isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
3,435 Commits 1 Branch 0 Tags
2d1e360e8352f15dce9df95c45b733ceea7624e2
Commit Graph

122 Commits

Author SHA1 Message Date
Todd C. Miller
529d2d200e Use pam_acct_mgmt() to check for disabled accounts; Brian Farrell 2004-06-28 14:51:50 +00:00
Todd C. Miller
ecdfa6373f update (c) year 2004-06-07 00:02:56 +00:00
Todd C. Miller
8268535ccc update (c) year 2004-06-07 00:02:56 +00:00
Todd C. Miller
77791e7ab3 Remove trailing spaces, no actual code changes. 2004-06-06 23:58:15 +00:00
Todd C. Miller
631cbc2857 krb5_mcc_ops should be const; Johnny C. Lam 2004-03-22 18:35:09 +00:00
Todd C. Miller
d2fa9af02d More to a less restrictive, ISC-style license. 2004-02-13 21:36:49 +00:00
Todd C. Miller
56b5cbc899 More to a less restrictive, ISC-style license. 2004-02-13 21:36:47 +00:00
Todd C. Miller
1a1009c060 More to a less restrictive, ISC-style license. 2004-02-13 21:36:47 +00:00
Todd C. Miller
d58c9f6f99 More to a less restrictive, ISC-style license. 2004-02-13 21:36:47 +00:00
Todd C. Miller
a1fa5aec5c More to a less restrictive, ISC-style license. 2004-02-13 21:36:47 +00:00
Todd C. Miller
c4a8ab8b99 Use the SET, CLR and ISSET macros. 2004-01-29 22:33:58 +00:00
Todd C. Miller
ae1a984afc Add support for chalnecho and display server responses used by fwtk >= 2.0 2004-01-15 20:13:47 +00:00
Todd C. Miller
149862cd9d Move PAM_CONST macro definition from config.h to pam.c where it belongs. 
We can't have this in config.h since that gets included too early.
 2004-01-09 19:39:00 +00:00
Todd C. Miller
aa4eb97ed5 Some PAM implementations put their headers in /usr/include/pam instead 
of /usr/include/security.
 2004-01-09 19:35:54 +00:00
Todd C. Miller
3944237480 Add a zero_bytes() function to do the equivalent of bzero in such a 
way that will heopfully not be optimized away by sneaky compilers.
 2003-12-31 22:46:10 +00:00
Todd C. Miller
6ad252765b Create def_* macros for each defaults value so we no longer need 
the def_{flag,ival,str,list,mode} macros (which have been removed).
This is a step toward more flexible data types in def_data.in.
 2003-12-30 22:20:21 +00:00
Todd C. Miller
d619fd43a1 Fix a core dump on Solaris by preserving the pam_handle_t we used 
during authentication for pam_prep_user().  If we didn't authenticate
(ie: ticket still valid), we call pam_init() from pam_prep_user().
This is something of a hack; it may be better to change the auth
API and add an auth_final() function that acts like pam_prep_user().
 2003-06-29 01:31:55 +00:00
Todd C. Miller
c03ffb1972 remove errant semicolon that prevented compilation under heimdal 2003-04-21 18:47:05 +00:00
Todd C. Miller
505b424a56 add DARPA credit on affected files 2003-04-16 00:42:10 +00:00
Todd C. Miller
8b45d6459c add DARPA credit on affected files 2003-04-16 00:42:10 +00:00
Todd C. Miller
94567681a7 add DARPA credit on affected files 2003-04-16 00:42:10 +00:00
Todd C. Miller
4a2da4c965 Use krb5_princ_component() instead of krb5_princ_realm() for MIT Kerberos 
like we did before I messed things up ;-)

Use krb5_principal_get_comp_string() to do the same thing w/ Heimdal.
I'm not sure if the component should be 0 or 1 in this case.

#define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since
older versions lack ENCTYPE_DES_CBC_MD5.  This is gross and there
should be a configure check for this I guess.
 2003-04-14 20:49:27 +00:00
Todd C. Miller
cfeec138e1 Make this compile on Heimdal and MIT Kerberos 5 2003-04-04 17:46:57 +00:00
Todd C. Miller
d220757146 Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former 
is no longer defined by MIT kerb5 (though it used to be and indeed
remains so in Heimdal).
 2003-04-04 03:04:09 +00:00
Todd C. Miller
58887b76b0 Correct number of args to krb5_principal_get_realm() and fix an unclosed 
comment that hid the bug.
 2003-04-02 18:57:34 +00:00
Todd C. Miller
dcf1a5acce Use warn/err and getprogname() throughout. The main exception is 
openlog().  Since the admin may be filtering logs based on the
program name in the log files, hard code this to "sudo".
 2003-04-02 18:25:30 +00:00
Todd C. Miller
c4dd20ab7f typo 2003-03-20 04:49:58 +00:00
Todd C. Miller
ecee620389 Kill remaining strcpy(), the programmer's guide says username is 32 bytes. 2003-03-16 03:03:32 +00:00
Todd C. Miller
d2ced184ec trat uid_t as unsigned long for printf and use snprintf, not sprintf 2003-03-16 02:18:57 +00:00
Todd C. Miller
dc39c56502 use snprintf 2003-03-16 02:18:34 +00:00
Todd C. Miller
d6a9e16d95 update copyright year 2003-03-15 20:37:44 +00:00
Todd C. Miller
80013dd915 Make this compile w/ Heimdal and fix some gcc warnings. 2003-03-15 19:10:38 +00:00
Todd C. Miller
27ffee8ac0 skeychallenge() on NetBSD take a size parameter 2003-03-14 02:47:55 +00:00
Todd C. Miller
b49046433a Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to 
the global copy.  Problem noted by Peter Pentchev.
 2002-12-13 16:33:26 +00:00
Todd C. Miller
abb4e1ad35 Sprinkle some volatile qualifiers to prevent over-enthusiastic 
optimizers from removing memset() calls.
 2002-11-22 19:41:13 +00:00
Todd C. Miller
3437e96a38 Fix rcsid 2002-05-20 20:51:23 +00:00
Todd C. Miller
16547b2ef8 SecurID API version 5 support from Michael Stroucken 2002-05-17 17:04:10 +00:00
Todd C. Miller
c289159953 g/c second arg to set_perms--it is no longer used 2002-05-05 00:43:38 +00:00
Todd C. Miller
763db0e631 #undef VOID to get rid of an AFS warning 2002-04-18 15:39:19 +00:00
Todd C. Miller
ef1f01874c Zero and free allocated memory when there is a conversation error. 2002-01-22 16:43:23 +00:00
Todd C. Miller
33efe1270f Use sigaction() not signal() 2002-01-22 03:37:55 +00:00
Todd C. Miller
d195bd7f1b Make this compile w/o warnings 2002-01-21 22:46:02 +00:00
Todd C. Miller
a61088a434 Mention that we can't use pam_acct_mgmt() 2002-01-21 22:36:33 +00:00
Todd C. Miller
0ebe32423f The user's password was not zeroed after use when AIX authentication, 
BSD authentication, FWTK or PAM was in use.
 2002-01-21 22:25:14 +00:00
Todd C. Miller
73979f1a24 Avoid giving PAM a NULL password response, use the empty string instead. 
This avoids a log warning when the user hits ^C at the password prompt
when PAM is in use.
 2002-01-20 19:21:33 +00:00
Todd C. Miller
3a6c0ea2e6 Don't check the return value of pam_setcred(). In Linux-PAM 0.75 
pam_setcred() returns the last saved return code, not the return
code for the setcred module.  Because we haven't called pam_authenticate(),
this is not set and so pam_setcred() returns PAM_PERM_DENIED.
 2002-01-20 00:46:44 +00:00
Todd C. Miller
05d1f02909 Return AUTH_FAILURE in passwd_init() if skeyaccess() denies access 
to normal passwords, not AUTH_FATAL (which just causes an exit).
 2002-01-17 15:56:15 +00:00
Todd C. Miller
437464847c skeyaccess() wants a struct passwd * not a char *; Patch from Phillip E. Lobbes 2002-01-17 05:24:28 +00:00
Todd C. Miller
9a78f6e759 o Add pam_prep_user function to call pam_setcred() for the target user; 
on Linux this often sets resource limits.
o When calling pam_end(), try to convert the auth->result to a PAM_FOO
  value.  This is a hack--we really need to stash the last PAM_FOO
  value received and use that instead.
 2001-12-31 17:18:12 +00:00
Todd C. Miller
79df2fa423 Apparently a NULL response is OK 2001-12-15 02:21:53 +00:00