Commit Graph

25 Commits

Author SHA1 Message Date
Dag-Erling Smørgrav
c47b138a96 Correct documentation of ~/.opiealways
PR:		117512
Submitted by:	Jeremy C. Reed <reed@reedmedia.net>
MFC after:	1 week
2007-10-26 07:50:11 +00:00
Ruslan Ermilov
1a0a934547 Mechanically kill hard sentence breaks. 2004-07-02 23:52:20 +00:00
Colin Percival
d623b765cf style cleanup: Remove duplicate $FreeBSD$ tags.
These files had tags after the copyright notice,
inside the comment block (incorrect, removed),
and outside the comment block (correct).

Approved by:	rwatson (mentor)
2004-02-10 20:42:33 +00:00
Dag-Erling Smørgrav
91e938693e Fix strict aliasing breakage in PAM modules (except pam_krb5, which needs
more work than the others).  This should make most modules build with -O2.
2003-12-11 13:55:16 +00:00
Dag-Erling Smørgrav
ccd703cfe4 Treat an empty PAM_RHOST the same as a NULL one.
PR:		bin/51508
2003-04-30 00:44:05 +00:00
Dag-Erling Smørgrav
16bb3109e3 Somewhat better wording. 2003-03-10 09:15:26 +00:00
Dag-Erling Smørgrav
02a19b0184 Silence warning caused by OPIE brokenness. 2003-03-10 09:15:08 +00:00
David E. O'Brien
7f03a257ac style.Makefile(5) police
(I've tried to keep to the spirit of the original formatting)

Reviewed by:	des
2003-03-09 20:06:38 +00:00
Ruslan Ermilov
522ccf3f35 mdoc(7) police: markup laundry. 2003-02-23 01:47:49 +00:00
Dag-Erling Smørgrav
859ac7c46f Add an "allow_local" option which forces historical behaviour. 2003-02-16 13:01:03 +00:00
Dag-Erling Smørgrav
b645332a81 Assume "localhost" if no remote host was specified. This is safe from a
POLA point of view since the stock /etc/opieaccess now allows localhost.
2003-02-15 23:26:49 +00:00
Dag-Erling Smørgrav
53fd6d26b2 Use PAM_SUCCESS instead of PAM_IGNORE. 2002-04-15 06:26:32 +00:00
Dag-Erling Smørgrav
24fe7ba0d9 Major cleanup:
- add __unused where appropriate
  - PAM_RETURN -> return since OpenPAM already logs the return value.
  - make PAM_LOG use openpam_log()
  - make PAM_VERBOSE_ERROR use openpam_get_option() and check flags
    for PAM_SILENT
  - remove dummy functions since OpenPAM handles missing service
    functions
  - fix various warnings

Sponsored by:	DARPA, NAI Labs
2002-04-12 22:27:25 +00:00
Ruslan Ermilov
90a9863e16 Moved SHLIB_NAME definition into one place.
Approved by:	des
2002-04-10 18:07:05 +00:00
Mark Murray
b51066a362 Fix for OPIE 2.4. 2002-03-22 09:20:05 +00:00
Ruslan Ermilov
7d1f1e9ca8 mdoc(7) police: fix SYNOPSIS, sort xrefs, kill extra whitespace. 2002-03-18 15:59:53 +00:00
Dag-Erling Smørgrav
f03a4b810a NAI DBA update. 2002-03-14 23:27:59 +00:00
Dag-Erling Smørgrav
519b6a4c8f Switch to OpenPAM. Bump library version. Modules are now versioned, so
applications linked with Linux-PAM will still work.
Remove pam_get_pass(); OpenPAM has pam_get_authtok().
Remove pam_prompt(); OpenPAM has pam_{,v}{error,info,prompt}().
Remove pam_set_item(3) man page as OpenPAM has its own.

Sponsored by:	DARPA, NAI Labs
2002-03-05 21:56:25 +00:00
Dag-Erling Smørgrav
8c66575de8 #include cleanup.
Sponsored by:	DARPA, NAI Labs
2002-02-05 06:08:26 +00:00
Mark Murray
c2065008b5 WARNS=4 fixes. Protect with NO_WERROR for the modules that have
warnings that are hard to fix or that I've been asked to leave alone.
2002-01-24 18:37:17 +00:00
Dag-Erling Smørgrav
ca355e5451 Correctly interpret PAM_RHOST being unset as an indicator of a local
login.

Sponsored by:	DARPA, NAI Labs
2002-01-24 16:18:43 +00:00
Dag-Erling Smørgrav
774a10071d Add an AUTHORS section crediting ThinkSec, DARPA and NAI Labs.
Sponsored by:	DARPA, NAI Labs
2002-01-23 17:16:00 +00:00
Dag-Erling Smørgrav
b0aa095ad0 On second thought, getpwnam() failure should be treated just as if the user
existed, but had no OPIE key, i.e. PAM_IGNORE.

Pointed out by:	ache
Sponsored by:	DARPA, NAI Labs
2002-01-21 19:05:45 +00:00
Dag-Erling Smørgrav
b4b56d051a Return PAM_SERVICE_ERR rather than PAM_USER_UNKNOWN if getpwnam() fails, as
PAM_USER_UNKNOWN will break the chain, revealing to an attacker that the
user does not exist.

Sponsored by:	DARPA, NAI Labs
2002-01-21 18:53:03 +00:00
Dag-Erling Smørgrav
f460490260 Add a new module, pam_opieaccess(8), which is responsible for checking
/etc/opieaccess and ~/.opiealways so we can decide what to do after
pam_opie(8) fails.

Sponsored by:	DARPA, NAI Labs
Reviewed by:	ache, markm
2002-01-21 13:43:53 +00:00