From 9ada0093e92388590c7368600ca4e9e3e376f0d0 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 16:22:51 +0200 Subject: Adding upstream version 1.5.2. Signed-off-by: Daniel Baumann --- ChangeLog | 7232 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 7232 insertions(+) create mode 100644 ChangeLog (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 0000000..df5f174 --- /dev/null +++ b/ChangeLog @@ -0,0 +1,7232 @@ +2021-09-03 Dmitry V. Levin + + Fix a typo found using codespell tool. + * modules/pam_pwhistory/pam_pwhistory.c: Replace "crypted password" with + "hashed password" in comment. + * modules/pam_unix/passverify.c (create_password_hash): Rename "crypted" + local variable to "hashed". + +2021-08-30 Fabrice Fontaine + + configure.ac: also search libcrypt through pkg-config. + libxcrypt provides a libcrypt.pc file so use it if available as this + will allow to retrieve the library path (e.g. + -L/home/buildroot/output/host//riscv64-buildroot-linux-musl/sysroot/usr/lib) + which is useful when cross-compiling and will avoid the following build + failure on buildroot: + + /home/buildroot/autobuild/run/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/riscv64-buildroot-linux-musl/10.2.0/../../../../riscv64-buildroot-linux-musl/bin/ld: .libs/passverify.o: in function `.L30': + passverify.c:(.text+0x368): undefined reference to `crypt_checksalt' + + Fixes: + - http://autobuild.buildroot.org/results/20b14e222b35c2d1269960075832b784ba81aa1a + +2021-08-19 Dmitry V. Levin + + pam_unix: workaround the problem caused by libnss_systemd. + The getspnam(3) manual page says that errno shall be set to EACCES when + the caller does not have permission to access the shadow password file. + Unfortunately, this contract is broken when libnss_systemd is used in + the nss stack. + + Workaround this problem by falling back to the helper invocation when + pam_modutil_getspnam returns NULL regardless of errno. As pam_unix + already behaves this way when selinux is enabled, it should be OK + for the case when selinux is not enabled, too. + + * modules/pam_unix/passverify.c (get_account_info): When + pam_modutil_getspnam returns NULL, unconditionally fall back + to the helper invocation. + + Complements: f220cace2053 ("Permit unix_chkpwd & pam_unix.so to run without being setuid-root") + Resolves: https://github.com/linux-pam/linux-pam/issues/379 + +2021-08-18 Jérôme Fenal + + po: update translations using Weblate (French) + Currently translated at 100.0% (100 of 100 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/fr/ + +2021-08-02 panchenbo + + po/zh_CN.po: fix pam_lastlog translation errors. + Closes: https://github.com/linux-pam/linux-pam/issues/383 + +2021-07-24 simmon + + po: update translations using Weblate (Korean) + Currently translated at 100.0% (100 of 100 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ko/ + +2021-07-22 Dmitry V. Levin + + po: update translations using Weblate (Swedish) + Currently translated at 100.0% (100 of 100 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/sv/ + +2021-07-22 Dmitry V. Levin + + po: update translations using Weblate (Portuguese (Brazil)) + Currently translated at 100.0% (100 of 100 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/pt_BR/ + +2021-07-22 Dmitry V. Levin + + po: update translations using Weblate (Portuguese (Brazil)) + Currently translated at 100.0% (100 of 100 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/pt/ + +2021-07-22 Dmitry V. Levin + + po: update translations using Weblate (Dutch) + Currently translated at 100.0% (100 of 100 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/nl/ + +2021-07-22 Dmitry V. Levin + + po: update translations using Weblate (Italian) + Currently translated at 100.0% (100 of 100 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/it/ + +2021-07-22 Dmitry V. Levin + + po: update translations using Weblate (Hebrew) + Currently translated at 100.0% (100 of 100 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/he/ + +2021-07-22 Dmitry V. Levin + + po: update translations using Weblate (Finnish) + Currently translated at 100.0% (100 of 100 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/fi/ + +2021-07-22 Dmitry V. Levin + + po: update translations using Weblate (Danish) + Currently translated at 100.0% (100 of 100 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/da/ + +2021-07-22 Dmitry V. Levin + + po: update translations using Weblate (Catalan) + Currently translated at 100.0% (100 of 100 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ca/ + +2021-07-22 Yuri Chornoivan + + po: update translations using Weblate (Ukrainian) + Currently translated at 100.0% (100 of 100 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/uk/ + +2021-07-22 Oğuz Ersen + + po: update translations using Weblate (Turkish) + Currently translated at 100.0% (100 of 100 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/tr/ + +2021-07-21 Piotr Drąg + + po: update translations using Weblate (Polish) + Currently translated at 100.0% (100 of 100 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/pl/ + +2021-07-21 Dmitry V. Levin + + po: update translations using Weblate (German) + Currently translated at 100.0% (100 of 100 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/de/ + +2021-07-21 Dmitry V. Levin + + po: update translations using Weblate (Russian) + Currently translated at 100.0% (100 of 100 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ru/ + +2021-07-21 Seong-ho Cho + + po: update translations using Weblate (Korean) + Currently translated at 100.0% (99 of 99 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ko/ + +2021-07-20 Dmitry V. Levin + + po: update .pot and .po files. + Regenerate po/Linux-PAM.pot and po/*.po using "make -C po update-po" + command. + + Prepare for 1.5.2 release. + * configure.ac (AC_INIT): Raise version to 1.5.2. + * NEWS: Update. + + pam_faillock: remove confusing comment. + * modules/pam_faillock/pam_faillock.c (faillock_message): Remove the + comment that meant to help translators but actually confused xgettext. + +2021-07-09 Iker Pedrosa + + pam_filter: Close file after controlling tty. + Failing to check the descriptor value meant that there was a bug in the + attempt to close the controlling tty. Moreover, this would lead to a + file descriptor leak as pointed out by the static analyzer tool: + + Error: RESOURCE_LEAK (CWE-772): [#def26] + Linux-PAM-1.5.1/modules/pam_filter/pam_filter.c:356: open_fn: Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.] + Linux-PAM-1.5.1/modules/pam_filter/pam_filter.c:356: var_assign: Assigning: "t" = handle returned from "open("/dev/tty", 2)". + Linux-PAM-1.5.1/modules/pam_filter/pam_filter.c:357: off_by_one: Testing whether handle "t" is strictly greater than zero is suspicious. "t" leaks when it is zero. + Linux-PAM-1.5.1/modules/pam_filter/pam_filter.c:357: remediation: Did you intend to include equality with zero? + Linux-PAM-1.5.1/modules/pam_filter/pam_filter.c:367: leaked_handle: Handle variable "t" going out of scope leaks the handle. + 365| pam_syslog(pamh, LOG_ERR, + 366| "child cannot become new session: %m"); + 367|-> return PAM_ABORT; + 368| } + 369| + +2021-06-29 Andrew G. Morgan + + Permit unix_chkpwd & pam_unix.so to run without being setuid-root. + Remove the hard-coding of the idea that the only way pam_unix.so can + read the shadow file is if it can, in some way, run setuid-root. + Linux capabilities only require cap_dac_override to read the /etc/shadow + file. + + This change achieves two things: it opens a path for a linux-pam + application to run without being setuid-root; further, it allows + unix_chkpwd to run non-setuid-root if it is installed: + + sudo setcap cap_dac_override=ep unix_chkpwd + + If we wanted to link against libcap, we could install this binary with + cap_dac_override=p, and use cap_set_proc() to raise the effective bit + at runtime. However, some distributions already link unix_chkpwd + against libcap-ng for some, likely spurious, reason so "ep" is fine + for now. + +2021-06-15 Fabrice Fontaine + + configure.ac: fix build with libxcrypt and uclibc-ng. + Fix the following build failure with libxcrypt and uclibc-ng: + + ld: unix_chkpwd-passverify.o: in function `verify_pwd_hash': + passverify.c:(.text+0xab4): undefined reference to `crypt_checksalt' + + Fixes: + - http://autobuild.buildroot.org/results/65d68b7c9c7de1c7cb0f941ff9982f93a49a56f8 + +2021-06-14 Mathieu Trossevin + + Add pkgconfig files for provided libraries. + * .gitignore: Add .pc files as they are generated by autoconf. + * configure.ac: Generate .pc files for libpam, libpam_misc and libpamc. + * libpam/Makefile.am: Install pam.pc. + * libpam/pam.pc.in: New file. + * libpam_misc/Makefile.am: Install pam_misc.pc + * libpam_misc/pam_misc.pc.in: New file. + * libpamc/Makefile.am: Install pamc.pc + + This allow applications and PAM modules to automatically find libpam, + libpam_misc and libpamc if they are installed instead of having to + manually search for them. + +2021-06-14 Björn Esser + + Remove support for legacy xcrypt. + Since many distributions are shipping a version of libxcrypt >= 4.0.0 + as a replacement for glibc's libcrypt now, older versions of xcrypt, + which could be installed in parallel, are not relevant anymore. + + * configure.ac (AC_CHECK_HEADERS): Remove xcrypt.h. + (AC_SEARCH_LIBS): Remove xcrypt. + (AC_CHECK_FUNCS): Remove crypt_gensalt_r. + (AC_DEFINE): Remove HAVE_LIBXCRYPT. + * modules/pam_pwhistory/opasswd.c [HAVE_LIBXCRYPT]: Remove. + * modules/pam_unix/bigcrypt.c [HAVE_LIBXCRYPT]: Likewise. + * modules/pam_userdb/pam_userdb.c [HAVE_LIBXCRYPT]: Likewise. + * modules/pam_unix/passverify.c [HAVE_LIBXCRYPT]: Likewise. + (create_password_hash) [HAVE_LIBXCRYPT]: Likewise. + +2021-06-14 Jeff Squyres + + pam_misc: set default length of misc_conv() buffer to 4096. + + pam_misc: make length of misc_conv() configurable. + Add --with-misc-conv-bufsize= option to configure to allow + a longer buffer size for libpam_misc's misc_conv() function (it still + defaults to 512 bytes). + +2021-06-14 Iker Pedrosa + + pam_timestamp: replace hmac implementation. + sha1 is no longer recommended as a cryptographic algorithm for + authentication. Thus, the idea of this change is to replace the + implementation provided by hmacsha1 included in pam_timestamp module by + the one in the openssl library. This way, there's no need to maintain + the cryptographic algorithm implementation and it can be easily changed + with a single configuration change. + + modules/pam_timestamp/hmac_openssl_wrapper.c: implement wrapper + functions around openssl's hmac implementation. Moreover, manage the key + generation and its read and write in a file. Include an option to + configure the cryptographic algorithm in login.defs file. + modules/pam_timestamp/hmac_openssl_wrapper.h: likewise. + modules/pam_timestamp/pam_timestamp.c: replace calls to functions + provided by hmacsha1 by functions provided by openssl's wrapper. + configure.ac: include openssl dependecy if it is enabled. + modules/pam_timestamp/Makefile.am: include new files and openssl library + to compilation. + ci/install-dependencies.sh: include openssl library to dependencies. + NEWS: add new item to next release. + Make.xml.rules.in: add stringparam profiling for hmac + doc/custom-man.xsl: change import docbook to one with profiling + modules/pam_timestamp/pam_timestamp.8.xml: add conditional paragraph to + indicate the value in /etc/login.defs that holds the value for the + encryption algorithm + + Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1947294 + +2021-06-13 Dmitry V. Levin + + .github: add gcc-11, clang-12, and clang-11 jobs. + * .github/workflows/ci.yml (gcc11-x86_64, gcc11-x86, gcc11-x32, + clang12-x86_64, clang11-x86_64): New jobs. + +2021-06-13 Dmitry V. Levin + + tests: fix -Wmaybe-uninitialized warnings. + Fix the following class of compilation warnings reported by gcc 11: + + tst-pam_end.c: In function ‘main’: + tst-pam_end.c:55:12: error: ‘conv’ may be used uninitialized [-Werror=maybe-uninitialized] + 55 | retval = pam_start (service, user, &conv, &pamh); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + In file included from tst-pam_end.c:41: + ../libpam/include/security/pam_appl.h:23:1: note: by argument 3 of type ‘const struct pam_conv *’ to ‘pam_start’ declared here + 23 | pam_start(const char *service_name, const char *user, + | ^~~~~~~~~ + tst-pam_end.c:49:19: note: ‘conv’ declared here + 49 | struct pam_conv conv; + | ^~~~ + + * tests/tst-pam_end.c (main): Initialize conv variable. + * tests/tst-pam_fail_delay.c: Likewise. + * tests/tst-pam_get_item.c: Likewise. + * tests/tst-pam_getenvlist.c: Likewise. + * tests/tst-pam_set_data.c: Likewise. + * tests/tst-pam_set_item.c: Likewise. + * tests/tst-pam_start.c: Likewise. + * tests/tst-pam_start_confdir.c: Likewise. + +2021-06-10 Dmitry V. Levin + + pam_unix: do not use crypt_checksalt when checking for password expiration + According to Zack Weinberg, the intended meaning of + CRYPT_SALT_METHOD_LEGACY is "passwd(1) should not use this hashing + method", it is not supposed to mean "force a password change on next + login for any user with an existing stored hash using this method". + + This reverts commit 4da9febc39b955892a30686e8396785b96bb8ba5. + + * modules/pam_unix/passverify.c (check_shadow_expiry) + [CRYPT_CHECKSALT_AVAILABLE]: Remove. + + Closes: https://github.com/linux-pam/linux-pam/issues/367 + +2021-06-10 Patrick Schleizer + + pam_exec: implement quiet_log option. + * modules/pam_exec/pam_exec.c (call_exec): Implement quiet_log option. + * modules/pam_exec/pam_exec.8.xml: Document it. + + Resolves: https://github.com/linux-pam/linux-pam/issues/334 + +2021-05-24 Jeff Squyres + + pam.conf: clarify default action for unspecified return codes. + Add short blurbs explaining that if a return code is not specified in + the "[value1=action1 value2=action2 ...]" form and "default=action" is + not specified, that return code's action defaults to "bad". + +2021-05-01 Hasan + + man: fix spelling bug in pam_end.3.xml. + * doc/man/pam_end.3.xml: Fix repeated words. + +2021-04-25 simmon + + po: update translations using Weblate (Korean) + Currently translated at 100.0% (99 of 99 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ko/ + +2021-04-25 Emilio Herrera + + po: update translations using Weblate (Spanish) + Currently translated at 81.8% (81 of 99 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/es/ + +2021-04-22 Josef Moellers + + pam_limits: "Unlimited" is not a valid value for RLIMIT_NOFILE. + Replace it with a value obtained from /proc/sys/fs/nr_open + + * modules/pam_limits/limits.conf.5.xml: Document the replacement. + * modules/pam_limits/pam_limits.c: Replace unlimited RLIMIT_NOFILE + value with a value obtained from /proc/sys/fs/nr_open + +2021-04-21 Stanislav Zidek + + pam_userdb: Prevent garbage characters from db. + Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1791965 + +2021-04-12 Tomas Mraz + + misc_conv: Flush the terminal input after the password is read. + Fixes #347 + + * libpam_misc/misc_conv.c (read_string): Use TCSAFLUSH instead + of TCSADRAIN when resetting the terminal echo state + +2021-04-12 Tomas Mraz + + pam_access: clean up the remote host matching code. + * modules/pam_access/pam_access.c (from_match): Split out remote_match() + function and avoid calling it when matching against LOCAL keyword. + There is also no point in doing domain match against TTY or SERVICE. + +2021-03-25 chuanqin + + pam_faillock: convert spaces to tab to keep code style. + convert spaces to tab which mixture use in modules/pam_faillock/main.c + +2021-03-08 theslimshaney <33791263+theslimshaney@users.noreply.github.com> + + pam_env: fix example in pam_env.conf.5 for setting variable. + +2021-03-05 dshein-alt <76520100+dshein-alt@users.noreply.github.com> + + pam_mkhomedir: use HOME_MODE or UMASK from /etc/login.defs. + Follow the example of useradd(8) and set the user home directory mode + to the value of HOME_MODE or UMASK configuration item from + /etc/login.defs when umask option is not specified. + +2021-02-13 Ricky Tigg + Ricky Tigg + + po: update translations using Weblate (Finnish) + Currently translated at 100.0% (99 of 99 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/fi/ + +2021-02-13 Balázs Meskó + Balázs Meskó + + po: update translations using Weblate (Hungarian) + Currently translated at 77.7% (77 of 99 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/hu/ + +2021-02-13 Carmen Bianca Bakker + Carmen Bianca Bakker + + po: update translations using Weblate (Esperanto) + Currently translated at 43.4% (43 of 99 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/eo/ + +2021-02-13 Weblate + Weblate + + Update translation files. + Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ + Translation: linux-pam/master + +2021-01-27 Changqing Li + + configure.ac: add --with-systemdunitdir option. + * Add this option to support the following scenario: + prefix = '/usr' + servicedir = '/lib/systemd/system' + + * The default behavior is changed: + If this option is not given, servicedir will be set to the value that is + obtained from systemd pkg-config file. If the value cannot be obtained, + servicedir will be set to the default value '$(prefix)/lib/systemd/system'. + +2021-01-27 Changqing Li + + faillock: create tallydir before creating tallyfile. + The default tallydir is "/var/run/faillock", and this default + tallydir may not exist. + + Function open may fail as tallydir does not exist when creating + the tallyfile. Therefore, faillock will not work well. + + Fix this problem by creating tallydir before creating tallyfile + when the tallydir does not exist. + +2021-01-27 Ludwig Nussel + + pam_securetty: don't complain about missing config. + Not shipping a config file should be perfectly valid for distros while + still having eg login pre-configured to honor securetty when present. + PAM itself doesn't ship any template either. So avoid spamming the log + file if /etc/securetty wasn't found. + +2021-01-25 Kolja + + faillock: Use pluralization via dngettext or fallback. + +2021-01-18 Andreas-Johann Ø Ulvestad + Andreas-Johann Ø Ulvestad + + po: update translations using Weblate (Norwegian Nynorsk) + Currently translated at 100.0% (99 of 99 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/nn/ + +2021-01-18 Jan Kuparinen + Jan Kuparinen + + po: update translations using Weblate (Finnish) + Currently translated at 100.0% (99 of 99 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/fi/ + +2020-12-28 Dmitry V. Levin + + pam_umask: fix handling of umask parameter. + Potential failures of strdup(3) were ignored, fix this by not using + strdup(3) at all. + + * modules/pam_umask/pam_umask.c (struct options_t): Add const to umask + field, add login_umask field. + (parse_option): Do not use strdup. + (get_options): Assign pam_modutil_search_key return values + to options->login_umask. + (pam_sm_open_session): Free options.login_umask instead of + options.umask. + +2020-12-28 Sven Hartge + + pam_setquota: Minor whitespace, spelling and mail address fixes. + +2020-12-26 Vlad + Vlad + + po: update translations using Weblate (Romanian) + Currently translated at 100.0% (99 of 99 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ro/ + +2020-12-23 Dmitry V. Levin + + pam_mkhomedir: fix umask wording in documentation. + * modules/pam_mkhomedir/pam_mkhomedir.8.xml (umask): Fix wording. + +2020-12-20 Dmitry V. Levin + + po: update translations using Weblate (Bulgarian) + Currently translated at 100.0% (122 of 122 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/bg/ + +2020-12-17 Issam E. Maghni + + configure: test -a|o is not POSIX. + Fixes `test: too many arguments` when building Linux-PAM using sbase. + This is due to a non-POSIX syntax test ... -a ... and test ... -o .... + + > The XSI extensions specifying the -a and -o binary primaries and the + > '(' and ')' operators have been marked obsolescent. + + See https://pubs.opengroup.org/onlinepubs/9699919799/utilities/test.html + +2020-12-08 Christian Göttsche + + pam_namespace: check for string_to_security_class failure. + Check for the unlikely case string_to_security_class() does not find the + associated SELinux security class. + This will only happen if the loaded SELinux policy does not define the + class "dir" (which no sane policy does) or querying the selinuxfs + fails. + + Suggested by #309 + +2020-12-08 Christian Göttsche + + pam_selinux: check for string_to_security_class failure. + Check for the unlikely case string_to_security_class() does not find the + associated SELinux security class. + This will only happen if the loaded SELinux policy does not define the + class "chr_file" (which no sane policy does) or querying the selinuxfs + fails. + + Suggested by #309 + +2020-12-07 Tomas Mraz + + Clarify the effect of 'done' in documentation. + The done action does not terminate the stack processing in case + there is a failing module with bad action up in the stack. + + Fixes #307 + + * doc/man/pam.conf-syntax.xml: Clarify the effect of 'done'. + +2020-11-28 Dmitry V. Levin + + .github: partially migrate from ubuntu-18.04 to ubuntu-20.04. + * .github/workflows/ci.yml (runs-on): Switch from ubuntu-latest to + ubuntu-20.04 for whitespace-errors and *-x86_64 jobs. Stick with + ubuntu-18.04 for *-x86 and *-x32 jobs until we figure out how to + obtain -lcrypt on ubuntu-20.04 for these architectures. + +2020-11-28 Dmitry V. Levin + + ci: do not install libxcrypt-dev. + Apparently, both -lcrypt and -lxcrypt from ubuntu-18.04 already provide + crypt_r. + + * ci/install-dependencies.sh (packages): Remove libxcrypt-dev. + +2020-11-24 Thomas M. DuBuisson + + pam_unix: fix memory leak on error path. + * modules/pam_unix/bigcrypt.c (bigcrypt) [HAVE_CRYPT_R]: Do not leak + cdata if crypt_r() fails. + +2020-11-24 Dmitry V. Levin + + maint: update release procedure. + * maint/README-release: Update. + +2020-11-24 Dmitry V. Levin + + po: update .po and .pot files. + Regenerate po/Linux-PAM.pot and po/*.po using "make -C po update-po" + command. This removes translations of pam_cracklib, pam_tally, and + pam_tally2 modules that were removed in v1.5.0. + + Complements: v1.5.0~10 "Remove deprecated pam_cracklib module" + Complements: v1.5.0~9 "Remove deprecated pam_tally and pam_tally2 modules" + +2020-11-24 Dmitry V. Levin + + po: cleanup POTFILES.in. + * po/POTFILES.in: Strip "./" prefix, sort the list. + +2020-11-24 Jan Kuparinen + Jan Kuparinen + + po: update translations using Weblate (Finnish) + Currently translated at 100.0% (122 of 122 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/fi/ + +2020-11-24 Dmitry V. Levin + + Prepare for 1.5.1 release. + * configure.ac (AC_INIT): Raise version to 1.5.1. + + Fix various typos found using codespell tool. + * modules/pam_limits/limits.conf: Replace "overriden" with "overridden". + * modules/pam_mkhomedir/mkhomedir_helper.c (create_homedir): Replace + "preseves" with "preserves". + * modules/pam_setquota/pam_setquota.8.xml: Replace "specifed" with + "specified". + * modules/pam_setquota/pam_setquota.c (pam_sm_open_session): Replace + "fileystem" with "filesystem", "conditons" with "conditions". + + Fix grammar: replace "an user" with "a user" everywhere. + * NEWS: Replace "an user" with "a user". + * modules/pam_faillock/pam_faillock.8.xml: Likewise. + * modules/pam_lastlog/pam_lastlog.8.xml: Likewise. + * modules/pam_limits/pam_limits.c: Likewise. + * modules/pam_sepermit/sepermit.conf: Likewise. + * modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise. + * modules/pam_userdb/pam_userdb.c: Likewise. + +2020-11-24 Tomas Mraz + + pam_wheel: Use pam_modutil_user_in_group_uid_gid instead of reimplementation + The pam_modutil_user_in_group... functions use getgrouplist to check + the membership so they work also in setups with remote services which do + not provide group members in struct group. + + Fixes #297 + + * modules/pam_wheel/pam_wheel.c (perform_check): Call pam_modutil_user_in_group_uid_gid + to do the group check. + +2020-11-24 Tomas Mraz + + Add NEWS entries for the 1.5.1 security fix release. + +2020-11-20 Tomas Mraz + + Second blank check with root for non-existent users must never return 1. + The commit af0faf66 ("pam_unix: avoid determining if user exists") introduced + a regression where the blank check could return 1 if root had an empty + password hash because in the second case the password hash of root was + used. We now always return 0 in this case. + + The issue was found by Johannes Löthberg. + + Fixes #284 + + * modules/pam_unix/support.c (_unix_blankpasswd): Make the loop + to cover the complete blank check so both existing and non existing + cases are identical except for the possible return value. + +2020-11-12 Tavian Barnes + + faillock: Add a nodelay option. + Fixes #295 + +2020-11-10 Allison Karlitskaya + + libpam: add supplementary groups on priv drop. + Replace the setgroups(0, NULL) call in pam_modutil_drop_priv() with a + call to initgroups(). This makes sure that the user's supplementary + groups are also configured. Fall back to setgroups(0, NULL) in case the + initgroups() call fails. + + This fixes the permission check in pam_motd: this feature was intended + to allow setting permissions on a motd file to prevent it from being + shown to users who are not a member of a particular group (for example, + wheel). + + Closes #292 + +2020-11-05 Tomas Mraz + + pam_env: deprecation notice of reading the user environment. + * modules/pam_env/pam_env.8.xml: Add the notice to the manual. + * modules/pam_env/pam_env.c (_pam_parse): Log deprecation warning + if user_readenv is set. + +2020-11-04 Andreas Schneider + + libpam: Fix memory leak on error path in _pam_start_internal() + +2020-11-04 Andreas Schneider + + libpam: Fix memory leak with pam_start_confdir() + Found with AddressSanitzer in pam_wrapper tests. + + ==985738== 44 bytes in 4 blocks are definitely lost in loss record 18 of 18 + ==985738== at 0x4839809: malloc (vg_replace_malloc.c:307) + ==985738== by 0x48957E1: _pam_strdup (pam_misc.c:129) + ==985738== by 0x489851B: _pam_start_internal (pam_start.c:85) + ==985738== by 0x4849C8C: libpam_pam_start_confdir (pam_wrapper.c:418) + ==985738== by 0x484AF94: pwrap_pam_start (pam_wrapper.c:1461) + ==985738== by 0x484AFEE: pam_start (pam_wrapper.c:1483) + ==985738== by 0x401723: setup_noconv (test_pam_wrapper.c:189) + ==985738== by 0x4889E82: ??? (in /usr/lib64/libcmocka.so.0.7.0) + ==985738== by 0x488A444: _cmocka_run_group_tests (in /usr/lib64/libcmocka.so.0.7.0) + ==985738== by 0x403EE5: main (test_pam_wrapper.c:1059) + +2020-11-04 Tomas Mraz + + pam_env: allow environment files without EOL at EOF. + Fixes #263 + + * modules/pam_env/pam_env.c (_assemble_line): Do not error out if at feof() + +2020-11-03 Dmitry V. Levin + + Prepare for 1.5.0 release. + * configure.ac (AC_INIT): Raise version to 1.5.0. + * NEWS: Update. + +2020-11-03 ikerexxe + + pam_ftp: fix potential memory leak. + modules/pam_ftp/pam_ftp.c: free anon_user before returning as it may be + still in use. + + pam_faillock: fix unread store statement. + modules/pam_faillock/main.c: remove store statement since the value is + only read in the enclosing expression. + + pam_dispatch: fix unread store statement. + libpam/pam_dispatch: remove store statement since the value is never + read. + +2020-10-29 Dmitry V. Levin + + Remove deprecated pam_tally and pam_tally2 modules. + * ci/run-build-and-tests.sh (DISTCHECK_CONFIGURE_FLAGS): Remove + --enable-tally --enable-tally2. + * configure.ac: Remove --enable-tally and --enable-tally2 options. + (AM_CONDITIONAL): Remove COND_BUILD_PAM_TALLY and COND_BUILD_PAM_TALLY2. + (AC_CONFIG_FILES): Remove modules/pam_tally/Makefile and + modules/pam_tally2/Makefile. + * doc/sag/pam_tally.xml: Remove. + * doc/sag/pam_tally2.xml: Likewise. + * doc/sag/Linux-PAM_SAG.xml: Do not include pam_tally.xml and + pam_tally2.xml. + * modules/Makefile.am (MAYBE_PAM_TALLY, MAYBE_PAM_TALLY2): Remove. + (SUBDIRS): Remove MAYBE_PAM_TALLY and MAYBE_PAM_TALLY2. + * modules/pam_tally/.gitignore: Remove. + * modules/pam_tally/Makefile.am: Likewise. + * modules/pam_tally/README.xml: Likewise. + * modules/pam_tally/faillog.h: Likewise. + * modules/pam_tally/pam_tally.8.xml: Likewise. + * modules/pam_tally/pam_tally.c: Likewise. + * modules/pam_tally/pam_tally_app.c: Likewise. + * modules/pam_tally/tst-pam_tally: Likewise. + * modules/pam_tally2/.gitignore: Likewise. + * modules/pam_tally2/Makefile.am: Likewise. + * modules/pam_tally2/README.xml: Likewise. + * modules/pam_tally2/pam_tally2.8.xml: Likewise. + * modules/pam_tally2/pam_tally2.c: Likewise. + * modules/pam_tally2/pam_tally2_app.c: Likewise. + * modules/pam_tally2/tallylog.h: Likewise. + * modules/pam_tally2/tst-pam_tally2: Likewise. + * modules/pam_timestamp/pam_timestamp_check.8.xml: Fix typo by replacing + pam_tally with pam_timestamp. + * po/POTFILES.in: Remove ./modules/pam_tally/pam_tally_app.c, + ./modules/pam_tally/pam_tally.c, ./modules/pam_tally2/pam_tally2_app.c, + and ./modules/pam_tally2/pam_tally2.c. + * NEWS: Document this change. + + Remove deprecated pam_cracklib module. + * ci/install-dependencies.sh: Remove libcrack2-dev. + * ci/run-build-and-tests.sh (DISTCHECK_CONFIGURE_FLAGS): Remove + --enable-cracklib=check. + * conf/pam.conf: Remove references to pam_cracklib.so. + * configure.ac: Remove --enable-cracklib option. + (AC_SUBST): Remove LIBCRACK. + (AM_CONDITIONAL): Remove COND_BUILD_PAM_CRACKLIB. + (AC_CONFIG_FILES): Remove modules/pam_cracklib/Makefile. + * doc/sag/pam_cracklib.xml: Remove. + * doc/sag/Linux-PAM_SAG.xml: Do not include pam_cracklib.xml. + * modules/Makefile.am (MAYBE_PAM_CRACKLIB): Remove. + (SUBDIRS): Remove MAYBE_PAM_CRACKLIB. + * modules/pam_cracklib/Makefile.am: Remove. + * modules/pam_cracklib/README.xml: Likewise. + * modules/pam_cracklib/pam_cracklib.8.xml: Likewise. + * modules/pam_cracklib/pam_cracklib.c: Likewise. + * modules/pam_cracklib/tst-pam_cracklib: Likewise. + * xtests/tst-pam_cracklib1.c: Likewise. + * xtests/tst-pam_cracklib1.pamd: Likewise. + * xtests/tst-pam_cracklib2.c: Likewise. + * xtests/tst-pam_cracklib2.pamd: Likewise. + * modules/pam_pwhistory/pam_pwhistory.8.xml: Replace pam_cracklib + in examples with pam_passwdqc. + * modules/pam_unix/pam_unix.8.xml: Likewise. + * po/POTFILES.in: Remove ./modules/pam_cracklib/pam_cracklib.c. + * xtests/.gitignore: Remove tst-pam_cracklib1 and tst-pam_cracklib2. + * xtests/Makefile.am (EXTRA_DIST): Remove tst-pam_cracklib1.pamd + and tst-pam_cracklib2.pamd. + (XTESTS): Remove tst-pam_cracklib1 and tst-pam_cracklib2. + * NEWS: Document this change. + +2020-10-27 DDoSolitary + + pam_env: fix a typo in doc of pam_env.conf. + +2020-10-25 Christian Göttsche + + Add missing format function attributes and enable -Wmissing-format-attribute + Exported functions already have these attributes, add them to other functions. + This enables compilers to find format specifier mismatches, like: + + foo_print("Hello %d", "world") + + * m4/warn_lang_flags.m4 (gl_WARN_ADD): Add -Wmissing-format-attribute. + * conf/pam_conv1/Makefile.am (AM_CFLAGS): Add -I$(top_srcdir)/libpam/include. + * conf/pam_conv1/pam_conv_y.y: Include . + (yyerror): Add printf format attribute. + * modules/pam_pwhistory/opasswd.c (helper_log_err): Likewise. + * modules/pam_rootok/pam_rootok.c (log_callback): Likewise. + * modules/pam_tally/pam_tally.c (tally_log): Likewise. + * modules/pam_tally2/pam_tally2.c (tally_log): Likewise. + * modules/pam_unix/passverify.c (helper_log_err): Likewise. + +2020-10-21 Milo Casagrande + Milo Casagrande + + po: update translations using Weblate (Italian) + Currently translated at 100.0% (122 of 122 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/it/ + +2020-10-21 Yaron Shahrabani + Yaron Shahrabani + + po: update translations using Weblate (Hebrew) + Currently translated at 100.0% (122 of 122 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/he/ + +2020-10-21 ikerexxe + + pam_motd: unset prompt value to drop privileges. + modules/pam_motd/pam_motd.c: set NULL value instead of "key user" for the + prompt when dropping privileges. + +2020-10-20 Tomas Mraz + + pam_modutil_sanitize_fds: Add explicit casts to avoid warnings. + + Revert "libpam/pam_modutil_sanitize.c: optimize the way to close fds" + This reverts commit 1b087edc7f05237bf5eccc405704cd82b848e761. + +2020-10-14 ikerexxe + + pam_motd: document file filtering. + modules/pam_motd/pam_motd.8.xml: document file filtering of motd + messages. + NEWS: annotate change. + +2020-10-14 ikerexxe + + pam_motd: filter motd by user and group. + modules/pam_motd/pam_motd.c: filter motd by user and group owning the + proper files. This is achieved by changing the ids of the process + reading the files from root to the target user. + + Resolves: + https://bugzilla.redhat.com/show_bug.cgi?id=1861640 + +2020-10-13 Mikhail Labiuk + + pam_faillock: fix invalid error message. + args_parse function pass "conf=" argument to set_conf_opt() after handling by self. + set_conf_opt is not able to handle "conf" argument and write error: + sddm-helper[415]: pam_faillock(sddm:auth): Unknown option: conf + +2020-10-05 ikerexxe + + pam_namespace: polyinstantiation refer to gdm doc. + modules/pam_namespace/pam_namespace.8.xml: delete obsolete information + about polyinstantiation and refer to gdm's documentation. + + Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1861841 + +2020-09-30 Anton D. Kachalov + + Prevent SEGFAULT for unknown UID. + When running systemd service with DynamicUser being set, the dynamic UID + might be not mapped to user name (/etc/nsswitch.conf is not configured + with systemd nss module). + + The getuidname() routine might return NULL and this is not checked by callee. + +2020-09-10 ikerexxe + + pam_wheel: clarify use_uid option in man page. + modules/pam_wheel/pam_wheel.8.xml: indicate that use_uid option uses the + real uid of the calling process. + +2020-09-10 ikerexxe + + pam_wheel: if getlogin fails fallback to PAM_RUSER. + modules/pam_wheel/pam_wheel.c: if getlogin fails to obtain the real user + ID, then try with PAM_RUSER. + + Resolves: + https://bugzilla.redhat.com/show_bug.cgi?id=1866866 + +2020-09-10 ikerexxe + + pam_wheel: improve coding style. + modules/pam_wheel/pam_wheel.c: improve indentation and explicitly state + condition statements + +2020-08-08 Dmitry V. Levin + + configure: add --disable-unix option. + Some distributions do not build pam_unix, e.g. ALT uses pam_tcb instead. + Add a configure option to disable build of pam_unix so that those who + choose not to build pam_unix no longer have to edit modules/Makefile.am + file. The default is unchanged, i.e. build of pam_unix is enabled. + + * configure.ac (AC_ARG_ENABLE): Add unix. + (AM_CONDITIONAL): Add COND_BUILD_PAM_UNIX. + * modules/Makefile.am [COND_BUILD_PAM_UNIX] (MAYBE_PAM_UNIX): Define. + (SUBDIRS): Replace pam_unix with $(COND_BUILD_PAM_UNIX). + +2020-08-07 Dmitry V. Levin + + Build all installed executables with -Wl,-z,now if available. + This makes them built with full RELRO if -Wl,-z,relro is specified. + + * m4/ld-z-now.m4: New file. + * m4/.gitignore: Add it to exclude list. + * configure.ac: Call PAM_LD_Z_NOW. + (EXE_LDFLAGS): Append $ZNOW_LDFLAGS. + +2020-08-07 Dmitry V. Levin + + modules: build all helpers with proper CFLAGS and LDFLAGS. + This makes all installed executables built with @EXE_CFLAGS@ and + @EXE_LDFLAGS@. + + * modules/pam_mkhomedir/Makefile.am (mkhomedir_helper_CFLAGS, + mkhomedir_helper_LDFLAGS): New variables. + * modules/pam_tally/Makefile.am (pam_tally_CFLAGS, pam_tally_LDFLAGS): + Likewise. + * modules/pam_tally2/Makefile.am (pam_tally2_CFLAGS, + pam_tally2_LDFLAGS): Likewise. + +2020-08-07 Dmitry V. Levin + + build: rename PIE_* AC_SUBST variables to EXE_* + There are going to be other options added to CFLAGS and LDFLAGS + of executables made along with modules. + + * configure.ac (EXE_CFLAGS, EXE_LDFLAGS): New variables initialized from + PIE_CFLAGS and PIE_LDFLAGS, respectively. AC_SUBST them instead of + PIE_CFLAGS and PIE_LDFLAGS. All users updated. + +2020-08-07 Dmitry V. Levin + + m4: make libprelude-config diagnostics less noisy. + Before this change, every normal build of Linux-PAM used to contain + the following diagnostics: + + checking for libprelude-config... no + checking for libprelude - version >= 0.9.0... no + *** The libprelude-config script installed by LIBPRELUDE could not be found + *** If LIBPRELUDE was installed in PREFIX, make sure PREFIX/bin is in + *** your path, or set the LIBPRELUDE_CONFIG environment variable to the + *** full path to libprelude-config. + + Given that libprelude-config is rarely used nowadays, + the first two lines of diagnostics should be enough. + + * m4/libprelude.m4 (AM_PATH_LIBPRELUDE): When libprelude-config + is not found, do not print the lengthy diagnostics unless + --with-libprelude-prefix was specified. + +2020-08-07 Dmitry V. Levin + + configure.ac: rewrite --disable-pie and -fpie/pie check. + * configure.ac: Rewrite -fpie/pie check using AC_LINK_IFELSE to make + the code more readable. Add --enable-pie=check support and make it + the default, terminate if --enable-pie is specified but -fpie/pie + support is not available. + + m4: rewrite ld --no-undefined check. + * m4/ld-no-undefined.m4: Rewrite using AC_LINK_IFELSE to create a more readable + autoconf macro. + + m4: rewrite ld --as-needed check. + * m4/ld-as-needed.m4: Rewrite using AC_LINK_IFELSE to create a more readable + autoconf macro. + + m4: rewrite ld -O1 check. + * m4/ld-O1.m4: Rewrite using AC_LINK_IFELSE to create a more readable + autoconf macro. + +2020-08-07 Dmitry V. Levin + + m4: rewrite __attribute__((unused)) check. + Rewrite using AC_CACHE_CHECK to create a more readable autoconf macro. + + * m4/attribute.m4: New file. + * m4/japhar_grep_cflags.m4: Remove. + * m4/.gitignore: Replace japhar_grep_cflags.m4 with attribute.m4. + * configure.ac: Replace AC_C___ATTRIBUTE__ with PAM_ATTRIBUTE_UNUSED. + +2020-08-06 Dmitry V. Levin + + build: add -Wcast-align=strict to WARN_CFLAGS. + This way -Wcast-align will be tested regardless of the target machine. + + * m4/warn_lang_flags.m4: Add gl_WARN_ADD([-Wcast-align=strict]). + +2020-08-06 Dmitry V. Levin + + configure.ac: rewrite WARN_CFLAGS initialization. + As the old machinery was not prepared for adding compiler options + conditionally when the compiler supports them, replace it with + a new machinery that implements this. + + * m4/warnings.m4: New file. + * m4/warn_lang_flags.m4: Likewise. + * m4/.gitignore: Add exclusions for them. + * m4/japhar_grep_cflags.m4 (JAPHAR_GREP_CFLAGS): Remove. + * configure.ac: Call pam_WARN_LANG_FLAGS. Remove all uses + of JAPHAR_GREP_CFLAGS. + +2020-08-06 Dmitry V. Levin + + Fix -Wcast-align compilation warnings on arm. + Apparently, gcc is also not smart enough to infer the alignment + of structure fields, for details see + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89133 + + Use unions to avoid these casts altogether, this fixes compilation + warnings reported by gcc on arm, e.g.: + + md5.c: In function 'MD5Update': + md5.c:92:35: error: cast increases required alignment of target type [-Werror=cast-align] + 92 | MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in); + | ^ + md5.c:101:35: error: cast increases required alignment of target type [-Werror=cast-align] + 101 | MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in); + | ^ + md5.c: In function 'MD5Final': + md5.c:136:35: error: cast increases required alignment of target type [-Werror=cast-align] + 136 | MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in); + | ^ + md5.c:147:9: error: cast increases required alignment of target type [-Werror=cast-align] + 147 | memcpy((uint32 *)ctx->in + 14, ctx->bits, 2*sizeof(uint32)); + | ^ + md5.c:149:34: error: cast increases required alignment of target type [-Werror=cast-align] + 149 | MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in); + | ^ + + * modules/pam_namespace/md5.h (struct MD5Context): Replace "buf" and + "in" fields with unions. All users updated. + * modules/pam_unix/md5.h (struct MD5Context): Likewise. + * modules/pam_timestamp/sha1.h (struct sha1_context.pending): Replace + with a union. All users updated. + + Complements: v1.4.0~195 ("Fix most of clang -Wcast-align compilation warnings") + +2020-08-05 Dmitry V. Levin + + pam_namespace: fix big-endian check in md5 implementation. + * modules/pam_namespace/md5.c: Do not check against the list of + architectures that are known to be little-endian, instead check + for WORDS_BIGENDIAN macro defined by AC_C_BIGENDIAN autoconf macro + on big-endian platforms. + +2020-08-05 Christian Göttsche + + pam_namespace: skip context translation. + These retrieved contexts are just passed to libselinux functions and not + printed or otherwise made available to the outside, so a context + translation to human readable MCS/MLS labels is not needed. + (see man:setrans.conf(5)) + + pam_xauth: skip context translation. + The retrieved context is just passed to libselinux functions and not + printed or otherwise made available to the outside, so a context + translation to human readable MCS/MLS labels is not needed. + (see man:setrans.conf(5)) + + pam_xauth: replace deprecated security_context_t. + libselinux 3.1 deprecated the typedef security_context_t. + Use the underlaying type. + + pam_unix: skip context translation. + These retrieved contexts are just passed to libselinux functions and not + printed or otherwise made available to the outside, so a context + translation to human readable MCS/MLS labels is not needed. + (see man:setrans.conf(5)) + + pam_unix: replace deprecated security_context_t. + libselinux 3.1 deprecated the typedef security_context_t. + Use the underlaying type. + + pam_rootok: skip context translation. + The retrieved context is just passed to the libselinux function + 'selinux_check_access()', so a context translation to human readable + MCS/MLS labels is not needed. (see man:setrans.conf(5)) + + pam_rootok: replace deprecated security_context_t. + libselinux 3.1 deprecated the typedef security_context_t. + Use the underlaying type. + + pam_namespace: replace deprecated matchpathcon. + The matchpathcon family is deprecated. + Use the selabel family. + + pam_namespace: replace deprecated security_context_t. + libselinux 3.1 deprecated the typedef security_context_t. + Use the underlaying type. + +2020-08-03 Christian Göttsche + + autotools: enable warnings. + +2020-08-03 Christian Göttsche + + autotools: update deprecated macros. + see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Obsolete-Macros.html + + - update AC_HELP_STRING to AS_HELP_STRING + - update AC_TRY_COMPILE to AC_COMPILE_IFELSE + - update AC_TRY_RUN to AC_RUN_IFELSE + - update AC_TRY_LINK to AC_LINK_IFELSE + +2020-08-03 Issam Maghni + + configure.ac: fix typo in --with-kernel-overflow-uid= option to match its documentation + +2020-07-22 Tomas Mraz + + pam_unix: Add comment for the ignored PAM_AUTHTOK_ERR case. + * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Add comment + about the reason for ignoring PAM_AUTHTOK_ERR. + +2020-07-22 Tomas Mraz + + Fix missing initialization of daysleft. + The daysleft otherwise stays uninitialized if there is no shadow entry. + + Regression from commit f5adefa. + + Fixes #255 + + * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Initialize daysleft. + +2020-07-20 Charles Lee + + po: update translations using Weblate (Chinese (Simplified)) + Currently translated at 100.0% (122 of 122 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/zh_CN/ + +2020-07-20 ikerexxe + + pam_pwhistory: add helper to handle SELinux. + The purpose of the helper is to enable tighter confinement of login and + password changing services. The helper is thus called only when SELinux + is enabled on the system. + + Resolves: https://github.com/linux-pam/linux-pam/pull/247 + +2020-07-19 A S Alam + + po: update translations using Weblate (Punjabi) + Currently translated at 100.0% (122 of 122 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/pa/ + +2020-07-15 Dmitry V. Levin + + pam_inline.h: cleanup pam_read_passwords a bit. + * libpam/include/pam_inline.h (pam_read_passwords): Increment pptr once + instead of using pptr+1 several times. This change is not expected + to affect the code generated by the compiler as the latter is likely + to perform the optimization itself. + +2020-07-15 ikerexxe + + Move read_passwords function from pam_unix to pam_inline.h. + [ldv: rewrote commit message] + + * modules/pam_unix/passverify.h (read_passwords): Remove prototype. + * modules/pam_unix/passverify.c (read_passwords): Move ... + * libpam/include/pam_inline.h: ... here, rename to pam_read_passwords, + add static inline qualifiers. + Include and . + * modules/pam_unix/unix_chkpwd.c: Include "pam_inline.h". + (main): Replace read_passwords with pam_read_passwords. + * modules/pam_unix/unix_update.c: Include "pam_inline.h". + (set_password): Replace read_passwords with pam_read_passwords. + +2020-07-15 Dmitry V. Levin + + pam_unix: use PAM_MAX_RESP_SIZE instead of its alias MAXPASS. + * modules/pam_unix/passverify.h (MAXPASS): Remove. + * modules/pam_unix/passverify.c (read_passwords): Replace MAXPASS + with PAM_MAX_RESP_SIZE. + * modules/pam_unix/pam_unix_passwd.c (_pam_unix_approve_pass): Likewise. + * modules/pam_unix/support.c (_unix_verify_password): Likewise. + * modules/pam_unix/unix_chkpwd.c (main): Likewise. + * modules/pam_unix/unix_update.c (set_password): Likewise. + +2020-07-09 Lucas Ramage + + pam_stress: create man page. + Resolves: https://github.com/linux-pam/linux-pam/issues/148 + + * modules/pam_stress/README: Remove. + * modules/pam_stress/README.xml: New file. + * modules/pam_stress/pam_stress.8.xml: Likewise. + * modules/pam_stress/Makefile.am (MAINTAINERCLEANFILES): Add + $(MANS) and README. + (EXTRA_DIST): Add $(XMLS). + (XMLS): Add README.xml and pam_stress.8.xml. + [HAVE_DOC] (dist_man_MANS): Add pam_stress.8. + [ENABLE_REGENERATE_MAN] (dist_noinst_DATA): Add README. + [ENABLE_REGENERATE_MAN]: Include $(top_srcdir)/Make.xml.rules. + * modules/pam_stress/.gitignore: Remove. + + Resolves: https://github.com/linux-pam/linux-pam/pull/184 + +2020-07-05 Dmitry V. Levin + + po: update translations using Weblate (Slovak) + Currently translated at 100.0% (122 of 122 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/sk/ + + po: update translations using Weblate (Portuguese (Brazil)) + + Currently translated at 100.0% (122 of 122 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/pt_BR/ + + po: update translations using Weblate (Dutch) + + Currently translated at 100.0% (122 of 122 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/nl/ + + po: update translations using Weblate (Italian) + + Currently translated at 100.0% (122 of 122 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/it/ + + po: update translations using Weblate (German) + + Currently translated at 100.0% (122 of 122 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/de/ + + po: update translations using Weblate (Catalan) + + Currently translated at 100.0% (122 of 122 strings). + + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ca/ + +2020-07-05 Yaron Shahrabani + + Translated using Weblate (Hebrew) + Currently translated at 75.4% (92 of 122 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/he/ + + Translated using Weblate (Arabic) + + Currently translated at 61.4% (75 of 122 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ar/ + +2020-07-02 Dmitry V. Levin + + misc_conv: fix potential information leak on error path. + * libpam_misc/misc_conv.c (read_string): Clear the stack buffer from + data read earlier from stdin in case of a read error. + +2020-07-01 ikerexxe + + pam_loginuid: fix unlikely negative 3rd argument of strncmp on error path + [ldv: rewrote commit message] + + * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Do not pass to + strncmp the return value of pam_modutil_read in an unlikely case when + the latter fails to read from /proc/self/uid_map. + +2020-07-01 ikerexxe + + pam_namespace, pam_mkhomedir: fix unlikely descriptor leaks on error path + [ldv: rewrote commit message] + + * modules/pam_mkhomedir/mkhomedir_helper.c (create_homedir): Close just + opened file descriptor "srcfd" in an unlikely case when it cannot be + fstat'ed. + * modules/pam_namespace/pam_namespace.c (create_instance): Close just + opened file descriptor "fd" in an unlikely case when it cannot be + fstat'ed. + +2020-07-01 ikerexxe + + pam_rootok: fix use of va_list. + CPPCHECK_WARNING (CWE-843): + error[va_end_missing]: va_list 'ap' was opened but not closed by + va_end(). + + [ldv: According to POSIX documentation, each invocation of va_start() + must be matched by a corresponding invocation of va_end(). + + According to the GNU libc documentation, "with most C compilers, + calling 'va_end' does nothing. This is always true in the GNU C + compiler. But you might as well call 'va_end' just in case your + program is someday compiled with a peculiar compiler." + + The main reason for applying this change is to pacify static analysis + tools like cppcheck that insist on strict POSIX conformance in this + respect.] + +2020-07-01 ikerexxe + + misc_conv: fix potential stack buffer overflow. + [ldv: rewrote commit message] + + * libpam_misc/misc_conv.c (read_string): Use _pam_overwrite_n instead + of _pam_overwrite to clear stack buffer "line" because the latter does + not have to be null-terminated. + +2020-07-01 Yaron Shahrabani + + Translated using Weblate (Hebrew) + Currently translated at 60.6% (74 of 122 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/he/ + +2020-06-30 Dmitry V. Levin + + misc_conv: remove redundant check. + * libpam_misc/misc_conv.c (read_string): Remove redundant nc > 0 + check as it has already been tested in the previous condition. + +2020-06-29 ikerexxe + + pam_limits: clarify configuration file. + Resolves: https://github.com/linux-pam/linux-pam/pull/249 + +2020-06-26 Dmitry V. Levin + + .gitignore: move doc-specific entries to doc/.gitignore. + + .gitignore: move module-specific entries to modules/.gitignore. + +2020-06-26 ikerexxe + + pam_namespace: add systemd service file to gitignore. + * modules/pam_namespace/.gitignore: Add pam_namespace.service. + + Complements: v1.4.0~247 ("pam_namespace: secure tmp-inst directories") + +2020-06-26 ikerexxe + + pam_faillock: add faillock executable to gitignore. + * modules/pam_faillock/.gitignore: Add faillock. + + Complements: v1.4.0~76 ("pam_faillock: New module for locking after multiple auth failures") + +2020-06-25 ikerexxe + + pam_env: clarify user_readenv option. + +2020-06-24 Baurzhan Muftakhidinov + + Translated using Weblate (Kazakh) + Currently translated at 100.0% (122 of 122 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/kk/ + +2020-06-24 Yaron Shahrabani + + Translated using Weblate (Hebrew) + Currently translated at 44.2% (54 of 122 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/he/ + +2020-06-22 Vito Caputo + + modules/pam_limits: add support for nonewprivs. + Expose prctl(PR_SET_NO_NEW_PRIVS) as "nonewprivs" item. + + The valid values are a boolean toggle 0/1 to keep semi-consistent + with the other numeric limits. It's slightly awkward as this is + an oddball relative to the other items in pam_limits but outside + of the item value itself this does seem at home in pam_limits. + + Resolves: https://github.com/linux-pam/linux-pam/issues/224 + Resolves: https://github.com/linux-pam/linux-pam/pull/225 + +2020-06-17 ikerexxe + + pam_usertype: avoid determining if user exists. + Taking a look at the time for the password prompt to appear it was + possible to determine if a user existed in a system. Solved it by + matching the runtime until the password prompt was shown by always + checking the password hash for an existing and a non-existing user. + + Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1629598 + +2020-06-17 ikerexxe + + pam_unix: avoid determining if user exists. + Taking a look at the time for the password prompt to appear it was + possible to determine if a user existed in a system. Solved it by + matching the runtime until the password prompt was shown by always + checking the password hash for an existing and a non-existing user. + + Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1629598 + +2020-06-17 ikerexxe + + pam_faillock: change /run/faillock/$USER permissions to 0660. + Nowadays, /run/faillock/$USER files have user:root ownership and 0600 + permissions. This forces the process that writes to these files to have + CAP_DAC_OVERRIDE capabilites. Just by changing the permissions to 0660 + the capability can be removed, which leads to a more secure system. + + Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1661822 + +2020-06-16 Dmitry V. Levin + + pam_modutil_check_user_in_passwd: avoid timing attacks. + * libpam/pam_modutil_check_user.c (pam_modutil_check_user_in_passwd): Do + not exit the file reading loop when the user is found, continue reading + the file to avoid timing attacks. + +2020-06-15 Fabrice Fontaine + + pam_faillock: fix build on musl. + Use pam_modutil_check_user_in_passwd in pam_faillock.c instead of + fgetpwent_r which is not available on musl. + + Resolves: https://github.com/linux-pam/linux-pam/issues/236 + Resolves: https://github.com/linux-pam/linux-pam/pull/237 + Fixes: http://autobuild.buildroot.org/results/0432736ffee376dd84757469434a4bbcfdcdaf4b + +2020-06-15 Fabrice Fontaine + Dmitry V. Levin + + Move check_user_in_passwd from pam_localuser.c to pam_modutil. + + * modules/pam_localuser/pam_localuser.c: Include + . + (pam_sm_authenticate): Replace check_user_in_passwd with + pam_modutil_check_user_in_passwd. + (check_user_in_passwd): Rename to pam_modutil_check_user_in_passwd, + move to ... + * libpam/pam_modutil_check_user.c: ... new file. + * libpam/Makefile.am (libpam_la_SOURCES): Add pam_modutil_check_user.c. + * libpam/include/security/pam_modutil.h + (pam_modutil_check_user_in_passwd): New function declaration. + * libpam/libpam.map (LIBPAM_MODUTIL_1.4.1): New interface. + +2020-06-15 Dmitry V. Levin + + configure.ac: fix non-portable use of test builtin. + Portable code should not assume that test builtin supports == operator. + + * configure.ac (opt_uidmin, opt_sysuidmin, opt_kerneloverflowuid): Fix + initialization. + + Resolves: https://github.com/linux-pam/linux-pam/issues/241 + Fixes: 926d7935e ("pam_usertype: new module to tell if uid is in login.defs ranges") + +2020-06-11 Fabrice Fontaine + + configure.ac: fix build failure when crypt() does not require libcrypt. + Since commit 522246d20e4cd92fadc2d760228cb7e78cbeb4c5, the build fails + if "none required" is returned by AC_SEARCH_LIBS for libcrypt. + + Resolves: https://github.com/linux-pam/linux-pam/pull/235 + Fixes: http://autobuild.buildroot.org/results/92b3dd7c984d2b843ac9aacacd69eec99f28743e + Fixes: v1.4.0~228 ("Use cached 'crypt' library result correctly") + +2020-06-04 Dmitry V. Levin + + build: do not generate tarballs compressed with bzip2 and gzip. + There are tarballs compressed with xz, that should be enough. + + * Makefile.am (AUTOMAKE_OPTIONS): Remove dist-bzip2, add no-dist-gzip. + (releasedocs): Do not create Linux-PAM-$(VERSION)-docs.tar.bz2 + and Linux-PAM-$(VERSION)-docs.tar.gz. + +2020-06-04 Dmitry V. Levin + + maint: document release procedure. + * maint/README-release: New file. + + maint: introduce gen-tag-message. + * maint/gen-tag-message: New script for preparing tag message. + + maint: introduce make-dist. + * maint/make-dist: New script for preparing release tarballs. + +2020-06-03 Dmitry V. Levin + + gitlog-to-changelog: update from gnulib. + +2020-05-29 Josef Möllers + Tomáš Mráz + Dmitry V. Levin + + pam_setquota: skip mountpoints equal to the user's $HOME. + Matthias Gerstner found the following issue: + + + So this pam_setquota module iterates over all mounted file systems using + `setmntent()` and `getmntent()`. It tries to find the longest match of + a file system mounted on /home/$USER or above (except when the + fs=/some/path parameter is passed to the pam module). + + The thing is that /home/$USER is owned by the unprivileged user. And + there exist tools like fusermount from libfuse which is by default + installed setuid-root for everybody. fusermount allows to mount a FUSE + file system using an arbitrary "source device name" as the unprivileged + user. + + Thus considering the following use case: + + 1) there is only the root file system (/) or a file system is mounted on + /home, but not on /home/$USER. + 2) the attacker mounts a fake FUSE file system over its own home directory: + + ``` + user $ export _FUSE_COMMFD=0 + user $ fusermount $HOME -ononempty,fsname=/dev/sda1 + ``` + + This will result in a mount entry in /proc/mounts looking like this: + + ``` + /dev/sda1 on /home/$USER type fuse (rw,nosuid,nodev,relatime,user_id=1000,group_id=100) + ``` + 3) when the attacker now logs in with pam_setquota configured then + pam_setquota will identify /dev/sda1 and the file system where + to apply the user's quota on. + + As a result an unprivileged user has full control over onto which block + device the quota is applied. + + + If the user's $HOME is on a separate partition, setting a quota on the + user's $HOME does not really make sense, so this patch skips mountpoints + equal to the user's $HOME, preventing the above mentioned bug as + a side-effect (or vice-versa). + + Reported-by: Matthias Gerstner + Resolves: https://github.com/linux-pam/linux-pam/pull/230 + +2020-05-25 Dmitry V. Levin + + pam_debug: do not invoke pam_get_user and do not set PAM_USER. + pam_debug used to invoke pam_get_user and set PAM_USER to "nobody" when + pam_get_user returns an empty string as the user name. When either of + these functions returned an error value, it used to return that error + value. This hasn't been documented, and I couldn't find any rationale + for this behaviour. + + * modules/pam_debug/pam_debug.c (pam_sm_authenticate): Do not invoke + pam_get_user and pam_set_item. + +2020-05-24 Yi-Jyun Pan + + Translated using Weblate (Chinese (Traditional)) + Currently translated at 100.0% (122 of 122 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/zh_TW/ + +2020-05-22 Dmitry V. Levin + + modules: downgrade syslog level for errors related to pam_get_user. + * modules/pam_faillock/pam_faillock.c (get_pam_user): Downgrade + the syslog level for diagnostics of errors returned by + pam_modutil_getpwnam for users returned by pam_get_user + from LOG_ERR to LOG_NOTICE. + * modules/pam_keyinit/pam_keyinit.c (do_keyinit): Likewise. + * modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise. + * modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): Likewise. + * modules/pam_loginuid/pam_loginuid.c (_pam_loginuid): Likewise. + * modules/pam_mail/pam_mail.c (_do_mail): Likewise. + * modules/pam_sepermit/pam_sepermit.c (sepermit_lock): Likewise. + * modules/pam_tally/pam_tally.c (pam_get_uid): Likewise. + * modules/pam_tally2/pam_tally2.c (pam_get_uid): Likewise. + * modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise. + * modules/pam_xauth/pam_xauth.c (pam_sm_open_session, + pam_sm_close_session): Likewise. + * modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Downgrade + the syslog level for diagnostics of errors returned by + pam_modutil_getpwnam for users returned by pam_get_user + from LOG_WARNING to LOG_NOTICE. + + Suggested-by: Tomáš Mráz + +2020-05-22 Dmitry V. Levin + + modules: downgrade syslog level for pam_get_user errors. + * modules/pam_access/pam_access.c (pam_sm_authenticate): Downgrade + the syslog level for pam_get_user errors from LOG_ERR to LOG_NOTICE. + * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Likewise. + * modules/pam_ftp/pam_ftp.c (pam_sm_authenticate): Likewise. + * modules/pam_group/pam_group.c (pam_sm_setcred): Likewise. + * modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise. + * modules/pam_loginuid/pam_loginuid.c (_pam_loginuid): Likewise. + * modules/pam_mail/pam_mail.c (_do_mail): Likewise. + * modules/pam_nologin/pam_nologin.c (perform_check): Likewise. + * modules/pam_rhosts/pam_rhosts.c (pam_sm_authenticate): Likewise. + * modules/pam_sepermit/pam_sepermit.c (pam_sm_authenticate): Likewise. + * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Likewise. + * modules/pam_tally/pam_tally.c (pam_get_uid): Likewise. + * modules/pam_tally2/pam_tally2.c (pam_get_uid): Likewise. + * modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Likewise. + * modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Likewise. + * modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise. + * modules/pam_userdb/pam_userdb.c (pam_sm_authenticate, + pam_sm_acct_mgmt): Likewise. + * modules/pam_usertype/pam_usertype.c (pam_usertype_get_uid): Likewise. + * modules/pam_xauth/pam_xauth.c (pam_sm_open_session, + pam_sm_close_session): Likewise. + * modules/pam_securetty/pam_securetty.c (securetty_perform_check): + Downgrade the syslog level for pam_get_user errors from LOG_WARNING + to LOG_NOTICE. + * modules/pam_stress/pam_stress.c (pam_sm_authenticate): Likewise. + + Suggested-by: Tomáš Mráz + +2020-05-22 Dmitry V. Levin + + pam_localuser: add a test for return values. + * modules/pam_localuser/tst-pam_localuser-retval.c: New file. + * modules/pam_localuser/Makefile.am (TESTS): Add $(check_PROGRAMS). + (check_PROGRAMS, tst_pam_localuser_retval_LDADD): New variables. + + pam_localuser: refactor pam_sm_authenticate. + * modules/pam_localuser/pam_localuser.c (check_user_in_passwd): New + function. + (pam_sm_authenticate): Use it. + +2020-05-22 Dmitry V. Levin + + pam_localuser: downgrade syslog level for errors related to user input. + * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Downgrade + the syslog level for errors related to pam_get_user from LOG_ERR to + LOG_NOTICE. + + Suggested-by: Tomáš Mráz + +2020-05-21 Dmitry V. Levin + + pam_localuser: re-format pam_sm_* function declarations. + +2020-05-21 Dmitry V. Levin + + pam_localuser: remove unused includes. + Also, remove unused MODULE_NAME macro. + + * modules/pam_localuser/pam_localuser.c: Stop including unused header + files. + (MODULE_NAME): Remove. + +2020-05-21 Dmitry V. Levin + + pam_localuser: forward error values returned by pam_get_user. + Starting with commit c2c601f5340a59c5c62193d55b555d384380ea38, + pam_get_user is guaranteed to return one of the following values: + PAM_SUCCESS, PAM_BUF_ERR, PAM_CONV_AGAIN, or PAM_CONV_ERR. + + * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Do not + replace non-PAM_CONV_AGAIN error values returned by pam_get_user with + PAM_SERVICE_ERR. + * modules/pam_localuser/pam_localuser.8.xml (RETURN VALUES): Document + new return values. + +2020-05-21 Dmitry V. Levin + + pam_localuser: return PAM_INCOMPLETE when pam_get_user returns PAM_CONV_AGAIN + Give the application a chance to handle PAM_INCOMPLETE. + + * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Return + PAM_INCOMPLETE instead of PAM_SERVICE_ERR when pam_get_user returns + PAM_CONV_AGAIN. + * modules/pam_localuser/pam_localuser.8.xml (RETURN VALUES): Document + it. + +2020-05-21 Dmitry V. Levin + + pam_localuser: open the passwd file after user name validation. + Since user name is untrusted input, it should be validated earlier + rather than later. + + * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Open + the passwd file after user name validation. + +2020-05-21 Dmitry V. Levin + + pam_localuser: use BUFSIZ as the line buffer size. + As BUFSIZ is the buffer size used in stdio, it must be an efficient size + for the line buffer. Also, it's larger than LINE_MAX used as the line + buffer size before this change, effectively raising the maximum user + name length supported by this module. + + * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Replace + LINE_MAX with BUFSIZ. + +2020-05-21 Dmitry V. Levin + + pam_localuser: handle long lines in passwd files properly. + Before this change, a long line in the passwd file used to be treated as + several lines which could potentially result to false match and, + consequently, to incorrect PAM_SUCCESS return value. + + * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Handle + long lines in passwd files properly. + +2020-05-21 Dmitry V. Levin + + pam_localuser: get rid of a temporary buffer. + * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Do not + copy the user name into a temporary buffer, use the user name itself in + comparisons. + + pam_localuser: log unrecognized options. + * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Log + unrecognized options. + +2020-05-21 Dmitry V. Levin + + pam_localuser: return PAM_SERVICE_ERR instead of PAM_SYSTEM_ERR. + When passwd file cannot be opened or the user name either cannot be + obtained or is not valid, return PAM_SERVICE_ERR instead of + PAM_SYSTEM_ERR. + + * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Return + PAM_SERVICE_ERR instead of PAM_SYSTEM_ERR. + +2020-05-21 Dmitry V. Levin + + pam_localuser: reject user names that are too long. + Too long user names used to be truncated which could potentially result + to false match and, consequently, to incorrect PAM_SUCCESS return value. + + * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Return + PAM_SERVICE_ERR if the user name is too long. + +2020-05-21 Dmitry V. Levin + + pam_localuser: reject user names containing a colon. + "root:x" is not a local user name even if the passwd file contains + a line starting with "root:x:". + + * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Return + PAM_PERM_DENIED if the user name contains a colon. + +2020-05-21 Dmitry V. Levin + + pam_mkhomedir: add a test for return values. + * modules/pam_mkhomedir/tst-pam_mkhomedir-retval.c: New file. + * modules/pam_mkhomedir/Makefile.am (TESTS): Add $(check_PROGRAMS). + (check_PROGRAMS, tst_pam_mkhomedir_retval_LDADD): New variables. + + pam_faildelay: add a test for return values. + * modules/pam_faildelay/tst-pam_faildelay-retval.c: New file. + * modules/pam_faildelay/Makefile.am (TESTS): Add $(check_PROGRAMS). + (check_PROGRAMS, tst_pam_faildelay_retval_LDADD): New variables. + + pam_rootok: add a test for return values. + * modules/pam_rootok/tst-pam_rootok-retval.c: New file. + * modules/pam_rootok/Makefile.am (TESTS): Add $(check_PROGRAMS). + (check_PROGRAMS, tst_pam_rootok_retval_LDADD): New variables. + + pam_nologin: add a test for return values. + * modules/pam_nologin/tst-pam_nologin-retval.c: New file. + * modules/pam_nologin/Makefile.am (TESTS): Add $(check_PROGRAMS). + (check_PROGRAMS, tst_pam_nologin_retval_LDADD): New variables. + + pam_echo: add a test for return values. + * modules/pam_echo/tst-pam_echo-retval.c: New file. + * modules/pam_echo/Makefile.am (TESTS): Add $(check_PROGRAMS). + (check_PROGRAMS, tst_pam_echo_retval_LDADD): New variables. + + pam_warn: add a test for return values. + * modules/pam_warn/tst-pam_warn-retval.c: New file. + * modules/pam_warn/Makefile.am (TESTS): Add $(check_PROGRAMS). + (check_PROGRAMS, tst_pam_warn_retval_LDADD): New variables. + + pam_debug: add a test for return values. + * modules/pam_debug/tst-pam_debug-retval.c: New file. + * modules/pam_debug/Makefile.am (TESTS): Add $(check_PROGRAMS). + (check_PROGRAMS, tst_pam_debug_retval_LDADD): New variables. + + pam_permit: add a test for return values. + * modules/pam_permit/tst-pam_permit-retval.c: New file. + * modules/pam_permit/Makefile.am (TESTS): Add $(check_PROGRAMS). + (check_PROGRAMS, tst_pam_permit_retval_LDADD): New variables. + + pam_deny: add a test for return values. + * modules/pam_deny/tst-pam_deny-retval.c: New file. + * modules/pam_deny/Makefile.am (TESTS): Add $(check_PROGRAMS). + (check_PROGRAMS, tst_pam_deny_retval_LDADD): New variables. + +2020-05-21 Dmitry V. Levin + + Introduce test_assert.h. + Introduce a new internal header file for definitions of handy macros + providing convenient assertion testing functionality. + + * libpam/include/test_assert.h: New file. + * libpam/Makefile.am (noinst_HEADERS): Add include/test_assert.h. + +2020-05-21 Andreas Henriksson + + Translated using Weblate (Swedish) + Currently translated at 100.0% (122 of 122 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/sv/ + +2020-05-17 Dmitry V. Levin + + doc: fix the description of stack jump effects. + Every stack jump, besides the jump itself, has a side effect which is + one of 'ignore', 'ok', or 'bad'. Unfortunately, the side effect is far + from obvious because it depends on the PAM function call, and the + documentation that contradicts the implementation does not help either. + + * doc/man/pam.conf-syntax.xml (actionN): Rewrite the description + of stack jump effects to match the implementation. + + Fixes: 871a6e14d65c3c446ae0af51166dabc7a47a2b56 + +2020-05-17 Weblate (bot) + Allan Nordhøy + Dmitry V. Levin + + Translations update from Weblate (#227) + * Translated using Weblate (Norwegian Bokmål) + + Currently translated at 99.1% (121 of 122 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/nb_NO/ + + * Translated using Weblate (Catalan) + + Currently translated at 98.3% (120 of 122 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ca/ + +2020-05-16 Dmitry V. Levin + + modules: do not check user name for emptyness before passing it to pam_modutil_getpwnam + pam_modutil_getpwnam is perfectly capable of handling empty strings as + user names, no need to double check that. + + * modules/pam_access/pam_access.c (pam_sm_authenticate): Do not check + the user name for emptyness before passing it to pam_modutil_getpwnam. + * modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise. + * modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Likewise. + * modules/pam_shells/pam_shells.c (perform_check): Likewise. + * modules/pam_tally/pam_tally.c (pam_get_uid): Likewise. + * modules/pam_tally2/pam_tally2.c (pam_get_uid): Likewise. + * modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise. + +2020-05-15 Dmitry V. Levin + + pam_usertype: Document return values forwarded from pam_get_user. + * modules/pam_usertype/pam_usertype.8.xml (RETURN VALUES): Document + PAM_BUF_ERR and PAM_CONV_ERR return values. + +2020-05-15 Dmitry V. Levin + + pam_usertype: return PAM_INCOMPLETE when pam_get_user returns PAM_CONV_AGAIN + Give the application a chance to handle PAM_INCOMPLETE. + + * modules/pam_usertype/pam_usertype.c (pam_usertype_get_uid): Return + PAM_INCOMPLETE instead of PAM_CONV_AGAIN when pam_get_user returns + PAM_CONV_AGAIN. + * modules/pam_usertype/pam_usertype.8.xml (RETURN VALUES): Document it. + +2020-05-15 Dmitry V. Levin + + pam_faillock: Document return values forwarded from pam_get_user. + * modules/pam_faillock/pam_faillock.8.xml (RETURN VALUES): Document + PAM_BUF_ERR and PAM_CONV_ERR return values. + +2020-05-15 Dmitry V. Levin + + pam_faillock: return PAM_INCOMPLETE when pam_get_user returns PAM_CONV_AGAIN + Give the application a chance to handle PAM_INCOMPLETE. + + * modules/pam_faillock/pam_faillock.c (get_pam_user): Return + PAM_INCOMPLETE instead of PAM_CONV_AGAIN when pam_get_user returns + PAM_CONV_AGAIN. + * modules/pam_faillock/pam_faillock.8.xml (RETURN VALUES): Document it. + +2020-05-15 Dmitry V. Levin + + pam_securetty: forward error values returned by pam_get_user. + Starting with commit c2c601f5340a59c5c62193d55b555d384380ea38, + pam_get_user is guaranteed to return one of the following values: + PAM_SUCCESS, PAM_BUF_ERR, PAM_CONV_AGAIN, or PAM_CONV_ERR. + + * modules/pam_securetty/pam_securetty.c (pam_sm_authenticate): Do not + replace non-PAM_CONV_AGAIN error values returned by pam_get_user with + PAM_SERVICE_ERR. + * modules/pam_securetty/pam_securetty.8.xml (RETURN VALUES): Document + new return values. + +2020-05-15 Dmitry V. Levin + + modules: do not check user name for NULL if pam_get_user returned PAM_SUCCESS + If pam_get_user returned PAM_SUCCESS, the user name is guaranteed + to be a valid C string, no need to double check that. + + * modules/pam_access/pam_access.c (pam_sm_authenticate): Do not check + for NULL the user name returned by pam_get_user when the latter returned + PAM_SUCCESS. + * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Likewise. + * modules/pam_debug/pam_debug.c (pam_sm_authenticate): Likewise. + * modules/pam_filter/pam_filter.c (process_args): Likewise. + * modules/pam_ftp/pam_ftp.c (pam_sm_authenticate): Likewise. + * modules/pam_group/pam_group.c (pam_sm_setcred): Likewise. + * modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise. + * modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): Likewise. + * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Likewise. + * modules/pam_mail/pam_mail.c (_do_mail): Likewise. + * modules/pam_nologin/pam_nologin.c (perform_check): Likewise. + * modules/pam_permit/pam_permit.c (pam_sm_authenticate): Likewise. + * modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Likewise. + * modules/pam_rhosts/pam_rhosts.c (pam_sm_authenticate): Likewise. + * modules/pam_securetty/pam_securetty.c (pam_sm_authenticate): Likewise. + * modules/pam_sepermit/pam_sepermit.c (pam_sm_authenticate): Likewise. + * modules/pam_shells/pam_shells.c (perform_check): Likewise. + * modules/pam_stress/pam_stress.c (pam_sm_authenticate): Likewise. + * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Likewise. + * modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Likewise. + * modules/pam_timestamp/pam_timestamp.c (get_timestamp_name): Likewise. + * modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise. + * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise. + * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Likewise. + * modules/pam_usertype/pam_usertype.c (pam_usertype_get_uid): Likewise. + * modules/pam_wheel/pam_wheel.c (perform_check): Likewise. + * modules/pam_userdb/pam_userdb.c (pam_sm_authenticate, pam_sm_acct_mgmt): + Likewise. + +2020-05-14 Dmitry V. Levin + + pam_umask: Document return values forwarded from pam_get_user. + * modules/pam_umask/pam_umask.8.xml (RETURN VALUES): Document + PAM_BUF_ERR, PAM_CONV_ERR, and PAM_INCOMPLETE return values. + + pam_exec: Document return values forwarded from pam_get_user. + * modules/pam_exec/pam_exec.8.xml (RETURN VALUES): Document + PAM_BUF_ERR, PAM_CONV_ERR, and PAM_INCOMPLETE return values. + +2020-05-13 Dmitry V. Levin + + Deprecate pam_cracklib, pam_tally, and pam_tally2. + Deprecate pam_cracklib, there are two better alternatives to this + obsolete module: pam_passwdqc from passwdqc project and pam_pwquality + from libpwquality project. + + Deprecate pam_tally and pam_tally2 in favour of pam_faillock. + + * configure.ac: Implement --enable-cracklib=check that enables build + of pam_cracklib when libcrack is available. + Disable build of pam_cracklib, pam_tally, and pam_tally2 by default. + * NEWS: Mention this change. + * ci/run-build-and-tests.sh (DISTCHECK_CONFIGURE_FLAGS): Add + --enable-tally, --enable-tally2, and --enable-cracklib=check + to check build of these deprecated modules. + +2020-05-13 Dmitry V. Levin + + NEWS: update. + +2020-05-12 Thorsten Kukuk <5908016+thkukuk@users.noreply.github.com> + + Use correct path for pam_namespace.service file (#223) + +2020-05-09 Dmitry V. Levin + + pam_setquota: fix return value when the user is unknown. + Following the bad example in pam_mkhomedir module, from the very + beginning pam_setquota module used to return PAM_CRED_INSUFFICIENT + when pam_modutil_getpwnam() returned an error. Fix this now + by changing the return value to PAM_USER_UNKNOWN. + + * modules/pam_setquota/pam_setquota.c (pam_sm_open_session): Return + PAM_USER_UNKNOWN instead of PAM_CRED_INSUFFICIENT. + * modules/pam_setquota/pam_setquota.8.xml (PAM_CRED_INSUFFICIENT): + Replace with PAM_USER_UNKNOWN. + +2020-05-09 Dmitry V. Levin + + pam_mkhomedir: fix return value when the user is unknown. + From the very beginning pam_mkhomedir module used to return + PAM_CRED_INSUFFICIENT when getpwnam() or pam_modutil_getpwnam() + returned an error. Fix this now by changing the return value + to PAM_USER_UNKNOWN. + + * modules/pam_mkhomedir/mkhomedir_helper.c (main): Return + PAM_USER_UNKNOWN instead of PAM_CRED_INSUFFICIENT. + * modules/pam_mkhomedir/pam_mkhomedir.c (pam_sm_open_session): Likewise. + * modules/pam_mkhomedir/pam_mkhomedir.8.xml (PAM_CRED_INSUFFICIENT): + Remove. + +2020-05-06 Dmitry V. Levin + + pam_get_user: do not override valid values returned by the conversation function + When the conversation function returned a value different from + PAM_CONV_AGAIN and provided no response, pam_get_user used to replace + the return value with PAM_CONV_ERR. Fix this and replace the return + value only if it was PAM_SUCCESS. + + * libpam/pam_item.c (pam_get_user): Do not override valid values + returned by the conversation function. + +2020-05-06 Dmitry V. Levin + + pam_get_user: filter conversation function return values. + Do not assume that the conversation function provided by the application + strictly follows the return values guidelines, replace undocumented + return values with PAM_CONV_ERR. + + * libpam/pam_item.c (pam_get_user): If the value returned by the + conversation function is not one of PAM_SUCCESS, PAM_BUF_ERR, + PAM_CONV_AGAIN, or PAM_CONV_ERR, replace it with PAM_CONV_ERR. + +2020-05-06 Dmitry V. Levin + + man: document other valid pam_get_user return values. + * doc/man/pam_get_user.3.xml (pam_get_user-return_values): Add + PAM_BUF_ERR, PAM_ABORT, and PAM_CONV_AGAIN. + +2020-05-06 Dmitry V. Levin + + pam_get_user: consistently return PAM_SYSTEM_ERR if user specified a NULL pointer + pam_get_user returns PAM_SYSTEM_ERR in case of pamh == NULL. + In case of user == NULL, however, it used to return PAM_PERM_DENIED, + and in case of NULL conversation function it used to return + PAM_SERVICE_ERR. + + According to the documentation, PAM_SYSTEM_ERR shall be returned + if a NULL pointer was submitted. + + Fix this inconsistency and return PAM_SYSTEM_ERR in each of these + programming error cases. + + * libpam/pam_item.c (pam_get_user): Return PAM_SYSTEM_ERR instead of + PAM_PERM_DENIED if user == NULL. Return PAM_SYSTEM_ERR instead of + PAM_SERVICE_ERR if pamh->pam_conversation == NULL. + +2020-05-06 Weblate (bot) + + Translations update from Weblate. + * Translated using Weblate (Spanish) + + Currently translated at 81.9% (100 of 122 strings) + + * Translated using Weblate (Portuguese) + + Currently translated at 100.0% (122 of 122 strings) + +2020-05-03 Dmitry V. Levin + + doc: remove references to PAM_SM_* macros. + Starting with commit a684595c0bbd88df71285f43fb27630e3829121e aka + Linux-PAM-1.3.0~14 (Remove "--enable-static-modules" option and support + from Linux-PAM), PAM_SM_* macros have no effect. + + modules: remove PAM_SM_* macros. + Starting with commit a684595c0bbd88df71285f43fb27630e3829121e aka + Linux-PAM-1.3.0~14 (Remove "--enable-static-modules" option and support + from Linux-PAM), PAM_SM_* macros have no effect. + +2020-05-03 Dmitry V. Levin + + pam_usertype: do not override the default prompt. + Following the bad example in pam_succeed_if module, from the very + beginning pam_usertype used to override the default prompt used by + pam_get_user() with "login: ". Fix this now. + + * modules/pam_usertype/pam_usertype.c (pam_sm_authenticate): Do not + request PAM_USER_PROMPT item, invoke pam_get_user() with the default + prompt. + +2020-05-03 Dmitry V. Levin + + pam_succeed_if: do not override the default prompt. + From the very beginning pam_succeed_if used to override the default + prompt used by pam_get_user() with "login: ". Fix this now. + + * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Do not + request PAM_USER_PROMPT item, invoke pam_get_user() with the default + prompt. + +2020-05-03 Dmitry V. Levin + + modules/*/Makefile.am: rename TESTS to dist_check_SCRIPTS. + ... and remove $(TESTS) from EXTRA_DIST. + + The change is performed automatically using the following script: + sed -i -e 's/^TESTS = \(tst.*\)/dist_check_SCRIPTS = \1\nTESTS = $(dist_check_SCRIPTS)/' \ + -e '/^EXTRA_DIST/ s/ \$(TESTS)//' modules/*/Makefile.am + +2020-05-03 Dmitry V. Levin + + modules/*/Makefile.am: rename man_MANS to dist_man_MANS. + ... and remove $(MANS) from EXTRA_DIST. + + The change is performed automatically using the following script: + sed -i 's/^man_MANS/dist_&/; /^EXTRA_DIST/ s/ \$(MANS)//' modules/*/Makefile.am + +2020-05-03 Dmitry V. Levin + + pam_namespace: cleanup pam_namespace.service installation. + * modules/pam_namespace/Makefile.am (service_DATA): New variable. + (install-data-local): Remove all commands related to servicedir. + (uninstall-local): Remove. + + Fixes: 59812d1cf ("pam_namespace: secure tmp-inst directories") + +2020-05-03 Dmitry V. Levin + + modules/*/Makefile.am: add dist_ prefix to *_DATA. + ... and remove $(DATA) from EXTRA_DIST. + + The change is performed automatically using the following script: + sed -i 's/^[a-z]*_DATA/dist_&/; /^EXTRA_DIST/ s/ \$(DATA)//' modules/*/Makefile.am + +2020-05-03 Dmitry V. Levin + + modules/pam_timestamp/Makefile.am: rename noinst_PROGRAMS to check_PROGRAMS + ... and remove nodist_TESTS. + + * modules/pam_timestamp/Makefile.am (nodist_TESTS): Remove. + (TESTS): Replace $(nodist_TESTS) with $(check_PROGRAMS). + (noinst_PROGRAMS): Rename to check_PROGRAMS. + +2020-05-03 Dmitry V. Levin + + modules/pam_timestamp/Makefile.am: rename dist_TESTS to dist_check_SCRIPTS + ... and remove it from EXTRA_DIST + + * modules/pam_timestamp/Makefile.am (EXTRA_DIST): Remove $(dist_TESTS). + (dist_TESTS): Rename to dist_check_SCRIPTS. + (TESTS): Replace $(dist_TESTS) with $(dist_check_SCRIPTS). + +2020-05-03 Dmitry V. Levin + + modules/pam_namespace/Makefile.am: add dist_ prefix to secureconf_SCRIPTS + ... and remove $(SCRIPTS) from EXTRA_DIST. + + * modules/pam_namespace/Makefile.am (EXTRA_DIST): Remove $(SCRIPTS). + (secureconf_SCRIPTS): Rename to dist_secureconf_SCRIPTS. + +2020-05-03 Dmitry V. Levin + + Translated using Weblate (Russian) + Currently translated at 100.0% (122 of 122 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ru/ + +2020-05-03 Yuri Chornoivan + + Translated using Weblate (Ukrainian) + Currently translated at 100.0% (122 of 122 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/uk/ + +2020-05-03 Oğuz Ersen + + Translated using Weblate (Turkish) + Currently translated at 100.0% (122 of 122 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/tr/ + +2020-05-03 Julien Humbert + + Translated using Weblate (French) + Currently translated at 100.0% (122 of 122 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/fr/ + +2020-05-03 scootergrisen + + Translated using Weblate (Danish) + Currently translated at 100.0% (122 of 122 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/da/ + +2020-05-03 Piotr Drąg + + Translated using Weblate (Polish) + Currently translated at 100.0% (122 of 122 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/pl/ + +2020-04-30 Tomas Mraz + + Update .po and .pot files after adding pam_faillock. + + pam_faillock: Correct the grammar of translated strings. + Also make the message the same as in pam_tally2. + + pam_faillock: Add conf option to use a different config file. + + pam_faillock: New module for locking after multiple auth failures. + +2020-04-29 Weblate (bot) + Alesker Abdullayev - FEDORA Azerbaijan + Allan Nordhøy + + Translations update from Weblate (#215) + Updated translation using Weblate + + * Translated using Weblate (Azerbaijani) + + Currently translated at 15.8% (19 of 120 strings) + + * Translated using Weblate (Norwegian Bokmål) + + Currently translated at 100.0% (120 of 120 strings) + +2020-04-28 Dmitry V. Levin + + build: rework vendordir substitution. + Since Make.xml.rules is the only place where XSLTPROC_CUSTOM was used, + remove stereotypic definitions from other Makefiles, this way we no + longer have to worry about vendordir being used somewhere else in + documentation files. + + Likewise, define VENDORDIR in config.h and remove stereotypic + -DVENDORDIR= additions from other Makefiles, this way we no longer + have to worry about VENDORDIR being used somewhere else in the code. + + * configure.ac (AM_CONDITIONAL): Remove HAVE_VENDORDIR. + (AC_DEFINE_UNQUOTED): Add VENDORDIR. + (AC_SUBST): Remove VENDORDIR, add STRINGPARAM_VENDORDIR. + * Make.xml.rules.in: Replace $(XSLTPROC_CUSTOM) with + @STRINGPARAM_VENDORDIR@. + * doc/man/Makefile.am (XSLTPROC_CUSTOM): Remove. + * libpam/Makefile.am [HAVE_VENDORDIR]: Remove. + * modules/pam_securetty/Makefile.am [HAVE_VENDORDIR]: Remove. + (XSLTPROC_CUSTOM): Remove. + * modules/pam_securetty/pam_securetty.c: Move definitions of local + macros after config.h to benefit from macros defined there. + +2020-04-28 Dmitry V. Levin + + Make.xml.rules: prepare for configure substitutions. + * Make.xml.rules: Rename to ... + * Make.xml.rules.in: ... new file. + * Makefile.am (EXTRA_DIST): Remove Make.xml.rules. + * configure.ac (AC_CONFIG_FILES): Add Make.xml.rules. + +2020-04-27 Dmitry V. Levin + + pam_namespace: replace namespace.init with $(SCRIPTS) in EXTRA_DIST. + As namespace.init is listed in secureconf_SCRIPTS which is part of + generated SCRIPTS variable. + + * modules/pam_namespace/Makefile.am (EXTRA_DIST): Replace namespace.init + with $(SCRIPTS). + +2020-04-27 Dmitry V. Levin + + pam_env: remove environment from EXTRA_DIST. + * modules/pam_env/Makefile.am (EXTRA_DIST): Remove environment as it is + listed in sysconf_DATA which is part of DATA which is already listed in + EXTRA_DIST. + +2020-04-27 Dmitry V. Levin + + modules/*/Makefile.am: remove $(secureconf_DATA) from EXTRA_DIST. + Since the whole $(DATA) is listed in EXTRA_DIST, $(secureconf_DATA) + can be safely de-listed. + + * modules/pam_access/Makefile.am (EXTRA_DIST): Remove + $(secureconf_DATA). + * modules/pam_env/Makefile.am: Likewise. + * modules/pam_group/Makefile.am: Likewise. + * modules/pam_limits/Makefile.am: Likewise. + * modules/pam_namespace/Makefile.am: Likewise. + * modules/pam_sepermit/Makefile.am: Likewise. + * modules/pam_time/Makefile.am: Likewise. + +2020-04-27 Dmitry V. Levin + + modules/*/Makefile.am: replace README with $(DATA) in EXTRA_DIST. + Since the GNU Automake distributes README files by default, the only + reason why README had to be listed in EXTRA_DIST was to make these + README files generated. + + Since README is also listed in noinst_DATA, we can safely replace + README in EXTRA_DIST with $(DATA), this also opens the way for + further EXTRA_DIST cleanup. + + * modules/*/Makefile.am (EXTRA_DIST): Replace README with $(DATA). + +2020-04-27 Dmitry V. Levin + + modules/*/Makefile.am: reorder lines to promote uniformity. + This is essentially a no-op change that makes modules/*/Makefile.am + files less divergent. + +2020-04-27 Dmitry V. Levin + + build: move README prerequisites rule from modules/*/Makefile.am to Make.xml.rules + As the rule is now the same in every modules/*/Makefile.am file, + move it to Make.xml.rules. + + * Make.xml.rules (README): New prerequisites rule. + * modules/pam_access/Makefile.am (README): Remove rule. + * modules/pam_cracklib/Makefile.am (README): Likewise. + * modules/pam_debug/Makefile.am (README): Likewise. + * modules/pam_deny/Makefile.am (README): Likewise. + * modules/pam_echo/Makefile.am (README): Likewise. + * modules/pam_env/Makefile.am (README): Likewise. + * modules/pam_exec/Makefile.am (README): Likewise. + * modules/pam_faildelay/Makefile.am (README): Likewise. + * modules/pam_filter/Makefile.am (README): Likewise. + * modules/pam_ftp/Makefile.am (README): Likewise. + * modules/pam_group/Makefile.am (README): Likewise. + * modules/pam_issue/Makefile.am (README): Likewise. + * modules/pam_keyinit/Makefile.am (README): Likewise. + * modules/pam_lastlog/Makefile.am (README): Likewise. + * modules/pam_limits/Makefile.am (README): Likewise. + * modules/pam_listfile/Makefile.am (README): Likewise. + * modules/pam_localuser/Makefile.am (README): Likewise. + * modules/pam_loginuid/Makefile.am (README): Likewise. + * modules/pam_mail/Makefile.am (README): Likewise. + * modules/pam_mkhomedir/Makefile.am (README): Likewise. + * modules/pam_motd/Makefile.am (README): Likewise. + * modules/pam_namespace/Makefile.am (README): Likewise. + * modules/pam_nologin/Makefile.am (README): Likewise. + * modules/pam_permit/Makefile.am (README): Likewise. + * modules/pam_pwhistory/Makefile.am (README): Likewise. + * modules/pam_rhosts/Makefile.am (README): Likewise. + * modules/pam_rootok/Makefile.am (README): Likewise. + * modules/pam_securetty/Makefile.am (README): Likewise. + * modules/pam_selinux/Makefile.am (README): Likewise. + * modules/pam_sepermit/Makefile.am (README): Likewise. + * modules/pam_setquota/Makefile.am (README): Likewise. + * modules/pam_shells/Makefile.am (README): Likewise. + * modules/pam_succeed_if/Makefile.am (README): Likewise. + * modules/pam_tally/Makefile.am (README): Likewise. + * modules/pam_tally2/Makefile.am (README): Likewise. + * modules/pam_time/Makefile.am (README): Likewise. + * modules/pam_timestamp/Makefile.am (README): Likewise. + * modules/pam_tty_audit/Makefile.am (README): Likewise. + * modules/pam_umask/Makefile.am (README): Likewise. + * modules/pam_unix/Makefile.am (README): Likewise. + * modules/pam_userdb/Makefile.am (README): Likewise. + * modules/pam_usertype/Makefile.am (README): Likewise. + * modules/pam_warn/Makefile.am (README): Likewise. + * modules/pam_wheel/Makefile.am (README): Likewise. + * modules/pam_xauth/Makefile.am (README): Likewise. + +2020-04-27 Dmitry V. Levin + + modules/*/Makefile.am: list prerequisites of README target uniformly. + There is no need to list prerequisites of README targets manually as + all README targets depend on $(XMLS). + + The change is performed automatically using the following script: + sed -i 's/^README: pam_.*/README: $(XMLS)/' modules/*/Makefile.am + + * modules/pam_access/Makefile.am (README): Replace pam_access.8.xml + and access.conf.5.xml with $(XMLS). + * modules/pam_cracklib/Makefile.am (README): Replace pam_cracklib.8.xml + with $(XMLS). + * modules/pam_debug/Makefile.am (README): Replace pam_debug.8.xml + with $(XMLS). + * modules/pam_deny/Makefile.am (README): Replace pam_deny.8.xml + with $(XMLS). + * modules/pam_echo/Makefile.am (README): Replace pam_echo.8.xml + with $(XMLS). + * modules/pam_env/Makefile.am (README): Replace pam_env.8.xml and + pam_env.conf.5.xml with $(XMLS). + * modules/pam_exec/Makefile.am (README): Replace pam_exec.8.xml + with $(XMLS). + * modules/pam_faildelay/Makefile.am (README): Replace + pam_faildelay.8.xml with $(XMLS). + * modules/pam_filter/Makefile.am (README): Replace pam_filter.8.xml + with $(XMLS). + * modules/pam_ftp/Makefile.am (README): Replace pam_ftp.8.xml with + $(XMLS). + * modules/pam_group/Makefile.am (README): Replace pam_group.8.xml + and group.conf.5.xml with $(XMLS). + * modules/pam_issue/Makefile.am (README): Replace pam_issue.8.xml + with $(XMLS). + * modules/pam_keyinit/Makefile.am (README): Replace pam_keyinit.8.xml + with $(XMLS). + * modules/pam_lastlog/Makefile.am (README): Replace pam_lastlog.8.xml + with $(XMLS). + * modules/pam_limits/Makefile.am (README): Replace pam_limits.8.xml + and limits.conf.5.xml with $(XMLS). + * modules/pam_listfile/Makefile.am (README): Replace pam_listfile.8.xml + with $(XMLS). + * modules/pam_localuser/Makefile.am (README): Replace + pam_localuser.8.xml with $(XMLS). + * modules/pam_loginuid/Makefile.am (README): Replace pam_loginuid.8.xml + with $(XMLS). + * modules/pam_mail/Makefile.am (README): Replace pam_mail.8.xml + with $(XMLS). + * modules/pam_mkhomedir/Makefile.am (README): Replace + pam_mkhomedir.8.xml with $(XMLS). + * modules/pam_motd/Makefile.am (README): Replace pam_motd.8.xml + with $(XMLS). + * modules/pam_namespace/Makefile.am (README): Replace + pam_namespace.8.xml, namespace.conf.5.xml, + and pam_namespace_helper.8.xml with $(XMLS). + * modules/pam_nologin/Makefile.am (README): Replace pam_nologin.8.xml + with $(XMLS). + * modules/pam_permit/Makefile.am (README): Replace pam_permit.8.xml + with $(XMLS). + * modules/pam_pwhistory/Makefile.am (README): Replace + pam_pwhistory.8.xml with $(XMLS). + * modules/pam_rhosts/Makefile.am (README): Replace pam_rhosts.8.xml + with $(XMLS). + * modules/pam_rootok/Makefile.am (README): Replace pam_rootok.8.xml + with $(XMLS). + * modules/pam_securetty/Makefile.am (README): Replace + pam_securetty.8.xml with $(XMLS). + * modules/pam_selinux/Makefile.am (README): Replace pam_selinux.8.xml + with $(XMLS). + * modules/pam_sepermit/Makefile.am (README): Replace pam_sepermit.8.xml + with $(XMLS). + * modules/pam_setquota/Makefile.am (README): Replace pam_setquota.8.xml + with $(XMLS). + * modules/pam_shells/Makefile.am (README): Replace pam_shells.8.xml + with $(XMLS). + * modules/pam_succeed_if/Makefile.am (README): Replace + pam_succeed_if.8.xml with $(XMLS). + * modules/pam_tally/Makefile.am (README): Replace pam_tally.8.xml + with $(XMLS). + * modules/pam_tally2/Makefile.am (README): Replace pam_tally2.8.xml + with $(XMLS). + * modules/pam_time/Makefile.am (README): Replace pam_time.8.xml and + time.conf.5.xml with $(XMLS). + * modules/pam_timestamp/Makefile.am (README): Replace + pam_timestamp.8.xml with $(XMLS). + * modules/pam_tty_audit/Makefile.am (README): Replace + pam_tty_audit.8.xml with $(XMLS). + * modules/pam_umask/Makefile.am (README): Replace pam_umask.8.xml + with $(XMLS). + * modules/pam_unix/Makefile.am (README): Replace pam_unix.8.xml + with $(XMLS). + * modules/pam_userdb/Makefile.am (README): Replace pam_userdb.8.xml + with $(XMLS). + * modules/pam_usertype/Makefile.am (README): Replace pam_usertype.8.xml + with $(XMLS). + * modules/pam_warn/Makefile.am (README): Replace pam_warn.8.xml + with $(XMLS). + * modules/pam_wheel/Makefile.am (README): Replace pam_wheel.8.xml + with $(XMLS). + * modules/pam_xauth/Makefile.am (README): Replace pam_xauth.8.xml + with $(XMLS). + +2020-04-27 Dmitry V. Levin + + modules/*/Makefile.am: list secureconf_DATA files in EXTRA_DIST uniformly + The change was prepared using the following script: + git grep -l secureconf_DATA modules/*/Makefile.am |while read m; do + t="$(sed '/^secureconf_DATA = /!d;s///;q' -- "$m")" + sed -i "/^EXTRA_DIST =/ s/\\<$t\\>/\$(secureconf_DATA)/" -- "$m" + done + + * modules/pam_access/Makefile.am (EXTRA_DIST): Replace access.conf with + $(secureconf_DATA). + * modules/pam_env/Makefile.am (EXTRA_DIST): Replace pam_env.conf with + $(secureconf_DATA). + * modules/pam_group/Makefile.am (EXTRA_DIST): Replace group.conf with + $(secureconf_DATA). + * modules/pam_limits/Makefile.am (EXTRA_DIST): Replace limits.conf with + $(secureconf_DATA). + * modules/pam_namespace/Makefile.am (EXTRA_DIST): Replace namespace.conf + with $(secureconf_DATA). + * modules/pam_sepermit/Makefile.am (EXTRA_DIST): Replace sepermit.conf + with $(secureconf_DATA). + * modules/pam_time/Makefile.am (EXTRA_DIST): Replace time.conf with + $(secureconf_DATA). + +2020-04-27 Dmitry V. Levin + + modules/*/Makefile.am: list manual pages in EXTRA_DIST uniformly. + List in EXTRA_DIST those manual pages that are listed in man_MANS + as $(MANS). + + * modules/pam_cracklib/Makefile.am (EXTRA_DIST): Replace pam_cracklib.8 + with $(MANS). + * modules/pam_keyinit/Makefile.am (EXTRA_DIST): Replace pam_keyinit.8 + with $(MANS). + * modules/pam_selinux/Makefile.am (EXTRA_DIST): Replace pam_selinux.8 + with $(MANS). + * modules/pam_sepermit/Makefile.am (EXTRA_DIST): Replace pam_sepermit.8 + and sepermit.conf.5 with $(MANS). + * modules/pam_tty_audit/Makefile.am (EXTRA_DIST): Replace + pam_tty_audit.8 with $(MANS). + * modules/pam_userdb/Makefile.am (EXTRA_DIST): Replace pam_userdb.8 with + $(MANS). + +2020-04-27 Dmitry V. Levin + + modules/*/Makefile.am: list tests in EXTRA_DIST uniformly. + The change was prepared using the following script: + git grep -l '^TESTS = tst-pam_' modules/ |while read m; do + t="$(sed '/^TESTS = tst-pam_/!d;s/^TESTS = //;q' -- "$m")" + sed -i "/^EXTRA_DIST =/ s/$t\\>/\$(TESTS)/" -- "$m" + done + + * modules/pam_access/Makefile.am (EXTRA_DIST): Replace tst-pam_access + with $(TESTS). + * modules/pam_cracklib/Makefile.am (EXTRA_DIST): Replace + tst-pam_cracklib with $(TESTS). + * modules/pam_debug/Makefile.am (EXTRA_DIST): Replace tst-pam_debug with + $(TESTS). + * modules/pam_deny/Makefile.am (EXTRA_DIST): Replace tst-pam_deny with + $(TESTS). + * modules/pam_echo/Makefile.am (EXTRA_DIST): Replace tst-pam_echo with + $(TESTS). + * modules/pam_env/Makefile.am (EXTRA_DIST): Replace tst-pam_env with + $(TESTS). + * modules/pam_exec/Makefile.am (EXTRA_DIST): Replace tst-pam_exec with + $(TESTS). + * modules/pam_faildelay/Makefile.am (EXTRA_DIST): Replace + tst-pam_faildelay with $(TESTS). + * modules/pam_filter/Makefile.am (EXTRA_DIST): Replace tst-pam_filter + with $(TESTS). + * modules/pam_ftp/Makefile.am (EXTRA_DIST): Replace tst-pam_ftp with + $(TESTS). + * modules/pam_group/Makefile.am (EXTRA_DIST): Replace tst-pam_group with + $(TESTS). + * modules/pam_issue/Makefile.am (EXTRA_DIST): Replace tst-pam_issue with + $(TESTS). + * modules/pam_keyinit/Makefile.am (EXTRA_DIST): Replace tst-pam_keyinit + with $(TESTS). + * modules/pam_lastlog/Makefile.am (EXTRA_DIST): Replace tst-pam_lastlog + with $(TESTS). + * modules/pam_limits/Makefile.am (EXTRA_DIST): Replace tst-pam_limits + with $(TESTS). + * modules/pam_listfile/Makefile.am (EXTRA_DIST): Replace + tst-pam_listfile with $(TESTS). + * modules/pam_localuser/Makefile.am (EXTRA_DIST): Replace + tst-pam_localuser with $(TESTS). + * modules/pam_loginuid/Makefile.am (EXTRA_DIST): Replace + tst-pam_loginuid with $(TESTS). + * modules/pam_mail/Makefile.am (EXTRA_DIST): Replace tst-pam_mail with + $(TESTS). + * modules/pam_mkhomedir/Makefile.am (EXTRA_DIST): Replace + tst-pam_mkhomedir with $(TESTS). + * modules/pam_motd/Makefile.am (EXTRA_DIST): Replace tst-pam_motd with + $(TESTS). + * modules/pam_namespace/Makefile.am (EXTRA_DIST): Replace + tst-pam_namespace with $(TESTS). + * modules/pam_nologin/Makefile.am (EXTRA_DIST): Replace tst-pam_nologin + with $(TESTS). + * modules/pam_permit/Makefile.am (EXTRA_DIST): Replace tst-pam_permit + with $(TESTS). + * modules/pam_pwhistory/Makefile.am (EXTRA_DIST): Replace + tst-pam_pwhistory with $(TESTS). + * modules/pam_rhosts/Makefile.am (EXTRA_DIST): Replace tst-pam_rhosts + with $(TESTS). + * modules/pam_rootok/Makefile.am (EXTRA_DIST): Replace tst-pam_rootok + with $(TESTS). + * modules/pam_securetty/Makefile.am (EXTRA_DIST): Replace + tst-pam_securetty with $(TESTS). + * modules/pam_sepermit/Makefile.am (EXTRA_DIST): Replace + tst-pam_sepermit with $(TESTS). + * modules/pam_setquota/Makefile.am (EXTRA_DIST): Replace + tst-pam_setquota with $(TESTS). + * modules/pam_shells/Makefile.am (EXTRA_DIST): Replace tst-pam_shells + with $(TESTS). + * modules/pam_stress/Makefile.am (EXTRA_DIST): Replace tst-pam_stress + with $(TESTS). + * modules/pam_succeed_if/Makefile.am (EXTRA_DIST): Replace + tst-pam_succeed_if with $(TESTS). + * modules/pam_tally/Makefile.am (EXTRA_DIST): Replace tst-pam_tally with + $(TESTS). + * modules/pam_tally2/Makefile.am (EXTRA_DIST): Replace tst-pam_tally2 + with $(TESTS). + * modules/pam_time/Makefile.am (EXTRA_DIST): Replace tst-pam_time with + $(TESTS). + * modules/pam_tty_audit/Makefile.am (EXTRA_DIST): Replace + tst-pam_tty_audit with $(TESTS). + * modules/pam_umask/Makefile.am (EXTRA_DIST): Replace tst-pam_umask with + $(TESTS). + * modules/pam_userdb/Makefile.am (EXTRA_DIST): Replace tst-pam_userdb + with $(TESTS). + * modules/pam_usertype/Makefile.am (EXTRA_DIST): Replace + tst-pam_usertype with $(TESTS). + * modules/pam_warn/Makefile.am (EXTRA_DIST): Replace tst-pam_warn with + $(TESTS). + * modules/pam_wheel/Makefile.am (EXTRA_DIST): Replace tst-pam_wheel with + $(TESTS). + * modules/pam_xauth/Makefile.am (EXTRA_DIST): Replace tst-pam_xauth with + $(TESTS). + +2020-04-27 Dmitry V. Levin + + pam_namespace: simplify distribution of manual pages. + * modules/pam_namespace/Makefile.am: Merge MAN5 and MAN8 into man_MANS. + +2020-04-27 Dmitry V. Levin + + modules/*/Makefile.am: remove manual pages from noinst_DATA. + Manual pages already belong to man_MANS, listing them also + in noinst_DATA does not help in any way. + + * modules/pam_cracklib/Makefile.am (noinst_DATA): Remove pam_cracklib.8. + * modules/pam_selinux/Makefile.am (noinst_DATA): Remove pam_selinux.8. + * modules/pam_sepermit/Makefile.am (noinst_DATA): Remove pam_sepermit.8 + and sepermit.conf.5. + * modules/pam_userdb/Makefile.am (noinst_DATA): Remove pam_userdb.8. + +2020-04-27 Dmitry V. Levin + + configure: fix dlopen check. + * configure.ac: Check for the library providing dlopen using + AC_SEARCH_LIBS instead of AC_CHECK_LIB to handle the case when + dlopen is a part of libc. + + configure: add --disable-tally and --disable-tally2 options. + * configure.ac (AC_ARG_ENABLE): Add tally and tally2. + (AM_CONDITIONAL): Add COND_BUILD_PAM_TALLY and COND_BUILD_PAM_TALLY2. + * modules/Makefile.am [COND_BUILD_PAM_TALLY] (MAYBE_PAM_TALLY): Define. + [COND_BUILD_PAM_TALLY2] (MAYBE_PAM_TALLY2): Likewise. + (SUBDIRS): Replace pam_tally with $(COND_BUILD_PAM_TALLY), pam_tally2 + with $(COND_BUILD_PAM_TALLY2). + +2020-04-26 Dmitry V. Levin + + build: move pam_selinux and pam_sepermit build conditions to modules/Makefile.am + * configure.ac (AM_CONDITIONAL): Replace HAVE_LIBSELINUX with + COND_BUILD_PAM_SELINUX and COND_BUILD_PAM_SEPERMIT. + * modules/Makefile.am [COND_BUILD_PAM_SELINUX] (MAYBE_PAM_SELINUX): + Define. + [COND_BUILD_PAM_SEPERMIT] (MAYBE_PAM_SEPERMIT): Likewise. + (SUBDIRS): Replace pam_selinux with $(MAYBE_PAM_SELINUX), + pam_sepermit with MAYBE_PAM_SEPERMIT. + * modules/pam_selinux/Makefile.am: Assume HAVE_LIBSELINUX. + * modules/pam_sepermit/Makefile.am: Likewise. + + build: simplify the check for unshare function. + * configure.ac (AC_CHECK_FUNCS): Do not set UNSHARE when checking for + unshare function. + (COND_BUILD_PAM_NAMESPACE): Check for $ac_cv_func_unshare instead of + $UNSHARE. + + build: move pam_namespace build condition to modules/Makefile.am. + * configure.ac (AM_CONDITIONAL): Replace HAVE_UNSHARE with + COND_BUILD_PAM_NAMESPACE. + * modules/Makefile.am [COND_BUILD_PAM_NAMESPACE] (MAYBE_PAM_NAMESPACE): + Define. + (SUBDIRS): Replace pam_namespace with $(MAYBE_PAM_NAMESPACE). + * modules/pam_namespace/Makefile.am: Assume HAVE_UNSHARE. + + build: move pam_userdb build condition to modules/Makefile.am. + * configure.ac (AM_CONDITIONAL): Replace HAVE_LIBDB with + COND_BUILD_PAM_USERDB. + * modules/Makefile.am [COND_BUILD_PAM_USERDB] (MAYBE_PAM_USERDB): + Define. + (SUBDIRS): Replace pam_userdb with $(MAYBE_PAM_USERDB). + * modules/pam_userdb/Makefile.am: Assume HAVE_LIBDB. + + build: remove unused HAVE_LIBCRACK. + * configure.ac (AC_DEFINE): Remove unused HAVE_LIBCRACK. + + build: move pam_cracklib build condition to modules/Makefile.am. + * configure.ac (AM_CONDITIONAL): Replace HAVE_LIBCRACK with + COND_BUILD_PAM_CRACKLIB. + * modules/Makefile.am [COND_BUILD_PAM_CRACKLIB] (MAYBE_PAM_CRACKLIB): + Define. + (SUBDIRS): Replace pam_cracklib with $(MAYBE_PAM_CRACKLIB). + * modules/pam_cracklib/Makefile.am: Assume HAVE_LIBCRACK. + + build: remove unused HAVE_KEY_MANAGEMENT. + * configure.ac (AC_DEFINE, AC_SUBST): Remove unused HAVE_KEY_MANAGEMENT. + (AC_CHECK_DECL): Remove unused ENOKEY. + + build: move pam_keyinit build condition to modules/Makefile.am. + * configure.ac (AM_CONDITIONAL): Replace HAVE_KEY_MANAGEMENT with + COND_BUILD_PAM_KEYINIT. + * modules/Makefile.am [COND_BUILD_PAM_KEYINIT] (MAYBE_PAM_KEYINIT): + Define. + (SUBDIRS): Replace pam_keyinit with $(MAYBE_PAM_KEYINIT). + * modules/pam_keyinit/Makefile.am: Assume HAVE_KEY_MANAGEMENT. + + build: remove unused AC_DEFINE([HAVE_AUDIT_TTY_STATUS]) + * configure.ac (AC_DEFINE): Remove unused HAVE_AUDIT_TTY_STATUS. + + build: move pam_tty_audit build condition to modules/Makefile.am. + * configure.ac (AM_CONDITIONAL): Replace HAVE_AUDIT_TTY_STATUS with + COND_BUILD_PAM_TTY_AUDIT. + * modules/Makefile.am [COND_BUILD_PAM_TTY_AUDIT] (MAYBE_PAM_TTY_AUDIT): + Define. + (SUBDIRS): Replace pam_tty_audit with $(MAYBE_PAM_TTY_AUDIT). + * modules/pam_tty_audit/Makefile.am: Assume HAVE_AUDIT_TTY_STATUS. + + configure.ac: sort COND_BUILD_* conditionals. + ... and move them closer to the end of configure.ac. + +2020-04-26 Dmitry V. Levin + + modules/Makefile.am: sort SUBDIRS. + Also list one element of SUBDIRS per line for the ease of maintenance. + + * modules/Makefile.am (SUBDIRS): List one per line, sort. + +2020-04-26 Dmitry V. Levin + + ci: add gcc-10 jobs. + * .github/workflows/ci.yml (gcc10-x86_64, gcc10-x86, gcc10-x32): + New jobs. + * .travis.yml (matrix): Add gcc-10 jobs on x86_64, x86, x32, + and ppc64le. + +2020-04-26 Dmitry V. Levin + + pam_issue: fix potential read out of bounds. + Reported by gcc-10 -Warray-bounds: + + In file included from /usr/include/string.h:494, + from modules/pam_issue/pam_issue.c:19: + In function 'strncat', + inlined from 'read_issue_quoted' at modules/pam_issue/pam_issue.c:197:3: + /usr/include/x86_64-linux-gnu/bits/string_fortified.h:136:10: error: '__builtin___strncat_chk' offset [260, 389] from the object at 'uts' is out of the bounds of referenced subobject 'version' with type 'char[65]' at offset 195 [-Werror=array-bounds] + 136 | return __builtin___strncat_chk (__dest, __src, __len, __bos (__dest)); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + In file included from modules/pam_issue/pam_issue.c:26: + modules/pam_issue/pam_issue.c: In function 'read_issue_quoted': + /usr/include/x86_64-linux-gnu/sys/utsname.h:59:10: note: subobject 'version' declared here + 59 | char version[_UTSNAME_VERSION_LENGTH]; + | ^~~~~~~ + In file included from /usr/include/string.h:494, + from modules/pam_issue/pam_issue.c:19: + In function 'strncat', + inlined from 'read_issue_quoted' at modules/pam_issue/pam_issue.c:188:3: + /usr/include/x86_64-linux-gnu/bits/string_fortified.h:136:10: error: '__builtin___strncat_chk' offset [65, 389] from the object at 'uts' is out of the bounds of referenced subobject 'sysname' with type 'char[65]' at offset 0 [-Werror=array-bounds] + 136 | return __builtin___strncat_chk (__dest, __src, __len, __bos (__dest)); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + In file included from modules/pam_issue/pam_issue.c:26: + modules/pam_issue/pam_issue.c: In function 'read_issue_quoted': + /usr/include/x86_64-linux-gnu/sys/utsname.h:51:10: note: subobject 'sysname' declared here + 51 | char sysname[_UTSNAME_SYSNAME_LENGTH]; + | ^~~~~~~ + In file included from /usr/include/string.h:494, + from modules/pam_issue/pam_issue.c:19: + In function 'strncat', + inlined from 'read_issue_quoted' at modules/pam_issue/pam_issue.c:194:3: + /usr/include/x86_64-linux-gnu/bits/string_fortified.h:136:10: error: '__builtin___strncat_chk' offset [195, 389] from the object at 'uts' is out of the bounds of referenced subobject 'release' with type 'char[65]' at offset 130 [-Werror=array-bounds] + 136 | return __builtin___strncat_chk (__dest, __src, __len, __bos (__dest)); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + In file included from modules/pam_issue/pam_issue.c:26: + modules/pam_issue/pam_issue.c: In function 'read_issue_quoted': + /usr/include/x86_64-linux-gnu/sys/utsname.h:57:10: note: subobject 'release' declared here + 57 | char release[_UTSNAME_RELEASE_LENGTH]; + | ^~~~~~~ + In file included from /usr/include/string.h:494, + from modules/pam_issue/pam_issue.c:19: + In function 'strncat', + inlined from 'read_issue_quoted' at modules/pam_issue/pam_issue.c:191:3: + /usr/include/x86_64-linux-gnu/bits/string_fortified.h:136:10: error: '__builtin___strncat_chk' offset [130, 389] from the object at 'uts' is out of the bounds of referenced subobject 'nodename' with type 'char[65]' at offset 65 [-Werror=array-bounds] + 136 | return __builtin___strncat_chk (__dest, __src, __len, __bos (__dest)); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + In file included from modules/pam_issue/pam_issue.c:26: + modules/pam_issue/pam_issue.c: In function 'read_issue_quoted': + /usr/include/x86_64-linux-gnu/sys/utsname.h:54:10: note: subobject 'nodename' declared here + 54 | char nodename[_UTSNAME_NODENAME_LENGTH]; + | ^~~~~~~~ + In file included from /usr/include/string.h:494, + from modules/pam_issue/pam_issue.c:19: + In function 'strncat', + inlined from 'read_issue_quoted' at modules/pam_issue/pam_issue.c:200:3: + /usr/include/x86_64-linux-gnu/bits/string_fortified.h:136:10: error: '__builtin___strncat_chk' offset [325, 389] from the object at 'uts' is out of the bounds of referenced subobject 'machine' with type 'char[65]' at offset 260 [-Werror=array-bounds] + 136 | return __builtin___strncat_chk (__dest, __src, __len, __bos (__dest)); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + In file included from modules/pam_issue/pam_issue.c:26: + modules/pam_issue/pam_issue.c: In function 'read_issue_quoted': + /usr/include/x86_64-linux-gnu/sys/utsname.h:62:10: note: subobject 'machine' declared here + 62 | char machine[_UTSNAME_MACHINE_LENGTH]; + | ^~~~~~~ + + * modules/pam_issue/pam_issue.c (read_issue_quoted): Rewrite to avoid + strncat from potentially not null-terminated string buffer fields + of struct utsname. + +2020-04-26 Dmitry V. Levin + + pam_motd: fix NULL dereference when at least one of motd directories is not available + * modules/pam_motd/pam_motd.c + (try_to_display_directories_with_overrides): Do not assign -1U to + dirscans_sizes[i] when scandir(motd_dir_path_split[i]) returns an error. + + Resolves: https://bugzilla.altlinux.org/38389 + Fixes: d57ab221 ("pam_motd: Cleanup the code and avoid unnecessary logging") + +2020-04-26 Dmitry V. Levin + + pam_motd: cleanup calloc invocations. + Apply the following calloc invocation idiom: + ptr = calloc(nmemb, sizeof(*ptr)); + + * modules/pam_motd/pam_motd.c (pam_split_string, + try_to_display_directories_with_overrides): Cleanup calloc invocations. + + Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)") + +2020-04-26 Dmitry V. Levin + + pam_motd: fix NULL dereference on error path. + * modules/pam_motd/pam_motd.c + (try_to_display_directories_with_overrides): Do not access + elements of dirscans_sizes array if dirscans_sizes == NULL + due to an earlier memory allocation error. + + Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)") + +2020-04-26 Dmitry V. Levin + + pam_motd: remove redundant return statement. + * modules/pam_motd/pam_motd.c + (try_to_display_directories_with_overrides): Remove return statement + at the end of the function returning void. + + Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)") + +2020-04-26 Dmitry V. Levin + + pam_motd: remove redundant prefix from syslog messages. + pam_syslog already does all the prefixing we need. + + * modules/pam_motd/pam_motd.c (pam_split_string, + try_to_display_directories_with_overrides): Remove "pam_motd: " prefix + from strings passed to pam_syslog. + + Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)") + +2020-04-26 Dmitry V. Levin + + pam_motd: fix memory leak. + pam_motd used to leak memory allocated for each motd file + successfully opened in try_to_display_directories_with_overrides. + + * modules/pam_motd/pam_motd.c + (try_to_display_directories_with_overrides): Free abs_path. + + Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)") + +2020-04-26 Dmitry V. Levin + + pam_motd: fix misleading error diagnostics. + Do not invoke calloc with the first argument equal to zero as the return + value can be NULL which is undistinguishable from memory allocation + error. + + * modules/pam_motd/pam_motd.c + (try_to_display_directories_with_overrides): Skip if there are no + directory entries (dirscans_size_total == 0). + + Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)") + +2020-04-26 Dmitry V. Levin + + pam_motd: do not zero the memory allocated by calloc. + As dirnames_all is allocated with calloc, zeroing it out is pointless. + + * modules/pam_motd/pam_motd.c + (try_to_display_directories_with_overrides): Remove redundant zeroing + of dirnames_all. + + Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)") + +2020-04-26 Dmitry V. Levin + + build: cleanup: do not add -DWITH_SELINUX to CFLAGS. + As WITH_SELINUX is already AC_DEFINE'd in configure.ac, + there is no point in adding -DWITH_SELINUX to CFLAGS. + + * libpam/Makefile.am [HAVE_LIBSELINUX] (AM_CFLAGS): Do not add + -DWITH_SELINUX. + * modules/pam_rootok/Makefile.am: Likewise. + * modules/pam_unix/Makefile.am: Likewise. + +2020-04-26 Dmitry V. Levin + + build: cleanup: replace "test ! -z" with "test -n" + * configure.ac: replace "test ! -z" with "test -n". + +2020-04-24 Dmitry V. Levin + + pam_filter: fix potential off-by-one heap buffer overflow. + Reported by gcc-10 -Wstringop-overflow: + + In file included from /usr/include/string.h:494, + from modules/pam_filter/pam_filter.c:14: + In function 'strcpy', + inlined from 'process_args' at modules/pam_filter/pam_filter.c:137:2, + inlined from 'need_a_filter.isra' at modules/pam_filter/pam_filter.c:618:12: + /usr/include/x86_64-linux-gnu/bits/string_fortified.h:90:10: warning: '__builtin_memcpy' writing 6 bytes into a region of size 5 [-Wstringop-overflow=] + 90 | return __builtin___strcpy_chk (__dest, __src, __bos (__dest)); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + modules/pam_filter/pam_filter.c: In function 'need_a_filter.isra': + modules/pam_filter/pam_filter.c:128:21: note: at offset 0 to an object with size 5 allocated by 'malloc' here + 128 | levp[0] = (char *) malloc(size); + | ^~~~~~~~~~~~ + + * modules/pam_filter/pam_filter.c (process_args): Fix off-by-one heap + buffer overflow in case of a filter without arguments (argc == 0). + +2020-04-24 Dmitry V. Levin + + pam_setquota: remove PAM_EXTERN and PAM_STATIC parts. + In other modules they were removed by commit Linux-PAM-1.3.0~14. + + * modules/pam_setquota/pam_setquota.c: Remove PAM_EXTERN and PAM_STATIC + parts. + +2020-04-24 Dmitry V. Levin + + pam_setquota: fix more harmless compilation warnings. + On ppc64le the compiler complains with the following diagnostics: + + pam_setquota.c: In function 'debug': + pam_setquota.c:48:59: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 6 has type '__u64' {aka 'const long unsigned int'} [-Wformat=] + 48 | pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu " + | ~~~^ + | | + | long long unsigned int + | %lu + ...... + 51 | p->dqb_bsoftlimit, p->dqb_bhardlimit, + | ~~~~~~~~~~~~~~~~~ + | | + | __u64 {aka const long unsigned int} + pam_setquota.c:48:75: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 7 has type '__u64' {aka 'const long unsigned int'} [-Wformat=] + 48 | pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu " + | ~~~^ + | | + | long long unsigned int + | %lu + ...... + 51 | p->dqb_bsoftlimit, p->dqb_bhardlimit, + | ~~~~~~~~~~~~~~~~~ + | | + | __u64 {aka const long unsigned int} + pam_setquota.c:48:31: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 8 has type '__u64' {aka 'const long unsigned int'} [-Wformat=] + 48 | pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu " + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + ...... + 52 | p->dqb_isoftlimit, p->dqb_ihardlimit, + | ~~~~~~~~~~~~~~~~~ + | | + | __u64 {aka const long unsigned int} + pam_setquota.c:49:46: note: format string is defined here + 49 | "isoftlimit=%llu ihardlimit=%llu btime=%llu itime=%llu", + | ~~~^ + | | + | long long unsigned int + | %lu + pam_setquota.c:48:31: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 9 has type '__u64' {aka 'const long unsigned int'} [-Wformat=] + 48 | pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu " + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + ...... + 52 | p->dqb_isoftlimit, p->dqb_ihardlimit, + | ~~~~~~~~~~~~~~~~~ + | | + | __u64 {aka const long unsigned int} + pam_setquota.c:49:62: note: format string is defined here + 49 | "isoftlimit=%llu ihardlimit=%llu btime=%llu itime=%llu", + | ~~~^ + | | + | long long unsigned int + | %lu + pam_setquota.c:48:31: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 10 has type '__u64' {aka 'const long unsigned int'} [-Wformat=] + 48 | pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu " + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + ...... + 53 | p->dqb_btime, p->dqb_itime); + | ~~~~~~~~~~~~ + | | + | __u64 {aka const long unsigned int} + pam_setquota.c:49:73: note: format string is defined here + 49 | "isoftlimit=%llu ihardlimit=%llu btime=%llu itime=%llu", + | ~~~^ + | | + | long long unsigned int + | %lu + pam_setquota.c:48:31: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 11 has type '__u64' {aka 'const long unsigned int'} [-Wformat=] + 48 | pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu " + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + ...... + 53 | p->dqb_btime, p->dqb_itime); + | ~~~~~~~~~~~~ + | | + | __u64 {aka const long unsigned int} + pam_setquota.c:49:84: note: format string is defined here + 49 | "isoftlimit=%llu ihardlimit=%llu btime=%llu itime=%llu", + | ~~~^ + | | + | long long unsigned int + | %lu + + * modules/pam_setquota/pam_setquota.c (debug): Cast fields of type __u64 + to unsigned long long. + +2020-04-24 Dmitry V. Levin + + pam_timestamp: include "config.h" in hmacsha1.c as the first header. + This ensures "config.h" is included before any system header + which fixes the following bug reported by ALT diagnostics: + + verify-elf: ERROR: ./lib/security/pam_timestamp.so: uses non-LFS functions: __fxstat open + + * modules/pam_timestamp/hmacsha1.c: Include "config.h". + +2020-04-24 Dmitry V. Levin + + libpamc.h: include "config.h" as the first header. + This ensures "config.h" is included before any system header included by + libpamc.h, which fixes the following bug reported by ALT diagnostics: + + verify-elf: ERROR: ./lib/libpamc.so.0.82.1: uses non-LFS functions: __xstat readdir + + * libpamc/libpamc.h: Include "config.h". + +2020-04-24 Dmitry V. Levin + + pam_setquota: apply WARN_CFLAGS. + All other modules already build with WARN_CFLAGS. + + * modules/pam_setquota/Makefile.am (AM_CFLAGS): Add $(WARN_CFLAGS). + +2020-04-24 Dmitry V. Levin + + pam_setquota: fix harmless compilation warnings. + Fix -Wunused-variable compilation warnings: + + pam_setquota.c: In function 'pam_sm_open_session': + pam_setquota.c:173:9: warning: unused variable 'ep' [-Wunused-variable] + 173 | char *ep, *val, *mntdevice = NULL; + | ^~ + pam_setquota.c:172:17: warning: unused variable 'ul' [-Wunused-variable] + 172 | unsigned long ul; + | ^~ + + Fix -Wunused-parameter compilation warnings: + + pam_setquota.c: In function 'pam_sm_open_session': + pam_setquota.c:169:60: warning: unused parameter 'flags' [-Wunused-parameter] + 169 | PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, + | ~~~~^~~~~ + pam_setquota.c: In function 'pam_sm_close_session': + pam_setquota.c:382:40: warning: unused parameter 'pamh' [-Wunused-parameter] + 382 | int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, + | ~~~~~~~~~~~~~~^~~~ + pam_setquota.c:382:50: warning: unused parameter 'flags' [-Wunused-parameter] + 382 | int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, + | ~~~~^~~~~ + pam_setquota.c:382:61: warning: unused parameter 'argc' [-Wunused-parameter] + 382 | int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, + | ~~~~^~~~ + pam_setquota.c:383:39: warning: unused parameter 'argv' [-Wunused-parameter] + 383 | const char **argv) { + | ~~~~~~~~~~~~~^~~~ + + * modules/pam_setquota/pam_setquota.c (pam_sm_open_session): Mark + 'flags' parameter as unused. Remove unused 'ep' and 'ul' variables. + (pam_sm_close_session): Mark all parameters as unused. + +2020-04-18 Oğuz Ersen + + Translated using Weblate (Turkish) + Currently translated at 100.0% (120 of 120 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/tr/ + Resolves: https://github.com/linux-pam/linux-pam/pull/214 + +2020-04-17 Sven Hartge + + pam_setquota: new module to set or modify disk quotas on session start. + This makes disk quotas usable with central user databases, such as MySQL or + LDAP. + + Resolves: https://github.com/linux-pam/linux-pam/issues/92 + +2020-04-15 Dmitry V. Levin + + pam_access, pam_issue: do not assume that getdomainname always exists. + * modules/pam_access/pam_access.c (netgroup_match): Place the code + that calls getdomainname under HAVE_GETDOMAINNAME guard. + * modules/pam_issue/pam_issue.c (read_issue_quoted): Likewise. + + Resolves: https://github.com/linux-pam/linux-pam/issues/43 + +2020-04-13 Oğuz Ersen + + Translated using Weblate (Turkish) + Currently translated at 100.0% (120 of 120 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/tr/ + +2020-04-13 Ankit Behera + + Translated using Weblate (Odia) + Currently translated at 100.0% (120 of 120 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/or/ + +2020-04-12 Topi Miettinen + + pam_unix: modernize example in manual page. + According to crypt(5), md5 should not be used for new hashes. Let's + give a modern example with yescrypt. + +2020-04-10 Robert Antoni Buj Gelonch + + Translated using Weblate (Catalan) + Currently translated at 100.0% (120 of 120 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ca/ + Resolves: https://github.com/linux-pam/linux-pam/pull/207 + +2020-04-07 Dmitry V. Levin + + travis: remove faulty jobs. + * .travis.yml: Remove faulty gcc-9 jobs on aarch64 and s390x, + gcc-9 became uninstallable on these platforms several days ago + and hasn't been fixed yet. + +2020-04-07 Lucas Ramage + + pam_access: add an example of using groups in access.conf to permit access + Resolves: https://github.com/linux-pam/linux-pam/issues/65 + Resolves: https://github.com/linux-pam/linux-pam/pull/199 + +2020-04-07 Dmitry V. Levin + + github: add CI action. + Somewhat similar to Travis CI, this runs "make distcheck" on Ubuntu + 18.04 using gcc-9, gcc-8, gcc, clang-9, clang-8, and clang on x86_64, + x86, and x32 architectures. + + Compared with Travis CI, GitHub Actions service currently provides + a significantly better parallelism as well as (unsurprisingly) + better integration with github. + + However, GitHub Actions cannot replace Travis CI completely yet as + the latter can build on aarch64, s390x, and ppc64le architectures. + + * .github/workflows/whitespace-errors-check.yml: Remove + * .github/workflows/ci.yml: New file. + +2020-04-07 scootergrisen + + Translated using Weblate (Danish) + Currently translated at 100.0% (120 of 120 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/da/ + +2020-04-07 scootergrisen + + Translated using Weblate (Danish) + Currently translated at 100.0% (120 of 120 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/da/ + +2020-03-31 Petr Lautrbach + + pam_timestamp: Fix // in TIMESTAMPDIR. + _PATH_VARRUN already provides trailing slash for building paths + + Fixes: + $ strings /usr/lib64/security/pam_timestamp.so | grep /run/ + /var/run//pam_timestamp + /var/run//pam_timestamp/_pam_timestamp_key + +2020-03-30 James Ralston + + pam_unix: Return PAM_AUTHINFO_UNAVAIL when appropriate. + The pam_unix.so will never return PAM_AUTHINFO_UNAVAIL on systems + that use the unix_chkpwd helper. + + The reason is that in unix_chkpwd.c, towards the end of main(), if + helper_verify_password() does not return PAM_SUCCESS, main() ignores + the actual error that helper_verify_password() returned and instead + returns PAM_AUTH_ERR. + + This commit corrects this behavior. Specifically, if + helper_verify_password() returns PAM_USER_UNKNOWN, which it does + when /etc/passwd entry indicates that shadow information is present + but the /etc/shadow entry is missing, the unix_chkpwd now exits + with PAM_AUTHINFO_UNAVAIL. For any other error from + helper_verify_password(), unix_chkpwd continues to exit with + PAM_AUTH_ERR. + + * modules/pam_unix/unix_chkpwd.c (main): Return PAM_AUTHINFO_UNAVAIL + when helper_verify_password() returns PAM_USER_UNKNOWN. + +2020-03-28 Dmitry V. Levin + + Fix various typos found using codespell tool. + + po: semi-automatically fix translations of pam_get_authtok default prompts + Complements: 4daceedd ("pam_get_authtok: fix i18n of default prompts") + +2020-03-24 Dmitry V. Levin + + _pam_load_module: reduce redundancy. + * libpam/pam_handlers.c (_pam_load_module): Reorganize $ISA handling + to reduce redundancy. + + Resolves: https://github.com/linux-pam/linux-pam/pull/198 + +2020-03-24 blueskycs2c + + pam_time: add conffile option to specify an alternative configuration file + Resolves: https://github.com/linux-pam/linux-pam/pull/163 + Resolves: https://github.com/linux-pam/linux-pam/pull/191 + +2020-03-23 Alexander Zubkov + + pam_exec: require user name to be ready for the command. + pam_exec module can be called when a user name has not been prompted + yet. And thus the command is called without a user name available. + This fix asks PAM for the user name to ensure it is ready or to force + the prompt. + + Resolves: https://github.com/linux-pam/linux-pam/issues/131 + Resolves: https://github.com/linux-pam/linux-pam/pull/195 + +2020-03-23 Christian Göttsche + + pam_selinux: fall back to log to syslog if audit logging fails. + Resolves: https://github.com/linux-pam/linux-pam/pull/194 + + pam_selinux: sanitize asprintf argument on failure. + + pam_selinux: print additional information on failures. + + pam_selinux: convert send_audit_message to void function. + The result is nowhere checked and other logging functions like + pam_syslog are also not checked. + + pam_selinux: fix indentation. + +2020-03-23 Christian Göttsche + + pam_selinux: substitute legacy security_context_t type. + `security_context_t` is a legacy typedef to `char *`, substitute all usage. + + See + https://github.com/SELinuxProject/selinux/commit/9eb9c9327563014ad6a807814e7975424642d5b9 + https://github.com/SELinuxProject/selinux/blob/f8c110c8a615eb640510eab39640a0957a6ba19c/libselinux/include/selinux/selinux.h#L16 + +2020-03-20 Jiri Grönroos + + Translated using Weblate (Finnish) + Currently translated at 90.8% (109 of 120 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/fi/ + +2020-03-20 Dmitry V. Levin + + Translated using Weblate (Slovak) + Currently translated at 100.0% (120 of 120 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/sk/ + + Translated using Weblate (Czech) + + Currently translated at 100.0% (120 of 120 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/cs/ + + Translated using Weblate (French) + + Currently translated at 100.0% (120 of 120 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/fr/ + +2020-03-20 Yuri Chornoivan + + Translated using Weblate (Ukrainian) + Currently translated at 100.0% (120 of 120 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/uk/ + +2020-03-20 Oğuz Ersen + + Translated using Weblate (Turkish) + Currently translated at 100.0% (120 of 120 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/tr/ + +2020-03-20 Geert Warrink + + Translated using Weblate (Dutch) + Currently translated at 100.0% (120 of 120 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/nl/ + +2020-03-20 Julien Humbert + + Translated using Weblate (French) + Currently translated at 100.0% (120 of 120 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/fr/ + +2020-03-20 Dmitry V. Levin + + Translated using Weblate (Russian) + Currently translated at 100.0% (120 of 120 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ru/ + + Translated using Weblate (Portuguese (Brazil)) + + Currently translated at 100.0% (120 of 120 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/pt_BR/ + + Translated using Weblate (Portuguese) + + Currently translated at 100.0% (120 of 120 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/pt/ + + Translated using Weblate (German) + + Currently translated at 100.0% (120 of 120 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/de/ + +2020-03-20 Piotr Drąg + + Translated using Weblate (Polish) + Currently translated at 100.0% (120 of 120 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/pl/ + +2020-03-19 Dmitry V. Levin + + modules/pam_userdb: use pam_str_skip_icase_prefix. + * modules/pam_userdb/pam_userdb.c: Include "pam_inline.h". + (_pam_parse, user_lookup): Use pam_str_skip_icase_prefix + instead of ugly strncasecmp invocations. + + modules/pam_umask: use pam_str_skip_icase_prefix. + * modules/pam_umask/pam_umask.c: Include "pam_inline.h". + (parse_option, setup_limits_from_gecos): Use pam_str_skip_icase_prefix + instead of ugly strncasecmp invocations. + + modules/pam_pwhistory: use pam_str_skip_icase_prefix. + * modules/pam_pwhistory/pam_pwhistory.c: Include "pam_inline.h". + (parse_option): Use pam_str_skip_icase_prefix instead of ugly + strncasecmp invocations. + + modules/pam_exec: use pam_str_skip_icase_prefix. + * modules/pam_exec/pam_exec.c (call_exec): Use pam_str_skip_icase_prefix + instead of ugly strncasecmp invocations. + +2020-03-19 Dmitry V. Levin + + Introduce pam_str_skip_icase_prefix_len and pam_str_skip_icase_prefix. + Every time I see a code like + if (strncasecmp(argv, "remember=", 9) == 0) + options->remember = strtol(&argv[9], NULL, 10); + my eyes are bleeding. + + Similar to pam_str_skip_prefix_len() and pam_str_skip_prefix(), + introduce a new helper inline function pam_str_skip_icase_prefix_len() + and a new macro pam_str_skip_icase_prefix() on top of it, to be used + in subsequent commits to cleanup the ugliness. + + * libpam/include/pam_inline.h (pam_str_skip_icase_prefix_len): New + function. + (pam_str_skip_icase_prefix): New macro. + +2020-03-19 Dmitry V. Levin + + modules/pam_xauth: use pam_str_skip_prefix. + * modules/pam_xauth/pam_xauth.c: Include "pam_inline.h". + (pam_sm_open_session, pam_sm_close_session): Use pam_str_skip_prefix + instead of ugly strncmp invocations. + + modules/pam_wheel: use pam_str_skip_prefix. + * modules/pam_wheel/pam_wheel.c: Include "pam_inline.h". + (_pam_parse): Use pam_str_skip_prefix instead of ugly strncmp + invocations. + +2020-03-19 Dmitry V. Levin + + modules/pam_unix: use pam_str_skip_prefix and pam_str_skip_prefix_len. + * modules/pam_unix/passverify.c: Include "pam_inline.h". + (verify_pwd_hash): Use pam_str_skip_prefix instead of ugly strncmp + invocations. + * modules/pam_unix/support.c: Include "pam_inline.h". + (_set_ctrl): Use pam_str_skip_prefix_len instead of hardcoding string + lengths. + * modules/pam_unix/md5_crypt.c: Include "pam_inline.h". + (crypt_md5): Use pam_str_skip_prefix_len. + + squash! modules/pam_unix: use pam_str_skip_prefix and pam_str_skip_prefix_len + +2020-03-19 Dmitry V. Levin + + modules/pam_tty_audit: use pam_str_skip_prefix. + * modules/pam_tty_audit/pam_tty_audit.c: Include "pam_inline.h". + (pam_sm_open_session): Use pam_str_skip_prefix instead of ugly strncmp + invocations. + + modules/pam_timestamp: use pam_str_skip_prefix. + * modules/pam_timestamp/pam_timestamp.c: Include "pam_inline.h". + (check_tty, get_timestamp_name, pam_sm_authenticate): Use + pam_str_skip_prefix instead of ugly strncmp invocations. + + modules/pam_tally: use pam_str_skip_prefix. + * modules/pam_tally/pam_tally.c: Include "pam_inline.h". + (tally_parse_args, getopts): Use pam_str_skip_prefix instead of ugly + strncmp invocations. + + modules/pam_tally2: use pam_str_skip_prefix. + * modules/pam_tally2/pam_tally2.c: Include "pam_inline.h". + (tally_parse_args, getopts): Use pam_str_skip_prefix instead of ugly + strncmp invocations. + + modules/pam_selinux: use pam_str_skip_prefix. + * modules/pam_selinux/pam_selinux.c: Include "pam_inline.h". + (compute_exec_context, compute_tty_context): Use pam_str_skip_prefix + instead of ugly strncmp invocations. + + modules/pam_securetty: use pam_str_skip_prefix and pam_str_skip_prefix_len + * modules/pam_securetty/pam_securetty.c: Include "pam_inline.h". + (securetty_perform_check): Use pam_str_skip_prefix and + pam_str_skip_prefix_len instead of ugly strncmp invocations. + + modules/pam_rhosts: use pam_str_skip_prefix. + * modules/pam_rhosts/pam_rhosts.c: Include "pam_inline.h". + (pam_sm_authenticate): Use pam_str_skip_prefix instead of ugly strncmp + invocations. + + modules/pam_nologin: use pam_str_skip_prefix. + * modules/pam_nologin/pam_nologin.c: Include "pam_inline.h". + (parse_args): Use pam_str_skip_prefix instead of ugly strncmp + invocations. + + modules/pam_namespace: use pam_str_skip_prefix. + * modules/pam_namespace/pam_namespace.c (root_shared): Use + pam_str_skip_prefix instead of ugly strncmp invocations. + + modules/pam_motd: use pam_str_skip_prefix. + * modules/pam_motd/pam_motd.c: Include "pam_inline.h". + (pam_sm_open_session): Use pam_str_skip_prefix instead of ugly strncmp + invocations. + + modules/pam_mkhomedir: use pam_str_skip_prefix. + * modules/pam_mkhomedir/pam_mkhomedir.c: Include "pam_inline.h". + (_pam_parse): Use pam_str_skip_prefix instead of ugly strncmp + invocations. + + modules/pam_mail: use pam_str_skip_prefix. + * modules/pam_mail/pam_mail.c: Include "pam_inline.h". + (_pam_parse): Use pam_str_skip_prefix instead of ugly strncmp + invocations. + + modules/pam_localuser: use pam_str_skip_prefix. + * modules/pam_localuser/pam_localuser.c: Include "pam_inline.h". + (pam_sm_authenticate): Use pam_str_skip_prefix instead of ugly strncmp + invocations. + + modules/pam_listfile: use pam_str_skip_prefix. + * modules/pam_listfile/pam_listfile.c: Include "pam_inline.h". + (pam_sm_authenticate): Use pam_str_skip_prefix instead of ugly strncmp + invocations. + + modules/pam_limits: use pam_str_skip_prefix. + * modules/pam_limits/pam_limits.c: Include "pam_inline.h". + (_pam_parse, parse_kernel_limits): Use pam_str_skip_prefix instead of + ugly strncmp invocations. + + modules/pam_lastlog: use pam_str_skip_prefix. + * modules/pam_lastlog/pam_lastlog.c: Include "pam_inline.h". + (_pam_auth_parse, get_tty): Use pam_str_skip_prefix instead of ugly + strncmp invocations. + + modules/pam_issue: use pam_str_skip_prefix. + * modules/pam_issue/pam_issue.c: Include "pam_inline.h". + (pam_sm_authenticate, read_issue_quoted): Use pam_str_skip_prefix + instead of ugly strncmp invocations. + + modules/pam_ftp: use pam_str_skip_prefix. + * modules/pam_ftp/pam_ftp.c: Include "pam_inline.h". + (_pam_parse): Use pam_str_skip_prefix instead of ugly strncmp invocations. + + modules/pam_env: use pam_str_skip_prefix. + * modules/pam_env/pam_env.c: Include "pam_inline.h". + (_pam_parse, _parse_line): Use pam_str_skip_prefix instead of ugly + strncmp invocations. + + modules/pam_echo: use pam_str_skip_prefix. + * modules/pam_echo/pam_echo.c: Include "pam_inline.h". + (pam_echo): Use pam_str_skip_prefix instead of ugly strncmp invocations. + + modules/pam_cracklib: use pam_str_skip_prefix. + * modules/pam_cracklib/pam_cracklib.c: Include "pam_inline.h". + (_pam_parse): Use pam_str_skip_prefix instead of ugly strncmp + invocations. + + modules/pam_access: use pam_str_skip_prefix. + * modules/pam_access/pam_access.c: Include "pam_inline.h". + (parse_args): Use pam_str_skip_prefix instead of ugly strncmp invocations. + +2020-03-19 Dmitry V. Levin + + Introduce pam_str_skip_prefix_len and pam_str_skip_prefix. + Every time I see a code like + if (!strncmp(*argv,"user_readenv=",13)) + *user_readenv = atoi(13+*argv); + my eyes are bleeding. + + Introduce a new helper inline function pam_str_skip_prefix_len() and + a new macro pam_str_skip_prefix() on top of it, to be used in subsequent + commits to cleanup the ugliness. + + * libpam/include/pam_inline.h: Include . + (pam_str_skip_prefix_len): New function. + (pam_str_skip_prefix): New macro. + +2020-03-19 Dmitry V. Levin + + Use PAM_ARRAY_SIZE. + Replace all instances of sizeof(x) / sizeof(*x) with PAM_ARRAY_SIZE(x) + which is less error-prone and implements an additional type check. + + * libpam/pam_handlers.c: Include "pam_inline.h". + (_pam_open_config_file): Use PAM_ARRAY_SIZE. + * modules/pam_exec/pam_exec.c: Include "pam_inline.h". + (call_exec): Use PAM_ARRAY_SIZE. + * modules/pam_namespace/pam_namespace.c: Include "pam_inline.h". + (filter_mntopts): Use PAM_ARRAY_SIZE. + * modules/pam_timestamp/hmacfile.c: Include "pam_inline.h". + (testvectors): Use PAM_ARRAY_SIZE. + * modules/pam_xauth/pam_xauth.c: Include "pam_inline.h". + (run_coprocess, pam_sm_open_session): Use PAM_ARRAY_SIZE. + * tests/tst-pam_get_item.c: Include "pam_inline.h". + (main): Use PAM_ARRAY_SIZE. + * tests/tst-pam_set_item.c: Likewise. + * xtests/tst-pam_pwhistory1.c: Likewise. + * xtests/tst-pam_time1.c: Likewise. + +2020-03-19 Dmitry V. Levin + + Introduce pam_inline.h. + Introduce a new internal header file for definitions of handly inline + functions and macros providing some convenient functionality to libpam + and its modules. + + * libpam/include/pam_cc_compat.h (PAM_SAME_TYPE): New macro. + * libpam/include/pam_inline.h: New file. + * libpam/Makefile.am (noinst_HEADERS): Add include/pam_inline.h. + +2020-03-19 Dmitry V. Levin + + modules/pam_cracklib: fix parsing of options without arguments. + Prefix match for options without arguments such as use_first_pass + is not correct, there has to be an exact match for these options. + + * modules/pam_cracklib/pam_cracklib.c (_pam_parse): Fix parsing + of reject_username, gecoscheck, enforce_for_root, use_authtok, + use_first_pass, and try_first_pass options. + +2020-03-19 Dmitry V. Levin + + ci: enable -Werror for all builds. + The main purpose of fixing all compilation warnings in the current code + base was to enable -Werror in CI builds so that no new warnings would + creep in. + + * ci/run-build-and-tests.sh (DISTCHECK_CONFIGURE_FLAGS): Add --enable-Werror. + +2020-03-19 Dmitry V. Levin + + configure: implement --enable-Werror option. + When configure is invoked with --enable-Werror option, + -Werror compiler option is added to WARN_CFLAGS. + + This new configure option is intended primarily for CI purposes. + + * configure.ac (AC_ARG_ENABLE): Add Werror. Forward -Werror + to JAPHAR_GREP_CFLAGS. + +2020-03-19 Dmitry V. Levin + + Fix remaining clang -Wcast-align compilation warnings. + Introduce DIAG_PUSH_IGNORE_CAST_ALIGN and DIAG_POP_IGNORE_CAST_ALIGN + macros, use them to silence remaining clang -Wcast-align compilation + warnings. + + * libpam/include/pam_cc_compat.h (DIAG_PUSH_IGNORE_CAST_ALIGN, + DIAG_POP_IGNORE_CAST_ALIGN): New macros. + * modules/pam_access/pam_access.c: Include "pam_cc_compat.h". + (from_match, network_netmask_match): Wrap inet_ntop invocations + in DIAG_PUSH_IGNORE_CAST_ALIGN and DIAG_POP_IGNORE_CAST_ALIGN. + +2020-03-19 Dmitry V. Levin + + Fix most of clang -Wcast-align compilation warnings. + Unlike gcc, clang is not smart enough to infer the alignment + of structure fields, so add some alignment hints to the code. + + * libpam/include/pam_cc_compat.h (PAM_ATTRIBUTE_ALIGNED): New macro. + * modules/pam_namespace/md5.h: Include "pam_cc_compat.h". + (struct MD5Context): Add PAM_ATTRIBUTE_ALIGNED to "in" field. + * modules/pam_namespace/md5.c [!(__i386__ || __x86_64__)] + (uint8_aligned): New type. + [!(__i386__ || __x86_64__)] (byteReverse): Use it instead of + unsigned char. + * modules/pam_timestamp/sha1.h: Include "pam_cc_compat.h". + (struct sha1_context): Add PAM_ATTRIBUTE_ALIGNED to pending field. + * modules/pam_unix/md5.h: Include "pam_cc_compat.h". + (struct MD5Context): Add PAM_ATTRIBUTE_ALIGNED to "in" field. + * modules/pam_unix/md5.c [!HIGHFIRST] (uint8_aligned): New type. + [!HIGHFIRST] (byteReverse): Use it instead of unsigned char. + +2020-03-19 Dmitry V. Levin + + modules/pam_tally, modules/pam_tally2: fix compilation warnings. + Fix the following compilation warnings reported by gcc + when sizeof(time_t) > sizeof(long), e.g. on x32: + + modules/pam_tally/pam_tally.c:541:7: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 5 has type ‘time_t’ {aka ‘long long int’} [-Wformat=] + 541 | _("The account is temporarily locked (%ld seconds left)."), + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + modules/pam_tally/pam_tally.c:546:40: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 6 has type ‘time_t’ {aka ‘long long int’} [-Wformat=] + 546 | "user %s (%lu) has time limit [%lds left]" + | ~~^ + | | + | long int + | %lld + ...... + 549 | oldtime+lock_time-time(NULL)); + | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + | | + | time_t {aka long long int} + + modules/pam_tally2/pam_tally2.c:592:27: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 5 has type ‘time_t’ {aka ‘long long int’} [-Wformat=] + 592 | pam_info(pamh, _("The account is temporarily locked (%ld seconds left)."), + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + modules/pam_tally2/pam_tally2.c:597:50: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 6 has type ‘time_t’ {aka ‘long long int’} [-Wformat=] + 597 | "user %s (%lu) has time limit [%lds left]" + | ~~^ + | | + | long int + | %lld + ...... + 600 | oldtime+opts->lock_time-time(NULL)); + | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + | | + | time_t {aka long long int} + + This change doesn't attempt to fix handling of 64-bit time_t on 32-bit + systems in these modules. + + * modules/pam_tally/pam_tally.c (tally_check): Cast time_t expressions + to long int before passing them to pam_info and pam_syslog. + * modules/pam_tally2/pam_tally2.c (tally_check): Likewise. + +2020-03-19 Dmitry V. Levin + + modules/pam_timestamp: fix compilation warnings. + Fix the following compilation warnings reported by gcc on ilp32 platforms: + + modules/pam_timestamp/hmacfile.c: In function ‘testvectors’: + modules/pam_timestamp/hmacfile.c:121:44: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 2 has type ‘size_t’ {aka ‘unsigned int’} [-Wformat=] + 121 | printf("Incorrect result for vector %lu\n", i + 1); + | ~~^ ~~~~~ + | | | + | | size_t {aka unsigned int} + | long unsigned int + | %u + modules/pam_timestamp/hmacfile.c:128:30: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 2 has type ‘size_t’ {aka ‘unsigned int’} [-Wformat=] + 128 | printf("Error in vector %lu.\n", i + 1); + | ~~^ ~~~~~ + | | | + | | size_t {aka unsigned int} + | long unsigned int + | %u + In function ‘strncpy’, + inlined from ‘pam_sm_open_session’ at modules/pam_timestamp/pam_timestamp.c:584:4: + /usr/include/bits/string_fortified.h:106:10: warning: ‘__builtin___strncpy_chk’ output may be truncated copying between 1 and 4095 bytes from a string of length 4095 [-Wstringop-truncation] + + * modules/pam_timestamp/hmacfile.c (testvectors): Cast the argument + of type size_t to unsigned long before passing it to printf. + * modules/pam_timestamp/pam_timestamp.c (pam_sm_open_session): Use + memcpy instead of strncpy as the source is not NUL-terminated, add an + extra check to ensure that iterator stays inside bounds. + +2020-03-19 Dmitry V. Levin + + modules/pam_unix: fix gcc compilation warnings. + When setreuid() fails, there is no way to proceed any further: either + the process credentials are unchanged but inappropriate, or they are + in an inconsistent state and nothing good could be made out of it. + This fixes the following compilation warnings: + + modules/pam_unix/passverify.c:209:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] + modules/pam_unix/passverify.c:211:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] + modules/pam_unix/passverify.c:213:6: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] + modules/pam_unix/passverify.c:214:6: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] + modules/pam_unix/passverify.c:222:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] + modules/pam_unix/passverify.c:224:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] + modules/pam_unix/passverify.c:225:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] + modules/pam_unix/passverify.c:226:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] + modules/pam_unix/passverify.c:209:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] + modules/pam_unix/passverify.c:211:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] + modules/pam_unix/passverify.c:213:6: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] + modules/pam_unix/passverify.c:214:6: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] + modules/pam_unix/passverify.c:222:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] + modules/pam_unix/passverify.c:224:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] + modules/pam_unix/passverify.c:225:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] + modules/pam_unix/passverify.c:226:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] + + * modules/pam_unix/passverify.c (get_account_info) [HELPER_COMPILE]: + Always check setreuid return code and return PAM_CRED_INSUFFICIENT + if setreuid failed. + +2020-03-19 Dmitry V. Levin + + modules/pam_access: fix compilation warning. + Fix the following compilation warning reported by gcc + when HAVE_LIBAUDIT is not set: + + modules/pam_access/pam_access.c: In function ‘login_access’: + modules/pam_access/pam_access.c:338:13: warning: variable ‘nonall_match’ set but not used [-Wunused-but-set-variable] + 338 | int nonall_match = NO; + | ^~~~~~~~~~~~ + + * modules/pam_access/pam_access.c (login_access): Enclose nonall_match + variable with HAVE_LIBAUDIT #ifdef's. + +2020-03-19 Dmitry V. Levin + + conf/pam_conv1: fix clang compilation warnings. + Fix the following compilation warnings reported by clang: + + pam_conv_y.y:12:23: warning: unused variable 'bisonid' [-Wunused-const-variable] + static const char bisonid[]= + ^ + pam_conv_l.l:12:23: warning: unused variable 'lexid' [-Wunused-const-variable] + static const char lexid[]= + ^ + + These static variables lost their meaning after repository conversion + from cvs to git and can be safely removed. + + * conf/pam_conv1/pam_conv_l.l (lexid): Remove. + * conf/pam_conv1/pam_conv_y.y (bisonid): Remove. + +2020-03-18 Dmitry V. Levin + + modules/pam_timestamp: fix clang compilation warning. + modules/pam_timestamp/pam_timestamp.c:807:17: warning: logical not + is only applied to the left hand side of this comparison + [-Wlogical-not-parentheses] + } else if (!timestamp_good(st.st... + ^ + + * modules/pam_timestamp/pam_timestamp.c (main): Change timestamp_good + return code check to a more traditional form. + +2020-03-18 Dmitry V. Levin + + github: check for whitespace errors on push and pull requests. + * .github/workflows/whitespace-errors-check.yml: New file. + + modules/pam_timestamp: fix EXTRA_DIST. + * modules/pam_timestamp/Makefile.am (EXTRA_DIST): Replace "$(man_MANS)" + with "$(MANS)" as the former is conditional on HAVE_DOC. + + modules/pam_namespace: fix EXTRA_DIST. + * modules/pam_namespace/Makefile.am (EXTRA_DIST): Replace + "$(MAN5) $(MAN8)" with "$(MANS)" as the former is conditional + on HAVE_DOC. + +2020-03-17 Christian Göttsche + + pam_usertype: exclude man-page generation when configured with --disable-doc + * modules/pam_usertype/Makefile.am (man_MANS): Make conditional + on HAVE_DOC. + + Resolves: https://github.com/linux-pam/linux-pam/pull/193 + +2020-03-17 Christian Göttsche + + pam_namespace: ignore pam_namespace_helper in git. + * modules/pam_namespace/.gitignore: New file. + + Resolves: https://github.com/linux-pam/linux-pam/pull/192 + +2020-03-13 Weblate + + Update translation files. + Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ + +2020-03-13 Ondrej Sulek + + Translated using Weblate (Slovak) + Currently translated at 100.0% (117 of 117 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/sk/ + +2020-03-13 Yuri Chornoivan + + Translated using Weblate (Ukrainian) + Currently translated at 100.0% (117 of 117 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/uk/ + +2020-03-13 Dmitry V. Levin + + Translated using Weblate (Portuguese (Brazil)) + Currently translated at 100.0% (117 of 117 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/pt_BR/ + + Translated using Weblate (Portuguese) + + Currently translated at 100.0% (117 of 117 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/pt/ + + Translated using Weblate (German) + + Currently translated at 91.4% (107 of 117 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/de/ + +2020-03-13 Tomas Mraz + + Adjust README with instructions for package prerequsities. + Also remove obsolete static modules instructions + +2020-03-11 Dmitry V. Levin + + pam_get_authtok: fix i18n of default prompts. + Change formatting of default prompts, making them translatable + to those languages that use a different word order. + From non-i18n perspective this change is essentially a no-op. + + * libpam/pam_get_authtok.c (PROMPTCURRENT): Replace with + PROMPT_CURRENT_ARG and PROMPT_CURRENT_NOARG. + (PROMPT1): Replace with PROMPT_NEW_ARG and PROMPT_NEW_NOARG. + (PROMPT2): Replace with PROMPT_RETYPE_ARG and PROMPT_RETYPE_NOARG. + (pam_get_authtok_internal, pam_get_authtok_verify): Use new macros. + * po/Linux-PAM.pot: Regenerated. + + Resolves: https://github.com/linux-pam/linux-pam/issues/29 + +2020-03-11 ikerexxe + + pam_selinux: check unknown object classes or permissions in current policy + Explanation: check whether unknown object classes or permissions are allowed or denied in the current policy + + Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1680961 + +2020-03-06 Weblate + + Update translation files. + Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ + +2020-03-06 Milo Casagrande + + Translated using Weblate (Italian) + Currently translated at 100.0% (117 of 117 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/it/ + +2020-03-06 Dmitry V. Levin + + Translated using Weblate (Zulu) + Currently translated at 63.2% (74 of 117 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/zu/ + + Translated using Weblate (Chinese (Traditional)) + + Currently translated at 81.1% (95 of 117 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/zh_TW/ + + Translated using Weblate (Chinese (Simplified)) + + Currently translated at 81.1% (95 of 117 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/zh_CN/ + + Translated using Weblate (Tamil) + + Currently translated at 81.1% (95 of 117 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ta/ + + Translated using Weblate (Sinhala) + + Currently translated at 65.8% (77 of 117 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/si/ + + Translated using Weblate (Russian) + + Currently translated at 100.0% (117 of 117 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ru/ + + Translated using Weblate (Portuguese (Brazil)) + + Currently translated at 81.1% (95 of 117 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/pt_BR/ + + Translated using Weblate (Kazakh) + + Currently translated at 81.1% (95 of 117 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/kk/ + + Translated using Weblate (Japanese) + + Currently translated at 81.1% (95 of 117 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ja/ + + Translated using Weblate (Hungarian) + + Currently translated at 81.1% (95 of 117 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/hu/ + + Translated using Weblate (Hindi) + + Currently translated at 81.1% (95 of 117 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/hi/ + + Translated using Weblate (Spanish) + + Currently translated at 81.1% (95 of 117 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/es/ + + Translated using Weblate (German) + + Currently translated at 81.1% (95 of 117 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/de/ + +2020-03-06 Oğuz Ersen + + Translated using Weblate (Turkish) + Currently translated at 100.0% (117 of 117 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/tr/ + +2020-03-06 Geert Warrink + + Translated using Weblate (Dutch) + Currently translated at 100.0% (117 of 117 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/nl/ + +2020-03-06 Julien Humbert + + Translated using Weblate (French) + Currently translated at 100.0% (117 of 117 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/fr/ + +2020-03-06 Piotr Drąg + + Translated using Weblate (Polish) + Currently translated at 100.0% (117 of 117 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/pl/ + + Translated using Weblate (Polish) + + Currently translated at 100.0% (117 of 117 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/pl/ + +2020-03-06 Tomas Mraz + + Add missing file to EXTRA_DIST. + * tests/Makefile.am: Add confdir to EXTRA_DIST. + + New API call pam_start_confdir() + To load PAM stack configurations from specified directory + +2020-03-05 Dmitry V. Levin + + Fix remaining references to sourceforge.net. + Linux-PAM moved to github long time ago, update the remaining + bug tracking references to point to github issues tracker. + + * README: Refer to https://github.com/linux-pam/linux-pam/issues + instead of sourceforge.net. + * po/Makevars: Refer to https://github.com/linux-pam/linux-pam/issues + instead of http://sourceforge.net/projects/pam . + * po/Linux-PAM.pot: Regenerated. + +2020-03-05 Dmitry V. Levin + + pam_unix: fix --disable-nis compilation warnings. + When the build is configured using --disable-nis option, gcc complains: + + pam_unix_passwd.c: In function '_do_setpass': + pam_unix_passwd.c:398:8: warning: unused variable 'master' [-Wunused-variable] + + support.c: In function '_unix_getpwnam': + support.c:305:21: warning: parameter 'nis' set but not used [-Wunused-but-set-parameter] + + * modules/pam_unix/pam_unix_passwd.c (_do_setpass): Move the definition + of "master" variable to [HAVE_NIS]. + * modules/pam_unix/support.c (_unix_getpwnam) [!(HAVE_YP_GET_DEFAULT_DOMAIN + && HAVE_YP_BIND && HAVE_YP_MATCH && HAVE_YP_UNBIND)]: Do not assign + the unused parameter but mark it as used. + +2020-03-05 Dmitry V. Levin + + Sort NEWS entries. + * NEWS (1.4.0): Sort module-related news entries. + +2020-03-05 Dmitry V. Levin + + Fix whitespace issues. + Remove trailing whitespace introduced by commit + f9c9c72121eada731e010ab3620762bcf63db08f. + Remove blank lines at EOF introduced by commit + 65d6735c5949ec233df9813f734e918a93fa36cf. + + This makes the project free of warnings reported by + git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD + + * doc/custom-html.xsl: Remove blank line at EOF. + * doc/custom-man.xsl: Likewise. + * modules/pam_motd/pam_motd.c: Remove trailing whitespace. + +2020-03-04 ed@s5h.net + + Adding package dependency hints to README. + +2020-03-04 Mark Wutzke + + Use cached 'crypt' library result correctly. + Configure script incorrectly used a non-cached variable (ac_lib) in the + cached code path. This results in no -lcrypt being defined resulting in + link errors on a re-build. + + Update configure.ac to use ac_cv_search_crypt (via ac_res) to setup the + correct library arguments. + +2020-03-03 Tomas Mraz + + Prepare for the 1.4.0 release. + + Updated LINGUAS to remove completely untranslated languages. + Updated pot and po files + +2020-03-03 Tomáš Mráz + + Translated using Weblate (Czech) + Currently translated at 100.0% (116 of 116 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/cs/ + +2020-03-03 Oğuz Ersen + + Translated using Weblate (Turkish) + Currently translated at 100.0% (121 of 121 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/tr/ + +2020-03-03 Julien Humbert + + Translated using Weblate (French) + Currently translated at 100.0% (121 of 121 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/fr/ + +2020-03-03 Piotr Drąg + + Translated using Weblate (Polish) + Currently translated at 100.0% (121 of 121 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/pl/ + + Translated using Weblate (Polish) + + Currently translated at 100.0% (121 of 121 strings) + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/pl/ + +2020-03-03 Jean-Baptiste Holcroft + + Deleted translation using Weblate (Cornish) + Deleted translation using Weblate (German (Low)) + + Deleted translation using Weblate (Angika) + + Deleted translation using Weblate (English (United Kingdom)) + + Deleted translation using Weblate (Asturian) + + Deleted translation using Weblate (bal (generated)) + + Deleted translation using Weblate (Bodo) + + Deleted translation using Weblate (Breton) + + Deleted translation using Weblate (Cornish) + + Deleted translation using Weblate (Cornish) + + Deleted translation using Weblate (ilo (generated)) + + Deleted translation using Weblate (Maithili) + + Deleted translation using Weblate (Pedi) + + Deleted translation using Weblate (Tibetan) + + Deleted translation using Weblate (Twi) + + Deleted translation using Weblate (wba (generated)) + +2020-03-03 Weblate + + Update translation files. + Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. + + Translation: linux-pam/master + Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ + +2020-02-27 Iker Pedrosa + + pam_tty_audit: if kernel audit is disabled return PAM_IGNORE. + If kernel audit is disabled the socket open will return + EPROTONOSUPPORT. + Return PAM_IGNORE from pam_tty_audit and log a warning + in this situation so login is not blocked by the module. + +2020-02-26 Dmitry V. Levin + + pam_modutil_sanitize_helper_fds: fix SIGPIPE effect of PAM_MODUTIL_PIPE_FD + When pam_modutil_sanitize_helper_fds() is invoked with + PAM_MODUTIL_PIPE_FD to provide a dummy pipe descriptor for stdout + or stderr, it closes the read end of the newly created dummy pipe. + The negative side effect of this approach is that any write to such + descriptor triggers a SIGPIPE. Avoid this by closing the write end of + the dummy pipe and using its read end as a dummy pipe descriptor for + output. Any read from such descriptor returns 0, and any write just + fails with EBADF, which should work better with unprepared writers. + + * libpam/pam_modutil_sanitize.c (redirect_out_pipe): Remove. + (redirect_out): Call redirect_in_pipe instead of redirect_out_pipe. + + Fixes: b0ec5d1e ("Introduce pam_modutil_sanitize_helper_fds") + +2020-02-26 TBK + + libpamc: Use ISO C99 uintX_t types instead of u_intX_t. + u_intX_t is a glibcism this fixes the issue of compiling against musl libc. + +2020-02-25 Tomas Mraz + + pam_group, pam_time: Fix regression in documentation from last change. + * modules/pam_group/group.conf.5.xml: Replace bare & with &. + * modules/pam_time/time.conf.5.xml: Likewise. + +2020-02-24 Tomas Mraz + + pam_limits: Document the unwanted effect of set_all with systemd. + + misc_conv: Use PAM_MAX_RESP_SIZE to limit the length of the input. + + pam_group, pam_time: Fix logical error with multiple ! operators. + * modules/pam_group/group.conf.5.xml: Document what logic list means. + * modules/pam_time/time.conf.5.xml: Likewise. + * modules/pam_group/pam_group.c (logic_field): Clear the not operator for the + further operations. + * modules/pam_time/pam_time.c (logic_field): Likewise. + +2020-02-24 Tomas Mraz + + pam_shells: Recognize /bin/sh as the default shell. + If the shell is empty in /etc/passwd entry it means /bin/sh. + + * modules/pam_shells/pam_shells.c (perform_check): Use /bin/sh as default shell. + +2020-02-24 Tomas Mraz + + pam_env: Change the default to not read the user .pam_environment file. + * modules/pam_env/pam_env.8.xml: Document the change. + * modules/pam_env/pam_env.c: Set DEFAULT_USER_READ_ENVFILE to 0. + +2020-02-24 Tomas Mraz + + pam_env: code cleanups. + Raise BUF_SIZE to 8192 bytes. + + * modules/pam_env/pam_env.c (_parse_env_file): Ignore lines starting with '='. + (_assemble_line): Detect long lines and binary files. + (_check_var): Avoid overwriting global variable. + (_expand_arg): Avoid repeated strlen calls. + +2020-02-18 Topi Miettinen + + pam_namespace: secure tmp-inst directories. + When using polyinstantiation for /tmp and/or /var/tmp, pam_namespace + creates subdirectories with fixed name tmp-inst. These paths should be + secured as early as possible to avoid that somehow these directories + could created and controlled by for example a malicious user or + service. + + Ship a systemd service, which creates the directories early in + boot sequence with correct permissions and ownership. + + Closes #111. + +2020-02-18 Tomas Mraz + + Fix warnings from the recent PR merges. + * modules/pam_succeed_if/pam_succeed_if.c: Fix const issues. + * modules/pam_usertype/pam_usertype.c: Avoid maybe used uninitialized warning. + +2020-02-18 Pavel Březina + + pam_unix: add nullresetok option to allow reset blank passwords. + Adding nullresetok to auth phase of pam_unix module will allow users + with blank password to authenticate in order to immediatelly change + their password even if nullok is not set. + + This allows to have blank password authentication disabled but still + allows administrator to create new user accounts with expired blank + password that must be change on the first login. + +2020-02-18 Serghei Anicheev + + pam_succeed_if: Add list support for group membership checks. + Examples: + account requisite pam_succeed_if.so user ingroup group1:group2 + OR + account requisite pam_succeed_if.so user notingroup group1:group2 + OR + account requisite pam_succeed_if.so user ingroup wheel + OR + account requisite pam_succeed_if.so user notingroup wheel + + Can be very convenient to grant access based on complex group memberships (LDAP, etc) + +2020-02-18 MIZUTA Takeshi + + Remove redundant header file inclusion. + There are some source code including the same header file redundantly. + We remove these redundant header file inclusion. + +2020-01-29 edneville + + pam_tally[2]: Updating man pages to indicate account leakage without silent + * modules/pam_tally/pam_tally.8.xml: Mention account leakage without silent + * modules/pam_tally2/pam_tally2.8.xml: Mention account leakage without silent + +2020-01-29 Jakub Wilk + + pam_keyinit.8: add missing comma. + +2020-01-28 Pavel Březina + + pam_usertype: new module to tell if uid is in login.defs ranges. + This module will check if the user account type is system or regular based + on its uid. To evaluate the condition it will use 0-99 reserved range + together with `SYS_UID_MIN` and `SYS_UID_MAX` values from `/etc/login.defs`. + + If these values are not set, it uses configure-time defaults + `--with-sys-uid-min` and `--with-uid-min` (according to `login.defs` man page + `SYS_UID_MAX` defaults to `UID_MIN - 1`. + + This information can be used to skip specific module in pam stack + based on the account type. `pam_succeed_if uid < 1000` is used at the moment + however it does not reflect changes to `login.defs`. + +2020-01-27 Fabrice Fontaine + + configure.ac: add --enable-doc option. + Allow the user to disable documentation through --disable-doc (enabled + by default), this is especially useful when cross-compiling for embedded + targets + +2020-01-20 Dmitry V. Levin + + Fix remaining -Wcast-qual compilation warnings. + Introduce a new internal header file with definitions of + DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL macros, + use them to temporary silence -Wcast-qual compilation warnings + in various modules. + + * libpam/include/pam_cc_compat.h: New file. + * libpam/Makefile.am (noinst_HEADERS): Add include/pam_cc_compat.h. + * modules/pam_mkhomedir/pam_mkhomedir.c: Include "pam_cc_compat.h". + (create_homedir): Wrap execve invocation in DIAG_PUSH_IGNORE_CAST_QUAL + and DIAG_POP_IGNORE_CAST_QUAL. + * modules/pam_namespace/pam_namespace.c: Include "pam_cc_compat.h". + (pam_sm_close_session): Wrap the cast that discards ‘const’ qualifier + in DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL. + * modules/pam_tty_audit/pam_tty_audit.c: Include "pam_cc_compat.h". + (nl_send): Wrap the cast that discards ‘const’ qualifier in + DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL. + * modules/pam_unix/pam_unix_acct.c: Include "pam_cc_compat.h". + (_unix_run_verify_binary): Wrap execve invocation in + DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL. + * modules/pam_unix/pam_unix_passwd.c: Include "pam_cc_compat.h". + (_unix_run_update_binary): Wrap execve invocation in + DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL. + * modules/pam_unix/passverify.c: Include "pam_cc_compat.h". + (unix_update_shadow): Wrap the cast that discards ‘const’ qualifier + in DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL. + * modules/pam_unix/support.c: Include "pam_cc_compat.h". + (_unix_run_helper_binary): Wrap execve invocation in + DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL. + * modules/pam_xauth/pam_xauth.c: Include "pam_cc_compat.h". + (run_coprocess): Wrap execv invocation in DIAG_PUSH_IGNORE_CAST_QUAL + and DIAG_POP_IGNORE_CAST_QUAL. + +2020-01-20 Dmitry V. Levin + + _pam_mkargv: add const qualifier to the first argument. + Also fix the following compilation warning: + + tests/tst-pam_mkargv.c:21:22: warning: initialization discards ‘const’ + qualifier from pointer target type [-Wdiscarded-qualifiers] + char *argvstring = "user = XENDT\\userα user=XENDT\\user1"; + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + * libpam/pam_misc.c (_pam_mkargv): Add const qualifier to the first + argument. + * libpam/pam_private.h (_pam_mkargv): Likewise. + * tests/tst-pam_mkargv.c (main): Convert argvstring from a pointer into + a static const string, make argvresult array static const. + +2020-01-20 Tomas Mraz + + Fix miscellaneous const issues. + * libpam/pam_modutil_searchkey.c: Avoid assigning empty string literal to + non-const char *. + * modules/pam_filter/pam_filter.c: Avoid using const char **. + * modules/pam_mkhomedir/pam_mkhomedir.c: Properly cast out const for execve(). + * modules/pam_namespace/pam_namespace.c: Properly cast out const from pam data. + * modules/pam_tally2/pam_tally2.c: String literal must be assigned to + const char *. + +2020-01-17 Björn Esser + + pam_unix: Return NULL instead of calling crypt_md5_wrapper(). + If the call to the crypt(3) function failed for some reason during + hashing a new login passphrase, the wrapper function for computing + a hash with the md5crypt method was called internally by the pam_unix + module in previous versions of linux-pam. + + With CVE-2012-3287 in mind, the md5crypt method is not considered to + be a safe nor recommended hashing method for a new login passphrase + since at least 2012. Thus pam_unix should error out in case of a + failure in crypt(3) instead of silently computing a hashed passphrase + using a potentially unsafe method. + + * modules/pam_unix/pam_unix.8.xml: Update documentation. + * modules/pam_unix/passverify.c (create_password_hash): Return NULL + on error instead of silently invoke crypt_md5_wrapper(). + +2020-01-15 Hulto + + Changed variable salt to hash. + helper_verify_password's variable salt is not just the salt but the whole hash. Renamed for clarity and conformity with the rest of the code. + +2020-01-15 Josef Moellers + + Add two missing va_end() calls According to the man pages, "Each invocation of va_start() must be matched by a corresponding invocation of va_end() in the same function." + +2020-01-15 Steve Langasek + + Further grammar fixes. + + Bug-Debian: https://bugs.debian.org/651560 + +2020-01-15 Steve Langasek + + Miscellaneous spelling fixes. + + Miscellaneous grammar fixes. + +2020-01-10 Andreas Henriksson + + pam_umask: document the 'nousergroups' option. + Add a short description of the nousergroups to the pam_umask(8) + man-page. + +2020-01-10 Andreas Henriksson + + pam_umask: add new 'nousergroups' module argument. + This is particularly useful when pam has been built with the new + --enable-usergroups configure switch, allowing users to override + the default-enabled state and disabling usergroups at runtime. + + This is synonymous but opposite to current and previous pam_umask + default that could be changed to enabled at runtime with the usergroups + argument. + +2020-01-10 Andreas Henriksson + + pam_umask: build-time usergroups option default. + This change adds a configure option to set the default value of the + usergroups option (of the pam_umask module) at build-time. + + Distributions usually makes the decision if usergroups should be used or + not. This allows them to control the built-in default value, without + having to ship the value in a config file (cluttering up the view + of actually relevant user/system configuration overrides). + +2020-01-02 msalle + + pam_access: Fix (IPv6) address prefix size matching. + IPv6 address prefix sizes larger than 128 (i.e. not larger or equal to) should + be discarded. Additionally, for IPv4 addresses, the largest valid prefix size + should be 32. + + Fixes #161 + +2019-12-18 Tomas Mraz + + Do not use CFLAGS for warning flags set from configure. + To be able to set CFLAGS from make command-line but not to lose the + warning flags. + + * configure.ac: Put warning flags to WARN_CFLAGS instead of CFLAGS. + * */Makefile.am: Apply WARN_CFLAGS to AM_CFLAGS. + +2019-12-17 Balint Reczey + + Return only PAM_IGNORE or error from pam_motd. + Follow-up for c81280b16e1831ab0bdd0383486c7e2d1eaf1b5e. + * modules/pam_motd/pam_motd.c: Return PAM_IGNORE if pam_putenv succeeds. + * modules/pam_motd/pam_motd.8.xml: Document additional possible return values of the module. + +2019-12-16 Dmitry V. Levin + + Add initial Travis CI support. + This runs "make distcheck" using gcc-9, gcc-8, gcc-7, and clang + on x86_64, x86, x32, aarch64, s390x, and ppc64le architectures. + + * .travis.yml: New file. + * ci/install-dependencies.sh: Likewise. + * ci/run-build-and-tests.sh: Likewise. + + Resolves: https://github.com/linux-pam/linux-pam/issues/28 + +2019-12-16 Dmitry V. Levin + + pam_pwhistory: fix build when -lxcrypt is not available. + When xcrypt.h is available but -lxcrypt is not, pam_pwhistory fails to + build with the following diagnostics: + modules/pam_pwhistory/opasswd.c:111: undefined reference to `xcrypt_r' + + Fix this by using the same check for xcrypt as in other modules. + + * modules/pam_pwhistory/opasswd.c: Replace HAVE_XCRYPT_H with + HAVE_LIBXCRYPT. + +2019-12-16 Tomas Mraz + + Fix or suppress various warnings when compiling with -Wall -Wextra. + * conf/pam_conv1/Makefile.am: Add -Wno-unused-function -Wno-sign-compare to CFLAGS. + * doc/specs/Makefile.am: Likewise. + + * libpamc/include/security/pam_client.h: Explicitly compare old_p with NULL. + + * modules/pam_access/pam_access.c: Avoid double const. + + * modules/pam_filter/pam_filter.c: Avoid arbitrary constants. Avoid strncpy() + without copying the NUL byte. + + * modules/pam_group/pam_group.c: Mark switch fallthrough with comment. + * modules/pam_time/pam_time.c: Likewise. + + * modules/pam_limits/pam_limits.c: Remove unused units variable. + + * modules/pam_listfile/pam_listfile.c: Avoid unnecessary strncpy, use pointers. + + * modules/pam_rootok/pam_rootok.c (log_callback): Mark unused parameter. + + * modules/pam_selinux/pam_selinux.c: Use string_to_security_class() instead + of hardcoded value. + + * modules/pam_sepermit/pam_sepermit.c: Properly cast when comparing. + + * modules/pam_succeed_if/pam_succeed_if.c: Mark unused parameters. + + * modules/pam_unix/pam_unix_passwd.c: Remove unused variables and properly + cast for comparison. + + * modules/pam_unix/support.c: Remove unused function. + +2019-12-04 Balint Reczey + + pam_motd: Export MOTD_SHOWN=pam after showing MOTD. + This is a useful indication for update-motd profile.d snippet which can + also try to show MOTD when it is not already shown. + + The use-case for that is showing MOTD in shells in containers without + PAM being involved. + + * modules/pam_motd/pam_motd.c: Export MOTD_SHOWN=pam after showing MOTD + * modules/pam_motd/pam_motd.8.xml: Mention setting MOTD_SHOWN=pam in the man page + +2019-11-28 ppkarwasz + + Adds an auth module to pam_keyinit (#150) + Adds an auth module to pam_keyinit, whose implementation of + pam_sm_setcred + is identical to the implementation of pam_sm_open_session. + + It is useful with PAM applications, which call pam_setcred, + before calling pam_open_session. + + * modules/pam_keyinit/pam_keyinit.c: Add an auth module to pam_keyinit. + + * modules/pam_keyinit/pam_keyinit.8.xml: Update the manpage + to describe the new functionality. + +2019-11-28 Sophie Herold + + Lower "bad username" log priority (#154) + * modules/pam_unix/pam_unix_auth.c: Use LOG_NOTICE instead of LOG_ERR. + * modules/pam_unix/pam_unix_passwd.c: Likewise. + * modules/pam_umask/pam_umask.c: Likewise. + +2019-11-04 Tomas Mraz + + pam_namespace: Support for noexec, nosuid and nodev flags for tmpfs mounts + * modules/pam_namespace/namespace.conf.5.xml: Add documentation for the + noexec, nosuid, and nodev flags support. + * modules/pam_namespace/pam_namespace.c (filter_mntopts): New function to + filter out the flags. + (parse_method): Call the function. + (ns_setup): Apply the flags to the tmpfs mount. + * modules/pam_namespace/pam_namespace.h: Add mount_flags to polydir_s struct. + +2019-11-04 Tomas Mraz + + Optimize the checkgrouplist function. + There is no point in rising the allocation size by doubling when + we can allocate required memory size at once in the second pass. + + * libpam/pam_modutil_ingroup.c (checkgrouplist): Allocate some reasonable + default size in first pass and required size in the second pass. + +2019-10-15 MIZUTA Takeshi + + doc: fix module type written in MODULE TYPES PROVIDED. + +2019-10-14 Tomas Mraz + + pam_unix: Add logging useful for debugging problems. + Two messages added about obtaining the username are guarded + by the debug option as these should not be normally + logged - they can be useful for debugging but they do not + indicate any special condition. + + The message about authenticating user with blank password is + still just LOG_DEBUG priority but it is logged unconditionally + because it is somewhat extraordinary condition to have an user + with blank password. + + * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Replace + D() macro calls which are not enabled on production builds with + regular pam_syslog() calls. + +2019-10-10 Tomas Mraz + + pam_unix: Fix the spelling of Jan Rękorajski's name. + +2019-10-08 MIZUTA Takeshi + + doc: fix typo in manpage. + +2019-10-03 MIZUTA Takeshi + + pam_mkhomedir: Add debug option to pam_mkhomedir(8) man page. + +2019-09-23 Marek Černocký + + Fixed missing quotes in configure script. + +2019-09-16 Thorsten Kukuk <5908016+thkukuk@users.noreply.github.com> + + Add support for a vendor directory and libeconf (#136) + With this, it is possible for Linux distributors to store their + supplied default configuration files somewhere below /usr, while + /etc only contains the changes made by the user. The new option + --enable-vendordir defines where Linux-PAM should additional look + for pam.d/*, login.defs and securetty if this files are not in /etc. + libeconf is a key/value configuration file reading library, which + handles the split of configuration files in different locations + and merges them transparently for the application. + +2019-09-12 Carlos Santos + + pam_lastlog: document the 'unlimited' option. + +2019-09-12 Carlos Santos + + pam_lastlog: prevent crash due to reduced 'fsize' limit. + It a reduced fsize limit is set in /etc/security/limits.conf and + pam_limits is in use pam_lastlog may cause a crash, e.g. + + ----- begin /etc/pam.d/su ---- + auth sufficient pam_rootok.so + auth required pam_wheel.so use_uid + auth required pam_env.so + auth required pam_unix.so nullok + account required pam_unix.so + password required pam_unix.so nullok + session required pam_limits.so + session required pam_env.so + session required pam_unix.so + session optional pam_lastlog.so + ----- end /etc/pam.d/su ----- + + ----- begin /etc/security/limits.d/fsize.conf ----- + * soft fsize 1710 + * hard fsize 1710 + ----- end /etc/security/limits.d/fsize.conf ----- + + # id user1 + uid=1000(user1) gid=1000(user1) groups=1000(user1) + # su - user1 + Last login: Wed Sep 11 01:52:44 UTC 2019 on console + $ exit + # id user2 + uid=60000(user2) gid=60000(user2) groups=60000(user2) + # su - user2 + File size limit exceeded + + This happens because pam_limits sets RLIMIT_FSIZE before pam_lastlog + attempts to write /var/log/lastlog, leading to a SIGXFSZ signal. + + In order to fix this, and an 'unlimited' option, which leads to saving + the 'fsize' limit and set it to unlimited before writing lastlog. After + that, restore the saved value. If 'fsize' is already unlimited nothing + is done. + + Failing to set the 'fsize' limit is not a fatal error. With luck the + configured limit will suffice, so we try to write lastlog anyway, even + under the risk of dying due to a SIGXFSZ. + + Failing to restore the 'fsize' limit is a fatal error, since we don't + want to keep it unlimited. + +2019-09-11 ed + + pam_unix_sess.c add uid for opening session. + This adds the UID of the target user to the session open log. + + Also fixing tabulation in pam_unix_sess.c. + +2019-09-09 lifecrisis <15251574+lifecrisis@users.noreply.github.com> + + Fix the man page for "pam_fail_delay()" + This man page contained the incorrect statement that setting the + PAM_FAIL_DELAY item to NULL would disable any form of delay on + authentication failure. + + I removed the incorrect statement and added a paragraph explaining + how an application should properly avoid delays. + + Closes #137. + +2019-09-06 lifecrisis <15251574+lifecrisis@users.noreply.github.com> + + Fix a typo. + There is an extra space where there should not be one. + +2019-09-06 lifecrisis <15251574+lifecrisis@users.noreply.github.com> + + Update a function comment. + The function comment for "_pam_await_timer()" does not mention the + intended behavior of prioritizing the "PAM_FAIL_DELAY" item. + + I updated the comment to make this intention clear. + +2019-09-02 Matt Cowell + + pwhistory: fix read of uninitialized data and memory leak when modifying opasswd + The glibc implementation of getline/getdelim does not guarantee a NUL + terminator in lineptr if getline returns failure (-1). This occurs when + the opasswd file exists but is empty. Since strdup is called + immediately afterwards, this causes strdup to read uninitialized memory + and possibly buffer overrun / crash. + + This also fixes a memory leak which always occurs when reading the last + line of the opasswd file. Since the strdup is called before checking + the return code from getline, getdelim, or fgets+strlen, it will + duplicate and never free either: + - The last successfully read line (for getline or getdelim) + - Uninitialized data (if the file is empty) + - A 0 byte string (for fgets+strlen) + + Fix by always checking the return code of getline, getdelim, or + fgets+strlen before calling strdup. + +2019-08-26 Christophe Besson + + libpam/pam_modutil_sanitize.c: optimize the way to close fds. + +2019-08-07 Tomas Mraz + + pam_tty_audit: Manual page clarification about password logging. + * modules/pam_tty_audit/pam_tty_audit.8.xml: Explanation why passwords + can be sometimes logged even when the option is not set. + +2019-08-07 Tomas Mraz + + pam_get_authtok_verify: Avoid duplicate password verification. + If password was already verified by previous modules in the stack + it does not need to be verified by pam_get_authtok_verify either. + + * libpam/pam_get_authtok.c (pam_get_authtok_internal): Set the authtok_verified + appropriately. + (pam_get_authtok_verify): Do not prompt if authtok_verified is set and + set it when the password is verified. + * libpam/pam_private.h: Add authtok_verified to the pam handle struct. + * libpam/pam_start.c (pam_start): Initialize authtok_verified. + +2019-07-16 2*yo + + Mention that ./autogen.sh is needeed to be run if you check out the sources from git + +2019-06-27 Tomas Mraz + + pam_unix: Correct MAXPASS define name in the previous two commits. + * modules/pam_unix/pam_unix_passwd.c: Change MAX_PASS to MAXPASS. + * modules/pam_unix/support.c: Likewise. + +2019-06-27 Florian Best + + Restrict password length when changing password. + + Trim password at PAM_MAX_RESP_SIZE chars. + Issue #118: Protect against Denial of Service attacks. + To prevent hashsum generation via crypt of very long passwords the + password is now stripped to 512 characters. This is equivalent behavior + to unix_chkpwd. + +2019-05-23 Olaf Mandel + + pam_succeed_if: Request user data only when needed. + Allow for conditions that just check the user field to also work for + users not known to the system. Before this caused a PAM_USER_UNKNOWN + even if no extra data for an existing user was needed. E.g. + + auth sufficient pam_succeed_if.so user = NotKnownToSystem + + modules/pam_succeed_if/pam_succeed_if.c (evaluate): Change the pwd + parameter to an input/output parameter. Lazily request pwd with + pam_modutil_getpwnam() if needed and return PAM_USER_UNKNOWN on failure. + + modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Don't + request the pwd if !use_uid anymore and shift the output from audit to + after the evaluate() call. Also make sure not to give the normal failure + message if the lazy pwd loading failed. + +2019-02-26 Maciej S. Szmigiero + + pam_tally2: Remove unnecessary fsync() + pam_tally2 does fsync() after writing to a tally file. + This causes hard drive cache flushes on every failed SSH login on many + (if not most) filesystems. + And an internet-exposed machine can have a lot of these failed logins. + + This operation however doesn't seem to be necessary - the pam_tally2 + module does not do any operation which would need explicit post-crash + ordering, it just does simple file reads and writes. + And doing a fsync() after them doesn't close any race if the system happens + to crash between a write being posted and its fsync() completion. + + Let's remove this operation to get rid of all these extra cache flushes. + +2019-02-19 vkwitshana + + Fixed a grammer mistake. + +2019-01-10 Christopher Head + + Fix documentation for pam_wheel. + By default, pam_wheel checks for applicant membership in the wheel group + for *all* access requests, regardless of whether the target user is root + or non-root. Only if root_only is provided does it limit the membership + check to cases when the target user is root. Update the documentation to + reflect this. + +2019-01-10 Louis Sautier + + Fix a typo in the documentation. + +2019-01-10 Nir Soffer + + pam_lastlog: Improve silent option documentation. + The silent option explicitly silents only the last login message and not + bad logins. Add a note to the manual to make this clear. + + * modules/pam_lastlog/pam_lastlog.8.xml: Clearify "silent showfailed" + +2019-01-10 Nir Soffer + + pam_lastlog: Respect PAM_SILENT flag. + pam_lastlog module will not log info about failed login if the session + was opened with PAM_SILENT flag. + + Example use case enabled by this change: + + sudo --non-interactive program + + If this command is run by another program expecting specific output from + the command run by sudo, the unexpected info about failed logins will + break this program. + + * modules/pam_lastlog/pam_lastlog.c: Respect silent option. + (_pam_session_parse): Unset LASTLOG_BTMP if PAM_SILENT is set. + +2019-01-04 Tomas Mraz + + Fix regressions from the last commits. + * configure.ac: Test for logwtmp needs -lutil in LIBS. + * modules/Makefile.am: Fix indentation of variable assignments causing + creation of incorrect Makefile. + +2019-01-04 Rosen Penev + + Replace strndupa with strncpy. + glibc only. A static string is better. + +2019-01-04 Yousong Zhou + + build: ignore pam_lastlog when logwtmp is not available. + * configure.ac: check logwtmp and set COND_BUILD_PAM_LASTLOG + * modules/pam_lastlog/Makefile.am: check COND_BUILD_PAM_LASTLOG + + build: ignore pam_rhosts if neither ruserok nor ruserok_af is available. + * configure.ac: check for ruserok and ruserok_af + * modules/Makefile.am: ignore pam_rhosts/ if it's disabled + * modules/pam_rhosts/pam_rhosts.c: include stdlib.h for malloc and free + +2018-12-20 Tomas Mraz + + pam_motd: Cleanup the code and avoid unnecessary logging. + The pam_motd module will not log if the default motd.d directories + are missing. + + Also cleanup some code cleanliness issues and fix compilation + warnings. + + * modules/pam_motd/pam_motd.c: Constification of constant strings. + (try_to_display_directory): Removed unused function. + (pam_split_string): Replace uint with unsigned int. Fix warnings. + (compare_strings): Fix warnings by proper constification. + (try_to_display_directories_with_overrides): Cleanups. Switch + off the logging if the motd.d directories are missing and they + are default ones. + (pam_sm_open_session): Cleanup warnings. Pass the information + to try_to_display_directories_with_overrides() that non-default + motd options are used. + +2018-12-20 Tomas Mraz + + pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs. + * modules/pam_lastlog/pam_lastlog.8.xml: Add the documentation of the + LASTLOG_UID_MAX option. + * modules/pam_lastlog/pam_lastlog.c: New function get_lastlog_uid_max(). + (last_login_date): Check the uid against the get_lastlog_uid_max(). + (pam_authenticate): Likewise. + +2018-12-11 Tomas Mraz + + Move the duplicated search_key function to pam_modutil. + * libpam/pam_modutil_searchkey.c: New source file with pam_modutil_search_key(). + * libpam/Makefile.am: Add the pam_modutil_searchkey.c. + * libpam/include/security/pam_modutil.h: Add the pam_modutil_search_key() prototype. + * libpam/libpam.map: Add the pam_modutil_search_key() into a new version. + * modules/pam_faildelay/pam_faildelay.c: Drop search_key() and use + pam_modutil_search_key(). + * modules/pam_umask/pam_umask.c: Likewise. + * modules/pam_unix/support.c: Likewise. + +2018-11-27 Tomas Mraz + + pam_unix: Use pam_syslog instead of helper_log_err. + * modules/pam_unix/passverify.c (verify_pwd_hash): Add pamh argument via + PAMH_ARG_DECL. Call pam_syslog() instead of helper_log_err(). + * modules/pam_unix/passverify.h: Adjust the declaration of verify_pwd_hash(). + * modules/pam_unix/support.c (_unix_verify_password): Add the pamh argument + to verify_pwd_hash() call. + +2018-11-27 Björn Esser + + pam_unix: Report unusable hashes found by checksalt to syslog. + libxcrypt can be build-time configured to support (or not support) + various hashing methods. Future versions will also have support for + runtime configuration by the system's vendor and/or administrator. + + For that reason adminstrator should be notified by pam if users cannot + log into their account anymore because of such a change in the system's + configuration of libxcrypt. + + Also check for malformed hashes, like descrypt hashes starting with + "$2...", which might have been generated by unsafe base64 encoding + functions as used in glibc <= 2.16. + Such hashes are likely to be rejected by many recent implementations + of libcrypt. + + * modules/pam_unix/passverify.c (verify_pwd_hash): Report unusable + hashes found by checksalt to syslog. + +2018-11-27 Tomas Mraz + + Revert "pam_unix: Add crypt_default method, if supported." + This reverts commit ad435b386b22b456724dc5c5b8d9f2d1beffc558. + +2018-11-27 Björn Esser + + pam_unix: Add crypt_default method, if supported. + libxcrypt since v4.4.0 supports a default method for its + gensalt function on most system configurations. As the + default method is to be considered the strongest available + hash method, it should be preferred over all other hash + methods supported by pam. + + * modules/pam_unix/pam_unix.8.xml: Documentation for crypt_default. + * modules/pam_unix/passverify.c: Add crypt_default method. + * modules/pam_unix/support.h: Likewise. + +2018-11-26 Tomas Mraz + + Revert part of the commit 4da9febc. + pam_unix: Do not return a hard failure on invalid or disabled salt + as in some cases the failure actually is not interesting and can + broke things such as password-less sudo. + + * modules/pam_unix/passverify.c (check_shadow_expiry): Revert checking + of disabled or invalid salt. + +2018-11-23 Björn Esser + + pam_unix: Add support for (gost-)yescrypt hashing methods. + libxcrypt (v4.2 and later) has added support for the yescrypt + hashing method; gost-yescrypt has been added in v4.3. + + * modules/pam_unix/pam_unix.8.xml: Documentation for (gost-)yescrypt. + * modules/pam_unix/pam_unix_acct.c: Use 64 bit type for control flags. + * modules/pam_unix/pam_unix_auth.c: Likewise. + * modules/pam_unix/pam_unix_passwd.c: Likewise. + * modules/pam_unix/pam_unix_sess.c: Likewise. + * modules/pam_unix/passverify.c: Add support for (gost-)yescrypt. + * modules/pam_unix/passverify.h: Use 64 bit type for control flags. + * modules/pam_unix/support.c: Set sane rounds for (gost-)yescrypt. + * modules/pam_unix/support.h: Add support for (gost-)yescrypt. + +2018-11-22 Björn Esser + + pam_unix: Fix closing curly brace. (#77) + This has been overlooked during review of commit dce80b3f11b3. + + * modules/pam_unix/support.c (_set_ctrl): Fix closing curly brace. + + Closes: https://github.com/linux-pam/linux-pam/issues/77 + +2018-11-22 Björn Esser + + pam_unix: Add support for crypt_checksalt, if libcrypt supports it. + libxcrypt v4.3 has added the crypt_checksalt function to whether + the prefix at the begining of a given hash string refers to a + supported hashing method. + + Future revisions of this function will add support to check whether + the hashing method, the prefix refers to, was disabled or considered + deprecated by the system's factory presets or system administrator. + Furthermore it will be able to detect whether the parameters, which + are used by the corresponding hashing method, being encoded in the + hash string are not considered to be strong enough anymore. + + *modules/pam_unix/passverify.c: Add support for crypt_checksalt. + +2018-11-22 Björn Esser + + pam_unix: Prefer a gensalt function, that supports auto entropy. + * modules/pam_unix/pam_unix_passwd.c: Initialize rounds parameter to 0. + * modules/pam_unix/passverify.c: Prefer gensalt with auto entropy. + * modules/pam_unix/support.c: Fix sanitizing of rounds parameter. + +2018-11-21 Robert Fairley + + pam_motd: Fix segmentation fault when no motd_dir specified (#76) + This fixes a regression introduced by #69, where motd_path was set + to NULL and passed into strdup() if the motd_dir argument was + not specified in the configuration file. This caused a segmentation + fault. + + * modules/pam_motd/pam_motd.c: fix checks for NULL in arguments + * xtests/Makefile.am: add test scripts and config file + * xtests/tst-pam_motd.sh: add running tst-pam_motd4.sh + * xtests/tst-pam_motd4.pamd: create + * xtests/tst-pam_motd4.sh: create + +2018-11-19 Robert Fairley + + pam_motd: Support multiple motd paths specified, with filename overrides (#69) + Adds specifying multiple paths to motd files and motd.d + directories to be displayed. A colon-separated list of + paths is specified as arguments motd and motd_dir to the + pam_motd module. + + This gives packages several options to install motd files to. + By default, the paths are, with highest priority first: + /etc/motd + /run/motd + /usr/lib/motd + /etc/motd.d/ + /run/motd.d/ + /usr/lib/motd.d/ + + Which is equivalent to the following arguments: + motd=/etc/motd:/run/motd:/usr/lib/motd + motd_dir=/etc/motd.d:/run/motd.d:/usr/lib/motd.d + + Files with the same filename in a lower-priority directory, + as specified by the order in the colon-separated list, are + overridden, meaning PAM will not display them. + + This allows a package to contain motd files under + /usr/lib instead of the host configuration in /etc. + A service may also write a dynamically generated motd in + /run/motd.d/ and have PAM display it without needing a + symlink from /etc/motd.d/ installed. + + Closes #68 + + * modules/pam_motd/pam_motd.8.xml: update documentation + * modules/pam_motd/pam_motd.c: add specifying multiple motd paths + * xtests/.gitignore: add generated test script + * xtests/Makefile.am: add test source, scripts and config files + * xtests/tst-pam_motd.c: create + * xtests/tst-pam_motd.sh: create + * xtests/tst-pam_motd1.pamd: create + * xtests/tst-pam_motd1.sh: create + * xtests/tst-pam_motd2.pamd: create + * xtests/tst-pam_motd2.sh: create + * xtests/tst-pam_motd3.pamd: create + * xtests/tst-pam_motd3.sh: create + +2018-11-16 Björn Esser + + pam_unix: Use bcrypt b-variant for computing new hashes. + Bcrypt hashes used the "$2a$" prefix since 1997. + However, in 2011 an implementation bug was discovered in bcrypt + affecting the handling of characters in passphrases with the 8th + bit set. + + Besides fixing the bug, OpenBSD 5.5 introduced the "$2b$" prefix + for a behavior that exactly matches crypt_blowfish's "$2y$", and + the crypt_blowfish implementation supports it as well since v1.1. + + That said new computed bcrypt hashes should use the "$2b$" prefix. + + * modules/pam_unix/passverify.c: Use bcrypt b-variant. + +2018-06-22 Dmitry V. Levin + + pam_tally, pam_tally2: fix grammar and spelling (#54) + * modules/pam_tally/pam_tally.c (tally_check): Replace + "Account is temporary locked" with "The account is temporarily locked" + in translated messages. + * modules/pam_tally2/pam_tally2.c (tally_check): Likewise. + * po/Linux-PAM.pot: Update pam_tally and pam_tally2 messages. + + Closes: https://github.com/linux-pam/linux-pam/issues/54 + +2018-06-19 Dmitry V. Levin + + Fix grammar of messages printed via pam_prompt. + Turn into proper sentences those messages that are printed without + further modifications using pam_prompt in contexts where proper + sentences are expected. + + * libpam/pam_get_authtok.c (pam_get_authtok_internal): Fix grammar + of the message passed to pam_error. + * modules/pam_limits/pam_limits.c (pam_sm_open_session): Likewise. + * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Fix + grammar of error messages passed to pam_error. + * modules/pam_mail/pam_mail.c (report_mail): Fix grammar of a message + passed to pam_info. + * modules/pam_timestamp/pam_timestamp.c (verbose_success): Likewise. + * modules/pam_selinux/pam_selinux.c (config_context, send_text): Fix + grammar of messages passed to pam_prompt. + * modules/pam_tally/pam_tally.c (tally_check): Fix grammar of messages + passed to pam_info. + * modules/pam_tally2/pam_tally2.c (tally_check): Likewise. + * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Fix grammar + of messages passed to _make_remark. + * modules/pam_unix/pam_unix_passwd.c (_pam_unix_approve_pass, + pam_sm_chauthtok): Likewise. + * po/Linux-PAM.pot: Regenerate. + +2018-06-19 Dmitry V. Levin + + pam_stress: do not mark messages for translation. + pam_stress is not a regular module that needs to be translated. + Besides that, its messages are not easy to understand + and even harder to translate properly. + + * modules/pam_stress/pam_stress.c (pam_sm_chauthtok): Do not mark + messages for translation. + * po/Linux-PAM.pot: Remove pam_stress messages. + +2018-05-31 Dmitry V. Levin + + pam_unix: remove obsolete _UNIX_AUTHTOK, _UNIX_OLD_AUTHTOK, and _UNIX_NEW_AUTHTOK macros + The last use of these macros was removed by commit Linux-PAM-1.3.0~5 + so their definitions should go as well. + + * modules/pam_unix/pam_unix_auth.c (_UNIX_AUTHTOK): Remove. + * modules/pam_unix/pam_unix_passwd.c (_UNIX_OLD_AUTHTOK, + _UNIX_NEW_AUTHTOK): Likewise. + + Complements: 7e09188c5dc4 ("pam_unix: Use pam_get_authtok() instead of + direct pam_prompt() calls.") + +2018-05-31 Dmitry V. Levin + + pam_unix: remove obsolete _unix_read_password prototype. + The function was removed by commit Linux-PAM-1.3.0~5 + so the function prototype should go as well. + + * modules/pam_unix/support.h (_unix_read_password): Remove. + + Complements: 7e09188c5dc4 ("pam_unix: Use pam_get_authtok() instead of + direct pam_prompt() calls.") + +2018-05-18 Thorsten Kukuk + + Release version 1.3.1. + + Add xz compression. + +2018-05-16 Allison Karlitskaya + + pam_motd: add support for a motd.d directory (#48) + Add a new feature to pam_motd to allow packages to install their own + message files in a "motd.d" directory, to be displayed after the primary + motd. + + Add an option motd_d= to specify the location of this directory. + + Modify the defaults, in the case where no options are given, to display + both /etc/motd and /etc/motd.d. + + Fixes #47 + + * modules/pam_motd/pam_motd.c: add support for motd.d + * modules/pam_motd/pam_motd.8.xml: update the manpage + +2018-05-02 Tomas Mraz + + pam_umask: Fix documentation to align with order of loading umask. + * modules/pam_umask/pam_umask.8.xml: Document the real order of loading + umask. + +2018-04-10 Joey Chagnon + + Fix missing word in documentation. + * doc/man/pam_get_user.3.xml: Fix it. + +2017-11-10 Dmitry V. Levin + + pam_tally2 --reset: avoid creating a missing tallylog file. + There is no need for pam_tally2 in --reset=0 mode to create a missing + tallylog file because its absence has the same meaning as its existence + with the appropriate entry reset. + + This was not a big deal until useradd(8) from shadow suite release 4.5 + started to invoke /sbin/pam_tally2 --reset routinely regardless of PAM + configuration. + + The positive effect of this change is noticeable when using tools like + cpio(1) that cannot archive huge sparse files efficiently. + + * modules/pam_tally2/pam_tally2.c [MAIN] (main) : Stat + cline_filename when cline_reset == 0, exit early if the file is missing. + +2017-11-10 Tomas Mraz + + pam_mkhomedir: Allow creating parent of homedir under / + * modules/pam_mkhomedir/mkhomedir_helper.c (make_parent_dirs): Do not + skip creating the directory if we are under /. + +2017-10-09 Tomas Mraz + + pam_tty_audit: Fix regression introduced by adding the uid range support. + * modules/pam_tty_audit/pam_tty_audit.c (parse_uid_range): Fix constification and + remove unneeded code carried from pam_limits. + (pam_sm_open_session): When multiple enable/disable options are present do not + stop after first match. + +2017-09-06 Tomas Mraz + + pam_access: Add note about spaces around ':' in access.conf(5) + * modules/pam_access/access.conf.5.xml: Add note about spaces around ':' + + Workaround formatting problem in pam(8) + * doc/man/pam.8.xml: Workaround formatting problem. + +2017-07-12 Peter Urbanec + + pam_unix: Check return value of malloc used for setcred data (#24) + Check the return value of malloc and if it failed print debug info, send + a syslog message and return an error code. + + The test in AUTH_RETURN for ret_data not being NULL becomes redundant. + +2017-07-10 Tomas Mraz + + pam_cracklib: Drop unused prompt macros. + * modules/pam_cracklib/pam_cracklib.c: Drop the unused macros. + +2017-06-28 Tomas Mraz + + pam_tty_audit: Support matching users by uid range. + * modules/pam_tty_audit/pam_tty_audit.c (parse_uid_range): New function to + parse the uid range. + (pam_sm_open_session): Call parse_uid_range() and behave according to its result. + * modules/pam_tty_audit/pam_tty_audit.8.xml: Document the uid range matching. + +2017-05-31 Tomas Mraz + + pam_access: support parsing files in /etc/security/access.d/*.conf. + * modules/pam_access/pam_access.c (login_access): Return NOMATCH if + there was no match in the parsed file. + (pam_sm_authenticate): Add glob() call to go through the ACCESS_CONF_GLOB + subdirectory and call login_access() on the individual files matched. + * modules/pam_access/pam_access.8.xml: Document the addition. + * modules/pam_access/Makefile.am: Add ACCESS_CONF_GLOB definition. + +2017-04-11 Tomas Mraz + + pam_localuser: Correct the example in documentation. + * modules/pam_localuser/pam_localuser.8.xml: The example configuration + does something different. + + pam_localuser: Correct documentation of return value. + * modules/pam_localuser/pam_localuser.8.xml: The module returns + PAM_PERM_DENIED when the user is not listed. + +2017-03-10 Saul Johnson + + Make maxclassrepeat=1 behavior consistent with docs (#9) + * modules/pam_cracklib/pam_cracklib.c (simple): Apply the maxclassrepeat when greater than 0. + +2017-02-09 Josef Moellers + + Properly test for strtol() failure to find any digits. + * modules/pam_access/pam_access.c (network_netmask_match): Test for endptr set + to beginning and not NULL. + +2017-01-19 Daniel Abrecht + + pam_exec: fix a potential null pointer dereference. + Fix a null pointer dereference when pam_prompt returns PAM_SUCCESS + but the response is set to NULL. + + * modules/pam_exec/pam_exec.c (call_exec): Do not invoke strndupa + with a null pointer. + + Closes: https://github.com/linux-pam/linux-pam/pull/2 + +2016-12-07 Antonio Ospite + + Add missing comma in the limits.conf.5 manpage. + * modules/pam_limits/limits.conf.5.xml: add a missing comma + +2016-11-14 Tomas Mraz + + Regular links doesn't work with -no-numbering -no-references. + * configure.ac: Use elinks instead of links. + +2016-11-01 Tomas Mraz + + pam_access: First check for the (group) match. + The (group) match is performed first to allow for groups + containing '@'. + + * modules/pam_access/pam_access.c (user_match): First check for the (group) match. + +2016-10-17 Tomas Mraz + + pam_ftp: Properly use the first name from the supplied list. + * modules/pam_ftp/pam_ftp.c (lookup): Return first user from the list + of anonymous users if user name matches. + (pam_sm_authenticate): Free the returned value allocated in lookup(). + +2016-09-12 Bartos-Elekes Zsolt + + pam_issue: Fix no prompting in parse escape codes mode. + * modules/pam_issue/pam_issue.c (read_issue_quoted): Fix misplaced strcat(). + +2016-06-30 Maxin B. John + + xtests: remove bash dependency. + There are no bash specific syntax in the xtest scripts. So, remove + the bash dependency. + +2016-06-30 Tomas Mraz + + Unification and cleanup of syslog log levels. + * libpam/pam_handlers.c: Make memory allocation failures LOG_CRIT. + * libpam/pam_modutil_priv.c: Make memory allocation failures LOG_CRIT. + * modules/pam_echo/pam_echo.c: Make memory allocation failures LOG_CRIT. + * modules/pam_env/pam_env.c: Make memory allocation failures LOG_CRIT. + * modules/pam_exec/pam_exec.c: Make memory allocation failures LOG_CRIT. + * modules/pam_filter/pam_filter.c: Make all non-memory call errors LOG_ERR. + * modules/pam_group/pam_group.c: Make memory allocation failures LOG_CRIT. + * modules/pam_issue/pam_issue.c: Make memory allocation failures LOG_CRIT. + * modules/pam_lastlog/pam_lastlog.c: The lastlog file creation is syslogged + with LOG_NOTICE, memory allocation errors with LOG_CRIT, other errors + with LOG_ERR. + * modules/pam_limits/pam_limits.c: User login limit messages are syslogged + with LOG_NOTICE, stale utmp entry with LOG_INFO, non-memory errors with + LOG_ERR. + * modules/pam_listfile/pam_listfile.c: Rejection of user is syslogged + with LOG_NOTICE. + * modules/pam_namespace/pam_namespace.c: Make memory allocation failures + LOG_CRIT. + * modules/pam_nologin/pam_nologin.c: Make memory allocation failures + LOG_CRIT, other errors LOG_ERR. + * modules/pam_securetty/pam_securetty.c: Rejection of access is syslogged + with LOG_NOTICE, non-memory errors with LOG_ERR. + * modules/pam_selinux/pam_selinux.c: Make memory allocation failures LOG_CRIT. + * modules/pam_succeed_if/pam_succeed_if.c: Make all non-memory call errors + LOG_ERR. + * modules/pam_time/pam_time.c: Make memory allocation failures LOG_CRIT. + * modules/pam_timestamp/pam_timestamp.c: Make memory allocation failures + LOG_CRIT. + * modules/pam_unix/pam_unix_acct.c: Make all non-memory call errors LOG_ERR. + * modules/pam_unix/pam_unix_passwd.c: Make memory allocation failures LOG_CRIT, + other errors LOG_ERR. + * modules/pam_unix/pam_unix_sess.c: Make all non-memory call errors LOG_ERR. + * modules/pam_unix/passverify.c: Unknown user is syslogged with LOG_NOTICE. + * modules/pam_unix/support.c: Unknown user is syslogged with LOG_NOTICE and + max retries ignorance by application likewise. + * modules/pam_unix/unix_chkpwd.c: Make all non-memory call errors LOG_ERR. + * modules/pam_userdb/pam_userdb.c: Password authentication error is syslogged + with LOG_NOTICE. + * modules/pam_xauth/pam_xauth.c: Make memory allocation failures LOG_CRIT. + +2016-06-14 Dmitry V. Levin + + pam_timestamp: fix typo in strncmp usage. + Before this fix, a typo in check_login_time resulted to ruser and + struct utmp.ut_user being compared by the first character only, + which in turn could lead to a too low timestamp value being assigned + to oldest_login, effectively causing bypass of check_login_time. + + * modules/pam_timestamp/pam_timestamp.c (check_login_time): Fix typo + in strncmp usage. + + Patch-by: Anton V. Boyarshinov + +2016-05-30 Tomas Mraz + + Correct the examples in pam_fail_delay(3) man page. + doc/man/pam_fail_delay.3.xml: Correct the examples. + +2016-05-11 Tomas Mraz + + Remove spaces in examples for access.conf. + The spaces are ignored only with the default listsep. To remove confusion + if non-default listsep is used they are removed from the examples. + + * modules/pam_access/access.conf: Remove all spaces around ':' in examples. + * modules/pam_access/access.conf.5.xml: Likewise. + +2016-05-05 Mike Frysinger + + build: avoid non-portable == with "test" (ticket #60) + POSIX says test only accepts =. Some shells (including bash) accept ==, + but we should still stick to = for portability. + + * configure.ac: Replace == with = in "test" invocations. + +2016-04-28 Thorsten Kukuk + + Release version 1.3.0. + * NEWS: add changes for 1.3.0. + * configure.ac: bump version number. + * libpam/Makefile.am: bump revision of libpam.so version. + +2016-04-28 Tomas Mraz + + Updated translations from Zanata. + * po/*.po: Updated translations from Zanata. + +2016-04-19 Tomas Mraz + + pam_wheel: Correct the documentation of the root_only option. + * modules/pam_wheel/pam_wheel.8.xml: Correct the documentation of the + root_only option. + + pam_unix: Document that MD5 password hash is used to store old passwords. + modules/pam_unix/pam_unix.8.xml: Document that the MD5 password hash is used + to store the old passwords when remember option is set. + +2016-04-14 Tomas Mraz + + Project registered at Zanata (fedora.zanata.org) for translations. + * zanata.xml: Configuration file for zanata client. + * po/LINGUAS: Update languages as supported by Zanata. + * po/Linux-PAM.pot: Updated from sources. + * po/*.po: Updated from sources. + +2016-04-06 Tomas Mraz + + pam_unix: Use pam_get_authtok() instead of direct pam_prompt() calls. + We have to drop support for not_set_pass option which is not much useful + anyway. Instead we get proper support for authtok_type option. + + * modules/pam_unix/pam_unix.8.xml: Removed not_set_pass option, added authtok_ty + pe + option. + * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Replace _unix_read_pas + sword() + call with equivalent pam_get_authtok() call. + * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Likewise and also drop + support for not_set_pass. + * modules/pam_unix/support.c (_unix_read_password): Remove. + * modules/pam_unix/support.h: Remove UNIX_NOT_SET_PASS add UNIX_AUTHTOK_TYPE. + +2016-04-06 Tomas Mraz + + pam_get_authtok(): Add authtok_type support to current password prompt. + * libpam/pam_get_authtok.c (pam_get_authtok_internal): When changing password, + use different prompt for current password allowing for authtok_type to be + displayed to the user. + +2016-04-04 Tomas Mraz + + pam_unix: Make password expiration messages more user-friendly. + * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Make password + expiration messages more user-friendly. + +2016-04-04 Thorsten Kukuk + + innetgr may not be there so make sure that when innetgr is not present then we inform about it and not use it. [ticket#46] + * modules/pam_group/pam_group.c: ditto + * modules/pam_succeed_if/pam_succeed_if.c: ditto + * modules/pam_time/pam_time.c: ditto + + build: fix build when crypt() is not part of crypt_libs [ticket#46] + * configure.ac: Don't set empty -l option in crypt check + + build: use $host_cpu for lib64 directory handling [ticket#46] + * configure.ac: use $host_cpu for lib64 directory handling. + +2016-04-01 Dmitry V. Levin + + Fix whitespace issues. + Remove blank lines at EOF introduced by commit + a684595c0bbd88df71285f43fb27630e3829121e, + making the project free of warnings reported by + git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD + + * libpam/pam_dynamic.c: Remove blank line at EOF. + * modules/pam_echo/pam_echo.c: Likewise. + * modules/pam_keyinit/pam_keyinit.c: Likewise. + * modules/pam_mkhomedir/pam_mkhomedir.c: Likewise. + * modules/pam_pwhistory/pam_pwhistory.c: Likewise. + * modules/pam_rhosts/pam_rhosts.c: Likewise. + * modules/pam_sepermit/pam_sepermit.c: Likewise. + * modules/pam_stress/pam_stress.c: Likewise. + +2016-04-01 Thorsten Kukuk + + Use TI-RPC functions if we compile and link against libtirpc. The old SunRPC functions don't work with IPv6. + * configure.ac: Set and restore CPPFLAGS + * modules/pam_unix/pam_unix_passwd.c: Replace getrpcport with + rpcb_getaddr if available. + +2016-03-29 Thorsten Kukuk + + PAM_EXTERN isn't needed anymore, but don't remove it to not break lot of external code using it. + * libpam/include/security/pam_modules.h: Readd PAM_EXTERN for compatibility + + Remove "--enable-static-modules" option and support from Linux-PAM. It was never official supported and was broken since years. + * configure.ac: Remove --enable-static-modules option. + * doc/man/pam_sm_acct_mgmt.3.xml: Remove PAM_EXTERN. + * doc/man/pam_sm_authenticate.3.xml: Likewise. + * doc/man/pam_sm_chauthtok.3.xml: Likewise. + * doc/man/pam_sm_close_session.3.xml: Likewise. + * doc/man/pam_sm_open_session.3.xml: Likewise. + * doc/man/pam_sm_setcred.3.xml: Likewise. + * libpam/Makefile.am: Remove STATIC_MODULES cases. + * libpam/include/security/pam_modules.h: Remove PAM_STATIC parts. + * libpam/pam_dynamic.c: Likewise. + * libpam/pam_handlers.c: Likewise. + * libpam/pam_private.h: Likewise. + * libpam/pam_static.c: Remove file. + * libpam/pam_static_modules.h: Remove header file. + * modules/pam_access/pam_access.c: Remove PAM_EXTERN and PAM_STATIC parts. + * modules/pam_cracklib/pam_cracklib.c: Likewise. + * modules/pam_debug/pam_debug.c: Likewise. + * modules/pam_deny/pam_deny.c: Likewise. + * modules/pam_echo/pam_echo.c: Likewise. + * modules/pam_env/pam_env.c: Likewise. + * modules/pam_exec/pam_exec.c: Likewise. + * modules/pam_faildelay/pam_faildelay.c: Likewise. + * modules/pam_filter/pam_filter.c: Likewise. + * modules/pam_ftp/pam_ftp.c: Likewise. + * modules/pam_group/pam_group.c: Likewise. + * modules/pam_issue/pam_issue.c: Likewise. + * modules/pam_keyinit/pam_keyinit.c: Likewise. + * modules/pam_lastlog/pam_lastlog.c: Likewise. + * modules/pam_limits/pam_limits.c: Likewise. + * modules/pam_listfile/pam_listfile.c: Likewise. + * modules/pam_localuser/pam_localuser.c: Likewise. + * modules/pam_loginuid/pam_loginuid.c: Likewise. + * modules/pam_mail/pam_mail.c: Likewise. + * modules/pam_mkhomedir/pam_mkhomedir.c: Likewise. + * modules/pam_motd/pam_motd.c: Likewise. + * modules/pam_namespace/pam_namespace.c: Likewise. + * modules/pam_nologin/pam_nologin.c: Likewise. + * modules/pam_permit/pam_permit.c: Likewise. + * modules/pam_pwhistory/pam_pwhistory.c: Likewise. + * modules/pam_rhosts/pam_rhosts.c: Likewise. + * modules/pam_rootok/pam_rootok.c: Likewise. + * modules/pam_securetty/pam_securetty.c: Likewise. + * modules/pam_selinux/pam_selinux.c: Likewise. + * modules/pam_sepermit/pam_sepermit.c: Likewise. + * modules/pam_shells/pam_shells.c: Likewise. + * modules/pam_stress/pam_stress.c: Likewise. + * modules/pam_succeed_if/pam_succeed_if.c: Likewise. + * modules/pam_tally/pam_tally.c: Likewise. + * modules/pam_tally2/pam_tally2.c: Likewise. + * modules/pam_time/pam_time.c: Likewise. + * modules/pam_timestamp/pam_timestamp.c: Likewise. + * modules/pam_tty_audit/pam_tty_audit.c: Likewise. + * modules/pam_umask/pam_umask.c: Likewise. + * modules/pam_userdb/pam_userdb.c: Likewise. + * modules/pam_warn/pam_warn.c: Likewise. + * modules/pam_wheel/pam_wheel.c: Likewise. + * modules/pam_xauth/pam_xauth.c: Likewise. + * modules/pam_unix/Makefile.am: Remove STATIC_MODULES part. + * modules/pam_unix/pam_unix_acct.c: Remove PAM_STATIC part. + * modules/pam_unix/pam_unix_auth.c: Likewise. + * modules/pam_unix/pam_unix_passwd.c: Likewise. + * modules/pam_unix/pam_unix_sess.c: Likewise. + * modules/pam_unix/pam_unix_static.c: Removed. + * modules/pam_unix/pam_unix_static.h: Removed. + * po/POTFILES.in: Remove removed files. + * tests/tst-dlopen.c: Remove PAM_STATIC part. + +2016-03-24 Thorsten Kukuk + + Fix check for libtirpc and enhance check for libnsl to include new libnsl. + * configure.ac: fix setting of CFLAGS/LIBS, enhance libnsl check + * modules/pam_unix/Makefile.am: replace NIS_* with TIRPC_* and NSL_* + +2016-03-23 Thorsten Kukuk + + Remove YP dependencies from pam_access, they were never used and such not needed. + * modules/pam_access/Makefile.am: Remove NIS_CFLAGS and NIS_LIBS + * modules/pam_access/pam_access.c: Remove yp_get_default_domain case, + it will never be used. + +2016-03-04 Tomas Mraz + + Add checks for localtime() returning NULL. + * modules/pam_lastlog/pam_lastlog.c (last_login_read): Check for localtime_r + returning NULL. + * modules/pam_tally2/pam_tally2.c (print_one): Check for localtime returning + NULL. + +2016-03-04 Tomas Mraz + + pam_unix: Silence warnings and fix a minor bug. + Fixes a minor bug in behavior when is_selinux_enabled() + returned negative value. + + * modules/pam_unix/passverify.c: Add parentheses to SELINUX_ENABLED macro. + (unix_update_shadow): Safe cast forwho to non-const char *. + * modules/pam_unix/support.c: Remove unused SELINUX_ENABLED macro. + +2016-02-17 Tomas Mraz + + pam_env: Document the /etc/environment file. + * modules/pam_env/Makefile.am: Add the environment.5 soelim stub. + * modules/pam_env/pam_env.8.xml: Add environ(7) reference. + * modules/pam_env/pam_env.conf.5.xml: Add environment alias name. + Add a paragraph about /etc/environment. Add environ(7) reference. + + pam_unix: Add no_pass_expiry option to ignore password expiration. + * modules/pam_unix/pam_unix.8.xml: Document the no_pass_expiry option. + * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): If no_pass_expiry + is on and return value data is not set to PAM_SUCCESS then ignore + PAM_NEW_AUTHTOK_REQD and PAM_AUTHTOK_EXPIRED returns. + * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Always set the + return value data. + (pam_sm_setcred): Test for likeauth option and use the return value data + only if set. + * modules/pam_unix/support.h: Add the no_pass_expiry option. + +2016-01-25 Tomas Mraz + + pam_unix: Change the salt length for new hashes to 16 characters. + * modules/pam_unix/passverify.c (create_password_hash): Change the + salt length for new hashes to 16 characters. + +2015-12-17 Tomas Mraz + + Relax the conditions for fatal failure on auditing. + The PAM library calls will not fail anymore for any uid if the return + value from the libaudit call is -EPERM. + + * libpam/pam_audit.c (_pam_audit_writelog): Remove check for uid != 0. + +2015-12-16 Tomas Mraz + + pam_tally2: Optionally log the tally count when checking. + * modules/pam_tally2/pam_tally2.c (tally_parse_args): Add debug option. + (tally_check): Always log the tally count with debug option. + +2015-10-02 Jakub Hrozek + + Docfix: pam handle is const in pam_syslog() and pam_vsyslog() + * doc/man/pam_syslog.3.xml: Add const to pam handle in pam_syslog() and pam_vsyslog(). + +2015-09-24 Tomas Mraz + + pam_loginuid: Add syslog message if required auditd is not detected. + * modules/pam_loginuid/pam_loginuid.c (_pam_loginuid): Add syslog message + if required auditd is not detected. + +2015-09-04 Tomas Mraz + + Allow links to be used instead of w3m for documentation regeneration. + * configure.ac: If w3m is not found check for links. + + Add missing space in pam_misc_setenv man page. + * doc/man/pam_misc_setenv.3.xml: Add a missing space. + +2015-08-12 Tomas Mraz + + pam_rootok: use rootok permission instead of passwd permission in SELinux check. + * modules/pam_rootok/pam_rootok.c (selinux_check_root): Use rootok instead of + passwd permission. + +2015-08-05 Amarnath Valluri + + pam_timestamp: Avoid leaking file descriptor. + * modules/pam_timestamp/hmacsha1.c(hmac_key_create): + close 'keyfd' when failed to own it. + +2015-06-22 Thorsten Kukuk + + Release version 1.2.1. + Security fix: CVE-2015-3238 + + If the process executing pam_sm_authenticate or pam_sm_chauthtok method + of pam_unix is not privileged enough to check the password, e.g. + if selinux is enabled, the _unix_run_helper_binary function is called. + When a long enough password is supplied (16 pages or more, i.e. 65536+ + bytes on a system with 4K pages), this helper function hangs + indefinitely, blocked in the write(2) call while writing to a blocking + pipe that has a limited capacity. + With this fix, the verifiable password length will be limited to + PAM_MAX_RESP_SIZE bytes (i.e. 512 bytes) for pam_exec and pam_unix. + + * NEWS: Update + * configure.ac: Bump version + * modules/pam_exec/pam_exec.8.xml: document limitation of password length + * modules/pam_exec/pam_exec.c: limit password length to PAM_MAX_RESP_SIZE + * modules/pam_unix/pam_unix.8.xml: document limitation of password length + * modules/pam_unix/pam_unix_passwd.c: limit password length + * modules/pam_unix/passverify.c: Likewise + * modules/pam_unix/passverify.h: Likewise + * modules/pam_unix/support.c: Likewise + +2015-04-27 Thorsten Kukuk + + Update NEWS file. + + Release version 1.2.0. + * NEWS: Update + * configure.ac: Bump version + * libpam/Makefile.am: Bump version of libpam + * libpam_misc/Makefile.am: Bump version of libpam_misc + * po/*: Regenerate po files + + Fix some grammatical errors in documentation. Patch by Louis Sautier. + * doc/adg/Linux-PAM_ADG.xml: Fix gramatical errors. + * doc/man/pam.3.xml: Likewise. + * doc/man/pam_acct_mgmt.3.xml: Likewise. + * doc/man/pam_chauthtok.3.xml: Likewise. + * doc/man/pam_sm_chauthtok.3.xml: Likewise. + * modules/pam_limits/limits.conf.5.xml: Likewise. + * modules/pam_mail/pam_mail.8.xml: Likewise. + * modules/pam_rhosts/pam_rhosts.c: Likewise. + * modules/pam_shells/pam_shells.8.xml: Likewise. + * modules/pam_tally/pam_tally.8.xml: Likewise. + * modules/pam_tally2/pam_tally2.8.xml: Likewise. + * modules/pam_unix/pam_unix.8.xml: Likewise. + +2015-04-23 Thorsten Kukuk + + Add "quiet" option to pam_unix to suppress informential info messages from session. + * modules/pam_unix/pam_unix.8.xml: Document new option. + * modules/pam_unix/support.h: Add quiet option. + * modules/pam_unix/pam_unix_sess.c: Don't print LOG_INFO messages if + 'quiet' option is set. + +2015-04-07 Tomas Mraz + + Use crypt_r if available in pam_userdb and in pam_unix. + * modules/pam_unix/passverify.c (create_password_hash): Call crypt_r() + instead of crypt() if available. + * modules/pam_userdb/pam_userdb.c (user_lookup): Call crypt_r() + instead of crypt() if available. + +2015-03-25 Thorsten Kukuk + + Support alternative "vendor configuration" files as fallback to /etc (Ticket#34, patch from ay Sievers ) + * doc/man/pam.8.xml: document additonal config directory + * libpam/pam_handlers.c: add /usr/lib/pam.d as config file fallback directory + * libpam/pam_private.h: adjust defines + + pam_env: expand @{HOME} and @{SHELL} and enhance documentation (Ticket#24 and #29) + * modules/pam_env/pam_env.c: Replace @{HOME} and @{SHELL} with passwd entries + * modules/pam_env/pam_env.conf.5.xml: Document @{HOME} and @{SHELL} + * modules/pam_env/pam_env.8.xml: Enhance documentation + +2015-03-24 Thorsten Kukuk + + Clarify pam_access docs re PAM service names and X $DISPLAY value testing. (Ticket #39) + * modules/pam_access/access.conf.5.xml + * modules/pam_access/pam_access.8.xml + + Don't use sudo directory, the timestamp format is different (Ticket#32) + * modules/pam_timestamp/pam_timestamp.c: Change default timestamp directory. + + Enhance group.conf examples (Ticket#35) + * modules/pam_group/group.conf.5.xml: Enhance example by logic group entry. + + Document timestampdir option (Ticket#33) + * modules/pam_timestamp/pam_timestamp.8.xml: Add timestampdir option. + + Adjust documentation (Ticket#36) + * libpam/pam_delay.c: Change 25% in comment to 50% as used in code. + * doc/man/pam_fail_delay.3.xml: Change 25% to 50% + +2015-02-18 Tomas Mraz + + Updated translations from Transifex. + * po/*.po: Updated translations from Transifex. + +2015-01-07 Dmitry V. Levin + + build: raise gettext version requirement. + Raise gettext requirement to the latest oldstable version 0.18.3. + This fixes the following automake warning: + + configure.ac:581: warning: The 'AM_PROG_MKDIR_P' macro is deprecated, and its use is discouraged. + configure.ac:581: You should use the Autoconf-provided 'AC_PROG_MKDIR_P' macro instead, + configure.ac:581: and use '$(MKDIR_P)' instead of '$(mkdir_p)'in your Makefile.am files. + + * configure.ac (AM_GNU_GETTEXT_VERSION): Raise from 0.15 to 0.18.3. + * po/Makevars: Update from gettext-0.18.3. + +2015-01-07 Ronny Chevalier + + build: adjust automake warning flags. + Enable all automake warning flags except for the portability issues, + since non portable features are used among the makefiles. + + * configure.ac (AM_INIT_AUTOMAKE): Add -Wall -Wno-portability. + +2015-01-07 Dmitry V. Levin + + build: rename configure.in to configure.ac. + This fixes the following automake warning: + aclocal: warning: autoconf input should be named 'configure.ac', not 'configure.in' + + * configure.in: Rename to configure.ac. + +2015-01-07 Dmitry V. Levin + + Remove unmodified GNU gettext files installed by autopoint. + These files are part of GNU gettext; we have not modified them, they are + installed by autopoint which is called by autoreconf, so they had to be + removed from this repository along with ABOUT-NLS, config.rpath, and + mkinstalldirs files that were removed by commit + Linux-PAM-1_1_5-7-g542ec8b. + + * po/Makefile.in.in: Remove. + * po/Rules-quot: Likewise. + * po/boldquot.sed: Likewise. + * po/en@boldquot.header: Likewise. + * po/en@quot.header: Likewise. + * po/insert-header.sin: Likewise. + * po/quot.sed: Likewise. + * po/remove-potcdate.sin: Likewise. + * po/.gitignore: Ignore these files. + +2015-01-06 Ronny Chevalier + + Update .gitignore. + * .gitignore: Ignore *.log and *.trs files. + +2015-01-02 Luke Shumaker + + libpam: Only print "Password change aborted" when it's true. + pam_get_authtok() may be used any time that a password needs to be entered, + unlike pam_get_authtok_{no,}verify(), which may only be used when + changing a password; yet when the user aborts, it prints "Password change + aborted." whether or not that was the operation being performed. + + This bug was non-obvious because none of the modules distributed with + Linux-PAM use it for anything but changing passwords; pam_unix has its + own utility function that it uses instead. As an example, the + nss-pam-ldapd package uses it in pam_sm_authenticate(). + + libpam/pam_get_authtok.c (pam_get_authtok_internal): check that the + password is trying to be changed before printing a message about the + password change being aborted. + +2014-12-10 Dmitry V. Levin + + build: extend cross compiling check to cover CPPFLAGS (ticket #21) + Use BUILD_CPPFLAGS variable to override CPPFLAGS where necessary in + case of cross compiling, in addition to CC_FOR_BUILD, BUILD_CFLAGS, + and BUILD_LDFLAGS variables introduced earlier to override CC, + CFLAGS, and LDFLAGS, respectively. + + * configure.in (BUILD_CPPFLAGS): Define. + * doc/specs/Makefile.am (CPPFLAGS): Define to @BUILD_CPPFLAGS@. + +2014-12-09 Dmitry V. Levin + + Do not use yywrap (ticket #42) + Our scanners do not really use yywrap. Explicitly disable yywrap + so that no references to yywrap will be generated and no LEXLIB + would be needed. + + * conf/pam_conv1/Makefile.am (pam_conv1_LDADD): Remove. + * conf/pam_conv1/pam_conv_l.l: Enable noyywrap option. + * doc/specs/Makefile.am (padout_LDADD): Remove. + * doc/specs/parse_l.l: Enable noyywrap option. + +2014-12-09 Kyle Manna + + doc: fix a trivial typo in pam_authenticate return values (ticket #38) + * doc/man/pam_authenticate.3.xml: Fix a typo in PAM_AUTHINFO_UNAVAIL. + +2014-12-08 Ronny Chevalier + + doc: fix typo in pam_authenticate.3.xml. + * doc/man/pam_authenticate.3.xml: Fix typo. + +2014-10-17 Tomas Mraz + + pam_succeed_if: Fix copy&paste error in rhost and tty values. + modules/pam_succeed_if/pam_succeed_if.c (evaluate): Use PAM_RHOST + and PAM_TTY properly for the rhost and tty values. + +2014-10-17 Tomas Mraz + + pam_succeed_if: Use long long type for numeric values. + The currently used long with additional conversion to int is + too small for uids and gids. + + modules/pam_succeed_if/pam_succeed_if.c (evaluate_num): Replace + strtol() with strtoll() and int with long long in the parameters + of comparison functions. + +2014-09-05 Tomas Mraz + + Add grantor field to audit records of libpam. + The grantor field gives audit trail of PAM modules which granted access + for successful return from libpam calls. In case of failed return + the grantor field is set to '?'. + libpam/pam_account.c (pam_acct_mgmt): Remove _pam_auditlog() call. + libpam/pam_auth.c (pam_authenticate, pam_setcred): Likewise. + libpam/pam_password.c (pam_chauthtok): Likewise. + libpam/pam_session.c (pam_open_session, pam_close_session): Likewise. + libpam/pam_audit.c (_pam_audit_writelog): Add grantors parameter, + add grantor= field to the message if grantors is set. + (_pam_list_grantors): New function creating the string with grantors list. + (_pam_auditlog): Add struct handler pointer parameter, call _pam_list_grantors() + to list the grantors from the handler list. + (_pam_audit_end): Add NULL handler parameter to _pam_auditlog() call. + (pam_modutil_audit_write): Add NULL grantors parameter to _pam_audit_writelog(). + libpam/pam_dispatch.c (_pam_dispatch_aux): Set h->grantor where appropriate. + (_pam_clear_grantors): New function to clear grantor field of handler. + (_pam_dispatch): Call _pam_clear_grantors() before executing the stack. + Call _pam_auditlog() when appropriate. + libpam/pam_handlers.c (extract_modulename): Do not allow empty module name + or just "?" to avoid confusing audit trail. + (_pam_add_handler): Test for NULL return from extract_modulename(). + Clear grantor field of handler. + libpam/pam_private.h: Add grantor field to struct handler, add handler pointer + parameter to _pam_auditlog(). + +2014-08-26 Tomas Mraz + + pam_mkhomedir: Drop superfluous stat() call. + modules/pam_mkhomedir/mkhomedir_helper.c (create_homedir): Drop superfluous + stat() call. + + pam_exec: Do not depend on open() returning STDOUT_FILENO. + modules/pam_exec/pam_exec.c (call_exec): Move the descriptor to + STDOUT_FILENO if needed. + +2014-08-25 Robin Hack + + pam_keyinit: Check return value of setregid. + modules/pam_keyinit/pam_keyinit.c (pam_sm_open_session): Log if setregid() fails. + + pam_filter: Avoid leaking descriptors when fork() fails. + modules/pam_filter/pam_filter.c (set_filter): Close descriptors when fork() fails. + +2014-08-14 Robin Hack + + pam_echo: Avoid leaking file descriptor. + modules/pam_echo/pam_echo.c (pam_echo): Close fd in error cases. + +2014-08-13 Robin Hack + + pam_tty_audit: Silence Coverity reporting uninitialized use. + modules/pam_tty_audit/pam_tty_audit.c (nl_recv): Initialize also + msg_flags. + +2014-08-13 Tomas Mraz + + pam_tally2: Avoid uninitialized use of fileinfo. + Problem found by Robin Hack . + modules/pam_tally2/pam_tally2.c (get_tally): Do not depend on file size + just try to read it. + + pam_access: Avoid uninitialized access of line. + * modules/pam_access/pam_access.c (login_access): Reorder condition + so line is not accessed when uninitialized. + +2014-08-05 Tomas Mraz + + pam_lastlog: Properly clean up last_login structure before use. + modules/pam_lastlog/pam_lastlog.c (last_login_write): Properly clean up last_login + structure before use. + +2014-07-21 Tomas Mraz + + Make pam_pwhistory and pam_unix tolerant of corrupted opasswd file. + * modules/pam_pwhistory/opasswd.c (parse_entry): Test for missing fields + in opasswd entry and return error. + * modules/pam_unix/passverify.c (save_old_password): Test for missing fields + in opasswd entry and skip it. + +2014-06-30 Dmitry V. Levin + + doc: add missing build dependencies for soelim stubs. + * doc/man/Makefile.am [ENABLE_REGENERATE_MAN]: Add dependencies for + pam_verror.3, pam_vinfo.3, pam_vprompt.3, and pam_vsyslog.3 soelim stubs. + +2014-06-23 Dmitry V. Levin + + doc: fix install in case of out of tree build (ticket #31) + * doc/adg/Makefile.am (install-data-local, releasedocs): Fall back + to srcdir if documentation files haven't been found in builddir. + (releasedocs): Treat missing documentation files as an error. + * doc/mwg/Makefile.am: Likewise. + * doc/sag/Makefile.am: Likewise. + +2014-06-19 Dmitry V. Levin + + doc: fix installation of adg-*.html and mwg-*.html files (ticket #31) + Fix a typo due to which sag-*.html files might be installed instead of + adg-*.html and mwg-*.html files. + + * doc/adg/Makefile.am (install-data-local): Install adg-*.html instead + of sag-*.html. + * doc/mwg/Makefile.am (install-data-local): Install mwg-*.html instead + of sag-*.html. + + Patch-by: Mike Frysinger + +2014-06-19 Tomas Mraz + + pam_limits: nofile refers to file descriptors not files. + modules/pam_limits/limits.conf.5.xml: Correct documentation of nofile limit. + modules/pam_limits/limits.conf: Likewise. + + pam_limits: clarify documentation of maxlogins and maxsyslogins limits. + modules/pam_limits/limits.conf.5.xml: clarify documentation of + maxlogins and maxsyslogins limits. + + pam_unix: Check for NULL return from Goodcrypt_md5(). + modules/pam_unix/pam_unix_passwd.c (check_old_password): Check for + NULL return from Goodcrypt_md5(). + + pam_unix: check for NULL return from malloc() + * modules/pam_unix/md5_crypt.c (crypt_md5): Check for NULL return from malloc(). + +2014-05-22 Tomas Mraz + + pam_loginuid: Document one more possible case of PAM_IGNORE return. + modules/pam_loginuid/pam_loginuid.8.xml: Document one more possible case + of PAM_IGNORE return value. + + pam_loginuid: Document other possible return values. + modules/pam_loginuid/pam_loginuid.8.xml: Document the possible return + values. + +2014-03-26 Dmitry V. Levin + + pam_timestamp: fix potential directory traversal issue (ticket #27) + pam_timestamp uses values of PAM_RUSER and PAM_TTY as components of + the timestamp pathname it creates, so extra care should be taken to + avoid potential directory traversal issues. + + * modules/pam_timestamp/pam_timestamp.c (check_tty): Treat + "." and ".." tty values as invalid. + (get_ruser): Treat "." and ".." ruser values, as well as any ruser + value containing '/', as invalid. + + Fixes CVE-2014-2583. + + Reported-by: Sebastian Krahmer + +2014-03-20 Tomas Mraz + + pam_userdb: document that .db suffix should not be used. + modules/pam_userdb/pam_userdb.8.xml: Document that .db suffix + should not be used and correct the example. + +2014-03-11 Tomas Mraz + + pam_selinux: canonicalize user name. + SELinux expects canonical user name for example without domain component. + + * modules/pam_selinux/pam_selinux.c (compute_exec_context): Canonicalize user name with pam_modutil_getpwnam(). + +2014-01-28 Dmitry V. Levin + + Change tarball name back to "Linux-PAM" + As a side effect of commit Linux-PAM-1_1_8-11-g3fa23ce, tarball name + changed accidentally from "Linux-PAM" to "linux-pam". + This change brings it back to "Linux-PAM". + + * configure.in (AC_INIT): Explicitly specify TARNAME argument. + +2014-01-27 Dmitry V. Levin + + Introduce pam_modutil_sanitize_helper_fds. + This change introduces pam_modutil_sanitize_helper_fds - a new function + that redirects standard descriptors and closes all other descriptors. + + pam_modutil_sanitize_helper_fds supports three types of input and output + redirection: + - PAM_MODUTIL_IGNORE_FD: do not redirect at all. + - PAM_MODUTIL_PIPE_FD: redirect to a pipe. For stdin, it is implemented + by creating a pipe, closing its write end, and redirecting stdin to + its read end. Likewise, for stdout/stderr it is implemented by + creating a pipe, closing its read end, and redirecting to its write + end. Unlike stdin redirection, stdout/stderr redirection to a pipe + has a side effect that a process writing to such descriptor should be + prepared to handle SIGPIPE appropriately. + - PAM_MODUTIL_NULL_FD: redirect to /dev/null. For stdin, it is + implemented via PAM_MODUTIL_PIPE_FD because there is no functional + difference. For stdout/stderr, it is classic redirection to + /dev/null. + + PAM_MODUTIL_PIPE_FD is usually more suitable due to linux kernel + security restrictions, but when the helper process might be writing to + the corresponding descriptor and termination of the helper process by + SIGPIPE is not desirable, one should choose PAM_MODUTIL_NULL_FD. + + * libpam/pam_modutil_sanitize.c: New file. + * libpam/Makefile.am (libpam_la_SOURCES): Add it. + * libpam/include/security/pam_modutil.h (pam_modutil_redirect_fd, + pam_modutil_sanitize_helper_fds): New declarations. + * libpam/libpam.map (LIBPAM_MODUTIL_1.1.9): New interface. + * modules/pam_exec/pam_exec.c (call_exec): Use + pam_modutil_sanitize_helper_fds. + * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Likewise. + * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Likewise. + * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): + Likewise. + * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise. + * modules/pam_xauth/pam_xauth.c (run_coprocess): Likewise. + * modules/pam_unix/support.h (MAX_FD_NO): Remove. + +2014-01-27 Dmitry V. Levin + + pam_xauth: avoid potential SIGPIPE when writing to xauth process. + Similar issue in pam_unix was fixed by commit Linux-PAM-0-73~8. + + * modules/pam_xauth/pam_xauth.c (run_coprocess): In the parent process, + close the read end of input pipe after writing to its write end. + +2014-01-27 Dmitry V. Levin + + pam_loginuid: log significant loginuid write errors. + * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Log those errors + during /proc/self/loginuid update that are not ignored. + +2014-01-27 Dmitry V. Levin + + Fix gratuitous use of strdup and x_strdup. + There is no need to copy strings passed as arguments to execve, + the only potentially noticeable effect of using strdup/x_strdup + would be a malformed argument list in case of memory allocation error. + + Also, x_strdup, being a thin wrapper around strdup, is of no benefit + when its argument is known to be non-NULL, and should not be used in + such cases. + + * modules/pam_cracklib/pam_cracklib.c (password_check): Use strdup + instead of x_strdup, the latter is of no benefit in this case. + * modules/pam_ftp/pam_ftp.c (lookup): Likewise. + * modules/pam_userdb/pam_userdb.c (user_lookup): Likewise. + * modules/pam_userdb/pam_userdb.h (x_strdup): Remove. + * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Do not use + x_strdup for strings passed as arguments to execve. + * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Likewise. + * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): Likewise. + * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise. + (_unix_verify_password): Use strdup instead of x_strdup, the latter + is of no benefit in this case. + * modules/pam_xauth/pam_xauth.c (run_coprocess): Do not use strdup for + strings passed as arguments to execv. + +2014-01-27 Dmitry V. Levin + + pam_userdb: fix password hash comparison. + Starting with commit Linux-PAM-0-77-28-g0b3e583 that introduced hashed + passwords support in pam_userdb, hashes are compared case-insensitively. + This bug leads to accepting hashes for completely different passwords in + addition to those that should be accepted. + + Additionally, commit Linux-PAM-1_1_6-13-ge2a8187 that added support for + modern password hashes with different lengths and settings, did not + update the hash comparison accordingly, which leads to accepting + computed hashes longer than stored hashes when the latter is a prefix + of the former. + + * modules/pam_userdb/pam_userdb.c (user_lookup): Reject the computed + hash whose length differs from the stored hash length. + Compare computed and stored hashes case-sensitively. + Fixes CVE-2013-7041. + + Bug-Debian: http://bugs.debian.org/731368 + +2014-01-24 Dmitry V. Levin + + pam_xauth: log fatal errors preventing xauth process execution. + * modules/pam_xauth/pam_xauth.c (run_coprocess): Log errors from pipe() + and fork() calls. + +2014-01-22 Dmitry V. Levin + + pam_loginuid: cleanup loginuid buffer initialization. + * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Move loginuid + buffer initialization closer to its first use. + +2014-01-22 Dmitry V. Levin + + libpam_misc: fix an inconsistency in handling memory allocation errors. + When misc_conv fails to allocate memory for pam_response array, it + returns PAM_CONV_ERR. However, when read_string fails to allocate + memory for a response string, it loses the response string and silently + ignores the error, with net result as if EOF has been read. + + * libpam_misc/misc_conv.c (read_string): Use strdup instead of x_strdup, + the latter is of no benefit in this case. + Do not ignore potential memory allocation errors returned by strdup, + forward them to misc_conv. + +2014-01-20 Dmitry V. Levin + + pam_limits: fix utmp->ut_user handling. + ut_user member of struct utmp is a string that is not necessarily + null-terminated, so extra care should be taken when using it. + + * modules/pam_limits/pam_limits.c (check_logins): Convert ut->UT_USER to + a null-terminated string and consistently use it where a null-terminated + string is expected. + +2014-01-20 Dmitry V. Levin + + pam_mkhomedir: check and create home directory for the same user (ticket #22) + Before pam_mkhomedir helper was introduced in commit + 7b14630ef39e71f603aeca0c47edf2f384717176, pam_mkhomedir was checking for + existance and creating the same directory - the home directory of the + user NAME returned by pam_get_item(PAM_USER). + + The change in behaviour accidentally introduced along with + mkhomedir_helper is not consistent: while the module still checks for + getpwnam(NAME)->pw_dir, the directory created by mkhomedir_helper is + getpwnam(getpwnam(NAME)->pw_name)->pw_dir, which is not necessarily + the same as the directory being checked. + + This change brings check and creation back in sync, both handling + getpwnam(NAME)->pw_dir. + + * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Replace + "struct passwd *" argument with user's name and home directory. + Pass user's name to MKHOMEDIR_HELPER. + (pam_sm_open_session): Update create_homedir call. + +2014-01-20 Tomas Mraz + + pam_limits: detect and ignore stale utmp entries. + Original idea by Christopher Hailey + + * modules/pam_limits/pam_limits.c (check_logins): Use kill() to + detect if pid of the utmp entry is still running and ignore the entry + if it is not. + +2014-01-19 Stéphane Graber + + pam_loginuid: Always return PAM_IGNORE in userns. + The previous patch to support user namespaces works fine with containers + that are started from a desktop/terminal session but fails when dealing + with containers that were started from a remote session such as ssh. + + I haven't looked at the exact reason for that in the kernel but on the + userspace side of things, the difference is that containers started from + an ssh session will happily let pam open /proc/self/loginuid read-write, + will let it read its content but will then fail with EPERM when trying + to write to it. + + So to make the userns support bullet proof, this commit moves the userns + check earlier in the function (which means a small performance impact as + it'll now happen everytime on kernels that have userns support) and will + set rc = PAM_IGNORE instead of rc = PAM_ERROR. + + The rest of the code is still executed in the event that PAM is run on a + future kernel where we have some kind of audit namespace that includes a + working loginuid. + +2014-01-15 Steve Langasek + + pam_namespace: don't use bashisms in default namespace.init script. + * modules/pam_namespace/pam_namespace.c: call setuid() before execing the + namespace init script, so that scripts run with maximum privilege regardless + of the shell implementation. + * modules/pam_namespace/namespace.init: drop the '-p' bashism from the + shebang line + + This is not a POSIX standard option, it's a bashism. The bash manpage says + that it's used to prevent the effective user id from being reset to the real + user id on startup, and to ignore certain unsafe variables from the + environment. + + In the case of pam_namespace, the -p is not necessary for environment + sanitizing because the PAM module (properly) sanitizes the environment + before execing the script. + + The stated reason given in CVS history for passing -p is to "preserve euid + when called from setuid apps (su, newrole)." This should be done more + portably, by calling setuid() before spawning the shell. + + Bug-Debian: http://bugs.debian.org/624842 + Bug-Ubuntu: https://bugs.launchpad.net/bugs/1081323 + +2014-01-10 Stéphane Graber + + pam_loginuid: Ignore failure in user namespaces. + When running pam_loginuid in a container using the user namespaces, even + uid 0 isn't allowed to set the loginuid property. + + This change catches the EACCES from opening loginuid, checks if the user + is in the host namespace (by comparing the uid_map with the host's one) + and only if that's the case, sets rc to 1. + + Should uid_map not exist or be unreadable for some reason, it'll be + assumed that the process is running on the host's namespace. + + The initial reason behind this change was failure to ssh into an + unprivileged container (using a 3.13 kernel and current LXC) when using + a standard pam profile for sshd (which requires success from + pam_loginuid). + + I believe this solution doesn't have any drawback and will allow people + to use unprivileged containers normally. An alternative would be to have + all distros set pam_loginuid as optional but that'd be bad for any of + the other potential failure case which people may care about. + + There has also been some discussions to get some of the audit features + tied with the user namespaces but currently none of that has been merged + upstream and the currently proposed implementation doesn't cover + loginuid (nor is it clear how this should even work when loginuid is set + as immutable after initial write). + +2014-01-10 Dmitry V. Levin + + pam_loginuid: return PAM_IGNORE when /proc/self/loginuid does not exist. + When /proc/self/loginuid does not exist, return PAM_IGNORE instead of + PAM_SUCCESS, so that we can distinguish between "loginuid set + successfully" and "loginuid not set, but this is expected". + + Suggested by Steve Langasek. + + * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Change return + code semantics: return PAM_SUCCESS on success, PAM_IGNORE when loginuid + does not exist, PAM_SESSION_ERR in case of any other error. + (_pam_loginuid): Forward the PAM error code returned by set_loginuid. + +2013-11-20 Dmitry V. Levin + + pam_access: fix debug level logging (ticket #19) + * modules/pam_access/pam_access.c (group_match): Log the group token + passed to the function, not an uninitialized data on the stack. + + pam_warn: log flags passed to the module (ticket #25) + * modules/pam_warn/pam_warn.c (log_items): Take "flags" argument and + log it using pam_syslog. + (pam_sm_authenticate, pam_sm_setcred, pam_sm_chauthtok, + pam_sm_acct_mgmt, pam_sm_open_session, pam_sm_close_session): Pass + "flags" argument to log_items. + +2013-11-20 Dmitry V. Levin + + Modernize AM_INIT_AUTOMAKE invocation. + Before this change, automake complained that two- and three-arguments + forms of AM_INIT_AUTOMAKE are deprecated. + + * configure.in: Pass PACKAGE and VERSION arguments to AC_INIT instead + of AM_INIT_AUTOMAKE. + +2013-11-20 Dmitry V. Levin + + Fix autoconf warnings. + Before this change, autoconf complained that AC_COMPILE_IFELSE + and AC_RUN_IFELSE was called before AC_USE_SYSTEM_EXTENSIONS. + + * configure.in: Call AC_USE_SYSTEM_EXTENSIONS before LT_INIT. + +2013-11-20 Dmitry V. Levin + + pam_securetty: check return value of fgets. + Checking return value of fgets not only silences the warning from glibc + but also leads to a cleaner code. + + * modules/pam_securetty/pam_securetty.c (securetty_perform_check): + Check return value of fgets. + +2013-11-20 Dmitry V. Levin + + pam_lastlog: fix format string. + gcc -Wformat justly complains: + format '%d' expects argument of type 'int', but argument 5 has type 'time_t' + + * modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Fix format + string. + +2013-11-20 Darren Tucker + + If the correct loginuid is set already, skip writing it. + modules/pam_loginuid/pam_loginuid.c (set_loginuid): Read the current loginuid + and skip writing if already correctly set. + +2013-11-11 Thorsten Kukuk + + Always ask for old password if changing NIS account. + * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): ask + for old password if NIS account. + +2013-11-08 Thorsten Kukuk + + Allow DES as compatibility option for /etc/login.defs. + * modules/pam_unix/support.h: Add UNIX_DES + +2013-10-14 Tomas Mraz + + Docfix: pam_prompt() and pam_vprompt() return int. + doc/man/pam_prompt.3.xml: pam_prompt() and pam_vprompt() return int. + + Make pam_tty_audit work with old kernels not supporting log_passwd. + modules/pam_tty_audit/pam_tty_audit.c(nl_recv): Pad result with zeros + if message is short from older kernel. + +2013-09-25 Tomas Mraz + + Fix pam_tty_audit log_passwd support and regression. + modules/pam_tty_audit/pam_tty_audit.c: Add missing "config.h" include. + (pam_sm_open_session): Always copy the old status as initialization of new. + +2013-09-19 Thorsten Kukuk + + Release version 1.1.8. + +2013-09-16 Thorsten Kukuk + + Check return value of setuid to remove glibc warnings. + * modules/pam_unix/pam_unix_acct.c: Check setuid return value. + * modules/pam_unix/support.c: Likewise. + +2013-09-13 Tomas Mraz + + Write to *rounds only if non-NULL. + modules/pam_unix/support.c(_set_ctrl): Write to *rounds only if non-NULL. + + Add missing ')' + modules/pam_unix/pam_unix_passwd.c: Add missing ')'.. + +2013-09-11 Thorsten Kukuk + + Release version 1.1.7. + +2013-09-11 Tomas Mraz + + Updated translations from Transifex. + po/*.po: Updated translations from Transifex. + +2013-09-04 Thorsten Kukuk + + Extend pam_exec by stdout and type= options (ticket #8): + * modules/pam_exec/pam_exec.c: Add stdout and type= option + * modules/pam_exec/pam_exec.8.xml: Document new options + +2013-08-30 Thorsten Kukuk + + Fix compile error. + * modules/pam_unix/pam_unix_acct.c: fix last change + +2013-08-29 Thorsten Kukuk + + Restart waitpid if it returns with EINTR (ticket #17) + * modules/pam_unix/pam_unix_acct.c: run waitpid in a while loop. + * modules/pam_unix/pam_unix_passwd.c: Likewise. + * modules/pam_unix/support.c: Likewise. + +2013-08-28 Thorsten Kukuk + + misc_conv.3: Fix documentation of misc_conv. + doc/man/misc_conv.3.xml: Fix return value of misc_conv + +2013-08-23 Tomas Mraz + + Apply the exclusive check in pam_sepermit only when loginuid not set. + * modules/pam_sepermit/pam_sepermit.c(get_loginuid): Read loginuid from + /proc + (sepermit_match): Apply the exclusive check only when loginuid not set. + +2013-08-22 Tomas Mraz + + Updated translations from Transifex. + * po/*.po: Updated translations from Transifex. + +2013-07-01 Dmitry V. Levin + + pam_rootok: fix linking in --enable-audit mode. + pam_rootok.c explicitly uses functions from libaudit, so the module has + to be linked with the library. + + * modules/pam_rootok/Makefile.am (pam_rootok_la_LIBADD): Add @LIBAUDIT@. + +2013-07-01 Richard Guy Briggs + + pam_tty_audit: fix a typo that crept in during patch review. + * modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Replace + all occurrences of HAVE_AUDIT_TTY_STATUS_LOG_PASSWD with + HAVE_STRUCT_AUDIT_TTY_STATUS_LOG_PASSWD. + * configure.in (HAVE_AUDIT_TTY_STATUS_LOG_PASSWD): Remove. + +2013-06-21 Richard Guy Briggs + + pam_tty_audit: add an option to control logging of passwords: log_passwd + Most commands are entered one line at a time and processed as complete lines + in non-canonical mode. Commands that interactively require a password, enter + canonical mode with echo set to off to do this. This feature (icanon and + !echo) can be used to avoid logging passwords by audit while still logging the + rest of the command. Adding a member to the struct audit_tty_status passed in + by pam_tty_audit allows control of logging passwords per task. + + * configure.in: autoconf bits to conditionally add support at compile time + depending on struct audit_tty_status kernel header version. + * modules/pam_tty_audit/pam_tty_audit.8.xml: Document new pam_tty_audit module + log_passwd option. + * modules/pam_tty_audit/pam_tty_audit.c: (pam_sm_open_session): Added + "log_passwd" option parsing. + +2013-06-20 Tomas Mraz + + Man page fix - unix_update runs in the permissive mode as well. + modules/pam_unix/unix_update.8.xml: unix_update helper runs in the + permissive mode as well. + +2013-06-18 Thorsten Kukuk + + Use hash from /etc/login.defs as default if no other one is specified as argument. + * modules/pam_unix/support.c: Add search_key, call from __set_ctrl + * modules/pam_unix/support.h: Add define for /etc/login.defs + * modules/pam_unix/pam_unix.8.xml: Document new behavior. + * modules/pam_umask/pam_umask.c: Add missing NULL pointer check + +2013-04-12 Tomas Mraz + + pam_access: better not change the default function used to get domain name. + modules/pam_access/pam_access.c (netgroup_match): As we did not use + yp_get_default_domain() in the 1.1 branch due to typo in ifdef + we should use it only as fallback. + +2013-03-28 Tomas Mraz + + Fix strict aliasing issue in MD5 implementations. + modules/pam_namespace/md5.c (MD5Final): Use memcpy instead of assignment. + modules/pam_unix/md5.c (MD5Final): Use memcpy instead of assignment. + +2013-03-22 Tomas Mraz + + pam_lastlog: Do not fail on short read if btmp is corrupted. + modules/pam_lastlog/pam_lastlog.c (last_login_failed): Just warn, not fail + on short read or read error. + + pam_rootok: Allow proper logging of the user AVC if access disallowed by SELinux + modules/pam_rootok/pam_rootok.c (log_callback, selinux_check_root): New functions. + (check_for_root): Use the selinux_check_root() instead of checkPasswdAccess. + +2013-02-08 Tomas Mraz + + Add checks for crypt() returning NULL. + modules/pam_pwhistory/opasswd.c (compare_password): Add check for crypt() NULL return. + modules/pam_unix/bigcrypt.c (bigcrypt): Likewise. + +2013-02-07 Tomas Mraz + + pam_userdb: Allow also modern password hashes supported by crypt(). + modules/pam_userdb/pam_userdb.c (user_lookup): Allow password hashes + longer than 13 characters and long salt. + +2013-01-18 Walter de Jong + + pam_access: fix typo in ifdef. + modules/pam_access/pam_access.c (netgroup_match): Fix typo + in #ifdef HAVE_YP_GET_DEFAULT_DOMAIN. + +2012-12-20 Tomas Mraz + + pam_cracklib: Mention checks that are not run for root. + modules/pam_cracklib/pam_cracklib.8.xml: Add note about checks + when run as root. + + Update also the POT file. + po/Linux-PAM.pot: Update to reflect current sources. + +2012-12-12 Tomas Mraz + + Updated translations from Transifex, added new languages. + po/LINGUAS: Added new languages. + po/*.po: Updated translations from Transifex including new languages. + +2012-11-30 Tomas Mraz + + pam_selinux: Drop obsolete and unsupported manual context selection. + modules/pam_selinux/pam_selinux.c (manual_context): Drop function. + (compute_exec_context): Drop manual_context() call. + +2012-11-23 Tomas Mraz + + pam_limits: fix grammatical mistake. + modules/pam_limits/limits.conf: Fix grammatical mistake. + +2012-11-13 Tomas Mraz + + Reflect the enforce_for_root semantics change in pam_pwhistory xtest. + xtests/tst-pam_pwhistory1.pamd: Use enforce_for_root as the test is + running with real uid == 0. + +2012-10-10 Dmitry V. Levin + + pam_unix: fix build in --enable-selinux mode. + glibc's starting with commit + http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=glibc-2.15-231-gd94a467 + does not include for POSIX 2008 conformance reasons, so + when pam is being built with SELinux support enabled, pam_unix_passwd.c + uses getrlimit(2) and therefore should include without + relying on other headers. + + * modules/pam_unix/pam_unix_passwd.c: Include . + + Reported-by: Guido Trentalancia + Reported-by: "Jory A. Pratt" + Reported-by: Diego Elio Pettenò + +2012-10-10 Tomas Mraz + + pam_namespace: add mntopts flag for tmpfs mount options. + modules/pam_namespace/pam_namespace.h: Add mount_opts member to polydir + structure. + modules/pam_namespace/pam_namespace.c (del_polydir): Free the mount_opts. + (parse_method): Parse the mntopts flag. + (ns_setup): Pass the mount_opts to mount(). + modules/pam_namespace/namespace.conf.5.xml: Document the mntopts flag. + +2012-09-06 Tomas Mraz + + pam_selinux, pam_tally2: Add tty and rhost to audit data. + modules/pam_selinux/pam_selinux.c (send_audit_message): Obtain tty and + rhost from PAM items and pass them to audit. + modules/pam_tally2/pam_tally2.c (tally_check): Obtain tty and + rhost from PAM items and pass them to audit. + (main): Obtain tty name of stdin and pass it to audit. + + Update configure.in to use more recent interfaces. + configure.in: Use LT_INIT instead of AC_PROG_LIBTOOL and AS_HELP_STRING instead + of AC_HELP_STRING. + +2012-08-17 Tomas Mraz + + Add missing $(DESTDIR) when making directories on install. + modules/pam_namespace/Makefile.am: Add missing $(DESTDIR) when making + $(namespaceddir) on install. + modules/pam_sepermit/Makefile.am: Add missing $(DESTDIR) when making + $(sepermitlockdir) on install. + +2012-08-17 Thorsten Kukuk + + release version 1.1.6. + configure.in: Bump version to 1.1.6 + NEWS: Document changes + po/*.po: Regenerate *.po files + +2012-08-16 Thorsten Kukuk + + Small documentation and define fixes. + modules/pam_limits/limits.conf.5.xml: Document race of maxlogins [#10] + modules/pam_namespace/pam_namespace.h: Define MS_SLAVE if necessary + modules/pam_pwhistory/pam_pwhistory.c: Document how the module works + modules/pam_unix/pam_unix.8.xml: Document remember option obsoleted by pam_pwhistory [#6] + +2012-08-13 Tomas Mraz + + Respect PAM_AUTHTOK_TYPE in pam_get_authtok_verify(). + libpam/pam_get_authtok.c (pam_get_authtok_internal): Set the PAM_AUTHTOK_TYPE + item when obtained from module options. + (pam_get_authtok_verify): Use the PAM_AUTHTOK_TYPE item when prompting. + +2012-08-09 Tomas Mraz + + Document limits.d also in the limits.conf manpage. + modules/pam_limits/limits.conf.5.xml: Document the limits.d existence. + +2012-07-23 Tomas Mraz + + New autotools do not create empty directories on install. + modules/pam_namespace/Makefile.am: Add install-data-local target to create + namespaceddir. + modules/pam_sepermit/Makefile.am: Add install-data-local target to create + sepermitlockdir. + +2012-07-09 Stevan Bajić + + RLIMIT_* variables are no longer defined unless you explicitly include sys/resource.h. + + modules/pam_unix/pam_unix_acct.c: Include sys/resource.h. + +2012-06-27 Tomas Mraz + + pam_umask: correct the documentation of GECOS field parsing. + modules/pam_umask/pam_umask.8.xml: Correct the documentation of GECOS field + parsing. + +2012-06-22 Tomas Mraz + + pam_cracklib: Add monotonic character sequence checking. + modules/pam_cracklib/pam_cracklib.c (_pam_parse): Parse the maxsequence option. + (sequence): New function to check for too long monotonic sequence of characters. + (password_check): Call the sequence(). + modules/pam_cracklib/pam_cracklib.8.xml: Document the maxsequence check. + +2012-06-01 Tomas Mraz + + pam_timestamp: Fix copy&paste error in manpage. + modules/pam_timestamp/pam_timestamp.8.xml: Fix AUTHOR section. + +2012-05-28 Tomas Mraz + + Pulled new translations from Transifex. + po/*.po: Updated translations. + + pam_pwhistory: Always record the old password even when root changes it. + modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Use the UID of + the process instead of the target user UID (same as in pam_cracklib) to + check for root. Always record old password. + +2012-05-24 Tomas Mraz + + pam_cracklib: Add enforce_for_root option. + modules/pam_cracklib/pam_cracklib.c (_pam_parse): Recognize the enforce_for_root option. + (pam_sm_chauthtok): Enforce errors for root with the option. + modules/pam_cracklib/pam_cracklib.8.xml: Document the enforce_for_root option. + +2012-04-30 Tomas Mraz + + pam_cracklib: Add maxclassrepeat, gecoscheck checks and remove unused difignore. + modules/pam_cracklib/pam_cracklib.c (_pam_parse): Recognize the maxclassrepeat, gecoscheck options. Ignore difignore option. + (simple): Add the check for the same class repetition. + (usercheck): Refactor into wordcheck(). + (gecoscheck): New test for words from the GECOS field. + (password_check): Call the gecoscheck(). + (pam_sm_chauthtok): Drop the diff_ignore from options struct. + modules/pam_cracklib/pam_cracklib.8.xml: Document the maxclassrepeat and gecoscheck checks, update the documentation of the difok test. + + pam_lastlog: Never lock out the root account. + modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Return PAM_SUCCESS if + uid==0. + modules/pam_lastlog/pam_lastlog.8.xml: Improve documentation. + +2012-04-17 Tomas Mraz + + pam_lastlog: add possibility to lock out inactive users in auth or account + * modules/pam_lastlog/pam_lastlog.8.xml: Document the new functionality and + option. + * modules/pam_lastlog/pam_lastlog.c: Add the inactive user lock out. + (_pam_session_parse): Renamed from _pam_parse. + (_pam_auth_parse): New function to parse auth arguments. + (_last_login_open): Factor out opening of the lastlog file. + (_last_login_read): Factor out opening of the lastlog file. + (pam_sm_authenticate): Implement the lockout functionality. + (pam_sm_setcred): Just return PAM_SUCCESS. + (pam_sm_acct_mgmt): Call pam_sm_authenticate(). + +2012-04-11 Paul Wouters + + Check for crypt() failure returning NULL. + * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Adjust syslog message. + * modules/pam_unix/passverify.c (create_password_hash): Check for crypt() + returning NULL. + +2012-02-03 Dmitry V. Levin + + pam_unix: make configuration consistent in --enable-static-modules mode. + In --enable-static-modules mode, it was not possible to use "pam_unix" + in PAM config files. Instead, different names had to be used for each + management group: pam_unix_auth, pam_unix_acct, pam_unix_passwd and + pam_unix_session. This change makes pam_unix configuration consistent + with other PAM modules. + + * README: Remove the paragraph describing pam_unix distinctions in + --enable-static-modules mode. + * libpam/pam_static_modules.h (_pam_unix_acct_modstruct, + _pam_unix_auth_modstruct, _pam_unix_passwd_modstruct, + _pam_unix_session_modstruct): Remove. + (_pam_unix_modstruct): New pam_module declaration. + * modules/pam_unix/pam_unix_static.h: New file. + * modules/pam_unix/pam_unix_static.c: Likewise. + * modules/pam_unix/Makefile.am (noinst_HEADERS): Add pam_unix_static.h + (pam_unix_la_SOURCES) [STATIC_MODULES]: Add pam_unix_static.c + * modules/pam_unix/pam_unix_acct.c [PAM_STATIC]: Include + pam_unix_static.h + [PAM_STATIC] (_pam_unix_acct_modstruct): Remove. + * modules/pam_unix/pam_unix_auth.c [PAM_STATIC]: Include + pam_unix_static.h + [PAM_STATIC] (_pam_unix_auth_modstruct): Remove. + * modules/pam_unix/pam_unix_passwd.c [PAM_STATIC]: Include + pam_unix_static.h + [PAM_STATIC] (_pam_unix_passwd_modstruct): Remove. + * modules/pam_unix/pam_unix_sess.c [PAM_STATIC]: Include + pam_unix_static.h + [PAM_STATIC] (_pam_unix_session_modstruct): Remove. + + Suggested-by: Matveychikov Ilya + +2012-01-27 Dmitry V. Levin + + Make --disable-cracklib compatible with --enable-static-modules mode. + * configure.in: Define HAVE_LIBCRACK when cracklib is enabled. + * libpam/pam_static_modules.h (static_modules): Guard the use of + _pam_cracklib_modstruct by HAVE_LIBCRACK macro. + +2012-02-10 Tomas Mraz + + Add missing includes for types used in the pam_modutil.h. + * libpam/include/security/pam_modutil.h: Add missing includes for used types. + +2012-01-27 Matveychikov Ilya + + Fix compile time errors in --enable-static-modules mode. + * libpam/pam_static_modules.h (_pam_rhosts_auth_modstruct): Remove + obsolete declaration. + (static_modules): Remove undefined reference to + _pam_rhosts_auth_modstruct. + * modules/pam_pwhistory/opasswd.h: Rename {save,check}_old_password to + {save,check}_old_pass in order to avoid conflicts with pam_unix. + * modules/pam_pwhistory/opasswd.c: Likewise. + * modules/pam_pwhistory/pam_pwhistory.c: Likewise. + * modules/pam_tally2/pam_tally2.c: Rename _pam_tally_modstruct to + _pam_tally2_modstruct. + +2012-01-26 Dmitry V. Levin + + Fix SUBDIRS for --enable-static-modules mode. + There is no way to build "modules" subdirectory before "libpam" anyway. + In STATIC_MODULES mode, "libpam" subdirectory must be built twice to + produce a usable libpam.a without undefined references to multiple + _pam_*_modstruct symbols. + + * Makefile.am: Use default SUBDIRS in STATIC_MODULES mode. + +2012-01-26 Matveychikov Ilya + + configure: fix typo in --disable-nis help string. + * configure.in: Change '-disable-nis' to '--disable-nis'. + +2012-01-26 Tomas Mraz + + Do not unmount anything by default in pam_namespace close session call. + * modules/pam_namespace/pam_namespace.c (pam_sm_close_session): Recognize + the unmount_on_close option and make the default to be to not unmount. + * modules/pam_namespace/pam_namespace.h: Rename PAMNS_NO_UNMOUNT_ON_CLOSE to + PAMNS_UNMOUNT_ON_CLOSE. + * modules/pam_namespace/pam_namespace.8.xml: Document the change. + +2012-01-24 Tomas Mraz + + Make / mount as rslave instead of bind mounting polydirs. + * modules/pam_namespace/pam_namespace.c (protect_dir): Drop the always argument. + (check_inst_parent): Drop the always argument from protect_dir(). + (create_polydir): Likewise. + (ns_setup): Likewise and do not mark the polydir with MS_PRIVATE. + (setup_namespace): Mark the / with MS_SLAVE|MS_REC. + * modules/pam_namespace/pam_namespace.8.xml: Reflect the change in docs. + +2012-01-13 Tomas Mraz + + Add possibility to match ruser, rhost, and tty in pam_succeed_if. + * modules/pam_succeed_if/pam_succeed_if.c (evaluate): Match ruser, + rhost, and tty as left operand. + * modules/pam_succeed_if/pam_succeed_if.8.xml: Document the new + possible left operands. + +2012-01-03 Tomas Mraz + + Merge branch 'master' of ssh://git.fedorahosted.org/git/linux-pam. + + Fix matching of usernames in the pam_unix remember feature. + * modules/pam_unix/pam_unix_passwd.c (check_old_password): Make + sure we match only the whole username in opasswd entry. + * modules/pam_unix/passverify.c (save_old_password): Likewise make + sure we match only the whole username in opasswd entry. + +2011-12-26 Dmitry V. Levin + + pam_start: fix memory leak on error path. + * libpam/pam_start.c (pam_start): If _pam_make_env() or + _pam_init_handlers() returned an error, release the memory allocated + for pam_conv structure. + + Patch-by: cancel . + +2011-11-03 Dmitry V. Levin + + pam_selinux.8.xml: update. + * modules/pam_selinux/pam_selinux.8.xml (pam_selinux-cmdsynopsis): + Reorder options, add new "restore" option. + pam_selinux-description): Rewrite. + (pam_selinux-options): Reorder options, describe new "restore" option. + (pam_selinux-return_values): Remove PAM_AUTH_ERR, PAM_SESSION_ERR + and PAM_BUF_ERR. + (pam_selinux-see_also): Remove pam.conf(5). Add execve(2), tty(4) + and selinux(8). + + pam_selinux.c: add "restore" option. + * modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Add new + "restore" option. + + pam_selinux.c: rewrite using pam_get_data/pam_set_data. + * modules/pam_selinux/pam_selinux.c (security_restorelabel_tty, + security_label_tty): Remove old functions. + (module_data_t): New structure. + (free_module_data, cleanup, get_module_data, get_item, + set_exec_context, set_file_context, compute_exec_context, + compute_tty_context, restore_context, set_context, + create_context): New functions. + (pam_sm_authenticate, pam_sm_setcred, pam_sm_open_session, + pam_sm_close_session): Use them. + +2011-10-28 Dmitry V. Levin + + Use libpam.la/libpam_misc.la to link with -lpam/-lpam_misc. + GNU automake documentation recommends to avoid using -l options in + LDADD or LIBADD when referring to libraries built by the package. + Instead, it recommends to write the file name of the library explicitly, + and use -l option only to list third-party libraries. As result, the + default value of *_DEPENDENCIES will list all local libraries and omit + the other ones. + * modules/pam_access/Makefile.am (pam_access_la_LIBADD): Replace + "-L$(top_builddir)/libpam -lpam" with + "$(top_builddir)/libpam/libpam.la", to follow GNU automake + recommendations. + * modules/pam_cracklib/Makefile.am (pam_cracklib_la_LIBADD): Likewise. + * modules/pam_debug/Makefile.am (pam_debug_la_LIBADD): Likewise. + * modules/pam_deny/Makefile.am (pam_deny_la_LIBADD): Likewise. + * modules/pam_echo/Makefile.am (pam_echo_la_LIBADD): Likewise. + * modules/pam_env/Makefile.am (pam_env_la_LIBADD): Likewise. + * modules/pam_exec/Makefile.am (pam_exec_la_LIBADD): Likewise. + * modules/pam_faildelay/Makefile.am (pam_faildelay_la_LIBADD): Likewise. + * modules/pam_filter/Makefile.am (pam_filter_la_LIBADD): Likewise. + * modules/pam_filter/upperLOWER/Makefile.am (LDADD): Likewise. + * modules/pam_ftp/Makefile.am (pam_ftp_la_LIBADD): Likewise. + * modules/pam_group/Makefile.am (pam_group_la_LIBADD): Likewise. + * modules/pam_issue/Makefile.am (pam_issue_la_LIBADD): Likewise. + * modules/pam_keyinit/Makefile.am (pam_keyinit_la_LIBADD): Likewise. + * modules/pam_lastlog/Makefile.am (pam_lastlog_la_LIBADD): Likewise. + * modules/pam_limits/Makefile.am (pam_limits_la_LIBADD): Likewise. + * modules/pam_listfile/Makefile.am (pam_listfile_la_LIBADD): Likewise. + * modules/pam_localuser/Makefile.am (pam_localuser_la_LIBADD): Likewise. + * modules/pam_loginuid/Makefile.am (pam_loginuid_la_LIBADD): Likewise. + * modules/pam_mail/Makefile.am (pam_mail_la_LIBADD): Likewise. + * modules/pam_mkhomedir/Makefile.am (pam_mkhomedir_la_LIBADD, + mkhomedir_helper_LDADD): Likewise. + * modules/pam_motd/Makefile.am (pam_motd_la_LIBADD): Likewise. + * modules/pam_namespace/Makefile.am (pam_namespace_la_LIBADD): Likewise. + * modules/pam_nologin/Makefile.am (pam_nologin_la_LIBADD): Likewise. + * modules/pam_permit/Makefile.am (pam_permit_la_LIBADD): Likewise. + * modules/pam_pwhistory/Makefile.am (pam_pwhistory_la_LIBADD): Likewise. + * modules/pam_rhosts/Makefile.am (pam_rhosts_la_LIBADD): Likewise. + * modules/pam_rootok/Makefile.am (pam_rootok_la_LIBADD): Likewise. + * modules/pam_securetty/Makefile.am (pam_securetty_la_LIBADD): Likewise. + * modules/pam_sepermit/Makefile.am (pam_sepermit_la_LIBADD): Likewise. + * modules/pam_shells/Makefile.am (pam_shells_la_LIBADD): Likewise. + * modules/pam_stress/Makefile.am (pam_stress_la_LIBADD): Likewise. + * modules/pam_succeed_if/Makefile.am (pam_succeed_if_la_LIBADD): + Likewise. + * modules/pam_tally/Makefile.am (pam_tally_la_LIBADD): Likewise. + * modules/pam_tally2/Makefile.am (pam_tally2_la_LIBADD, + pam_tally2_LDADD): Likewise. + * modules/pam_time/Makefile.am (pam_time_la_LIBADD): Likewise. + * modules/pam_timestamp/Makefile.am (pam_timestamp_la_LIBADD, + pam_timestamp_check_LDADD, hmacfile_LDADD): Likewise. + * modules/pam_tty_audit/Makefile.am (pam_tty_audit_la_LIBADD): Likewise. + * modules/pam_umask/Makefile.am (pam_umask_la_LIBADD): Likewise. + * modules/pam_unix/Makefile.am (pam_unix_la_LIBADD): Likewise. + * modules/pam_userdb/Makefile.am (pam_userdb_la_LIBADD): Likewise. + * modules/pam_warn/Makefile.am (pam_warn_la_LIBADD): Likewise. + * modules/pam_wheel/Makefile.am (pam_wheel_la_LIBADD): Likewise. + * modules/pam_xauth/Makefile.am (pam_xauth_la_LIBADD): Likewise. + * tests/Makefile.am (LDADD): Likewise. + * examples/Makefile.am (LDADD): Replace "-L$(top_builddir)/libpam -lpam" + with "$(top_builddir)/libpam/libpam.la", and + "-L$(top_builddir)/libpam_misc -lpam_misc" with + "$(top_builddir)/libpam_misc/libpam_misc.la", to follow GNU automake + recommendations. + * xtests/Makefile.am (LDADD): Likewise. + * modules/pam_selinux/Makefile.am (pam_selinux_la_LIBADD): Likewise. + + Fix usage of LIBADD, LDADD and LDFLAGS. + * modules/pam_selinux/Makefile.am: Rename pam_selinux_check_LDFLAGS to + pam_selinux_check_LDADD. + * modules/pam_userdb/Makefile.am: Split out pam_userdb_la_LIBADD from + AM_LDFLAGS. + * modules/pam_warn/Makefile.am: Split out pam_warn_la_LIBADD from + AM_LDFLAGS. + * modules/pam_wheel/Makefile.am: Split out pam_wheel_la_LIBADD from + AM_LDFLAGS. + * modules/pam_xauth/Makefile.am: split out pam_xauth_la_LIBADD from + AM_LDFLAGS. + * xtests/Makefile.am: Rename AM_LDFLAGS to LDADD. + +2011-10-27 Dmitry V. Levin + + Update .gitignore files. + * .gitignore: Add common ignore patterns. + * m4/.gitignore: Unignore local m4 files. + * dynamic/.gitignore: Unignore Makefile. + * libpamc/test/modules/.gitignore: Likewise. + * libpamc/test/regress/.gitignore: Likewise. + * po/.gitignore: Add Makevars.template. + * conf/.gitignore: Remove common ignore patterns. + * conf/pam_conv1/.gitignore: Likewise. + * doc/.gitignore: Likewise. + * doc/specs/.gitignore: Likewise. + * doc/specs/formatter/.gitignore: Likewise. + * examples/.gitignore: Likewise. + * modules/pam_filter/upperLOWER/.gitignore: Likewise. + * modules/pam_mkhomedir/.gitignore: Likewise. + * modules/pam_selinux/.gitignore: Likewise. + * modules/pam_stress/.gitignore: Likewise. + * modules/pam_tally/.gitignore: Likewise. + * modules/pam_tally2/.gitignore: Likewise. + * modules/pam_timestamp/.gitignore: Likewise. + * modules/pam_unix/.gitignore: Likewise. + * tests/.gitignore: Likewise. + * xtests/.gitignore: Likewise. + * doc/adg/.gitignore: Remove. + * doc/man/.gitignore: Remove. + * doc/mwg/.gitignore: Remove. + * doc/sag/.gitignore: Remove. + * libpamc/.gitignore: Remove. + * libpamc/test/.gitignore: Remove. + * libpam/.gitignore: Remove. + * libpam_misc/.gitignore: Remove. + * modules/.gitignore: Remove. + * modules/pam_access/.gitignore: Remove. + * modules/pam_cracklib/.gitignore: Remove. + * modules/pam_debug/.gitignore: Remove. + * modules/pam_deny/.gitignore: Remove. + * modules/pam_echo/.gitignore: Remove. + * modules/pam_env/.gitignore: Remove. + * modules/pam_exec/.gitignore: Remove. + * modules/pam_faildelay/.gitignore: Remove. + * modules/pam_filter/.gitignore: Remove. + * modules/pam_ftp/.gitignore: Remove. + * modules/pam_group/.gitignore: Remove. + * modules/pam_issue/.gitignore: Remove. + * modules/pam_keyinit/.gitignore: Remove. + * modules/pam_lastlog/.gitignore: Remove. + * modules/pam_limits/.gitignore: Remove. + * modules/pam_listfile/.gitignore: Remove. + * modules/pam_localuser/.gitignore: Remove. + * modules/pam_loginuid/.gitignore: Remove. + * modules/pam_mail/.gitignore: Remove. + * modules/pam_motd/.gitignore: Remove. + * modules/pam_namespace/.gitignore: Remove. + * modules/pam_nologin/.gitignore: Remove. + * modules/pam_permit/.gitignore: Remove. + * modules/pam_pwhistory/.gitignore: Remove. + * modules/pam_rhosts/.gitignore: Remove. + * modules/pam_rootok/.gitignore: Remove. + * modules/pam_securetty/.gitignore: Remove. + * modules/pam_sepermit/.gitignore: Remove. + * modules/pam_shells/.gitignore: Remove. + * modules/pam_succeed_if/.gitignore: Remove. + * modules/pam_time/.gitignore: Remove. + * modules/pam_tty_audit/.gitignore: Remove. + * modules/pam_umask/.gitignore: Remove. + * modules/pam_userdb/.gitignore: Remove. + * modules/pam_warn/.gitignore: Remove. + * modules/pam_wheel/.gitignore: Remove. + * modules/pam_xauth/.gitignore: Remove. + + Move generated auxiliary files to build-aux directory. + * configure.in: Add AC_CONFIG_AUX_DIR([build-aux]). + + Remove generated files. + * ABOUT-NLS: Remove. + * INSTALL: Remove. + * config.rpath: Remove. + * install-sh: Remove. + * mkinstalldirs: Remove. + * Makefile.am (EXTRA_DIST): Remove config.rpath and mkinstalldirs. + * .gitignore: Add ABOUT-NLS and INSTALL. + + Create release tarballs using safe ownership and permissions. + * Makefile.am: Define and export TAR_OPTIONS. + + Generate ChangeLog from git log. + * .gitignore: Add ChangeLog + * ChangeLog: Rename to ChangeLog-CVS. + * Makefile.am (gen-changelog): New rule. + (dist-hook, .PHONY): Depend on it. + (EXTRA_DIST): Add ChangeLog-CVS. + * README-hacking: New file. + * gitlog-to-changelog: Import from gnulib. + * autogen.sh: Create empty ChangeLog file to make automake strictness + check happy. Use automated "autoreconf -fiv" instead of manual + invocations of various autotools. + + Fix "make distcheck" + There is no use to distribute m4 files manually, because automake does + the right thing, while manual distribution is not only redundant but + also very fragile. + * Makefile.am (M4_FILES): Remove. + (EXTRA_DIST): Remove M4_FILES. + + Remove modules/pam_timestamp/hmacfile from distribution. + * modules/pam_timestamp/Makefile.am (dist_TESTS): Add tst-pam_timestamp. + (nodist_TESTS): Add hmacfile. + (EXTRA_DIST): Replace TESTS with dist_TESTS. + + Rename all .cvsignore files to .gitignore. + +2011-10-26 Dmitry V. Levin + + Fix whitespace issues. + Cleanup trailing whitespaces, indentation that uses spaces before tabs, + and blank lines at EOF. Make the project free of warnings reported by + git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD + + +See ChangeLog-CVS for earlier changes. -- cgit v1.2.3