* don't care about bogus values */ + unset(UNIX_ALGO_ROUNDS, ctrl); + if (*rounds >= 10000000) + *rounds = 9999999; + } + } /* auditing is a more sensitive version of debug */ diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h index a33dadaa..86575ff0 100644 --- a/modules/pam_unix/support.h +++ b/modules/pam_unix/support.h @@ -88,8 +88,9 @@ typedef struct { #define UNIX_SHA512_PASS 24 /* new password hashes will use SHA512 */ #define UNIX_ALGO_ROUNDS 25 /* optional number of rounds for new password hash algorithms */ +#define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */ /* -------------- */ -#define UNIX_CTRLS_ 26 /* number of ctrl arguments defined */ +#define UNIX_CTRLS_ 27 /* number of ctrl arguments defined */ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = { @@ -122,6 +123,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = /* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(040420000), 020000000}, /* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(020420000), 040000000}, /* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000}, +/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(060420000),0200000000}, }; #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) -- cgit v1.2.3 From 703c640d3722f93b4e7fe14688efc15c9fb92e5f Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Mon, 1 Dec 2008 15:10:22 +0000 Subject: Relevant BUGIDs: Purpose of commit: bugfix Commit summary: --------------- 2008-12-01 Tomas Mraz * modules/pam_unix/support.h: Fix masks for cipher algorithm flags. --- ChangeLog | 5 +++++ modules/pam_unix/support.h | 10 +++++----- 2 files changed, 10 insertions(+), 5 deletions(-) (limited to 'modules/pam_unix') diff --git a/ChangeLog b/ChangeLog index 59b7d7af..e0ba6a23 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2008-12-01 Tomas Mraz + + * modules/pam_unix/support.h: Fix masks for cipher algorithm + flags. + 2008-12-01 Thorsten Kukuk * modules/pam_unix/pam_unix.8.xml: Document blowfish option. diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h index 86575ff0..dfee2dae 100644 --- a/modules/pam_unix/support.h +++ b/modules/pam_unix/support.h @@ -110,20 +110,20 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = /* UNIX__QUIET */ {NULL, _ALL_ON_, 02000}, /* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 04000}, /* UNIX_SHADOW */ {"shadow", _ALL_ON_, 010000}, -/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(0400000), 020000}, +/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(0260420000), 020000}, /* UNIX__NULLOK */ {"nullok", _ALL_ON_^(01000), 0}, /* UNIX_DEBUG */ {"debug", _ALL_ON_, 040000}, /* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0100000}, /* UNIX_NIS */ {"nis", _ALL_ON_, 0200000}, -/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(020000), 0400000}, +/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(0260420000), 0400000}, /* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 01000000}, /* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 02000000}, /* UNIX_NOREAP */ {"noreap", _ALL_ON_, 04000000}, /* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 010000000}, -/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(040420000), 020000000}, -/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(020420000), 040000000}, +/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(0260420000), 020000000}, +/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(0260420000), 040000000}, /* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000}, -/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(060420000),0200000000}, +/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0260420000), 0200000000}, }; #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) -- cgit v1.2.3 From 5891c5508e3b9ba699a6a6ba3dae9221a45528e5 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 26 Feb 2009 18:56:12 +0000 Subject: Relevant BUGIDs: debian#514437 rhbz#487216 Purpose of commit: bugfix Commit summary: --------------- 2009-02-26 Tomas Mraz * xtests/Makefile.am: Add tst-pam_unix4. * xtests/tst-pam_unix4.c: New test for password change and shadow min days limit. * xtests/tst-pam_unix4.pamd: Likewise. * xtests/tst-pam_unix4.sh: Likewise. * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Ignore PAM_AUTHTOK_ERR on shadow verification. * modules/pam_unix/passverify.c (check_shadow_expiry): Return PAM_AUTHTOK_ERR if sp_min limit for password change is defied. --- ChangeLog | 13 ++++ NEWS | 1 + modules/pam_unix/pam_unix_acct.c | 3 + modules/pam_unix/passverify.c | 10 ++- xtests/.cvsignore | 1 + xtests/Makefile.am | 2 +- xtests/tst-pam_unix4.c | 154 +++++++++++++++++++++++++++++++++++++++ xtests/tst-pam_unix4.pamd | 6 ++ xtests/tst-pam_unix4.sh | 14 ++++ 9 files changed, 202 insertions(+), 2 deletions(-) create mode 100644 xtests/tst-pam_unix4.c create mode 100644 xtests/tst-pam_unix4.pamd create mode 100755 xtests/tst-pam_unix4.sh (limited to 'modules/pam_unix') diff --git a/ChangeLog b/ChangeLog index 7b50d82b..513a0d45 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,16 @@ +2009-02-26 Tomas Mraz + + * xtests/Makefile.am: Add tst-pam_unix4. + * xtests/tst-pam_unix4.c: New test for password change + and shadow min days limit. + * xtests/tst-pam_unix4.pamd: Likewise. + * xtests/tst-pam_unix4.sh: Likewise. + + * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Ignore + PAM_AUTHTOK_ERR on shadow verification. + * modules/pam_unix/passverify.c (check_shadow_expiry): Return + PAM_AUTHTOK_ERR if sp_min limit for password change is defied. + 2009-02-26 Timur Birsh * po/LINGUAS: New Kazakh translation. diff --git a/NEWS b/NEWS index d41c0556..96724b1b 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,6 @@ Linux-PAM NEWS -- history of user-visible changes. +* Fixed CVE-2009-0579 (minimum days limit on password change is ignored). Release 1.0.90 diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index 3a40d8d3..40ff3c06 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -249,6 +249,9 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, _make_remark(pamh, ctrl, PAM_ERROR_MSG, _("Your account has expired; please contact your system administrator")); break; + case PAM_AUTHTOK_ERR: + retval = PAM_SUCCESS; + /* fallthrough */ case PAM_SUCCESS: if (daysleft >= 0) { pam_syslog(pamh, LOG_DEBUG, diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 281716e0..360bd90b 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -272,8 +272,16 @@ PAMH_ARG_DECL(int check_shadow_expiry, *daysleft = (int)((spent->sp_lstchg + spent->sp_max) - curdays); D(("warn before expiry")); } + if ((curdays - spent->sp_lstchg < spent->sp_min) + && (spent->sp_min != -1)) { + /* + * The last password change was too recent. This error will be ignored + * if no password change is attempted. + */ + D(("password change too recent")); + return PAM_AUTHTOK_ERR; + } return PAM_SUCCESS; - } /* passwd/salt conversion macros */ diff --git a/xtests/.cvsignore b/xtests/.cvsignore index 4533b249..52af6ddf 100644 --- a/xtests/.cvsignore +++ b/xtests/.cvsignore @@ -17,6 +17,7 @@ tst-pam_limits1 tst-pam_unix1 tst-pam_unix2 tst-pam_unix3 +tst-pam_unix4 tst-pam_succeed_if1 tst-pam_group1 tst-pam_authfail diff --git a/xtests/Makefile.am b/xtests/Makefile.am index 30ba2735..83e9dd15 100644 --- a/xtests/Makefile.am +++ b/xtests/Makefile.am @@ -35,7 +35,7 @@ EXTRA_DIST = run-xtests.sh tst-pam_dispatch1.pamd tst-pam_dispatch2.pamd \ XTESTS = tst-pam_dispatch1 tst-pam_dispatch2 tst-pam_dispatch3 \ tst-pam_dispatch4 tst-pam_dispatch5 \ tst-pam_cracklib1 tst-pam_cracklib2 \ - tst-pam_unix1 tst-pam_unix2 tst-pam_unix3 \ + tst-pam_unix1 tst-pam_unix2 tst-pam_unix3 tst-pam_unix4 \ tst-pam_access1 tst-pam_access2 tst-pam_access3 \ tst-pam_access4 tst-pam_limits1 tst-pam_succeed_if1 \ tst-pam_group1 tst-pam_authfail tst-pam_authsucceed \ diff --git a/xtests/tst-pam_unix4.c b/xtests/tst-pam_unix4.c new file mode 100644 index 00000000..1ba0a40c --- /dev/null +++ b/xtests/tst-pam_unix4.c @@ -0,0 +1,154 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * Check password change minimum days handling. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include + +/* A conversation function which uses an internally-stored value for + the responses. */ +static int +fake_conv (int num_msg, const struct pam_message **msgm UNUSED, + struct pam_response **response, void *appdata_ptr UNUSED) +{ + struct pam_response *reply; + int count; + static int respnum = 0; + static const char *resps[] = { "pamunix01", "TsTPAM01MAP", "TsTPAM01MAP" }; + + /* Sanity test. */ + if (num_msg <= 0) + return PAM_CONV_ERR; + + /* Allocate memory for the responses. */ + reply = calloc (num_msg, sizeof (struct pam_response)); + if (reply == NULL) + return PAM_CONV_ERR; + + /* Answer with appropriate response from the above array. */ + for (count = 0; count < num_msg; ++count) + { + if (msgm[count]->msg_style == PAM_PROMPT_ECHO_OFF) + { + reply[count].resp_retcode = 0; + reply[count].resp = strdup (resps[respnum % 3]); + ++respnum; + } + } + + /* Set the pointers in the response structure and return. */ + *response = reply; + return PAM_SUCCESS; +} + +static struct pam_conv conv = { + fake_conv, + NULL +}; + + +/* Check that errors of optional modules are ignored and that + required modules after a sufficient one are not executed. */ + +int +main(int argc, char *argv[]) +{ + pam_handle_t *pamh=NULL; + const char *user="tstpamunix"; + int retval; + int debug = 0; + int fail; + struct passwd *pwd; + + if (argc < 2 || (*argv[1] != 'f' && + *argv[1] != 'p')) + { + fprintf (stderr, "Need fail or pass argument.\n"); + return 2; + } + + fail = *argv[1] == 'f'; + + if (argc > 2 && strcmp (argv[2], "-d") == 0) + debug = 1; + + pwd = getpwnam (user); + + if (pwd == NULL) + { + if (debug) + fprintf (stderr, "unix4: Missing tstpamunix user.\n"); + return 2; + } + + /* we must switch the real (not effective) user so the restrictions + are enforced */ + setreuid (pwd->pw_uid, -1); + + retval = pam_start("tst-pam_unix4", user, &conv, &pamh); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "unix4: pam_start returned %d\n", retval); + return 1; + } + + retval = pam_chauthtok (pamh, 0); + if ((!fail && retval != PAM_SUCCESS) || (fail && retval == PAM_SUCCESS)) + { + if (debug) + fprintf (stderr, "unix4-1: pam_chauthtok returned %d\n", retval); + return 1; + } + + retval = pam_end (pamh,retval); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "unix4: pam_end returned %d\n", retval); + return 1; + } + return 0; +} diff --git a/xtests/tst-pam_unix4.pamd b/xtests/tst-pam_unix4.pamd new file mode 100644 index 00000000..4dc414fc --- /dev/null +++ b/xtests/tst-pam_unix4.pamd @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth required pam_unix.so +account required pam_unix.so +password required pam_unix.so debug +session required pam_unix.so + diff --git a/xtests/tst-pam_unix4.sh b/xtests/tst-pam_unix4.sh new file mode 100755 index 00000000..787c2f90 --- /dev/null +++ b/xtests/tst-pam_unix4.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +# pamunix01 = 0aXKZztA.d1KYIuFXArmd2jU +/usr/sbin/useradd -p 0aXKZztA.d1KYIuFXArmd2jU tstpamunix +# this run must successfully change the password +./tst-pam_unix4 pass +RET=$? +/usr/sbin/usermod -p 0aXKZztA.d1KYIuFXArmd2jU tstpamunix +/usr/bin/chage -m 10000 tstpamunix +# this run must fail to change the password +./tst-pam_unix4 fail || RET=$? + +/usr/sbin/userdel -r tstpamunix 2> /dev/null +exit $RET -- cgit v1.2.3 From 42f4743cc3ca046833afcaeec01f9793d74bbfb4 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Fri, 27 Feb 2009 14:29:39 +0000 Subject: Relevant BUGIDs: Purpose of commit: new feature Commit summary: --------------- 2009-02-27 Tomas Mraz * modules/pam_mkhomedir/pam_mkhomedir.c(create_homedir): Replace signal() with sigaction(). * modules/pam_namespace/pam_namespace.c(inst_init, cleanup_tmpdirs): Likewise. * modules/pam_unix/pam_unix_acct.c(_unix_run_verify_binary): Likewise. * modules/pam_unix/pam_unix_passwd.c(_unix_run_update_binary): Likewise. * modules/pam_unix/passverify.c(su_sighandler): Likewise. * modules/pam_unix/support.c(_unix_run_helper_binary): Likewise. * modules/pam_tally2/Makefile.am: Link the pam_tally2 app to libpam for auxiliary functions. * modules/pam_tally2/pam_tally2.8.xml: Drop non-existing no_reset option. Document new serialize option. * modules/pam_tally2/pam_tally2.c: Add support for the new serialize option. (_cleanup, tally_set_data, tally_get_data): Add tally file handle to tally PAM data. Needed for fcntl() locking. (get_tally): Use low level file access instead of stdio buffered FILE. If serialize option is used lock the tally file access. (set_tally, tally_bump, tally_reset): Use low level file access instead of stdio buffered FILE. Close the file handle only when it is not owned by PAM data. (pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt): Pass the tally file handle to tally_set_data(). Get it from tally_get_data(). (main): Use low level file access instead of stdio buffered FILE. --- ChangeLog | 29 +++++ modules/pam_mkhomedir/pam_mkhomedir.c | 12 +- modules/pam_namespace/pam_namespace.c | 24 ++-- modules/pam_tally2/Makefile.am | 2 +- modules/pam_tally2/pam_tally2.8.xml | 32 +++-- modules/pam_tally2/pam_tally2.c | 216 ++++++++++++++++++++++------------ modules/pam_unix/pam_unix_acct.c | 12 +- modules/pam_unix/pam_unix_passwd.c | 10 +- modules/pam_unix/passverify.c | 8 +- modules/pam_unix/support.c | 10 +- 10 files changed, 239 insertions(+), 116 deletions(-) (limited to 'modules/pam_unix') diff --git a/ChangeLog b/ChangeLog index 513a0d45..5abf28e3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,32 @@ +2009-02-27 Tomas Mraz + + * modules/pam_mkhomedir/pam_mkhomedir.c(create_homedir): Replace + signal() with sigaction(). + * modules/pam_namespace/pam_namespace.c(inst_init, cleanup_tmpdirs): + Likewise. + * modules/pam_unix/pam_unix_acct.c(_unix_run_verify_binary): Likewise. + * modules/pam_unix/pam_unix_passwd.c(_unix_run_update_binary): + Likewise. + * modules/pam_unix/passverify.c(su_sighandler): Likewise. + * modules/pam_unix/support.c(_unix_run_helper_binary): Likewise. + + * modules/pam_tally2/Makefile.am: Link the pam_tally2 app to libpam + for auxiliary functions. + * modules/pam_tally2/pam_tally2.8.xml: Drop non-existing no_reset + option. Document new serialize option. + * modules/pam_tally2/pam_tally2.c: Add support for the new serialize + option. + (_cleanup, tally_set_data, tally_get_data): Add tally file handle to + tally PAM data. Needed for fcntl() locking. + (get_tally): Use low level file access instead of stdio buffered FILE. + If serialize option is used lock the tally file access. + (set_tally, tally_bump, tally_reset): Use low level file access instead + of stdio buffered FILE. Close the file handle only when it is not owned + by PAM data. + (pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt): Pass the tally + file handle to tally_set_data(). Get it from tally_get_data(). + (main): Use low level file access instead of stdio buffered FILE. + 2009-02-26 Tomas Mraz * xtests/Makefile.am: Add tst-pam_unix4. diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c index a0c389c5..1beb2d9f 100644 --- a/modules/pam_mkhomedir/pam_mkhomedir.c +++ b/modules/pam_mkhomedir/pam_mkhomedir.c @@ -104,7 +104,7 @@ create_homedir (pam_handle_t *pamh, int ctrl, const struct passwd *pwd) { int retval, child; - void (*sighandler)(int) = NULL; + struct sigaction newsa, oldsa; /* Mention what is happening, if the notification fails that is OK */ if (!(ctrl & MKHOMEDIR_QUIET)) @@ -118,8 +118,10 @@ create_homedir (pam_handle_t *pamh, int ctrl, * the application to receive a signal it is not expecting - which * may kill the application or worse. */ - sighandler = signal(SIGCHLD, SIG_DFL); - + memset(&newsa, '\0', sizeof(newsa)); + newsa.sa_handler = SIG_DFL; + sigaction(SIGCHLD, &newsa, &oldsa); + if (ctrl & MKHOMEDIR_DEBUG) { pam_syslog(pamh, LOG_DEBUG, "Executing mkhomedir_helper."); } @@ -166,9 +168,7 @@ create_homedir (pam_handle_t *pamh, int ctrl, retval = PAM_SYSTEM_ERR; } - if (sighandler != SIG_ERR) { - (void) signal(SIGCHLD, sighandler); /* restore old signal handler */ - } + sigaction(SIGCHLD, &oldsa, NULL); /* restore old signal handler */ if (ctrl & MKHOMEDIR_DEBUG) { pam_syslog(pamh, LOG_DEBUG, "mkhomedir_helper returned %d", retval); diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c index 89bc3686..7d668d9e 100644 --- a/modules/pam_namespace/pam_namespace.c +++ b/modules/pam_namespace/pam_namespace.c @@ -1157,15 +1157,15 @@ static int inst_init(const struct polydir_s *polyptr, const char *ipath, struct instance_data *idata, int newdir) { pid_t rc, pid; - sighandler_t osighand = NULL; + struct sigaction newsa, oldsa; int status; const char *init_script = NAMESPACE_INIT_SCRIPT; - osighand = signal(SIGCHLD, SIG_DFL); - if (osighand == SIG_ERR) { + memset(&newsa, '\0', sizeof(newsa)); + newsa.sa_handler = SIG_DFL; + if (sigaction(SIGCHLD, &newsa, &oldsa) == -1) { pam_syslog(idata->pamh, LOG_ERR, "Cannot set signal value"); - rc = PAM_SESSION_ERR; - goto out; + return PAM_SESSION_ERR; } if ((polyptr->flags & POLYDIR_ISCRIPT) && polyptr->init_script) @@ -1214,7 +1214,7 @@ static int inst_init(const struct polydir_s *polyptr, const char *ipath, } rc = PAM_SUCCESS; out: - (void) signal(SIGCHLD, osighand); + (void) sigaction(SIGCHLD, &oldsa, NULL); return rc; } @@ -1594,14 +1594,14 @@ static int cleanup_tmpdirs(struct instance_data *idata) { struct polydir_s *pptr; pid_t rc, pid; - sighandler_t osighand = NULL; + struct sigaction newsa, oldsa; int status; - osighand = signal(SIGCHLD, SIG_DFL); - if (osighand == SIG_ERR) { + memset(&newsa, '\0', sizeof(newsa)); + newsa.sa_handler = SIG_DFL; + if (sigaction(SIGCHLD, &newsa, &oldsa) == -1) { pam_syslog(idata->pamh, LOG_ERR, "Cannot set signal value"); - rc = PAM_SESSION_ERR; - goto out; + return PAM_SESSION_ERR; } for (pptr = idata->polydirs_ptr; pptr; pptr = pptr->next) { @@ -1639,7 +1639,7 @@ static int cleanup_tmpdirs(struct instance_data *idata) rc = PAM_SUCCESS; out: - signal(SIGCHLD, osighand); + sigaction(SIGCHLD, &oldsa, NULL); return rc; } diff --git a/modules/pam_tally2/Makefile.am b/modules/pam_tally2/Makefile.am index 6f843e1f..06cdf554 100644 --- a/modules/pam_tally2/Makefile.am +++ b/modules/pam_tally2/Makefile.am @@ -25,7 +25,7 @@ if HAVE_VERSIONING pam_tally2_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif -pam_tally2_LDADD = $(LIBAUDIT) +pam_tally2_LDADD = -L$(top_builddir)/libpam -lpam $(LIBAUDIT) securelib_LTLIBRARIES = pam_tally2.la sbin_PROGRAMS = pam_tally2 diff --git a/modules/pam_tally2/pam_tally2.8.xml b/modules/pam_tally2/pam_tally2.8.xml index a7a3fc47..255fcea4 100644 --- a/modules/pam_tally2/pam_tally2.8.xml +++ b/modules/pam_tally2/pam_tally2.8.xml @@ -42,6 +42,9 @@ root_unlock_time=n + + serialize + audit @@ -244,16 +247,6 @@ - - - - - - - Don't reset count on successful entry, only decrement. - - - @@ -278,6 +271,23 @@ + + + + + + + Serialize access to the tally file using locks. This option might + be used only for non-multithreaded services because it depends on + the fcntl locking of the tally file. Also it is a good idea to use + this option only in such configurations where the time between auth + phase and account or setcred phase is not dependent on the + authenticating client. Otherwise the authenticating client will be + able to prevent simultaneous authentications by the same user by + simply artificially prolonging the time the file record lock is held. + + + @@ -431,7 +441,7 @@ session optional pam_mail.so standard AUTHOR - pam_tally was written by Tim Baverstock and Tomas Mraz. + pam_tally2 was written by Tim Baverstock and Tomas Mraz. diff --git a/modules/pam_tally2/pam_tally2.c b/modules/pam_tally2/pam_tally2.c index faa6942e..3490aa15 100644 --- a/modules/pam_tally2/pam_tally2.c +++ b/modules/pam_tally2/pam_tally2.c @@ -63,6 +63,9 @@ #include #include #include +#include +#include +#include #include "tallylog.h" #ifndef TRUE @@ -87,9 +90,9 @@ /* #define PAM_SM_SESSION */ /* #define PAM_SM_PASSWORD */ -#include #include #endif +#include #include /*---------------------------------------------------------------------*/ @@ -120,7 +123,9 @@ struct tally_options { #define OPT_QUIET 040 #define OPT_AUDIT 0100 #define OPT_NOLOGNOTICE 0400 +#define OPT_SERIALIZE 01000 +#define MAX_LOCK_WAITING_TIME 10 /*---------------------------------------------------------------------*/ @@ -188,6 +193,9 @@ tally_parse_args(pam_handle_t *pamh, struct tally_options *opts, else if ( ! strcmp( *argv, "magic_root" ) ) { opts->ctrl |= OPT_MAGIC_ROOT; } + else if ( ! strcmp( *argv, "serialize" ) ) { + opts->ctrl |= OPT_SERIALIZE; + } else if ( ! strcmp( *argv, "even_deny_root_account" ) || ! strcmp( *argv, "even_deny_root" ) ) { log_phase_no_auth(pamh, phase, *argv); @@ -291,34 +299,44 @@ pam_get_uid(pam_handle_t *pamh, uid_t *uid, const char **userp, struct tally_opt #ifndef MAIN +struct tally_data { + time_t time; + int tfile; +}; + static void -_cleanup(pam_handle_t *pamh UNUSED, void *data, int error_status UNUSED) +_cleanup(pam_handle_t *pamh UNUSED, void *void_data, int error_status UNUSED) { + struct tally_data *data = void_data; + if (data->tfile != -1) + close(data->tfile); free(data); } - static void -tally_set_data( pam_handle_t *pamh, time_t oldtime ) +tally_set_data( pam_handle_t *pamh, time_t oldtime, int tfile ) { - time_t *data; + struct tally_data *data; - if ( (data=malloc(sizeof(time_t))) != NULL ) { - *data = oldtime; + if ( (data=malloc(sizeof(*data))) != NULL ) { + data->time = oldtime; + data->tfile = tfile; pam_set_data(pamh, MODULE_NAME, (void *)data, _cleanup); } } static int -tally_get_data( pam_handle_t *pamh, time_t *oldtime ) +tally_get_data( pam_handle_t *pamh, time_t *oldtime, int *tfile ) { int rv; - const void *data; - - rv = pam_get_data(pamh, MODULE_NAME, &data); - if ( rv == PAM_SUCCESS && data != NULL && oldtime != NULL ) { - *oldtime = *(const time_t *)data; - pam_set_data(pamh, MODULE_NAME, NULL, NULL); + const void *void_data; + const struct tally_data *data; + + rv = pam_get_data(pamh, MODULE_NAME, &void_data); + if ( rv == PAM_SUCCESS && void_data != NULL && oldtime != NULL ) { + data = void_data; + *oldtime = data->time; + *tfile = data->tfile; } else { rv = -1; @@ -334,36 +352,44 @@ tally_get_data( pam_handle_t *pamh, time_t *oldtime ) /* If on entry tallyfile doesn't exist, creation is attempted. */ +static void +alarm_handler(int sig UNUSED) +{ /* we just need to ignore it */ +} + static int get_tally(pam_handle_t *pamh, uid_t uid, const char *filename, - FILE **tfile, struct tallylog *tally) + int *tfile, struct tallylog *tally, unsigned int ctrl) { struct stat fileinfo; int lstat_ret; + void *void_tally = tally; + int preopened = 0; + + if (*tfile != -1) { + preopened = 1; + goto skip_open; + } lstat_ret = lstat(filename, &fileinfo); if (lstat_ret) { - int save_errno; - int oldmask = umask(077); - *tfile=fopen(filename, "a"); - save_errno = errno; + *tfile=open(filename, O_APPEND|O_CREAT, 0700); /* Create file, or append-open in pathological case. */ - umask(oldmask); - if ( !*tfile ) { + if (*tfile == -1) { #ifndef MAIN - if (save_errno == EACCES) { + if (errno == EACCES) { return PAM_IGNORE; /* called with insufficient access rights */ } #endif - errno = save_errno; pam_syslog(pamh, LOG_ALERT, "Couldn't create %s: %m", filename); return PAM_AUTH_ERR; } - lstat_ret = fstat(fileno(*tfile),&fileinfo); - fclose(*tfile); - *tfile = NULL; + lstat_ret = fstat(*tfile, &fileinfo); + close(*tfile); } + *tfile = -1; + if ( lstat_ret ) { pam_syslog(pamh, LOG_ALERT, "Couldn't stat %s", filename); return PAM_AUTH_ERR; @@ -378,7 +404,7 @@ get_tally(pam_handle_t *pamh, uid_t uid, const char *filename, return PAM_AUTH_ERR; } - if (!(*tfile = fopen(filename, "r+"))) { + if ((*tfile = open(filename, O_RDWR)) == -1) { #ifndef MAIN if (errno == EACCES) /* called with insufficient access rights */ return PAM_IGNORE; @@ -388,16 +414,46 @@ get_tally(pam_handle_t *pamh, uid_t uid, const char *filename, return PAM_AUTH_ERR; } - if (fseeko(*tfile, (off_t)uid*(off_t)sizeof(*tally), SEEK_SET)) { - pam_syslog(pamh, LOG_ALERT, "fseek failed for %s: %m", filename); - fclose(*tfile); - *tfile = NULL; +skip_open: + if (lseek(*tfile, (off_t)uid*(off_t)sizeof(*tally), SEEK_SET) == (off_t)-1) { + pam_syslog(pamh, LOG_ALERT, "lseek failed for %s: %m", filename); + if (!preopened) { + close(*tfile); + *tfile = -1; + } return PAM_AUTH_ERR; } + if (!preopened && (ctrl & OPT_SERIALIZE)) { + /* this code is not thread safe as it uses fcntl locks and alarm() + so never use serialize with multithreaded services */ + struct sigaction newsa, oldsa; + unsigned int oldalarm; + int rv; + + memset(&newsa, '\0', sizeof(newsa)); + newsa.sa_handler = alarm_handler; + sigaction(SIGALRM, &newsa, &oldsa); + oldalarm = alarm(MAX_LOCK_WAITING_TIME); + + rv = lockf(*tfile, F_LOCK, sizeof(*tally)); + /* lock failure is not fatal, we attempt to read the tally anyway */ + + /* reinstate the eventual old alarm handler */ + if (rv == -1 && errno == EINTR) { + if (oldalarm > MAX_LOCK_WAITING_TIME) { + oldalarm -= MAX_LOCK_WAITING_TIME; + } else if (oldalarm > 0) { + oldalarm = 1; + } + } + sigaction(SIGALRM, &oldsa, NULL); + alarm(oldalarm); + } + if (fileinfo.st_size < (off_t)(uid+1)*(off_t)sizeof(*tally)) { memset(tally, 0, sizeof(*tally)); - } else if (fread(tally, sizeof(*tally), 1, *tfile) == 0) { + } else if (pam_modutil_read(*tfile, void_tally, sizeof(*tally)) != sizeof(*tally)) { memset(tally, 0, sizeof(*tally)); /* Shouldn't happen */ } @@ -409,29 +465,28 @@ get_tally(pam_handle_t *pamh, uid_t uid, const char *filename, /*---------------------------------------------------------------------*/ -/* --- Support function: update and close tallyfile with tally!=TALLY_HI --- */ +/* --- Support function: update tallyfile with tally!=TALLY_HI --- */ static int set_tally(pam_handle_t *pamh, uid_t uid, - const char *filename, FILE **tfile, struct tallylog *tally) + const char *filename, int *tfile, struct tallylog *tally) { + void *void_tally = tally; if (tally->fail_cnt != TALLY_HI) { - if (fseeko(*tfile, (off_t)uid * sizeof(*tally), SEEK_SET)) { - pam_syslog(pamh, LOG_ALERT, "fseek failed for %s: %m", filename); + if (lseek(*tfile, (off_t)uid * sizeof(*tally), SEEK_SET) == (off_t)-1) { + pam_syslog(pamh, LOG_ALERT, "lseek failed for %s: %m", filename); return PAM_AUTH_ERR; } - if (fwrite(tally, sizeof(*tally), 1, *tfile) == 0) { - pam_syslog(pamh, LOG_ALERT, "update (fwrite) failed for %s: %m", filename); + if (pam_modutil_write(*tfile, void_tally, sizeof(*tally)) != sizeof(*tally)) { + pam_syslog(pamh, LOG_ALERT, "update (write) failed for %s: %m", filename); return PAM_AUTH_ERR; } } - if (fclose(*tfile)) { - *tfile = NULL; - pam_syslog(pamh, LOG_ALERT, "update (fclose) failed for %s: %m", filename); + if (fsync(*tfile)) { + pam_syslog(pamh, LOG_ALERT, "update (fsync) failed for %s: %m", filename); return PAM_AUTH_ERR; } - *tfile=NULL; return PAM_SUCCESS; } @@ -566,20 +621,21 @@ cleanup: static int tally_bump (int inc, time_t *oldtime, pam_handle_t *pamh, - uid_t uid, const char *user, struct tally_options *opts) + uid_t uid, const char *user, struct tally_options *opts, int *tfile) { struct tallylog tally; tally_t oldcnt; - FILE *tfile = NULL; const void *remote_host = NULL; int i, rv; tally.fail_cnt = 0; /* !TALLY_HI --> Log opened for update */ - i = get_tally(pamh, uid, opts->filename, &tfile, &tally); + i = get_tally(pamh, uid, opts->filename, tfile, &tally, opts->ctrl); if (i != PAM_SUCCESS) { - if (tfile) - fclose(tfile); + if (*tfile != -1) { + close(*tfile); + *tfile = -1; + } RETURN_ERROR(i); } @@ -617,23 +673,28 @@ tally_bump (int inc, time_t *oldtime, pam_handle_t *pamh, rv = tally_check(oldcnt, *oldtime, pamh, uid, user, opts, &tally); - i = set_tally(pamh, uid, opts->filename, &tfile, &tally); + i = set_tally(pamh, uid, opts->filename, tfile, &tally); if (i != PAM_SUCCESS) { - if (tfile) - fclose(tfile); + if (*tfile != -1) { + close(*tfile); + *tfile = -1; + } if (rv == PAM_SUCCESS) RETURN_ERROR( i ); /* fallthrough */ + } else if (!(opts->ctrl & OPT_SERIALIZE)) { + close(*tfile); + *tfile = -1; } return rv; } static int -tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts) +tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts, int old_tfile) { struct tallylog tally; - FILE *tfile = NULL; + int tfile = old_tfile; int i; /* resets only if not magic root */ @@ -644,10 +705,10 @@ tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts) tally.fail_cnt = 0; /* !TALLY_HI --> Log opened for update */ - i=get_tally(pamh, uid, opts->filename, &tfile, &tally); + i=get_tally(pamh, uid, opts->filename, &tfile, &tally, opts->ctrl); if (i != PAM_SUCCESS) { - if (tfile) - fclose(tfile); + if (tfile != old_tfile) /* the descriptor is not owned by pam data */ + close(tfile); RETURN_ERROR(i); } @@ -655,11 +716,14 @@ tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts) i=set_tally(pamh, uid, opts->filename, &tfile, &tally); if (i != PAM_SUCCESS) { - if (tfile) - fclose(tfile); + if (tfile != old_tfile) /* the descriptor is not owned by pam data */ + close(tfile); RETURN_ERROR(i); } + if (tfile != old_tfile) + close(tfile); + return PAM_SUCCESS; } @@ -672,7 +736,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { int - rv; + rv, tfile = -1; time_t oldtime = 0; struct tally_options @@ -693,9 +757,9 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, if (rv != PAM_SUCCESS) RETURN_ERROR(rv); - rv = tally_bump(1, &oldtime, pamh, uid, user, opts); + rv = tally_bump(1, &oldtime, pamh, uid, user, opts, &tfile); - tally_set_data(pamh, oldtime); + tally_set_data(pamh, oldtime, tfile); return rv; } @@ -705,7 +769,7 @@ pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { int - rv; + rv, tfile = -1; time_t oldtime = 0; struct tally_options @@ -723,11 +787,15 @@ pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, if ( rv != PAM_SUCCESS ) RETURN_ERROR( rv ); - if ( tally_get_data(pamh, &oldtime) != 0 ) + if ( tally_get_data(pamh, &oldtime, &tfile) != 0 ) /* no data found */ return PAM_SUCCESS; - return tally_reset(pamh, uid, opts); + rv = tally_reset(pamh, uid, opts, tfile); + + pam_set_data(pamh, MODULE_NAME, NULL, NULL); + + return rv; } /*---------------------------------------------------------------------*/ @@ -741,7 +809,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { int - rv; + rv, tfile = -1; time_t oldtime = 0; struct tally_options @@ -759,11 +827,15 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, if ( rv != PAM_SUCCESS ) RETURN_ERROR( rv ); - if ( tally_get_data(pamh, &oldtime) != 0 ) + if ( tally_get_data(pamh, &oldtime, &tfile) != 0 ) /* no data found */ return PAM_SUCCESS; - return tally_reset(pamh, uid, opts); + rv = tally_reset(pamh, uid, opts, tfile); + + pam_set_data(pamh, MODULE_NAME, NULL, NULL); + + return rv; } /*-----------------------------------------------------------------------*/ @@ -895,7 +967,7 @@ main( int argc UNUSED, char **argv ) if ( cline_user ) { uid_t uid; - FILE *tfile=0; + int tfile = -1; struct tally_options opts; int i; @@ -907,10 +979,10 @@ main( int argc UNUSED, char **argv ) exit(1); } - i=get_tally(NULL, uid, cline_filename, &tfile, &tally); + i=get_tally(NULL, uid, cline_filename, &tfile, &tally, 0); if ( i != PAM_SUCCESS ) { - if (tfile) - fclose(tfile); + if (tfile != -1) + close(tfile); fprintf(stderr, "%s: %s\n", *argv, pam_errors(i)); exit(1); } @@ -934,13 +1006,13 @@ main( int argc UNUSED, char **argv ) tally.fail_cnt = cline_reset; } i=set_tally(NULL, uid, cline_filename, &tfile, &tally); + close(tfile); if (i != PAM_SUCCESS) { - if (tfile) fclose(tfile); fprintf(stderr,"%s: %s\n",*argv,pam_errors(i)); exit(1); } } else { - fclose(tfile); + close(tfile); } } else /* !cline_user (ie, operate on all users) */ { diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index 40ff3c06..f8698337 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -65,7 +65,7 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, const char *user, int *daysleft) { int retval=0, child, fds[2]; - void (*sighandler)(int) = NULL; + struct sigaction newsa, oldsa; D(("running verify_binary")); /* create a pipe for the messages */ @@ -85,7 +85,9 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, * The "noreap" module argument is provided so that the admin can * override this behavior. */ - sighandler = signal(SIGCHLD, SIG_DFL); + memset(&newsa, '\0', sizeof(newsa)); + newsa.sa_handler = SIG_DFL; + sigaction(SIGCHLD, &newsa, &oldsa); } /* fork */ @@ -158,9 +160,11 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, } close(fds[0]); } - if (sighandler != SIG_ERR) { - (void) signal(SIGCHLD, sighandler); /* restore old signal handler */ + + if (off(UNIX_NOREAP, ctrl)) { + sigaction(SIGCHLD, &oldsa, NULL); /* restore old signal handler */ } + D(("Returning %d",retval)); return retval; } diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index b8da9913..9386d87f 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -139,7 +139,7 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const const char *fromwhat, const char *towhat, int remember) { int retval, child, fds[2]; - void (*sighandler)(int) = NULL; + struct sigaction newsa, oldsa; D(("called.")); /* create a pipe for the password */ @@ -157,7 +157,9 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const * The "noreap" module argument is provided so that the admin can * override this behavior. */ - sighandler = signal(SIGCHLD, SIG_DFL); + memset(&newsa, '\0', sizeof(newsa)); + newsa.sa_handler = SIG_DFL; + sigaction(SIGCHLD, &newsa, &oldsa); } /* fork */ @@ -236,8 +238,8 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const retval = PAM_AUTH_ERR; } - if (sighandler != SIG_ERR) { - (void) signal(SIGCHLD, sighandler); /* restore old signal handler */ + if (off(UNIX_NOREAP, ctrl)) { + sigaction(SIGCHLD, &oldsa, NULL); /* restore old signal handler */ } return retval; diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 360bd90b..234e86dd 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -994,8 +994,12 @@ su_sighandler(int sig) { #ifndef SA_RESETHAND /* emulate the behaviour of the SA_RESETHAND flag */ - if ( sig == SIGILL || sig == SIGTRAP || sig == SIGBUS || sig = SIGSERV ) - signal(sig, SIG_DFL); + if ( sig == SIGILL || sig == SIGTRAP || sig == SIGBUS || sig = SIGSERV ) { + struct sigaction sa; + memset(&sa, '\0, sizeof(sa)); + sa.sa_handler = SIG_DFL; + sigaction(sig, &sa, NULL); + } #endif if (sig > 0) { _exit(sig); diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index faec20dc..6e1bd454 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -408,7 +408,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, unsigned int ctrl, const char *user) { int retval, child, fds[2]; - void (*sighandler)(int) = NULL; + struct sigaction newsa, oldsa; D(("called.")); /* create a pipe for the password */ @@ -426,7 +426,9 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, * The "noreap" module argument is provided so that the admin can * override this behavior. */ - sighandler = signal(SIGCHLD, SIG_DFL); + memset(&newsa, '\0', sizeof(newsa)); + newsa.sa_handler = SIG_DFL; + sigaction(SIGCHLD, &newsa, &oldsa); } /* fork */ @@ -497,8 +499,8 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, retval = PAM_AUTH_ERR; } - if (sighandler != SIG_ERR) { - (void) signal(SIGCHLD, sighandler); /* restore old signal handler */ + if (off(UNIX_NOREAP, ctrl)) { + sigaction(SIGCHLD, &oldsa, NULL); /* restore old signal handler */ } D(("returning %d", retval)); -- cgit v1.2.3 From 5814c9064606215dca37b138a12822d66ca2b312 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 3 Mar 2009 08:10:53 +0000 Subject: Relevant BUGIDs: Purpose of commit: bugfix Commit summary: --------------- 2009-03-03 Tomas Mraz * modules/pam_unix/pam_unix_acct.c(_unix_run_verify_binary): Test for abnormal exit of the helper binary. * modules/pam_unix/pam_unix_passwd.c(_unix_run_update_binary): Likewise. * modules/pam_unix/support.c(_unix_run_helper_binary): Likewise. * modules/pam_mkhomedir/pam_mkhomedir.c(create_homedir): Likewise. --- ChangeLog | 8 ++++++++ modules/pam_mkhomedir/pam_mkhomedir.c | 5 ++++- modules/pam_unix/pam_unix_acct.c | 3 +++ modules/pam_unix/pam_unix_passwd.c | 7 +++++-- modules/pam_unix/support.c | 3 +++ 5 files changed, 23 insertions(+), 3 deletions(-) (limited to 'modules/pam_unix') diff --git a/ChangeLog b/ChangeLog index 5abf28e3..2d725190 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2009-03-03 Tomas Mraz + + * modules/pam_unix/pam_unix_acct.c(_unix_run_verify_binary): Test + for abnormal exit of the helper binary. + * modules/pam_unix/pam_unix_passwd.c(_unix_run_update_binary): Likewise. + * modules/pam_unix/support.c(_unix_run_helper_binary): Likewise. + * modules/pam_mkhomedir/pam_mkhomedir.c(create_homedir): Likewise. + 2009-02-27 Tomas Mraz * modules/pam_mkhomedir/pam_mkhomedir.c(create_homedir): Replace diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c index 1beb2d9f..419b525a 100644 --- a/modules/pam_mkhomedir/pam_mkhomedir.c +++ b/modules/pam_mkhomedir/pam_mkhomedir.c @@ -159,7 +159,10 @@ create_homedir (pam_handle_t *pamh, int ctrl, if (rc < 0) { pam_syslog(pamh, LOG_ERR, "waitpid failed: %m"); retval = PAM_SYSTEM_ERR; - } else { + } else if (!WIFEXITED(retval)) { + pam_syslog(pamh, LOG_ERR, "mkhomedir_helper abnormal exit: %d", retval); + retval = PAM_SYSTEM_ERR; + } else { retval = WEXITSTATUS(retval); } } else { diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index f8698337..4e119340 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -140,6 +140,9 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, if (rc<0) { pam_syslog(pamh, LOG_ERR, "unix_chkpwd waitpid returned %d: %m", rc); retval = PAM_AUTH_ERR; + } else if (!WIFEXITED(retval)) { + pam_syslog(pamh, LOG_ERR, "unix_chkpwd abnormal exit: %d", retval); + retval = PAM_AUTH_ERR; } else { retval = WEXITSTATUS(retval); rc = pam_modutil_read(fds[0], buf, sizeof(buf) - 1); diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 9386d87f..ab1adda0 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -227,8 +227,11 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const rc=waitpid(child, &retval, 0); /* wait for helper to complete */ if (rc<0) { pam_syslog(pamh, LOG_ERR, "unix_update waitpid failed: %m"); - retval = PAM_AUTH_ERR; - } else { + retval = PAM_AUTHTOK_ERR; + } else if (!WIFEXITED(retval)) { + pam_syslog(pamh, LOG_ERR, "unix_update abnormal exit: %d", retval); + retval = PAM_AUTHTOK_ERR; + } else { retval = WEXITSTATUS(retval); } } else { diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 6e1bd454..dda617a0 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -489,6 +489,9 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, if (rc<0) { pam_syslog(pamh, LOG_ERR, "unix_chkpwd waitpid returned %d: %m", rc); retval = PAM_AUTH_ERR; + } else if (!WIFEXITED(retval)) { + pam_syslog(pamh, LOG_ERR, "unix_chkpwd abnormal exit: %d", retval); + retval = PAM_AUTH_ERR; } else { retval = WEXITSTATUS(retval); } -- cgit v1.2.3 From 1e56491f0e1cbd07fc0eb0fbfdf5982eced366a6 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 24 Mar 2009 16:33:21 +0000 Subject: Relevant BUGIDs: Purpose of commit: bugfix Commit summary: --------------- 2009-03-24 Tomas Mraz * modules/pam_unix/passverify.c(save_old_password): Call fflush() and fsync(). (unix_update_passwd, unix_update_shadow): Likewise. * modules/pam_pwhistory/opasswd.c(save_old_password): Likewise. --- ChangeLog | 7 +++++++ modules/pam_pwhistory/opasswd.c | 9 +++++++++ modules/pam_unix/passverify.c | 21 ++++++++++++++++++--- 3 files changed, 34 insertions(+), 3 deletions(-) (limited to 'modules/pam_unix') diff --git a/ChangeLog b/ChangeLog index a72289f7..6446162a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2009-03-24 Tomas Mraz + + * modules/pam_unix/passverify.c(save_old_password): Call fflush() and + fsync(). + (unix_update_passwd, unix_update_shadow): Likewise. + * modules/pam_pwhistory/opasswd.c(save_old_password): Likewise. + 2009-03-09 Thorsten Kukuk * release version 1.0.91 diff --git a/modules/pam_pwhistory/opasswd.c b/modules/pam_pwhistory/opasswd.c index fd4cd251..dbcd04e3 100644 --- a/modules/pam_pwhistory/opasswd.c +++ b/modules/pam_pwhistory/opasswd.c @@ -452,6 +452,15 @@ save_old_password (pam_handle_t *pamh, const char *user, uid_t uid, goto error_opasswd; } + if (fflush (newpf) != 0 || fsync (fileno (newpf)) != 0) + { + pam_syslog (pamh, LOG_ERR, + "Error while syncing temporary opasswd file: %m"); + retval = PAM_AUTHTOK_ERR; + fclose (newpf); + goto error_opasswd; + } + if (fclose (newpf) != 0) { pam_syslog (pamh, LOG_ERR, diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 234e86dd..0575f657 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -680,8 +680,13 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass, } } + if (fflush(pwfile) || fsync(fileno(pwfile))) { + D(("fflush or fsync error writing entries to old passwords file: %m")); + err = 1; + } + if (fclose(pwfile)) { - D(("error writing entries to old passwords file: %m")); + D(("fclose error writing entries to old passwords file: %m")); err = 1; } @@ -795,8 +800,13 @@ PAMH_ARG_DECL(int unix_update_passwd, } fclose(opwfile); + if (fflush(pwfile) || fsync(fileno(pwfile))) { + D(("fflush or fsync error writing entries to password file: %m")); + err = 1; + } + if (fclose(pwfile)) { - D(("error writing entries to password file: %m")); + D(("fclose error writing entries to password file: %m")); err = 1; } @@ -916,8 +926,13 @@ PAMH_ARG_DECL(int unix_update_shadow, } fclose(opwfile); + if (fflush(pwfile) || fsync(fileno(pwfile))) { + D(("fflush or fsync error writing entries to shadow file: %m")); + err = 1; + } + if (fclose(pwfile)) { - D(("error writing entries to shadow file: %m")); + D(("fclose error writing entries to shadow file: %m")); err = 1; } -- cgit v1.2.3 From fd1b9361a937f8b565d0d55179da359122e1fc96 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 25 Mar 2009 10:54:23 +0000 Subject: Relevant BUGIDs: 2487654 Purpose of commit: bugfix Commit summary: --------------- 2009-03-25 Thorsten Kukuk * modules/pam_mkhomedir/pam_mkhomedir.c: Make option handling reentrant (#2487654) (_pam_parse): Fix umask option. * modules/pam_unix/passverify.c: Fix typo. * modules/pam_issue/pam_issue.c: Fix compiler warning. * modules/pam_ftp/pam_ftp.c: Likewise. --- ChangeLog | 13 +++++++- modules/pam_ftp/pam_ftp.c | 2 +- modules/pam_issue/pam_issue.c | 2 +- modules/pam_mkhomedir/pam_mkhomedir.c | 57 ++++++++++++++++++----------------- modules/pam_unix/passverify.c | 2 +- po/Linux-PAM.pot | 6 ++-- po/ar.po | 6 ++-- po/as.po | 6 ++-- po/bn_IN.po | 6 ++-- po/ca.po | 6 ++-- po/cs.po | 6 ++-- po/da.po | 6 ++-- po/de.po | 6 ++-- po/es.po | 6 ++-- po/fi.po | 6 ++-- po/fr.po | 6 ++-- po/gu.po | 6 ++-- po/hi.po | 6 ++-- po/hu.po | 6 ++-- po/it.po | 6 ++-- po/ja.po | 6 ++-- po/kk.po | 6 ++-- po/km.po | 6 ++-- po/kn.po | 6 ++-- po/ko.po | 6 ++-- po/ml.po | 6 ++-- po/mr.po | 6 ++-- po/ms.po | 6 ++-- po/nb.po | 6 ++-- po/nl.po | 6 ++-- po/or.po | 6 ++-- po/pa.po | 6 ++-- po/pl.po | 6 ++-- po/pt.po | 6 ++-- po/pt_BR.po | 6 ++-- po/ru.po | 6 ++-- po/si.po | 6 ++-- po/sk.po | 6 ++-- po/sr.po | 6 ++-- po/sr@latin.po | 6 ++-- po/sv.po | 6 ++-- po/ta.po | 6 ++-- po/te.po | 6 ++-- po/tr.po | 6 ++-- po/uk.po | 6 ++-- po/zh_CN.po | 6 ++-- po/zh_TW.po | 6 ++-- po/zu.po | 6 ++-- 48 files changed, 174 insertions(+), 160 deletions(-) (limited to 'modules/pam_unix') diff --git a/ChangeLog b/ChangeLog index b2346a48..c556ff84 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,14 @@ +2009-03-25 Thorsten Kukuk + + * modules/pam_mkhomedir/pam_mkhomedir.c: Make option handling + reentrant (#2487654) + (_pam_parse): Fix umask option. + + * modules/pam_unix/passverify.c: Fix typo. + + * modules/pam_issue/pam_issue.c: Fix compiler warning. + * modules/pam_ftp/pam_ftp.c: Likewise. + 2009-03-25 Pavol Šimo * po/sk.po: Updated translations. @@ -39,7 +50,7 @@ * tests/tst-pam_mkargv.c (main): Fix for non-64bit architectures. -2009-03-03 Tomas Mraz +2009-03-03 Tomas Mraz * modules/pam_unix/pam_unix_acct.c(_unix_run_verify_binary): Test for abnormal exit of the helper binary. diff --git a/modules/pam_ftp/pam_ftp.c b/modules/pam_ftp/pam_ftp.c index 7c546511..a124795b 100644 --- a/modules/pam_ftp/pam_ftp.c +++ b/modules/pam_ftp/pam_ftp.c @@ -172,7 +172,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, /* XXX: Some effort should be made to verify this email address! */ if (!(ctrl & PAM_IGNORE_EMAIL)) { - char *sptr; + char *sptr = NULL; token = strtok_r(resp, "@", &sptr); retval = pam_set_item(pamh, PAM_RUSER, token); diff --git a/modules/pam_issue/pam_issue.c b/modules/pam_issue/pam_issue.c index 7a8a24d5..060baada 100644 --- a/modules/pam_issue/pam_issue.c +++ b/modules/pam_issue/pam_issue.c @@ -145,7 +145,7 @@ read_issue_raw(pam_handle_t *pamh, FILE *fp, char **prompt) return PAM_BUF_ERR; } - if (fread(issue, 1, st.st_size, fp) != st.st_size) { + if ((off_t)fread(issue, 1, st.st_size, fp) != st.st_size) { pam_syslog(pamh, LOG_ERR, "read error: %m"); _pam_drop(issue); return PAM_SERVICE_ERR; diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c index 419b525a..b81708f2 100644 --- a/modules/pam_mkhomedir/pam_mkhomedir.c +++ b/modules/pam_mkhomedir/pam_mkhomedir.c @@ -64,50 +64,52 @@ #define MKHOMEDIR_DEBUG 020 /* be verbose about things */ #define MKHOMEDIR_QUIET 040 /* keep quiet about things */ -static char UMask[16] = "0022"; -static char SkelDir[BUFSIZ] = "/etc/skel"; /* THIS MODULE IS NOT THREAD SAFE */ +struct options_t { + int ctrl; + const char *umask; + const char *skeldir; +}; +typedef struct options_t options_t; -static int -_pam_parse (const pam_handle_t *pamh, int flags, int argc, const char **argv) +static void +_pam_parse (const pam_handle_t *pamh, int flags, int argc, const char **argv, + options_t *opt) { - int ctrl = 0; + opt->ctrl = 0; + opt->umask = "0022"; + opt->skeldir = "/etc/skel"; /* does the appliction require quiet? */ if ((flags & PAM_SILENT) == PAM_SILENT) - ctrl |= MKHOMEDIR_QUIET; + opt->ctrl |= MKHOMEDIR_QUIET; /* step through arguments */ for (; argc-- > 0; ++argv) { if (!strcmp(*argv, "silent")) { - ctrl |= MKHOMEDIR_QUIET; + opt->ctrl |= MKHOMEDIR_QUIET; } else if (!strcmp(*argv, "debug")) { - ctrl |= MKHOMEDIR_DEBUG; + opt->ctrl |= MKHOMEDIR_DEBUG; } else if (!strncmp(*argv,"umask=",6)) { - strncpy(SkelDir,*argv+6,sizeof(UMask)); - UMask[sizeof(UMask)-1] = '\0'; + opt->umask = *argv+6; } else if (!strncmp(*argv,"skel=",5)) { - strncpy(SkelDir,*argv+5,sizeof(SkelDir)); - SkelDir[sizeof(SkelDir)-1] = '\0'; + opt->skeldir = *argv+5; } else { pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); } } - - D(("ctrl = %o", ctrl)); - return ctrl; } /* Do the actual work of creating a home dir */ static int -create_homedir (pam_handle_t *pamh, int ctrl, +create_homedir (pam_handle_t *pamh, options_t *opt, const struct passwd *pwd) { int retval, child; struct sigaction newsa, oldsa; /* Mention what is happening, if the notification fails that is OK */ - if (!(ctrl & MKHOMEDIR_QUIET)) + if (!(opt->ctrl & MKHOMEDIR_QUIET)) pam_info(pamh, _("Creating directory '%s'."), pwd->pw_dir); @@ -121,8 +123,8 @@ create_homedir (pam_handle_t *pamh, int ctrl, memset(&newsa, '\0', sizeof(newsa)); newsa.sa_handler = SIG_DFL; sigaction(SIGCHLD, &newsa, &oldsa); - - if (ctrl & MKHOMEDIR_DEBUG) { + + if (opt->ctrl & MKHOMEDIR_DEBUG) { pam_syslog(pamh, LOG_DEBUG, "Executing mkhomedir_helper."); } @@ -145,8 +147,8 @@ create_homedir (pam_handle_t *pamh, int ctrl, /* exec the mkhomedir helper */ args[0] = x_strdup(MKHOMEDIR_HELPER); args[1] = pwd->pw_name; - args[2] = UMask; - args[3] = SkelDir; + args[2] = x_strdup(opt->umask); + args[3] = x_strdup(opt->skeldir); execve(MKHOMEDIR_HELPER, args, envp); @@ -173,11 +175,11 @@ create_homedir (pam_handle_t *pamh, int ctrl, sigaction(SIGCHLD, &oldsa, NULL); /* restore old signal handler */ - if (ctrl & MKHOMEDIR_DEBUG) { + if (opt->ctrl & MKHOMEDIR_DEBUG) { pam_syslog(pamh, LOG_DEBUG, "mkhomedir_helper returned %d", retval); } - if (retval != PAM_SUCCESS && !(ctrl & MKHOMEDIR_QUIET)) { + if (retval != PAM_SUCCESS && !(opt->ctrl & MKHOMEDIR_QUIET)) { pam_error(pamh, _("Unable to create and initialize directory '%s'."), pwd->pw_dir); } @@ -192,13 +194,14 @@ PAM_EXTERN int pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char **argv) { - int retval, ctrl; + int retval; + options_t opt; const void *user; const struct passwd *pwd; struct stat St; /* Parse the flag values */ - ctrl = _pam_parse(pamh, flags, argc, argv); + _pam_parse(pamh, flags, argc, argv, &opt); /* Determine the user name so we can get the home directory */ retval = pam_get_item(pamh, PAM_USER, &user); @@ -220,14 +223,14 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, /* Stat the home directory, if something exists then we assume it is correct and return a success*/ if (stat(pwd->pw_dir, &St) == 0) { - if (ctrl & MKHOMEDIR_DEBUG) { + if (opt.ctrl & MKHOMEDIR_DEBUG) { pam_syslog(pamh, LOG_DEBUG, "Home directory %s already exists.", pwd->pw_dir); } return PAM_SUCCESS; } - return create_homedir(pamh, ctrl, pwd); + return create_homedir(pamh, &opt, pwd); } /* Ignore */ diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 0575f657..8cf95c33 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -1011,7 +1011,7 @@ su_sighandler(int sig) /* emulate the behaviour of the SA_RESETHAND flag */ if ( sig == SIGILL || sig == SIGTRAP || sig == SIGBUS || sig = SIGSERV ) { struct sigaction sa; - memset(&sa, '\0, sizeof(sa)); + memset(&sa, '\0', sizeof(sa)); sa.sa_handler = SIG_DFL; sigaction(sig, &sa, NULL); } diff --git a/po/Linux-PAM.pot b/po/Linux-PAM.pot index 9ec9f1a4..83d34275 100644 --- a/po/Linux-PAM.pot +++ b/po/Linux-PAM.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -349,12 +349,12 @@ msgstr "" msgid "You have mail in folder %s." msgstr "" -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "" diff --git a/po/ar.po b/po/ar.po index 7bd8c1f1..f89802aa 100644 --- a/po/ar.po +++ b/po/ar.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: @PACKAGE@\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2001-07-13 15:36+0200\n" "Last-Translator: Novell Language \n" "Language-Team: Novell Language \n" @@ -349,12 +349,12 @@ msgstr "لديك بريد قديم في مجلد %s." msgid "You have mail in folder %s." msgstr "لديك بريد في مجلد %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "" diff --git a/po/as.po b/po/as.po index 8ddd4cb8..c4df2665 100644 --- a/po/as.po +++ b/po/as.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM.tip\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-10-13 11:23+0530\n" "Last-Translator: Amitakhya Phukan \n" "Language-Team: Assamese\n" @@ -351,12 +351,12 @@ msgstr "%s ফোলডাৰত আপোনাৰ পুৰণি ডাক msgid "You have mail in folder %s." msgstr "%s ফোল্ডাৰত আপোনাৰ ডাক আছে ।" -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "'%s' পঞ্জিকা সৃষ্টি কৰা হৈছে ।" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "%s পঞ্জিকা সৃষ্টি কৰিব নোৱাৰি: %m" diff --git a/po/bn_IN.po b/po/bn_IN.po index 574a73a4..2a8d8891 100644 --- a/po/bn_IN.po +++ b/po/bn_IN.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM.tip\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-10-20 12:40+0530\n" "Last-Translator: Runa Bhattacharjee \n" "Language-Team: Bengali INDIA \n" @@ -349,12 +349,12 @@ msgstr "%s ফোল্ডারে পুরোনো মেইল উপস্ msgid "You have mail in folder %s." msgstr "%s ফোল্ডারে মেইল উপস্থিত রয়েছে।" -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "'%s' ডিরেক্টরি নির্মাণ করা হচ্ছে।" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "ডিরেক্টরি %s নির্মাণ করতে ব্যর্থ: %m" diff --git a/po/ca.po b/po/ca.po index f1d6e285..52037a51 100644 --- a/po/ca.po +++ b/po/ca.po @@ -17,7 +17,7 @@ msgid "" msgstr "" "Project-Id-Version: linux-PAM\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-10-15 16:10+0200\n" "Last-Translator: Xavier Queralt Mateu \n" "Language-Team: Catalan \n" @@ -359,12 +359,12 @@ msgstr "Teniu correu antic a la carpeta %s." msgid "You have mail in folder %s." msgstr "Teniu correu a la carpeta %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "Creant el directori '%s'." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "No s'ha pogut crear el directori %s: %m" diff --git a/po/cs.po b/po/cs.po index 13a0b06b..7eff55d4 100644 --- a/po/cs.po +++ b/po/cs.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2009-03-24 15:22+0100\n" "Last-Translator: Tomas Mraz \n" "Language-Team: cs_CZ \n" @@ -350,12 +350,12 @@ msgstr "Máte starou poštu ve složce %s." msgid "You have mail in folder %s." msgstr "Máte poštu ve složce %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "Vytváření adresáře '%s'." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "Nezdařilo se vytvořit a inicializovat adresář '%s'." diff --git a/po/da.po b/po/da.po index bdc727a7..e29818c5 100644 --- a/po/da.po +++ b/po/da.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: @PACKAGE@\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2005-08-16 20:00+0200\n" "Last-Translator: Novell Language \n" "Language-Team: Novell Language \n" @@ -354,12 +354,12 @@ msgstr "Du har gammel e-mail i mappe %s." msgid "You have mail in folder %s." msgstr "Du har e-mail i mappe %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "" diff --git a/po/de.po b/po/de.po index 29efb20a..6a921826 100644 --- a/po/de.po +++ b/po/de.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2009-02-25 18:04+01:00\n" "Last-Translator: Fabian Affolter \n" "Language-Team: German \n" @@ -355,12 +355,12 @@ msgstr "Sie haben alte Nachrichten in %s." msgid "You have mail in folder %s." msgstr "Sie haben Nachrichten in %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "Erstelle Verzeichnis '%s'." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "Verzeichnis %s kann nicht erstellt und initialisiert werden: %m" diff --git a/po/es.po b/po/es.po index aba7bbb4..cc13e479 100644 --- a/po/es.po +++ b/po/es.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM.tip.es\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2009-03-18 22:51-0300\n" "Last-Translator: Domingo Becker \n" "Language-Team: Fedora Spanish \n" @@ -357,12 +357,12 @@ msgstr "Tiene correo antiguo en la carpeta %s." msgid "You have mail in folder %s." msgstr "Tiene correo en la carpeta %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "Creando directorio '%s'." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "No se pudo crear e inicializar el directorio '%s'." diff --git a/po/fi.po b/po/fi.po index a6355b84..635613b6 100644 --- a/po/fi.po +++ b/po/fi.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2006-05-04 08:30+0200\n" "Last-Translator: Jyri Palokangas \n" "Language-Team: \n" @@ -352,12 +352,12 @@ msgstr "Sinulla on vanhaa postia kansiossa %s." msgid "You have mail in folder %s." msgstr "Sinulla on postia kansiossa %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "" diff --git a/po/fr.po b/po/fr.po index f7685d61..1b8ce892 100644 --- a/po/fr.po +++ b/po/fr.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: pam.fr2\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-10-19 18:59+0200\n" "Last-Translator: Pablo Martin-Gomez \n" "Language-Team: Français \n" @@ -362,12 +362,12 @@ msgstr "Vous avez un ancien message dans le dossier %s." msgid "You have mail in folder %s." msgstr "Vous avez des messages dans le dossier %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "Création du répertoire « %s »." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "Impossible de créer le répertoire %s : %m" diff --git a/po/gu.po b/po/gu.po index 4f1f4242..af787cf0 100644 --- a/po/gu.po +++ b/po/gu.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM.tip.gu\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-03-13 14:29+0530\n" "Last-Translator: Ankit Patel \n" "Language-Team: Gujarati \n" @@ -352,12 +352,12 @@ msgstr "તમારી પાસે ફોલ્ડર %s માં જૂન msgid "You have mail in folder %s." msgstr "તમારી પાસે ફોલ્ડર %s માં મેઈલ છે." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "ડિરેક્ટરી '%s' બનાવી રહ્યા છીએ." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "ડિરેક્ટરી %s બનાવવામાં અસમર્થ: %m" diff --git a/po/hi.po b/po/hi.po index 0cb486cf..76fbcbf3 100644 --- a/po/hi.po +++ b/po/hi.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: hi\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2007-06-21 15:22+0530\n" "Last-Translator: Rajesh Ranjan \n" "Language-Team: Hindi \n" @@ -352,12 +352,12 @@ msgstr "आपके लिए %s फोल्डर में पुरान msgid "You have mail in folder %s." msgstr "आपके लिए %s फोल्डर में मेल है." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "" diff --git a/po/hu.po b/po/hu.po index 70980d3a..793e4320 100644 --- a/po/hu.po +++ b/po/hu.po @@ -12,7 +12,7 @@ msgid "" msgstr "" "Project-Id-Version: pam\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2009-03-20 20:53+0100\n" "Last-Translator: Sulyok Péter \n" "Language-Team: Hungarian \n" @@ -355,12 +355,12 @@ msgstr "%s mappában régi levél van." msgid "You have mail in folder %s." msgstr "%s mappában levelek vannak." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "\"%s\" mappa teremtése" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "„%s” mapa nem teremthető meg." diff --git a/po/it.po b/po/it.po index 8bfbf1c7..b02c0844 100644 --- a/po/it.po +++ b/po/it.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM.tip\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-10-21 13:21+1000\n" "Last-Translator: \n" "Language-Team: \n" @@ -361,12 +361,12 @@ msgstr "La cartella %s contiene vecchie email." msgid "You have mail in folder %s." msgstr "La cartella %s contiene email." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "Creazione della directory \"%s\"." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "Impossibile creare la directory %s: %m" diff --git a/po/ja.po b/po/ja.po index af470f3f..0e60f50e 100644 --- a/po/ja.po +++ b/po/ja.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM.tip.ja\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-10-21 15:08+1000\n" "Last-Translator: Kiyoto Hashida \n" "Language-Team: Japanese \n" @@ -349,12 +349,12 @@ msgstr "フォルダ%sに古いメールがあります。" msgid "You have mail in folder %s." msgstr "フォルダ%sにメールがあります。" -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "ディレクトリ '%s' を作成中" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "ディレクトリ %s を作成できません: %m" diff --git a/po/kk.po b/po/kk.po index 7044607d..9ad15390 100644 --- a/po/kk.po +++ b/po/kk.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM 1.0.3\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2009-02-26 13:07+0600\n" "Last-Translator: Baurzhan M. \n" "Language-Team: Kazakh \n" @@ -349,12 +349,12 @@ msgstr "Сізде %s бумасында ескі поштаңыз бар." msgid "You have mail in folder %s." msgstr "Сізде %s бумасында поштаңыз бар." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "'%s' бумасын құру." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "%s бумасын құру мүмкін емес: %m" diff --git a/po/km.po b/po/km.po index d8d891d0..b7f435d5 100644 --- a/po/km.po +++ b/po/km.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2006-03-17 10:32+0700\n" "Last-Translator: Khoem Sokhem \n" "Language-Team: Khmer \n" @@ -353,12 +353,12 @@ msgstr "អ្នក​មាន​សំបុត្រ​ចាស់​នៅ msgid "You have mail in folder %s." msgstr "អ្នក​មាន​សំបុត្រ​នៅ​ក្នុង​ថត %s ។" -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "" diff --git a/po/kn.po b/po/kn.po index 990b80fb..87f47610 100644 --- a/po/kn.po +++ b/po/kn.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM.tip.kn\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-10-20 12:29+0530\n" "Last-Translator: Shankar Prasad \n" "Language-Team: Kannada \n" @@ -349,12 +349,12 @@ msgstr "%s ಫೋಲ್ಡರಿನಲ್ಲಿ ನಿಮಗಾಗಿ ಹಳೆ msgid "You have mail in folder %s." msgstr "%s ಫೋಲ್ಡರಿನಲ್ಲಿ ನಿಮಗಾಗಿ ಮೈಲ್ ಇದೆ." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "ಕೋಶ '%s' ಅನ್ನು ರಚಿಸಲಾಗುತ್ತಿದೆ." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "ಕೋಶ '%s' ಅನ್ನು ರಚಿಸಲು ಸಾಧ್ಯವಾಗಿಲ್ಲ.: %m" diff --git a/po/ko.po b/po/ko.po index 073908c6..765ef30a 100644 --- a/po/ko.po +++ b/po/ko.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: ko\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2007-06-22 10:02+1000\n" "Last-Translator: Eunju Kim \n" "Language-Team: Korean \n" @@ -349,12 +349,12 @@ msgstr "%s 폴더에 오래된 메일이 있습니다." msgid "You have mail in folder %s." msgstr "%s 폴더에 메일이 있습니다." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "" diff --git a/po/ml.po b/po/ml.po index f5f1e724..bdee9399 100644 --- a/po/ml.po +++ b/po/ml.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM.tip.ml\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-10-20 12:50+0530\n" "Last-Translator: \n" "Language-Team: \n" @@ -349,12 +349,12 @@ msgstr "%s ഫോള്‍ഡറില്‍ നിങ്ങള്‍ക്ക msgid "You have mail in folder %s." msgstr "%s ഫോള്‍ഡറില്‍ നിങ്ങള്‍ക്ക് മെയില്‍ ഉണ്ട്." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "'%s' ഡയറക്ടറി ഉണ്ടാക്കുന്നു." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "%s ഡയറക്ടറി ഉണ്ടാക്കുവാന്‍ സാധ്യമായില്ല: %m" diff --git a/po/mr.po b/po/mr.po index b01106e8..001b76c3 100644 --- a/po/mr.po +++ b/po/mr.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM.tip\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-10-10 07:07+0530\n" "Last-Translator: Sandeep Shedmake \n" "Language-Team: marathi\n" @@ -350,12 +350,12 @@ msgstr "संचयीका %s अंतर्गत जुणे मेल msgid "You have mail in folder %s." msgstr "संचयीका %s अंतर्गत मेल आढळले गेले." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "संचयीका '%s' बनवित आहे." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "संचयीका %s बनवू शकत नाही: %m" diff --git a/po/ms.po b/po/ms.po index 015bd787..2bb4dc11 100644 --- a/po/ms.po +++ b/po/ms.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: linux-pam\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-09-25 23:52+0800\n" "Last-Translator: Sharuzzaman Ahmat Raslan \n" "Language-Team: Malay \n" @@ -379,12 +379,12 @@ msgstr "" msgid "You have mail in folder %s." msgstr "Pemindahan mel dalam proses" -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, fuzzy, c-format msgid "Creating directory '%s'." msgstr "Menbuat direktori initrd" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "gagal untuk mencipta direktori %s: %s\n" diff --git a/po/nb.po b/po/nb.po index 2675b6f7..4772803e 100644 --- a/po/nb.po +++ b/po/nb.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-04-30 12:59+0200\n" "Last-Translator: Olav Pettershagen \n" "Language-Team: \n" @@ -349,12 +349,12 @@ msgstr "Du har ulest e-post i mappen %s." msgid "You have mail in folder %s." msgstr "Du har e-post i mappen %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "Oppretter katalog «%s»." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "Kan ikke opprette katalog %s: %m" diff --git a/po/nl.po b/po/nl.po index d8196c3d..fcfebc6d 100644 --- a/po/nl.po +++ b/po/nl.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-10-20 23:45+0200\n" "Last-Translator: Peter van Egdom \n" "Language-Team: Dutch \n" @@ -355,12 +355,12 @@ msgstr "U hebt oude e-mail in map %s." msgid "You have mail in folder %s." msgstr "U hebt e-mail in map %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "Aanmaken van map '%s'." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "Niet in staat om map %s aan te maken: %m" diff --git a/po/or.po b/po/or.po index 0ad84901..d14ee6bb 100644 --- a/po/or.po +++ b/po/or.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM.tip.or\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-09-30 11:42+0530\n" "Last-Translator: Manoj Kumar Giri \n" "Language-Team: Oriya\n" @@ -354,12 +354,12 @@ msgstr "ଆପଣଙ୍କ ନିକଟରେ %s ଫୋଲଡରରେ ପୁର msgid "You have mail in folder %s." msgstr "ଆପଣଙ୍କ ନିକଟରେ %s ଫୋଲଡରରେ ଚିଠି ଅଛି।" -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "ଡ଼ିରେକ୍ଟୋରୀ '%s' ନିର୍ମାଣ କରୁଅଛି." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "ଡ଼ିରେକ୍ଟୋରୀ '%s' ନିର୍ମାଣ କରିବାରେ ଅସମର୍ଥ: %m" diff --git a/po/pa.po b/po/pa.po index e05f44d4..ab098b8a 100644 --- a/po/pa.po +++ b/po/pa.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM.pa\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2005-08-06 08:34+0530\n" "Last-Translator: Amanpreet Singh Alam[ਆਲਮ] \n" "Language-Team: Panjabi \n" @@ -354,12 +354,12 @@ msgstr "" msgid "You have mail in folder %s." msgstr "" -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "" diff --git a/po/pl.po b/po/pl.po index cda0d50a..a6fef45d 100644 --- a/po/pl.po +++ b/po/pl.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: pl\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2009-02-26 22:10+0100\n" "Last-Translator: Piotr Drąg \n" "Language-Team: Polish \n" @@ -355,12 +355,12 @@ msgstr "Stare wiadomości w folderze %s." msgid "You have mail in folder %s." msgstr "Wiadomości w folderze %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "Tworzenie katalogu \"%s\"." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "Nie można utworzyć i zainicjować katalogu \"%s\"." diff --git a/po/pt.po b/po/pt.po index b2b56235..81f51390 100644 --- a/po/pt.po +++ b/po/pt.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM.pt\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2006-05-03 21:54+0200\n" "Last-Translator: Antonio Cardoso Martins \n" "Language-Team: portuguese\n" @@ -350,12 +350,12 @@ msgstr "Tem correio electrónico antigo na pasta %s." msgid "You have mail in folder %s." msgstr "Tem correio electrónico na pasta %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "" diff --git a/po/pt_BR.po b/po/pt_BR.po index f20d5802..25b11eb7 100644 --- a/po/pt_BR.po +++ b/po/pt_BR.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM.tip\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2009-02-20 12:41-0300\n" "Last-Translator: Taylon \n" "Language-Team: Brazilian Portuguese \n" @@ -352,12 +352,12 @@ msgstr "Há mensagens antigas na pasta %s." msgid "You have mail in folder %s." msgstr "Há mensagens na pasta %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "Criando o diretório '%s'." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "Impossível criar e inicializar o diretório \"%s\"." diff --git a/po/ru.po b/po/ru.po index 05d46438..da3a77eb 100644 --- a/po/ru.po +++ b/po/ru.po @@ -11,7 +11,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM.tip\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-02-23 20:11+0300\n" "Last-Translator: Andrew Martynov \n" "Language-Team: Russian \n" @@ -362,12 +362,12 @@ msgstr "Есть старая почта в папке %s." msgid "You have mail in folder %s." msgstr "Есть почта в папке %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "Создание каталога '%s'." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "Невозможно создать каталог %s: %m" diff --git a/po/si.po b/po/si.po index c65e5f71..588080a1 100644 --- a/po/si.po +++ b/po/si.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: si\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2007-06-22 12:24+0530\n" "Last-Translator: Danishka Navin \n" "Language-Team: Sinhala \n" @@ -350,12 +350,12 @@ msgstr "%s බහලුම තුළ ඔබට පරණ තැපැල් ඇ msgid "You have mail in folder %s." msgstr "%s බහලුම තුළ ඔබට තැපැල් ඇත." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "" diff --git a/po/sk.po b/po/sk.po index 8764ebd1..ab6a31c9 100644 --- a/po/sk.po +++ b/po/sk.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2009-03-24 22:24+0100\n" "Last-Translator: Pavol Šimo \n" "Language-Team: Slovak \n" @@ -357,12 +357,12 @@ msgstr "Máte starú poštu v priečinku %s." msgid "You have mail in folder %s." msgstr "Máte poštu v priečinku %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "Vytváranie priečinka '%s'." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "Nedá sa vytvoriť a inicializovať priečinok '%s'." diff --git a/po/sr.po b/po/sr.po index b3ab5b92..24dc6b00 100644 --- a/po/sr.po +++ b/po/sr.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-04-05 10:48+0100\n" "Last-Translator: Miloš Komarčević \n" "Language-Team: Serbian (sr) \n" @@ -355,12 +355,12 @@ msgstr "Имате старе поруке у директоријуму %s." msgid "You have mail in folder %s." msgstr "Имате поруке у директоријуму %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "Правим директоријум „%s“." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "Не могу да направим директоријум %s: %m" diff --git a/po/sr@latin.po b/po/sr@latin.po index aa3a03ab..7efd4120 100644 --- a/po/sr@latin.po +++ b/po/sr@latin.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-04-05 10:48+0100\n" "Last-Translator: Miloš Komarčević \n" "Language-Team: Serbian (sr) \n" @@ -355,12 +355,12 @@ msgstr "Imate stare poruke u direktorijumu %s." msgid "You have mail in folder %s." msgstr "Imate poruke u direktorijumu %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "Pravim direktorijum „%s“." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "Ne mogu da napravim direktorijum %s: %m" diff --git a/po/sv.po b/po/sv.po index d3a3b240..cac76674 100644 --- a/po/sv.po +++ b/po/sv.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2009-02-11 12:22+0100\n" "Last-Translator: Daniel Nylander \n" "Language-Team: Swedish \n" @@ -355,12 +355,12 @@ msgstr "Du har gamla brev i katalogen %s." msgid "You have mail in folder %s." msgstr "Du har brev i katalogen %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "Skapar katalogen \"%s\"." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "Kan inte skapa katalogen %s: %m" diff --git a/po/ta.po b/po/ta.po index 5de88254..fdb9662e 100644 --- a/po/ta.po +++ b/po/ta.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: ta\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2007-06-21 15:33+0530\n" "Last-Translator: I felix \n" "Language-Team: Tamil \n" @@ -352,12 +352,12 @@ msgstr "உங்களுக்கு %s அடைவில் பழைய அ msgid "You have mail in folder %s." msgstr "உங்களுக்கு %s அடைவில் அஞ்சல் உள்ளது." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "" diff --git a/po/te.po b/po/te.po index 40baa213..4244913e 100644 --- a/po/te.po +++ b/po/te.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: te\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-10-22 16:24+0530\n" "Last-Translator: Krishna Babu K \n" "Language-Team: Telugu \n" @@ -352,12 +352,12 @@ msgstr "మీరు ఫోల్డరు %sనందు పాతమెయి msgid "You have mail in folder %s." msgstr "మీరు ఫోల్డరు %sనందు మెయిల్‌ను కలిగివున్నారు." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "డెరెక్టరీ '%s' సృష్టించుట." -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "డైరెక్టరీ %sను సృష్టించలేక పోయింది: %m" diff --git a/po/tr.po b/po/tr.po index cf900008..0b196051 100644 --- a/po/tr.po +++ b/po/tr.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2006-05-03 19:00+0200\n" "Last-Translator: Koray Löker \n" "Language-Team: Türkçe \n" @@ -349,12 +349,12 @@ msgstr "%s dizininde okunmuş iletiniz var" msgid "You have mail in folder %s." msgstr "%s dizininde iletiniz var" -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "" diff --git a/po/uk.po b/po/uk.po index 9100ce7a..e4f88ba1 100644 --- a/po/uk.po +++ b/po/uk.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM.uk\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2006-05-03 18:59+0200\n" "Last-Translator: Ivan Petrouchtchak \n" "Language-Team: Ukrainian \n" @@ -352,12 +352,12 @@ msgstr "Ви маєте стару пошту в теці %s." msgid "You have mail in folder %s." msgstr "Ви маєте пошту в теці %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "" diff --git a/po/zh_CN.po b/po/zh_CN.po index 71d57f44..36c8c6ba 100644 --- a/po/zh_CN.po +++ b/po/zh_CN.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM.tip\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-10-20 15:43+1000\n" "Last-Translator: Leah Liu \n" "Language-Team: Simplified Chinese \n" @@ -350,12 +350,12 @@ msgstr "您在文件夹 %s 中有旧邮件。" msgid "You have mail in folder %s." msgstr "您在文件夹 %s 中有邮件。" -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "创建目录 '%s'。" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "无法创建目录 %s:%m" diff --git a/po/zh_TW.po b/po/zh_TW.po index 922c1f08..c5095d11 100644 --- a/po/zh_TW.po +++ b/po/zh_TW.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM.tip\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2008-10-21 15:51+1000\n" "Last-Translator: Terry Chuang \n" "Language-Team: \n" @@ -350,12 +350,12 @@ msgstr "資料夾 %s 中有您的舊郵件。" msgid "You have mail in folder %s." msgstr "資料夾 %s 中有您的郵件。" -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "建立目錄「%s」。" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, fuzzy, c-format msgid "Unable to create and initialize directory '%s'." msgstr "無法建立 %s 目錄:%m" diff --git a/po/zu.po b/po/zu.po index bbbbb252..88590f93 100644 --- a/po/zu.po +++ b/po/zu.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: Linux-PAM\n" "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2009-03-03 14:56+0100\n" +"POT-Creation-Date: 2009-03-25 11:53+0100\n" "PO-Revision-Date: 2006-11-03 12:03\n" "Last-Translator: Novell Language \n" "Language-Team: Novell Language \n" @@ -346,12 +346,12 @@ msgstr "Unemeyili endala kwifolda %s." msgid "You have mail in folder %s." msgstr "Unemeyili kwifolda %s." -#: modules/pam_mkhomedir/pam_mkhomedir.c:111 +#: modules/pam_mkhomedir/pam_mkhomedir.c:113 #, c-format msgid "Creating directory '%s'." msgstr "" -#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +#: modules/pam_mkhomedir/pam_mkhomedir.c:183 #, c-format msgid "Unable to create and initialize directory '%s'." msgstr "" -- cgit v1.2.3 From 5182ea70c8425d302c31386a325b869fcfef9671 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 27 Mar 2009 10:46:11 +0000 Subject: Relevant BUGIDs: Purpose of commit: bugfix Commit summary: --------------- 2009-03-27 Thorsten Kukuk * modules/pam_unix/support.c (_unix_run_helper_binary): Don't ignore return value of write(). * libpamc/include/security/pam_client.h (PAM_BP_ASSERT): Honour NDEBUG. * modules/pam_timestamp/pam_timestamp.c: don't ignore return values of lchown and fchown. --- ChangeLog | 10 ++++++++++ libpamc/include/security/pam_client.h | 12 ++++++++---- modules/pam_ftp/pam_ftp.c | 2 +- modules/pam_timestamp/pam_timestamp.c | 31 +++++++++++++++++++++++-------- modules/pam_unix/support.c | 20 ++++++++++++++------ 5 files changed, 56 insertions(+), 19 deletions(-) (limited to 'modules/pam_unix') diff --git a/ChangeLog b/ChangeLog index c556ff84..b7667616 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,13 @@ +2009-03-27 Thorsten Kukuk + + * modules/pam_unix/support.c (_unix_run_helper_binary): Don't + ignore return value of write(). + + * libpamc/include/security/pam_client.h (PAM_BP_ASSERT): Honour + NDEBUG. + * modules/pam_timestamp/pam_timestamp.c: don't ignore return + values of lchown and fchown. + 2009-03-25 Thorsten Kukuk * modules/pam_mkhomedir/pam_mkhomedir.c: Make option handling diff --git a/libpamc/include/security/pam_client.h b/libpamc/include/security/pam_client.h index 7fd195a5..988c2456 100644 --- a/libpamc/include/security/pam_client.h +++ b/libpamc/include/security/pam_client.h @@ -9,8 +9,8 @@ #ifndef PAM_CLIENT_H #define PAM_CLIENT_H -#ifdef __cplusplus -extern "C" { +#ifdef __cplusplus +extern "C" { #endif /* def __cplusplus */ #include @@ -74,8 +74,12 @@ char **pamc_list_agents(pamc_handle_t pch); #include #ifndef PAM_BP_ASSERT -# define PAM_BP_ASSERT(x) do { printf(__FILE__ "(%d): %s\n", \ - __LINE__, x) ; exit(1); } while (0) +# ifdef NDEBUG +# define PAM_BP_ASSERT(x) do {} while (0) +# else +# define PAM_BP_ASSERT(x) do { printf(__FILE__ "(%d): %s\n", \ + __LINE__, x) ; exit(1); } while (0) +# endif /* NDEBUG */ #endif /* PAM_BP_ASSERT */ #ifndef PAM_BP_CALLOC diff --git a/modules/pam_ftp/pam_ftp.c b/modules/pam_ftp/pam_ftp.c index a124795b..896a1dda 100644 --- a/modules/pam_ftp/pam_ftp.c +++ b/modules/pam_ftp/pam_ftp.c @@ -79,7 +79,7 @@ static int lookup(const char *name, const char *list, const char **_user) if (list && *list) { const char *l; char *list_copy, *x; - char *sptr; + char *sptr = NULL; list_copy = x_strdup(list); x = list_copy; diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c index 8a01c6f3..7e6c4b0b 100644 --- a/modules/pam_timestamp/pam_timestamp.c +++ b/modules/pam_timestamp/pam_timestamp.c @@ -194,7 +194,7 @@ timestamp_good(time_t then, time_t now, time_t interval) } static int -check_login_time(const char *ruser, time_t timestamp) +check_login_time(const char *ruser, time_t timestamp) { struct utmp utbuf, *ut; time_t oldest_login = 0; @@ -237,14 +237,14 @@ get_ruser(pam_handle_t *pamh, char *ruserbuf, size_t ruserbuflen) if (pwd != NULL) { ruser = pwd->pw_name; } - } + } if (ruser == NULL || strlen(ruser) >= ruserbuflen) { *ruserbuf = '\0'; return -1; } strcpy(ruserbuf, ruser); return 0; -} +} /* Get the path to the timestamp to use. */ static int @@ -299,7 +299,7 @@ get_timestamp_name(pam_handle_t *pamh, int argc, const char **argv, tty = NULL; } else { tty = void_tty; - } + } if ((tty == NULL) || (strlen(tty) == 0)) { tty = ttyname(STDIN_FILENO); if ((tty == NULL) || (strlen(tty) == 0)) { @@ -413,7 +413,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) int count; void *mac; size_t maclen; - char ruser[BUFLEN]; + char ruser[BUFLEN]; /* Check that the file is owned by the superuser. */ if ((st.st_uid != 0) || (st.st_gid != 0)) { @@ -483,7 +483,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) free(mac); memmove(&then, message + strlen(path) + 1, sizeof(then)); free(message); - + /* Check oldest login against timestamp */ if (get_ruser(pamh, ruser, sizeof(ruser))) { @@ -565,7 +565,14 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char * subdir[i] = '\0'; if (mkdir(subdir, 0700) == 0) { /* Attempt to set the owner to the superuser. */ - lchown(subdir, 0, 0); + if (lchown(subdir, 0, 0) != 0) { + if (debug) { + pam_syslog(pamh, LOG_DEBUG, + "error setting permissions on `%s': %m", + subdir); + } + return PAM_SESSION_ERR; + } } else { if (errno != EEXIST) { if (debug) { @@ -617,7 +624,15 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char * } /* Attempt to set the owner to the superuser. */ - fchown(fd, 0, 0); + if (fchown(fd, 0, 0) != 0) { + if (debug) { + pam_syslog(pamh, LOG_DEBUG, + "error setting ownership of `%s': %m", + path); + } + return PAM_SESSION_ERR; + } + /* Write the timestamp to the file. */ if (write(fd, text, p - text) != p - text) { diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index dda617a0..98283502 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -120,13 +120,13 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, D(("DISALLOW_NULL_AUTHTOK")); set(UNIX__NONULL, ctrl); } - + /* Set default rounds for blowfish */ if (on(UNIX_BLOWFISH_PASS, ctrl) && off(UNIX_ALGO_ROUNDS, ctrl)) { *rounds = 5; set(UNIX_ALGO_ROUNDS, ctrl); } - + /* Enforce sane "rounds" values */ if (on(UNIX_ALGO_ROUNDS, ctrl)) { if (on(UNIX_BLOWFISH_PASS, ctrl)) { @@ -478,10 +478,18 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, /* if the stored password is NULL */ int rc=0; if (passwd != NULL) { /* send the password to the child */ - write(fds[1], passwd, strlen(passwd)+1); + if (write(fds[1], passwd, strlen(passwd)+1) == -1) { + pam_syslog (pamh, LOG_ERR, "Cannot send password to helper: %m"); + close(fds[1]); + retval = PAM_AUTH_ERR; + } passwd = NULL; - } else { - write(fds[1], "", 1); /* blank password */ + } else { /* blank password */ + if (write(fds[1], "", 1) == -1) { + pam_syslog (pamh, LOG_ERR, "Cannot send password to helper: %m"); + close(fds[1]); + retval = PAM_AUTH_ERR; + } } close(fds[0]); /* close here to avoid possible SIGPIPE above */ close(fds[1]); @@ -871,7 +879,7 @@ int _unix_read_password(pam_handle_t * pamh } /* ****************************************************************** * - * Copyright (c) Jan Rkorajski 1999. + * Copyright (c) Jan Rêkorajski 1999. * Copyright (c) Andrew G. Morgan 1996-8. * Copyright (c) Alex O. Yuriev, 1996. * Copyright (c) Cristian Gafton 1996. -- cgit v1.2.3 From 8575828fae141d5f918fca7f123cc96f6793ac11 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Fri, 3 Apr 2009 00:36:22 +0000 Subject: Relevant BUGIDs: Purpose of commit: bugfix Commit summary: --------------- 2009-04-03 Dmitry V. Levin * libpamc/pamc_load.c (__pamc_exec_agent): Replace call to exit(3) in child process with call to _exit(2). * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Likewise. * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Likewise. * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): Likewise. * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise. * modules/pam_xauth/pam_xauth.c (run_coprocess): Likewise. * modules/pam_exec/pam_exec.c (call_exec): Replace all calls to exit(3) in child process with calls to _exit(2). * modules/pam_filter/pam_filter.c (set_filter): Likewise. * modules/pam_namespace/pam_namespace.c (inst_init, cleanup_tmpdirs): Likewise. --- ChangeLog | 17 +++++++++++++++++ libpamc/pamc_load.c | 2 +- modules/pam_exec/pam_exec.c | 35 +++++++++++++++-------------------- modules/pam_filter/pam_filter.c | 5 +++-- modules/pam_mkhomedir/pam_mkhomedir.c | 2 +- modules/pam_namespace/pam_namespace.c | 10 +++++----- modules/pam_unix/pam_unix_acct.c | 3 ++- modules/pam_unix/pam_unix_passwd.c | 2 +- modules/pam_unix/support.c | 2 +- modules/pam_xauth/pam_xauth.c | 2 +- 10 files changed, 47 insertions(+), 33 deletions(-) (limited to 'modules/pam_unix') diff --git a/ChangeLog b/ChangeLog index b7667616..ad9f630e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,20 @@ +2009-04-03 Dmitry V. Levin + + * libpamc/pamc_load.c (__pamc_exec_agent): Replace call to exit(3) + in child process with call to _exit(2). + * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Likewise. + * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): + Likewise. + * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): + Likewise. + * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise. + * modules/pam_xauth/pam_xauth.c (run_coprocess): Likewise. + * modules/pam_exec/pam_exec.c (call_exec): Replace all calls to + exit(3) in child process with calls to _exit(2). + * modules/pam_filter/pam_filter.c (set_filter): Likewise. + * modules/pam_namespace/pam_namespace.c (inst_init, + cleanup_tmpdirs): Likewise. + 2009-03-27 Thorsten Kukuk * modules/pam_unix/support.c (_unix_run_helper_binary): Don't diff --git a/libpamc/pamc_load.c b/libpamc/pamc_load.c index b3c0b5d5..dbbfbd59 100644 --- a/libpamc/pamc_load.c +++ b/libpamc/pamc_load.c @@ -121,7 +121,7 @@ static int __pamc_exec_agent(pamc_handle_t pch, pamc_agent_t *agent) execle(full_path, "pam-agent", NULL, NULL); D(("exec failed")); - exit(1); + _exit(1); } diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c index 47e1d5bb..7b2e402c 100644 --- a/modules/pam_exec/pam_exec.c +++ b/modules/pam_exec/pam_exec.c @@ -252,7 +252,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh, { int err = errno; pam_syslog (pamh, LOG_ERR, "dup2 of STDIN failed: %m"); - exit (err); + _exit (err); } for (i = 0; i < sysconf (_SC_OPEN_MAX); i++) @@ -271,7 +271,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh, { int err = errno; pam_syslog (pamh, LOG_ERR, "open of /dev/null failed: %m"); - exit (err); + _exit (err); } } @@ -287,7 +287,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh, int err = errno; pam_syslog (pamh, LOG_ERR, "open of %s failed: %m", logfile); - exit (err); + _exit (err); } if (asprintf (&buffer, "*** %s", ctime (&tm)) > 0) { @@ -302,7 +302,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh, { int err = errno; pam_syslog (pamh, LOG_ERR, "open of /dev/null failed: %m"); - exit (err); + _exit (err); } } @@ -310,7 +310,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh, { int err = errno; pam_syslog (pamh, LOG_ERR, "dup failed: %m"); - exit (err); + _exit (err); } if (call_setuid) @@ -319,19 +319,19 @@ call_exec (const char *pam_type, pam_handle_t *pamh, int err = errno; pam_syslog (pamh, LOG_ERR, "setuid(%lu) failed: %m", (unsigned long) geteuid ()); - exit (err); + _exit (err); } if (setsid () == -1) { int err = errno; pam_syslog (pamh, LOG_ERR, "setsid failed: %m"); - exit (err); + _exit (err); } arggv = calloc (argc + 4, sizeof (char *)); if (arggv == NULL) - exit (ENOMEM); + _exit (ENOMEM); for (i = 0; i < (argc - optargc); i++) arggv[i] = strdup(argv[i+optargc]); @@ -351,7 +351,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh, { free(envlist); pam_syslog (pamh, LOG_ERR, "realloc environment failed: %m"); - exit (ENOMEM); + _exit (ENOMEM); } envlist = tmp; for (i = 0; i < nitems; ++i) @@ -364,7 +364,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh, { free(envlist); pam_syslog (pamh, LOG_ERR, "prepare environment failed: %m"); - exit (ENOMEM); + _exit (ENOMEM); } envlist[envlen++] = envstr; envlist[envlen] = NULL; @@ -374,7 +374,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh, { free(envlist); pam_syslog (pamh, LOG_ERR, "prepare environment failed: %m"); - exit (ENOMEM); + _exit (ENOMEM); } envlist[envlen++] = envstr; envlist[envlen] = NULL; @@ -382,16 +382,11 @@ call_exec (const char *pam_type, pam_handle_t *pamh, if (debug) pam_syslog (pamh, LOG_DEBUG, "Calling %s ...", arggv[0]); - if (execve (arggv[0], arggv, envlist) == -1) - { - int err = errno; - pam_syslog (pamh, LOG_ERR, "execve(%s,...) failed: %m", - arggv[0]); - free(envlist); - exit (err); - } + execve (arggv[0], arggv, envlist); + i = errno; + pam_syslog (pamh, LOG_ERR, "execve(%s,...) failed: %m", arggv[0]); free(envlist); - exit (1); /* should never be reached. */ + _exit (i); } return PAM_SYSTEM_ERR; /* will never be reached. */ } diff --git a/modules/pam_filter/pam_filter.c b/modules/pam_filter/pam_filter.c index 6b821efc..2f290fd5 100644 --- a/modules/pam_filter/pam_filter.c +++ b/modules/pam_filter/pam_filter.c @@ -468,7 +468,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, pam_syslog(pamh, LOG_WARNING, "unable to re-assign APPIN/OUT/ERR: %m"); close(fd[0]); - exit(1); + _exit(1); } /* make sure that file descriptors survive 'exec's */ @@ -481,7 +481,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, close(APPIN_FILENO); close(APPOUT_FILENO); close(APPERR_FILENO); - exit(1); + _exit(1); } /* now the user input is read from the parent through filter */ @@ -491,6 +491,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, /* getting to here is an error */ pam_syslog(pamh, LOG_ALERT, "filter: %s: %m", filtername); + _exit(1); } else { /* wait for either of the two children to exit */ diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c index b81708f2..dfc4979e 100644 --- a/modules/pam_mkhomedir/pam_mkhomedir.c +++ b/modules/pam_mkhomedir/pam_mkhomedir.c @@ -154,7 +154,7 @@ create_homedir (pam_handle_t *pamh, options_t *opt, /* should not get here: exit with error */ D(("helper binary is not available")); - exit(PAM_SYSTEM_ERR); + _exit(PAM_SYSTEM_ERR); } else if (child > 0) { int rc; while ((rc=waitpid(child, &retval, 0)) < 0 && errno == EINTR); diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c index 7d668d9e..f6219271 100644 --- a/modules/pam_namespace/pam_namespace.c +++ b/modules/pam_namespace/pam_namespace.c @@ -1184,12 +1184,12 @@ static int inst_init(const struct polydir_s *polyptr, const char *ipath, #ifdef WITH_SELINUX if (idata->flags & PAMNS_SELINUX_ENABLED) { if (setexeccon(NULL) < 0) - exit(1); + _exit(1); } #endif if (execl(init_script, init_script, polyptr->dir, ipath, newdir?"1":"0", idata->user, (char *)NULL) < 0) - exit(1); + _exit(1); } else if (pid > 0) { while (((rc = waitpid(pid, &status, 0)) == (pid_t)-1) && (errno == EINTR)); @@ -1611,16 +1611,16 @@ static int cleanup_tmpdirs(struct instance_data *idata) #ifdef WITH_SELINUX if (idata->flags & PAMNS_SELINUX_ENABLED) { if (setexeccon(NULL) < 0) - exit(1); + _exit(1); } #endif if (execl("/bin/rm", "/bin/rm", "-rf", pptr->instance_prefix, (char *)NULL) < 0) - exit(1); + _exit(1); } else if (pid > 0) { while (((rc = waitpid(pid, &status, 0)) == (pid_t)-1) && (errno == EINTR)); if (rc == (pid_t)-1) { - pam_syslog(idata->pamh, LOG_ERR, "waitpid failed- %m"); + pam_syslog(idata->pamh, LOG_ERR, "waitpid failed: %m"); rc = PAM_SESSION_ERR; goto out; } diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index 4e119340..08cc750f 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -130,7 +130,8 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, /* should not get here: exit with error */ D(("helper binary is not available")); printf("-1\n"); - exit(PAM_AUTHINFO_UNAVAIL); + fflush(stdout); + _exit(PAM_AUTHINFO_UNAVAIL); } else { close(fds[1]); if (child > 0) { diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index ab1adda0..d3ee6815 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -207,7 +207,7 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const /* should not get here: exit with error */ D(("helper binary is not available")); - exit(PAM_AUTHINFO_UNAVAIL); + _exit(PAM_AUTHINFO_UNAVAIL); } else if (child > 0) { /* wait for child */ /* if the stored password is NULL */ diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 98283502..050e0dc1 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -472,7 +472,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, /* should not get here: exit with error */ D(("helper binary is not available")); - exit(PAM_AUTHINFO_UNAVAIL); + _exit(PAM_AUTHINFO_UNAVAIL); } else if (child > 0) { /* wait for child */ /* if the stored password is NULL */ diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c index 518c015a..bc72a8c1 100644 --- a/modules/pam_xauth/pam_xauth.c +++ b/modules/pam_xauth/pam_xauth.c @@ -149,7 +149,7 @@ run_coprocess(const char *input, char **output, /* Run the command. */ execv(command, args); /* Never reached. */ - exit(1); + _exit(1); } /* We're the parent, so close the other ends of the pipes. */ -- cgit v1.2.3 From 751447604965c690b0f5bc35d633488b20e7f24a Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 9 Apr 2009 08:09:11 +0000 Subject: Relevant BUGIDs: Purpose of commit: cleanup Commit summary: --------------- 2009-04-09 Thorsten Kukuk * modules/pam_unix/yppasswd.h: Update license to GPLv2 or later on request of Olaf Kirch (Author). * modules/pam_unix/yppasswd_xdr.c: Likewise. --- ChangeLog | 6 ++++++ modules/pam_unix/yppasswd.h | 6 +++--- modules/pam_unix/yppasswd_xdr.c | 10 +++++----- 3 files changed, 14 insertions(+), 8 deletions(-) (limited to 'modules/pam_unix') diff --git a/ChangeLog b/ChangeLog index ab646e34..133bb2ac 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2009-04-09 Thorsten Kukuk + + * modules/pam_unix/yppasswd.h: Update license to GPLv2 or later + on request of Olaf Kirch (Author). + * modules/pam_unix/yppasswd_xdr.c: Likewise. + 2009-04-06 R.E. van der Luit * po/nl.po: Updated translations. diff --git a/modules/pam_unix/yppasswd.h b/modules/pam_unix/yppasswd.h index 6b414be0..5f947071 100644 --- a/modules/pam_unix/yppasswd.h +++ b/modules/pam_unix/yppasswd.h @@ -1,9 +1,9 @@ /* * yppasswdd - * Copyright 1994, 1995, 1996 Olaf Kirch, + * Copyright 1994, 1995, 1996 Olaf Kirch, * - * This program is covered by the GNU General Public License, version 2. - * It is provided in the hope that it is useful. However, the author + * This program is covered by the GNU General Public License, version 2 + * or later. It is provided in the hope that it is useful. However, the author * disclaims ALL WARRANTIES, expressed or implied. See the GPL for details. * * This file was generated automatically by rpcgen from yppasswd.x, and diff --git a/modules/pam_unix/yppasswd_xdr.c b/modules/pam_unix/yppasswd_xdr.c index bf3f2fc6..0b7cfac6 100644 --- a/modules/pam_unix/yppasswd_xdr.c +++ b/modules/pam_unix/yppasswd_xdr.c @@ -1,11 +1,11 @@ -/* +/* * yppasswdd - * Copyright 1994, 1995, 1996 Olaf Kirch, + * Copyright 1994, 1995, 1996 Olaf Kirch, * - * This program is covered by the GNU General Public License, version 2. - * It is provided in the hope that it is useful. However, the author + * This program is covered by the GNU General Public License, version 2 + * or later. It is provided in the hope that it is useful. However, the author * disclaims ALL WARRANTIES, expressed or implied. See the GPL for details. - * + * * This file was generated automatically by rpcgen from yppasswd.x, and * editied manually. */ -- cgit v1.2.3 From 538c9efe38bfc96a2cc5355b26a70a4e2957158a Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Mon, 11 May 2009 14:52:31 +0000 Subject: Relevant BUGIDs: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Purpose of commit: bugfix Commit summary: --------------- 2009-05-11 Tomáš Mráz * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): Remove unnecessary setuid() call. --- ChangeLog | 5 +++++ modules/pam_unix/pam_unix_passwd.c | 6 ------ 2 files changed, 5 insertions(+), 6 deletions(-) (limited to 'modules/pam_unix') diff --git a/ChangeLog b/ChangeLog index 017cc422..7a14c6a0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2009-05-11 Tomáš Mráz + + * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): Remove + unnecessary setuid() call. + 2009-05-05 Thorsten Kukuk * release version 1.0.92 diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index d3ee6815..30ea6687 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -185,12 +185,6 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const } } - if (SELINUX_ENABLED && geteuid() == 0) { - /* must set the real uid to 0 so the helper will not error - out if pam is called from setuid binary (su, sudo...) */ - setuid(0); - } - /* exec binary helper */ args[0] = x_strdup(UPDATE_HELPER); args[1] = x_strdup(user); -- cgit v1.2.3 From fbd40f8764ac17611e1e7f9464565a1b3e7792a2 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Mon, 1 Jun 2009 07:03:19 +0000 Subject: Relevant BUGIDs: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Purpose of commit: cleanup Commit summary: --------------- 2009-06-01 Ville Skyttä * modules/pam_limits/pam_limits.8.xml: Only *.conf files are parsed. Spelling fixes. * modules/pam_access/pam_access.8.xml: Spelling fixes. * modules/pam_cracklib/pam_cracklib.8.xml: Likewise. * modules/pam_echo/pam_echo.8.xml: Likewise. * modules/pam_env/pam_env.8.xml: Likewise. * modules/pam_exec/pam_exec.8.xml: Likewise. * modules/pam_filter/pam_filter.8.xml: Likewise. * modules/pam_ftp/pam_ftp.8.xml: Likewise. * modules/pam_group/pam_group.8.xml: Likewise. * modules/pam_issue/pam_issue.8.xml: Likewise. * modules/pam_lastlog/pam_lastlog.8.xml: Likewise. * modules/pam_listfile/pam_listfile.8.xml: Likewise. * modules/pam_localuser/pam_localuser.8.xml: Likewise. * modules/pam_loginuid/pam_loginuid.8.xml: Likewise. * modules/pam_mkhomedir/pam_mkhomedir.8.xml: Likewise. * modules/pam_motd/pam_motd.8.xml: Likewise. * modules/pam_namespace/pam_namespace.8.xml: Likewise. * modules/pam_pwhistory/pam_pwhistory.8.xml: Likewise. * modules/pam_selinux/pam_selinux.8.xml: Likewise. * modules/pam_succeed_if/pam_succeed_if.8.xml: Likewise. * modules/pam_tally/pam_tally.8.xml: Likewise. * modules/pam_tally2/pam_tally2.8.xml: Likewise. * modules/pam_time/pam_time.8.xml: Likewise. * modules/pam_timestamp/pam_timestamp.8.xml: Likewise. * modules/pam_timestamp/pam_timestamp_check.8.xml: Likewise. * modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise. * modules/pam_umask/pam_umask.8.xml: Likewise. * modules/pam_unix/pam_unix.8.xml: Likewise. * modules/pam_xauth/pam_xauth.8.xml: Likewise. --- ChangeLog | 33 +++++++++++++++++++++++++ modules/pam_access/pam_access.8.xml | 4 +-- modules/pam_cracklib/pam_cracklib.8.xml | 2 +- modules/pam_echo/pam_echo.8.xml | 2 +- modules/pam_env/pam_env.8.xml | 4 +-- modules/pam_exec/pam_exec.8.xml | 4 +-- modules/pam_filter/pam_filter.8.xml | 2 +- modules/pam_ftp/pam_ftp.8.xml | 2 +- modules/pam_group/pam_group.8.xml | 2 +- modules/pam_issue/pam_issue.8.xml | 4 +-- modules/pam_lastlog/pam_lastlog.8.xml | 4 +-- modules/pam_limits/pam_limits.8.xml | 6 ++--- modules/pam_listfile/pam_listfile.8.xml | 2 +- modules/pam_localuser/pam_localuser.8.xml | 2 +- modules/pam_loginuid/pam_loginuid.8.xml | 2 +- modules/pam_mkhomedir/pam_mkhomedir.8.xml | 2 +- modules/pam_motd/pam_motd.8.xml | 2 +- modules/pam_namespace/pam_namespace.8.xml | 4 +-- modules/pam_pwhistory/pam_pwhistory.8.xml | 4 +-- modules/pam_selinux/pam_selinux.8.xml | 4 +-- modules/pam_succeed_if/pam_succeed_if.8.xml | 2 +- modules/pam_tally/pam_tally.8.xml | 12 ++++----- modules/pam_tally2/pam_tally2.8.xml | 14 +++++------ modules/pam_time/pam_time.8.xml | 2 +- modules/pam_timestamp/pam_timestamp.8.xml | 4 +-- modules/pam_timestamp/pam_timestamp_check.8.xml | 2 +- modules/pam_tty_audit/pam_tty_audit.8.xml | 2 +- modules/pam_umask/pam_umask.8.xml | 2 +- modules/pam_unix/pam_unix.8.xml | 2 +- modules/pam_xauth/pam_xauth.8.xml | 4 +-- 30 files changed, 85 insertions(+), 52 deletions(-) (limited to 'modules/pam_unix') diff --git a/ChangeLog b/ChangeLog index a08af629..105be775 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,36 @@ +2009-06-01 Ville Skyttä + + * modules/pam_limits/pam_limits.8.xml: Only *.conf + files are parsed. Spelling fixes. + * modules/pam_access/pam_access.8.xml: Spelling fixes. + * modules/pam_cracklib/pam_cracklib.8.xml: Likewise. + * modules/pam_echo/pam_echo.8.xml: Likewise. + * modules/pam_env/pam_env.8.xml: Likewise. + * modules/pam_exec/pam_exec.8.xml: Likewise. + * modules/pam_filter/pam_filter.8.xml: Likewise. + * modules/pam_ftp/pam_ftp.8.xml: Likewise. + * modules/pam_group/pam_group.8.xml: Likewise. + * modules/pam_issue/pam_issue.8.xml: Likewise. + * modules/pam_lastlog/pam_lastlog.8.xml: Likewise. + * modules/pam_listfile/pam_listfile.8.xml: Likewise. + * modules/pam_localuser/pam_localuser.8.xml: Likewise. + * modules/pam_loginuid/pam_loginuid.8.xml: Likewise. + * modules/pam_mkhomedir/pam_mkhomedir.8.xml: Likewise. + * modules/pam_motd/pam_motd.8.xml: Likewise. + * modules/pam_namespace/pam_namespace.8.xml: Likewise. + * modules/pam_pwhistory/pam_pwhistory.8.xml: Likewise. + * modules/pam_selinux/pam_selinux.8.xml: Likewise. + * modules/pam_succeed_if/pam_succeed_if.8.xml: Likewise. + * modules/pam_tally/pam_tally.8.xml: Likewise. + * modules/pam_tally2/pam_tally2.8.xml: Likewise. + * modules/pam_time/pam_time.8.xml: Likewise. + * modules/pam_timestamp/pam_timestamp.8.xml: Likewise. + * modules/pam_timestamp/pam_timestamp_check.8.xml: Likewise. + * modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise. + * modules/pam_umask/pam_umask.8.xml: Likewise. + * modules/pam_unix/pam_unix.8.xml: Likewise. + * modules/pam_xauth/pam_xauth.8.xml: Likewise. + 2009-05-28 Jaswinder Singh * po/pa.po: Updated translations. diff --git a/modules/pam_access/pam_access.8.xml b/modules/pam_access/pam_access.8.xml index 6b031d2e..710e2e7b 100644 --- a/modules/pam_access/pam_access.8.xml +++ b/modules/pam_access/pam_access.8.xml @@ -86,7 +86,7 @@ - A lot of debug informations are printed with + A lot of debug information is printed with syslog3. @@ -115,7 +115,7 @@ fieldsep=| will cause the default `:' character to be treated as part of a field value and `|' becomes the field separator. Doing this may be - useful in conjuction with a system that wants to use + useful in conjunction with a system that wants to use pam_access with X based applications, since the PAM_TTY item is likely to be of the form "hostname:0" which includes a `:' character in diff --git a/modules/pam_cracklib/pam_cracklib.8.xml b/modules/pam_cracklib/pam_cracklib.8.xml index 1c31e077..29e00c09 100644 --- a/modules/pam_cracklib/pam_cracklib.8.xml +++ b/modules/pam_cracklib/pam_cracklib.8.xml @@ -458,7 +458,7 @@ PAM_SERVICE_ERR - A internal error occured. + A internal error occurred. diff --git a/modules/pam_echo/pam_echo.8.xml b/modules/pam_echo/pam_echo.8.xml index 07ac9af2..ef76b022 100644 --- a/modules/pam_echo/pam_echo.8.xml +++ b/modules/pam_echo/pam_echo.8.xml @@ -141,7 +141,7 @@ EXAMPLES For an example of the use of this module, we show how it may be - used to print informations about good passwords: + used to print information about good passwords: password optional pam_echo.so file=/usr/share/doc/good-password.txt password required pam_unix.so diff --git a/modules/pam_env/pam_env.8.xml b/modules/pam_env/pam_env.8.xml index e8cd561b..536cb132 100644 --- a/modules/pam_env/pam_env.8.xml +++ b/modules/pam_env/pam_env.8.xml @@ -90,7 +90,7 @@ - A lot of debug informations are printed with + A lot of debug information is printed with syslog3. @@ -130,7 +130,7 @@ Indicate an alternative .pam_environment file to override the default. This can be useful when different - services need different environments. The filename is relativ to + services need different environments. The filename is relative to the user home directory. diff --git a/modules/pam_exec/pam_exec.8.xml b/modules/pam_exec/pam_exec.8.xml index 3cbd6af3..1ca50dd5 100644 --- a/modules/pam_exec/pam_exec.8.xml +++ b/modules/pam_exec/pam_exec.8.xml @@ -161,7 +161,7 @@ PAM_SUCCESS - The external command runs successfull. + The external command was run successfully. @@ -179,7 +179,7 @@ PAM_SYSTEM_ERR - A system error occured or the command to execute failed. + A system error occurred or the command to execute failed. diff --git a/modules/pam_filter/pam_filter.8.xml b/modules/pam_filter/pam_filter.8.xml index 9a9d69b9..7309c352 100644 --- a/modules/pam_filter/pam_filter.8.xml +++ b/modules/pam_filter/pam_filter.8.xml @@ -205,7 +205,7 @@ PAM_SUCCESS - The new filter was set successfull. + The new filter was set successfully. diff --git a/modules/pam_ftp/pam_ftp.8.xml b/modules/pam_ftp/pam_ftp.8.xml index ea985c0d..6f11f570 100644 --- a/modules/pam_ftp/pam_ftp.8.xml +++ b/modules/pam_ftp/pam_ftp.8.xml @@ -121,7 +121,7 @@ PAM_SUCCESS - The authentication was successfull. + The authentication was successful. diff --git a/modules/pam_group/pam_group.8.xml b/modules/pam_group/pam_group.8.xml index 8c0770b8..2c1c9058 100644 --- a/modules/pam_group/pam_group.8.xml +++ b/modules/pam_group/pam_group.8.xml @@ -52,7 +52,7 @@ access to should be mounted nosuid. - The pam_group module fuctions in parallel with the + The pam_group module functions in parallel with the /etc/group file. If the user is granted any groups based on the behavior of this module, they are granted in addition to those entries diff --git a/modules/pam_issue/pam_issue.8.xml b/modules/pam_issue/pam_issue.8.xml index 4254ea61..fb9b7377 100644 --- a/modules/pam_issue/pam_issue.8.xml +++ b/modules/pam_issue/pam_issue.8.xml @@ -180,7 +180,7 @@ PAM_SERVICE_ERR - A service module error occured. + A service module error occurred. @@ -189,7 +189,7 @@ PAM_SUCCESS - The new prompt was set successfull. + The new prompt was set successfully. diff --git a/modules/pam_lastlog/pam_lastlog.8.xml b/modules/pam_lastlog/pam_lastlog.8.xml index f1fffa89..2a6794ad 100644 --- a/modules/pam_lastlog/pam_lastlog.8.xml +++ b/modules/pam_lastlog/pam_lastlog.8.xml @@ -84,7 +84,7 @@ Don't inform the user about any previous login, - just upate the /var/log/lastlog file. + just update the /var/log/lastlog file. @@ -184,7 +184,7 @@ PAM_SUCCESS - Everything was successfull. + Everything was successful. diff --git a/modules/pam_limits/pam_limits.8.xml b/modules/pam_limits/pam_limits.8.xml index a4375e22..0be7ef4d 100644 --- a/modules/pam_limits/pam_limits.8.xml +++ b/modules/pam_limits/pam_limits.8.xml @@ -50,11 +50,11 @@ By default limits are taken from the /etc/security/limits.conf - config file. Then individual files from the /etc/security/limits.d/ + config file. Then individual *.conf files from the /etc/security/limits.d/ directory are read. The files are parsed one after another in the order of "C" locale. The effect of the individual files is the same as if all the files were concatenated together in the order of parsing. - If a config file is explicitely specified with a module option then the + If a config file is explicitly specified with a module option then the files in the above directory are not parsed. @@ -175,7 +175,7 @@ - PAM_SESSEION_ERR + PAM_SESSION_ERR Error recovering account name. diff --git a/modules/pam_listfile/pam_listfile.8.xml b/modules/pam_listfile/pam_listfile.8.xml index 4c1fb1fd..15f047c2 100644 --- a/modules/pam_listfile/pam_listfile.8.xml +++ b/modules/pam_listfile/pam_listfile.8.xml @@ -129,7 +129,7 @@ File containing one item per line. The file needs to be a plain - file and not world writeable. + file and not world writable. diff --git a/modules/pam_localuser/pam_localuser.8.xml b/modules/pam_localuser/pam_localuser.8.xml index 861fc35a..b06a0bf7 100644 --- a/modules/pam_localuser/pam_localuser.8.xml +++ b/modules/pam_localuser/pam_localuser.8.xml @@ -97,7 +97,7 @@ PAM_SUCCESS - The new localuser was set successfull. + The new localuser was set successfully. diff --git a/modules/pam_loginuid/pam_loginuid.8.xml b/modules/pam_loginuid/pam_loginuid.8.xml index 2a146b2c..d16e2b2d 100644 --- a/modules/pam_loginuid/pam_loginuid.8.xml +++ b/modules/pam_loginuid/pam_loginuid.8.xml @@ -72,7 +72,7 @@ PAM_SESSION_ERR - An error occured during session management. + An error occurred during session management. diff --git a/modules/pam_mkhomedir/pam_mkhomedir.8.xml b/modules/pam_mkhomedir/pam_mkhomedir.8.xml index 5d66ee23..c980ce1d 100644 --- a/modules/pam_mkhomedir/pam_mkhomedir.8.xml +++ b/modules/pam_mkhomedir/pam_mkhomedir.8.xml @@ -44,7 +44,7 @@ without using a distributed file system or pre-creating a large number of directories. The skeleton directory (usually /etc/skel/) is used to copy default files - and also set's a umask for the creation. + and also sets a umask for the creation. The new users home directory will not be removed after logout diff --git a/modules/pam_motd/pam_motd.8.xml b/modules/pam_motd/pam_motd.8.xml index 7b9b2437..ff92154e 100644 --- a/modules/pam_motd/pam_motd.8.xml +++ b/modules/pam_motd/pam_motd.8.xml @@ -30,7 +30,7 @@ pam_motd is a PAM module that can be used to display - arbitrary motd (message of the day) files after a succesful + arbitrary motd (message of the day) files after a successful login. By default the /etc/motd file is shown. The message size is limited to 64KB. diff --git a/modules/pam_namespace/pam_namespace.8.xml b/modules/pam_namespace/pam_namespace.8.xml index 81328476..0433f0fd 100644 --- a/modules/pam_namespace/pam_namespace.8.xml +++ b/modules/pam_namespace/pam_namespace.8.xml @@ -65,7 +65,7 @@ using SELinux, user name, security context or both. If an executable script /etc/security/namespace.init exists, it is used to initialize the instance directory after it is set up - and mounted on the polyinstantiated direcory. The script receives the + and mounted on the polyinstantiated directory. The script receives the polyinstantiated directory path, the instance directory path, flag whether the instance directory was newly created (0 for no, 1 for yes), and the user name as its arguments. @@ -197,7 +197,7 @@ For certain trusted programs such as newrole, open session - is called from a child process while the parent perfoms + is called from a child process while the parent performs close session and pam end functions. For these commands use this option to instruct pam_close_session to not unmount the bind mounted polyinstantiated directory in the diff --git a/modules/pam_pwhistory/pam_pwhistory.8.xml b/modules/pam_pwhistory/pam_pwhistory.8.xml index cc216707..7696353f 100644 --- a/modules/pam_pwhistory/pam_pwhistory.8.xml +++ b/modules/pam_pwhistory/pam_pwhistory.8.xml @@ -50,8 +50,8 @@ alternating between the same password too frequently. - This module does not work togehter with kerberos. In general, - it does not make much sense to use this module in conjuction + This module does not work together with kerberos. In general, + it does not make much sense to use this module in conjunction with NIS or LDAP, since the old passwords are stored on the local machine and are not available on another machine for password history checking. diff --git a/modules/pam_selinux/pam_selinux.8.xml b/modules/pam_selinux/pam_selinux.8.xml index 3db26d04..2c1cdb24 100644 --- a/modules/pam_selinux/pam_selinux.8.xml +++ b/modules/pam_selinux/pam_selinux.8.xml @@ -162,7 +162,7 @@ Use the sensitivity level of the current process for the user context - instead of the default level. Also supresses asking of the + instead of the default level. Also suppresses asking of the sensitivity level from the user or obtaining it from PAM environment. @@ -192,7 +192,7 @@ PAM_SUCCESS - The security context was set successfull. + The security context was set successfully. diff --git a/modules/pam_succeed_if/pam_succeed_if.8.xml b/modules/pam_succeed_if/pam_succeed_if.8.xml index c99f6be5..67f9bbfd 100644 --- a/modules/pam_succeed_if/pam_succeed_if.8.xml +++ b/modules/pam_succeed_if/pam_succeed_if.8.xml @@ -249,7 +249,7 @@ PAM_SERVICE_ERR - A service error occured or the arguments can't be + A service error occurred or the arguments can't be parsed correctly. diff --git a/modules/pam_tally/pam_tally.8.xml b/modules/pam_tally/pam_tally.8.xml index 831ee1a5..91925688 100644 --- a/modules/pam_tally/pam_tally.8.xml +++ b/modules/pam_tally/pam_tally.8.xml @@ -129,7 +129,7 @@ If something weird happens (like unable to open the file), - return with PAM_SUCESS if + return with PAM_SUCCESS if is given, else with the corresponding PAM error code. @@ -237,7 +237,7 @@ If the module is invoked by a user with uid=0 the - counter is not incremented. The sys-admin should use this + counter is not incremented. The sysadmin should use this for user launched services, like su, otherwise this argument should be omitted. @@ -312,7 +312,7 @@ Account phase resets attempts counter if the user is not magic root. - This phase can be used optionaly for services which don't call + This phase can be used optionally for services which don't call pam_setcred3 correctly or if the reset should be done regardless @@ -326,7 +326,7 @@ If the module is invoked by a user with uid=0 the - counter is not incremented. The sys-admin should use this + counter is not incremented. The sysadmin should use this for user launched services, like su, otherwise this argument should be omitted. @@ -364,7 +364,7 @@ A invalid option was given, the module was not able - to retrive the user name, no valid counter file + to retrieve the user name, no valid counter file was found, or too many failed logins. @@ -373,7 +373,7 @@ PAM_SUCCESS - Everything was successfull. + Everything was successful. diff --git a/modules/pam_tally2/pam_tally2.8.xml b/modules/pam_tally2/pam_tally2.8.xml index 255fcea4..4ad529fd 100644 --- a/modules/pam_tally2/pam_tally2.8.xml +++ b/modules/pam_tally2/pam_tally2.8.xml @@ -122,7 +122,7 @@ If something weird happens (like unable to open the file), - return with PAM_SUCESS if + return with PAM_SUCCESS if is given, else with the corresponding PAM error code. @@ -230,7 +230,7 @@ If the module is invoked by a user with uid=0 the - counter is not incremented. The sys-admin should use this + counter is not incremented. The sysadmin should use this for user launched services, like su, otherwise this argument should be omitted. @@ -265,7 +265,7 @@ This option implies option. Allow access after n seconds - to root acccount after failed attempt. If this option is used + to root account after failed attempt. If this option is used the root user will be locked out for the specified amount of time after he exceeded his maximum allowed attempts. @@ -301,7 +301,7 @@ Account phase resets attempts counter if the user is not magic root. - This phase can be used optionaly for services which don't call + This phase can be used optionally for services which don't call pam_setcred3 correctly or if the reset should be done regardless @@ -315,7 +315,7 @@ If the module is invoked by a user with uid=0 the - counter is not changed. The sys-admin should use this + counter is not changed. The sysadmin should use this for user launched services, like su, otherwise this argument should be omitted. @@ -343,7 +343,7 @@ A invalid option was given, the module was not able - to retrive the user name, no valid counter file + to retrieve the user name, no valid counter file was found, or too many failed logins. @@ -352,7 +352,7 @@ PAM_SUCCESS - Everything was successfull. + Everything was successful. diff --git a/modules/pam_time/pam_time.8.xml b/modules/pam_time/pam_time.8.xml index 8e7f222c..b673beb5 100644 --- a/modules/pam_time/pam_time.8.xml +++ b/modules/pam_time/pam_time.8.xml @@ -63,7 +63,7 @@ - Some debug informations are printed with + Some debug information is printed with syslog3. diff --git a/modules/pam_timestamp/pam_timestamp.8.xml b/modules/pam_timestamp/pam_timestamp.8.xml index c96424ab..adb87a79 100644 --- a/modules/pam_timestamp/pam_timestamp.8.xml +++ b/modules/pam_timestamp/pam_timestamp.8.xml @@ -104,7 +104,7 @@ file as grounds for succeeding. PAM_AUTH_ERR - The module was not able to retrive the user name or + The module was not able to retrieve the user name or no valid timestamp file was found. @@ -113,7 +113,7 @@ file as grounds for succeeding. PAM_SUCCESS - Everything was successfull. + Everything was successful. diff --git a/modules/pam_timestamp/pam_timestamp_check.8.xml b/modules/pam_timestamp/pam_timestamp_check.8.xml index 85484a06..7ec7140e 100644 --- a/modules/pam_timestamp/pam_timestamp_check.8.xml +++ b/modules/pam_timestamp/pam_timestamp_check.8.xml @@ -77,7 +77,7 @@ see if the default timestamp is valid, or optionally remove it. timestamps generated by pam_timestamp when the user authenticates as herself. When the user authenticates as a different user, the name of the timestamp file changes to - accomodate this. target_user allows + accommodate this. target_user allows to specify this user name. diff --git a/modules/pam_tty_audit/pam_tty_audit.8.xml b/modules/pam_tty_audit/pam_tty_audit.8.xml index 005d2e85..7f233dfe 100644 --- a/modules/pam_tty_audit/pam_tty_audit.8.xml +++ b/modules/pam_tty_audit/pam_tty_audit.8.xml @@ -47,7 +47,7 @@ For each user matching one of comma-separated glob , disable TTY auditing. This overrides any previous - option matchin the same user name on the command line. + option matching the same user name on the command line. diff --git a/modules/pam_umask/pam_umask.8.xml b/modules/pam_umask/pam_umask.8.xml index b2858b57..09fc0e7c 100644 --- a/modules/pam_umask/pam_umask.8.xml +++ b/modules/pam_umask/pam_umask.8.xml @@ -157,7 +157,7 @@ PAM_SUCCESS - The new umask was set successfull. + The new umask was set successfully. diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml index cc3affd9..a726e5e7 100644 --- a/modules/pam_unix/pam_unix.8.xml +++ b/modules/pam_unix/pam_unix.8.xml @@ -321,7 +321,7 @@ - Ignore errors reading shadow inforation for + Ignore errors reading shadow information for users in the account management module. diff --git a/modules/pam_xauth/pam_xauth.8.xml b/modules/pam_xauth/pam_xauth.8.xml index 353f1b6e..08c06cf8 100644 --- a/modules/pam_xauth/pam_xauth.8.xml +++ b/modules/pam_xauth/pam_xauth.8.xml @@ -43,7 +43,7 @@ Without pam_xauth, when xauth is enabled and a user uses the su1 - command to assume another user's priviledges, + command to assume another user's privileges, that user is no longer able to access the original user's X display because the new user does not have the key needed to access the display. pam_xauth solves the problem by forwarding the key from @@ -55,7 +55,7 @@ This means, for example, that when you run su1 - from an xterm sesssion, you will be able to run + from an xterm session, you will be able to run X programs without explicitly dealing with the xauth1 -- cgit v1.2.3