d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
78,313 Commits 4 Branches 49 Tags 2 GiB
2cef0b1901
Commit Graph

283 Commits

Author SHA1 Message Date
des
2ee63fa6aa Remove an unnecessary #include that trips up OpenPAM. The header in question 
is an internal Linux-PAM header which shouldn't be used outside Linux-PAM
itself, and has absolutely zero effect on pam_ftp.

Sponsored by:	DARPA, NAI Labs
MFC after:	1 week
 2002-02-02 17:51:39 +00:00
des
2bbcd38b91 Post-repocopy cleanup. 
Sponsored by:	DARPA, NAI Labs
 2002-02-01 22:25:07 +00:00
des
73dcd2da5c Connect the pam_lastlog(8) and pam_login_access(8) modules to the build. 
Sponsored by:	DARPA, NAI Labs
 2002-02-01 08:49:53 +00:00
des
55cd9bb2e3 Still with asbestos longjohns on, completely PAMify login(1) and remove 
code made redundant by various PAM modules (primarily pam_unix(8)).

Sponsored by:	DARPA, NAI Labs
 2002-01-30 19:10:21 +00:00
des
1caa7bdd9e With asbestos longjohns on, integrate most of the checks normally done by 
login(1) (password & account expiry, hosts.access etc.) into pam_unix(8).

Sponsored by:	DARPA, NAI Labs
 2002-01-30 19:09:11 +00:00
des
246b0c7094 Move the code from pam_sm_authenticate() to pam_sm_acct_mgmt(). Simplify 
it a little and try to make it more resilient to various possible failure
conditions.  Change the man page accordingly, and take advantage of this
opportunity to simplify its language.

Sponsored by:	DARPA, NAI Labs
 2002-01-30 19:03:16 +00:00
markm
b63d9c7a6d WARNS=4 fixes. Protect with NO_WERROR for the modules that have 
warnings that are hard to fix or that I've been asked to leave alone.
 2002-01-24 18:37:17 +00:00
des
89b0bbd187 PAM modules shouldn't call putenv(); pam_putenv() is sufficient. The 
caller is supposed to check the PAM envlist and export the variables it
contains; if it doesn't, it's broken.

Sponsored by:	DARPA, NAI Labs
 2002-01-24 17:26:27 +00:00
des
30cd8777d2 Change the order in which pam_sm_open_session() updates the logs. This 
doesn't really make any difference, except it matches wtmp(5) better.

Don't do anything in pam_sm_close_session(); init(8) will take care of
utmp and wtmp when the tty is released.  Clearing them here would make it
possible to create a ghost session by logging in, running 'login -f $USER'
and exiting the subshell.

Sponsored by:	DARPA, NAI Labs (but the bugs are all mine)
 2002-01-24 17:15:04 +00:00
des
37b85e4ec4 Correctly interpret PAM_RHOST being unset as an indicator of a local 
login.

Sponsored by:	DARPA, NAI Labs
 2002-01-24 16:18:43 +00:00
des
0d0aa3b389 Correctly interpret PAM_RHOST being unset as an indicator of a local 
login.
 2002-01-24 16:16:01 +00:00
des
aba6f8182e Style nits. 
Sponsored by:	DARPA, NAI Labs
 2002-01-24 16:14:56 +00:00
des
0a9534cc78 Document the even_root option. 
Sponsored by:	DARPA, NAI Labs
 2002-01-24 13:35:06 +00:00
des
305ac9f47f Don't let root through unless the "even_root" option was specified. 
Sponsored by:	DARPA, NAI Labs
 2002-01-24 12:47:42 +00:00
des
77b808fd9a Add a PAM module that records sessions in utmp/wtmp/lastlog. 
Sponsored by:	DARPA, NAI Labs
 2002-01-24 09:45:17 +00:00
des
215400cfce Fix some pastos. Rather shoddy of me... 
Sponsored by:	DARPA, NAI Labs
 2002-01-24 09:44:22 +00:00
des
452f2b5db1 Add a PAM module that provides an account management component for checking 
either PAM_RHOST or PAM_TTY against /etc/login.access.o

This uncovers a problem with PAM_RHOST, in that if we always set it, there
is no way to distinguish between a user logging in locally and a user
logging in using 'ssh localhost'.  This will be fixed by first making sure
that all PAM modules can handle PAM_RHOST being unset (which is currently
not the case), and then modifying su(1) and login(1) to not set it for
local logins.

Sponsored by:	DARPA, NAI Labs
 2002-01-23 17:42:16 +00:00
des
b917ad33e0 Add an AUTHORS section crediting ThinkSec, DARPA and NAI Labs. 
Sponsored by:	DARPA, NAI Labs
 2002-01-23 17:16:00 +00:00
ru
c9d8bf8608 Add pam_ssh support to the static PAM library, libpam.a: 
- Spam /usr/lib some more by making libssh a standard library.
- Tweak ${LIBPAM} and ${MINUSLPAM}.
- Garbage collect unused libssh_pic.a.
- Add fake -lz dependency to secure/ makefiles needed for
  dynamic linkage with -lssh.

Reviewed by:	des, markm
Approved by:	markm
 2002-01-23 15:54:17 +00:00
des
e64688fcfb Base the comparison on UIDs, not on user names. 
Sponsored by:	DARPA, NAI Labs
 2002-01-23 15:16:01 +00:00
ru
5307ecb83c Make libssh.so useable (undefined reference to IPv4or6). 
Reviewed by:	des, markm
Approved by:	markm
 2002-01-23 15:06:47 +00:00
des
ce9baa2c50 Link pam_opieaccess, pam_self and pam_ssh into the static library. 
Sponsored by:	DARPA, NAI Labs
 2002-01-21 20:43:01 +00:00
des
ac843e8b75 On second thought, getpwnam() failure should be treated just as if the user 
existed, but had no OPIE key, i.e. PAM_IGNORE.

Pointed out by:	ache
Sponsored by:	DARPA, NAI Labs
 2002-01-21 19:05:45 +00:00
des
aeaf48654b Return PAM_SERVICE_ERR rather than PAM_USER_UNKNOWN if getpwnam() fails, as 
PAM_USER_UNKNOWN will break the chain, revealing to an attacker that the
user does not exist.

Sponsored by:	DARPA, NAI Labs
 2002-01-21 18:53:03 +00:00
des
bc31e1293b Further changes to allow enabling pam_opie(8) by default: 
- Ignore the {try,use}_first_pass options by clearing PAM_AUTHTOK before
   challenging the user.  These options are meaningless for pam_opie(8)
   since the user can't possibly know the right response before she sees
   the challenge.

 - Introduce the no_fake_prompts option.  If this option is set, pam_opie(8)
   will fail - rather than present a bogus challenge - if the target user
   does not have an OPIE key.  With this option, users who haven't set up
   OPIE won't have to wonder what that "weird otp-md5 s**t" means :)

Reviewed by:	ache, markm
Sponsored by:	DARPA, NAI Labs
 2002-01-21 18:46:25 +00:00
des
14be282b68 Add a new module, pam_opieaccess(8), which is responsible for checking 
/etc/opieaccess and ~/.opiealways so we can decide what to do after
pam_opie(8) fails.

Sponsored by:	DARPA, NAI Labs
Reviewed by:	ache, markm
 2002-01-21 13:43:53 +00:00
ache
b7343f3a64 snprintf bloat -> strlcpy 
Add getpwnam return check

Approved by:	des, markm
 2002-01-20 20:56:47 +00:00
ache
d90ac373d0 Back out recent changes 2002-01-19 18:03:11 +00:00
ache
f9d407de0b If user not exist in OPIE system, return failure immediately instead 
of producing fake prompts with random numbers which can be detected by
potential intruder in two tries and totally confuse non-OPIE users.
 2002-01-19 10:09:05 +00:00
ache
0262fc4b8f Back out second right-now-expired password check in pam_sm_chauthtok, 
old expired password assumed there
 2002-01-19 09:23:36 +00:00
ache
b0127287cc Previous commit was incomplete, use new error code PAM_CRED_ERR to 
indicate die case, different from PAM_SUCCESS and PAM_AUTH_ERR
 2002-01-19 08:36:47 +00:00
ache
4d1c54018e Rewrite 'pwok' fallback in the way it can be properly chained with pam_unix 
Replace snprintf %s with strlcpy

Check for NULL returned from getpwnam()
 2002-01-19 07:23:48 +00:00
ache
35ada60969 Add yet one expired-right-now password check, in pam_sm_chauthtok 
srandomdev() can't be used in libraries, replace srandomdev()+random()
by arc4random()
 2002-01-19 04:58:51 +00:00
ache
30b45f48f0 Set pwok to 1 for non-OPIE users 2002-01-19 03:31:39 +00:00
ache
a38e044747 Add missing check for right-now-expired password 2002-01-19 02:45:24 +00:00
ache
3d4ab3ebc5 Implement 'pwok', i.e. conditional fallback to unix password 
as supposed by opieaccessfile() and opiealways()
 2002-01-19 02:38:43 +00:00
bde
086017e65e Fixed a missing "const". 2001-12-28 20:59:44 +00:00
ru
ac5af7de06 mdoc(7) police: bump document date. 2001-12-14 13:49:28 +00:00
dwmalone
d9613ea383 Style improvements recommended by Bruce as a follow up to some 
of the recent WARNS commits. The idea is:

1) FreeBSD id tags should follow vendor tags.
2) Vendor tags should not be compiled (though copyrights probably should).
3) There should be no blank line between including cdefs and __FBSDIF.
 2001-12-10 21:13:08 +00:00
des
e82cc88ed6 Back out previous commit. 
Requested by:	ru
 2001-12-09 15:11:55 +00:00
ru
fe50e52a4a mdoc(7) police: sort xrefs. 2001-12-08 16:28:20 +00:00
des
2625a82abe Get pam_mod_misc.h from .CURDIR rather than .OBJDIR or /usr/include. 
Sponsored by:	DARPA, NAI Labs
 2001-12-07 11:51:47 +00:00
des
dd9dc87190 Now that _pam_init_handlers() works as intended, it seems clear that we 
do not actually want to define PAM_READ_BOTH_CONFS, so back out previous
commit.

Sponsored by:	DARPA, NAI Labs
 2001-12-07 00:38:37 +00:00
des
3b065c66cc We need pam_client.h from libpamc. This unbreaks world 
Pointed out by:	jhay
Pointy hat to:	des
 2001-12-06 12:35:18 +00:00
des
651dd64d0d Define PAM_READ_BOTH_CONFS. We can now have both /etc/pam.d and 
/etc/pam.conf.

Sponsored by:	DARPA, NAI Labs
 2001-12-05 17:06:16 +00:00
des
ffe026d003 Install the correct version of pam_misc.h. 
Sponsored by:	DARPA, NAI Labs
 2001-12-05 16:27:41 +00:00
des
354c4b52cc Add dummy functions for all module types. These dummies return PAM_IGNORE 
rather than PAM_SUCCESS, so you'll get a failure if you list dummies but
no real modules for a particular module chain.

Sponsored by:	DARPA, NAI Labs
 2001-12-05 16:06:35 +00:00
des
00b1257dba Connect the man page to the build. 
Sponsored by:	DARPA, NAI Labs
 2001-12-05 16:02:50 +00:00
des
01dcdd1f9a Add a pam_self authentication module that succeeds if and only if the local 
and remote user names are the same.

Sponsored by:	DARPA, NAI Labs
 2001-12-05 15:55:14 +00:00
markm
08eb6fed71 Use __FBSDID(). Also do a bit of cosmetic #if and header-order 
cleaning-up.
 2001-12-02 20:54:57 +00:00
markm
8a79fc4a5a Style fixups. 
Sort function declarations, includes. Make consistent WRT use of _P()
macro (ugh!)

Inspired by:	bde
 2001-12-01 21:12:04 +00:00
markm
144609e331 WARNS=2 fixes. 
Reviewed by:	bde (a while back)
 2001-12-01 17:46:46 +00:00
green
09990be998 Fix pam_ssh by adding an IPv4or6 (evidently, this was broken by my last 
OpenSSH import) declaration and strdup(3)ing a value which is later
free(3)d, rather than letting the system try to free it invalidly.
 2001-11-29 21:16:11 +00:00
des
6828ec1515 Mdoc police. 
Submitted by:	ru
 2001-11-28 10:07:21 +00:00
ru
18923a02f5 mdoc(7) police: fix one pam_unix(8) left-over, sort xrefs. 2001-11-28 09:25:03 +00:00
des
63b6483616 Add a pam_set_item(3) man page with an MLINK to pam_get_item(3). 
PR:		docs/32294
Sponsored by:	DARPA, NAI Labs
MFC after:	3 days
 2001-11-27 15:36:35 +00:00
des
22cc45b784 Create a pam_ssh(8) man page, based on a repo-copy of pam_unix(8). 
License modified with original author's permission.

Sponsored by:	DARPA, NAI Labs
 2001-11-27 00:57:50 +00:00
des
d387396266 Document the local_pass and nis_pass options, add a few xrefs, and reorder 
the SEE ALSO section.  License modified with original author's permission.

Sponsored by:	DARPA, NAI Labs
 2001-11-27 00:53:10 +00:00
dd
5dd8a71701 Spelling police: sucessful -> successful. 2001-11-24 23:41:32 +00:00
sobomax
064436f6e8 Don't put an extra space after password prompts, because it violates POLA, 
makes FreeBSD inconsistent with previous releases and "other unices" as well
as with some internal password-asking services (e.g. ftp) within the same
release.
 2001-10-25 15:51:50 +00:00
markm
3a691e0043 Add library exposed by KDE's use if this module. 2001-10-18 20:05:20 +00:00
dillon
fcad02973f Add __FBSDID()s to libpam 2001-09-30 22:11:06 +00:00
markm
75cc8b4799 1) repair the return value in the PAM_RETURN() macro (Side effects!!). 
2) canonicalise the options use in pam_options().

Submitted by:	Gunnar Kreitz <gunnark@chello.se>
PR:		30250
 2001-09-04 17:05:08 +00:00
markm
9e62e18a59 Introduce a "noroot_ok" option to make this module ignore authentications 
to a non-superuser if required.
 2001-08-26 18:09:00 +00:00
markm
c98dbe0779 Introduce better logging, error reporting and use of login_cap data. 2001-08-26 18:05:35 +00:00
markm
27a8adb330 Add extra logging detail. This needs a more general solution. 2001-08-26 17:57:44 +00:00
markm
67fcc4111a Big module makeover; improve logging, standardise variable names, 
introduce ability to change passwords for both "usual" Unix methods
and NIS.
 2001-08-26 17:41:13 +00:00
markm
ac30099bce Add 'try_mapped_pass' standard option. 
Asked for by:	lukeh@PADL.COM
 2001-08-20 12:43:19 +00:00
markm
78c5ea3c24 Document the no_warn option. 2001-08-15 20:05:33 +00:00
markm
0261d9dad2 Fix a couple of cross-references to reflect the reality of the module. 2001-08-15 20:03:26 +00:00
markm
384d536a12 Fix: 
/usr/src/lib/libpam/modules/pam_ssh/pam_ssh.c has couple of bugs which cause:

1) xdm dumps core
2) ssh1 private key is not passed to ssh-agent
3) ssh2 RSA key seems not handled properly (just a guess from source)
4) ssh_get_authentication_connectionen() fails to get connection because of
   SSH_AUTH_SOCK not defined.

PR:		29609
Submitted by:	Takanori Saneto <sanewo@ba2.so-net.ne.jp>
 2001-08-11 12:37:55 +00:00
markm
0935831088 Clean up this module very extensively. Fix the logging, the coding 
standards and the option handling. This module is now much more easy
to maintain as a part of the FreeBSD tree.
 2001-08-10 19:24:34 +00:00
markm
d4dc7767d7 Code clean up; make logging same as other modules and fix warnings. 2001-08-10 19:21:45 +00:00
markm
74d9830e38 General code clean-up. Sort out warnings, and make the warning and 
logging work the same as other modules.
 2001-08-10 19:18:52 +00:00
markm
746b322ce6 Simplify code. Also verbose logging, verbose overridable error reporting. 2001-08-10 19:15:48 +00:00
markm
30eda03ef6 Verbose logging, overridable verbose error reporting. 2001-08-10 19:12:59 +00:00
markm
846c7876be Module clean-up. Verbose logging, Overridable verbose error reporting, 
FreeBSD pam_prompt() usage to simplify conversation function usage.
 2001-08-10 19:10:43 +00:00
markm
6d1911d4af Verbosely (overridable) report failure to the user. 2001-08-10 19:07:45 +00:00
markm
d6d9a9d422 Use the FreeBSD pam_prompt() interface to the conversation function 
instead of home-rolling it. Clean up debugging code and tidy the
module.
 2001-08-10 19:05:57 +00:00
markm
cda9e6f687 Verbosely report errors to the user (overridable), and make sure 
that the correct failure mode is reported.
 2001-08-10 19:02:21 +00:00
markm
fef690379a Fix broken logic so that this actually works for the superuser. 
Verbosely log (properly).
Verbosely report errors to the user.
 2001-08-10 14:21:58 +00:00
markm
12c08f0451 Rework this to prevent a nasty problem involving different modules' 
option interacting with each other.
 2001-08-10 14:16:47 +00:00
markm
9768c83960 Declare the new user-error reporting macro. 
This is a macro to allow use of the __FILE__ and __FUNCTION__
macros.
 2001-08-10 14:15:00 +00:00
markm
7b1059217e Add a routine for providing feedback via the conversation mechanism 
(usually to stderr) for user-reportable errors.
 2001-08-10 14:13:16 +00:00
markm
3b25221320 Fix style/consistency in Makefile and repair static module building. 
Submitted by:	bde(partially)
 2001-08-04 21:51:14 +00:00
markm
1f44b5f4e9 Don't clobber CFLAGS 
Submitted by:	bde
 2001-08-04 21:49:30 +00:00
markm
edba6eee5e Fix the bug where this modulke was not checking the priamry GID, only 
the GIDS in /etc/group or NIS's group map.

Tested by:	sheldonh
PR:		29349
 2001-08-04 09:19:31 +00:00
markm
79a9463a45 With the S/KEY removal, this is no longer buildable or necessary. 2001-08-02 19:04:20 +00:00
markm
9bd038a011 Don't try to make pam_ssh module if NO_OPENSSH is set. 2001-08-02 19:01:02 +00:00
markm
78112d8985 Repair the get/set UID() stuff so this works in both su(1) and login(1) 
modes.
 2001-08-02 10:35:41 +00:00
markm
2754e9c466 Making this major bump was a BAD idea. The API change is internal (to PAM) 
and it caused problems without solving any.
 2001-07-30 09:56:38 +00:00
markm
6b3146187f (Re)Add an SSH module for PAM, heavily based on Andrew Korty's module 
from ports.
 2001-07-29 18:31:09 +00:00
ru
b2f5024e3b mdoc(7) police: widen width of the options list. 2001-07-18 14:49:32 +00:00
markm
208d8e13d4 Update to the same level of debug-logging as the rest of the 
FreeBSD/PAM modules.
 2001-07-17 07:36:51 +00:00
markm
b179f8e35f Update to the same code as in the pam_krb5.so port. 
According to Peter, the port works - this needs more testing.
 2001-07-17 07:34:36 +00:00
dd
911ca14c87 Remove whitespace at EOL. 2001-07-15 08:06:20 +00:00
markm
ada1f4d477 Use a better method of getting user credentials to account for 
(legal) UID duplication.

Rename use_uid to auth_as_self for consistency with other modules.
 2001-07-14 08:42:39 +00:00
markm
921b216c2d Use a better method to get user credentials to account for (legal) 
duplications of UID's in /etc/*passwd.
 2001-07-14 08:38:24 +00:00
ru
5001e16d30 mdoc(7) police: -xwidth has been fold into -width. 2001-07-13 09:09:52 +00:00
ru
80f926caa5 mdoc(7) police: fixed markup, a little bit. 2001-07-11 08:36:26 +00:00
ru
36e83f27aa mdoc(7) police: fixed markup any numerous typos. 2001-07-11 08:35:34 +00:00
markm
a8b501863a Fix a horrible bug introduced by myself where the options collection 
keeps on growing as the module stack is parsed.
 2001-07-10 16:59:30 +00:00
ru
36f138439b mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 14:16:33 +00:00
ru
317b7d8e37 mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 13:41:46 +00:00
markm
88dfad0475 Clean up (and in some cases write) the PAM mudules, using 
o The new options-processing API
o The new DEBUG-logging API

Add man(1) pages for ALL modules. MDOC-Police welcome
to check this.

Audit, clean up while I'm here.
 2001-07-09 18:20:51 +00:00
markm
ff28ba8b35 Bump the major number. The libraries API has changed incompatibly. 2001-07-09 18:16:33 +00:00
markm
1b8cb1cd38 Almost completely rewrite the PAM module options processing 
routines, and provide a more extended API for doing this.

Provide an API for debug logging.

Audit and clean up the code.
 2001-07-09 18:14:43 +00:00
ru
05e503d80a mdoc(7) police: sort SEE ALSO xrefs (sort -b -f +2 -3 +1 -2). 2001-07-06 16:46:48 +00:00
ru
fd9d23bf28 mdoc(7) police: fixed formatting. 2001-07-06 07:29:59 +00:00
peter
dcb4453375 Fix libpam's linker set stuff to use the new API (unbreak world), and get 
rid of gensetdefs from here as well.
 2001-06-14 01:13:30 +00:00
chris
bf91fbcc4d Convert to mdoc(7). 2001-06-13 21:52:07 +00:00
markm
4e8273f82f Big module cleanup. 
Move common stuff into Makefile.inc, and tidy up all the Makefiles
as a result.

Build new modules.

Put a commented-out dependancy on libpam for the (shared) modules.
I can't bring this in just yet, as the dependancy (modules->libpam)
is reversed for the static case (libpam->modules).
 2001-06-04 19:47:56 +00:00
markm
bb5c80b440 Null file to bring back a file from the dead. This allows the real commit 
to happen remotely. Damn CVS bugs :-(
 2001-06-04 19:25:41 +00:00
markm
cafc16591f Add the "nullok" option that causes this module to succeed if the Unix 
password is empty/null.
 2001-06-04 19:16:57 +00:00
markm
c5ba97baf9 Tidy up the options list (and make it more extendable), and add some 
extra "standard" options.
 2001-06-04 19:12:08 +00:00
markm
a28a87bd61 Add some new utility authenticators. 
pam_securetty silently succeeds if the user is on a secure tty
as defined by /etc/ttys.

pam_ftp does "anonymous ftp" style authentication with options for
specifying the anonymous user(s).
 2001-06-04 18:44:47 +00:00
markm
f6fb59fd55 Add the "auth_as_self" option to the pam_unix module (there is no 
reason not to add it to others later). This causes the pam_unix
module to check the user's _own_ password, not the password of the
account that the user is authenticating into. This will allow eg:
WHEELSU type behaviour from su(1).
 2001-05-24 18:35:52 +00:00
markm
8f01d4f9a2 Bring in a few useful PAM modules. 
pam_krb5 is a Kerberos 5 (Heimdal) authentication module.

pam_nologin checks for /etc/nologin and does the "usual stuff"
	if it is found, otherwise it silently succeeds.

pam_rootok silently succeeds if the user is root, otherwise
	it fails.

pam_wheel silently succeeds if the user is a member of group
	"wheel" (or another nominated group), and fails
	otherwise.

There is an issue with kerberosIV and kerberos5 - if both are
being built, then static linking fails with duplicate symbols.
This will take a bit of work to sort out in the kerberii.
 2001-05-14 11:23:58 +00:00
green
95ca151349 Finish disconnecting pam_ssh from the build. 2001-05-04 20:40:53 +00:00
green
5b85c0e3b3 I've been meaning to take pam_ssh out of the base system for a while now. 
Finally do it.
 2001-05-04 03:53:48 +00:00
markm
ac445d2404 Update for (Linux-)PAM 0.75 2001-05-03 10:55:48 +00:00
ru
03fd77f5a8 mdoc(7) police: uppercase document title. 2001-04-18 08:25:26 +00:00
ru
25ef23ac1c MAN[1-9] -> MAN. 2001-03-27 17:27:19 +00:00
jhb
da015457f3 Use a unified libgcc rather than a seperate one for threaded and 
non-threaded programs.  This provides threaded programs with the
needed exception frame symbols.

parts submitted by:	Max Khon <fjoe@iclub.nsu.ru>
PR:	23252
 2001-01-06 18:59:46 +00:00
obrien
9ecd859376 Use a unified libgcc rather than a seperate one for threaded and 
non-threaded programs.  This provides threaded programs with the
needed exception frame symbols.

parts submitted by:	Max Khon <fjoe@iclub.nsu.ru>
PR:	23252
 2001-01-06 06:16:31 +00:00
ru
8ba4187688 Prepare for mdoc(7)NG. 2000-12-29 14:08:20 +00:00
ru
c23c39b3a4 mdoc(7) police: removed history info from the .Os FreeBSD call. 2000-12-14 11:52:05 +00:00
green
6202ac1614 Forgot to remove the old line in the last commit. 2000-12-05 02:41:01 +00:00
green
163406c6e5 In env_destroy(), it is a bad idea to env_swap(self, 0) to switch 
back to the original environ unconditionally.  The setting of the
variable to save the previous environ is conditional; it happens when
ENV.e_committed is set.  Therefore, don't try to swap the env back
unless the previous env has been initialized.

PR:		bin/22670
Submitted by:	Takanori Saneto <sanewo@ba2.so-net.ne.jp>
 2000-11-25 02:00:35 +00:00
billf
de5ab7abc1 Correct an arguement to ssh_add_identity, this matches what is currently 
in ports/security/openssh/files/pam_ssh.c

PR:		22164
Submitted by:	Takanori Saneto <sanewo@ba2.so-net.ne.jp>
Reviewed by:	green
Approved by:	green
 2000-11-25 01:55:42 +00:00
ru
1a6c69e84a log 2000-11-22 09:23:54 +00:00
kris
27503968d8 Update to the version of pam_ssh corresponding to OpenSSH 2.1 (taken 
from the openssh port)

Submitted by:	Hajimu UMEMOTO <ume@mahoroba.org>
 2000-05-30 09:03:15 +00:00
jake
961b97d434 Back out the previous change to the queue(3) interface. 
It was not discussed and should probably not happen.

Requested by:		msmith and others
 2000-05-26 02:09:24 +00:00
jake
d93fbc9916 Change the way that the queue(3) structures are declared; don't assume that 
the type argument to *_HEAD and *_ENTRY is a struct.

Suggested by:	phk
Reviewed by:	phk
Approved by:	mdodd
 2000-05-23 20:41:01 +00:00
kris
43373af8b0 Connect pam_opie to the build. 2000-04-17 00:19:30 +00:00
kris
9544efebe6 Add pam_opie, a PAM module using the OPIE one-time-password scheme. 
Submitted by:	Jim Bloom <bloom@acm.org>
 2000-04-17 00:14:42 +00:00
kris
77771891cb Fix a memory leak. 
PR:		17360
Submitted by:	Andrew J. Korty <ajk@iu.edu>
 2000-03-29 08:24:37 +00:00
bde
44d97ac9b0 Fixed missing libraries in DPADD. 
Fixed some style bugs (some usual ones for DPADD and LDADD, and
misformatting of $FreeBSD$).
 2000-03-27 15:24:45 +00:00
kris
0d1f47825b Buildworld fixes for NO_OPENSSH and NO_OPENSSL 
Approved by:	jkh
 2000-03-09 06:29:05 +00:00
peter
d441a3a421 Make pam_ssh work. It had an undefined symbol when it was dlopen()ed. 
I'm not quite sure about this, I think it should be using -lssh_pic since
it's being linked into a .so, but nothing seems to complain ahd it does
work.  (well, it works for using the authorized_keys file, but I have not
figured out how to get it to start a ssh-agent and cache the key for me)

PR:		17191
Submitted by:	Adrian Pavlykevych <pam@polynet.lviv.ua>
 2000-03-06 15:28:30 +00:00
sheldonh
329223e6f2 Remove single-space hard sentence breaks. These degrade the quality 
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.
 2000-03-02 09:14:21 +00:00
sheldonh
49c4458c80 Remove single-space hard sentence breaks. These degrade the quality 
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.
 2000-03-01 12:20:22 +00:00
markm
e11c910f1b Don't try to build k5 PAM; it ain't ready yet. 2000-02-28 21:00:50 +00:00
sos
fdfe7ecf9d Same fix as in ../modules, dont use the crypto stuff if its not there. 2000-02-26 12:26:25 +00:00
peter
dfef412c92 Argh, I can't win today. Spell ${.CURDIR} correctly. 2000-02-26 11:16:08 +00:00
peter
10a409ad5f Don't build pam_ssh if the crypto code is missing. 
Found by:	sos
 2000-02-26 11:14:17 +00:00
peter
eb77fcb95c Redo this with a repo copy from the original file and reset the 
__PREFIX__ markers.
 2000-02-26 09:59:14 +00:00
markm
20612f21c7 Use libcrypto instead of libdes. 
Also - OpenSSH blesses us with a module for PAM.
 2000-02-24 22:24:37 +00:00
chris
9d118bd000 Remove the version information from `.Os FreeBSD' here. Not only 
might it confuse people, but it causes a warning message with
nroff, and no version history mentions a 1.2 version of FreeBSD.

If anything, a ``HISTORY'' section should show which version this
appeared in.
 2000-02-14 01:47:54 +00:00
green
8b8214b6d3 Upgrade to the pam_ssh module, version 1.1.. 
(From the author:)
Primarily, I have added built-in functions for manipulating the
environment, so putenv() is no longer used.  XDM and its variants
should now work without modification.  Note that the new code uses
the macros in <sys/queue.h>.

Submitted by:	Andrew J. Korty <ajk@iu.edu>
 1999-12-28 05:32:54 +00:00