aboutsummaryrefslogtreecommitdiff
path: root/lib/libpam
Commit message (Collapse)AuthorAgeFilesLines
* Changes to the expose_password functionality:Dag-Erling Smørgrav2019-06-302-7/+24
| | | | | | | | | | | | | - Implement use_first_pass, allowing expose_password to be used by other service functions than pam_auth() without prompting a second time. - Don't prompt for a password during pam_setcred(). PR: 238041 MFC after: 3 weeks Notes: svn path=/head/; revision=349556
* Improve the legibility of the login.access.5 man page by separatingCy Schubert2019-05-071-1/+3
| | | | | | | | | each argument into its own paragraph. MFC after: 3 days Notes: svn path=/head/; revision=347234
* Really fix pam install. Don't commit late at night or you make simple mistakes.Brad Davis2018-09-131-1/+1
| | | | | | | | Reported by: dumbbell Approved by: re (gjb), will (mentor) Notes: svn path=/head/; revision=338651
* Fix build after r338621 by avoiding LINKS and installing the link manually.Brad Davis2018-09-131-1/+3
| | | | | | | Approved by: re (rgrimes), will (mentor) Notes: svn path=/head/; revision=338633
* Move all pam related config to lib/libpam/Brad Davis2018-09-1317-1/+430
| | | | | | | | Approved by: re (rgrimes), will (mentor), des Differential Revision: https://reviews.freebsd.org/D17122 Notes: svn path=/head/; revision=338621
* Upgrade to OpenSSH 7.8p1.Dag-Erling Smørgrav2018-09-101-15/+14
| | | | | | | Approved by: re (kib@) Notes: svn path=/head/; revision=338561
* For full Linux-PAM compatibility, add a trailing NUL character whenDag-Erling Smørgrav2018-09-042-2/+4
| | | | | | | | | | | | passing the authentication token to the external program. Approved by: re (kib) Submitted by: Thomas Munro <munro@ip9.org> MFC after: 1 week Differential Revision: D16950 Notes: svn path=/head/; revision=338453
* Add support for Linux-PAM's badly named expose_authtok option.Dag-Erling Smørgrav2018-08-142-9/+77
| | | | | | | | | Submitted by: Thomas Munro <munro@ip9.org> MFC after: 1 week Differential Revision: D16171 Notes: svn path=/head/; revision=337732
* Don't use CCACHE for linking.Bryan Drewery2018-06-271-1/+2
| | | | | | | | MFC after: 2 weeks Sponsored by: Dell EMC Notes: svn path=/head/; revision=335733
* Forward Reply-Message attributes to the user, unless suppressed by theDag-Erling Smørgrav2018-05-162-15/+78
| | | | | | | | | | new no_reply_message option. MFC after: 1 week Sponsored by: The University of Oslo Notes: svn path=/head/; revision=333674
* Upgrade to OpenSSH 7.7p1.Dag-Erling Smørgrav2018-05-111-1/+1
| | | | Notes: svn path=/head/; revision=333490
* lib: further adoption of SPDX licensing ID tags.Pedro F. Giffuni2017-11-2623-0/+46
| | | | | | | | | | | | | | | Mainly focus on files that use BSD 2-Clause license, however the tool I was using mis-identified many licenses so this was mostly a manual - error prone - task. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts. Notes: svn path=/head/; revision=326219
* General further adoption of SPDX licensing ID tags.Pedro F. Giffuni2017-11-201-0/+2
| | | | | | | | | | | | | | | | | Mainly focus on files that use BSD 3-Clause license. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts. Special thanks to Wind River for providing access to "The Duke of Highlander" tool: an older (2014) run over FreeBSD tree was useful as a starting point. Notes: svn path=/head/; revision=326025
* DIRDEPS_BUILD: Update dependencies.Bryan Drewery2017-10-3125-25/+0
| | | | | | | Sponsored by: Dell EMC Isilon Notes: svn path=/head/; revision=325188
* If the user-provided password exceeds the maximum password length, don'tDag-Erling Smørgrav2017-10-261-0/+5
| | | | | | | | | | | | bother passing it to crypt(). It won't succeed and may allow an attacker to confirm that the user exists. Reported by: jkim@ MFC after: 1 week Security: CVE-2016-6210 Notes: svn path=/head/; revision=325010
* Add options to capture stdout and / or stderr and pass the output onDag-Erling Smørgrav2017-03-222-114/+244
| | | | | | | | | | | | | | to the user. There is currently no buffering, so the result may be somewhat unpredictable if the conversation function adds a newline, like openpam_ttyconv() does. Clean up and simplify the environment handling code, which triggered an inexplicable bug on some systems. MFC after: 2 weeks Notes: svn path=/head/; revision=315710
* Revert r314780Pedro F. Giffuni2017-03-121-1/+1
| | | | | | | | | | | | libpam: extra bounds checking through reallocarray(3). It appears to be causing brokenness when reporting PAM_* environment variables. This requires more investigation. Reported by: lstewart Notes: svn path=/head/; revision=315164
* Use LDFLAGS rather than CFLAGS when linking.Brooks Davis2017-03-081-1/+1
| | | | | | | | | | Reviewed by: kan Obtained from: CheriBSD Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D9882 Notes: svn path=/head/; revision=314901
* libpam: extra bounds checking through reallocarray(3).Pedro F. Giffuni2017-03-061-1/+1
| | | | | | | | Reviewed by: des MFC after: 1 week Notes: svn path=/head/; revision=314780
* Revert r314777: wrong log, the change was to libpam.Pedro F. Giffuni2017-03-061-1/+1
| | | | Notes: svn path=/head/; revision=314779
* libfetch: extra bounds checking through reallocarray(3).Pedro F. Giffuni2017-03-061-1/+1
| | | | | | | | Reviewed by: des MFC after: 1 week Notes: svn path=/head/; revision=314777
* Load default options before requesting a ticket.Dag-Erling Smørgrav2017-03-031-0/+2
| | | | | | | | | PR: 213909 Reported by: basarevych@gmail.com MFC after: 1 week Notes: svn path=/head/; revision=314598
* Upgrade to OpenPAM Radula.Dag-Erling Smørgrav2017-02-203-41/+0
|\ | | | | | | Notes: svn path=/head/; revision=313975
| * Vendor import of OpenPAM Radula.vendor/openpam/RADULADag-Erling Smørgrav2017-02-1926-126/+150
| | | | | | | | | | Notes: svn path=/vendor/openpam/dist/; revision=313968 svn path=/vendor/openpam/RADULA/; revision=313969; tag=vendor/openpam/RADULA
| * Merge upstream r825: fix line continuation in whitespaceDag-Erling Smørgrav2014-10-181-8/+24
| | | | | | | | Notes: svn path=/vendor/openpam/dist/; revision=273269
* | Use SRCTOP-relative paths to other directories instead of .CURDIR-relative onesEnji Cooper2017-01-202-3/+3
| | | | | | | | | | | | | | | | | | | | This implifies pathing in make/displayed output MFC after: 3 weeks Sponsored by: Dell EMC Isilon Notes: svn path=/head/; revision=312453
* | Use SRCTOP-relative paths to other directories instead of .CURDIR-relative onesEnji Cooper2017-01-203-4/+4
| | | | | | | | | | | | | | | | | | | | This implifies pathing in make/displayed output MFC after: 3 weeks Sponsored by: Dell EMC Isilon Notes: svn path=/head/; revision=312452
* | Use compiler driver to build relocatable objectAlexander Kabaev2016-12-291-1/+1
| | | | | | | | | | | | | | | | | | This works better with external toolchains where LD will not necessarily defailt to emulation we want. Compiler driver knows better. Notes: svn path=/head/; revision=310789
* | Remove support for SSH1 as it is already disabled in our OpenSSH.Ollivier Robert2016-08-222-4/+1
| | | | | | | | | | | | | | | | Submitted by: vangyzen MFC after: 2 weeks Notes: svn path=/head/; revision=304635
* | Add support for Ed25519 keys.Ollivier Robert2016-08-222-0/+3
| | | | | | | | | | | | | | | | Reported by: mwlucas MFH: 2 weeks Notes: svn path=/head/; revision=304626
* | DIRDEPS_BUILD: Update dependenciesBryan Drewery2016-06-141-1/+0
| | | | | | | | | | | | | | | | Approved by: re (gjb) Sponsored by: EMC / Isilon Storage Division Notes: svn path=/head/; revision=301891
* | Replace _pam_verbose_error() with a macro. This was the last differenceDag-Erling Smørgrav2016-06-084-74/+9
| | | | | | | | | | | | | | | | between our libpam and stock OpenPAM, meaning that it is now possible to replace the base libpam with a hypothetical ports version of OpenPAM. Notes: svn path=/head/; revision=301602
* | Set retval in the empty password case to avoid a path through theDon Lewis2016-05-161-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | code that fails to set retval before falling through to the final return(). Reported by: emaste Reported by: Coverity CID: 1018711 MFC after: 1 week Notes: svn path=/head/; revision=299948
* | Hoist the getpwnam() call outside the first if/else block inDon Lewis2016-05-161-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | pam_sm_chauthtok(). Set user = getlogin() inside the true branch so that it is initialized for the following PAM_LOG() call. This is how it is done in pam_sm_authenticate(). Reported by: Coverity CID: 272498 MFC after: 1 week Notes: svn path=/head/; revision=299926
* | Merge ^/user/ngie/release-pkg-fix-tests to unbreak how test files are installedEnji Cooper2016-05-041-4/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | after r298107 Summary of changes: - Replace all instances of FILES/TESTS with ${PACKAGE}FILES. This ensures that namespacing is kept with FILES appropriately, and that this shouldn't need to be repeated if the namespace changes -- only the definition of PACKAGE needs to be changed - Allow PACKAGE to be overridden by callers instead of forcing it to always be `tests`. In the event we get to the point where things can be split up enough in the base system, it would make more sense to group the tests with the blocks they're a part of, e.g. byacc with byacc-tests, etc - Remove PACKAGE definitions where possible, i.e. where FILES wasn't used previously. - Remove unnecessary TESTSPACKAGE definitions; this has been elided into bsd.tests.mk - Remove unnecessary BINDIRs used previously with ${PACKAGE}FILES; ${PACKAGE}FILESDIR is now automatically defined in bsd.test.mk. - Fix installation of files under data/ subdirectories in lib/libc/tests/hash and lib/libc/tests/net/getaddrinfo - Remove unnecessary .include <bsd.own.mk>s (some opportunistic cleanup) Document the proposed changes in share/examples/tests/tests/... via examples so it's clear that ${PACKAGES}FILES is the suggested way forward in terms of replacing FILES. share/mk/bsd.README didn't seem like the appropriate method of communicating that info. MFC after: never probably X-MFC with: r298107 PR: 209114 Relnotes: yes Tested with: buildworld, installworld, checkworld; buildworld, packageworld Sponsored by: EMC / Isilon Storage Division Notes: svn path=/head/; revision=299094
* | MFHGlen Barber2016-04-166-26/+25
|\ \ | | | | | | | | | | | | | | | | | | Sponsored by: The FreeBSD Foundation Notes: svn path=/projects/release-pkg/; revision=298092
| * | Build libpam modules in parallel.Bryan Drewery2016-04-141-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | MFC after: 2 weeks Sponsored by: EMC / Isilon Storage Division Notes: svn path=/head/; revision=297947
| * | Simplify building libpam and fix libpam.a not containing the modules since ↵Bryan Drewery2016-04-145-26/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | r284345. The change in r284345 moved the creation of openpam_static_modules.o to lib/libpam/static_modules but never managed to get them into libpam.a. Move this logic to lib/libpam/static_libpam and have it create a static library for libpam.a The main lib/libpam/libpam will only create a shared library. No redundancy in compilation or installation exists in this solution. This avoids requiring a pass with -D_NO_LIBPAM_SO_YET. Sponsored by: EMC / Isilon Storage Division Notes: svn path=/head/; revision=297946
* | | MFHGlen Barber2016-04-112-3/+3
|\| | | | | | | | | | | | | | | | | | | | Sponsored by: The FreeBSD Foundation Notes: svn path=/projects/release-pkg/; revision=297824
| * | libpam: replace 0 with NULL for pointers.Pedro F. Giffuni2016-04-092-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | Found with devel/coccinelle. Reviewed by: des Notes: svn path=/head/; revision=297755
* | | MFHGlen Barber2016-03-143-7/+5
|\| | | | | | | | | | | | | | | | | | | | Sponsored by: The FreeBSD Foundation Notes: svn path=/projects/release-pkg/; revision=296869
| * | DIRDEPS_BUILD: Update dependencies.Bryan Drewery2016-03-111-2/+0
| | | | | | | | | | | | | | | | | | | | | Sponsored by: EMC / Isilon Storage Division Notes: svn path=/head/; revision=296708
| * | Not ready for level 6 yet due to -Wredundant-decls.Dag-Erling Smørgrav2016-03-111-0/+1
| | | | | | | | | | | | Notes: svn path=/head/; revision=296657
| * | Define __bounded__ to fix the gcc build. While there, raise WARNS.Dag-Erling Smørgrav2016-03-112-2/+4
| | | | | | | | | | | | Notes: svn path=/head/; revision=296651
| * | Upgrade to OpenSSH 7.2p2.Dag-Erling Smørgrav2016-03-111-3/+0
| | | | | | | | | | | | Notes: svn path=/head/; revision=296633
* | | MFHGlen Barber2016-03-101-0/+19
|\| | | | | | | | | | | | | | | | | | | | Sponsored by: The FreeBSD Foundation Notes: svn path=/projects/release-pkg/; revision=296625
| * | DIRDEPS_BUILD: Connect MK_TESTS.Bryan Drewery2016-03-091-0/+19
| | | | | | | | | | | | | | | | | | | | | Sponsored by: EMC / Isilon Storage Division Notes: svn path=/head/; revision=296587
* | | Update libalias and libpam packaged files.Glen Barber2016-02-051-0/+1
| | | | | | | | | | | | | | | | | | | | | Sponsored by: The FreeBSD Foundation Notes: svn path=/projects/release-pkg/; revision=295291
* | | First pass to fix the 'tests' packages.Glen Barber2016-02-021-0/+4
| | | | | | | | | | | | | | | | | | | | | Sponsored by: The FreeBSD Foundation Notes: svn path=/projects/release-pkg/; revision=295171
* | | MFHGlen Barber2016-01-201-7/+6
|\| | | | | | | | | | | | | | | | | | | | Sponsored by: The FreeBSD Foundation Notes: svn path=/projects/release-pkg/; revision=294408