freebsd-dev

Author	SHA1	Message	Date
Dag-Erling Smørgrav	c60ed00a43	Still with asbestos longjohns on, completely PAMify login(1) and remove code made redundant by various PAM modules (primarily pam_unix(8)). Sponsored by: DARPA, NAI Labs	2002-01-30 19:10:21 +00:00
Dag-Erling Smørgrav	e9cc7b1d92	With asbestos longjohns on, integrate most of the checks normally done by login(1) (password & account expiry, hosts.access etc.) into pam_unix(8). Sponsored by: DARPA, NAI Labs	2002-01-30 19:09:11 +00:00
Dag-Erling Smørgrav	a2d20838b0	Move the code from pam_sm_authenticate() to pam_sm_acct_mgmt(). Simplify it a little and try to make it more resilient to various possible failure conditions. Change the man page accordingly, and take advantage of this opportunity to simplify its language. Sponsored by: DARPA, NAI Labs	2002-01-30 19:03:16 +00:00
Mark Murray	c2065008b5	WARNS=4 fixes. Protect with NO_WERROR for the modules that have warnings that are hard to fix or that I've been asked to leave alone.	2002-01-24 18:37:17 +00:00
Dag-Erling Smørgrav	f748a713da	PAM modules shouldn't call putenv(); pam_putenv() is sufficient. The caller is supposed to check the PAM envlist and export the variables it contains; if it doesn't, it's broken. Sponsored by: DARPA, NAI Labs	2002-01-24 17:26:27 +00:00
Dag-Erling Smørgrav	9201dc40bf	Change the order in which pam_sm_open_session() updates the logs. This doesn't really make any difference, except it matches wtmp(5) better. Don't do anything in pam_sm_close_session(); init(8) will take care of utmp and wtmp when the tty is released. Clearing them here would make it possible to create a ghost session by logging in, running 'login -f $USER' and exiting the subshell. Sponsored by: DARPA, NAI Labs (but the bugs are all mine)	2002-01-24 17:15:04 +00:00
Dag-Erling Smørgrav	ca355e5451	Correctly interpret PAM_RHOST being unset as an indicator of a local login. Sponsored by: DARPA, NAI Labs	2002-01-24 16:18:43 +00:00
Dag-Erling Smørgrav	d233082fbe	Correctly interpret PAM_RHOST being unset as an indicator of a local login.	2002-01-24 16:16:01 +00:00
Dag-Erling Smørgrav	e4536f1138	Style nits. Sponsored by: DARPA, NAI Labs	2002-01-24 16:14:56 +00:00
Dag-Erling Smørgrav	f433d6afed	Document the even_root option. Sponsored by: DARPA, NAI Labs	2002-01-24 13:35:06 +00:00
Dag-Erling Smørgrav	76f95f4dc2	Don't let root through unless the "even_root" option was specified. Sponsored by: DARPA, NAI Labs	2002-01-24 12:47:42 +00:00
Dag-Erling Smørgrav	16e058b5d6	Add a PAM module that records sessions in utmp/wtmp/lastlog. Sponsored by: DARPA, NAI Labs	2002-01-24 09:45:17 +00:00
Dag-Erling Smørgrav	c2d5249eaf	Fix some pastos. Rather shoddy of me... Sponsored by: DARPA, NAI Labs	2002-01-24 09:44:22 +00:00
Dag-Erling Smørgrav	53f3167d07	Add a PAM module that provides an account management component for checking either PAM_RHOST or PAM_TTY against /etc/login.access.o This uncovers a problem with PAM_RHOST, in that if we always set it, there is no way to distinguish between a user logging in locally and a user logging in using 'ssh localhost'. This will be fixed by first making sure that all PAM modules can handle PAM_RHOST being unset (which is currently not the case), and then modifying su(1) and login(1) to not set it for local logins. Sponsored by: DARPA, NAI Labs	2002-01-23 17:42:16 +00:00
Dag-Erling Smørgrav	774a10071d	Add an AUTHORS section crediting ThinkSec, DARPA and NAI Labs. Sponsored by: DARPA, NAI Labs	2002-01-23 17:16:00 +00:00
Ruslan Ermilov	0509dca0c3	Add pam_ssh support to the static PAM library, libpam.a: - Spam /usr/lib some more by making libssh a standard library. - Tweak ${LIBPAM} and ${MINUSLPAM}. - Garbage collect unused libssh_pic.a. - Add fake -lz dependency to secure/ makefiles needed for dynamic linkage with -lssh. Reviewed by: des, markm Approved by: markm	2002-01-23 15:54:17 +00:00
Dag-Erling Smørgrav	b6b756b58b	Base the comparison on UIDs, not on user names. Sponsored by: DARPA, NAI Labs	2002-01-23 15:16:01 +00:00
Ruslan Ermilov	fd4ca9e02d	Make libssh.so useable (undefined reference to IPv4or6). Reviewed by: des, markm Approved by: markm	2002-01-23 15:06:47 +00:00
Dag-Erling Smørgrav	1e22a4f048	Link pam_opieaccess, pam_self and pam_ssh into the static library. Sponsored by: DARPA, NAI Labs	2002-01-21 20:43:01 +00:00
Dag-Erling Smørgrav	b0aa095ad0	On second thought, getpwnam() failure should be treated just as if the user existed, but had no OPIE key, i.e. PAM_IGNORE. Pointed out by: ache Sponsored by: DARPA, NAI Labs	2002-01-21 19:05:45 +00:00
Dag-Erling Smørgrav	b4b56d051a	Return PAM_SERVICE_ERR rather than PAM_USER_UNKNOWN if getpwnam() fails, as PAM_USER_UNKNOWN will break the chain, revealing to an attacker that the user does not exist. Sponsored by: DARPA, NAI Labs	2002-01-21 18:53:03 +00:00
Dag-Erling Smørgrav	03adba96a0	Further changes to allow enabling pam_opie(8) by default: - Ignore the {try,use}_first_pass options by clearing PAM_AUTHTOK before challenging the user. These options are meaningless for pam_opie(8) since the user can't possibly know the right response before she sees the challenge. - Introduce the no_fake_prompts option. If this option is set, pam_opie(8) will fail - rather than present a bogus challenge - if the target user does not have an OPIE key. With this option, users who haven't set up OPIE won't have to wonder what that "weird otp-md5 s**t" means :) Reviewed by: ache, markm Sponsored by: DARPA, NAI Labs	2002-01-21 18:46:25 +00:00
Dag-Erling Smørgrav	f460490260	Add a new module, pam_opieaccess(8), which is responsible for checking /etc/opieaccess and ~/.opiealways so we can decide what to do after pam_opie(8) fails. Sponsored by: DARPA, NAI Labs Reviewed by: ache, markm	2002-01-21 13:43:53 +00:00
Andrey A. Chernov	186caeedcb	snprintf bloat -> strlcpy Add getpwnam return check Approved by: des, markm	2002-01-20 20:56:47 +00:00
Andrey A. Chernov	0b836dfaf1	Back out recent changes	2002-01-19 18:03:11 +00:00
Andrey A. Chernov	6874115893	If user not exist in OPIE system, return failure immediately instead of producing fake prompts with random numbers which can be detected by potential intruder in two tries and totally confuse non-OPIE users.	2002-01-19 10:09:05 +00:00
Andrey A. Chernov	3195cd6712	Back out second right-now-expired password check in pam_sm_chauthtok, old expired password assumed there	2002-01-19 09:23:36 +00:00
Andrey A. Chernov	012400dfcd	Previous commit was incomplete, use new error code PAM_CRED_ERR to indicate die case, different from PAM_SUCCESS and PAM_AUTH_ERR	2002-01-19 08:36:47 +00:00
Andrey A. Chernov	d97cc81fa4	Rewrite 'pwok' fallback in the way it can be properly chained with pam_unix Replace snprintf %s with strlcpy Check for NULL returned from getpwnam()	2002-01-19 07:23:48 +00:00
Andrey A. Chernov	c8e3fac7a1	Add yet one expired-right-now password check, in pam_sm_chauthtok srandomdev() can't be used in libraries, replace srandomdev()+random() by arc4random()	2002-01-19 04:58:51 +00:00
Andrey A. Chernov	8c70adab72	Set pwok to 1 for non-OPIE users	2002-01-19 03:31:39 +00:00
Andrey A. Chernov	d54c36388e	Add missing check for right-now-expired password	2002-01-19 02:45:24 +00:00
Andrey A. Chernov	3f9a326a7a	Implement 'pwok', i.e. conditional fallback to unix password as supposed by opieaccessfile() and opiealways()	2002-01-19 02:38:43 +00:00
Bruce Evans	b2035c2b74	Fixed a missing "const".	2001-12-28 20:59:44 +00:00
Ruslan Ermilov	7f432ff831	mdoc(7) police: bump document date.	2001-12-14 13:49:28 +00:00
David Malone	9f5b04e925	Style improvements recommended by Bruce as a follow up to some of the recent WARNS commits. The idea is: 1) FreeBSD id tags should follow vendor tags. 2) Vendor tags should not be compiled (though copyrights probably should). 3) There should be no blank line between including cdefs and __FBSDIF.	2001-12-10 21:13:08 +00:00
Dag-Erling Smørgrav	18a85de04b	Back out previous commit. Requested by: ru	2001-12-09 15:11:55 +00:00
Ruslan Ermilov	945b9f4de9	mdoc(7) police: sort xrefs.	2001-12-08 16:28:20 +00:00
Dag-Erling Smørgrav	bdd601a1e3	Get pam_mod_misc.h from .CURDIR rather than .OBJDIR or /usr/include. Sponsored by: DARPA, NAI Labs	2001-12-07 11:51:47 +00:00
Dag-Erling Smørgrav	47c8f6faec	Now that _pam_init_handlers() works as intended, it seems clear that we do not actually want to define PAM_READ_BOTH_CONFS, so back out previous commit. Sponsored by: DARPA, NAI Labs	2001-12-07 00:38:37 +00:00
Dag-Erling Smørgrav	a45af0e2b0	We need pam_client.h from libpamc. This unbreaks world Pointed out by: jhay Pointy hat to: des	2001-12-06 12:35:18 +00:00
Dag-Erling Smørgrav	87316434d1	Define PAM_READ_BOTH_CONFS. We can now have both /etc/pam.d and /etc/pam.conf. Sponsored by: DARPA, NAI Labs	2001-12-05 17:06:16 +00:00
Dag-Erling Smørgrav	bda74fe925	Install the correct version of pam_misc.h. Sponsored by: DARPA, NAI Labs	2001-12-05 16:27:41 +00:00
Dag-Erling Smørgrav	8d3978c115	Add dummy functions for all module types. These dummies return PAM_IGNORE rather than PAM_SUCCESS, so you'll get a failure if you list dummies but no real modules for a particular module chain. Sponsored by: DARPA, NAI Labs	2001-12-05 16:06:35 +00:00
Dag-Erling Smørgrav	d5a8dd3fb5	Connect the man page to the build. Sponsored by: DARPA, NAI Labs	2001-12-05 16:02:50 +00:00
Dag-Erling Smørgrav	e2c8459e85	Add a pam_self authentication module that succeeds if and only if the local and remote user names are the same. Sponsored by: DARPA, NAI Labs	2001-12-05 15:55:14 +00:00
Mark Murray	1a8b24c257	Use __FBSDID(). Also do a bit of cosmetic #if and header-order cleaning-up.	2001-12-02 20:54:57 +00:00
Mark Murray	d2f6cd8fd5	Style fixups. Sort function declarations, includes. Make consistent WRT use of _P() macro (ugh!) Inspired by: bde	2001-12-01 21:12:04 +00:00
Mark Murray	e317b97026	WARNS=2 fixes. Reviewed by: bde (a while back)	2001-12-01 17:46:46 +00:00
Brian Feldman	7d8cee925b	Fix pam_ssh by adding an IPv4or6 (evidently, this was broken by my last OpenSSH import) declaration and strdup(3)ing a value which is later free(3)d, rather than letting the system try to free it invalidly.	2001-11-29 21:16:11 +00:00

1 2 3 4

178 Commits