c8c84e2...
by
Tomas Mraz <email address hidden>
on 2008-01-04
Relevant BUGIDs:
Purpose of commit: new feature
Commit summary:
---------------
* modules/ pam_unix/ Makefile. am: Add unix_update helper.
* modules/ pam_unix/ pam_unix_ passwd. c: Move functions i64c(),
crypt_ md5_wrapper( ), save_old_ password( ), _update_passwd() and
_update_ shadow( ) to passverify.c file. Rename _unix_run_ shadow_ binary( )
to _unix_run_ update_ binary( ), which also verifies old password and
does all writing.
(_do_setpass, pam_sm_chauthtok): lckpwdf( )->lock_ pwdf(), the same for unlock.
Call _unix_run_ update_ binary( ) appropriately.
_update_ passwd( )->unix_ update_ passwd( ), the same for shadow.
* modules/ pam_unix/ passverify. c: Add new functions moved from
pam_unix_ passwd. c and unix_chkpwd.c.
* modules/ pam_unix/ passverify. h: Likewise.
* modules/ pam_unix/ unix_chkpwd. c: Remove SELinux checks. Move
su_sighandler( ), setup_signals(), getuidname() to passverify.c.
(main): Remove 'shadow' option. Refactor out read_passwords() and
call it. More strict checking how the binary is called.
* modules/ pam_unix/ unix_update. c: New helper binary - non-setuid,
called from SELinux confined apps only.
c6912ac...
by
Tomas Mraz <email address hidden>
on 2008-01-04
Relevant BUGIDs:
Purpose of commit: refactorization
Commit summary:
---------------
* modules/ pam_unix/ pam_unix_ acct.c (_unix_ run_verify_ binary) : Return
status and daysleft instead of fake shadow entry.
(pam_sm_ acct_mgmt) : Call _unix_run_ verify_ binary( ) appropriately.
* modules/ pam_unix/ pam_unix_ passwd. c (_unix_ verify_ shadow) : Call
get_account_ info() and check_shadow_ expiry( ).
* modules/ pam_unix/ support. h: Adjust _unix_run_ verify_ binary( )
prototype.
* modules/ pam_unix/ support. c (_unix_ run_helper_ binary) : Remove check
on selinux enabled/disabled.
* modules/ pam_unix/ unix_chkpwd. c (_verify_account): Rename to
_check_ expiry( ), now checks shadow expiry info.
(main): Remove check on selinux enabled/disabled. Check shadow
expiry through _check_expiry().
bc86f86...
by
Tomas Mraz <email address hidden>
on 2008-01-04
Relevant BUGIDs:
Purpose of commit: refactorization
Commit summary:
---------------
* modules/ pam_unix/ pam_unix_ acct.c (pam_sm_acct_mgmt): Call
get_account_ info() and check_shadow_ expiry( ).
* modules/ pam_unix/ passverify. c: Add get_account_info() to
obtain shadow and passwd entry. Add check_shadow_ expiry( ) to
for shadow password expiry check.
(get_pwd_ hash): Call get_account_info().
* modules/ pam_unix/ passverify. h: Add prototypes for get_account_info()
and check_shadow_ expiry( ).
b5250a6...
by
Tomas Mraz <email address hidden>
on 2007-12-21
Relevant BUGIDs:
Purpose of commit: branch
Commit summary:
---------------
- pam_unix refactorization step 2
4463902...
by
Thorsten Kukuk <email address hidden>
on 2007-12-18
Relevant BUGIDs: 1822779, 1822764
Purpose of commit: docufix
Commit summary:
---------------
2007-12-18 Thorsten Kukuk <email address hidden>
* README: Document how to run make check with static modules
(SF#1822779) .
2007-12-18 Peter Breitenlohner <email address hidden>
* README: Document that "make check" requires a file
/etc/pam. d/other (SF#1822764).
75e765b...
by
Tomas Mraz <email address hidden>
on 2007-12-12
Relevant BUGIDs:
Purpose of commit: cleanup
Commit summary:
---------------
2007-12-12 Eamon Walsh <email address hidden>
* doc/man/ pam_item_ types_ext. inc.xml: More appropriate wording
for PAM_XDISPLAY doc.
8ae5f57...
by
Tomas Mraz <email address hidden>
on 2007-12-07
Relevant BUGIDs:
Purpose of commit: new feature and cleanup
Commit summary:
---------------
2007-12-07 Tomas Mraz <email address hidden>
* libpam/libpam.map: Add LIBPAM_MODUTIL_1.1 version.
* libpam/pam_audit.c: Add _pam_audit_open() and
pam_modutil_ audit_write( ).
(_pam_ auditlog) : Call _pam_audit_open().
* libpam/ include/ security/ pam_modutil. h: Add pam_modutil_ audit_write( ).
* modules/ pam_access/ pam_access. 8.xml: Add noaudit option.
Document auditing.
* modules/ pam_access/ pam_access. c: Move fs, sep, pam_access_debug, and
only_new_ group_syntax variables to struct login_info. Add noaudit
member.
(_parse_ args): Adjust for the move of variables and add support for
noaudit option.
(group_ match): Add debug parameter.
(string_ match): Likewise.
(network_ netmask_ match): Likewise.
(login_ access) : Adjust for the move of variables. Add nonall_match.
Add call to pam_modutil_ audit_write( ).
(list_ match): Adjust for the move of variables.
(user_ match): Likewise.
(from_ match): Likewise.
(pam_sm_ authenticate) : Call _parse_args() earlier.
* modules/ pam_limits/ pam_limits. 8.xml: Add noaudit option.
Document auditing.
* modules/ pam_limits/ pam_limits. c (_pam_parse): Add noaudit option.
(setup_ limits) : Call pam_modutil_ audit_write( ).
* modules/ pam_time/ pam_time. 8.xml: Add debug and noaudit options.
Document auditing.
* modules/ pam_time/ pam_time. c: Add option parsing (_pam_parse()).
(check_ account) : Call _pam_parse(). Call pam_modutil_ audit_write( )
and pam_syslog() on login denials.
67b5cdd...
by
Tomas Mraz <email address hidden>
on 2007-12-07
Relevant BUGIDs:
Purpose of commit: translations
Commit summary:
---------------
2007-12-07 Tomas Mraz <email address hidden>
* po/cs.po: Updated translations.
ad3ad5c...
by
Tomas Mraz <email address hidden>
on 2007-12-07
Relevant BUGIDs:
Purpose of commit: translations
Commit summary:
---------------
2007-12-07 Luca Bruno <email address hidden>
* po/it.po: Updated translations.
632dffe...
by
Tomas Mraz <email address hidden>
on 2007-12-06
Relevant BUGIDs:
Purpose of commit: new feature
Commit summary:
---------------
2007-12-06 Eamon Walsh <email address hidden>
* libpam/ include/ security/ _pam_macros. h: Add _pam_overwrite_n()
macro.
* libpam/ include/ security/ _pam_types. h: Add PAM_XDISPLAY,
PAM_XAUTHDATA items, pam_xauth_data struct.
* libpam/pam_item.c (pam_set_item, pam_get_item): Handle
PAM_XDISPLAY and PAM_XAUTHDATA items.
* libpam/pam_end.c (pam_end): Destroy the new items.
* libpam/ pam_private. h (pam_handle): Add data members for new
items. Add prototype for _pam_memdup.
* libpam/pam_misc.c: Add _pam_memdup.
* doc/man/ Makefile. am: Add pam_xauth_data.3. Replace
pam_item_ types.inc. xml with pam_item_ types_std. inc.xml and
pam_item_ types_ext. inc.xml.
* doc/man/ pam_get_ item.3. xml: Replace pam_item_ types.inc. xml
with pam_item_ types_std. inc.xml and pam_item_ types_ext. inc.xml.
* doc/man/ pam_set_ item.3. xml: Likewise.
* doc/man/ pam_item_ types.inc. xml: Removed file.
* doc/man/ pam_item_ types_ext. inc.xml: New file.
* doc/man/ pam_item_ types_std. inc.xml: New file.