Mark Murray
b51066a362
Fix for OPIE 2.4.
2002-03-22 09:20:05 +00:00
Ruslan Ermilov
7d1f1e9ca8
mdoc(7) police: fix SYNOPSIS, sort xrefs, kill extra whitespace.
2002-03-18 15:59:53 +00:00
Ruslan Ermilov
b6b2be6fbe
mdoc(7) police: nits.
2002-03-18 15:55:53 +00:00
Ruslan Ermilov
8ce6622380
mdoc(7) police: sort xrefs, kill extra whitespace.
2002-03-18 15:52:28 +00:00
Crist J. Clark
51906f452e
Fix world breakage introduced by my recent modifications to
...
chpass(8). The relations between libc, libpam, chpass, passwd, and
vipw are a mess and probably should be cleaned up.
Submitted by: Peter Pentchev <roam@ringlet.net>
2002-03-18 12:55:28 +00:00
Ruslan Ermilov
a68af001da
mdoc(7) police: tiny fixes.
2002-03-15 18:09:32 +00:00
Ruslan Ermilov
3e5aa36e12
mdoc(7) police: expand contractions.
2002-03-15 18:06:25 +00:00
Dag-Erling Smørgrav
f03a4b810a
NAI DBA update.
2002-03-14 23:27:59 +00:00
Mark Murray
8c3ea588df
Remove the use of random(3), and encapsulate the salt-generation in
...
its own function. The use of arc4random(3) is hopeless overkill here,
but that does not hurt anything.
Requested by: ache
2002-03-14 16:41:36 +00:00
Maxim Sobolev
f651c1533c
Don't ignore system CFLAGS.
2002-03-07 16:56:19 +00:00
Mark Murray
3556489a52
Fix build for OpenPAM. The directories needed tweeking.
2002-03-07 16:03:56 +00:00
Dag-Erling Smørgrav
38ca451d39
This file is not needed any more
2002-03-07 12:03:50 +00:00
Brian Feldman
30da7e6299
Now pam_alreadyloggedin lives in the ports.
2002-03-07 02:23:19 +00:00
Brian Feldman
c53dd30bb3
Add the pam_alreadyloggedin(8) module, which allows for authentication
...
based on information that the user is already logged in.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-03-06 18:21:28 +00:00
Peter Pentchev
8a177c636f
Unbreak the pam_krb5 build: cast a couple of const pointers
...
to normal char *. A better fix might be some const'ifying
of the Heimdal code, but this will do to fix the build
for the present.
Approved by: des
2002-03-06 16:49:02 +00:00
Dag-Erling Smørgrav
e0dd4a7813
Add forgotten NOPROFILE that broke world.
2002-03-06 12:11:05 +00:00
Dag-Erling Smørgrav
519b6a4c8f
Switch to OpenPAM. Bump library version. Modules are now versioned, so
...
applications linked with Linux-PAM will still work.
Remove pam_get_pass(); OpenPAM has pam_get_authtok().
Remove pam_prompt(); OpenPAM has pam_{,v}{error,info,prompt}().
Remove pam_set_item(3) man page as OpenPAM has its own.
Sponsored by: DARPA, NAI Labs
2002-03-05 21:56:25 +00:00
Dag-Erling Smørgrav
e3cd129613
Add missing dependency on libutil.
2002-03-05 12:52:03 +00:00
Maxim Sobolev
c80f5647cb
Create /var/log/lastlog if it doesn't exist.
...
Submitted by: des
2002-02-20 07:47:06 +00:00
Dag-Erling Smørgrav
7f28386a26
This file needs <syslog.h>.
...
Sponsored by: DARPA, NAI Labs
2002-02-09 14:12:09 +00:00
Ruslan Ermilov
e47a40e7f7
Now that cross-tools ld(1) has been fixed to look for dynamic
...
dependencies in the correct place, record the fact that -lssh
depends on -lcrypto and -lz.
Removed false dependencies on -lz (except ssh(1) and sshd(8)).
Removed false dependencies on -lcrypto and -lutil for scp(1).
Reviewed by: markm
2002-02-08 13:42:58 +00:00
Mark Murray
30577d19fa
Remove NO_WERROR, now that WARNS=n is gone.
2002-02-06 18:46:48 +00:00
Mark Murray
427e2d5c02
Comment out the WARNS= so as to not trample all over the GCC3 work.
2002-02-06 18:14:59 +00:00
Dag-Erling Smørgrav
04f71c5352
Three times lucky: <stddef.h>, not <sys/param.h>
2002-02-05 08:01:32 +00:00
Dag-Erling Smørgrav
93cf4c1be3
Oops, the correct header to include for NULL is <sys/param.h>.
2002-02-05 07:53:00 +00:00
Dag-Erling Smørgrav
0ae5018b3e
#include <sys/types.h> for NULL (hidden by Linux-PAM header pollution)
...
Sponsored by: DARPA, NAI Labs
2002-02-05 06:20:27 +00:00
Dag-Erling Smørgrav
8c66575de8
#include cleanup.
...
Sponsored by: DARPA, NAI Labs
2002-02-05 06:08:26 +00:00
Mark Murray
34b28989d1
Explicitly declare (gcc internal) functions.
...
Submitted by: ru
2002-02-04 17:59:25 +00:00
Dag-Erling Smørgrav
12b6e9a089
ssh_get_authentication_connection() gets its parameters from environment
...
variables, so temporarily switch to the PAM environment before calling it.
Submitted by: Takanori Saneto <sanewo@ba2.so-net.ne.jp>
2002-02-04 17:15:44 +00:00
Mark Murray
95641278ef
Protect "make buildworld" against -Werror, as this module does not
...
build cleanly.
2002-02-04 16:09:25 +00:00
Mark Murray
21e5d74291
Add the other half of the salt-generating code. No functional
...
difference except that the salt is slightly harder to build
dictionaries against, and the code does not use srandom[dev]().
2002-02-04 00:28:54 +00:00
Mark Murray
63d770d8ea
Turn on fascist warning mode.
2002-02-03 15:51:52 +00:00
Mark Murray
ac5699692e
WARNS=n fixes (and some stylistic issues).
2002-02-03 15:17:57 +00:00
Dag-Erling Smørgrav
59057a6d6f
Remove an unnecessary #include that trips up OpenPAM. The header in question
...
is an internal Linux-PAM header which shouldn't be used outside Linux-PAM
itself, and has absolutely zero effect on pam_ftp.
Sponsored by: DARPA, NAI Labs
MFC after: 1 week
2002-02-02 17:51:39 +00:00
Dag-Erling Smørgrav
ab50ade43c
Post-repocopy cleanup.
...
Sponsored by: DARPA, NAI Labs
2002-02-01 22:25:07 +00:00
Dag-Erling Smørgrav
2d0a7148b6
Connect the pam_lastlog(8) and pam_login_access(8) modules to the build.
...
Sponsored by: DARPA, NAI Labs
2002-02-01 08:49:53 +00:00
Dag-Erling Smørgrav
c60ed00a43
Still with asbestos longjohns on, completely PAMify login(1) and remove
...
code made redundant by various PAM modules (primarily pam_unix(8)).
Sponsored by: DARPA, NAI Labs
2002-01-30 19:10:21 +00:00
Dag-Erling Smørgrav
e9cc7b1d92
With asbestos longjohns on, integrate most of the checks normally done by
...
login(1) (password & account expiry, hosts.access etc.) into pam_unix(8).
Sponsored by: DARPA, NAI Labs
2002-01-30 19:09:11 +00:00
Dag-Erling Smørgrav
a2d20838b0
Move the code from pam_sm_authenticate() to pam_sm_acct_mgmt(). Simplify
...
it a little and try to make it more resilient to various possible failure
conditions. Change the man page accordingly, and take advantage of this
opportunity to simplify its language.
Sponsored by: DARPA, NAI Labs
2002-01-30 19:03:16 +00:00
Mark Murray
c2065008b5
WARNS=4 fixes. Protect with NO_WERROR for the modules that have
...
warnings that are hard to fix or that I've been asked to leave alone.
2002-01-24 18:37:17 +00:00
Dag-Erling Smørgrav
f748a713da
PAM modules shouldn't call putenv(); pam_putenv() is sufficient. The
...
caller is supposed to check the PAM envlist and export the variables it
contains; if it doesn't, it's broken.
Sponsored by: DARPA, NAI Labs
2002-01-24 17:26:27 +00:00
Dag-Erling Smørgrav
9201dc40bf
Change the order in which pam_sm_open_session() updates the logs. This
...
doesn't really make any difference, except it matches wtmp(5) better.
Don't do anything in pam_sm_close_session(); init(8) will take care of
utmp and wtmp when the tty is released. Clearing them here would make it
possible to create a ghost session by logging in, running 'login -f $USER'
and exiting the subshell.
Sponsored by: DARPA, NAI Labs (but the bugs are all mine)
2002-01-24 17:15:04 +00:00
Dag-Erling Smørgrav
ca355e5451
Correctly interpret PAM_RHOST being unset as an indicator of a local
...
login.
Sponsored by: DARPA, NAI Labs
2002-01-24 16:18:43 +00:00
Dag-Erling Smørgrav
d233082fbe
Correctly interpret PAM_RHOST being unset as an indicator of a local
...
login.
2002-01-24 16:16:01 +00:00
Dag-Erling Smørgrav
e4536f1138
Style nits.
...
Sponsored by: DARPA, NAI Labs
2002-01-24 16:14:56 +00:00
Dag-Erling Smørgrav
f433d6afed
Document the even_root option.
...
Sponsored by: DARPA, NAI Labs
2002-01-24 13:35:06 +00:00
Dag-Erling Smørgrav
76f95f4dc2
Don't let root through unless the "even_root" option was specified.
...
Sponsored by: DARPA, NAI Labs
2002-01-24 12:47:42 +00:00
Dag-Erling Smørgrav
16e058b5d6
Add a PAM module that records sessions in utmp/wtmp/lastlog.
...
Sponsored by: DARPA, NAI Labs
2002-01-24 09:45:17 +00:00
Dag-Erling Smørgrav
c2d5249eaf
Fix some pastos. Rather shoddy of me...
...
Sponsored by: DARPA, NAI Labs
2002-01-24 09:44:22 +00:00
Dag-Erling Smørgrav
53f3167d07
Add a PAM module that provides an account management component for checking
...
either PAM_RHOST or PAM_TTY against /etc/login.access.o
This uncovers a problem with PAM_RHOST, in that if we always set it, there
is no way to distinguish between a user logging in locally and a user
logging in using 'ssh localhost'. This will be fixed by first making sure
that all PAM modules can handle PAM_RHOST being unset (which is currently
not the case), and then modifying su(1) and login(1) to not set it for
local logins.
Sponsored by: DARPA, NAI Labs
2002-01-23 17:42:16 +00:00