1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-17 10:26:15 +00:00
Commit Graph

133 Commits

Author SHA1 Message Date
Dag-Erling Smørgrav
e2c8459e85 Add a pam_self authentication module that succeeds if and only if the local
and remote user names are the same.

Sponsored by:	DARPA, NAI Labs
2001-12-05 15:55:14 +00:00
Mark Murray
1a8b24c257 Use __FBSDID(). Also do a bit of cosmetic #if and header-order
cleaning-up.
2001-12-02 20:54:57 +00:00
Mark Murray
d2f6cd8fd5 Style fixups.
Sort function declarations, includes. Make consistent WRT use of _P()
macro (ugh!)

Inspired by:	bde
2001-12-01 21:12:04 +00:00
Mark Murray
e317b97026 WARNS=2 fixes.
Reviewed by:	bde (a while back)
2001-12-01 17:46:46 +00:00
Brian Feldman
7d8cee925b Fix pam_ssh by adding an IPv4or6 (evidently, this was broken by my last
OpenSSH import) declaration and strdup(3)ing a value which is later
free(3)d, rather than letting the system try to free it invalidly.
2001-11-29 21:16:11 +00:00
Dag-Erling Smørgrav
ca7e26e312 Mdoc police.
Submitted by:	ru
2001-11-28 10:07:21 +00:00
Ruslan Ermilov
60c6736148 mdoc(7) police: fix one pam_unix(8) left-over, sort xrefs. 2001-11-28 09:25:03 +00:00
Dag-Erling Smørgrav
6a13dede6c Add a pam_set_item(3) man page with an MLINK to pam_get_item(3).
PR:		docs/32294
Sponsored by:	DARPA, NAI Labs
MFC after:	3 days
2001-11-27 15:36:35 +00:00
Dag-Erling Smørgrav
b4a475937b Create a pam_ssh(8) man page, based on a repo-copy of pam_unix(8).
License modified with original author's permission.

Sponsored by:	DARPA, NAI Labs
2001-11-27 00:57:50 +00:00
Dag-Erling Smørgrav
d65e5dfa59 Document the local_pass and nis_pass options, add a few xrefs, and reorder
the SEE ALSO section.  License modified with original author's permission.

Sponsored by:	DARPA, NAI Labs
2001-11-27 00:53:10 +00:00
Dima Dorfman
a48060a2f7 Spelling police: sucessful -> successful. 2001-11-24 23:41:32 +00:00
Maxim Sobolev
bc3a4bf55d Don't put an extra space after password prompts, because it violates POLA,
makes FreeBSD inconsistent with previous releases and "other unices" as well
as with some internal password-asking services (e.g. ftp) within the same
release.
2001-10-25 15:51:50 +00:00
Mark Murray
ce1e0bbc8f Add library exposed by KDE's use if this module. 2001-10-18 20:05:20 +00:00
Matthew Dillon
ceaf33f537 Add __FBSDID()s to libpam 2001-09-30 22:11:06 +00:00
Mark Murray
6e925e8fc7 1) repair the return value in the PAM_RETURN() macro (Side effects!!).
2) canonicalise the options use in pam_options().

Submitted by:	Gunnar Kreitz <gunnark@chello.se>
PR:		30250
2001-09-04 17:05:08 +00:00
Mark Murray
a41ad3fca9 Introduce a "noroot_ok" option to make this module ignore authentications
to a non-superuser if required.
2001-08-26 18:09:00 +00:00
Mark Murray
f96b705fa7 Introduce better logging, error reporting and use of login_cap data. 2001-08-26 18:05:35 +00:00
Mark Murray
76f4a6fd79 Add extra logging detail. This needs a more general solution. 2001-08-26 17:57:44 +00:00
Mark Murray
3d55a6c083 Big module makeover; improve logging, standardise variable names,
introduce ability to change passwords for both "usual" Unix methods
and NIS.
2001-08-26 17:41:13 +00:00
Mark Murray
47965f01dd Add 'try_mapped_pass' standard option.
Asked for by:	lukeh@PADL.COM
2001-08-20 12:43:19 +00:00
Mark Murray
ca0bdcdd29 Document the no_warn option. 2001-08-15 20:05:33 +00:00
Mark Murray
b5507a38bc Fix a couple of cross-references to reflect the reality of the module. 2001-08-15 20:03:26 +00:00
Mark Murray
537db85291 Fix:
/usr/src/lib/libpam/modules/pam_ssh/pam_ssh.c has couple of bugs which cause:

1) xdm dumps core
2) ssh1 private key is not passed to ssh-agent
3) ssh2 RSA key seems not handled properly (just a guess from source)
4) ssh_get_authentication_connectionen() fails to get connection because of
   SSH_AUTH_SOCK not defined.

PR:		29609
Submitted by:	Takanori Saneto <sanewo@ba2.so-net.ne.jp>
2001-08-11 12:37:55 +00:00
Mark Murray
3938427761 Clean up this module very extensively. Fix the logging, the coding
standards and the option handling. This module is now much more easy
to maintain as a part of the FreeBSD tree.
2001-08-10 19:24:34 +00:00
Mark Murray
530ebf8e0a Code clean up; make logging same as other modules and fix warnings. 2001-08-10 19:21:45 +00:00
Mark Murray
34beb374a2 General code clean-up. Sort out warnings, and make the warning and
logging work the same as other modules.
2001-08-10 19:18:52 +00:00
Mark Murray
0fa107a3cb Simplify code. Also verbose logging, verbose overridable error reporting. 2001-08-10 19:15:48 +00:00
Mark Murray
65550d9b5a Verbose logging, overridable verbose error reporting. 2001-08-10 19:12:59 +00:00
Mark Murray
b04259a5cf Module clean-up. Verbose logging, Overridable verbose error reporting,
FreeBSD pam_prompt() usage to simplify conversation function usage.
2001-08-10 19:10:43 +00:00
Mark Murray
2108fbd748 Verbosely (overridable) report failure to the user. 2001-08-10 19:07:45 +00:00
Mark Murray
ceca323626 Use the FreeBSD pam_prompt() interface to the conversation function
instead of home-rolling it. Clean up debugging code and tidy the
module.
2001-08-10 19:05:57 +00:00
Mark Murray
3a9cdcb91f Verbosely report errors to the user (overridable), and make sure
that the correct failure mode is reported.
2001-08-10 19:02:21 +00:00
Mark Murray
27b9f9d4a3 Fix broken logic so that this actually works for the superuser.
Verbosely log (properly).
Verbosely report errors to the user.
2001-08-10 14:21:58 +00:00
Mark Murray
cfa285d9e4 Rework this to prevent a nasty problem involving different modules'
option interacting with each other.
2001-08-10 14:16:47 +00:00
Mark Murray
0b2e8123ef Declare the new user-error reporting macro.
This is a macro to allow use of the __FILE__ and __FUNCTION__
macros.
2001-08-10 14:15:00 +00:00
Mark Murray
a56dfc9b23 Add a routine for providing feedback via the conversation mechanism
(usually to stderr) for user-reportable errors.
2001-08-10 14:13:16 +00:00
Mark Murray
13cde2748e Fix style/consistency in Makefile and repair static module building.
Submitted by:	bde(partially)
2001-08-04 21:51:14 +00:00
Mark Murray
d5e53157cf Don't clobber CFLAGS
Submitted by:	bde
2001-08-04 21:49:30 +00:00
Mark Murray
4447e914e8 Fix the bug where this modulke was not checking the priamry GID, only
the GIDS in /etc/group or NIS's group map.

Tested by:	sheldonh
PR:		29349
2001-08-04 09:19:31 +00:00
Mark Murray
f950650b78 With the S/KEY removal, this is no longer buildable or necessary. 2001-08-02 19:04:20 +00:00
Mark Murray
c52468e7ef Don't try to make pam_ssh module if NO_OPENSSH is set. 2001-08-02 19:01:02 +00:00
Mark Murray
f5974d336f Repair the get/set UID() stuff so this works in both su(1) and login(1)
modes.
2001-08-02 10:35:41 +00:00
Mark Murray
af1852503e Making this major bump was a BAD idea. The API change is internal (to PAM)
and it caused problems without solving any.
2001-07-30 09:56:38 +00:00
Mark Murray
7b22794017 (Re)Add an SSH module for PAM, heavily based on Andrew Korty's module
from ports.
2001-07-29 18:31:09 +00:00
Ruslan Ermilov
0fa68d89e8 mdoc(7) police: widen width of the options list. 2001-07-18 14:49:32 +00:00
Mark Murray
0eb9c7b357 Update to the same level of debug-logging as the rest of the
FreeBSD/PAM modules.
2001-07-17 07:36:51 +00:00
Mark Murray
3741d46458 Update to the same code as in the pam_krb5.so port.
According to Peter, the port works - this needs more testing.
2001-07-17 07:34:36 +00:00
Dima Dorfman
f247324df7 Remove whitespace at EOL. 2001-07-15 08:06:20 +00:00
Mark Murray
f042a54245 Use a better method of getting user credentials to account for
(legal) UID duplication.

Rename use_uid to auth_as_self for consistency with other modules.
2001-07-14 08:42:39 +00:00
Mark Murray
6fd676c982 Use a better method to get user credentials to account for (legal)
duplications of UID's in /etc/*passwd.
2001-07-14 08:38:24 +00:00