Commit Graph

159 Commits

Author SHA1 Message Date
markm
01a4236106 WARNS=n fixes (and some stylistic issues). 2002-02-03 15:17:57 +00:00
des
2ee63fa6aa Remove an unnecessary #include that trips up OpenPAM. The header in question
is an internal Linux-PAM header which shouldn't be used outside Linux-PAM
itself, and has absolutely zero effect on pam_ftp.

Sponsored by:	DARPA, NAI Labs
MFC after:	1 week
2002-02-02 17:51:39 +00:00
des
2bbcd38b91 Post-repocopy cleanup.
Sponsored by:	DARPA, NAI Labs
2002-02-01 22:25:07 +00:00
des
73dcd2da5c Connect the pam_lastlog(8) and pam_login_access(8) modules to the build.
Sponsored by:	DARPA, NAI Labs
2002-02-01 08:49:53 +00:00
des
55cd9bb2e3 Still with asbestos longjohns on, completely PAMify login(1) and remove
code made redundant by various PAM modules (primarily pam_unix(8)).

Sponsored by:	DARPA, NAI Labs
2002-01-30 19:10:21 +00:00
des
1caa7bdd9e With asbestos longjohns on, integrate most of the checks normally done by
login(1) (password & account expiry, hosts.access etc.) into pam_unix(8).

Sponsored by:	DARPA, NAI Labs
2002-01-30 19:09:11 +00:00
des
246b0c7094 Move the code from pam_sm_authenticate() to pam_sm_acct_mgmt(). Simplify
it a little and try to make it more resilient to various possible failure
conditions.  Change the man page accordingly, and take advantage of this
opportunity to simplify its language.

Sponsored by:	DARPA, NAI Labs
2002-01-30 19:03:16 +00:00
markm
b63d9c7a6d WARNS=4 fixes. Protect with NO_WERROR for the modules that have
warnings that are hard to fix or that I've been asked to leave alone.
2002-01-24 18:37:17 +00:00
des
89b0bbd187 PAM modules shouldn't call putenv(); pam_putenv() is sufficient. The
caller is supposed to check the PAM envlist and export the variables it
contains; if it doesn't, it's broken.

Sponsored by:	DARPA, NAI Labs
2002-01-24 17:26:27 +00:00
des
30cd8777d2 Change the order in which pam_sm_open_session() updates the logs. This
doesn't really make any difference, except it matches wtmp(5) better.

Don't do anything in pam_sm_close_session(); init(8) will take care of
utmp and wtmp when the tty is released.  Clearing them here would make it
possible to create a ghost session by logging in, running 'login -f $USER'
and exiting the subshell.

Sponsored by:	DARPA, NAI Labs (but the bugs are all mine)
2002-01-24 17:15:04 +00:00
des
37b85e4ec4 Correctly interpret PAM_RHOST being unset as an indicator of a local
login.

Sponsored by:	DARPA, NAI Labs
2002-01-24 16:18:43 +00:00
des
0d0aa3b389 Correctly interpret PAM_RHOST being unset as an indicator of a local
login.
2002-01-24 16:16:01 +00:00
des
aba6f8182e Style nits.
Sponsored by:	DARPA, NAI Labs
2002-01-24 16:14:56 +00:00
des
0a9534cc78 Document the even_root option.
Sponsored by:	DARPA, NAI Labs
2002-01-24 13:35:06 +00:00
des
305ac9f47f Don't let root through unless the "even_root" option was specified.
Sponsored by:	DARPA, NAI Labs
2002-01-24 12:47:42 +00:00
des
77b808fd9a Add a PAM module that records sessions in utmp/wtmp/lastlog.
Sponsored by:	DARPA, NAI Labs
2002-01-24 09:45:17 +00:00
des
215400cfce Fix some pastos. Rather shoddy of me...
Sponsored by:	DARPA, NAI Labs
2002-01-24 09:44:22 +00:00
des
452f2b5db1 Add a PAM module that provides an account management component for checking
either PAM_RHOST or PAM_TTY against /etc/login.access.o

This uncovers a problem with PAM_RHOST, in that if we always set it, there
is no way to distinguish between a user logging in locally and a user
logging in using 'ssh localhost'.  This will be fixed by first making sure
that all PAM modules can handle PAM_RHOST being unset (which is currently
not the case), and then modifying su(1) and login(1) to not set it for
local logins.

Sponsored by:	DARPA, NAI Labs
2002-01-23 17:42:16 +00:00
des
b917ad33e0 Add an AUTHORS section crediting ThinkSec, DARPA and NAI Labs.
Sponsored by:	DARPA, NAI Labs
2002-01-23 17:16:00 +00:00
ru
c9d8bf8608 Add pam_ssh support to the static PAM library, libpam.a:
- Spam /usr/lib some more by making libssh a standard library.
- Tweak ${LIBPAM} and ${MINUSLPAM}.
- Garbage collect unused libssh_pic.a.
- Add fake -lz dependency to secure/ makefiles needed for
  dynamic linkage with -lssh.

Reviewed by:	des, markm
Approved by:	markm
2002-01-23 15:54:17 +00:00
des
e64688fcfb Base the comparison on UIDs, not on user names.
Sponsored by:	DARPA, NAI Labs
2002-01-23 15:16:01 +00:00
ru
5307ecb83c Make libssh.so useable (undefined reference to IPv4or6).
Reviewed by:	des, markm
Approved by:	markm
2002-01-23 15:06:47 +00:00
des
ac843e8b75 On second thought, getpwnam() failure should be treated just as if the user
existed, but had no OPIE key, i.e. PAM_IGNORE.

Pointed out by:	ache
Sponsored by:	DARPA, NAI Labs
2002-01-21 19:05:45 +00:00
des
aeaf48654b Return PAM_SERVICE_ERR rather than PAM_USER_UNKNOWN if getpwnam() fails, as
PAM_USER_UNKNOWN will break the chain, revealing to an attacker that the
user does not exist.

Sponsored by:	DARPA, NAI Labs
2002-01-21 18:53:03 +00:00
des
bc31e1293b Further changes to allow enabling pam_opie(8) by default:
- Ignore the {try,use}_first_pass options by clearing PAM_AUTHTOK before
   challenging the user.  These options are meaningless for pam_opie(8)
   since the user can't possibly know the right response before she sees
   the challenge.

 - Introduce the no_fake_prompts option.  If this option is set, pam_opie(8)
   will fail - rather than present a bogus challenge - if the target user
   does not have an OPIE key.  With this option, users who haven't set up
   OPIE won't have to wonder what that "weird otp-md5 s**t" means :)

Reviewed by:	ache, markm
Sponsored by:	DARPA, NAI Labs
2002-01-21 18:46:25 +00:00
des
14be282b68 Add a new module, pam_opieaccess(8), which is responsible for checking
/etc/opieaccess and ~/.opiealways so we can decide what to do after
pam_opie(8) fails.

Sponsored by:	DARPA, NAI Labs
Reviewed by:	ache, markm
2002-01-21 13:43:53 +00:00
ache
b7343f3a64 snprintf bloat -> strlcpy
Add getpwnam return check

Approved by:	des, markm
2002-01-20 20:56:47 +00:00
ache
d90ac373d0 Back out recent changes 2002-01-19 18:03:11 +00:00
ache
f9d407de0b If user not exist in OPIE system, return failure immediately instead
of producing fake prompts with random numbers which can be detected by
potential intruder in two tries and totally confuse non-OPIE users.
2002-01-19 10:09:05 +00:00
ache
0262fc4b8f Back out second right-now-expired password check in pam_sm_chauthtok,
old expired password assumed there
2002-01-19 09:23:36 +00:00
ache
b0127287cc Previous commit was incomplete, use new error code PAM_CRED_ERR to
indicate die case, different from PAM_SUCCESS and PAM_AUTH_ERR
2002-01-19 08:36:47 +00:00
ache
4d1c54018e Rewrite 'pwok' fallback in the way it can be properly chained with pam_unix
Replace snprintf %s with strlcpy

Check for NULL returned from getpwnam()
2002-01-19 07:23:48 +00:00
ache
35ada60969 Add yet one expired-right-now password check, in pam_sm_chauthtok
srandomdev() can't be used in libraries, replace srandomdev()+random()
by arc4random()
2002-01-19 04:58:51 +00:00
ache
30b45f48f0 Set pwok to 1 for non-OPIE users 2002-01-19 03:31:39 +00:00
ache
a38e044747 Add missing check for right-now-expired password 2002-01-19 02:45:24 +00:00
ache
3d4ab3ebc5 Implement 'pwok', i.e. conditional fallback to unix password
as supposed by opieaccessfile() and opiealways()
2002-01-19 02:38:43 +00:00
ru
ac5af7de06 mdoc(7) police: bump document date. 2001-12-14 13:49:28 +00:00
dwmalone
d9613ea383 Style improvements recommended by Bruce as a follow up to some
of the recent WARNS commits. The idea is:

1) FreeBSD id tags should follow vendor tags.
2) Vendor tags should not be compiled (though copyrights probably should).
3) There should be no blank line between including cdefs and __FBSDIF.
2001-12-10 21:13:08 +00:00
des
e82cc88ed6 Back out previous commit.
Requested by:	ru
2001-12-09 15:11:55 +00:00
ru
fe50e52a4a mdoc(7) police: sort xrefs. 2001-12-08 16:28:20 +00:00
des
2625a82abe Get pam_mod_misc.h from .CURDIR rather than .OBJDIR or /usr/include.
Sponsored by:	DARPA, NAI Labs
2001-12-07 11:51:47 +00:00
des
354c4b52cc Add dummy functions for all module types. These dummies return PAM_IGNORE
rather than PAM_SUCCESS, so you'll get a failure if you list dummies but
no real modules for a particular module chain.

Sponsored by:	DARPA, NAI Labs
2001-12-05 16:06:35 +00:00
des
00b1257dba Connect the man page to the build.
Sponsored by:	DARPA, NAI Labs
2001-12-05 16:02:50 +00:00
des
01dcdd1f9a Add a pam_self authentication module that succeeds if and only if the local
and remote user names are the same.

Sponsored by:	DARPA, NAI Labs
2001-12-05 15:55:14 +00:00
markm
08eb6fed71 Use __FBSDID(). Also do a bit of cosmetic #if and header-order
cleaning-up.
2001-12-02 20:54:57 +00:00
markm
8a79fc4a5a Style fixups.
Sort function declarations, includes. Make consistent WRT use of _P()
macro (ugh!)

Inspired by:	bde
2001-12-01 21:12:04 +00:00
markm
144609e331 WARNS=2 fixes.
Reviewed by:	bde (a while back)
2001-12-01 17:46:46 +00:00
green
09990be998 Fix pam_ssh by adding an IPv4or6 (evidently, this was broken by my last
OpenSSH import) declaration and strdup(3)ing a value which is later
free(3)d, rather than letting the system try to free it invalidly.
2001-11-29 21:16:11 +00:00
ru
18923a02f5 mdoc(7) police: fix one pam_unix(8) left-over, sort xrefs. 2001-11-28 09:25:03 +00:00
des
22cc45b784 Create a pam_ssh(8) man page, based on a repo-copy of pam_unix(8).
License modified with original author's permission.

Sponsored by:	DARPA, NAI Labs
2001-11-27 00:57:50 +00:00