Page MenuHomeFreeBSD
Files F148339579

D17122.id47926.diff
No OneTemporary
Actions

D17122.id47926.diff
View Options

Index: etc/Makefile
===================================================================
--- etc/Makefile
+++ etc/Makefile
@@ -21,7 +21,6 @@
hosts.equiv \
libalias.conf \
libmap.conf \
- login.access \
mac.conf \
netconfig \
networks \
@@ -121,7 +120,6 @@
${_+_}cd ${.CURDIR}/mtree; ${MAKE} install
${_+_}cd ${SRCTOP}/share/termcap; ${MAKE} etc-termcap
${_+_}cd ${SRCTOP}/usr.sbin/rmt; ${MAKE} etc-rmt
- ${_+_}cd ${.CURDIR}/pam.d; ${MAKE} install
.if ${MK_UNBOUND} != "no"
if [ ! -e ${DESTDIR}/etc/unbound ]; then \
${INSTALL_SYMLINK} ../var/unbound ${DESTDIR}/etc/unbound; \
Index: etc/login.access
===================================================================
--- etc/login.access
+++ etc/login.access
@@ -1,46 +0,0 @@
-# $FreeBSD$
-#
-# Login access control table.
-#
-# When someone logs in, the table is scanned for the first entry that
-# matches the (user, host) combination, or, in case of non-networked
-# logins, the first entry that matches the (user, tty) combination. The
-# permissions field of that table entry determines whether the login will
-# be accepted or refused.
-#
-# Format of the login access control table is three fields separated by a
-# ":" character:
-#
-# permission : users : origins
-#
-# The first field should be a "+" (access granted) or "-" (access denied)
-# character. The second field should be a list of one or more login names,
-# group names, or ALL (always matches). The third field should be a list
-# of one or more tty names (for non-networked logins), host names, domain
-# names (begin with "."), host addresses, internet network numbers (end
-# with "."), ALL (always matches) or LOCAL (matches any string that does
-# not contain a "." character). If you run NIS you can use @netgroupname
-# in host or user patterns.
-#
-# The EXCEPT operator makes it possible to write very compact rules.
-#
-# The group file is searched only when a name does not match that of the
-# logged-in user. Only groups are matched in which users are explicitly
-# listed: the program does not look at a user's primary group id value.
-#
-##############################################################################
-#
-# Disallow console logins to all but a few accounts.
-#
-#-:ALL EXCEPT wheel shutdown sync:console
-#
-# Disallow non-local logins to privileged accounts (group wheel).
-#
-#-:wheel:ALL EXCEPT LOCAL .win.tue.nl
-#
-# Some accounts are not allowed to login from anywhere:
-#
-#-:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL
-#
-# All other accounts are allowed to login from anywhere.
-#
Index: etc/pam.d/Makefile
===================================================================
--- etc/pam.d/Makefile
+++ etc/pam.d/Makefile
@@ -1,48 +0,0 @@
-# $FreeBSD$
-
-.include <src.opts.mk>
-
-NO_OBJ=
-
-FILESGROUPS= FILES
-
-FILES= README \
- cron \
- imap \
- login \
- other \
- passwd pop3 \
- sshd su system \
- xdm
-
-FILESDIR= /etc/pam.d
-FILESMODE= 644
-
-.if ${MK_AT} != "no"
-FILESGROUPS+= AT
-AT+= atrun
-ATPACKAGE+= at
-ATDIR= ${FILESDIR}
-ATMODE= ${FILESMODE}
-.endif
-
-.if ${MK_FTP} != "no"
-FILESGROUPS+= FTP
-FTP+= ftpd
-FTPPACKAGE+= ftp
-FTPDIR= ${FILESDIR}
-FTPMODE= ${FILESMODE}
-LINKS= ${FILESDIR}/ftpd ${FILESDIR}/ftp
-.endif
-
-.if ${MK_TELNET} != "no"
-FILESGROUPS+= TELNET
-TELNET+= telnetd
-TELNETPACKAGE+= telnet
-TELNETDIR= ${FILESDIR}
-TELNETMODE= ${FILESMODE}
-.endif
-
-FILESMODE_README= 444
-
-.include <bsd.prog.mk>
Index: etc/pam.d/README
===================================================================
--- etc/pam.d/README
+++ etc/pam.d/README
@@ -1,62 +0,0 @@
-
-This directory contains configuration files for the Pluggable
-Authentication Modules (PAM) library.
-
-Each file details the module chain for a single service, and must be
-named after that service. If no configuration file is found for a
-particular service, the /etc/pam.d/other is used instead. If that
-file does not exist, /etc/pam.conf is searched for entries matching
-the specified service or, failing that, the "other" service.
-
-See the pam(3) manual page for an explanation of the workings of the
-PAM library and descriptions of the various files and modules. Below
-is a summary of the format for the pam.conf and /etc/pam.d/* files.
-
-Configuration lines take the following form:
-
-module-type control-flag module-path arguments
-
-Comments are introduced with a hash mark ('#'). Blank lines and lines
-consisting entirely of comments are ignored.
-
-The meanings of the different fields are as follows:
-
- module-type:
- auth: prompt for a password to authenticate that the user is
- who they say they are, and set any credentials.
- account: non-authentication based authorization, based on time,
- resources, etc.
- session: housekeeping before and/or after login.
- password: update authentication tokens.
-
- control-flag: How libpam handles success or failure of the module.
- required: success is required; on failure all remaining
- modules are run, but the request will be denied.
- requisite: success is required, and on failure no remaining
- modules are run.
- sufficient: success is sufficient, and if no previous required
- module failed, no remaining modules are run.
- binding: success is sufficient; on failure all remaining
- modules are run, but the request will be denied.
- optional: ignored unless the other modules return PAM_IGNORE.
-
- arguments: Module-specific options, plus some generic ones:
- debug: syslog debug info.
- no_warn: return no warning messages to the application.
- Remove this to feed back to the user the
- reason(s) they are being rejected.
- use_first_pass: try authentication using password from the
- preceding auth module.
- try_first_pass: first try authentication using password from
- the preceding auth module, and if that fails
- prompt for a new password.
- use_mapped_pass: convert cleartext password to a crypto key.
- expose_account: allow printing more info about the user when
- prompting.
-
-Note that having a "sufficient" module as the last entry for a
-particular service and module type may result in surprising behaviour.
-To get the intended semantics, add a "required" entry listing the
-pam_deny module at the end of the chain.
-
-$FreeBSD$
Index: etc/pam.d/atrun
===================================================================
--- etc/pam.d/atrun
+++ etc/pam.d/atrun
@@ -1,10 +0,0 @@
-#
-# $FreeBSD$
-#
-# PAM configuration for the "atrun" service
-#
-
-# Note well: enabling pam_nologin for atrun will currently result
-# in jobs discarded, not just delayed, during a no-login period.
-#account required pam_nologin.so
-account required pam_unix.so
Index: etc/pam.d/convert.pl
===================================================================
--- etc/pam.d/convert.pl
+++ etc/pam.d/convert.pl
@@ -1,89 +0,0 @@
-#!/usr/bin/perl -w
-#-
-# SPDX-License-Identifier: BSD-3-Clause
-#
-# Copyright (c) 2001,2002 Networks Associates Technologies, Inc.
-# All rights reserved.
-#
-# This software was developed for the FreeBSD Project by ThinkSec AS and
-# NAI Labs, the Security Research Division of Network Associates, Inc.
-# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-# DARPA CHATS research program.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-# 3. The name of the author may not be used to endorse or promote
-# products derived from this software without specific prior written
-# permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-#
-# $FreeBSD$
-#
-
-use strict;
-use Fcntl;
-use vars qw(%SERVICES);
-
-MAIN:{
- my $line;
- my $service;
- my $version;
- my $type;
- local *FILE;
-
- while (<>) {
- chomp();
- s/\s*$//;
- next unless m/^(\#*)(\w+)\s+(auth|account|session|password)\s+(\S.*)$/;
- $line = $1.$3;
- $line .= "\t" x ((16 - length($line) + 7) / 8);
- $line .= $4;
- push(@{$SERVICES{$2}->{$3}}, $line);
- }
-
- foreach $service (keys(%SERVICES)) {
- $version = '$' . 'FreeBSD' . '$';
- if (sysopen(FILE, $service, O_RDONLY)) {
- while (<FILE>) {
- next unless (m/(\$[F]reeBSD.*?\$)/);
- $version = $1;
- last;
- }
- close(FILE);
- }
- sysopen(FILE, $service, O_RDWR|O_CREAT|O_TRUNC)
- or die("$service: $!\n");
- print(FILE "#\n");
- print(FILE "# $version\n");
- print(FILE "#\n");
- print(FILE "# PAM configuration for the \"$service\" service\n");
- print(FILE "#\n");
- foreach $type (qw(auth account session password)) {
- next unless exists($SERVICES{$service}->{$type});
- print(FILE "\n");
- print(FILE "# $type\n");
- print(FILE join("\n", @{$SERVICES{$service}->{$type}}, ""));
- }
- close(FILE);
- warn("$service\n");
- }
-
- exit(0);
-}
Index: etc/pam.d/cron
===================================================================
--- etc/pam.d/cron
+++ etc/pam.d/cron
@@ -1,9 +0,0 @@
-#
-# $FreeBSD$
-#
-# PAM configuration for the "cron" service
-#
-
-# account
-account required pam_nologin.so
-account required pam_unix.so
Index: etc/pam.d/ftpd
===================================================================
--- etc/pam.d/ftpd
+++ etc/pam.d/ftpd
@@ -1,20 +0,0 @@
-#
-# $FreeBSD$
-#
-# PAM configuration for the "ftpd" service
-#
-
-# auth
-auth sufficient pam_opie.so no_warn no_fake_prompts
-auth requisite pam_opieaccess.so no_warn allow_local
-#auth sufficient pam_krb5.so no_warn
-#auth sufficient pam_ssh.so no_warn try_first_pass
-auth required pam_unix.so no_warn try_first_pass
-
-# account
-account required pam_nologin.so
-#account required pam_krb5.so
-account required pam_unix.so
-
-# session
-session required pam_permit.so
Index: etc/pam.d/imap
===================================================================
--- etc/pam.d/imap
+++ etc/pam.d/imap
@@ -1,14 +0,0 @@
-#
-# $FreeBSD$
-#
-# PAM configuration for the "imap" service
-#
-
-# auth
-#auth sufficient pam_krb5.so no_warn try_first_pass
-#auth sufficient pam_ssh.so no_warn try_first_pass
-auth required pam_unix.so no_warn try_first_pass
-
-# account
-#account required pam_nologin.so
-account required pam_unix.so
Index: etc/pam.d/login
===================================================================
--- etc/pam.d/login
+++ etc/pam.d/login
@@ -1,20 +0,0 @@
-#
-# $FreeBSD$
-#
-# PAM configuration for the "login" service
-#
-
-# auth
-auth sufficient pam_self.so no_warn
-auth include system
-
-# account
-account requisite pam_securetty.so
-account required pam_nologin.so
-account include system
-
-# session
-session include system
-
-# password
-password include system
Index: etc/pam.d/other
===================================================================
--- etc/pam.d/other
+++ etc/pam.d/other
@@ -1,25 +0,0 @@
-#
-# $FreeBSD$
-#
-# PAM configuration for the "other" service
-#
-
-# auth
-auth sufficient pam_opie.so no_warn no_fake_prompts
-auth requisite pam_opieaccess.so no_warn allow_local
-#auth sufficient pam_krb5.so no_warn try_first_pass
-#auth sufficient pam_ssh.so no_warn try_first_pass
-auth required pam_unix.so no_warn try_first_pass
-
-# account
-account required pam_nologin.so
-#account required pam_krb5.so
-account required pam_login_access.so
-account required pam_unix.so
-
-# session
-#session optional pam_ssh.so want_agent
-session required pam_permit.so
-
-# password
-password required pam_permit.so
Index: etc/pam.d/passwd
===================================================================
--- etc/pam.d/passwd
+++ etc/pam.d/passwd
@@ -1,11 +0,0 @@
-#
-# $FreeBSD$
-#
-# PAM configuration for the "passwd" service
-#
-
-# passwd(1) does not use the auth, account or session services.
-
-# password
-#password requisite pam_passwdqc.so enforce=users
-password required pam_unix.so no_warn try_first_pass nullok
Index: etc/pam.d/pop3
===================================================================
--- etc/pam.d/pop3
+++ etc/pam.d/pop3
@@ -1,14 +0,0 @@
-#
-# $FreeBSD$
-#
-# PAM configuration for the "pop3" service
-#
-
-# auth
-#auth sufficient pam_krb5.so no_warn try_first_pass
-#auth sufficient pam_ssh.so no_warn try_first_pass
-auth required pam_unix.so no_warn try_first_pass
-
-# account
-#account required pam_nologin.so
-account required pam_unix.so
Index: etc/pam.d/sshd
===================================================================
--- etc/pam.d/sshd
+++ etc/pam.d/sshd
@@ -1,26 +0,0 @@
-#
-# $FreeBSD$
-#
-# PAM configuration for the "sshd" service
-#
-
-# auth
-auth sufficient pam_opie.so no_warn no_fake_prompts
-auth requisite pam_opieaccess.so no_warn allow_local
-#auth sufficient pam_krb5.so no_warn try_first_pass
-#auth sufficient pam_ssh.so no_warn try_first_pass
-auth required pam_unix.so no_warn try_first_pass
-
-# account
-account required pam_nologin.so
-#account required pam_krb5.so
-account required pam_login_access.so
-account required pam_unix.so
-
-# session
-#session optional pam_ssh.so want_agent
-session required pam_permit.so
-
-# password
-#password sufficient pam_krb5.so no_warn try_first_pass
-password required pam_unix.so no_warn try_first_pass
Index: etc/pam.d/su
===================================================================
--- etc/pam.d/su
+++ etc/pam.d/su
@@ -1,17 +0,0 @@
-#
-# $FreeBSD$
-#
-# PAM configuration for the "su" service
-#
-
-# auth
-auth sufficient pam_rootok.so no_warn
-auth sufficient pam_self.so no_warn
-auth requisite pam_group.so no_warn group=wheel root_only fail_safe ruser
-auth include system
-
-# account
-account include system
-
-# session
-session required pam_permit.so
Index: etc/pam.d/system
===================================================================
--- etc/pam.d/system
+++ etc/pam.d/system
@@ -1,25 +0,0 @@
-#
-# $FreeBSD$
-#
-# System-wide defaults
-#
-
-# auth
-auth sufficient pam_opie.so no_warn no_fake_prompts
-auth requisite pam_opieaccess.so no_warn allow_local
-#auth sufficient pam_krb5.so no_warn try_first_pass
-#auth sufficient pam_ssh.so no_warn try_first_pass
-auth required pam_unix.so no_warn try_first_pass nullok
-
-# account
-#account required pam_krb5.so
-account required pam_login_access.so
-account required pam_unix.so
-
-# session
-#session optional pam_ssh.so want_agent
-session required pam_lastlog.so no_fail
-
-# password
-#password sufficient pam_krb5.so no_warn try_first_pass
-password required pam_unix.so no_warn try_first_pass
Index: etc/pam.d/telnetd
===================================================================
--- etc/pam.d/telnetd
+++ etc/pam.d/telnetd
@@ -1,26 +0,0 @@
-#
-# $FreeBSD$
-#
-# PAM configuration for the "telnetd" service
-#
-
-# auth
-auth sufficient pam_opie.so no_warn no_fake_prompts
-auth requisite pam_opieaccess.so no_warn allow_local
-#auth sufficient pam_krb5.so no_warn try_first_pass
-#auth sufficient pam_ssh.so no_warn try_first_pass
-auth required pam_unix.so no_warn try_first_pass
-
-# account
-account required pam_nologin.so
-#account required pam_krb5.so
-account required pam_login_access.so
-account required pam_unix.so
-
-# session
-#session optional pam_ssh.so want_agent
-session required pam_lastlog.so no_fail
-
-# password
-#password sufficient pam_krb5.so no_warn try_first_pass
-password required pam_unix.so no_warn try_first_pass
Index: etc/pam.d/xdm
===================================================================
--- etc/pam.d/xdm
+++ etc/pam.d/xdm
@@ -1,22 +0,0 @@
-#
-# $FreeBSD$
-#
-# PAM configuration for the "xdm" service
-#
-
-# auth
-#auth sufficient pam_krb5.so no_warn try_first_pass
-#auth sufficient pam_ssh.so no_warn try_first_pass
-auth required pam_unix.so no_warn try_first_pass
-
-# account
-account required pam_nologin.so
-#account required pam_krb5.so
-account required pam_unix.so
-
-# session
-#session required pam_ssh.so want_agent
-session required pam_lastlog.so no_fail
-
-# password
-password required pam_deny.so
Index: lib/libpam/Makefile
===================================================================
--- lib/libpam/Makefile
+++ lib/libpam/Makefile
@@ -25,7 +25,7 @@
# $FreeBSD$
# The modules link in libpam. They build the static modules as well.
-SUBDIR+= libpam modules
+SUBDIR+= libpam modules pam.d
SUBDIR_DEPEND_modules= libpam
SUBDIR+= static_libpam
SUBDIR_DEPEND_static_libpam= modules
Index: lib/libpam/modules/pam_login_access/Makefile
===================================================================
--- lib/libpam/modules/pam_login_access/Makefile
+++ lib/libpam/modules/pam_login_access/Makefile
@@ -24,6 +24,7 @@
#
# $FreeBSD$
+CONFS= login.access
LIB= pam_login_access
SRCS= pam_login_access.c login_access.c
MAN= login.access.5 pam_login_access.8
Index: lib/libpam/pam.d/Makefile
===================================================================
--- lib/libpam/pam.d/Makefile
+++ lib/libpam/pam.d/Makefile
@@ -4,9 +4,8 @@
NO_OBJ=
-FILESGROUPS= FILES
-
-FILES= README \
+CONFGROUPS= CONFS
+CONFS= README \
cron \
imap \
login \
@@ -15,34 +14,26 @@
sshd su system \
xdm
-FILESDIR= /etc/pam.d
-FILESMODE= 644
+CONFDIR= /etc/pam.d
+CONFSMODE_README= 444
.if ${MK_AT} != "no"
-FILESGROUPS+= AT
+CONFGROUPS+= AT
AT+= atrun
ATPACKAGE+= at
-ATDIR= ${FILESDIR}
-ATMODE= ${FILESMODE}
.endif
.if ${MK_FTP} != "no"
-FILESGROUPS+= FTP
+CONFGROUPS+= FTP
FTP+= ftpd
FTPPACKAGE+= ftp
-FTPDIR= ${FILESDIR}
-FTPMODE= ${FILESMODE}
LINKS= ${FILESDIR}/ftpd ${FILESDIR}/ftp
.endif
.if ${MK_TELNET} != "no"
-FILESGROUPS+= TELNET
+CONFGROUPS+= TELNET
TELNET+= telnetd
TELNETPACKAGE+= telnet
-TELNETDIR= ${FILESDIR}
-TELNETMODE= ${FILESMODE}
.endif
-FILESMODE_README= 444
-
.include <bsd.prog.mk>

File Metadata

Mime Type
text/plain
Expires
Wed, Mar 18, 6:03 AM (3 h, 26 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
29886607
Default Alt Text
D17122.id47926.diff (18 KB)

Event Timeline