github-forks
/
gitea
mirror of https://github.com/go-gitea/gitea.git
1
0
Fork 0
Code Projects Releases Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
release/v1.23
release/v1.22
release/v1.21
release/v1.20
release/v1.19
release/v1.18
release/v1.17
release/v1.16
release/v1.15
release/v1.14
release/v1.13
release/v1.12
release/v1.11
release/v1.10
release/v1.9
release/v1.8
v1.23.4
v1.23.3
v1.23.2
v1.23.1
v1.23.0
v1.23.0-rc0
v1.22.6
v1.22.5
v1.22.4
v1.22.3
v1.22.2
v1.22.1
v1.22.0
v1.22.0-rc1
v1.21.11
v1.22.0-rc0
v1.21.10
v1.21.9
v1.21.8
v1.21.7
v1.21.6
v1.21.5
v1.21.4
v1.21.3
v1.21.2
v1.20.6
v1.21.1
v1.21.0
v1.21.0-rc2
v1.21.0-rc1
v1.20.5
v1.22.0-dev
v1.21.0-rc0
v1.20.4
v1.20.3
v1.20.2
v1.20.1
v1.20.0
v1.19.4
v1.21.0-dev
v1.20.0-rc2
v1.19.3
v1.19.2
v1.19.1
v1.19.0
v1.19.0-rc1
v1.20.0-dev
v1.19.0-rc0
v1.18.5
v1.18.4
v1.18.3
v1.18.2
v1.18.1
v1.18.0
v1.17.4
v1.18.0-rc1
v1.19.0-dev
v1.18.0-rc0
v1.17.3
v1.17.2
v1.17.1
v1.17.0
v1.17.0-rc2
v1.16.9
v1.17.0-rc1
v1.18.0-dev
v1.16.8
v1.16.7
v1.16.6
v1.16.5
v1.16.4
v1.16.3
v1.16.2
v1.16.1
v1.16.0
v1.15.11
v1.17.0-dev
v1.16.0-rc1
v1.15.10
v1.15.9
v1.15.8
v1.15.7
v1.15.6
v1.15.5
v1.15.4
v1.15.3
v1.15.2
v1.15.1
v1.14.7
v1.15.0
v1.15.0-rc3
v1.14.6
v1.15.0-rc2
v1.14.5
v1.16.0-dev
v1.15.0-rc1
v1.14.4
v1.14.3
v1.14.2
v1.14.1
v1.14.0
v1.13.7
v1.14.0-rc2
v1.13.6
v1.13.5
v1.14.0-rc1
v1.15.0-dev
v1.13.4
v1.13.3
v1.13.2
v1.13.1
v1.13.0
v1.12.6
v1.13.0-rc2
v1.14.0-dev
v1.13.0-rc1
v1.12.5
v1.12.4
v1.12.3
v1.12.2
v1.12.1
v1.11.8
v1.12.0
v1.11.7
v1.12.0-rc2
v1.11.6
v1.12.0-rc1
v1.13.0-dev
v1.11.5
v1.11.4
v1.11.3
v1.10.6
v1.12.0-dev
v1.11.2
v1.10.5
v1.11.1
v1.10.4
v1.11.0
v1.11.0-rc2
v1.10.3
v1.11.0-rc1
v1.10.2
v1.10.1
v1.10.0
v1.9.6
v1.9.5
v1.10.0-rc2
v1.11.0-dev
v1.10.0-rc1
v1.9.4
v1.9.3
v1.9.2
v1.9.0
v1.9.0-rc2
v1.10.0-dev
v1.9.0-rc1
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.8.0-rc3
v1.7.6
v1.8.0-rc2
v1.7.5
v1.8.0-rc1
v1.9.0-dev
v1.7.4
v1.7.3
v1.7.2
v1.7.1
v1.7.0
v1.7.0-rc3
v1.6.4
v1.7.0-rc2
v1.6.3
v1.7.0-rc1
v1.7.0-dev
v1.6.2
v1.6.1
v1.6.0
v1.6.0-rc2
v1.5.3
v1.6.0-rc1
v1.6.0-dev
v1.5.2
v1.5.1
v1.5.0
v1.5.0-rc2
v1.5.0-rc1
v1.5.0-dev
v1.4.3
v1.4.1
v1.4.0
v1.4.0-rc3
v1.4.0-rc2
v1.3.3
v1.4.0-rc1
v1.3.2
v1.3.1
v1.3.0
v1.3.0-rc2
v1.3.0-rc1
v1.2.3
v1.2.2
v1.2.1
v1.2.0
v1.2.0-rc2
v1.1.4
v1.2.0-rc1
v1.1.3
v1.1.1
v1.1.0
v1.0.2
v0.9.99
v1.0.0
v1.0.1
v1.1.2
v1.2.0-rc3
v1.20.0-rc0
v1.20.0-rc1
v1.23.0-dev
v1.24.0-dev
v1.4.2
v1.9.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3e5c844a77'
${ noResults }
gitea/modules
History
6543 3e5c844a77
fix pam authorization (#19040) (#19047) 
Backport #19040 

The PAM module has previously only checked the results of the authentication module.

However, in normal PAM practice most users will expect account module authorization to also be checked. Without doing this check in almost every configuration expired accounts and accounts with expired passwords will still be able to login.

This is likely to represent a significant gotcha in most configurations and cause most users configurations to be potentially insecure. Therefore we should add in the account authorization check.

## ⚠️ **BREAKING** ⚠️ 

Users of the PAM module who rely on account modules not being checked will need to change their PAM configuration.

However, as it is likely that the vast majority of users of PAM will be expecting account authorization to be checked in addition to authentication we should make this breaking change to make the default behaviour correct for the majority.

---

I suggest we backport this despite the BREAKING nature because of the surprising nature of this.

Thanks to @ysf for bringing this to our attention.


Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: ysf <34326+ysf@users.noreply.github.com>
 		3 years ago
..
activitypub Create pub/priv keypair for federation (#17071) 3 years ago
analyze Use git attributes to determine generated and vendored status for language stats and diffs (#16773) 4 years ago
appstate Decouple unit test code from business code (#17623) 3 years ago
auth fix pam authorization (#19040) (#19047) 3 years ago
avatar Fix various typos (#18219) 3 years ago
base Simplify parameter types (#18006) 3 years ago
cache Test cache during init (#17852) 3 years ago
charset Don't treat BOM escape sequence as hidden character. (#18909) (#18910) 3 years ago
context Refactor admin user filter query parameters (#18965) (#18975) 3 years ago
convert Add MirrorUpdated field to Repository API type (#18267) 3 years ago
csv Fix various typos (#18219) 3 years ago
doctor Fix various typos (#18219) 3 years ago
emoji Run processors on whole of text (#16155) 4 years ago
eventsource Simplify parameter types (#18006) 3 years ago
generate Support webauthn (#17957) 3 years ago
git Don't show context cancelled errors in attribute reader (#19006) (#19027) 3 years ago
gitgraph Collaborator trust model should trust collaborators (#18539) (#18557) 3 years ago
graceful Immediately Hammer if second kill is sent (#18823) (#18826) 3 years ago
hcaptcha hCaptcha Support (#12594) 4 years ago
highlight Add .gitattribute assisted language detection to blame, diff and render (#17590) 3 years ago
hostmatcher Simplify parameter types (#18006) 3 years ago
httpcache Use a variable but a function for IsProd because of a slight performance increment (#17368) 3 years ago
httplib refactor: move from io/ioutil to io and os package (#17109) 3 years ago
indexer Upgrade bleve from v2.0.6 to v2.3.0 (#18132) 3 years ago
json Move repository model into models/repo (#17933) 3 years ago
lfs Fix source typos (#18227) 3 years ago
log Simplify parameter types (#18006) 3 years ago
markup Correctly link URLs to users/repos with dashes, dots or underscores (#18890) (#18908) 3 years ago
metrics Refactor auth package (#17962) 3 years ago
migration Fix various typos (#18219) 3 years ago
nosql Adjust error for already locked db and prevent level db lock on malformed connstr (#18923) (#18938) 3 years ago
notification Fix problem when self-assign notification (#18797) (#18976) 3 years ago
options Remove golang vendored directory (#18277) 3 years ago
password Fixed assert statements. (#16089) 4 years ago
pprof refactor: move from io/ioutil to io and os package (#17109) 3 years ago
private Move keys to models/asymkey (#17917) 3 years ago
process Fix various typos (#18219) 3 years ago
proxy Return nil proxy function if proxy not enabled (#16742) 4 years ago
public Fix mime-type detection for HTTP server (#18371) 3 years ago
queue In disk_channel queues synchronously push to disk on shutdown (#18415) (#18788) 3 years ago
recaptcha refactor: move from io/ioutil to io and os package (#17109) 3 years ago
references Add API to get issue/pull comments and events (timeline) (#17403) 3 years ago
repository Add `GetUserTeams` (#18499) (#18531) 3 years ago
secret Simplify parameter types (#18006) 3 years ago
session Refactor auth package (#17962) 3 years ago
setting Prevent security failure due to bad APP_ID (#18678) (#18682) 3 years ago
ssh Simplify parameter types (#18006) 3 years ago
storage refactor: move from io/ioutil to io and os package (#17109) 3 years ago
structs Add MirrorUpdated field to Repository API type (#18267) 3 years ago
svg refactor: move from io/ioutil to io and os package (#17109) 3 years ago
sync Fix missing unlock in uniquequeue (#9790) 5 years ago
templates Remove golang vendored directory (#18277) 3 years ago
test Unify and simplify TrN for i18n (#18141) 3 years ago
timeutil Don't store assets modified time into generated files (#18193) 3 years ago
translation Sort locales according to their names (#18211) 3 years ago
typesniffer Read expected buffer size (#17409) 3 years ago
updatechecker Fix various typos (#18219) 3 years ago
upload Simplify parameter types (#18006) 3 years ago
uri Prevent NPE if gitea uploader fails to open url (#18080) 3 years ago
user Add gitea-vet (#10948) 5 years ago
util Increase Salt randomness (#18179) 3 years ago
validation Upgrade chi to v5 (#17298) 3 years ago
web Simplify parameter types (#18006) 3 years ago