272461 |
03-Oct-2014 |
gjb |
Copy stable/10@r272459 to releng/10.1 as part of the 10.1-RELEASE process.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
270125 |
18-Aug-2014 |
ache |
MFC: r269875
According to opie code and even direct mention in opie(4) challenge buffer size must be OPIE_CHALLENGE_MAX + 1, not OPIE_CHALLENGE_MAX
Reviewed by: des
|
256281 |
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
162320 |
15-Sep-2006 |
des |
Reject user with names that are longer than OPIE is willing to deal with; otherwise OPIE will happily truncate it.
Spotted by: ghelmer MFC after: 2 weeks
|
115470 |
31-May-2003 |
des |
Update copyright dates.
|
115465 |
31-May-2003 |
des |
Remove all instances of pam_std_option()
|
112044 |
09-Mar-2003 |
obrien |
style.Makefile(5) police (I've tried to keep to the spirit of the original formatting)
Reviewed by: des
|
108317 |
27-Dec-2002 |
schweikh |
english(4) police.
|
100917 |
30-Jul-2002 |
des |
Since pam_get_authtok(3) doesn't know about our options structure, setting the PAM_ECHO_PASS option on-the-fly is a NOP (though it wasn't with the old pam_get_pass(3) code). Instead, call pam_prompt(3) directly. This actually simplifies the code a bit.
MFC after: 3 days
|
94564 |
12-Apr-2002 |
des |
Major cleanup:
- add __unused where appropriate - PAM_RETURN -> return since OpenPAM already logs the return value. - make PAM_LOG use openpam_log() - make PAM_VERBOSE_ERROR use openpam_get_option() and check flags for PAM_SILENT - remove dummy functions since OpenPAM handles missing service functions - fix various warnings
Sponsored by: DARPA, NAI Labs
|
94372 |
10-Apr-2002 |
ru |
Moved SHLIB_NAME definition into one place.
Approved by: des
|
93984 |
06-Apr-2002 |
des |
Aggressive cleanup of warnings + authtok-related code in preparation for PAMifying passwd(1).
Sponsored by: DARPA, NAI Labs.
|
92356 |
15-Mar-2002 |
ru |
mdoc(7) police: expand contractions.
|
92297 |
14-Mar-2002 |
des |
NAI DBA update.
|
91714 |
05-Mar-2002 |
des |
Switch to OpenPAM. Bump library version. Modules are now versioned, so applications linked with Linux-PAM will still work. Remove pam_get_pass(); OpenPAM has pam_get_authtok(). Remove pam_prompt(); OpenPAM has pam_{,v}{error,info,prompt}(). Remove pam_set_item(3) man page as OpenPAM has its own.
Sponsored by: DARPA, NAI Labs
|
90315 |
06-Feb-2002 |
markm |
Remove NO_WERROR, now that WARNS=n is gone.
|
90229 |
05-Feb-2002 |
des |
#include cleanup.
Sponsored by: DARPA, NAI Labs
|
89760 |
24-Jan-2002 |
markm |
WARNS=4 fixes. Protect with NO_WERROR for the modules that have warnings that are hard to fix or that I've been asked to leave alone.
|
89618 |
21-Jan-2002 |
des |
Further changes to allow enabling pam_opie(8) by default:
- Ignore the {try,use}_first_pass options by clearing PAM_AUTHTOK before challenging the user. These options are meaningless for pam_opie(8) since the user can't possibly know the right response before she sees the challenge.
- Introduce the no_fake_prompts option. If this option is set, pam_opie(8) will fail - rather than present a bogus challenge - if the target user does not have an OPIE key. With this option, users who haven't set up OPIE won't have to wonder what that "weird otp-md5 s**t" means :)
Reviewed by: ache, markm Sponsored by: DARPA, NAI Labs
|
89613 |
21-Jan-2002 |
des |
Add a new module, pam_opieaccess(8), which is responsible for checking /etc/opieaccess and ~/.opiealways so we can decide what to do after pam_opie(8) fails.
Sponsored by: DARPA, NAI Labs Reviewed by: ache, markm
|
89592 |
20-Jan-2002 |
ache |
snprintf bloat -> strlcpy Add getpwnam return check
Approved by: des, markm
|
89567 |
19-Jan-2002 |
ache |
Back out recent changes
|
89555 |
19-Jan-2002 |
ache |
If user not exist in OPIE system, return failure immediately instead of producing fake prompts with random numbers which can be detected by potential intruder in two tries and totally confuse non-OPIE users.
|
89550 |
19-Jan-2002 |
ache |
Previous commit was incomplete, use new error code PAM_CRED_ERR to indicate die case, different from PAM_SUCCESS and PAM_AUTH_ERR
|
89546 |
19-Jan-2002 |
ache |
Rewrite 'pwok' fallback in the way it can be properly chained with pam_unix
Replace snprintf %s with strlcpy
Check for NULL returned from getpwnam()
|
89531 |
19-Jan-2002 |
ache |
Set pwok to 1 for non-OPIE users
|
89528 |
19-Jan-2002 |
ache |
Implement 'pwok', i.e. conditional fallback to unix password as supposed by opieaccessfile() and opiealways()
|
87398 |
05-Dec-2001 |
des |
Add dummy functions for all module types. These dummies return PAM_IGNORE rather than PAM_SUCCESS, so you'll get a failure if you list dummies but no real modules for a particular module chain.
Sponsored by: DARPA, NAI Labs
|
84218 |
30-Sep-2001 |
dillon |
Add __FBSDID()s to libpam
|
82977 |
04-Sep-2001 |
markm |
1) repair the return value in the PAM_RETURN() macro (Side effects!!). 2) canonicalise the options use in pam_options().
Submitted by: Gunnar Kreitz <gunnark@chello.se> PR: 30250
|
81473 |
10-Aug-2001 |
markm |
Verbose logging, overridable verbose error reporting.
|
79713 |
14-Jul-2001 |
markm |
Use a better method to get user credentials to account for (legal) duplications of UID's in /etc/*passwd.
|
79658 |
13-Jul-2001 |
ru |
mdoc(7) police: -xwidth has been fold into -width.
|
79577 |
11-Jul-2001 |
ru |
mdoc(7) police: fixed markup, a little bit.
|
79476 |
09-Jul-2001 |
markm |
Clean up (and in some cases write) the PAM mudules, using o The new options-processing API o The new DEBUG-logging API
Add man(1) pages for ALL modules. MDOC-Police welcome to check this.
Audit, clean up while I'm here.
|
77720 |
04-Jun-2001 |
markm |
Big module cleanup.
Move common stuff into Makefile.inc, and tidy up all the Makefiles as a result.
Build new modules.
Put a commented-out dependancy on libpam for the (shared) modules. I can't bring this in just yet, as the dependancy (modules->libpam) is reversed for the static case (libpam->modules).
|
70703 |
06-Jan-2001 |
obrien |
Use a unified libgcc rather than a seperate one for threaded and non-threaded programs. This provides threaded programs with the needed exception frame symbols.
parts submitted by: Max Khon <fjoe@iclub.nsu.ru> PR: 23252
|
59301 |
17-Apr-2000 |
kris |
Add pam_opie, a PAM module using the OPIE one-time-password scheme.
Submitted by: Jim Bloom <bloom@acm.org>
|