Commit Graph

365 Commits

Author SHA1 Message Date
Tomas Mraz
6ffceb7ea0 add "local_users_only" to pam_pwquality in default configuration 2013-09-30 11:39:27 +02:00
Tomas Mraz
384fedfade new upstream release 2013-09-13 14:26:54 +02:00
Tomas Mraz
c8a6aadf10 use links instead of w3m to create txt documentation
- recognize login session in pam_sepermit to prevent gdm from locking (#969174)
- add support for disabling password logging in pam_tty_audit
2013-08-07 18:24:04 +02:00
Dennis Gilmore
aeefedee72 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild 2013-08-03 11:22:22 -05:00
Tomas Mraz
58c0255c92 add new helper for pam_pwhistory 2013-07-11 14:19:26 +02:00
Tomas Mraz
db8cd4099a add auditing of SELinux policy violation in pam_rootok (#965723)
- add SELinux helper to pam_pwhistory
2013-07-11 14:02:52 +02:00
Tomas Mraz
1916f77e5c the default isadir is more correct 2013-05-07 15:42:29 +02:00
Tomas Mraz
443cfad289 the default isadir is more correct 2013-05-07 14:12:43 +02:00
Tomas Mraz
01ca858789 pam_unix: do not fail with bad ld.so.preload 2013-04-24 17:46:23 +02:00
Tomas Mraz
bc16a79c57 pam_unix: do not fail with bad ld.so.preload 2013-04-23 17:19:31 +02:00
Tomas Mraz
858c76dcd3 Multiple bug fixes and cleanups.
- do not fail if btmp file is corrupted (#906852)
- fix strict aliasing warnings in build
- UsrMove
- use authtok_type with pam_pwquality in system-auth
- remove manual_context handling from pam_selinux (#876976)
- other minor specfile cleanups
2013-03-22 17:44:40 +01:00
Tomas Mraz
b38262e712 check NULL return from crypt() calls (#915316) 2013-03-19 16:29:42 +01:00
Tomas Mraz
21cc104fe0 add workaround for low nproc limit for confined root user (#432903) 2013-03-14 16:59:47 +01:00
Karsten Hopp
c6b26088e2 add support for ppc64p7 arch (Power7 optimized) 2013-02-21 16:03:10 +01:00
Dennis Gilmore
1e77848ced - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild 2013-02-14 03:43:30 -06:00
Tomas Mraz
ba75a13ace fix build with current autotools 2013-01-22 17:37:56 +01:00
Tomas Mraz
d47b309a1d add support for tmpfs mount options in pam_namespace 2012-10-15 18:45:16 +02:00
Tomas Mraz
72401d341e Autotools hackery to make it build. 2012-09-05 19:09:56 +02:00
Tomas Mraz
725d09d8bf Drop libtoolize call. 2012-09-04 11:20:38 +02:00
Tomas Mraz
010ed2b452 link setuid binaries with full relro (#853158)
- add rhost and tty to auditing data in modules (#677664)
2012-09-03 15:36:31 +02:00
Tomas Mraz
8a0ba11ae1 new upstream release 2012-08-17 15:24:18 +02:00
Tomas Mraz
a0cd63d48e make the pam_lastlog module in postlogin 'optional' (#846843) 2012-08-09 17:57:58 +02:00
Tomas Mraz
0e79701521 Build against libdb-5 2012-08-06 21:49:23 +02:00
Tomas Mraz
28a93ad826 fix build failure in pam_unix
- add display of previous bad login attempts to postlogin.pamd
- put the tmpfiles.d config to /usr/lib and rename it to pam.conf
2012-07-23 18:51:15 +02:00
Dennis Gilmore
017fb41875 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild 2012-07-20 02:49:29 -05:00
Tomas Mraz
14f4737e81 install empty directories 2012-05-09 12:30:33 +02:00
Tomas Mraz
7f16b85d54 multiple backported fixes
- add inactive account lock out functionality to pam_lastlog
- fix pam_unix remember user name matching
- add gecoscheck and maxclassrepeat functionality to pam_cracklib
- correctly check for crypt() returning NULL in pam_unix
- pam_unix - do not fallback to MD5 on password change
  if requested algorithm not supported by crypt() (#818741)
2012-05-09 11:58:27 +02:00
Tomas Mraz
882ad81ab3 add pam_systemd to session modules 2012-05-09 11:12:48 +02:00
Tomas Mraz
92f3acf6be fix pam_namespace leaking the protect mounts to parent namespace (#755216) 2012-01-31 17:19:23 +01:00
Dennis Gilmore
87d3951c7d - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild 2012-01-13 05:54:44 -06:00
Tomas Mraz
d3bb594db9 add a note to limits.conf (#754285) 2011-12-21 09:13:05 +01:00
Tomas Mraz
0e4d0dbd64 use pam_pwquality instead of pam_cracklib 2011-11-24 15:05:57 +01:00
Tomas Mraz
0c02cd5bb7 upgrade to new upstream release 2011-11-24 14:33:55 +01:00
Tomas Mraz
1ba74b3572 Fix description - no static libpam for a long time. 2011-10-03 15:20:33 +02:00
Tomas Mraz
39bef6c743 Merge branch 'master' of ssh://pkgs.fedoraproject.org/pam
Conflicts:
	pam.spec
2011-08-25 16:10:53 +02:00
Tomas Mraz
9f29655908 fix dereference in pam_env
fix wrong parse of user@host pattern in pam_access (#732081)
2011-08-25 16:09:08 +02:00
Ville Skyttä
de3812c9a2 Rebuild to fix trailing slashes in provided dirs added by rpm 4.9.1.
http://lists.fedoraproject.org/pipermail/devel/2011-July/154658.html
2011-07-23 16:34:01 +03:00
Tomas Mraz
05c4e69a7b Remove trailing / 2011-07-15 15:28:24 +02:00
Tomas Mraz
8de0245233 clear supplementary groups in pam_console handler execution 2011-07-15 14:55:38 +02:00
Tomas Mraz
412141d627 upgrade to new upstream release 2011-06-27 17:24:51 +02:00
Tomas Mraz
d31d5587d4 detect the shared / and make the polydir mounts private based on that
fix memory leak and other small errors in pam_namespace
2011-06-07 17:31:12 +02:00
Tomas Mraz
6a48d1491e add support for explicit marking of the polydir mount private (#623522) 2011-06-02 22:23:52 +02:00
Dennis Gilmore
20d38d82f9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild 2011-02-08 08:02:09 -06:00
Tomas Mraz
a050086a24 - add postlogin common PAM configuration file (#665059) 2010-12-22 18:22:11 +01:00
Tomas Mraz
de4fdba40b - include patches recently submitted and applied to upstream CVS 2010-12-14 12:02:26 +01:00
Tomas Mraz
a526ddfed4 - add config for autocreation of subdirectories in /var/run (#656655)
- automatically enable kernel console in pam_securetty
2010-11-25 18:14:01 +01:00
Tomas Mraz
fdfa166654 - fix segfault in faillock utility
- remove some cases where the information of existence of
  an user account could be leaked by the pam_faillock,
  document the remaining case
2010-11-10 17:15:18 +01:00
Tomas Mraz
5310fecf62 - fix segfault in faillock utility
- remove some cases where the information of existence of
  an user account could be leaked by the pam_faillock,
  document the remaining case
2010-11-10 15:15:03 +01:00
Tomas Mraz
a4d4d78281 - fix a mistake in the abstract X-socket connect
- make pam_faillock work with screensaver
2010-11-05 19:03:35 +01:00
Tomas Mraz
5bcbeb6870 Merge branch 'master' of ssh://pkgs.fedoraproject.org/pam
Conflicts:
	pam.spec
2010-11-01 23:44:04 +01:00
Tomas Mraz
4baf0f6949 - upgrade to new upstream release fixing CVE-2010-3316 CVE-2010-3435
CVE-2010-3853
- try to connect to an abstract X-socket first to verify we are
  at real console (#647191)
2010-11-01 23:42:26 +01:00
Jesse Keating
9a28cb58ea - Rebuilt for gcc bug 634757 2010-09-29 14:57:32 -07:00
Tomas Mraz
acc35880d3 - do not build some auxiliary tools that are not installed that require
flex-static to build
2010-09-20 12:16:26 +02:00
Tomas Mraz
ca3ead6784 - add pam_faillock module implementing temporary account lock out based
on authentication failures during a specified interval
- upgrade to new upstream release
2010-09-17 17:37:07 +02:00
Tomáš Mráz
4b7a0b2c99 - do not overwrite tallylog with empty file on upgrade 2010-07-15 13:24:33 +00:00
Tomáš Mráz
e3430d85d2 - change the default password hash to sha512 2010-02-15 17:25:28 +00:00
Tomáš Mráz
3f424c65d3 - fix wrong prompt when pam_get_authtok is used for new password 2010-01-22 17:49:54 +00:00
Tomáš Mráz
68bf40d031 - fix build with disabled audit and SELinux (#556211, #556212) 2010-01-18 09:09:31 +00:00
Tomáš Mráz
1802942b8d - new upstream version with minor changes 2009-12-17 14:29:39 +00:00
Tomáš Mráz
430b952f8e - pam_console: fix memory corruption when executing handlers (patch by Stas
Sergeev) and a few more fixes in the handler execution code (#532302)
2009-11-02 07:56:12 +00:00
Tomáš Mráz
0e45b7f2c2 - pam_xauth: set the approprate context when creating .xauth files
(#531530)
2009-10-29 15:32:22 +00:00
Tomáš Mráz
4774498127 - do not change permissions with pam_console_apply
- drop obsolete pam_tally module and the faillog file (#461258)
2009-09-01 16:03:13 +00:00
Tomáš Mráz
6572482d29 - leftover comment and license tag 2009-08-26 18:43:27 +00:00
Tomáš Mráz
155e7e9f93 - rebuild with new libaudit 2009-08-19 19:06:40 +00:00
Tomáš Mráz
e307a99b74 - fix source URLs 2009-08-11 11:50:50 +00:00
Tomáš Mráz
8d3cbe5e32 - fix for pam_cracklib from upstream 2009-07-27 15:23:22 +00:00
Jesse Keating
8f8af7e93e - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild 2009-07-25 23:08:11 +00:00
Tomáš Mráz
47e2c2f3d9 - update to new upstream version 2009-06-24 07:09:21 +00:00
Tomáš Mráz
da8b25143b - update to new upstream version 2009-05-13 10:59:18 +00:00
Tomáš Mráz
4b9fc2208b - add password-auth, fingerprint-auth, and smartcard-auth for applications
which can use them namely gdm (#494874) patch by Ray Strode
2009-04-10 16:06:24 +00:00
Tomáš Mráz
02fa35ccd2 - bump release 2009-03-26 11:26:22 +00:00
Tomáš Mráz
f3a8a94868 - replace also other std descriptors (#491471) 2009-03-26 11:17:16 +00:00
Tomáš Mráz
837a5499fa - replace also other std descriptors (#491471) 2009-03-26 09:28:14 +00:00
Tomáš Mráz
1343a8ed17 - we must replace the stdin when execing the helper (#490644) 2009-03-17 14:13:16 +00:00
Tomáš Mráz
a78e55c069 - do not close stdout/err when execing the helpers (#488147) 2009-03-16 13:47:00 +00:00
Tomáš Mráz
2c482b26a1 - the buildrequires on glibc will make it install a conflicting version 2009-03-09 20:58:38 +00:00
Tomáš Mráz
3ecbdb09e8 - upgrade to new upstream release 2009-03-09 16:14:30 +00:00
Tomáš Mráz
5b6ef5fcbd - fix parsing of config files containing non-ASCII characters
- fix CVE-2009-0579 (mininimum days for password change ignored) (#487216)
- pam_access: improve handling of hostname resolution
2009-02-27 12:52:52 +00:00
Jesse Keating
32a45d5cc0 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild 2009-02-26 09:28:43 +00:00
Tomáš Mráz
64be9b675a - add helper to pam_mkhomedir for proper SELinux confinement (#476784) 2009-01-19 09:18:56 +00:00
Tomáš Mráz
d4ff57cf6f - upgrade to new upstream release
- add --disable-prelude (#466242)
2008-12-16 15:17:16 +00:00
Tomáš Mráz
e30408c5d9 - new password quality checks in pam_cracklib
- report failed logins from btmp in pam_lastlog
- allow larger groups in modutil functions
- fix leaked file descriptor in pam_tally
2008-09-23 14:06:48 +00:00
Tomáš Mráz
8955a466b5 - pam_loginuid: uids are unsigned (#460241)
- new minor upstream release
- use external db4
- drop tests for not pulling in libpthread (as NPTL should be safe)
2008-09-08 11:01:44 +00:00
Tomáš Mráz
7d29dd0246 - update internal db4 2008-07-09 12:27:35 +00:00
Tomáš Mráz
a37d2c7046 - pam_namespace: allow safe creation of directories owned by user (#437116)
- pam_unix: fix multiple error prompts on password change (#443872)
2008-05-21 08:08:39 +00:00
Tomáš Mráz
3be955e71c - fix build with new autoconf 2008-05-20 13:31:17 +00:00
Tomáš Mráz
afb096a17d - pam_selinux: add env_params option which will be used by OpenSSH 2008-05-19 16:55:13 +00:00
Tomáš Mráz
be4deb2d92 - pam_selinux: restore execcon properly (#443667) 2008-04-22 19:48:10 +00:00
Tomáš Mráz
65a47ccbca - upgrade to new upstream release (one bugfix only)
- fix pam_sepermit use in screensavers
2008-04-18 08:43:42 +00:00
Tomáš Mráz
2613b27a52 - fix regression in pam_set_item 2008-04-07 09:45:21 +00:00
Tomáš Mráz
1fa0a9e893 - upgrade to new upstream release (bugfix only) 2008-04-04 16:00:50 +00:00
Tomáš Mráz
6aa700f64a - pam_namespace: fix problem with level polyinst (#438264)
- pam_namespace: improve override checking for umount
- pam_selinux: fix syslogging a context after free() (#438338)
2008-03-20 16:50:13 +00:00
Tomáš Mráz
1ba40631bf - update pam-redhat module tarball
- update internal db4
2008-02-28 22:44:06 +00:00
Tomáš Mráz
8938fa9767 - if shadow is readable for an user do not prevent him from authenticating
any user with unix_chkpwd (#433459)
- call audit from unix_chkpwd when appropriate
2008-02-22 15:49:55 +00:00
Tomáš Mráz
0533865ad8 - new upstream release
- add default soft limit for nproc of 1024 to prevent accidental fork bombs
    (#432903)
2008-02-15 17:27:28 +00:00
Tomáš Mráz
717cfde74b - allow the package to build without SELinux and audit support (#431415)
- macro usage cleanup
2008-02-04 13:06:18 +00:00
Tomáš Mráz
b6b1e29706 - test for setkeycreatecon correctly
- add exclusive login mode of operation to pam_selinux_permit (original
    patch by Dan Walsh)
2008-01-28 17:59:35 +00:00
Tomáš Mráz
de90b38383 - libpam.so is in libdir 2008-01-23 07:43:33 +00:00
Tomáš Mráz
2badd4f116 - add auditing to pam_access, pam_limits, and pam_time
- moved sanity testing code to check script
2008-01-22 21:52:13 +00:00
Tomáš Mráz
392622e8de - merge review fixes (#226228) 2008-01-14 12:49:56 +00:00
Tomáš Mráz
c5d3ee3a3f - support for sha256 and sha512 password hashes
- account expiry checks moved to unix_chkpwd helper
2008-01-08 18:56:11 +00:00
Tomáš Mráz
b99939ffb4 - wildcard match support in pam_tty_audit (by Miloslav Trmač) 2008-01-02 10:42:27 +00:00
Tomáš Mráz
a36aa37b04 - add pam_tty_audit module (#244352) - written by Miloslav Trmač 2007-11-29 13:20:28 +00:00
Tomáš Mráz
9ae80944c1 - add substack support 2007-11-07 11:41:49 +00:00
Tomáš Mráz
991484aaf4 - apply db4 patch correctly 2007-09-25 20:26:29 +00:00
Tomáš Mráz
00939f1c06 - update db4 to 4.6.19 (#274661) 2007-09-25 20:15:45 +00:00
Tomáš Mráz
36d9a1c73d - do not preserve contexts when copying skel and other namespace.init fixes
(#298941)
- do not free memory sent to putenv (#231698)
2007-09-21 14:08:14 +00:00
Tomáš Mráz
43c3a5a46e - add pam_selinux_permit module
- pam_succeed_if: fix in operator (#295151)
2007-09-19 18:11:42 +00:00
Tomáš Mráz
ac8e934c7b - when SELinux enabled always run the helper binary instead of direct
shadow access (#293181)
2007-09-18 20:23:57 +00:00
Tomáš Mráz
9e1a698edf - do not ask for blank password when SELinux confined (#254044)
- initialize homedirs in namespace init script (original patch by dwalsh)
2007-08-24 13:15:01 +00:00
Tomáš Mráz
a47d5ca5e4 - multifunction scanner device support (#251468) 2007-08-22 19:30:39 +00:00
Tomáš Mráz
73ea19b4f7 - most devices are now handled by HAL and not pam_console (patch by davidz)
- license tag fix
2007-08-22 18:03:12 +00:00
Tomáš Mráz
81e34ba414 - fix auth regression when uid != 0 from previous build (#251804) 2007-08-13 09:05:04 +00:00
Tomáš Mráz
ecf62ebc17 - make db4 build with new glibc 2007-08-06 14:57:26 +00:00
Tomáš Mráz
8fa0463a67 - updated db4 to 4.6.18 (#249740)
- added user and new instance parameters to namespace init
- document the new features of pam_namespace
- do not log an audit error when uid != 0 (#249870)
2007-08-06 12:31:50 +00:00
Jeremy Katz
f6d27e9e3a - rebuild for toolchain bug 2007-07-25 17:52:58 +00:00
Tomáš Mráz
3f1e71cada - drop the merged patches 2007-07-23 19:07:42 +00:00
Tomáš Mráz
6c6453458a - upgrade to latest upstream version
- add some firewire devices to default console perms (#240770)
2007-07-23 18:46:31 +00:00
Tomáš Mráz
09b44afcb6 - pam_namespace: better document behavior on failure (#237249)
- pam_unix: split out passwd change to a new helper binary (#236316)
- pam_namespace: add support for temporary logons (#241226)
2007-06-04 14:22:15 +00:00
Tomáš Mráz
33d3c087e3 - pam_selinux: improve context change auditing (#234781)
- pam_namespace: fix parsing config file with unknown users (#234513)
2007-04-13 16:14:38 +00:00
Tomáš Mráz
a28e30cbc4 - pam_console: always decrement use count (#230823)
- pam_namespace: use raw context for poly dir name (#227345)
- pam_namespace: truncate long poly dir name (append hash) (#230120)
- we don't patch any po files anymore
2007-03-23 11:02:35 +00:00
Tomáš Mráz
71ab958a92 - correctly relabel tty in the default case (#229542)
- pam_unix: cleanup of bigcrypt support
- pam_unix: allow modification of '*' passwords to root
2007-02-21 20:32:28 +00:00
Tomáš Mráz
504a3315ce - more X displays as consoles (#227462) 2007-02-06 15:58:27 +00:00
Tomáš Mráz
bbd6bf031f - upgrade to new upstream version resolving CVE-2007-0003
- pam_namespace: unmount poly dir for override users
2007-01-24 12:14:29 +00:00
Tomáš Mráz
d1daca3136 - add back min salt length requirement which was erroneously removed
upstream
2007-01-22 13:11:10 +00:00
Tomáš Mráz
0b9c1bae67 - upgrade to new upstream version
- drop pam_stack module as it is obsolete
- some changes to silence rpmlint
2007-01-19 17:42:21 +00:00
Tomáš Mráz
8a453fc0be - properly include /var/log/faillog and tallylog as ghosts and create them
in post script (#209646)
- update gmo files as we patch some po files (#218271)
- add use_current_range option to pam_selinux (#220487)
- improve the role selection in pam_selinux
- remove shortcut on Password: in ja locale (#218271)
- revert to old euid and not ruid when setting euid in pam_keyinit
    (#219486)
- rename selinux-namespace patch to namespace-level
2007-01-16 20:14:28 +00:00
Daniel J Walsh
7ce306a7c7 - Fix selection of role 2007-01-03 19:18:27 +00:00
Tomáš Mráz
03d7f35c89 - autoreconf won't work with autoconf-2.61 as configure.in is not yet
adjusted for it
2006-11-30 13:00:48 +00:00
Tomáš Mráz
19a8f79ca1 - add select-context option to pam_selinux (#213812) 2006-11-30 09:40:03 +00:00
Tomáš Mráz
d589c9bdaf - we don't need this yet 2006-11-13 21:15:30 +00:00
Tomáš Mráz
4f2fe36b29 - update internal db4 to 4.5.20 version
- move setgid before setuid in pam_keyinit (#212329)
- make username check in pam_unix consistent with useradd (#212153)
2006-11-13 21:05:40 +00:00
Tomáš Mráz
ab60a42b72 - add pam_namespace option no_unmount_on_close, required for newrole 2006-09-28 13:11:14 +00:00
Tomáš Mráz
355576d558 - silence pam_succeed_if in default system-auth (#205067)
- round the pam_timestamp_check sleep up to wake up at the start of the
    wallclock second (#205068)
2006-09-04 14:31:09 +00:00
Tomáš Mráz
10ddab4186 - upgrade to new upstream version, as there are mostly bugfixes except
improved documentation
- add support for session and password service for pam_access and
    pam_succeed_if
- system-auth: skip session pam_unix for crond service
2006-08-31 20:51:59 +00:00
Daniel J Walsh
e3f2d52037 - Add new setkeycreatecon call to pam_selinux to make sure keyring has
correct context
2006-08-10 20:26:54 +00:00
Tomáš Mráz
685a1895f3 - revoke keyrings properly when pam_keyinit called as root (#201048)
- pam_succeed_if should return PAM_USER_UNKNOWN when getpwnam fails
    (#197748)
2006-08-10 13:34:26 +00:00
Tomáš Mráz
0b27f99e23 - revoke keyrings properly when pam_keyinit called more than once (#201048)
patch by David Howells
2006-08-02 18:08:23 +00:00
Tomáš Mráz
3e0c7af627 - don't log pam_keyinit debug messages by default (#199783) 2006-07-21 22:36:15 +00:00
Tomáš Mráz
f81d37360c - drop ainit from console.handlers (#199561) 2006-07-21 14:26:46 +00:00
Tomáš Mráz
2851cbe631 - drop ainit from console.handlers (#199561) 2006-07-21 14:22:56 +00:00
Tomáš Mráz
fce253b7c0 - don't report error in pam_selinux for nonexistent tty (#188722)
- add pam_keyinit to the default system-auth file (#198623)
2006-07-17 11:03:29 +00:00
Jesse Keating
d649923c46 bumped for rebuild 2006-07-12 07:37:04 +00:00
Tomáš Mráz
95ebf27f94 - the patch should be applied with -p0 2006-07-03 13:19:35 +00:00
Tomáš Mráz
e019bcd126 - fixed network match in pam_access (patch by Dan Yefimov) 2006-07-03 12:45:13 +00:00
Tomáš Mráz
4fea4c98d9 - namespace.init was missing from EXTRA_DIST 2006-06-30 10:06:09 +00:00
Tomáš Mráz
00eddc0974 - updated to a new upstream release
- added service as value to be matched and list matching to pam_succeed_if
2006-06-30 09:20:33 +00:00
Tomáš Mráz
85a854521e - a typo 2006-06-08 21:18:21 +00:00
Tomáš Mráz
da4d7fa8c5 - added buildrequires libtool
- fixed a few rpmlint warnings
2006-06-08 18:44:01 +00:00
Tomáš Mráz
7dffd3fb2d - updated pam_namespace with latest patch by Janak Desai
- merged pam_namespace patches
2006-06-08 14:27:54 +00:00