system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-10-18 14:23:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
69219 commits 77 branches 139 tags 3.4 GiB
Commit graph

170 commits

Author SHA1 Message Date
Matthew Dillon ceaf33f537 Add __FBSDID()s to libpam 2001-09-30 22:11:06 +00:00
Mark Murray 6e925e8fc7 1) repair the return value in the PAM_RETURN() macro (Side effects!!). 
2) canonicalise the options use in pam_options().

Submitted by:	Gunnar Kreitz <gunnark@chello.se>
PR:		30250
 2001-09-04 17:05:08 +00:00
Mark Murray a41ad3fca9 Introduce a "noroot_ok" option to make this module ignore authentications 
to a non-superuser if required.
 2001-08-26 18:09:00 +00:00
Mark Murray f96b705fa7 Introduce better logging, error reporting and use of login_cap data. 2001-08-26 18:05:35 +00:00
Mark Murray 76f4a6fd79 Add extra logging detail. This needs a more general solution. 2001-08-26 17:57:44 +00:00
Mark Murray 3d55a6c083 Big module makeover; improve logging, standardise variable names, 
introduce ability to change passwords for both "usual" Unix methods
and NIS.
 2001-08-26 17:41:13 +00:00
Mark Murray 47965f01dd Add 'try_mapped_pass' standard option. 
Asked for by:	lukeh@PADL.COM
 2001-08-20 12:43:19 +00:00
Mark Murray ca0bdcdd29 Document the no_warn option. 2001-08-15 20:05:33 +00:00
Mark Murray b5507a38bc Fix a couple of cross-references to reflect the reality of the module. 2001-08-15 20:03:26 +00:00
Mark Murray 537db85291 Fix: 
/usr/src/lib/libpam/modules/pam_ssh/pam_ssh.c has couple of bugs which cause:

1) xdm dumps core
2) ssh1 private key is not passed to ssh-agent
3) ssh2 RSA key seems not handled properly (just a guess from source)
4) ssh_get_authentication_connectionen() fails to get connection because of
   SSH_AUTH_SOCK not defined.

PR:		29609
Submitted by:	Takanori Saneto <sanewo@ba2.so-net.ne.jp>
 2001-08-11 12:37:55 +00:00
Mark Murray 3938427761 Clean up this module very extensively. Fix the logging, the coding 
standards and the option handling. This module is now much more easy
to maintain as a part of the FreeBSD tree.
 2001-08-10 19:24:34 +00:00
Mark Murray 530ebf8e0a Code clean up; make logging same as other modules and fix warnings. 2001-08-10 19:21:45 +00:00
Mark Murray 34beb374a2 General code clean-up. Sort out warnings, and make the warning and 
logging work the same as other modules.
 2001-08-10 19:18:52 +00:00
Mark Murray 0fa107a3cb Simplify code. Also verbose logging, verbose overridable error reporting. 2001-08-10 19:15:48 +00:00
Mark Murray 65550d9b5a Verbose logging, overridable verbose error reporting. 2001-08-10 19:12:59 +00:00
Mark Murray b04259a5cf Module clean-up. Verbose logging, Overridable verbose error reporting, 
FreeBSD pam_prompt() usage to simplify conversation function usage.
 2001-08-10 19:10:43 +00:00
Mark Murray 2108fbd748 Verbosely (overridable) report failure to the user. 2001-08-10 19:07:45 +00:00
Mark Murray ceca323626 Use the FreeBSD pam_prompt() interface to the conversation function 
instead of home-rolling it. Clean up debugging code and tidy the
module.
 2001-08-10 19:05:57 +00:00
Mark Murray 3a9cdcb91f Verbosely report errors to the user (overridable), and make sure 
that the correct failure mode is reported.
 2001-08-10 19:02:21 +00:00
Mark Murray 27b9f9d4a3 Fix broken logic so that this actually works for the superuser. 
Verbosely log (properly).
Verbosely report errors to the user.
 2001-08-10 14:21:58 +00:00
Mark Murray cfa285d9e4 Rework this to prevent a nasty problem involving different modules' 
option interacting with each other.
 2001-08-10 14:16:47 +00:00
Mark Murray 0b2e8123ef Declare the new user-error reporting macro. 
This is a macro to allow use of the __FILE__ and __FUNCTION__
macros.
 2001-08-10 14:15:00 +00:00
Mark Murray a56dfc9b23 Add a routine for providing feedback via the conversation mechanism 
(usually to stderr) for user-reportable errors.
 2001-08-10 14:13:16 +00:00
Mark Murray 13cde2748e Fix style/consistency in Makefile and repair static module building. 
Submitted by:	bde(partially)
 2001-08-04 21:51:14 +00:00
Mark Murray d5e53157cf Don't clobber CFLAGS 
Submitted by:	bde
 2001-08-04 21:49:30 +00:00
Mark Murray 4447e914e8 Fix the bug where this modulke was not checking the priamry GID, only 
the GIDS in /etc/group or NIS's group map.

Tested by:	sheldonh
PR:		29349
 2001-08-04 09:19:31 +00:00
Mark Murray f950650b78 With the S/KEY removal, this is no longer buildable or necessary. 2001-08-02 19:04:20 +00:00
Mark Murray c52468e7ef Don't try to make pam_ssh module if NO_OPENSSH is set. 2001-08-02 19:01:02 +00:00
Mark Murray f5974d336f Repair the get/set UID() stuff so this works in both su(1) and login(1) 
modes.
 2001-08-02 10:35:41 +00:00
Mark Murray af1852503e Making this major bump was a BAD idea. The API change is internal (to PAM) 
and it caused problems without solving any.
 2001-07-30 09:56:38 +00:00
Mark Murray 7b22794017 (Re)Add an SSH module for PAM, heavily based on Andrew Korty's module 
from ports.
 2001-07-29 18:31:09 +00:00
Ruslan Ermilov 0fa68d89e8 mdoc(7) police: widen width of the options list. 2001-07-18 14:49:32 +00:00
Mark Murray 0eb9c7b357 Update to the same level of debug-logging as the rest of the 
FreeBSD/PAM modules.
 2001-07-17 07:36:51 +00:00
Mark Murray 3741d46458 Update to the same code as in the pam_krb5.so port. 
According to Peter, the port works - this needs more testing.
 2001-07-17 07:34:36 +00:00
Dima Dorfman f247324df7 Remove whitespace at EOL. 2001-07-15 08:06:20 +00:00
Mark Murray f042a54245 Use a better method of getting user credentials to account for 
(legal) UID duplication.

Rename use_uid to auth_as_self for consistency with other modules.
 2001-07-14 08:42:39 +00:00
Mark Murray 6fd676c982 Use a better method to get user credentials to account for (legal) 
duplications of UID's in /etc/*passwd.
 2001-07-14 08:38:24 +00:00
Ruslan Ermilov e8b02a428d mdoc(7) police: -xwidth has been fold into -width. 2001-07-13 09:09:52 +00:00
Ruslan Ermilov 08ecaa10b2 mdoc(7) police: fixed markup, a little bit. 2001-07-11 08:36:26 +00:00
Ruslan Ermilov 63b81b76ca mdoc(7) police: fixed markup any numerous typos. 2001-07-11 08:35:34 +00:00
Mark Murray 84f39079c5 Fix a horrible bug introduced by myself where the options collection 
keeps on growing as the module stack is parsed.
 2001-07-10 16:59:30 +00:00
Ruslan Ermilov 625003720a mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 14:16:33 +00:00
Ruslan Ermilov a307d59838 mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 13:41:46 +00:00
Mark Murray 1642eb1a52 Clean up (and in some cases write) the PAM mudules, using 
o The new options-processing API
o The new DEBUG-logging API

Add man(1) pages for ALL modules. MDOC-Police welcome
to check this.

Audit, clean up while I'm here.
 2001-07-09 18:20:51 +00:00
Mark Murray 5d87b61e6f Bump the major number. The libraries API has changed incompatibly. 2001-07-09 18:16:33 +00:00
Mark Murray c3a080c527 Almost completely rewrite the PAM module options processing 
routines, and provide a more extended API for doing this.

Provide an API for debug logging.

Audit and clean up the code.
 2001-07-09 18:14:43 +00:00
Ruslan Ermilov 5521ff5a4d mdoc(7) police: sort SEE ALSO xrefs (sort -b -f +2 -3 +1 -2). 2001-07-06 16:46:48 +00:00
Ruslan Ermilov 88de1238eb mdoc(7) police: fixed formatting. 2001-07-06 07:29:59 +00:00
Peter Wemm d6be5f6435 Fix libpam's linker set stuff to use the new API (unbreak world), and get 
rid of gensetdefs from here as well.
 2001-06-14 01:13:30 +00:00
Chris Costello 8b136a6dde Convert to mdoc(7). 2001-06-13 21:52:07 +00:00
Mark Murray 084a46829b Big module cleanup. 
Move common stuff into Makefile.inc, and tidy up all the Makefiles
as a result.

Build new modules.

Put a commented-out dependancy on libpam for the (shared) modules.
I can't bring this in just yet, as the dependancy (modules->libpam)
is reversed for the static case (libpam->modules).
 2001-06-04 19:47:56 +00:00
Mark Murray bc0105f860 Null file to bring back a file from the dead. This allows the real commit 
to happen remotely. Damn CVS bugs :-(
 2001-06-04 19:25:41 +00:00
Mark Murray 46efbac2ed Add the "nullok" option that causes this module to succeed if the Unix 
password is empty/null.
 2001-06-04 19:16:57 +00:00
Mark Murray 35a2fbdee0 Tidy up the options list (and make it more extendable), and add some 
extra "standard" options.
 2001-06-04 19:12:08 +00:00
Mark Murray 397fa72521 Add some new utility authenticators. 
pam_securetty silently succeeds if the user is on a secure tty
as defined by /etc/ttys.

pam_ftp does "anonymous ftp" style authentication with options for
specifying the anonymous user(s).
 2001-06-04 18:44:47 +00:00
Mark Murray 4448b21cc6 Add the "auth_as_self" option to the pam_unix module (there is no 
reason not to add it to others later). This causes the pam_unix
module to check the user's _own_ password, not the password of the
account that the user is authenticating into. This will allow eg:
WHEELSU type behaviour from su(1).
 2001-05-24 18:35:52 +00:00
Mark Murray 84d6cd8ea1 Bring in a few useful PAM modules. 
pam_krb5 is a Kerberos 5 (Heimdal) authentication module.

pam_nologin checks for /etc/nologin and does the "usual stuff"
	if it is found, otherwise it silently succeeds.

pam_rootok silently succeeds if the user is root, otherwise
	it fails.

pam_wheel silently succeeds if the user is a member of group
	"wheel" (or another nominated group), and fails
	otherwise.

There is an issue with kerberosIV and kerberos5 - if both are
being built, then static linking fails with duplicate symbols.
This will take a bit of work to sort out in the kerberii.
 2001-05-14 11:23:58 +00:00
Brian Feldman d67ad957e9 Finish disconnecting pam_ssh from the build. 2001-05-04 20:40:53 +00:00
Brian Feldman 253fb6ea3a I've been meaning to take pam_ssh out of the base system for a while now. 
Finally do it.
 2001-05-04 03:53:48 +00:00
Mark Murray 556a280696 Update for (Linux-)PAM 0.75 2001-05-03 10:55:48 +00:00
Ruslan Ermilov 5f95f24bf4 mdoc(7) police: uppercase document title. 2001-04-18 08:25:26 +00:00
Ruslan Ermilov 4a558355e5 MAN[1-9] -> MAN. 2001-03-27 17:27:19 +00:00
John Baldwin 12e275aaee Use a unified libgcc rather than a seperate one for threaded and 
non-threaded programs.  This provides threaded programs with the
needed exception frame symbols.

parts submitted by:	Max Khon <fjoe@iclub.nsu.ru>
PR:	23252
 2001-01-06 18:59:46 +00:00
David E. O'Brien 3f6014e672 Use a unified libgcc rather than a seperate one for threaded and 
non-threaded programs.  This provides threaded programs with the
needed exception frame symbols.

parts submitted by:	Max Khon <fjoe@iclub.nsu.ru>
PR:	23252
 2001-01-06 06:16:31 +00:00
Ruslan Ermilov 4263595653 Prepare for mdoc(7)NG. 2000-12-29 14:08:20 +00:00
Ruslan Ermilov ed40311694 mdoc(7) police: removed history info from the .Os FreeBSD call. 2000-12-14 11:52:05 +00:00
Brian Feldman 386879a128 Forgot to remove the old line in the last commit. 2000-12-05 02:41:01 +00:00
Brian Feldman ee510eab3f In env_destroy(), it is a bad idea to env_swap(self, 0) to switch 
back to the original environ unconditionally.  The setting of the
variable to save the previous environ is conditional; it happens when
ENV.e_committed is set.  Therefore, don't try to swap the env back
unless the previous env has been initialized.

PR:		bin/22670
Submitted by:	Takanori Saneto <sanewo@ba2.so-net.ne.jp>
 2000-11-25 02:00:35 +00:00
Bill Fumerola 2a644691bc Correct an arguement to ssh_add_identity, this matches what is currently 
in ports/security/openssh/files/pam_ssh.c

PR:		22164
Submitted by:	Takanori Saneto <sanewo@ba2.so-net.ne.jp>
Reviewed by:	green
Approved by:	green
 2000-11-25 01:55:42 +00:00
Ruslan Ermilov 725ab6287f log 2000-11-22 09:23:54 +00:00
Kris Kennaway 4f00f8562d Update to the version of pam_ssh corresponding to OpenSSH 2.1 (taken 
from the openssh port)

Submitted by:	Hajimu UMEMOTO <ume@mahoroba.org>
 2000-05-30 09:03:15 +00:00
Jake Burkholder e39756439c Back out the previous change to the queue(3) interface. 
It was not discussed and should probably not happen.

Requested by:		msmith and others
 2000-05-26 02:09:24 +00:00
Jake Burkholder 740a1973a6 Change the way that the queue(3) structures are declared; don't assume that 
the type argument to *_HEAD and *_ENTRY is a struct.

Suggested by:	phk
Reviewed by:	phk
Approved by:	mdodd
 2000-05-23 20:41:01 +00:00
Kris Kennaway acf3af98c9 Connect pam_opie to the build. 2000-04-17 00:19:30 +00:00
Kris Kennaway 01331fc70c Add pam_opie, a PAM module using the OPIE one-time-password scheme. 
Submitted by:	Jim Bloom <bloom@acm.org>
 2000-04-17 00:14:42 +00:00
Kris Kennaway e31adaffd9 Fix a memory leak. 
PR:		17360
Submitted by:	Andrew J. Korty <ajk@iu.edu>
 2000-03-29 08:24:37 +00:00
Bruce Evans e915afdee4 Fixed missing libraries in DPADD. 
Fixed some style bugs (some usual ones for DPADD and LDADD, and
misformatting of $FreeBSD$).
 2000-03-27 15:24:45 +00:00
Kris Kennaway bb49f794f5 Buildworld fixes for NO_OPENSSH and NO_OPENSSL 
Approved by:	jkh
 2000-03-09 06:29:05 +00:00
Peter Wemm 330bc838ab Make pam_ssh work. It had an undefined symbol when it was dlopen()ed. 
I'm not quite sure about this, I think it should be using -lssh_pic since
it's being linked into a .so, but nothing seems to complain ahd it does
work.  (well, it works for using the authorized_keys file, but I have not
figured out how to get it to start a ssh-agent and cache the key for me)

PR:		17191
Submitted by:	Adrian Pavlykevych <pam@polynet.lviv.ua>
 2000-03-06 15:28:30 +00:00
Sheldon Hearn c6ff3a1bf7 Remove single-space hard sentence breaks. These degrade the quality 
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.
 2000-03-02 09:14:21 +00:00
Sheldon Hearn 87faa07bec Remove single-space hard sentence breaks. These degrade the quality 
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.
 2000-03-01 12:20:22 +00:00
Mark Murray dc9650a4a8 Don't try to build k5 PAM; it ain't ready yet. 2000-02-28 21:00:50 +00:00
Søren Schmidt b3595df45d Same fix as in ../modules, dont use the crypto stuff if its not there. 2000-02-26 12:26:25 +00:00
Peter Wemm 49838bb95b Argh, I can't win today. Spell ${.CURDIR} correctly. 2000-02-26 11:16:08 +00:00
Peter Wemm b753aec26f Don't build pam_ssh if the crypto code is missing. 
Found by:	sos
 2000-02-26 11:14:17 +00:00
Peter Wemm 2307080405 Redo this with a repo copy from the original file and reset the 
__PREFIX__ markers.
 2000-02-26 09:59:14 +00:00
Mark Murray d3e3752170 Use libcrypto instead of libdes. 
Also - OpenSSH blesses us with a module for PAM.
 2000-02-24 22:24:37 +00:00
Chris Costello 111b70aa08 Remove the version information from `.Os FreeBSD' here. Not only 
might it confuse people, but it causes a warning message with
nroff, and no version history mentions a 1.2 version of FreeBSD.

If anything, a ``HISTORY'' section should show which version this
appeared in.
 2000-02-14 01:47:54 +00:00
Brian Feldman 0e17bca17c Upgrade to the pam_ssh module, version 1.1.. 
(From the author:)
Primarily, I have added built-in functions for manipulating the
environment, so putenv() is no longer used.  XDM and its variants
should now work without modification.  Note that the new code uses
the macros in <sys/queue.h>.

Submitted by:	Andrew J. Korty <ajk@iu.edu>
 1999-12-28 05:32:54 +00:00
Brian Feldman b71e3dafa5 Add the PAM SSH RSA key authentication module. For example, you can add, 
"login  auth    sufficient      pam_ssh.so" to your /etc/pam.conf, and
users with a ~/.ssh/identity can login(1) with their SSH key :)

PR:		15158
Submitted by:	Andrew J. Korty <ajk@waterspout.com>
Reviewed by:	obrien
 1999-11-29 07:09:44 +00:00
Marcel Moolenaar ee98eb8e13 Don't include Kerberos if NOCRYPT is defined, because it isn't build 
if NOCRYPT is defined. Likewise, don't include DES if NOSECURE is
defined.
 1999-11-14 15:48:29 +00:00
Mark Murray 394b3be19e Add libcrypt. This previously/coincidentally worked for login, 
because login was already linked against it, but others have a
problem.
 1999-09-30 18:53:34 +00:00
Mark Murray 33f891d293 Common Error libraries are needed here. 1999-09-20 06:23:16 +00:00
Peter Wemm c3aac50f28 $Id$ -> $FreeBSD$ 1999-08-28 01:08:13 +00:00
Peter Wemm 7f3dea244c $Id$ -> $FreeBSD$ 1999-08-28 00:22:10 +00:00
Andrzej Bialecki da33d9001c Restore INTERNALLIB. 
Noticed by:	bde,jdp
 1999-08-20 18:32:45 +00:00
Andrzej Bialecki c747c0c757 Add pam_radius.so manual page. 
Reviewed by:	jdp
 1999-08-18 19:04:24 +00:00
Nik Clayton 3be5f1f5ce Add $Id$, to make it simpler for members of the translation teams to 
track.

The $Id$ line is normally at the bottom of the main comment block in the
man page, separated from the rest of the manpage by an empty comment,
like so;

     .\"    $Id$
     .\"

If the immediately preceding comment is a @(#) format ID marker than the
the $Id$ will line up underneath it with no intervening blank lines.
Otherwise, an additional blank line is inserted.

Approved by:            bde
 1999-07-12 20:24:20 +00:00
John Polstra d65b34db7d Revive the pam_deny and pam_permit modules from Linux-PAM. They are 
simple enough to be trusted.

Add account management functionality to the pam_unix module.

These changes should make it possible to use PAM in some ports.

Submitted by:	Max Khon <fjoe@iclub.nsu.ru>
 1999-05-08 01:59:27 +00:00
John Polstra ce9f8663f9 Fix bug that prevented accounts with empty passwords from logging 
in.

Submitted by:	Paul Traina <pst@juniper.net>
 1999-04-06 19:48:53 +00:00