freebsd-dev

Author	SHA1	Message	Date
Dag-Erling Smørgrav	7b733689a3	Prompt for new password during update phase, not during preliminary phase. Sponsored by: DARPA, NAI Labs	2002-04-15 03:00:14 +00:00
Dag-Erling Smørgrav	ff1bc287ac	Dike out most of the NIS code and replace it with calls to libypclnt. Rework pam_sm_chauthtok() so it (mostly?) works. The standard pw stuff still needs to move into a library somewhere. Sponsored by: DARPA, NAI Labs	2002-04-15 02:34:43 +00:00
Dag-Erling Smørgrav	f2b9b94ab4	pam_passwdqc builds now.	2002-04-14 22:31:36 +00:00
Dag-Erling Smørgrav	81a587f467	More recent versions of pam_passwdqc (not yet released) build with very few warnings.	2002-04-14 18:48:57 +00:00
Dag-Erling Smørgrav	a358391f59	New files in OpenPAM Cineraria. Sponsored by: DARPA, NAI Labs	2002-04-14 18:30:27 +00:00
Dag-Erling Smørgrav	db4b82edde	Cosmetic nit.	2002-04-14 18:30:03 +00:00
Dag-Erling Smørgrav	b6bd548cdc	Cast a ptrdiff_t to int before using it as a printf field width.	2002-04-14 16:44:04 +00:00
Dag-Erling Smørgrav	2f6ee8eb7e	Change \|\| into && (braino in previous commit). Also append \n to the error message.	2002-04-13 06:14:30 +00:00
Dag-Erling Smørgrav	24fe7ba0d9	Major cleanup: - add __unused where appropriate - PAM_RETURN -> return since OpenPAM already logs the return value. - make PAM_LOG use openpam_log() - make PAM_VERBOSE_ERROR use openpam_get_option() and check flags for PAM_SILENT - remove dummy functions since OpenPAM handles missing service functions - fix various warnings Sponsored by: DARPA, NAI Labs	2002-04-12 22:27:25 +00:00
Dag-Erling Smørgrav	95ca4cb3f6	Add a pam_rhosts module, loosely based on code submitted by Danny Braniss. Submitted by: Danny Braniss <danny@cs.huji.ac.il> Sponsored by: DARPA, NAI Labs	2002-04-12 20:10:18 +00:00
Dag-Erling Smørgrav	fd994fa945	Rename the even_root option to allow_root. Sponsored by: DARPA, NAI Labs	2002-04-12 20:05:27 +00:00
Ruslan Ermilov	a60a1ea33b	Reimplement the hack to put pam_static.o into .depend with some magic.	2002-04-11 12:21:16 +00:00
Ruslan Ermilov	90a9863e16	Moved SHLIB_NAME definition into one place. Approved by: des	2002-04-10 18:07:05 +00:00
Ruslan Ermilov	196f4c26f4	Fixed broken "make depend; make clean; make all" sequence. I've looked for this example for a long time, to demonstrate some people why it's a really BAD idea to use ${.OBJDIR} instead of ".". I hope these people are reading this. :-) Approved by: des	2002-04-10 18:00:32 +00:00
Ruslan Ermilov	e348eb5318	Fix broken `checkdpadd'. -lroken is an installable library, there's no need to give an explicit path to it. In any case, -L paths should be specified in LDFLAGS if needed. Approved by: des	2002-04-10 17:53:43 +00:00
Ruslan Ermilov	f5ef4bac45	Don't override standard _EXTRADEPEND actions, add to them. Fix CLEANFILES. Collapse openpam_static_modules.o generation.	2002-04-10 17:46:59 +00:00
Dag-Erling Smørgrav	2270ac91b4	Remove debugging code that was inadvertantly brought in by previous commit.	2002-04-08 12:41:08 +00:00
Dag-Erling Smørgrav	eafd17c552	Use OpenPAM's credential switching functions. Sponsored by: DARPA, NAI Labs	2002-04-08 12:38:50 +00:00
Dag-Erling Smørgrav	f6363a1814	Add new files and man pages from OpenPAM Cinchona. Sponsored by: DARPA, NAI Labs	2002-04-08 12:34:53 +00:00
Dag-Erling Smørgrav	2bca1ead9a	Remove commented-out WARNS thingy.	2002-04-08 12:33:48 +00:00
Ruslan Ermilov	f2f306b622	Align for const poisoning in -lutil.	2002-04-08 11:07:51 +00:00
Dag-Erling Smørgrav	50000f00df	Reorganize pam_sm_authenticate() to reduce code duplication. Sponsored by: DARPA, NAI Labs	2002-04-07 21:18:18 +00:00
Dag-Erling Smørgrav	a8b1e59eb2	Fix bug in previous commit that passed the wrong default value to login_getcapstr(3). Also fix a longer-standing bug (login_close(3) frees the string returned by login_getcapstr(3)) by reorganizing the code a little, and use login_getpwclass(3) instead of login_getclass(3) if we already have a struct pwd. Sponsored by: DARPA, NAI Labs	2002-04-07 20:43:27 +00:00
Dag-Erling Smørgrav	9db21c5fd1	This one needs NO_WERROR too.	2002-04-07 12:53:58 +00:00
Dag-Erling Smørgrav	92c07aa880	Turn on NO_WERROR due to namespace pollution in krb5 headers.	2002-04-07 04:44:16 +00:00
Dag-Erling Smørgrav	111ccd256c	Aggressive cleanup of warnings + authtok-related code in preparation for PAMifying passwd(1). Sponsored by: DARPA, NAI Labs.	2002-04-06 19:30:04 +00:00
Dag-Erling Smørgrav	18006b1ab8	Disconnect pam_passwdqc for now, it has some issues that need resolving.	2002-04-06 19:25:36 +00:00
Dag-Erling Smørgrav	4004c08e79	Fix some style issues, a const warning, and abuse of PAM_ABORT. Sponsored by: DARPA, NAI Labs	2002-04-06 14:25:04 +00:00
Dag-Erling Smørgrav	40b93e6278	Remove some duplicate free()s and add some that were missing. Submitted by: tmm	2002-04-05 20:00:05 +00:00
Dag-Erling Smørgrav	f8334e0084	pam_get_pass() -> pam_get_authtok()	2002-04-05 10:49:45 +00:00
Dag-Erling Smørgrav	8f85b6caad	Upgrade to something quite close, but not identical, to version 1.6 of Andrew Korty's pam_ssh. The most notable difference is that this uses commas rather than colons to separate items in the "keyfiles" option. Sponsored by: DARPA, NAI Labs	2002-04-04 18:45:21 +00:00
Dag-Erling Smørgrav	2b814c7ea1	Add pam_passwdqc to the build. Sponsored by: DARPA, NAI Labs	2002-04-04 16:08:28 +00:00
Mark Murray	b51066a362	Fix for OPIE 2.4.	2002-03-22 09:20:05 +00:00
Ruslan Ermilov	7d1f1e9ca8	mdoc(7) police: fix SYNOPSIS, sort xrefs, kill extra whitespace.	2002-03-18 15:59:53 +00:00
Ruslan Ermilov	b6b2be6fbe	mdoc(7) police: nits.	2002-03-18 15:55:53 +00:00
Ruslan Ermilov	8ce6622380	mdoc(7) police: sort xrefs, kill extra whitespace.	2002-03-18 15:52:28 +00:00
Crist J. Clark	51906f452e	Fix world breakage introduced by my recent modifications to chpass(8). The relations between libc, libpam, chpass, passwd, and vipw are a mess and probably should be cleaned up. Submitted by: Peter Pentchev <roam@ringlet.net>	2002-03-18 12:55:28 +00:00
Ruslan Ermilov	a68af001da	mdoc(7) police: tiny fixes.	2002-03-15 18:09:32 +00:00
Ruslan Ermilov	3e5aa36e12	mdoc(7) police: expand contractions.	2002-03-15 18:06:25 +00:00
Dag-Erling Smørgrav	f03a4b810a	NAI DBA update.	2002-03-14 23:27:59 +00:00
Mark Murray	8c3ea588df	Remove the use of random(3), and encapsulate the salt-generation in its own function. The use of arc4random(3) is hopeless overkill here, but that does not hurt anything. Requested by: ache	2002-03-14 16:41:36 +00:00
Maxim Sobolev	f651c1533c	Don't ignore system CFLAGS.	2002-03-07 16:56:19 +00:00
Mark Murray	3556489a52	Fix build for OpenPAM. The directories needed tweeking.	2002-03-07 16:03:56 +00:00
Dag-Erling Smørgrav	38ca451d39	This file is not needed any more	2002-03-07 12:03:50 +00:00
Brian Feldman	30da7e6299	Now pam_alreadyloggedin lives in the ports.	2002-03-07 02:23:19 +00:00
Brian Feldman	c53dd30bb3	Add the pam_alreadyloggedin(8) module, which allows for authentication based on information that the user is already logged in. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs	2002-03-06 18:21:28 +00:00
Peter Pentchev	8a177c636f	Unbreak the pam_krb5 build: cast a couple of const pointers to normal char *. A better fix might be some const'ifying of the Heimdal code, but this will do to fix the build for the present. Approved by: des	2002-03-06 16:49:02 +00:00
Dag-Erling Smørgrav	e0dd4a7813	Add forgotten NOPROFILE that broke world.	2002-03-06 12:11:05 +00:00
Dag-Erling Smørgrav	519b6a4c8f	Switch to OpenPAM. Bump library version. Modules are now versioned, so applications linked with Linux-PAM will still work. Remove pam_get_pass(); OpenPAM has pam_get_authtok(). Remove pam_prompt(); OpenPAM has pam_{,v}{error,info,prompt}(). Remove pam_set_item(3) man page as OpenPAM has its own. Sponsored by: DARPA, NAI Labs	2002-03-05 21:56:25 +00:00
Dag-Erling Smørgrav	e3cd129613	Add missing dependency on libutil.	2002-03-05 12:52:03 +00:00
Maxim Sobolev	c80f5647cb	Create /var/log/lastlog if it doesn't exist. Submitted by: des	2002-02-20 07:47:06 +00:00
Dag-Erling Smørgrav	7f28386a26	This file needs <syslog.h>. Sponsored by: DARPA, NAI Labs	2002-02-09 14:12:09 +00:00
Ruslan Ermilov	e47a40e7f7	Now that cross-tools ld(1) has been fixed to look for dynamic dependencies in the correct place, record the fact that -lssh depends on -lcrypto and -lz. Removed false dependencies on -lz (except ssh(1) and sshd(8)). Removed false dependencies on -lcrypto and -lutil for scp(1). Reviewed by: markm	2002-02-08 13:42:58 +00:00
Mark Murray	30577d19fa	Remove NO_WERROR, now that WARNS=n is gone.	2002-02-06 18:46:48 +00:00
Mark Murray	427e2d5c02	Comment out the WARNS= so as to not trample all over the GCC3 work.	2002-02-06 18:14:59 +00:00
Dag-Erling Smørgrav	04f71c5352	Three times lucky: <stddef.h>, not <sys/param.h>	2002-02-05 08:01:32 +00:00
Dag-Erling Smørgrav	93cf4c1be3	Oops, the correct header to include for NULL is <sys/param.h>.	2002-02-05 07:53:00 +00:00
Dag-Erling Smørgrav	0ae5018b3e	#include <sys/types.h> for NULL (hidden by Linux-PAM header pollution) Sponsored by: DARPA, NAI Labs	2002-02-05 06:20:27 +00:00
Dag-Erling Smørgrav	8c66575de8	#include cleanup. Sponsored by: DARPA, NAI Labs	2002-02-05 06:08:26 +00:00
Mark Murray	34b28989d1	Explicitly declare (gcc internal) functions. Submitted by: ru	2002-02-04 17:59:25 +00:00
Dag-Erling Smørgrav	12b6e9a089	ssh_get_authentication_connection() gets its parameters from environment variables, so temporarily switch to the PAM environment before calling it. Submitted by: Takanori Saneto <sanewo@ba2.so-net.ne.jp>	2002-02-04 17:15:44 +00:00
Mark Murray	95641278ef	Protect "make buildworld" against -Werror, as this module does not build cleanly.	2002-02-04 16:09:25 +00:00
Mark Murray	21e5d74291	Add the other half of the salt-generating code. No functional difference except that the salt is slightly harder to build dictionaries against, and the code does not use srandom[dev]().	2002-02-04 00:28:54 +00:00
Mark Murray	63d770d8ea	Turn on fascist warning mode.	2002-02-03 15:51:52 +00:00
Mark Murray	ac5699692e	WARNS=n fixes (and some stylistic issues).	2002-02-03 15:17:57 +00:00
Dag-Erling Smørgrav	59057a6d6f	Remove an unnecessary #include that trips up OpenPAM. The header in question is an internal Linux-PAM header which shouldn't be used outside Linux-PAM itself, and has absolutely zero effect on pam_ftp. Sponsored by: DARPA, NAI Labs MFC after: 1 week	2002-02-02 17:51:39 +00:00
Dag-Erling Smørgrav	ab50ade43c	Post-repocopy cleanup. Sponsored by: DARPA, NAI Labs	2002-02-01 22:25:07 +00:00
Dag-Erling Smørgrav	2d0a7148b6	Connect the pam_lastlog(8) and pam_login_access(8) modules to the build. Sponsored by: DARPA, NAI Labs	2002-02-01 08:49:53 +00:00
Dag-Erling Smørgrav	c60ed00a43	Still with asbestos longjohns on, completely PAMify login(1) and remove code made redundant by various PAM modules (primarily pam_unix(8)). Sponsored by: DARPA, NAI Labs	2002-01-30 19:10:21 +00:00
Dag-Erling Smørgrav	e9cc7b1d92	With asbestos longjohns on, integrate most of the checks normally done by login(1) (password & account expiry, hosts.access etc.) into pam_unix(8). Sponsored by: DARPA, NAI Labs	2002-01-30 19:09:11 +00:00
Dag-Erling Smørgrav	a2d20838b0	Move the code from pam_sm_authenticate() to pam_sm_acct_mgmt(). Simplify it a little and try to make it more resilient to various possible failure conditions. Change the man page accordingly, and take advantage of this opportunity to simplify its language. Sponsored by: DARPA, NAI Labs	2002-01-30 19:03:16 +00:00
Mark Murray	c2065008b5	WARNS=4 fixes. Protect with NO_WERROR for the modules that have warnings that are hard to fix or that I've been asked to leave alone.	2002-01-24 18:37:17 +00:00
Dag-Erling Smørgrav	f748a713da	PAM modules shouldn't call putenv(); pam_putenv() is sufficient. The caller is supposed to check the PAM envlist and export the variables it contains; if it doesn't, it's broken. Sponsored by: DARPA, NAI Labs	2002-01-24 17:26:27 +00:00
Dag-Erling Smørgrav	9201dc40bf	Change the order in which pam_sm_open_session() updates the logs. This doesn't really make any difference, except it matches wtmp(5) better. Don't do anything in pam_sm_close_session(); init(8) will take care of utmp and wtmp when the tty is released. Clearing them here would make it possible to create a ghost session by logging in, running 'login -f $USER' and exiting the subshell. Sponsored by: DARPA, NAI Labs (but the bugs are all mine)	2002-01-24 17:15:04 +00:00
Dag-Erling Smørgrav	ca355e5451	Correctly interpret PAM_RHOST being unset as an indicator of a local login. Sponsored by: DARPA, NAI Labs	2002-01-24 16:18:43 +00:00
Dag-Erling Smørgrav	d233082fbe	Correctly interpret PAM_RHOST being unset as an indicator of a local login.	2002-01-24 16:16:01 +00:00
Dag-Erling Smørgrav	e4536f1138	Style nits. Sponsored by: DARPA, NAI Labs	2002-01-24 16:14:56 +00:00
Dag-Erling Smørgrav	f433d6afed	Document the even_root option. Sponsored by: DARPA, NAI Labs	2002-01-24 13:35:06 +00:00
Dag-Erling Smørgrav	76f95f4dc2	Don't let root through unless the "even_root" option was specified. Sponsored by: DARPA, NAI Labs	2002-01-24 12:47:42 +00:00
Dag-Erling Smørgrav	16e058b5d6	Add a PAM module that records sessions in utmp/wtmp/lastlog. Sponsored by: DARPA, NAI Labs	2002-01-24 09:45:17 +00:00
Dag-Erling Smørgrav	c2d5249eaf	Fix some pastos. Rather shoddy of me... Sponsored by: DARPA, NAI Labs	2002-01-24 09:44:22 +00:00
Dag-Erling Smørgrav	53f3167d07	Add a PAM module that provides an account management component for checking either PAM_RHOST or PAM_TTY against /etc/login.access.o This uncovers a problem with PAM_RHOST, in that if we always set it, there is no way to distinguish between a user logging in locally and a user logging in using 'ssh localhost'. This will be fixed by first making sure that all PAM modules can handle PAM_RHOST being unset (which is currently not the case), and then modifying su(1) and login(1) to not set it for local logins. Sponsored by: DARPA, NAI Labs	2002-01-23 17:42:16 +00:00
Dag-Erling Smørgrav	774a10071d	Add an AUTHORS section crediting ThinkSec, DARPA and NAI Labs. Sponsored by: DARPA, NAI Labs	2002-01-23 17:16:00 +00:00
Ruslan Ermilov	0509dca0c3	Add pam_ssh support to the static PAM library, libpam.a: - Spam /usr/lib some more by making libssh a standard library. - Tweak ${LIBPAM} and ${MINUSLPAM}. - Garbage collect unused libssh_pic.a. - Add fake -lz dependency to secure/ makefiles needed for dynamic linkage with -lssh. Reviewed by: des, markm Approved by: markm	2002-01-23 15:54:17 +00:00
Dag-Erling Smørgrav	b6b756b58b	Base the comparison on UIDs, not on user names. Sponsored by: DARPA, NAI Labs	2002-01-23 15:16:01 +00:00
Ruslan Ermilov	fd4ca9e02d	Make libssh.so useable (undefined reference to IPv4or6). Reviewed by: des, markm Approved by: markm	2002-01-23 15:06:47 +00:00
Dag-Erling Smørgrav	1e22a4f048	Link pam_opieaccess, pam_self and pam_ssh into the static library. Sponsored by: DARPA, NAI Labs	2002-01-21 20:43:01 +00:00
Dag-Erling Smørgrav	b0aa095ad0	On second thought, getpwnam() failure should be treated just as if the user existed, but had no OPIE key, i.e. PAM_IGNORE. Pointed out by: ache Sponsored by: DARPA, NAI Labs	2002-01-21 19:05:45 +00:00
Dag-Erling Smørgrav	b4b56d051a	Return PAM_SERVICE_ERR rather than PAM_USER_UNKNOWN if getpwnam() fails, as PAM_USER_UNKNOWN will break the chain, revealing to an attacker that the user does not exist. Sponsored by: DARPA, NAI Labs	2002-01-21 18:53:03 +00:00
Dag-Erling Smørgrav	03adba96a0	Further changes to allow enabling pam_opie(8) by default: - Ignore the {try,use}_first_pass options by clearing PAM_AUTHTOK before challenging the user. These options are meaningless for pam_opie(8) since the user can't possibly know the right response before she sees the challenge. - Introduce the no_fake_prompts option. If this option is set, pam_opie(8) will fail - rather than present a bogus challenge - if the target user does not have an OPIE key. With this option, users who haven't set up OPIE won't have to wonder what that "weird otp-md5 s**t" means :) Reviewed by: ache, markm Sponsored by: DARPA, NAI Labs	2002-01-21 18:46:25 +00:00
Dag-Erling Smørgrav	f460490260	Add a new module, pam_opieaccess(8), which is responsible for checking /etc/opieaccess and ~/.opiealways so we can decide what to do after pam_opie(8) fails. Sponsored by: DARPA, NAI Labs Reviewed by: ache, markm	2002-01-21 13:43:53 +00:00
Andrey A. Chernov	186caeedcb	snprintf bloat -> strlcpy Add getpwnam return check Approved by: des, markm	2002-01-20 20:56:47 +00:00
Andrey A. Chernov	0b836dfaf1	Back out recent changes	2002-01-19 18:03:11 +00:00
Andrey A. Chernov	6874115893	If user not exist in OPIE system, return failure immediately instead of producing fake prompts with random numbers which can be detected by potential intruder in two tries and totally confuse non-OPIE users.	2002-01-19 10:09:05 +00:00
Andrey A. Chernov	3195cd6712	Back out second right-now-expired password check in pam_sm_chauthtok, old expired password assumed there	2002-01-19 09:23:36 +00:00
Andrey A. Chernov	012400dfcd	Previous commit was incomplete, use new error code PAM_CRED_ERR to indicate die case, different from PAM_SUCCESS and PAM_AUTH_ERR	2002-01-19 08:36:47 +00:00
Andrey A. Chernov	d97cc81fa4	Rewrite 'pwok' fallback in the way it can be properly chained with pam_unix Replace snprintf %s with strlcpy Check for NULL returned from getpwnam()	2002-01-19 07:23:48 +00:00
Andrey A. Chernov	c8e3fac7a1	Add yet one expired-right-now password check, in pam_sm_chauthtok srandomdev() can't be used in libraries, replace srandomdev()+random() by arc4random()	2002-01-19 04:58:51 +00:00
Andrey A. Chernov	8c70adab72	Set pwok to 1 for non-OPIE users	2002-01-19 03:31:39 +00:00
Andrey A. Chernov	d54c36388e	Add missing check for right-now-expired password	2002-01-19 02:45:24 +00:00
Andrey A. Chernov	3f9a326a7a	Implement 'pwok', i.e. conditional fallback to unix password as supposed by opieaccessfile() and opiealways()	2002-01-19 02:38:43 +00:00
Bruce Evans	b2035c2b74	Fixed a missing "const".	2001-12-28 20:59:44 +00:00
Ruslan Ermilov	7f432ff831	mdoc(7) police: bump document date.	2001-12-14 13:49:28 +00:00
David Malone	9f5b04e925	Style improvements recommended by Bruce as a follow up to some of the recent WARNS commits. The idea is: 1) FreeBSD id tags should follow vendor tags. 2) Vendor tags should not be compiled (though copyrights probably should). 3) There should be no blank line between including cdefs and __FBSDIF.	2001-12-10 21:13:08 +00:00
Dag-Erling Smørgrav	18a85de04b	Back out previous commit. Requested by: ru	2001-12-09 15:11:55 +00:00
Ruslan Ermilov	945b9f4de9	mdoc(7) police: sort xrefs.	2001-12-08 16:28:20 +00:00
Dag-Erling Smørgrav	bdd601a1e3	Get pam_mod_misc.h from .CURDIR rather than .OBJDIR or /usr/include. Sponsored by: DARPA, NAI Labs	2001-12-07 11:51:47 +00:00
Dag-Erling Smørgrav	47c8f6faec	Now that _pam_init_handlers() works as intended, it seems clear that we do not actually want to define PAM_READ_BOTH_CONFS, so back out previous commit. Sponsored by: DARPA, NAI Labs	2001-12-07 00:38:37 +00:00
Dag-Erling Smørgrav	a45af0e2b0	We need pam_client.h from libpamc. This unbreaks world Pointed out by: jhay Pointy hat to: des	2001-12-06 12:35:18 +00:00
Dag-Erling Smørgrav	87316434d1	Define PAM_READ_BOTH_CONFS. We can now have both /etc/pam.d and /etc/pam.conf. Sponsored by: DARPA, NAI Labs	2001-12-05 17:06:16 +00:00
Dag-Erling Smørgrav	bda74fe925	Install the correct version of pam_misc.h. Sponsored by: DARPA, NAI Labs	2001-12-05 16:27:41 +00:00
Dag-Erling Smørgrav	8d3978c115	Add dummy functions for all module types. These dummies return PAM_IGNORE rather than PAM_SUCCESS, so you'll get a failure if you list dummies but no real modules for a particular module chain. Sponsored by: DARPA, NAI Labs	2001-12-05 16:06:35 +00:00
Dag-Erling Smørgrav	d5a8dd3fb5	Connect the man page to the build. Sponsored by: DARPA, NAI Labs	2001-12-05 16:02:50 +00:00
Dag-Erling Smørgrav	e2c8459e85	Add a pam_self authentication module that succeeds if and only if the local and remote user names are the same. Sponsored by: DARPA, NAI Labs	2001-12-05 15:55:14 +00:00
Mark Murray	1a8b24c257	Use __FBSDID(). Also do a bit of cosmetic #if and header-order cleaning-up.	2001-12-02 20:54:57 +00:00
Mark Murray	d2f6cd8fd5	Style fixups. Sort function declarations, includes. Make consistent WRT use of _P() macro (ugh!) Inspired by: bde	2001-12-01 21:12:04 +00:00
Mark Murray	e317b97026	WARNS=2 fixes. Reviewed by: bde (a while back)	2001-12-01 17:46:46 +00:00
Brian Feldman	7d8cee925b	Fix pam_ssh by adding an IPv4or6 (evidently, this was broken by my last OpenSSH import) declaration and strdup(3)ing a value which is later free(3)d, rather than letting the system try to free it invalidly.	2001-11-29 21:16:11 +00:00
Dag-Erling Smørgrav	ca7e26e312	Mdoc police. Submitted by: ru	2001-11-28 10:07:21 +00:00
Ruslan Ermilov	60c6736148	mdoc(7) police: fix one pam_unix(8) left-over, sort xrefs.	2001-11-28 09:25:03 +00:00
Dag-Erling Smørgrav	6a13dede6c	Add a pam_set_item(3) man page with an MLINK to pam_get_item(3). PR: docs/32294 Sponsored by: DARPA, NAI Labs MFC after: 3 days	2001-11-27 15:36:35 +00:00
Dag-Erling Smørgrav	b4a475937b	Create a pam_ssh(8) man page, based on a repo-copy of pam_unix(8). License modified with original author's permission. Sponsored by: DARPA, NAI Labs	2001-11-27 00:57:50 +00:00
Dag-Erling Smørgrav	d65e5dfa59	Document the local_pass and nis_pass options, add a few xrefs, and reorder the SEE ALSO section. License modified with original author's permission. Sponsored by: DARPA, NAI Labs	2001-11-27 00:53:10 +00:00
Dima Dorfman	a48060a2f7	Spelling police: sucessful -> successful.	2001-11-24 23:41:32 +00:00
Maxim Sobolev	bc3a4bf55d	Don't put an extra space after password prompts, because it violates POLA, makes FreeBSD inconsistent with previous releases and "other unices" as well as with some internal password-asking services (e.g. ftp) within the same release.	2001-10-25 15:51:50 +00:00
Mark Murray	ce1e0bbc8f	Add library exposed by KDE's use if this module.	2001-10-18 20:05:20 +00:00
Matthew Dillon	ceaf33f537	Add __FBSDID()s to libpam	2001-09-30 22:11:06 +00:00
Mark Murray	6e925e8fc7	1) repair the return value in the PAM_RETURN() macro (Side effects!!). 2) canonicalise the options use in pam_options(). Submitted by: Gunnar Kreitz <gunnark@chello.se> PR: 30250	2001-09-04 17:05:08 +00:00
Mark Murray	a41ad3fca9	Introduce a "noroot_ok" option to make this module ignore authentications to a non-superuser if required.	2001-08-26 18:09:00 +00:00
Mark Murray	f96b705fa7	Introduce better logging, error reporting and use of login_cap data.	2001-08-26 18:05:35 +00:00
Mark Murray	76f4a6fd79	Add extra logging detail. This needs a more general solution.	2001-08-26 17:57:44 +00:00
Mark Murray	3d55a6c083	Big module makeover; improve logging, standardise variable names, introduce ability to change passwords for both "usual" Unix methods and NIS.	2001-08-26 17:41:13 +00:00
Mark Murray	47965f01dd	Add 'try_mapped_pass' standard option. Asked for by: lukeh@PADL.COM	2001-08-20 12:43:19 +00:00
Mark Murray	ca0bdcdd29	Document the no_warn option.	2001-08-15 20:05:33 +00:00
Mark Murray	b5507a38bc	Fix a couple of cross-references to reflect the reality of the module.	2001-08-15 20:03:26 +00:00
Mark Murray	537db85291	Fix: /usr/src/lib/libpam/modules/pam_ssh/pam_ssh.c has couple of bugs which cause: 1) xdm dumps core 2) ssh1 private key is not passed to ssh-agent 3) ssh2 RSA key seems not handled properly (just a guess from source) 4) ssh_get_authentication_connectionen() fails to get connection because of SSH_AUTH_SOCK not defined. PR: 29609 Submitted by: Takanori Saneto <sanewo@ba2.so-net.ne.jp>	2001-08-11 12:37:55 +00:00
Mark Murray	3938427761	Clean up this module very extensively. Fix the logging, the coding standards and the option handling. This module is now much more easy to maintain as a part of the FreeBSD tree.	2001-08-10 19:24:34 +00:00
Mark Murray	530ebf8e0a	Code clean up; make logging same as other modules and fix warnings.	2001-08-10 19:21:45 +00:00
Mark Murray	34beb374a2	General code clean-up. Sort out warnings, and make the warning and logging work the same as other modules.	2001-08-10 19:18:52 +00:00
Mark Murray	0fa107a3cb	Simplify code. Also verbose logging, verbose overridable error reporting.	2001-08-10 19:15:48 +00:00
Mark Murray	65550d9b5a	Verbose logging, overridable verbose error reporting.	2001-08-10 19:12:59 +00:00
Mark Murray	b04259a5cf	Module clean-up. Verbose logging, Overridable verbose error reporting, FreeBSD pam_prompt() usage to simplify conversation function usage.	2001-08-10 19:10:43 +00:00
Mark Murray	2108fbd748	Verbosely (overridable) report failure to the user.	2001-08-10 19:07:45 +00:00
Mark Murray	ceca323626	Use the FreeBSD pam_prompt() interface to the conversation function instead of home-rolling it. Clean up debugging code and tidy the module.	2001-08-10 19:05:57 +00:00
Mark Murray	3a9cdcb91f	Verbosely report errors to the user (overridable), and make sure that the correct failure mode is reported.	2001-08-10 19:02:21 +00:00
Mark Murray	27b9f9d4a3	Fix broken logic so that this actually works for the superuser. Verbosely log (properly). Verbosely report errors to the user.	2001-08-10 14:21:58 +00:00
Mark Murray	cfa285d9e4	Rework this to prevent a nasty problem involving different modules' option interacting with each other.	2001-08-10 14:16:47 +00:00
Mark Murray	0b2e8123ef	Declare the new user-error reporting macro. This is a macro to allow use of the __FILE__ and __FUNCTION__ macros.	2001-08-10 14:15:00 +00:00
Mark Murray	a56dfc9b23	Add a routine for providing feedback via the conversation mechanism (usually to stderr) for user-reportable errors.	2001-08-10 14:13:16 +00:00
Mark Murray	13cde2748e	Fix style/consistency in Makefile and repair static module building. Submitted by: bde(partially)	2001-08-04 21:51:14 +00:00

1 2 3 4 5 ...

346 Commits