Dag-Erling Smørgrav
33b7c0d94c
Fix a strict aliasing issue. Also remove an unnecessary pam_get_item()
...
call (pam_get_authtok() will return the previous token if try_first_pass
or use_first_pass is specified). Incidentally fix an ugly bug where the
buffer holding the prompt was freed immediately before use, instead of
after.
2003-12-11 15:51:03 +00:00
Dag-Erling Smørgrav
4911b12cba
More strict aliasing fixes.
...
Submitted by: Andreas Hauser <andy-freebsd@splashground.de>
2003-12-11 15:48:09 +00:00
Dag-Erling Smørgrav
91e938693e
Fix strict aliasing breakage in PAM modules (except pam_krb5, which needs
...
more work than the others). This should make most modules build with -O2.
2003-12-11 13:55:16 +00:00
Maxim Sobolev
cd28f89c12
Fix on sparc64.
...
Reported by: rwatson/tinderbox
MFC after: 2 weeks
2003-11-12 23:36:17 +00:00
Maxim Sobolev
f142677b46
Add a new configuration variable - nas_ipaddr, which if set allows to
...
set NAS-IP-Address attribute in requests generated by the pam_radius
module. This attribute is mandatory for some Radius servers out there.
Reviewed by: des
MFC after: 2 weeks
2003-11-12 17:47:23 +00:00
Ken Smith
921e5ca770
- fix to UID test description, non-zero -> zero
...
PR: docs/57799
Reviewed by: des
Approved by: blackend (mentor)
2003-10-17 17:03:38 +00:00
Dag-Erling Smørgrav
24db258f35
Ignore ECHILD from waitpid(2) (our child may have been reaped by the
...
calling process's SIGCHLD handler)
PR: bin/45669
2003-09-19 11:33:03 +00:00
Dag-Erling Smørgrav
3a256117dc
Revert previous commit after fixing libpam.
2003-07-21 19:56:28 +00:00
Dag-Erling Smørgrav
015d0cd6e2
Add a __DECONST() to unbreak the build.
2003-07-15 14:36:36 +00:00
Martin Blapp
dd01398df6
Fix the master yppasswd routines, so they really work
...
for root on ypmaster. yppasswd_local() did use YPPASSWDPROG
instead of MASTER_YPPASSWDPROG, and the domain was not set,
resulting in a coredump during xdr-encode.
Reviewed by: des
2003-06-15 10:37:22 +00:00
Dag-Erling Smørgrav
2d2b70f60b
Add openpam_readline(3).
2003-06-01 12:54:51 +00:00
Dag-Erling Smørgrav
008c1ace7b
Retire pam_wheel(8) (which has been disconnected for quite a while) and
...
pam_ftp(8).
2003-06-01 11:50:35 +00:00
Dag-Erling Smørgrav
ae1e82627a
Don't build pam_std_option().
2003-05-31 23:38:16 +00:00
Dag-Erling Smørgrav
4d6991c692
Update copyright dates.
2003-05-31 17:19:03 +00:00
Dag-Erling Smørgrav
f7d39b0967
Remove pam_std_option() and related functions. Add #defines for common
...
options.
2003-05-31 16:56:35 +00:00
Dag-Erling Smørgrav
545aa47101
Remove all instances of pam_std_option()
2003-05-31 16:55:07 +00:00
Dag-Erling Smørgrav
d462d3923b
Introduce pam_guest(8) which will replace pam_ftp(8).
2003-05-31 16:52:58 +00:00
Ruslan Ermilov
734ac3b543
mdoc(7) fixes.
...
Approved by: re (blanket)
2003-05-24 19:53:08 +00:00
Dag-Erling Smørgrav
7691f66abf
Retire the useless NOSECURE knob.
...
Approved by: re (scottl)
2003-05-19 15:52:01 +00:00
Dag-Erling Smørgrav
8b48559cff
OpenPAM is WANRS6-clean.
2003-05-05 21:15:35 +00:00
Mark Murray
dbf104e68d
Turn MAKE_KERBEROS5 into NO_KERBEROS by negating the logic. Some extra
...
cleanups were necessary in release/Makefile, and the tinderbox code
was syntax checked, not run checked.
2003-05-05 07:58:44 +00:00
Mark Murray
aaa2c2ab24
Trasmute moer "krb5" distibutions into "crypto".
2003-05-01 21:21:15 +00:00
Dag-Erling Smørgrav
6c0510dc2f
Use C99-style varadic macros instead of the non-standard gcc syntax.
2003-05-01 15:08:55 +00:00
Dag-Erling Smørgrav
e50fb9d500
Mark libpam as c99- and WARNS5-clean.
2003-05-01 14:55:06 +00:00
Dag-Erling Smørgrav
8f3031025b
Make sure rhostip is always initialized.
...
PR: bin/51508
Submitted by: Peter Grimshaw <peter@tesseract.demon.co.uk>
2003-04-30 00:49:42 +00:00
Dag-Erling Smørgrav
ccd703cfe4
Treat an empty PAM_RHOST the same as a NULL one.
...
PR: bin/51508
2003-04-30 00:44:05 +00:00
Dag-Erling Smørgrav
3edc7b4e0b
Set $HOME to the correct directory (within the chroot tree).
2003-04-30 00:40:24 +00:00
Dag-Erling Smørgrav
be01d58da1
Remove a bogus null password check which assumed that a user with an empty
...
password must necessarily have an empty pwd->pw_passwd. Also add a check
that prevents users from setting a blank password unless the nullok option
was specified. Root is still allowed to give anyone a blank password.
2003-04-24 12:26:25 +00:00
Dag-Erling Smørgrav
a8643c9882
Connect the pam_chroot(8) module to the build.
2003-04-08 16:52:34 +00:00
Dag-Erling Smørgrav
d4e15f10b1
Add a cwd option which specifies where to chdir(2) after the chroot(2).
...
When using the /home/./foo scheme, this defaults to the rhs (/foo);
otherwise it defaults to /.
2003-04-08 16:52:18 +00:00
Dag-Erling Smørgrav
eac956b2d1
Experimental pam_chroot module (not connected to the build)
2003-03-30 22:58:23 +00:00
Dag-Erling Smørgrav
f5bbe11124
This module is not WARNS-clean, due to brokenness in OpenSSL headers.
2003-03-10 09:19:08 +00:00
Dag-Erling Smørgrav
16bb3109e3
Somewhat better wording.
2003-03-10 09:15:26 +00:00
Dag-Erling Smørgrav
02a19b0184
Silence warning caused by OPIE brokenness.
2003-03-10 09:15:08 +00:00
David E. O'Brien
7f03a257ac
style.Makefile(5) police
...
(I've tried to keep to the spirit of the original formatting)
Reviewed by: des
2003-03-09 20:06:38 +00:00
Mark Murray
5d658b151b
KerberosIV de-orbit burn continues. Remove the KerberosIV PAM module.
2003-03-08 10:33:20 +00:00
Mark Murray
b4240e6ce9
Comment-only assistance to lint to kill warnings.
2003-03-08 10:30:49 +00:00
Ruslan Ermilov
66abb7a636
mdoc(7) police: Nits.
2003-03-03 11:45:18 +00:00
Ruslan Ermilov
522ccf3f35
mdoc(7) police: markup laundry.
2003-02-23 01:47:49 +00:00
Dag-Erling Smørgrav
859ac7c46f
Add an "allow_local" option which forces historical behaviour.
2003-02-16 13:01:03 +00:00
Dag-Erling Smørgrav
b645332a81
Assume "localhost" if no remote host was specified. This is safe from a
...
POLA point of view since the stock /etc/opieaccess now allows localhost.
2003-02-15 23:26:49 +00:00
Dag-Erling Smørgrav
48c12730cd
Use pam_get_user(3) instead of pam_get_item(3) where appropriate.
2003-02-10 18:59:20 +00:00
Dag-Erling Smørgrav
d902781908
Complete rewrite of pam_ssh(8). The previous version was becoming hard
...
to maintain, and had security issues which would have required a major
rewrite to address anyway.
This implementation currently starts a separate agent for each session
instead of connecting each new session to the agent started by the first
one. While this would be a Good Thing (and the old pam_ssh(8) tried to
do it), it's hard to get right. I'll revisit this issue when I've had a
chance to test some modifications to ssh-agent(1).
2003-02-09 21:20:44 +00:00
Dag-Erling Smørgrav
687200d002
Maybe I was a little too fast? Remove debugging code, and commit the
...
Makefile and man page which I'd forgotten to 'cvs add'.
Sponsored by: DARPA, NAI Labs
2003-02-06 14:27:48 +00:00
Dag-Erling Smørgrav
7cde604ebd
Replace pam_wheel(8) with pam_group(8) which has a cleaner interface. The
...
pam_wheel(8) module was written to work in spite of a broken libpam, and
has grown organically since its inception, which is reflected in both its
functionality and implementation. Rather than clean up pam_wheel(8) and
break backward compatibility, I've chosen to reimplement it under a new,
more generic name.
Sponsored by: DARPA, NAI Labs
2003-02-06 14:24:14 +00:00
Dag-Erling Smørgrav
9e2409d3d5
Make sure the message is only printed once.
2003-02-06 14:19:50 +00:00
Dag-Erling Smørgrav
915bae31b7
Don't blame markm for what he didn't do - writing these man pages, for
...
instance. Also bump the date since I made substantial modifications
earlier today.
2003-02-06 13:47:21 +00:00
Dag-Erling Smørgrav
37def36f9b
Update copyright.
2003-02-06 12:56:51 +00:00
Dag-Erling Smørgrav
caeab58cd8
Add support for escape sequences in the arguments (e.g. %u for user name)
...
Sponsored by: DARPA, NAI Labs
2003-02-06 12:56:39 +00:00
Dag-Erling Smørgrav
a76a4d449d
Export the PAM environment to the child process instead of the "normal"
...
environment list, which may be unsafe and / or sensitive.
Sponsored by: DARPA, NAI Labs
2003-02-06 12:40:58 +00:00