CVS log for src/lib/libpam/modules/pam_krb5/pam_krb5.c
Up to [cvs.NetBSD.org] / src / lib / libpam / modules / pam_krb5
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
Revision 1.26.18.2: download - view: text, markup, annotated - select for diffs
Mon Oct 2 13:09:01 2023 UTC (14 months ago) by martin
Branches: netbsd-8
CVS tags: netbsd-8-3-RELEASE
Diff to: previous 1.26.18.1: preferred, colored; branchpoint 1.26: preferred, colored; next MAIN 1.27: preferred, colored
Changes since revision 1.26.18.1: +5 -3
lines
Pull up following revision(s) (requested by riastradh in ticket #1898):
lib/libpam/modules/pam_krb5/pam_krb5.c: revision 1.32
pam_krb5: Fix PR lib/57631.
Loose ends in the fix for NetBSD-SA2023-006 that weren't caught by
review or, somehow, by my own testing. Evidently we need automatic
tests for this pam business.
Revision 1.26.28.2: download - view: text, markup, annotated - select for diffs
Mon Oct 2 13:07:12 2023 UTC (14 months ago) by martin
Branches: netbsd-9
CVS tags: netbsd-9-4-RELEASE
Diff to: previous 1.26.28.1: preferred, colored; branchpoint 1.26: preferred, colored; next MAIN 1.27: preferred, colored
Changes since revision 1.26.28.1: +5 -3
lines
Pull up following revision(s) (requested by riastradh in ticket #1734):
lib/libpam/modules/pam_krb5/pam_krb5.c: revision 1.32
pam_krb5: Fix PR lib/57631.
Loose ends in the fix for NetBSD-SA2023-006 that weren't caught by
review or, somehow, by my own testing. Evidently we need automatic
tests for this pam business.
Revision 1.30.2.2: download - view: text, markup, annotated - select for diffs
Mon Oct 2 13:05:41 2023 UTC (14 months ago) by martin
Branches: netbsd-10
CVS tags: netbsd-10-0-RELEASE,
netbsd-10-0-RC6,
netbsd-10-0-RC5,
netbsd-10-0-RC4,
netbsd-10-0-RC3,
netbsd-10-0-RC2,
netbsd-10-0-RC1
Diff to: previous 1.30.2.1: preferred, colored; branchpoint 1.30: preferred, colored; next MAIN 1.31: preferred, colored
Changes since revision 1.30.2.1: +5 -3
lines
Pull up following revision(s) (requested by riastradh in ticket #380):
lib/libpam/modules/pam_krb5/pam_krb5.c: revision 1.32
pam_krb5: Fix PR lib/57631.
Loose ends in the fix for NetBSD-SA2023-006 that weren't caught by
review or, somehow, by my own testing. Evidently we need automatic
tests for this pam business.
Revision 1.32: download - view: text, markup, annotated - select for diffs
Thu Sep 28 02:31:04 2023 UTC (14 months, 1 week ago) by riastradh
Branches: MAIN
CVS tags: perseant-exfatfs-base-20240630,
perseant-exfatfs-base,
perseant-exfatfs,
HEAD
Diff to: previous 1.31: preferred, colored
Changes since revision 1.31: +5 -3
lines
pam_krb5: Fix PR lib/57631.
Loose ends in the fix for NetBSD-SA2023-006 that weren't caught by
review or, somehow, by my own testing. Evidently we need automatic
tests for this pam business.
XXX pullup-10
XXX pullup-9
XXX pullup-8
Revision 1.26.18.1: download - view: text, markup, annotated - select for diffs
Wed Jun 21 22:04:13 2023 UTC (17 months, 2 weeks ago) by martin
Branches: netbsd-8
Diff to: previous 1.26: preferred, colored
Changes since revision 1.26: +96 -39
lines
Pull up following revision(s) (requested by riastradh in ticket #1844):
lib/libpam/modules/pam_krb5/pam_krb5.c: revision 1.31
lib/libpam/modules/pam_krb5/pam_krb5.8: revision 1.13
pam_krb5: Refuse to operate without a key to verify tickets.
New allow_kdc_spoof overrides this to restore previous behaviour
which was vulnerable to KDC spoofing, because without a host or
service key, pam_krb5 can't distinguish the legitimate KDC from a
spoofed one.
This way, having pam_krb5 enabled isn't dangerous even if you create
an empty /etc/krb5.conf to use client SSO without any host services.
Perhaps this should use krb5_verify_init_creds(3) instead, and
thereby respect the rather obscurely named krb5.conf option
verify_ap_req_nofail like the Linux pam_krb5 does, but:
- verify_ap_req_nofail is default-off (i.e., vulnerable by default),
- changing verify_ap_req_nofail to default-on would probably affect
more things and therefore be riskier,
- allow_kdc_spoof is a much clearer way to spell the idea,
- this patch is a smaller semantic change and thus less risky, and
- a security change with compatibility issues shouldn't have a
workaround that might introduce potentially worse security issues
or more compatibility issues.
Perhaps this should use krb5_verify_user(3) with secure=1 instead,
for simplicity, but it's not clear how to do that without first
prompting for the password -- which we shouldn't do at all if we
later decide we won't be able to use it anyway -- and without
repeating a bunch of the logic here anyway to pick the service name.
References about verify_ap_req_nofail:
- mit-krb5 discussion about verify_ap_req_nofail:
https://mailman.mit.edu/pipermail/krbdev/2011-January/009778.html
- Oracle has the default-secure setting in their krb5 system:
https://docs.oracle.com/cd/E26505_01/html/E27224/setup-148.html
https://docs.oracle.com/cd/E26505_01/html/816-5174/krb5.conf-4.html#REFMAN4krb5.conf-4
https://docs.oracle.com/cd/E19253-01/816-4557/gihyu/
- Heimdal issue on verify_ap_req_nofail default:
https://github.com/heimdal/heimdal/issues/1129
Revision 1.26.28.1: download - view: text, markup, annotated - select for diffs
Wed Jun 21 22:00:57 2023 UTC (17 months, 2 weeks ago) by martin
Branches: netbsd-9
Diff to: previous 1.26: preferred, colored
Changes since revision 1.26: +96 -39
lines
Pull up following revision(s) (requested by riastradh in ticket #1652):
lib/libpam/modules/pam_krb5/pam_krb5.c: revision 1.31
lib/libpam/modules/pam_krb5/pam_krb5.8: revision 1.13
pam_krb5: Refuse to operate without a key to verify tickets.
New allow_kdc_spoof overrides this to restore previous behaviour
which was vulnerable to KDC spoofing, because without a host or
service key, pam_krb5 can't distinguish the legitimate KDC from a
spoofed one.
This way, having pam_krb5 enabled isn't dangerous even if you create
an empty /etc/krb5.conf to use client SSO without any host services.
Perhaps this should use krb5_verify_init_creds(3) instead, and
thereby respect the rather obscurely named krb5.conf option
verify_ap_req_nofail like the Linux pam_krb5 does, but:
- verify_ap_req_nofail is default-off (i.e., vulnerable by default),
- changing verify_ap_req_nofail to default-on would probably affect
more things and therefore be riskier,
- allow_kdc_spoof is a much clearer way to spell the idea,
- this patch is a smaller semantic change and thus less risky, and
- a security change with compatibility issues shouldn't have a
workaround that might introduce potentially worse security issues
or more compatibility issues.
Perhaps this should use krb5_verify_user(3) with secure=1 instead,
for simplicity, but it's not clear how to do that without first
prompting for the password -- which we shouldn't do at all if we
later decide we won't be able to use it anyway -- and without
repeating a bunch of the logic here anyway to pick the service name.
References about verify_ap_req_nofail:
- mit-krb5 discussion about verify_ap_req_nofail:
https://mailman.mit.edu/pipermail/krbdev/2011-January/009778.html
- Oracle has the default-secure setting in their krb5 system:
https://docs.oracle.com/cd/E26505_01/html/E27224/setup-148.html
https://docs.oracle.com/cd/E26505_01/html/816-5174/krb5.conf-4.html#REFMAN4krb5.conf-4
https://docs.oracle.com/cd/E19253-01/816-4557/gihyu/
- Heimdal issue on verify_ap_req_nofail default:
https://github.com/heimdal/heimdal/issues/1129
Revision 1.30.2.1: download - view: text, markup, annotated - select for diffs
Wed Jun 21 21:54:12 2023 UTC (17 months, 2 weeks ago) by martin
Branches: netbsd-10
Diff to: previous 1.30: preferred, colored
Changes since revision 1.30: +97 -40
lines
Pull up following revision(s) (requested by riastradh in ticket #206):
lib/libpam/modules/pam_krb5/pam_krb5.c: revision 1.31
lib/libpam/modules/pam_krb5/pam_krb5.8: revision 1.13
pam_krb5: Refuse to operate without a key to verify tickets.
New allow_kdc_spoof overrides this to restore previous behaviour
which was vulnerable to KDC spoofing, because without a host or
service key, pam_krb5 can't distinguish the legitimate KDC from a
spoofed one.
This way, having pam_krb5 enabled isn't dangerous even if you create
an empty /etc/krb5.conf to use client SSO without any host services.
Perhaps this should use krb5_verify_init_creds(3) instead, and
thereby respect the rather obscurely named krb5.conf option
verify_ap_req_nofail like the Linux pam_krb5 does, but:
- verify_ap_req_nofail is default-off (i.e., vulnerable by default),
- changing verify_ap_req_nofail to default-on would probably affect
more things and therefore be riskier,
- allow_kdc_spoof is a much clearer way to spell the idea,
- this patch is a smaller semantic change and thus less risky, and
- a security change with compatibility issues shouldn't have a
workaround that might introduce potentially worse security issues
or more compatibility issues.
Perhaps this should use krb5_verify_user(3) with secure=1 instead,
for simplicity, but it's not clear how to do that without first
prompting for the password -- which we shouldn't do at all if we
later decide we won't be able to use it anyway -- and without
repeating a bunch of the logic here anyway to pick the service name.
References about verify_ap_req_nofail:
- mit-krb5 discussion about verify_ap_req_nofail:
https://mailman.mit.edu/pipermail/krbdev/2011-January/009778.html
- Oracle has the default-secure setting in their krb5 system:
https://docs.oracle.com/cd/E26505_01/html/E27224/setup-148.html
https://docs.oracle.com/cd/E26505_01/html/816-5174/krb5.conf-4.html#REFMAN4krb5.conf-4
https://docs.oracle.com/cd/E19253-01/816-4557/gihyu/
- Heimdal issue on verify_ap_req_nofail default:
https://github.com/heimdal/heimdal/issues/1129
Revision 1.31: download - view: text, markup, annotated - select for diffs
Tue Jun 20 22:17:18 2023 UTC (17 months, 2 weeks ago) by riastradh
Branches: MAIN
Diff to: previous 1.30: preferred, colored
Changes since revision 1.30: +97 -40
lines
pam_krb5: Refuse to operate without a key to verify tickets.
New allow_kdc_spoof overrides this to restore previous behaviour
which was vulnerable to KDC spoofing, because without a host or
service key, pam_krb5 can't distinguish the legitimate KDC from a
spoofed one.
This way, having pam_krb5 enabled isn't dangerous even if you create
an empty /etc/krb5.conf to use client SSO without any host services.
Perhaps this should use krb5_verify_init_creds(3) instead, and
thereby respect the rather obscurely named krb5.conf option
verify_ap_req_nofail like the Linux pam_krb5 does, but:
- verify_ap_req_nofail is default-off (i.e., vulnerable by default),
- changing verify_ap_req_nofail to default-on would probably affect
more things and therefore be riskier,
- allow_kdc_spoof is a much clearer way to spell the idea,
- this patch is a smaller semantic change and thus less risky, and
- a security change with compatibility issues shouldn't have a
workaround that might introduce potentially worse security issues
or more compatibility issues.
Perhaps this should use krb5_verify_user(3) with secure=1 instead,
for simplicity, but it's not clear how to do that without first
prompting for the password -- which we shouldn't do at all if we
later decide we won't be able to use it anyway -- and without
repeating a bunch of the logic here anyway to pick the service name.
References about verify_ap_req_nofail:
- mit-krb5 discussion about verify_ap_req_nofail:
https://mailman.mit.edu/pipermail/krbdev/2011-January/009778.html
- Oracle has the default-secure setting in their krb5 system:
https://docs.oracle.com/cd/E26505_01/html/E27224/setup-148.html
https://docs.oracle.com/cd/E26505_01/html/816-5174/krb5.conf-4.html#REFMAN4krb5.conf-4
https://docs.oracle.com/cd/E19253-01/816-4557/gihyu/
- Heimdal issue on verify_ap_req_nofail default:
https://github.com/heimdal/heimdal/issues/1129
Revision 1.30: download - view: text, markup, annotated - select for diffs
Sun Jan 16 10:52:18 2022 UTC (2 years, 10 months ago) by rillig
Branches: MAIN
CVS tags: netbsd-10-base
Branch point for: netbsd-10
Diff to: previous 1.29: preferred, colored
Changes since revision 1.29: +3 -3
lines
libpam: remove stray semicolon
No binary change.
Revision 1.29: download - view: text, markup, annotated - select for diffs
Fri Jun 12 01:20:32 2020 UTC (4 years, 5 months ago) by fox
Branches: MAIN
CVS tags: cjep_sun2x-base1,
cjep_sun2x-base,
cjep_sun2x,
cjep_staticlib_x-base1,
cjep_staticlib_x-base,
cjep_staticlib_x
Diff to: previous 1.28: preferred, colored
Changes since revision 1.28: +4 -5
lines
lib/libpam: Fix the possible -Werror=stringop-truncation
Replace strncpy(3) with the safer strlcpy(3) and adjust the code.
Error was reported when build.sh was run with MKLIBCSANITIZER=yes flag.
Reviewed by: kamil@, christos@
Revision 1.26.26.1: download - view: text, markup, annotated - select for diffs
Wed Apr 8 14:07:15 2020 UTC (4 years, 7 months ago) by martin
Branches: phil-wifi
Diff to: previous 1.26: preferred, colored; next MAIN 1.27: preferred, colored
Changes since revision 1.26: +25 -10
lines
Merge changes from current as of 20200406
Revision 1.28: download - view: text, markup, annotated - select for diffs
Fri Feb 7 23:28:59 2020 UTC (4 years, 9 months ago) by christos
Branches: MAIN
CVS tags: phil-wifi-20200421,
phil-wifi-20200411,
phil-wifi-20200406,
is-mlppp-base,
is-mlppp
Diff to: previous 1.27: preferred, colored
Changes since revision 1.27: +2 -3
lines
there is no potential overflow anymore (thanks Kamil)
Revision 1.27: download - view: text, markup, annotated - select for diffs
Fri Feb 7 22:13:35 2020 UTC (4 years, 9 months ago) by christos
Branches: MAIN
Diff to: previous 1.26: preferred, colored
Changes since revision 1.26: +25 -9
lines
stop using sprintf and check for buffer overflow.
Revision 1.25.10.1: download - view: text, markup, annotated - select for diffs
Wed Aug 20 00:02:19 2014 UTC (10 years, 3 months ago) by tls
Branches: tls-maxphys
Diff to: previous 1.25: preferred, colored; next MAIN 1.26: preferred, colored
Changes since revision 1.25: +6 -6
lines
Rebase to HEAD as of a few days ago.
Revision 1.25.4.1: download - view: text, markup, annotated - select for diffs
Thu May 22 11:36:58 2014 UTC (10 years, 6 months ago) by yamt
Branches: yamt-pagecache
Diff to: previous 1.25: preferred, colored; next MAIN 1.26: preferred, colored
Changes since revision 1.25: +6 -6
lines
sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
Revision 1.26: download - view: text, markup, annotated - select for diffs
Sat Dec 28 18:04:03 2013 UTC (10 years, 11 months ago) by christos
Branches: MAIN
CVS tags: yamt-pagecache-base9,
tls-maxphys-base,
tls-earlyentropy-base,
tls-earlyentropy,
riastradh-xf86-video-intel-2-7-1-pre-2-21-15,
riastradh-drm2-base3,
prg-localcount2-base3,
prg-localcount2-base2,
prg-localcount2-base1,
prg-localcount2-base,
prg-localcount2,
phil-wifi-base,
phil-wifi-20191119,
phil-wifi-20190609,
pgoyette-localcount-base,
pgoyette-localcount-20170426,
pgoyette-localcount-20170320,
pgoyette-localcount-20170107,
pgoyette-localcount-20161104,
pgoyette-localcount-20160806,
pgoyette-localcount-20160726,
pgoyette-localcount,
pgoyette-compat-merge-20190127,
pgoyette-compat-base,
pgoyette-compat-20190127,
pgoyette-compat-20190118,
pgoyette-compat-1226,
pgoyette-compat-1126,
pgoyette-compat-1020,
pgoyette-compat-0930,
pgoyette-compat-0906,
pgoyette-compat-0728,
pgoyette-compat-0625,
pgoyette-compat-0521,
pgoyette-compat-0502,
pgoyette-compat-0422,
pgoyette-compat-0415,
pgoyette-compat-0407,
pgoyette-compat-0330,
pgoyette-compat-0322,
pgoyette-compat-0315,
pgoyette-compat,
perseant-stdc-iso10646-base,
perseant-stdc-iso10646,
netbsd-9-base,
netbsd-9-3-RELEASE,
netbsd-9-2-RELEASE,
netbsd-9-1-RELEASE,
netbsd-9-0-RELEASE,
netbsd-9-0-RC2,
netbsd-9-0-RC1,
netbsd-8-base,
netbsd-8-2-RELEASE,
netbsd-8-1-RELEASE,
netbsd-8-1-RC1,
netbsd-8-0-RELEASE,
netbsd-8-0-RC2,
netbsd-8-0-RC1,
netbsd-7-nhusb-base-20170116,
netbsd-7-nhusb-base,
netbsd-7-nhusb,
netbsd-7-base,
netbsd-7-2-RELEASE,
netbsd-7-1-RELEASE,
netbsd-7-1-RC2,
netbsd-7-1-RC1,
netbsd-7-1-2-RELEASE,
netbsd-7-1-1-RELEASE,
netbsd-7-1,
netbsd-7-0-RELEASE,
netbsd-7-0-RC3,
netbsd-7-0-RC2,
netbsd-7-0-RC1,
netbsd-7-0-2-RELEASE,
netbsd-7-0-1-RELEASE,
netbsd-7-0,
netbsd-7,
matt-nb8-mediatek-base,
matt-nb8-mediatek,
localcount-20160914,
bouyer-socketcan-base1,
bouyer-socketcan-base,
bouyer-socketcan
Branch point for: phil-wifi,
netbsd-9,
netbsd-8
Diff to: previous 1.25: preferred, colored
Changes since revision 1.25: +6 -6
lines
avoid using freed pointers and non-format strings
Revision 1.25: download - view: text, markup, annotated - select for diffs
Mon Apr 25 22:22:25 2011 UTC (13 years, 7 months ago) by christos
Branches: MAIN
CVS tags: yamt-pagecache-tag8,
yamt-pagecache-base8,
yamt-pagecache-base7,
yamt-pagecache-base6,
yamt-pagecache-base5,
yamt-pagecache-base4,
yamt-pagecache-base3,
yamt-pagecache-base2,
yamt-pagecache-base,
riastradh-drm2-base2,
riastradh-drm2-base1,
riastradh-drm2-base,
riastradh-drm2,
netbsd-6-base,
netbsd-6-1-RELEASE,
netbsd-6-1-RC4,
netbsd-6-1-RC3,
netbsd-6-1-RC2,
netbsd-6-1-RC1,
netbsd-6-1-5-RELEASE,
netbsd-6-1-4-RELEASE,
netbsd-6-1-3-RELEASE,
netbsd-6-1-2-RELEASE,
netbsd-6-1-1-RELEASE,
netbsd-6-1,
netbsd-6-0-RELEASE,
netbsd-6-0-RC2,
netbsd-6-0-RC1,
netbsd-6-0-6-RELEASE,
netbsd-6-0-5-RELEASE,
netbsd-6-0-4-RELEASE,
netbsd-6-0-3-RELEASE,
netbsd-6-0-2-RELEASE,
netbsd-6-0-1-RELEASE,
netbsd-6-0,
netbsd-6,
matt-nb6-plus-nbase,
matt-nb6-plus-base,
matt-nb6-plus,
cherry-xenmp-base,
cherry-xenmp,
agc-symver-base,
agc-symver
Branch point for: yamt-pagecache,
tls-maxphys
Diff to: previous 1.24: preferred, colored
Changes since revision 1.24: +63 -113
lines
- make log_krb5 varyadic
- centralize error handling to one function
- check for NULL context
Revision 1.24: download - view: text, markup, annotated - select for diffs
Sun Apr 24 18:48:04 2011 UTC (13 years, 7 months ago) by elric
Branches: MAIN
Diff to: previous 1.23: preferred, colored
Changes since revision 1.23: +148 -73
lines
Remove use of functions marked as deprecated in Heimdal.
Revision 1.23: download - view: text, markup, annotated - select for diffs
Sat Apr 2 10:22:09 2011 UTC (13 years, 8 months ago) by mbalmer
Branches: MAIN
Diff to: previous 1.22: preferred, colored
Changes since revision 1.22: +3 -3
lines
Fix misplaced parenthesis, from henning.petersen@t-online.de, thanks.
Revision 1.21.12.1: download - view: text, markup, annotated - select for diffs
Wed May 13 19:18:35 2009 UTC (15 years, 6 months ago) by jym
Branches: jym-xensuspend
Diff to: previous 1.21: preferred, colored; next MAIN 1.22: preferred, colored
Changes since revision 1.21: +3 -3
lines
Sync with HEAD.
Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
Revision 1.22: download - view: text, markup, annotated - select for diffs
Sun Mar 8 19:38:03 2009 UTC (15 years, 9 months ago) by christos
Branches: MAIN
CVS tags: matt-premerge-20091211,
matt-mips64-premerge-20101231,
jym-xensuspend-nbase,
jym-xensuspend-base,
bouyer-quota2-nbase,
bouyer-quota2-base,
bouyer-quota2
Diff to: previous 1.21: preferred, colored
Changes since revision 1.21: +3 -3
lines
consistency in password prompt setting code (and with ssh)
Revision 1.20.4.1: download - view: text, markup, annotated - select for diffs
Sun Mar 23 00:40:28 2008 UTC (16 years, 8 months ago) by matt
Branches: matt-armv6
Diff to: previous 1.20: preferred, colored; next MAIN 1.21: preferred, colored
Changes since revision 1.20: +5 -5
lines
sync with HEAD
Revision 1.21: download - view: text, markup, annotated - select for diffs
Sun Jan 27 01:23:20 2008 UTC (16 years, 10 months ago) by christos
Branches: MAIN
CVS tags: yamt-pf42-baseX,
yamt-pf42-base4,
yamt-pf42-base3,
yamt-pf42-base2,
yamt-pf42-base,
yamt-pf42,
wrstuden-revivesa-base-3,
wrstuden-revivesa-base-2,
wrstuden-revivesa-base-1,
wrstuden-revivesa-base,
wrstuden-revivesa,
netbsd-5-base,
netbsd-5-2-RELEASE,
netbsd-5-2-RC1,
netbsd-5-2-3-RELEASE,
netbsd-5-2-2-RELEASE,
netbsd-5-2-1-RELEASE,
netbsd-5-2,
netbsd-5-1-RELEASE,
netbsd-5-1-RC4,
netbsd-5-1-RC3,
netbsd-5-1-RC2,
netbsd-5-1-RC1,
netbsd-5-1-5-RELEASE,
netbsd-5-1-4-RELEASE,
netbsd-5-1-3-RELEASE,
netbsd-5-1-2-RELEASE,
netbsd-5-1-1-RELEASE,
netbsd-5-1,
netbsd-5-0-RELEASE,
netbsd-5-0-RC4,
netbsd-5-0-RC3,
netbsd-5-0-RC2,
netbsd-5-0-RC1,
netbsd-5-0-2-RELEASE,
netbsd-5-0-1-RELEASE,
netbsd-5-0,
netbsd-5,
mjf-devfs2-base,
mjf-devfs2,
matt-nb5-pq3-base,
matt-nb5-pq3,
matt-nb5-mips64-u2-k2-k4-k7-k8-k9,
matt-nb5-mips64-u1-k1-k5,
matt-nb5-mips64-premerge-20101231,
matt-nb5-mips64-premerge-20091211,
matt-nb5-mips64-k15,
matt-nb5-mips64,
matt-nb4-mips64-k7-u2a-k9b,
matt-mips64-base2,
matt-armv6-nbase,
keiichi-mipv6-base,
keiichi-mipv6,
hpcarm-cleanup-nbase,
hpcarm-cleanup-base
Branch point for: jym-xensuspend
Diff to: previous 1.20: preferred, colored
Changes since revision 1.20: +5 -5
lines
Fix compilation
Revision 1.20: download - view: text, markup, annotated - select for diffs
Sat Mar 10 18:30:45 2007 UTC (17 years, 9 months ago) by christos
Branches: MAIN
CVS tags: matt-mips64-base,
matt-mips64,
matt-armv6-prevmlocking,
matt-armv6-base,
hpcarm-cleanup,
cube-autoconf-base,
cube-autoconf
Branch point for: matt-armv6
Diff to: previous 1.19: preferred, colored
Changes since revision 1.19: +3 -3
lines
off by one, reported by jukka salmi.
Revision 1.19: download - view: text, markup, annotated - select for diffs
Sat Mar 10 17:47:21 2007 UTC (17 years, 9 months ago) by christos
Branches: MAIN
Diff to: previous 1.18: preferred, colored
Changes since revision 1.18: +24 -2
lines
PR/35968: Jukka Salmi: add option to pam_krb5(8) to request renewable tickets
Revision 1.6.2.4: download - view: text, markup, annotated - select for diffs
Fri Jan 5 14:14:53 2007 UTC (17 years, 11 months ago) by tron
Branches: netbsd-3
Diff to: previous 1.6.2.3: preferred, colored; branchpoint 1.6: preferred, colored; next MAIN 1.7: preferred, colored
Changes since revision 1.6.2.3: +74 -62
lines
Apply patch (request by ghen in ticket #1617):
Update OpenPAM to 20050616 ("Figwort") and add the pam_afslog(8)
authentication module.
Revision 1.18: download - view: text, markup, annotated - select for diffs
Fri Nov 3 18:55:40 2006 UTC (18 years, 1 month ago) by christos
Branches: MAIN
CVS tags: wrstuden-fixsa-newbase,
wrstuden-fixsa-base-1,
wrstuden-fixsa-base,
wrstuden-fixsa,
netbsd-4-base,
netbsd-4-0-RELEASE,
netbsd-4-0-RC5,
netbsd-4-0-RC4,
netbsd-4-0-RC3,
netbsd-4-0-RC2,
netbsd-4-0-RC1,
netbsd-4-0-1-RELEASE,
netbsd-4-0,
netbsd-4
Diff to: previous 1.17: preferred, colored
Changes since revision 1.17: +3 -3
lines
init the syslog data.
Revision 1.17: download - view: text, markup, annotated - select for diffs
Fri Nov 3 18:04:20 2006 UTC (18 years, 1 month ago) by christos
Branches: MAIN
Diff to: previous 1.16: preferred, colored
Changes since revision 1.16: +12 -6
lines
use the re-entrant syslog functions so that we don't depend on the syslog
settings of the calling program.
Revision 1.16: download - view: text, markup, annotated - select for diffs
Thu May 25 15:27:35 2006 UTC (18 years, 6 months ago) by christos
Branches: MAIN
CVS tags: abandoned-netbsd-4-base,
abandoned-netbsd-4
Diff to: previous 1.15: preferred, colored
Changes since revision 1.15: +3 -3
lines
Coverity CID 3783: Fix uninit variable.
Revision 1.15: download - view: text, markup, annotated - select for diffs
Tue May 23 00:58:42 2006 UTC (18 years, 6 months ago) by christos
Branches: MAIN
Diff to: previous 1.14: preferred, colored
Changes since revision 1.14: +6 -2
lines
Coverity CID 3677: Plug memory leak
Revision 1.14: download - view: text, markup, annotated - select for diffs
Sun Mar 19 21:21:18 2006 UTC (18 years, 8 months ago) by christos
Branches: MAIN
Diff to: previous 1.13: preferred, colored
Changes since revision 1.13: +6 -4
lines
Coverity CID 1909: Prevent memory leak.
Revision 1.13: download - view: text, markup, annotated - select for diffs
Sun Mar 19 21:15:21 2006 UTC (18 years, 8 months ago) by christos
Branches: MAIN
Diff to: previous 1.12: preferred, colored
Changes since revision 1.12: +3 -3
lines
Coverity CID 2480: Move variable initialization higher up to prevent
uninitialized access during error cleanup.
Revision 1.12: download - view: text, markup, annotated - select for diffs
Sun Mar 19 21:11:28 2006 UTC (18 years, 8 months ago) by christos
Branches: MAIN
Diff to: previous 1.11: preferred, colored
Changes since revision 1.11: +3 -3
lines
Coverity CID 2481: Move initialization of variable higher up to prevent
uninitialized access in error path.
Revision 1.11: download - view: text, markup, annotated - select for diffs
Sun Mar 19 21:07:55 2006 UTC (18 years, 8 months ago) by christos
Branches: MAIN
Diff to: previous 1.10: preferred, colored
Changes since revision 1.10: +2 -3
lines
Coverity CID 2595: Don't call cc_destroy after cc_close because cc_close
free's the second argument.
Revision 1.10: download - view: text, markup, annotated - select for diffs
Tue Sep 27 14:38:19 2005 UTC (19 years, 2 months ago) by tsarna
Branches: MAIN
Diff to: previous 1.9: preferred, colored
Changes since revision 1.9: +64 -57
lines
Implement PAM_REFRESH_CRED / PAM_REINITIALIZE_CRED
support in pam_sm_setcred()
With this and a suitably pam-aware screen locker (eg xscreensaver built
with PAM), you now get the nice Windows-style behavior of having
your tickets refreshed (and tokens, with pam_afslog) when you unlock
your screen.
Revision 1.6.2.3: download - view: text, markup, annotated - select for diffs
Mon Jul 11 11:29:04 2005 UTC (19 years, 4 months ago) by tron
Branches: netbsd-3
CVS tags: netbsd-3-1-RELEASE,
netbsd-3-1-RC4,
netbsd-3-1-RC3,
netbsd-3-1-RC2,
netbsd-3-1-RC1,
netbsd-3-1-1-RELEASE,
netbsd-3-1,
netbsd-3-0-RELEASE,
netbsd-3-0-RC6,
netbsd-3-0-RC5,
netbsd-3-0-RC4,
netbsd-3-0-RC3,
netbsd-3-0-RC2,
netbsd-3-0-RC1,
netbsd-3-0-3-RELEASE,
netbsd-3-0-2-RELEASE,
netbsd-3-0-1-RELEASE,
netbsd-3-0
Diff to: previous 1.6.2.2: preferred, colored; branchpoint 1.6: preferred, colored
Changes since revision 1.6.2.2: +2 -1
lines
Pull up revision 1.9 (requested by lukem in ticket #539):
getpw*_r() may return 0 and set pwd==NULL
Revision 1.6.2.2: download - view: text, markup, annotated - select for diffs
Mon Jul 11 11:23:34 2005 UTC (19 years, 4 months ago) by tron
Branches: netbsd-3
Diff to: previous 1.6.2.1: preferred, colored; branchpoint 1.6: preferred, colored
Changes since revision 1.6.2.1: +2 -1
lines
Pull up revision 1.8 (requested by lukem in ticket #539):
check for pwd != in getpw*_r functions.
Revision 1.9: download - view: text, markup, annotated - select for diffs
Tue Apr 19 03:38:47 2005 UTC (19 years, 7 months ago) by lukem
Branches: MAIN
Diff to: previous 1.8: preferred, colored
Changes since revision 1.8: +4 -3
lines
getpw*_r() may return 0 and set pwd==NULL
Revision 1.8: download - view: text, markup, annotated - select for diffs
Tue Apr 19 03:15:35 2005 UTC (19 years, 7 months ago) by christos
Branches: MAIN
Diff to: previous 1.7: preferred, colored
Changes since revision 1.7: +4 -3
lines
check for pwd != in getpw*_r functions.
Revision 1.6.2.1: download - view: text, markup, annotated - select for diffs
Mon Apr 4 17:55:36 2005 UTC (19 years, 8 months ago) by tron
Branches: netbsd-3
Diff to: previous 1.6: preferred, colored
Changes since revision 1.6: +10 -10
lines
Pull up revision 1.7 (requested by thorpej in ticket #96):
Use getpwnam_r().
Revision 1.7: download - view: text, markup, annotated - select for diffs
Thu Mar 31 15:11:54 2005 UTC (19 years, 8 months ago) by thorpej
Branches: MAIN
Diff to: previous 1.6: preferred, colored
Changes since revision 1.6: +10 -10
lines
Use getpwnam_r().
Revision 1.6: download - view: text, markup, annotated - select for diffs
Sat Feb 26 18:25:28 2005 UTC (19 years, 9 months ago) by thorpej
Branches: MAIN
CVS tags: netbsd-3-base
Branch point for: netbsd-3
Diff to: previous 1.5: preferred, colored
Changes since revision 1.5: +20 -11
lines
Place some limits on the creds acquired for password change. Other
minor cleanup inspired by passwd(1).
Revision 1.5: download - view: text, markup, annotated - select for diffs
Sat Feb 26 18:10:35 2005 UTC (19 years, 9 months ago) by thorpej
Branches: MAIN
Diff to: previous 1.4: preferred, colored
Changes since revision 1.4: +11 -5
lines
Use the more familar princ@realm style of password prompt.
Revision 1.4: download - view: text, markup, annotated - select for diffs
Sat Feb 26 18:03:37 2005 UTC (19 years, 9 months ago) by thorpej
Branches: MAIN
Diff to: previous 1.3: preferred, colored
Changes since revision 1.3: +11 -4
lines
Check for PAM_PRELIM_CHECK and simply do nothing. (Did this even work
in FreeBSD?)
Revision 1.3: download - view: text, markup, annotated - select for diffs
Sat Feb 26 15:57:57 2005 UTC (19 years, 9 months ago) by thorpej
Branches: MAIN
Diff to: previous 1.2: preferred, colored
Changes since revision 1.2: +10 -5
lines
Merge PAM20050226.
Revision 1.1.1.2 (vendor branch): download - view: text, markup, annotated - select for diffs
Sat Feb 26 15:49:27 2005 UTC (19 years, 9 months ago) by thorpej
Branches: FREEBSD
CVS tags: PAM20050226
Diff to: previous 1.1.1.1: preferred, colored
Changes since revision 1.1.1.1: +8 -3
lines
Import FreeBSD's PAM modules corresponding to the ones we currently
support as of today (20050226). This brings in some fixes to a few
of the PAM modules.
Revision 1.2: download - view: text, markup, annotated - select for diffs
Sun Dec 12 08:18:45 2004 UTC (19 years, 11 months ago) by christos
Branches: MAIN
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +8 -2
lines
- NetBSD build glue
- Warning fixes
- RCSID's
Revision 1.1.1.1 (vendor branch): download - view: text, markup, annotated - select for diffs
Sun Dec 12 06:45:43 2004 UTC (19 years, 11 months ago) by christos
Branches: FREEBSD
CVS tags: PAM20041212
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +0 -0
lines
- Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
Revision 1.1: download - view: text, markup, annotated - select for diffs
Sun Dec 12 06:45:43 2004 UTC (19 years, 11 months ago) by christos
Branches: MAIN
Initial revision
CVSweb <webmaster@jp.NetBSD.org>