d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
70,866 Commits 4 Branches 49 Tags 2 GiB
95b6324d69
Commit Graph

198 Commits

Author SHA1 Message Date
sobomax
f41a9d6db5 Create /var/log/lastlog if it doesn't exist. 
Submitted by:	des
 2002-02-20 07:47:06 +00:00
des
863a49b908 This file needs <syslog.h>. 
Sponsored by:	DARPA, NAI Labs
 2002-02-09 14:12:09 +00:00
ru
b2c3dc0715 Now that cross-tools ld(1) has been fixed to look for dynamic 
dependencies in the correct place, record the fact that -lssh
depends on -lcrypto and -lz.

Removed false dependencies on -lz (except ssh(1) and sshd(8)).
Removed false dependencies on -lcrypto and -lutil for scp(1).

Reviewed by:	markm
 2002-02-08 13:42:58 +00:00
markm
b090adde5f Remove NO_WERROR, now that WARNS=n is gone. 2002-02-06 18:46:48 +00:00
markm
35ff607995 Comment out the WARNS= so as to not trample all over the GCC3 work. 2002-02-06 18:14:59 +00:00
des
de2b43dc4e Three times lucky: <stddef.h>, not <sys/param.h> 2002-02-05 08:01:32 +00:00
des
d6eb982a3b Oops, the correct header to include for NULL is <sys/param.h>. 2002-02-05 07:53:00 +00:00
des
71559bdb87 #include <sys/types.h> for NULL (hidden by Linux-PAM header pollution) 
Sponsored by:	DARPA, NAI Labs
 2002-02-05 06:20:27 +00:00
des
4bbf527773 #include cleanup. 
Sponsored by:	DARPA, NAI Labs
 2002-02-05 06:08:26 +00:00
markm
4a0034cf46 Explicitly declare (gcc internal) functions. 
Submitted by:	ru
 2002-02-04 17:59:25 +00:00
des
0b3772b62a ssh_get_authentication_connection() gets its parameters from environment 
variables, so temporarily switch to the PAM environment before calling it.

Submitted by:	Takanori Saneto <sanewo@ba2.so-net.ne.jp>
 2002-02-04 17:15:44 +00:00
markm
4e3ec91692 Protect "make buildworld" against -Werror, as this module does not 
build cleanly.
 2002-02-04 16:09:25 +00:00
markm
01ec73592a Add the other half of the salt-generating code. No functional 
difference except that the salt is slightly harder to build
dictionaries against, and the code does not use srandom[dev]().
 2002-02-04 00:28:54 +00:00
markm
5a8788fb41 Turn on fascist warning mode. 2002-02-03 15:51:52 +00:00
markm
01a4236106 WARNS=n fixes (and some stylistic issues). 2002-02-03 15:17:57 +00:00
des
2ee63fa6aa Remove an unnecessary #include that trips up OpenPAM. The header in question 
is an internal Linux-PAM header which shouldn't be used outside Linux-PAM
itself, and has absolutely zero effect on pam_ftp.

Sponsored by:	DARPA, NAI Labs
MFC after:	1 week
 2002-02-02 17:51:39 +00:00
des
2bbcd38b91 Post-repocopy cleanup. 
Sponsored by:	DARPA, NAI Labs
 2002-02-01 22:25:07 +00:00
des
73dcd2da5c Connect the pam_lastlog(8) and pam_login_access(8) modules to the build. 
Sponsored by:	DARPA, NAI Labs
 2002-02-01 08:49:53 +00:00
des
55cd9bb2e3 Still with asbestos longjohns on, completely PAMify login(1) and remove 
code made redundant by various PAM modules (primarily pam_unix(8)).

Sponsored by:	DARPA, NAI Labs
 2002-01-30 19:10:21 +00:00
des
1caa7bdd9e With asbestos longjohns on, integrate most of the checks normally done by 
login(1) (password & account expiry, hosts.access etc.) into pam_unix(8).

Sponsored by:	DARPA, NAI Labs
 2002-01-30 19:09:11 +00:00
des
246b0c7094 Move the code from pam_sm_authenticate() to pam_sm_acct_mgmt(). Simplify 
it a little and try to make it more resilient to various possible failure
conditions.  Change the man page accordingly, and take advantage of this
opportunity to simplify its language.

Sponsored by:	DARPA, NAI Labs
 2002-01-30 19:03:16 +00:00
markm
b63d9c7a6d WARNS=4 fixes. Protect with NO_WERROR for the modules that have 
warnings that are hard to fix or that I've been asked to leave alone.
 2002-01-24 18:37:17 +00:00
des
89b0bbd187 PAM modules shouldn't call putenv(); pam_putenv() is sufficient. The 
caller is supposed to check the PAM envlist and export the variables it
contains; if it doesn't, it's broken.

Sponsored by:	DARPA, NAI Labs
 2002-01-24 17:26:27 +00:00
des
30cd8777d2 Change the order in which pam_sm_open_session() updates the logs. This 
doesn't really make any difference, except it matches wtmp(5) better.

Don't do anything in pam_sm_close_session(); init(8) will take care of
utmp and wtmp when the tty is released.  Clearing them here would make it
possible to create a ghost session by logging in, running 'login -f $USER'
and exiting the subshell.

Sponsored by:	DARPA, NAI Labs (but the bugs are all mine)
 2002-01-24 17:15:04 +00:00
des
37b85e4ec4 Correctly interpret PAM_RHOST being unset as an indicator of a local 
login.

Sponsored by:	DARPA, NAI Labs
 2002-01-24 16:18:43 +00:00
des
0d0aa3b389 Correctly interpret PAM_RHOST being unset as an indicator of a local 
login.
 2002-01-24 16:16:01 +00:00
des
aba6f8182e Style nits. 
Sponsored by:	DARPA, NAI Labs
 2002-01-24 16:14:56 +00:00
des
0a9534cc78 Document the even_root option. 
Sponsored by:	DARPA, NAI Labs
 2002-01-24 13:35:06 +00:00
des
305ac9f47f Don't let root through unless the "even_root" option was specified. 
Sponsored by:	DARPA, NAI Labs
 2002-01-24 12:47:42 +00:00
des
77b808fd9a Add a PAM module that records sessions in utmp/wtmp/lastlog. 
Sponsored by:	DARPA, NAI Labs
 2002-01-24 09:45:17 +00:00
des
215400cfce Fix some pastos. Rather shoddy of me... 
Sponsored by:	DARPA, NAI Labs
 2002-01-24 09:44:22 +00:00
des
452f2b5db1 Add a PAM module that provides an account management component for checking 
either PAM_RHOST or PAM_TTY against /etc/login.access.o

This uncovers a problem with PAM_RHOST, in that if we always set it, there
is no way to distinguish between a user logging in locally and a user
logging in using 'ssh localhost'.  This will be fixed by first making sure
that all PAM modules can handle PAM_RHOST being unset (which is currently
not the case), and then modifying su(1) and login(1) to not set it for
local logins.

Sponsored by:	DARPA, NAI Labs
 2002-01-23 17:42:16 +00:00
des
b917ad33e0 Add an AUTHORS section crediting ThinkSec, DARPA and NAI Labs. 
Sponsored by:	DARPA, NAI Labs
 2002-01-23 17:16:00 +00:00
ru
c9d8bf8608 Add pam_ssh support to the static PAM library, libpam.a: 
- Spam /usr/lib some more by making libssh a standard library.
- Tweak ${LIBPAM} and ${MINUSLPAM}.
- Garbage collect unused libssh_pic.a.
- Add fake -lz dependency to secure/ makefiles needed for
  dynamic linkage with -lssh.

Reviewed by:	des, markm
Approved by:	markm
 2002-01-23 15:54:17 +00:00
des
e64688fcfb Base the comparison on UIDs, not on user names. 
Sponsored by:	DARPA, NAI Labs
 2002-01-23 15:16:01 +00:00
ru
5307ecb83c Make libssh.so useable (undefined reference to IPv4or6). 
Reviewed by:	des, markm
Approved by:	markm
 2002-01-23 15:06:47 +00:00
des
ce9baa2c50 Link pam_opieaccess, pam_self and pam_ssh into the static library. 
Sponsored by:	DARPA, NAI Labs
 2002-01-21 20:43:01 +00:00
des
ac843e8b75 On second thought, getpwnam() failure should be treated just as if the user 
existed, but had no OPIE key, i.e. PAM_IGNORE.

Pointed out by:	ache
Sponsored by:	DARPA, NAI Labs
 2002-01-21 19:05:45 +00:00
des
aeaf48654b Return PAM_SERVICE_ERR rather than PAM_USER_UNKNOWN if getpwnam() fails, as 
PAM_USER_UNKNOWN will break the chain, revealing to an attacker that the
user does not exist.

Sponsored by:	DARPA, NAI Labs
 2002-01-21 18:53:03 +00:00
des
bc31e1293b Further changes to allow enabling pam_opie(8) by default: 
- Ignore the {try,use}_first_pass options by clearing PAM_AUTHTOK before
   challenging the user.  These options are meaningless for pam_opie(8)
   since the user can't possibly know the right response before she sees
   the challenge.

 - Introduce the no_fake_prompts option.  If this option is set, pam_opie(8)
   will fail - rather than present a bogus challenge - if the target user
   does not have an OPIE key.  With this option, users who haven't set up
   OPIE won't have to wonder what that "weird otp-md5 s**t" means :)

Reviewed by:	ache, markm
Sponsored by:	DARPA, NAI Labs
 2002-01-21 18:46:25 +00:00
des
14be282b68 Add a new module, pam_opieaccess(8), which is responsible for checking 
/etc/opieaccess and ~/.opiealways so we can decide what to do after
pam_opie(8) fails.

Sponsored by:	DARPA, NAI Labs
Reviewed by:	ache, markm
 2002-01-21 13:43:53 +00:00
ache
b7343f3a64 snprintf bloat -> strlcpy 
Add getpwnam return check

Approved by:	des, markm
 2002-01-20 20:56:47 +00:00
ache
d90ac373d0 Back out recent changes 2002-01-19 18:03:11 +00:00
ache
f9d407de0b If user not exist in OPIE system, return failure immediately instead 
of producing fake prompts with random numbers which can be detected by
potential intruder in two tries and totally confuse non-OPIE users.
 2002-01-19 10:09:05 +00:00
ache
0262fc4b8f Back out second right-now-expired password check in pam_sm_chauthtok, 
old expired password assumed there
 2002-01-19 09:23:36 +00:00
ache
b0127287cc Previous commit was incomplete, use new error code PAM_CRED_ERR to 
indicate die case, different from PAM_SUCCESS and PAM_AUTH_ERR
 2002-01-19 08:36:47 +00:00
ache
4d1c54018e Rewrite 'pwok' fallback in the way it can be properly chained with pam_unix 
Replace snprintf %s with strlcpy

Check for NULL returned from getpwnam()
 2002-01-19 07:23:48 +00:00
ache
35ada60969 Add yet one expired-right-now password check, in pam_sm_chauthtok 
srandomdev() can't be used in libraries, replace srandomdev()+random()
by arc4random()
 2002-01-19 04:58:51 +00:00
ache
30b45f48f0 Set pwok to 1 for non-OPIE users 2002-01-19 03:31:39 +00:00
ache
a38e044747 Add missing check for right-now-expired password 2002-01-19 02:45:24 +00:00