* pam_fshadow/pam_fshadow.c (pam_opt): New option skip-password.
(_pam_parse,verify_user_acct,verify_user_pass): Fix log messages.
(verify_user_pass): Skip password verification, if requested.
(pam_sm_authenticate): Don't try to obtain password, if skip-password
is given.
Bugfix: even if password hash is given in passwd and verified successfully,
verify the shadow file too, this time with password set to NULL, so that
the actual account status is taken into account.
* doc/pam-modules.texi: Document skip-password
* doc/pam_fshadow.8in: Likewise.
* pam_fshadow/pam_fshadow.c (verify_user_acct): Don't leave the file
open.
(pam_sm_authenticate): If the username was changed, set the changed value
in the PAM_USER item, for eventual use by subsequent modules in stack.
This fixes handling of expressions like 's/s/@/2'.
* lib/transform.c (_single_transform_name_to_slist): Avoid duplicating
initial prefix if replace is not needed.
* doc/pam-modules.texi: Document new MySQL statements.
* pam_sql/pam_mysql.c (mysql_do_query): Use MySQL default file/group,
if specified.
(gpam_sql_verify_user_pass): Fix handling of "setenv-query".
* pam_sql/pam_pgsql.c (gpam_sql_verify_user_pass): Likewise.
* pam_sql/pam_sql.c (gpam_sql_get_query): Return PAM_AUTHINFO_UNAVAIL
if the keyword is not defined in the environment.
* pam_groupmember/pam_groupmember.c (split): Use standard memory
allocation functions. Correctly handle empty strings (demimiter
immediately followed by another delimiter.
New options username-index and domain-index are used to indicate
indices of the parenthesized groups used to extract the user and
the domain name. The default corresponds to 'user-index=1 domain-index=1'.
Additionally, change the behavior in case if the user name doesn't
match the regexp. Previous versions would fall back to plain authentication
in this case. New behavior is to reject access.
* pam_fshadow/pam_fshadow.c (pam_opt): New options
username-index and domain-index.
(pam_sm_authenticate): Move username splitting into a separate
function.
* doc/pam_fshadow.8in: Document the new options.
Default Config file applied to all output formats, which is wrong.
Use a dedicated configuration file for html output formats, and
defaults for the rest.
* doc/Makefile.am (GENDOCS): Add html-specific configuration file.
* doc/Config: Rename to doc/html.init (with changes).
* configure.ac: Only check if fgetpwent is defined,
don't disable the module if it is not.
* pam_fshadow/pam_fshadow.c [!HAVE_FGETPWENT] (fgetpwent): Provide a
replacement.
A user can add his public keys to the authorized_keys file without disturbing
the key synchronization from the LDAP database. The #:end comment in the file
marks the end of area synchronized with LDAP. Everything below this comment
is preserved intact.
* pam_ldaphome/pam_ldaphome.c (pubkeyfile): New struct.
(pubkeyfile_open,pubkeyfile_read,pubkeyfile_init)
(pubkeyfile_write,pubkeyfile_remove_lines)
(pubkeyfile_alloc_lines,pubkeyfile_insert_lines)
(pubkeyfile_close): New functions.
(store_pubkeys): Use pubkeyfile functions to operate on
the authorized_keys file.
