Commit Graph

312 Commits

Author SHA1 Message Date
Ruslan Ermilov
839693c44f Deal with unsafe tab characters. 2004-07-02 19:55:26 +00:00
Ruslan Ermilov
862b46f607 Markup, grammar, punctuation. 2004-07-01 18:20:57 +00:00
Alexander Kabaev
2758535974 Revert the last change. There are more 64bit platforms than amd64, and
they break due to diferent alignment restrictions.
2004-06-25 12:32:45 +00:00
Alexander Kabaev
0cb04d0b33 Remove the use of cast as lvalue. 2004-06-25 01:54:26 +00:00
Mark Murray
16fc3635f7 Make NULL a (void*)0 whereever possible, and fix the warnings(-Werror)
that this provokes. "Wherever possible" means "In the kernel OR NOT
C++" (implying C).

There are places where (void *) pointers are not valid, such as for
function pointers, but in the special case of (void *)0, agreement
settles on it being OK.

Most of the fixes were NULL where an integer zero was needed; many
of the fixes were NULL where ascii <nul> ('\0') was needed, and a
few were just "other".

Tested on: i386 sparc64
2004-03-05 08:10:19 +00:00
Colin Percival
d623b765cf style cleanup: Remove duplicate $FreeBSD$ tags.
These files had tags after the copyright notice,
inside the comment block (incorrect, removed),
and outside the comment block (correct).

Approved by:	rwatson (mentor)
2004-02-10 20:42:33 +00:00
Dag-Erling Smørgrav
af9b407414 Fix numerous constness and aliasing issues. 2004-02-10 10:13:21 +00:00
Ruslan Ermilov
751378136d Put libraries in the link order.
Reported by:	lorder(1) (modified to work with libraries)
2004-02-04 10:23:09 +00:00
Ruslan Ermilov
1e73d261f5 This module doesn't use libgssapi (and it looks never did). 2004-02-04 09:41:47 +00:00
Dag-Erling Smørgrav
3a59e89e73 Implement pam_sm_close_session().
PR:		bin/61657
Submitted by:	Joe R. Doupnik <jrd@cc.usu.edu>
2004-01-26 19:28:37 +00:00
Ruslan Ermilov
bb96dfc53a Deal better with the crypto version of the PAM library that goes
on the release media -- only put what is different in the crypto
version compared to the base version.  This reduces PAM entries
in /usr/lib in the "crypto" distribution to:

	libpam.a
	libpam.so@
	libpam.so.2
	pam_krb5.so@
	pam_krb5.so.2
	pam_ksu.so@
	pam_ksu.so.2
	pam_ssh.so@
	pam_ssh.so.2

The libpam.so* is still redundant (it is identical to the "base"
version), but we can't set DISTRIBUTION differently for libpam.a
and libpam.so.

(The removal of libpam.so* from the crypto distribution could be
addressed by the release/scripts/crypto-make.sh script, but then
we'd also need to remove redundant PAM headers, and I'm not sure
this is worth a hassle.)
2004-01-18 14:58:07 +00:00
Jens Schweikhardt
898fc4a340 Remove crossref to pam.conf(5) which never existed. 2004-01-17 09:46:49 +00:00
Dag-Erling Smørgrav
33b7c0d94c Fix a strict aliasing issue. Also remove an unnecessary pam_get_item()
call (pam_get_authtok() will return the previous token if try_first_pass
or use_first_pass is specified).  Incidentally fix an ugly bug where the
buffer holding the prompt was freed immediately before use, instead of
after.
2003-12-11 15:51:03 +00:00
Dag-Erling Smørgrav
4911b12cba More strict aliasing fixes.
Submitted by:	Andreas Hauser <andy-freebsd@splashground.de>
2003-12-11 15:48:09 +00:00
Dag-Erling Smørgrav
91e938693e Fix strict aliasing breakage in PAM modules (except pam_krb5, which needs
more work than the others).  This should make most modules build with -O2.
2003-12-11 13:55:16 +00:00
Maxim Sobolev
cd28f89c12 Fix on sparc64.
Reported by:	rwatson/tinderbox
MFC after:	2 weeks
2003-11-12 23:36:17 +00:00
Maxim Sobolev
f142677b46 Add a new configuration variable - nas_ipaddr, which if set allows to
set NAS-IP-Address attribute in requests generated by the pam_radius
module. This attribute is mandatory for some Radius servers out there.

Reviewed by:	des
MFC after:	2 weeks
2003-11-12 17:47:23 +00:00
Ken Smith
921e5ca770 - fix to UID test description, non-zero -> zero
PR:		docs/57799
Reviewed by:	des
Approved by:	blackend (mentor)
2003-10-17 17:03:38 +00:00
Dag-Erling Smørgrav
24db258f35 Ignore ECHILD from waitpid(2) (our child may have been reaped by the
calling process's SIGCHLD handler)

PR:		bin/45669
2003-09-19 11:33:03 +00:00
Dag-Erling Smørgrav
3a256117dc Revert previous commit after fixing libpam. 2003-07-21 19:56:28 +00:00
Dag-Erling Smørgrav
015d0cd6e2 Add a __DECONST() to unbreak the build. 2003-07-15 14:36:36 +00:00
Martin Blapp
dd01398df6 Fix the master yppasswd routines, so they really work
for root on ypmaster. yppasswd_local() did use YPPASSWDPROG
instead of MASTER_YPPASSWDPROG, and the domain was not set,
resulting in a coredump during xdr-encode.

Reviewed by:	des
2003-06-15 10:37:22 +00:00
Dag-Erling Smørgrav
008c1ace7b Retire pam_wheel(8) (which has been disconnected for quite a while) and
pam_ftp(8).
2003-06-01 11:50:35 +00:00
Dag-Erling Smørgrav
4d6991c692 Update copyright dates. 2003-05-31 17:19:03 +00:00
Dag-Erling Smørgrav
545aa47101 Remove all instances of pam_std_option() 2003-05-31 16:55:07 +00:00
Dag-Erling Smørgrav
d462d3923b Introduce pam_guest(8) which will replace pam_ftp(8). 2003-05-31 16:52:58 +00:00
Ruslan Ermilov
734ac3b543 mdoc(7) fixes.
Approved by:	re (blanket)
2003-05-24 19:53:08 +00:00
Dag-Erling Smørgrav
7691f66abf Retire the useless NOSECURE knob.
Approved by:	re (scottl)
2003-05-19 15:52:01 +00:00
Mark Murray
dbf104e68d Turn MAKE_KERBEROS5 into NO_KERBEROS by negating the logic. Some extra
cleanups were necessary in release/Makefile, and the tinderbox code
was syntax checked, not run checked.
2003-05-05 07:58:44 +00:00
Dag-Erling Smørgrav
8f3031025b Make sure rhostip is always initialized.
PR:		bin/51508
Submitted by:	Peter Grimshaw <peter@tesseract.demon.co.uk>
2003-04-30 00:49:42 +00:00
Dag-Erling Smørgrav
ccd703cfe4 Treat an empty PAM_RHOST the same as a NULL one.
PR:		bin/51508
2003-04-30 00:44:05 +00:00
Dag-Erling Smørgrav
3edc7b4e0b Set $HOME to the correct directory (within the chroot tree). 2003-04-30 00:40:24 +00:00
Dag-Erling Smørgrav
be01d58da1 Remove a bogus null password check which assumed that a user with an empty
password must necessarily have an empty pwd->pw_passwd.  Also add a check
that prevents users from setting a blank password unless the nullok option
was specified.  Root is still allowed to give anyone a blank password.
2003-04-24 12:26:25 +00:00
Dag-Erling Smørgrav
a8643c9882 Connect the pam_chroot(8) module to the build. 2003-04-08 16:52:34 +00:00
Dag-Erling Smørgrav
d4e15f10b1 Add a cwd option which specifies where to chdir(2) after the chroot(2).
When using the /home/./foo scheme, this defaults to the rhs (/foo);
otherwise it defaults to /.
2003-04-08 16:52:18 +00:00
Dag-Erling Smørgrav
eac956b2d1 Experimental pam_chroot module (not connected to the build) 2003-03-30 22:58:23 +00:00
Dag-Erling Smørgrav
f5bbe11124 This module is not WARNS-clean, due to brokenness in OpenSSL headers. 2003-03-10 09:19:08 +00:00
Dag-Erling Smørgrav
16bb3109e3 Somewhat better wording. 2003-03-10 09:15:26 +00:00
Dag-Erling Smørgrav
02a19b0184 Silence warning caused by OPIE brokenness. 2003-03-10 09:15:08 +00:00
David E. O'Brien
7f03a257ac style.Makefile(5) police
(I've tried to keep to the spirit of the original formatting)

Reviewed by:	des
2003-03-09 20:06:38 +00:00
Mark Murray
5d658b151b KerberosIV de-orbit burn continues. Remove the KerberosIV PAM module. 2003-03-08 10:33:20 +00:00
Mark Murray
b4240e6ce9 Comment-only assistance to lint to kill warnings. 2003-03-08 10:30:49 +00:00
Ruslan Ermilov
66abb7a636 mdoc(7) police: Nits. 2003-03-03 11:45:18 +00:00
Ruslan Ermilov
522ccf3f35 mdoc(7) police: markup laundry. 2003-02-23 01:47:49 +00:00
Dag-Erling Smørgrav
859ac7c46f Add an "allow_local" option which forces historical behaviour. 2003-02-16 13:01:03 +00:00
Dag-Erling Smørgrav
b645332a81 Assume "localhost" if no remote host was specified. This is safe from a
POLA point of view since the stock /etc/opieaccess now allows localhost.
2003-02-15 23:26:49 +00:00
Dag-Erling Smørgrav
48c12730cd Use pam_get_user(3) instead of pam_get_item(3) where appropriate. 2003-02-10 18:59:20 +00:00
Dag-Erling Smørgrav
d902781908 Complete rewrite of pam_ssh(8). The previous version was becoming hard
to maintain, and had security issues which would have required a major
rewrite to address anyway.

This implementation currently starts a separate agent for each session
instead of connecting each new session to the agent started by the first
one.  While this would be a Good Thing (and the old pam_ssh(8) tried to
do it), it's hard to get right.  I'll revisit this issue when I've had a
chance to test some modifications to ssh-agent(1).
2003-02-09 21:20:44 +00:00
Dag-Erling Smørgrav
687200d002 Maybe I was a little too fast? Remove debugging code, and commit the
Makefile and man page which I'd forgotten to 'cvs add'.

Sponsored by:	DARPA, NAI Labs
2003-02-06 14:27:48 +00:00
Dag-Erling Smørgrav
7cde604ebd Replace pam_wheel(8) with pam_group(8) which has a cleaner interface. The
pam_wheel(8) module was written to work in spite of a broken libpam, and
has grown organically since its inception, which is reflected in both its
functionality and implementation.  Rather than clean up pam_wheel(8) and
break backward compatibility, I've chosen to reimplement it under a new,
more generic name.

Sponsored by:	DARPA, NAI Labs
2003-02-06 14:24:14 +00:00