Commit Graph

346 Commits

Author SHA1 Message Date
Yaroslav Tykhiy
4df7b351e2 Add appropriate xrefs.
MFC after:	3 days
2006-03-06 13:15:12 +00:00
Yaroslav Tykhiy
08284aaa25 Since the whole login.access feature has moved to PAM,
login.access.5 will be installed from the respective PAM
module's src directory.

MFC after:	3 days
2006-03-06 12:31:25 +00:00
Yaroslav Tykhiy
5c042d7b07 Sync with src/usr.bin/login/login.access.5.
src/usr.bin/login/login.access.5 should be removed from use
because the whole login.access feature has moved to this PAM
module.

MFC after:	3 days
2006-03-06 12:26:43 +00:00
Ruslan Ermilov
ce8bf81ff2 Commenting out WARNS actually brought it up to 4. 2005-09-28 14:36:16 +00:00
Dag-Erling Smørgrav
40e48f9362 Comment out WARNS, the OpenSSL headers don't compile cleanly on some platforms. 2005-09-28 06:23:47 +00:00
Dag-Erling Smørgrav
f8ac10df9f Increase WARNS. 2005-09-26 20:34:09 +00:00
Dag-Erling Smørgrav
bd43956b81 Correct the logic for determining whether the user has already entered
a password.  Also, work around some harmless type pun warnings.

MFC after:	3 days
2005-09-26 20:33:53 +00:00
Dag-Erling Smørgrav
c777c69bdc Do not use passphraseless keys for authentication unless the nullok
option was specified.

PR:		bin/81231
Submitted by:	"Daniel O'Connor" <doconnor@gsoft.com.au>
MFC after:	3 days
2005-09-22 05:35:24 +00:00
Dag-Erling Smørgrav
ea174c52f5 Narrow the use of user credentials.
Fix one case where openpam_restore_cred() might be called twice in a row.

MFC after:	3 days
2005-09-21 16:08:40 +00:00
Colin Percival
25284732cd When (re)allocating space for an array of pointers to char, use
sizeof(*list), not sizeof(**list).  (i.e., sizeof(pointer) rather than
sizeof(char)).

It is possible that this buffer overflow is exploitable, but it was
added after RELENG_5 forked and hasn't been MFCed, so this will not
receive an advisory.

Submitted by:	Vitezslav Novy
MFC after:	1 day
2005-09-19 18:43:11 +00:00
Ken Smith
5adb21a681 Missed one piece of the cluster's quirk. Need to override WARNS because
if _FREEFALL_CONFIG is set gcc bails since pam_sm_setcred() in pam_krb5.c
no longer uses any of its parameters.

Pointy hat:	kensmith
Approved by:	re (scottl)
2005-07-08 14:53:45 +00:00
Ken Smith
2672e71736 This is sort of an MFS. Peter made these changes to the RELENG_*
branches but missed HEAD.  This patch extends his a little bit,
setting it up via the Makefiles so that adding _FREEFALL_CONFIG
to /etc/make.conf is the only thing needed to cluster-ize things
(current setup also requires overriding CFLAGS).

From Peter's commit to the RELENG_* branches:
> Add the freebsd.org custer's source modifications under #ifdefs to aid
> keeping things in sync.  For ksu:
> * install suid-root by default
> * don't fall back to asking for a unix password (ie: be pure kerberos)
> * allow custom user instances for things like www and not just root

The Makefile tweaks will be MFC-ed, the rest is already done.

MFC after:      3 days
Approved by:    re (dwhite)
2005-07-07 14:16:38 +00:00
Dag-Erling Smørgrav
d3cf5f1524 Use the correct login class when setting a new password.
PR:		65557, 72949
Submitted by:	Stephen P. Cravey <clists@gotbrains.org>
Approved by:	re (scottl)
MFC after:	2 weeks
2005-07-05 18:42:18 +00:00
Ruslan Ermilov
f789cb8293 Assorted markup fixes.
Approved by:	re
2005-06-15 19:04:04 +00:00
Dag-Erling Smørgrav
30d0a60aed Don't use a cast as an lvalue.
Add a redundant test to make it painfully obvious to the reader that this
code does not support IPv6.

Approved by:	re (dwhite)
MFC after:	1 week
2005-06-13 21:18:52 +00:00
Dag-Erling Smørgrav
57341fbcf3 Use appropriate error codes for each facility instead of just PAM_AUTH_ERR.
Noticed by:	pjd
2005-06-10 06:16:13 +00:00
Dag-Erling Smørgrav
40e0db94af Revert the commits that made libssh an INTERNALLIB; they caused too much
trouble, especially on amd64.

Requested by:	ru
2005-06-07 09:31:28 +00:00
Dag-Erling Smørgrav
e4c2fedcc7 Fix libssh dependency. 2005-06-06 19:01:01 +00:00
Hajimu UMEMOTO
d928d41c84 NI_WITHSCOPEID cleanup
Reviewed by:	des
2005-05-13 20:51:09 +00:00
Ruslan Ermilov
0227791b40 Expand *n't contractions. 2005-02-13 22:25:33 +00:00
Dag-Erling Smørgrav
9d97c7ee0a In addition to the PAM environment, export a handful of useful PAM items.
Suggested by:	Ed Maste <emaste@phaedrus.sandvine.ca>
2005-02-01 10:37:07 +00:00
Robert Watson
ed41980cbb When "no_ccache" is set as an argument to the pam_krb5 module, don't
copy the acquired TGT from the in-memory cache to the on-disk cache
at login.  This was documented but un-implemented behavior.

MFC after:		1 week
PR:			bin/64464
Reported and tested by:	Eric van Gyzen <vangyzen at stat dot duke dot edu>
2005-01-24 16:49:50 +00:00
Robert Watson
16417879f1 The final argument to verify_krb_v5_tgt() is the debug flag, not the
ticket forwardable flag, so key generation of debugging output to
"debug" rather than "forwardable".

Update copyright.

MFC after:	3 days
2005-01-23 15:57:07 +00:00
Ruslan Ermilov
3ac17feb8a Fixed xref. 2005-01-21 10:48:35 +00:00
Ruslan Ermilov
a216173556 NOCRYPT -> NO_CRYPT 2004-12-21 10:16:04 +00:00
Ruslan Ermilov
2c74b2cb07 NOINSTALLLIB -> NO_INSTALLLIB 2004-12-21 09:51:09 +00:00
Ruslan Ermilov
ab7a294721 NODOCCOMPRESS -> NO_DOCCOMPRESS
NOINFO -> NO_INFO
NOINFOCOMPRESS -> NO_INFOCOMPRESS
NOLINT -> NO_LINT
NOPIC -> NO_PIC
NOPROFILE -> NO_PROFILE
2004-12-21 09:33:47 +00:00
Bjoern A. Zeeb
6c58990d47 Add knob NO_NIS (fka NO_YP_LIBC) and make world compileable when set.
If turned on  no NIS support and related programs will be built.

Lost parts rediscovered by:	Danny Braniss <danny at cs.huji.ac.il>
PR:		bin/68303
No objections:	des, gshapiro, nectar
Reviewed by:	ru
Approved by:	rwatson (mentor)
MFC after:	2 weeks
2004-11-13 20:40:32 +00:00
Ruslan Ermilov
a35d88931c For variables that are only checked with defined(), don't provide
any fake value.
2004-10-24 15:33:08 +00:00
Colin Percival
d37df47d31 Join the 21st century: Cryptography is no longer an optional component
of releases.  The -DNOCRYPT build option still exists for anyone who
really wants to build non-cryptographic binaries, but the "crypto"
release distribution is now part of "base", and anyone installing from a
release will get cryptographic binaries.

Approved by:	re (scottl), markm
Discussed on:	freebsd-current, in late April 2004
2004-08-06 07:27:08 +00:00
Alexander Kabaev
2d18d113c7 Downgrade WARNS level for GCC 3.4.2. 2004-07-28 05:49:15 +00:00
Ruslan Ermilov
b9384efc1c Markup nits. 2004-07-05 06:39:03 +00:00
Ruslan Ermilov
1c85060a13 Sort SEE ALSO references (in dictionary order, ignoring case). 2004-07-04 20:55:50 +00:00
Ruslan Ermilov
1a0a934547 Mechanically kill hard sentence breaks. 2004-07-02 23:52:20 +00:00
Ruslan Ermilov
839693c44f Deal with unsafe tab characters. 2004-07-02 19:55:26 +00:00
Ruslan Ermilov
862b46f607 Markup, grammar, punctuation. 2004-07-01 18:20:57 +00:00
Alexander Kabaev
2758535974 Revert the last change. There are more 64bit platforms than amd64, and
they break due to diferent alignment restrictions.
2004-06-25 12:32:45 +00:00
Alexander Kabaev
0cb04d0b33 Remove the use of cast as lvalue. 2004-06-25 01:54:26 +00:00
Mark Murray
16fc3635f7 Make NULL a (void*)0 whereever possible, and fix the warnings(-Werror)
that this provokes. "Wherever possible" means "In the kernel OR NOT
C++" (implying C).

There are places where (void *) pointers are not valid, such as for
function pointers, but in the special case of (void *)0, agreement
settles on it being OK.

Most of the fixes were NULL where an integer zero was needed; many
of the fixes were NULL where ascii <nul> ('\0') was needed, and a
few were just "other".

Tested on: i386 sparc64
2004-03-05 08:10:19 +00:00
Colin Percival
d623b765cf style cleanup: Remove duplicate $FreeBSD$ tags.
These files had tags after the copyright notice,
inside the comment block (incorrect, removed),
and outside the comment block (correct).

Approved by:	rwatson (mentor)
2004-02-10 20:42:33 +00:00
Dag-Erling Smørgrav
af9b407414 Fix numerous constness and aliasing issues. 2004-02-10 10:13:21 +00:00
Ruslan Ermilov
751378136d Put libraries in the link order.
Reported by:	lorder(1) (modified to work with libraries)
2004-02-04 10:23:09 +00:00
Ruslan Ermilov
1e73d261f5 This module doesn't use libgssapi (and it looks never did). 2004-02-04 09:41:47 +00:00
Dag-Erling Smørgrav
3a59e89e73 Implement pam_sm_close_session().
PR:		bin/61657
Submitted by:	Joe R. Doupnik <jrd@cc.usu.edu>
2004-01-26 19:28:37 +00:00
Ruslan Ermilov
bb96dfc53a Deal better with the crypto version of the PAM library that goes
on the release media -- only put what is different in the crypto
version compared to the base version.  This reduces PAM entries
in /usr/lib in the "crypto" distribution to:

	libpam.a
	libpam.so@
	libpam.so.2
	pam_krb5.so@
	pam_krb5.so.2
	pam_ksu.so@
	pam_ksu.so.2
	pam_ssh.so@
	pam_ssh.so.2

The libpam.so* is still redundant (it is identical to the "base"
version), but we can't set DISTRIBUTION differently for libpam.a
and libpam.so.

(The removal of libpam.so* from the crypto distribution could be
addressed by the release/scripts/crypto-make.sh script, but then
we'd also need to remove redundant PAM headers, and I'm not sure
this is worth a hassle.)
2004-01-18 14:58:07 +00:00
Jens Schweikhardt
898fc4a340 Remove crossref to pam.conf(5) which never existed. 2004-01-17 09:46:49 +00:00
Dag-Erling Smørgrav
33b7c0d94c Fix a strict aliasing issue. Also remove an unnecessary pam_get_item()
call (pam_get_authtok() will return the previous token if try_first_pass
or use_first_pass is specified).  Incidentally fix an ugly bug where the
buffer holding the prompt was freed immediately before use, instead of
after.
2003-12-11 15:51:03 +00:00
Dag-Erling Smørgrav
4911b12cba More strict aliasing fixes.
Submitted by:	Andreas Hauser <andy-freebsd@splashground.de>
2003-12-11 15:48:09 +00:00
Dag-Erling Smørgrav
91e938693e Fix strict aliasing breakage in PAM modules (except pam_krb5, which needs
more work than the others).  This should make most modules build with -O2.
2003-12-11 13:55:16 +00:00
Maxim Sobolev
cd28f89c12 Fix on sparc64.
Reported by:	rwatson/tinderbox
MFC after:	2 weeks
2003-11-12 23:36:17 +00:00