freebsd-dev

Author	SHA1	Message	Date
Maxim Sobolev	c80f5647cb	Create /var/log/lastlog if it doesn't exist. Submitted by: des	2002-02-20 07:47:06 +00:00
Dag-Erling Smørgrav	7f28386a26	This file needs <syslog.h>. Sponsored by: DARPA, NAI Labs	2002-02-09 14:12:09 +00:00
Ruslan Ermilov	e47a40e7f7	Now that cross-tools ld(1) has been fixed to look for dynamic dependencies in the correct place, record the fact that -lssh depends on -lcrypto and -lz. Removed false dependencies on -lz (except ssh(1) and sshd(8)). Removed false dependencies on -lcrypto and -lutil for scp(1). Reviewed by: markm	2002-02-08 13:42:58 +00:00
Mark Murray	30577d19fa	Remove NO_WERROR, now that WARNS=n is gone.	2002-02-06 18:46:48 +00:00
Mark Murray	427e2d5c02	Comment out the WARNS= so as to not trample all over the GCC3 work.	2002-02-06 18:14:59 +00:00
Dag-Erling Smørgrav	04f71c5352	Three times lucky: <stddef.h>, not <sys/param.h>	2002-02-05 08:01:32 +00:00
Dag-Erling Smørgrav	93cf4c1be3	Oops, the correct header to include for NULL is <sys/param.h>.	2002-02-05 07:53:00 +00:00
Dag-Erling Smørgrav	0ae5018b3e	#include <sys/types.h> for NULL (hidden by Linux-PAM header pollution) Sponsored by: DARPA, NAI Labs	2002-02-05 06:20:27 +00:00
Dag-Erling Smørgrav	8c66575de8	#include cleanup. Sponsored by: DARPA, NAI Labs	2002-02-05 06:08:26 +00:00
Mark Murray	34b28989d1	Explicitly declare (gcc internal) functions. Submitted by: ru	2002-02-04 17:59:25 +00:00
Dag-Erling Smørgrav	12b6e9a089	ssh_get_authentication_connection() gets its parameters from environment variables, so temporarily switch to the PAM environment before calling it. Submitted by: Takanori Saneto <sanewo@ba2.so-net.ne.jp>	2002-02-04 17:15:44 +00:00
Mark Murray	95641278ef	Protect "make buildworld" against -Werror, as this module does not build cleanly.	2002-02-04 16:09:25 +00:00
Mark Murray	21e5d74291	Add the other half of the salt-generating code. No functional difference except that the salt is slightly harder to build dictionaries against, and the code does not use srandom[dev]().	2002-02-04 00:28:54 +00:00
Mark Murray	63d770d8ea	Turn on fascist warning mode.	2002-02-03 15:51:52 +00:00
Mark Murray	ac5699692e	WARNS=n fixes (and some stylistic issues).	2002-02-03 15:17:57 +00:00
Dag-Erling Smørgrav	59057a6d6f	Remove an unnecessary #include that trips up OpenPAM. The header in question is an internal Linux-PAM header which shouldn't be used outside Linux-PAM itself, and has absolutely zero effect on pam_ftp. Sponsored by: DARPA, NAI Labs MFC after: 1 week	2002-02-02 17:51:39 +00:00
Dag-Erling Smørgrav	ab50ade43c	Post-repocopy cleanup. Sponsored by: DARPA, NAI Labs	2002-02-01 22:25:07 +00:00
Dag-Erling Smørgrav	2d0a7148b6	Connect the pam_lastlog(8) and pam_login_access(8) modules to the build. Sponsored by: DARPA, NAI Labs	2002-02-01 08:49:53 +00:00
Dag-Erling Smørgrav	c60ed00a43	Still with asbestos longjohns on, completely PAMify login(1) and remove code made redundant by various PAM modules (primarily pam_unix(8)). Sponsored by: DARPA, NAI Labs	2002-01-30 19:10:21 +00:00
Dag-Erling Smørgrav	e9cc7b1d92	With asbestos longjohns on, integrate most of the checks normally done by login(1) (password & account expiry, hosts.access etc.) into pam_unix(8). Sponsored by: DARPA, NAI Labs	2002-01-30 19:09:11 +00:00
Dag-Erling Smørgrav	a2d20838b0	Move the code from pam_sm_authenticate() to pam_sm_acct_mgmt(). Simplify it a little and try to make it more resilient to various possible failure conditions. Change the man page accordingly, and take advantage of this opportunity to simplify its language. Sponsored by: DARPA, NAI Labs	2002-01-30 19:03:16 +00:00
Mark Murray	c2065008b5	WARNS=4 fixes. Protect with NO_WERROR for the modules that have warnings that are hard to fix or that I've been asked to leave alone.	2002-01-24 18:37:17 +00:00
Dag-Erling Smørgrav	f748a713da	PAM modules shouldn't call putenv(); pam_putenv() is sufficient. The caller is supposed to check the PAM envlist and export the variables it contains; if it doesn't, it's broken. Sponsored by: DARPA, NAI Labs	2002-01-24 17:26:27 +00:00
Dag-Erling Smørgrav	9201dc40bf	Change the order in which pam_sm_open_session() updates the logs. This doesn't really make any difference, except it matches wtmp(5) better. Don't do anything in pam_sm_close_session(); init(8) will take care of utmp and wtmp when the tty is released. Clearing them here would make it possible to create a ghost session by logging in, running 'login -f $USER' and exiting the subshell. Sponsored by: DARPA, NAI Labs (but the bugs are all mine)	2002-01-24 17:15:04 +00:00
Dag-Erling Smørgrav	ca355e5451	Correctly interpret PAM_RHOST being unset as an indicator of a local login. Sponsored by: DARPA, NAI Labs	2002-01-24 16:18:43 +00:00
Dag-Erling Smørgrav	d233082fbe	Correctly interpret PAM_RHOST being unset as an indicator of a local login.	2002-01-24 16:16:01 +00:00
Dag-Erling Smørgrav	e4536f1138	Style nits. Sponsored by: DARPA, NAI Labs	2002-01-24 16:14:56 +00:00
Dag-Erling Smørgrav	f433d6afed	Document the even_root option. Sponsored by: DARPA, NAI Labs	2002-01-24 13:35:06 +00:00
Dag-Erling Smørgrav	76f95f4dc2	Don't let root through unless the "even_root" option was specified. Sponsored by: DARPA, NAI Labs	2002-01-24 12:47:42 +00:00
Dag-Erling Smørgrav	16e058b5d6	Add a PAM module that records sessions in utmp/wtmp/lastlog. Sponsored by: DARPA, NAI Labs	2002-01-24 09:45:17 +00:00
Dag-Erling Smørgrav	c2d5249eaf	Fix some pastos. Rather shoddy of me... Sponsored by: DARPA, NAI Labs	2002-01-24 09:44:22 +00:00
Dag-Erling Smørgrav	53f3167d07	Add a PAM module that provides an account management component for checking either PAM_RHOST or PAM_TTY against /etc/login.access.o This uncovers a problem with PAM_RHOST, in that if we always set it, there is no way to distinguish between a user logging in locally and a user logging in using 'ssh localhost'. This will be fixed by first making sure that all PAM modules can handle PAM_RHOST being unset (which is currently not the case), and then modifying su(1) and login(1) to not set it for local logins. Sponsored by: DARPA, NAI Labs	2002-01-23 17:42:16 +00:00
Dag-Erling Smørgrav	774a10071d	Add an AUTHORS section crediting ThinkSec, DARPA and NAI Labs. Sponsored by: DARPA, NAI Labs	2002-01-23 17:16:00 +00:00
Ruslan Ermilov	0509dca0c3	Add pam_ssh support to the static PAM library, libpam.a: - Spam /usr/lib some more by making libssh a standard library. - Tweak ${LIBPAM} and ${MINUSLPAM}. - Garbage collect unused libssh_pic.a. - Add fake -lz dependency to secure/ makefiles needed for dynamic linkage with -lssh. Reviewed by: des, markm Approved by: markm	2002-01-23 15:54:17 +00:00
Dag-Erling Smørgrav	b6b756b58b	Base the comparison on UIDs, not on user names. Sponsored by: DARPA, NAI Labs	2002-01-23 15:16:01 +00:00
Ruslan Ermilov	fd4ca9e02d	Make libssh.so useable (undefined reference to IPv4or6). Reviewed by: des, markm Approved by: markm	2002-01-23 15:06:47 +00:00
Dag-Erling Smørgrav	1e22a4f048	Link pam_opieaccess, pam_self and pam_ssh into the static library. Sponsored by: DARPA, NAI Labs	2002-01-21 20:43:01 +00:00
Dag-Erling Smørgrav	b0aa095ad0	On second thought, getpwnam() failure should be treated just as if the user existed, but had no OPIE key, i.e. PAM_IGNORE. Pointed out by: ache Sponsored by: DARPA, NAI Labs	2002-01-21 19:05:45 +00:00
Dag-Erling Smørgrav	b4b56d051a	Return PAM_SERVICE_ERR rather than PAM_USER_UNKNOWN if getpwnam() fails, as PAM_USER_UNKNOWN will break the chain, revealing to an attacker that the user does not exist. Sponsored by: DARPA, NAI Labs	2002-01-21 18:53:03 +00:00
Dag-Erling Smørgrav	03adba96a0	Further changes to allow enabling pam_opie(8) by default: - Ignore the {try,use}_first_pass options by clearing PAM_AUTHTOK before challenging the user. These options are meaningless for pam_opie(8) since the user can't possibly know the right response before she sees the challenge. - Introduce the no_fake_prompts option. If this option is set, pam_opie(8) will fail - rather than present a bogus challenge - if the target user does not have an OPIE key. With this option, users who haven't set up OPIE won't have to wonder what that "weird otp-md5 s**t" means :) Reviewed by: ache, markm Sponsored by: DARPA, NAI Labs	2002-01-21 18:46:25 +00:00
Dag-Erling Smørgrav	f460490260	Add a new module, pam_opieaccess(8), which is responsible for checking /etc/opieaccess and ~/.opiealways so we can decide what to do after pam_opie(8) fails. Sponsored by: DARPA, NAI Labs Reviewed by: ache, markm	2002-01-21 13:43:53 +00:00
Andrey A. Chernov	186caeedcb	snprintf bloat -> strlcpy Add getpwnam return check Approved by: des, markm	2002-01-20 20:56:47 +00:00
Andrey A. Chernov	0b836dfaf1	Back out recent changes	2002-01-19 18:03:11 +00:00
Andrey A. Chernov	6874115893	If user not exist in OPIE system, return failure immediately instead of producing fake prompts with random numbers which can be detected by potential intruder in two tries and totally confuse non-OPIE users.	2002-01-19 10:09:05 +00:00
Andrey A. Chernov	3195cd6712	Back out second right-now-expired password check in pam_sm_chauthtok, old expired password assumed there	2002-01-19 09:23:36 +00:00
Andrey A. Chernov	012400dfcd	Previous commit was incomplete, use new error code PAM_CRED_ERR to indicate die case, different from PAM_SUCCESS and PAM_AUTH_ERR	2002-01-19 08:36:47 +00:00
Andrey A. Chernov	d97cc81fa4	Rewrite 'pwok' fallback in the way it can be properly chained with pam_unix Replace snprintf %s with strlcpy Check for NULL returned from getpwnam()	2002-01-19 07:23:48 +00:00
Andrey A. Chernov	c8e3fac7a1	Add yet one expired-right-now password check, in pam_sm_chauthtok srandomdev() can't be used in libraries, replace srandomdev()+random() by arc4random()	2002-01-19 04:58:51 +00:00
Andrey A. Chernov	8c70adab72	Set pwok to 1 for non-OPIE users	2002-01-19 03:31:39 +00:00
Andrey A. Chernov	d54c36388e	Add missing check for right-now-expired password	2002-01-19 02:45:24 +00:00

1 2 3 4

196 Commits