d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
130,367 Commits 72 Branches 135 Tags 3.2 GiB
c0e767f9dd
Commit Graph

422 Commits

Author SHA1 Message Date
Pawel Jakub Dawidek
d154a420f7 Send not only Access Request, but also Access Challenge with defined 
NAS-Identifier and NAS-IP-Address.

Reviewed by:	bz
MFC after:	1 month
 2007-01-20 08:52:04 +00:00
Dag-Erling Smørgrav
1cede0c9bd childerr needs to be volatile so gcc won't optimize it away. 
PR:		bin/85830
MFC after:	1 week
 2006-11-10 23:33:25 +00:00
Ruslan Ermilov
5429f49079 The pam_unix module also provides password management. 
PR:		docs/93491
Submitted by:	Lior Kadosh
MFC after:	3 days
 2006-10-12 15:00:17 +00:00
Ruslan Ermilov
cf15fbb46a Fix build. 2006-09-30 20:33:42 +00:00
Dag-Erling Smørgrav
f63ebe36f6 Reject user with names that are longer than OPIE is willing to deal with; 
otherwise OPIE will happily truncate it.

Spotted by:	ghelmer
MFC after:	2 weeks
 2006-09-15 13:42:38 +00:00
Joel Dahl
cec65ede6c Bump .Dd. 
Noticed by:	danger
 2006-09-13 18:34:32 +00:00
Joel Dahl
3e1f331553 Remove references to the pam(8) manual page. It does not exist. 
Requested by:	novel
Discussed with:	brueffer, simon
 2006-09-13 17:46:20 +00:00
Dag-Erling Smørgrav
f5e30bd1ff Additional debugging stuff I had in my tree. 2006-08-11 17:03:33 +00:00
Stefan Farfeleder
c67bd97df8 Change the GCC specific __FUNCTION__ to C99's __func__. 
OK'ed by:	des
 2006-07-17 11:48:52 +00:00
Dag-Erling Smørgrav
9fd9594daf Add a manual dependency on ssh_namespace.h. 
Discussed with:	ru
 2006-05-13 21:38:16 +00:00
Dag-Erling Smørgrav
ed22e27d8a Introduce a namespace munging hack inspired by NetBSD to avoid polluting 
the namespace of applications which inadvertantly link in libssh (usually
through pam_ssh)

Suggested by:	lukem@netbsd.org
MFC after:	6 weeks
 2006-05-13 13:47:45 +00:00
Wojciech A. Koszek
2ecd560bcc There is no need to pass NULL to the pam_error() as the last argument. 
Remove it.

Reviewed by:	des
Approved by:	cognet (mentor)
 2006-03-20 16:56:08 +00:00
Ruslan Ermilov
c365539d86 Fix build until I find a way to handle this case properly. 2006-03-19 08:52:49 +00:00
Ruslan Ermilov
9e7c92716b Revert last delta. 2006-03-19 06:14:30 +00:00
Poul-Henning Kamp
371b1253c9 Comment out MK_PROFILE until ru@ can fix this properly 2006-03-19 04:49:11 +00:00
Ruslan Ermilov
5740a2b62d Convert NO_PROFILE and NO_LIB32 to new style. 2006-03-18 21:37:05 +00:00
Ruslan Ermilov
e1fe3dba5c Reimplementation of world/kernel build options. For details, see: 
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html

The src.conf(5) manpage is to follow in a few days.

Brought to you by:	imp, jhb, kris, phk, ru (all bugs are mine)
 2006-03-17 18:54:44 +00:00
Yaroslav Tykhiy
4df7b351e2 Add appropriate xrefs. 
MFC after:	3 days
 2006-03-06 13:15:12 +00:00
Yaroslav Tykhiy
08284aaa25 Since the whole login.access feature has moved to PAM, 
login.access.5 will be installed from the respective PAM
module's src directory.

MFC after:	3 days
 2006-03-06 12:31:25 +00:00
Yaroslav Tykhiy
5c042d7b07 Sync with src/usr.bin/login/login.access.5. 
src/usr.bin/login/login.access.5 should be removed from use
because the whole login.access feature has moved to this PAM
module.

MFC after:	3 days
 2006-03-06 12:26:43 +00:00
Ruslan Ermilov
ce8bf81ff2 Commenting out WARNS actually brought it up to 4. 2005-09-28 14:36:16 +00:00
Dag-Erling Smørgrav
40e48f9362 Comment out WARNS, the OpenSSL headers don't compile cleanly on some platforms. 2005-09-28 06:23:47 +00:00
Dag-Erling Smørgrav
f8ac10df9f Increase WARNS. 2005-09-26 20:34:09 +00:00
Dag-Erling Smørgrav
bd43956b81 Correct the logic for determining whether the user has already entered 
a password.  Also, work around some harmless type pun warnings.

MFC after:	3 days
 2005-09-26 20:33:53 +00:00
Dag-Erling Smørgrav
c777c69bdc Do not use passphraseless keys for authentication unless the nullok 
option was specified.

PR:		bin/81231
Submitted by:	"Daniel O'Connor" <doconnor@gsoft.com.au>
MFC after:	3 days
 2005-09-22 05:35:24 +00:00
Dag-Erling Smørgrav
ea174c52f5 Narrow the use of user credentials. 
Fix one case where openpam_restore_cred() might be called twice in a row.

MFC after:	3 days
 2005-09-21 16:08:40 +00:00
Colin Percival
25284732cd When (re)allocating space for an array of pointers to char, use 
sizeof(*list), not sizeof(**list).  (i.e., sizeof(pointer) rather than
sizeof(char)).

It is possible that this buffer overflow is exploitable, but it was
added after RELENG_5 forked and hasn't been MFCed, so this will not
receive an advisory.

Submitted by:	Vitezslav Novy
MFC after:	1 day
 2005-09-19 18:43:11 +00:00
Ken Smith
a84020c2b9 Bump the shared library version number of all libraries that have not 
been bumped since RELENG_5.

Reviewed by:	ru
Approved by:	re (not needed for commit check but in principle...)
 2005-07-22 17:19:05 +00:00
Ken Smith
5adb21a681 Missed one piece of the cluster's quirk. Need to override WARNS because 
if _FREEFALL_CONFIG is set gcc bails since pam_sm_setcred() in pam_krb5.c
no longer uses any of its parameters.

Pointy hat:	kensmith
Approved by:	re (scottl)
 2005-07-08 14:53:45 +00:00
Ken Smith
2672e71736 This is sort of an MFS. Peter made these changes to the RELENG_* 
branches but missed HEAD.  This patch extends his a little bit,
setting it up via the Makefiles so that adding _FREEFALL_CONFIG
to /etc/make.conf is the only thing needed to cluster-ize things
(current setup also requires overriding CFLAGS).

From Peter's commit to the RELENG_* branches:
> Add the freebsd.org custer's source modifications under #ifdefs to aid
> keeping things in sync.  For ksu:
> * install suid-root by default
> * don't fall back to asking for a unix password (ie: be pure kerberos)
> * allow custom user instances for things like www and not just root

The Makefile tweaks will be MFC-ed, the rest is already done.

MFC after:      3 days
Approved by:    re (dwhite)
 2005-07-07 14:16:38 +00:00
Dag-Erling Smørgrav
d3cf5f1524 Use the correct login class when setting a new password. 
PR:		65557, 72949
Submitted by:	Stephen P. Cravey <clists@gotbrains.org>
Approved by:	re (scottl)
MFC after:	2 weeks
 2005-07-05 18:42:18 +00:00
Dag-Erling Smørgrav
0d13f5f0c6 Update for OpenPAM Figwort. 
Approved by:	re (kensmith)
 2005-06-17 08:14:42 +00:00
Ruslan Ermilov
f789cb8293 Assorted markup fixes. 
Approved by:	re
 2005-06-15 19:04:04 +00:00
Dag-Erling Smørgrav
30d0a60aed Don't use a cast as an lvalue. 
Add a redundant test to make it painfully obvious to the reader that this
code does not support IPv6.

Approved by:	re (dwhite)
MFC after:	1 week
 2005-06-13 21:18:52 +00:00
Dag-Erling Smørgrav
57341fbcf3 Use appropriate error codes for each facility instead of just PAM_AUTH_ERR. 
Noticed by:	pjd
 2005-06-10 06:16:13 +00:00
Dag-Erling Smørgrav
40e0db94af Revert the commits that made libssh an INTERNALLIB; they caused too much 
trouble, especially on amd64.

Requested by:	ru
 2005-06-07 09:31:28 +00:00
Dag-Erling Smørgrav
e4c2fedcc7 Fix libssh dependency. 2005-06-06 19:01:01 +00:00
Hajimu UMEMOTO
d928d41c84 NI_WITHSCOPEID cleanup 
Reviewed by:	des
 2005-05-13 20:51:09 +00:00
Ruslan Ermilov
0227791b40 Expand *n't contractions. 2005-02-13 22:25:33 +00:00
Dag-Erling Smørgrav
9d97c7ee0a In addition to the PAM environment, export a handful of useful PAM items. 
Suggested by:	Ed Maste <emaste@phaedrus.sandvine.ca>
 2005-02-01 10:37:07 +00:00
Dag-Erling Smørgrav
30984a1288 Add openpam_free_envlist(3). 2005-02-01 10:21:07 +00:00
Robert Watson
ed41980cbb When "no_ccache" is set as an argument to the pam_krb5 module, don't 
copy the acquired TGT from the in-memory cache to the on-disk cache
at login.  This was documented but un-implemented behavior.

MFC after:		1 week
PR:			bin/64464
Reported and tested by:	Eric van Gyzen <vangyzen at stat dot duke dot edu>
 2005-01-24 16:49:50 +00:00
Robert Watson
16417879f1 The final argument to verify_krb_v5_tgt() is the debug flag, not the 
ticket forwardable flag, so key generation of debugging output to
"debug" rather than "forwardable".

Update copyright.

MFC after:	3 days
 2005-01-23 15:57:07 +00:00
Ruslan Ermilov
3ac17feb8a Fixed xref. 2005-01-21 10:48:35 +00:00
Ruslan Ermilov
a216173556 NOCRYPT -> NO_CRYPT 2004-12-21 10:16:04 +00:00
Ruslan Ermilov
2c74b2cb07 NOINSTALLLIB -> NO_INSTALLLIB 2004-12-21 09:51:09 +00:00
Ruslan Ermilov
ab7a294721 NODOCCOMPRESS -> NO_DOCCOMPRESS 
NOINFO -> NO_INFO
NOINFOCOMPRESS -> NO_INFOCOMPRESS
NOLINT -> NO_LINT
NOPIC -> NO_PIC
NOPROFILE -> NO_PROFILE
 2004-12-21 09:33:47 +00:00
Bjoern A. Zeeb
6c58990d47 Add knob NO_NIS (fka NO_YP_LIBC) and make world compileable when set. 
If turned on  no NIS support and related programs will be built.

Lost parts rediscovered by:	Danny Braniss <danny at cs.huji.ac.il>
PR:		bin/68303
No objections:	des, gshapiro, nectar
Reviewed by:	ru
Approved by:	rwatson (mentor)
MFC after:	2 weeks
 2004-11-13 20:40:32 +00:00
Ruslan Ermilov
a35d88931c For variables that are only checked with defined(), don't provide 
any fake value.
 2004-10-24 15:33:08 +00:00
Colin Percival
d37df47d31 Join the 21st century: Cryptography is no longer an optional component 
of releases.  The -DNOCRYPT build option still exists for anyone who
really wants to build non-cryptographic binaries, but the "crypto"
release distribution is now part of "base", and anyone installing from a
release will get cryptographic binaries.

Approved by:	re (scottl), markm
Discussed on:	freebsd-current, in late April 2004
 2004-08-06 07:27:08 +00:00