freebsd-dev

Author	SHA1	Message	Date
Dag-Erling Smørgrav	33b7c0d94c	Fix a strict aliasing issue. Also remove an unnecessary pam_get_item() call (pam_get_authtok() will return the previous token if try_first_pass or use_first_pass is specified). Incidentally fix an ugly bug where the buffer holding the prompt was freed immediately before use, instead of after.	2003-12-11 15:51:03 +00:00
Dag-Erling Smørgrav	4911b12cba	More strict aliasing fixes. Submitted by: Andreas Hauser <andy-freebsd@splashground.de>	2003-12-11 15:48:09 +00:00
Dag-Erling Smørgrav	91e938693e	Fix strict aliasing breakage in PAM modules (except pam_krb5, which needs more work than the others). This should make most modules build with -O2.	2003-12-11 13:55:16 +00:00
Maxim Sobolev	cd28f89c12	Fix on sparc64. Reported by: rwatson/tinderbox MFC after: 2 weeks	2003-11-12 23:36:17 +00:00
Maxim Sobolev	f142677b46	Add a new configuration variable - nas_ipaddr, which if set allows to set NAS-IP-Address attribute in requests generated by the pam_radius module. This attribute is mandatory for some Radius servers out there. Reviewed by: des MFC after: 2 weeks	2003-11-12 17:47:23 +00:00
Ken Smith	921e5ca770	- fix to UID test description, non-zero -> zero PR: docs/57799 Reviewed by: des Approved by: blackend (mentor)	2003-10-17 17:03:38 +00:00
Dag-Erling Smørgrav	24db258f35	Ignore ECHILD from waitpid(2) (our child may have been reaped by the calling process's SIGCHLD handler) PR: bin/45669	2003-09-19 11:33:03 +00:00
Dag-Erling Smørgrav	3a256117dc	Revert previous commit after fixing libpam.	2003-07-21 19:56:28 +00:00
Dag-Erling Smørgrav	015d0cd6e2	Add a __DECONST() to unbreak the build.	2003-07-15 14:36:36 +00:00
Martin Blapp	dd01398df6	Fix the master yppasswd routines, so they really work for root on ypmaster. yppasswd_local() did use YPPASSWDPROG instead of MASTER_YPPASSWDPROG, and the domain was not set, resulting in a coredump during xdr-encode. Reviewed by: des	2003-06-15 10:37:22 +00:00
Dag-Erling Smørgrav	2d2b70f60b	Add openpam_readline(3).	2003-06-01 12:54:51 +00:00
Dag-Erling Smørgrav	008c1ace7b	Retire pam_wheel(8) (which has been disconnected for quite a while) and pam_ftp(8).	2003-06-01 11:50:35 +00:00
Dag-Erling Smørgrav	ae1e82627a	Don't build pam_std_option().	2003-05-31 23:38:16 +00:00
Dag-Erling Smørgrav	4d6991c692	Update copyright dates.	2003-05-31 17:19:03 +00:00
Dag-Erling Smørgrav	f7d39b0967	Remove pam_std_option() and related functions. Add #defines for common options.	2003-05-31 16:56:35 +00:00
Dag-Erling Smørgrav	545aa47101	Remove all instances of pam_std_option()	2003-05-31 16:55:07 +00:00
Dag-Erling Smørgrav	d462d3923b	Introduce pam_guest(8) which will replace pam_ftp(8).	2003-05-31 16:52:58 +00:00
Ruslan Ermilov	734ac3b543	mdoc(7) fixes. Approved by: re (blanket)	2003-05-24 19:53:08 +00:00
Dag-Erling Smørgrav	7691f66abf	Retire the useless NOSECURE knob. Approved by: re (scottl)	2003-05-19 15:52:01 +00:00
Dag-Erling Smørgrav	8b48559cff	OpenPAM is WANRS6-clean.	2003-05-05 21:15:35 +00:00
Mark Murray	dbf104e68d	Turn MAKE_KERBEROS5 into NO_KERBEROS by negating the logic. Some extra cleanups were necessary in release/Makefile, and the tinderbox code was syntax checked, not run checked.	2003-05-05 07:58:44 +00:00
Mark Murray	aaa2c2ab24	Trasmute moer "krb5" distibutions into "crypto".	2003-05-01 21:21:15 +00:00
Dag-Erling Smørgrav	6c0510dc2f	Use C99-style varadic macros instead of the non-standard gcc syntax.	2003-05-01 15:08:55 +00:00
Dag-Erling Smørgrav	e50fb9d500	Mark libpam as c99- and WARNS5-clean.	2003-05-01 14:55:06 +00:00
Dag-Erling Smørgrav	8f3031025b	Make sure rhostip is always initialized. PR: bin/51508 Submitted by: Peter Grimshaw <peter@tesseract.demon.co.uk>	2003-04-30 00:49:42 +00:00
Dag-Erling Smørgrav	ccd703cfe4	Treat an empty PAM_RHOST the same as a NULL one. PR: bin/51508	2003-04-30 00:44:05 +00:00
Dag-Erling Smørgrav	3edc7b4e0b	Set $HOME to the correct directory (within the chroot tree).	2003-04-30 00:40:24 +00:00
Dag-Erling Smørgrav	be01d58da1	Remove a bogus null password check which assumed that a user with an empty password must necessarily have an empty pwd->pw_passwd. Also add a check that prevents users from setting a blank password unless the nullok option was specified. Root is still allowed to give anyone a blank password.	2003-04-24 12:26:25 +00:00
Dag-Erling Smørgrav	a8643c9882	Connect the pam_chroot(8) module to the build.	2003-04-08 16:52:34 +00:00
Dag-Erling Smørgrav	d4e15f10b1	Add a cwd option which specifies where to chdir(2) after the chroot(2). When using the /home/./foo scheme, this defaults to the rhs (/foo); otherwise it defaults to /.	2003-04-08 16:52:18 +00:00
Dag-Erling Smørgrav	eac956b2d1	Experimental pam_chroot module (not connected to the build)	2003-03-30 22:58:23 +00:00
Dag-Erling Smørgrav	f5bbe11124	This module is not WARNS-clean, due to brokenness in OpenSSL headers.	2003-03-10 09:19:08 +00:00
Dag-Erling Smørgrav	16bb3109e3	Somewhat better wording.	2003-03-10 09:15:26 +00:00
Dag-Erling Smørgrav	02a19b0184	Silence warning caused by OPIE brokenness.	2003-03-10 09:15:08 +00:00
David E. O'Brien	7f03a257ac	style.Makefile(5) police (I've tried to keep to the spirit of the original formatting) Reviewed by: des	2003-03-09 20:06:38 +00:00
Mark Murray	5d658b151b	KerberosIV de-orbit burn continues. Remove the KerberosIV PAM module.	2003-03-08 10:33:20 +00:00
Mark Murray	b4240e6ce9	Comment-only assistance to lint to kill warnings.	2003-03-08 10:30:49 +00:00
Ruslan Ermilov	66abb7a636	mdoc(7) police: Nits.	2003-03-03 11:45:18 +00:00
Ruslan Ermilov	522ccf3f35	mdoc(7) police: markup laundry.	2003-02-23 01:47:49 +00:00
Dag-Erling Smørgrav	859ac7c46f	Add an "allow_local" option which forces historical behaviour.	2003-02-16 13:01:03 +00:00
Dag-Erling Smørgrav	b645332a81	Assume "localhost" if no remote host was specified. This is safe from a POLA point of view since the stock /etc/opieaccess now allows localhost.	2003-02-15 23:26:49 +00:00
Dag-Erling Smørgrav	48c12730cd	Use pam_get_user(3) instead of pam_get_item(3) where appropriate.	2003-02-10 18:59:20 +00:00
Dag-Erling Smørgrav	d902781908	Complete rewrite of pam_ssh(8). The previous version was becoming hard to maintain, and had security issues which would have required a major rewrite to address anyway. This implementation currently starts a separate agent for each session instead of connecting each new session to the agent started by the first one. While this would be a Good Thing (and the old pam_ssh(8) tried to do it), it's hard to get right. I'll revisit this issue when I've had a chance to test some modifications to ssh-agent(1).	2003-02-09 21:20:44 +00:00
Dag-Erling Smørgrav	687200d002	Maybe I was a little too fast? Remove debugging code, and commit the Makefile and man page which I'd forgotten to 'cvs add'. Sponsored by: DARPA, NAI Labs	2003-02-06 14:27:48 +00:00
Dag-Erling Smørgrav	7cde604ebd	Replace pam_wheel(8) with pam_group(8) which has a cleaner interface. The pam_wheel(8) module was written to work in spite of a broken libpam, and has grown organically since its inception, which is reflected in both its functionality and implementation. Rather than clean up pam_wheel(8) and break backward compatibility, I've chosen to reimplement it under a new, more generic name. Sponsored by: DARPA, NAI Labs	2003-02-06 14:24:14 +00:00
Dag-Erling Smørgrav	9e2409d3d5	Make sure the message is only printed once.	2003-02-06 14:19:50 +00:00
Dag-Erling Smørgrav	915bae31b7	Don't blame markm for what he didn't do - writing these man pages, for instance. Also bump the date since I made substantial modifications earlier today.	2003-02-06 13:47:21 +00:00
Dag-Erling Smørgrav	37def36f9b	Update copyright.	2003-02-06 12:56:51 +00:00
Dag-Erling Smørgrav	caeab58cd8	Add support for escape sequences in the arguments (e.g. %u for user name) Sponsored by: DARPA, NAI Labs	2003-02-06 12:56:39 +00:00
Dag-Erling Smørgrav	a76a4d449d	Export the PAM environment to the child process instead of the "normal" environment list, which may be unsafe and / or sensitive. Sponsored by: DARPA, NAI Labs	2003-02-06 12:40:58 +00:00
Dag-Erling Smørgrav	aa7f9c67e6	Minimal manual page for pam_kerberosIV(8). Sponsored by: DARPA, NAI Labs	2003-02-06 10:55:11 +00:00
Dag-Erling Smørgrav	8dad14b11b	In pam_sm_acct_mgmt(), retrieve the cached credentials before trying to initialize the context. This way, a failure to initialize the context is not fatal unless we actually have work to do - because if we don't, we return PAM_SUCCESS without even trying to initialize the context.	2003-02-03 09:45:41 +00:00
Dag-Erling Smørgrav	bd12700b18	Whitespace cleanup	2003-02-03 09:43:28 +00:00
Dag-Erling Smørgrav	cb6e9daaa9	OpenPAMify.	2003-02-02 18:43:58 +00:00
Jacques Vidrine	8f857e88c4	Do not return inappropriate error codes in pam_sm_setcred.	2003-01-29 21:20:38 +00:00
Jacques Vidrine	e0bc74123b	About September 2001, I consulted with all the previous authors of pam_krb5 to consolidate the copyright texts. The semi-official pam_krb5 module has been distributed with this new license text ever since, but I'm just now getting around to updating the text here.	2003-01-10 13:38:44 +00:00
Jens Schweikhardt	57bd0fc6e8	english(4) police.	2002-12-27 12:15:40 +00:00
Ruslan Ermilov	fb3acdd2a2	mdoc(7) police: removed gratuitous .Pp call.	2002-12-23 15:21:57 +00:00
Dag-Erling Smørgrav	32f0c0487b	Merge in most non-style differences from Andrew Korty's pam_ssh 1.7.	2002-12-16 14:33:18 +00:00
Ruslan Ermilov	87e9be3900	mdoc(7) police: .Dt is ALL UPPERCASE. Approved by: re	2002-12-12 08:19:47 +00:00
Ruslan Ermilov	1798791d24	mdoc(7) police: formatting nits. Approved by: re	2002-11-29 15:57:50 +00:00
Dag-Erling Smørgrav	bb16bd87d7	Whitespace nits. Approved by: re (bmah)	2002-11-28 20:11:31 +00:00
Dag-Erling Smørgrav	3fdd8a4036	Add a PAM_MODULE_ENTRY to this module so it'll actually do something. Approved by: re (bmah)	2002-11-28 20:05:42 +00:00
Peter Wemm	6ceeb6902a	utmp.ut_time and lastlog.ll_time are explicitly int32_t rather than time_t. Deal with the possibility that time_t != int32_t. This boils down to this sort of thing: - time(&ut.ut_time); + ut.ut_time = time(NULL); and similar for ctime(3) etc. I've kept it minimal for the stuff that may need to be portable (or 3rd party code), but used Matt's time32 stuff for cases where that isn't as much of a concern. Approved by: re (jhb)	2002-11-15 22:42:00 +00:00
Ruslan Ermilov	3f66c888ec	Make dynamic PAM modules depend on dynamic PAM library. Requested by: des, markm	2002-11-14 19:24:51 +00:00
Jacques Vidrine	7c2274dc95	The pam_krb5 module stored a reference to a krb5_ccache structure as PAM module state (created in pam_sm_authenticate and referenced later in pam_sm_setcred and pam_sm_acct_mgmt). However, the krb5_ccache structure shares some data members with the krb5_context structure that was used in its creation. Since a new krb5_context is created and destroyed at each PAM entry point, this inevitably caused the krb5_ccache structure to reference free'd memory. Now instead of storing a pointer to the krb5_ccache structure, we store the name of the cache (e.g. `MEMORY:0x123CACHE') in pam_sm_authenticate, and resolve the name in the other entry points. This bug was uncovered by phkmalloc's free'd memory scrubbing. Approved by: re (jhb)	2002-11-13 17:46:15 +00:00
Jacques Vidrine	88c8bcce6c	Use `krb5_get_err_text' instead of` error_message' so that instead of e.g. Unknown error: -1765328378 we get Client not found in Kerberos database Another way to accomplish this would have been to leave `error_message' alone, but to explicitly load the Kerberos com_err error tables. However, I don't really like the idea of a PAM module dorking with global tables. Approved by: re (jhb)	2002-11-13 17:44:29 +00:00
Dag-Erling Smørgrav	a1d214e88b	Allow the admin to specify a different NAS identifier than the hostname. Submitted by: Boris Kovalenko <boris@ntmk.ru>	2002-10-28 10:28:46 +00:00
Robert Watson	195426c211	Introduce 'exempt_if_empty' option to pam_wheel(8), which bypasses the group membership requirement if the group has no explicit members listed in /etc/group. By default, this group is the wheel group; setting this flag restores the default BSD behavior from 4.x. Reviewed by: markm Requested by: various Sponsored by: DARPA, Network Associates Laboratories	2002-10-18 02:37:29 +00:00
Ruslan Ermilov	890b32ee41	Build kerberized versions of the PAM library, and install them into corresponding distributions during "make release". (This also cleans the "slib" distribution up from the .o files.) PR: misc/43825 (inspired by)	2002-10-11 14:17:09 +00:00
Peter Wemm	224af215a6	Zap now-unused SHLIB_MINOR	2002-09-28 00:25:32 +00:00
Peter Wemm	66422f5b7a	Initiate deorbit burn for the i386-only a.out related support. Moves are under way to move the remnants of the a.out toolchain to ports. As the comment in src/Makefile said, this stuff is deprecated and one should not expect this to remain beyond 4.0-REL. It has already lasted WAY beyond that. Notable exceptions: gcc - I have not touched the a.out generation stuff there. ldd/ldconfig - still have some code to interface with a.out rtld. old as/ld/etc - I have not removed these yet, pending their move to ports. some includes - necessary for ldd/ldconfig for now. Tested on: i386 (extensively), alpha	2002-09-17 01:49:00 +00:00
Dag-Erling Smørgrav	68e6e4bd40	Since pam_get_authtok(3) doesn't know about our options structure, setting the PAM_ECHO_PASS option on-the-fly is a NOP (though it wasn't with the old pam_get_pass(3) code). Instead, call pam_prompt(3) directly. This actually simplifies the code a bit. MFC after: 3 days	2002-07-30 08:32:03 +00:00
Dag-Erling Smørgrav	99260419d6	Install more man pages - I thought I'd committed this ages ago...	2002-07-23 17:59:46 +00:00
Ruslan Ermilov	c101b5f3f3	Tidy up.	2002-06-06 13:55:01 +00:00
Dag-Erling Smørgrav	eb6f605e2f	Missed one in previous commit. Pointed out by: nectar	2002-05-30 20:48:59 +00:00
Ruslan Ermilov	6a63652701	mdoc(7) police: kill whitespace at EOL.	2002-05-30 14:52:00 +00:00
Ruslan Ermilov	5617846748	mdoc(7) police: polish markup.	2002-05-30 14:49:57 +00:00
Ruslan Ermilov	9baa2c98cf	mdoc(7) police: tidy up the markup.	2002-05-30 14:32:48 +00:00
Jacques Vidrine	3a27166692	Add pam_ksu(8), a module to do Kerberos 5 authentication and $HOME/.k5login authorization for su(1). Reviewed by: des (earlier version)	2002-05-28 20:52:31 +00:00
Dag-Erling Smørgrav	c096af69cd	Add openpam_nullconv.3.	2002-05-24 13:22:15 +00:00
Dag-Erling Smørgrav	f346f31b43	Add missing include.	2002-05-24 13:20:40 +00:00
Dag-Erling Smørgrav	f65b218085	Just to show that PAM can do almost anything from the ridiculous to the obscene, or - as they say in New York - sophisticated, add pam_echo(8) and pam_exec(8) to our ever-lengthening roster of PAM modules. Sponsored by: DARPA, NAI Labs.	2002-05-23 22:03:06 +00:00
Dag-Erling Smørgrav	2569c273c7	Hide a couple of unguarded error returns behind the no_fail test.	2002-05-23 00:02:59 +00:00
Juli Mallett	816c6c91e2	Free old_pwd only in the code path where it has been allocated. Reviewed by: des	2002-05-22 23:18:25 +00:00
David E. O'Brien	1dba4170b1	Do not build pam_ssh if NOSECURE is set (NO_OPENSSL is on a subset of NOSECURE)	2002-05-15 20:25:32 +00:00
Ruslan Ermilov	2a53f3fb35	Major cleanup of bsd.lib.mk. Get rid of the INTERNALSTATICLIB knob and just use plain INTERNALLIB. INTERNALLIB now means to build static library only and don't install anything. Added a NOINSTALLLIB knob for libpam/modules. To not build any library at all, just do not set LIB.	2002-05-13 10:53:24 +00:00
Ruslan Ermilov	c7b111cba8	Added new bsd.incs.mk which handles installing of header files via INCS. Implemented INCSLINKS (equivalent to SYMLINKS) to handle symlinking include files. Allow for multiple groups of include files to be installed, with the powerful INCSGROUPS knob. Documentation to follow. Added standard `includes' and `incsinstall' targets, use them in Makefile.inc1. Headers from the following makefiles were not installed before (during `includes' in Makefile.inc1): kerberos5/lib/libtelnet/Makefile lib/libbz2/Makefile lib/libdevinfo/Makefile lib/libform/Makefile lib/libisc/Makefile lib/libmenu/Makefile lib/libmilter/Makefile lib/libpanel/Makefile Replaced all `beforeinstall' targets for installing includes with the INCS stuff. Renamed INCDIR to INCSDIR, for consistency with FILES and SCRIPTS, and for compatibility with NetBSD. Similarly for INCOWN, INCGRP, and INCMODE. Consistently use INCLUDEDIR instead of /usr/include. gnu/lib/libstdc++/Makefile and gnu/lib/libsupc++/Makefile changes were only lightly tested due to the missing contrib/libstdc++-v3. I fully tested the pre-WIP_GCC31 version of this patch with the contrib/libstdc++.295 stuff. These changes have been tested on i386 with the -DNO_WERROR "make world" and "make release".	2002-05-12 16:01:00 +00:00
Dag-Erling Smørgrav	55589c84e2	Don't declare krb5_mcc_ops, it's already declared in <krb5.h>	2002-05-12 07:06:27 +00:00
Dag-Erling Smørgrav	f1d0592537	Use libutil and libypclnt for all passwd manipulation and NIS needs. Sponsored by: DARPA, NAI Labs	2002-05-08 00:54:29 +00:00
Dag-Erling Smørgrav	89136eab16	Add a no_fail option. Sponsored by: DARPA, NAI Labs	2002-05-08 00:31:45 +00:00
Dag-Erling Smørgrav	2256d3698a	Add pam_ftpusers(8), which enforces /etc/ftpusers. Sponsored by: DARPA, NAI Labs	2002-05-08 00:30:10 +00:00
Dag-Erling Smørgrav	597aaec942	Add openpam_nullconv.c to SRCS.	2002-05-02 04:42:59 +00:00
Dag-Erling Smørgrav	0f6517b7d8	Don't ask root for the old password, except in the NIS case. Sponsored by: DARPA, NAI Labs	2002-04-26 19:28:17 +00:00
Dag-Erling Smørgrav	c8c20c5226	Fix a really dumb bug (missing curly braces around the body of an if statement) that caused pam_sm_chauthtok() to always fail silently.	2002-04-26 01:47:48 +00:00
Dag-Erling Smørgrav	750e6876cf	Oops, fix an inverted if test.	2002-04-20 16:52:41 +00:00
Dag-Erling Smørgrav	1583027008	Strip /dev/ from tty name, and clean up the "last login" printout. Sponsored by: DARPA, NAI Labs	2002-04-20 16:44:32 +00:00
Ruslan Ermilov	3cb7acc2cd	Revert previous change. bsd.dep.mk,v 1.31 had a bug that was fixed in revision 1.32 and made this change OBE.	2002-04-17 05:46:41 +00:00
Dag-Erling Smørgrav	b1e0b30d83	Add a missing .El and fix a typo. Spotted by: Solar Designer <solar@openwall.com> Sponsored by: DARPA, NAI Labs	2002-04-16 22:38:47 +00:00
Ruslan Ermilov	c34f0a19f7	Reflect change in share/mk/bsd.dep.mk,v 1.31.	2002-04-16 12:52:22 +00:00
Dag-Erling Smørgrav	c82bffaa40	Revert previous commit, it is incorrect.	2002-04-15 22:51:31 +00:00
David E. O'Brien	f01afd3101	Properly spell rpcsvc/ypclnt.h and fix the build.	2002-04-15 22:47:28 +00:00
Dag-Erling Smørgrav	4c8153125a	Throw in NO_WERROR to please the peanut gallery.	2002-04-15 13:10:28 +00:00
Dag-Erling Smørgrav	53fd6d26b2	Use PAM_SUCCESS instead of PAM_IGNORE.	2002-04-15 06:26:32 +00:00
Dag-Erling Smørgrav	ab4f115e57	Whitespace nits.	2002-04-15 03:52:22 +00:00
Dag-Erling Smørgrav	f71d08000d	Add a manual page based on Solar Designer's README. Sponsored by: DARPA, NAI Labs	2002-04-15 03:45:14 +00:00
Dag-Erling Smørgrav	a11a75ce7c	pam_passwdqc depends on libcrypt.	2002-04-15 03:44:42 +00:00
Dag-Erling Smørgrav	7b733689a3	Prompt for new password during update phase, not during preliminary phase. Sponsored by: DARPA, NAI Labs	2002-04-15 03:00:14 +00:00
Dag-Erling Smørgrav	ff1bc287ac	Dike out most of the NIS code and replace it with calls to libypclnt. Rework pam_sm_chauthtok() so it (mostly?) works. The standard pw stuff still needs to move into a library somewhere. Sponsored by: DARPA, NAI Labs	2002-04-15 02:34:43 +00:00
Dag-Erling Smørgrav	f2b9b94ab4	pam_passwdqc builds now.	2002-04-14 22:31:36 +00:00
Dag-Erling Smørgrav	81a587f467	More recent versions of pam_passwdqc (not yet released) build with very few warnings.	2002-04-14 18:48:57 +00:00
Dag-Erling Smørgrav	a358391f59	New files in OpenPAM Cineraria. Sponsored by: DARPA, NAI Labs	2002-04-14 18:30:27 +00:00
Dag-Erling Smørgrav	db4b82edde	Cosmetic nit.	2002-04-14 18:30:03 +00:00
Dag-Erling Smørgrav	b6bd548cdc	Cast a ptrdiff_t to int before using it as a printf field width.	2002-04-14 16:44:04 +00:00
Dag-Erling Smørgrav	2f6ee8eb7e	Change \|\| into && (braino in previous commit). Also append \n to the error message.	2002-04-13 06:14:30 +00:00
Dag-Erling Smørgrav	24fe7ba0d9	Major cleanup: - add __unused where appropriate - PAM_RETURN -> return since OpenPAM already logs the return value. - make PAM_LOG use openpam_log() - make PAM_VERBOSE_ERROR use openpam_get_option() and check flags for PAM_SILENT - remove dummy functions since OpenPAM handles missing service functions - fix various warnings Sponsored by: DARPA, NAI Labs	2002-04-12 22:27:25 +00:00
Dag-Erling Smørgrav	95ca4cb3f6	Add a pam_rhosts module, loosely based on code submitted by Danny Braniss. Submitted by: Danny Braniss <danny@cs.huji.ac.il> Sponsored by: DARPA, NAI Labs	2002-04-12 20:10:18 +00:00
Dag-Erling Smørgrav	fd994fa945	Rename the even_root option to allow_root. Sponsored by: DARPA, NAI Labs	2002-04-12 20:05:27 +00:00
Ruslan Ermilov	a60a1ea33b	Reimplement the hack to put pam_static.o into .depend with some magic.	2002-04-11 12:21:16 +00:00
Ruslan Ermilov	90a9863e16	Moved SHLIB_NAME definition into one place. Approved by: des	2002-04-10 18:07:05 +00:00
Ruslan Ermilov	196f4c26f4	Fixed broken "make depend; make clean; make all" sequence. I've looked for this example for a long time, to demonstrate some people why it's a really BAD idea to use ${.OBJDIR} instead of ".". I hope these people are reading this. :-) Approved by: des	2002-04-10 18:00:32 +00:00
Ruslan Ermilov	e348eb5318	Fix broken `checkdpadd'. -lroken is an installable library, there's no need to give an explicit path to it. In any case, -L paths should be specified in LDFLAGS if needed. Approved by: des	2002-04-10 17:53:43 +00:00
Ruslan Ermilov	f5ef4bac45	Don't override standard _EXTRADEPEND actions, add to them. Fix CLEANFILES. Collapse openpam_static_modules.o generation.	2002-04-10 17:46:59 +00:00
Dag-Erling Smørgrav	2270ac91b4	Remove debugging code that was inadvertantly brought in by previous commit.	2002-04-08 12:41:08 +00:00
Dag-Erling Smørgrav	eafd17c552	Use OpenPAM's credential switching functions. Sponsored by: DARPA, NAI Labs	2002-04-08 12:38:50 +00:00
Dag-Erling Smørgrav	f6363a1814	Add new files and man pages from OpenPAM Cinchona. Sponsored by: DARPA, NAI Labs	2002-04-08 12:34:53 +00:00
Dag-Erling Smørgrav	2bca1ead9a	Remove commented-out WARNS thingy.	2002-04-08 12:33:48 +00:00
Ruslan Ermilov	f2f306b622	Align for const poisoning in -lutil.	2002-04-08 11:07:51 +00:00
Dag-Erling Smørgrav	50000f00df	Reorganize pam_sm_authenticate() to reduce code duplication. Sponsored by: DARPA, NAI Labs	2002-04-07 21:18:18 +00:00
Dag-Erling Smørgrav	a8b1e59eb2	Fix bug in previous commit that passed the wrong default value to login_getcapstr(3). Also fix a longer-standing bug (login_close(3) frees the string returned by login_getcapstr(3)) by reorganizing the code a little, and use login_getpwclass(3) instead of login_getclass(3) if we already have a struct pwd. Sponsored by: DARPA, NAI Labs	2002-04-07 20:43:27 +00:00
Dag-Erling Smørgrav	9db21c5fd1	This one needs NO_WERROR too.	2002-04-07 12:53:58 +00:00
Dag-Erling Smørgrav	92c07aa880	Turn on NO_WERROR due to namespace pollution in krb5 headers.	2002-04-07 04:44:16 +00:00
Dag-Erling Smørgrav	111ccd256c	Aggressive cleanup of warnings + authtok-related code in preparation for PAMifying passwd(1). Sponsored by: DARPA, NAI Labs.	2002-04-06 19:30:04 +00:00
Dag-Erling Smørgrav	18006b1ab8	Disconnect pam_passwdqc for now, it has some issues that need resolving.	2002-04-06 19:25:36 +00:00
Dag-Erling Smørgrav	4004c08e79	Fix some style issues, a const warning, and abuse of PAM_ABORT. Sponsored by: DARPA, NAI Labs	2002-04-06 14:25:04 +00:00
Dag-Erling Smørgrav	40b93e6278	Remove some duplicate free()s and add some that were missing. Submitted by: tmm	2002-04-05 20:00:05 +00:00
Dag-Erling Smørgrav	f8334e0084	pam_get_pass() -> pam_get_authtok()	2002-04-05 10:49:45 +00:00
Dag-Erling Smørgrav	8f85b6caad	Upgrade to something quite close, but not identical, to version 1.6 of Andrew Korty's pam_ssh. The most notable difference is that this uses commas rather than colons to separate items in the "keyfiles" option. Sponsored by: DARPA, NAI Labs	2002-04-04 18:45:21 +00:00
Dag-Erling Smørgrav	2b814c7ea1	Add pam_passwdqc to the build. Sponsored by: DARPA, NAI Labs	2002-04-04 16:08:28 +00:00
Mark Murray	b51066a362	Fix for OPIE 2.4.	2002-03-22 09:20:05 +00:00
Ruslan Ermilov	7d1f1e9ca8	mdoc(7) police: fix SYNOPSIS, sort xrefs, kill extra whitespace.	2002-03-18 15:59:53 +00:00
Ruslan Ermilov	b6b2be6fbe	mdoc(7) police: nits.	2002-03-18 15:55:53 +00:00
Ruslan Ermilov	8ce6622380	mdoc(7) police: sort xrefs, kill extra whitespace.	2002-03-18 15:52:28 +00:00
Crist J. Clark	51906f452e	Fix world breakage introduced by my recent modifications to chpass(8). The relations between libc, libpam, chpass, passwd, and vipw are a mess and probably should be cleaned up. Submitted by: Peter Pentchev <roam@ringlet.net>	2002-03-18 12:55:28 +00:00
Ruslan Ermilov	a68af001da	mdoc(7) police: tiny fixes.	2002-03-15 18:09:32 +00:00
Ruslan Ermilov	3e5aa36e12	mdoc(7) police: expand contractions.	2002-03-15 18:06:25 +00:00
Dag-Erling Smørgrav	f03a4b810a	NAI DBA update.	2002-03-14 23:27:59 +00:00
Mark Murray	8c3ea588df	Remove the use of random(3), and encapsulate the salt-generation in its own function. The use of arc4random(3) is hopeless overkill here, but that does not hurt anything. Requested by: ache	2002-03-14 16:41:36 +00:00
Maxim Sobolev	f651c1533c	Don't ignore system CFLAGS.	2002-03-07 16:56:19 +00:00
Mark Murray	3556489a52	Fix build for OpenPAM. The directories needed tweeking.	2002-03-07 16:03:56 +00:00
Dag-Erling Smørgrav	38ca451d39	This file is not needed any more	2002-03-07 12:03:50 +00:00
Brian Feldman	30da7e6299	Now pam_alreadyloggedin lives in the ports.	2002-03-07 02:23:19 +00:00
Brian Feldman	c53dd30bb3	Add the pam_alreadyloggedin(8) module, which allows for authentication based on information that the user is already logged in. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs	2002-03-06 18:21:28 +00:00
Peter Pentchev	8a177c636f	Unbreak the pam_krb5 build: cast a couple of const pointers to normal char *. A better fix might be some const'ifying of the Heimdal code, but this will do to fix the build for the present. Approved by: des	2002-03-06 16:49:02 +00:00
Dag-Erling Smørgrav	e0dd4a7813	Add forgotten NOPROFILE that broke world.	2002-03-06 12:11:05 +00:00
Dag-Erling Smørgrav	519b6a4c8f	Switch to OpenPAM. Bump library version. Modules are now versioned, so applications linked with Linux-PAM will still work. Remove pam_get_pass(); OpenPAM has pam_get_authtok(). Remove pam_prompt(); OpenPAM has pam_{,v}{error,info,prompt}(). Remove pam_set_item(3) man page as OpenPAM has its own. Sponsored by: DARPA, NAI Labs	2002-03-05 21:56:25 +00:00
Dag-Erling Smørgrav	e3cd129613	Add missing dependency on libutil.	2002-03-05 12:52:03 +00:00
Maxim Sobolev	c80f5647cb	Create /var/log/lastlog if it doesn't exist. Submitted by: des	2002-02-20 07:47:06 +00:00
Dag-Erling Smørgrav	7f28386a26	This file needs <syslog.h>. Sponsored by: DARPA, NAI Labs	2002-02-09 14:12:09 +00:00
Ruslan Ermilov	e47a40e7f7	Now that cross-tools ld(1) has been fixed to look for dynamic dependencies in the correct place, record the fact that -lssh depends on -lcrypto and -lz. Removed false dependencies on -lz (except ssh(1) and sshd(8)). Removed false dependencies on -lcrypto and -lutil for scp(1). Reviewed by: markm	2002-02-08 13:42:58 +00:00
Mark Murray	30577d19fa	Remove NO_WERROR, now that WARNS=n is gone.	2002-02-06 18:46:48 +00:00
Mark Murray	427e2d5c02	Comment out the WARNS= so as to not trample all over the GCC3 work.	2002-02-06 18:14:59 +00:00
Dag-Erling Smørgrav	04f71c5352	Three times lucky: <stddef.h>, not <sys/param.h>	2002-02-05 08:01:32 +00:00
Dag-Erling Smørgrav	93cf4c1be3	Oops, the correct header to include for NULL is <sys/param.h>.	2002-02-05 07:53:00 +00:00
Dag-Erling Smørgrav	0ae5018b3e	#include <sys/types.h> for NULL (hidden by Linux-PAM header pollution) Sponsored by: DARPA, NAI Labs	2002-02-05 06:20:27 +00:00
Dag-Erling Smørgrav	8c66575de8	#include cleanup. Sponsored by: DARPA, NAI Labs	2002-02-05 06:08:26 +00:00
Mark Murray	34b28989d1	Explicitly declare (gcc internal) functions. Submitted by: ru	2002-02-04 17:59:25 +00:00
Dag-Erling Smørgrav	12b6e9a089	ssh_get_authentication_connection() gets its parameters from environment variables, so temporarily switch to the PAM environment before calling it. Submitted by: Takanori Saneto <sanewo@ba2.so-net.ne.jp>	2002-02-04 17:15:44 +00:00
Mark Murray	95641278ef	Protect "make buildworld" against -Werror, as this module does not build cleanly.	2002-02-04 16:09:25 +00:00
Mark Murray	21e5d74291	Add the other half of the salt-generating code. No functional difference except that the salt is slightly harder to build dictionaries against, and the code does not use srandom[dev]().	2002-02-04 00:28:54 +00:00
Mark Murray	63d770d8ea	Turn on fascist warning mode.	2002-02-03 15:51:52 +00:00
Mark Murray	ac5699692e	WARNS=n fixes (and some stylistic issues).	2002-02-03 15:17:57 +00:00
Dag-Erling Smørgrav	59057a6d6f	Remove an unnecessary #include that trips up OpenPAM. The header in question is an internal Linux-PAM header which shouldn't be used outside Linux-PAM itself, and has absolutely zero effect on pam_ftp. Sponsored by: DARPA, NAI Labs MFC after: 1 week	2002-02-02 17:51:39 +00:00
Dag-Erling Smørgrav	ab50ade43c	Post-repocopy cleanup. Sponsored by: DARPA, NAI Labs	2002-02-01 22:25:07 +00:00
Dag-Erling Smørgrav	2d0a7148b6	Connect the pam_lastlog(8) and pam_login_access(8) modules to the build. Sponsored by: DARPA, NAI Labs	2002-02-01 08:49:53 +00:00
Dag-Erling Smørgrav	c60ed00a43	Still with asbestos longjohns on, completely PAMify login(1) and remove code made redundant by various PAM modules (primarily pam_unix(8)). Sponsored by: DARPA, NAI Labs	2002-01-30 19:10:21 +00:00
Dag-Erling Smørgrav	e9cc7b1d92	With asbestos longjohns on, integrate most of the checks normally done by login(1) (password & account expiry, hosts.access etc.) into pam_unix(8). Sponsored by: DARPA, NAI Labs	2002-01-30 19:09:11 +00:00
Dag-Erling Smørgrav	a2d20838b0	Move the code from pam_sm_authenticate() to pam_sm_acct_mgmt(). Simplify it a little and try to make it more resilient to various possible failure conditions. Change the man page accordingly, and take advantage of this opportunity to simplify its language. Sponsored by: DARPA, NAI Labs	2002-01-30 19:03:16 +00:00
Mark Murray	c2065008b5	WARNS=4 fixes. Protect with NO_WERROR for the modules that have warnings that are hard to fix or that I've been asked to leave alone.	2002-01-24 18:37:17 +00:00
Dag-Erling Smørgrav	f748a713da	PAM modules shouldn't call putenv(); pam_putenv() is sufficient. The caller is supposed to check the PAM envlist and export the variables it contains; if it doesn't, it's broken. Sponsored by: DARPA, NAI Labs	2002-01-24 17:26:27 +00:00
Dag-Erling Smørgrav	9201dc40bf	Change the order in which pam_sm_open_session() updates the logs. This doesn't really make any difference, except it matches wtmp(5) better. Don't do anything in pam_sm_close_session(); init(8) will take care of utmp and wtmp when the tty is released. Clearing them here would make it possible to create a ghost session by logging in, running 'login -f $USER' and exiting the subshell. Sponsored by: DARPA, NAI Labs (but the bugs are all mine)	2002-01-24 17:15:04 +00:00
Dag-Erling Smørgrav	ca355e5451	Correctly interpret PAM_RHOST being unset as an indicator of a local login. Sponsored by: DARPA, NAI Labs	2002-01-24 16:18:43 +00:00
Dag-Erling Smørgrav	d233082fbe	Correctly interpret PAM_RHOST being unset as an indicator of a local login.	2002-01-24 16:16:01 +00:00
Dag-Erling Smørgrav	e4536f1138	Style nits. Sponsored by: DARPA, NAI Labs	2002-01-24 16:14:56 +00:00
Dag-Erling Smørgrav	f433d6afed	Document the even_root option. Sponsored by: DARPA, NAI Labs	2002-01-24 13:35:06 +00:00
Dag-Erling Smørgrav	76f95f4dc2	Don't let root through unless the "even_root" option was specified. Sponsored by: DARPA, NAI Labs	2002-01-24 12:47:42 +00:00
Dag-Erling Smørgrav	16e058b5d6	Add a PAM module that records sessions in utmp/wtmp/lastlog. Sponsored by: DARPA, NAI Labs	2002-01-24 09:45:17 +00:00
Dag-Erling Smørgrav	c2d5249eaf	Fix some pastos. Rather shoddy of me... Sponsored by: DARPA, NAI Labs	2002-01-24 09:44:22 +00:00
Dag-Erling Smørgrav	53f3167d07	Add a PAM module that provides an account management component for checking either PAM_RHOST or PAM_TTY against /etc/login.access.o This uncovers a problem with PAM_RHOST, in that if we always set it, there is no way to distinguish between a user logging in locally and a user logging in using 'ssh localhost'. This will be fixed by first making sure that all PAM modules can handle PAM_RHOST being unset (which is currently not the case), and then modifying su(1) and login(1) to not set it for local logins. Sponsored by: DARPA, NAI Labs	2002-01-23 17:42:16 +00:00
Dag-Erling Smørgrav	774a10071d	Add an AUTHORS section crediting ThinkSec, DARPA and NAI Labs. Sponsored by: DARPA, NAI Labs	2002-01-23 17:16:00 +00:00
Ruslan Ermilov	0509dca0c3	Add pam_ssh support to the static PAM library, libpam.a: - Spam /usr/lib some more by making libssh a standard library. - Tweak ${LIBPAM} and ${MINUSLPAM}. - Garbage collect unused libssh_pic.a. - Add fake -lz dependency to secure/ makefiles needed for dynamic linkage with -lssh. Reviewed by: des, markm Approved by: markm	2002-01-23 15:54:17 +00:00
Dag-Erling Smørgrav	b6b756b58b	Base the comparison on UIDs, not on user names. Sponsored by: DARPA, NAI Labs	2002-01-23 15:16:01 +00:00
Ruslan Ermilov	fd4ca9e02d	Make libssh.so useable (undefined reference to IPv4or6). Reviewed by: des, markm Approved by: markm	2002-01-23 15:06:47 +00:00
Dag-Erling Smørgrav	1e22a4f048	Link pam_opieaccess, pam_self and pam_ssh into the static library. Sponsored by: DARPA, NAI Labs	2002-01-21 20:43:01 +00:00
Dag-Erling Smørgrav	b0aa095ad0	On second thought, getpwnam() failure should be treated just as if the user existed, but had no OPIE key, i.e. PAM_IGNORE. Pointed out by: ache Sponsored by: DARPA, NAI Labs	2002-01-21 19:05:45 +00:00
Dag-Erling Smørgrav	b4b56d051a	Return PAM_SERVICE_ERR rather than PAM_USER_UNKNOWN if getpwnam() fails, as PAM_USER_UNKNOWN will break the chain, revealing to an attacker that the user does not exist. Sponsored by: DARPA, NAI Labs	2002-01-21 18:53:03 +00:00
Dag-Erling Smørgrav	03adba96a0	Further changes to allow enabling pam_opie(8) by default: - Ignore the {try,use}_first_pass options by clearing PAM_AUTHTOK before challenging the user. These options are meaningless for pam_opie(8) since the user can't possibly know the right response before she sees the challenge. - Introduce the no_fake_prompts option. If this option is set, pam_opie(8) will fail - rather than present a bogus challenge - if the target user does not have an OPIE key. With this option, users who haven't set up OPIE won't have to wonder what that "weird otp-md5 s**t" means :) Reviewed by: ache, markm Sponsored by: DARPA, NAI Labs	2002-01-21 18:46:25 +00:00
Dag-Erling Smørgrav	f460490260	Add a new module, pam_opieaccess(8), which is responsible for checking /etc/opieaccess and ~/.opiealways so we can decide what to do after pam_opie(8) fails. Sponsored by: DARPA, NAI Labs Reviewed by: ache, markm	2002-01-21 13:43:53 +00:00
Andrey A. Chernov	186caeedcb	snprintf bloat -> strlcpy Add getpwnam return check Approved by: des, markm	2002-01-20 20:56:47 +00:00
Andrey A. Chernov	0b836dfaf1	Back out recent changes	2002-01-19 18:03:11 +00:00
Andrey A. Chernov	6874115893	If user not exist in OPIE system, return failure immediately instead of producing fake prompts with random numbers which can be detected by potential intruder in two tries and totally confuse non-OPIE users.	2002-01-19 10:09:05 +00:00
Andrey A. Chernov	3195cd6712	Back out second right-now-expired password check in pam_sm_chauthtok, old expired password assumed there	2002-01-19 09:23:36 +00:00
Andrey A. Chernov	012400dfcd	Previous commit was incomplete, use new error code PAM_CRED_ERR to indicate die case, different from PAM_SUCCESS and PAM_AUTH_ERR	2002-01-19 08:36:47 +00:00
Andrey A. Chernov	d97cc81fa4	Rewrite 'pwok' fallback in the way it can be properly chained with pam_unix Replace snprintf %s with strlcpy Check for NULL returned from getpwnam()	2002-01-19 07:23:48 +00:00
Andrey A. Chernov	c8e3fac7a1	Add yet one expired-right-now password check, in pam_sm_chauthtok srandomdev() can't be used in libraries, replace srandomdev()+random() by arc4random()	2002-01-19 04:58:51 +00:00
Andrey A. Chernov	8c70adab72	Set pwok to 1 for non-OPIE users	2002-01-19 03:31:39 +00:00
Andrey A. Chernov	d54c36388e	Add missing check for right-now-expired password	2002-01-19 02:45:24 +00:00
Andrey A. Chernov	3f9a326a7a	Implement 'pwok', i.e. conditional fallback to unix password as supposed by opieaccessfile() and opiealways()	2002-01-19 02:38:43 +00:00
Bruce Evans	b2035c2b74	Fixed a missing "const".	2001-12-28 20:59:44 +00:00
Ruslan Ermilov	7f432ff831	mdoc(7) police: bump document date.	2001-12-14 13:49:28 +00:00
David Malone	9f5b04e925	Style improvements recommended by Bruce as a follow up to some of the recent WARNS commits. The idea is: 1) FreeBSD id tags should follow vendor tags. 2) Vendor tags should not be compiled (though copyrights probably should). 3) There should be no blank line between including cdefs and __FBSDIF.	2001-12-10 21:13:08 +00:00
Dag-Erling Smørgrav	18a85de04b	Back out previous commit. Requested by: ru	2001-12-09 15:11:55 +00:00
Ruslan Ermilov	945b9f4de9	mdoc(7) police: sort xrefs.	2001-12-08 16:28:20 +00:00
Dag-Erling Smørgrav	bdd601a1e3	Get pam_mod_misc.h from .CURDIR rather than .OBJDIR or /usr/include. Sponsored by: DARPA, NAI Labs	2001-12-07 11:51:47 +00:00
Dag-Erling Smørgrav	47c8f6faec	Now that _pam_init_handlers() works as intended, it seems clear that we do not actually want to define PAM_READ_BOTH_CONFS, so back out previous commit. Sponsored by: DARPA, NAI Labs	2001-12-07 00:38:37 +00:00
Dag-Erling Smørgrav	a45af0e2b0	We need pam_client.h from libpamc. This unbreaks world Pointed out by: jhay Pointy hat to: des	2001-12-06 12:35:18 +00:00
Dag-Erling Smørgrav	87316434d1	Define PAM_READ_BOTH_CONFS. We can now have both /etc/pam.d and /etc/pam.conf. Sponsored by: DARPA, NAI Labs	2001-12-05 17:06:16 +00:00
Dag-Erling Smørgrav	bda74fe925	Install the correct version of pam_misc.h. Sponsored by: DARPA, NAI Labs	2001-12-05 16:27:41 +00:00
Dag-Erling Smørgrav	8d3978c115	Add dummy functions for all module types. These dummies return PAM_IGNORE rather than PAM_SUCCESS, so you'll get a failure if you list dummies but no real modules for a particular module chain. Sponsored by: DARPA, NAI Labs	2001-12-05 16:06:35 +00:00
Dag-Erling Smørgrav	d5a8dd3fb5	Connect the man page to the build. Sponsored by: DARPA, NAI Labs	2001-12-05 16:02:50 +00:00
Dag-Erling Smørgrav	e2c8459e85	Add a pam_self authentication module that succeeds if and only if the local and remote user names are the same. Sponsored by: DARPA, NAI Labs	2001-12-05 15:55:14 +00:00
Mark Murray	1a8b24c257	Use __FBSDID(). Also do a bit of cosmetic #if and header-order cleaning-up.	2001-12-02 20:54:57 +00:00
Mark Murray	d2f6cd8fd5	Style fixups. Sort function declarations, includes. Make consistent WRT use of _P() macro (ugh!) Inspired by: bde	2001-12-01 21:12:04 +00:00
Mark Murray	e317b97026	WARNS=2 fixes. Reviewed by: bde (a while back)	2001-12-01 17:46:46 +00:00
Brian Feldman	7d8cee925b	Fix pam_ssh by adding an IPv4or6 (evidently, this was broken by my last OpenSSH import) declaration and strdup(3)ing a value which is later free(3)d, rather than letting the system try to free it invalidly.	2001-11-29 21:16:11 +00:00
Dag-Erling Smørgrav	ca7e26e312	Mdoc police. Submitted by: ru	2001-11-28 10:07:21 +00:00
Ruslan Ermilov	60c6736148	mdoc(7) police: fix one pam_unix(8) left-over, sort xrefs.	2001-11-28 09:25:03 +00:00
Dag-Erling Smørgrav	6a13dede6c	Add a pam_set_item(3) man page with an MLINK to pam_get_item(3). PR: docs/32294 Sponsored by: DARPA, NAI Labs MFC after: 3 days	2001-11-27 15:36:35 +00:00
Dag-Erling Smørgrav	b4a475937b	Create a pam_ssh(8) man page, based on a repo-copy of pam_unix(8). License modified with original author's permission. Sponsored by: DARPA, NAI Labs	2001-11-27 00:57:50 +00:00
Dag-Erling Smørgrav	d65e5dfa59	Document the local_pass and nis_pass options, add a few xrefs, and reorder the SEE ALSO section. License modified with original author's permission. Sponsored by: DARPA, NAI Labs	2001-11-27 00:53:10 +00:00
Dima Dorfman	a48060a2f7	Spelling police: sucessful -> successful.	2001-11-24 23:41:32 +00:00
Maxim Sobolev	bc3a4bf55d	Don't put an extra space after password prompts, because it violates POLA, makes FreeBSD inconsistent with previous releases and "other unices" as well as with some internal password-asking services (e.g. ftp) within the same release.	2001-10-25 15:51:50 +00:00
Mark Murray	ce1e0bbc8f	Add library exposed by KDE's use if this module.	2001-10-18 20:05:20 +00:00
Matthew Dillon	ceaf33f537	Add __FBSDID()s to libpam	2001-09-30 22:11:06 +00:00
Mark Murray	6e925e8fc7	1) repair the return value in the PAM_RETURN() macro (Side effects!!). 2) canonicalise the options use in pam_options(). Submitted by: Gunnar Kreitz <gunnark@chello.se> PR: 30250	2001-09-04 17:05:08 +00:00
Mark Murray	a41ad3fca9	Introduce a "noroot_ok" option to make this module ignore authentications to a non-superuser if required.	2001-08-26 18:09:00 +00:00
Mark Murray	f96b705fa7	Introduce better logging, error reporting and use of login_cap data.	2001-08-26 18:05:35 +00:00
Mark Murray	76f4a6fd79	Add extra logging detail. This needs a more general solution.	2001-08-26 17:57:44 +00:00
Mark Murray	3d55a6c083	Big module makeover; improve logging, standardise variable names, introduce ability to change passwords for both "usual" Unix methods and NIS.	2001-08-26 17:41:13 +00:00
Mark Murray	47965f01dd	Add 'try_mapped_pass' standard option. Asked for by: lukeh@PADL.COM	2001-08-20 12:43:19 +00:00
Mark Murray	ca0bdcdd29	Document the no_warn option.	2001-08-15 20:05:33 +00:00
Mark Murray	b5507a38bc	Fix a couple of cross-references to reflect the reality of the module.	2001-08-15 20:03:26 +00:00
Mark Murray	537db85291	Fix: /usr/src/lib/libpam/modules/pam_ssh/pam_ssh.c has couple of bugs which cause: 1) xdm dumps core 2) ssh1 private key is not passed to ssh-agent 3) ssh2 RSA key seems not handled properly (just a guess from source) 4) ssh_get_authentication_connectionen() fails to get connection because of SSH_AUTH_SOCK not defined. PR: 29609 Submitted by: Takanori Saneto <sanewo@ba2.so-net.ne.jp>	2001-08-11 12:37:55 +00:00
Mark Murray	3938427761	Clean up this module very extensively. Fix the logging, the coding standards and the option handling. This module is now much more easy to maintain as a part of the FreeBSD tree.	2001-08-10 19:24:34 +00:00
Mark Murray	530ebf8e0a	Code clean up; make logging same as other modules and fix warnings.	2001-08-10 19:21:45 +00:00
Mark Murray	34beb374a2	General code clean-up. Sort out warnings, and make the warning and logging work the same as other modules.	2001-08-10 19:18:52 +00:00
Mark Murray	0fa107a3cb	Simplify code. Also verbose logging, verbose overridable error reporting.	2001-08-10 19:15:48 +00:00
Mark Murray	65550d9b5a	Verbose logging, overridable verbose error reporting.	2001-08-10 19:12:59 +00:00
Mark Murray	b04259a5cf	Module clean-up. Verbose logging, Overridable verbose error reporting, FreeBSD pam_prompt() usage to simplify conversation function usage.	2001-08-10 19:10:43 +00:00
Mark Murray	2108fbd748	Verbosely (overridable) report failure to the user.	2001-08-10 19:07:45 +00:00

... 3 4 5 6 7 ...

553 Commits