Features Download
From: X2Go dev team <git-admin-P0WSJaAXTow <at> public.gmane.org>
Subject: libpam-x2go.git - (annotated tag) created:
Newsgroups: gmane.linux.terminal-server.x2go.tags
Date: Saturday 10th November 2012 21:22:23 UTC (over 5 years ago)
The annotated tag, has been created
        at  01578b99c23a040466ee96619a936314246ab250 (tag)
   tagging  482b1f21434d33edc8685da1ddbe14f2c5b72508 (commit)
 tagged by  Mike Gabriel
        on  Sat Nov 10 22:21:37 2012 +0100

- Log -----------------------------------------------------------------
Upstream version (draft status)
Version: GnuPG v1.4.10 (GNU/Linux)


Albert Astals (2):
      Merge lp:~ted/libpam-freerdp/save-values
      Saving the domain and password between auth and open session.
Approved by jenkins, Albert Astals Cid.

Iftikhar Ahmad (3):
      Improving the test coverage for libpam-freerdp
      adding the files missed in last push
      Improving the test coverage.. Approved by David Barth.

Mike Gabriel (48):
      fork libpam-x2go from libpam-freerdp
      Adaptations of the forked original to work with X2Go: Check the
authentication token via libssh (ssh login to the remote server).
      /debian/rules: Use dh-autoreconf with debhelper.
      wrap too-long-changelog-line
      Override auto_build with our own automake mechanism.
      replace dh-autoreconf dependency by autotools-dev, automake and
      change-over to CDBS
      depende on cdbs
      check for libssh .pc (pkg-config) file
      /debian/control: Depend on dh-autoreconf.
      fix /debian/watch file
      remove remnants of libpam-freerdp
      fix missing type
      fixing syntax errors
      fixing up x2go-auth-check.c
      add pam-x2go.h to avoid multiple definitions
      drop pam-x2go.h again, fix linking against libssh
      remove duplicat ssh_connect call
      add some debug code
      slightly different logic for finding a proper return value
      missing ;
      missing ; (2)
      sedate type mismatch warning
      add debug marker
      add log verbosity
      report the type of error during SSH connection
      split up hostname and port properly
      fixed x2go-auth-check.c (at least for IPv4 and DNS type hostnames)
      change upstream authorname
      change order of rhost and rdomain, we will use rdomain as placeholder
for the X2Go desktop shell (session type)
      install x2go-auth-check not libexecdir, not pkglibexecdir
      versioned dependency on cdbs
      fix tests
      try to make the tests look ok...
      fix AUTH_CHECK
      Set PAM_SM_AUTH and PAM_SM_SESSION before including
      fix missing compilation of pam-x2go.c and pam-x2go-children.c
      add missing pam_x2go_la_LIBADD stanza
      copy+paste fix
      merge rules for pam_x2go and libx2gocore
      let the buffer end with a space character
      Revert "let the buffer end with a space character"
      renaming rdomain to rsession, put password as last string into the
socket buffer
      whitespace fix
      remove .a and .la files from /lib/security
      not available anymore: clean-la
      fixing copyright headers

Ted Gould (106):
      Basic build system
      Adding a local directory option and setting the PAM install directory
based on whether we're local or not
      Woot, we've got a PAM module
      Ignoring stuff
      Understanding the design
      Trying to get the values that we should know well
      Restructured so we can get all the items with prompts
      match the string by pam-remotelogin
      Let's call it!
      Enough that it's likely to authenticate.  Though, lots of TODOs at
this point
      Fixing the name to be what everyone else thinks it should be
      Only built the .so, it's a loadable module
      Matching the naming convention of the other modules
      Changing the conv to a pointer of a pointer
      Fixing pointers to make PAM happy.  Uhg.  No segfault though
      Switch to pushing the creditials via stdin
      Setting the home directory to the user's directory
      Make sure we're running as the guest user before we execute the
freerdp utility
      Setting up our pipes, dropping privs, and fixing TODOs
      First make sure we clean up
      Set up the buffer and the socket and stuff like that as well.
      Drop privs if we have 'em
      Adding session stuff
      Adding a copyright header
      If we don't fork, then clean up
      Fixing up the ignore
      Adding a dep on the FreeRDP library
      Building ourselves a little binary
      Adding some freerdp-ness to it
      Making PAM call the auth check utility
      A newline for scanf
      Adding a copyright header
      Adding an auth helper
      Crazy cheap URL parser
      Switch to looking for '://' in the string
      If we've got a colon for a port number split that out
      Using 'strstr' instead our own loop.
      Cleaning up the code to make it easier to read
      Handle URLs as the remote host value. Approved by Albert Astals Cid,
      Adding a setcred function so callers are happy
      Saving the values once we get them
      Remove an unused define (cleanup)
      Protecting from a crazy thing that LightDM does
      Adding a setcred function so callers are happy. Approved by Albert
Astals Cid, jenkins.
      Caching the password between authenticate and open_session
      Now that we have long running memory with a password in it, we need
to lock it down
      Neat little trick that I found in PAM Kerberos where it uses the PAM
handle's version of the value so that there doesn't have to be memory
free'd in the returning function.  Cleans some things up and removes a
bunch of extra allocation
      Set the permissions on the socket
      Making sure that there's no way that we can write over the end of the
buffer even for very, very, very long home directory names.
      Locking the buffer 'cause it would have the password in it
      Set the permissions on the socket. Approved by Albert Astals Cid,
      Lock buffer memory and protect to memory overruns.. Approved by
Albert Astals Cid, jenkins.
      Change internal API to do less memory allocation.. Approved by Albert
Astals Cid, jenkins.
      Comments clear up some of the if statements
      Addign clarification comments. Approved by .
      Refactor to pull the long running stuff out of the if statement and
into a function
      Move the socket creation into the fork'd function
      Moving buffer allocation into the function
      Restructure so that clean up is all at the end of the function
      Checking the return for mlock and snprintf
      Setting up a pipe to communicate with the sub process
      Use the pipe to signal when the subprocess has gotten to a point
where it can opperate.
      Checking the return value of the mlock
      Locking memory if we expect the prompt to be returning a password
      Make sure to clear the environments
      Clear the groups when dropping privs
      Make sure to lock the password buffer
      Dropping the ignoring of the cert
      Make sure to change the working directory for the subprocesses to the
guest user's home directory
      Making sure to kill as the user so that if there is PID wrap or
something else we won't kill the wrong thing
      Clear the session_pid after trying to kill it.
      Removing setgroups as it doesn't seem to be working
      Attaching bug
      Clearing the groups, but handling the EPERM issue with not being root
      Resolving concerns of the security team. Fixes: https://bugs.launchpad.net/bugs/1039634.
Approved by Albert Astals Cid, jenkins.
      Moving the kill code into a function
      Using the new function in the open_session function instead of
killing directly.
      Making the open_session kill also unpriv. Approved by Albert Astals
Cid, jenkins.
      Make sure there's a character even if we don't have a domain
      Add a '.' for a blank domain. Approved by Albert Astals Cid, jenkins.
      Steal a bunch of test infrastructure from libpam-icaclient
      Adding in Google test and Coverage build stuff
      Adding in coverage build flags
      Clean up Makefile and add proper files
      Make sure to distribute the header files
      Adding in coverage make rules
      Make sure to close so we don't leave processes around
      Check for spaces in the username, block them
      Set everything up so that the auth check binary can be different in
the tests
      Adding a small auth check utility
      Make the auth use the auth check utility
      Make sure we have the full path to execute the auth check
      Adding an authenticate
      Add a set cred call like LightDM does it
      Block usernames with spaces. Approved by Albert Astals Cid, jenkins.
      Adding a testing framework. Approved by Albert Astals Cid, jenkins.
      Adding the core library to the module.
      Adding the compiled lib to the link.


CD: 3ms