Matthew Dillon
ceaf33f537
Add __FBSDID()s to libpam
2001-09-30 22:11:06 +00:00
Mark Murray
6e925e8fc7
1) repair the return value in the PAM_RETURN() macro (Side effects!!).
...
2) canonicalise the options use in pam_options().
Submitted by: Gunnar Kreitz <gunnark@chello.se>
PR: 30250
2001-09-04 17:05:08 +00:00
Mark Murray
a41ad3fca9
Introduce a "noroot_ok" option to make this module ignore authentications
...
to a non-superuser if required.
2001-08-26 18:09:00 +00:00
Mark Murray
f96b705fa7
Introduce better logging, error reporting and use of login_cap data.
2001-08-26 18:05:35 +00:00
Mark Murray
76f4a6fd79
Add extra logging detail. This needs a more general solution.
2001-08-26 17:57:44 +00:00
Mark Murray
3d55a6c083
Big module makeover; improve logging, standardise variable names,
...
introduce ability to change passwords for both "usual" Unix methods
and NIS.
2001-08-26 17:41:13 +00:00
Mark Murray
47965f01dd
Add 'try_mapped_pass' standard option.
...
Asked for by: lukeh@PADL.COM
2001-08-20 12:43:19 +00:00
Mark Murray
ca0bdcdd29
Document the no_warn option.
2001-08-15 20:05:33 +00:00
Mark Murray
b5507a38bc
Fix a couple of cross-references to reflect the reality of the module.
2001-08-15 20:03:26 +00:00
Mark Murray
537db85291
Fix:
...
/usr/src/lib/libpam/modules/pam_ssh/pam_ssh.c has couple of bugs which cause:
1) xdm dumps core
2) ssh1 private key is not passed to ssh-agent
3) ssh2 RSA key seems not handled properly (just a guess from source)
4) ssh_get_authentication_connectionen() fails to get connection because of
SSH_AUTH_SOCK not defined.
PR: 29609
Submitted by: Takanori Saneto <sanewo@ba2.so-net.ne.jp>
2001-08-11 12:37:55 +00:00
Mark Murray
3938427761
Clean up this module very extensively. Fix the logging, the coding
...
standards and the option handling. This module is now much more easy
to maintain as a part of the FreeBSD tree.
2001-08-10 19:24:34 +00:00
Mark Murray
530ebf8e0a
Code clean up; make logging same as other modules and fix warnings.
2001-08-10 19:21:45 +00:00
Mark Murray
34beb374a2
General code clean-up. Sort out warnings, and make the warning and
...
logging work the same as other modules.
2001-08-10 19:18:52 +00:00
Mark Murray
0fa107a3cb
Simplify code. Also verbose logging, verbose overridable error reporting.
2001-08-10 19:15:48 +00:00
Mark Murray
65550d9b5a
Verbose logging, overridable verbose error reporting.
2001-08-10 19:12:59 +00:00
Mark Murray
b04259a5cf
Module clean-up. Verbose logging, Overridable verbose error reporting,
...
FreeBSD pam_prompt() usage to simplify conversation function usage.
2001-08-10 19:10:43 +00:00
Mark Murray
2108fbd748
Verbosely (overridable) report failure to the user.
2001-08-10 19:07:45 +00:00
Mark Murray
ceca323626
Use the FreeBSD pam_prompt() interface to the conversation function
...
instead of home-rolling it. Clean up debugging code and tidy the
module.
2001-08-10 19:05:57 +00:00
Mark Murray
3a9cdcb91f
Verbosely report errors to the user (overridable), and make sure
...
that the correct failure mode is reported.
2001-08-10 19:02:21 +00:00
Mark Murray
27b9f9d4a3
Fix broken logic so that this actually works for the superuser.
...
Verbosely log (properly).
Verbosely report errors to the user.
2001-08-10 14:21:58 +00:00
Mark Murray
cfa285d9e4
Rework this to prevent a nasty problem involving different modules'
...
option interacting with each other.
2001-08-10 14:16:47 +00:00
Mark Murray
0b2e8123ef
Declare the new user-error reporting macro.
...
This is a macro to allow use of the __FILE__ and __FUNCTION__
macros.
2001-08-10 14:15:00 +00:00
Mark Murray
a56dfc9b23
Add a routine for providing feedback via the conversation mechanism
...
(usually to stderr) for user-reportable errors.
2001-08-10 14:13:16 +00:00
Mark Murray
13cde2748e
Fix style/consistency in Makefile and repair static module building.
...
Submitted by: bde(partially)
2001-08-04 21:51:14 +00:00
Mark Murray
d5e53157cf
Don't clobber CFLAGS
...
Submitted by: bde
2001-08-04 21:49:30 +00:00
Mark Murray
4447e914e8
Fix the bug where this modulke was not checking the priamry GID, only
...
the GIDS in /etc/group or NIS's group map.
Tested by: sheldonh
PR: 29349
2001-08-04 09:19:31 +00:00
Mark Murray
f950650b78
With the S/KEY removal, this is no longer buildable or necessary.
2001-08-02 19:04:20 +00:00
Mark Murray
c52468e7ef
Don't try to make pam_ssh module if NO_OPENSSH is set.
2001-08-02 19:01:02 +00:00
Mark Murray
f5974d336f
Repair the get/set UID() stuff so this works in both su(1) and login(1)
...
modes.
2001-08-02 10:35:41 +00:00
Mark Murray
af1852503e
Making this major bump was a BAD idea. The API change is internal (to PAM)
...
and it caused problems without solving any.
2001-07-30 09:56:38 +00:00
Mark Murray
7b22794017
(Re)Add an SSH module for PAM, heavily based on Andrew Korty's module
...
from ports.
2001-07-29 18:31:09 +00:00
Ruslan Ermilov
0fa68d89e8
mdoc(7) police: widen width of the options list.
2001-07-18 14:49:32 +00:00
Mark Murray
0eb9c7b357
Update to the same level of debug-logging as the rest of the
...
FreeBSD/PAM modules.
2001-07-17 07:36:51 +00:00
Mark Murray
3741d46458
Update to the same code as in the pam_krb5.so port.
...
According to Peter, the port works - this needs more testing.
2001-07-17 07:34:36 +00:00
Dima Dorfman
f247324df7
Remove whitespace at EOL.
2001-07-15 08:06:20 +00:00
Mark Murray
f042a54245
Use a better method of getting user credentials to account for
...
(legal) UID duplication.
Rename use_uid to auth_as_self for consistency with other modules.
2001-07-14 08:42:39 +00:00
Mark Murray
6fd676c982
Use a better method to get user credentials to account for (legal)
...
duplications of UID's in /etc/*passwd.
2001-07-14 08:38:24 +00:00
Ruslan Ermilov
e8b02a428d
mdoc(7) police: -xwidth has been fold into -width.
2001-07-13 09:09:52 +00:00
Ruslan Ermilov
08ecaa10b2
mdoc(7) police: fixed markup, a little bit.
2001-07-11 08:36:26 +00:00
Ruslan Ermilov
63b81b76ca
mdoc(7) police: fixed markup any numerous typos.
2001-07-11 08:35:34 +00:00
Mark Murray
84f39079c5
Fix a horrible bug introduced by myself where the options collection
...
keeps on growing as the module stack is parsed.
2001-07-10 16:59:30 +00:00
Ruslan Ermilov
625003720a
mdoc(7) police: removed HISTORY info from the .Os call.
2001-07-10 14:16:33 +00:00
Ruslan Ermilov
a307d59838
mdoc(7) police: removed HISTORY info from the .Os call.
2001-07-10 13:41:46 +00:00
Mark Murray
1642eb1a52
Clean up (and in some cases write) the PAM mudules, using
...
o The new options-processing API
o The new DEBUG-logging API
Add man(1) pages for ALL modules. MDOC-Police welcome
to check this.
Audit, clean up while I'm here.
2001-07-09 18:20:51 +00:00
Mark Murray
5d87b61e6f
Bump the major number. The libraries API has changed incompatibly.
2001-07-09 18:16:33 +00:00
Mark Murray
c3a080c527
Almost completely rewrite the PAM module options processing
...
routines, and provide a more extended API for doing this.
Provide an API for debug logging.
Audit and clean up the code.
2001-07-09 18:14:43 +00:00
Ruslan Ermilov
5521ff5a4d
mdoc(7) police: sort SEE ALSO xrefs (sort -b -f +2 -3 +1 -2).
2001-07-06 16:46:48 +00:00
Ruslan Ermilov
88de1238eb
mdoc(7) police: fixed formatting.
2001-07-06 07:29:59 +00:00
Peter Wemm
d6be5f6435
Fix libpam's linker set stuff to use the new API (unbreak world), and get
...
rid of gensetdefs from here as well.
2001-06-14 01:13:30 +00:00
Chris Costello
8b136a6dde
Convert to mdoc(7).
2001-06-13 21:52:07 +00:00
Mark Murray
084a46829b
Big module cleanup.
...
Move common stuff into Makefile.inc, and tidy up all the Makefiles
as a result.
Build new modules.
Put a commented-out dependancy on libpam for the (shared) modules.
I can't bring this in just yet, as the dependancy (modules->libpam)
is reversed for the static case (libpam->modules).
2001-06-04 19:47:56 +00:00
Mark Murray
bc0105f860
Null file to bring back a file from the dead. This allows the real commit
...
to happen remotely. Damn CVS bugs :-(
2001-06-04 19:25:41 +00:00
Mark Murray
46efbac2ed
Add the "nullok" option that causes this module to succeed if the Unix
...
password is empty/null.
2001-06-04 19:16:57 +00:00
Mark Murray
35a2fbdee0
Tidy up the options list (and make it more extendable), and add some
...
extra "standard" options.
2001-06-04 19:12:08 +00:00
Mark Murray
397fa72521
Add some new utility authenticators.
...
pam_securetty silently succeeds if the user is on a secure tty
as defined by /etc/ttys.
pam_ftp does "anonymous ftp" style authentication with options for
specifying the anonymous user(s).
2001-06-04 18:44:47 +00:00
Mark Murray
4448b21cc6
Add the "auth_as_self" option to the pam_unix module (there is no
...
reason not to add it to others later). This causes the pam_unix
module to check the user's _own_ password, not the password of the
account that the user is authenticating into. This will allow eg:
WHEELSU type behaviour from su(1).
2001-05-24 18:35:52 +00:00
Mark Murray
84d6cd8ea1
Bring in a few useful PAM modules.
...
pam_krb5 is a Kerberos 5 (Heimdal) authentication module.
pam_nologin checks for /etc/nologin and does the "usual stuff"
if it is found, otherwise it silently succeeds.
pam_rootok silently succeeds if the user is root, otherwise
it fails.
pam_wheel silently succeeds if the user is a member of group
"wheel" (or another nominated group), and fails
otherwise.
There is an issue with kerberosIV and kerberos5 - if both are
being built, then static linking fails with duplicate symbols.
This will take a bit of work to sort out in the kerberii.
2001-05-14 11:23:58 +00:00
Brian Feldman
d67ad957e9
Finish disconnecting pam_ssh from the build.
2001-05-04 20:40:53 +00:00
Brian Feldman
253fb6ea3a
I've been meaning to take pam_ssh out of the base system for a while now.
...
Finally do it.
2001-05-04 03:53:48 +00:00
Mark Murray
556a280696
Update for (Linux-)PAM 0.75
2001-05-03 10:55:48 +00:00
Ruslan Ermilov
5f95f24bf4
mdoc(7) police: uppercase document title.
2001-04-18 08:25:26 +00:00
Ruslan Ermilov
4a558355e5
MAN[1-9] -> MAN.
2001-03-27 17:27:19 +00:00
John Baldwin
12e275aaee
Use a unified libgcc rather than a seperate one for threaded and
...
non-threaded programs. This provides threaded programs with the
needed exception frame symbols.
parts submitted by: Max Khon <fjoe@iclub.nsu.ru>
PR: 23252
2001-01-06 18:59:46 +00:00
David E. O'Brien
3f6014e672
Use a unified libgcc rather than a seperate one for threaded and
...
non-threaded programs. This provides threaded programs with the
needed exception frame symbols.
parts submitted by: Max Khon <fjoe@iclub.nsu.ru>
PR: 23252
2001-01-06 06:16:31 +00:00
Ruslan Ermilov
4263595653
Prepare for mdoc(7)NG.
2000-12-29 14:08:20 +00:00
Ruslan Ermilov
ed40311694
mdoc(7) police: removed history info from the .Os FreeBSD call.
2000-12-14 11:52:05 +00:00
Brian Feldman
386879a128
Forgot to remove the old line in the last commit.
2000-12-05 02:41:01 +00:00
Brian Feldman
ee510eab3f
In env_destroy(), it is a bad idea to env_swap(self, 0) to switch
...
back to the original environ unconditionally. The setting of the
variable to save the previous environ is conditional; it happens when
ENV.e_committed is set. Therefore, don't try to swap the env back
unless the previous env has been initialized.
PR: bin/22670
Submitted by: Takanori Saneto <sanewo@ba2.so-net.ne.jp>
2000-11-25 02:00:35 +00:00
Bill Fumerola
2a644691bc
Correct an arguement to ssh_add_identity, this matches what is currently
...
in ports/security/openssh/files/pam_ssh.c
PR: 22164
Submitted by: Takanori Saneto <sanewo@ba2.so-net.ne.jp>
Reviewed by: green
Approved by: green
2000-11-25 01:55:42 +00:00
Ruslan Ermilov
725ab6287f
log
2000-11-22 09:23:54 +00:00
Kris Kennaway
4f00f8562d
Update to the version of pam_ssh corresponding to OpenSSH 2.1 (taken
...
from the openssh port)
Submitted by: Hajimu UMEMOTO <ume@mahoroba.org>
2000-05-30 09:03:15 +00:00
Jake Burkholder
e39756439c
Back out the previous change to the queue(3) interface.
...
It was not discussed and should probably not happen.
Requested by: msmith and others
2000-05-26 02:09:24 +00:00
Jake Burkholder
740a1973a6
Change the way that the queue(3) structures are declared; don't assume that
...
the type argument to *_HEAD and *_ENTRY is a struct.
Suggested by: phk
Reviewed by: phk
Approved by: mdodd
2000-05-23 20:41:01 +00:00
Kris Kennaway
acf3af98c9
Connect pam_opie to the build.
2000-04-17 00:19:30 +00:00
Kris Kennaway
01331fc70c
Add pam_opie, a PAM module using the OPIE one-time-password scheme.
...
Submitted by: Jim Bloom <bloom@acm.org>
2000-04-17 00:14:42 +00:00
Kris Kennaway
e31adaffd9
Fix a memory leak.
...
PR: 17360
Submitted by: Andrew J. Korty <ajk@iu.edu>
2000-03-29 08:24:37 +00:00
Bruce Evans
e915afdee4
Fixed missing libraries in DPADD.
...
Fixed some style bugs (some usual ones for DPADD and LDADD, and
misformatting of $FreeBSD$).
2000-03-27 15:24:45 +00:00
Kris Kennaway
bb49f794f5
Buildworld fixes for NO_OPENSSH and NO_OPENSSL
...
Approved by: jkh
2000-03-09 06:29:05 +00:00
Peter Wemm
330bc838ab
Make pam_ssh work. It had an undefined symbol when it was dlopen()ed.
...
I'm not quite sure about this, I think it should be using -lssh_pic since
it's being linked into a .so, but nothing seems to complain ahd it does
work. (well, it works for using the authorized_keys file, but I have not
figured out how to get it to start a ssh-agent and cache the key for me)
PR: 17191
Submitted by: Adrian Pavlykevych <pam@polynet.lviv.ua>
2000-03-06 15:28:30 +00:00
Sheldon Hearn
c6ff3a1bf7
Remove single-space hard sentence breaks. These degrade the quality
...
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.
2000-03-02 09:14:21 +00:00
Sheldon Hearn
87faa07bec
Remove single-space hard sentence breaks. These degrade the quality
...
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.
2000-03-01 12:20:22 +00:00
Mark Murray
dc9650a4a8
Don't try to build k5 PAM; it ain't ready yet.
2000-02-28 21:00:50 +00:00
Søren Schmidt
b3595df45d
Same fix as in ../modules, dont use the crypto stuff if its not there.
2000-02-26 12:26:25 +00:00
Peter Wemm
49838bb95b
Argh, I can't win today. Spell ${.CURDIR} correctly.
2000-02-26 11:16:08 +00:00
Peter Wemm
b753aec26f
Don't build pam_ssh if the crypto code is missing.
...
Found by: sos
2000-02-26 11:14:17 +00:00
Peter Wemm
2307080405
Redo this with a repo copy from the original file and reset the
...
__PREFIX__ markers.
2000-02-26 09:59:14 +00:00
Mark Murray
d3e3752170
Use libcrypto instead of libdes.
...
Also - OpenSSH blesses us with a module for PAM.
2000-02-24 22:24:37 +00:00
Chris Costello
111b70aa08
Remove the version information from `.Os FreeBSD' here. Not only
...
might it confuse people, but it causes a warning message with
nroff, and no version history mentions a 1.2 version of FreeBSD.
If anything, a ``HISTORY'' section should show which version this
appeared in.
2000-02-14 01:47:54 +00:00
Brian Feldman
0e17bca17c
Upgrade to the pam_ssh module, version 1.1..
...
(From the author:)
Primarily, I have added built-in functions for manipulating the
environment, so putenv() is no longer used. XDM and its variants
should now work without modification. Note that the new code uses
the macros in <sys/queue.h>.
Submitted by: Andrew J. Korty <ajk@iu.edu>
1999-12-28 05:32:54 +00:00
Brian Feldman
b71e3dafa5
Add the PAM SSH RSA key authentication module. For example, you can add,
...
"login auth sufficient pam_ssh.so" to your /etc/pam.conf, and
users with a ~/.ssh/identity can login(1) with their SSH key :)
PR: 15158
Submitted by: Andrew J. Korty <ajk@waterspout.com>
Reviewed by: obrien
1999-11-29 07:09:44 +00:00
Marcel Moolenaar
ee98eb8e13
Don't include Kerberos if NOCRYPT is defined, because it isn't build
...
if NOCRYPT is defined. Likewise, don't include DES if NOSECURE is
defined.
1999-11-14 15:48:29 +00:00
Mark Murray
394b3be19e
Add libcrypt. This previously/coincidentally worked for login,
...
because login was already linked against it, but others have a
problem.
1999-09-30 18:53:34 +00:00
Mark Murray
33f891d293
Common Error libraries are needed here.
1999-09-20 06:23:16 +00:00
Peter Wemm
c3aac50f28
$Id$ -> $FreeBSD$
1999-08-28 01:08:13 +00:00
Peter Wemm
7f3dea244c
$Id$ -> $FreeBSD$
1999-08-28 00:22:10 +00:00
Andrzej Bialecki
da33d9001c
Restore INTERNALLIB.
...
Noticed by: bde,jdp
1999-08-20 18:32:45 +00:00
Andrzej Bialecki
c747c0c757
Add pam_radius.so manual page.
...
Reviewed by: jdp
1999-08-18 19:04:24 +00:00
Nik Clayton
3be5f1f5ce
Add $Id$, to make it simpler for members of the translation teams to
...
track.
The $Id$ line is normally at the bottom of the main comment block in the
man page, separated from the rest of the manpage by an empty comment,
like so;
.\" $Id$
.\"
If the immediately preceding comment is a @(#) format ID marker than the
the $Id$ will line up underneath it with no intervening blank lines.
Otherwise, an additional blank line is inserted.
Approved by: bde
1999-07-12 20:24:20 +00:00
John Polstra
d65b34db7d
Revive the pam_deny and pam_permit modules from Linux-PAM. They are
...
simple enough to be trusted.
Add account management functionality to the pam_unix module.
These changes should make it possible to use PAM in some ports.
Submitted by: Max Khon <fjoe@iclub.nsu.ru>
1999-05-08 01:59:27 +00:00
John Polstra
ce9f8663f9
Fix bug that prevented accounts with empty passwords from logging
...
in.
Submitted by: Paul Traina <pst@juniper.net>
1999-04-06 19:48:53 +00:00