Commit Graph

37 Commits

Author SHA1 Message Date
Juli Mallett
816c6c91e2 Free old_pwd only in the code path where it has been allocated.
Reviewed by:	des
2002-05-22 23:18:25 +00:00
Dag-Erling Smørgrav
f1d0592537 Use libutil and libypclnt for all passwd manipulation and NIS needs.
Sponsored by:	DARPA, NAI Labs
2002-05-08 00:54:29 +00:00
Dag-Erling Smørgrav
0f6517b7d8 Don't ask root for the old password, except in the NIS case.
Sponsored by:	DARPA, NAI Labs
2002-04-26 19:28:17 +00:00
Dag-Erling Smørgrav
c8c20c5226 Fix a really dumb bug (missing curly braces around the body of an if
statement) that caused pam_sm_chauthtok() to always fail silently.
2002-04-26 01:47:48 +00:00
Dag-Erling Smørgrav
c82bffaa40 Revert previous commit, it is incorrect. 2002-04-15 22:51:31 +00:00
David E. O'Brien
f01afd3101 Properly spell rpcsvc/ypclnt.h and fix the build. 2002-04-15 22:47:28 +00:00
Dag-Erling Smørgrav
7b733689a3 Prompt for new password during update phase, not during preliminary phase.
Sponsored by:	DARPA, NAI Labs
2002-04-15 03:00:14 +00:00
Dag-Erling Smørgrav
ff1bc287ac Dike out most of the NIS code and replace it with calls to libypclnt.
Rework pam_sm_chauthtok() so it (mostly?) works.
The standard pw stuff still needs to move into a library somewhere.

Sponsored by:	DARPA, NAI Labs
2002-04-15 02:34:43 +00:00
Dag-Erling Smørgrav
24fe7ba0d9 Major cleanup:
- add __unused where appropriate
  - PAM_RETURN -> return since OpenPAM already logs the return value.
  - make PAM_LOG use openpam_log()
  - make PAM_VERBOSE_ERROR use openpam_get_option() and check flags
    for PAM_SILENT
  - remove dummy functions since OpenPAM handles missing service
    functions
  - fix various warnings

Sponsored by:	DARPA, NAI Labs
2002-04-12 22:27:25 +00:00
Ruslan Ermilov
f2f306b622 Align for const poisoning in -lutil. 2002-04-08 11:07:51 +00:00
Dag-Erling Smørgrav
50000f00df Reorganize pam_sm_authenticate() to reduce code duplication.
Sponsored by:	DARPA, NAI Labs
2002-04-07 21:18:18 +00:00
Dag-Erling Smørgrav
a8b1e59eb2 Fix bug in previous commit that passed the wrong default value to
login_getcapstr(3).  Also fix a longer-standing bug (login_close(3)
frees the string returned by login_getcapstr(3)) by reorganizing the
code a little, and use login_getpwclass(3) instead of login_getclass(3)
if we already have a struct pwd.

Sponsored by:	DARPA, NAI Labs
2002-04-07 20:43:27 +00:00
Dag-Erling Smørgrav
111ccd256c Aggressive cleanup of warnings + authtok-related code in preparation for
PAMifying passwd(1).

Sponsored by:	DARPA, NAI Labs.
2002-04-06 19:30:04 +00:00
Dag-Erling Smørgrav
4004c08e79 Fix some style issues, a const warning, and abuse of PAM_ABORT.
Sponsored by:	DARPA, NAI Labs
2002-04-06 14:25:04 +00:00
Crist J. Clark
51906f452e Fix world breakage introduced by my recent modifications to
chpass(8). The relations between libc, libpam, chpass, passwd, and
vipw are a mess and probably should be cleaned up.

Submitted by:	Peter Pentchev <roam@ringlet.net>
2002-03-18 12:55:28 +00:00
Dag-Erling Smørgrav
f03a4b810a NAI DBA update. 2002-03-14 23:27:59 +00:00
Mark Murray
8c3ea588df Remove the use of random(3), and encapsulate the salt-generation in
its own function. The use of arc4random(3) is hopeless overkill here,
but that does not hurt anything.

Requested by:	ache
2002-03-14 16:41:36 +00:00
Dag-Erling Smørgrav
519b6a4c8f Switch to OpenPAM. Bump library version. Modules are now versioned, so
applications linked with Linux-PAM will still work.
Remove pam_get_pass(); OpenPAM has pam_get_authtok().
Remove pam_prompt(); OpenPAM has pam_{,v}{error,info,prompt}().
Remove pam_set_item(3) man page as OpenPAM has its own.

Sponsored by:	DARPA, NAI Labs
2002-03-05 21:56:25 +00:00
Dag-Erling Smørgrav
7f28386a26 This file needs <syslog.h>.
Sponsored by:	DARPA, NAI Labs
2002-02-09 14:12:09 +00:00
Dag-Erling Smørgrav
8c66575de8 #include cleanup.
Sponsored by:	DARPA, NAI Labs
2002-02-05 06:08:26 +00:00
Mark Murray
21e5d74291 Add the other half of the salt-generating code. No functional
difference except that the salt is slightly harder to build
dictionaries against, and the code does not use srandom[dev]().
2002-02-04 00:28:54 +00:00
Mark Murray
ac5699692e WARNS=n fixes (and some stylistic issues). 2002-02-03 15:17:57 +00:00
Dag-Erling Smørgrav
e9cc7b1d92 With asbestos longjohns on, integrate most of the checks normally done by
login(1) (password & account expiry, hosts.access etc.) into pam_unix(8).

Sponsored by:	DARPA, NAI Labs
2002-01-30 19:09:11 +00:00
Andrey A. Chernov
0b836dfaf1 Back out recent changes 2002-01-19 18:03:11 +00:00
Andrey A. Chernov
3195cd6712 Back out second right-now-expired password check in pam_sm_chauthtok,
old expired password assumed there
2002-01-19 09:23:36 +00:00
Andrey A. Chernov
c8e3fac7a1 Add yet one expired-right-now password check, in pam_sm_chauthtok
srandomdev() can't be used in libraries, replace srandomdev()+random()
by arc4random()
2002-01-19 04:58:51 +00:00
Andrey A. Chernov
d54c36388e Add missing check for right-now-expired password 2002-01-19 02:45:24 +00:00
Maxim Sobolev
bc3a4bf55d Don't put an extra space after password prompts, because it violates POLA,
makes FreeBSD inconsistent with previous releases and "other unices" as well
as with some internal password-asking services (e.g. ftp) within the same
release.
2001-10-25 15:51:50 +00:00
Matthew Dillon
ceaf33f537 Add __FBSDID()s to libpam 2001-09-30 22:11:06 +00:00
Mark Murray
3d55a6c083 Big module makeover; improve logging, standardise variable names,
introduce ability to change passwords for both "usual" Unix methods
and NIS.
2001-08-26 17:41:13 +00:00
Mark Murray
1642eb1a52 Clean up (and in some cases write) the PAM mudules, using
o The new options-processing API
o The new DEBUG-logging API

Add man(1) pages for ALL modules. MDOC-Police welcome
to check this.

Audit, clean up while I'm here.
2001-07-09 18:20:51 +00:00
Mark Murray
46efbac2ed Add the "nullok" option that causes this module to succeed if the Unix
password is empty/null.
2001-06-04 19:16:57 +00:00
Mark Murray
4448b21cc6 Add the "auth_as_self" option to the pam_unix module (there is no
reason not to add it to others later). This causes the pam_unix
module to check the user's _own_ password, not the password of the
account that the user is authenticating into. This will allow eg:
WHEELSU type behaviour from su(1).
2001-05-24 18:35:52 +00:00
John Polstra
d65b34db7d Revive the pam_deny and pam_permit modules from Linux-PAM. They are
simple enough to be trusted.

Add account management functionality to the pam_unix module.

These changes should make it possible to use PAM in some ports.

Submitted by:	Max Khon <fjoe@iclub.nsu.ru>
1999-05-08 01:59:27 +00:00
John Polstra
ce9f8663f9 Fix bug that prevented accounts with empty passwords from logging
in.

Submitted by:	Paul Traina <pst@juniper.net>
1999-04-06 19:48:53 +00:00
John Polstra
9294327d4a Make it possible to use PAM in statically-linked applications. 1999-01-20 21:55:30 +00:00
John Polstra
9a10bb17e1 Build structure for contribified Linux-PAM, plus some home-grown
modules for FreeBSD's standard authentication methods.  Although
the Linux-PAM modules are present in the contrib tree, we don't
use any of them.

The main library "libpam" is composed of sources taken from three
places.  First are the standard Linux-PAM libpam sources from the
contrib tree.  Second are the Linux-PAM "libpam_misc" sources, also
from the contrib tree.  In Linux these form a separate library.
But as Mike Smith pointed out to me, that seems pointless, so I
have combined them into the libpam library.  Third are some additional
sources from the "src/lib/libpam" tree with some common functions
that make it easier to write modules.  Those I wrote myself.

This work has been donated to FreeBSD by Juniper Networks, Inc.
1998-11-18 01:44:37 +00:00