Commit Graph

211 Commits

Author SHA1 Message Date
Tomáš Mráz
991484aaf4 - apply db4 patch correctly 2007-09-25 20:26:29 +00:00
Tomáš Mráz
00939f1c06 - update db4 to 4.6.19 (#274661) 2007-09-25 20:15:45 +00:00
Tomáš Mráz
36d9a1c73d - do not preserve contexts when copying skel and other namespace.init fixes
(#298941)
- do not free memory sent to putenv (#231698)
2007-09-21 14:08:14 +00:00
Tomáš Mráz
43c3a5a46e - add pam_selinux_permit module
- pam_succeed_if: fix in operator (#295151)
2007-09-19 18:11:42 +00:00
Tomáš Mráz
ac8e934c7b - when SELinux enabled always run the helper binary instead of direct
shadow access (#293181)
2007-09-18 20:23:57 +00:00
Tomáš Mráz
9e1a698edf - do not ask for blank password when SELinux confined (#254044)
- initialize homedirs in namespace init script (original patch by dwalsh)
2007-08-24 13:15:01 +00:00
Tomáš Mráz
a47d5ca5e4 - multifunction scanner device support (#251468) 2007-08-22 19:30:39 +00:00
Tomáš Mráz
73ea19b4f7 - most devices are now handled by HAL and not pam_console (patch by davidz)
- license tag fix
2007-08-22 18:03:12 +00:00
Tomáš Mráz
81e34ba414 - fix auth regression when uid != 0 from previous build (#251804) 2007-08-13 09:05:04 +00:00
Tomáš Mráz
ecf62ebc17 - make db4 build with new glibc 2007-08-06 14:57:26 +00:00
Tomáš Mráz
8fa0463a67 - updated db4 to 4.6.18 (#249740)
- added user and new instance parameters to namespace init
- document the new features of pam_namespace
- do not log an audit error when uid != 0 (#249870)
2007-08-06 12:31:50 +00:00
Jeremy Katz
f6d27e9e3a - rebuild for toolchain bug 2007-07-25 17:52:58 +00:00
Tomáš Mráz
3f1e71cada - drop the merged patches 2007-07-23 19:07:42 +00:00
Tomáš Mráz
6c6453458a - upgrade to latest upstream version
- add some firewire devices to default console perms (#240770)
2007-07-23 18:46:31 +00:00
Tomáš Mráz
09b44afcb6 - pam_namespace: better document behavior on failure (#237249)
- pam_unix: split out passwd change to a new helper binary (#236316)
- pam_namespace: add support for temporary logons (#241226)
2007-06-04 14:22:15 +00:00
Tomáš Mráz
33d3c087e3 - pam_selinux: improve context change auditing (#234781)
- pam_namespace: fix parsing config file with unknown users (#234513)
2007-04-13 16:14:38 +00:00
Tomáš Mráz
a28e30cbc4 - pam_console: always decrement use count (#230823)
- pam_namespace: use raw context for poly dir name (#227345)
- pam_namespace: truncate long poly dir name (append hash) (#230120)
- we don't patch any po files anymore
2007-03-23 11:02:35 +00:00
Tomáš Mráz
71ab958a92 - correctly relabel tty in the default case (#229542)
- pam_unix: cleanup of bigcrypt support
- pam_unix: allow modification of '*' passwords to root
2007-02-21 20:32:28 +00:00
Tomáš Mráz
504a3315ce - more X displays as consoles (#227462) 2007-02-06 15:58:27 +00:00
Tomáš Mráz
bbd6bf031f - upgrade to new upstream version resolving CVE-2007-0003
- pam_namespace: unmount poly dir for override users
2007-01-24 12:14:29 +00:00
Tomáš Mráz
d1daca3136 - add back min salt length requirement which was erroneously removed
upstream
2007-01-22 13:11:10 +00:00
Tomáš Mráz
0b9c1bae67 - upgrade to new upstream version
- drop pam_stack module as it is obsolete
- some changes to silence rpmlint
2007-01-19 17:42:21 +00:00
Tomáš Mráz
8a453fc0be - properly include /var/log/faillog and tallylog as ghosts and create them
in post script (#209646)
- update gmo files as we patch some po files (#218271)
- add use_current_range option to pam_selinux (#220487)
- improve the role selection in pam_selinux
- remove shortcut on Password: in ja locale (#218271)
- revert to old euid and not ruid when setting euid in pam_keyinit
    (#219486)
- rename selinux-namespace patch to namespace-level
2007-01-16 20:14:28 +00:00
Daniel J Walsh
7ce306a7c7 - Fix selection of role 2007-01-03 19:18:27 +00:00
Tomáš Mráz
03d7f35c89 - autoreconf won't work with autoconf-2.61 as configure.in is not yet
adjusted for it
2006-11-30 13:00:48 +00:00
Tomáš Mráz
19a8f79ca1 - add select-context option to pam_selinux (#213812) 2006-11-30 09:40:03 +00:00
Tomáš Mráz
d589c9bdaf - we don't need this yet 2006-11-13 21:15:30 +00:00
Tomáš Mráz
4f2fe36b29 - update internal db4 to 4.5.20 version
- move setgid before setuid in pam_keyinit (#212329)
- make username check in pam_unix consistent with useradd (#212153)
2006-11-13 21:05:40 +00:00
Tomáš Mráz
ab60a42b72 - add pam_namespace option no_unmount_on_close, required for newrole 2006-09-28 13:11:14 +00:00
Tomáš Mráz
355576d558 - silence pam_succeed_if in default system-auth (#205067)
- round the pam_timestamp_check sleep up to wake up at the start of the
    wallclock second (#205068)
2006-09-04 14:31:09 +00:00
Tomáš Mráz
10ddab4186 - upgrade to new upstream version, as there are mostly bugfixes except
improved documentation
- add support for session and password service for pam_access and
    pam_succeed_if
- system-auth: skip session pam_unix for crond service
2006-08-31 20:51:59 +00:00
Daniel J Walsh
e3f2d52037 - Add new setkeycreatecon call to pam_selinux to make sure keyring has
correct context
2006-08-10 20:26:54 +00:00
Tomáš Mráz
685a1895f3 - revoke keyrings properly when pam_keyinit called as root (#201048)
- pam_succeed_if should return PAM_USER_UNKNOWN when getpwnam fails
    (#197748)
2006-08-10 13:34:26 +00:00
Tomáš Mráz
0b27f99e23 - revoke keyrings properly when pam_keyinit called more than once (#201048)
patch by David Howells
2006-08-02 18:08:23 +00:00
Tomáš Mráz
3e0c7af627 - don't log pam_keyinit debug messages by default (#199783) 2006-07-21 22:36:15 +00:00
Tomáš Mráz
f81d37360c - drop ainit from console.handlers (#199561) 2006-07-21 14:26:46 +00:00
Tomáš Mráz
2851cbe631 - drop ainit from console.handlers (#199561) 2006-07-21 14:22:56 +00:00
Tomáš Mráz
fce253b7c0 - don't report error in pam_selinux for nonexistent tty (#188722)
- add pam_keyinit to the default system-auth file (#198623)
2006-07-17 11:03:29 +00:00
Jesse Keating
d649923c46 bumped for rebuild 2006-07-12 07:37:04 +00:00
Tomáš Mráz
95ebf27f94 - the patch should be applied with -p0 2006-07-03 13:19:35 +00:00
Tomáš Mráz
e019bcd126 - fixed network match in pam_access (patch by Dan Yefimov) 2006-07-03 12:45:13 +00:00
Tomáš Mráz
4fea4c98d9 - namespace.init was missing from EXTRA_DIST 2006-06-30 10:06:09 +00:00
Tomáš Mráz
00eddc0974 - updated to a new upstream release
- added service as value to be matched and list matching to pam_succeed_if
2006-06-30 09:20:33 +00:00
Tomáš Mráz
85a854521e - a typo 2006-06-08 21:18:21 +00:00
Tomáš Mráz
da4d7fa8c5 - added buildrequires libtool
- fixed a few rpmlint warnings
2006-06-08 18:44:01 +00:00
Tomáš Mráz
7dffd3fb2d - updated pam_namespace with latest patch by Janak Desai
- merged pam_namespace patches
2006-06-08 14:27:54 +00:00
Tomáš Mráz
e99dd3962b - actually don't link to libssl as it is not used (#191915) 2006-05-24 09:05:18 +00:00
Tomáš Mráz
fa8c14fa63 - use md5 implementation from pam_unix in pam_namespace
- pam_namespace should call setexeccon only when selinux is enabled
2006-05-18 15:50:01 +00:00
Tomáš Mráz
63f5c77f8b - don't build hmactest in pam_timestamp so openssl-devel is not required
- add missing buildrequires (#191915)
2006-05-16 17:06:29 +00:00
Tomáš Mráz
0730695ea0 - pam_console_apply shouldn't access /var when called with -r (#191401)
- actually apply the large-uid patch
2006-05-16 16:12:18 +00:00
Tomáš Mráz
fda1b40256 - new module pam_exec 2006-05-10 14:43:55 +00:00
Tomáš Mráz
fbfca3562b - upgrade to new upstream version
- make pam_console_apply not dependent on glib
- support large uids in pam_tally, pam_tally2
2006-05-10 14:16:34 +00:00
Tomáš Mráz
5002e23046 - add namespace.init to %files 2006-05-04 11:53:08 +00:00
Tomáš Mráz
94d78f5a6d - the namespace instance init script is now in /etc/security (#190148)
- pam_namespace: added missing braces (#190026)
- pam_tally(2): never call fclose twice on the same FILE (from upstream)
2006-05-04 11:51:03 +00:00
Tomáš Mráz
4f1df63a4d - fixed console device class for irda (#189966)
- make pam_console_apply fail gracefully when a class is missing
2006-04-26 11:56:48 +00:00
Tomáš Mráz
54e490e814 - added pam_namespace module written by Janak Desai (per-user /tmp support)
- new pam-redhat modules version
2006-04-25 14:53:39 +00:00
Tomáš Mráz
48968f9a9f - added try_first_pass option to pam_cracklib
- use try_first_pass for pam_unix and pam_cracklib in system-auth (#182350)
2006-02-24 10:46:47 +00:00
Jesse Keating
222bbd42b7 bump for bug in double-long on ppc(64) 2006-02-11 04:55:08 +00:00
Jesse Keating
65811c5fcf bump for new gcc/glibc 2006-02-07 13:23:11 +00:00
Tomáš Mráz
46d6d056ab - new upstream version
- updated db4 to 4.3.29
- added module pam_tally2 with auditing support
- added manual pages for system-auth and config-util (#179584)
2006-02-03 12:41:29 +00:00
Tomáš Mráz
05cc723970 - remove 'initscripts' dependency (#176508)
- update pam-redhat modules, merged patches
2006-01-03 16:23:10 +00:00
Tomáš Mráz
9c00b5da67 - fix dangling symlinks in -devel (#175929)
- link libaudit only where necessary
- actually compile in audit support
2005-12-16 15:20:02 +00:00
Tomáš Mráz
f06eb03db8 - support netgroup matching in pam_succeed_if
- upgrade to new release
- drop pam_pwdb as it was obsolete long ago
- we don't build static libraries anymore
2005-12-15 23:47:42 +00:00
Jesse Keating
9b4988bee0 gcc update bump 2005-12-09 22:42:36 +00:00
Tomáš Mráz
a74a5d22a6 - pam_stack is deprecated - log its usage 2005-11-15 14:07:51 +00:00
Tomáš Mráz
ea087a7d8d - forgot to update requirements on audit-libs 2005-10-26 22:49:36 +00:00
Tomáš Mráz
30c2fd8c2e - fixed CAN-2005-2977 unix_chkpwd should skip user verification only if run
as root (#168181)
- link pam_loginuid to libaudit
- support no tty in pam_access (#170467)
- updated audit patch (by Steve Grubb)
- the previous pam_selinux change was not applied properly
- pam_xauth: look for the xauth binary in multiple directories (#171164)
2005-10-26 22:27:20 +00:00
Daniel J Walsh
c678c06cf7 - Eliminate multiple in pam_selinux 2005-10-26 19:23:04 +00:00
Daniel J Walsh
dc2e11c86b - Eliminate fail over for getseuserbyname call 2005-10-18 15:41:53 +00:00
Daniel J Walsh
cf7b021d49 - Add getseuserbyname call for SELinux MCS/MLS policy 2005-10-13 21:36:33 +00:00
Daniel J Walsh
97c6e8fa55 - Add getseuserbyname call for SELinux MCS/MLS policy 2005-10-13 21:10:48 +00:00
Tomáš Mráz
9f1545ee2e - pam_console manpage fixes (#169373) 2005-10-04 13:46:58 +00:00
Tomáš Mráz
84f70fb55d - don't include ps and pdf docs (#168823)
- new common config file for configuration utilities
- remove glib2 dependency (#166979)
2005-09-30 13:52:28 +00:00
Tomáš Mráz
5cac4c86fa - pam_unix: always honor nis flag on password change (by Aaron Hope) 2005-09-20 13:42:45 +00:00
Tomáš Mráz
6f66f1e5c6 - process limit values other than RLIMIT_NICE correctly (#168790) 2005-09-20 12:34:48 +00:00
Tomáš Mráz
efa997e610 - don't fail in audit code when audit is not compiled in on the newest
kernels (#166422)
2005-08-24 09:15:09 +00:00
Tomáš Mráz
bc4cc2dea1 - add option to pam_loginuid to require auditd 2005-08-01 09:14:07 +00:00
Tomáš Mráz
a92b0ed73f - fix NULL dereference in pam_userdb (#164418) 2005-07-28 09:40:49 +00:00
Tomáš Mráz
4c014b4ae5 - fix 64bit bug in pam_pwdb
- don't crash in pam_unix if pam_get_data fail
2005-07-26 08:36:20 +00:00
Tomáš Mráz
009a4f4368 - more pam_selinux permissive fixes (Dan Walsh)
- make binaries PIE (#158938)
2005-07-22 14:17:33 +00:00
Tomáš Mráz
21ad6a063b - fixed module tests so the pam doesn't require itself to build (#163502)
- added buildprereq for building the documentation (#163503)
- relaxed permissions of binaries (u+w)
2005-07-18 16:00:41 +00:00
Tomáš Mráz
f7c051ac6e - upgrade to new upstream sources
- removed obsolete patches
- pam_selinux module shouldn't fail on broken configs unless policy is set
    to enforcing (Dan Walsh)
2005-07-14 14:21:56 +00:00
Tomáš Mráz
24d731a55f - update pam audit patch
- add support for new limits in kernel-2.6.12 (#157050)
2005-06-21 15:03:23 +00:00
Tomáš Mráz
8e736edd31 - pam_loginuid shouldn't report error when /proc/self/loginuid is missing
(#159974)
2005-06-09 21:28:52 +00:00
Tomáš Mráz
7457524347 - add the Requires dependency on audit-libs (#159885) 2005-06-09 11:47:18 +00:00
Tomáš Mráz
4d1f895c96 Fix the build breakage - unpackaged files 2005-05-23 14:31:06 +00:00
Tomáš Mráz
e6a42109ce - don't install the .so links in /lib 2005-05-20 16:05:48 +00:00
Tomáš Mráz
eecc66af23 - update the pam audit patch to support newest audit library, audit also
pam_setcred calls (Steve Grubb)
- don't use the audit_fd as global static variable
- don't unset the XAUTHORITY when target user is root
2005-05-20 15:53:01 +00:00
Tomáš Mráz
6eb3fc0500 - update the pam audit patch to support newest audit library (Steve Grubb) 2005-05-19 18:38:45 +00:00
Tomáš Mráz
fd39e73da0 - pam_console: support loading .perms files in the console.perms.d
(#156069)
2005-05-02 09:53:46 +00:00
Tomáš Mráz
d0ec5ba6c1 - pam_xauth: unset the XAUTHORITY variable on error, fix potential memory
leaks
- modify path to IDE floppy devices in console.perms (#155560)
2005-04-26 12:00:40 +00:00
Steve Grubb
8543c3b252 - Adjusted pam audit patch to make exception for ECONNREFUSED 2005-04-16 14:20:05 +00:00
Tomáš Mráz
f1b09e9b25 - added auditing patch by Steve Grubb
- added cleanup patches for bugs found by Steve Grubb
- don't clear the shadow option of pam_unix if nis option used
2005-04-12 16:33:08 +00:00
Tomáš Mráz
2f260114b9 - #150537 - flush input first then write the prompt 2005-04-08 15:10:15 +00:00
Tomáš Mráz
2d246d8a30 - make pam_unix LSB 2.0 compliant even when SELinux enabled
- #88127 - change both local and NIS passwords to keep them in sync, also
    fix a regression in passwd functionality on NIS master server
2005-04-07 18:40:36 +00:00
Tomáš Mráz
ea4ac73989 - #153711 fix wrong logging in pam_selinux when restoring tty label 2005-04-05 07:40:00 +00:00
Tomáš Mráz
a6a9f4a660 - fix NULL deref in pam_tally when it's used in account phase 2005-04-03 17:12:42 +00:00
Tomáš Mráz
f405278c4f - upgrade to the new upstream release
- moved pam_loginuid to pam-redhat repository
2005-03-31 17:15:12 +00:00
Tomáš Mráz
953e2b6048 - fix wrong logging in pam_console handlers
- add executing ainit handler for alsa sound dmix
- #147879, #112777 - change permissions for dri devices
2005-03-23 12:57:40 +00:00
Tomáš Mráz
cba291fef4 - remove ownership and permissions handling from pam_console call
pam_console_apply as a handler instead
2005-03-19 18:22:00 +00:00