Commit Graph

498 Commits

Author SHA1 Message Date
Sergey Kandaurov
481da845ce Catch up with OpenPAM Nummularia.
This fixes libpam for build32 target to dlopen() pam libraries in /usr/lib32.

Reviewed by:	des (a while ago)
MFC after:	1 week
2013-11-21 20:43:43 +00:00
Dag-Erling Smørgrav
0b2766bd4e Make libldns and libssh private.
Approved by:	re (blanket)
2013-09-08 10:04:26 +00:00
Dag-Erling Smørgrav
ce77a8d692 Update to OpenPAM Nummularia. 2013-09-07 19:43:39 +00:00
Dag-Erling Smørgrav
f7e6344d4a MFV (r255364): move the code around in preparation for Nummularia. 2013-09-07 18:46:35 +00:00
Dag-Erling Smørgrav
ff67676447 Vendor import of OpenPAM Nummularia.. 2013-09-07 16:15:30 +00:00
Dag-Erling Smørgrav
2dd970c2a1 Prepare for OpenPAM Nummularia by reorganizing to match its new directory
structure.
2013-09-07 16:10:15 +00:00
Will Andrews
caf6fbd81a Make the PAM password strength checking module WARNS=2 safe.
lib/libpam/modules/pam_passwdqc/Makefile:
	Bump WARNS to 2.

contrib/pam_modules/pam_passwdqc/pam_passwdqc.c:
	Bump  _XOPEN_SOURCE and _XOPEN_VERSION from 500 to 600
	so that vsnprint() is declared.

	Use the two new union types (pam_conv_item_t and
	pam_text_item_t) to resolve strict aliasing violations
	caused by casts to comply with the pam_get_item() API taking
	a "const void **" for all item types.  Warnings are
	generated for casts that create "type puns" (pointers of
	conflicting sized types that are set to access the same
	memory location) since these pointers may be used in ways
	that violate C's strict aliasing rules.  Casts to a new
	type must be performed through a union in order to be
	compliant, and access must be performed through only one
	of the union's data types during the lifetime of the union
	instance.  Handle strict-aliasing warnings through pointer
	assignments, which drastically simplifies this change.

	Correct a CLANG "printf-like function with more arguments
	than format" error.

Submitted by:	gibbs
Sponsored by:	Spectra Logic
2013-08-27 15:50:26 +00:00
Dag-Erling Smørgrav
d06cb0764e GC unused source file. 2013-08-16 10:53:36 +00:00
Dag-Erling Smørgrav
fb69d3e351 Backport upstream r684 (OPENPAM_DEBUG enables debugging macros but does
not turn debugging on by default) and add OPENPAM_DEBUG to CFLAGS.
2013-04-14 16:49:27 +00:00
Jung-uk Kim
068f3d2f84 Fix declaration vs. definition inconsistency. No functional change. 2013-04-05 23:41:34 +00:00
Eitan Adler
db702c59cf remove duplicate semicolons where possible.
Approved by:	cperciva
MFC after:	1 week
2012-10-22 03:00:37 +00:00
Dag-Erling Smørgrav
a612142b11 Remove unnecessary #include. 2012-09-28 12:29:25 +00:00
Eitan Adler
eae8be706e Bump date missed in r202756
PR:		docs/171624
Submitted by:	bdrewery
Approved by:	gabor
MFC after:	3 days
2012-09-14 17:50:42 +00:00
Dimitry Andric
1843e23c48 Fix an instance in pam_krb5(8), where the variable 'user' could be used
uninitialized.

Found by:	clang 3.2
Reviewed by:	des
MFC after:	1 week
2012-08-06 18:44:59 +00:00
Dimitry Andric
2251b30757 Fix two instances in pam_krb5(8), where the variable 'princ_name' could
be used uninitialized.

Found by:	clang 3.2
Reviewed by:	des
MFC after:	1 week
2012-08-06 18:40:14 +00:00
Doug Rabson
957487515e Add an option for pam_krb5 to allow it to authenticate users which don't have
a local account.

PR:		76678
Submitted by:	daved at tamu.edu
MFC after:	2 weeks
2012-08-05 13:40:35 +00:00
Dag-Erling Smørgrav
2f3ed61901 Update to OpenPAM Micrampelis. 2012-05-26 17:10:16 +00:00
Dag-Erling Smørgrav
8d6900eab8 Passing NULL as a key casues a segfault when loading SSH 1 keys. Use
an empty string instead.
2012-05-26 17:03:45 +00:00
Warren Block
344c81a166 Fixes to man8 groff mandoc style, usage mistakes, or typos.
PR:		168016
Submitted by:	Nobuyuki Koganemaru
Approved by:	gjb
MFC after:	3 days
2012-05-24 02:24:03 +00:00
Jean-Sébastien Pédron
3902d8a991 Fix error messages containing the executed command name
Before, we took the first argument to pam_exec(8). With the addition of
options in front of the command, this could be wrong.

Now, options are parsed before calling _pam_exec() and messages contain
the proper command name.

While here, fix a warning.

Sponsored by:	Yakaz (http://www.yakaz.com)
2012-04-12 14:02:59 +00:00
Eitan Adler
50d675f7a9 Remove trailing whitespace per mdoc lint warning
Disussed with:	gavin
No objection from:	doc
Approved by:	joel
MFC after:	3 days
2012-03-29 05:02:12 +00:00
Jean-Sébastien Pédron
7e3d5c1fca Use program exit status as pam_exec return code (optional)
pam_exec(8) now accepts a new option "return_prog_exit_status". When
set, the program exit status is used as the pam_exec return code. It
allows the program to tell why the step failed (eg. user unknown).
However, if it exits with a code not allowed by the calling PAM service
module function (see $PAM_SM_FUNC below), a warning is logged and
PAM_SERVICE_ERR is returned.

The following changes are related to this new feature but they apply no
matter if the "return_prog_exit_status" option is set or not.

The environment passed to the program is extended:
    o  $PAM_SM_FUNC contains the name of the PAM service module function
       (eg. pam_sm_authenticate).
    o  All valid PAM return codes' numerical values are available
       through variables named after the return code name. For instance,
       $PAM_SUCCESS, $PAM_USER_UNKNOWN or $PAM_PERM_DENIED.

pam_exec return code better reflects what went on:
    o  If the program exits with !0, the return code is now
       PAM_PERM_DENIED, not PAM_SYSTEM_ERR.
    o  If the program fails because of a signal (WIFSIGNALED) or doesn't
       terminate normally (!WIFEXITED), the return code is now
       PAM_SERVICE_ERR, not PAM_SYSTEM_ERR.
    o  If a syscall in pam_exec fails, the return code remains
       PAM_SYSTEM_ERR.

waitpid(2) is called in a loop. If it returns because of EINTR, do it
again. Before, it would return PAM_SYSTEM_ERR without waiting for the
child to exit.

Several log messages now include the PAM service module function name.

The man page is updated accordingly.

Reviewed by:	gleb@, des@
Sponsored by:	Yakaz (http://www.yakaz.com)
MFC after:	2 weeks
2012-03-26 12:18:15 +00:00
Stanislav Sedov
26ec46c8d6 - Avoid using deprecated heimdal functions in pam_krb5. 2012-03-24 01:02:03 +00:00
Stanislav Sedov
bbbc13f8cf - Avoid use of deprecated KRB5 functions. 2012-03-22 11:18:14 +00:00
Stanislav Sedov
ae77177087 - Update FreeBSD Heimdal distribution to version 1.5.1. This also brings
several new kerberos related libraries and applications to FreeBSD:
  o kgetcred(1) allows one to manually get a ticket for a particular service.
  o kf(1) securily forwards ticket to another host through an authenticated
    and encrypted stream.
  o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1)
    and other user kerberos operations. klist and kswitch are just symlinks
    to kcc(1) now.
  o kswitch(1) allows you to easily switch between kerberos credentials if
    you're running KCM.
  o hxtool(1) is a certificate management tool to use with PKINIT.
  o string2key(1) maps a password into key.
  o kdigest(8) is a userland tool to access the KDC's digest interface.
  o kimpersonate(8) creates a "fake" ticket for a service.

  We also now install manpages for some lirbaries that were not installed
  before, libheimntlm and libhx509.

- The new HEIMDAL version no longer supports Kerberos 4.  All users are
  recommended to switch to Kerberos 5.

- Weak ciphers are now disabled by default.  To enable DES support (used
  by telnet(8)), use "allow_weak_crypto" option in krb5.conf.

- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings
  disabled due to the function they use (krb5_get_err_text(3)) being
  deprecated.  I plan to work on this next.

- Heimdal's KDC now require sqlite to operate.  We use the bundled version
  and install it as libheimsqlite.  If some other FreeBSD components will
  require it in the future we can rename it to libbsdsqlite and use for these
  components as well.

- This is not a latest Heimdal version, the new one was released while I was
  working on the update.  I will update it to 1.5.2 soon, as it fixes some
  important bugs and security issues.
2012-03-22 08:48:42 +00:00
Peter Wemm
925c02f9dd Rev 228065 (change bsd.own.mk -> bsd.init.mk) broke pam_unix.so by causing
the LDADD/DPADD to lose the -lpam, and causing openpam_dynamic() to fail
due to "openpam_get_options" being undefined.

This would cause obscure console log messages like:
  openpam_dynamic(): No error: 0
  openpam_load_module(): no pam_unix.so found
and other helpful messages which are no help in diagnosing the problem.

Fortunately this change was not mfc'ed to 9.x, it isn't broken there.
2012-01-18 18:26:56 +00:00
Dag-Erling Smørgrav
7f106882fe Upgrade to OpenPAM Lycopsida. 2011-12-18 17:22:45 +00:00
Max Khon
106235a4b8 .include <bsd.init.mk> instead of <bsd.own.mk>
The former allows common settings from ../Makefile.inc to be used.
2011-11-28 14:01:17 +00:00
Dag-Erling Smørgrav
dcf83bf794 Revert r227841 and part of r227798. We still build libpam in two passes,
but we use STATIC_CFLAGS instead of our own private .c.o rule.

MFC after:	3 weeks
2011-11-24 13:18:58 +00:00
Dag-Erling Smørgrav
e03e3b699e Simplify the libpam build by removing the shared modules' dependency
on the shared library.  The modules are loaded by the library, so we
know it'll be there when we need it.

MFC after:	3 weeks
2011-11-21 16:40:39 +00:00
Dag-Erling Smørgrav
4520e72ebf key_load_private() ignores the passphrase argument if the private key
is unencrypted.  This defeats the nullok check, because it means a
non-null passphrase will successfully unlock the key.

To address this, try at first to load the key without a passphrase.
If this succeeds and the user provided a non-empty passphrase *or*
nullok is false, reject the key.

MFC after:	1 week
Noticed by:	Guy Helmer <guy.helmer@palisadesystems.com>
2011-11-20 15:18:49 +00:00
Ed Schouten
f1b61fc829 Ensure pam_lastlog removes the /dev/ component of the TTY name.
Some consumers of PAM remove the /dev/ component (i.e. login), while
others don't (i.e. su). We must ensure that the /dev/ component is
removed to ensure that the utmpx entries properly work with tools such
as w(1).

Discussed with:	des
MFC after:	1 week
2011-11-07 19:57:42 +00:00
Ed Schouten
82a36aefae Remove an unused variable from pam_unix.
This variable was added in r82352 back in 2001, but even then it didn't
have any use. Because it's not marked static, the C compiler won't
complain about it.

Discussed with:	des
2011-11-05 10:00:29 +00:00
Dag-Erling Smørgrav
23b8f4d84a Note that pam_unix(8) does not respect PAM_CHANGE_EXPIRED_AUTHTOK. 2011-11-02 23:40:21 +00:00
Dag-Erling Smørgrav
907c13d85f Revert the previous commit and add a comment explaining why it was wrong. 2011-10-22 14:08:21 +00:00
Dag-Erling Smørgrav
5acce7d734 openpam_static.c isn't auto-generated. 2011-10-22 04:39:12 +00:00
Dag-Erling Smørgrav
32627537b8 Load the ECDSA key if there is one.
MFC after:	1 week
2011-10-07 12:58:33 +00:00
Dag-Erling Smørgrav
864cac079f Mention the name of the module in warning messages. 2011-03-12 11:26:37 +00:00
Dag-Erling Smørgrav
e84da6fb39 Add "ruser" and "luser" options. The former corresponds to the current
behavior, where the module checks that the supplicant is a member of the
required group.  The latter checks the target user instead.  If neither
option was specified, pam_group(8) assumes "ruser" and issues a warning.
I intend to eventually change the default to "luser" to match the
behavior of similarly-named service modules in other operating systems.

MFC after:	1 month
2011-03-12 11:12:30 +00:00
Dag-Erling Smørgrav
8e391be103 No newline required.
MFC after:	2 weeks
2011-03-09 14:38:00 +00:00
Dag-Erling Smørgrav
beb8ef4a7d Add <time.h> for ctime(), which we accidentally picked up through
<sys/time.h>.

Submitted by:	Garrett Cooper <yanegomi@gmail.com>
MFC after:	3 days
2010-11-22 14:45:16 +00:00
Xin LI
f93beda98a Bump .Dd date.
Forgotten by:	delphij
2010-05-03 09:49:42 +00:00
Martin Matuska
54c7282725 Code indent according to style(9).
PR:		bin/146186
Submitted by:	myself
Approved by:	delphij (mentor)
MFC after:	2 weeks
2010-05-03 07:39:51 +00:00
Martin Matuska
551e75c7af Implement the no_user_check option to pam_krb5.
This option is available in the Linux implementation of pam_krb5
and allows to authorize a user not known to the local system.

Ccache is not used as we don't have a secure uid/gid for the cache file.

Usable for authentication of external kerberos users (e.g Active Directory)
via PAM from applications like Cyrus saslauthd, PHP or perl.

PR:		bin/146186
Submitted by:	myself
Approved by:	deplhij (mentor)
MFC after:	2 weeks
2010-05-03 07:32:24 +00:00
Dag-Erling Smørgrav
b15c83408c Upgrade to OpenSSH 5.4p1.
MFC after:	1 month
2010-03-09 19:16:43 +00:00
Ulrich Spörlein
7729e3ba40 Remove redundant WARNS?=6 overrides and inherit the WARNS setting from
the toplevel directory.

This does not change any WARNS level and survives a make universe.

Approved by:        ed (co-mentor)
2010-03-02 18:44:08 +00:00
Ulrich Spörlein
47e1a877c5 Always assign WARNS using ?=
- fix some nearby style bugs
- include Makefile.inc where it makes sense and reduces duplication

Approved by:	ed (co-mentor)
2010-03-02 16:58:04 +00:00
Ruslan Ermilov
e363756c8f %U was macroized in mdoc(7), escape. 2010-02-16 12:29:02 +00:00
Dag-Erling Smørgrav
cc5c81f89d Respect passwordtime from login.conf if set.
PR:		bin/93473
Submitted by:	Björn König <bkoenig@cs.tu-berlin.de>
MFC after:	1 week
2010-02-02 13:47:18 +00:00
Ed Schouten
0806dd9238 Remove stale references to utmp(5) and its corresponding filenames.
I removed utmp and its manpage, but not other manpages referring to it.
2010-01-21 17:25:12 +00:00