d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
71,467 Commits 4 Branches 49 Tags
Commit Graph

211 Commits

Author SHA1 Message Date
ru
e1cb7e39d6 mdoc(7) police: tiny fixes. 2002-03-15 18:09:32 +00:00
ru
1e3222d346 mdoc(7) police: expand contractions. 2002-03-15 18:06:25 +00:00
des
7f7038bdcf NAI DBA update. 2002-03-14 23:27:59 +00:00
markm
02184350e0 Remove the use of random(3), and encapsulate the salt-generation in 
its own function. The use of arc4random(3) is hopeless overkill here,
but that does not hurt anything.

Requested by:	ache
 2002-03-14 16:41:36 +00:00
sobomax
c3acf5c512 Don't ignore system CFLAGS. 2002-03-07 16:56:19 +00:00
markm
74f043c943 Fix build for OpenPAM. The directories needed tweeking. 2002-03-07 16:03:56 +00:00
des
2196bcec63 This file is not needed any more 2002-03-07 12:03:50 +00:00
green
ccf626b89e Now pam_alreadyloggedin lives in the ports. 2002-03-07 02:23:19 +00:00
green
846b72e968 Add the pam_alreadyloggedin(8) module, which allows for authentication 
based on information that the user is already logged in.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
 2002-03-06 18:21:28 +00:00
roam
dc23c1a5c5 Unbreak the pam_krb5 build: cast a couple of const pointers 
to normal char *.  A better fix might be some const'ifying
of the Heimdal code, but this will do to fix the build
for the present.

Approved by:	des
 2002-03-06 16:49:02 +00:00
des
d9b8621133 Add forgotten NOPROFILE that broke world. 2002-03-06 12:11:05 +00:00
des
c0bbe50538 Switch to OpenPAM. Bump library version. Modules are now versioned, so 
applications linked with Linux-PAM will still work.
Remove pam_get_pass(); OpenPAM has pam_get_authtok().
Remove pam_prompt(); OpenPAM has pam_{,v}{error,info,prompt}().
Remove pam_set_item(3) man page as OpenPAM has its own.

Sponsored by:	DARPA, NAI Labs
 2002-03-05 21:56:25 +00:00
des
8daae10e98 Add missing dependency on libutil. 2002-03-05 12:52:03 +00:00
sobomax
f41a9d6db5 Create /var/log/lastlog if it doesn't exist. 
Submitted by:	des
 2002-02-20 07:47:06 +00:00
des
863a49b908 This file needs <syslog.h>. 
Sponsored by:	DARPA, NAI Labs
 2002-02-09 14:12:09 +00:00
ru
b2c3dc0715 Now that cross-tools ld(1) has been fixed to look for dynamic 
dependencies in the correct place, record the fact that -lssh
depends on -lcrypto and -lz.

Removed false dependencies on -lz (except ssh(1) and sshd(8)).
Removed false dependencies on -lcrypto and -lutil for scp(1).

Reviewed by:	markm
 2002-02-08 13:42:58 +00:00
markm
b090adde5f Remove NO_WERROR, now that WARNS=n is gone. 2002-02-06 18:46:48 +00:00
markm
35ff607995 Comment out the WARNS= so as to not trample all over the GCC3 work. 2002-02-06 18:14:59 +00:00
des
de2b43dc4e Three times lucky: <stddef.h>, not <sys/param.h> 2002-02-05 08:01:32 +00:00
des
d6eb982a3b Oops, the correct header to include for NULL is <sys/param.h>. 2002-02-05 07:53:00 +00:00
des
71559bdb87 #include <sys/types.h> for NULL (hidden by Linux-PAM header pollution) 
Sponsored by:	DARPA, NAI Labs
 2002-02-05 06:20:27 +00:00
des
4bbf527773 #include cleanup. 
Sponsored by:	DARPA, NAI Labs
 2002-02-05 06:08:26 +00:00
markm
4a0034cf46 Explicitly declare (gcc internal) functions. 
Submitted by:	ru
 2002-02-04 17:59:25 +00:00
des
0b3772b62a ssh_get_authentication_connection() gets its parameters from environment 
variables, so temporarily switch to the PAM environment before calling it.

Submitted by:	Takanori Saneto <sanewo@ba2.so-net.ne.jp>
 2002-02-04 17:15:44 +00:00
markm
4e3ec91692 Protect "make buildworld" against -Werror, as this module does not 
build cleanly.
 2002-02-04 16:09:25 +00:00
markm
01ec73592a Add the other half of the salt-generating code. No functional 
difference except that the salt is slightly harder to build
dictionaries against, and the code does not use srandom[dev]().
 2002-02-04 00:28:54 +00:00
markm
5a8788fb41 Turn on fascist warning mode. 2002-02-03 15:51:52 +00:00
markm
01a4236106 WARNS=n fixes (and some stylistic issues). 2002-02-03 15:17:57 +00:00
des
2ee63fa6aa Remove an unnecessary #include that trips up OpenPAM. The header in question 
is an internal Linux-PAM header which shouldn't be used outside Linux-PAM
itself, and has absolutely zero effect on pam_ftp.

Sponsored by:	DARPA, NAI Labs
MFC after:	1 week
 2002-02-02 17:51:39 +00:00
des
2bbcd38b91 Post-repocopy cleanup. 
Sponsored by:	DARPA, NAI Labs
 2002-02-01 22:25:07 +00:00
des
73dcd2da5c Connect the pam_lastlog(8) and pam_login_access(8) modules to the build. 
Sponsored by:	DARPA, NAI Labs
 2002-02-01 08:49:53 +00:00
des
55cd9bb2e3 Still with asbestos longjohns on, completely PAMify login(1) and remove 
code made redundant by various PAM modules (primarily pam_unix(8)).

Sponsored by:	DARPA, NAI Labs
 2002-01-30 19:10:21 +00:00
des
1caa7bdd9e With asbestos longjohns on, integrate most of the checks normally done by 
login(1) (password & account expiry, hosts.access etc.) into pam_unix(8).

Sponsored by:	DARPA, NAI Labs
 2002-01-30 19:09:11 +00:00
des
246b0c7094 Move the code from pam_sm_authenticate() to pam_sm_acct_mgmt(). Simplify 
it a little and try to make it more resilient to various possible failure
conditions.  Change the man page accordingly, and take advantage of this
opportunity to simplify its language.

Sponsored by:	DARPA, NAI Labs
 2002-01-30 19:03:16 +00:00
markm
b63d9c7a6d WARNS=4 fixes. Protect with NO_WERROR for the modules that have 
warnings that are hard to fix or that I've been asked to leave alone.
 2002-01-24 18:37:17 +00:00
des
89b0bbd187 PAM modules shouldn't call putenv(); pam_putenv() is sufficient. The 
caller is supposed to check the PAM envlist and export the variables it
contains; if it doesn't, it's broken.

Sponsored by:	DARPA, NAI Labs
 2002-01-24 17:26:27 +00:00
des
30cd8777d2 Change the order in which pam_sm_open_session() updates the logs. This 
doesn't really make any difference, except it matches wtmp(5) better.

Don't do anything in pam_sm_close_session(); init(8) will take care of
utmp and wtmp when the tty is released.  Clearing them here would make it
possible to create a ghost session by logging in, running 'login -f $USER'
and exiting the subshell.

Sponsored by:	DARPA, NAI Labs (but the bugs are all mine)
 2002-01-24 17:15:04 +00:00
des
37b85e4ec4 Correctly interpret PAM_RHOST being unset as an indicator of a local 
login.

Sponsored by:	DARPA, NAI Labs
 2002-01-24 16:18:43 +00:00
des
0d0aa3b389 Correctly interpret PAM_RHOST being unset as an indicator of a local 
login.
 2002-01-24 16:16:01 +00:00
des
aba6f8182e Style nits. 
Sponsored by:	DARPA, NAI Labs
 2002-01-24 16:14:56 +00:00
des
0a9534cc78 Document the even_root option. 
Sponsored by:	DARPA, NAI Labs
 2002-01-24 13:35:06 +00:00
des
305ac9f47f Don't let root through unless the "even_root" option was specified. 
Sponsored by:	DARPA, NAI Labs
 2002-01-24 12:47:42 +00:00
des
77b808fd9a Add a PAM module that records sessions in utmp/wtmp/lastlog. 
Sponsored by:	DARPA, NAI Labs
 2002-01-24 09:45:17 +00:00
des
215400cfce Fix some pastos. Rather shoddy of me... 
Sponsored by:	DARPA, NAI Labs
 2002-01-24 09:44:22 +00:00
des
452f2b5db1 Add a PAM module that provides an account management component for checking 
either PAM_RHOST or PAM_TTY against /etc/login.access.o

This uncovers a problem with PAM_RHOST, in that if we always set it, there
is no way to distinguish between a user logging in locally and a user
logging in using 'ssh localhost'.  This will be fixed by first making sure
that all PAM modules can handle PAM_RHOST being unset (which is currently
not the case), and then modifying su(1) and login(1) to not set it for
local logins.

Sponsored by:	DARPA, NAI Labs
 2002-01-23 17:42:16 +00:00
des
b917ad33e0 Add an AUTHORS section crediting ThinkSec, DARPA and NAI Labs. 
Sponsored by:	DARPA, NAI Labs
 2002-01-23 17:16:00 +00:00
ru
c9d8bf8608 Add pam_ssh support to the static PAM library, libpam.a: 
- Spam /usr/lib some more by making libssh a standard library.
- Tweak ${LIBPAM} and ${MINUSLPAM}.
- Garbage collect unused libssh_pic.a.
- Add fake -lz dependency to secure/ makefiles needed for
  dynamic linkage with -lssh.

Reviewed by:	des, markm
Approved by:	markm
 2002-01-23 15:54:17 +00:00
des
e64688fcfb Base the comparison on UIDs, not on user names. 
Sponsored by:	DARPA, NAI Labs
 2002-01-23 15:16:01 +00:00
ru
5307ecb83c Make libssh.so useable (undefined reference to IPv4or6). 
Reviewed by:	des, markm
Approved by:	markm
 2002-01-23 15:06:47 +00:00
des
ce9baa2c50 Link pam_opieaccess, pam_self and pam_ssh into the static library. 
Sponsored by:	DARPA, NAI Labs
 2002-01-21 20:43:01 +00:00