summaryrefslogtreecommitdiffabout
AgeCommit message (Collapse)AuthorFiles
2018-08-15Major cleanupSergey Poznyakoff17
* lib/graypam.h (gray_pam_init) (gray_raise,gray_malloc,gray_zalloc,gray_calloc) (gray_realloc,gray_strdup): Remove. (gray_slist_err,gray_slist_clrerr): New functions. (gray_slist_append,gray_slist_append_char): Return ssize_t. (gray_slist_coalesce): Likewise. (gray_slist_grow_backslash_num) (gray_slist_grow_backslash): Return int. (errno_to_pam): New function. (gray_set_transform_expr): Return int. * lib/mem.c (gray_raise,gray_malloc,gray_zalloc,gray_calloc) (gray_realloc,gray_strdup): Remove. (gray_2nrealloc): Rewrite. * lib/base64.c: Check return from gray_slist_append_char * lib/env.c: Check return values from gray_slist functions * lib/ldappass.c: Likewise. * lib/slist.c (gray_slist_bucket) <ec>: New member. (gray_slist_err,gray_slist_clrerr): New functions. (gray_slist_append,gray_slist_append_char): Return ssize_t. (gray_slist_coalesce): Likewise. (gray_slist_grow_backslash_num) (gray_slist_grow_backslash): Return int. * lib/transform.c: Use standard memory allocation functions. * pam_ldaphome/pam_ldaphome.c: Likewise. * pam_innetgr/pam_innetgr.c: Likewise. * pam_log/pam_log.c: Likewise. * pam_regex/pam_regex.c: Likewise. * pam_sql/pam_mysql.c: Likewise. * pam_sql/pam_pgsql.c: Likewise.
2018-08-15BugfixSergey Poznyakoff1
* pam_groupmember/pam_groupmember.c (split): Use standard memory allocation functions. Correctly handle empty strings (demimiter immediately followed by another delimiter.
2018-08-14Minor fixesSergey Poznyakoff5
* configure.ac: Don't build static libraries. * examples/ldappubkey: Optionally authenticate via PAM`
2018-08-13Version 2.3.1: add missing pam_sm_setcred symbolrelease-2.3.1Sergey Poznyakoff3
2018-08-12Version 2.3release-2.3Sergey Poznyakoff2
2018-08-12New module pam_innetgr.Sergey Poznyakoff11
* Makefile.am: Add new module. * NEWS: Upgrade * configure.ac: Add configuration for pam_innetgr * pam_innetgr/Makefile.am: New file. * pam_innetgr/pam_innetgr.c: New file. * doc/Makefile.am: Add pam_innetgr.8 * doc/pam-modules.texi: Document pam_innetgr. * doc/pam_innetgr.8: New file. * examples/ldappubkey: Bugfixes (publickeyattribute setting): Accept a list of attributes (publickeyfilter): New setting.
2018-01-01Version 2.2release-2.2Sergey Poznyakoff2
2018-01-01Happy GNU YearSergey Poznyakoff55
2017-12-22pam_fshadow: allow the user to use arbitrary group numbers for username and ↵Sergey Poznyakoff2
domain parts. New options username-index and domain-index are used to indicate indices of the parenthesized groups used to extract the user and the domain name. The default corresponds to 'user-index=1 domain-index=1'. Additionally, change the behavior in case if the user name doesn't match the regexp. Previous versions would fall back to plain authentication in this case. New behavior is to reject access. * pam_fshadow/pam_fshadow.c (pam_opt): New options username-index and domain-index. (pam_sm_authenticate): Move username splitting into a separate function. * doc/pam_fshadow.8in: Document the new options.
2015-08-04Version 2.1release-2.1Sergey Poznyakoff2
2015-04-23minor changeSergey Poznyakoff2
2015-04-23Fix doc generation.Sergey Poznyakoff2
Default Config file applied to all output formats, which is wrong. Use a dedicated configuration file for html output formats, and defaults for the rest. * doc/Makefile.am (GENDOCS): Add html-specific configuration file. * doc/Config: Rename to doc/html.init (with changes).
2015-03-01Switch to Texinfo 5.0Sergey Poznyakoff5
* doc/Config: Rewrite. * doc/Makefile.am: Use Makeinfo 5 instead of texi2htm * doc/gendocs_template: Ps is not built * imprimatur: Upgrade.
2015-02-26Version 2.0release-2.0Sergey Poznyakoff10
* NEWS: Update version number * configure.ac: Likewise. * doc/pam-modules.texi: Fix a typo. * doc/pam_ldaphome.8in: Likewise. * pamck/pamck.c: Update copyright years. * pam_fshadow/pam_fshadow.c: Suppress cc warnings. * pam_groupmember/pam_groupmember.c: Likewise. * pam_ldaphome/pam_ldaphome.c: Likewise. * pam_log/pam_log.c: Likewise. * pam_regex/pam_regex.c: Likewise.
2015-01-30Document user-keys-boundarySergey Poznyakoff3
2015-01-28Update copyright dates.Sergey Poznyakoff55
2015-01-28pam_ldaphome: run initrc command as user.Sergey Poznyakoff8
* examples/usergitconfig: Documentation formatting change. * lib/graypam.h (gray_2nrealloc): New function. * lib/mem.c (gray_2nrealloc): New function. * pam_fshadow/pam_fshadow.c (fgetpwent): Skip malformed entries. * pam_ldaphome/pam_ldaphome.c (runas): New finction. (run_prog): Switch to user privileges unless initrc-root is true. * NEWS: Update. * doc/pam-modules.texi: Update. * doc/pam_ldaphome.8in: Update.
2014-12-05Build pam_fshadow even if fgetpwent is not defined.Sergey Poznyakoff2
* configure.ac: Only check if fgetpwent is defined, don't disable the module if it is not. * pam_fshadow/pam_fshadow.c [!HAVE_FGETPWENT] (fgetpwent): Provide a replacement.
2014-12-04Implement audit optionSergey Poznyakoff17
Audit is equivalent to debug=100, i.e. it enables logging maximum debugging output.
2014-09-16pam_ldaphome: Make user-specific key boundary configurable.Sergey Poznyakoff1
* pam_ldaphome/pam_ldaphome.c (store_pubkeys): Use the value of the user-keys-boundary option as the boundary of user-specific key section.
2014-09-12Provide a way to keep user-defined pubkeys in file.Sergey Poznyakoff1
A user can add his public keys to the authorized_keys file without disturbing the key synchronization from the LDAP database. The #:end comment in the file marks the end of area synchronized with LDAP. Everything below this comment is preserved intact. * pam_ldaphome/pam_ldaphome.c (pubkeyfile): New struct. (pubkeyfile_open,pubkeyfile_read,pubkeyfile_init) (pubkeyfile_write,pubkeyfile_remove_lines) (pubkeyfile_alloc_lines,pubkeyfile_insert_lines) (pubkeyfile_close): New functions. (store_pubkeys): Use pubkeyfile functions to operate on the authorized_keys file.
2014-09-11BugfixesSergey Poznyakoff2
* pam_ldaphome/pam_ldaphome.c (check_groups): Take into account primary group. * doc/pam_regex.8: Fix escaping.
2014-07-26Improve docstrings in examples.Sergey Poznyakoff2
2014-07-25Implement TLS in perl utilities.Sergey Poznyakoff2
2014-07-25Raise version number to 1.9.90Sergey Poznyakoff2
2014-07-25pam_ldaphome: read /etc/ldap.conf file.Sergey Poznyakoff6
* lib/env.c (gray_env_read_tr): New function. (gray_env_read): Rewrite using gray_env_read_tr. (gray_env_merge): New function. * lib/escape.c (gray_escape_string): Remove useless typecasts. * lib/graypam.h (gray_env_read_tr) (gray_env_merge): New protos. * pam_ldaphome/pam_ldaphome.c (ldap_config_name): New variable. (ldap_connect): Use 'ssl' keyword, if 'tls' is not defined. (ldaphome_main): New keyword ldap-config * doc/pam-modules.texi: Document reading system-wide ldap.conf * doc/pam_ldaphome.8in: Likewise.
2014-07-24pam_ldaphome: provide an option to specify CA certificate file for TLSSergey Poznyakoff3
* pam_ldaphome/pam_ldaphome.c (ldap_connect): New option tls-cacert * doc/pam-modules.texi: Document tls-cacert * doc/pam_ldaphome.8in: Likewise.
2014-05-21Version 1.9release_1_9Sergey Poznyakoff4
* NEWS: Update version number. * configure.ac: Likewise. * doc/pam_ldaphome.8in: Reorder configuration statements. * pamck/pamck.c: Update copyright years.
2014-05-21Fix docs.Sergey Poznyakoff3
* doc/Makefile.am (check-ldaphome-config): Take into account gray_env_get_bool (see 7636fa3e). * doc/pam-modules.texi: Update; final check. * NEWS: Update.
2014-05-21Remove deprecated use of INCLUDES from Makefiles.Sergey Poznyakoff11
* Make.rules: Use AM_CPPFLAGS instead of INCLUDES. * Makefile.am (SUBDIRS): Add examples. (dist-hook): Remove. * configure.ac: Build examples/Makefile. * examples/Makefile.am: New file. * pam_fshadow/Makefile.am: Include Make.rules on top. Use += to set AM_CPPFLAGS * pam_groupmember/Makefile.am: Likewise. * pam_ldaphome/Makefile.am: Likewise. * pam_log/Makefile.am: Likewise. * pam_regex/Makefile.am: Likewise. * pam_sql/Makefile.am: Likewise. * pam_umotd/Makefile.am: Likewise.
2014-05-21Document the use of ldappubkeySergey Poznyakoff2
2014-05-20pam_ldaphome: don't run initrc program if the home dir already exists.Sergey Poznyakoff1
* pam_ldaphome/pam_ldaphome.c (create_exists): New return code. (create_home_dir): Return create_exists if the directory already exists. (ldaphome_main): Run initrc only after creating the home dir.
2014-05-20Version 1.8.93Sergey Poznyakoff2
2014-05-19New utility "ldappubkey".Sergey Poznyakoff8
* NEWS: Document new features. * doc/pam-modules.texi: Document usergitconfig. * doc/pam_ldaphome.8in: Update. * examples/ldappubkey: New file. * examples/usergitconfig: Refer to perldoc on error. * lib/env.c (gray_env_get_bool): New function. * lib/graypam.h (gray_env_get_bool): New proto. * pam_ldaphome/pam_ldaphome.c (import_public_key): Do nothing if "import-public-keys" is set to "no". (pam_sm_authenticate): New function.
2014-05-11Allow to modify environment of initrc-commandSergey Poznyakoff3
* pam_ldaphome/pam_ldaphome.c (find_env,locate_unset) (env_concat,parsenv,env_setup): New statics. (run_prog): Use execve and env_setup to set up the environment. * doc/pam-modules.texi: Document new statements. * doc/pam_ldaphome.8in: Likewise.
2014-05-11Minor fixSergey Poznyakoff1
* examples/usergitconfig: Use bindpw attribute.
2014-05-10pam_ldaphome: optionally run external program after populating home directory.Sergey Poznyakoff3
This allows for dynamic modifications of the initial directory contents, depending on the login name of the user. The name of the external program is given with the initrc-command configuration statement. It is invoked with the single argument, specifying the login name. The standard input is closed, standard output is diverted to standard error. Standard error can be diverted to a file using the initrc-log statement. * Makefile.am (EXTRA_DIST): Add examples. * examples/usergitconfig: New file. * pam_ldaphome/pam_ldaphome.c (run_prog, run_initrc): New statics. (pam_sm_authenticate): Call run_initrc prior to calling import_public_key.
2014-05-06New module: pam_groupmemberSergey Poznyakoff10
* Makefile.am: Add pam_groupmember. * configure.ac: Likewise. * NEWS: Update. * pam_groupmember/Makefile.am: New file. * pam_groupmember/pam_groupmember.c: New file, * doc/Makefile.am: Add pam_groupmember.8 * doc/pam-modules.texi: Document pam_groupmember * doc/pam_groupmember.8: New file. * lib/graypam.h (gray_calloc, gray_strdup): New protos. * lib/mem.c (gray_calloc, gray_strdup): New functions.
2014-04-04Escape dashes in pam_ldaphome.8inSergey Poznyakoff1
2014-04-04Add pam_ldaphome(8) manpage.Sergey Poznyakoff3
2014-04-02Fix pam-modules.texiSergey Poznyakoff1
2014-04-02Add manpages; remove invariant sections from pam-modules.texiSergey Poznyakoff10
2014-03-27Fix docs, raise version number to get in synch with the ftp.Sergey Poznyakoff3
2014-03-27Bugfix.Sergey Poznyakoff1
* lib/transform.c (gray_free_transform_expr): Fix the loop.
2014-02-11Update copyright years, set version 1.7.92Sergey Poznyakoff42
2014-02-11pam_ldaphome: control where home directories can be createdSergey Poznyakoff2
* pam_ldaphome/pam_ldaphome.c (create_interdir): Fail if unable to chown, (store_pubkeys): Log error if fchown or ftruncate fails. (dir_in_path): New static function. (create_home_dir): Return enum create_status. If allow-home-dir statement is present, create directory only if it is located in one of the directories listed in it, otherwise return create_skip. (pam_sm_authenticate): Import keys only if home dir exists. * doc/pam-modules.texi: Document allow-home-dir.
2013-04-16Bugfixes.Sergey Poznyakoff2
* configure.ac: Do not call PM_ENABLE within a conditional. * pam_ldaphome/pam_ldaphome.c (import_public_key): Exit gracefully if keys == NULL.
2012-12-08Make pam_fshadow reentrant.Sergey Poznyakoff1
* pam_fshadow/pam_fshadow.c (_pam_parse): Initialize global variables, in case pam_fshadow is called twice in the same stack. Do not register rexp in pam data, this hurts reentrability. (pam_sm_authenticate): Free rexp.
2012-08-01Improve pam_ldaphomeSergey Poznyakoff3
New keywords: bindpwfile and keyfile-mode. * doc/pam-modules.texi: Document bindpwfile and keyfile-mode. * pam_ldaphome/pam_ldaphome.c (ldap_bind): Read password from file, if bindpwfile is given. (store_pubkeys): Optionally enforce file mode, given by the keyfile-mode configuration statement. * pamck/pamck.c (main): Fix a typo.
2012-07-30Merge branch 'master' of ssh://git.gnu.org.ua/gitroot/pam-modulesSergey Poznyakoff1

Return to:

Send suggestions and report system problems to the System administrator.