isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,907 Commits 1 Branch 0 Tags
aa698f905ef1dd3732b09c2cad8e2ec538da1fc5
Commit Graph

96 Commits

Author SHA1 Message Date
Todd C. Miller
c4dd20ab7f typo 2003-03-20 04:49:58 +00:00
Todd C. Miller
ecee620389 Kill remaining strcpy(), the programmer's guide says username is 32 bytes. 2003-03-16 03:03:32 +00:00
Todd C. Miller
d2ced184ec trat uid_t as unsigned long for printf and use snprintf, not sprintf 2003-03-16 02:18:57 +00:00
Todd C. Miller
dc39c56502 use snprintf 2003-03-16 02:18:34 +00:00
Todd C. Miller
d6a9e16d95 update copyright year 2003-03-15 20:37:44 +00:00
Todd C. Miller
80013dd915 Make this compile w/ Heimdal and fix some gcc warnings. 2003-03-15 19:10:38 +00:00
Todd C. Miller
27ffee8ac0 skeychallenge() on NetBSD take a size parameter 2003-03-14 02:47:55 +00:00
Todd C. Miller
b49046433a Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to 
the global copy.  Problem noted by Peter Pentchev.
 2002-12-13 16:33:26 +00:00
Todd C. Miller
abb4e1ad35 Sprinkle some volatile qualifiers to prevent over-enthusiastic 
optimizers from removing memset() calls.
 2002-11-22 19:41:13 +00:00
Todd C. Miller
3437e96a38 Fix rcsid 2002-05-20 20:51:23 +00:00
Todd C. Miller
16547b2ef8 SecurID API version 5 support from Michael Stroucken 2002-05-17 17:04:10 +00:00
Todd C. Miller
c289159953 g/c second arg to set_perms--it is no longer used 2002-05-05 00:43:38 +00:00
Todd C. Miller
763db0e631 #undef VOID to get rid of an AFS warning 2002-04-18 15:39:19 +00:00
Todd C. Miller
ef1f01874c Zero and free allocated memory when there is a conversation error. 2002-01-22 16:43:23 +00:00
Todd C. Miller
33efe1270f Use sigaction() not signal() 2002-01-22 03:37:55 +00:00
Todd C. Miller
d195bd7f1b Make this compile w/o warnings 2002-01-21 22:46:02 +00:00
Todd C. Miller
a61088a434 Mention that we can't use pam_acct_mgmt() 2002-01-21 22:36:33 +00:00
Todd C. Miller
0ebe32423f The user's password was not zeroed after use when AIX authentication, 
BSD authentication, FWTK or PAM was in use.
 2002-01-21 22:25:14 +00:00
Todd C. Miller
73979f1a24 Avoid giving PAM a NULL password response, use the empty string instead. 
This avoids a log warning when the user hits ^C at the password prompt
when PAM is in use.
 2002-01-20 19:21:33 +00:00
Todd C. Miller
3a6c0ea2e6 Don't check the return value of pam_setcred(). In Linux-PAM 0.75 
pam_setcred() returns the last saved return code, not the return
code for the setcred module.  Because we haven't called pam_authenticate(),
this is not set and so pam_setcred() returns PAM_PERM_DENIED.
 2002-01-20 00:46:44 +00:00
Todd C. Miller
05d1f02909 Return AUTH_FAILURE in passwd_init() if skeyaccess() denies access 
to normal passwords, not AUTH_FATAL (which just causes an exit).
 2002-01-17 15:56:15 +00:00
Todd C. Miller
437464847c skeyaccess() wants a struct passwd * not a char *; Patch from Phillip E. Lobbes 2002-01-17 05:24:28 +00:00
Todd C. Miller
9a78f6e759 o Add pam_prep_user function to call pam_setcred() for the target user; 
on Linux this often sets resource limits.
o When calling pam_end(), try to convert the auth->result to a PAM_FOO
  value.  This is a hack--we really need to stash the last PAM_FOO
  value received and use that instead.
 2001-12-31 17:18:12 +00:00
Todd C. Miller
79df2fa423 Apparently a NULL response is OK 2001-12-15 02:21:53 +00:00
Todd C. Miller
152e745d71 o Update copyright year 2001-12-14 19:55:01 +00:00
Todd C. Miller
65fad4df35 o Reorder some headers and use STDC_HEADERS define properly 
o Update copyright year
 2001-12-14 19:52:54 +00:00
Todd C. Miller
e299dee342 Add support for skeyaccess(3) if it is present in libskey. 2001-12-14 06:15:08 +00:00
Todd C. Miller
88951a3b9d Be carefule now that tgetpass() can return NULL (user hit ^C). 
PAM version needs testing.
Set SIGTSTP to SIG_DFL during password entry so user can suspend us.
 2001-12-09 05:17:00 +00:00
Todd C. Miller
de9d655ea6 Add mail_badpass option 
Also modify mail_always behavior to also send mail when the password is wrong
 2001-11-12 18:13:03 +00:00
Todd C. Miller
16e6a3b84a Some defaults I_ defines got renamed. 2000-12-31 01:39:06 +00:00
Todd C. Miller
92f5fad805 check return value of creadcfg() 
call sd_close() after sd_auth()
store username in sd->username so we don't rely on the USER env variable
 2000-10-31 19:16:52 +00:00
Todd C. Miller
2ec9c6a45d When prompting for a response to a challenge, if the user just hits return 
then reprompt with echo turned on.
 2000-10-30 03:45:11 +00:00
Todd C. Miller
84baa91273 Use lower-level routines and get the password ourselves. 
Checks for a challenge and if there is one echo is not turned off.
 2000-10-29 22:31:13 +00:00
Todd C. Miller
7a93a4aa75 minor housekeeping, no real code changes 2000-10-29 22:30:22 +00:00
Todd C. Miller
0208b22686 Add support for BSD authentication. 2000-10-26 16:42:40 +00:00
Todd C. Miller
7dce46e8cc Backout part of last change; setting PAM_USER to the invoking user 
breaks things like targetpw.
 2000-05-09 16:05:41 +00:00
Todd C. Miller
b6becc5775 set tty and username via pam_set_item 2000-05-09 15:52:31 +00:00
Todd C. Miller
165bd7fafb Fix root, runas, and target authentication for non-passwd file auth 
methods.
 2000-05-09 15:42:38 +00:00
Todd C. Miller
4d4ed8c166 Better fix for handling HP-UX aging info. 2000-03-23 00:27:41 +00:00
Todd C. Miller
cbd8898687 HP-UX adds extra info at the end for password aging so when comparing 
the result of crypt to pw_passwd we only compare the first len(epass)
bytes *unless* the user entered an empty string for a password.
 2000-03-13 20:52:25 +00:00
Todd C. Miller
4ea67119ea HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes secureware support 2000-03-06 19:42:21 +00:00
Todd C. Miller
8a7226ad7d Truncate unencrypted password to 8 chars if encrypted password is exactly 
13 characters (indicateing standard a DES password).  Many versions
of crypt() do this for you, but not all (like HP-UX's).
 2000-03-03 23:04:50 +00:00
Todd C. Miller
54fbe08545 Added -S flag (read passwd from stdin) and tgetpass_flags global 
that holds flags to be passed in to tgetpass().  Change echo_off
param to tgetpass() into a flags field.  There are currently 2
possible flags for tgetpass(): TGP_ECHO and TGP_STDIN.  In tgetpass(),
abstract the echo set/clear via macros and if (flags & TGP_ECHO)
but echo is not set on the terminal, but sure to set it.
 2000-02-27 03:49:07 +00:00
Todd C. Miller
0ced99391e correct a comment 2000-01-24 03:23:40 +00:00
Todd C. Miller
15a1669d55 Better detection of PAM errors and fix custom prompts with PAM. 
Based on patches from "Cloyce D. Spradling" <cloyce@headgear.org>
 2000-01-24 02:59:12 +00:00
Todd C. Miller
8446da40fb Don't allow insults to be enabled if the insults[] array is empty. 
Otherwise there would be division by zero.
 1999-12-06 06:47:19 +00:00
Todd C. Miller
c85a0b9bc4 Honor insults flag. 1999-12-06 06:23:29 +00:00
Todd C. Miller
a6a2b564d0 SecurID support should compile now. 1999-12-02 20:21:31 +00:00
Todd C. Miller
1c5e61db4b make pam errors other than PAM_PERM_DENIED fatal 1999-11-23 18:27:00 +00:00
Todd C. Miller
4fd3e643bf fix typo 1999-11-23 18:07:16 +00:00