321245 |
19-Jul-2017 |
ngie |
MFC r269550: r269550 (by peter):
Check gethostname(2) return code - but even if it succeeds it may not null terminate.
Temporarily use "From: $user@$hostname" rather than "From: $user". The latter exposes incompatible behavior if using dma(8). sendmail(8) (and other alternatives) canonify either form on submission (even if masquerading), but dma will leak a non-compliant address to the internet. |
320229 |
22-Jun-2017 |
ngie |
Revert r320222,r320223,r320224
The committed changes (reverted after this commit) break POLA on a stable branch.
Requested by: jhb |
320222 |
22-Jun-2017 |
ngie |
MFC r308139,r308157,r308160,r316818,r318250,r318443:
r308139 (by bapt):
cron(8): add support for /etc/cron.d and /usr/local/etc/cron.d
For automation tools it is way easier to maintain files in directories rather than modifying /etc/crontab.
The files in those directories are in the same format as /etc/crontab
Relnotes: yes
r308157 (by bapt):
Fix typo in cron(8) date
r308160 (by bapt):
syslogd(8): add an 'include' keyword
All the '.conf' files not beginning with a '.' contained int he directory following the keyword will be included.
This keyword can only be used in the first level configuration files.
Modify the default syslogd.conf to 'include' /etc/syslog.d and /usr/local/etc/syslog.d
It simplify a lot handling of syslog from automation tools.
Relnotes: yes
r316818:
Conditionally install /etc/pam.d/ftp* and /etc/pam.d/telnetd
/etc/pam.d/ftp* should be installed with MK_FTP != no and /etc/pam.d/telnetd should be installed when MK_TELNET != no.
r318250:
Handle the logfiles in newsyslog and syslogd conditionally, based on src.conf(5) knobs
This will allow consumers of FreeBSD to use the unmodified configuration files out of the box more than previously.
Both newsyslog.conf and syslog.conf: - /var/log/lpd-errs (MK_LPR != no) - /var/log/ppp.log (MK_PPP != no) - /var/log/xferlog (MK_FTP != no)
newsyslog.conf: - /var/log/amd.log (MK_AMD != no) - /var/log/pflog (MK_PF != no) - /var/log/sendmail.st (MK_SENDMAIL != no)
r318443:
Conditionally handle the crontab entry for atrun(8)
The default crontab prior to this commit assumes atrun(8) is always present, which isn't true if MK_AT == no. Move atrun(8) execution from /etc/crontab to /etc/cron.d/at, and base /etc/cron.d/at's installation on MK_AT. cron(8) will detect /etc/cron.d/at's presence when the configuration is loaded and run atrun every 5 minutes like it would prior to this commit.
SHELL and PATH are duplicated between /etc/crontab and /etc/cron.d/at because atrun(8) executes programs, which may rely on environment set in the current default /etc/crontab.
Noted by: bdrewery (in an internal review) Relnotes: yes (may need to add environmental modifications to /etc/cron.d/at) |
271067 |
03-Sep-2014 |
gavin |
Merge r270677 from head:
Fix xref, pam(8) -> pam(3)
PR: 193045 Submitted by: rsimmons0 gmail com |
256281 |
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
236281 |
30-May-2012 |
miwi |
- FreeBSD ships a KDE PAM module in base, but it's missing support for passwordless login (kde-np), and it doesn't really belong in base system.
PR: misc/167261 Submitted by: avilla@ Approved by: rwatson (mentor) MFC after: 3 days
|
219663 |
15-Mar-2011 |
des |
Forgot to commit this change along with r219563: pam_group(8) now issues a warning if neither luser nor ruser is specified. The correct option for su(1) is ruser.
MFC after: 1 month
|
197769 |
05-Oct-2009 |
des |
tabify
MFC after: 3 weeks
|
197768 |
05-Oct-2009 |
des |
Change the pam_ssh examples: if you use it, you probably want want_agent.
MFC after: 3 weeks
|
195753 |
18-Jul-2009 |
marcus |
Remove gdm as it is no longer needed.
Approved by: re (kib) Reminded by: nork
|
195750 |
18-Jul-2009 |
marcus |
Remove this file. It is no longer needed as x11/gdm provides its own version under /usr/local/etc/pam.d.
Approved by: re (kib)
|
170890 |
17-Jun-2007 |
yar |
Add PAM support to cron(8). Now cron(8) will skip commands scheduled by unavailable accounts, e.g., those locked, expired, not allowed in at the moment by nologin(5), or whatever, depending on cron's pam.conf(5). This applies to personal crontabs only, /etc/crontab is unaffected.
In other words, now the account management policy will apply to commands scheduled by users via crontab(1) so that a user can no longer use cron(8) to set up a delayed backdoor and run commands during periods when the admin doesn't want him to.
The PAM check is done just before running a command, not when loading a crontab, because accounts can get locked, expired, and re-enabled any time with no changes to their crontabs. E.g., imagine that you provide a system with payed access, or better a cluster of such systems with centralized account management via PAM. When a user pays for some days of access, you set his expire field respectively. If the account expires before its owner pays more, its crontab commands won't run until the next payment is made. Then it'll be enough to set the expire field in future for the commands to run again. And so on.
Document this change in the cron(8) manpage, which includes adding a FILES section and touching the document date.
X-Security: should benefit as users have access to cron(8) by default
|
170773 |
15-Jun-2007 |
yar |
Add PAM support to atrun(8).
|
170771 |
15-Jun-2007 |
yar |
Locked out and expired accounts shouldn't be accessible via remote mailbox protocols. Add pam_unix to the `account' function class, too, for imap and pop3 to actually implement this policy.
|
170770 |
15-Jun-2007 |
yar |
Split the FILES list across multiple lines as in rc.d/Makefile so that the change history stays easily readable as the number of PAM-aware services grows.
|
170510 |
10-Jun-2007 |
yar |
Now pam_nologin(8) will provide an account management function instead of an authentication function. There are a design reason and a practical reason for that. First, the module belongs in account management because it checks availability of the account and does no authentication. Second, there are existing and potential PAM consumers that skip PAM authentication for good or for bad. E.g., sshd(8) just prefers internal routines for public key auth; OTOH, cron(8) and atrun(8) do implicit authentication when running a job on behalf of its owner, so their inability to use PAM auth is fundamental, but they can benefit from PAM account management.
Document this change in the manpage.
Modify /etc/pam.d files accordingly, so that pam_nologin.so is listed under the "account" function class.
Bump __FreeBSD_version (mostly for ports, as this change should be invisible to C code outside pam_nologin.)
PR: bin/112574 Approved by: des, re
|
147270 |
10-Jun-2005 |
nectar |
Remove rexecd(8), a server that implements a particularly insecure method of executing commands remotely. There are no rexec clients in the FreeBSD tree, and the client function rexec(3) is present only in libcompat. It has been documented as "obsolete" since 4.3BSD, and its use has been discouraged in the man page for over 10 years.
|
145613 |
28-Apr-2005 |
des |
X logins should be recorded in lastlog / wtmp / utmp. I have no idea why this wasn't there already... it makes much more sense this way.
MFC after: 2 weeks
|
139103 |
21-Dec-2004 |
ru |
Start the dreaded NOFOO -> NO_FOO conversion.
OK'ed by: core
|
136910 |
24-Oct-2004 |
ru |
For variables that are only checked with defined(), don't provide any fake value.
|
130151 |
06-Jun-2004 |
schweikh |
Removed whitespace at BOF, EOL & EOF.
|
126056 |
20-Feb-2004 |
des |
the default password policy for xdm should be pam_deny, since it is incapable of holding a meaningful conversation.
|
117360 |
09-Jul-2003 |
des |
Don't do session management in su.
PR: misc/53293 Submitted by: ru
|
116331 |
14-Jun-2003 |
des |
Add a system policy, and have the login and su policies include it rather than duplicate it. This requires OpenPAM Dianthus, which was committed two weeks ago; installing these files on a system running a world older than June 1st, 2003 will cause login(1) and su(1) to fail.
|
115584 |
01-Jun-2003 |
des |
Try to describe the control flags a little better.
|
114337 |
30-Apr-2003 |
markm |
The PAM module pam_krb5 does not have "session" capabilities. Don't give examples of such use, this is bogus.
|
113967 |
24-Apr-2003 |
des |
Add nullok to the pam_unix line.
|
112230 |
14-Mar-2003 |
ru |
Use the canonical form of installing links. Also, make "ftp" and "ftpd" hard links.
Not objected to by: des
|
111982 |
08-Mar-2003 |
markm |
Initiate KerberosIV de-orbit burn. Disconnect the /etc configs.
|
110993 |
16-Feb-2003 |
des |
Add the allow_local option to all pam_opieaccess entries.
|
110992 |
16-Feb-2003 |
des |
Add the want_agent option to the commented-out "session" pam_ssh entry.
|
110608 |
10-Feb-2003 |
des |
Major cleanup & homogenization.
|
110607 |
10-Feb-2003 |
des |
No idea what this is for, and it doesn't make much sense. If a port needs it, it can install its own copy in /usr/local/etc/pam.d/.
|
110606 |
10-Feb-2003 |
des |
There's no reason to have two identical policies for FTP servers, so make ftp a symlink to ftpd.
|
110457 |
06-Feb-2003 |
des |
Use pam_group(8) instead of pam_wheel(8).
|
110284 |
03-Feb-2003 |
des |
Don't enable pam_krb5 by default - most people don't have it since most people don't build with MAKE_KERBEROS5 defined. Provide commented-out usage examples instead, like we do everywhere else.
Pointy hat to: des
|
110239 |
02-Feb-2003 |
des |
Enable pam_krb5 for sshd. I've had this in my tree for ages.
|
107553 |
03-Dec-2002 |
des |
Since OpenSSH drops privileges before calling pam_open_session(3), pam_lastlog(8) can't possibly work, so let OpenSSH handle lastlog.
Approved by: re (rwatson)
|
105374 |
18-Oct-2002 |
rwatson |
Exempt the "wheel group requirement" by default when su'ing to root if the wheel group has no explicit members listed in /etc/group. This adds the "exempt_if_empty" flag to pam_wheel in the default configuration; in some environments, it may be appropriate to remove this flag, however, this default is the same as pre-pam_wheel.
Reviewed by: markm Sponsored by: DARPA, Network Associates Laboratories
|
99523 |
07-Jul-2002 |
des |
Silence pam_lastlog for now.
|
98448 |
19-Jun-2002 |
des |
We don't use this any more.
Sponsored by: DARPA, NAI Labs
|
98447 |
19-Jun-2002 |
des |
Enable OPIE for sshd and telnetd. I thought I'd done this a long time ago...
Sponsored by: DARPA, NAI Labs
|
96193 |
08-May-2002 |
des |
Use pam_lastlog(8)'s new no_fail option.
Sponsored by: DARPA, NAI Labs
|
95914 |
02-May-2002 |
des |
Add a PAM policy for rexecd(8).
Sponsored by: DARPA, NAI Labs
|
95912 |
02-May-2002 |
des |
xdm plays horrid tricks with PAM, and dumps core if it's allowed to call pam_lastlog, so add a dummy session chain to avoid using the one from pam.d/other. I assume gdm does something similar, so give it a dummy session chain as well.
Sponsored by: DARPA, NAI Labs.
|
95729 |
29-Apr-2002 |
des |
Add no_warn to pam_lastlog. This should prevent xdm from dumping core when linked with Linux-PAM.
|
95006 |
18-Apr-2002 |
des |
Don't list pam_unix in the session chain, since it does not provide any session management services.
Sponsored by: DARPA, NAI Labs
|
94989 |
18-Apr-2002 |
ru |
Fixed bugs in previous revision:
Added NOOBJ if anyone even attempts to "make obj" here. Revert to installing files with mode 644 except README. Make this overall look like a BSD-style Makefile rather than roll-your-own (this is not a bug).
For the record. Previous revision also fixed the breakage introduced by the sys.mk,v 1.60 commit: bsd.own.mk is no longer automatically included from sys.mk.
Reported by: jhay
|
94988 |
18-Apr-2002 |
des |
Use ${FILES} and <bsd.prog.mk> rather than roll-your-own.
|
94718 |
15-Apr-2002 |
des |
Add PAM policy for the "passwd" service, including a sample config line for pam_passwdqc.
Sponsored by: DARPA, NAI Labs
|
94716 |
15-Apr-2002 |
des |
Add pam_lastlog(8) here since I removed lastlog support from sshd.
Sponsored by: DARPA, NAI Labs
|
94565 |
12-Apr-2002 |
des |
Use pam_rhosts(8).
|
94189 |
08-Apr-2002 |
des |
If used, pam_ssh should be marked "sufficient", not "required".
Sponsored by: DARPA, NAI Labs
|
93221 |
26-Mar-2002 |
ru |
Switch over to using pam_login_access(8) module in sshd(8). (Fixes static compilation. Reduces diffs to OpenSSH.)
Reviewed by: bde
|
90417 |
08-Feb-2002 |
des |
Add missing "nullok" option to pam_unix.
|
89995 |
30-Jan-2002 |
des |
Add pam_self(8) so users can login(1) as themselves without authentication, pam_login_access(8) and pam_securetty(8) to enforce various checks previously done by login(1) but now handled by PAM, and pam_lastlog(8) to record login sessions in utmp / wtmp / lastlog.
Sponsored by: DARPA, NAI Labs
|
89992 |
30-Jan-2002 |
des |
Use pam_self(8) to allow users to su(1) to themselves without authentication.
Sponsored by: DARPA, NAI Labs
|
89619 |
21-Jan-2002 |
des |
Enable OPIE by default, using the no_fake_prompts option to hide it from users who don't wish to use it. If the admin is worried about leaking information about which users exist and which have OPIE enabled, the no_fake_prompts option can simply be removed.
Also insert the appropriate pam_opieaccess lines after pam_opie to break the chain in case the user is logging in from an untrusted host, or has a .opiealways file. The entire opieaccess / opiealways concept is slightly unpammish, but admins familiar with OPIE will expect it to work.
Reviewed by: ache, markm Sponsored by: DARPA, NAI Labs
|
89569 |
19-Jan-2002 |
des |
Really back out ache's commits. These files are now precisely as they were twentyfour hours ago, except for RCS ids.
|
89567 |
19-Jan-2002 |
ache |
Back out recent changes
|
89556 |
19-Jan-2002 |
ache |
Turn on pam_opie by default. It should not affect non-OPIE users.
|
89553 |
19-Jan-2002 |
ache |
Turn on pam_opie by default. It not affect non-OPIE users
|
89551 |
19-Jan-2002 |
ache |
Previous commit was incomplete, use "[default=ignore success=done cred_err=die]" options instead of "required"
|
89547 |
19-Jan-2002 |
ache |
Remove explaining comment and pam_unix commented out, now pam_unix can be chained with pam_opie
|
89532 |
19-Jan-2002 |
ache |
Change comment since fallback provided now not by ftpd but by pam_opie
|
89298 |
12-Jan-2002 |
des |
Unmunge the version preservation code and obfuscate it so CVS won't munge it all over again.
|
89290 |
12-Jan-2002 |
des |
Back out previous commit, which erroneously removed essential comments. I definitely need coffee.
Apologies to: ache
|
89289 |
12-Jan-2002 |
des |
Update copyright
|
89286 |
12-Jan-2002 |
des |
Sync with pam.conf revision 1.25.
|
89285 |
12-Jan-2002 |
des |
Preserve FreeBSD version strings in target files.
|
88807 |
02-Jan-2002 |
ache |
Improve pam_unix/opie related ftpd comment even more
|
88766 |
01-Jan-2002 |
ache |
Clarify comment about pam_unix fallback for ftpd
|
88764 |
01-Jan-2002 |
ache |
Turn on pam_opie.so for ftpd by default It not affect non-OPIE users
|
87468 |
06-Dec-2001 |
des |
Install pam.d files with mode 0644, not 0755.
|
87446 |
06-Dec-2001 |
des |
Makefile for pam.d configuration files.
Sponsored by: DARPA, NAI Labs
|
87423 |
05-Dec-2001 |
des |
Awright, egg on my face. I should have taken more time with this. The conversion script generated the wrong format, so the configuration files didn't actually work. Good thing I hadn't thrown the switch yet...
Sponsored by: DARPA, NAI Labs (but the f***ups are all mine)
|
87419 |
05-Dec-2001 |
des |
pam.d-style configuration, auto-generated from pam.conf.
Sponsored by: DARPA, NAI Labs
|
87417 |
05-Dec-2001 |
des |
Short README for /etc/pam.d, mostly extracted from the comments in pam.conf.
|
87416 |
05-Dec-2001 |
des |
Perl script that splits pam.conf into separate files suitable for pam.d.
Sponsored by: DARPA, NAI Labs
|