Commit Graph

424 Commits

Author SHA1 Message Date
jkim
5f9930d09f Fix declaration vs. definition inconsistency. No functional change. 2013-04-05 23:41:34 +00:00
eadler
3f7a414911 remove duplicate semicolons where possible.
Approved by:	cperciva
MFC after:	1 week
2012-10-22 03:00:37 +00:00
des
26f1bc7822 Remove unnecessary #include. 2012-09-28 12:29:25 +00:00
eadler
e08a8123c5 Bump date missed in r202756
PR:		docs/171624
Submitted by:	bdrewery
Approved by:	gabor
MFC after:	3 days
2012-09-14 17:50:42 +00:00
dim
e55724fcb2 Fix an instance in pam_krb5(8), where the variable 'user' could be used
uninitialized.

Found by:	clang 3.2
Reviewed by:	des
MFC after:	1 week
2012-08-06 18:44:59 +00:00
dim
74a518dd3c Fix two instances in pam_krb5(8), where the variable 'princ_name' could
be used uninitialized.

Found by:	clang 3.2
Reviewed by:	des
MFC after:	1 week
2012-08-06 18:40:14 +00:00
dfr
6bdab82e0a Add an option for pam_krb5 to allow it to authenticate users which don't have
a local account.

PR:		76678
Submitted by:	daved at tamu.edu
MFC after:	2 weeks
2012-08-05 13:40:35 +00:00
des
14a6c41ca7 Passing NULL as a key casues a segfault when loading SSH 1 keys. Use
an empty string instead.
2012-05-26 17:03:45 +00:00
wblock
9fa9a2acad Fixes to man8 groff mandoc style, usage mistakes, or typos.
PR:		168016
Submitted by:	Nobuyuki Koganemaru
Approved by:	gjb
MFC after:	3 days
2012-05-24 02:24:03 +00:00
dumbbell
d6a537d930 Fix error messages containing the executed command name
Before, we took the first argument to pam_exec(8). With the addition of
options in front of the command, this could be wrong.

Now, options are parsed before calling _pam_exec() and messages contain
the proper command name.

While here, fix a warning.

Sponsored by:	Yakaz (http://www.yakaz.com)
2012-04-12 14:02:59 +00:00
eadler
1ef5fe44d3 Remove trailing whitespace per mdoc lint warning
Disussed with:	gavin
No objection from:	doc
Approved by:	joel
MFC after:	3 days
2012-03-29 05:02:12 +00:00
dumbbell
43dc3df2a8 Use program exit status as pam_exec return code (optional)
pam_exec(8) now accepts a new option "return_prog_exit_status". When
set, the program exit status is used as the pam_exec return code. It
allows the program to tell why the step failed (eg. user unknown).
However, if it exits with a code not allowed by the calling PAM service
module function (see $PAM_SM_FUNC below), a warning is logged and
PAM_SERVICE_ERR is returned.

The following changes are related to this new feature but they apply no
matter if the "return_prog_exit_status" option is set or not.

The environment passed to the program is extended:
    o  $PAM_SM_FUNC contains the name of the PAM service module function
       (eg. pam_sm_authenticate).
    o  All valid PAM return codes' numerical values are available
       through variables named after the return code name. For instance,
       $PAM_SUCCESS, $PAM_USER_UNKNOWN or $PAM_PERM_DENIED.

pam_exec return code better reflects what went on:
    o  If the program exits with !0, the return code is now
       PAM_PERM_DENIED, not PAM_SYSTEM_ERR.
    o  If the program fails because of a signal (WIFSIGNALED) or doesn't
       terminate normally (!WIFEXITED), the return code is now
       PAM_SERVICE_ERR, not PAM_SYSTEM_ERR.
    o  If a syscall in pam_exec fails, the return code remains
       PAM_SYSTEM_ERR.

waitpid(2) is called in a loop. If it returns because of EINTR, do it
again. Before, it would return PAM_SYSTEM_ERR without waiting for the
child to exit.

Several log messages now include the PAM service module function name.

The man page is updated accordingly.

Reviewed by:	gleb@, des@
Sponsored by:	Yakaz (http://www.yakaz.com)
MFC after:	2 weeks
2012-03-26 12:18:15 +00:00
stas
f53c9505e0 - Avoid using deprecated heimdal functions in pam_krb5. 2012-03-24 01:02:03 +00:00
stas
2d133d4c85 - Avoid use of deprecated KRB5 functions. 2012-03-22 11:18:14 +00:00
stas
e7e0b34988 - Update FreeBSD Heimdal distribution to version 1.5.1. This also brings
several new kerberos related libraries and applications to FreeBSD:
  o kgetcred(1) allows one to manually get a ticket for a particular service.
  o kf(1) securily forwards ticket to another host through an authenticated
    and encrypted stream.
  o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1)
    and other user kerberos operations. klist and kswitch are just symlinks
    to kcc(1) now.
  o kswitch(1) allows you to easily switch between kerberos credentials if
    you're running KCM.
  o hxtool(1) is a certificate management tool to use with PKINIT.
  o string2key(1) maps a password into key.
  o kdigest(8) is a userland tool to access the KDC's digest interface.
  o kimpersonate(8) creates a "fake" ticket for a service.

  We also now install manpages for some lirbaries that were not installed
  before, libheimntlm and libhx509.

- The new HEIMDAL version no longer supports Kerberos 4.  All users are
  recommended to switch to Kerberos 5.

- Weak ciphers are now disabled by default.  To enable DES support (used
  by telnet(8)), use "allow_weak_crypto" option in krb5.conf.

- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings
  disabled due to the function they use (krb5_get_err_text(3)) being
  deprecated.  I plan to work on this next.

- Heimdal's KDC now require sqlite to operate.  We use the bundled version
  and install it as libheimsqlite.  If some other FreeBSD components will
  require it in the future we can rename it to libbsdsqlite and use for these
  components as well.

- This is not a latest Heimdal version, the new one was released while I was
  working on the update.  I will update it to 1.5.2 soon, as it fixes some
  important bugs and security issues.
2012-03-22 08:48:42 +00:00
peter
e5fa065e08 Rev 228065 (change bsd.own.mk -> bsd.init.mk) broke pam_unix.so by causing
the LDADD/DPADD to lose the -lpam, and causing openpam_dynamic() to fail
due to "openpam_get_options" being undefined.

This would cause obscure console log messages like:
  openpam_dynamic(): No error: 0
  openpam_load_module(): no pam_unix.so found
and other helpful messages which are no help in diagnosing the problem.

Fortunately this change was not mfc'ed to 9.x, it isn't broken there.
2012-01-18 18:26:56 +00:00
fjoe
85c13d37e1 .include <bsd.init.mk> instead of <bsd.own.mk>
The former allows common settings from ../Makefile.inc to be used.
2011-11-28 14:01:17 +00:00
des
b93ba3b0f1 Revert r227841 and part of r227798. We still build libpam in two passes,
but we use STATIC_CFLAGS instead of our own private .c.o rule.

MFC after:	3 weeks
2011-11-24 13:18:58 +00:00
des
a2866d9e62 Simplify the libpam build by removing the shared modules' dependency
on the shared library.  The modules are loaded by the library, so we
know it'll be there when we need it.

MFC after:	3 weeks
2011-11-21 16:40:39 +00:00
des
bf5f03ca46 key_load_private() ignores the passphrase argument if the private key
is unencrypted.  This defeats the nullok check, because it means a
non-null passphrase will successfully unlock the key.

To address this, try at first to load the key without a passphrase.
If this succeeds and the user provided a non-empty passphrase *or*
nullok is false, reject the key.

MFC after:	1 week
Noticed by:	Guy Helmer <guy.helmer@palisadesystems.com>
2011-11-20 15:18:49 +00:00
ed
518d5f5152 Ensure pam_lastlog removes the /dev/ component of the TTY name.
Some consumers of PAM remove the /dev/ component (i.e. login), while
others don't (i.e. su). We must ensure that the /dev/ component is
removed to ensure that the utmpx entries properly work with tools such
as w(1).

Discussed with:	des
MFC after:	1 week
2011-11-07 19:57:42 +00:00
ed
e59eeb86a4 Remove an unused variable from pam_unix.
This variable was added in r82352 back in 2001, but even then it didn't
have any use. Because it's not marked static, the C compiler won't
complain about it.

Discussed with:	des
2011-11-05 10:00:29 +00:00
des
53ee6626a3 Note that pam_unix(8) does not respect PAM_CHANGE_EXPIRED_AUTHTOK. 2011-11-02 23:40:21 +00:00
des
c5fa84a478 Load the ECDSA key if there is one.
MFC after:	1 week
2011-10-07 12:58:33 +00:00
des
6470f47d70 Mention the name of the module in warning messages. 2011-03-12 11:26:37 +00:00
des
f2482661e2 Add "ruser" and "luser" options. The former corresponds to the current
behavior, where the module checks that the supplicant is a member of the
required group.  The latter checks the target user instead.  If neither
option was specified, pam_group(8) assumes "ruser" and issues a warning.
I intend to eventually change the default to "luser" to match the
behavior of similarly-named service modules in other operating systems.

MFC after:	1 month
2011-03-12 11:12:30 +00:00
des
e6c1faea49 No newline required.
MFC after:	2 weeks
2011-03-09 14:38:00 +00:00
des
ed5fc363f9 Add <time.h> for ctime(), which we accidentally picked up through
<sys/time.h>.

Submitted by:	Garrett Cooper <yanegomi@gmail.com>
MFC after:	3 days
2010-11-22 14:45:16 +00:00
delphij
cc08eec05b Bump .Dd date.
Forgotten by:	delphij
2010-05-03 09:49:42 +00:00
mm
c3022adc56 Code indent according to style(9).
PR:		bin/146186
Submitted by:	myself
Approved by:	delphij (mentor)
MFC after:	2 weeks
2010-05-03 07:39:51 +00:00
mm
305cdfaf86 Implement the no_user_check option to pam_krb5.
This option is available in the Linux implementation of pam_krb5
and allows to authorize a user not known to the local system.

Ccache is not used as we don't have a secure uid/gid for the cache file.

Usable for authentication of external kerberos users (e.g Active Directory)
via PAM from applications like Cyrus saslauthd, PHP or perl.

PR:		bin/146186
Submitted by:	myself
Approved by:	deplhij (mentor)
MFC after:	2 weeks
2010-05-03 07:32:24 +00:00
des
c3510f9e73 Upgrade to OpenSSH 5.4p1.
MFC after:	1 month
2010-03-09 19:16:43 +00:00
uqs
4a10ff6f04 Remove redundant WARNS?=6 overrides and inherit the WARNS setting from
the toplevel directory.

This does not change any WARNS level and survives a make universe.

Approved by:        ed (co-mentor)
2010-03-02 18:44:08 +00:00
uqs
f8d1dd7a4e Always assign WARNS using ?=
- fix some nearby style bugs
- include Makefile.inc where it makes sense and reduces duplication

Approved by:	ed (co-mentor)
2010-03-02 16:58:04 +00:00
ru
35a8cfd727 %U was macroized in mdoc(7), escape. 2010-02-16 12:29:02 +00:00
des
154cd7f251 Respect passwordtime from login.conf if set.
PR:		bin/93473
Submitted by:	Björn König <bkoenig@cs.tu-berlin.de>
MFC after:	1 week
2010-02-02 13:47:18 +00:00
ed
b28da9a61e Remove stale references to utmp(5) and its corresponding filenames.
I removed utmp and its manpage, but not other manpages referring to it.
2010-01-21 17:25:12 +00:00
ed
c41b2252cc Let pam_lastlog use random ut_id's.
By using random values for ut_id, not based on the TTY name, it is
possible to run for example login(1) multiple times on the same TTY,
without overwriting any previous records.

The output of w(1) will then be as follows:

| 12:26PM  up 2 days,  2:31, 5 users, load averages: 0.01, 0.03, 0.03
| USER       TTY      FROM                      LOGIN@  IDLE WHAT
| ed         pts/2    mekker.80386.nl          12:26PM     - w
| root       pts/2    -                        12:26PM     - w
| root       pts/2    -                        12:26PM     - w
| root       pts/2    -                        12:26PM     - w

Approved by:	des
2010-01-18 11:29:51 +00:00
marcel
8ec113acf7 Unbreak builds with _FREEFALL_CONFIG=yes, by forcing a lower WARNS
level in that case.
2010-01-17 19:47:42 +00:00
ed
e846918be8 Let pam_lastlog use utmpx instead of libulog's utmpx interface.
It will still use ulog_login(3) and ulog_logout(3), which will remain
present.
2010-01-13 18:32:31 +00:00
ed
09818ac28e Build lib/ with WARNS=6 by default.
Similar to libexec/, do the same with lib/. Make WARNS=6 the norm and
lower it when needed.

I'm setting WARNS?=0 for secure/. It seems secure/ includes the
Makefile.inc provided by lib/. I'm not going to touch that directory.
Most of the code there is contributed anyway.
2010-01-02 09:58:07 +00:00
ed
2062dc2dbf Several refinements to libulog's API.
- Only set the fields in the ulog_utmpx structure that are valid for the
  command in question. This means that strings like "shutdown" or "~"
  are not visible to the user anymore.
- Rename UTXF_* to UTXI_*, indicating the indexation, instead of using
  the `antique' filename. If we ever get rid of utmp, it makes little
  sense calling it by its old name.
2009-12-26 22:36:05 +00:00
ed
caa83cf255 Convert pam_lastlog(8) to libulog.
The information used by the "Last login:"-line is obtained by using
ulog_setutxfile(3) to switch to the lastlog database. Login and logout
are performed using the utility functions ulog_login(3) and
ulog_logout(3).

This also means we must build libulog during bootstrap.

Approved by:	des
2009-12-11 14:15:55 +00:00
des
e00b284b20 Note that nullok should not be used by processes that can't access the
password database.

PR:		bin/126650, misc/140514
MFC after:	1 week
2009-11-13 11:19:26 +00:00
des
ca197bb5b5 pam_ssh needs roaming_dummy to link correctly against libssh. 2009-10-05 18:56:18 +00:00
jon
33cb329cc2 Prevents pam_lastlog from segfaulting on session close when tty is null.
MFC after:	1 month
2009-08-30 05:12:37 +00:00
des
65fed99c3c Rewrap; this was getting painful. Translators can ignore this.
MFC after:	1 week
2009-06-20 10:09:59 +00:00
des
c336f71c8f Reword.
MFC after:	1 week
2009-06-20 10:06:10 +00:00
ed
6cb47f8ff6 Include <stdio.h> for asprintf().
Submitted by:	Pawel Worach
2009-06-14 12:45:48 +00:00
des
123e930ac3 Don't try to auto-detect dynamic linking; it fails on mips. The Makefile
part of the patch is an ugly (and hopefully temporary) hack.

Discussed with:	imp@
2009-02-17 16:35:19 +00:00