CVS commit: src/lib/libpam/modules/pam_unix
Module Name:src Committed By: reed Date: Mon Dec 23 17:51:58 UTC 2019 Modified Files: src/lib/libpam/modules/pam_unix: pam_unix.8 Log Message: Simply Subsection headers There was a formatting issue with mandoc showing the literal "Ss" macros. I reported this bug to mandoc since groff didn't have same formatting. It was recommended to simplify the formatting due to the weird feature. Note because of this for groff I didn't use the Ux macro but spelled out UNIX literally for these subsection headers (since the macro reset the subsection formatting which was why the Ss macro was repeated before to reactivate it). To generate a diff of this commit: cvs rdiff -u -r1.8 -r1.9 src/lib/libpam/modules/pam_unix/pam_unix.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/lib/libpam/modules/pam_unix/pam_unix.8 diff -u src/lib/libpam/modules/pam_unix/pam_unix.8:1.8 src/lib/libpam/modules/pam_unix/pam_unix.8:1.9 --- src/lib/libpam/modules/pam_unix/pam_unix.8:1.8 Sat Feb 26 15:59:34 2005 +++ src/lib/libpam/modules/pam_unix/pam_unix.8 Mon Dec 23 17:51:57 2019 @@ -1,4 +1,4 @@ -.\" $NetBSD: pam_unix.8,v 1.8 2005/02/26 15:59:34 thorpej Exp $ +.\" $NetBSD: pam_unix.8,v 1.9 2019/12/23 17:51:57 reed Exp $ .\" Copyright (c) 2001 Mark R V Murray .\" All rights reserved. .\" Copyright (c) 2001 Networks Associates Technology, Inc. @@ -62,7 +62,7 @@ and .Dq Li account features. It also provides a null function for session management. -.Ss Ux Ss Authentication Module +.Ss UNIX Authentication Module The .Ux authentication component @@ -137,7 +137,7 @@ and silently allow authentication to suc .\" system is not configured to use the specified password database, an .\" authentication failure will occur. .El -.Ss Ux Ss Account Management Module +.Ss UNIX Account Management Module The .Ux account management component @@ -156,7 +156,7 @@ debugging information at .Dv LOG_DEBUG level. .El -.Ss Ux Ss Password Management Module +.Ss UNIX Password Management Module The .Ux password management component
CVS commit: src/lib/libpam/modules/pam_unix
Module Name:src Committed By: joerg Date: Wed May 16 13:55:39 UTC 2018 Modified Files: src/lib/libpam/modules/pam_unix: pam_unix.c Log Message: Improve type safety by using the correct enum values. To generate a diff of this commit: cvs rdiff -u -r1.16 -r1.17 src/lib/libpam/modules/pam_unix/pam_unix.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/lib/libpam/modules/pam_unix/pam_unix.c diff -u src/lib/libpam/modules/pam_unix/pam_unix.c:1.16 src/lib/libpam/modules/pam_unix/pam_unix.c:1.17 --- src/lib/libpam/modules/pam_unix/pam_unix.c:1.16 Sun Dec 29 22:54:58 2013 +++ src/lib/libpam/modules/pam_unix/pam_unix.c Wed May 16 13:55:39 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: pam_unix.c,v 1.16 2013/12/29 22:54:58 christos Exp $ */ +/* $NetBSD: pam_unix.c,v 1.17 2018/05/16 13:55:39 joerg Exp $ */ /*- * Copyright 1998 Juniper Networks, Inc. @@ -40,7 +40,7 @@ #ifdef __FreeBSD__ __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_unix/pam_unix.c,v 1.49 2004/02/10 10:13:21 des Exp $"); #else -__RCSID("$NetBSD: pam_unix.c,v 1.16 2013/12/29 22:54:58 christos Exp $"); +__RCSID("$NetBSD: pam_unix.c,v 1.17 2018/05/16 13:55:39 joerg Exp $"); #endif @@ -248,6 +248,7 @@ yp_set_password(pam_handle_t *pamh, stru { char *master; int r, rpcport, status; + enum clnt_stat r2; struct yppasswd yppwd; CLIENT *client; uid_t uid; @@ -318,9 +319,9 @@ yp_set_password(pam_handle_t *pamh, stru client->cl_auth = authunix_create_default(); tv.tv_sec = 2; tv.tv_usec = 0; - r = clnt_call(client, YPPASSWDPROC_UPDATE, + r2 = clnt_call(client, YPPASSWDPROC_UPDATE, xdr_yppasswd, , xdr_int, , tv); - if (r) + if (r2 != RPC_SUCCESS) pam_error(pamh, "RPC to yppasswdd failed."); else if (status) pam_error(pamh, "Couldn't change NIS password.");
CVS commit: src/lib/libpam/modules/pam_unix
Module Name:src Committed By: drochner Date: Wed Nov 18 17:06:23 UTC 2009 Modified Files: src/lib/libpam/modules/pam_unix: pam_unix.c Log Message: if changing the password, don't clear PAM_AUTHTOK at the beginning -- this sabotages external password strength checkers To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.14 src/lib/libpam/modules/pam_unix/pam_unix.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/lib/libpam/modules/pam_unix/pam_unix.c diff -u src/lib/libpam/modules/pam_unix/pam_unix.c:1.13 src/lib/libpam/modules/pam_unix/pam_unix.c:1.14 --- src/lib/libpam/modules/pam_unix/pam_unix.c:1.13 Sun Jun 14 23:23:54 2009 +++ src/lib/libpam/modules/pam_unix/pam_unix.c Wed Nov 18 17:06:23 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: pam_unix.c,v 1.13 2009/06/14 23:23:54 tonnerre Exp $ */ +/* $NetBSD: pam_unix.c,v 1.14 2009/11/18 17:06:23 drochner Exp $ */ /*- * Copyright 1998 Juniper Networks, Inc. @@ -40,7 +40,7 @@ #ifdef __FreeBSD__ __FBSDID($FreeBSD: src/lib/libpam/modules/pam_unix/pam_unix.c,v 1.49 2004/02/10 10:13:21 des Exp $); #else -__RCSID($NetBSD: pam_unix.c,v 1.13 2009/06/14 23:23:54 tonnerre Exp $); +__RCSID($NetBSD: pam_unix.c,v 1.14 2009/11/18 17:06:23 drochner Exp $); #endif @@ -557,7 +557,6 @@ /* Get the new password. */ for (tries = 0;;) { - pam_set_item(pamh, PAM_AUTHTOK, NULL); retval = pam_get_authtok(pamh, PAM_AUTHTOK, new_pass, NULL); if (retval == PAM_TRY_AGAIN) { @@ -576,12 +575,12 @@ } if (min_pw_len 0 strlen(new_pass) (size_t)min_pw_len) { pam_error(pamh, Password is too short.); -continue; +goto retry; } if (strlen(new_pass) = 5 ++tries 2) { pam_error(pamh, Please enter a longer password.); -continue; +goto retry; } for (p = new_pass; *p islower((unsigned char)*p); ++p); if (!*p ++tries 2) { @@ -590,10 +589,12 @@ password.\nUnusual capitalization, control characters or digits are suggested.); -continue; +goto retry; } /* Password is OK. */ break; +retry: + pam_set_item(pamh, PAM_AUTHTOK, NULL); } pw_getpwconf(option, sizeof(option), pwd, #ifdef YP
CVS commit: src/lib/libpam/modules/pam_unix
Module Name:src Committed By: tonnerre Date: Sun Jun 14 23:23:54 UTC 2009 Modified Files: src/lib/libpam/modules/pam_unix: pam_unix.c Log Message: Restore the good old UNIX behavior of root password changing: only root may change the root password. (Checked that everybody else's password can be changed without any problem, and checked that root can still change the root password.) To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.13 src/lib/libpam/modules/pam_unix/pam_unix.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/lib/libpam/modules/pam_unix/pam_unix.c diff -u src/lib/libpam/modules/pam_unix/pam_unix.c:1.12 src/lib/libpam/modules/pam_unix/pam_unix.c:1.13 --- src/lib/libpam/modules/pam_unix/pam_unix.c:1.12 Mon Jan 26 04:01:14 2009 +++ src/lib/libpam/modules/pam_unix/pam_unix.c Sun Jun 14 23:23:54 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: pam_unix.c,v 1.12 2009/01/26 04:01:14 lukem Exp $ */ +/* $NetBSD: pam_unix.c,v 1.13 2009/06/14 23:23:54 tonnerre Exp $ */ /*- * Copyright 1998 Juniper Networks, Inc. @@ -40,7 +40,7 @@ #ifdef __FreeBSD__ __FBSDID($FreeBSD: src/lib/libpam/modules/pam_unix/pam_unix.c,v 1.49 2004/02/10 10:13:21 des Exp $); #else -__RCSID($NetBSD: pam_unix.c,v 1.12 2009/01/26 04:01:14 lukem Exp $); +__RCSID($NetBSD: pam_unix.c,v 1.13 2009/06/14 23:23:54 tonnerre Exp $); #endif @@ -508,6 +508,14 @@ /* Root doesn't need the old password. */ return (pam_set_item(pamh, PAM_OLDAUTHTOK, )); } + /* + * Apparently we're not root, so let's forbid editing + * root. + * XXX Check for some flag to indicate if this + * XXX is the desired behavior. + */ + if (pwd-pw_uid == 0) +return (PAM_PERM_DENIED); } if (pwd-pw_passwd[0] == '\0') {