diff options
Diffstat (limited to 'lib/libpam/modules')
-rw-r--r-- | lib/libpam/modules/Makefile.inc | 3 | ||||
-rw-r--r-- | lib/libpam/modules/modules.inc | 2 | ||||
-rw-r--r-- | lib/libpam/modules/pam_guest/pam_guest.8 | 2 | ||||
-rw-r--r-- | lib/libpam/modules/pam_krb5/Makefile | 3 | ||||
-rw-r--r-- | lib/libpam/modules/pam_ksu/Makefile | 3 | ||||
-rw-r--r-- | lib/libpam/modules/pam_nologin/Makefile | 3 | ||||
-rw-r--r-- | lib/libpam/modules/pam_opie/Makefile | 3 | ||||
-rw-r--r-- | lib/libpam/modules/pam_opieaccess/Makefile | 3 | ||||
-rw-r--r-- | lib/libpam/modules/pam_passwdqc/Makefile | 3 | ||||
-rw-r--r-- | lib/libpam/modules/pam_radius/Makefile | 3 | ||||
-rw-r--r-- | lib/libpam/modules/pam_radius/pam_radius.c | 30 | ||||
-rw-r--r-- | lib/libpam/modules/pam_ssh/Makefile | 4 | ||||
-rw-r--r-- | lib/libpam/modules/pam_tacplus/Makefile | 3 | ||||
-rw-r--r-- | lib/libpam/modules/pam_unix/Makefile | 6 |
14 files changed, 33 insertions, 38 deletions
diff --git a/lib/libpam/modules/Makefile.inc b/lib/libpam/modules/Makefile.inc index 085ab58..2da5a7b 100644 --- a/lib/libpam/modules/Makefile.inc +++ b/lib/libpam/modules/Makefile.inc @@ -14,8 +14,7 @@ CFLAGS+= -I${PAMDIR}/include -I${.CURDIR}/../../libpam NO_PIC= .else SHLIB_NAME?= ${LIB}.so.${SHLIB_MAJOR} -DPADD+= ${LIBPAM} -LDADD+= -lpam +LIBADD+= pam .endif .include "../Makefile.inc" diff --git a/lib/libpam/modules/modules.inc b/lib/libpam/modules/modules.inc index 66fc63c..02debf7 100644 --- a/lib/libpam/modules/modules.inc +++ b/lib/libpam/modules/modules.inc @@ -21,7 +21,9 @@ MODULES += pam_opie MODULES += pam_opieaccess MODULES += pam_passwdqc MODULES += pam_permit +.if ${MK_RADIUS_SUPPORT} != "no" MODULES += pam_radius +.endif MODULES += pam_rhosts MODULES += pam_rootok MODULES += pam_securetty diff --git a/lib/libpam/modules/pam_guest/pam_guest.8 b/lib/libpam/modules/pam_guest/pam_guest.8 index 0bd1755..0b858d6 100644 --- a/lib/libpam/modules/pam_guest/pam_guest.8 +++ b/lib/libpam/modules/pam_guest/pam_guest.8 @@ -82,8 +82,8 @@ password. Requires the guest user to type in the guest account name as password. .El .Sh SEE ALSO -.Xr pam_getenv 3 , .Xr pam_get_item 3 , +.Xr pam_getenv 3 , .Xr pam.conf 5 , .Xr pam 8 .Sh AUTHORS diff --git a/lib/libpam/modules/pam_krb5/Makefile b/lib/libpam/modules/pam_krb5/Makefile index 85f3421..97fd490 100644 --- a/lib/libpam/modules/pam_krb5/Makefile +++ b/lib/libpam/modules/pam_krb5/Makefile @@ -32,7 +32,6 @@ CFLAGS+=-D_FREEFALL_CONFIG WARNS?= 3 .endif -DPADD= ${LIBKRB5} ${LIBHX509} ${LIBASN1} ${LIBROKEN} ${LIBCOM_ERR} ${LIBCRYPT} ${LIBCRYPTO} -LDADD= -lkrb5 -lhx509 -lasn1 -lroken -lcom_err -lcrypt -lcrypto +LIBADD+= krb5 .include <bsd.lib.mk> diff --git a/lib/libpam/modules/pam_ksu/Makefile b/lib/libpam/modules/pam_ksu/Makefile index 9aa6a7e..26f3f85 100644 --- a/lib/libpam/modules/pam_ksu/Makefile +++ b/lib/libpam/modules/pam_ksu/Makefile @@ -28,7 +28,6 @@ LIB= pam_ksu SRCS= pam_ksu.c MAN= pam_ksu.8 -DPADD= ${LIBKRB5} ${LIBHX509} ${LIBASN1} ${LIBROKEN} ${LIBCOM_ERR} ${LIBCRYPT} ${LIBCRYPTO} -LDADD= -lkrb5 -lhx509 -lasn1 -lroken -lcom_err -lcrypt -lcrypto +LIBADD+= krb5 .include <bsd.lib.mk> diff --git a/lib/libpam/modules/pam_nologin/Makefile b/lib/libpam/modules/pam_nologin/Makefile index ba5a7d4..746e9e8 100644 --- a/lib/libpam/modules/pam_nologin/Makefile +++ b/lib/libpam/modules/pam_nologin/Makefile @@ -28,7 +28,6 @@ LIB= pam_nologin SRCS= pam_nologin.c MAN= pam_nologin.8 -DPADD= ${LIBUTIL} -LDADD= -lutil +LIBADD+= util .include <bsd.lib.mk> diff --git a/lib/libpam/modules/pam_opie/Makefile b/lib/libpam/modules/pam_opie/Makefile index fbc1278..c2074bf 100644 --- a/lib/libpam/modules/pam_opie/Makefile +++ b/lib/libpam/modules/pam_opie/Makefile @@ -29,7 +29,6 @@ LIB= pam_opie SRCS= pam_opie.c MAN= pam_opie.8 -DPADD= ${LIBOPIE} -LDADD= -lopie +LIBADD+= opie .include <bsd.lib.mk> diff --git a/lib/libpam/modules/pam_opieaccess/Makefile b/lib/libpam/modules/pam_opieaccess/Makefile index 1554a88..2e764cd 100644 --- a/lib/libpam/modules/pam_opieaccess/Makefile +++ b/lib/libpam/modules/pam_opieaccess/Makefile @@ -4,7 +4,6 @@ LIB= pam_opieaccess SRCS= ${LIB}.c MAN= pam_opieaccess.8 -DPADD= ${LIBOPIE} -LDADD= -lopie +LIBADD+= opie .include <bsd.lib.mk> diff --git a/lib/libpam/modules/pam_passwdqc/Makefile b/lib/libpam/modules/pam_passwdqc/Makefile index c9cc30e..cd23642 100644 --- a/lib/libpam/modules/pam_passwdqc/Makefile +++ b/lib/libpam/modules/pam_passwdqc/Makefile @@ -10,8 +10,7 @@ MAN= pam_passwdqc.8 WARNS?= 2 CFLAGS+= -I${SRCDIR} -DPADD= ${LIBCRYPT} -LDADD= -lcrypt +LIBADD+= crypt .include <bsd.lib.mk> diff --git a/lib/libpam/modules/pam_radius/Makefile b/lib/libpam/modules/pam_radius/Makefile index 2fac833..a9a93e2 100644 --- a/lib/libpam/modules/pam_radius/Makefile +++ b/lib/libpam/modules/pam_radius/Makefile @@ -29,7 +29,6 @@ SRCS= pam_radius.c MAN= pam_radius.8 WARNS?= 3 -DPADD= ${LIBRADIUS} -LDADD= -lradius +LIBADD+= radius .include <bsd.lib.mk> diff --git a/lib/libpam/modules/pam_radius/pam_radius.c b/lib/libpam/modules/pam_radius/pam_radius.c index c5d4dd4..dcfde30 100644 --- a/lib/libpam/modules/pam_radius/pam_radius.c +++ b/lib/libpam/modules/pam_radius/pam_radius.c @@ -62,11 +62,11 @@ __FBSDID("$FreeBSD$"); #define PASSWORD_PROMPT "RADIUS Password:" static int build_access_request(struct rad_handle *, const char *, - const char *, const char *, const char *, const void *, - size_t); + const char *, const char *, const char *, const char *, + const void *, size_t); static int do_accept(pam_handle_t *, struct rad_handle *); static int do_challenge(pam_handle_t *, struct rad_handle *, - const char *, const char *, const char *); + const char *, const char *, const char *, const char *); /* * Construct an access request, but don't send it. Returns 0 on success, @@ -75,7 +75,7 @@ static int do_challenge(pam_handle_t *, struct rad_handle *, static int build_access_request(struct rad_handle *radh, const char *user, const char *pass, const char *nas_id, const char *nas_ipaddr, - const void *state, size_t state_len) + const char *rhost, const void *state, size_t state_len) { int error; char host[MAXHOSTNAMELEN]; @@ -121,8 +121,13 @@ build_access_request(struct rad_handle *radh, const char *user, } } } - if (state != NULL && rad_put_attr(radh, RAD_STATE, state, - state_len) == -1) { + if (rhost != NULL && + rad_put_string(radh, RAD_CALLING_STATION_ID, rhost) == -1) { + syslog(LOG_CRIT, "rad_put_string: %s", rad_strerror(radh)); + return (-1); + } + if (state != NULL && + rad_put_attr(radh, RAD_STATE, state, state_len) == -1) { syslog(LOG_CRIT, "rad_put_attr: %s", rad_strerror(radh)); return (-1); } @@ -162,7 +167,7 @@ do_accept(pam_handle_t *pamh, struct rad_handle *radh) static int do_challenge(pam_handle_t *pamh, struct rad_handle *radh, const char *user, - const char *nas_id, const char *nas_ipaddr) + const char *nas_id, const char *nas_ipaddr, const char *rhost) { int retval; int attrtype; @@ -230,7 +235,7 @@ do_challenge(pam_handle_t *pamh, struct rad_handle *radh, const char *user, conv->appdata_ptr)) != PAM_SUCCESS) return (retval); if (build_access_request(radh, user, resp[num_msgs-1].resp, nas_id, - nas_ipaddr, state, statelen) == -1) + nas_ipaddr, rhost, state, statelen) == -1) return (PAM_SERVICE_ERR); memset(resp[num_msgs-1].resp, 0, strlen(resp[num_msgs-1].resp)); free(resp[num_msgs-1].resp); @@ -246,7 +251,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, { struct rad_handle *radh; const char *user, *pass; - const void *tmpuser; + const void *rhost, *tmpuser; const char *conf_file, *template_user, *nas_id, *nas_ipaddr; int retval; int e; @@ -255,6 +260,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, template_user = openpam_get_option(pamh, PAM_OPT_TEMPLATE_USER); nas_id = openpam_get_option(pamh, PAM_OPT_NAS_ID); nas_ipaddr = openpam_get_option(pamh, PAM_OPT_NAS_IPADDR); + pam_get_item(pamh, PAM_RHOST, &rhost); retval = pam_get_user(pamh, &user, NULL); if (retval != PAM_SUCCESS) @@ -284,8 +290,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, PAM_LOG("Radius config file read"); - if (build_access_request(radh, user, pass, nas_id, nas_ipaddr, NULL, - 0) == -1) { + if (build_access_request(radh, user, pass, nas_id, nas_ipaddr, rhost, + NULL, 0) == -1) { rad_close(radh); return (PAM_SERVICE_ERR); } @@ -330,7 +336,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, case RAD_ACCESS_CHALLENGE: retval = do_challenge(pamh, radh, user, nas_id, - nas_ipaddr); + nas_ipaddr, rhost); if (retval != PAM_SUCCESS) { rad_close(radh); return (retval); diff --git a/lib/libpam/modules/pam_ssh/Makefile b/lib/libpam/modules/pam_ssh/Makefile index 5643f32..b5ca478 100644 --- a/lib/libpam/modules/pam_ssh/Makefile +++ b/lib/libpam/modules/pam_ssh/Makefile @@ -13,9 +13,7 @@ SRCS+= roaming_dummy.c WARNS?= 3 CFLAGS+= -I${SSHDIR} -include ssh_namespace.h -DPADD= ${LIBSSH} ${LIBCRYPTO} ${LIBCRYPT} -LDADD= ${LDSSH} -lcrypto -lcrypt -USEPRIVATELIB= ssh +LIBADD= ssh .include <bsd.lib.mk> diff --git a/lib/libpam/modules/pam_tacplus/Makefile b/lib/libpam/modules/pam_tacplus/Makefile index 053812a..5d2a3f3 100644 --- a/lib/libpam/modules/pam_tacplus/Makefile +++ b/lib/libpam/modules/pam_tacplus/Makefile @@ -28,7 +28,6 @@ LIB= pam_tacplus SRCS= pam_tacplus.c MAN= pam_tacplus.8 -DPADD= ${LIBTACPLUS} -LDADD= -ltacplus +LIBADD+= tacplus .include <bsd.lib.mk> diff --git a/lib/libpam/modules/pam_unix/Makefile b/lib/libpam/modules/pam_unix/Makefile index ea9e639..5330ae4 100644 --- a/lib/libpam/modules/pam_unix/Makefile +++ b/lib/libpam/modules/pam_unix/Makefile @@ -41,13 +41,11 @@ LIB= pam_unix SRCS= pam_unix.c MAN= pam_unix.8 -DPADD+= ${LIBUTIL} ${LIBCRYPT} -LDADD+= -lutil -lcrypt +LIBADD+= util crypt .if ${MK_NIS} != "no" CFLAGS+= -DYP -DPADD+= ${LIBYPCLNT} -LDADD+= -lypclnt +LIBADD+= ypclnt .endif .include <bsd.lib.mk> |