isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
3,973 Commits 1 Branch 0 Tags
e6c0ba72f3ef277da308bf473653ae5a78ba676d
Commit Graph

59 Commits

Author SHA1 Message Date
Todd C. Miller
5a04b3ff9d Add --disable-pam-session configure option to disable calling 
pam_{open,close}_session.  May work around bugs in some PAM
implementations.
 2007-10-09 00:04:48 +00:00
Todd C. Miller
4f5e88532f PAM wants the full tty path so add user_ttypath which holds the 
full path to the tty or is NULL if no tty was present.
 2007-09-13 23:05:34 +00:00
Todd C. Miller
bb07eea18f Set PAM_RHOST to work around a bug in Solaris 7 and lower that 
results in a segv.
 2007-09-13 22:42:15 +00:00
Todd C. Miller
19fa259480 Remove support for compilers that don't support void * 2007-08-31 23:30:07 +00:00
Todd C. Miller
42ac4fb2cf Run cleanup code if the user hits ^C at the password prompt. 2007-07-22 12:14:18 +00:00
Todd C. Miller
b166928bac Some versions of pam_lastlog have a bug that will cause a crash if 
PAM_TTY is not set so if there is no tty, set PAM_TTY to the empty
string.
 2007-07-22 12:13:07 +00:00
Todd C. Miller
f2433e0368 Linux PAM now defines __LINUX_PAM__, not __LIBPAM_VERSION. 
From Dmitry V. Levin.
 2007-04-20 16:40:59 +00:00
Todd C. Miller
8d97a8d20f If the user enters ^C at the password prompt, abort instead of 
trying to authenticate with an empty password (which causes an
annoying delay).
 2006-09-29 14:53:42 +00:00
Todd C. Miller
d281ff77e2 Fix call to pam_end() when pam_open_session() fails. 2005-06-25 18:29:17 +00:00
Todd C. Miller
d3b45ae3f1 Call pam_open_session() and pam_close_session() to give pam_limits a 
chance to run.  Idea from Karel Zak.
 2005-05-27 05:59:02 +00:00
Todd C. Miller
778d587063 Update copyright years. 2005-02-12 22:56:07 +00:00
Todd C. Miller
6548e82f20 Give user a clue when there is a missing "account" section in the PAM config. 2005-02-05 18:01:55 +00:00
Todd C. Miller
e6f51aa1af Better error handling. 2005-02-05 15:22:46 +00:00
Todd C. Miller
f7adbaddce Fix typo (missing comma) that caused an incorrect number of args 
to be passed to log_error().
 2005-02-05 02:49:53 +00:00
Todd C. Miller
3b8b88407f Add __unused to rcsids 2005-01-27 15:42:30 +00:00
Todd C. Miller
2c2daa8eca Use: #include <config.h> 
Not: #include "config.h"
That way we get the correct config.h when build dir != src dir
 2004-11-19 18:39:14 +00:00
Todd C. Miller
529d2d200e Use pam_acct_mgmt() to check for disabled accounts; Brian Farrell 2004-06-28 14:51:50 +00:00
Todd C. Miller
ecdfa6373f update (c) year 2004-06-07 00:02:56 +00:00
Todd C. Miller
77791e7ab3 Remove trailing spaces, no actual code changes. 2004-06-06 23:58:15 +00:00
Todd C. Miller
56b5cbc899 More to a less restrictive, ISC-style license. 2004-02-13 21:36:47 +00:00
Todd C. Miller
c4a8ab8b99 Use the SET, CLR and ISSET macros. 2004-01-29 22:33:58 +00:00
Todd C. Miller
149862cd9d Move PAM_CONST macro definition from config.h to pam.c where it belongs. 
We can't have this in config.h since that gets included too early.
 2004-01-09 19:39:00 +00:00
Todd C. Miller
aa4eb97ed5 Some PAM implementations put their headers in /usr/include/pam instead 
of /usr/include/security.
 2004-01-09 19:35:54 +00:00
Todd C. Miller
3944237480 Add a zero_bytes() function to do the equivalent of bzero in such a 
way that will heopfully not be optimized away by sneaky compilers.
 2003-12-31 22:46:10 +00:00
Todd C. Miller
6ad252765b Create def_* macros for each defaults value so we no longer need 
the def_{flag,ival,str,list,mode} macros (which have been removed).
This is a step toward more flexible data types in def_data.in.
 2003-12-30 22:20:21 +00:00
Todd C. Miller
d619fd43a1 Fix a core dump on Solaris by preserving the pam_handle_t we used 
during authentication for pam_prep_user().  If we didn't authenticate
(ie: ticket still valid), we call pam_init() from pam_prep_user().
This is something of a hack; it may be better to change the auth
API and add an auth_final() function that acts like pam_prep_user().
 2003-06-29 01:31:55 +00:00
Todd C. Miller
8b45d6459c add DARPA credit on affected files 2003-04-16 00:42:10 +00:00
Todd C. Miller
d6a9e16d95 update copyright year 2003-03-15 20:37:44 +00:00
Todd C. Miller
b49046433a Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to 
the global copy.  Problem noted by Peter Pentchev.
 2002-12-13 16:33:26 +00:00
Todd C. Miller
abb4e1ad35 Sprinkle some volatile qualifiers to prevent over-enthusiastic 
optimizers from removing memset() calls.
 2002-11-22 19:41:13 +00:00
Todd C. Miller
ef1f01874c Zero and free allocated memory when there is a conversation error. 2002-01-22 16:43:23 +00:00
Todd C. Miller
d195bd7f1b Make this compile w/o warnings 2002-01-21 22:46:02 +00:00
Todd C. Miller
a61088a434 Mention that we can't use pam_acct_mgmt() 2002-01-21 22:36:33 +00:00
Todd C. Miller
0ebe32423f The user's password was not zeroed after use when AIX authentication, 
BSD authentication, FWTK or PAM was in use.
 2002-01-21 22:25:14 +00:00
Todd C. Miller
73979f1a24 Avoid giving PAM a NULL password response, use the empty string instead. 
This avoids a log warning when the user hits ^C at the password prompt
when PAM is in use.
 2002-01-20 19:21:33 +00:00
Todd C. Miller
3a6c0ea2e6 Don't check the return value of pam_setcred(). In Linux-PAM 0.75 
pam_setcred() returns the last saved return code, not the return
code for the setcred module.  Because we haven't called pam_authenticate(),
this is not set and so pam_setcred() returns PAM_PERM_DENIED.
 2002-01-20 00:46:44 +00:00
Todd C. Miller
9a78f6e759 o Add pam_prep_user function to call pam_setcred() for the target user; 
on Linux this often sets resource limits.
o When calling pam_end(), try to convert the auth->result to a PAM_FOO
  value.  This is a hack--we really need to stash the last PAM_FOO
  value received and use that instead.
 2001-12-31 17:18:12 +00:00
Todd C. Miller
79df2fa423 Apparently a NULL response is OK 2001-12-15 02:21:53 +00:00
Todd C. Miller
65fad4df35 o Reorder some headers and use STDC_HEADERS define properly 
o Update copyright year
 2001-12-14 19:52:54 +00:00
Todd C. Miller
88951a3b9d Be carefule now that tgetpass() can return NULL (user hit ^C). 
PAM version needs testing.
Set SIGTSTP to SIG_DFL during password entry so user can suspend us.
 2001-12-09 05:17:00 +00:00
Todd C. Miller
16e6a3b84a Some defaults I_ defines got renamed. 2000-12-31 01:39:06 +00:00
Todd C. Miller
7a93a4aa75 minor housekeeping, no real code changes 2000-10-29 22:30:22 +00:00
Todd C. Miller
7dce46e8cc Backout part of last change; setting PAM_USER to the invoking user 
breaks things like targetpw.
 2000-05-09 16:05:41 +00:00
Todd C. Miller
b6becc5775 set tty and username via pam_set_item 2000-05-09 15:52:31 +00:00
Todd C. Miller
54fbe08545 Added -S flag (read passwd from stdin) and tgetpass_flags global 
that holds flags to be passed in to tgetpass().  Change echo_off
param to tgetpass() into a flags field.  There are currently 2
possible flags for tgetpass(): TGP_ECHO and TGP_STDIN.  In tgetpass(),
abstract the echo set/clear via macros and if (flags & TGP_ECHO)
but echo is not set on the terminal, but sure to set it.
 2000-02-27 03:49:07 +00:00
Todd C. Miller
0ced99391e correct a comment 2000-01-24 03:23:40 +00:00
Todd C. Miller
15a1669d55 Better detection of PAM errors and fix custom prompts with PAM. 
Based on patches from "Cloyce D. Spradling" <cloyce@headgear.org>
 2000-01-24 02:59:12 +00:00
Todd C. Miller
1c5e61db4b make pam errors other than PAM_PERM_DENIED fatal 1999-11-23 18:27:00 +00:00
Todd C. Miller
dab213c3ee fix a warning on redhat and spew an error if pam_authenticate() returns an error other than AUTH_SUCCESS or PAM_PERM_DENIED 1999-11-23 18:06:45 +00:00
Todd C. Miller
7769bf6a32 o Change defaults stuff to put the value right in the struct. 
o Implement mailer_flags
o Store syslog stuff both in int and string form.  Setting the string
  form magically updates the int version.
o Add boolean attribute to strings where it makes sense to say !foo
 1999-10-07 21:21:08 +00:00