Commit Graph

414 Commits

Author SHA1 Message Date
Jesse Keating
9a28cb58ea - Rebuilt for gcc bug 634757 2010-09-29 14:57:32 -07:00
Tomas Mraz
acc35880d3 - do not build some auxiliary tools that are not installed that require
flex-static to build
2010-09-20 12:16:26 +02:00
Tomas Mraz
ca3ead6784 - add pam_faillock module implementing temporary account lock out based
on authentication failures during a specified interval
- upgrade to new upstream release
2010-09-17 17:37:07 +02:00
Tomáš Mráz
4b7a0b2c99 - do not overwrite tallylog with empty file on upgrade 2010-07-15 13:24:33 +00:00
Tomáš Mráz
e3430d85d2 - change the default password hash to sha512 2010-02-15 17:25:28 +00:00
Tomáš Mráz
3f424c65d3 - fix wrong prompt when pam_get_authtok is used for new password 2010-01-22 17:49:54 +00:00
Tomáš Mráz
68bf40d031 - fix build with disabled audit and SELinux (#556211, #556212) 2010-01-18 09:09:31 +00:00
Tomáš Mráz
1802942b8d - new upstream version with minor changes 2009-12-17 14:29:39 +00:00
Tomáš Mráz
430b952f8e - pam_console: fix memory corruption when executing handlers (patch by Stas
Sergeev) and a few more fixes in the handler execution code (#532302)
2009-11-02 07:56:12 +00:00
Tomáš Mráz
0e45b7f2c2 - pam_xauth: set the approprate context when creating .xauth files
(#531530)
2009-10-29 15:32:22 +00:00
Tomáš Mráz
4774498127 - do not change permissions with pam_console_apply
- drop obsolete pam_tally module and the faillog file (#461258)
2009-09-01 16:03:13 +00:00
Tomáš Mráz
6572482d29 - leftover comment and license tag 2009-08-26 18:43:27 +00:00
Tomáš Mráz
155e7e9f93 - rebuild with new libaudit 2009-08-19 19:06:40 +00:00
Tomáš Mráz
e307a99b74 - fix source URLs 2009-08-11 11:50:50 +00:00
Tomáš Mráz
8d3cbe5e32 - fix for pam_cracklib from upstream 2009-07-27 15:23:22 +00:00
Jesse Keating
8f8af7e93e - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild 2009-07-25 23:08:11 +00:00
Tomáš Mráz
47e2c2f3d9 - update to new upstream version 2009-06-24 07:09:21 +00:00
Tomáš Mráz
da8b25143b - update to new upstream version 2009-05-13 10:59:18 +00:00
Tomáš Mráz
4b9fc2208b - add password-auth, fingerprint-auth, and smartcard-auth for applications
which can use them namely gdm (#494874) patch by Ray Strode
2009-04-10 16:06:24 +00:00
Tomáš Mráz
02fa35ccd2 - bump release 2009-03-26 11:26:22 +00:00
Tomáš Mráz
f3a8a94868 - replace also other std descriptors (#491471) 2009-03-26 11:17:16 +00:00
Tomáš Mráz
837a5499fa - replace also other std descriptors (#491471) 2009-03-26 09:28:14 +00:00
Tomáš Mráz
1343a8ed17 - we must replace the stdin when execing the helper (#490644) 2009-03-17 14:13:16 +00:00
Tomáš Mráz
a78e55c069 - do not close stdout/err when execing the helpers (#488147) 2009-03-16 13:47:00 +00:00
Tomáš Mráz
2c482b26a1 - the buildrequires on glibc will make it install a conflicting version 2009-03-09 20:58:38 +00:00
Tomáš Mráz
3ecbdb09e8 - upgrade to new upstream release 2009-03-09 16:14:30 +00:00
Tomáš Mráz
5b6ef5fcbd - fix parsing of config files containing non-ASCII characters
- fix CVE-2009-0579 (mininimum days for password change ignored) (#487216)
- pam_access: improve handling of hostname resolution
2009-02-27 12:52:52 +00:00
Jesse Keating
32a45d5cc0 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild 2009-02-26 09:28:43 +00:00
Tomáš Mráz
64be9b675a - add helper to pam_mkhomedir for proper SELinux confinement (#476784) 2009-01-19 09:18:56 +00:00
Tomáš Mráz
d4ff57cf6f - upgrade to new upstream release
- add --disable-prelude (#466242)
2008-12-16 15:17:16 +00:00
Tomáš Mráz
e30408c5d9 - new password quality checks in pam_cracklib
- report failed logins from btmp in pam_lastlog
- allow larger groups in modutil functions
- fix leaked file descriptor in pam_tally
2008-09-23 14:06:48 +00:00
Tomáš Mráz
8955a466b5 - pam_loginuid: uids are unsigned (#460241)
- new minor upstream release
- use external db4
- drop tests for not pulling in libpthread (as NPTL should be safe)
2008-09-08 11:01:44 +00:00
Tomáš Mráz
7d29dd0246 - update internal db4 2008-07-09 12:27:35 +00:00
Tomáš Mráz
a37d2c7046 - pam_namespace: allow safe creation of directories owned by user (#437116)
- pam_unix: fix multiple error prompts on password change (#443872)
2008-05-21 08:08:39 +00:00
Tomáš Mráz
3be955e71c - fix build with new autoconf 2008-05-20 13:31:17 +00:00
Tomáš Mráz
afb096a17d - pam_selinux: add env_params option which will be used by OpenSSH 2008-05-19 16:55:13 +00:00
Tomáš Mráz
be4deb2d92 - pam_selinux: restore execcon properly (#443667) 2008-04-22 19:48:10 +00:00
Tomáš Mráz
65a47ccbca - upgrade to new upstream release (one bugfix only)
- fix pam_sepermit use in screensavers
2008-04-18 08:43:42 +00:00
Tomáš Mráz
2613b27a52 - fix regression in pam_set_item 2008-04-07 09:45:21 +00:00
Tomáš Mráz
1fa0a9e893 - upgrade to new upstream release (bugfix only) 2008-04-04 16:00:50 +00:00
Tomáš Mráz
6aa700f64a - pam_namespace: fix problem with level polyinst (#438264)
- pam_namespace: improve override checking for umount
- pam_selinux: fix syslogging a context after free() (#438338)
2008-03-20 16:50:13 +00:00
Tomáš Mráz
1ba40631bf - update pam-redhat module tarball
- update internal db4
2008-02-28 22:44:06 +00:00
Tomáš Mráz
8938fa9767 - if shadow is readable for an user do not prevent him from authenticating
any user with unix_chkpwd (#433459)
- call audit from unix_chkpwd when appropriate
2008-02-22 15:49:55 +00:00
Tomáš Mráz
0533865ad8 - new upstream release
- add default soft limit for nproc of 1024 to prevent accidental fork bombs
    (#432903)
2008-02-15 17:27:28 +00:00
Tomáš Mráz
717cfde74b - allow the package to build without SELinux and audit support (#431415)
- macro usage cleanup
2008-02-04 13:06:18 +00:00
Tomáš Mráz
b6b1e29706 - test for setkeycreatecon correctly
- add exclusive login mode of operation to pam_selinux_permit (original
    patch by Dan Walsh)
2008-01-28 17:59:35 +00:00
Tomáš Mráz
de90b38383 - libpam.so is in libdir 2008-01-23 07:43:33 +00:00
Tomáš Mráz
2badd4f116 - add auditing to pam_access, pam_limits, and pam_time
- moved sanity testing code to check script
2008-01-22 21:52:13 +00:00
Tomáš Mráz
392622e8de - merge review fixes (#226228) 2008-01-14 12:49:56 +00:00
Tomáš Mráz
c5d3ee3a3f - support for sha256 and sha512 password hashes
- account expiry checks moved to unix_chkpwd helper
2008-01-08 18:56:11 +00:00
Tomáš Mráz
b99939ffb4 - wildcard match support in pam_tty_audit (by Miloslav Trmač) 2008-01-02 10:42:27 +00:00
Tomáš Mráz
a36aa37b04 - add pam_tty_audit module (#244352) - written by Miloslav Trmač 2007-11-29 13:20:28 +00:00
Tomáš Mráz
9ae80944c1 - add substack support 2007-11-07 11:41:49 +00:00
Tomáš Mráz
991484aaf4 - apply db4 patch correctly 2007-09-25 20:26:29 +00:00
Tomáš Mráz
00939f1c06 - update db4 to 4.6.19 (#274661) 2007-09-25 20:15:45 +00:00
Tomáš Mráz
36d9a1c73d - do not preserve contexts when copying skel and other namespace.init fixes
(#298941)
- do not free memory sent to putenv (#231698)
2007-09-21 14:08:14 +00:00
Tomáš Mráz
43c3a5a46e - add pam_selinux_permit module
- pam_succeed_if: fix in operator (#295151)
2007-09-19 18:11:42 +00:00
Tomáš Mráz
ac8e934c7b - when SELinux enabled always run the helper binary instead of direct
shadow access (#293181)
2007-09-18 20:23:57 +00:00
Tomáš Mráz
9e1a698edf - do not ask for blank password when SELinux confined (#254044)
- initialize homedirs in namespace init script (original patch by dwalsh)
2007-08-24 13:15:01 +00:00
Tomáš Mráz
a47d5ca5e4 - multifunction scanner device support (#251468) 2007-08-22 19:30:39 +00:00
Tomáš Mráz
73ea19b4f7 - most devices are now handled by HAL and not pam_console (patch by davidz)
- license tag fix
2007-08-22 18:03:12 +00:00
Tomáš Mráz
81e34ba414 - fix auth regression when uid != 0 from previous build (#251804) 2007-08-13 09:05:04 +00:00
Tomáš Mráz
ecf62ebc17 - make db4 build with new glibc 2007-08-06 14:57:26 +00:00
Tomáš Mráz
8fa0463a67 - updated db4 to 4.6.18 (#249740)
- added user and new instance parameters to namespace init
- document the new features of pam_namespace
- do not log an audit error when uid != 0 (#249870)
2007-08-06 12:31:50 +00:00
Jeremy Katz
f6d27e9e3a - rebuild for toolchain bug 2007-07-25 17:52:58 +00:00
Tomáš Mráz
3f1e71cada - drop the merged patches 2007-07-23 19:07:42 +00:00
Tomáš Mráz
6c6453458a - upgrade to latest upstream version
- add some firewire devices to default console perms (#240770)
2007-07-23 18:46:31 +00:00
Tomáš Mráz
09b44afcb6 - pam_namespace: better document behavior on failure (#237249)
- pam_unix: split out passwd change to a new helper binary (#236316)
- pam_namespace: add support for temporary logons (#241226)
2007-06-04 14:22:15 +00:00
Tomáš Mráz
33d3c087e3 - pam_selinux: improve context change auditing (#234781)
- pam_namespace: fix parsing config file with unknown users (#234513)
2007-04-13 16:14:38 +00:00
Tomáš Mráz
a28e30cbc4 - pam_console: always decrement use count (#230823)
- pam_namespace: use raw context for poly dir name (#227345)
- pam_namespace: truncate long poly dir name (append hash) (#230120)
- we don't patch any po files anymore
2007-03-23 11:02:35 +00:00
Tomáš Mráz
71ab958a92 - correctly relabel tty in the default case (#229542)
- pam_unix: cleanup of bigcrypt support
- pam_unix: allow modification of '*' passwords to root
2007-02-21 20:32:28 +00:00
Tomáš Mráz
504a3315ce - more X displays as consoles (#227462) 2007-02-06 15:58:27 +00:00
Tomáš Mráz
bbd6bf031f - upgrade to new upstream version resolving CVE-2007-0003
- pam_namespace: unmount poly dir for override users
2007-01-24 12:14:29 +00:00
Tomáš Mráz
d1daca3136 - add back min salt length requirement which was erroneously removed
upstream
2007-01-22 13:11:10 +00:00
Tomáš Mráz
0b9c1bae67 - upgrade to new upstream version
- drop pam_stack module as it is obsolete
- some changes to silence rpmlint
2007-01-19 17:42:21 +00:00
Tomáš Mráz
8a453fc0be - properly include /var/log/faillog and tallylog as ghosts and create them
in post script (#209646)
- update gmo files as we patch some po files (#218271)
- add use_current_range option to pam_selinux (#220487)
- improve the role selection in pam_selinux
- remove shortcut on Password: in ja locale (#218271)
- revert to old euid and not ruid when setting euid in pam_keyinit
    (#219486)
- rename selinux-namespace patch to namespace-level
2007-01-16 20:14:28 +00:00
Daniel J Walsh
7ce306a7c7 - Fix selection of role 2007-01-03 19:18:27 +00:00
Tomáš Mráz
03d7f35c89 - autoreconf won't work with autoconf-2.61 as configure.in is not yet
adjusted for it
2006-11-30 13:00:48 +00:00
Tomáš Mráz
19a8f79ca1 - add select-context option to pam_selinux (#213812) 2006-11-30 09:40:03 +00:00
Tomáš Mráz
d589c9bdaf - we don't need this yet 2006-11-13 21:15:30 +00:00
Tomáš Mráz
4f2fe36b29 - update internal db4 to 4.5.20 version
- move setgid before setuid in pam_keyinit (#212329)
- make username check in pam_unix consistent with useradd (#212153)
2006-11-13 21:05:40 +00:00
Tomáš Mráz
ab60a42b72 - add pam_namespace option no_unmount_on_close, required for newrole 2006-09-28 13:11:14 +00:00
Tomáš Mráz
355576d558 - silence pam_succeed_if in default system-auth (#205067)
- round the pam_timestamp_check sleep up to wake up at the start of the
    wallclock second (#205068)
2006-09-04 14:31:09 +00:00
Tomáš Mráz
10ddab4186 - upgrade to new upstream version, as there are mostly bugfixes except
improved documentation
- add support for session and password service for pam_access and
    pam_succeed_if
- system-auth: skip session pam_unix for crond service
2006-08-31 20:51:59 +00:00
Daniel J Walsh
e3f2d52037 - Add new setkeycreatecon call to pam_selinux to make sure keyring has
correct context
2006-08-10 20:26:54 +00:00
Tomáš Mráz
685a1895f3 - revoke keyrings properly when pam_keyinit called as root (#201048)
- pam_succeed_if should return PAM_USER_UNKNOWN when getpwnam fails
    (#197748)
2006-08-10 13:34:26 +00:00
Tomáš Mráz
0b27f99e23 - revoke keyrings properly when pam_keyinit called more than once (#201048)
patch by David Howells
2006-08-02 18:08:23 +00:00
Tomáš Mráz
3e0c7af627 - don't log pam_keyinit debug messages by default (#199783) 2006-07-21 22:36:15 +00:00
Tomáš Mráz
f81d37360c - drop ainit from console.handlers (#199561) 2006-07-21 14:26:46 +00:00
Tomáš Mráz
2851cbe631 - drop ainit from console.handlers (#199561) 2006-07-21 14:22:56 +00:00
Tomáš Mráz
fce253b7c0 - don't report error in pam_selinux for nonexistent tty (#188722)
- add pam_keyinit to the default system-auth file (#198623)
2006-07-17 11:03:29 +00:00
Jesse Keating
d649923c46 bumped for rebuild 2006-07-12 07:37:04 +00:00
Tomáš Mráz
95ebf27f94 - the patch should be applied with -p0 2006-07-03 13:19:35 +00:00
Tomáš Mráz
e019bcd126 - fixed network match in pam_access (patch by Dan Yefimov) 2006-07-03 12:45:13 +00:00
Tomáš Mráz
4fea4c98d9 - namespace.init was missing from EXTRA_DIST 2006-06-30 10:06:09 +00:00
Tomáš Mráz
00eddc0974 - updated to a new upstream release
- added service as value to be matched and list matching to pam_succeed_if
2006-06-30 09:20:33 +00:00
Tomáš Mráz
85a854521e - a typo 2006-06-08 21:18:21 +00:00
Tomáš Mráz
da4d7fa8c5 - added buildrequires libtool
- fixed a few rpmlint warnings
2006-06-08 18:44:01 +00:00
Tomáš Mráz
7dffd3fb2d - updated pam_namespace with latest patch by Janak Desai
- merged pam_namespace patches
2006-06-08 14:27:54 +00:00
Tomáš Mráz
e99dd3962b - actually don't link to libssl as it is not used (#191915) 2006-05-24 09:05:18 +00:00
Tomáš Mráz
fa8c14fa63 - use md5 implementation from pam_unix in pam_namespace
- pam_namespace should call setexeccon only when selinux is enabled
2006-05-18 15:50:01 +00:00
Tomáš Mráz
63f5c77f8b - don't build hmactest in pam_timestamp so openssl-devel is not required
- add missing buildrequires (#191915)
2006-05-16 17:06:29 +00:00
Tomáš Mráz
0730695ea0 - pam_console_apply shouldn't access /var when called with -r (#191401)
- actually apply the large-uid patch
2006-05-16 16:12:18 +00:00
Tomáš Mráz
fda1b40256 - new module pam_exec 2006-05-10 14:43:55 +00:00
Tomáš Mráz
fbfca3562b - upgrade to new upstream version
- make pam_console_apply not dependent on glib
- support large uids in pam_tally, pam_tally2
2006-05-10 14:16:34 +00:00
Tomáš Mráz
5002e23046 - add namespace.init to %files 2006-05-04 11:53:08 +00:00
Tomáš Mráz
94d78f5a6d - the namespace instance init script is now in /etc/security (#190148)
- pam_namespace: added missing braces (#190026)
- pam_tally(2): never call fclose twice on the same FILE (from upstream)
2006-05-04 11:51:03 +00:00
Tomáš Mráz
4f1df63a4d - fixed console device class for irda (#189966)
- make pam_console_apply fail gracefully when a class is missing
2006-04-26 11:56:48 +00:00
Tomáš Mráz
54e490e814 - added pam_namespace module written by Janak Desai (per-user /tmp support)
- new pam-redhat modules version
2006-04-25 14:53:39 +00:00
Tomáš Mráz
48968f9a9f - added try_first_pass option to pam_cracklib
- use try_first_pass for pam_unix and pam_cracklib in system-auth (#182350)
2006-02-24 10:46:47 +00:00
Jesse Keating
222bbd42b7 bump for bug in double-long on ppc(64) 2006-02-11 04:55:08 +00:00
Jesse Keating
65811c5fcf bump for new gcc/glibc 2006-02-07 13:23:11 +00:00
Tomáš Mráz
46d6d056ab - new upstream version
- updated db4 to 4.3.29
- added module pam_tally2 with auditing support
- added manual pages for system-auth and config-util (#179584)
2006-02-03 12:41:29 +00:00
Tomáš Mráz
05cc723970 - remove 'initscripts' dependency (#176508)
- update pam-redhat modules, merged patches
2006-01-03 16:23:10 +00:00
Tomáš Mráz
9c00b5da67 - fix dangling symlinks in -devel (#175929)
- link libaudit only where necessary
- actually compile in audit support
2005-12-16 15:20:02 +00:00
Tomáš Mráz
f06eb03db8 - support netgroup matching in pam_succeed_if
- upgrade to new release
- drop pam_pwdb as it was obsolete long ago
- we don't build static libraries anymore
2005-12-15 23:47:42 +00:00
Jesse Keating
9b4988bee0 gcc update bump 2005-12-09 22:42:36 +00:00
Tomáš Mráz
a74a5d22a6 - pam_stack is deprecated - log its usage 2005-11-15 14:07:51 +00:00
Tomáš Mráz
ea087a7d8d - forgot to update requirements on audit-libs 2005-10-26 22:49:36 +00:00
Tomáš Mráz
30c2fd8c2e - fixed CAN-2005-2977 unix_chkpwd should skip user verification only if run
as root (#168181)
- link pam_loginuid to libaudit
- support no tty in pam_access (#170467)
- updated audit patch (by Steve Grubb)
- the previous pam_selinux change was not applied properly
- pam_xauth: look for the xauth binary in multiple directories (#171164)
2005-10-26 22:27:20 +00:00
Daniel J Walsh
c678c06cf7 - Eliminate multiple in pam_selinux 2005-10-26 19:23:04 +00:00
Daniel J Walsh
dc2e11c86b - Eliminate fail over for getseuserbyname call 2005-10-18 15:41:53 +00:00
Daniel J Walsh
cf7b021d49 - Add getseuserbyname call for SELinux MCS/MLS policy 2005-10-13 21:36:33 +00:00
Daniel J Walsh
97c6e8fa55 - Add getseuserbyname call for SELinux MCS/MLS policy 2005-10-13 21:10:48 +00:00
Tomáš Mráz
9f1545ee2e - pam_console manpage fixes (#169373) 2005-10-04 13:46:58 +00:00
Tomáš Mráz
84f70fb55d - don't include ps and pdf docs (#168823)
- new common config file for configuration utilities
- remove glib2 dependency (#166979)
2005-09-30 13:52:28 +00:00
Tomáš Mráz
5cac4c86fa - pam_unix: always honor nis flag on password change (by Aaron Hope) 2005-09-20 13:42:45 +00:00
Tomáš Mráz
6f66f1e5c6 - process limit values other than RLIMIT_NICE correctly (#168790) 2005-09-20 12:34:48 +00:00
Tomáš Mráz
efa997e610 - don't fail in audit code when audit is not compiled in on the newest
kernels (#166422)
2005-08-24 09:15:09 +00:00
Tomáš Mráz
bc4cc2dea1 - add option to pam_loginuid to require auditd 2005-08-01 09:14:07 +00:00
Tomáš Mráz
a92b0ed73f - fix NULL dereference in pam_userdb (#164418) 2005-07-28 09:40:49 +00:00
Tomáš Mráz
4c014b4ae5 - fix 64bit bug in pam_pwdb
- don't crash in pam_unix if pam_get_data fail
2005-07-26 08:36:20 +00:00
Tomáš Mráz
009a4f4368 - more pam_selinux permissive fixes (Dan Walsh)
- make binaries PIE (#158938)
2005-07-22 14:17:33 +00:00
Tomáš Mráz
21ad6a063b - fixed module tests so the pam doesn't require itself to build (#163502)
- added buildprereq for building the documentation (#163503)
- relaxed permissions of binaries (u+w)
2005-07-18 16:00:41 +00:00
Tomáš Mráz
f7c051ac6e - upgrade to new upstream sources
- removed obsolete patches
- pam_selinux module shouldn't fail on broken configs unless policy is set
    to enforcing (Dan Walsh)
2005-07-14 14:21:56 +00:00
Tomáš Mráz
24d731a55f - update pam audit patch
- add support for new limits in kernel-2.6.12 (#157050)
2005-06-21 15:03:23 +00:00
Tomáš Mráz
8e736edd31 - pam_loginuid shouldn't report error when /proc/self/loginuid is missing
(#159974)
2005-06-09 21:28:52 +00:00
Tomáš Mráz
7457524347 - add the Requires dependency on audit-libs (#159885) 2005-06-09 11:47:18 +00:00
Tomáš Mráz
4d1f895c96 Fix the build breakage - unpackaged files 2005-05-23 14:31:06 +00:00
Tomáš Mráz
e6a42109ce - don't install the .so links in /lib 2005-05-20 16:05:48 +00:00
Tomáš Mráz
eecc66af23 - update the pam audit patch to support newest audit library, audit also
pam_setcred calls (Steve Grubb)
- don't use the audit_fd as global static variable
- don't unset the XAUTHORITY when target user is root
2005-05-20 15:53:01 +00:00
Tomáš Mráz
6eb3fc0500 - update the pam audit patch to support newest audit library (Steve Grubb) 2005-05-19 18:38:45 +00:00
Tomáš Mráz
fd39e73da0 - pam_console: support loading .perms files in the console.perms.d
(#156069)
2005-05-02 09:53:46 +00:00
Tomáš Mráz
d0ec5ba6c1 - pam_xauth: unset the XAUTHORITY variable on error, fix potential memory
leaks
- modify path to IDE floppy devices in console.perms (#155560)
2005-04-26 12:00:40 +00:00
Steve Grubb
8543c3b252 - Adjusted pam audit patch to make exception for ECONNREFUSED 2005-04-16 14:20:05 +00:00
Tomáš Mráz
f1b09e9b25 - added auditing patch by Steve Grubb
- added cleanup patches for bugs found by Steve Grubb
- don't clear the shadow option of pam_unix if nis option used
2005-04-12 16:33:08 +00:00
Tomáš Mráz
2f260114b9 - #150537 - flush input first then write the prompt 2005-04-08 15:10:15 +00:00
Tomáš Mráz
2d246d8a30 - make pam_unix LSB 2.0 compliant even when SELinux enabled
- #88127 - change both local and NIS passwords to keep them in sync, also
    fix a regression in passwd functionality on NIS master server
2005-04-07 18:40:36 +00:00
Tomáš Mráz
ea4ac73989 - #153711 fix wrong logging in pam_selinux when restoring tty label 2005-04-05 07:40:00 +00:00
Tomáš Mráz
a6a9f4a660 - fix NULL deref in pam_tally when it's used in account phase 2005-04-03 17:12:42 +00:00
Tomáš Mráz
f405278c4f - upgrade to the new upstream release
- moved pam_loginuid to pam-redhat repository
2005-03-31 17:15:12 +00:00
Tomáš Mráz
953e2b6048 - fix wrong logging in pam_console handlers
- add executing ainit handler for alsa sound dmix
- #147879, #112777 - change permissions for dri devices
2005-03-23 12:57:40 +00:00
Tomáš Mráz
cba291fef4 - remove ownership and permissions handling from pam_console call
pam_console_apply as a handler instead
2005-03-19 18:22:00 +00:00
Tomáš Mráz
6513c12e82 - add pam_loginuid module for setting the the login uid for auditing
purposes (by Steve Grubb)
2005-03-14 21:06:07 +00:00
Tomáš Mráz
03d329b496 - must link glib dynamically to .so 2005-03-10 11:01:23 +00:00
Tomáš Mráz
57f66ca8c9 - add functionality for running handler executables from pam_console when
console lock was obtained/lost
- removed patches merged to pam-redhat
2005-03-10 08:14:36 +00:00
Tomáš Mráz
36ee704c88 - fixed some warnings and errors in pam_console for gcc4 build
- improved parsing pam_console config file
2005-03-01 14:36:54 +00:00
Tomáš Mráz
c337b8bf0b - echo why tests failed when rebuilding 2005-03-01 09:06:36 +00:00
Tomáš Mráz
889643ba88 - don't log garbage in pam_console_apply (#147879) 2005-02-21 15:33:24 +00:00
Tomáš Mráz
6e7f9c67de - updated pam-redhat from elvis CVS 2005-01-12 11:16:28 +00:00
jbj
02ac0dcb18 - depend on db-4.3.27, not db-4.3.21. 2005-01-03 17:59:12 +00:00
Tomáš Mráz
b0baf41bab - add argument to pam_console_apply to restrict its work to specified files 2004-11-25 16:40:18 +00:00
Tomáš Mráz
36d4eeff57 - #137802 allow using pam_console for authentication 2004-11-23 15:38:57 +00:00
Tomáš Mráz
056a40e611 - update to Linux-PAM-0.78
- #140451 parse passwd entries correctly and test for failure
2004-11-23 15:32:59 +00:00
jbj
0da465a133 - rebuild against db-4.3.21. 2004-11-13 00:33:17 +00:00
Tomáš Mráz
1916d7ac37 - #77646 log failures when renaming the files when changing password
- Log failure on missing /etc/security/opasswd when remember option is
    present
2004-11-11 13:52:15 +00:00
Tomáš Mráz
91347f07d7 - #87628 pam_timestamp remembers authorization after logout
- #116956 fixed memory leaks in pam_stack
2004-11-10 17:52:27 +00:00
Tomáš Mráz
6c581a0e6d - #74062 modify the pwd-lock patch to remove NIS passwd changing deadlock 2004-10-20 14:46:49 +00:00
Tomáš Mráz
68feec353f - #134941 pam_console should check X11 socket only on login 2004-10-20 13:10:13 +00:00
Tomáš Mráz
3eef649366 - Fix checking of group in %group syntax in pam_limits
- Drop fencepost patch as it was already fixed by upstream change from 0.75
    to 0.77
- Fix brokenshadow patch
2004-10-19 14:25:05 +00:00
Tomáš Mráz
8e01e56e3b - even more console.perms entries
- drop the apply to dir patch - it won't work
2004-10-14 16:42:00 +00:00
Tomáš Mráz
b880f65bb5 forgot to remove obsolete patch 2004-10-14 16:03:31 +00:00
Tomáš Mráz
9abd7cf374 - Added bluetooth, raw1394 and flash to console.perms
- pam_console manpage fix
- Allow to apply console.perms to dir when
2004-10-14 16:02:39 +00:00
Tomáš Mráz
149b939c53 - #126985 pam_stack should always copy the conversation function
- #127524 add /etc/security/opasswd to files
2004-10-11 14:48:11 +00:00
Tomáš Mráz
89f73ad59c - pam_env shouldn't abort on missing /etc/environment 2004-10-11 12:09:28 +00:00
Phil Knirsch
6dc6125605 - Dropped last patch again, real fix is /etc/environment file in setup 2004-09-28 16:18:30 +00:00
Phil Knirsch
0886c1641c - Fixed bug in pam_env where wrong initializer was used 2004-09-23 16:21:40 +00:00
Daniel J Walsh
632558e3e9 use checkPasswdAccess in pam_rootok 2004-09-17 17:54:12 +00:00
Jindrich Novy
d52fe82242 - added patches from Tomas Mraz 2004-09-13 13:57:04 +00:00
cvsdist
6e7e8cb073 auto-import changelog data from pam-0.77-55.src.rpm
Mon Aug 30 2004 Warren Togami <wtogami@redhat.com> 0.77-55
- #126024 /dev/pmu console perms
2004-09-09 09:59:24 +00:00
cvsdist
89c884f64a auto-import changelog data from pam-0.77-54.src.rpm
Wed Aug 04 2004 Dan Walsh <dwalsh@redhat.com> 0.77-54
- Move pam_console.lock to /var/run/console/
2004-09-09 09:59:18 +00:00
cvsdist
0095dae916 auto-import changelog data from pam-0.77-53.src.rpm
Thu Jul 29 2004 Dan Walsh <dwalsh@redhat.com> 0.77-53
- Close fd[1] before pam_modutilread so that unix_verify will complete
2004-09-09 09:59:10 +00:00
cvsdist
a9bb82bba8 auto-import changelog data from pam-0.77-52.src.rpm
Tue Jul 27 2004 Alan Cox <alan@redhat.com> 0.77-52
- First chunk of Steve Grubb's resource leak and other fixes
Tue Jul 27 2004 Alan Cox <alan@redhat.com> 0.77-51
- Fixed build testing of modules
- Fixed dependancies
2004-09-09 09:58:59 +00:00
cvsdist
e4862f785f auto-import pam-0.77-51 from pam-0.77-51.src.rpm 2004-09-09 09:58:35 +00:00
cvsdist
c7e9550fec auto-import changelog data from pam-0.77-50.src.rpm
Tue Jul 20 2004 Dan Walsh <dwalsh@redhat.com> 0.77-50
- Change unix_chkpwd to return pam error codes
2004-09-09 09:58:20 +00:00
cvsdist
21440a7021 auto-import pam-0.77-49 from pam-0.77-49.src.rpm 2004-09-09 09:58:05 +00:00
cvsdist
21937dd94b auto-import changelog data from pam-0.77-48.src.rpm
Sat Jul 10 2004 Alan Cox <alan@redhat.com>
- Fixed the pam glib2 dependancy issue
2004-09-09 09:57:54 +00:00
cvsdist
ae27812230 auto-import changelog data from pam-0.77-47.src.rpm
Mon Jun 21 2004 Alan Cox <alan@redhat.com>
- Fixed the pam_limits fencepost error (#79989) since nobody seems to be
    doing it
Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
Wed Jun 09 2004 Dan Walsh <dwalsh@redhat.com> 0.77-45
- Add requires libselinux > 1.8
2004-09-09 09:57:48 +00:00
cvsdist
ccf51eec26 auto-import changelog data from pam-0.77-44.src.rpm
Thu Jun 03 2004 Dan Walsh <dwalsh@redhat.com> 0.77-44
- Add MLS Support to selinux patch
Wed Jun 02 2004 Dan Walsh <dwalsh@redhat.com> 0.77-43
- Modify pam_selinux to use open and close param
2004-09-09 09:57:30 +00:00
cvsdist
4d16522876 auto-import changelog data from pam-0.77-43.src.rpm
Fri May 28 2004 Dan Walsh <dwalsh@redhat.com> 0.77-42
- Split pam module into two parts open and close
2004-09-09 09:56:34 +00:00
cvsdist
aad5335ba7 auto-import changelog data from pam-0.77-41.src.rpm
Tue May 18 2004 Phil Knirsch <pknirsch@redhat.com> 0.77-41
- Fixed 64bit segfault in pam_succeed_if module.
Wed Apr 14 2004 Dan Walsh <dwalsh@redhat.com> 0.77-40
- Apply changes from audit.
Mon Apr 12 2004 Dan Walsh <dwalsh@redhat.com> 0.77-39
- Change to only report failure on relabel if debug
2004-09-09 09:56:22 +00:00
cvsdist
147d85b558 auto-import changelog data from pam-0.77-38.src.rpm
Wed Mar 03 2004 Dan Walsh <dwalsh@redhat.com> 0.77-38
- Fix error handling of pam_unix
Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
Thu Feb 26 2004 Dan Walsh <dwalsh@redhat.com> 0.77-36
- fix tty handling
Thu Feb 26 2004 Dan Walsh <dwalsh@redhat.com> 0.77-35
- remove tty closing and opening from pam_selinux, it does not work.
Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
Thu Feb 12 2004 Nalin Dahyabhai <nalin@redhat.com>
- pam_unix: also log successful password changes when using shadowed
    passwords
Tue Feb 10 2004 Dan Walsh <dwalsh@redhat.com> 0.77-33
- close and reopen terminal after changing context.
Thu Feb 05 2004 Dan Walsh <dwalsh@redhat.com> 0.77-32
- Check for valid tty
Tue Feb 03 2004 Dan Walsh <dwalsh@redhat.com> 0.77-31
- Check for multiple > 1
2004-09-09 09:55:13 +00:00
cvsdist
05a94aa964 auto-import changelog data from pam-0.77-30.src.rpm
Mon Feb 02 2004 Dan Walsh <dwalsh@redhat.com> 0.77-30
- fix is_selinux_enabled call for pam_rootok
Wed Jan 28 2004 Dan Walsh <dwalsh@redhat.com> 0.77-29
- More fixes to pam_selinux,pam_rootok
Wed Jan 28 2004 Dan Walsh <dwalsh@redhat.com> 0.77-28
- turn on selinux
Wed Jan 28 2004 Dan Walsh <dwalsh@redhat.com> 0.77-27
- Fix rootok check.
Mon Jan 26 2004 Dan Walsh <dwalsh@redhat.com> 0.77-26
- fix is_selinux_enabled call
Sun Jan 25 2004 Dan Walsh <dwalsh@redhat.com> 0.77-25
- Check if ROOTOK for SELinux
Thu Jan 15 2004 Dan Walsh <dwalsh@redhat.com> 0.77-24
- Fix tty handling for pts in pam_selinux
Thu Jan 15 2004 Dan Walsh <dwalsh@redhat.com> 0.77-23
- Need to add qualifier context for sudo situation
Thu Jan 15 2004 Dan Walsh <dwalsh@redhat.com> 0.77-22
- Fix pam_selinux to use prevcon instead of pam_user so it will work for
    su.
Fri Dec 12 2003 Bill Nottingham <notting@redhat.com> 0.77-21.sel
- add alsa devs to console.perms
Thu Dec 11 2003 Jeff Johnson <jbj@jbj.org> 0.77-20.sel
- rebuild with db-4.2.52.
- build db4 in build_unix, not dist.
Wed Nov 26 2003 Dan Walsh <dwalsh@redhat.com> 0.77-19.sel
- Change unix_chkpwd to handle unix_passwd and unix_acct
- This eliminates the need for pam modules to have read/write access to
    /etc/shadow.
Thu Nov 20 2003 Dan Walsh <dwalsh@redhat.com> 0.77-18.sel
- Cleanup unix_chkpwd
Mon Nov 03 2003 Dan Walsh <dwalsh@redhat.com> 0.77-17.sel
- Fix tty handling
- Add back multiple handling
Mon Oct 27 2003 Dan Walsh <dwalsh@redhat.com> 0.77-16.sel
- Remove Multiple from man page of pam_selinux
2004-09-09 09:54:59 +00:00
cvsdist
d577226563 auto-import changelog data from pam-0.77-15.src.rpm
Thu Oct 23 2003 Nalin Dahyabhai <nalin@redhat.com> 0.77-15
- don't install _pam_aconf.h -- apps don't use it, other PAM headers which
    are installed don't use it, and its contents may be different for
    arches on a multilib system
- check for linkage problems in modules at %install-time (kill #107093
    dead)
- add buildprereq on flex (#101563)
Wed Oct 22 2003 Nalin Dahyabhai <nalin@redhat.com>
- make pam_pwdb.so link with libnsl again so that it loads (#107093)
- remove now-bogus buildprereq on db4-devel (we use a bundled copy for
    pam_userdb to avoid symbol collisions with other db libraries in apps)
Mon Oct 20 2003 Dan Walsh <dwalsh@redhat.com> 0.77-14.sel
- Add Russell Coker patch to handle /dev/pty
Fri Oct 17 2003 Dan Walsh <dwalsh@redhat.com> 0.77-13.sel
- Turn on Selinux
Fri Oct 17 2003 Dan Walsh <dwalsh@redhat.com> 0.77-12
- Fix pam_timestamp to work when 0 seconds have elapsed
Mon Oct 06 2003 Dan Walsh <dwalsh@redhat.com> 0.77-11
- Turn off selinux
Thu Sep 25 2003 Dan Walsh <dwalsh@redhat.com> 0.77-10.sel
- Turn on Selinux and remove multiple choice of context.
Wed Sep 24 2003 Dan Walsh <dwalsh@redhat.com> 0.77-10
- Turn off selinux
Wed Sep 24 2003 Dan Walsh <dwalsh@redhat.com> 0.77-9.sel
- Add Russell's patch to check password
Wed Sep 17 2003 Dan Walsh <dwalsh@redhat.com> 0.77-8.sel
- handle ttys correctly in pam_selinux
Fri Sep 05 2003 Dan Walsh <dwalsh@redhat.com> 0.77-7.sel
- Clean up memory problems and fix tty handling.
Mon Jul 28 2003 Dan Walsh <dwalsh@redhat.com> 0.77-6
- Add manual context selection to pam_selinux
Mon Jul 28 2003 Dan Walsh <dwalsh@redhat.com> 0.77-5
- Add pam_selinux
Mon Jul 28 2003 Dan Walsh <dwalsh@redhat.com> 0.77-4
- Add SELinux support
2004-09-09 09:54:36 +00:00
cvsdist
325000d723 auto-import changelog data from pam-0.75-50.src.rpm
Thu Jul 24 2003 Nalin Dahyabhai <nalin@redhat.com> 0.75-50
- pam_postgresok: add
- pam_xauth: add targetuser= argument
Thu Jul 03 2003 Nalin Dahyabhai <nalin@redhat.com>
- pam_timestamp: use a message authentication code to validate timestamp
    files
Mon Jun 30 2003 Nalin Dahyabhai <nalin@redhat.com> 0.75-48.1
- rebuild
Mon Jun 09 2003 Nalin Dahyabhai <nalin@redhat.com> 0.75-49
- modify calls to getlogin() to check the directory of the current TTY
    before searching for an entry in the utmp/utmpx file
Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
- rebuilt
2004-09-09 09:52:51 +00:00
cvsdist
2cf2651983 auto-import pam-0.75-48 from pam-0.75-48.src.rpm 2004-09-09 09:51:54 +00:00
cvsdist
cb2381bfec auto-import pam-0.75-46.8.0 from pam-0.75-46.8.0.src.rpm 2004-09-09 09:51:33 +00:00
cvsdist
7414c339bf auto-import pam-0.75-40 from pam-0.75-40.src.rpm 2004-09-09 09:50:43 +00:00
cvsdist
215cd1a5d8 auto-import pam-0.75-39 from pam-0.75-39.src.rpm 2004-09-09 09:50:31 +00:00
cvsdist
19389eb4a0 auto-import pam-0.75-32 from pam-0.75-32.src.rpm 2004-09-09 09:50:13 +00:00
cvsdist
0313d50ba5 auto-import pam-0.75-31 from pam-0.75-31.src.rpm 2004-09-09 09:49:43 +00:00
cvsdist
035542f9c8 auto-import pam-0.75-29 from pam-0.75-29.src.rpm 2004-09-09 09:49:12 +00:00
cvsdist
a3662b18ba auto-import changelog data from pam-0.75-19s.1.src.rpm
Tue Mar 18 2003 D. Marlin <dmarlin@redhat.com>
- new s390 release number and rebuild for s390 (bug #85960)
2004-09-09 09:48:58 +00:00
cvsdist
ee87b1b8a8 auto-import changelog data from pam-0.75-19.src.rpm
Fri Nov 09 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-19
- fix a bug in the getpwnam_r wrapper which sometimes resulted in false
    positives for non-existent users
Wed Nov 07 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-18
- include libpamc in the pam package (#55651)
Fri Nov 02 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-17
- pam_xauth: don't free a string after passing it to putenv()
2004-09-09 09:48:40 +00:00
cvsdist
cd929cb3b7 auto-import changelog data from pam-0.75-16.src.rpm
Wed Oct 24 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-16
- pam_xauth: always return PAM_SUCCESS or PAM_SESSION_ERR instead of
    PAM_IGNORE, matching the previous behavior (libpam treats PAM_IGNORE
    from a single module in a stack as a session error, leading to false
    error messages if we just return PAM_IGNORE for all cases)
Mon Oct 22 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-15
- reorder patches so that the reentrancy patch is applied last -- we never
    came to a consensus on how to guard against the bugs in calling
    applications which this sort of change addresses, and having them last
    allows for dropping in a better strategy for addressing this later on
Mon Oct 15 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_rhosts: allow "+hostname" as a synonym for "hostname" to jive better
    with the hosts.equiv(5) man page
- use the automake install-sh instead of the autoconf install-sh, which
    disappeared somewhere between 2.50 and now
Mon Oct 08 2001 Nalin Dahyabhai <nalin@redhat.com>
- add pwdb as a buildprereq
Fri Oct 05 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_tally: don't try to read past the end of faillog -- it probably
    contains garbage, which if written into the file later on will confuse
    /usr/bin/faillog
Thu Oct 04 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_limits: don't just return if the user is root -- we'll want to set
    the priority (it could be negative to elevate root's sessions)
- pam_issue: fix off-by-one error allocating space for the prompt string
Wed Oct 03 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_mkhomedir: recurse into subdirectories properly
- pam_mkhomedir: handle symlinks
- pam_mkhomedir: skip over special items in the skeleton directory
Tue Oct 02 2001 Nalin Dahyabhai <nalin@redhat.com>
- add cracklib as a buildprereq
- pam_wheel: don't ignore out if the user is attempting to switch to a
    unprivileged user (this lets pam_wheel do its thing when users attempt
    to get to system accounts or accounts of other unprivileged users)
Fri Sep 28 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_xauth: close a possible DoS due to use of dotlock-style locking in
    world-writable directories by relocating the temporary file to the
    target user's home directory
- general: include headers local to this tree using relative paths so that
    system headers for PAM won't be pulled in, in case include paths don't
    take care of it
Thu Sep 27 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_xauth: rewrite to skip refcounting and just use a temporary file
    created using mkstemp() in /tmp
Tue Sep 25 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_userdb: fix the key_only flag so that the null-terminator of the
    user-password string isn't expected to be part of the key in the db
    file, matching the behavior of db_load 3.2.9
2004-09-09 09:48:16 +00:00
cvsdist
41a3ab7e5d auto-import changelog data from pam-0.75-14.src.rpm
Mon Sep 24 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-14
- argh, compare entire salt, always
2004-09-09 09:48:02 +00:00
cvsdist
43335dc5f0 auto-import changelog data from pam-0.75-13.src.rpm
Sat Sep 08 2001 Bill Nottingham <notting@redhat.com> 0.75-13
- ship /lib/lib{pam,pam_misc}.so for legacy package builds
2004-09-09 09:47:55 +00:00
cvsdist
0798a27113 auto-import changelog data from pam-0.75-12.src.rpm
Thu Sep 06 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-12
- noreplace configuration files in /etc/security
- pam_console: update pam_console_apply and man pages to reflect /var/lock
    -> /var/run move
2004-09-09 09:47:46 +00:00
cvsdist
e0a976492d auto-import changelog data from pam-0.75-11.src.rpm
Wed Sep 05 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-11
- pam_unix: fix the fix for #42394
Tue Sep 04 2001 Nalin Dahyabhai <nalin@redhat.com>
- modules: use getpwnam_r and friends instead of non-reentrant versions
- pam_console: clear generated .c and .h files in "clean" makefile target
Thu Aug 30 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_stack: perform deep copy of conversation structures
- include the static libpam in the -devel subpackage (#52321)
- move development .so and .a files to %{_libdir}
- pam_unix: don't barf on empty passwords (#51846)
- pam_unix: redo compatibility with "hash,age" data wrt bigcrypt (#42394)
- console.perms: add usb camera, scanner, and rio devices (#15528)
- pam_cracklib: initialize all options properly (#49613)
Wed Aug 22 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_limits: don't rule out negative priorities
2004-09-09 09:47:30 +00:00
cvsdist
a06b5aa53e auto-import changelog data from pam-0.75-10.src.rpm
Mon Aug 13 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_xauth: fix errors due to uninitialized data structure (fix from Tse
    Huong Choo)
- pam_xauth: random cleanups
- pam_console: use /var/run/console instead of /var/lock/console at
    install-time
- pam_unix: fix preserving of permissions on files which are manipulated
2004-09-09 09:47:07 +00:00
cvsdist
2e03b4f7c5 auto-import changelog data from pam-0.75-9.src.rpm
Fri Aug 10 2001 Bill Nottingham <notting@redhat.com>
- fix segfault in pam_securetty
Thu Aug 09 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_console: use /var/run/console instead of /var/lock/console for lock
    files
- pam_issue: read the right number of bytes from the file
Mon Jul 09 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_wheel: don't error out if the group has no members, but is the user's
    primary GID (reported by David Vos)
- pam_unix: preserve permissions on files which are manipulated (#43706)
- pam_securetty: check if the user is the superuser before checking the
    tty, thereby allowing regular users access to services which don't set
    the PAM_TTY item (#39247)
- pam_access: define NIS and link with libnsl (#36864)
Thu Jul 05 2001 Nalin Dahyabhai <nalin@redhat.com>
- link libpam_misc against libpam
Tue Jul 03 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_chroot: chdir() before chroot()
Fri Jun 29 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_console: fix logic bug when changing permissions on single file
    and/or lists of files
- pam_console: return the proper error code (reported and patches for both
    from Frederic Crozat)
- change deprecated Copyright: tag in .spec file to License:
Mon Jun 25 2001 Nalin Dahyabhai <nalin@redhat.com>
- console.perms: change js* to js[0-9]*
- include pam_aconf.h in more modules (patches from Harald Welte)
Thu May 24 2001 Nalin Dahyabhai <nalin@redhat.com>
- console.perms: add apm_bios to the list of devices the console owner can
    use
- console.perms: add beep to the list of sound devices
Mon May 07 2001 Nalin Dahyabhai <nalin@redhat.com>
- link pam_console_apply statically with libglib (#38891)
Mon Apr 30 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_access: compare IP addresses with the terminating ".", as documented
    (patch from Carlo Marcelo Arenas Belon, I think) (#16505)
Mon Apr 23 2001 Nalin Dahyabhai <nalin@redhat.com>
- merge up to 0.75
- pam_unix: temporarily ignore SIGCHLD while running the helper
- pam_pwdb: temporarily ignore SIGCHLD while running the helper
- pam_dispatch: default to uncached behavior if the cached chain is empty
2004-09-09 09:47:05 +00:00
cvsdist
5a395181ad auto-import changelog data from pam-0.74-22.src.rpm
Fri Apr 06 2001 Nalin Dahyabhai <nalin@redhat.com>
- correct speling errors in various debug messages and doc files (#33494)
Thu Apr 05 2001 Nalin Dahyabhai <nalin@redhat.com>
- prereq sed, fileutils (used in %post)
Wed Apr 04 2001 Nalin Dahyabhai <nalin@redhat.com>
- remove /dev/dri from console.perms -- XFree86 munges it, so it's outside
    of our control (reminder from Daryll Strauss)
- add /dev/3dfx to console.perms
Fri Mar 23 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_wheel: make 'trust' and 'deny' work together correctly
- pam_wheel: also check the user's primary gid
- pam_group: also initialize groups when called with PAM_REINITIALIZE_CRED
Tue Mar 20 2001 Nalin Dahyabhai <nalin@redhat.com>
- mention pam_console_apply in the see also section of the pam_console man
    pages
Fri Mar 16 2001 Nalin Dahyabhai <nalin@redhat.com>
- console.perms: /dev/vc/* should be a regexp, not a glob (thanks to
    Charles Lopes)
Mon Mar 12 2001 Nalin Dahyabhai <nalin@redhat.com>
- console.perms: /dev/cdroms/* should belong to the user, from Douglas
    Gilbert via Tim Waugh
Thu Mar 08 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_console_apply: muck with devices even if the mount point doesn't
    exist
Wed Mar 07 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_console: error out on undefined classes in pam_console config file
- console.perms: actually change the permissions on the new device classes
- pam_console: add an fstab= argument, and -f and -c flags to
    pam_console_apply
- pam_console: use g_log instead of g_critical when bailing out
- console.perms: logins on /dev/vc/* are also console logins, from Douglas
    Gilbert via Tim Waugh
Tue Mar 06 2001 Nalin Dahyabhai <nalin@redhat.com>
- add pam_console_apply
- /dev/pilot's usually a serial port (or a USB serial port), so revert its
    group to 'uucp' instead of 'tty' in console.perms
- change pam_console's behavior wrt directories -- directories which are
    mount points according to /etc/fstab are taken to be synonymous with
    their device special nodes, and directories which are not mount points
    are ignored
Tue Feb 27 2001 Nalin Dahyabhai <nalin@redhat.com>
- handle errors fork()ing in pam_xauth
- make the "other" config noreplace
Mon Feb 26 2001 Nalin Dahyabhai <nalin@redhat.com>
- user should own the /dev/video directory, not the non-existent /dev/v4l
- tweak pam_limits doc
Wed Feb 21 2001 Nalin Dahyabhai <nalin@redhat.com>
- own /etc/security
- be more descriptive when logging messages from pam_limits
- pam_listfile: remove some debugging code (#28346)
Mon Feb 19 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_lastlog: don't pass NULL to logwtmp()
Fri Feb 16 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_listfile: fix argument parser (#27773)
- pam_lastlog: link to libutil
Tue Feb 13 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_limits: change the documented default config file to reflect the
    defaults
- pam_limits: you should be able to log in a total of maxlogins times, not
    (maxlogins - 1)
- handle group limits on maxlogins correctly (#25690)
Mon Feb 12 2001 Nalin Dahyabhai <nalin@redhat.com>
- change the pam_xauth default maximum "system user" ID from 499 to 99
    (#26343)
Wed Feb 07 2001 Nalin Dahyabhai <nalin@redhat.com>
- refresh the default system-auth file, pam_access is out
Mon Feb 05 2001 Nalin Dahyabhai <nalin@redhat.com>
- actually time out when attempting to lckpwdf() (#25889)
- include time.h in pam_issue (#25923)
- update the default system-auth to the one generated by authconfig 4.1.1
- handle getpw??? and getgr??? failures more gracefully (#26115)
- get rid of some extraneous {set,end}{pw,gr}ent() calls
Tue Jan 30 2001 Nalin Dahyabhai <nalin@redhat.com>
- overhaul pam_stack to account for abstraction libpam now provides
Tue Jan 23 2001 Nalin Dahyabhai <nalin@redhat.com>
- remove pam_radius
Mon Jan 22 2001 Nalin Dahyabhai <nalin@redhat.com>
- merge to 0.74
- make console.perms match perms set by MAKEDEV, and add some devfs device
    names
- add 'sed' to the buildprereq list (#24666)
Sun Jan 21 2001 Matt Wilson <msw@redhat.com>
- added "exit 0" to the end of the %pre script
Fri Jan 19 2001 Nalin Dahyabhai <nalin@redhat.com>
- self-hosting fix from Guy Streeter
Wed Jan 17 2001 Nalin Dahyabhai <nalin@redhat.com>
- use gcc for LD_L to pull in intrinsic stuff on ia64
Fri Jan 12 2001 Nalin Dahyabhai <nalin@redhat.com>
- take another whack at compatibility with "hash,age" data in pam_unix
    (#21603)
Wed Jan 10 2001 Nalin Dahyabhai <nalin@redhat.com>
- make the -devel subpackage unconditional
Tue Jan 09 2001 Nalin Dahyabhai <nalin@redhat.com>
- merge/update to 0.73
Mon Dec 18 2000 Nalin Dahyabhai <nalin@redhat.com>
- refresh from CVS -- some weird stuff crept into pam_unix
Tue Dec 12 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix handling of "nis" when changing passwords by adding the checks for
    the data source to the password-updating module in pam_unix
- add the original copyright for pam_access (fix from Michael Gerdts)
2004-09-09 09:46:56 +00:00
cvsdist
69b5f73459 auto-import changelog data from pam-0.72-37.src.rpm
Thu Nov 30 2000 Nalin Dahyabhai <nalin@redhat.com>
- redo similar() using a distance algorithm and drop the default dif_ok to
    5
Wed Nov 29 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix similar() function in pam_cracklib (#14740)
- fix example in access.conf (#21467)
- add conditional compilation for building for 6.2 (for pam_userdb)
- tweak post to not use USESHADOW any more
Tue Nov 28 2000 Nalin Dahyabhai <nalin@redhat.com>
- make EINVAL setting lock limits in pam_limits non-fatal, because it's a
    2.4ism
Tue Nov 21 2000 Nalin Dahyabhai <nalin@redhat.com>
- revert to DB 3.1, which is what we were supposed to be using from the
    get-go
Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com>
- add RLIMIT_LOCKS to pam_limits (patch from Jes Sorensen) (#20542)
- link pam_userdb to Berkeley DB 2.x to match 6.2's setup correctly
Mon Nov 06 2000 Matt Wilson <msw@redhat.com>
- remove prereq on sh-utils, test ([) is built in to bash
Thu Oct 19 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix the pam_userdb module breaking
Wed Oct 18 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix pam_unix likeauth argument for authenticate(),setcred(),setcred()
Tue Oct 17 2000 Nalin Dahyabhai <nalin@redhat.com>
- tweak pre script to be called in all upgrade cases
- get pam_unix to only care about the significant pieces of passwords it
    checks
- add /usr/include/db1/db.h as a build prereq to pull in the right include
    files, no matter whether they're in glibc-devel or db1-devel
- pam_userdb.c: include db1/db.h instead of db.h
Wed Oct 11 2000 Nalin Dahyabhai <nalin@redhat.com>
- add BuildPrereq for bison (suggested by Bryan Stillwell)
Fri Oct 06 2000 Nalin Dahyabhai <nalin@redhat.com>
- patch from Dmitry V. Levin to have pam_stack propagate the PAM fail_delay
- roll back the README for pam_xauth to actually be the right one
- tweak pam_stack to use the parent's service name when calling the
    substack
Wed Oct 04 2000 Nalin Dahyabhai <nalin@redhat.com>
- create /etc/sysconfig/authconfig at install-time if upgrading
Mon Oct 02 2000 Nalin Dahyabhai <nalin@redhat.com>
- modify the files list to make sure #16456 stays fixed
- make pam_stack track PAM_AUTHTOK and PAM_OLDAUTHTOK items
- add pam_chroot module
- self-hosting fixes from the -devel split
- update generated docs in the tree
Tue Sep 12 2000 Nalin Dahyabhai <nalin@redhat.com>
- split off a -devel subpackage
- install the developer man pages
Sun Sep 10 2000 Bill Nottingham <notting@redhat.com>
- build libraries before modules
Wed Sep 06 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix problems when looking for headers in /usr/include (#17236)
- clean up a couple of compile warnings
2004-09-09 09:46:49 +00:00
cvsdist
d1a852a2f9 auto-import changelog data from pam-0.72-26.src.rpm
Tue Aug 22 2000 Nalin Dahyabhai <nalin@redhat.com>
- give users /dev/cdrom* instead of /dev/cdrom in console.perms (#16768)
- add nvidia control files to console.perms
Tue Aug 22 2000 Bill Nottingham <notting@redhat.com>
- add DRI devices to console.perms (#16731)
Thu Aug 17 2000 Nalin Dahyabhai <nalin@redhat.com>
- move pam_filter modules to /lib/security/pam_filter (#16111)
- add pam_tally's application to allow counts to be reset (#16456)
- move README files to the txts subdirectory
Mon Aug 14 2000 Nalin Dahyabhai <nalin@redhat.com>
- add a postun that runs ldconfig
- clean up logging in pam_xauth
Fri Aug 04 2000 Nalin Dahyabhai <nalin@redhat.com>
- make the tarball include the release number in its name
Mon Jul 31 2000 Nalin Dahyabhai <nalin@redhat.com>
- add a broken_shadow option to pam_unix
- add all module README files to the documentation list (#16456)
Tue Jul 25 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix pam_stack debug and losing-track-of-the-result bug
Mon Jul 24 2000 Nalin Dahyabhai <nalin@redhat.com>
- rework pam_console's usage of syslog to actually be sane (#14646)
Sat Jul 22 2000 Nalin Dahyabhai <nalin@redhat.com>
- take the LOG_ERR flag off of some of pam_console's new messages
Fri Jul 21 2000 Nalin Dahyabhai <nalin@redhat.com>
- add pam_localuser
Wed Jul 12 2000 Nalin Dahyabhai <nalin@redhat.com>
- need to make pam_console's checking a little stronger
- only pass data up from pam_stack if the parent didn't already define it
Wed Jul 12 2000 Prospector <bugzilla@redhat.com>
- automatic rebuild
Tue Jul 11 2000 Nalin Dahyabhai <nalin@redhat.com>
- make pam_console's extra checks disableable
- simplify extra check to just check if the device owner is root
- add a debug log when pam_stack comes across a NULL item
- have pam_stack hand items up to the parent from the child
Mon Jul 03 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix installation of pam_xauth man pages (#12417)
- forcibly strip helpers (#12430)
- try to make pam_console a little more discriminating
Mon Jun 19 2000 Nalin Dahyabhai <nalin@redhat.com>
- symlink libpam.so to libpam.so.0.72, and likewise for libpam_misc
- reverse order of checks in _unix_getpwnam for pam_unix
Wed Jun 14 2000 Preston Brown <pbrown@redhat.com>
- include gpmctl in pam_console
Mon Jun 05 2000 Nalin Dahyabhai <nalin@redhat.com>
- add MANDIR definition and use it when installing man pages
Mon Jun 05 2000 Preston Brown <pbrown@redhat.com>
- handle scanner and cdwriter devices in pam_console
Sat Jun 03 2000 Nalin Dahyabhai <nalin@redhat.com>
- add account management wrappers for pam_listfile, pam_nologin,
    pam_securetty, pam_shells, and pam_wheel
Thu Jun 01 2000 Nalin Dahyabhai <nalin@redhat.com>
- add system-auth control file
- let gethostname() call in pam_access.c be implicitly declared to avoid
    conflicting types if unistd.c declares it
Mon May 15 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix problems compiling on Red Hat Linux 5.x (bug #11005)
Wed Apr 26 2000 Bill Nottingham <notting@redhat.com>
- fix size assumptions in pam_(pwdb|unix) md5 code
Mon Mar 20 2000 Nalin Dahyabhai <nalin@redhat.com>
- Add new pam_stack module.
- Install pwdb_chkpwd and unix_chkpwd as the current user for non-root
    builds
Sat Feb 05 2000 Nalin Dahyabhai <nalin@redhat.com>
- Fix pam_xauth bug #6191.
Thu Feb 03 2000 Elliot Lee <sopwith@redhat.com>
- Add a patch to accept 'pts/N' in /etc/securetty as a match for tty '5'
    (which is what other pieces of the system think it is). Fixes bug
    #7641.
Mon Jan 31 2000 Nalin Dahyabhai <nalin@redhat.com>
- argh, turn off gratuitous debugging
Wed Jan 19 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to 0.72
- fix pam_unix password-changing bug
- fix pam_unix's cracklib support
- change package URL
Mon Jan 03 2000 Cristian Gafton <gafton@redhat.com>
- don't allow '/' on service_name
Thu Oct 21 1999 Cristian Gafton <gafton@redhat.com>
- enhance the pam_userdb module some more
Fri Sep 24 1999 Cristian Gafton <gafton@redhat.com>
- add documenatation
Tue Sep 21 1999 Michael K. Johnson <johnsonm@redhat.com>
- a tiny change to pam_console to make it not loose track of console users
Mon Sep 20 1999 Michael K. Johnson <johnsonm@redhat.com>
- a few fixes to pam_xauth to make it more robust
Wed Jul 14 1999 Michael K. Johnson <johnsonm@redhat.com>
- pam_console: added <xconsole> to manage /dev/console
Thu Jul 01 1999 Michael K. Johnson <johnsonm@redhat.com>
- pam_xauth: New refcounting implementation based on idea from Stephen
    Tweedie
Sat Apr 17 1999 Michael K. Johnson <johnsonm@redhat.com>
- added video4linux devices to /etc/security/console.perms
Fri Apr 16 1999 Michael K. Johnson <johnsonm@redhat.com>
- added joystick lines to /etc/security/console.perms
Thu Apr 15 1999 Michael K. Johnson <johnsonm@redhat.com>
- fixed a couple segfaults in pam_xauth uncovered by yesterday's fix...
Wed Apr 14 1999 Cristian Gafton <gafton@redhat.com>
- use gcc -shared to link the shared libs
Wed Apr 14 1999 Michael K. Johnson <johnsonm@redhat.com>
- many bug fixes in pam_xauth
- pam_console can now handle broken applications that do not set the
    PAM_TTY item.
Tue Apr 13 1999 Michael K. Johnson <johnsonm@redhat.com>
- fixed glob/regexp confusion in pam_console, added kbd and fixed fb
    devices
- added pam_xauth module
Sat Apr 10 1999 Cristian Gafton <gafton@redhat.com>
- pam_lastlog does wtmp handling now
Thu Apr 08 1999 Michael K. Johnson <johnsonm@redhat.com>
- added option parsing to pam_console
- added framebuffer devices to default console.perms settings
Wed Apr 07 1999 Cristian Gafton <gafton@redhat.com>
- fixed empty passwd handling in pam_pwdb
Mon Mar 29 1999 Michael K. Johnson <johnsonm@redhat.com>
- changed /dev/cdrom default user permissions back to 0600 in console.perms
    because some cdrom players open O_RDWR.
Fri Mar 26 1999 Michael K. Johnson <johnsonm@redhat.com>
- added /dev/jaz and /dev/zip to console.perms
Thu Mar 25 1999 Michael K. Johnson <johnsonm@redhat.com>
- changed the default user permissions for /dev/cdrom to 0400 in
    console.perms
Fri Mar 19 1999 Michael K. Johnson <johnsonm@redhat.com>
- fixed a few bugs in pam_console
Thu Mar 18 1999 Michael K. Johnson <johnsonm@redhat.com>
- pam_console authentication working
- added /etc/security/console.apps directory
Mon Mar 15 1999 Michael K. Johnson <johnsonm@redhat.com>
- added pam_console files to filelist
Fri Feb 12 1999 Cristian Gafton <gafton@redhat.com>
- upgraded to 0.66, some source cleanups
Mon Dec 28 1998 Cristian Gafton <gafton@redhat.com>
- add patch from Savochkin Andrey Vladimirovich <saw@msu.ru> for umask
    security risk
Fri Dec 18 1998 Cristian Gafton <gafton@redhat.com>
- upgrade to ver 0.65
- build the package out of internal CVS server
2004-09-09 09:46:09 +00:00