Version 1.9release_1_9

* NEWS: Update version number.
* configure.ac: Likewise.
* doc/pam_ldaphome.8in: Reorder configuration statements.
* pamck/pamck.c: Update copyright years.

4 files changed, 67 insertions, 57 deletions

diff --git a/NEWS b/NEWS
index fd74ce3..5e2a832 100644
--- a/NEWS
+++ b/NEWS
@@ -2,13 +2,13 @@ pam-modules -- history of user-visible changes. 2014-05-21
 Copyright (C) 2001, 2004-2005, 2007-2012, 2014 Sergey Poznyakoff
 See the end of file for copying conditions.
 
 Please send pam-modules bug reports to <bug-pam-modules@gnu.org.ua>
 
 
-Version 1.8.93, (Git)
+Version 1.9, 2014-05-21
 
 * New module pam_groupmember
 
 Tests whether the user is a member of one or more groups.
 
 * pam_ldaphome can invoke an external program
@@ -165,13 +165,13 @@ Version 0.1
 	Initial release. See README for short description.
 
 ^L
 =========================================================================
 Copyright information:
 
-Copyright (C) 2001, 2004-2005, 2007-2012 Sergey Poznyakoff
+Copyright (C) 2001, 2004-2005, 2007-2014 Sergey Poznyakoff
 
    Permission is granted to anyone to make or distribute verbatim copies
    of this document as received, in any medium, provided that the
    copyright notice and this permission notice are preserved,
    thus giving the recipient permission to redistribute in turn.
 
diff --git a/configure.ac b/configure.ac
index 413dc80..c45e5fd 100644
--- a/configure.ac
+++ b/configure.ac
@@ -13,13 +13,13 @@
 #
 # You should have received a copy of the GNU General Public License along
 # with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 AC_PREREQ(2.63)
 
-AC_INIT(pam-modules, 1.8.93, bug-pam-modules@gnu.org.ua)
+AC_INIT(pam-modules, 1.9, bug-pam-modules@gnu.org.ua)
 AC_CONFIG_SRCDIR(pam_fshadow/pam_fshadow.c)
 AC_CONFIG_AUX_DIR([build-aux])
 AC_CONFIG_MACRO_DIR([m4])
 AM_INIT_AUTOMAKE([1.11 no-exeext tar-ustar dist-xz silent-rules])
 AM_CONFIG_HEADER(config.h)
 
diff --git a/doc/pam_ldaphome.8in b/doc/pam_ldaphome.8in
index 5150849..f40ee66 100644
--- a/doc/pam_ldaphome.8in
+++ b/doc/pam_ldaphome.8in
@@ -11,13 +11,13 @@
 .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 .\" GNU General Public License for more details.
 .\"
 .\" You should have received a copy of the GNU General Public License
 .\" along with PAM-Modules.  If not, see <http://www.gnu.org/licenses/>.
 .so config.so
-.TH PAM_LDAPHOME 8 "May 19, 2014" "PAM-MODULES" "Pam-Modules User Reference"
+.TH PAM_LDAPHOME 8 "May 21, 2014" "PAM-MODULES" "Pam-Modules User Reference"
 .SH NAME
 pam_ldaphome \- create and populate user home directories
 .SH SYNOPSIS
 .nh
 .na
 \fBpam_ldaphome\fR\
@@ -43,33 +43,13 @@ The configuration is kept in the file
 The file is a usual UNIX-style configuration file with
 comments introduced by the \fB#\fR character.  Long statements can be
 split across several physical lines of text by ending each line but
 the last with a backslash character. 
 .PP
 Available configuration directives are:
-.TP
-.BI allow\-home\-dir " PATH"
-Lists directories in which it is allowed to create home directories.
-\fIPATH\fR is a list of directories separated by colons.  The user's
-home directory will be created only if the directory part of its name
-is listed in \fIPATH\fR.
-.TP
-.BI skel " DIR"
-Supplies the name of a \fIskeleton directory\fR.  The contents of this
-directory is copied to each newly created user home directory.  The
-file modes and permissions are retained.
-.TP
-.BI uri " ARG"
-Sets the URI of the LDAP server to consult for the user profile.
-.TP
-.BI ldap\-version " NUM"
-Sets the LDAP version to use.  Valid arguments are
-.B 2 
-and
-.B 3
-(the default).
+.SS LDAP Settings
 .TP
 .BI base " SEARCHBASE"
 Use \fISEARCHBASE\fR as starting point for searches.
 .TP
 .BI binddn " DN"
 Use the Distinguished Name \fIDB\fR to bind to the LDAP directory.
@@ -78,79 +58,105 @@ Use the Distinguished Name \fIDB\fR to bind to the LDAP directory.
 Used together with \fBbinddn\fR, this statement supplies the
 password for simple authentication.
 .TP
 .BI bindpwfile " FILE"
 Read password for simple authentication from \fIFILE\fR.
 .TP
+.BI filter " EXPR"
+Defines a LDAP filter expression which returns the user profile.  The
+\fIEXPR\fR should conform to the string representation for search
+filters as defined in RFC 4515.
+.TP
+.BI ldap\-version " NUM"
+Sets the LDAP version to use.  Valid arguments are
+.B 2 
+and
+.B 3
+(the default).
+.TP
+.BI pubkey\-attr " TEXT"
+Defines the name of the attribute that keeps user's public SSH key.
+.TP
 .BI tls " VAL"
 Controls whether TLS is desired or required.  If \fIVAL\fR is
 \fBno\fR (the default), TLS will not be used.  If it is \fByes\fR,
 the module will issue the \fIStartTLS\fR command, but will continue
 anyway if it fails.  Finally, if \fIVAL\fR is the word \fBonly\fR, the
 use of TLS becomes mandatory, and the module will not establish LDAP
 connection unless \fIStartTLS\fR succeeds.
 .TP
-.BI min\-uid " N"
-Sets the minimal UID.  For users with UIDs less than \fIN\fR,
-\fBpam_ldaphome\fR will return \fBPAM_SUCCESS\fR immediately.  This
-allows you to have a set of basic users whose credentials are kept in
-the system database and who will not be disturbed by
-\fBpam_ldaphome\fR.  See also \fBmin\-gid\fR and \fBallow\-groups\fR.
-.TP
-.BI min\-gid " N"
-Sets the minimal GID.  For users with GIDs less than \fIN\fR,
-the module will return \fBPAM_SUCCESS\fR immediately.
-.TP
-\fBallow\-groups\fR \fIGROUP\fR [\fIGROUP\fR...]
-Only handle members of the listed groups.
-.TP
-.BI filter " EXPR"
-Defines a LDAP filter expression which returns the user profile.  The
-\fIEXPR\fR should conform to the string representation for search
-filters as defined in RFC 4515.
-.TP
-.BI import\-public\-keys " BOOL"
-When set to \fBno\fR, disables importing public keys from LDAP.  You
-may wish to use this option if you are using \fBopenssh\fR 6.1 or
-later with \fBldappubkey\fR as \fBAuthorizedKeysCommand\fR.
+.BI uri " ARG"
+Sets the URI of the LDAP server to consult for the user profile.
+.SS Home directory creation
 .TP
-.BI pubkey\-attr " TEXT"
-Defines the name of the attribute that keeps user's public SSH key.
+.BI allow\-home\-dir " PATH"
+Lists directories in which it is allowed to create home directories.
+\fIPATH\fR is a list of directories separated by colons.  The user's
+home directory will be created only if the directory part of its name
+is listed in \fIPATH\fR.
 .TP
 .BI copy\-buf\-size " N"
 Sets the size of the buffer used to copy files from the skeleton
 directory to the newly created home.  The default value is 16384 bytes.
 .TP
 .BI home\-dir\-mode " MODE"
 Defines the file mode (octal) for creation of the user directories.
 .TP
-.BI keyfile\-mode " MODE"
-Defines the file mode (octal) for creation of authorized keys files.
+.BI skel " DIR"
+Supplies the name of a \fIskeleton directory\fR.  The contents of this
+directory is copied to each newly created user home directory.  The
+file modes and permissions are retained.
+.SS Authorized keys file control
 .TP
 .BI authorized_keys " NAME"
 Sets the pathname (relative to the home directory) for the authorized
 keys file.  The default is \fB.ssh/authorized_keys\fR.  For normal
 operation, this value must be the same as the value of
 \fBAuthorizedKeysFile\fR variable in
 .BR sshd_config (5).
 Unless you change the latter, there's no need to edit it.
 .TP
+.BI import\-public\-keys " BOOL"
+When set to \fBno\fR, disables importing public keys from LDAP.  You
+may wish to use this option if you are using \fBopenssh\fR 6.2p1 or
+later with \fBldappubkey\fR as \fBAuthorizedKeysCommand\fR.
+.TP
+.BI keyfile\-mode " MODE"
+Defines the file mode (octal) for creation of authorized keys files.
+.SS Access control
+.TP
+\fBallow\-groups\fR \fIGROUP\fR [\fIGROUP\fR...]
+Only handle members of the listed groups.
+.TP
+.BI min\-gid " N"
+Sets the minimal GID.  For users with GIDs less than \fIN\fR,
+the module will return \fBPAM_SUCCESS\fR immediately.
+.TP
+.BI min\-uid " N"
+Sets the minimal UID.  For users with UIDs less than \fIN\fR,
+\fBpam_ldaphome\fR will return \fBPAM_SUCCESS\fR immediately.  This
+allows you to have a set of basic users whose credentials are kept in
+the system database and who will not be disturbed by
+\fBpam_ldaphome\fR.  See also \fBmin\-gid\fR and \fBallow\-groups\fR.
+.SS Initialization script support
+.TP
+.BI exec\-timeout " SECONDS"
+Sets maximum time the \fBinitrc\-command\fR is allowed to run.  If
+it runs longer than \fISECONDS\fR, it will be terminated with a
+\fBSIGKILL\fR, and the module will return \fBPAM_SYSTEM_ERR\fR.
+.TP
 .BI initrc\-command " COMMAND"
 Run \fICOMMAND\fR after populating the user home directory with
 files from the skeleton directory.  The user login name is passed to
 \fICOMMAND\fR as its argument.  Before invoking, the current working
 directory is changed to the user home, standard input is closed, and
 standard output is redirected to standard errror.
 
 The command should exit with code 0 on success.  If it exits with a
 non-zero code, PAM_SYSTEM_ERR will be reported.
 .TP
-.BI initrc-log " FILE"
-Redirects standard output and error from the
-\fBinitrc\-command\fR to \fIFILE\fR.
-.TP
 \fBinitrc\-environ\fR \fIENV\fR ...
 Modifies the environment of \fBinitrc\-command\fR.
 
 This statement takes one or more arguments.  Each argument can be one
 of:
 .RS +4
@@ -182,12 +188,16 @@ Retain variable \fINAME\fR and prepend \fIVALUE\fR to its existing
 value.  If no such variable is present in the environment, it is
 created.  If \fIVALUE\fR ends with a punctuation character, this character 
 is removed from it before assignment.
 .RE
 The \fIVALUE\fR part can be enclosed in single or double quotes, in
 which case the usual shell dequoting rules apply.
+.TP
+.BI initrc-log " FILE"
+Redirects standard output and error from the
+\fBinitrc\-command\fR to \fIFILE\fR.
 .SH OPTIONS
 .TP
 .BI config= FILE
 Read configuration from \fIFILE\fR instead of
 .nh
 .na
diff --git a/pamck/pamck.c b/pamck/pamck.c
index 983bcdb..e8f9461 100644
--- a/pamck/pamck.c
+++ b/pamck/pamck.c
@@ -36,13 +36,13 @@ help()
 
 void
 version()
 {
 	printf("%s (%s) %s\n", program_name, PACKAGE, PACKAGE_VERSION);
 	fputs ("\
-Copyright (C) 2009 Sergey Poznyakoff\n\
+Copyright (C) 2009-2012, 2014 Sergey Poznyakoff\n\
 \n\
 License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.\n\
 This is free software: you are free to change and redistribute it.\n\
 There is NO WARRANTY, to the extent permitted by law.\n\
 \n\
 ", stdout);