d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
87,164 Commits 4 Branches 49 Tags 2 GiB
d42ee4e410
Commit Graph

318 Commits

Author SHA1 Message Date
David E. O'Brien
1dba4170b1 Do not build pam_ssh if NOSECURE is set (NO_OPENSSL is on a subset of NOSECURE) 2002-05-15 20:25:32 +00:00
Ruslan Ermilov
2a53f3fb35 Major cleanup of bsd.lib.mk. 
Get rid of the INTERNALSTATICLIB knob and just use plain INTERNALLIB.
INTERNALLIB now means to build static library only and don't install
anything.  Added a NOINSTALLLIB knob for libpam/modules.  To not
build any library at all, just do not set LIB.
 2002-05-13 10:53:24 +00:00
Ruslan Ermilov
c7b111cba8 Added new bsd.incs.mk which handles installing of header files 
via INCS.  Implemented INCSLINKS (equivalent to SYMLINKS) to
handle symlinking include files.  Allow for multiple groups of
include files to be installed, with the powerful INCSGROUPS knob.
Documentation to follow.

Added standard `includes' and `incsinstall' targets, use them
in Makefile.inc1.  Headers from the following makefiles were
not installed before (during `includes' in Makefile.inc1):

	kerberos5/lib/libtelnet/Makefile
	lib/libbz2/Makefile
	lib/libdevinfo/Makefile
	lib/libform/Makefile
	lib/libisc/Makefile
	lib/libmenu/Makefile
	lib/libmilter/Makefile
	lib/libpanel/Makefile

Replaced all `beforeinstall' targets for installing includes
with the INCS stuff.

Renamed INCDIR to INCSDIR, for consistency with FILES and SCRIPTS,
and for compatibility with NetBSD.  Similarly for INCOWN, INCGRP,
and INCMODE.

Consistently use INCLUDEDIR instead of /usr/include.

gnu/lib/libstdc++/Makefile and gnu/lib/libsupc++/Makefile changes
were only lightly tested due to the missing contrib/libstdc++-v3.
I fully tested the pre-WIP_GCC31 version of this patch with the
contrib/libstdc++.295 stuff.

These changes have been tested on i386 with the -DNO_WERROR "make
world" and "make release".
 2002-05-12 16:01:00 +00:00
Dag-Erling Smørgrav
55589c84e2 Don't declare krb5_mcc_ops, it's already declared in <krb5.h> 2002-05-12 07:06:27 +00:00
Dag-Erling Smørgrav
f1d0592537 Use libutil and libypclnt for all passwd manipulation and NIS needs. 
Sponsored by:	DARPA, NAI Labs
 2002-05-08 00:54:29 +00:00
Dag-Erling Smørgrav
89136eab16 Add a no_fail option. 
Sponsored by:	DARPA, NAI Labs
 2002-05-08 00:31:45 +00:00
Dag-Erling Smørgrav
2256d3698a Add pam_ftpusers(8), which enforces /etc/ftpusers. 
Sponsored by:	DARPA, NAI Labs
 2002-05-08 00:30:10 +00:00
Dag-Erling Smørgrav
597aaec942 Add openpam_nullconv.c to SRCS. 2002-05-02 04:42:59 +00:00
Dag-Erling Smørgrav
0f6517b7d8 Don't ask root for the old password, except in the NIS case. 
Sponsored by:	DARPA, NAI Labs
 2002-04-26 19:28:17 +00:00
Dag-Erling Smørgrav
c8c20c5226 Fix a really dumb bug (missing curly braces around the body of an if 
statement) that caused pam_sm_chauthtok() to always fail silently.
 2002-04-26 01:47:48 +00:00
Dag-Erling Smørgrav
750e6876cf Oops, fix an inverted if test. 2002-04-20 16:52:41 +00:00
Dag-Erling Smørgrav
1583027008 Strip /dev/ from tty name, and clean up the "last login" printout. 
Sponsored by:	DARPA, NAI Labs
 2002-04-20 16:44:32 +00:00
Ruslan Ermilov
3cb7acc2cd Revert previous change. bsd.dep.mk,v 1.31 had a bug that was fixed 
in revision 1.32 and made this change OBE.
 2002-04-17 05:46:41 +00:00
Dag-Erling Smørgrav
b1e0b30d83 Add a missing .El and fix a typo. 
Spotted by:	Solar Designer <solar@openwall.com>
Sponsored by:	DARPA, NAI Labs
 2002-04-16 22:38:47 +00:00
Ruslan Ermilov
c34f0a19f7 Reflect change in share/mk/bsd.dep.mk,v 1.31. 2002-04-16 12:52:22 +00:00
Dag-Erling Smørgrav
c82bffaa40 Revert previous commit, it is incorrect. 2002-04-15 22:51:31 +00:00
David E. O'Brien
f01afd3101 Properly spell rpcsvc/ypclnt.h and fix the build. 2002-04-15 22:47:28 +00:00
Dag-Erling Smørgrav
4c8153125a Throw in NO_WERROR to please the peanut gallery. 2002-04-15 13:10:28 +00:00
Dag-Erling Smørgrav
53fd6d26b2 Use PAM_SUCCESS instead of PAM_IGNORE. 2002-04-15 06:26:32 +00:00
Dag-Erling Smørgrav
ab4f115e57 Whitespace nits. 2002-04-15 03:52:22 +00:00
Dag-Erling Smørgrav
f71d08000d Add a manual page based on Solar Designer's README. 
Sponsored by:	DARPA, NAI Labs
 2002-04-15 03:45:14 +00:00
Dag-Erling Smørgrav
a11a75ce7c pam_passwdqc depends on libcrypt. 2002-04-15 03:44:42 +00:00
Dag-Erling Smørgrav
7b733689a3 Prompt for new password during update phase, not during preliminary phase. 
Sponsored by:	DARPA, NAI Labs
 2002-04-15 03:00:14 +00:00
Dag-Erling Smørgrav
ff1bc287ac Dike out most of the NIS code and replace it with calls to libypclnt. 
Rework pam_sm_chauthtok() so it (mostly?) works.
The standard pw stuff still needs to move into a library somewhere.

Sponsored by:	DARPA, NAI Labs
 2002-04-15 02:34:43 +00:00
Dag-Erling Smørgrav
f2b9b94ab4 pam_passwdqc builds now. 2002-04-14 22:31:36 +00:00
Dag-Erling Smørgrav
81a587f467 More recent versions of pam_passwdqc (not yet released) build with very 
few warnings.
 2002-04-14 18:48:57 +00:00
Dag-Erling Smørgrav
a358391f59 New files in OpenPAM Cineraria. 
Sponsored by:	DARPA, NAI Labs
 2002-04-14 18:30:27 +00:00
Dag-Erling Smørgrav
db4b82edde Cosmetic nit. 2002-04-14 18:30:03 +00:00
Dag-Erling Smørgrav
b6bd548cdc Cast a ptrdiff_t to int before using it as a printf field width. 2002-04-14 16:44:04 +00:00
Dag-Erling Smørgrav
2f6ee8eb7e Change || into && (braino in previous commit). Also append \n to the 
error message.
 2002-04-13 06:14:30 +00:00
Dag-Erling Smørgrav
24fe7ba0d9 Major cleanup: 
- add __unused where appropriate
  - PAM_RETURN -> return since OpenPAM already logs the return value.
  - make PAM_LOG use openpam_log()
  - make PAM_VERBOSE_ERROR use openpam_get_option() and check flags
    for PAM_SILENT
  - remove dummy functions since OpenPAM handles missing service
    functions
  - fix various warnings

Sponsored by:	DARPA, NAI Labs
 2002-04-12 22:27:25 +00:00
Dag-Erling Smørgrav
95ca4cb3f6 Add a pam_rhosts module, loosely based on code submitted by Danny Braniss. 
Submitted by:	Danny Braniss <danny@cs.huji.ac.il>
Sponsored by:	DARPA, NAI Labs
 2002-04-12 20:10:18 +00:00
Dag-Erling Smørgrav
fd994fa945 Rename the even_root option to allow_root. 
Sponsored by:	DARPA, NAI Labs
 2002-04-12 20:05:27 +00:00
Ruslan Ermilov
a60a1ea33b Reimplement the hack to put pam_static.o into .depend with some magic. 2002-04-11 12:21:16 +00:00
Ruslan Ermilov
90a9863e16 Moved SHLIB_NAME definition into one place. 
Approved by:	des
 2002-04-10 18:07:05 +00:00
Ruslan Ermilov
196f4c26f4 Fixed broken "make depend; make clean; make all" sequence. 
I've looked for this example for a long time, to demonstrate
some people why it's a really BAD idea to use ${.OBJDIR}
instead of ".".  I hope these people are reading this.  :-)

Approved by:	des
 2002-04-10 18:00:32 +00:00
Ruslan Ermilov
e348eb5318 Fix broken `checkdpadd'. 
-lroken is an installable library, there's no need to give an
explicit path to it.  In any case, -L paths should be specified
in LDFLAGS if needed.

Approved by:	des
 2002-04-10 17:53:43 +00:00
Ruslan Ermilov
f5ef4bac45 Don't override standard _EXTRADEPEND actions, add to them. 
Fix CLEANFILES.
Collapse openpam_static_modules.o generation.
 2002-04-10 17:46:59 +00:00
Dag-Erling Smørgrav
2270ac91b4 Remove debugging code that was inadvertantly brought in by previous commit. 2002-04-08 12:41:08 +00:00
Dag-Erling Smørgrav
eafd17c552 Use OpenPAM's credential switching functions. 
Sponsored by:	DARPA, NAI Labs
 2002-04-08 12:38:50 +00:00
Dag-Erling Smørgrav
f6363a1814 Add new files and man pages from OpenPAM Cinchona. 
Sponsored by:	DARPA, NAI Labs
 2002-04-08 12:34:53 +00:00
Dag-Erling Smørgrav
2bca1ead9a Remove commented-out WARNS thingy. 2002-04-08 12:33:48 +00:00
Ruslan Ermilov
f2f306b622 Align for const poisoning in -lutil. 2002-04-08 11:07:51 +00:00
Dag-Erling Smørgrav
50000f00df Reorganize pam_sm_authenticate() to reduce code duplication. 
Sponsored by:	DARPA, NAI Labs
 2002-04-07 21:18:18 +00:00
Dag-Erling Smørgrav
a8b1e59eb2 Fix bug in previous commit that passed the wrong default value to 
login_getcapstr(3).  Also fix a longer-standing bug (login_close(3)
frees the string returned by login_getcapstr(3)) by reorganizing the
code a little, and use login_getpwclass(3) instead of login_getclass(3)
if we already have a struct pwd.

Sponsored by:	DARPA, NAI Labs
 2002-04-07 20:43:27 +00:00
Dag-Erling Smørgrav
9db21c5fd1 This one needs NO_WERROR too. 2002-04-07 12:53:58 +00:00
Dag-Erling Smørgrav
92c07aa880 Turn on NO_WERROR due to namespace pollution in krb5 headers. 2002-04-07 04:44:16 +00:00
Dag-Erling Smørgrav
111ccd256c Aggressive cleanup of warnings + authtok-related code in preparation for 
PAMifying passwd(1).

Sponsored by:	DARPA, NAI Labs.
 2002-04-06 19:30:04 +00:00
Dag-Erling Smørgrav
18006b1ab8 Disconnect pam_passwdqc for now, it has some issues that need resolving. 2002-04-06 19:25:36 +00:00
Dag-Erling Smørgrav
4004c08e79 Fix some style issues, a const warning, and abuse of PAM_ABORT. 
Sponsored by:	DARPA, NAI Labs
 2002-04-06 14:25:04 +00:00
Dag-Erling Smørgrav
40b93e6278 Remove some duplicate free()s and add some that were missing. 
Submitted by:	tmm
 2002-04-05 20:00:05 +00:00
Dag-Erling Smørgrav
f8334e0084 pam_get_pass() -> pam_get_authtok() 2002-04-05 10:49:45 +00:00
Dag-Erling Smørgrav
8f85b6caad Upgrade to something quite close, but not identical, to version 1.6 of 
Andrew Korty's pam_ssh.  The most notable difference is that this uses
commas rather than colons to separate items in the "keyfiles" option.

Sponsored by:	DARPA, NAI Labs
 2002-04-04 18:45:21 +00:00
Dag-Erling Smørgrav
2b814c7ea1 Add pam_passwdqc to the build. 
Sponsored by:	DARPA, NAI Labs
 2002-04-04 16:08:28 +00:00
Mark Murray
b51066a362 Fix for OPIE 2.4. 2002-03-22 09:20:05 +00:00
Ruslan Ermilov
7d1f1e9ca8 mdoc(7) police: fix SYNOPSIS, sort xrefs, kill extra whitespace. 2002-03-18 15:59:53 +00:00
Ruslan Ermilov
b6b2be6fbe mdoc(7) police: nits. 2002-03-18 15:55:53 +00:00
Ruslan Ermilov
8ce6622380 mdoc(7) police: sort xrefs, kill extra whitespace. 2002-03-18 15:52:28 +00:00
Crist J. Clark
51906f452e Fix world breakage introduced by my recent modifications to 
chpass(8). The relations between libc, libpam, chpass, passwd, and
vipw are a mess and probably should be cleaned up.

Submitted by:	Peter Pentchev <roam@ringlet.net>
 2002-03-18 12:55:28 +00:00
Ruslan Ermilov
a68af001da mdoc(7) police: tiny fixes. 2002-03-15 18:09:32 +00:00
Ruslan Ermilov
3e5aa36e12 mdoc(7) police: expand contractions. 2002-03-15 18:06:25 +00:00
Dag-Erling Smørgrav
f03a4b810a NAI DBA update. 2002-03-14 23:27:59 +00:00
Mark Murray
8c3ea588df Remove the use of random(3), and encapsulate the salt-generation in 
its own function. The use of arc4random(3) is hopeless overkill here,
but that does not hurt anything.

Requested by:	ache
 2002-03-14 16:41:36 +00:00
Maxim Sobolev
f651c1533c Don't ignore system CFLAGS. 2002-03-07 16:56:19 +00:00
Mark Murray
3556489a52 Fix build for OpenPAM. The directories needed tweeking. 2002-03-07 16:03:56 +00:00
Dag-Erling Smørgrav
38ca451d39 This file is not needed any more 2002-03-07 12:03:50 +00:00
Brian Feldman
30da7e6299 Now pam_alreadyloggedin lives in the ports. 2002-03-07 02:23:19 +00:00
Brian Feldman
c53dd30bb3 Add the pam_alreadyloggedin(8) module, which allows for authentication 
based on information that the user is already logged in.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
 2002-03-06 18:21:28 +00:00
Peter Pentchev
8a177c636f Unbreak the pam_krb5 build: cast a couple of const pointers 
to normal char *.  A better fix might be some const'ifying
of the Heimdal code, but this will do to fix the build
for the present.

Approved by:	des
 2002-03-06 16:49:02 +00:00
Dag-Erling Smørgrav
e0dd4a7813 Add forgotten NOPROFILE that broke world. 2002-03-06 12:11:05 +00:00
Dag-Erling Smørgrav
519b6a4c8f Switch to OpenPAM. Bump library version. Modules are now versioned, so 
applications linked with Linux-PAM will still work.
Remove pam_get_pass(); OpenPAM has pam_get_authtok().
Remove pam_prompt(); OpenPAM has pam_{,v}{error,info,prompt}().
Remove pam_set_item(3) man page as OpenPAM has its own.

Sponsored by:	DARPA, NAI Labs
 2002-03-05 21:56:25 +00:00
Dag-Erling Smørgrav
e3cd129613 Add missing dependency on libutil. 2002-03-05 12:52:03 +00:00
Maxim Sobolev
c80f5647cb Create /var/log/lastlog if it doesn't exist. 
Submitted by:	des
 2002-02-20 07:47:06 +00:00
Dag-Erling Smørgrav
7f28386a26 This file needs <syslog.h>. 
Sponsored by:	DARPA, NAI Labs
 2002-02-09 14:12:09 +00:00
Ruslan Ermilov
e47a40e7f7 Now that cross-tools ld(1) has been fixed to look for dynamic 
dependencies in the correct place, record the fact that -lssh
depends on -lcrypto and -lz.

Removed false dependencies on -lz (except ssh(1) and sshd(8)).
Removed false dependencies on -lcrypto and -lutil for scp(1).

Reviewed by:	markm
 2002-02-08 13:42:58 +00:00
Mark Murray
30577d19fa Remove NO_WERROR, now that WARNS=n is gone. 2002-02-06 18:46:48 +00:00
Mark Murray
427e2d5c02 Comment out the WARNS= so as to not trample all over the GCC3 work. 2002-02-06 18:14:59 +00:00
Dag-Erling Smørgrav
04f71c5352 Three times lucky: <stddef.h>, not <sys/param.h> 2002-02-05 08:01:32 +00:00
Dag-Erling Smørgrav
93cf4c1be3 Oops, the correct header to include for NULL is <sys/param.h>. 2002-02-05 07:53:00 +00:00
Dag-Erling Smørgrav
0ae5018b3e #include <sys/types.h> for NULL (hidden by Linux-PAM header pollution) 
Sponsored by:	DARPA, NAI Labs
 2002-02-05 06:20:27 +00:00
Dag-Erling Smørgrav
8c66575de8 #include cleanup. 
Sponsored by:	DARPA, NAI Labs
 2002-02-05 06:08:26 +00:00
Mark Murray
34b28989d1 Explicitly declare (gcc internal) functions. 
Submitted by:	ru
 2002-02-04 17:59:25 +00:00
Dag-Erling Smørgrav
12b6e9a089 ssh_get_authentication_connection() gets its parameters from environment 
variables, so temporarily switch to the PAM environment before calling it.

Submitted by:	Takanori Saneto <sanewo@ba2.so-net.ne.jp>
 2002-02-04 17:15:44 +00:00
Mark Murray
95641278ef Protect "make buildworld" against -Werror, as this module does not 
build cleanly.
 2002-02-04 16:09:25 +00:00
Mark Murray
21e5d74291 Add the other half of the salt-generating code. No functional 
difference except that the salt is slightly harder to build
dictionaries against, and the code does not use srandom[dev]().
 2002-02-04 00:28:54 +00:00
Mark Murray
63d770d8ea Turn on fascist warning mode. 2002-02-03 15:51:52 +00:00
Mark Murray
ac5699692e WARNS=n fixes (and some stylistic issues). 2002-02-03 15:17:57 +00:00
Dag-Erling Smørgrav
59057a6d6f Remove an unnecessary #include that trips up OpenPAM. The header in question 
is an internal Linux-PAM header which shouldn't be used outside Linux-PAM
itself, and has absolutely zero effect on pam_ftp.

Sponsored by:	DARPA, NAI Labs
MFC after:	1 week
 2002-02-02 17:51:39 +00:00
Dag-Erling Smørgrav
ab50ade43c Post-repocopy cleanup. 
Sponsored by:	DARPA, NAI Labs
 2002-02-01 22:25:07 +00:00
Dag-Erling Smørgrav
2d0a7148b6 Connect the pam_lastlog(8) and pam_login_access(8) modules to the build. 
Sponsored by:	DARPA, NAI Labs
 2002-02-01 08:49:53 +00:00
Dag-Erling Smørgrav
c60ed00a43 Still with asbestos longjohns on, completely PAMify login(1) and remove 
code made redundant by various PAM modules (primarily pam_unix(8)).

Sponsored by:	DARPA, NAI Labs
 2002-01-30 19:10:21 +00:00
Dag-Erling Smørgrav
e9cc7b1d92 With asbestos longjohns on, integrate most of the checks normally done by 
login(1) (password & account expiry, hosts.access etc.) into pam_unix(8).

Sponsored by:	DARPA, NAI Labs
 2002-01-30 19:09:11 +00:00
Dag-Erling Smørgrav
a2d20838b0 Move the code from pam_sm_authenticate() to pam_sm_acct_mgmt(). Simplify 
it a little and try to make it more resilient to various possible failure
conditions.  Change the man page accordingly, and take advantage of this
opportunity to simplify its language.

Sponsored by:	DARPA, NAI Labs
 2002-01-30 19:03:16 +00:00
Mark Murray
c2065008b5 WARNS=4 fixes. Protect with NO_WERROR for the modules that have 
warnings that are hard to fix or that I've been asked to leave alone.
 2002-01-24 18:37:17 +00:00
Dag-Erling Smørgrav
f748a713da PAM modules shouldn't call putenv(); pam_putenv() is sufficient. The 
caller is supposed to check the PAM envlist and export the variables it
contains; if it doesn't, it's broken.

Sponsored by:	DARPA, NAI Labs
 2002-01-24 17:26:27 +00:00
Dag-Erling Smørgrav
9201dc40bf Change the order in which pam_sm_open_session() updates the logs. This 
doesn't really make any difference, except it matches wtmp(5) better.

Don't do anything in pam_sm_close_session(); init(8) will take care of
utmp and wtmp when the tty is released.  Clearing them here would make it
possible to create a ghost session by logging in, running 'login -f $USER'
and exiting the subshell.

Sponsored by:	DARPA, NAI Labs (but the bugs are all mine)
 2002-01-24 17:15:04 +00:00
Dag-Erling Smørgrav
ca355e5451 Correctly interpret PAM_RHOST being unset as an indicator of a local 
login.

Sponsored by:	DARPA, NAI Labs
 2002-01-24 16:18:43 +00:00
Dag-Erling Smørgrav
d233082fbe Correctly interpret PAM_RHOST being unset as an indicator of a local 
login.
 2002-01-24 16:16:01 +00:00
Dag-Erling Smørgrav
e4536f1138 Style nits. 
Sponsored by:	DARPA, NAI Labs
 2002-01-24 16:14:56 +00:00
Dag-Erling Smørgrav
f433d6afed Document the even_root option. 
Sponsored by:	DARPA, NAI Labs
 2002-01-24 13:35:06 +00:00