Commit Graph

54 Commits

Author SHA1 Message Date
Tomáš Mráz
b0baf41bab - add argument to pam_console_apply to restrict its work to specified files 2004-11-25 16:40:18 +00:00
Tomáš Mráz
36d4eeff57 - #137802 allow using pam_console for authentication 2004-11-23 15:38:57 +00:00
Tomáš Mráz
056a40e611 - update to Linux-PAM-0.78
- #140451 parse passwd entries correctly and test for failure
2004-11-23 15:32:59 +00:00
jbj
0da465a133 - rebuild against db-4.3.21. 2004-11-13 00:33:17 +00:00
Tomáš Mráz
1916d7ac37 - #77646 log failures when renaming the files when changing password
- Log failure on missing /etc/security/opasswd when remember option is
    present
2004-11-11 13:52:15 +00:00
Tomáš Mráz
91347f07d7 - #87628 pam_timestamp remembers authorization after logout
- #116956 fixed memory leaks in pam_stack
2004-11-10 17:52:27 +00:00
Tomáš Mráz
6c581a0e6d - #74062 modify the pwd-lock patch to remove NIS passwd changing deadlock 2004-10-20 14:46:49 +00:00
Tomáš Mráz
68feec353f - #134941 pam_console should check X11 socket only on login 2004-10-20 13:10:13 +00:00
Tomáš Mráz
3eef649366 - Fix checking of group in %group syntax in pam_limits
- Drop fencepost patch as it was already fixed by upstream change from 0.75
    to 0.77
- Fix brokenshadow patch
2004-10-19 14:25:05 +00:00
Tomáš Mráz
8e01e56e3b - even more console.perms entries
- drop the apply to dir patch - it won't work
2004-10-14 16:42:00 +00:00
Tomáš Mráz
b880f65bb5 forgot to remove obsolete patch 2004-10-14 16:03:31 +00:00
Tomáš Mráz
9abd7cf374 - Added bluetooth, raw1394 and flash to console.perms
- pam_console manpage fix
- Allow to apply console.perms to dir when
2004-10-14 16:02:39 +00:00
Tomáš Mráz
149b939c53 - #126985 pam_stack should always copy the conversation function
- #127524 add /etc/security/opasswd to files
2004-10-11 14:48:11 +00:00
Tomáš Mráz
89f73ad59c - pam_env shouldn't abort on missing /etc/environment 2004-10-11 12:09:28 +00:00
Phil Knirsch
6dc6125605 - Dropped last patch again, real fix is /etc/environment file in setup 2004-09-28 16:18:30 +00:00
Phil Knirsch
0886c1641c - Fixed bug in pam_env where wrong initializer was used 2004-09-23 16:21:40 +00:00
Daniel J Walsh
632558e3e9 use checkPasswdAccess in pam_rootok 2004-09-17 17:54:12 +00:00
Jindrich Novy
d52fe82242 - added patches from Tomas Mraz 2004-09-13 13:57:04 +00:00
cvsdist
6e7e8cb073 auto-import changelog data from pam-0.77-55.src.rpm
Mon Aug 30 2004 Warren Togami <wtogami@redhat.com> 0.77-55
- #126024 /dev/pmu console perms
2004-09-09 09:59:24 +00:00
cvsdist
89c884f64a auto-import changelog data from pam-0.77-54.src.rpm
Wed Aug 04 2004 Dan Walsh <dwalsh@redhat.com> 0.77-54
- Move pam_console.lock to /var/run/console/
2004-09-09 09:59:18 +00:00
cvsdist
0095dae916 auto-import changelog data from pam-0.77-53.src.rpm
Thu Jul 29 2004 Dan Walsh <dwalsh@redhat.com> 0.77-53
- Close fd[1] before pam_modutilread so that unix_verify will complete
2004-09-09 09:59:10 +00:00
cvsdist
a9bb82bba8 auto-import changelog data from pam-0.77-52.src.rpm
Tue Jul 27 2004 Alan Cox <alan@redhat.com> 0.77-52
- First chunk of Steve Grubb's resource leak and other fixes
Tue Jul 27 2004 Alan Cox <alan@redhat.com> 0.77-51
- Fixed build testing of modules
- Fixed dependancies
2004-09-09 09:58:59 +00:00
cvsdist
e4862f785f auto-import pam-0.77-51 from pam-0.77-51.src.rpm 2004-09-09 09:58:35 +00:00
cvsdist
c7e9550fec auto-import changelog data from pam-0.77-50.src.rpm
Tue Jul 20 2004 Dan Walsh <dwalsh@redhat.com> 0.77-50
- Change unix_chkpwd to return pam error codes
2004-09-09 09:58:20 +00:00
cvsdist
21440a7021 auto-import pam-0.77-49 from pam-0.77-49.src.rpm 2004-09-09 09:58:05 +00:00
cvsdist
21937dd94b auto-import changelog data from pam-0.77-48.src.rpm
Sat Jul 10 2004 Alan Cox <alan@redhat.com>
- Fixed the pam glib2 dependancy issue
2004-09-09 09:57:54 +00:00
cvsdist
ae27812230 auto-import changelog data from pam-0.77-47.src.rpm
Mon Jun 21 2004 Alan Cox <alan@redhat.com>
- Fixed the pam_limits fencepost error (#79989) since nobody seems to be
    doing it
Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
Wed Jun 09 2004 Dan Walsh <dwalsh@redhat.com> 0.77-45
- Add requires libselinux > 1.8
2004-09-09 09:57:48 +00:00
cvsdist
ccf51eec26 auto-import changelog data from pam-0.77-44.src.rpm
Thu Jun 03 2004 Dan Walsh <dwalsh@redhat.com> 0.77-44
- Add MLS Support to selinux patch
Wed Jun 02 2004 Dan Walsh <dwalsh@redhat.com> 0.77-43
- Modify pam_selinux to use open and close param
2004-09-09 09:57:30 +00:00
cvsdist
4d16522876 auto-import changelog data from pam-0.77-43.src.rpm
Fri May 28 2004 Dan Walsh <dwalsh@redhat.com> 0.77-42
- Split pam module into two parts open and close
2004-09-09 09:56:34 +00:00
cvsdist
aad5335ba7 auto-import changelog data from pam-0.77-41.src.rpm
Tue May 18 2004 Phil Knirsch <pknirsch@redhat.com> 0.77-41
- Fixed 64bit segfault in pam_succeed_if module.
Wed Apr 14 2004 Dan Walsh <dwalsh@redhat.com> 0.77-40
- Apply changes from audit.
Mon Apr 12 2004 Dan Walsh <dwalsh@redhat.com> 0.77-39
- Change to only report failure on relabel if debug
2004-09-09 09:56:22 +00:00
cvsdist
147d85b558 auto-import changelog data from pam-0.77-38.src.rpm
Wed Mar 03 2004 Dan Walsh <dwalsh@redhat.com> 0.77-38
- Fix error handling of pam_unix
Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
Thu Feb 26 2004 Dan Walsh <dwalsh@redhat.com> 0.77-36
- fix tty handling
Thu Feb 26 2004 Dan Walsh <dwalsh@redhat.com> 0.77-35
- remove tty closing and opening from pam_selinux, it does not work.
Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
Thu Feb 12 2004 Nalin Dahyabhai <nalin@redhat.com>
- pam_unix: also log successful password changes when using shadowed
    passwords
Tue Feb 10 2004 Dan Walsh <dwalsh@redhat.com> 0.77-33
- close and reopen terminal after changing context.
Thu Feb 05 2004 Dan Walsh <dwalsh@redhat.com> 0.77-32
- Check for valid tty
Tue Feb 03 2004 Dan Walsh <dwalsh@redhat.com> 0.77-31
- Check for multiple > 1
2004-09-09 09:55:13 +00:00
cvsdist
05a94aa964 auto-import changelog data from pam-0.77-30.src.rpm
Mon Feb 02 2004 Dan Walsh <dwalsh@redhat.com> 0.77-30
- fix is_selinux_enabled call for pam_rootok
Wed Jan 28 2004 Dan Walsh <dwalsh@redhat.com> 0.77-29
- More fixes to pam_selinux,pam_rootok
Wed Jan 28 2004 Dan Walsh <dwalsh@redhat.com> 0.77-28
- turn on selinux
Wed Jan 28 2004 Dan Walsh <dwalsh@redhat.com> 0.77-27
- Fix rootok check.
Mon Jan 26 2004 Dan Walsh <dwalsh@redhat.com> 0.77-26
- fix is_selinux_enabled call
Sun Jan 25 2004 Dan Walsh <dwalsh@redhat.com> 0.77-25
- Check if ROOTOK for SELinux
Thu Jan 15 2004 Dan Walsh <dwalsh@redhat.com> 0.77-24
- Fix tty handling for pts in pam_selinux
Thu Jan 15 2004 Dan Walsh <dwalsh@redhat.com> 0.77-23
- Need to add qualifier context for sudo situation
Thu Jan 15 2004 Dan Walsh <dwalsh@redhat.com> 0.77-22
- Fix pam_selinux to use prevcon instead of pam_user so it will work for
    su.
Fri Dec 12 2003 Bill Nottingham <notting@redhat.com> 0.77-21.sel
- add alsa devs to console.perms
Thu Dec 11 2003 Jeff Johnson <jbj@jbj.org> 0.77-20.sel
- rebuild with db-4.2.52.
- build db4 in build_unix, not dist.
Wed Nov 26 2003 Dan Walsh <dwalsh@redhat.com> 0.77-19.sel
- Change unix_chkpwd to handle unix_passwd and unix_acct
- This eliminates the need for pam modules to have read/write access to
    /etc/shadow.
Thu Nov 20 2003 Dan Walsh <dwalsh@redhat.com> 0.77-18.sel
- Cleanup unix_chkpwd
Mon Nov 03 2003 Dan Walsh <dwalsh@redhat.com> 0.77-17.sel
- Fix tty handling
- Add back multiple handling
Mon Oct 27 2003 Dan Walsh <dwalsh@redhat.com> 0.77-16.sel
- Remove Multiple from man page of pam_selinux
2004-09-09 09:54:59 +00:00
cvsdist
d577226563 auto-import changelog data from pam-0.77-15.src.rpm
Thu Oct 23 2003 Nalin Dahyabhai <nalin@redhat.com> 0.77-15
- don't install _pam_aconf.h -- apps don't use it, other PAM headers which
    are installed don't use it, and its contents may be different for
    arches on a multilib system
- check for linkage problems in modules at %install-time (kill #107093
    dead)
- add buildprereq on flex (#101563)
Wed Oct 22 2003 Nalin Dahyabhai <nalin@redhat.com>
- make pam_pwdb.so link with libnsl again so that it loads (#107093)
- remove now-bogus buildprereq on db4-devel (we use a bundled copy for
    pam_userdb to avoid symbol collisions with other db libraries in apps)
Mon Oct 20 2003 Dan Walsh <dwalsh@redhat.com> 0.77-14.sel
- Add Russell Coker patch to handle /dev/pty
Fri Oct 17 2003 Dan Walsh <dwalsh@redhat.com> 0.77-13.sel
- Turn on Selinux
Fri Oct 17 2003 Dan Walsh <dwalsh@redhat.com> 0.77-12
- Fix pam_timestamp to work when 0 seconds have elapsed
Mon Oct 06 2003 Dan Walsh <dwalsh@redhat.com> 0.77-11
- Turn off selinux
Thu Sep 25 2003 Dan Walsh <dwalsh@redhat.com> 0.77-10.sel
- Turn on Selinux and remove multiple choice of context.
Wed Sep 24 2003 Dan Walsh <dwalsh@redhat.com> 0.77-10
- Turn off selinux
Wed Sep 24 2003 Dan Walsh <dwalsh@redhat.com> 0.77-9.sel
- Add Russell's patch to check password
Wed Sep 17 2003 Dan Walsh <dwalsh@redhat.com> 0.77-8.sel
- handle ttys correctly in pam_selinux
Fri Sep 05 2003 Dan Walsh <dwalsh@redhat.com> 0.77-7.sel
- Clean up memory problems and fix tty handling.
Mon Jul 28 2003 Dan Walsh <dwalsh@redhat.com> 0.77-6
- Add manual context selection to pam_selinux
Mon Jul 28 2003 Dan Walsh <dwalsh@redhat.com> 0.77-5
- Add pam_selinux
Mon Jul 28 2003 Dan Walsh <dwalsh@redhat.com> 0.77-4
- Add SELinux support
2004-09-09 09:54:36 +00:00
cvsdist
325000d723 auto-import changelog data from pam-0.75-50.src.rpm
Thu Jul 24 2003 Nalin Dahyabhai <nalin@redhat.com> 0.75-50
- pam_postgresok: add
- pam_xauth: add targetuser= argument
Thu Jul 03 2003 Nalin Dahyabhai <nalin@redhat.com>
- pam_timestamp: use a message authentication code to validate timestamp
    files
Mon Jun 30 2003 Nalin Dahyabhai <nalin@redhat.com> 0.75-48.1
- rebuild
Mon Jun 09 2003 Nalin Dahyabhai <nalin@redhat.com> 0.75-49
- modify calls to getlogin() to check the directory of the current TTY
    before searching for an entry in the utmp/utmpx file
Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
- rebuilt
2004-09-09 09:52:51 +00:00
cvsdist
2cf2651983 auto-import pam-0.75-48 from pam-0.75-48.src.rpm 2004-09-09 09:51:54 +00:00
cvsdist
cb2381bfec auto-import pam-0.75-46.8.0 from pam-0.75-46.8.0.src.rpm 2004-09-09 09:51:33 +00:00
cvsdist
7414c339bf auto-import pam-0.75-40 from pam-0.75-40.src.rpm 2004-09-09 09:50:43 +00:00
cvsdist
215cd1a5d8 auto-import pam-0.75-39 from pam-0.75-39.src.rpm 2004-09-09 09:50:31 +00:00
cvsdist
19389eb4a0 auto-import pam-0.75-32 from pam-0.75-32.src.rpm 2004-09-09 09:50:13 +00:00
cvsdist
0313d50ba5 auto-import pam-0.75-31 from pam-0.75-31.src.rpm 2004-09-09 09:49:43 +00:00
cvsdist
035542f9c8 auto-import pam-0.75-29 from pam-0.75-29.src.rpm 2004-09-09 09:49:12 +00:00
cvsdist
a3662b18ba auto-import changelog data from pam-0.75-19s.1.src.rpm
Tue Mar 18 2003 D. Marlin <dmarlin@redhat.com>
- new s390 release number and rebuild for s390 (bug #85960)
2004-09-09 09:48:58 +00:00
cvsdist
ee87b1b8a8 auto-import changelog data from pam-0.75-19.src.rpm
Fri Nov 09 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-19
- fix a bug in the getpwnam_r wrapper which sometimes resulted in false
    positives for non-existent users
Wed Nov 07 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-18
- include libpamc in the pam package (#55651)
Fri Nov 02 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-17
- pam_xauth: don't free a string after passing it to putenv()
2004-09-09 09:48:40 +00:00
cvsdist
cd929cb3b7 auto-import changelog data from pam-0.75-16.src.rpm
Wed Oct 24 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-16
- pam_xauth: always return PAM_SUCCESS or PAM_SESSION_ERR instead of
    PAM_IGNORE, matching the previous behavior (libpam treats PAM_IGNORE
    from a single module in a stack as a session error, leading to false
    error messages if we just return PAM_IGNORE for all cases)
Mon Oct 22 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-15
- reorder patches so that the reentrancy patch is applied last -- we never
    came to a consensus on how to guard against the bugs in calling
    applications which this sort of change addresses, and having them last
    allows for dropping in a better strategy for addressing this later on
Mon Oct 15 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_rhosts: allow "+hostname" as a synonym for "hostname" to jive better
    with the hosts.equiv(5) man page
- use the automake install-sh instead of the autoconf install-sh, which
    disappeared somewhere between 2.50 and now
Mon Oct 08 2001 Nalin Dahyabhai <nalin@redhat.com>
- add pwdb as a buildprereq
Fri Oct 05 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_tally: don't try to read past the end of faillog -- it probably
    contains garbage, which if written into the file later on will confuse
    /usr/bin/faillog
Thu Oct 04 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_limits: don't just return if the user is root -- we'll want to set
    the priority (it could be negative to elevate root's sessions)
- pam_issue: fix off-by-one error allocating space for the prompt string
Wed Oct 03 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_mkhomedir: recurse into subdirectories properly
- pam_mkhomedir: handle symlinks
- pam_mkhomedir: skip over special items in the skeleton directory
Tue Oct 02 2001 Nalin Dahyabhai <nalin@redhat.com>
- add cracklib as a buildprereq
- pam_wheel: don't ignore out if the user is attempting to switch to a
    unprivileged user (this lets pam_wheel do its thing when users attempt
    to get to system accounts or accounts of other unprivileged users)
Fri Sep 28 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_xauth: close a possible DoS due to use of dotlock-style locking in
    world-writable directories by relocating the temporary file to the
    target user's home directory
- general: include headers local to this tree using relative paths so that
    system headers for PAM won't be pulled in, in case include paths don't
    take care of it
Thu Sep 27 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_xauth: rewrite to skip refcounting and just use a temporary file
    created using mkstemp() in /tmp
Tue Sep 25 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_userdb: fix the key_only flag so that the null-terminator of the
    user-password string isn't expected to be part of the key in the db
    file, matching the behavior of db_load 3.2.9
2004-09-09 09:48:16 +00:00
cvsdist
41a3ab7e5d auto-import changelog data from pam-0.75-14.src.rpm
Mon Sep 24 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-14
- argh, compare entire salt, always
2004-09-09 09:48:02 +00:00
cvsdist
43335dc5f0 auto-import changelog data from pam-0.75-13.src.rpm
Sat Sep 08 2001 Bill Nottingham <notting@redhat.com> 0.75-13
- ship /lib/lib{pam,pam_misc}.so for legacy package builds
2004-09-09 09:47:55 +00:00
cvsdist
0798a27113 auto-import changelog data from pam-0.75-12.src.rpm
Thu Sep 06 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-12
- noreplace configuration files in /etc/security
- pam_console: update pam_console_apply and man pages to reflect /var/lock
    -> /var/run move
2004-09-09 09:47:46 +00:00
cvsdist
e0a976492d auto-import changelog data from pam-0.75-11.src.rpm
Wed Sep 05 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-11
- pam_unix: fix the fix for #42394
Tue Sep 04 2001 Nalin Dahyabhai <nalin@redhat.com>
- modules: use getpwnam_r and friends instead of non-reentrant versions
- pam_console: clear generated .c and .h files in "clean" makefile target
Thu Aug 30 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_stack: perform deep copy of conversation structures
- include the static libpam in the -devel subpackage (#52321)
- move development .so and .a files to %{_libdir}
- pam_unix: don't barf on empty passwords (#51846)
- pam_unix: redo compatibility with "hash,age" data wrt bigcrypt (#42394)
- console.perms: add usb camera, scanner, and rio devices (#15528)
- pam_cracklib: initialize all options properly (#49613)
Wed Aug 22 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_limits: don't rule out negative priorities
2004-09-09 09:47:30 +00:00
cvsdist
a06b5aa53e auto-import changelog data from pam-0.75-10.src.rpm
Mon Aug 13 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_xauth: fix errors due to uninitialized data structure (fix from Tse
    Huong Choo)
- pam_xauth: random cleanups
- pam_console: use /var/run/console instead of /var/lock/console at
    install-time
- pam_unix: fix preserving of permissions on files which are manipulated
2004-09-09 09:47:07 +00:00
cvsdist
2e03b4f7c5 auto-import changelog data from pam-0.75-9.src.rpm
Fri Aug 10 2001 Bill Nottingham <notting@redhat.com>
- fix segfault in pam_securetty
Thu Aug 09 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_console: use /var/run/console instead of /var/lock/console for lock
    files
- pam_issue: read the right number of bytes from the file
Mon Jul 09 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_wheel: don't error out if the group has no members, but is the user's
    primary GID (reported by David Vos)
- pam_unix: preserve permissions on files which are manipulated (#43706)
- pam_securetty: check if the user is the superuser before checking the
    tty, thereby allowing regular users access to services which don't set
    the PAM_TTY item (#39247)
- pam_access: define NIS and link with libnsl (#36864)
Thu Jul 05 2001 Nalin Dahyabhai <nalin@redhat.com>
- link libpam_misc against libpam
Tue Jul 03 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_chroot: chdir() before chroot()
Fri Jun 29 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_console: fix logic bug when changing permissions on single file
    and/or lists of files
- pam_console: return the proper error code (reported and patches for both
    from Frederic Crozat)
- change deprecated Copyright: tag in .spec file to License:
Mon Jun 25 2001 Nalin Dahyabhai <nalin@redhat.com>
- console.perms: change js* to js[0-9]*
- include pam_aconf.h in more modules (patches from Harald Welte)
Thu May 24 2001 Nalin Dahyabhai <nalin@redhat.com>
- console.perms: add apm_bios to the list of devices the console owner can
    use
- console.perms: add beep to the list of sound devices
Mon May 07 2001 Nalin Dahyabhai <nalin@redhat.com>
- link pam_console_apply statically with libglib (#38891)
Mon Apr 30 2001 Nalin Dahyabhai <nalin@redhat.com>
- pam_access: compare IP addresses with the terminating ".", as documented
    (patch from Carlo Marcelo Arenas Belon, I think) (#16505)
Mon Apr 23 2001 Nalin Dahyabhai <nalin@redhat.com>
- merge up to 0.75
- pam_unix: temporarily ignore SIGCHLD while running the helper
- pam_pwdb: temporarily ignore SIGCHLD while running the helper
- pam_dispatch: default to uncached behavior if the cached chain is empty
2004-09-09 09:47:05 +00:00