From owner-p4-projects Sat Apr 6 15:27:12 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 280FB37B417; Sat, 6 Apr 2002 15:25:47 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 6012637B416 for ; Sat, 6 Apr 2002 15:25:45 -0800 (PST) Received: (from perforce@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g36NPiJ15017 for perforce@freebsd.org; Sat, 6 Apr 2002 15:25:44 -0800 (PST) (envelope-from peter@freebsd.org) Date: Sat, 6 Apr 2002 15:25:44 -0800 (PST) Message-Id: <200204062325.g36NPiJ15017@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to peter@freebsd.org using -f From: Peter Wemm Subject: PERFORCE change 9243 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=9243 Change 9243 by peter@peter_daintree on 2002/04/06 15:25:00 IFC @9240 Affected files ... ... //depot/projects/ia64/contrib/openpam/include/security/openpam.h#5 integrate ... //depot/projects/ia64/contrib/openpam/include/security/pam_constants.h#5 integrate ... //depot/projects/ia64/contrib/openpam/lib/pam_authenticate.c#5 integrate ... //depot/projects/ia64/contrib/openpam/lib/pam_chauthtok.c#5 integrate ... //depot/projects/ia64/contrib/openpam/lib/pam_get_authtok.c#5 integrate ... //depot/projects/ia64/contrib/openpam/lib/pam_get_item.c#5 integrate ... //depot/projects/ia64/contrib/openpam/lib/pam_get_user.c#5 integrate ... //depot/projects/ia64/contrib/openpam/lib/pam_set_item.c#5 integrate ... //depot/projects/ia64/contrib/sendmail/FREEBSD-upgrade#4 integrate ... //depot/projects/ia64/contrib/sort/Makefile#1 branch ... //depot/projects/ia64/contrib/sort/append.c#1 branch ... //depot/projects/ia64/contrib/sort/extern.h#1 branch ... //depot/projects/ia64/contrib/sort/fields.c#1 branch ... //depot/projects/ia64/contrib/sort/files.c#1 branch ... //depot/projects/ia64/contrib/sort/fsort.c#1 branch ... //depot/projects/ia64/contrib/sort/fsort.h#1 branch ... //depot/projects/ia64/contrib/sort/init.c#1 branch ... //depot/projects/ia64/contrib/sort/msort.c#1 branch ... //depot/projects/ia64/contrib/sort/pathnames.h#1 branch ... //depot/projects/ia64/contrib/sort/regress/Makefile#1 branch ... //depot/projects/ia64/contrib/sort/regress/stests#1 branch ... //depot/projects/ia64/contrib/sort/sort.1#1 branch ... //depot/projects/ia64/contrib/sort/sort.c#1 branch ... //depot/projects/ia64/contrib/sort/sort.h#1 branch ... //depot/projects/ia64/contrib/sort/tmp.c#1 branch ... //depot/projects/ia64/crypto/openssh/pam_ssh/pam_ssh.c#2 delete ... //depot/projects/ia64/etc/defaults/rc.conf#8 integrate ... //depot/projects/ia64/etc/rc.network6#5 integrate ... //depot/projects/ia64/etc/syslog.conf#5 integrate ... //depot/projects/ia64/gnu/usr.bin/cc/Makefile.tgt#1 branch ... //depot/projects/ia64/gnu/usr.bin/cc/collect2/Makefile#1 branch ... //depot/projects/ia64/gnu/usr.bin/cc/protoize/Makefile#1 branch ... //depot/projects/ia64/lib/libc/net/ether_addr.c#3 integrate ... //depot/projects/ia64/lib/libpam/modules/Makefile.inc#3 integrate ... //depot/projects/ia64/lib/libpam/modules/modules.inc#5 integrate ... //depot/projects/ia64/lib/libpam/modules/pam_krb5/pam_krb5.c#3 integrate ... //depot/projects/ia64/lib/libpam/modules/pam_opie/pam_opie.c#5 integrate ... //depot/projects/ia64/lib/libpam/modules/pam_radius/pam_radius.c#5 integrate ... //depot/projects/ia64/lib/libpam/modules/pam_self/pam_self.c#4 integrate ... //depot/projects/ia64/lib/libpam/modules/pam_ssh/pam_ssh.c#8 integrate ... //depot/projects/ia64/lib/libpam/modules/pam_tacplus/pam_tacplus.c#5 integrate ... //depot/projects/ia64/lib/libpam/modules/pam_unix/pam_unix.c#5 integrate ... //depot/projects/ia64/libexec/ypxfr/ypxfr_extern.h#3 integrate ... //depot/projects/ia64/libexec/ypxfr/ypxfr_main.c#3 integrate ... //depot/projects/ia64/libexec/ypxfr/ypxfr_misc.c#3 integrate ... //depot/projects/ia64/release/doc/en_US.ISO8859-1/hardware/alpha/proc-alpha.sgml#6 integrate ... //depot/projects/ia64/share/man/man5/Makefile#4 integrate ... //depot/projects/ia64/share/man/man5/types.5#2 delete ... //depot/projects/ia64/share/man/man7/Makefile#4 integrate ... //depot/projects/ia64/share/man/man7/hier.7#6 integrate ... //depot/projects/ia64/share/man/man7/stdint.7#1 branch ... //depot/projects/ia64/sys/conf/files.pc98#7 integrate ... //depot/projects/ia64/sys/dev/usb/if_aue.c#7 integrate ... //depot/projects/ia64/sys/dev/usb/if_auereg.h#3 integrate ... //depot/projects/ia64/sys/dev/usb/if_cue.c#5 integrate ... //depot/projects/ia64/sys/dev/usb/if_cuereg.h#2 integrate ... //depot/projects/ia64/sys/dev/usb/if_kue.c#5 integrate ... //depot/projects/ia64/sys/dev/usb/if_kuereg.h#2 integrate ... //depot/projects/ia64/sys/dev/usb/usb_port.h#5 integrate ... //depot/projects/ia64/sys/dev/usb/usb_quirks.c#2 integrate ... //depot/projects/ia64/sys/dev/usb/usbdevs#9 integrate ... //depot/projects/ia64/sys/dev/usb/usbdevs.h#8 integrate ... //depot/projects/ia64/sys/dev/usb/usbdevs_data.h#8 integrate ... //depot/projects/ia64/sys/i386/i386/machdep.c#11 integrate ... //depot/projects/ia64/sys/i386/isa/icu.h#4 integrate ... //depot/projects/ia64/sys/i386/isa/icu_ipl.s#2 integrate ... //depot/projects/ia64/sys/i386/isa/icu_vector.s#4 integrate ... //depot/projects/ia64/sys/i386/isa/intr_machdep.h#5 integrate ... //depot/projects/ia64/sys/ia64/ia64/autoconf.c#7 integrate ... //depot/projects/ia64/sys/ia64/ia64/ia64dump.c#2 integrate ... //depot/projects/ia64/sys/ia64/include/param.h#2 integrate ... //depot/projects/ia64/sys/kern/kern_ktr.c#5 integrate ... //depot/projects/ia64/sys/kern/kern_proc.c#9 integrate ... //depot/projects/ia64/sys/kern/kern_shutdown.c#5 integrate ... //depot/projects/ia64/sys/pc98/pc98/fd.c#5 integrate ... //depot/projects/ia64/sys/pc98/pc98/sio.c#9 integrate ... //depot/projects/ia64/sys/pc98/pc98/syscons.c#5 integrate ... //depot/projects/ia64/sys/sparc64/conf/GENERIC#6 integrate ... //depot/projects/ia64/sys/sparc64/include/ktr.h#2 integrate ... //depot/projects/ia64/sys/sparc64/sparc64/genassym.c#8 integrate ... //depot/projects/ia64/sys/sparc64/sparc64/pmap.c#7 integrate ... //depot/projects/ia64/sys/sys/cdefs.h#6 integrate ... //depot/projects/ia64/sys/sys/types.h#8 integrate ... //depot/projects/ia64/sys/sys/user.h#4 integrate ... //depot/projects/ia64/usr.bin/Makefile#14 integrate ... //depot/projects/ia64/usr.bin/chpass/pw_yp.c#5 integrate ... //depot/projects/ia64/usr.bin/netstat/route.c#2 integrate ... //depot/projects/ia64/usr.bin/sort/Makefile#2 integrate ... //depot/projects/ia64/usr.bin/sort/append.c#3 delete ... //depot/projects/ia64/usr.bin/sort/extern.h#4 delete ... //depot/projects/ia64/usr.bin/sort/fields.c#4 delete ... //depot/projects/ia64/usr.bin/sort/files.c#4 delete ... //depot/projects/ia64/usr.bin/sort/fsort.c#3 delete ... //depot/projects/ia64/usr.bin/sort/fsort.h#2 delete ... //depot/projects/ia64/usr.bin/sort/init.c#6 delete ... //depot/projects/ia64/usr.bin/sort/msort.c#4 delete ... //depot/projects/ia64/usr.bin/sort/pathnames.h#2 delete ... //depot/projects/ia64/usr.bin/sort/sort.1#5 delete ... //depot/projects/ia64/usr.bin/sort/sort.c#5 delete ... //depot/projects/ia64/usr.bin/sort/sort.h#3 delete ... //depot/projects/ia64/usr.bin/sort/tmp.c#3 delete ... //depot/projects/ia64/usr.sbin/arp/arp.c#5 integrate ... //depot/projects/ia64/usr.sbin/extattrctl/extattrctl.c#5 integrate Differences ... ==== //depot/projects/ia64/contrib/openpam/include/security/openpam.h#5 (text+ko) ==== @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/ia64/contrib/openpam/include/security/openpam.h#4 $ + * $P4: //depot/projects/ia64/contrib/openpam/include/security/openpam.h#5 $ */ #ifndef _SECURITY_OPENPAM_H_INCLUDED @@ -65,6 +65,7 @@ int pam_get_authtok(pam_handle_t *_pamh, + int _item, const char **_authtok, const char *_prompt); @@ -116,19 +117,26 @@ /* * Log to syslog */ -void _openpam_log(int _level, +void +_openpam_log(int _level, const char *_func, const char *_fmt, ...); -#if defined(__STDC__) && (__STDC_VERSION__ > 199901L) +#if defined(__STDC__) && (__STDC_VERSION__ >= 199901L) #define openpam_log(lvl, fmt, ...) \ _openpam_log((lvl), __func__, fmt, __VA_ARGS__) -#elif defined(__GNUC__) +#elif defined(__GNUC__) && (__GNUC__ >= 2) && (__GNUC_MINOR__ >= 95) +#define openpam_log(lvl, fmt, ...) \ + _openpam_log((lvl), __func__, fmt, ##fmt) +#elif defined(__GNUC__) && defined(__FUNCTION__) #define openpam_log(lvl, fmt...) \ - _openpam_log((lvl), __func__, ##fmt) + _openpam_log((lvl), __FUNCTION__, ##fmt) #else -extern openpam_log(int _level, const char *_format, ...); +void +openpam_log(int _level, + const char *_format, + ...); #endif /* @@ -189,12 +197,14 @@ * Infrastructure for static modules using GCC linker sets. * You are not expected to understand this. */ -#if defined(__GNUC__) && !defined(__PIC__) #if defined(__FreeBSD__) #define PAM_SOEXT ".so" #else -#error Static linking is not supported on your platform +#ifndef NO_STATIC_MODULES +#define NO_STATIC_MODULES +#endif #endif +#if defined(__GNUC__) && !defined(__PIC__) && !defined(NO_STATIC_MODULES) /* gcc, static linking */ #include #include ==== //depot/projects/ia64/contrib/openpam/include/security/pam_constants.h#5 (text+ko) ==== @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/ia64/contrib/openpam/include/security/pam_constants.h#4 $ + * $P4: //depot/projects/ia64/contrib/openpam/include/security/pam_constants.h#5 $ */ #ifndef _PAM_CONSTANTS_H_INCLUDED @@ -119,6 +119,7 @@ PAM_RUSER = 8, PAM_USER_PROMPT = 9, PAM_AUTHTOK_PROMPT = 10, /* OpenPAM extension */ + PAM_OLDAUTHTOK_PROMPT = 11, /* OpenPAM extension */ PAM_NUM_ITEMS /* OpenPAM extension */ }; ==== //depot/projects/ia64/contrib/openpam/lib/pam_authenticate.c#5 (text+ko) ==== @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/ia64/contrib/openpam/lib/pam_authenticate.c#4 $ + * $P4: //depot/projects/ia64/contrib/openpam/lib/pam_authenticate.c#5 $ */ #include @@ -53,6 +53,8 @@ { int pam_err; + if (flags & ~(PAM_SILENT|PAM_DISALLOW_NULL_AUTHTOK)) + return (PAM_SYMBOL_ERR); pam_err = openpam_dispatch(pamh, PAM_SM_AUTHENTICATE, flags); pam_set_item(pamh, PAM_AUTHTOK, NULL); return (pam_err); @@ -65,3 +67,20 @@ * =pam_sm_authenticate * !PAM_IGNORE */ + +/** + * The =pam_authenticate function attempts to authenticate the user + * associated with the pam context specified by the =pamh argument. + * + * The application is free to call =pam_authenticate as many times as it + * wishes, but some modules may maintain an internal retry counter and + * return =PAM_MAXTRIES when it exceeds some preset or hardcoded limit. + * + * The =flags argument is the binary or of zero or more of the following + * values: + * + * =PAM_SILENT + * Do not emit any messages. + * =PAM_DISALLOW_NULL_AUTHTOK + * Fail if the user's authentication token is null. + */ ==== //depot/projects/ia64/contrib/openpam/lib/pam_chauthtok.c#5 (text+ko) ==== @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/ia64/contrib/openpam/lib/pam_chauthtok.c#4 $ + * $P4: //depot/projects/ia64/contrib/openpam/lib/pam_chauthtok.c#5 $ */ #include @@ -53,7 +53,7 @@ { int pam_err; - if (flags & PAM_PRELIM_CHECK || flags & PAM_UPDATE_AUTHTOK) + if (flags & ~(PAM_SILENT|PAM_CHANGE_EXPIRED_AUTHTOK)) return (PAM_SYMBOL_ERR); pam_err = openpam_dispatch(pamh, PAM_SM_CHAUTHTOK, flags | PAM_PRELIM_CHECK); @@ -73,3 +73,17 @@ * !PAM_IGNORE * PAM_SYMBOL_ERR */ + +/** + * The =pam_chauthtok function attempts to change the authentication token + * for the user associated with the pam context specified by the =pamh + * argument. + * + * The =flags argument is the binary or of zero or more of the following + * values: + * + * =PAM_SILENT + * Do not emit any messages. + * =PAM_CHANGE_EXPIRED_AUTHTOK + * Change only those authentication tokens that have expired. + */ ==== //depot/projects/ia64/contrib/openpam/lib/pam_get_authtok.c#5 (text+ko) ==== @@ -31,16 +31,22 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/ia64/contrib/openpam/lib/pam_get_authtok.c#4 $ + * $P4: //depot/projects/ia64/contrib/openpam/lib/pam_get_authtok.c#5 $ */ #include +#include + #include #include #include "openpam_impl.h" +const char authtok_prompt[] = "Password:"; +const char oldauthtok_prompt[] = "Old Password:"; +const char newauthtok_prompt[] = "New Password:"; + /* * OpenPAM extension * @@ -49,34 +55,76 @@ int pam_get_authtok(pam_handle_t *pamh, + int item, const char **authtok, const char *prompt) { - char *p, *resp; - int r, style; + const void *oldauthtok; + const char *default_prompt; + char *resp, *resp2; + int pitem, r, style, twice; if (pamh == NULL || authtok == NULL) return (PAM_SYSTEM_ERR); + *authtok = NULL; + twice = 0; + switch (item) { + case PAM_AUTHTOK: + pitem = PAM_AUTHTOK_PROMPT; + default_prompt = authtok_prompt; + r = pam_get_item(pamh, PAM_OLDAUTHTOK, &oldauthtok); + if (r == PAM_SUCCESS && oldauthtok != NULL) { + default_prompt = newauthtok_prompt; + twice = 1; + } + break; + case PAM_OLDAUTHTOK: + pitem = PAM_OLDAUTHTOK_PROMPT; + default_prompt = oldauthtok_prompt; + twice = 0; + break; + default: + return (PAM_SYMBOL_ERR); + } + if (openpam_get_option(pamh, "try_first_pass") || openpam_get_option(pamh, "use_first_pass")) { - r = pam_get_item(pamh, PAM_AUTHTOK, (const void **)authtok); + r = pam_get_item(pamh, item, (const void **)authtok); if (r == PAM_SUCCESS && *authtok != NULL) return (PAM_SUCCESS); else if (openpam_get_option(pamh, "use_first_pass")) return (r == PAM_SUCCESS ? PAM_AUTH_ERR : r); } - if (pam_get_item(pamh, PAM_AUTHTOK_PROMPT, - (const void **)&p) != PAM_SUCCESS || p == NULL) - if (prompt == NULL) - prompt = "Password:"; + if (prompt == NULL) { + r = pam_get_item(pamh, pitem, (const void **)&prompt); + if (r != PAM_SUCCESS || prompt == NULL) + prompt = default_prompt; + } style = openpam_get_option(pamh, "echo_pass") ? PAM_PROMPT_ECHO_ON : PAM_PROMPT_ECHO_OFF; - r = pam_prompt(pamh, style, &resp, "%s", p ? p : prompt); + r = pam_prompt(pamh, style, &resp, "%s", prompt); + if (r != PAM_SUCCESS) + return (r); + if (twice) { + r = pam_prompt(pamh, style, &resp2, "Retype %s", prompt); + if (r != PAM_SUCCESS) { + free(resp); + return (r); + } + if (strcmp(resp, resp2) != 0) { + free(resp); + resp = NULL; + } + free(resp2); + } + if (resp == NULL) + return (PAM_TRY_AGAIN); + r = pam_set_item(pamh, pitem, resp); + free(resp); if (r != PAM_SUCCESS) return (r); - *authtok = resp; - return (pam_set_item(pamh, PAM_AUTHTOK, *authtok)); + return (pam_get_item(pamh, pitem, (const void **)authtok)); } /* @@ -86,4 +134,34 @@ * =pam_prompt * =pam_set_item * !PAM_SYMBOL_ERR + * PAM_TRY_AGAIN + */ + +/** + * The =pam_get_authtok function returns the cached authentication token, + * or prompts the user if no token is currently cached. Either way, a + * pointer to the authentication token is stored in the location pointed + * to by the =authtok argument. + * + * The =item argument must have one of the following values: + * + * =PAM_AUTHTOK + * Returns the current authentication token, or the new token + * when changing authentication tokens. + * =PAM_OLDAUTHTOK + * Returns the previous authentication token when changing + * authentication tokens. + * + * The =prompt argument specifies a prompt to use if no token is cached. + * If it is =NULL, the =PAM_AUTHTOK_PROMPT or =PAM_OLDAUTHTOK_PROMPT item, + * as appropriate, will be used. If that item is also =NULL, a hardcoded + * default prompt will be used. + * + * If =item is set to =PAM_AUTHTOK and there is a non-null =PAM_OLDAUTHTOK + * item, =pam_get_authtok will ask the user to confirm the new token by + * retyping it. If there is a mismatch, =pam_get_authtok will return + * =PAM_TRY_AGAIN. + * + * >pam_get_item + * >pam_get_user */ ==== //depot/projects/ia64/contrib/openpam/lib/pam_get_item.c#5 (text+ko) ==== @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/ia64/contrib/openpam/lib/pam_get_item.c#4 $ + * $P4: //depot/projects/ia64/contrib/openpam/lib/pam_get_item.c#5 $ */ #include @@ -66,6 +66,7 @@ case PAM_CONV: case PAM_USER_PROMPT: case PAM_AUTHTOK_PROMPT: + case PAM_OLDAUTHTOK_PROMPT: *item = pamh->item[item_type]; return (PAM_SUCCESS); default: @@ -112,6 +113,9 @@ * =PAM_AUTHTOK_PROMPT: * The prompt to use when asking the applicant for an * authentication token. + * =PAM_OLDAUTHTOK_PROMPT: + * The prompt to use when asking the applicant for an + * expired authentication token prior to changing it. * * See =pam_start for a description of =struct pam_conv. * ==== //depot/projects/ia64/contrib/openpam/lib/pam_get_user.c#5 (text+ko) ==== @@ -31,16 +31,20 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/ia64/contrib/openpam/lib/pam_get_user.c#4 $ + * $P4: //depot/projects/ia64/contrib/openpam/lib/pam_get_user.c#5 $ */ #include +#include + #include #include #include "openpam_impl.h" +const char user_prompt[] = "Login:"; + /* * XSSO 4.2.1 * XSSO 6 page 52 @@ -53,7 +57,7 @@ const char **user, const char *prompt) { - char *p, *resp; + char *resp; int r; if (pamh == NULL || user == NULL) @@ -63,16 +67,18 @@ if (r == PAM_SUCCESS) return (PAM_SUCCESS); if (prompt == NULL) { - if (pam_get_item(pamh, PAM_USER_PROMPT, - (const void **)&p) != PAM_SUCCESS || p == NULL) - prompt = "Login: "; + r = pam_get_item(pamh, PAM_USER_PROMPT, (const void **)&prompt); + if (r != PAM_SUCCESS || prompt == NULL) + prompt = user_prompt; } - r = pam_prompt(pamh, PAM_PROMPT_ECHO_ON, &resp, - "%s", prompt ? prompt : p); + r = pam_prompt(pamh, PAM_PROMPT_ECHO_ON, &resp, "%s", prompt); + if (r != PAM_SUCCESS) + return (r); + r = pam_set_item(pamh, PAM_USER, resp); + free(resp); if (r != PAM_SUCCESS) return (r); - *user = resp; - return (pam_set_item(pamh, PAM_USER, *user)); + return (pam_get_item(pamh, PAM_USER, (const void **)user)); } /* @@ -83,3 +89,18 @@ * =pam_set_item * !PAM_SYMBOL_ERR */ + +/** + * The =pam_get_user function returns the name of the target user, as + * specified to =pam_start. If no user was specified, nor set using + * =pam_set_item, =pam_get_user will prompt for a user name. Either way, + * a pointer to the user name is stored in the location pointed to by the + * =user argument. + + * The =prompt argument specifies a prompt to use if no user name is + * cached. If it is =NULL, the =PAM_USER_PROMPT will be used. If that + * item is also =NULL, a hardcoded default prompt will be used. + * + * >pam_get_item + * >pam_get_authtok + */ ==== //depot/projects/ia64/contrib/openpam/lib/pam_set_item.c#5 (text+ko) ==== @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/ia64/contrib/openpam/lib/pam_set_item.c#4 $ + * $P4: //depot/projects/ia64/contrib/openpam/lib/pam_set_item.c#5 $ */ #include @@ -73,6 +73,7 @@ case PAM_RUSER: case PAM_USER_PROMPT: case PAM_AUTHTOK_PROMPT: + case PAM_OLDAUTHTOK_PROMPT: if (*slot != NULL) size = strlen(*slot) + 1; if (item != NULL) ==== //depot/projects/ia64/contrib/sendmail/FREEBSD-upgrade#4 (text+ko) ==== @@ -1,4 +1,4 @@ -$FreeBSD: src/contrib/sendmail/FREEBSD-upgrade,v 1.10 2002/04/05 04:28:10 gshapiro Exp $ +$FreeBSD: src/contrib/sendmail/FREEBSD-upgrade,v 1.11 2002/04/06 17:53:06 gshapiro Exp $ sendmail 8.12.2 originals can be found at: ftp://ftp.sendmail.org/pub/sendmail/ @@ -70,6 +70,7 @@ share/examples/etc/make.conf (HEAD) share/man/man5/make.conf.5 share/man/man5/rc.conf.5 + share/man/man7/hier.7 share/man/man8/Makefile share/man/man8/rc.sendmail.8 share/mk/bsd.libnames.mk ==== //depot/projects/ia64/etc/defaults/rc.conf#8 (text+ko) ==== @@ -13,7 +13,7 @@ # # All arguments must be in double or single quotes. # -# $FreeBSD: src/etc/defaults/rc.conf,v 1.142 2002/04/05 02:30:41 gshapiro Exp $ +# $FreeBSD: src/etc/defaults/rc.conf,v 1.144 2002/04/06 18:02:52 asmodai Exp $ ############################################################## ### Important initial Boot-time options #################### @@ -156,7 +156,7 @@ sshd_program="/usr/sbin/sshd" # path to sshd, if you want a different one. sshd_flags="" # Additional flags for sshd. -### Network daemon (NFS) Need all portmap_enable="YES" ### +### Network daemon (NFS): All need portmap_enable="YES" ### amd_enable="NO" # Run amd service with $amd_flags (or NO). amd_flags="-a /.amd_mnt -l syslog /host /etc/amd.map /net /etc/amd.map" amd_map_program="NO" # Can be set to "ypcat -k amd.master" @@ -188,7 +188,7 @@ xntpd_program="ntpd" # path to ntpd, if you want a different one. xntpd_flags="-p /var/run/ntpd.pid" # Flags to ntpd (if enabled). -# Network Information Services (NIS) options: Need all portmap_enable="YES" ### +# Network Information Services (NIS) options: All need portmap_enable="YES" ### nis_client_enable="NO" # We're an NIS client (or NO). nis_client_flags="" # Flags to ypbind (if enabled). nis_ypset_enable="NO" # Run ypset at boot time (or NO). @@ -311,7 +311,7 @@ font8x14="NO" # font 8x14 from /usr/share/syscons/fonts/* (or NO). font8x8="NO" # font 8x8 from /usr/share/syscons/fonts/* (or NO). blanktime="300" # blank time (in seconds) or "NO" to turn it off. -saver="NO" # screen saver: Uses /modules/${saver}_saver.ko +saver="NO" # screen saver: Uses /boot/kernel/${saver}_saver.ko moused_enable="NO" # Run the mouse daemon. moused_type="auto" # See man page for rc.conf(5) for available settings. moused_port="/dev/psm0" # Set to your mouse port. ==== //depot/projects/ia64/etc/rc.network6#5 (text+ko) ==== @@ -24,7 +24,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $FreeBSD: src/etc/rc.network6,v 1.28 2001/12/15 03:59:47 ume Exp $ +# $FreeBSD: src/etc/rc.network6,v 1.29 2002/04/06 15:15:43 ume Exp $ # # Note that almost all of the user-configurable behavior is not in this @@ -127,6 +127,9 @@ # ipv6_network_interfaces="`ifconfig -l`" ;; + [Nn][Oo][Nn][Ee]) + ipv6_network_interfaces='' + ;; esac # just to make sure @@ -151,17 +154,20 @@ ;; *) # act as endhost - start with manual configuration + # Setup of net.inet6.ip6.accept_rtadv is done later by + # network6_interface_setup. sysctl net.inet6.ip6.forwarding=0 - sysctl net.inet6.ip6.accept_rtadv=0 ;; esac - # setting up interfaces - network6_interface_setup $ipv6_network_interfaces + if [ -n "${ipv6_network_interfaces}" ]; then + # setting up interfaces + network6_interface_setup $ipv6_network_interfaces - # wait for DAD's completion (for global addrs) - sleep `sysctl -n net.inet6.ip6.dad_count` - sleep 1 + # wait for DAD's completion (for global addrs) + sleep `sysctl -n net.inet6.ip6.dad_count` + sleep 1 + fi case ${ipv6_gateway_enable} in [Yy][Ee][Ss]) ==== //depot/projects/ia64/etc/syslog.conf#5 (text+ko) ==== @@ -1,4 +1,4 @@ -# $FreeBSD: src/etc/syslog.conf,v 1.20 2002/03/11 19:34:57 rwatson Exp $ +# $FreeBSD: src/etc/syslog.conf,v 1.21 2002/04/06 11:22:01 phk Exp $ # # Spaces ARE valid field separators in this file. However, # other *nix-like systems still insist on using tabs as field @@ -12,9 +12,6 @@ mail.info /var/log/maillog lpr.info /var/log/lpd-errs cron.* /var/log/cron -*.err root -*.notice;news.err root -*.alert root *.emerg * # uncomment this to log all writes to /dev/console to /var/log/console.log #console.info /var/log/console.log ==== //depot/projects/ia64/lib/libc/net/ether_addr.c#3 (text+ko) ==== @@ -37,7 +37,7 @@ */ #include -__FBSDID("$FreeBSD: src/lib/libc/net/ether_addr.c,v 1.12 2002/03/06 03:26:11 eric Exp $"); +__FBSDID("$FreeBSD: src/lib/libc/net/ether_addr.c,v 1.14 2002/04/06 09:54:17 ru Exp $"); #include #include @@ -118,9 +118,10 @@ int i; static char a[18]; - i = sprintf(a,"%x:%x:%x:%x:%x:%x",n->octet[0],n->octet[1],n->octet[2], - n->octet[3],n->octet[4],n->octet[5]); - if (i < 11) + i = sprintf(a,"%02x:%02x:%02x:%02x:%02x:%02x", + n->octet[0],n->octet[1],n->octet[2], + n->octet[3],n->octet[4],n->octet[5]); + if (i < 17) return (NULL); return ((char *)&a); } ==== //depot/projects/ia64/lib/libpam/modules/Makefile.inc#3 (text+ko) ==== @@ -1,4 +1,4 @@ -# $FreeBSD: src/lib/libpam/modules/Makefile.inc,v 1.8 2002/03/07 16:03:56 markm Exp $ +# $FreeBSD: src/lib/libpam/modules/Makefile.inc,v 1.10 2002/04/06 19:32:37 des Exp $ PAMDIR= ${.CURDIR}/../../../../contrib/openpam @@ -7,6 +7,7 @@ CFLAGS+= -I${PAMDIR}/include CFLAGS+= -I${.CURDIR}/../../libpam +WARNS?= 4 # This is nasty. # For the static case, libpam.a depends on the modules. ==== //depot/projects/ia64/lib/libpam/modules/modules.inc#5 (text+ko) ==== @@ -1,4 +1,4 @@ -# $FreeBSD: src/lib/libpam/modules/modules.inc,v 1.4 2002/04/04 16:08:28 des Exp $ +# $FreeBSD: src/lib/libpam/modules/modules.inc,v 1.6 2002/04/06 19:32:09 des Exp $ MODULES = MODULES += pam_deny @@ -14,7 +14,7 @@ MODULES += pam_nologin MODULES += pam_opie MODULES += pam_opieaccess -MODULES += pam_passwdqc +#MODULES += pam_passwdqc MODULES += pam_permit MODULES += pam_radius MODULES += pam_rootok ==== //depot/projects/ia64/lib/libpam/modules/pam_krb5/pam_krb5.c#3 (text+ko) ==== @@ -2,7 +2,14 @@ * Copyright 2001 Mark R V Murray * Copyright Frank Cusack fcusack@fcusack.com 1999-2000 * All rights reserved + * Copyright (c) 2002 Networks Associates Technology, Inc. + * All rights reserved. * + * Portions of this software were developed for the FreeBSD Project by + * ThinkSec AS and NAI Labs, the Security Research Division of Network + * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -191,7 +198,7 @@ */ #include -__FBSDID("$FreeBSD: src/lib/libpam/modules/pam_krb5/pam_krb5.c,v 1.6 2002/03/06 16:49:02 roam Exp $"); +__FBSDID("$FreeBSD: src/lib/libpam/modules/pam_krb5/pam_krb5.c,v 1.7 2002/04/06 19:30:01 des Exp $"); #include #include @@ -200,7 +207,7 @@ #include #include #include -#include +#include #include #include @@ -229,7 +236,6 @@ #define USER_PROMPT "Username: " #define PASSWORD_PROMPT "Password:" #define NEW_PASSWORD_PROMPT "New Password:" -#define NEW_PASSWORD_PROMPT_2 "New Password (again):" enum { PAM_OPT_AUTH_AS_SELF=PAM_OPT_STD_MAX, PAM_OPT_CCACHE, PAM_OPT_FORWARDABLE, PAM_OPT_NO_CCACHE, PAM_OPT_REUSE_CCACHE }; @@ -258,7 +264,7 @@ struct passwd *pwd; int retval; const char *sourceuser, *user, *pass, *service; - char *principal, *princ_name, *cache_name, luser[32]; + char *principal, *princ_name, *cache_name, luser[32], *srvdup; pam_std_option(&options, other_options, argc, argv); @@ -339,7 +345,7 @@ PAM_LOG("Got principal: %s", princ_name); /* Get password */ - retval = pam_get_pass(pamh, &pass, PASSWORD_PROMPT, &options); + retval = pam_get_authtok(pamh, PAM_AUTHTOK, &pass, PASSWORD_PROMPT); if (retval != PAM_SUCCESS) goto cleanup2; @@ -420,8 +426,14 @@ PAM_LOG("Credentials stashed"); /* Verify them */ - if (verify_krb_v5_tgt(pam_context, ccache, (char *)service, - pam_test_option(&options, PAM_OPT_FORWARDABLE, NULL)) == -1) { + if ((srvdup = strdup(service)) == NULL) { + retval = PAM_BUF_ERR; + goto cleanup; + } + krbret = verify_krb_v5_tgt(pam_context, ccache, srvdup, + pam_test_option(&options, PAM_OPT_FORWARDABLE, NULL)); + free(srvdup); + if (krbret == -1) { PAM_VERBOSE_ERROR("Kerberos 5 error"); krb5_cc_destroy(pam_context, ccache); retval = PAM_AUTH_ERR; @@ -809,8 +821,8 @@ krb5_data result_code_string, result_string; struct options options; int result_code, retval; - const char *user, *pass, *pass2; - char *princ_name; + const char *user, *pass; + char *princ_name, *passdup; pam_std_option(&options, other_options, argc, argv); @@ -857,7 +869,7 @@ PAM_LOG("Got principal: %s", princ_name); /* Get password */ - retval = pam_get_pass(pamh, &pass, PASSWORD_PROMPT, &options); + retval = pam_get_authtok(pamh, PAM_OLDAUTHTOK, &pass, PASSWORD_PROMPT); if (retval != PAM_SUCCESS) goto cleanup2; @@ -876,27 +888,26 @@ PAM_LOG("Credentials established"); /* Now get the new password */ - retval = pam_get_pass(pamh, &pass, NEW_PASSWORD_PROMPT, &options); + for (;;) { + retval = pam_get_authtok(pamh, + PAM_AUTHTOK, &pass, NEW_PASSWORD_PROMPT); + if (retval != PAM_TRY_AGAIN) + break; + pam_error(pamh, "Mismatch; try again, EOF to quit."); + } if (retval != PAM_SUCCESS) goto cleanup; - retval = pam_get_pass(pamh, &pass2, NEW_PASSWORD_PROMPT_2, &options); - if (retval != PAM_SUCCESS) - goto cleanup; + PAM_LOG("Got new password"); - PAM_LOG("Got new password twice"); - - if (strcmp(pass, pass2) != 0) { - PAM_LOG("Error strcmp(): passwords are different"); - retval = PAM_AUTHTOK_ERR; + /* Change it */ + if ((passdup = strdup(pass)) == NULL) { + retval = PAM_BUF_ERR; goto cleanup; } - - PAM_LOG("New passwords are the same"); - - /* Change it */ - krbret = krb5_change_password(pam_context, &creds, (char *)pass, + krbret = krb5_change_password(pam_context, &creds, passdup, &result_code, &result_code_string, &result_string); + free(passdup); if (krbret != 0) { PAM_LOG("Error krb5_change_password(): %s", error_message(krbret)); ==== //depot/projects/ia64/lib/libpam/modules/pam_opie/pam_opie.c#5 (text+ko) ==== @@ -2,9 +2,7 @@ * Copyright 2000 James Bloom * All rights reserved. * Based upon code Copyright 1998 Juniper Networks, Inc. - * Copyright (c) 2001 Networks Associates Technology, Inc. - * All rights reserved. - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2001,2002 Networks Associates Technology, Inc. * All rights reserved. * * Portions of this software were developed for the FreeBSD Project by @@ -38,7 +36,7 @@ */ #include -__FBSDID("$FreeBSD: src/lib/libpam/modules/pam_opie/pam_opie.c,v 1.20 2002/03/14 23:27:58 des Exp $"); +__FBSDID("$FreeBSD: src/lib/libpam/modules/pam_opie/pam_opie.c,v 1.21 2002/04/06 19:30:02 des Exp $"); #include #include @@ -124,7 +122,7 @@ for (i = 0; i < 2; i++) { snprintf(prompt, sizeof prompt, promptstr[i], challenge); - retval = pam_get_authtok(pamh, &response, prompt); + retval = pam_get_authtok(pamh, PAM_AUTHTOK, &response, prompt); if (retval != PAM_SUCCESS) { opieunlock(); PAM_RETURN(retval); ==== //depot/projects/ia64/lib/libpam/modules/pam_radius/pam_radius.c#5 (text+ko) ==== @@ -1,7 +1,7 @@ /*- * Copyright 1998 Juniper Networks, Inc. * All rights reserved. - * Copyright (c) 2001 Networks Associates Technology, Inc. + * Copyright (c) 2001,2002 Networks Associates Technology, Inc. * All rights reserved. * * Portions of this software were developed for the FreeBSD Project by @@ -35,7 +35,7 @@ */ #include -__FBSDID("$FreeBSD: src/lib/libpam/modules/pam_radius/pam_radius.c,v 1.10 2002/03/14 23:27:58 des Exp $"); +__FBSDID("$FreeBSD: src/lib/libpam/modules/pam_radius/pam_radius.c,v 1.11 2002/04/06 19:30:02 des Exp $"); #include #include @@ -63,7 +63,7 @@ }; #define MAX_CHALLENGE_MSGS 10 -#define PASSWORD_PROMPT "RADIUS password:" +#define PASSWORD_PROMPT "RADIUS Password:" static int build_access_request(struct rad_handle *, const char *, const char *, const void *, size_t); @@ -237,7 +237,7 @@ PAM_LOG("Got user: %s", user); - retval = pam_get_authtok(pamh, &pass, PASSWORD_PROMPT); + retval = pam_get_authtok(pamh, PAM_AUTHTOK, &pass, PASSWORD_PROMPT); if (retval != PAM_SUCCESS) PAM_RETURN(retval); ==== //depot/projects/ia64/lib/libpam/modules/pam_self/pam_self.c#4 (text+ko) ==== @@ -1,7 +1,7 @@ /*- * Copyright (c) 2001 Mark R V Murray * All rights reserved. - * Copyright (c) 2001 Networks Associates Technology, Inc. + * Copyright (c) 2001,2002 Networks Associates Technology, Inc. * All rights reserved. * * Portions of this software were developed for the FreeBSD Project by @@ -35,7 +35,7 @@ */ #include -__FBSDID("$FreeBSD: src/lib/libpam/modules/pam_self/pam_self.c,v 1.6 2002/03/14 23:27:58 des Exp $"); +__FBSDID("$FreeBSD: src/lib/libpam/modules/pam_self/pam_self.c,v 1.7 2002/04/06 19:30:03 des Exp $"); #define _BSD_SOURCE @@ -74,7 +74,7 @@ PAM_LOG("Options processed"); - pam_err = pam_get_item(pamh, PAM_USER, (const void **)&luser); + pam_err = pam_get_user(pamh, &luser, NULL); if (pam_err != PAM_SUCCESS) PAM_RETURN(pam_err); if (luser == NULL || (pwd = getpwnam(luser)) == NULL) ==== //depot/projects/ia64/lib/libpam/modules/pam_ssh/pam_ssh.c#8 (text+ko) ==== @@ -1,7 +1,7 @@ /*- * Copyright (c) 1999, 2000 Andrew J. Korty * All rights reserved. - * Copyright (c) 2001 Networks Associates Technology, Inc. + * Copyright (c) 2001,2002 Networks Associates Technology, Inc. * All rights reserved. * * Portions of this software were developed for the FreeBSD Project by @@ -37,7 +37,7 @@ */ >>> TRUNCATED FOR MAIL (1000 lines) <<< To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message