Commit Graph

213 Commits

Author SHA1 Message Date
Ruslan Ermilov
7d1f1e9ca8 mdoc(7) police: fix SYNOPSIS, sort xrefs, kill extra whitespace. 2002-03-18 15:59:53 +00:00
Ruslan Ermilov
b6b2be6fbe mdoc(7) police: nits. 2002-03-18 15:55:53 +00:00
Ruslan Ermilov
8ce6622380 mdoc(7) police: sort xrefs, kill extra whitespace. 2002-03-18 15:52:28 +00:00
Crist J. Clark
51906f452e Fix world breakage introduced by my recent modifications to
chpass(8). The relations between libc, libpam, chpass, passwd, and
vipw are a mess and probably should be cleaned up.

Submitted by:	Peter Pentchev <roam@ringlet.net>
2002-03-18 12:55:28 +00:00
Ruslan Ermilov
a68af001da mdoc(7) police: tiny fixes. 2002-03-15 18:09:32 +00:00
Ruslan Ermilov
3e5aa36e12 mdoc(7) police: expand contractions. 2002-03-15 18:06:25 +00:00
Dag-Erling Smørgrav
f03a4b810a NAI DBA update. 2002-03-14 23:27:59 +00:00
Mark Murray
8c3ea588df Remove the use of random(3), and encapsulate the salt-generation in
its own function. The use of arc4random(3) is hopeless overkill here,
but that does not hurt anything.

Requested by:	ache
2002-03-14 16:41:36 +00:00
Maxim Sobolev
f651c1533c Don't ignore system CFLAGS. 2002-03-07 16:56:19 +00:00
Mark Murray
3556489a52 Fix build for OpenPAM. The directories needed tweeking. 2002-03-07 16:03:56 +00:00
Dag-Erling Smørgrav
38ca451d39 This file is not needed any more 2002-03-07 12:03:50 +00:00
Brian Feldman
30da7e6299 Now pam_alreadyloggedin lives in the ports. 2002-03-07 02:23:19 +00:00
Brian Feldman
c53dd30bb3 Add the pam_alreadyloggedin(8) module, which allows for authentication
based on information that the user is already logged in.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-03-06 18:21:28 +00:00
Peter Pentchev
8a177c636f Unbreak the pam_krb5 build: cast a couple of const pointers
to normal char *.  A better fix might be some const'ifying
of the Heimdal code, but this will do to fix the build
for the present.

Approved by:	des
2002-03-06 16:49:02 +00:00
Dag-Erling Smørgrav
e0dd4a7813 Add forgotten NOPROFILE that broke world. 2002-03-06 12:11:05 +00:00
Dag-Erling Smørgrav
519b6a4c8f Switch to OpenPAM. Bump library version. Modules are now versioned, so
applications linked with Linux-PAM will still work.
Remove pam_get_pass(); OpenPAM has pam_get_authtok().
Remove pam_prompt(); OpenPAM has pam_{,v}{error,info,prompt}().
Remove pam_set_item(3) man page as OpenPAM has its own.

Sponsored by:	DARPA, NAI Labs
2002-03-05 21:56:25 +00:00
Dag-Erling Smørgrav
e3cd129613 Add missing dependency on libutil. 2002-03-05 12:52:03 +00:00
Maxim Sobolev
c80f5647cb Create /var/log/lastlog if it doesn't exist.
Submitted by:	des
2002-02-20 07:47:06 +00:00
Dag-Erling Smørgrav
7f28386a26 This file needs <syslog.h>.
Sponsored by:	DARPA, NAI Labs
2002-02-09 14:12:09 +00:00
Ruslan Ermilov
e47a40e7f7 Now that cross-tools ld(1) has been fixed to look for dynamic
dependencies in the correct place, record the fact that -lssh
depends on -lcrypto and -lz.

Removed false dependencies on -lz (except ssh(1) and sshd(8)).
Removed false dependencies on -lcrypto and -lutil for scp(1).

Reviewed by:	markm
2002-02-08 13:42:58 +00:00
Mark Murray
30577d19fa Remove NO_WERROR, now that WARNS=n is gone. 2002-02-06 18:46:48 +00:00
Mark Murray
427e2d5c02 Comment out the WARNS= so as to not trample all over the GCC3 work. 2002-02-06 18:14:59 +00:00
Dag-Erling Smørgrav
04f71c5352 Three times lucky: <stddef.h>, not <sys/param.h> 2002-02-05 08:01:32 +00:00
Dag-Erling Smørgrav
93cf4c1be3 Oops, the correct header to include for NULL is <sys/param.h>. 2002-02-05 07:53:00 +00:00
Dag-Erling Smørgrav
0ae5018b3e #include <sys/types.h> for NULL (hidden by Linux-PAM header pollution)
Sponsored by:	DARPA, NAI Labs
2002-02-05 06:20:27 +00:00
Dag-Erling Smørgrav
8c66575de8 #include cleanup.
Sponsored by:	DARPA, NAI Labs
2002-02-05 06:08:26 +00:00
Mark Murray
34b28989d1 Explicitly declare (gcc internal) functions.
Submitted by:	ru
2002-02-04 17:59:25 +00:00
Dag-Erling Smørgrav
12b6e9a089 ssh_get_authentication_connection() gets its parameters from environment
variables, so temporarily switch to the PAM environment before calling it.

Submitted by:	Takanori Saneto <sanewo@ba2.so-net.ne.jp>
2002-02-04 17:15:44 +00:00
Mark Murray
95641278ef Protect "make buildworld" against -Werror, as this module does not
build cleanly.
2002-02-04 16:09:25 +00:00
Mark Murray
21e5d74291 Add the other half of the salt-generating code. No functional
difference except that the salt is slightly harder to build
dictionaries against, and the code does not use srandom[dev]().
2002-02-04 00:28:54 +00:00
Mark Murray
63d770d8ea Turn on fascist warning mode. 2002-02-03 15:51:52 +00:00
Mark Murray
ac5699692e WARNS=n fixes (and some stylistic issues). 2002-02-03 15:17:57 +00:00
Dag-Erling Smørgrav
59057a6d6f Remove an unnecessary #include that trips up OpenPAM. The header in question
is an internal Linux-PAM header which shouldn't be used outside Linux-PAM
itself, and has absolutely zero effect on pam_ftp.

Sponsored by:	DARPA, NAI Labs
MFC after:	1 week
2002-02-02 17:51:39 +00:00
Dag-Erling Smørgrav
ab50ade43c Post-repocopy cleanup.
Sponsored by:	DARPA, NAI Labs
2002-02-01 22:25:07 +00:00
Dag-Erling Smørgrav
2d0a7148b6 Connect the pam_lastlog(8) and pam_login_access(8) modules to the build.
Sponsored by:	DARPA, NAI Labs
2002-02-01 08:49:53 +00:00
Dag-Erling Smørgrav
c60ed00a43 Still with asbestos longjohns on, completely PAMify login(1) and remove
code made redundant by various PAM modules (primarily pam_unix(8)).

Sponsored by:	DARPA, NAI Labs
2002-01-30 19:10:21 +00:00
Dag-Erling Smørgrav
e9cc7b1d92 With asbestos longjohns on, integrate most of the checks normally done by
login(1) (password & account expiry, hosts.access etc.) into pam_unix(8).

Sponsored by:	DARPA, NAI Labs
2002-01-30 19:09:11 +00:00
Dag-Erling Smørgrav
a2d20838b0 Move the code from pam_sm_authenticate() to pam_sm_acct_mgmt(). Simplify
it a little and try to make it more resilient to various possible failure
conditions.  Change the man page accordingly, and take advantage of this
opportunity to simplify its language.

Sponsored by:	DARPA, NAI Labs
2002-01-30 19:03:16 +00:00
Mark Murray
c2065008b5 WARNS=4 fixes. Protect with NO_WERROR for the modules that have
warnings that are hard to fix or that I've been asked to leave alone.
2002-01-24 18:37:17 +00:00
Dag-Erling Smørgrav
f748a713da PAM modules shouldn't call putenv(); pam_putenv() is sufficient. The
caller is supposed to check the PAM envlist and export the variables it
contains; if it doesn't, it's broken.

Sponsored by:	DARPA, NAI Labs
2002-01-24 17:26:27 +00:00
Dag-Erling Smørgrav
9201dc40bf Change the order in which pam_sm_open_session() updates the logs. This
doesn't really make any difference, except it matches wtmp(5) better.

Don't do anything in pam_sm_close_session(); init(8) will take care of
utmp and wtmp when the tty is released.  Clearing them here would make it
possible to create a ghost session by logging in, running 'login -f $USER'
and exiting the subshell.

Sponsored by:	DARPA, NAI Labs (but the bugs are all mine)
2002-01-24 17:15:04 +00:00
Dag-Erling Smørgrav
ca355e5451 Correctly interpret PAM_RHOST being unset as an indicator of a local
login.

Sponsored by:	DARPA, NAI Labs
2002-01-24 16:18:43 +00:00
Dag-Erling Smørgrav
d233082fbe Correctly interpret PAM_RHOST being unset as an indicator of a local
login.
2002-01-24 16:16:01 +00:00
Dag-Erling Smørgrav
e4536f1138 Style nits.
Sponsored by:	DARPA, NAI Labs
2002-01-24 16:14:56 +00:00
Dag-Erling Smørgrav
f433d6afed Document the even_root option.
Sponsored by:	DARPA, NAI Labs
2002-01-24 13:35:06 +00:00
Dag-Erling Smørgrav
76f95f4dc2 Don't let root through unless the "even_root" option was specified.
Sponsored by:	DARPA, NAI Labs
2002-01-24 12:47:42 +00:00
Dag-Erling Smørgrav
16e058b5d6 Add a PAM module that records sessions in utmp/wtmp/lastlog.
Sponsored by:	DARPA, NAI Labs
2002-01-24 09:45:17 +00:00
Dag-Erling Smørgrav
c2d5249eaf Fix some pastos. Rather shoddy of me...
Sponsored by:	DARPA, NAI Labs
2002-01-24 09:44:22 +00:00
Dag-Erling Smørgrav
53f3167d07 Add a PAM module that provides an account management component for checking
either PAM_RHOST or PAM_TTY against /etc/login.access.o

This uncovers a problem with PAM_RHOST, in that if we always set it, there
is no way to distinguish between a user logging in locally and a user
logging in using 'ssh localhost'.  This will be fixed by first making sure
that all PAM modules can handle PAM_RHOST being unset (which is currently
not the case), and then modifying su(1) and login(1) to not set it for
local logins.

Sponsored by:	DARPA, NAI Labs
2002-01-23 17:42:16 +00:00
Dag-Erling Smørgrav
774a10071d Add an AUTHORS section crediting ThinkSec, DARPA and NAI Labs.
Sponsored by:	DARPA, NAI Labs
2002-01-23 17:16:00 +00:00