summaryrefslogtreecommitdiffstats
path: root/lib/libpam/modules/pam_unix/pam_unix.c
Commit message (Collapse)AuthorAgeFilesLines
* MFC r299948truckman2016-05-231-0/+1
| | | | | | | | | | Set retval in the empty password case to avoid a path through the code that fails to set retval before falling through to the final return(). Reported by: emaste Reported by: Coverity CID: 1018711
* MFC r299926truckman2016-05-231-2/+2
| | | | | | | | | | Hoist the getpwnam() call outside the first if/else block in pam_sm_chauthtok(). Set user = getlogin() inside the true branch so that it is initialized for the following PAM_LOG() call. This is how it is done in pam_sm_authenticate(). Reported by: Coverity CID: 272498
* Fix declaration vs. definition inconsistency. No functional change.jkim2013-04-051-3/+3
|
* Fix an instance in pam_krb5(8), where the variable 'user' could be useddim2012-08-061-2/+2
| | | | | | | | uninitialized. Found by: clang 3.2 Reviewed by: des MFC after: 1 week
* Remove an unused variable from pam_unix.ed2011-11-051-2/+0
| | | | | | | | This variable was added in r82352 back in 2001, but even then it didn't have any use. Because it's not marked static, the C compiler won't complain about it. Discussed with: des
* Add <time.h> for ctime(), which we accidentally picked up throughdes2010-11-221-0/+1
| | | | | | | <sys/time.h>. Submitted by: Garrett Cooper <yanegomi@gmail.com> MFC after: 3 days
* Respect passwordtime from login.conf if set.des2010-02-021-2/+9
| | | | | | PR: bin/93473 Submitted by: Björn König <bkoenig@cs.tu-berlin.de> MFC after: 1 week
* Adjust for OpenPAM Hydrangea.des2007-12-211-1/+1
|
* In account management, verify whether the account has been lockedyar2007-03-271-0/+6
| | | | | | | | | | | | | | with `pw lock', so that it's impossible to log into a locked account using an alternative authentication mechanism, such as an ssh key. This change affects only accounts locked with pw(8), i.e., having a `*LOCKED*' prefix in their password hash field, so people still can use a different pattern to disable password authentication only. Mention all account management criteria in the manpage. Approved by: maintainer (timeout) PR: bin/71147 MFC after: 1 month
* Use the correct login class when setting a new password.des2005-07-051-1/+1
| | | | | | | PR: 65557, 72949 Submitted by: Stephen P. Cravey <clists@gotbrains.org> Approved by: re (scottl) MFC after: 2 weeks
* NI_WITHSCOPEID cleanupume2005-05-131-1/+1
| | | | Reviewed by: des
* Fix numerous constness and aliasing issues.des2004-02-101-1/+1
|
* Fix strict aliasing breakage in PAM modules (except pam_krb5, which needsdes2003-12-111-13/+10
| | | | more work than the others). This should make most modules build with -O2.
* Fix the master yppasswd routines, so they really workmbr2003-06-151-0/+26
| | | | | | | | for root on ypmaster. yppasswd_local() did use YPPASSWDPROG instead of MASTER_YPPASSWDPROG, and the domain was not set, resulting in a coredump during xdr-encode. Reviewed by: des
* Update copyright dates.des2003-05-311-1/+1
|
* Remove all instances of pam_std_option()des2003-05-311-38/+11
|
* Make sure rhostip is always initialized.des2003-04-301-1/+1
| | | | | PR: bin/51508 Submitted by: Peter Grimshaw <peter@tesseract.demon.co.uk>
* Treat an empty PAM_RHOST the same as a NULL one.des2003-04-301-1/+1
| | | | PR: bin/51508
* Remove a bogus null password check which assumed that a user with an emptydes2003-04-241-2/+8
| | | | | | password must necessarily have an empty pwd->pw_passwd. Also add a check that prevents users from setting a blank password unless the nullok option was specified. Root is still allowed to give anyone a blank password.
* Free old_pwd only in the code path where it has been allocated.jmallett2002-05-221-1/+1
| | | | Reviewed by: des
* Use libutil and libypclnt for all passwd manipulation and NIS needs.des2002-05-081-13/+29
| | | | Sponsored by: DARPA, NAI Labs
* Don't ask root for the old password, except in the NIS case.des2002-04-261-1/+6
| | | | Sponsored by: DARPA, NAI Labs
* Fix a really dumb bug (missing curly braces around the body of an ifdes2002-04-261-2/+3
| | | | statement) that caused pam_sm_chauthtok() to always fail silently.
* Revert previous commit, it is incorrect.des2002-04-151-1/+1
|
* Properly spell rpcsvc/ypclnt.h and fix the build.obrien2002-04-151-1/+1
|
* Prompt for new password during update phase, not during preliminary phase.des2002-04-151-16/+10
| | | | Sponsored by: DARPA, NAI Labs
* Dike out most of the NIS code and replace it with calls to libypclnt.des2002-04-151-244/+75
| | | | | | | Rework pam_sm_chauthtok() so it (mostly?) works. The standard pw stuff still needs to move into a library somewhere. Sponsored by: DARPA, NAI Labs
* Major cleanup:des2002-04-121-67/+36
| | | | | | | | | | | | | - add __unused where appropriate - PAM_RETURN -> return since OpenPAM already logs the return value. - make PAM_LOG use openpam_log() - make PAM_VERBOSE_ERROR use openpam_get_option() and check flags for PAM_SILENT - remove dummy functions since OpenPAM handles missing service functions - fix various warnings Sponsored by: DARPA, NAI Labs
* Align for const poisoning in -lutil.ru2002-04-081-3/+3
|
* Reorganize pam_sm_authenticate() to reduce code duplication.des2002-04-071-59/+22
| | | | Sponsored by: DARPA, NAI Labs
* Fix bug in previous commit that passed the wrong default value todes2002-04-071-6/+8
| | | | | | | | | login_getcapstr(3). Also fix a longer-standing bug (login_close(3) frees the string returned by login_getcapstr(3)) by reorganizing the code a little, and use login_getpwclass(3) instead of login_getclass(3) if we already have a struct pwd. Sponsored by: DARPA, NAI Labs
* Aggressive cleanup of warnings + authtok-related code in preparation fordes2002-04-061-78/+29
| | | | | | PAMifying passwd(1). Sponsored by: DARPA, NAI Labs.
* Fix some style issues, a const warning, and abuse of PAM_ABORT.des2002-04-061-11/+15
| | | | Sponsored by: DARPA, NAI Labs
* Fix world breakage introduced by my recent modifications tocjc2002-03-181-1/+1
| | | | | | | chpass(8). The relations between libc, libpam, chpass, passwd, and vipw are a mess and probably should be cleaned up. Submitted by: Peter Pentchev <roam@ringlet.net>
* NAI DBA update.des2002-03-141-1/+1
|
* Remove the use of random(3), and encapsulate the salt-generation inmarkm2002-03-141-30/+33
| | | | | | | its own function. The use of arc4random(3) is hopeless overkill here, but that does not hurt anything. Requested by: ache
* Switch to OpenPAM. Bump library version. Modules are now versioned, sodes2002-03-051-43/+36
| | | | | | | | | applications linked with Linux-PAM will still work. Remove pam_get_pass(); OpenPAM has pam_get_authtok(). Remove pam_prompt(); OpenPAM has pam_{,v}{error,info,prompt}(). Remove pam_set_item(3) man page as OpenPAM has its own. Sponsored by: DARPA, NAI Labs
* This file needs <syslog.h>.des2002-02-091-0/+1
| | | | Sponsored by: DARPA, NAI Labs
* #include cleanup.des2002-02-051-2/+2
| | | | Sponsored by: DARPA, NAI Labs
* Add the other half of the salt-generating code. No functionalmarkm2002-02-041-8/+7
| | | | | difference except that the salt is slightly harder to build dictionaries against, and the code does not use srandom[dev]().
* WARNS=n fixes (and some stylistic issues).markm2002-02-031-25/+27
|
* With asbestos longjohns on, integrate most of the checks normally done bydes2002-01-301-32/+102
| | | | | | login(1) (password & account expiry, hosts.access etc.) into pam_unix(8). Sponsored by: DARPA, NAI Labs
* Back out recent changesache2002-01-191-12/+12
|
* Back out second right-now-expired password check in pam_sm_chauthtok,ache2002-01-191-2/+1
| | | | old expired password assumed there
* Add yet one expired-right-now password check, in pam_sm_chauthtokache2002-01-191-13/+12
| | | | | srandomdev() can't be used in libraries, replace srandomdev()+random() by arc4random()
* Add missing check for right-now-expired passwordache2002-01-191-0/+2
|
* Don't put an extra space after password prompts, because it violates POLA,sobomax2001-10-251-4/+4
| | | | | | makes FreeBSD inconsistent with previous releases and "other unices" as well as with some internal password-asking services (e.g. ftp) within the same release.
* Add __FBSDID()s to libpamdillon2001-09-301-2/+3
|
* Big module makeover; improve logging, standardise variable names,markm2001-08-261-19/+460
| | | | | introduce ability to change passwords for both "usual" Unix methods and NIS.
* Clean up (and in some cases write) the PAM mudules, usingmarkm2001-07-091-33/+73
| | | | | | | | | | o The new options-processing API o The new DEBUG-logging API Add man(1) pages for ALL modules. MDOC-Police welcome to check this. Audit, clean up while I'm here.
OpenPOWER on IntegriCloud