freebsd-dev

Author	SHA1	Message	Date
David E. O'Brien	f01afd3101	Properly spell rpcsvc/ypclnt.h and fix the build.	2002-04-15 22:47:28 +00:00
Dag-Erling Smørgrav	4c8153125a	Throw in NO_WERROR to please the peanut gallery.	2002-04-15 13:10:28 +00:00
Dag-Erling Smørgrav	53fd6d26b2	Use PAM_SUCCESS instead of PAM_IGNORE.	2002-04-15 06:26:32 +00:00
Dag-Erling Smørgrav	ab4f115e57	Whitespace nits.	2002-04-15 03:52:22 +00:00
Dag-Erling Smørgrav	f71d08000d	Add a manual page based on Solar Designer's README. Sponsored by: DARPA, NAI Labs	2002-04-15 03:45:14 +00:00
Dag-Erling Smørgrav	a11a75ce7c	pam_passwdqc depends on libcrypt.	2002-04-15 03:44:42 +00:00
Dag-Erling Smørgrav	7b733689a3	Prompt for new password during update phase, not during preliminary phase. Sponsored by: DARPA, NAI Labs	2002-04-15 03:00:14 +00:00
Dag-Erling Smørgrav	ff1bc287ac	Dike out most of the NIS code and replace it with calls to libypclnt. Rework pam_sm_chauthtok() so it (mostly?) works. The standard pw stuff still needs to move into a library somewhere. Sponsored by: DARPA, NAI Labs	2002-04-15 02:34:43 +00:00
Dag-Erling Smørgrav	f2b9b94ab4	pam_passwdqc builds now.	2002-04-14 22:31:36 +00:00
Dag-Erling Smørgrav	81a587f467	More recent versions of pam_passwdqc (not yet released) build with very few warnings.	2002-04-14 18:48:57 +00:00
Dag-Erling Smørgrav	a358391f59	New files in OpenPAM Cineraria. Sponsored by: DARPA, NAI Labs	2002-04-14 18:30:27 +00:00
Dag-Erling Smørgrav	db4b82edde	Cosmetic nit.	2002-04-14 18:30:03 +00:00
Dag-Erling Smørgrav	b6bd548cdc	Cast a ptrdiff_t to int before using it as a printf field width.	2002-04-14 16:44:04 +00:00
Dag-Erling Smørgrav	2f6ee8eb7e	Change \|\| into && (braino in previous commit). Also append \n to the error message.	2002-04-13 06:14:30 +00:00
Dag-Erling Smørgrav	24fe7ba0d9	Major cleanup: - add __unused where appropriate - PAM_RETURN -> return since OpenPAM already logs the return value. - make PAM_LOG use openpam_log() - make PAM_VERBOSE_ERROR use openpam_get_option() and check flags for PAM_SILENT - remove dummy functions since OpenPAM handles missing service functions - fix various warnings Sponsored by: DARPA, NAI Labs	2002-04-12 22:27:25 +00:00
Dag-Erling Smørgrav	95ca4cb3f6	Add a pam_rhosts module, loosely based on code submitted by Danny Braniss. Submitted by: Danny Braniss <danny@cs.huji.ac.il> Sponsored by: DARPA, NAI Labs	2002-04-12 20:10:18 +00:00
Dag-Erling Smørgrav	fd994fa945	Rename the even_root option to allow_root. Sponsored by: DARPA, NAI Labs	2002-04-12 20:05:27 +00:00
Ruslan Ermilov	a60a1ea33b	Reimplement the hack to put pam_static.o into .depend with some magic.	2002-04-11 12:21:16 +00:00
Ruslan Ermilov	90a9863e16	Moved SHLIB_NAME definition into one place. Approved by: des	2002-04-10 18:07:05 +00:00
Ruslan Ermilov	196f4c26f4	Fixed broken "make depend; make clean; make all" sequence. I've looked for this example for a long time, to demonstrate some people why it's a really BAD idea to use ${.OBJDIR} instead of ".". I hope these people are reading this. :-) Approved by: des	2002-04-10 18:00:32 +00:00
Ruslan Ermilov	e348eb5318	Fix broken `checkdpadd'. -lroken is an installable library, there's no need to give an explicit path to it. In any case, -L paths should be specified in LDFLAGS if needed. Approved by: des	2002-04-10 17:53:43 +00:00
Ruslan Ermilov	f5ef4bac45	Don't override standard _EXTRADEPEND actions, add to them. Fix CLEANFILES. Collapse openpam_static_modules.o generation.	2002-04-10 17:46:59 +00:00
Dag-Erling Smørgrav	2270ac91b4	Remove debugging code that was inadvertantly brought in by previous commit.	2002-04-08 12:41:08 +00:00
Dag-Erling Smørgrav	eafd17c552	Use OpenPAM's credential switching functions. Sponsored by: DARPA, NAI Labs	2002-04-08 12:38:50 +00:00
Dag-Erling Smørgrav	f6363a1814	Add new files and man pages from OpenPAM Cinchona. Sponsored by: DARPA, NAI Labs	2002-04-08 12:34:53 +00:00
Dag-Erling Smørgrav	2bca1ead9a	Remove commented-out WARNS thingy.	2002-04-08 12:33:48 +00:00
Ruslan Ermilov	f2f306b622	Align for const poisoning in -lutil.	2002-04-08 11:07:51 +00:00
Dag-Erling Smørgrav	50000f00df	Reorganize pam_sm_authenticate() to reduce code duplication. Sponsored by: DARPA, NAI Labs	2002-04-07 21:18:18 +00:00
Dag-Erling Smørgrav	a8b1e59eb2	Fix bug in previous commit that passed the wrong default value to login_getcapstr(3). Also fix a longer-standing bug (login_close(3) frees the string returned by login_getcapstr(3)) by reorganizing the code a little, and use login_getpwclass(3) instead of login_getclass(3) if we already have a struct pwd. Sponsored by: DARPA, NAI Labs	2002-04-07 20:43:27 +00:00
Dag-Erling Smørgrav	9db21c5fd1	This one needs NO_WERROR too.	2002-04-07 12:53:58 +00:00
Dag-Erling Smørgrav	92c07aa880	Turn on NO_WERROR due to namespace pollution in krb5 headers.	2002-04-07 04:44:16 +00:00
Dag-Erling Smørgrav	111ccd256c	Aggressive cleanup of warnings + authtok-related code in preparation for PAMifying passwd(1). Sponsored by: DARPA, NAI Labs.	2002-04-06 19:30:04 +00:00
Dag-Erling Smørgrav	18006b1ab8	Disconnect pam_passwdqc for now, it has some issues that need resolving.	2002-04-06 19:25:36 +00:00
Dag-Erling Smørgrav	4004c08e79	Fix some style issues, a const warning, and abuse of PAM_ABORT. Sponsored by: DARPA, NAI Labs	2002-04-06 14:25:04 +00:00
Dag-Erling Smørgrav	40b93e6278	Remove some duplicate free()s and add some that were missing. Submitted by: tmm	2002-04-05 20:00:05 +00:00
Dag-Erling Smørgrav	f8334e0084	pam_get_pass() -> pam_get_authtok()	2002-04-05 10:49:45 +00:00
Dag-Erling Smørgrav	8f85b6caad	Upgrade to something quite close, but not identical, to version 1.6 of Andrew Korty's pam_ssh. The most notable difference is that this uses commas rather than colons to separate items in the "keyfiles" option. Sponsored by: DARPA, NAI Labs	2002-04-04 18:45:21 +00:00
Dag-Erling Smørgrav	2b814c7ea1	Add pam_passwdqc to the build. Sponsored by: DARPA, NAI Labs	2002-04-04 16:08:28 +00:00
Mark Murray	b51066a362	Fix for OPIE 2.4.	2002-03-22 09:20:05 +00:00
Ruslan Ermilov	7d1f1e9ca8	mdoc(7) police: fix SYNOPSIS, sort xrefs, kill extra whitespace.	2002-03-18 15:59:53 +00:00
Ruslan Ermilov	b6b2be6fbe	mdoc(7) police: nits.	2002-03-18 15:55:53 +00:00
Ruslan Ermilov	8ce6622380	mdoc(7) police: sort xrefs, kill extra whitespace.	2002-03-18 15:52:28 +00:00
Crist J. Clark	51906f452e	Fix world breakage introduced by my recent modifications to chpass(8). The relations between libc, libpam, chpass, passwd, and vipw are a mess and probably should be cleaned up. Submitted by: Peter Pentchev <roam@ringlet.net>	2002-03-18 12:55:28 +00:00
Ruslan Ermilov	a68af001da	mdoc(7) police: tiny fixes.	2002-03-15 18:09:32 +00:00
Ruslan Ermilov	3e5aa36e12	mdoc(7) police: expand contractions.	2002-03-15 18:06:25 +00:00
Dag-Erling Smørgrav	f03a4b810a	NAI DBA update.	2002-03-14 23:27:59 +00:00
Mark Murray	8c3ea588df	Remove the use of random(3), and encapsulate the salt-generation in its own function. The use of arc4random(3) is hopeless overkill here, but that does not hurt anything. Requested by: ache	2002-03-14 16:41:36 +00:00
Maxim Sobolev	f651c1533c	Don't ignore system CFLAGS.	2002-03-07 16:56:19 +00:00
Mark Murray	3556489a52	Fix build for OpenPAM. The directories needed tweeking.	2002-03-07 16:03:56 +00:00
Dag-Erling Smørgrav	38ca451d39	This file is not needed any more	2002-03-07 12:03:50 +00:00
Brian Feldman	30da7e6299	Now pam_alreadyloggedin lives in the ports.	2002-03-07 02:23:19 +00:00
Brian Feldman	c53dd30bb3	Add the pam_alreadyloggedin(8) module, which allows for authentication based on information that the user is already logged in. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs	2002-03-06 18:21:28 +00:00
Peter Pentchev	8a177c636f	Unbreak the pam_krb5 build: cast a couple of const pointers to normal char *. A better fix might be some const'ifying of the Heimdal code, but this will do to fix the build for the present. Approved by: des	2002-03-06 16:49:02 +00:00
Dag-Erling Smørgrav	e0dd4a7813	Add forgotten NOPROFILE that broke world.	2002-03-06 12:11:05 +00:00
Dag-Erling Smørgrav	519b6a4c8f	Switch to OpenPAM. Bump library version. Modules are now versioned, so applications linked with Linux-PAM will still work. Remove pam_get_pass(); OpenPAM has pam_get_authtok(). Remove pam_prompt(); OpenPAM has pam_{,v}{error,info,prompt}(). Remove pam_set_item(3) man page as OpenPAM has its own. Sponsored by: DARPA, NAI Labs	2002-03-05 21:56:25 +00:00
Dag-Erling Smørgrav	e3cd129613	Add missing dependency on libutil.	2002-03-05 12:52:03 +00:00
Maxim Sobolev	c80f5647cb	Create /var/log/lastlog if it doesn't exist. Submitted by: des	2002-02-20 07:47:06 +00:00
Dag-Erling Smørgrav	7f28386a26	This file needs <syslog.h>. Sponsored by: DARPA, NAI Labs	2002-02-09 14:12:09 +00:00
Ruslan Ermilov	e47a40e7f7	Now that cross-tools ld(1) has been fixed to look for dynamic dependencies in the correct place, record the fact that -lssh depends on -lcrypto and -lz. Removed false dependencies on -lz (except ssh(1) and sshd(8)). Removed false dependencies on -lcrypto and -lutil for scp(1). Reviewed by: markm	2002-02-08 13:42:58 +00:00
Mark Murray	30577d19fa	Remove NO_WERROR, now that WARNS=n is gone.	2002-02-06 18:46:48 +00:00
Mark Murray	427e2d5c02	Comment out the WARNS= so as to not trample all over the GCC3 work.	2002-02-06 18:14:59 +00:00
Dag-Erling Smørgrav	04f71c5352	Three times lucky: <stddef.h>, not <sys/param.h>	2002-02-05 08:01:32 +00:00
Dag-Erling Smørgrav	93cf4c1be3	Oops, the correct header to include for NULL is <sys/param.h>.	2002-02-05 07:53:00 +00:00
Dag-Erling Smørgrav	0ae5018b3e	#include <sys/types.h> for NULL (hidden by Linux-PAM header pollution) Sponsored by: DARPA, NAI Labs	2002-02-05 06:20:27 +00:00
Dag-Erling Smørgrav	8c66575de8	#include cleanup. Sponsored by: DARPA, NAI Labs	2002-02-05 06:08:26 +00:00
Mark Murray	34b28989d1	Explicitly declare (gcc internal) functions. Submitted by: ru	2002-02-04 17:59:25 +00:00
Dag-Erling Smørgrav	12b6e9a089	ssh_get_authentication_connection() gets its parameters from environment variables, so temporarily switch to the PAM environment before calling it. Submitted by: Takanori Saneto <sanewo@ba2.so-net.ne.jp>	2002-02-04 17:15:44 +00:00
Mark Murray	95641278ef	Protect "make buildworld" against -Werror, as this module does not build cleanly.	2002-02-04 16:09:25 +00:00
Mark Murray	21e5d74291	Add the other half of the salt-generating code. No functional difference except that the salt is slightly harder to build dictionaries against, and the code does not use srandom[dev]().	2002-02-04 00:28:54 +00:00
Mark Murray	63d770d8ea	Turn on fascist warning mode.	2002-02-03 15:51:52 +00:00
Mark Murray	ac5699692e	WARNS=n fixes (and some stylistic issues).	2002-02-03 15:17:57 +00:00
Dag-Erling Smørgrav	59057a6d6f	Remove an unnecessary #include that trips up OpenPAM. The header in question is an internal Linux-PAM header which shouldn't be used outside Linux-PAM itself, and has absolutely zero effect on pam_ftp. Sponsored by: DARPA, NAI Labs MFC after: 1 week	2002-02-02 17:51:39 +00:00
Dag-Erling Smørgrav	ab50ade43c	Post-repocopy cleanup. Sponsored by: DARPA, NAI Labs	2002-02-01 22:25:07 +00:00
Dag-Erling Smørgrav	2d0a7148b6	Connect the pam_lastlog(8) and pam_login_access(8) modules to the build. Sponsored by: DARPA, NAI Labs	2002-02-01 08:49:53 +00:00
Dag-Erling Smørgrav	c60ed00a43	Still with asbestos longjohns on, completely PAMify login(1) and remove code made redundant by various PAM modules (primarily pam_unix(8)). Sponsored by: DARPA, NAI Labs	2002-01-30 19:10:21 +00:00
Dag-Erling Smørgrav	e9cc7b1d92	With asbestos longjohns on, integrate most of the checks normally done by login(1) (password & account expiry, hosts.access etc.) into pam_unix(8). Sponsored by: DARPA, NAI Labs	2002-01-30 19:09:11 +00:00
Dag-Erling Smørgrav	a2d20838b0	Move the code from pam_sm_authenticate() to pam_sm_acct_mgmt(). Simplify it a little and try to make it more resilient to various possible failure conditions. Change the man page accordingly, and take advantage of this opportunity to simplify its language. Sponsored by: DARPA, NAI Labs	2002-01-30 19:03:16 +00:00
Mark Murray	c2065008b5	WARNS=4 fixes. Protect with NO_WERROR for the modules that have warnings that are hard to fix or that I've been asked to leave alone.	2002-01-24 18:37:17 +00:00
Dag-Erling Smørgrav	f748a713da	PAM modules shouldn't call putenv(); pam_putenv() is sufficient. The caller is supposed to check the PAM envlist and export the variables it contains; if it doesn't, it's broken. Sponsored by: DARPA, NAI Labs	2002-01-24 17:26:27 +00:00
Dag-Erling Smørgrav	9201dc40bf	Change the order in which pam_sm_open_session() updates the logs. This doesn't really make any difference, except it matches wtmp(5) better. Don't do anything in pam_sm_close_session(); init(8) will take care of utmp and wtmp when the tty is released. Clearing them here would make it possible to create a ghost session by logging in, running 'login -f $USER' and exiting the subshell. Sponsored by: DARPA, NAI Labs (but the bugs are all mine)	2002-01-24 17:15:04 +00:00
Dag-Erling Smørgrav	ca355e5451	Correctly interpret PAM_RHOST being unset as an indicator of a local login. Sponsored by: DARPA, NAI Labs	2002-01-24 16:18:43 +00:00
Dag-Erling Smørgrav	d233082fbe	Correctly interpret PAM_RHOST being unset as an indicator of a local login.	2002-01-24 16:16:01 +00:00
Dag-Erling Smørgrav	e4536f1138	Style nits. Sponsored by: DARPA, NAI Labs	2002-01-24 16:14:56 +00:00
Dag-Erling Smørgrav	f433d6afed	Document the even_root option. Sponsored by: DARPA, NAI Labs	2002-01-24 13:35:06 +00:00
Dag-Erling Smørgrav	76f95f4dc2	Don't let root through unless the "even_root" option was specified. Sponsored by: DARPA, NAI Labs	2002-01-24 12:47:42 +00:00
Dag-Erling Smørgrav	16e058b5d6	Add a PAM module that records sessions in utmp/wtmp/lastlog. Sponsored by: DARPA, NAI Labs	2002-01-24 09:45:17 +00:00
Dag-Erling Smørgrav	c2d5249eaf	Fix some pastos. Rather shoddy of me... Sponsored by: DARPA, NAI Labs	2002-01-24 09:44:22 +00:00
Dag-Erling Smørgrav	53f3167d07	Add a PAM module that provides an account management component for checking either PAM_RHOST or PAM_TTY against /etc/login.access.o This uncovers a problem with PAM_RHOST, in that if we always set it, there is no way to distinguish between a user logging in locally and a user logging in using 'ssh localhost'. This will be fixed by first making sure that all PAM modules can handle PAM_RHOST being unset (which is currently not the case), and then modifying su(1) and login(1) to not set it for local logins. Sponsored by: DARPA, NAI Labs	2002-01-23 17:42:16 +00:00
Dag-Erling Smørgrav	774a10071d	Add an AUTHORS section crediting ThinkSec, DARPA and NAI Labs. Sponsored by: DARPA, NAI Labs	2002-01-23 17:16:00 +00:00
Ruslan Ermilov	0509dca0c3	Add pam_ssh support to the static PAM library, libpam.a: - Spam /usr/lib some more by making libssh a standard library. - Tweak ${LIBPAM} and ${MINUSLPAM}. - Garbage collect unused libssh_pic.a. - Add fake -lz dependency to secure/ makefiles needed for dynamic linkage with -lssh. Reviewed by: des, markm Approved by: markm	2002-01-23 15:54:17 +00:00
Dag-Erling Smørgrav	b6b756b58b	Base the comparison on UIDs, not on user names. Sponsored by: DARPA, NAI Labs	2002-01-23 15:16:01 +00:00
Ruslan Ermilov	fd4ca9e02d	Make libssh.so useable (undefined reference to IPv4or6). Reviewed by: des, markm Approved by: markm	2002-01-23 15:06:47 +00:00
Dag-Erling Smørgrav	1e22a4f048	Link pam_opieaccess, pam_self and pam_ssh into the static library. Sponsored by: DARPA, NAI Labs	2002-01-21 20:43:01 +00:00
Dag-Erling Smørgrav	b0aa095ad0	On second thought, getpwnam() failure should be treated just as if the user existed, but had no OPIE key, i.e. PAM_IGNORE. Pointed out by: ache Sponsored by: DARPA, NAI Labs	2002-01-21 19:05:45 +00:00
Dag-Erling Smørgrav	b4b56d051a	Return PAM_SERVICE_ERR rather than PAM_USER_UNKNOWN if getpwnam() fails, as PAM_USER_UNKNOWN will break the chain, revealing to an attacker that the user does not exist. Sponsored by: DARPA, NAI Labs	2002-01-21 18:53:03 +00:00
Dag-Erling Smørgrav	03adba96a0	Further changes to allow enabling pam_opie(8) by default: - Ignore the {try,use}_first_pass options by clearing PAM_AUTHTOK before challenging the user. These options are meaningless for pam_opie(8) since the user can't possibly know the right response before she sees the challenge. - Introduce the no_fake_prompts option. If this option is set, pam_opie(8) will fail - rather than present a bogus challenge - if the target user does not have an OPIE key. With this option, users who haven't set up OPIE won't have to wonder what that "weird otp-md5 s**t" means :) Reviewed by: ache, markm Sponsored by: DARPA, NAI Labs	2002-01-21 18:46:25 +00:00
Dag-Erling Smørgrav	f460490260	Add a new module, pam_opieaccess(8), which is responsible for checking /etc/opieaccess and ~/.opiealways so we can decide what to do after pam_opie(8) fails. Sponsored by: DARPA, NAI Labs Reviewed by: ache, markm	2002-01-21 13:43:53 +00:00
Andrey A. Chernov	186caeedcb	snprintf bloat -> strlcpy Add getpwnam return check Approved by: des, markm	2002-01-20 20:56:47 +00:00
Andrey A. Chernov	0b836dfaf1	Back out recent changes	2002-01-19 18:03:11 +00:00
Andrey A. Chernov	6874115893	If user not exist in OPIE system, return failure immediately instead of producing fake prompts with random numbers which can be detected by potential intruder in two tries and totally confuse non-OPIE users.	2002-01-19 10:09:05 +00:00
Andrey A. Chernov	3195cd6712	Back out second right-now-expired password check in pam_sm_chauthtok, old expired password assumed there	2002-01-19 09:23:36 +00:00
Andrey A. Chernov	012400dfcd	Previous commit was incomplete, use new error code PAM_CRED_ERR to indicate die case, different from PAM_SUCCESS and PAM_AUTH_ERR	2002-01-19 08:36:47 +00:00
Andrey A. Chernov	d97cc81fa4	Rewrite 'pwok' fallback in the way it can be properly chained with pam_unix Replace snprintf %s with strlcpy Check for NULL returned from getpwnam()	2002-01-19 07:23:48 +00:00
Andrey A. Chernov	c8e3fac7a1	Add yet one expired-right-now password check, in pam_sm_chauthtok srandomdev() can't be used in libraries, replace srandomdev()+random() by arc4random()	2002-01-19 04:58:51 +00:00
Andrey A. Chernov	8c70adab72	Set pwok to 1 for non-OPIE users	2002-01-19 03:31:39 +00:00
Andrey A. Chernov	d54c36388e	Add missing check for right-now-expired password	2002-01-19 02:45:24 +00:00
Andrey A. Chernov	3f9a326a7a	Implement 'pwok', i.e. conditional fallback to unix password as supposed by opieaccessfile() and opiealways()	2002-01-19 02:38:43 +00:00
Bruce Evans	b2035c2b74	Fixed a missing "const".	2001-12-28 20:59:44 +00:00
Ruslan Ermilov	7f432ff831	mdoc(7) police: bump document date.	2001-12-14 13:49:28 +00:00
David Malone	9f5b04e925	Style improvements recommended by Bruce as a follow up to some of the recent WARNS commits. The idea is: 1) FreeBSD id tags should follow vendor tags. 2) Vendor tags should not be compiled (though copyrights probably should). 3) There should be no blank line between including cdefs and __FBSDIF.	2001-12-10 21:13:08 +00:00
Dag-Erling Smørgrav	18a85de04b	Back out previous commit. Requested by: ru	2001-12-09 15:11:55 +00:00
Ruslan Ermilov	945b9f4de9	mdoc(7) police: sort xrefs.	2001-12-08 16:28:20 +00:00
Dag-Erling Smørgrav	bdd601a1e3	Get pam_mod_misc.h from .CURDIR rather than .OBJDIR or /usr/include. Sponsored by: DARPA, NAI Labs	2001-12-07 11:51:47 +00:00
Dag-Erling Smørgrav	47c8f6faec	Now that _pam_init_handlers() works as intended, it seems clear that we do not actually want to define PAM_READ_BOTH_CONFS, so back out previous commit. Sponsored by: DARPA, NAI Labs	2001-12-07 00:38:37 +00:00
Dag-Erling Smørgrav	a45af0e2b0	We need pam_client.h from libpamc. This unbreaks world Pointed out by: jhay Pointy hat to: des	2001-12-06 12:35:18 +00:00
Dag-Erling Smørgrav	87316434d1	Define PAM_READ_BOTH_CONFS. We can now have both /etc/pam.d and /etc/pam.conf. Sponsored by: DARPA, NAI Labs	2001-12-05 17:06:16 +00:00
Dag-Erling Smørgrav	bda74fe925	Install the correct version of pam_misc.h. Sponsored by: DARPA, NAI Labs	2001-12-05 16:27:41 +00:00
Dag-Erling Smørgrav	8d3978c115	Add dummy functions for all module types. These dummies return PAM_IGNORE rather than PAM_SUCCESS, so you'll get a failure if you list dummies but no real modules for a particular module chain. Sponsored by: DARPA, NAI Labs	2001-12-05 16:06:35 +00:00
Dag-Erling Smørgrav	d5a8dd3fb5	Connect the man page to the build. Sponsored by: DARPA, NAI Labs	2001-12-05 16:02:50 +00:00
Dag-Erling Smørgrav	e2c8459e85	Add a pam_self authentication module that succeeds if and only if the local and remote user names are the same. Sponsored by: DARPA, NAI Labs	2001-12-05 15:55:14 +00:00
Mark Murray	1a8b24c257	Use __FBSDID(). Also do a bit of cosmetic #if and header-order cleaning-up.	2001-12-02 20:54:57 +00:00
Mark Murray	d2f6cd8fd5	Style fixups. Sort function declarations, includes. Make consistent WRT use of _P() macro (ugh!) Inspired by: bde	2001-12-01 21:12:04 +00:00
Mark Murray	e317b97026	WARNS=2 fixes. Reviewed by: bde (a while back)	2001-12-01 17:46:46 +00:00
Brian Feldman	7d8cee925b	Fix pam_ssh by adding an IPv4or6 (evidently, this was broken by my last OpenSSH import) declaration and strdup(3)ing a value which is later free(3)d, rather than letting the system try to free it invalidly.	2001-11-29 21:16:11 +00:00
Dag-Erling Smørgrav	ca7e26e312	Mdoc police. Submitted by: ru	2001-11-28 10:07:21 +00:00
Ruslan Ermilov	60c6736148	mdoc(7) police: fix one pam_unix(8) left-over, sort xrefs.	2001-11-28 09:25:03 +00:00
Dag-Erling Smørgrav	6a13dede6c	Add a pam_set_item(3) man page with an MLINK to pam_get_item(3). PR: docs/32294 Sponsored by: DARPA, NAI Labs MFC after: 3 days	2001-11-27 15:36:35 +00:00
Dag-Erling Smørgrav	b4a475937b	Create a pam_ssh(8) man page, based on a repo-copy of pam_unix(8). License modified with original author's permission. Sponsored by: DARPA, NAI Labs	2001-11-27 00:57:50 +00:00
Dag-Erling Smørgrav	d65e5dfa59	Document the local_pass and nis_pass options, add a few xrefs, and reorder the SEE ALSO section. License modified with original author's permission. Sponsored by: DARPA, NAI Labs	2001-11-27 00:53:10 +00:00
Dima Dorfman	a48060a2f7	Spelling police: sucessful -> successful.	2001-11-24 23:41:32 +00:00
Maxim Sobolev	bc3a4bf55d	Don't put an extra space after password prompts, because it violates POLA, makes FreeBSD inconsistent with previous releases and "other unices" as well as with some internal password-asking services (e.g. ftp) within the same release.	2001-10-25 15:51:50 +00:00
Mark Murray	ce1e0bbc8f	Add library exposed by KDE's use if this module.	2001-10-18 20:05:20 +00:00
Matthew Dillon	ceaf33f537	Add __FBSDID()s to libpam	2001-09-30 22:11:06 +00:00
Mark Murray	6e925e8fc7	1) repair the return value in the PAM_RETURN() macro (Side effects!!). 2) canonicalise the options use in pam_options(). Submitted by: Gunnar Kreitz <gunnark@chello.se> PR: 30250	2001-09-04 17:05:08 +00:00
Mark Murray	a41ad3fca9	Introduce a "noroot_ok" option to make this module ignore authentications to a non-superuser if required.	2001-08-26 18:09:00 +00:00
Mark Murray	f96b705fa7	Introduce better logging, error reporting and use of login_cap data.	2001-08-26 18:05:35 +00:00
Mark Murray	76f4a6fd79	Add extra logging detail. This needs a more general solution.	2001-08-26 17:57:44 +00:00
Mark Murray	3d55a6c083	Big module makeover; improve logging, standardise variable names, introduce ability to change passwords for both "usual" Unix methods and NIS.	2001-08-26 17:41:13 +00:00
Mark Murray	47965f01dd	Add 'try_mapped_pass' standard option. Asked for by: lukeh@PADL.COM	2001-08-20 12:43:19 +00:00
Mark Murray	ca0bdcdd29	Document the no_warn option.	2001-08-15 20:05:33 +00:00
Mark Murray	b5507a38bc	Fix a couple of cross-references to reflect the reality of the module.	2001-08-15 20:03:26 +00:00
Mark Murray	537db85291	Fix: /usr/src/lib/libpam/modules/pam_ssh/pam_ssh.c has couple of bugs which cause: 1) xdm dumps core 2) ssh1 private key is not passed to ssh-agent 3) ssh2 RSA key seems not handled properly (just a guess from source) 4) ssh_get_authentication_connectionen() fails to get connection because of SSH_AUTH_SOCK not defined. PR: 29609 Submitted by: Takanori Saneto <sanewo@ba2.so-net.ne.jp>	2001-08-11 12:37:55 +00:00
Mark Murray	3938427761	Clean up this module very extensively. Fix the logging, the coding standards and the option handling. This module is now much more easy to maintain as a part of the FreeBSD tree.	2001-08-10 19:24:34 +00:00
Mark Murray	530ebf8e0a	Code clean up; make logging same as other modules and fix warnings.	2001-08-10 19:21:45 +00:00
Mark Murray	34beb374a2	General code clean-up. Sort out warnings, and make the warning and logging work the same as other modules.	2001-08-10 19:18:52 +00:00
Mark Murray	0fa107a3cb	Simplify code. Also verbose logging, verbose overridable error reporting.	2001-08-10 19:15:48 +00:00
Mark Murray	65550d9b5a	Verbose logging, overridable verbose error reporting.	2001-08-10 19:12:59 +00:00
Mark Murray	b04259a5cf	Module clean-up. Verbose logging, Overridable verbose error reporting, FreeBSD pam_prompt() usage to simplify conversation function usage.	2001-08-10 19:10:43 +00:00
Mark Murray	2108fbd748	Verbosely (overridable) report failure to the user.	2001-08-10 19:07:45 +00:00
Mark Murray	ceca323626	Use the FreeBSD pam_prompt() interface to the conversation function instead of home-rolling it. Clean up debugging code and tidy the module.	2001-08-10 19:05:57 +00:00
Mark Murray	3a9cdcb91f	Verbosely report errors to the user (overridable), and make sure that the correct failure mode is reported.	2001-08-10 19:02:21 +00:00
Mark Murray	27b9f9d4a3	Fix broken logic so that this actually works for the superuser. Verbosely log (properly). Verbosely report errors to the user.	2001-08-10 14:21:58 +00:00
Mark Murray	cfa285d9e4	Rework this to prevent a nasty problem involving different modules' option interacting with each other.	2001-08-10 14:16:47 +00:00
Mark Murray	0b2e8123ef	Declare the new user-error reporting macro. This is a macro to allow use of the __FILE__ and __FUNCTION__ macros.	2001-08-10 14:15:00 +00:00
Mark Murray	a56dfc9b23	Add a routine for providing feedback via the conversation mechanism (usually to stderr) for user-reportable errors.	2001-08-10 14:13:16 +00:00
Mark Murray	13cde2748e	Fix style/consistency in Makefile and repair static module building. Submitted by: bde(partially)	2001-08-04 21:51:14 +00:00
Mark Murray	d5e53157cf	Don't clobber CFLAGS Submitted by: bde	2001-08-04 21:49:30 +00:00
Mark Murray	4447e914e8	Fix the bug where this modulke was not checking the priamry GID, only the GIDS in /etc/group or NIS's group map. Tested by: sheldonh PR: 29349	2001-08-04 09:19:31 +00:00
Mark Murray	f950650b78	With the S/KEY removal, this is no longer buildable or necessary.	2001-08-02 19:04:20 +00:00
Mark Murray	c52468e7ef	Don't try to make pam_ssh module if NO_OPENSSH is set.	2001-08-02 19:01:02 +00:00
Mark Murray	f5974d336f	Repair the get/set UID() stuff so this works in both su(1) and login(1) modes.	2001-08-02 10:35:41 +00:00
Mark Murray	af1852503e	Making this major bump was a BAD idea. The API change is internal (to PAM) and it caused problems without solving any.	2001-07-30 09:56:38 +00:00
Mark Murray	7b22794017	(Re)Add an SSH module for PAM, heavily based on Andrew Korty's module from ports.	2001-07-29 18:31:09 +00:00
Ruslan Ermilov	0fa68d89e8	mdoc(7) police: widen width of the options list.	2001-07-18 14:49:32 +00:00
Mark Murray	0eb9c7b357	Update to the same level of debug-logging as the rest of the FreeBSD/PAM modules.	2001-07-17 07:36:51 +00:00
Mark Murray	3741d46458	Update to the same code as in the pam_krb5.so port. According to Peter, the port works - this needs more testing.	2001-07-17 07:34:36 +00:00
Dima Dorfman	f247324df7	Remove whitespace at EOL.	2001-07-15 08:06:20 +00:00
Mark Murray	f042a54245	Use a better method of getting user credentials to account for (legal) UID duplication. Rename use_uid to auth_as_self for consistency with other modules.	2001-07-14 08:42:39 +00:00
Mark Murray	6fd676c982	Use a better method to get user credentials to account for (legal) duplications of UID's in /etc/*passwd.	2001-07-14 08:38:24 +00:00
Ruslan Ermilov	e8b02a428d	mdoc(7) police: -xwidth has been fold into -width.	2001-07-13 09:09:52 +00:00
Ruslan Ermilov	08ecaa10b2	mdoc(7) police: fixed markup, a little bit.	2001-07-11 08:36:26 +00:00
Ruslan Ermilov	63b81b76ca	mdoc(7) police: fixed markup any numerous typos.	2001-07-11 08:35:34 +00:00
Mark Murray	84f39079c5	Fix a horrible bug introduced by myself where the options collection keeps on growing as the module stack is parsed.	2001-07-10 16:59:30 +00:00
Ruslan Ermilov	625003720a	mdoc(7) police: removed HISTORY info from the .Os call.	2001-07-10 14:16:33 +00:00
Ruslan Ermilov	a307d59838	mdoc(7) police: removed HISTORY info from the .Os call.	2001-07-10 13:41:46 +00:00
Mark Murray	1642eb1a52	Clean up (and in some cases write) the PAM mudules, using o The new options-processing API o The new DEBUG-logging API Add man(1) pages for ALL modules. MDOC-Police welcome to check this. Audit, clean up while I'm here.	2001-07-09 18:20:51 +00:00
Mark Murray	5d87b61e6f	Bump the major number. The libraries API has changed incompatibly.	2001-07-09 18:16:33 +00:00
Mark Murray	c3a080c527	Almost completely rewrite the PAM module options processing routines, and provide a more extended API for doing this. Provide an API for debug logging. Audit and clean up the code.	2001-07-09 18:14:43 +00:00
Ruslan Ermilov	5521ff5a4d	mdoc(7) police: sort SEE ALSO xrefs (sort -b -f +2 -3 +1 -2).	2001-07-06 16:46:48 +00:00
Ruslan Ermilov	88de1238eb	mdoc(7) police: fixed formatting.	2001-07-06 07:29:59 +00:00
Peter Wemm	d6be5f6435	Fix libpam's linker set stuff to use the new API (unbreak world), and get rid of gensetdefs from here as well.	2001-06-14 01:13:30 +00:00
Chris Costello	8b136a6dde	Convert to mdoc(7).	2001-06-13 21:52:07 +00:00
Mark Murray	084a46829b	Big module cleanup. Move common stuff into Makefile.inc, and tidy up all the Makefiles as a result. Build new modules. Put a commented-out dependancy on libpam for the (shared) modules. I can't bring this in just yet, as the dependancy (modules->libpam) is reversed for the static case (libpam->modules).	2001-06-04 19:47:56 +00:00
Mark Murray	bc0105f860	Null file to bring back a file from the dead. This allows the real commit to happen remotely. Damn CVS bugs :-(	2001-06-04 19:25:41 +00:00
Mark Murray	46efbac2ed	Add the "nullok" option that causes this module to succeed if the Unix password is empty/null.	2001-06-04 19:16:57 +00:00
Mark Murray	35a2fbdee0	Tidy up the options list (and make it more extendable), and add some extra "standard" options.	2001-06-04 19:12:08 +00:00
Mark Murray	397fa72521	Add some new utility authenticators. pam_securetty silently succeeds if the user is on a secure tty as defined by /etc/ttys. pam_ftp does "anonymous ftp" style authentication with options for specifying the anonymous user(s).	2001-06-04 18:44:47 +00:00
Mark Murray	4448b21cc6	Add the "auth_as_self" option to the pam_unix module (there is no reason not to add it to others later). This causes the pam_unix module to check the user's _own_ password, not the password of the account that the user is authenticating into. This will allow eg: WHEELSU type behaviour from su(1).	2001-05-24 18:35:52 +00:00
Mark Murray	84d6cd8ea1	Bring in a few useful PAM modules. pam_krb5 is a Kerberos 5 (Heimdal) authentication module. pam_nologin checks for /etc/nologin and does the "usual stuff" if it is found, otherwise it silently succeeds. pam_rootok silently succeeds if the user is root, otherwise it fails. pam_wheel silently succeeds if the user is a member of group "wheel" (or another nominated group), and fails otherwise. There is an issue with kerberosIV and kerberos5 - if both are being built, then static linking fails with duplicate symbols. This will take a bit of work to sort out in the kerberii.	2001-05-14 11:23:58 +00:00
Brian Feldman	d67ad957e9	Finish disconnecting pam_ssh from the build.	2001-05-04 20:40:53 +00:00
Brian Feldman	253fb6ea3a	I've been meaning to take pam_ssh out of the base system for a while now. Finally do it.	2001-05-04 03:53:48 +00:00
Mark Murray	556a280696	Update for (Linux-)PAM 0.75	2001-05-03 10:55:48 +00:00
Ruslan Ermilov	5f95f24bf4	mdoc(7) police: uppercase document title.	2001-04-18 08:25:26 +00:00
Ruslan Ermilov	4a558355e5	MAN[1-9] -> MAN.	2001-03-27 17:27:19 +00:00
John Baldwin	12e275aaee	Use a unified libgcc rather than a seperate one for threaded and non-threaded programs. This provides threaded programs with the needed exception frame symbols. parts submitted by: Max Khon <fjoe@iclub.nsu.ru> PR: 23252	2001-01-06 18:59:46 +00:00
David E. O'Brien	3f6014e672	Use a unified libgcc rather than a seperate one for threaded and non-threaded programs. This provides threaded programs with the needed exception frame symbols. parts submitted by: Max Khon <fjoe@iclub.nsu.ru> PR: 23252	2001-01-06 06:16:31 +00:00
Ruslan Ermilov	4263595653	Prepare for mdoc(7)NG.	2000-12-29 14:08:20 +00:00
Ruslan Ermilov	ed40311694	mdoc(7) police: removed history info from the .Os FreeBSD call.	2000-12-14 11:52:05 +00:00
Brian Feldman	386879a128	Forgot to remove the old line in the last commit.	2000-12-05 02:41:01 +00:00
Brian Feldman	ee510eab3f	In env_destroy(), it is a bad idea to env_swap(self, 0) to switch back to the original environ unconditionally. The setting of the variable to save the previous environ is conditional; it happens when ENV.e_committed is set. Therefore, don't try to swap the env back unless the previous env has been initialized. PR: bin/22670 Submitted by: Takanori Saneto <sanewo@ba2.so-net.ne.jp>	2000-11-25 02:00:35 +00:00

... 2 3 4 5 6 ...

402 Commits