d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
129,856 Commits 4 Branches 49 Tags 2 GiB
31cdd06b7a
Commit Graph

423 Commits

Author SHA1 Message Date
des
cd277df0bb childerr needs to be volatile so gcc won't optimize it away. 
PR:		bin/85830
MFC after:	1 week
 2006-11-10 23:33:25 +00:00
ru
f2378ce746 The pam_unix module also provides password management. 
PR:		docs/93491
Submitted by:	Lior Kadosh
MFC after:	3 days
 2006-10-12 15:00:17 +00:00
ru
b6d284e093 Fix build. 2006-09-30 20:33:42 +00:00
des
22cf0fa876 Reject user with names that are longer than OPIE is willing to deal with; 
otherwise OPIE will happily truncate it.

Spotted by:	ghelmer
MFC after:	2 weeks
 2006-09-15 13:42:38 +00:00
joel
e751eb9832 Bump .Dd. 
Noticed by:	danger
 2006-09-13 18:34:32 +00:00
joel
e532d7ce17 Remove references to the pam(8) manual page. It does not exist. 
Requested by:	novel
Discussed with:	brueffer, simon
 2006-09-13 17:46:20 +00:00
des
55b6d867ea Additional debugging stuff I had in my tree. 2006-08-11 17:03:33 +00:00
stefanf
6cdb8f6653 Change the GCC specific __FUNCTION__ to C99's __func__. 
OK'ed by:	des
 2006-07-17 11:48:52 +00:00
des
456f2593a5 Add a manual dependency on ssh_namespace.h. 
Discussed with:	ru
 2006-05-13 21:38:16 +00:00
des
148092431d Introduce a namespace munging hack inspired by NetBSD to avoid polluting 
the namespace of applications which inadvertantly link in libssh (usually
through pam_ssh)

Suggested by:	lukem@netbsd.org
MFC after:	6 weeks
 2006-05-13 13:47:45 +00:00
wkoszek
a9e9a228bd There is no need to pass NULL to the pam_error() as the last argument. 
Remove it.

Reviewed by:	des
Approved by:	cognet (mentor)
 2006-03-20 16:56:08 +00:00
ru
81f8a2cff8 Fix build until I find a way to handle this case properly. 2006-03-19 08:52:49 +00:00
ru
90b657b795 Revert last delta. 2006-03-19 06:14:30 +00:00
phk
5a9bbe93ee Comment out MK_PROFILE until ru@ can fix this properly 2006-03-19 04:49:11 +00:00
ru
5f8b6d3c5a Convert NO_PROFILE and NO_LIB32 to new style. 2006-03-18 21:37:05 +00:00
ru
388e590f95 Reimplementation of world/kernel build options. For details, see: 
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html

The src.conf(5) manpage is to follow in a few days.

Brought to you by:	imp, jhb, kris, phk, ru (all bugs are mine)
 2006-03-17 18:54:44 +00:00
yar
7ba58b694e Add appropriate xrefs. 
MFC after:	3 days
 2006-03-06 13:15:12 +00:00
yar
f4b4b54f2b Since the whole login.access feature has moved to PAM, 
login.access.5 will be installed from the respective PAM
module's src directory.

MFC after:	3 days
 2006-03-06 12:31:25 +00:00
yar
4995e053c3 Sync with src/usr.bin/login/login.access.5. 
src/usr.bin/login/login.access.5 should be removed from use
because the whole login.access feature has moved to this PAM
module.

MFC after:	3 days
 2006-03-06 12:26:43 +00:00
ru
2d942f188d Commenting out WARNS actually brought it up to 4. 2005-09-28 14:36:16 +00:00
des
6e08585cef Comment out WARNS, the OpenSSL headers don't compile cleanly on some platforms. 2005-09-28 06:23:47 +00:00
des
95277118f4 Increase WARNS. 2005-09-26 20:34:09 +00:00
des
343777dab2 Correct the logic for determining whether the user has already entered 
a password.  Also, work around some harmless type pun warnings.

MFC after:	3 days
 2005-09-26 20:33:53 +00:00
des
01dcf64138 Do not use passphraseless keys for authentication unless the nullok 
option was specified.

PR:		bin/81231
Submitted by:	"Daniel O'Connor" <doconnor@gsoft.com.au>
MFC after:	3 days
 2005-09-22 05:35:24 +00:00
des
4ee54de329 Narrow the use of user credentials. 
Fix one case where openpam_restore_cred() might be called twice in a row.

MFC after:	3 days
 2005-09-21 16:08:40 +00:00
cperciva
a257862d4b When (re)allocating space for an array of pointers to char, use 
sizeof(*list), not sizeof(**list).  (i.e., sizeof(pointer) rather than
sizeof(char)).

It is possible that this buffer overflow is exploitable, but it was
added after RELENG_5 forked and hasn't been MFCed, so this will not
receive an advisory.

Submitted by:	Vitezslav Novy
MFC after:	1 day
 2005-09-19 18:43:11 +00:00
kensmith
f97f77429f Bump the shared library version number of all libraries that have not 
been bumped since RELENG_5.

Reviewed by:	ru
Approved by:	re (not needed for commit check but in principle...)
 2005-07-22 17:19:05 +00:00
kensmith
174219188d Missed one piece of the cluster's quirk. Need to override WARNS because 
if _FREEFALL_CONFIG is set gcc bails since pam_sm_setcred() in pam_krb5.c
no longer uses any of its parameters.

Pointy hat:	kensmith
Approved by:	re (scottl)
 2005-07-08 14:53:45 +00:00
kensmith
28b7f562fc This is sort of an MFS. Peter made these changes to the RELENG_* 
branches but missed HEAD.  This patch extends his a little bit,
setting it up via the Makefiles so that adding _FREEFALL_CONFIG
to /etc/make.conf is the only thing needed to cluster-ize things
(current setup also requires overriding CFLAGS).

From Peter's commit to the RELENG_* branches:
> Add the freebsd.org custer's source modifications under #ifdefs to aid
> keeping things in sync.  For ksu:
> * install suid-root by default
> * don't fall back to asking for a unix password (ie: be pure kerberos)
> * allow custom user instances for things like www and not just root

The Makefile tweaks will be MFC-ed, the rest is already done.

MFC after:      3 days
Approved by:    re (dwhite)
 2005-07-07 14:16:38 +00:00
des
09a62d7510 Use the correct login class when setting a new password. 
PR:		65557, 72949
Submitted by:	Stephen P. Cravey <clists@gotbrains.org>
Approved by:	re (scottl)
MFC after:	2 weeks
 2005-07-05 18:42:18 +00:00
des
4b2f009799 Update for OpenPAM Figwort. 
Approved by:	re (kensmith)
 2005-06-17 08:14:42 +00:00
ru
38fc91ca96 Assorted markup fixes. 
Approved by:	re
 2005-06-15 19:04:04 +00:00
des
2b425cf5e2 Don't use a cast as an lvalue. 
Add a redundant test to make it painfully obvious to the reader that this
code does not support IPv6.

Approved by:	re (dwhite)
MFC after:	1 week
 2005-06-13 21:18:52 +00:00
des
060c66b4a3 Use appropriate error codes for each facility instead of just PAM_AUTH_ERR. 
Noticed by:	pjd
 2005-06-10 06:16:13 +00:00
des
d78c118916 Revert the commits that made libssh an INTERNALLIB; they caused too much 
trouble, especially on amd64.

Requested by:	ru
 2005-06-07 09:31:28 +00:00
des
741e51c695 Fix libssh dependency. 2005-06-06 19:01:01 +00:00
ume
a3047efe51 NI_WITHSCOPEID cleanup 
Reviewed by:	des
 2005-05-13 20:51:09 +00:00
ru
1541af42f1 Expand *n't contractions. 2005-02-13 22:25:33 +00:00
des
b0d098fb3c In addition to the PAM environment, export a handful of useful PAM items. 
Suggested by:	Ed Maste <emaste@phaedrus.sandvine.ca>
 2005-02-01 10:37:07 +00:00
des
23d6a7f7bd Add openpam_free_envlist(3). 2005-02-01 10:21:07 +00:00
rwatson
3441ac65f8 When "no_ccache" is set as an argument to the pam_krb5 module, don't 
copy the acquired TGT from the in-memory cache to the on-disk cache
at login.  This was documented but un-implemented behavior.

MFC after:		1 week
PR:			bin/64464
Reported and tested by:	Eric van Gyzen <vangyzen at stat dot duke dot edu>
 2005-01-24 16:49:50 +00:00
rwatson
8cc1e1c0d7 The final argument to verify_krb_v5_tgt() is the debug flag, not the 
ticket forwardable flag, so key generation of debugging output to
"debug" rather than "forwardable".

Update copyright.

MFC after:	3 days
 2005-01-23 15:57:07 +00:00
ru
3666aefb6a Fixed xref. 2005-01-21 10:48:35 +00:00
ru
f4c44b761b NOCRYPT -> NO_CRYPT 2004-12-21 10:16:04 +00:00
ru
e1caf1330c NOINSTALLLIB -> NO_INSTALLLIB 2004-12-21 09:51:09 +00:00
ru
74176cc161 NODOCCOMPRESS -> NO_DOCCOMPRESS 
NOINFO -> NO_INFO
NOINFOCOMPRESS -> NO_INFOCOMPRESS
NOLINT -> NO_LINT
NOPIC -> NO_PIC
NOPROFILE -> NO_PROFILE
 2004-12-21 09:33:47 +00:00
bz
4b83c5852a Add knob NO_NIS (fka NO_YP_LIBC) and make world compileable when set. 
If turned on  no NIS support and related programs will be built.

Lost parts rediscovered by:	Danny Braniss <danny at cs.huji.ac.il>
PR:		bin/68303
No objections:	des, gshapiro, nectar
Reviewed by:	ru
Approved by:	rwatson (mentor)
MFC after:	2 weeks
 2004-11-13 20:40:32 +00:00
ru
5db2b9d5b3 For variables that are only checked with defined(), don't provide 
any fake value.
 2004-10-24 15:33:08 +00:00
cperciva
e629b37603 Join the 21st century: Cryptography is no longer an optional component 
of releases.  The -DNOCRYPT build option still exists for anyone who
really wants to build non-cryptographic binaries, but the "crypto"
release distribution is now part of "base", and anyone installing from a
release will get cryptographic binaries.

Approved by:	re (scottl), markm
Discussed on:	freebsd-current, in late April 2004
 2004-08-06 07:27:08 +00:00
kan
425239bf6e Downgrade WARNS level for GCC 3.4.2. 2004-07-28 05:49:15 +00:00