From c98db40744766ab0803912f29557df02814bcd9d Mon Sep 17 00:00:00 2001 From: Sascha Wildner Date: Tue, 24 Jul 2018 09:55:49 +0200 Subject: [PATCH] openpam: Sync OpenPAM modules a bit with FreeBSD. Not much to see here, except some bugfixes. Oh, and ed25519 support in pam_ssh. --- lib/libpam/modules/pam_chroot/Makefile | 2 +- lib/libpam/modules/pam_chroot/pam_chroot.8 | 2 +- lib/libpam/modules/pam_chroot/pam_chroot.c | 8 +- lib/libpam/modules/{pam_self => pam_deny}/Makefile | 10 +-- lib/libpam/modules/pam_deny/pam_deny.8 | 2 +- lib/libpam/modules/pam_deny/pam_deny.c | 5 +- lib/libpam/modules/pam_echo/Makefile | 2 +- lib/libpam/modules/pam_echo/pam_echo.8 | 4 +- lib/libpam/modules/pam_echo/pam_echo.c | 23 ++++-- lib/libpam/modules/pam_exec/Makefile | 2 +- lib/libpam/modules/pam_exec/pam_exec.8 | 2 +- lib/libpam/modules/pam_exec/pam_exec.c | 21 +++-- lib/libpam/modules/pam_ftpusers/Makefile | 2 +- lib/libpam/modules/pam_ftpusers/pam_ftpusers.8 | 2 +- lib/libpam/modules/pam_ftpusers/pam_ftpusers.c | 6 +- lib/libpam/modules/pam_group/Makefile | 2 +- lib/libpam/modules/pam_group/pam_group.8 | 12 ++- lib/libpam/modules/pam_group/pam_group.c | 39 ++++++--- lib/libpam/modules/pam_guest/Makefile | 2 +- lib/libpam/modules/pam_guest/pam_guest.8 | 2 +- lib/libpam/modules/pam_guest/pam_guest.c | 8 +- lib/libpam/modules/pam_lastlog/pam_lastlog.8 | 12 +-- lib/libpam/modules/pam_lastlog/pam_lastlog.c | 1 + lib/libpam/modules/pam_login_access/Makefile | 2 +- lib/libpam/modules/pam_login_access/login.access.5 | 2 +- lib/libpam/modules/pam_login_access/login_access.c | 6 +- .../modules/pam_login_access/pam_login_access.8 | 2 +- .../modules/pam_login_access/pam_login_access.c | 25 ++++-- .../modules/pam_login_access/pam_login_access.h | 4 +- lib/libpam/modules/pam_nologin/Makefile | 2 +- lib/libpam/modules/pam_nologin/pam_nologin.8 | 2 +- lib/libpam/modules/pam_nologin/pam_nologin.c | 4 +- .../modules/{pam_nologin => pam_opie}/Makefile | 15 ++-- lib/libpam/modules/pam_opie/pam_opie.8 | 2 +- lib/libpam/modules/pam_opie/pam_opie.c | 7 +- lib/libpam/modules/pam_opieaccess/Makefile | 1 + lib/libpam/modules/pam_opieaccess/pam_opieaccess.8 | 2 +- lib/libpam/modules/pam_opieaccess/pam_opieaccess.c | 5 +- lib/libpam/modules/pam_passwdqc/Makefile | 2 + .../modules/{pam_self => pam_permit}/Makefile | 10 +-- lib/libpam/modules/pam_permit/pam_permit.8 | 2 +- lib/libpam/modules/pam_permit/pam_permit.c | 5 +- .../modules/{pam_nologin => pam_radius}/Makefile | 14 ++-- lib/libpam/modules/pam_radius/pam_radius.8 | 34 ++++++-- lib/libpam/modules/pam_radius/pam_radius.c | 96 +++++++++++++++++----- lib/libpam/modules/pam_rhosts/Makefile | 2 +- lib/libpam/modules/pam_rhosts/pam_rhosts.8 | 2 +- lib/libpam/modules/pam_rhosts/pam_rhosts.c | 8 +- lib/libpam/modules/pam_rootok/Makefile | 2 +- lib/libpam/modules/pam_rootok/pam_rootok.8 | 2 +- lib/libpam/modules/pam_rootok/pam_rootok.c | 8 +- lib/libpam/modules/pam_securetty/Makefile | 2 +- lib/libpam/modules/pam_securetty/pam_securetty.8 | 2 +- lib/libpam/modules/pam_securetty/pam_securetty.c | 6 +- lib/libpam/modules/pam_self/Makefile | 2 +- lib/libpam/modules/pam_self/pam_self.8 | 2 +- lib/libpam/modules/pam_self/pam_self.c | 8 +- lib/libpam/modules/pam_ssh/Makefile | 3 + lib/libpam/modules/pam_ssh/pam_ssh.8 | 8 +- lib/libpam/modules/pam_ssh/pam_ssh.c | 5 +- .../modules/{pam_nologin => pam_tacplus}/Makefile | 14 ++-- lib/libpam/modules/pam_tacplus/pam_tacplus.8 | 2 +- lib/libpam/modules/pam_tacplus/pam_tacplus.c | 5 +- .../modules/{pam_nologin => pam_unix}/Makefile | 30 +++++-- lib/libpam/modules/pam_unix/pam_unix.8 | 2 +- lib/libpam/modules/pam_unix/pam_unix.c | 18 ++-- 66 files changed, 360 insertions(+), 188 deletions(-) copy lib/libpam/modules/{pam_self => pam_deny}/Makefile (88%) copy lib/libpam/modules/{pam_nologin => pam_opie}/Makefile (83%) copy lib/libpam/modules/{pam_self => pam_permit}/Makefile (88%) copy lib/libpam/modules/{pam_nologin => pam_radius}/Makefile (85%) copy lib/libpam/modules/{pam_nologin => pam_tacplus}/Makefile (85%) copy lib/libpam/modules/{pam_nologin => pam_unix}/Makefile (61%) diff --git a/lib/libpam/modules/pam_chroot/Makefile b/lib/libpam/modules/pam_chroot/Makefile index 018d7a7e26..0d24e653d7 100644 --- a/lib/libpam/modules/pam_chroot/Makefile +++ b/lib/libpam/modules/pam_chroot/Makefile @@ -1,4 +1,4 @@ -# $FreeBSD: src/lib/libpam/modules/pam_chroot/Makefile,v 1.1 2003/03/30 22:58:23 des Exp $ +# $FreeBSD: head/lib/libpam/modules/pam_chroot/Makefile 112857 2003-03-30 22:58:23Z des $ LIB= pam_chroot SRCS= pam_chroot.c diff --git a/lib/libpam/modules/pam_chroot/pam_chroot.8 b/lib/libpam/modules/pam_chroot/pam_chroot.8 index ddef322285..da8ccaa6f7 100644 --- a/lib/libpam/modules/pam_chroot/pam_chroot.8 +++ b/lib/libpam/modules/pam_chroot/pam_chroot.8 @@ -30,7 +30,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $FreeBSD: src/lib/libpam/modules/pam_chroot/pam_chroot.8,v 1.4 2004/07/02 23:52:16 ru Exp $ +.\" $FreeBSD: head/lib/libpam/modules/pam_chroot/pam_chroot.8 131504 2004-07-02 23:52:20Z ru $ .\" .Dd February 10, 2003 .Dt PAM_CHROOT 8 diff --git a/lib/libpam/modules/pam_chroot/pam_chroot.c b/lib/libpam/modules/pam_chroot/pam_chroot.c index 512a8fb5e7..5e91814dad 100644 --- a/lib/libpam/modules/pam_chroot/pam_chroot.c +++ b/lib/libpam/modules/pam_chroot/pam_chroot.c @@ -1,4 +1,6 @@ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright (c) 2003 Networks Associates Technology, Inc. * All rights reserved. * @@ -31,7 +33,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/lib/libpam/modules/pam_chroot/pam_chroot.c,v 1.3 2003/04/30 00:40:24 des Exp $ + * $FreeBSD: head/lib/libpam/modules/pam_chroot/pam_chroot.c 326219 2017-11-26 02:00:33Z pfg $ */ #include @@ -49,7 +51,7 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags __unused, - int argc __unused, const char *argv[] __unused) + int argc __unused, const char *argv[] __unused) { const char *dir, *end, *cwd, *user; struct passwd *pwd; @@ -99,7 +101,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags __unused, PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh __unused, int flags __unused, - int argc __unused, const char *argv[] __unused) + int argc __unused, const char *argv[] __unused) { return (PAM_SUCCESS); diff --git a/lib/libpam/modules/pam_self/Makefile b/lib/libpam/modules/pam_deny/Makefile similarity index 88% copy from lib/libpam/modules/pam_self/Makefile copy to lib/libpam/modules/pam_deny/Makefile index 1aecd82f18..cf13358d2c 100644 --- a/lib/libpam/modules/pam_self/Makefile +++ b/lib/libpam/modules/pam_deny/Makefile @@ -1,4 +1,4 @@ -# Copyright 2001 Mark R V Murray +# Copyright 1999 Max Khon. # All rights reserved. # # Redistribution and use in source and binary forms, with or without @@ -22,10 +22,10 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $FreeBSD: src/lib/libpam/modules/pam_self/Makefile,v 1.4 2003/03/09 20:06:37 obrien Exp $ +# $FreeBSD: head/lib/libpam/modules/pam_deny/Makefile 112044 2003-03-09 20:06:38Z obrien $ -LIB= pam_self -SRCS= pam_self.c -MAN= pam_self.8 +LIB= pam_deny +SRCS= pam_deny.c +MAN= pam_deny.8 .include diff --git a/lib/libpam/modules/pam_deny/pam_deny.8 b/lib/libpam/modules/pam_deny/pam_deny.8 index a6bbc893fe..7eec62d91a 100644 --- a/lib/libpam/modules/pam_deny/pam_deny.8 +++ b/lib/libpam/modules/pam_deny/pam_deny.8 @@ -22,7 +22,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $FreeBSD: src/lib/libpam/modules/pam_deny/pam_deny.8,v 1.4 2001/08/15 20:05:30 markm Exp $ +.\" $FreeBSD: head/lib/libpam/modules/pam_deny/pam_deny.8 81729 2001-08-15 20:05:33Z markm $ .\" .Dd July 7, 2001 .Dt PAM_DENY 8 diff --git a/lib/libpam/modules/pam_deny/pam_deny.c b/lib/libpam/modules/pam_deny/pam_deny.c index d881ec542d..ccf086a309 100644 --- a/lib/libpam/modules/pam_deny/pam_deny.c +++ b/lib/libpam/modules/pam_deny/pam_deny.c @@ -1,4 +1,6 @@ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright 2001 Mark R V Murray * All rights reserved. * @@ -23,8 +25,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/lib/libpam/modules/pam_deny/pam_deny.c,v 1.10 2005/06/10 06:16:13 des Exp $ - * $DragonFly: src/lib/pam_module/pam_deny/pam_deny.c,v 1.1 2005/08/01 16:15:19 joerg Exp $ + * $FreeBSD: head/lib/libpam/modules/pam_deny/pam_deny.c 326219 2017-11-26 02:00:33Z pfg $ */ #include diff --git a/lib/libpam/modules/pam_echo/Makefile b/lib/libpam/modules/pam_echo/Makefile index 5b123d5613..5734fb4fb2 100644 --- a/lib/libpam/modules/pam_echo/Makefile +++ b/lib/libpam/modules/pam_echo/Makefile @@ -1,4 +1,4 @@ -# $FreeBSD: src/lib/libpam/modules/pam_echo/Makefile,v 1.2 2003/03/09 20:06:35 obrien Exp $ +# $FreeBSD: head/lib/libpam/modules/pam_echo/Makefile 112044 2003-03-09 20:06:38Z obrien $ LIB= pam_echo SRCS= pam_echo.c diff --git a/lib/libpam/modules/pam_echo/pam_echo.8 b/lib/libpam/modules/pam_echo/pam_echo.8 index 7c260c1a51..072f2618dc 100644 --- a/lib/libpam/modules/pam_echo/pam_echo.8 +++ b/lib/libpam/modules/pam_echo/pam_echo.8 @@ -30,7 +30,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $FreeBSD: src/lib/libpam/modules/pam_echo/pam_echo.8,v 1.4 2004/07/02 23:52:16 ru Exp $ +.\" $FreeBSD: head/lib/libpam/modules/pam_echo/pam_echo.8 203958 2010-02-16 12:29:02Z ru $ .\" .Dd February 6, 2003 .Dt PAM_ECHO 8 @@ -65,7 +65,7 @@ The current service name .It Cm %t The name of the controlling tty .Pq Dv PAM_TTY . -.It Cm %U +.It Cm \&%U The applicant's user name .Pq Dv PAM_RUSER . .It Cm %u diff --git a/lib/libpam/modules/pam_echo/pam_echo.c b/lib/libpam/modules/pam_echo/pam_echo.c index d1c0ce0e60..aef5144781 100644 --- a/lib/libpam/modules/pam_echo/pam_echo.c +++ b/lib/libpam/modules/pam_echo/pam_echo.c @@ -1,4 +1,6 @@ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright (c) 2001,2003 Networks Associates Technology, Inc. * All rights reserved. * @@ -31,7 +33,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/lib/libpam/modules/pam_echo/pam_echo.c,v 1.4 2003/12/11 13:55:15 des Exp $ + * $FreeBSD: head/lib/libpam/modules/pam_echo/pam_echo.c 326219 2017-11-26 02:00:33Z pfg $ */ #include @@ -43,7 +45,8 @@ #include static int -_pam_echo(pam_handle_t *pamh, int flags, int argc, const char *argv[]) +_pam_echo(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) { char msg[PAM_MAX_MSG_SIZE]; const void *str; @@ -102,7 +105,8 @@ _pam_echo(pam_handle_t *pamh, int flags, int argc, const char *argv[]) } PAM_EXTERN int -pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char *argv[]) +pam_sm_authenticate(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) { return (_pam_echo(pamh, flags, argc, argv)); @@ -110,21 +114,23 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char *argv[]) PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused, - int argc __unused, const char *argv[] __unused) + int argc __unused, const char *argv[] __unused) { return (PAM_SUCCESS); } PAM_EXTERN int -pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char *argv[]) +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) { return (_pam_echo(pamh, flags, argc, argv)); } PAM_EXTERN int -pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char *argv[]) +pam_sm_open_session(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) { return (_pam_echo(pamh, flags, argc, argv)); @@ -132,14 +138,15 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char *argv[]) PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, - int argc, const char *argv[]) + int argc, const char *argv[]) { return (_pam_echo(pamh, flags, argc, argv)); } PAM_EXTERN int -pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char *argv[]) +pam_sm_chauthtok(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) { if (flags & PAM_PRELIM_CHECK) diff --git a/lib/libpam/modules/pam_exec/Makefile b/lib/libpam/modules/pam_exec/Makefile index 5b27da8cf4..8237e370a9 100644 --- a/lib/libpam/modules/pam_exec/Makefile +++ b/lib/libpam/modules/pam_exec/Makefile @@ -1,4 +1,4 @@ -# $FreeBSD: src/lib/libpam/modules/pam_exec/Makefile,v 1.2 2003/03/09 20:06:35 obrien Exp $ +# $FreeBSD: head/lib/libpam/modules/pam_exec/Makefile 201381 2010-01-02 09:58:07Z ed $ LIB= pam_exec SRCS= pam_exec.c diff --git a/lib/libpam/modules/pam_exec/pam_exec.8 b/lib/libpam/modules/pam_exec/pam_exec.8 index d9c9dfddff..e0aeff8cda 100644 --- a/lib/libpam/modules/pam_exec/pam_exec.8 +++ b/lib/libpam/modules/pam_exec/pam_exec.8 @@ -30,7 +30,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $FreeBSD: src/lib/libpam/modules/pam_exec/pam_exec.8,v 1.8 2012/05/24 02:24:03 wblock Exp $ +.\" $FreeBSD: head/lib/libpam/modules/pam_exec/pam_exec.8 235873 2012-05-24 02:24:03Z wblock $ .\" .Dd July 11, 2012 .Dt PAM_EXEC 8 diff --git a/lib/libpam/modules/pam_exec/pam_exec.c b/lib/libpam/modules/pam_exec/pam_exec.c index dfe4fef92a..28d09a6cf4 100644 --- a/lib/libpam/modules/pam_exec/pam_exec.c +++ b/lib/libpam/modules/pam_exec/pam_exec.c @@ -1,4 +1,6 @@ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright (c) 2001,2003 Networks Associates Technology, Inc. * All rights reserved. * @@ -31,7 +33,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/lib/libpam/modules/pam_exec/pam_exec.c,v 1.9 2012/04/12 14:02:59 dumbbell Exp $ + * $FreeBSD: head/lib/libpam/modules/pam_exec/pam_exec.c 315164 2017-03-12 17:41:51Z pfg $ */ #include @@ -259,7 +261,8 @@ _pam_exec(pam_handle_t *pamh __unused, } PAM_EXTERN int -pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char *argv[]) +pam_sm_authenticate(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) { int ret; struct pe_opts options; @@ -299,7 +302,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char *argv[]) } PAM_EXTERN int -pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char *argv[]) +pam_sm_setcred(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) { int ret; struct pe_opts options; @@ -338,7 +342,8 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char *argv[]) } PAM_EXTERN int -pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char *argv[]) +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) { int ret; struct pe_opts options; @@ -377,7 +382,8 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char *argv[]) } PAM_EXTERN int -pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char *argv[]) +pam_sm_open_session(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) { int ret; struct pe_opts options; @@ -414,7 +420,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char *argv[]) PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, - int argc, const char *argv[]) + int argc, const char *argv[]) { int ret; struct pe_opts options; @@ -450,7 +456,8 @@ pam_sm_close_session(pam_handle_t *pamh, int flags, } PAM_EXTERN int -pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char *argv[]) +pam_sm_chauthtok(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) { int ret; struct pe_opts options; diff --git a/lib/libpam/modules/pam_ftpusers/Makefile b/lib/libpam/modules/pam_ftpusers/Makefile index 2219dad72f..9c9d4ef778 100644 --- a/lib/libpam/modules/pam_ftpusers/Makefile +++ b/lib/libpam/modules/pam_ftpusers/Makefile @@ -1,4 +1,4 @@ -# $FreeBSD: src/lib/libpam/modules/pam_ftpusers/Makefile,v 1.2 2003/03/09 20:06:35 obrien Exp $ +# $FreeBSD: head/lib/libpam/modules/pam_ftpusers/Makefile 112044 2003-03-09 20:06:38Z obrien $ LIB= pam_ftpusers SRCS= pam_ftpusers.c diff --git a/lib/libpam/modules/pam_ftpusers/pam_ftpusers.8 b/lib/libpam/modules/pam_ftpusers/pam_ftpusers.8 index bc9ce6f895..9e0dabe9ad 100644 --- a/lib/libpam/modules/pam_ftpusers/pam_ftpusers.8 +++ b/lib/libpam/modules/pam_ftpusers/pam_ftpusers.8 @@ -32,7 +32,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $FreeBSD: src/lib/libpam/modules/pam_ftpusers/pam_ftpusers.8,v 1.2 2004/07/02 23:52:17 ru Exp $ +.\" $FreeBSD: head/lib/libpam/modules/pam_ftpusers/pam_ftpusers.8 131504 2004-07-02 23:52:20Z ru $ .\" .Dd April 17, 2002 .Dt PAM_FTPUSERS 8 diff --git a/lib/libpam/modules/pam_ftpusers/pam_ftpusers.c b/lib/libpam/modules/pam_ftpusers/pam_ftpusers.c index 8244a382c0..91f4773be4 100644 --- a/lib/libpam/modules/pam_ftpusers/pam_ftpusers.c +++ b/lib/libpam/modules/pam_ftpusers/pam_ftpusers.c @@ -1,4 +1,6 @@ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright (c) 2001 Networks Associates Technology, Inc. * All rights reserved. * @@ -31,7 +33,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/lib/libpam/modules/pam_ftpusers/pam_ftpusers.c,v 1.1 2002/05/08 00:30:10 des Exp $ + * $FreeBSD: head/lib/libpam/modules/pam_ftpusers/pam_ftpusers.c 326219 2017-11-26 02:00:33Z pfg $ */ #include @@ -51,7 +53,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused, - int argc __unused, const char *argv[] __unused) + int argc __unused, const char *argv[] __unused) { struct passwd *pwd; struct group *grp; diff --git a/lib/libpam/modules/pam_group/Makefile b/lib/libpam/modules/pam_group/Makefile index 7607450dda..6c96b2d59f 100644 --- a/lib/libpam/modules/pam_group/Makefile +++ b/lib/libpam/modules/pam_group/Makefile @@ -1,4 +1,4 @@ -# $FreeBSD: src/lib/libpam/modules/pam_group/Makefile,v 1.1 2003/02/06 14:27:48 des Exp $ +# $FreeBSD: head/lib/libpam/modules/pam_group/Makefile 110455 2003-02-06 14:27:48Z des $ LIB= pam_group SRCS= pam_group.c diff --git a/lib/libpam/modules/pam_group/pam_group.8 b/lib/libpam/modules/pam_group/pam_group.8 index 8b6efcad78..48b21a35c7 100644 --- a/lib/libpam/modules/pam_group/pam_group.8 +++ b/lib/libpam/modules/pam_group/pam_group.8 @@ -31,9 +31,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $FreeBSD: src/lib/libpam/modules/pam_group/pam_group.8,v 1.4 2011/03/12 11:12:30 des Exp $ +.\" $FreeBSD: head/lib/libpam/modules/pam_group/pam_group.8 268890 2014-07-19 21:04:21Z des $ .\" -.Dd December 24, 2011 +.Dd July 24, 2018 .Dt PAM_GROUP 8 .Os .Sh NAME @@ -48,6 +48,14 @@ .Sh DESCRIPTION The group service module for PAM accepts or rejects users based on their membership in a particular file group. +.Nm +provides functionality for two PAM categories: authentication and +account management. +In terms of the module-type parameter, they are the +.Dq auth +and +.Dq account +features. .Pp The following options may be passed to the .Nm diff --git a/lib/libpam/modules/pam_group/pam_group.c b/lib/libpam/modules/pam_group/pam_group.c index c76158e2ae..2924f6401b 100644 --- a/lib/libpam/modules/pam_group/pam_group.c +++ b/lib/libpam/modules/pam_group/pam_group.c @@ -1,4 +1,6 @@ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright (c) 2003 Networks Associates Technology, Inc. * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. @@ -32,7 +34,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/lib/libpam/modules/pam_group/pam_group.c,v 1.6 2011/03/12 11:26:37 des Exp $ + * $FreeBSD: head/lib/libpam/modules/pam_group/pam_group.c 326219 2017-11-26 02:00:33Z pfg $ */ #include @@ -46,15 +48,14 @@ #include #define PAM_SM_AUTH +#define PAM_SM_ACCOUNT #include #include #include - -PAM_EXTERN int -pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, - int argc __unused, const char *argv[] __unused) +static int +pam_group(pam_handle_t *pamh) { int local, remote; const char *group, *user; @@ -95,14 +96,12 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, if ((grp = getgrnam(group)) == NULL || grp->gr_mem == NULL) goto failed; - /* check if the group is empty */ - if (*grp->gr_mem == NULL) - goto failed; - - /* check membership */ + /* check if user's own primary group */ if (pwd->pw_gid == grp->gr_gid) goto found; - for (list = grp->gr_mem; *list != NULL; ++list) + + /* iterate over members */ + for (list = grp->gr_mem; list != NULL && *list != NULL; ++list) if (strcmp(*list, pwd->pw_name) == 0) goto found; @@ -122,11 +121,27 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, } PAM_EXTERN int +pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, + int argc __unused, const char *argv[] __unused) +{ + + return (pam_group(pamh)); +} + +PAM_EXTERN int pam_sm_setcred(pam_handle_t * pamh __unused, int flags __unused, - int argc __unused, const char *argv[] __unused) + int argc __unused, const char *argv[] __unused) { return (PAM_SUCCESS); } +PAM_EXTERN int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused, + int argc __unused, const char *argv[] __unused) +{ + + return (pam_group(pamh)); +} + PAM_MODULE_ENTRY("pam_group"); diff --git a/lib/libpam/modules/pam_guest/Makefile b/lib/libpam/modules/pam_guest/Makefile index a174e84e48..54b2e40b69 100644 --- a/lib/libpam/modules/pam_guest/Makefile +++ b/lib/libpam/modules/pam_guest/Makefile @@ -1,4 +1,4 @@ -# $FreeBSD: src/lib/libpam/modules/pam_guest/Makefile,v 1.1 2003/05/31 16:52:58 des Exp $ +# $FreeBSD: head/lib/libpam/modules/pam_guest/Makefile 115462 2003-05-31 16:52:58Z des $ LIB= pam_guest SRCS= pam_guest.c diff --git a/lib/libpam/modules/pam_guest/pam_guest.8 b/lib/libpam/modules/pam_guest/pam_guest.8 index e4f1a9b837..986f3bc315 100644 --- a/lib/libpam/modules/pam_guest/pam_guest.8 +++ b/lib/libpam/modules/pam_guest/pam_guest.8 @@ -30,7 +30,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $FreeBSD: src/lib/libpam/modules/pam_guest/pam_guest.8,v 1.4 2004/07/05 06:39:03 ru Exp $ +.\" $FreeBSD: head/lib/libpam/modules/pam_guest/pam_guest.8 276294 2014-12-27 08:31:52Z joel $ .\" .Dd May 26, 2003 .Dt PAM_GUEST 8 diff --git a/lib/libpam/modules/pam_guest/pam_guest.c b/lib/libpam/modules/pam_guest/pam_guest.c index 54b80d0bea..d70fcf4c64 100644 --- a/lib/libpam/modules/pam_guest/pam_guest.c +++ b/lib/libpam/modules/pam_guest/pam_guest.c @@ -1,4 +1,6 @@ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright (c) 2003 Networks Associates Technology, Inc. * All rights reserved. * @@ -31,7 +33,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/lib/libpam/modules/pam_guest/pam_guest.c,v 1.1 2003/05/31 16:52:58 des Exp $ + * $FreeBSD: head/lib/libpam/modules/pam_guest/pam_guest.c 326219 2017-11-26 02:00:33Z pfg $ */ #include @@ -66,7 +68,7 @@ lookup(const char *str, const char *list) PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, - int argc __unused, const char *argv[] __unused) + int argc __unused, const char *argv[] __unused) { const char *authtok, *guests, *user; int err, is_guest; @@ -104,7 +106,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, PAM_EXTERN int pam_sm_setcred(pam_handle_t * pamh __unused, int flags __unused, - int argc __unused, const char *argv[] __unused) + int argc __unused, const char *argv[] __unused) { return (PAM_SUCCESS); diff --git a/lib/libpam/modules/pam_lastlog/pam_lastlog.8 b/lib/libpam/modules/pam_lastlog/pam_lastlog.8 index 937bb60338..1cc320caa2 100644 --- a/lib/libpam/modules/pam_lastlog/pam_lastlog.8 +++ b/lib/libpam/modules/pam_lastlog/pam_lastlog.8 @@ -32,9 +32,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $FreeBSD: src/lib/libpam/modules/pam_lastlog/pam_lastlog.8,v 1.7 2005/01/21 10:38:42 ru Exp $ +.\" $FreeBSD: head/lib/libpam/modules/pam_lastlog/pam_lastlog.8 240506 2012-09-14 17:50:42Z eadler $ .\" -.Dd January 24, 2002 +.Dd July 24, 2018 .Dt PAM_LASTLOG 8 .Os .Sh NAME @@ -65,12 +65,7 @@ and terminate sessions. The .Fn pam_sm_open_session -function records the session in the -.Xr utmp 5 , -.Xr wtmp 5 -and -.Xr lastlog 5 -databases. +function records the session in the user accounting database. The .Fn pam_sm_close_session function does nothing. @@ -90,6 +85,7 @@ Ignore I/O failures. .Sh SEE ALSO .Xr last 1 , .Xr w 1 , +.Xr getutxent 3 , .Xr login 3 , .Xr logout 3 , .Xr pam 3 , diff --git a/lib/libpam/modules/pam_lastlog/pam_lastlog.c b/lib/libpam/modules/pam_lastlog/pam_lastlog.c index 7da868c289..983807e1e1 100644 --- a/lib/libpam/modules/pam_lastlog/pam_lastlog.c +++ b/lib/libpam/modules/pam_lastlog/pam_lastlog.c @@ -140,6 +140,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, tty = (const char *)vtty; if (tty == NULL) { + PAM_LOG("No PAM_TTY"); pam_err = PAM_SERVICE_ERR; goto err; } diff --git a/lib/libpam/modules/pam_login_access/Makefile b/lib/libpam/modules/pam_login_access/Makefile index 1d5d959124..2e01b54e05 100644 --- a/lib/libpam/modules/pam_login_access/Makefile +++ b/lib/libpam/modules/pam_login_access/Makefile @@ -22,7 +22,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $FreeBSD: src/lib/libpam/modules/pam_login_access/Makefile,v 1.6 2006/03/06 12:31:25 yar Exp $ +# $FreeBSD: head/lib/libpam/modules/pam_login_access/Makefile 156344 2006-03-06 12:31:25Z yar $ LIB= pam_login_access SRCS= pam_login_access.c login_access.c diff --git a/lib/libpam/modules/pam_login_access/login.access.5 b/lib/libpam/modules/pam_login_access/login.access.5 index dfdca191b1..bce3d68ff6 100644 --- a/lib/libpam/modules/pam_login_access/login.access.5 +++ b/lib/libpam/modules/pam_login_access/login.access.5 @@ -1,5 +1,5 @@ .\" -.\" $FreeBSD: src/lib/libpam/modules/pam_login_access/login.access.5,v 1.17 2006/09/13 18:34:32 joel Exp $ +.\" $FreeBSD: head/lib/libpam/modules/pam_login_access/login.access.5 162287 2006-09-13 18:34:32Z joel $ .\" .Dd September 13, 2006 .Dt LOGIN.ACCESS 5 diff --git a/lib/libpam/modules/pam_login_access/login_access.c b/lib/libpam/modules/pam_login_access/login_access.c index 0d90fdfe04..ed2842ee50 100644 --- a/lib/libpam/modules/pam_login_access/login_access.c +++ b/lib/libpam/modules/pam_login_access/login_access.c @@ -6,7 +6,7 @@ * * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. * - * $FreeBSD: src/lib/libpam/modules/pam_login_access/login_access.c,v 1.13 2007/05/25 07:50:18 des Exp $ + * $FreeBSD: head/lib/libpam/modules/pam_login_access/login_access.c 297755 2016-04-09 18:09:10Z pfg $ */ #include @@ -36,7 +36,7 @@ static char sep[] = ", \t"; /* list-element separator */ static int from_match(const char *, const char *); static int list_match(char *, const char *, - int (*)(const char *, const char *)); + int (*)(const char *, const char *)); static int netgroup_match(const char *, const char *, const char *); static int string_match(const char *, const char *); static int user_match(const char *, const char *); @@ -105,7 +105,7 @@ login_access(const char *user, const char *from) static int list_match(char *list, const char *item, - int (*match_fn)(const char *, const char *)) + int (*match_fn)(const char *, const char *)) { char *tok; int match = NO; diff --git a/lib/libpam/modules/pam_login_access/pam_login_access.8 b/lib/libpam/modules/pam_login_access/pam_login_access.8 index 9229a2ea04..59cf23f4a7 100644 --- a/lib/libpam/modules/pam_login_access/pam_login_access.8 +++ b/lib/libpam/modules/pam_login_access/pam_login_access.8 @@ -32,7 +32,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $FreeBSD: src/lib/libpam/modules/pam_login_access/pam_login_access.8,v 1.6 2006/03/06 13:15:12 yar Exp $ +.\" $FreeBSD: head/lib/libpam/modules/pam_login_access/pam_login_access.8 156350 2006-03-06 13:15:12Z yar $ .\" .Dd January 24, 2002 .Dt PAM_LOGIN_ACCESS 8 diff --git a/lib/libpam/modules/pam_login_access/pam_login_access.c b/lib/libpam/modules/pam_login_access/pam_login_access.c index 445a0c7fb9..1e9ab21317 100644 --- a/lib/libpam/modules/pam_login_access/pam_login_access.c +++ b/lib/libpam/modules/pam_login_access/pam_login_access.c @@ -1,4 +1,6 @@ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright (c) 2001 Mark R V Murray * All rights reserved. * Copyright (c) 2001 Networks Associates Technology, Inc. @@ -33,7 +35,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/lib/libpam/modules/pam_login_access/pam_login_access.c,v 1.11 2004/02/10 10:13:21 des Exp $ + * $FreeBSD: head/lib/libpam/modules/pam_login_access/pam_login_access.c 326219 2017-11-26 02:00:33Z pfg $ */ #define _BSD_SOURCE @@ -53,7 +55,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused, - int argc __unused, const char *argv[] __unused) + int argc __unused, const char *argv[] __unused) { const void *rhost, *tty, *user; char hostname[MAXHOSTNAMELEN]; @@ -78,7 +80,14 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused, gethostname(hostname, sizeof hostname); - if (rhost == NULL || *(const char *)rhost == '\0') { + if (rhost != NULL && *(const char *)rhost != '\0') { + PAM_LOG("Checking login.access for user %s from host %s", + (const char *)user, (const char *)rhost); + if (login_access(user, rhost) != 0) + return (PAM_SUCCESS); + PAM_VERBOSE_ERROR("%s is not allowed to log in from %s", + (const char *)user, (const char *)rhost); + } else if (tty != NULL && *(const char *)tty != '\0') { PAM_LOG("Checking login.access for user %s on tty %s", (const char *)user, (const char *)tty); if (login_access(user, tty) != 0) @@ -86,12 +95,12 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused, PAM_VERBOSE_ERROR("%s is not allowed to log in on %s", (const char *)user, (const char *)tty); } else { - PAM_LOG("Checking login.access for user %s from host %s", - (const char *)user, (const char *)rhost); - if (login_access(user, rhost) != 0) + PAM_LOG("Checking login.access for user %s", + (const char *)user); + if (login_access(user, "***unknown***") != 0) return (PAM_SUCCESS); - PAM_VERBOSE_ERROR("%s is not allowed to log in from %s", - (const char *)user, (const char *)rhost); + PAM_VERBOSE_ERROR("%s is not allowed to log in", + (const char *)user); } return (PAM_AUTH_ERR); diff --git a/lib/libpam/modules/pam_login_access/pam_login_access.h b/lib/libpam/modules/pam_login_access/pam_login_access.h index 95f7dc1942..e9c0052ebb 100644 --- a/lib/libpam/modules/pam_login_access/pam_login_access.h +++ b/lib/libpam/modules/pam_login_access/pam_login_access.h @@ -1,4 +1,6 @@ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright (c) 2001 Mark R V Murray * All rights reserved. * Copyright (c) 2001 Networks Associates Technology, Inc. @@ -33,7 +35,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/lib/libpam/modules/pam_login_access/pam_login_access.h,v 1.2 2002/03/14 23:27:57 des Exp $ + * $FreeBSD: head/lib/libpam/modules/pam_login_access/pam_login_access.h 326219 2017-11-26 02:00:33Z pfg $ */ extern int login_access(const char *, const char *); diff --git a/lib/libpam/modules/pam_nologin/Makefile b/lib/libpam/modules/pam_nologin/Makefile index f76b7da220..ac550d4349 100644 --- a/lib/libpam/modules/pam_nologin/Makefile +++ b/lib/libpam/modules/pam_nologin/Makefile @@ -22,7 +22,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $FreeBSD: src/lib/libpam/modules/pam_nologin/Makefile,v 1.7 2003/03/09 20:06:36 obrien Exp $ +# $FreeBSD: head/lib/libpam/modules/pam_nologin/Makefile 275024 2014-11-25 11:07:26Z bapt $ LIB= pam_nologin SRCS= pam_nologin.c diff --git a/lib/libpam/modules/pam_nologin/pam_nologin.8 b/lib/libpam/modules/pam_nologin/pam_nologin.8 index d9beca861a..c256ef4576 100644 --- a/lib/libpam/modules/pam_nologin/pam_nologin.8 +++ b/lib/libpam/modules/pam_nologin/pam_nologin.8 @@ -22,7 +22,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $FreeBSD: src/lib/libpam/modules/pam_nologin/pam_nologin.8,v 1.7 2007/06/14 13:07:06 yar Exp $ +.\" $FreeBSD: head/lib/libpam/modules/pam_nologin/pam_nologin.8 233648 2012-03-29 05:02:12Z eadler $ .\" .Dd June 10, 2007 .Dt PAM_NOLOGIN 8 diff --git a/lib/libpam/modules/pam_nologin/pam_nologin.c b/lib/libpam/modules/pam_nologin/pam_nologin.c index 5a8521957f..97de3e0093 100644 --- a/lib/libpam/modules/pam_nologin/pam_nologin.c +++ b/lib/libpam/modules/pam_nologin/pam_nologin.c @@ -1,4 +1,6 @@ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright 2001 Mark R V Murray * All rights reserved. * Copyright (c) 2001 Networks Associates Technology, Inc. @@ -33,7 +35,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/lib/libpam/modules/pam_nologin/pam_nologin.c,v 1.13 2007/06/14 13:07:06 yar Exp $ + * $FreeBSD: head/lib/libpam/modules/pam_nologin/pam_nologin.c 326219 2017-11-26 02:00:33Z pfg $ */ #include diff --git a/lib/libpam/modules/pam_nologin/Makefile b/lib/libpam/modules/pam_opie/Makefile similarity index 83% copy from lib/libpam/modules/pam_nologin/Makefile copy to lib/libpam/modules/pam_opie/Makefile index f76b7da220..8f9ff0fcfa 100644 --- a/lib/libpam/modules/pam_nologin/Makefile +++ b/lib/libpam/modules/pam_opie/Makefile @@ -1,5 +1,6 @@ -# Copyright 2001 Mark R V Murray +# Copyright 2000 James Bloom # All rights reserved. +# Based upon code Copyright 1998 Juniper Networks, Inc. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions @@ -22,13 +23,13 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $FreeBSD: src/lib/libpam/modules/pam_nologin/Makefile,v 1.7 2003/03/09 20:06:36 obrien Exp $ +# $FreeBSD: head/lib/libpam/modules/pam_opie/Makefile 275024 2014-11-25 11:07:26Z bapt $ -LIB= pam_nologin -SRCS= pam_nologin.c -MAN= pam_nologin.8 +LIB= pam_opie +SRCS= pam_opie.c +MAN= pam_opie.8 -DPADD= ${LIBUTIL} -LDADD= -lutil +DPADD= ${LIBOPIE} +LDADD= -lopie .include diff --git a/lib/libpam/modules/pam_opie/pam_opie.8 b/lib/libpam/modules/pam_opie/pam_opie.8 index 2aaad55c7c..2d0e5e4656 100644 --- a/lib/libpam/modules/pam_opie/pam_opie.8 +++ b/lib/libpam/modules/pam_opie/pam_opie.8 @@ -32,7 +32,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $FreeBSD: src/lib/libpam/modules/pam_opie/pam_opie.8,v 1.9 2002/12/27 12:15:31 schweikh Exp $ +.\" $FreeBSD: head/lib/libpam/modules/pam_opie/pam_opie.8 108317 2002-12-27 12:15:40Z schweikh $ .\" .Dd July 7, 2001 .Dt PAM_OPIE 8 diff --git a/lib/libpam/modules/pam_opie/pam_opie.c b/lib/libpam/modules/pam_opie/pam_opie.c index 9ebba0ad77..34c6f88966 100644 --- a/lib/libpam/modules/pam_opie/pam_opie.c +++ b/lib/libpam/modules/pam_opie/pam_opie.c @@ -1,4 +1,6 @@ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright 2000 James Bloom * All rights reserved. * Based upon code Copyright 1998 Juniper Networks, Inc. @@ -34,8 +36,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/lib/libpam/modules/pam_opie/pam_opie.c,v 1.26 2006/09/15 13:42:38 des Exp $ - * $DragonFly: src/lib/pam_module/pam_opie/pam_opie.c,v 1.1 2005/07/12 22:53:20 joerg Exp $ + * $FreeBSD: head/lib/libpam/modules/pam_opie/pam_opie.c 326219 2017-11-26 02:00:33Z pfg $ */ #include @@ -62,7 +63,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, struct passwd *pwd; int retval, i; const char *(promptstr[]) = { "%s\nPassword: ", "%s\nPassword [echo on]: "}; - char challenge[OPIE_CHALLENGE_MAX]; + char challenge[OPIE_CHALLENGE_MAX + 1]; char principal[OPIE_PRINCIPAL_MAX]; const char *user; char *response; diff --git a/lib/libpam/modules/pam_opieaccess/Makefile b/lib/libpam/modules/pam_opieaccess/Makefile index 036191e01c..2c41b41347 100644 --- a/lib/libpam/modules/pam_opieaccess/Makefile +++ b/lib/libpam/modules/pam_opieaccess/Makefile @@ -1,3 +1,4 @@ +# $FreeBSD: head/lib/libpam/modules/pam_opieaccess/Makefile 275024 2014-11-25 11:07:26Z bapt $ LIB= pam_opieaccess SRCS= pam_opieaccess.c diff --git a/lib/libpam/modules/pam_opieaccess/pam_opieaccess.8 b/lib/libpam/modules/pam_opieaccess/pam_opieaccess.8 index 3c4ce11fa5..babd8fa678 100644 --- a/lib/libpam/modules/pam_opieaccess/pam_opieaccess.8 +++ b/lib/libpam/modules/pam_opieaccess/pam_opieaccess.8 @@ -32,7 +32,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $FreeBSD: src/lib/libpam/modules/pam_opieaccess/pam_opieaccess.8,v 1.10 2007/10/26 07:50:11 des Exp $ +.\" $FreeBSD: head/lib/libpam/modules/pam_opieaccess/pam_opieaccess.8 173003 2007-10-26 07:50:11Z des $ .\" .Dd October 26, 2007 .Dt PAM_OPIEACCESS 8 diff --git a/lib/libpam/modules/pam_opieaccess/pam_opieaccess.c b/lib/libpam/modules/pam_opieaccess/pam_opieaccess.c index 90627fbf58..8201d758bc 100644 --- a/lib/libpam/modules/pam_opieaccess/pam_opieaccess.c +++ b/lib/libpam/modules/pam_opieaccess/pam_opieaccess.c @@ -1,4 +1,6 @@ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright (c) 2002 Networks Associates Technology, Inc. * All rights reserved. * @@ -31,8 +33,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/lib/libpam/modules/pam_opieaccess/pam_opieaccess.c,v 1.16 2004/02/10 20:42:33 cperciva Exp $ - * $DragonFly: src/lib/pam_module/pam_opieaccess/pam_opieaccess.c,v 1.1 2005/07/12 23:08:53 joerg Exp $ + * $FreeBSD: head/lib/libpam/modules/pam_opieaccess/pam_opieaccess.c 326219 2017-11-26 02:00:33Z pfg $ */ #define _BSD_SOURCE diff --git a/lib/libpam/modules/pam_passwdqc/Makefile b/lib/libpam/modules/pam_passwdqc/Makefile index def759568e..7cc12a8335 100644 --- a/lib/libpam/modules/pam_passwdqc/Makefile +++ b/lib/libpam/modules/pam_passwdqc/Makefile @@ -1,3 +1,5 @@ +# $FreeBSD: head/lib/libpam/modules/pam_passwdqc/Makefile 312452 2017-01-20 03:27:47Z ngie $ + CONTRIBDIR= ${.CURDIR}/../../../../contrib/pam_passwdqc .PATH: ${CONTRIBDIR} diff --git a/lib/libpam/modules/pam_self/Makefile b/lib/libpam/modules/pam_permit/Makefile similarity index 88% copy from lib/libpam/modules/pam_self/Makefile copy to lib/libpam/modules/pam_permit/Makefile index 1aecd82f18..fe68884321 100644 --- a/lib/libpam/modules/pam_self/Makefile +++ b/lib/libpam/modules/pam_permit/Makefile @@ -1,4 +1,4 @@ -# Copyright 2001 Mark R V Murray +# Copyright 1999 Max Khon. # All rights reserved. # # Redistribution and use in source and binary forms, with or without @@ -22,10 +22,10 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $FreeBSD: src/lib/libpam/modules/pam_self/Makefile,v 1.4 2003/03/09 20:06:37 obrien Exp $ +# $FreeBSD: head/lib/libpam/modules/pam_permit/Makefile 112044 2003-03-09 20:06:38Z obrien $ -LIB= pam_self -SRCS= pam_self.c -MAN= pam_self.8 +LIB= pam_permit +SRCS= pam_permit.c +MAN= pam_permit.8 .include diff --git a/lib/libpam/modules/pam_permit/pam_permit.8 b/lib/libpam/modules/pam_permit/pam_permit.8 index f2c6c1519b..9de3e6dc79 100644 --- a/lib/libpam/modules/pam_permit/pam_permit.8 +++ b/lib/libpam/modules/pam_permit/pam_permit.8 @@ -22,7 +22,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $FreeBSD: src/lib/libpam/modules/pam_permit/pam_permit.8,v 1.3 2001/07/13 09:09:50 ru Exp $ +.\" $FreeBSD: head/lib/libpam/modules/pam_permit/pam_permit.8 79658 2001-07-13 09:09:52Z ru $ .\" .Dd July 7, 2001 .Dt PAM_PERMIT 8 diff --git a/lib/libpam/modules/pam_permit/pam_permit.c b/lib/libpam/modules/pam_permit/pam_permit.c index 1079776598..199b67c9c5 100644 --- a/lib/libpam/modules/pam_permit/pam_permit.c +++ b/lib/libpam/modules/pam_permit/pam_permit.c @@ -1,4 +1,6 @@ /*- + * SPDX-License-Identifier: BSD-2-Clause-FreeBSD + * * Copyright 2001 Mark R V Murray * All rights reserved. * @@ -23,8 +25,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/lib/libpam/modules/pam_permit/pam_permit.c,v 1.8 2002/04/12 22:27:22 des Exp $ - * $DragonFly: src/lib/pam_module/pam_permit/pam_permit.c,v 1.1 2005/08/01 16:15:19 joerg Exp $ + * $FreeBSD: head/lib/libpam/modules/pam_permit/pam_permit.c 326219 2017-11-26 02:00:33Z pfg $ */ #include diff --git a/lib/libpam/modules/pam_nologin/Makefile b/lib/libpam/modules/pam_radius/Makefile similarity index 85% copy from lib/libpam/modules/pam_nologin/Makefile copy to lib/libpam/modules/pam_radius/Makefile index f76b7da220..2c2c032fbe 100644 --- a/lib/libpam/modules/pam_nologin/Makefile +++ b/lib/libpam/modules/pam_radius/Makefile @@ -1,4 +1,4 @@ -# Copyright 2001 Mark R V Murray +# Copyright 1998 Juniper Networks, Inc. # All rights reserved. # # Redistribution and use in source and binary forms, with or without @@ -22,13 +22,13 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $FreeBSD: src/lib/libpam/modules/pam_nologin/Makefile,v 1.7 2003/03/09 20:06:36 obrien Exp $ +# $FreeBSD: head/lib/libpam/modules/pam_radius/Makefile 275024 2014-11-25 11:07:26Z bapt $ -LIB= pam_nologin -SRCS= pam_nologin.c -MAN= pam_nologin.8 +LIB= pam_radius +SRCS= pam_radius.c +MAN= pam_radius.8 -DPADD= ${LIBUTIL} -LDADD= -lutil +DPADD= ${LIBRADIUS} +LDADD= -lradius .include diff --git a/lib/libpam/modules/pam_radius/pam_radius.8 b/lib/libpam/modules/pam_radius/pam_radius.8 index 10672bd8f1..b6ec474c90 100644 --- a/lib/libpam/modules/pam_radius/pam_radius.8 +++ b/lib/libpam/modules/pam_radius/pam_radius.8 @@ -1,8 +1,9 @@ -.\" Copyright (c) 1999 -.\" Andrzej Bialecki . All rights reserved. -.\" +.\"- .\" Copyright (c) 1992, 1993, 1994 .\" The Regents of the University of California. All rights reserved. +.\" Copyright (c) 1999 Andrzej Bialecki +.\" All rights reserved. +.\" Copyright (c) 2018 The University of Oslo .\" All rights reserved. .\" .\" This code is derived from software donated to Berkeley by @@ -32,9 +33,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $FreeBSD: src/lib/libpam/modules/pam_radius/pam_radius.8,v 1.17 2005/02/13 22:25:14 ru Exp $ +.\" $FreeBSD: head/lib/libpam/modules/pam_radius/pam_radius.8 333674 2018-05-16 13:47:30Z des $ .\" -.Dd October 28, 2002 +.Dd July 24, 2018 .Dt PAM_RADIUS 8 .Os .Sh NAME @@ -80,6 +81,10 @@ specifies a non-standard location for the RADIUS client configuration file .Pa /etc/radius.conf ) . .It Cm nas_id Ns = Ns Ar identifier specifies a NAS identifier to send instead of the hostname. +.It Cm nas_ipaddr Ns Op No = Ns Ar address +specifies a NAS IP address to be sent. +If the option is present, but there is no value provided then the IP address +corresponding to the current hostname will be used. .It Cm template_user Ns = Ns Ar username specifies a user whose .Xr passwd 5 @@ -97,10 +102,21 @@ If this option is omitted, and there is no username in the system databases equal to the supplied one (as determined by call to .Xr getpwnam 3 ) , the authentication will fail. -.It Cm nas_ipaddr Ns Op No = Ns Ar address -specifies a NAS IP address to be sent. -If option is present, but there is no value provided then IP address -corresponding to the current hostname will be used. +.It Cm no_reply_message +suppress printing of the contents of any +.Cm Reply-Message +attributes found in +.Cm Access-Accept +and +.Cm Access-Reject +responses. +These are normally conveyed to the user as either informational or +error messages, depending on whether the access request was accepted +or rejected. +.It Cm no_warn +suppress warning messages to the user. +These messages include reasons why the user's authentication attempt +was declined. .El .Sh FILES .Bl -tag -width /etc/radius.conf -compact diff --git a/lib/libpam/modules/pam_radius/pam_radius.c b/lib/libpam/modules/pam_radius/pam_radius.c index 6a7f95dc80..974f1b9359 100644 --- a/lib/libpam/modules/pam_radius/pam_radius.c +++ b/lib/libpam/modules/pam_radius/pam_radius.c @@ -1,8 +1,12 @@ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright 1998 Juniper Networks, Inc. * All rights reserved. * Copyright (c) 2001-2003 Networks Associates Technology, Inc. * All rights reserved. + * Copyright (c) 2015-2018 The University of Oslo + * All rights reserved. * * Portions of this software were developed for the FreeBSD Project by * ThinkSec AS and NAI Labs, the Security Research Division of Network @@ -33,8 +37,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/lib/libpam/modules/pam_radius/pam_radius.c,v 1.24 2007/01/20 08:52:04 pjd Exp $ - * $DragonFly: src/lib/pam_module/pam_radius/pam_radius.c,v 1.1 2005/07/12 23:13:26 joerg Exp $ + * $FreeBSD: head/lib/libpam/modules/pam_radius/pam_radius.c 333674 2018-05-16 13:47:30Z des $ */ #include @@ -57,16 +60,17 @@ #define PAM_OPT_TEMPLATE_USER "template_user" #define PAM_OPT_NAS_ID "nas_id" #define PAM_OPT_NAS_IPADDR "nas_ipaddr" +#define PAM_OPT_NO_REPLYMSG "no_reply_message" #define MAX_CHALLENGE_MSGS 10 #define PASSWORD_PROMPT "RADIUS Password:" static int build_access_request(struct rad_handle *, const char *, - const char *, const char *, const char *, const void *, - size_t); + const char *, const char *, const char *, const char *, + const void *, size_t); static int do_accept(pam_handle_t *, struct rad_handle *); static int do_challenge(pam_handle_t *, struct rad_handle *, - const char *, const char *, const char *); + const char *, const char *, const char *, const char *); /* * Construct an access request, but don't send it. Returns 0 on success, @@ -75,7 +79,7 @@ static int do_challenge(pam_handle_t *, struct rad_handle *, static int build_access_request(struct rad_handle *radh, const char *user, const char *pass, const char *nas_id, const char *nas_ipaddr, - const void *state, size_t state_len) + const char *rhost, const void *state, size_t state_len) { int error; char host[MAXHOSTNAMELEN]; @@ -121,8 +125,13 @@ build_access_request(struct rad_handle *radh, const char *user, } } } - if (state != NULL && rad_put_attr(radh, RAD_STATE, state, - state_len) == -1) { + if (rhost != NULL && + rad_put_string(radh, RAD_CALLING_STATION_ID, rhost) == -1) { + syslog(LOG_CRIT, "rad_put_string: %s", rad_strerror(radh)); + return (-1); + } + if (state != NULL && + rad_put_attr(radh, RAD_STATE, state, state_len) == -1) { syslog(LOG_CRIT, "rad_put_attr: %s", rad_strerror(radh)); return (-1); } @@ -142,15 +151,23 @@ do_accept(pam_handle_t *pamh, struct rad_handle *radh) char *s; while ((attrtype = rad_get_attr(radh, &attrval, &attrlen)) > 0) { - if (attrtype == RAD_USER_NAME) { - s = rad_cvt_string(attrval, attrlen); - if (s == NULL) { - syslog(LOG_CRIT, - "rad_cvt_string: out of memory"); - return (-1); - } + switch (attrtype) { + case RAD_USER_NAME: + if ((s = rad_cvt_string(attrval, attrlen)) == NULL) + goto enomem; pam_set_item(pamh, PAM_USER, s); free(s); + break; + case RAD_REPLY_MESSAGE: + if ((s = rad_cvt_string(attrval, attrlen)) == NULL) + goto enomem; + if (!openpam_get_option(pamh, PAM_OPT_NO_REPLYMSG)) + pam_info(pamh, "%s", s); + free(s); + break; + default: + PAM_LOG("%s(): ignoring RADIUS attribute %d", + __func__, attrtype); } } if (attrtype == -1) { @@ -158,11 +175,46 @@ do_accept(pam_handle_t *pamh, struct rad_handle *radh) return (-1); } return (0); +enomem: + syslog(LOG_CRIT, "%s(): out of memory", __func__); + return (-1); +} + +static int +do_reject(pam_handle_t *pamh, struct rad_handle *radh) +{ + int attrtype; + const void *attrval; + size_t attrlen; + char *s; + + while ((attrtype = rad_get_attr(radh, &attrval, &attrlen)) > 0) { + switch (attrtype) { + case RAD_REPLY_MESSAGE: + if ((s = rad_cvt_string(attrval, attrlen)) == NULL) + goto enomem; + if (!openpam_get_option(pamh, PAM_OPT_NO_REPLYMSG)) + pam_error(pamh, "%s", s); + free(s); + break; + default: + PAM_LOG("%s(): ignoring RADIUS attribute %d", + __func__, attrtype); + } + } + if (attrtype < 0) { + syslog(LOG_CRIT, "rad_get_attr: %s", rad_strerror(radh)); + return (-1); + } + return (0); +enomem: + syslog(LOG_CRIT, "%s(): out of memory", __func__); + return (-1); } static int do_challenge(pam_handle_t *pamh, struct rad_handle *radh, const char *user, - const char *nas_id, const char *nas_ipaddr) + const char *nas_id, const char *nas_ipaddr, const char *rhost) { int retval; int attrtype; @@ -230,7 +282,7 @@ do_challenge(pam_handle_t *pamh, struct rad_handle *radh, const char *user, conv->appdata_ptr)) != PAM_SUCCESS) return (retval); if (build_access_request(radh, user, resp[num_msgs-1].resp, nas_id, - nas_ipaddr, state, statelen) == -1) + nas_ipaddr, rhost, state, statelen) == -1) return (PAM_SERVICE_ERR); memset(resp[num_msgs-1].resp, 0, strlen(resp[num_msgs-1].resp)); free(resp[num_msgs-1].resp); @@ -246,7 +298,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, { struct rad_handle *radh; const char *user, *pass; - const void *tmpuser; + const void *rhost, *tmpuser; const char *conf_file, *template_user, *nas_id, *nas_ipaddr; int retval; int e; @@ -255,6 +307,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, template_user = openpam_get_option(pamh, PAM_OPT_TEMPLATE_USER); nas_id = openpam_get_option(pamh, PAM_OPT_NAS_ID); nas_ipaddr = openpam_get_option(pamh, PAM_OPT_NAS_IPADDR); + pam_get_item(pamh, PAM_RHOST, &rhost); retval = pam_get_user(pamh, &user, NULL); if (retval != PAM_SUCCESS) @@ -284,8 +337,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, PAM_LOG("Radius config file read"); - if (build_access_request(radh, user, pass, nas_id, nas_ipaddr, NULL, - 0) == -1) { + if (build_access_request(radh, user, pass, nas_id, nas_ipaddr, rhost, + NULL, 0) == -1) { rad_close(radh); return (PAM_SERVICE_ERR); } @@ -324,13 +377,14 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, return (PAM_SUCCESS); case RAD_ACCESS_REJECT: + retval = do_reject(pamh, radh); rad_close(radh); PAM_VERBOSE_ERROR("Radius rejection"); return (PAM_AUTH_ERR); case RAD_ACCESS_CHALLENGE: retval = do_challenge(pamh, radh, user, nas_id, - nas_ipaddr); + nas_ipaddr, rhost); if (retval != PAM_SUCCESS) { rad_close(radh); return (retval); diff --git a/lib/libpam/modules/pam_rhosts/Makefile b/lib/libpam/modules/pam_rhosts/Makefile index 4aa7731cbf..c698f6504a 100644 --- a/lib/libpam/modules/pam_rhosts/Makefile +++ b/lib/libpam/modules/pam_rhosts/Makefile @@ -1,4 +1,4 @@ -# $FreeBSD: src/lib/libpam/modules/pam_rhosts/Makefile,v 1.2 2003/03/09 20:06:37 obrien Exp $ +# $FreeBSD: head/lib/libpam/modules/pam_rhosts/Makefile 112044 2003-03-09 20:06:38Z obrien $ LIB= pam_rhosts SRCS= pam_rhosts.c diff --git a/lib/libpam/modules/pam_rhosts/pam_rhosts.8 b/lib/libpam/modules/pam_rhosts/pam_rhosts.8 index a3a2abc972..5c1dd0e30d 100644 --- a/lib/libpam/modules/pam_rhosts/pam_rhosts.8 +++ b/lib/libpam/modules/pam_rhosts/pam_rhosts.8 @@ -32,7 +32,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $FreeBSD: src/lib/libpam/modules/pam_rhosts/pam_rhosts.8,v 1.3 2004/07/02 23:52:18 ru Exp $ +.\" $FreeBSD: head/lib/libpam/modules/pam_rhosts/pam_rhosts.8 131504 2004-07-02 23:52:20Z ru $ .\" .Dd December 5, 2001 .Dt PAM_RHOSTS 8 diff --git a/lib/libpam/modules/pam_rhosts/pam_rhosts.c b/lib/libpam/modules/pam_rhosts/pam_rhosts.c index ae68c6d839..ffcd7fbdd6 100644 --- a/lib/libpam/modules/pam_rhosts/pam_rhosts.c +++ b/lib/libpam/modules/pam_rhosts/pam_rhosts.c @@ -1,4 +1,6 @@ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright (c) 2002 Danny Braniss * All rights reserved. * Copyright (c) 2001,2002 Networks Associates Technology, Inc. @@ -33,7 +35,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/lib/libpam/modules/pam_rhosts/pam_rhosts.c,v 1.3 2003/12/11 13:55:16 des Exp $ + * $FreeBSD: head/lib/libpam/modules/pam_rhosts/pam_rhosts.c 326219 2017-11-26 02:00:33Z pfg $ */ #include @@ -50,7 +52,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, - int argc __unused, const char *argv[] __unused) + int argc __unused, const char *argv[] __unused) { struct passwd *pw; const char *user; @@ -85,7 +87,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused, - int argc __unused, const char *argv[] __unused) + int argc __unused, const char *argv[] __unused) { return (PAM_SUCCESS); diff --git a/lib/libpam/modules/pam_rootok/Makefile b/lib/libpam/modules/pam_rootok/Makefile index 12860fef64..c4a0842ec6 100644 --- a/lib/libpam/modules/pam_rootok/Makefile +++ b/lib/libpam/modules/pam_rootok/Makefile @@ -22,7 +22,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $FreeBSD: src/lib/libpam/modules/pam_rootok/Makefile,v 1.6 2003/03/09 20:06:37 obrien Exp $ +# $FreeBSD: head/lib/libpam/modules/pam_rootok/Makefile 112044 2003-03-09 20:06:38Z obrien $ LIB= pam_rootok SRCS= pam_rootok.c diff --git a/lib/libpam/modules/pam_rootok/pam_rootok.8 b/lib/libpam/modules/pam_rootok/pam_rootok.8 index 8e66530d5f..aaa23f4767 100644 --- a/lib/libpam/modules/pam_rootok/pam_rootok.8 +++ b/lib/libpam/modules/pam_rootok/pam_rootok.8 @@ -22,7 +22,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $FreeBSD: src/lib/libpam/modules/pam_rootok/pam_rootok.8,v 1.4 2001/08/15 20:05:31 markm Exp $ +.\" $FreeBSD: head/lib/libpam/modules/pam_rootok/pam_rootok.8 81729 2001-08-15 20:05:33Z markm $ .\" .Dd July 8, 2001 .Dt PAM_ROOTOK 8 diff --git a/lib/libpam/modules/pam_rootok/pam_rootok.c b/lib/libpam/modules/pam_rootok/pam_rootok.c index d95f065ffb..8e7fdf0df8 100644 --- a/lib/libpam/modules/pam_rootok/pam_rootok.c +++ b/lib/libpam/modules/pam_rootok/pam_rootok.c @@ -1,4 +1,6 @@ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright (c) 2001 Mark R V Murray * All rights reserved. * Copyright (c) 2001 Networks Associates Technology, Inc. @@ -33,7 +35,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/lib/libpam/modules/pam_rootok/pam_rootok.c,v 1.8 2002/04/12 22:27:23 des Exp $ + * $FreeBSD: head/lib/libpam/modules/pam_rootok/pam_rootok.c 326219 2017-11-26 02:00:33Z pfg $ */ #define _BSD_SOURCE @@ -49,7 +51,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, - int argc __unused, const char *argv[] __unused) + int argc __unused, const char *argv[] __unused) { if (getuid() == 0) @@ -63,7 +65,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused, - int argc __unused, const char *argv[] __unused) + int argc __unused, const char *argv[] __unused) { return (PAM_SUCCESS); diff --git a/lib/libpam/modules/pam_securetty/Makefile b/lib/libpam/modules/pam_securetty/Makefile index ad0a563337..8c2263c4b2 100644 --- a/lib/libpam/modules/pam_securetty/Makefile +++ b/lib/libpam/modules/pam_securetty/Makefile @@ -22,7 +22,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $FreeBSD: src/lib/libpam/modules/pam_securetty/Makefile,v 1.5 2003/03/09 20:06:37 obrien Exp $ +# $FreeBSD: head/lib/libpam/modules/pam_securetty/Makefile 112044 2003-03-09 20:06:38Z obrien $ LIB= pam_securetty SRCS= pam_securetty.c diff --git a/lib/libpam/modules/pam_securetty/pam_securetty.8 b/lib/libpam/modules/pam_securetty/pam_securetty.8 index 2e85c71a20..0f2879f562 100644 --- a/lib/libpam/modules/pam_securetty/pam_securetty.8 +++ b/lib/libpam/modules/pam_securetty/pam_securetty.8 @@ -32,7 +32,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $FreeBSD: src/lib/libpam/modules/pam_securetty/pam_securetty.8,v 1.6 2002/03/14 23:27:58 des Exp $ +.\" $FreeBSD: head/lib/libpam/modules/pam_securetty/pam_securetty.8 92297 2002-03-14 23:27:59Z des $ .\" .Dd July 8, 2001 .Dt PAM_SECURETTY 8 diff --git a/lib/libpam/modules/pam_securetty/pam_securetty.c b/lib/libpam/modules/pam_securetty/pam_securetty.c index d746f94b36..51f6442cb8 100644 --- a/lib/libpam/modules/pam_securetty/pam_securetty.c +++ b/lib/libpam/modules/pam_securetty/pam_securetty.c @@ -1,4 +1,6 @@ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright (c) 2001 Mark R V Murray * All rights reserved. * Copyright (c) 2001 Networks Associates Technology, Inc. @@ -33,7 +35,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/lib/libpam/modules/pam_securetty/pam_securetty.c,v 1.13 2004/02/10 10:13:21 des Exp $ + * $FreeBSD: head/lib/libpam/modules/pam_securetty/pam_securetty.c 326219 2017-11-26 02:00:33Z pfg $ */ #include @@ -52,7 +54,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh __unused, int flags __unused, - int argc __unused, const char *argv[] __unused) + int argc __unused, const char *argv[] __unused) { struct passwd *pwd; struct ttyent *ty; diff --git a/lib/libpam/modules/pam_self/Makefile b/lib/libpam/modules/pam_self/Makefile index 1aecd82f18..bb41ec129a 100644 --- a/lib/libpam/modules/pam_self/Makefile +++ b/lib/libpam/modules/pam_self/Makefile @@ -22,7 +22,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $FreeBSD: src/lib/libpam/modules/pam_self/Makefile,v 1.4 2003/03/09 20:06:37 obrien Exp $ +# $FreeBSD: head/lib/libpam/modules/pam_self/Makefile 112044 2003-03-09 20:06:38Z obrien $ LIB= pam_self SRCS= pam_self.c diff --git a/lib/libpam/modules/pam_self/pam_self.8 b/lib/libpam/modules/pam_self/pam_self.8 index 512d0f8294..0956a2367e 100644 --- a/lib/libpam/modules/pam_self/pam_self.8 +++ b/lib/libpam/modules/pam_self/pam_self.8 @@ -32,7 +32,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $FreeBSD: src/lib/libpam/modules/pam_self/pam_self.8,v 1.11 2004/07/02 23:52:18 ru Exp $ +.\" $FreeBSD: head/lib/libpam/modules/pam_self/pam_self.8 131504 2004-07-02 23:52:20Z ru $ .\" .Dd December 5, 2001 .Dt PAM_SELF 8 diff --git a/lib/libpam/modules/pam_self/pam_self.c b/lib/libpam/modules/pam_self/pam_self.c index 279f9e63d7..b67e1f199e 100644 --- a/lib/libpam/modules/pam_self/pam_self.c +++ b/lib/libpam/modules/pam_self/pam_self.c @@ -1,4 +1,6 @@ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright (c) 2001 Mark R V Murray * All rights reserved. * Copyright (c) 2001,2002 Networks Associates Technology, Inc. @@ -33,7 +35,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/lib/libpam/modules/pam_self/pam_self.c,v 1.9 2002/04/12 22:27:24 des Exp $ + * $FreeBSD: head/lib/libpam/modules/pam_self/pam_self.c 326219 2017-11-26 02:00:33Z pfg $ */ #define _BSD_SOURCE @@ -52,7 +54,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, - int argc __unused, const char *argv[] __unused) + int argc __unused, const char *argv[] __unused) { struct passwd *pwd; const char *luser; @@ -79,7 +81,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused, - int argc __unused, const char *argv[] __unused) + int argc __unused, const char *argv[] __unused) { return (PAM_SUCCESS); diff --git a/lib/libpam/modules/pam_ssh/Makefile b/lib/libpam/modules/pam_ssh/Makefile index 46c517980d..84704355f7 100644 --- a/lib/libpam/modules/pam_ssh/Makefile +++ b/lib/libpam/modules/pam_ssh/Makefile @@ -1,3 +1,6 @@ +# PAM module for SSH +# $FreeBSD: head/lib/libpam/modules/pam_ssh/Makefile 312452 2017-01-20 03:27:47Z ngie $ + LIB= pam_ssh SRCS= pam_ssh.c MAN= pam_ssh.8 diff --git a/lib/libpam/modules/pam_ssh/pam_ssh.8 b/lib/libpam/modules/pam_ssh/pam_ssh.8 index 9aa82c979c..86a356b422 100644 --- a/lib/libpam/modules/pam_ssh/pam_ssh.8 +++ b/lib/libpam/modules/pam_ssh/pam_ssh.8 @@ -32,9 +32,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $FreeBSD: head/lib/libpam/modules/pam_ssh/pam_ssh.8 267773 2014-06-23 08:23:05Z bapt $ +.\" $FreeBSD: head/lib/libpam/modules/pam_ssh/pam_ssh.8 304635 2016-08-22 20:48:46Z roberto $ .\" -.Dd October 7, 2011 +.Dd July 24, 2018 .Dt PAM_SSH 8 .Os .Sh NAME @@ -128,7 +128,7 @@ Start an agent even if no keys were decrypted during the authentication phase. .El .Sh FILES -.Bl -tag -width ".Pa $HOME/.ssh/identity" -compact +.Bl -tag -width ".Pa $HOME/.ssh/id_ed25519" -compact .It Pa $HOME/.ssh/identity SSH1 RSA key .It Pa $HOME/.ssh/id_rsa @@ -137,6 +137,8 @@ SSH2 RSA key SSH2 DSA key .It Pa $HOME/.ssh/id_ecdsa SSH2 ECDSA key +.It Pa $HOME/.ssh/id_ed25519 +SSH2 Ed25519 key .El .Sh SEE ALSO .Xr ssh-agent 1 , diff --git a/lib/libpam/modules/pam_ssh/pam_ssh.c b/lib/libpam/modules/pam_ssh/pam_ssh.c index 72a5172c68..7618d36448 100644 --- a/lib/libpam/modules/pam_ssh/pam_ssh.c +++ b/lib/libpam/modules/pam_ssh/pam_ssh.c @@ -1,4 +1,6 @@ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright (c) 2003 Networks Associates Technology, Inc. * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. @@ -32,7 +34,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: head/lib/libpam/modules/pam_ssh/pam_ssh.c 296651 2016-03-11 11:38:31Z des $ + * $FreeBSD: head/lib/libpam/modules/pam_ssh/pam_ssh.c 333490 2018-05-11 13:22:43Z des $ */ #include @@ -80,6 +82,7 @@ static const char *pam_ssh_keyfiles[] = { ".ssh/id_rsa", /* SSH2 RSA key */ ".ssh/id_dsa", /* SSH2 DSA key */ ".ssh/id_ecdsa", /* SSH2 ECDSA key */ + ".ssh/id_ed25519", /* SSH2 Ed25519 key */ NULL }; diff --git a/lib/libpam/modules/pam_nologin/Makefile b/lib/libpam/modules/pam_tacplus/Makefile similarity index 85% copy from lib/libpam/modules/pam_nologin/Makefile copy to lib/libpam/modules/pam_tacplus/Makefile index f76b7da220..3df7312050 100644 --- a/lib/libpam/modules/pam_nologin/Makefile +++ b/lib/libpam/modules/pam_tacplus/Makefile @@ -1,4 +1,4 @@ -# Copyright 2001 Mark R V Murray +# Copyright 1998 Juniper Networks, Inc. # All rights reserved. # # Redistribution and use in source and binary forms, with or without @@ -22,13 +22,13 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $FreeBSD: src/lib/libpam/modules/pam_nologin/Makefile,v 1.7 2003/03/09 20:06:36 obrien Exp $ +# $FreeBSD: head/lib/libpam/modules/pam_tacplus/Makefile 275024 2014-11-25 11:07:26Z bapt $ -LIB= pam_nologin -SRCS= pam_nologin.c -MAN= pam_nologin.8 +LIB= pam_tacplus +SRCS= pam_tacplus.c +MAN= pam_tacplus.8 -DPADD= ${LIBUTIL} -LDADD= -lutil +DPADD= ${LIBTACPLUS} +LDADD= -ltacplus .include diff --git a/lib/libpam/modules/pam_tacplus/pam_tacplus.8 b/lib/libpam/modules/pam_tacplus/pam_tacplus.8 index affaf64940..b6b4af84e1 100644 --- a/lib/libpam/modules/pam_tacplus/pam_tacplus.8 +++ b/lib/libpam/modules/pam_tacplus/pam_tacplus.8 @@ -32,7 +32,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $FreeBSD: src/lib/libpam/modules/pam_tacplus/pam_tacplus.8,v 1.4 2004/07/02 23:52:18 ru Exp $ +.\" $FreeBSD: head/lib/libpam/modules/pam_tacplus/pam_tacplus.8 267773 2014-06-23 08:23:05Z bapt $ .\" .Dd August 2, 1999 .Dt PAM_TACPLUS 8 diff --git a/lib/libpam/modules/pam_tacplus/pam_tacplus.c b/lib/libpam/modules/pam_tacplus/pam_tacplus.c index 1d66fb2595..555c0a0406 100644 --- a/lib/libpam/modules/pam_tacplus/pam_tacplus.c +++ b/lib/libpam/modules/pam_tacplus/pam_tacplus.c @@ -1,4 +1,6 @@ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright 1998 Juniper Networks, Inc. * All rights reserved. * Copyright (c) 2001-2003 Networks Associates Technology, Inc. @@ -33,8 +35,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/lib/libpam/modules/pam_tacplus/pam_tacplus.c,v 1.14 2003/05/31 17:19:03 des Exp $ - * $DragonFly: src/lib/pam_module/pam_tacplus/pam_tacplus.c,v 1.1 2005/07/12 22:34:55 joerg Exp $ + * $FreeBSD: head/lib/libpam/modules/pam_tacplus/pam_tacplus.c 326219 2017-11-26 02:00:33Z pfg $ */ #include diff --git a/lib/libpam/modules/pam_nologin/Makefile b/lib/libpam/modules/pam_unix/Makefile similarity index 61% copy from lib/libpam/modules/pam_nologin/Makefile copy to lib/libpam/modules/pam_unix/Makefile index f76b7da220..932aa5bf45 100644 --- a/lib/libpam/modules/pam_nologin/Makefile +++ b/lib/libpam/modules/pam_unix/Makefile @@ -1,5 +1,12 @@ -# Copyright 2001 Mark R V Murray +# Copyright 1998 Juniper Networks, Inc. # All rights reserved. +# Copyright (c) 2002 Networks Associates Technology, Inc. +# All rights reserved. +# +# Portions of this software was developed for the FreeBSD Project by +# ThinkSec AS and NAI Labs, the Security Research Division of Network +# Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +# ("CBOSS"), as part of the DARPA CHATS research program. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions @@ -9,6 +16,9 @@ # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. +# 3. The name of the author may not be used to endorse or promote +# products derived from this software without specific prior written +# permission. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE @@ -22,13 +32,19 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $FreeBSD: src/lib/libpam/modules/pam_nologin/Makefile,v 1.7 2003/03/09 20:06:36 obrien Exp $ +# $FreeBSD: head/lib/libpam/modules/pam_unix/Makefile 275024 2014-11-25 11:07:26Z bapt $ + +LIB= pam_unix +SRCS= pam_unix.c +MAN= pam_unix.8 -LIB= pam_nologin -SRCS= pam_nologin.c -MAN= pam_nologin.8 +DPADD= ${LIBCRYPT} ${LIBUTIL} +LDADD= -lcrypt -lutil -DPADD= ${LIBUTIL} -LDADD= -lutil +.if !defined(NO_NIS) +CFLAGS+= -DYP +DPADD+= ${LIBYPCLNT} +LDADD+= -lypclnt +.endif .include diff --git a/lib/libpam/modules/pam_unix/pam_unix.8 b/lib/libpam/modules/pam_unix/pam_unix.8 index 4f1b76dbdd..7bfd424fea 100644 --- a/lib/libpam/modules/pam_unix/pam_unix.8 +++ b/lib/libpam/modules/pam_unix/pam_unix.8 @@ -32,7 +32,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $FreeBSD: src/lib/libpam/modules/pam_unix/pam_unix.8,v 1.17 2011/11/02 23:40:21 des Exp $ +.\" $FreeBSD: head/lib/libpam/modules/pam_unix/pam_unix.8 227044 2011-11-02 23:40:21Z des $ .\" .Dd June 20, 2009 .Dt PAM_UNIX 8 diff --git a/lib/libpam/modules/pam_unix/pam_unix.c b/lib/libpam/modules/pam_unix/pam_unix.c index c444b33280..45f3889f50 100644 --- a/lib/libpam/modules/pam_unix/pam_unix.c +++ b/lib/libpam/modules/pam_unix/pam_unix.c @@ -1,4 +1,6 @@ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright 1998 Juniper Networks, Inc. * All rights reserved. * Copyright (c) 2002-2003 Networks Associates Technology, Inc. @@ -33,7 +35,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/lib/libpam/modules/pam_unix/pam_unix.c,v 1.56 2011/11/05 10:00:29 ed Exp $ + * $FreeBSD: head/lib/libpam/modules/pam_unix/pam_unix.c 326219 2017-11-26 02:00:33Z pfg $ */ #include @@ -94,13 +96,13 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, char *cryptpw; if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) { - pwd = getpwnam(getlogin()); + user = getlogin(); } else { retval = pam_get_user(pamh, &user, NULL); if (retval != PAM_SUCCESS) return (retval); - pwd = getpwnam(user); } + pwd = getpwnam(user); PAM_LOG("Got user: %s", user); @@ -111,6 +113,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, if (!(flags & PAM_DISALLOW_NULL_AUTHTOK) && openpam_get_option(pamh, PAM_OPT_NULLOK)) return (PAM_SUCCESS); + PAM_LOG("Password is empty, using fake password"); realpw = "*"; } lc = login_getpwclass(pwd); @@ -125,6 +128,10 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, if (retval != PAM_SUCCESS) return (retval); PAM_LOG("Got password"); + if (strnlen(pass, _PASSWORD_LEN + 1) > _PASSWORD_LEN) { + PAM_LOG("Password is too long, using fake password"); + realpw = "*"; + } cryptpw = crypt(pass, realpw); if (cryptpw != NULL && strcmp(cryptpw, realpw) == 0) return (PAM_SUCCESS); @@ -279,13 +286,13 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int pfd, tfd, retval; if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) - pwd = getpwnam(getlogin()); + user = getlogin(); else { retval = pam_get_user(pamh, &user, NULL); if (retval != PAM_SUCCESS) return (retval); - pwd = getpwnam(user); } + pwd = getpwnam(user); if (pwd == NULL) return (PAM_AUTHTOK_RECOVERY_ERR); @@ -333,6 +340,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, * XXX check PAM_DISALLOW_NULL_AUTHTOK */ old_pass = ""; + retval = PAM_SUCCESS; } else { retval = pam_get_authtok(pamh, PAM_OLDAUTHTOK, &old_pass, NULL); -- 2.11.4.GIT