summaryrefslogtreecommitdiffstats
path: root/lib/libpam/modules
Commit message (Collapse)AuthorAgeFilesLines
* english(4) police.schweikh2002-12-273-3/+3
|
* mdoc(7) police: removed gratuitous .Pp call.ru2002-12-231-1/+0
|
* Merge in most non-style differences from Andrew Korty's pam_ssh 1.7.des2002-12-163-51/+70
|
* mdoc(7) police: .Dt is ALL UPPERCASE.ru2002-12-121-1/+1
| | | | Approved by: re
* mdoc(7) police: formatting nits.ru2002-11-292-3/+6
| | | | Approved by: re
* Whitespace nits.des2002-11-281-2/+2
| | | | Approved by: re (bmah)
* Add a PAM_MODULE_ENTRY to this module so it'll actually do something.des2002-11-281-0/+2
| | | | Approved by: re (bmah)
* utmp.ut_time and lastlog.ll_time are explicitly int32_t rather thanpeter2002-11-151-4/+6
| | | | | | | | | | | | time_t. Deal with the possibility that time_t != int32_t. This boils down to this sort of thing: - time(&ut.ut_time); + ut.ut_time = time(NULL); and similar for ctime(3) etc. I've kept it minimal for the stuff that may need to be portable (or 3rd party code), but used Matt's time32 stuff for cases where that isn't as much of a concern. Approved by: re (jhb)
* Make dynamic PAM modules depend on dynamic PAM library.ru2002-11-141-4/+7
| | | | Requested by: des, markm
* The pam_krb5 module stored a reference to a krb5_ccache structure asnectar2002-11-131-20/+42
| | | | | | | | | | | | | | | | | PAM module state (created in pam_sm_authenticate and referenced later in pam_sm_setcred and pam_sm_acct_mgmt). However, the krb5_ccache structure shares some data members with the krb5_context structure that was used in its creation. Since a new krb5_context is created and destroyed at each PAM entry point, this inevitably caused the krb5_ccache structure to reference free'd memory. Now instead of storing a pointer to the krb5_ccache structure, we store the name of the cache (e.g. `MEMORY:0x123CACHE') in pam_sm_authenticate, and resolve the name in the other entry points. This bug was uncovered by phkmalloc's free'd memory scrubbing. Approved by: re (jhb)
* Use `krb5_get_err_text' instead of `error_message' so that instead ofnectar2002-11-131-24/+47
| | | | | | | | | | | | | | | | | e.g. Unknown error: -1765328378 we get Client not found in Kerberos database Another way to accomplish this would have been to leave `error_message' alone, but to explicitly load the Kerberos com_err error tables. However, I don't really like the idea of a PAM module dorking with global tables. Approved by: re (jhb)
* Allow the admin to specify a different NAS identifier than the hostname.des2002-10-282-11/+20
| | | | Submitted by: Boris Kovalenko <boris@ntmk.ru>
* Introduce 'exempt_if_empty' option to pam_wheel(8), which bypasses therwatson2002-10-182-2/+18
| | | | | | | | | | group membership requirement if the group has no explicit members listed in /etc/group. By default, this group is the wheel group; setting this flag restores the default BSD behavior from 4.x. Reviewed by: markm Requested by: various Sponsored by: DARPA, Network Associates Laboratories
* Since pam_get_authtok(3) doesn't know about our options structure, settingdes2002-07-301-10/+11
| | | | | | | | the PAM_ECHO_PASS option on-the-fly is a NOP (though it wasn't with the old pam_get_pass(3) code). Instead, call pam_prompt(3) directly. This actually simplifies the code a bit. MFC after: 3 days
* Tidy up.ru2002-06-061-10/+3
|
* Missed one in previous commit.des2002-05-301-2/+4
| | | | Pointed out by: nectar
* mdoc(7) police: kill whitespace at EOL.ru2002-05-301-1/+1
|
* mdoc(7) police: polish markup.ru2002-05-301-34/+68
|
* mdoc(7) police: tidy up the markup.ru2002-05-301-6/+15
|
* Add pam_ksu(8), a module to do Kerberos 5 authentication andnectar2002-05-284-0/+412
| | | | | | $HOME/.k5login authorization for su(1). Reviewed by: des (earlier version)
* Add missing include.des2002-05-241-0/+1
|
* Just to show that PAM can do almost anything from the ridiculous to thedes2002-05-237-0/+418
| | | | | | | obscene, or - as they say in New York - sophisticated, add pam_echo(8) and pam_exec(8) to our ever-lengthening roster of PAM modules. Sponsored by: DARPA, NAI Labs.
* Hide a couple of unguarded error returns behind the no_fail test.des2002-05-231-5/+6
|
* Free old_pwd only in the code path where it has been allocated.jmallett2002-05-221-1/+1
| | | | Reviewed by: des
* Do not build pam_ssh if NOSECURE is set (NO_OPENSSL is on a subset of NOSECURE)obrien2002-05-151-1/+2
|
* Major cleanup of bsd.lib.mk.ru2002-05-131-2/+2
| | | | | | | Get rid of the INTERNALSTATICLIB knob and just use plain INTERNALLIB. INTERNALLIB now means to build static library only and don't install anything. Added a NOINSTALLLIB knob for libpam/modules. To not build any library at all, just do not set LIB.
* Don't declare krb5_mcc_ops, it's already declared in <krb5.h>des2002-05-121-2/+0
|
* Use libutil and libypclnt for all passwd manipulation and NIS needs.des2002-05-082-22/+41
| | | | Sponsored by: DARPA, NAI Labs
* Add a no_fail option.des2002-05-082-6/+20
| | | | Sponsored by: DARPA, NAI Labs
* Add pam_ftpusers(8), which enforces /etc/ftpusers.des2002-05-084-0/+222
| | | | Sponsored by: DARPA, NAI Labs
* Don't ask root for the old password, except in the NIS case.des2002-04-261-1/+6
| | | | Sponsored by: DARPA, NAI Labs
* Fix a really dumb bug (missing curly braces around the body of an ifdes2002-04-261-2/+3
| | | | statement) that caused pam_sm_chauthtok() to always fail silently.
* Oops, fix an inverted if test.des2002-04-201-1/+1
|
* Strip /dev/ from tty name, and clean up the "last login" printout.des2002-04-201-6/+10
| | | | Sponsored by: DARPA, NAI Labs
* Add a missing .El and fix a typo.des2002-04-161-1/+2
| | | | | Spotted by: Solar Designer <solar@openwall.com> Sponsored by: DARPA, NAI Labs
* Revert previous commit, it is incorrect.des2002-04-151-1/+1
|
* Properly spell rpcsvc/ypclnt.h and fix the build.obrien2002-04-151-1/+1
|
* Throw in NO_WERROR to please the peanut gallery.des2002-04-151-0/+1
|
* Use PAM_SUCCESS instead of PAM_IGNORE.des2002-04-152-3/+3
|
* Whitespace nits.des2002-04-151-17/+17
|
* Add a manual page based on Solar Designer's README.des2002-04-152-1/+234
| | | | Sponsored by: DARPA, NAI Labs
* pam_passwdqc depends on libcrypt.des2002-04-151-0/+2
|
* Prompt for new password during update phase, not during preliminary phase.des2002-04-151-16/+10
| | | | Sponsored by: DARPA, NAI Labs
* Dike out most of the NIS code and replace it with calls to libypclnt.des2002-04-152-285/+79
| | | | | | | Rework pam_sm_chauthtok() so it (mostly?) works. The standard pw stuff still needs to move into a library somewhere. Sponsored by: DARPA, NAI Labs
* pam_passwdqc builds now.des2002-04-141-1/+1
|
* More recent versions of pam_passwdqc (not yet released) build with verydes2002-04-141-1/+2
| | | | few warnings.
* Major cleanup:des2002-04-1220-1322/+485
| | | | | | | | | | | | | - add __unused where appropriate - PAM_RETURN -> return since OpenPAM already logs the return value. - make PAM_LOG use openpam_log() - make PAM_VERBOSE_ERROR use openpam_get_option() and check flags for PAM_SILENT - remove dummy functions since OpenPAM handles missing service functions - fix various warnings Sponsored by: DARPA, NAI Labs
* Add a pam_rhosts module, loosely based on code submitted by Danny Braniss.des2002-04-124-0/+196
| | | | | Submitted by: Danny Braniss <danny@cs.huji.ac.il> Sponsored by: DARPA, NAI Labs
* Rename the even_root option to allow_root.des2002-04-122-7/+6
| | | | Sponsored by: DARPA, NAI Labs
* Moved SHLIB_NAME definition into one place.ru2002-04-1020-27/+9
| | | | Approved by: des
OpenPOWER on IntegriCloud