Commit Graph

202 Commits

Author SHA1 Message Date
Dag-Erling Smørgrav
a2d20838b0 Move the code from pam_sm_authenticate() to pam_sm_acct_mgmt(). Simplify
it a little and try to make it more resilient to various possible failure
conditions.  Change the man page accordingly, and take advantage of this
opportunity to simplify its language.

Sponsored by:	DARPA, NAI Labs
2002-01-30 19:03:16 +00:00
Mark Murray
c2065008b5 WARNS=4 fixes. Protect with NO_WERROR for the modules that have
warnings that are hard to fix or that I've been asked to leave alone.
2002-01-24 18:37:17 +00:00
Dag-Erling Smørgrav
f748a713da PAM modules shouldn't call putenv(); pam_putenv() is sufficient. The
caller is supposed to check the PAM envlist and export the variables it
contains; if it doesn't, it's broken.

Sponsored by:	DARPA, NAI Labs
2002-01-24 17:26:27 +00:00
Dag-Erling Smørgrav
9201dc40bf Change the order in which pam_sm_open_session() updates the logs. This
doesn't really make any difference, except it matches wtmp(5) better.

Don't do anything in pam_sm_close_session(); init(8) will take care of
utmp and wtmp when the tty is released.  Clearing them here would make it
possible to create a ghost session by logging in, running 'login -f $USER'
and exiting the subshell.

Sponsored by:	DARPA, NAI Labs (but the bugs are all mine)
2002-01-24 17:15:04 +00:00
Dag-Erling Smørgrav
ca355e5451 Correctly interpret PAM_RHOST being unset as an indicator of a local
login.

Sponsored by:	DARPA, NAI Labs
2002-01-24 16:18:43 +00:00
Dag-Erling Smørgrav
d233082fbe Correctly interpret PAM_RHOST being unset as an indicator of a local
login.
2002-01-24 16:16:01 +00:00
Dag-Erling Smørgrav
e4536f1138 Style nits.
Sponsored by:	DARPA, NAI Labs
2002-01-24 16:14:56 +00:00
Dag-Erling Smørgrav
f433d6afed Document the even_root option.
Sponsored by:	DARPA, NAI Labs
2002-01-24 13:35:06 +00:00
Dag-Erling Smørgrav
76f95f4dc2 Don't let root through unless the "even_root" option was specified.
Sponsored by:	DARPA, NAI Labs
2002-01-24 12:47:42 +00:00
Dag-Erling Smørgrav
16e058b5d6 Add a PAM module that records sessions in utmp/wtmp/lastlog.
Sponsored by:	DARPA, NAI Labs
2002-01-24 09:45:17 +00:00
Dag-Erling Smørgrav
c2d5249eaf Fix some pastos. Rather shoddy of me...
Sponsored by:	DARPA, NAI Labs
2002-01-24 09:44:22 +00:00
Dag-Erling Smørgrav
53f3167d07 Add a PAM module that provides an account management component for checking
either PAM_RHOST or PAM_TTY against /etc/login.access.o

This uncovers a problem with PAM_RHOST, in that if we always set it, there
is no way to distinguish between a user logging in locally and a user
logging in using 'ssh localhost'.  This will be fixed by first making sure
that all PAM modules can handle PAM_RHOST being unset (which is currently
not the case), and then modifying su(1) and login(1) to not set it for
local logins.

Sponsored by:	DARPA, NAI Labs
2002-01-23 17:42:16 +00:00
Dag-Erling Smørgrav
774a10071d Add an AUTHORS section crediting ThinkSec, DARPA and NAI Labs.
Sponsored by:	DARPA, NAI Labs
2002-01-23 17:16:00 +00:00
Ruslan Ermilov
0509dca0c3 Add pam_ssh support to the static PAM library, libpam.a:
- Spam /usr/lib some more by making libssh a standard library.
- Tweak ${LIBPAM} and ${MINUSLPAM}.
- Garbage collect unused libssh_pic.a.
- Add fake -lz dependency to secure/ makefiles needed for
  dynamic linkage with -lssh.

Reviewed by:	des, markm
Approved by:	markm
2002-01-23 15:54:17 +00:00
Dag-Erling Smørgrav
b6b756b58b Base the comparison on UIDs, not on user names.
Sponsored by:	DARPA, NAI Labs
2002-01-23 15:16:01 +00:00
Ruslan Ermilov
fd4ca9e02d Make libssh.so useable (undefined reference to IPv4or6).
Reviewed by:	des, markm
Approved by:	markm
2002-01-23 15:06:47 +00:00
Dag-Erling Smørgrav
b0aa095ad0 On second thought, getpwnam() failure should be treated just as if the user
existed, but had no OPIE key, i.e. PAM_IGNORE.

Pointed out by:	ache
Sponsored by:	DARPA, NAI Labs
2002-01-21 19:05:45 +00:00
Dag-Erling Smørgrav
b4b56d051a Return PAM_SERVICE_ERR rather than PAM_USER_UNKNOWN if getpwnam() fails, as
PAM_USER_UNKNOWN will break the chain, revealing to an attacker that the
user does not exist.

Sponsored by:	DARPA, NAI Labs
2002-01-21 18:53:03 +00:00
Dag-Erling Smørgrav
03adba96a0 Further changes to allow enabling pam_opie(8) by default:
- Ignore the {try,use}_first_pass options by clearing PAM_AUTHTOK before
   challenging the user.  These options are meaningless for pam_opie(8)
   since the user can't possibly know the right response before she sees
   the challenge.

 - Introduce the no_fake_prompts option.  If this option is set, pam_opie(8)
   will fail - rather than present a bogus challenge - if the target user
   does not have an OPIE key.  With this option, users who haven't set up
   OPIE won't have to wonder what that "weird otp-md5 s**t" means :)

Reviewed by:	ache, markm
Sponsored by:	DARPA, NAI Labs
2002-01-21 18:46:25 +00:00
Dag-Erling Smørgrav
f460490260 Add a new module, pam_opieaccess(8), which is responsible for checking
/etc/opieaccess and ~/.opiealways so we can decide what to do after
pam_opie(8) fails.

Sponsored by:	DARPA, NAI Labs
Reviewed by:	ache, markm
2002-01-21 13:43:53 +00:00
Andrey A. Chernov
186caeedcb snprintf bloat -> strlcpy
Add getpwnam return check

Approved by:	des, markm
2002-01-20 20:56:47 +00:00
Andrey A. Chernov
0b836dfaf1 Back out recent changes 2002-01-19 18:03:11 +00:00
Andrey A. Chernov
6874115893 If user not exist in OPIE system, return failure immediately instead
of producing fake prompts with random numbers which can be detected by
potential intruder in two tries and totally confuse non-OPIE users.
2002-01-19 10:09:05 +00:00
Andrey A. Chernov
3195cd6712 Back out second right-now-expired password check in pam_sm_chauthtok,
old expired password assumed there
2002-01-19 09:23:36 +00:00
Andrey A. Chernov
012400dfcd Previous commit was incomplete, use new error code PAM_CRED_ERR to
indicate die case, different from PAM_SUCCESS and PAM_AUTH_ERR
2002-01-19 08:36:47 +00:00
Andrey A. Chernov
d97cc81fa4 Rewrite 'pwok' fallback in the way it can be properly chained with pam_unix
Replace snprintf %s with strlcpy

Check for NULL returned from getpwnam()
2002-01-19 07:23:48 +00:00
Andrey A. Chernov
c8e3fac7a1 Add yet one expired-right-now password check, in pam_sm_chauthtok
srandomdev() can't be used in libraries, replace srandomdev()+random()
by arc4random()
2002-01-19 04:58:51 +00:00
Andrey A. Chernov
8c70adab72 Set pwok to 1 for non-OPIE users 2002-01-19 03:31:39 +00:00
Andrey A. Chernov
d54c36388e Add missing check for right-now-expired password 2002-01-19 02:45:24 +00:00
Andrey A. Chernov
3f9a326a7a Implement 'pwok', i.e. conditional fallback to unix password
as supposed by opieaccessfile() and opiealways()
2002-01-19 02:38:43 +00:00
Ruslan Ermilov
7f432ff831 mdoc(7) police: bump document date. 2001-12-14 13:49:28 +00:00
David Malone
9f5b04e925 Style improvements recommended by Bruce as a follow up to some
of the recent WARNS commits. The idea is:

1) FreeBSD id tags should follow vendor tags.
2) Vendor tags should not be compiled (though copyrights probably should).
3) There should be no blank line between including cdefs and __FBSDIF.
2001-12-10 21:13:08 +00:00
Dag-Erling Smørgrav
18a85de04b Back out previous commit.
Requested by:	ru
2001-12-09 15:11:55 +00:00
Ruslan Ermilov
945b9f4de9 mdoc(7) police: sort xrefs. 2001-12-08 16:28:20 +00:00
Dag-Erling Smørgrav
bdd601a1e3 Get pam_mod_misc.h from .CURDIR rather than .OBJDIR or /usr/include.
Sponsored by:	DARPA, NAI Labs
2001-12-07 11:51:47 +00:00
Dag-Erling Smørgrav
8d3978c115 Add dummy functions for all module types. These dummies return PAM_IGNORE
rather than PAM_SUCCESS, so you'll get a failure if you list dummies but
no real modules for a particular module chain.

Sponsored by:	DARPA, NAI Labs
2001-12-05 16:06:35 +00:00
Dag-Erling Smørgrav
d5a8dd3fb5 Connect the man page to the build.
Sponsored by:	DARPA, NAI Labs
2001-12-05 16:02:50 +00:00
Dag-Erling Smørgrav
e2c8459e85 Add a pam_self authentication module that succeeds if and only if the local
and remote user names are the same.

Sponsored by:	DARPA, NAI Labs
2001-12-05 15:55:14 +00:00
Mark Murray
1a8b24c257 Use __FBSDID(). Also do a bit of cosmetic #if and header-order
cleaning-up.
2001-12-02 20:54:57 +00:00
Mark Murray
d2f6cd8fd5 Style fixups.
Sort function declarations, includes. Make consistent WRT use of _P()
macro (ugh!)

Inspired by:	bde
2001-12-01 21:12:04 +00:00
Mark Murray
e317b97026 WARNS=2 fixes.
Reviewed by:	bde (a while back)
2001-12-01 17:46:46 +00:00
Brian Feldman
7d8cee925b Fix pam_ssh by adding an IPv4or6 (evidently, this was broken by my last
OpenSSH import) declaration and strdup(3)ing a value which is later
free(3)d, rather than letting the system try to free it invalidly.
2001-11-29 21:16:11 +00:00
Ruslan Ermilov
60c6736148 mdoc(7) police: fix one pam_unix(8) left-over, sort xrefs. 2001-11-28 09:25:03 +00:00
Dag-Erling Smørgrav
b4a475937b Create a pam_ssh(8) man page, based on a repo-copy of pam_unix(8).
License modified with original author's permission.

Sponsored by:	DARPA, NAI Labs
2001-11-27 00:57:50 +00:00
Dag-Erling Smørgrav
d65e5dfa59 Document the local_pass and nis_pass options, add a few xrefs, and reorder
the SEE ALSO section.  License modified with original author's permission.

Sponsored by:	DARPA, NAI Labs
2001-11-27 00:53:10 +00:00
Dima Dorfman
a48060a2f7 Spelling police: sucessful -> successful. 2001-11-24 23:41:32 +00:00
Maxim Sobolev
bc3a4bf55d Don't put an extra space after password prompts, because it violates POLA,
makes FreeBSD inconsistent with previous releases and "other unices" as well
as with some internal password-asking services (e.g. ftp) within the same
release.
2001-10-25 15:51:50 +00:00
Mark Murray
ce1e0bbc8f Add library exposed by KDE's use if this module. 2001-10-18 20:05:20 +00:00
Matthew Dillon
ceaf33f537 Add __FBSDID()s to libpam 2001-09-30 22:11:06 +00:00
Mark Murray
6e925e8fc7 1) repair the return value in the PAM_RETURN() macro (Side effects!!).
2) canonicalise the options use in pam_options().

Submitted by:	Gunnar Kreitz <gunnark@chello.se>
PR:		30250
2001-09-04 17:05:08 +00:00
Mark Murray
a41ad3fca9 Introduce a "noroot_ok" option to make this module ignore authentications
to a non-superuser if required.
2001-08-26 18:09:00 +00:00
Mark Murray
f96b705fa7 Introduce better logging, error reporting and use of login_cap data. 2001-08-26 18:05:35 +00:00
Mark Murray
3d55a6c083 Big module makeover; improve logging, standardise variable names,
introduce ability to change passwords for both "usual" Unix methods
and NIS.
2001-08-26 17:41:13 +00:00
Mark Murray
ca0bdcdd29 Document the no_warn option. 2001-08-15 20:05:33 +00:00
Mark Murray
b5507a38bc Fix a couple of cross-references to reflect the reality of the module. 2001-08-15 20:03:26 +00:00
Mark Murray
537db85291 Fix:
/usr/src/lib/libpam/modules/pam_ssh/pam_ssh.c has couple of bugs which cause:

1) xdm dumps core
2) ssh1 private key is not passed to ssh-agent
3) ssh2 RSA key seems not handled properly (just a guess from source)
4) ssh_get_authentication_connectionen() fails to get connection because of
   SSH_AUTH_SOCK not defined.

PR:		29609
Submitted by:	Takanori Saneto <sanewo@ba2.so-net.ne.jp>
2001-08-11 12:37:55 +00:00
Mark Murray
3938427761 Clean up this module very extensively. Fix the logging, the coding
standards and the option handling. This module is now much more easy
to maintain as a part of the FreeBSD tree.
2001-08-10 19:24:34 +00:00
Mark Murray
530ebf8e0a Code clean up; make logging same as other modules and fix warnings. 2001-08-10 19:21:45 +00:00
Mark Murray
34beb374a2 General code clean-up. Sort out warnings, and make the warning and
logging work the same as other modules.
2001-08-10 19:18:52 +00:00
Mark Murray
0fa107a3cb Simplify code. Also verbose logging, verbose overridable error reporting. 2001-08-10 19:15:48 +00:00
Mark Murray
65550d9b5a Verbose logging, overridable verbose error reporting. 2001-08-10 19:12:59 +00:00
Mark Murray
b04259a5cf Module clean-up. Verbose logging, Overridable verbose error reporting,
FreeBSD pam_prompt() usage to simplify conversation function usage.
2001-08-10 19:10:43 +00:00
Mark Murray
2108fbd748 Verbosely (overridable) report failure to the user. 2001-08-10 19:07:45 +00:00
Mark Murray
ceca323626 Use the FreeBSD pam_prompt() interface to the conversation function
instead of home-rolling it. Clean up debugging code and tidy the
module.
2001-08-10 19:05:57 +00:00
Mark Murray
3a9cdcb91f Verbosely report errors to the user (overridable), and make sure
that the correct failure mode is reported.
2001-08-10 19:02:21 +00:00
Mark Murray
27b9f9d4a3 Fix broken logic so that this actually works for the superuser.
Verbosely log (properly).
Verbosely report errors to the user.
2001-08-10 14:21:58 +00:00
Mark Murray
13cde2748e Fix style/consistency in Makefile and repair static module building.
Submitted by:	bde(partially)
2001-08-04 21:51:14 +00:00
Mark Murray
d5e53157cf Don't clobber CFLAGS
Submitted by:	bde
2001-08-04 21:49:30 +00:00
Mark Murray
4447e914e8 Fix the bug where this modulke was not checking the priamry GID, only
the GIDS in /etc/group or NIS's group map.

Tested by:	sheldonh
PR:		29349
2001-08-04 09:19:31 +00:00
Mark Murray
f950650b78 With the S/KEY removal, this is no longer buildable or necessary. 2001-08-02 19:04:20 +00:00
Mark Murray
c52468e7ef Don't try to make pam_ssh module if NO_OPENSSH is set. 2001-08-02 19:01:02 +00:00
Mark Murray
f5974d336f Repair the get/set UID() stuff so this works in both su(1) and login(1)
modes.
2001-08-02 10:35:41 +00:00
Mark Murray
7b22794017 (Re)Add an SSH module for PAM, heavily based on Andrew Korty's module
from ports.
2001-07-29 18:31:09 +00:00
Ruslan Ermilov
0fa68d89e8 mdoc(7) police: widen width of the options list. 2001-07-18 14:49:32 +00:00
Mark Murray
0eb9c7b357 Update to the same level of debug-logging as the rest of the
FreeBSD/PAM modules.
2001-07-17 07:36:51 +00:00
Mark Murray
3741d46458 Update to the same code as in the pam_krb5.so port.
According to Peter, the port works - this needs more testing.
2001-07-17 07:34:36 +00:00
Dima Dorfman
f247324df7 Remove whitespace at EOL. 2001-07-15 08:06:20 +00:00
Mark Murray
f042a54245 Use a better method of getting user credentials to account for
(legal) UID duplication.

Rename use_uid to auth_as_self for consistency with other modules.
2001-07-14 08:42:39 +00:00
Mark Murray
6fd676c982 Use a better method to get user credentials to account for (legal)
duplications of UID's in /etc/*passwd.
2001-07-14 08:38:24 +00:00
Ruslan Ermilov
e8b02a428d mdoc(7) police: -xwidth has been fold into -width. 2001-07-13 09:09:52 +00:00
Ruslan Ermilov
08ecaa10b2 mdoc(7) police: fixed markup, a little bit. 2001-07-11 08:36:26 +00:00
Ruslan Ermilov
63b81b76ca mdoc(7) police: fixed markup any numerous typos. 2001-07-11 08:35:34 +00:00
Ruslan Ermilov
625003720a mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 14:16:33 +00:00
Ruslan Ermilov
a307d59838 mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 13:41:46 +00:00
Mark Murray
1642eb1a52 Clean up (and in some cases write) the PAM mudules, using
o The new options-processing API
o The new DEBUG-logging API

Add man(1) pages for ALL modules. MDOC-Police welcome
to check this.

Audit, clean up while I'm here.
2001-07-09 18:20:51 +00:00
Ruslan Ermilov
5521ff5a4d mdoc(7) police: sort SEE ALSO xrefs (sort -b -f +2 -3 +1 -2). 2001-07-06 16:46:48 +00:00
Ruslan Ermilov
88de1238eb mdoc(7) police: fixed formatting. 2001-07-06 07:29:59 +00:00
Chris Costello
8b136a6dde Convert to mdoc(7). 2001-06-13 21:52:07 +00:00
Mark Murray
084a46829b Big module cleanup.
Move common stuff into Makefile.inc, and tidy up all the Makefiles
as a result.

Build new modules.

Put a commented-out dependancy on libpam for the (shared) modules.
I can't bring this in just yet, as the dependancy (modules->libpam)
is reversed for the static case (libpam->modules).
2001-06-04 19:47:56 +00:00
Mark Murray
bc0105f860 Null file to bring back a file from the dead. This allows the real commit
to happen remotely. Damn CVS bugs :-(
2001-06-04 19:25:41 +00:00
Mark Murray
46efbac2ed Add the "nullok" option that causes this module to succeed if the Unix
password is empty/null.
2001-06-04 19:16:57 +00:00
Mark Murray
397fa72521 Add some new utility authenticators.
pam_securetty silently succeeds if the user is on a secure tty
as defined by /etc/ttys.

pam_ftp does "anonymous ftp" style authentication with options for
specifying the anonymous user(s).
2001-06-04 18:44:47 +00:00
Mark Murray
4448b21cc6 Add the "auth_as_self" option to the pam_unix module (there is no
reason not to add it to others later). This causes the pam_unix
module to check the user's _own_ password, not the password of the
account that the user is authenticating into. This will allow eg:
WHEELSU type behaviour from su(1).
2001-05-24 18:35:52 +00:00
Mark Murray
84d6cd8ea1 Bring in a few useful PAM modules.
pam_krb5 is a Kerberos 5 (Heimdal) authentication module.

pam_nologin checks for /etc/nologin and does the "usual stuff"
	if it is found, otherwise it silently succeeds.

pam_rootok silently succeeds if the user is root, otherwise
	it fails.

pam_wheel silently succeeds if the user is a member of group
	"wheel" (or another nominated group), and fails
	otherwise.

There is an issue with kerberosIV and kerberos5 - if both are
being built, then static linking fails with duplicate symbols.
This will take a bit of work to sort out in the kerberii.
2001-05-14 11:23:58 +00:00
Brian Feldman
253fb6ea3a I've been meaning to take pam_ssh out of the base system for a while now.
Finally do it.
2001-05-04 03:53:48 +00:00
Ruslan Ermilov
5f95f24bf4 mdoc(7) police: uppercase document title. 2001-04-18 08:25:26 +00:00
Ruslan Ermilov
4a558355e5 MAN[1-9] -> MAN. 2001-03-27 17:27:19 +00:00
John Baldwin
12e275aaee Use a unified libgcc rather than a seperate one for threaded and
non-threaded programs.  This provides threaded programs with the
needed exception frame symbols.

parts submitted by:	Max Khon <fjoe@iclub.nsu.ru>
PR:	23252
2001-01-06 18:59:46 +00:00
David E. O'Brien
3f6014e672 Use a unified libgcc rather than a seperate one for threaded and
non-threaded programs.  This provides threaded programs with the
needed exception frame symbols.

parts submitted by:	Max Khon <fjoe@iclub.nsu.ru>
PR:	23252
2001-01-06 06:16:31 +00:00
Ruslan Ermilov
4263595653 Prepare for mdoc(7)NG. 2000-12-29 14:08:20 +00:00