summaryrefslogtreecommitdiffstats
path: root/lib/libpam/modules
Commit message (Collapse)AuthorAgeFilesLines
* Commenting out WARNS actually brought it up to 4.ru2005-09-281-1/+1
|
* Comment out WARNS, the OpenSSL headers don't compile cleanly on some platforms.des2005-09-281-1/+1
|
* Increase WARNS.des2005-09-261-1/+1
|
* Correct the logic for determining whether the user has already entereddes2005-09-261-4/+7
| | | | | | a password. Also, work around some harmless type pun warnings. MFC after: 3 days
* Do not use passphraseless keys for authentication unless the nullokdes2005-09-222-2/+13
| | | | | | | | option was specified. PR: bin/81231 Submitted by: "Daniel O'Connor" <doconnor@gsoft.com.au> MFC after: 3 days
* Narrow the use of user credentials.des2005-09-211-14/+10
| | | | | | Fix one case where openpam_restore_cred() might be called twice in a row. MFC after: 3 days
* When (re)allocating space for an array of pointers to char, usecperciva2005-09-191-1/+1
| | | | | | | | | | | | sizeof(*list), not sizeof(**list). (i.e., sizeof(pointer) rather than sizeof(char)). It is possible that this buffer overflow is exploitable, but it was added after RELENG_5 forked and hasn't been MFCed, so this will not receive an advisory. Submitted by: Vitezslav Novy MFC after: 1 day
* Missed one piece of the cluster's quirk. Need to override WARNS becausekensmith2005-07-081-0/+1
| | | | | | | | if _FREEFALL_CONFIG is set gcc bails since pam_sm_setcred() in pam_krb5.c no longer uses any of its parameters. Pointy hat: kensmith Approved by: re (scottl)
* This is sort of an MFS. Peter made these changes to the RELENG_*kensmith2005-07-072-0/+7
| | | | | | | | | | | | | | | | | | | branches but missed HEAD. This patch extends his a little bit, setting it up via the Makefiles so that adding _FREEFALL_CONFIG to /etc/make.conf is the only thing needed to cluster-ize things (current setup also requires overriding CFLAGS). From Peter's commit to the RELENG_* branches: > Add the freebsd.org custer's source modifications under #ifdefs to aid > keeping things in sync. For ksu: > * install suid-root by default > * don't fall back to asking for a unix password (ie: be pure kerberos) > * allow custom user instances for things like www and not just root The Makefile tweaks will be MFC-ed, the rest is already done. MFC after: 3 days Approved by: re (dwhite)
* Use the correct login class when setting a new password.des2005-07-051-1/+1
| | | | | | | PR: 65557, 72949 Submitted by: Stephen P. Cravey <clists@gotbrains.org> Approved by: re (scottl) MFC after: 2 weeks
* Assorted markup fixes.ru2005-06-151-1/+1
| | | | Approved by: re
* Don't use a cast as an lvalue.des2005-06-131-3/+3
| | | | | | | | Add a redundant test to make it painfully obvious to the reader that this code does not support IPv6. Approved by: re (dwhite) MFC after: 1 week
* Use appropriate error codes for each facility instead of just PAM_AUTH_ERR.des2005-06-101-4/+4
| | | | Noticed by: pjd
* Revert the commits that made libssh an INTERNALLIB; they caused too muchdes2005-06-071-2/+1
| | | | | | trouble, especially on amd64. Requested by: ru
* Fix libssh dependency.des2005-06-061-1/+2
|
* NI_WITHSCOPEID cleanupume2005-05-131-1/+1
| | | | Reviewed by: des
* Expand *n't contractions.ru2005-02-131-1/+1
|
* In addition to the PAM environment, export a handful of useful PAM items.des2005-02-012-8/+62
| | | | Suggested by: Ed Maste <emaste@phaedrus.sandvine.ca>
* When "no_ccache" is set as an argument to the pam_krb5 module, don'trwatson2005-01-241-0/+4
| | | | | | | | | copy the acquired TGT from the in-memory cache to the on-disk cache at login. This was documented but un-implemented behavior. MFC after: 1 week PR: bin/64464 Reported and tested by: Eric van Gyzen <vangyzen at stat dot duke dot edu>
* The final argument to verify_krb_v5_tgt() is the debug flag, not therwatson2005-01-231-2/+3
| | | | | | | | | ticket forwardable flag, so key generation of debugging output to "debug" rather than "forwardable". Update copyright. MFC after: 3 days
* Fixed xref.ru2005-01-212-3/+3
|
* NOCRYPT -> NO_CRYPTru2004-12-211-2/+2
|
* NOINSTALLLIB -> NO_INSTALLLIBru2004-12-211-1/+1
|
* NODOCCOMPRESS -> NO_DOCCOMPRESSru2004-12-211-2/+2
| | | | | | | | NOINFO -> NO_INFO NOINFOCOMPRESS -> NO_INFOCOMPRESS NOLINT -> NO_LINT NOPIC -> NO_PIC NOPROFILE -> NO_PROFILE
* Add knob NO_NIS (fka NO_YP_LIBC) and make world compileable when set.bz2004-11-131-3/+7
| | | | | | | | | | | If turned on no NIS support and related programs will be built. Lost parts rediscovered by: Danny Braniss <danny at cs.huji.ac.il> PR: bin/68303 No objections: des, gshapiro, nectar Reviewed by: ru Approved by: rwatson (mentor) MFC after: 2 weeks
* For variables that are only checked with defined(), don't provideru2004-10-241-3/+3
| | | | any fake value.
* Join the 21st century: Cryptography is no longer an optional componentcperciva2004-08-063-3/+0
| | | | | | | | | | of releases. The -DNOCRYPT build option still exists for anyone who really wants to build non-cryptographic binaries, but the "crypto" release distribution is now part of "base", and anyone installing from a release will get cryptographic binaries. Approved by: re (scottl), markm Discussed on: freebsd-current, in late April 2004
* Downgrade WARNS level for GCC 3.4.2.kan2004-07-281-0/+1
|
* Markup nits.ru2004-07-051-2/+2
|
* Sort SEE ALSO references (in dictionary order, ignoring case).ru2004-07-041-1/+1
|
* Mechanically kill hard sentence breaks.ru2004-07-0216-19/+23
|
* Deal with unsafe tab characters.ru2004-07-021-1/+3
|
* Markup, grammar, punctuation.ru2004-07-012-3/+3
|
* Revert the last change. There are more 64bit platforms than amd64, andkan2004-06-251-1/+1
| | | | they break due to diferent alignment restrictions.
* Remove the use of cast as lvalue.kan2004-06-251-1/+1
|
* Make NULL a (void*)0 whereever possible, and fix the warnings(-Werror)markm2004-03-051-1/+1
| | | | | | | | | | | | | | | that this provokes. "Wherever possible" means "In the kernel OR NOT C++" (implying C). There are places where (void *) pointers are not valid, such as for function pointers, but in the special case of (void *)0, agreement settles on it being OK. Most of the fixes were NULL where an integer zero was needed; many of the fixes were NULL where ascii <nul> ('\0') was needed, and a few were just "other". Tested on: i386 sparc64
* style cleanup: Remove duplicate $FreeBSD$ tags.cperciva2004-02-101-2/+0
| | | | | | | | These files had tags after the copyright notice, inside the comment block (incorrect, removed), and outside the comment block (correct). Approved by: rwatson (mentor)
* Fix numerous constness and aliasing issues.des2004-02-106-19/+18
|
* Put libraries in the link order.ru2004-02-041-3/+2
| | | | Reported by: lorder(1) (modified to work with libraries)
* This module doesn't use libgssapi (and it looks never did).ru2004-02-041-3/+2
|
* Implement pam_sm_close_session().des2004-01-261-1/+13
| | | | | PR: bin/61657 Submitted by: Joe R. Doupnik <jrd@cc.usu.edu>
* Deal better with the crypto version of the PAM library that goesru2004-01-183-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | on the release media -- only put what is different in the crypto version compared to the base version. This reduces PAM entries in /usr/lib in the "crypto" distribution to: libpam.a libpam.so@ libpam.so.2 pam_krb5.so@ pam_krb5.so.2 pam_ksu.so@ pam_ksu.so.2 pam_ssh.so@ pam_ssh.so.2 The libpam.so* is still redundant (it is identical to the "base" version), but we can't set DISTRIBUTION differently for libpam.a and libpam.so. (The removal of libpam.so* from the crypto distribution could be addressed by the release/scripts/crypto-make.sh script, but then we'd also need to remove redundant PAM headers, and I'm not sure this is worth a hassle.)
* Remove crossref to pam.conf(5) which never existed.schweikh2004-01-171-1/+0
|
* Fix a strict aliasing issue. Also remove an unnecessary pam_get_item()des2003-12-111-8/+6
| | | | | | | call (pam_get_authtok() will return the previous token if try_first_pass or use_first_pass is specified). Incidentally fix an ugly bug where the buffer holding the prompt was freed immediately before use, instead of after.
* More strict aliasing fixes.des2003-12-111-26/+29
| | | | Submitted by: Andreas Hauser <andy-freebsd@splashground.de>
* Fix strict aliasing breakage in PAM modules (except pam_krb5, which needsdes2003-12-119-42/+44
| | | | more work than the others). This should make most modules build with -O2.
* Fix on sparc64.sobomax2003-11-121-1/+1
| | | | | Reported by: rwatson/tinderbox MFC after: 2 weeks
* Add a new configuration variable - nas_ipaddr, which if set allows tosobomax2003-11-122-8/+47
| | | | | | | | set NAS-IP-Address attribute in requests generated by the pam_radius module. This attribute is mandatory for some Radius servers out there. Reviewed by: des MFC after: 2 weeks
* - fix to UID test description, non-zero -> zerokensmith2003-10-171-1/+1
| | | | | | PR: docs/57799 Reviewed by: des Approved by: blackend (mentor)
* Ignore ECHILD from waitpid(2) (our child may have been reaped by thedes2003-09-191-1/+2
| | | | | | calling process's SIGCHLD handler) PR: bin/45669
OpenPOWER on IntegriCloud