2009-06-09
* src/initopts.c,src/v5.c: compile fixes for krb5 1.7
2009-06-04
* src/prompter.c(_pam_krb5_generic_prompter): if the prompt looks
like a password prompt, use "Password: " instead
2009-05-27
* src/auth.c(pam_sm_authenticate): if we need to be the module that
asks for a password, do so before sanity checking things like whether
or not the user name is valid (#502602)
* src/auth.c(pam_sm_authenticate),
src/prompter.c(_pam_krb5_generic_prompter): only allow libkrb5 to
ask for a password if we weren't supplied with one and didn't ask for
one ourselves
2009-03-04
* src/initopts.c(_pam_krb5_set_init_opts_for_pwchange): add, for
setting options which are appropriate for obtaining password-changing
credentials
* src/v5.c: use temporary-for-pwchange opts when we try to get
password-changing creds as a way to check that an expired password
is correct.
* src/password.c: use temporary-for-pwchange opts when we try to get
password-changing creds as a way to check that an expired password
is correct.
2009-02-11
* src/options.c(_pam_krb5_options_init): don't log ticket and
renew lifetimes of 0, which we interpret as "let the library use
its settings" anyway
2009-02-06
* src/kuserok.c(_pam_krb5_kuserok): close the read end of the
pipe that's used to gather the child's result (Dan Walsh)
* src/storetmp.c(_pam_krb5_storetmp_data): close the write end
of the pipe to the child if we encounter an error writing to it
(Dan Walsh)
2009-02-05
* src/minikafs.c: remove minikafs_realm_of_cell(), which is not
used anywhere
* src/minikafs.c(minikafs_4log): pass the locally-initialized
context to minikafs_realm_of_cell_with_context() rather than the
passed-in value, so that minikafs_realm_of_cell_with_context()
can skip the init call if we're passed NULL
2008-10-29
* src/password.c (pam_sm_chauthtok): if the "use_shmem" option is
set, stash the credentials which we obtain after a password change
in shared memory as well. Based on patch from and initial report
by Michael Calmer.
2008-10-16
* src/acct.c,src/auth.c,src/password.c,src/session.c,src/sly.c: be
resistant to libpam returning NULL from pam_get_user() even though it
results a successful result code (#467208).
2008-10-01
* src/perms.c,src/perms.h: add functions for swapping real and
effective UID and GID, if they're different
* src/v5.c: swap the real and effective UID and GID when reading
credentials from an "existing_ticket" ccache
2008-09-03
* configure.ac,src/Makefile.am: link pam_krb5.so with libpam unless
explicitly disabled at compile-time (#227097,#460998)
2008-09-03
* src/options.c (option_b): if the realm name given to us is NULL,
don't bother consulting the appdefaults
* src/options.c (_pam_krb5_options_init): check for the "debug" flag
earlier (Simo Sorce)
2008-08-08
* src/Makefile.am: reverse the order of libpam_krb5.la and PAM_LIBS
so that people adding things like -Wl,--as-needed -Wl,--no-undefined
will be able to (patch from Guillaume Rousse)
2008-04-10
* po/Makevars: extract text strings correctly (#441858).
* po/POTFILES.in: note that input strings are planned to be UTF-8
(#441858).
2008-04-09
* src/session.c(pam_sm_open_session): when setting up creds to use
for obtaining tokens, don't bother trying to save v4 creds if we
don't have any.
2008-03-26
* src/auth.c(pam_sm_authenticate): unconditionally set PAM_AUTHTOK
when we prompt the user for a password (#437179)
2008-03-20
* configure.ac,src/auth.c,src/password.c: use Y_ as a macro
for dgettext rather than _, because <openssl/des_old.h> will
undefine _, and we end up including it indirectly when building with
Heimdal with v4 compatibility enabled.
2008-03-18
* src/afs5log.c(main): actually hook up the '-n' flag to the
null_afs_first option, so that it does something useful.
2008-03-17
* src/auth.c,src/password.c: mark user-visible strings for
translation (Michael Calmer).
* configure.ac: call macros to set up for gettext (Michael Calmer)
* po/POTFILES.in: add (Michael Calmer)
* po/Makevars: add
2008-03-10:
* NEWS, pam_krb5.spec: update version, note last changes
* README: note the new SCM location
* src/minikafs.c: remove workaround for NI_MAXHOST not being defined,
because it's noise until we need it somewhere.
2008-03-07:
* src/password.c: force at least one attempt to authenticate using
the KDC, even in the pathological case where there's no previously-
entered password and we were told not to ask for one (#400611)
* src/options.c,src/minikafs.c,src/afs5log.c: merge Jan Iven's changes
to add a "nullafs" option, so that when we're guessing the principal
name for an AFS service we'll try the no-instance version first
(#249558)
* src/minikafs.c: if we're going to guess the realm name because
the whereis pioctl failed, guess the far-more-likely-to-be-correct
upper cased version of the cell's name than the cell's name.
2008-03-03:
* src/options.c: update copyright date for token_strategy stuff.
2008-03-03:
* src/noafs.c: fix signature of stub version of minikafs_log().
2008-02-18:
* src/minikafs.c: flesh out some getprop bits, but don't use them
because the number of KDC round trips would go _way_ up
2008-02-18:
* src/minikafs.c: stub out the routines to use the cache manager's
rxk5.enctypes property, if it reports one
2008-02-14:
* src/password.c,src/prompter.c: suppress compiler warnings about how
we use prompter callback data.
2008-02-14:
* src/sly.c: suppress a compiler warning calling tf_init().
2008-02-14:
* src/minikafs.c: rework formatting of tokens to use indirections
provided by v5.c instead of poking at creds structures directly
2008-02-14:
* src/v5.c,src/v5.h(v5_creds_get_etype): remove the need for the
context pointer.
* src/v5.c,src/v5.h(v5_creds_key_contents): return const data.
* src/v5.c,src/v5.h: add functions for picking out principal name
components and addresses and authdata from creds structures.
* src/v5.c(v5_principal_compare): rewrite to use these new functions.
* src/v5.c(v5_get_creds): correctly log the pkinit identity template.
2008-02-14:
* src/tokens.c,src/afs5log.c: only recognize "v4" and "524" strategies
if we're building with krb4 support.
2008-02-14:
* src/options.c: when we're debug-logging lifetimes, also log a
days/hours/minutes/seconds breakdown.
2008-02-07:
* README,configure.ac,src/options.c,src/tokens.c,src/afs5log.c,
src/afs5log.1.in,src/pam_krb5.5.in: add a "token_strategy" option
to pam_krb5, and a matching "-s" option to afs5log. That, in
combination being able to specify the best guess at the principal name
for a cell, should really let people cut down on what's getting to be
a large set of round trips to the KDC.
2008-02-07:
* configure.ac: get the sense of --enable-keyutils right, so that we
warn when it's not requested, and error when it's requested, instead
of the other way around.
* src/afs5log.c: reorder the default list of methods, close the ccache
properly, and free the temporary homedir string for debugging use.
* src/minikafs.c(minikafs_5settoken2): add, to set a v5 cred.
* src/minikafs.c(minikafs_5log,minikafs_5log_with_principal): take a
flag to signal that we should try rxk5, and use it and the 2b flag to
designate which method we want to use (no longer trying more than one
during a single invocation).
* src/minikafs.c(encode_bytes,encode_ubytes): take const input.
* src/minikafs.c(encode_string): add.
* src/tokens.c: add rxk5 to the default method lists.
2008-02-07:
* src/kuserok.c(_pam_krb5_kuserok): add a function which wraps
krb5_kuserok() in a subprocess which can create a new PAG, get tokens,
and drop privileges to the user's account, all so that we can attempt
to read the user's .k5login if we need to, and without disturbing any
AFS creds the calling process might have.
* src/auth.c(pam_sm_authenticate),src/acct.c(pam_sm_acct_mgmt): use
_pam_krb5_kuserok() instead of trying to get tokens, call
krb5_kuserok(), and clear tokens
2008-02-07:
* src/minikafs.c: don't barf on compile if NI_MAXHOST isn't defined.
2008-01-29:
* src/options.c: log a debug message when we disable prompting
on behalf of libkrb5
2007-12-11:
* src/auth.c: don't ask for another password when we've already
gotten an unknown-user error, since there's no point then (Paul
Batkowski, #400611)
2007-12-05:
* src/pam_krb5.5.in,src/pam_krb5.8.in: give an example ("no_debug")
to make it more clear that you can add exceptions to "true" settings
that way. Stress that no_subsequent_prompt may be needed for apps
which do the "PAM_PROMPT_ECHO_OFF" means "what's the current
password?" dance, which can really screw us up when we can't disable
the change-password-during-get_init_creds behavoir.
* src/v5.c(v5_alloc_get_init_creds_opt): call the library's struct
init function for the we-malloc-it case.
* src/initopts.c(_pam_krb5_set_init_opts): disable the library's own
change-password-during-get_init_creds behavior, if we're building with
one which lets us disable it, so that we can handle it ourselves.
2007-12-04:
* src/options.c(option_b): take a service name, and a default enable
and disable list. If we have no command-line argument, check for the
service's name in the list of values given in the config file, then
check for a regular boolean setting in the configuration file, and
lastly check our default configuration using the default enable and
disable lists.
* src/pam_krb5.5.in,src/pam_krb5.8.in: note that boolean options take
lists of service names now.
2007-11-09:
* src/auth.c: fetch tokens when "tokens" is enabled and we're not
configured to use krb4, instead of not doing anything like that
* src/auth.c(pam_sm_authenticate): fetch tokens (if we haven't
already) before checking the user's .k5login with krb5_kuserok()
* src/acct.c(pam_sm_acct_mgmt): fetch tokens before checking the
user's .k5login with krb5_kuserok()
2007-11-08:
* src/stash.c: if we're about to create a ccache with a name identical
to one which we've already created (and haven't since destroyed), try
to make the name unique by appending a "_" to it (mainly for keyrings).
When creating a temporary FILE: ccache, use mkstemp() to generate the
file so that mkstemp patterns don't get used literally. When removing
a ccache, treat EKEYREVOKED when resolving the ccache as a successful
result.
* src/*.c: when printing UIDs and GIDs, case to "unsigned long long"
if available.
* src/auth.c,src/acct.c,src/session.c: skip "minimum_uid" checks when
"no_user_check" was given, in which case we can't know the user's UID.
* configure.ac: fix some of the help text. make use of keyutils
something we can issue an error for if the library isn't detected,
if the user explicitly requests it.
* src/stash.c(_pam_krb5_read_keyring): add a level of indirection to
avoid a type-safety warning.
2007-11-05:
* src/stash.c(_pam_krb5_stash_chown_keyring): add, to make sure that
keyrings we create for the user can actually be modified by the user
after the session is opened (spotted by Michael Calmer)
2007-10-31:
* src/sly.c(_pam_krb5_sly_maybe_refresh): note that we stored creds
when we do so for non-FILE ccaches, so that we don't forget to fetch
new tokens if we need to do so.
2007-10-26:
* src/sly.c(sly_v5): only free the ccache principal name if the call
to retrieve it succeeded.
* src/sly.c(_pam_krb5_sly_maybe_refresh): debug log when we decide
to do things. Don't bother trying to refresh an unset KRB5CCNAME.
* src/shmem.c: correctly check the value returned of shmat() in
the place where it was being done wrong.
* src/v5.c: change internally-used ccaches from FILE: to MEMORY:
2007-10-26:
* src/stash.c(_pam_krb5_stash_cc_copy): don't nuke the new ccache
on failure iterating it, the parent will for any error.
* src/stash.c: obey the ccname_template when we clone for the user,
which is the only time it matters anyway.
2007-10-25:
* src/harness.c: use the PAM environment when running commands
2007-10-23:
* src/log.c: use the AUTHPRIV facility, when defined, else AUTH,
else the default.
2007-09-05:
* src/v5.c(v5_passwd_error_message): tweak some error text to
hopefully make more sense to people (#230438)
2007-08-15:
* src/v4.c: if we fail to open the ticket file with TKT_FIL_ACC,
debug log the file's permissions and our process's identity
2007-08-02:
* src/v4.c: warn when an fchown() fails, and don't try to give away
our file; that's for later
* src/pam_krb5.5.in,src/pam_krb5.8.in: note that "tokens" is
unnecessary if the calling application was written correctly.
* src/pam_krb5.8.in: reintroduce a missing line.
* COPYING: be more explicit about which BSD license we mean
2007-07-27:
* src/v5.c: fix v5_check_initialized_pwc() with Heimdal
* src/v4.c: fix compilation for no-krb4-support cases, avoid cloning
the tktfile if we were asked not to do that
* src/stash.c: don't leak the v4 tktfile name when cleaning up, and
fix the check for whether or not we have a saved file
2007-07-25:
* src/v4.c: try to clean up the debug message for v5->v4 principal
name conversion
2007-07-24:
* configure.ac: check for krb5_get_prompt_types, though we don't do
anything with it yet.
* src/minikafs.c: factor the v5- and v4-specific bits of settoken()
out into a single function, and allocate the buffer from the heap
rather than dynamically-sizing it based on the function's arguments.
2007-07-20:
* src/v5.c: get v5_check_initialized_pwc() working on Heimdal.
* src/pam_krb5_storetmp.c: silence a compiler warning comparing the
return code from write() with strlen().
* src/password.c: tweak the error message which is logged when
password changing fails to avoid "()". Check for the presence of
password-changing creds in the update phase, and error out if they
aren't found.
* src/v5.c: add v5_check_initialized_pwc() to check specifically
for password-changing credentials.
* src/v4.c,src/v5.c,src/auth.c,src/session.c: distinguish between
ccache and ticket files which we create for users and those which
we create for our own use (which needn't involve the helper).
* src/options.c: let options_l() take a default value.
* configure.ac,src/options.c: let the user specify a default
"use_shmem" and "external" value at build-time.
2007-07-19:
* src/acct.c: return ignore instead of user-unknown for client-revoked
errors when ignore_unknown_users has been specified, for consistency
2007-07-19:
* src/password.c: report the synthetic PAM result from attempting to
get password-changing creds (part of #230439)
2007-07-13:
* src/v5.c: treat a "client revoked" error (which is generated by
disabling the account, at least on a Windows KDC) as an "unknown
principal" error (#230442).
2007-07-13:
* src/v5.c: initialize the entire prompter_data structure.
* src/v4.c,src/v5.c,src/minikafs.c,src/tokens.c,src/init.c: use the
error_message wrapper.
* src/auth.c: check for NULL or empty passwords.
2007-07-12:
* src/stash.c: switch from saving a path and removing the file to a
push/pop interface, allowing multiple ccaches and ticket files to
exist at the same time
* src/v4.c,src/v5.c: use push/pop to create/remove files
* src/tokens.c: use the topmost ccache name
* src/session.c: don't skip creating ccache/ticket files when we've
already done so
2007-07-10:
* src/options.c: be more careful about freeing a couple of list
parameters.
2007-07-10:
* src/harness.c: add a --run option, so that I can run a command
when the session's set up and the credentials are initialized.
2007-06-24:
* src/password.c: display the right string.
* tests/run-tests: start to adjust for getting-prompts-changes-passwords
behavior.
* tests/config/kdc.conf.in: place the location of files in the right
part of the file
2007-06-24:
* src/password.c(pam_sm_chauthtok): always display result_text for
the user's sake. Actually check that we opened the pwhelp file,
like Luke's original patch did.
2007-06-24:
* tests/pwhelp.txt,tests/run-tests: add a test for the pwhelp option.
2007-06-24:
* Makefile.am: don't use the gmake $(shell) option; use backticks.
2007-06-24:
* src/options.c: add a "pwhelp" option.
* src/password.c(pam_sm_chauthtok): display the contents of the
pwhelp file before doing anything else when in the preliminary check
phase (#230465, Luke Howard).
2007-06-24:
* src/prompter.c(_pam_krb5_always_fail_prompter,
_pam_krb5_previous_prompter): output the banner and name information
if it was given (#230450).
2007-06-24:
* src/password.c(pam_sm_chauthtok): when returning, note whether
we are here for the preliminary check or the actual update in the
debug message (#230444, Luke Howard).
2007-06-24:
* src/password.c(pam_sm_chauthtok): set v5_attempted to 1 for
correctness (#230446, Luke Howard, Pieter Krul).
2007-06-24:
* src/options.c: don't pass in PAM handles when we don't actually use
them.
2007-06-24:
* src/acct.c(pam_sm_acct_mgmt): return PAM_USER_UNKNOWN in event of
a client-revoked error (#230442, Luke Howard, Christian Bolz, Pieter
Krul)
2007-06-24:
* src/stash.c(_pam_krb5_stash_shm_read_v5): correct an argument size
mismatch calling the logging function.
2006-09-21:
* src/auth.c(pam_sm_authenticate): try again to clean up the three
possible setups (pre-entered password, one for which we prompt directly,
libkrb5 asking questions) to minimize the number of calls we make to
krb5_get_init_creds_password().
* src/prompter.c(_pam_krb5_prompt_is_password): take the prompter
callback data instead of the string.
* src/prompter.c(_pam_krb5_*prompter): if we're debugging sensitive
data, log both the answer we give and the default provided by libkrb5
* src/v5.c(v5_get_creds): guard against potential problems logging a
NULL password.
* src/acct.c(pam_sm_acct_mgmt): if the previous attempt to authenticate
gave us decrypt-integrity-check-failed or preauthentication-failed,
assume that there's no pam_acct_mgmt error to report (#207410)
2006-09-20:
* src/password.c(pam_sm_chauthtok): set the AUTHTOK and OLDAUTHTOK
items properly (report and patch from Michael Calmer).
* tests/run-tests: clear any policy we've applied to the user when we
delete the user's entry (report and patch from Michael Calmer).
2006-09-13:
* src/harness.c: add the ability to preset the AUTHTOK and OLDAUTHTOK
items.
2006-09-12:
* src/harness.c: add the ability to preset the AUTHTOK and OLDAUTHTOK
items.
* src/prompter.c(_pam_krb5_always_fail_prompter): add a prompter which
always fails and one which always return a previously-input password.
* src/options.c,options.h: rework the processing of initial_prompt,
add subsequent_prompt
2006-09-08:
* src/options.c,options.h: track whether or not we want to let libkrb5
ask for information via the callbacks.
* src/v5.c(v5_get_creds): give the caller a way to specify which
prompter callback we should use.
* src/auth.c(pam_sm_authenticate): rework the prompting bits so that
it makes more correct use of the initial_prompt/use_first_pass flags
and correctly disables use of the callback for arbitrary prompts
* configure.ac: provide a --with-os-distribution flag for people who
want to replace the "Red Hat Linux" bit in the man pages with the
name of a product or OS which still exists
* src/pam_krb5.5.in: mention pam_passwdqc.so along with pam_cracklib.so
2006-08-28:
* configure.ac: change the preference from <krb5/krb5.h> to <krb5.h>,
so that we don't pick up the system <krb5/krb5.h> when we need the
<krb5.h> which lives in the directory pointed out by krb5-config
2006-08-28:
* src/v5.c(v5_passwd_error_message): add a function to interpret the
error codes returned for password-change requests.
* src/password.c(pam_sm_chauthtok): log text for server-supplied error
code along with the failure information.
2006-07-27:
* src/auth.c: include unistd.h to get the declaration of getuid().
2006-07-26:
* src/options.c(option_i): check for strtoll()/long long.
* configure.ac: check for strtoll().
* src/v4.c(v4_save): actually set the permissions on the new file to
the requested values. Note in the warning why we fail to open a
file, which is returned as the result and not in errno.
* src/storetmp.c(_pam_krb5_storetmp_data): try to setreu/gid if either
the real or effective values don't match the desired value.
* src/pam_krb5_storetmp.c(main): only use strtoll() if it's
available, otherwise just use strtol().
* src/stash.c(_pam_krb5_stash_clone): go back to overwriting the
template, to avoid uncontrolled growth in the filename.
* src/session.c(pam_sm_open_session): specify the current real
UID and GID when creating temporary v4 credential files. Note the
guessed UID and GID of the user in the debug message.
* src/auth.c(pam_sm_authenticate): always specify the current real
UID and GID when creating temporary v4 credential files.
* src/stash.c(_pam_krb5_stash_clone): build the new ccache name by
appending the mkstemp template instead of assuming the previous file
ended with one
* configure.ac: check for "long long" explicitly
* src/storetmp.c(_pam_krb5_storetmp_data): use a long long print
specifier only if we actually have a "long long" type. Fix incorrect
usage of sigaction.
2006-07-25:
* src/stash.c(_pam_krb5_stash_external_read): note when we try to
pick up external creds, and when we fail to do so.
* src/storetmp.c(_pam_krb5_storetmp_data): save and set signal handlers
before we fork(). Go back to allowing setuid/setgid to fail, but only
after we attempt to drop setuid/setgid status (which gets to fail, too,
but renders the helper unuseful).
* src/sly.c,src/sly.h(_pam_krb5_sly_looks_unsafe,
_pam_krb5_sly_maybe_refresh): move detection of whether or not it
looks safe into another function.
* src/auth.c(pam_sm_setcred): if it doesn't look safe to refresh
credentials, just return PAM_IGNORE (#197428).
* src/storetmp.c(_pam_krb5_storetmp_data): save and restore the SIGPIPE
handler in case our child exits, drop any setuid/setgid pretense
when we're called from a setuid application (#190159, patch by Jon
Fautley), bail early if calls to setuid/setgid fail.
* configure.ac: look for krb5/krb5.h in preference to krb5.h (new in
MIT Kerberos 1.5)
* src/stash.c(_pam_krb5_stash_external_read): if the default principal
in the ccache doesn't match the userinfo structure, update the
userinfo structure, based on patch from Jan Iven (#182239,#197660).
* src/v4.c(v4save): always use the name of the v5 principal when saving
credentials, especially for the "external" case where it may not be the
value we originally guessed (#197660).
* src/pam_krb5.5.in: note that the krb4_convert_524 and krb4_use_as_req
options don't affect each other.
* src/prompter.c(_pam_krb5_prompter): be more careful about other
ways which our prompting callback can try to break us (noted by Michael
Calmer).
2006-04-21:
* src/prompter.c(_pam_krb5_prompter): check for dumb converation
functions which return success but set the response to NULL. From
Michael Calmer.
2006-02-29:
* src/v5.c(v5_get_creds): don't try to validate creds which aren't
TGTs, because the attempt will always fail unless the matching key
is in the keytab, which should never be the case for the
password-changing service (#187303, rbasch)
* src/tokens.c(tokens_obtain): if v4 has been disabled completely,
go ahead and try to set 2b tokens because we're going to end up having
to do that anyway (#182378). If we have a hint principal, note it in
debug output.
* src/minikafs.c(minikafs_5log_with_principal): if we read a client
principal from the ccache, unparse it and include it in debug messages.
If we fail to obtain creds from the KDC, note why we failed.
2006-02-23:
* src/stash.c(_pam_krb5_stash_get): skip v4 creds setup when v4 isn't
enabled.
2006-02-21:
* src/v4.c, src/v4.h (v4_save): make ccname a const char *.
* src/v5.c, src/v5.h (v5_save): make ccname a const char *.
* src/stash.c(_pam_krb5_stash_get): when we pick up v5 creds via either
"external" or "use_shmem", do 524 conversion if we need to do so.
* src/session.c(pam_sm_open_session): also create a v4 tktfile if
KRB5CCNAME was already set.
* src/afs5log.c, src/minikafs.c: use init_secure_context when possible.
* src/Makefile.am: juggle deps so that linking works again.
2006-02-07:
* src/pam_newpag.8.in: edit
2006-02-06:
* src/options.c,src/options.h: break down and add an explicit option
for disabling v4-via-as-req attempts
* src/minikafs.c: don't try to convert creds for use in setting v4
tokens when krb4_convert_524 is disabled.
* src/v4.c: don't try to get initial creds if krb4_use_as_req is off.
* src/pam_krb5.5.in,src/pam_krb5.8.in: document krb4_use_as_req.
* src/pam_krb5.5.in,src/pam_krb5.8.in: point out that we turn on v4
support if AFS is detected at run-time.
* README: document krb4_use_as_req.
* TODO: update because 2.2 was tagged a while ago
2006-01-26:
* src/minikafs.c: wrap a debug message in an if (debugging) clause.
* src/session.c: wrap a pair of debugging messages in an if (debugging)
clause (#179037).
* configure.ac: if $with_gnu_ld is set, set SYMBOLIC_LINKER_FLAG to
the right variation on -Bsymbolic
* src/Makefile.am: use the SYMBOLIC_LINKER_FLAG when linking modules
2006-01-16:
* src/afs5log.1, src/pagsh.1: fix the bug reporting instructions.
2006-01-16:
* src/password.c(pam_sm_chauthtok): fix handling of no-password-given
cases.
* src/harness.c: work around Linux-PAM actively trying to keep us from
doing what we're doing. Adjust command-line parsing to allow both
password-change phases to be called out.
* tests/run-tests.c: add a password-not-good-enough-at-change-time
test case.
* src/password.c(pam_sm_chauthtok): cast away a couple of compiler
warnings.
* src/Makefile.am: tweak dependencies on dummy files for the sake of
distcheck.
2006-01-13:
* src/log.h,src/log.c,src/logstdio.c: add notice_user() to for spewing
an error message at the user.
* src/password.c(pam_sm_chauthtok): if we got a result string back from
the password-changing server, attempt to display it.
2006-01-11:
* src/session.c: no, I did touch that file last year.
* src/pam_krb5.5.in: document the "ignore_afs" option.
* src/pam_newpag.c: add.
* src/pam_newpag.5.in: add.
* src/pam_newpag.8.in: add.
* src/Makefile.am: add rules for building pam_newpag.so.
* configure.ac: generate man pages for pam_newpag.
* src/pam_dummy_acct.c: add.
* src/pam_dummy_chauthtok.c: add.
* src/Makefile.am: add rules for building harness-newpag
* src/pagsh.1: add.
2005-12-19:
* src/items.c: include <stdio.h> to get the definition of NULL (Jesse
Keating).
* src/init.c: same bug, different file.
2005-11-21:
* src/v5.c(v5_validate): don't leak the keytab file descriptor (patch
from Daniel Colascione, #173681).
2005-11-15:
* src/afs5log.c: actually check for AFS support first, so that the
ioctl-only support case will work properly.
2005-11-07:
* src/options.c: allow "validate" to be specified using a list of
service names as well.
2005-11-07:
* src/pam_krb5.5.in,src/pam_krb5.8.in: add proper quoting for arguments
which include whitespace
2005-11-01:
* src/stash.c(_pam_krb5_stash_shm_write_v5/4): initialize the segment
key and owner in the stash when we write to it, in case the application
decides to never call pam_end(), so that we can clean up the segment
during session close.
2005-11-01:
* src/stash.c,src/stash.h,src/shmem.csrc/shmem.h: log debug messages
when we remove segments.
2005-10-31:
* src/stash.c,src/stash.h,src/shmem.csrc/shmem.h: track the PID which
created the shared memory segment, so that we don't try to remove it
twice and accidentally stomp on another process.
2005-10-28:
* src/session.c(pam_sm_open_session): dispose of shared memory segments
once we've read their contents, in case we won't be able to dispose of
them later (patch from Greg Wettstein).
* src/shmem.c,src/shmem.h: add a _pam_krb5_shm_remove() function for
use by the session functions (patch from Greg Wettstein).
* src/stash.c,src/stash.h: add a v5shm/v4shm field to the stash
structure to track the ID of the shared memory segment
* src/session.c: don't leak the values of $KRB5CCNAME and $KRBTKFILE
which we set; libpam makes copies of the values which are passed-in.
* src/session.c: unset PAM environment variables by setting "<VAR>",
not "<VAR>=", in accordance with the Linux-PAM docs.
* src/session.c: unset PAM environment variables which list the shared
memory segment identifiers when we destroy the segments.
2005-10-20:
* src/shmcat.c: add.
* src/Makefile.am: update.
2005-10-19:
* src/options.c: initialize options->debug correctly when it's
neither explicitly enabled nor disabled (patch from Greg Wettstein).
2005-10-19:
* src/acct.c,src/pam_krb5.5.in,src/pam_krb5.8.in: note that the
"existing_ticket" option bypasses account management checks, too.
2005-10-18:
* src/options.c,src/options.h: parse the "existing_ticket" option
(patch from Nathan Huff).
* src/pam_krb5.5.in,src/pam_krb5.8.in: update.
* src/v5.c: if the "existing_ticket" option is used, attempt to read
the TGT cred from the default ccache, and accept that as sufficient
for successful authentication (patch from Nathan Huff).
* src/auth.c: if the "existing_ticket" option is used, call to get
creds before prompting for a password (patch from Nathan Huff).
2005-10-18:
* src/acct.c: remove an unused variable to silence a compile warning.
* src/harness.c: check the result of fgets().
* src/minikafs.c: comment out minikafs_unpag(), which was static and
unused, to silence a compile warning.
* src/tokens.c: check for errors from readlink().
2005-10-13:
* configure.ac: clean up logic for setting pkgsecuritydir correctly if
a libdir isn't passed to configure (Greg Wettstein).
2005-10-06:
* src/afs5log.c: recognize that "--" means "no more options".
2005-10-06:
* autogen: use RPM's optflags for CFLAGS, if available.
* src/afs5log.c: don't autolog to the local cell if the '-p' flag was
given on the command line.
* src/minikafs.c,src/pagsh.c: implement an unpag() call, then check
and find out that it's the same as unlog(), so comment it out.
2005-10-06:
* src/options.c: make "tokens" an option which can also take a list of
service names for which it should be enabled.
* src/pam_krb5.5.in,src/pam_krb5.8.in: update section for "tokens".
* src/pam_krb5.5.in: fix header text for "external" and "use_shmem".
2005-10-05:
* configure.ac: prereq the version of autoconf which my development
box has, to avoid possible AC_CONFIG_HEADER/AM_CONFIG_HEADER wackiness.
* src/pam_krb5_storetmp.8.in: use the actual installation paths.
* src/acct.c: list the actual result code in the debug message.
2005-10-05:
clean up CVS version tags
* README.winbind: clear up a couple of finer points.
* src/Makefile.am,src/pam_krb5_storetmp.8.in: add a man page for the
temp file helper.
* pam_krb5.spec: list bindir and section 1 man page files in the files
manifest.
2005-10-05:
* src/session.c: suppress duplicate success messages.
* src/stash.c: warn on shmem failures.
2005-10-05:
* src/shmem.c: always detach from the segment, even in error cases.
* src/stash.c: note when we manipulate shared memory when debugging.
2005-10-04:
* configure.ac: oh right, enable AFS support on *-sun-* now.
2005-10-04:
* src/options.c,src/pam_krb5.5.in,src/pam_krb5.8.in: add
"ignore_unknown_upn" as an alias for the "ignore_unknown_principals",
to match behavior of patch from Luke Howard. Correct the option
parsing code so that it matches the option named in the man pages.
* src/acct.c,src/auth.c: Merge most of the rest of Luke's patch for
changed behavior when this option is supplied.
* configure.ac: set the default keytab path to "FILE:/etc/krb5.keytab",
not just "/etc/krb5.keytab".
* src/acct.c,src/auth.c,src/conv.c,src/harness.c,src/initopts.c,
src/items.c,src/map.c,src/minikafs.c,src/noafs.c,src/options.c,
src/password.c,src/prompter.c,src/session.c,src/shmem.c,src/sly.c,
src/stash.c,src/tokens.c,src/userinfo.c,src/v4.c,src/v5.c: include
<security/pam_appl.h> before every inclusion of <security/pam_modules.h>
(patch from Luke Howard).
* src/minikafs.c: define __NR_afs_syscall on Solaris, use the standard
names for sized integer types (patch from Luke Howard).
* src/userinfo.c: prefer __posix_getpwnam_r() to getpwnam_r() on
Solaris (patch from Luke Howard).
* configure.ac,src/pam_krb5.8.in: list the configured path for the
module in the example in the man pages.
2005-10-04:
* configure.ac: check for the presence of <sys/ioccom.h> (patch from
Luke Howard).
* src/minikafs.c: include <sys/ioccom.h>, if present (patch from Luke
Howard).
2005-10-04:
* src/password.c: save the result of getting new credentials with the
newly-set password so that we don't forget to store them in the user's
session ccache, and return the more correct PAM_AUTHTOK_RECOVER_ERR
instead of PAM_AUTHTOK_ERR if we were called with "use_authtok" and
there is no PAM_AUTHTOK item set (patches from Michael Calmer).
2005-10-04:
* src/options.c,src/options.h: parse the "krb4_convert_524" option.
Accept "don't" and "dont" as prefixes which indicate that a boolean
option is disabled.
* src/pam_krb5.5.in,src/pam_krb5.8.in: list the "krb4_convert_524"
option. Conditionalize portions of the text which are specific to
Kerberos IV or AFS.
* src/pam_krb5.8.in: fix the synopsis.
* src/v4.c: don't attempt to use the 524 service to obtain a v4 TGT
if the "krb4_convert_524" option is disabled.
2005-10-04:
* configure.ac: only trust 'krb5-config --libs krb4' to provide krb4
if '-lkrb4' is in the output -- krb5 1.2.7's krb5-config doesn't exit
with an error when built without krb4 support
2005-10-04:
* configure.ac: sort out --with-krb4/--without-krb4 logic so that it
defaults to use-krb4-if-available.
* src/session.c, src/stash.c, src/tokens.c, src/userinfo.c: add missing
inclusion of <limits.h>
2005-08-22:
* configure.ac: add maintainer mode. Add definitions so that the
preprocessed man pages will be able to omit portions which pertain to
options not selected at compile-time (i.e., AFS).
* src/afslog.c, src/afslog.h: add (not yet tested) -p flag support.
* noafs.c: update for changed prototype for minikafs_log().
2005-08-15:
* src/password.c(pam_sm_chauthtok): save the old password as the
PAM_OLDAUTHTOK item, not the PAM_AUTHTOK item. Apparently libpam
doesn't do anything with these (patch from Michael Calmer).
* src/password.c(pam_sm_chauthtok): double-check that we don't
get NULL as an old or new password (patch from Michael Calmer).
* src/password.c(pam_sm_chauthtok): better match the behavior of
pam_unix and pam_ldap by treating "use_authtok" as an indication
that PAM_AUTHTOK *has* to have been set already, and otherwise
that it's okay to prompt (patch from Michael Calmer).
2005-07-12:
* src/password.c(pam_sm_chauthtok): check the result_code returned by
krb5_change_password() as well as the return code (patch from Dan Perry)
2005-06-21:
* src/tokens.c(tokens_obtain): don't skip a cell if it's both the
local/home and in the set of explicitly-specified cells (Jack Neely).
2005-06-20:
* configure.ac: fix --disable-Werror, --disable-extra-warnings so that
they actually work as expected.
* src/shmem.c, src/stash.c, src/storetmp.c: fix compile warnings.
2005-06-17:
* src/minikafs.c,src/minikafs.h: add a variant of cell_of_file which
walks up the tree if it fails.
* src/afs5log.c,src/tokens.c: use the new cell_of_file variant instead
of handling the logic locally.
* src/minikafs.c: increase the default size of the address list we
pass to the whereis pioctl, and make its growth exponential instead of
linear if we fail with E2BIG (Jack Neely).
* README: note that we don't re-get tokens if the home directory is in
the local cell
* NEWS: note that SAM support hasn't been tested, and that "external"
isn't limited to use with OpenSSH
2005-05-18:
* src/afs5log.1: add
* src/Makefile.am: install afs5log and afs5log.1
* src/afs5log.c: debug-log when we're obtaining tokens for the local
or the user's home cell
* src/minikafs.c(realm_of_cell): debug-log IP->hostname conversion
* src/minikafs.c(minikafs_5log): rearrange the order of things so that
we don't always try to determine the realm name ourselves, so that if
a principal was supplied, we actually can be faster.
* src/minikafs.c(minikafs_4log): be careful for cases where we may have
been passed a NULL krb5 context.
2005-05-09:
* src/minikafs.c(realm_of_cell): debug-log failures in the whereis
pioctl, stop looking at addresses if we hit 0.0.0.0.
* src/minikafs.c(minikafs_5log): if realm_of_cell succeeds, don't
clear the realm name (duh).
2005-05-09:
* src/minikafs.c: add a wrapper for the ws_cell pioctl.
* src/tokens.c,src/afs5log.c: use ws_cell to find the default cell
instead of guessing by doing a cell_of_file on /afs
2005-04-27:
* src/minikafs.c: also try afs@DEFAULTREALM if the default realm is
not the same as the derived realm (sort of from Christopher Allen Wing).
* src/options.c,src/options.h: track a "ignore_unknown_principals"
boolean flag, with "ignore_unknown_spn" being consulted if it's unset.
Parse cell names which contain a '=' character as if they're of the
form cell_name=principal_name.
* src/minikafs.c,src/minikafs.h: if a principal name was given, try
to get creds for the named service and use them. If that doesn't work,
fall back to previous behavior.
* src/afs5log.c: parse "=" signs in command-line arguments, as options.c
does.
* src/acct.c: return PAM_IGNORE if the error is either
KDC_ERR_C_PRINCIPAL_UNKNOWN or KDC_ERR_NAME_EXP and
ignore_unknown_principals was set, else PAM_USER_UNKNOWN as before.
* src/v5.c: return PAM_IGNORE if the error is either
KDC_ERR_C_PRINCIPAL_UNKNOWN or 5KDC_ERR_NAME_EXP and
ignore_unknown_principals was set, else PAM_USER_UNKNOWN as
before.
* src/minikafs.c: correctly handle E2BIG errors from a WHEREIS pioctl,
bug spotted by Lamont Granquist. Handle multiple IPs coming back,
and try to look up a host name and realm name in turn until we either
succeed or run out of addresses.
* src/minikafs.c: when obtaining tokens, try to get credentials for
afs@defaultrealm if defaultrealm resembles the cell name and doesn't
resemble the derived realm name, which can happen if deriving the
realm name didn't work for whatever reason.
* src/options.c: don't leak the mappings list when freeing options
structures.
* src/pagsh.c: unbreak by not assuming that "-c" as a first option
meant that the user wanted a help message.
* src/pam_krb5.5,src/pam_krb5.8: use \fR instead of \fP for resetting
formatting.
* src/tokens.c: if the default or home cell was explicitly listed in
the configuration, skip initial attempts to get tokens for them, in
case the user specified principal names for the services.
* src/tokens.c: remove tokens_getcells() and tokens_freecells(), which
weren't being used.
2005-03-14:
* src/options.c: accept "," as a separator for list parameters, so that
we can pass parameters with list values in via argv
2005-03-14:
* src/noafs.c: add.
* configure.ac: fix the keytab result message. Add a --without-afs
flag.
2005-03-04:
* configure.ac: bail if security/pam_appl.h or security/pam_modules.h
aren't found.
2005-03-04:
* src/v4.h: restore the prototypes to avoid warnings, typedef the one
krb4 struct we pass around to avoid an error.
2005-03-04:
* configure.ac: remove -Wno-unused-parameters from the set of extra
warning flags. Add a newline after inclusion of <krb5.h> when we're
testing for structures defined in the krb5 API.
* src/sly.c: compile in a dummy sly_v4() if USE_KRB4 isn't defined
* src/v4.h: don't provide prototypes if USE_KRB4 isn't defined.
2005-02-28:
* configure.in: demote -Wextra and friends --enable-extra-warnings
status.
2005-02-28:
* src/minikafs.c: fix compilation against releases which didn't define
KRB_TICKET_GRANTING_TICKET.
* src/pagsh.c: add missing <stdio.h> inclusion.
* src/minikafs.c: handle cases where krb_life_to_time() isn't available.
* src/pagsh.c: add a --help flag, by assuming that the command will
never start with "-".
2005-02-24 nalin
* src/logstdio.c: add a log_progname global to adjust log messages.
* src/afs5log.c,src/harness.c: set log_progname at startup.
* src/prompter.c: suppress prompts for the previously-entered password.
* src/userinfo.c: clean up some valgrind-caught weirdness.
* src/harness.c: use getpass() instead of fgets() for
PAM_PROMPT_ECHO_OFF prompts. Kids, don't try that at home.
* src/sly.c: only refresh the default krb5 ccache if its principal is
the one we've authenticated.
* src/tokens.c: log a debug message if we create a new PAG. When
determining the user's home cell, if the user's home directory is a
symlink, chase it.
2005-02-24 nalin
* configure.ac: add a --enable-default-keytab-location flag.
* src/options.c,src/pam_krb5.5.in,src/pam_krb5.8.in: obey it.
* README: document that it can be overridden. (Don't want to change
this to README.in to actually reflect that override value.)
* src/v4.c(v4_get_creds): error out if password is NULL or zero-length.
* src/v5.c(v5_get_creds): provide the prompter callback to libkrb5.
* src/options.c: add an "initial_prompt"/"no_initial_prompt" option
which suppresses the initial password prompt. It's useless for
providing a PAM_AUTHTOK to subsequent modules, but is useful now that
we're providing a prompter callback to libkrb5.
* src/auth.c: handle no_initial_prompt cases. Get AFS tokens if the
saved password turned out to be correct.
* src/log.c: fix a few memory leaks.
* src/harness.c: add, to make debugging easier.
2005-02-23 nalin
* src/init.c: don't call initialize_krb5_error_table; this currently
leads to a crash due to libkrb5 from MIT's 1.4 release making an
invalid assumption about e2fsprogs 1.36's libcom_err (SF #1150146)
2005-02-14 nalin
* src/stash.c,src/stash.h: add a field to the stash structure for
keeping of whether or not we set the KRB5CCNAME/KRBTKFILE environment
variables
* src/session.c: clear KRB5CCNAME/KRBTKFILE if we're removing the
files *and* we set the variables. Treat zero-length values as we
treate NULL values for those variables.
2005-02-08 nalin
* src/afs5log.c: properly screen out "dynroot" as a cell name, walk up
from the user's home directory if we can't determine in which cell it
is that it resides
2005-02-08 nalin
* src/acct.c: treat a KRB5KDC_ERR_PREAUTH_FAILED error as if it were
a KRB5KRB_AP_ERR_BAD_INTEGRITY error.
* README,src/pam_krb5.5.in,src/pam_krb5.8.in: doc updates.
2005-02-08 nalin
* src/userinfo.c,src/userinfo.h: look up and make note of the user's
home directory.
* src/tokens.c(tokens_obtain): attempt to determine the cell in which
the user's home directory resides, and default to obtaining tokens for
that cell as well, unless it's the same as the default cell. Skip
cells given to the afs_cells option if they are the same as either the
local cell or the user's home cell.
* src/options.c: handle "external" like we handle "use_shmem".
* src/stash.c: read a krbtgt key from $KRB5CCNAME if "external" was
set. Try to reuse the passed-in krb5_context, if possible.
* src/session.c: don't create new ccache or ticket files if KRB5CCNAME
or KRBTKFILE are already set in the PAM environment, respectively.
2005-02-07 nalin
* src/minikafs.c(minikafs_5log): initialize use_ccache as a handle for
the default cred cache, not ccache, when ccache is NULL.
* src/options.c(option_t): add, for parsing a value as a krb5_deltat if
it can't be parsed as a normal integer.
* src/options.h: change normal and renewable lifetimes to krb5_deltat
* src/options.c(_pam_krb5_options_init): parse lifetimes using option_t
instead of option_i.
* src/*.c: random signed/unsigned warning corrections.
2004-09-13 nalin
* src/tokens.c: skip getting tokens for the cell of /afs if that cell
is "dynroot", which is what OpenAFS's dynamic-root support gives us.
* src/auth.c: run the krb5_kuserok() check in the authentication phase
as well (Douglas E. Engert).
2004-09-02 nalin
* src/minikafs.c: add copyright statement because the ioctl patch is
too much like heimdal's implementation.
2004-08-31 nalin
* src/shmem.c,src/shmem.h: add, several functions for handling shared
memory.
* src/auth.c:(pam_sm_authenticate): log the realm as well. store
credentials to shared memory on success if the "use_shmem" flag was
given, or if "use_shmem=" lists the current service, or is true.
* src/stash.c:(_pam_krb5_stash_shm_read,_pam_krb5_stash_shm_write): add.
* src/storetmp.c(_pam_krb5_read_with_retry): make non-static.
* src/storetmp.c(_pam_krb5_storetmp_file): add a hook for storing a copy
of the file contents in a blob of memory.
2004-08-31 nalin
* src/password.c(pam_sm_chauthtok): during the preliminary check phase,
read the current password as the PAM_OLDAUTHTOK item, not PAM_AUTHTOK
(Ludek Finstrle, #131246)
2004-08-27 nalin
* src/userinfo.c(_pam_krb5_user_info_init): override the realm name to
be the one which was passed in (Carlos A. Villegas, #116198).
2004-08-27 nalin
* src/minikafs.c: handle cases where the length of the realm name >
length of the cell name.
2004-08-27 nalin
* src/options.c(_pam_krb5_options_init): set the default realm for
ctx (#116198).
2004-08-26 nalin
* src/options.h,options.c: add an ignore_afs flag to the options
structure, heavily based on Matthew Miller's patch (#126345).
* auth.c, session.c, sly.c: obey ignore_afs.
2004-08-26 nalin
* src/acct.c(pam_sm_acct_mgmt): skip .k5login check of user_check was
disabled -- it's not as if we can expect an unknown user to have a home
directory.
2004-08-26 nalin
* src/conv.c(_pam_krb5_conv_call): return PAM_BAD_ITEM instead of
PAM_CONV_ERR if the application didn't define a conversation function.
2004-08-26 nalin
* src/minikafs.c(minikafs_ioctlcall): add, from Alexander Boström
(#127529).
* src/minikafs.c(minikafs_call): add, calling afs_ioctlcall or
afs_syscall as appropriate, from Alexander Boström (#127529). The
setpag and pioctl functions now call this function instead of our
afs_syscall.
* src/minikafs.c(minikafs_has_afs): check for ioctl-based interface to
Arla or OpenAFS for Linux 2.6, from Alexander Boström (#127529).
2004-08-26 nalin
* src/password.c(pam_sm_chauthtok): prompt for the user's current
password when use_first_pass isn't flagged, ignoring use_authtok
during the initial-authentication pass (#130950).
2004-06-14 nalin
* src/session.c(pam_sm_open_session,pam_sm_close_session): log what
we return, and why, if debugging is enabled.
2004-06-14 nalin
* src/acct.c(pam_sm_acct_mgmt): likewise, catch and log specific error
information for EAGAIN, KRB5_REALM_CANT_RESOLVE, and KRB5_KDC_UNREACH
errors.
2004-06-14 nalin
* src/v5.c(v5_get_creds): return PAM_AUTHINFO_UNAVAIL if we got EAGAIN,
which is triggered by a transient hostname resolution error (John
Dennis). Also do this for KRB5_REALM_CANT_RESOLVE and KRB5_KDC_UNREACH
error cases.
2004-04-21 nalin
* Makefile.am: make configure depend on pam_krb5.spec.
* autogen: run with --enable-maintainer-mode so that the dependency
gets honored when autogen is used.
* pam_krb5.spec: bump version.
2004-04-21 nalin
* src/minikafs.c: print debug messages when doing realmofcell stuff.
2004-04-21 nalin
* configure.ac: perform all checks for Kerberos functions with all of
the libraries we've found.
2004-04-21 nalin
* configure.ac: escape sed expressions correctly so that LDFLAGS doesn't
include -l flags for Kerberos, skip all krb4 checks if --without-krb4
is passed in.
* src/Makefile.am: add KRB5_LIBS and KRB4_LIBS as needed.
* src/minikafs.c: use krb524_convert_creds_kdc if krb5_524_convert_creds
isn't available. Force v5 mode on if USE_KRB4 is not defined.
2004-04-21 nalin
* configure.ac: search for PAM libraries separately
* src/Makefile.am: use a convenience library to compile code only once
* src/afs5log.c: supply a non-bogus ccache and options argument to
minikafs, provide local logging functions which use stdio.
2004-04-15 nalin
* configure.ac: default krb5-config and krb4-config to ':', add non
library arguments output by --libs to LIBS
* src/minikafs.c: add missing <stdio.h> include.
* src/stash.c: fix compile for non-USE_KRB4 case.
* src/v4.c: fix compile for non-USE_KRB4 case.
* src/v5.c(v5_cc_retrieve_match): add.
* src/v5.c(v5_creds_key_length): add.
* src/v5.c(v5_creds_key_contents): add.
2004-03-23 nalin
* configure.ac: remove kafs/krbafs checks.
* src/Makefile.am: add EXTRA_PROGRAMS target for afs5log.
* src/afs5log.c: add a test program for exercising minikafs.
* src/minikafs.c, src/minikafs.h: add a less-portable but more-flexible
krbafs implementation.
* src/options.c(_pam_krb5_options_init): distinguish between v4 for
general use and v4 because we're using AFS.
2004-03-16 nalin
* src/pam_krb5_storetmp.c: remove the file if it's not a valid mkstemp
pattern, even if we were passed a UID/GID.
2004-03-16 nalin
* src/storetmp.c: drop privileges before we exec the helper.
2004-03-16 nalin
* src/pam_krb5_storetmp.c: only attempt to change to the required
UID/GID if we are not already running with that UID/GID, and only
attempt to clear the supplemental groups list if uid == 0 (we're root).
2004-03-16 nalin
* src/session.c: remove explict calls to chown(), which would be denied
by SELinux in enforcing mode, instead expecting the helper to handle it
all.
* src/v5.c: remove explict calls to chown(), which would be denied by
SELinux in enforcing mode, instead expecting the helper to handle it
all.
* src/v4.c: remove explict calls to chown(), which would be denied by
SELinux in enforcing mode, instead expecting the helper to handle it
all.
* src/storetmp.c: pass the user's uid and gid to the helper, it already
knows what to do.
* src/tokens.c(tokens_useful): add.
* src/session.c: when opening a session, create temporary tickets for
grabbing tokens with the current permissions so that libkrb4 doesn't
reject them, then clean them up, then create those for the user.
2004-03-10 nalin
* src/pam_krb5_storetmp.c: if the filename pattern supplied is not a
valid pattern (does not end with XXXXXX), delete the file instead,
reporting success in the same way.
* src/session.c(pam_sm_close_session): note ticket file deletions when
debugging.
* src/storetmp.c(_pam_krb5_storetmp_delete): add, to invoke the helper
for removal of a file.
* src/stash.c(_pam_krb5_stash_clean): add, to attempt to remove a file
using the helper, falling back to unlink() if the helper fails.
* src/v4.c(v4_destroy): use _pam_krb5_stash_clean instead of unlink()
to remove ticket files.
* src/v5.c(v5_destroy): use _pam_krb5_stash_clean instead of unlink()
to remove ccache files.
2004-02-27 nalin
* src/session.c(pam_sm_open_session): only set variables if the ticket
files have non-zero-length filenames.
2004-02-27 nalin
* src/storetmp.c(_pam_krb5_storetmp_data): open /dev/null three times to
ensure that pipe() won't give us any stdio descriptors. Reintroduce the
call to execl() which got dropped earlier.
2004-02-27 nalin
* src/pam_krb5_storetmp.c: add this helper, which creates a file using
mkstemp, filling it with supplied data.
* src/storetmp.c: add routines for using pam_krb5_storetmp to create
copies of session-specific ticket files after crossing an exec(), so
that a new SELinux context can apply to the new file.
* everything: update copyright statements to include this year.
* src/stash.c(_pam_krb5_stash_clone_v5): add, to call
_pam_krb5_storetmp_file to copy the ccache.
* src/v5.c(v5_save): clone the ticket file after creating it.
* src/stash.c(_pam_krb5_stash_clone_v4): add, to call
_pam_krb5_storetmp_file to copy the ccache.
* src/v4.c(v4_save): clone the ticket file after creating it.
2004-01-07 nalin
* src/stash.h: always have a v4present field in the structure.
* src/v4.h: don't try 524 conversion if we don't have krb4 -- we
wouldn't be able to do anything with the results. Noted by Jörg
Albert.
2004-01-07 nalin
* src/v4.c(v4_save): make the stub v4_save function match the
non-stub's prototype. Noted by Jörg Albert.
* src/v4.c(v4_destroy): don't return a value from this function, which
returns void. Noted by Jörg Albert.
2003-11-25 nalin
* README: updates
2003-11-20 nalin
* src/userinfo.c, src/userinfo.h: when setting things up for a user,
obey "mappings" settings. Because we can't be certain that the
generated principal will pass through aname_to_lname correctly, don't
do that any more.
2003-11-20 nalin
* src/initopts.c(_pam_krb5_set_init_opts): set the ticket lifetime,
if configured, as an initopt. This change lets us fix #109331.
2003-11-20 nalin
* src/options.c, src/options.h: add code for parsing a "mappings"
setting. Reintroduce ticket_lifetime, which I mistakenly thought was
a libdefault setting now.
2003-11-20 nalin
* src/map.c, src/map.h: add mapping functions which mimic OpenLDAP's
saslRegexp functionality for mapping local user names to principal
names.
2003-11-20 nalin
* src/init.c: instead of forcing the realm when parsing principals,
make realm= set the default realm.
2003-11-19 nalin
* src/v5.c(v5_get_creds): use the realm from the unparsed version of
the principal name when constructing service principals.
2003-09-22 nalin
* src/session.c: actually return where we were supposed to return.
2003-09-19 nalin
* src/session.c: if v5attempted is 0 or v5result is not 0, don't
mess with tokens or credentials. This allows apps which change their
UIDs to keep tokens unless they obtained some of their own.
* src/auth.c: before attempting authentication, reset v5attempted so
that we don't count a previous authentication failure as a failure
forever.
* src/acct.c: if v5attempted is not set in the user's stash, attempt
to get initial credentials for the user. If the password check fails,
assume the user name is valid.
2003-09-05 nalin
* src/stash.h: add a v5attempted field to track whether or not we've
attempted to get v5 creds for this user. add an afspag field to track
whether or not we've created an afs PAG.
* src/stash.c: initialize v5attempted and other fields, even if it's
redundant after using memset to clear the whole structure.
* src/auth.c: set v5attempted in the user's stash immediately after
all calls to v5_get_creds.
* src/acct.c: if v5attempted is not set in the user's stash, just
return PAM_IGNORE.
* src/tokens.c: only delete tokens on session close if we created a
pag, lest we lose tokens when reverting back in su. Only warn about
errors getting tokens if v5attempted was set (else these become debug
messages).
* src/pam_krb5.8.in: note the behavior of the module in acct stacks.
2003-09-05 nalin
* configure.ac: check for krb_time_to_life.
* src/v4.c: use krb_time_to_life to convert lifetimes from seconds to
bytes, not krb_life_to_time, which does the opposite.
2003-08-14 nalin
* configure.ac: check for __posix_getpwnam_r.
* src/userinfo.c(get_pw): use __posix_getpwnam_r if it is available and
getpwnam_r isn't available
2003-08-14 nalin
* src/session.c(pam_close_session), src/sly.c: return PAM_USER_UNKNOWN
instead of PAM_SERVICE_ERR if we fail to get information about the user.
2003-08-14 nalin
* src/auth.c(pam_sm_authenticate): log the PAM error code we're
returning if we're returning a failure after all attempts have been
made. Save the password entered by the user in the normal we-prompted
case.
* pam_krb5.spec: bump version to 2.0.1
2003-08-14 nalin
* src/auth.c, src/acct.c, src/session.c(pam_open_session),
src/password.c: return PAM_USER_UNKNOWN instead of PAM_SERVICE_ERR if
we fail to get information about the user.
2003-08-14 nalin
* tests/run-tests: leave some time between expiring of passwords and
attempts to check if they've truly been expired, in case the server
implementation considers expiration time to be the end of the second
instead of the start
2003-08-13 nalin
* src/xstr.c, src/xstr.h: add xstrfree().
* src/auth.c, src/options.c, src/password.c, src/prompter.c,
src/stash.c, src/userinfo.c, src/v4.c, src/v5.c: use xstrfree() to
free strings.
Thu Aug 7 2003 nalin
- Major overhaul and refactoring of everything.
Thu Jan 30 2003 Nalin Dahyabhai <nalin@redhat.com>
- Fix uninitialized pointer crash when we fail to retrieve cached return values.
Wed Jan 29 2003 Nalin Dahyabhai <nalin@redhat.com>
- Fix accidental double-free because libpam doesn't appear to make copies of
the names for data items.
Fri Aug 23 2002 Nalin Dahyabhai <nalin@redhat.com>
- Update docs on the location of the anoncvs tree.
- Add warnings to the list of options we invoke $(CC) with.
- Use per-user stash and stored return value names.
Wed Aug 7 2002 Nalin Dahyabhai <nalin@redhat.com>
- Treat PAM_REFRESH_CRED like PAM_REINITIALIZE_CRED. From Jason Heiss.
Fri May 24 2002 Nalin Dahyabhai <nalin@redhat.com>
- Fix a parser bug, pointed out by Balazs GAL.
Wed May 22 2002 Nalin Dahyabhai <nalin@redhat.com>
- Guess that the current cell name is the same as the realm name, lower-cased.
Fri Feb 15 2002 Nalin Dahyabhai <nalin@redhat.com>
- Update docs to give info about the account management function.
Mon Feb 11 2002 Nalin Dahyabhai <nalin@redhat.com>
- Add account management, which checks for key expiration and .k5login files.
Tue Sep 25 2001 Nalin Dahyabhai <nalin@redhat.com>
- Fix parsing of options which have multiple whitespace-separated values,
like afs_cells.
Wed Sep 5 2001 Nalin Dahyabhai <nalin@redhat.com>
- Link with libresolv to get res_search, tip from Justin McNutt, who
built it statically.
- Explicitly link with libdes425.
- Handle cases where getpwnam_r fails but still sets the result pointer.
- If use_authtok is given and there is no authtok, error out.
Mon Aug 27 2001 Nalin Dahyabhai <nalin@redhat.com>
- Set the default realm when a default realm is specified.
Thu Aug 23 2001 Nalin Dahyabhai <nalin@redhat.com>
- Only use Kerberos error codes when there is no PAM error yet.
Wed Aug 22 2001 Nalin Dahyabhai <nalin@redhat.com>
- Add minimum UID support. (#52358)
- Don't link pam_krb5 with libkrbafs; that dependency should only exist for
pam_krb5afs.
Wed Aug 22 2001 Nalin Dahyabhai <nalin@redhat.com>
- Add minimum UID support (suggested by Matthew Miller).
- Don't link pam_krb5 with libkrbafs.
- Make all options in krb5.conf available as PAM config options. This should
make things more interesting.
Tue Jul 31 2001 Nalin Dahyabhai <nalin@redhat.com>
- Merge patch from Chris Chiappa for building with Heimdal.
Mon Jul 24 2001 Nalin Dahyabhai <nalin@redhat.com>
- Note that we had to prepend the current directory to a given path in
dlopen.c when we had to (noted by Onime Clement).
Tue Jul 17 2001 Nalin Dahyabhai <nalin@redhat.com>
- Return PAM_NEW_AUTHTOK_REQD when attempts to get initial credentials
fail with KRB5KDC_ERR_KEY_EXP (noted by Onime Clement).
Thu Jul 12 2001 Nalin Dahyabhai <nalin@redhat.com>
- Add info about accessing the CVS repository to the README.
- Parser cleanups (thanks to Dane Skow for a more complicated sample).
Fri Jul 6 2001 Nalin Dahyabhai <nalin@redhat.com>
- Don't set forwardable and assorted other flags when getting password-
changing service ticket (noted, and fix supplied, by Onime Clement).
- Try __posix_getpwnam_r on Solaris before we try getpwnam_r, which may
or may not be expecting the same number/type of arguments (noted by
Onime Clement).
- Use krb5_aname_to_localname to convert the principal to a login name
and set PAM_USER to the result when authenticating.
- Some autoconf fixes for failure cases.
Wed Jun 26 2001 Nalin Dahyabhai <nalin@redhat.com>
- Use krb5_change_password() to change passwords.
Tue Jun 12 2001 Nalin Dahyabhai <nalin@redhat.com>
- Use getpwnam_r instead of getpwnam when available.
Fri Jun 8 2001 Nalin Dahyabhai <nalin@redhat.com>
- Cleanup some autoconf checks.
Thu Jun 7 2001 Nalin Dahyabhai <nalin@redhat.com>
- Don't call initialize_krb5_error_table() or initialize_ovk_error_table()
if they're not found at compile-time (reported for RHL 6.x by Chris Riley).
Thu May 31 2001 Nalin Dahyabhai <nalin@redhat.com>
- Note that [pam] is still checked in addition to [appdefaults].
- Note that AFS and Kerberos IV support requires working Kerberos IV
configuration files (i.e., kinit -4 needs to work) (doc changes
suggested by Martin Schulz).
Tue May 29 2001 Nalin Dahyabhai <nalin@redhat.com>
- Add max_timeout, timeout_shift, initial_timeout, and addressless options
(patches from Simon Wilkinson).
- Fix the README to document the [appdefaults] section instead of [pam].
- Change example host and cell names in the README to use example domains.
Wed May 2 2001 Nalin Dahyabhai <nalin@redhat.com>
- Don't delete tokens unless we're also removing ticket files (report and
patch from Sean Dilda).
- Report initialization errors better.
Thu Apr 26 2001 Nalin Dahyabhai <nalin@redhat.com>
- Treat semicolons as a comment character, like hash marks (bug reported by
Greg Francis at Gonzaga University).
- Use the [:blank:] equivalence class to simplify the configuration file parser.
- Don't mess with the real environment.
- Implement mostly-complete aging support.
Sat Apr 7 2001 Nalin Dahyabhai <nalin@redhat.com>
- Tweak the man page (can't use italics and bold simultaneously).
Fri Apr 6 2001 Nalin Dahyabhai <nalin@redhat.com>
- Restore the default TGS value (#35015).
Wed Mar 28 2001 Nalin Dahyabhai <nalin@redhat.com>
- Fix a debug message.
- Fix uninitialized pointer error.
Mon Mar 26 2001 Nalin Dahyabhai <nalin@redhat.com>
- Don't fail to fixup the krb5 ccache if something goes wrong obtaining
v4 credentials or creating a krb4 ticket file (#33262).
Thu Mar 22 2001 Nalin Dahyabhai <nalin@redhat.com>
- Fixup the man page.
- Log return code from k_setpag() when debugging.
- Create credentials and get tokens when setcred is called for REINITIALIZE.
Wed Mar 21 2001 Nalin Dahyabhai <nalin@redhat.com>
- Don't twiddle ownerships until after we get AFS tokens.
- Use the current time instead of the issue time when storing v4 creds, since
we don't know the issuing host's byte order.
- Depend on a PAM development header again instead of pam-devel.
Tue Mar 20 2001 Nalin Dahyabhai <nalin@redhat.com>
- Add a separate config file parser for compatibility with settings that
predate the appdefault API.
- Use a version script under Linux to avoid polluting the global namespace.
- Don't have a default for afs_cells.
- Need to close the file when we succeed in fixing permissions (noted by
jlkatz@eos.ncsu.edu).
Mon Mar 19 2001 Nalin Dahyabhai <nalin@redhat.com>
- Use the appdefault API to read krb5.conf if available.
- Create v4 tickets in such a way as to allow 1.2.2 to not think there's
something fishy going on.
Tue Feb 13 2001 Nalin Dahyabhai <nalin@redhat.com>
- Don't log unknown user names to syslog -- they might be sensitive information.
Fri Feb 9 2001 Nalin Dahyabhai <nalin@redhat.com>
- Handle cases where krb5_init_context() fails.
Wed Jan 17 2001 Nalin Dahyabhai <nalin@redhat.com>
- Be more careful around memory allocation (fixes from David J. MacKenzie).
Mon Jan 15 2001 Nalin Dahyabhai <nalin@redhat.com>
- No fair trying to make me authenticate '(null)'!
Wed Nov 7 2000 Nalin Dahyabhai <nalin@redhat.com>
- Only try to delete ccache files once.
- Ignore extra data in v4 TGTs, but do log it.
- Require "validate" to be true to try validating, and fail if validation fails.
Thu Aug 10 2000 Nalin Dahyabhai <nalin@redhat.com>
- Fix handing of null passwords.
Wed Jul 5 2000 Nalin Dahyabhai <nalin@redhat.com>
- Integrate some fixes for Solaris 7 from Trevor Schroeder (flock.c is
entirely his).
Tue Jun 27 2000 Nalin Dahyabhai <nalin@redhat.com>
- Integrate Seth Vidal's "no_user_check" argument, so that non-privileged
users (i.e., secure web servers) can also do checks.
Wed May 17 2000 Nalin Dahyabhai <nalin@redhat.com>
- Make errors chown()ing ccache files non-fatal if (getuid() != 0), suggested
by Steve Langasek.
Mon May 15 2000 Nalin Dahyabhai <nalin@redhat.com>
- Attempt to get initial Kerberos IV credentials when we get Kerberos 5 creds
Thu Apr 20 2000 Nalin Dahyabhai <nalin@redhat.com>
- Chris Chiappa's modifications for customizing the ccache directory
Wed Apr 19 2000 Nalin Dahyabhai <nalin@redhat.com>
- Mark Dawson's fix for krb4_convert not being forced on when afs_cells defined
Thu March 23 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix problem with leftover ticket files after multiple setcred() calls
Mon March 20 2000 Nalin Dahyabhai <nalin@redhat.com>
- add proper copyright statements
- save password for modules later in the stack
Fri March 03 2000 Nalin Dahyabhai <nalin@redhat.com>
- clean up prompter
Thu March 02 2000 Nalin Dahyabhai <nalin@redhat.com>
- add krbafs as a requirement
Fri February 04 2000 Nalin Dahyabhai <nalin@redhat.com>
- pick up non-afs PAM config files again
Wed February 02 2000 Nalin Dahyabhai <nalin@redhat.com>
- autoconf and putenv() fixes for broken apps
- fix for compressed man pages
Fri January 14 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix stupid bug in password-changing
- add check that user exists in Kerberos before prompting to make password-
changing sane for mixed environments
Thu January 6 2000 Nalin Dahyabhai <nalin@redhat.com>
- merge in spelling and other fixes from Michael K. Johnson
- modify to build both normal and AFS-aware version if krbafs.h is found
Fri December 31 1999 Nalin Dahyabhai <nalin@redhat.com>
- change to using ticket files created with mkstemp()
Tue December 28 1999 Nalin Dahyabhai <nalin@redhat.com>
- make setcred() return the same code as authenticate() to make sure that libpam
walks the auth stack the same way for both functions
Wed December 22 1999 Nalin Dahyabhai <nalin@redhat.com>
- add man pages that don't mention AFS at all
Tue November 30 1999 Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
- add linking with libcrypt, remove linking with libpam
Mon November 29 1999 Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
- Make creating the Kerberos IV ticket a non-fatal error if there are problems.
- Add man pages.
Mon November 8 1999 Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
- Clean up PAM_AUTHTOK_RECOVER{,Y}_ERR definition problems and Solaris LD flags.
Problems spotted and solution proposed by Nitin Dahyabhai <nitind@pobox.com>.
Wed November 3 1999 Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
- Massive restructuring and cleaning out of 1.0-specific code.
Mon October 4 1999 Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
- Update for krb5 1.1 release
Mon July 26 1999 Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
- Configure should die if krb5.h or krbafs.h isn't found (bfdimmic@eos.ncsu.edu)
Thu July 15 1999 Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
- Added reason to authentication failure messages (wjlyerly@eos.ncsu.edu)
- Only prompt for second password if first password fails
Fri June 18 1999 Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
- First public release. Bwah-ha-ha-ha-ha-ha-ha!
distrib
>
Mandriva
>
2009.1
>
x86_64
>
media
>
main-updates
>
by-pkgid
>
eb20978f2114aaee6b9a46b8c4257116
>
files
>
9
