d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
69,260 Commits 4 Branches 49 Tags 2 GiB
b0127287cc
Commit Graph

153 Commits

Author SHA1 Message Date
ache
b0127287cc Previous commit was incomplete, use new error code PAM_CRED_ERR to 
indicate die case, different from PAM_SUCCESS and PAM_AUTH_ERR
 2002-01-19 08:36:47 +00:00
ache
4d1c54018e Rewrite 'pwok' fallback in the way it can be properly chained with pam_unix 
Replace snprintf %s with strlcpy

Check for NULL returned from getpwnam()
 2002-01-19 07:23:48 +00:00
ache
35ada60969 Add yet one expired-right-now password check, in pam_sm_chauthtok 
srandomdev() can't be used in libraries, replace srandomdev()+random()
by arc4random()
 2002-01-19 04:58:51 +00:00
ache
30b45f48f0 Set pwok to 1 for non-OPIE users 2002-01-19 03:31:39 +00:00
ache
a38e044747 Add missing check for right-now-expired password 2002-01-19 02:45:24 +00:00
ache
3d4ab3ebc5 Implement 'pwok', i.e. conditional fallback to unix password 
as supposed by opieaccessfile() and opiealways()
 2002-01-19 02:38:43 +00:00
bde
086017e65e Fixed a missing "const". 2001-12-28 20:59:44 +00:00
ru
ac5af7de06 mdoc(7) police: bump document date. 2001-12-14 13:49:28 +00:00
dwmalone
d9613ea383 Style improvements recommended by Bruce as a follow up to some 
of the recent WARNS commits. The idea is:

1) FreeBSD id tags should follow vendor tags.
2) Vendor tags should not be compiled (though copyrights probably should).
3) There should be no blank line between including cdefs and __FBSDIF.
 2001-12-10 21:13:08 +00:00
des
e82cc88ed6 Back out previous commit. 
Requested by:	ru
 2001-12-09 15:11:55 +00:00
ru
fe50e52a4a mdoc(7) police: sort xrefs. 2001-12-08 16:28:20 +00:00
des
2625a82abe Get pam_mod_misc.h from .CURDIR rather than .OBJDIR or /usr/include. 
Sponsored by:	DARPA, NAI Labs
 2001-12-07 11:51:47 +00:00
des
dd9dc87190 Now that _pam_init_handlers() works as intended, it seems clear that we 
do not actually want to define PAM_READ_BOTH_CONFS, so back out previous
commit.

Sponsored by:	DARPA, NAI Labs
 2001-12-07 00:38:37 +00:00
des
3b065c66cc We need pam_client.h from libpamc. This unbreaks world 
Pointed out by:	jhay
Pointy hat to:	des
 2001-12-06 12:35:18 +00:00
des
651dd64d0d Define PAM_READ_BOTH_CONFS. We can now have both /etc/pam.d and 
/etc/pam.conf.

Sponsored by:	DARPA, NAI Labs
 2001-12-05 17:06:16 +00:00
des
ffe026d003 Install the correct version of pam_misc.h. 
Sponsored by:	DARPA, NAI Labs
 2001-12-05 16:27:41 +00:00
des
354c4b52cc Add dummy functions for all module types. These dummies return PAM_IGNORE 
rather than PAM_SUCCESS, so you'll get a failure if you list dummies but
no real modules for a particular module chain.

Sponsored by:	DARPA, NAI Labs
 2001-12-05 16:06:35 +00:00
des
00b1257dba Connect the man page to the build. 
Sponsored by:	DARPA, NAI Labs
 2001-12-05 16:02:50 +00:00
des
01dcdd1f9a Add a pam_self authentication module that succeeds if and only if the local 
and remote user names are the same.

Sponsored by:	DARPA, NAI Labs
 2001-12-05 15:55:14 +00:00
markm
08eb6fed71 Use __FBSDID(). Also do a bit of cosmetic #if and header-order 
cleaning-up.
 2001-12-02 20:54:57 +00:00
markm
8a79fc4a5a Style fixups. 
Sort function declarations, includes. Make consistent WRT use of _P()
macro (ugh!)

Inspired by:	bde
 2001-12-01 21:12:04 +00:00
markm
144609e331 WARNS=2 fixes. 
Reviewed by:	bde (a while back)
 2001-12-01 17:46:46 +00:00
green
09990be998 Fix pam_ssh by adding an IPv4or6 (evidently, this was broken by my last 
OpenSSH import) declaration and strdup(3)ing a value which is later
free(3)d, rather than letting the system try to free it invalidly.
 2001-11-29 21:16:11 +00:00
des
6828ec1515 Mdoc police. 
Submitted by:	ru
 2001-11-28 10:07:21 +00:00
ru
18923a02f5 mdoc(7) police: fix one pam_unix(8) left-over, sort xrefs. 2001-11-28 09:25:03 +00:00
des
63b6483616 Add a pam_set_item(3) man page with an MLINK to pam_get_item(3). 
PR:		docs/32294
Sponsored by:	DARPA, NAI Labs
MFC after:	3 days
 2001-11-27 15:36:35 +00:00
des
22cc45b784 Create a pam_ssh(8) man page, based on a repo-copy of pam_unix(8). 
License modified with original author's permission.

Sponsored by:	DARPA, NAI Labs
 2001-11-27 00:57:50 +00:00
des
d387396266 Document the local_pass and nis_pass options, add a few xrefs, and reorder 
the SEE ALSO section.  License modified with original author's permission.

Sponsored by:	DARPA, NAI Labs
 2001-11-27 00:53:10 +00:00
dd
5dd8a71701 Spelling police: sucessful -> successful. 2001-11-24 23:41:32 +00:00
sobomax
064436f6e8 Don't put an extra space after password prompts, because it violates POLA, 
makes FreeBSD inconsistent with previous releases and "other unices" as well
as with some internal password-asking services (e.g. ftp) within the same
release.
 2001-10-25 15:51:50 +00:00
markm
3a691e0043 Add library exposed by KDE's use if this module. 2001-10-18 20:05:20 +00:00
dillon
fcad02973f Add __FBSDID()s to libpam 2001-09-30 22:11:06 +00:00
markm
75cc8b4799 1) repair the return value in the PAM_RETURN() macro (Side effects!!). 
2) canonicalise the options use in pam_options().

Submitted by:	Gunnar Kreitz <gunnark@chello.se>
PR:		30250
 2001-09-04 17:05:08 +00:00
markm
9e62e18a59 Introduce a "noroot_ok" option to make this module ignore authentications 
to a non-superuser if required.
 2001-08-26 18:09:00 +00:00
markm
c98dbe0779 Introduce better logging, error reporting and use of login_cap data. 2001-08-26 18:05:35 +00:00
markm
27a8adb330 Add extra logging detail. This needs a more general solution. 2001-08-26 17:57:44 +00:00
markm
67fcc4111a Big module makeover; improve logging, standardise variable names, 
introduce ability to change passwords for both "usual" Unix methods
and NIS.
 2001-08-26 17:41:13 +00:00
markm
ac30099bce Add 'try_mapped_pass' standard option. 
Asked for by:	lukeh@PADL.COM
 2001-08-20 12:43:19 +00:00
markm
78c5ea3c24 Document the no_warn option. 2001-08-15 20:05:33 +00:00
markm
0261d9dad2 Fix a couple of cross-references to reflect the reality of the module. 2001-08-15 20:03:26 +00:00
markm
384d536a12 Fix: 
/usr/src/lib/libpam/modules/pam_ssh/pam_ssh.c has couple of bugs which cause:

1) xdm dumps core
2) ssh1 private key is not passed to ssh-agent
3) ssh2 RSA key seems not handled properly (just a guess from source)
4) ssh_get_authentication_connectionen() fails to get connection because of
   SSH_AUTH_SOCK not defined.

PR:		29609
Submitted by:	Takanori Saneto <sanewo@ba2.so-net.ne.jp>
 2001-08-11 12:37:55 +00:00
markm
0935831088 Clean up this module very extensively. Fix the logging, the coding 
standards and the option handling. This module is now much more easy
to maintain as a part of the FreeBSD tree.
 2001-08-10 19:24:34 +00:00
markm
d4dc7767d7 Code clean up; make logging same as other modules and fix warnings. 2001-08-10 19:21:45 +00:00
markm
74d9830e38 General code clean-up. Sort out warnings, and make the warning and 
logging work the same as other modules.
 2001-08-10 19:18:52 +00:00
markm
746b322ce6 Simplify code. Also verbose logging, verbose overridable error reporting. 2001-08-10 19:15:48 +00:00
markm
30eda03ef6 Verbose logging, overridable verbose error reporting. 2001-08-10 19:12:59 +00:00
markm
846c7876be Module clean-up. Verbose logging, Overridable verbose error reporting, 
FreeBSD pam_prompt() usage to simplify conversation function usage.
 2001-08-10 19:10:43 +00:00
markm
6d1911d4af Verbosely (overridable) report failure to the user. 2001-08-10 19:07:45 +00:00
markm
d6d9a9d422 Use the FreeBSD pam_prompt() interface to the conversation function 
instead of home-rolling it. Clean up debugging code and tidy the
module.
 2001-08-10 19:05:57 +00:00
markm
cda9e6f687 Verbosely report errors to the user (overridable), and make sure 
that the correct failure mode is reported.
 2001-08-10 19:02:21 +00:00