Index: head/etc/pam.d/README =================================================================== --- head/etc/pam.d/README (revision 338620) +++ head/etc/pam.d/README (nonexistent) @@ -1,62 +0,0 @@ - -This directory contains configuration files for the Pluggable -Authentication Modules (PAM) library. - -Each file details the module chain for a single service, and must be -named after that service. If no configuration file is found for a -particular service, the /etc/pam.d/other is used instead. If that -file does not exist, /etc/pam.conf is searched for entries matching -the specified service or, failing that, the "other" service. - -See the pam(3) manual page for an explanation of the workings of the -PAM library and descriptions of the various files and modules. Below -is a summary of the format for the pam.conf and /etc/pam.d/* files. - -Configuration lines take the following form: - -module-type control-flag module-path arguments - -Comments are introduced with a hash mark ('#'). Blank lines and lines -consisting entirely of comments are ignored. - -The meanings of the different fields are as follows: - - module-type: - auth: prompt for a password to authenticate that the user is - who they say they are, and set any credentials. - account: non-authentication based authorization, based on time, - resources, etc. - session: housekeeping before and/or after login. - password: update authentication tokens. - - control-flag: How libpam handles success or failure of the module. - required: success is required; on failure all remaining - modules are run, but the request will be denied. - requisite: success is required, and on failure no remaining - modules are run. - sufficient: success is sufficient, and if no previous required - module failed, no remaining modules are run. - binding: success is sufficient; on failure all remaining - modules are run, but the request will be denied. - optional: ignored unless the other modules return PAM_IGNORE. - - arguments: Module-specific options, plus some generic ones: - debug: syslog debug info. - no_warn: return no warning messages to the application. - Remove this to feed back to the user the - reason(s) they are being rejected. - use_first_pass: try authentication using password from the - preceding auth module. - try_first_pass: first try authentication using password from - the preceding auth module, and if that fails - prompt for a new password. - use_mapped_pass: convert cleartext password to a crypto key. - expose_account: allow printing more info about the user when - prompting. - -Note that having a "sufficient" module as the last entry for a -particular service and module type may result in surprising behaviour. -To get the intended semantics, add a "required" entry listing the -pam_deny module at the end of the chain. - -$FreeBSD$ Property changes on: head/etc/pam.d/README ___________________________________________________________________ Deleted: svn:keywords ## -1 +0,0 ## -FreeBSD=%H \ No newline at end of property Index: head/etc/pam.d/passwd =================================================================== --- head/etc/pam.d/passwd (revision 338620) +++ head/etc/pam.d/passwd (nonexistent) @@ -1,11 +0,0 @@ -# -# $FreeBSD$ -# -# PAM configuration for the "passwd" service -# - -# passwd(1) does not use the auth, account or session services. - -# password -#password requisite pam_passwdqc.so enforce=users -password required pam_unix.so no_warn try_first_pass nullok Property changes on: head/etc/pam.d/passwd ___________________________________________________________________ Deleted: svn:keywords ## -1 +0,0 ## -FreeBSD=%H \ No newline at end of property Index: head/etc/pam.d/sshd =================================================================== --- head/etc/pam.d/sshd (revision 338620) +++ head/etc/pam.d/sshd (nonexistent) @@ -1,26 +0,0 @@ -# -# $FreeBSD$ -# -# PAM configuration for the "sshd" service -# - -# auth -auth sufficient pam_opie.so no_warn no_fake_prompts -auth requisite pam_opieaccess.so no_warn allow_local -#auth sufficient pam_krb5.so no_warn try_first_pass -#auth sufficient pam_ssh.so no_warn try_first_pass -auth required pam_unix.so no_warn try_first_pass - -# account -account required pam_nologin.so -#account required pam_krb5.so -account required pam_login_access.so -account required pam_unix.so - -# session -#session optional pam_ssh.so want_agent -session required pam_permit.so - -# password -#password sufficient pam_krb5.so no_warn try_first_pass -password required pam_unix.so no_warn try_first_pass Property changes on: head/etc/pam.d/sshd ___________________________________________________________________ Deleted: svn:keywords ## -1 +0,0 ## -FreeBSD=%H \ No newline at end of property Index: head/etc/pam.d/telnetd =================================================================== --- head/etc/pam.d/telnetd (revision 338620) +++ head/etc/pam.d/telnetd (nonexistent) @@ -1,26 +0,0 @@ -# -# $FreeBSD$ -# -# PAM configuration for the "telnetd" service -# - -# auth -auth sufficient pam_opie.so no_warn no_fake_prompts -auth requisite pam_opieaccess.so no_warn allow_local -#auth sufficient pam_krb5.so no_warn try_first_pass -#auth sufficient pam_ssh.so no_warn try_first_pass -auth required pam_unix.so no_warn try_first_pass - -# account -account required pam_nologin.so -#account required pam_krb5.so -account required pam_login_access.so -account required pam_unix.so - -# session -#session optional pam_ssh.so want_agent -session required pam_lastlog.so no_fail - -# password -#password sufficient pam_krb5.so no_warn try_first_pass -password required pam_unix.so no_warn try_first_pass Property changes on: head/etc/pam.d/telnetd ___________________________________________________________________ Deleted: svn:keywords ## -1 +0,0 ## -FreeBSD=%H \ No newline at end of property Index: head/etc/pam.d/atrun =================================================================== --- head/etc/pam.d/atrun (revision 338620) +++ head/etc/pam.d/atrun (nonexistent) @@ -1,10 +0,0 @@ -# -# $FreeBSD$ -# -# PAM configuration for the "atrun" service -# - -# Note well: enabling pam_nologin for atrun will currently result -# in jobs discarded, not just delayed, during a no-login period. -#account required pam_nologin.so -account required pam_unix.so Property changes on: head/etc/pam.d/atrun ___________________________________________________________________ Deleted: svn:keywords ## -1 +0,0 ## -FreeBSD=%H \ No newline at end of property Index: head/etc/pam.d/pop3 =================================================================== --- head/etc/pam.d/pop3 (revision 338620) +++ head/etc/pam.d/pop3 (nonexistent) @@ -1,14 +0,0 @@ -# -# $FreeBSD$ -# -# PAM configuration for the "pop3" service -# - -# auth -#auth sufficient pam_krb5.so no_warn try_first_pass -#auth sufficient pam_ssh.so no_warn try_first_pass -auth required pam_unix.so no_warn try_first_pass - -# account -#account required pam_nologin.so -account required pam_unix.so Property changes on: head/etc/pam.d/pop3 ___________________________________________________________________ Deleted: svn:keywords ## -1 +0,0 ## -FreeBSD=%H \ No newline at end of property Index: head/etc/pam.d/su =================================================================== --- head/etc/pam.d/su (revision 338620) +++ head/etc/pam.d/su (nonexistent) @@ -1,17 +0,0 @@ -# -# $FreeBSD$ -# -# PAM configuration for the "su" service -# - -# auth -auth sufficient pam_rootok.so no_warn -auth sufficient pam_self.so no_warn -auth requisite pam_group.so no_warn group=wheel root_only fail_safe ruser -auth include system - -# account -account include system - -# session -session required pam_permit.so Property changes on: head/etc/pam.d/su ___________________________________________________________________ Deleted: svn:keywords ## -1 +0,0 ## -FreeBSD=%H \ No newline at end of property Index: head/etc/pam.d/xdm =================================================================== --- head/etc/pam.d/xdm (revision 338620) +++ head/etc/pam.d/xdm (nonexistent) @@ -1,22 +0,0 @@ -# -# $FreeBSD$ -# -# PAM configuration for the "xdm" service -# - -# auth -#auth sufficient pam_krb5.so no_warn try_first_pass -#auth sufficient pam_ssh.so no_warn try_first_pass -auth required pam_unix.so no_warn try_first_pass - -# account -account required pam_nologin.so -#account required pam_krb5.so -account required pam_unix.so - -# session -#session required pam_ssh.so want_agent -session required pam_lastlog.so no_fail - -# password -password required pam_deny.so Property changes on: head/etc/pam.d/xdm ___________________________________________________________________ Deleted: svn:keywords ## -1 +0,0 ## -FreeBSD=%H \ No newline at end of property Index: head/etc/pam.d/login =================================================================== --- head/etc/pam.d/login (revision 338620) +++ head/etc/pam.d/login (nonexistent) @@ -1,20 +0,0 @@ -# -# $FreeBSD$ -# -# PAM configuration for the "login" service -# - -# auth -auth sufficient pam_self.so no_warn -auth include system - -# account -account requisite pam_securetty.so -account required pam_nologin.so -account include system - -# session -session include system - -# password -password include system Property changes on: head/etc/pam.d/login ___________________________________________________________________ Deleted: svn:keywords ## -1 +0,0 ## -FreeBSD=%H \ No newline at end of property Index: head/etc/pam.d/convert.pl =================================================================== --- head/etc/pam.d/convert.pl (revision 338620) +++ head/etc/pam.d/convert.pl (nonexistent) @@ -1,89 +0,0 @@ -#!/usr/bin/perl -w -#- -# SPDX-License-Identifier: BSD-3-Clause -# -# Copyright (c) 2001,2002 Networks Associates Technologies, Inc. -# All rights reserved. -# -# This software was developed for the FreeBSD Project by ThinkSec AS and -# NAI Labs, the Security Research Division of Network Associates, Inc. -# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the -# DARPA CHATS research program. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. The name of the author may not be used to endorse or promote -# products derived from this software without specific prior written -# permission. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# - -use strict; -use Fcntl; -use vars qw(%SERVICES); - -MAIN:{ - my $line; - my $service; - my $version; - my $type; - local *FILE; - - while (<>) { - chomp(); - s/\s*$//; - next unless m/^(\#*)(\w+)\s+(auth|account|session|password)\s+(\S.*)$/; - $line = $1.$3; - $line .= "\t" x ((16 - length($line) + 7) / 8); - $line .= $4; - push(@{$SERVICES{$2}->{$3}}, $line); - } - - foreach $service (keys(%SERVICES)) { - $version = '$' . 'FreeBSD' . '$'; - if (sysopen(FILE, $service, O_RDONLY)) { - while () { - next unless (m/(\$[F]reeBSD.*?\$)/); - $version = $1; - last; - } - close(FILE); - } - sysopen(FILE, $service, O_RDWR|O_CREAT|O_TRUNC) - or die("$service: $!\n"); - print(FILE "#\n"); - print(FILE "# $version\n"); - print(FILE "#\n"); - print(FILE "# PAM configuration for the \"$service\" service\n"); - print(FILE "#\n"); - foreach $type (qw(auth account session password)) { - next unless exists($SERVICES{$service}->{$type}); - print(FILE "\n"); - print(FILE "# $type\n"); - print(FILE join("\n", @{$SERVICES{$service}->{$type}}, "")); - } - close(FILE); - warn("$service\n"); - } - - exit(0); -} Property changes on: head/etc/pam.d/convert.pl ___________________________________________________________________ Deleted: svn:keywords ## -1 +0,0 ## -FreeBSD=%H \ No newline at end of property Index: head/etc/pam.d/other =================================================================== --- head/etc/pam.d/other (revision 338620) +++ head/etc/pam.d/other (nonexistent) @@ -1,25 +0,0 @@ -# -# $FreeBSD$ -# -# PAM configuration for the "other" service -# - -# auth -auth sufficient pam_opie.so no_warn no_fake_prompts -auth requisite pam_opieaccess.so no_warn allow_local -#auth sufficient pam_krb5.so no_warn try_first_pass -#auth sufficient pam_ssh.so no_warn try_first_pass -auth required pam_unix.so no_warn try_first_pass - -# account -account required pam_nologin.so -#account required pam_krb5.so -account required pam_login_access.so -account required pam_unix.so - -# session -#session optional pam_ssh.so want_agent -session required pam_permit.so - -# password -password required pam_permit.so Property changes on: head/etc/pam.d/other ___________________________________________________________________ Deleted: svn:keywords ## -1 +0,0 ## -FreeBSD=%H \ No newline at end of property Index: head/etc/pam.d/imap =================================================================== --- head/etc/pam.d/imap (revision 338620) +++ head/etc/pam.d/imap (nonexistent) @@ -1,14 +0,0 @@ -# -# $FreeBSD$ -# -# PAM configuration for the "imap" service -# - -# auth -#auth sufficient pam_krb5.so no_warn try_first_pass -#auth sufficient pam_ssh.so no_warn try_first_pass -auth required pam_unix.so no_warn try_first_pass - -# account -#account required pam_nologin.so -account required pam_unix.so Property changes on: head/etc/pam.d/imap ___________________________________________________________________ Deleted: svn:keywords ## -1 +0,0 ## -FreeBSD=%H \ No newline at end of property Index: head/etc/pam.d/cron =================================================================== --- head/etc/pam.d/cron (revision 338620) +++ head/etc/pam.d/cron (nonexistent) @@ -1,9 +0,0 @@ -# -# $FreeBSD$ -# -# PAM configuration for the "cron" service -# - -# account -account required pam_nologin.so -account required pam_unix.so Property changes on: head/etc/pam.d/cron ___________________________________________________________________ Deleted: svn:keywords ## -1 +0,0 ## -FreeBSD=%H \ No newline at end of property Index: head/etc/pam.d/Makefile =================================================================== --- head/etc/pam.d/Makefile (revision 338620) +++ head/etc/pam.d/Makefile (nonexistent) @@ -1,48 +0,0 @@ -# $FreeBSD$ - -.include - -NO_OBJ= - -FILESGROUPS= FILES - -FILES= README \ - cron \ - imap \ - login \ - other \ - passwd pop3 \ - sshd su system \ - xdm - -FILESDIR= /etc/pam.d -FILESMODE= 644 - -.if ${MK_AT} != "no" -FILESGROUPS+= AT -AT+= atrun -ATPACKAGE+= at -ATDIR= ${FILESDIR} -ATMODE= ${FILESMODE} -.endif - -.if ${MK_FTP} != "no" -FILESGROUPS+= FTP -FTP+= ftpd -FTPPACKAGE+= ftp -FTPDIR= ${FILESDIR} -FTPMODE= ${FILESMODE} -LINKS= ${FILESDIR}/ftpd ${FILESDIR}/ftp -.endif - -.if ${MK_TELNET} != "no" -FILESGROUPS+= TELNET -TELNET+= telnetd -TELNETPACKAGE+= telnet -TELNETDIR= ${FILESDIR} -TELNETMODE= ${FILESMODE} -.endif - -FILESMODE_README= 444 - -.include Property changes on: head/etc/pam.d/Makefile ___________________________________________________________________ Deleted: svn:keywords ## -1 +0,0 ## -FreeBSD=%H \ No newline at end of property Index: head/etc/pam.d/ftpd =================================================================== --- head/etc/pam.d/ftpd (revision 338620) +++ head/etc/pam.d/ftpd (nonexistent) @@ -1,20 +0,0 @@ -# -# $FreeBSD$ -# -# PAM configuration for the "ftpd" service -# - -# auth -auth sufficient pam_opie.so no_warn no_fake_prompts -auth requisite pam_opieaccess.so no_warn allow_local -#auth sufficient pam_krb5.so no_warn -#auth sufficient pam_ssh.so no_warn try_first_pass -auth required pam_unix.so no_warn try_first_pass - -# account -account required pam_nologin.so -#account required pam_krb5.so -account required pam_unix.so - -# session -session required pam_permit.so Property changes on: head/etc/pam.d/ftpd ___________________________________________________________________ Deleted: svn:keywords ## -1 +0,0 ## -FreeBSD=%H \ No newline at end of property Index: head/etc/pam.d/system =================================================================== --- head/etc/pam.d/system (revision 338620) +++ head/etc/pam.d/system (nonexistent) @@ -1,25 +0,0 @@ -# -# $FreeBSD$ -# -# System-wide defaults -# - -# auth -auth sufficient pam_opie.so no_warn no_fake_prompts -auth requisite pam_opieaccess.so no_warn allow_local -#auth sufficient pam_krb5.so no_warn try_first_pass -#auth sufficient pam_ssh.so no_warn try_first_pass -auth required pam_unix.so no_warn try_first_pass nullok - -# account -#account required pam_krb5.so -account required pam_login_access.so -account required pam_unix.so - -# session -#session optional pam_ssh.so want_agent -session required pam_lastlog.so no_fail - -# password -#password sufficient pam_krb5.so no_warn try_first_pass -password required pam_unix.so no_warn try_first_pass Property changes on: head/etc/pam.d/system ___________________________________________________________________ Deleted: svn:keywords ## -1 +0,0 ## -FreeBSD=%H \ No newline at end of property Index: head/etc/Makefile =================================================================== --- head/etc/Makefile (revision 338620) +++ head/etc/Makefile (revision 338621) @@ -1,264 +1,263 @@ # from: @(#)Makefile 5.11 (Berkeley) 5/21/91 # $FreeBSD$ .include FILESGROUPS= FILES # No need as it is empty and just causes rebuilds since this file does so much. UPDATE_DEPENDFILE= no .if ${MK_SENDMAIL} != "no" SUBDIR+=sendmail .endif BIN1= \ dhclient.conf \ disktab \ group \ hosts \ hosts.allow \ hosts.equiv \ libalias.conf \ libmap.conf \ login.access \ mac.conf \ netconfig \ networks \ nsswitch.conf \ phones \ protocols \ rc.bsdextended \ rc.firewall \ remote \ rpc \ termcap.small # NB: keep these sorted by MK_* knobs .if ${MK_AMD} != "no" BIN1+= amd.map .endif .if ${MK_LOCATE} != "no" BIN1+= ${SRCTOP}/usr.bin/locate/locate/locate.rc .endif .if ${MK_LPR} != "no" BIN1+= hosts.lpd printcap .endif .if ${MK_MAIL} != "no" BIN1+= ${SRCTOP}/usr.bin/mail/misc/mail.rc .endif .if ${MK_OPENSSL} != "no" SSL= ${SRCTOP}/crypto/openssl/apps/openssl.cnf .endif .if ${MK_SENDMAIL} != "no" BIN1+= rc.sendmail .endif .if ${MK_WIRELESS} != "no" BIN1+= regdomain.xml .endif .if ${MK_SENDMAIL} == "no" ETCMAIL=mailer.conf aliases .else ETCMAIL=Makefile README mailer.conf access.sample virtusertable.sample \ mailertable.sample aliases .endif # Special top level files for FreeBSD FREEBSD=COPYRIGHT # Sanitize DESTDIR DESTDIR:= ${DESTDIR:C://*:/:g} afterinstall: .if ${MK_MAN} != "no" ${_+_}cd ${SRCTOP}/share/man; ${MAKE} makedb .endif distribute: # Avoid installing tests here; "make distribution" will do this and # correctly place them in the right location. ${_+_}cd ${.CURDIR} ; ${MAKE} MK_TESTS=no install \ DESTDIR=${DISTDIR}/${DISTRIBUTION} ${_+_}cd ${.CURDIR} ; ${MAKE} distribution DESTDIR=${DISTDIR}/${DISTRIBUTION} .include .if defined(NO_ROOT) METALOG.add?= cat -l >> ${METALOG} .endif distribution: .if !defined(DESTDIR) @echo "set DESTDIR before running \"make ${.TARGET}\"" @false .endif cd ${.CURDIR}; \ ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ ${BIN1} ${DESTDIR}/etc; \ ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 600 \ master.passwd nsmb.conf opieaccess ${DESTDIR}/etc; .if ${MK_TCSH} == "no" sed -i "" -e 's;/bin/csh;/bin/sh;' ${DESTDIR}/etc/master.passwd .endif pwd_mkdb -i -p -d ${DESTDIR}/etc ${DESTDIR}/etc/master.passwd .if defined(NO_ROOT) ( \ echo "./etc/passwd type=file mode=0644 uname=root gname=wheel"; \ echo "./etc/pwd.db type=file mode=0644 uname=root gname=wheel"; \ echo "./etc/spwd.db type=file mode=0600 uname=root gname=wheel"; \ ) | ${METALOG.add} .endif ${_+_}cd ${.CURDIR}/gss; ${MAKE} install ${_+_}cd ${.CURDIR}/mtree; ${MAKE} install ${_+_}cd ${SRCTOP}/share/termcap; ${MAKE} etc-termcap ${_+_}cd ${SRCTOP}/usr.sbin/rmt; ${MAKE} etc-rmt - ${_+_}cd ${.CURDIR}/pam.d; ${MAKE} install .if ${MK_UNBOUND} != "no" if [ ! -e ${DESTDIR}/etc/unbound ]; then \ ${INSTALL_SYMLINK} ../var/unbound ${DESTDIR}/etc/unbound; \ fi .endif .if ${MK_SENDMAIL} != "no" ${_+_}cd ${.CURDIR}/sendmail; ${MAKE} distribution .endif .if ${MK_OPENSSL} != "no" cd ${.CURDIR}; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ ${SSL} ${DESTDIR}/etc/ssl .endif .if ${MK_KERBEROS} != "no" cd ${.CURDIR}/root; \ ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ dot.k5login ${DESTDIR}/root/.k5login; .endif .if ${MK_MAIL} != "no" cd ${.CURDIR}/mail; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ ${ETCMAIL} ${DESTDIR}/etc/mail if [ -d ${DESTDIR}/etc/mail -a -f ${DESTDIR}/etc/mail/aliases -a \ ! -f ${DESTDIR}/etc/aliases ]; then \ ${INSTALL_SYMLINK} mail/aliases ${DESTDIR}/etc/aliases; \ fi .endif .if ${MK_LOCATE} != "no" ${INSTALL} -o nobody -g ${BINGRP} -m 644 /dev/null \ ${DESTDIR}/var/db/locate.database .endif cd ${.CURDIR}/..; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 444 \ ${FREEBSD} ${DESTDIR}/ .if ${MK_BOOT} != "no" .if exists(${SRCTOP}/sys/${MACHINE}/conf/GENERIC.hints) ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 444 \ ${SRCTOP}/sys/${MACHINE}/conf/GENERIC.hints \ ${DESTDIR}/boot/device.hints .endif .endif .if ${MK_NIS} == "no" sed -i "" -e 's/.*_compat:/# &/' -e 's/compat$$/files/' \ ${DESTDIR}/etc/nsswitch.conf .endif MTREE_CMD?= mtree MTREES= mtree/BSD.root.dist / \ mtree/BSD.var.dist /var \ mtree/BSD.usr.dist /usr \ mtree/BSD.include.dist /usr/include \ mtree/BSD.debug.dist /usr/lib .if ${MK_LIB32} != "no" MTREES+= mtree/BSD.lib32.dist /usr MTREES+= mtree/BSD.lib32.dist /usr/lib/debug/usr .endif .if ${MK_LIBSOFT} != "no" MTREES+= mtree/BSD.libsoft.dist /usr MTREES+= mtree/BSD.libsoft.dist /usr/lib/debug/usr .endif .if ${MK_TESTS} != "no" MTREES+= mtree/BSD.tests.dist ${TESTSBASE} MTREES+= mtree/BSD.tests.dist /usr/lib/debug/${TESTSBASE} .endif .if ${MK_SENDMAIL} != "no" MTREES+= mtree/BSD.sendmail.dist / .endif .for mtree in ${LOCAL_MTREE} MTREES+= ../${mtree} / .endfor # Clean up some directories that where mistakenly created as files that # should not have been as part of the nvi update in r281994. # This should be removed after 11.0-RELEASE. DISTRIB_CLEANUP_SHARE_FILES= ${SHAREDIR}/doc/usd/10.exref ${SHAREDIR}/doc/usd/11.edit DISTRIB_CLEANUP_SHARE_FILES+= ${SHAREDIR}/doc/usd/12.vi ${SHAREDIR}/doc/usd/13.viref distrib-cleanup: .PHONY for file in ${DISTRIB_CLEANUP_SHARE_FILES}; do \ if [ -f ${DESTDIR}/$${file} ]; then \ rm -f ${DESTDIR}/$${file}; \ fi; \ done distrib-dirs: ${MTREES:N/*} distrib-cleanup .PHONY @set ${MTREES}; \ while test $$# -ge 2; do \ m=${.CURDIR}/$$1; \ shift; \ d=${DESTDIR}$$1; \ shift; \ test -d $$d || mkdir -p $$d; \ ${ECHO} ${MTREE_CMD} -deU ${MTREE_FSCHG} \ ${MTREE_FOLLOWS_SYMLINKS} -f $$m -p $$d; \ ${MTREE_FILTER} $$m | \ ${MTREE_CMD} -deU ${MTREE_FSCHG} ${MTREE_FOLLOWS_SYMLINKS} \ -p $$d; \ done; true .if defined(NO_ROOT) @set ${MTREES}; \ while test $$# -ge 2; do \ m=${.CURDIR}/$$1; \ shift; \ d=$$1; \ test "$$d" == "/" && d=""; \ d=${DISTBASE}$$d; \ shift; \ test -d ${DESTDIR}/$$d || mkdir -p ${DESTDIR}/$$d; \ ${ECHO} "${MTREE_CMD:N-W} -C -f $$m -K all | " \ "sed s#^\.#.$$d# | ${METALOG.add}" ; \ ${MTREE_FILTER} $$m | \ ${MTREE_CMD:N-W} -C -K all | sed s#^\.#.$$d# | \ ${METALOG.add} ; \ done; true .endif .if ${MK_NLS} != "no" set - `grep "^[a-zA-Z]" ${.CURDIR}/nls.alias`; \ while [ $$# -gt 0 ] ; do \ ${INSTALL_SYMLINK} "$$2" "${DESTDIR}${SHAREDIR}/nls/$$1"; \ shift; shift; \ done .endif etc-examples: ${META_DEPS} cd ${.CURDIR}; ${INSTALL} ${TAG_ARGS} -o ${BINOWN} -g ${BINGRP} -m 444 \ ${BIN1} ${BIN2} nsmb.conf opieaccess \ ${DESTDIR}${SHAREDIR}/examples/etc .include .if ${MK_INSTALL_AS_USER} == "yes" && ${_uid} != 0 MTREE_FILTER= sed -e 's,\([gu]\)name=,\1id=,g' \ -e 's,\(uid=\)[^ ]* ,\1${_uid} ,' \ -e 's,\(gid=\)[^ ]* ,\1${_gid} ,' \ -e 's,\(uid=\)[^ ]*$$,\1${_uid},' \ -e 's,\(gid=\)[^ ]*$$,\1${_gid},' .else MTREE_FILTER= cat .if !defined(NO_FSCHG) MTREE_FSCHG= -i .endif .endif Index: head/lib/libpam/Makefile =================================================================== --- head/lib/libpam/Makefile (revision 338620) +++ head/lib/libpam/Makefile (revision 338621) @@ -1,34 +1,34 @@ # Copyright 1998 Juniper Networks, Inc. # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD$ # The modules link in libpam. They build the static modules as well. -SUBDIR+= libpam modules +SUBDIR+= libpam modules pam.d SUBDIR_DEPEND_modules= libpam SUBDIR+= static_libpam SUBDIR_DEPEND_static_libpam= modules SUBDIR_PARALLEL= .include Index: head/lib/libpam/pam.d/Makefile =================================================================== --- head/lib/libpam/pam.d/Makefile (nonexistent) +++ head/lib/libpam/pam.d/Makefile (revision 338621) @@ -0,0 +1,39 @@ +# $FreeBSD$ + +.include + +NO_OBJ= + +CONFGROUPS= CONFS +CONFS= README \ + cron \ + imap \ + login \ + other \ + passwd pop3 \ + sshd su system \ + xdm + +CONFDIR= /etc/pam.d +CONFSMODE_README= 444 + +.if ${MK_AT} != "no" +CONFGROUPS+= AT +AT+= atrun +ATPACKAGE+= at +.endif + +.if ${MK_FTP} != "no" +CONFGROUPS+= FTP +FTP+= ftpd +FTPPACKAGE+= ftp +LINKS= ${FILESDIR}/ftpd ${FILESDIR}/ftp +.endif + +.if ${MK_TELNET} != "no" +CONFGROUPS+= TELNET +TELNET+= telnetd +TELNETPACKAGE+= telnet +.endif + +.include Property changes on: head/lib/libpam/pam.d/Makefile ___________________________________________________________________ Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Index: head/lib/libpam/pam.d/convert.pl =================================================================== --- head/lib/libpam/pam.d/convert.pl (nonexistent) +++ head/lib/libpam/pam.d/convert.pl (revision 338621) @@ -0,0 +1,89 @@ +#!/usr/bin/perl -w +#- +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2001,2002 Networks Associates Technologies, Inc. +# All rights reserved. +# +# This software was developed for the FreeBSD Project by ThinkSec AS and +# NAI Labs, the Security Research Division of Network Associates, Inc. +# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +# DARPA CHATS research program. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. The name of the author may not be used to endorse or promote +# products derived from this software without specific prior written +# permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +use strict; +use Fcntl; +use vars qw(%SERVICES); + +MAIN:{ + my $line; + my $service; + my $version; + my $type; + local *FILE; + + while (<>) { + chomp(); + s/\s*$//; + next unless m/^(\#*)(\w+)\s+(auth|account|session|password)\s+(\S.*)$/; + $line = $1.$3; + $line .= "\t" x ((16 - length($line) + 7) / 8); + $line .= $4; + push(@{$SERVICES{$2}->{$3}}, $line); + } + + foreach $service (keys(%SERVICES)) { + $version = '$' . 'FreeBSD' . '$'; + if (sysopen(FILE, $service, O_RDONLY)) { + while () { + next unless (m/(\$[F]reeBSD.*?\$)/); + $version = $1; + last; + } + close(FILE); + } + sysopen(FILE, $service, O_RDWR|O_CREAT|O_TRUNC) + or die("$service: $!\n"); + print(FILE "#\n"); + print(FILE "# $version\n"); + print(FILE "#\n"); + print(FILE "# PAM configuration for the \"$service\" service\n"); + print(FILE "#\n"); + foreach $type (qw(auth account session password)) { + next unless exists($SERVICES{$service}->{$type}); + print(FILE "\n"); + print(FILE "# $type\n"); + print(FILE join("\n", @{$SERVICES{$service}->{$type}}, "")); + } + close(FILE); + warn("$service\n"); + } + + exit(0); +} Property changes on: head/lib/libpam/pam.d/convert.pl ___________________________________________________________________ Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Index: head/lib/libpam/pam.d/README =================================================================== --- head/lib/libpam/pam.d/README (nonexistent) +++ head/lib/libpam/pam.d/README (revision 338621) @@ -0,0 +1,62 @@ + +This directory contains configuration files for the Pluggable +Authentication Modules (PAM) library. + +Each file details the module chain for a single service, and must be +named after that service. If no configuration file is found for a +particular service, the /etc/pam.d/other is used instead. If that +file does not exist, /etc/pam.conf is searched for entries matching +the specified service or, failing that, the "other" service. + +See the pam(3) manual page for an explanation of the workings of the +PAM library and descriptions of the various files and modules. Below +is a summary of the format for the pam.conf and /etc/pam.d/* files. + +Configuration lines take the following form: + +module-type control-flag module-path arguments + +Comments are introduced with a hash mark ('#'). Blank lines and lines +consisting entirely of comments are ignored. + +The meanings of the different fields are as follows: + + module-type: + auth: prompt for a password to authenticate that the user is + who they say they are, and set any credentials. + account: non-authentication based authorization, based on time, + resources, etc. + session: housekeeping before and/or after login. + password: update authentication tokens. + + control-flag: How libpam handles success or failure of the module. + required: success is required; on failure all remaining + modules are run, but the request will be denied. + requisite: success is required, and on failure no remaining + modules are run. + sufficient: success is sufficient, and if no previous required + module failed, no remaining modules are run. + binding: success is sufficient; on failure all remaining + modules are run, but the request will be denied. + optional: ignored unless the other modules return PAM_IGNORE. + + arguments: Module-specific options, plus some generic ones: + debug: syslog debug info. + no_warn: return no warning messages to the application. + Remove this to feed back to the user the + reason(s) they are being rejected. + use_first_pass: try authentication using password from the + preceding auth module. + try_first_pass: first try authentication using password from + the preceding auth module, and if that fails + prompt for a new password. + use_mapped_pass: convert cleartext password to a crypto key. + expose_account: allow printing more info about the user when + prompting. + +Note that having a "sufficient" module as the last entry for a +particular service and module type may result in surprising behaviour. +To get the intended semantics, add a "required" entry listing the +pam_deny module at the end of the chain. + +$FreeBSD$ Property changes on: head/lib/libpam/pam.d/README ___________________________________________________________________ Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Index: head/lib/libpam/pam.d/su =================================================================== --- head/lib/libpam/pam.d/su (nonexistent) +++ head/lib/libpam/pam.d/su (revision 338621) @@ -0,0 +1,17 @@ +# +# $FreeBSD$ +# +# PAM configuration for the "su" service +# + +# auth +auth sufficient pam_rootok.so no_warn +auth sufficient pam_self.so no_warn +auth requisite pam_group.so no_warn group=wheel root_only fail_safe ruser +auth include system + +# account +account include system + +# session +session required pam_permit.so Property changes on: head/lib/libpam/pam.d/su ___________________________________________________________________ Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Index: head/lib/libpam/pam.d/ftpd =================================================================== --- head/lib/libpam/pam.d/ftpd (nonexistent) +++ head/lib/libpam/pam.d/ftpd (revision 338621) @@ -0,0 +1,20 @@ +# +# $FreeBSD$ +# +# PAM configuration for the "ftpd" service +# + +# auth +auth sufficient pam_opie.so no_warn no_fake_prompts +auth requisite pam_opieaccess.so no_warn allow_local +#auth sufficient pam_krb5.so no_warn +#auth sufficient pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass + +# account +account required pam_nologin.so +#account required pam_krb5.so +account required pam_unix.so + +# session +session required pam_permit.so Property changes on: head/lib/libpam/pam.d/ftpd ___________________________________________________________________ Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Index: head/lib/libpam/pam.d/other =================================================================== --- head/lib/libpam/pam.d/other (nonexistent) +++ head/lib/libpam/pam.d/other (revision 338621) @@ -0,0 +1,25 @@ +# +# $FreeBSD$ +# +# PAM configuration for the "other" service +# + +# auth +auth sufficient pam_opie.so no_warn no_fake_prompts +auth requisite pam_opieaccess.so no_warn allow_local +#auth sufficient pam_krb5.so no_warn try_first_pass +#auth sufficient pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass + +# account +account required pam_nologin.so +#account required pam_krb5.so +account required pam_login_access.so +account required pam_unix.so + +# session +#session optional pam_ssh.so want_agent +session required pam_permit.so + +# password +password required pam_permit.so Property changes on: head/lib/libpam/pam.d/other ___________________________________________________________________ Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Index: head/lib/libpam/pam.d/sshd =================================================================== --- head/lib/libpam/pam.d/sshd (nonexistent) +++ head/lib/libpam/pam.d/sshd (revision 338621) @@ -0,0 +1,26 @@ +# +# $FreeBSD$ +# +# PAM configuration for the "sshd" service +# + +# auth +auth sufficient pam_opie.so no_warn no_fake_prompts +auth requisite pam_opieaccess.so no_warn allow_local +#auth sufficient pam_krb5.so no_warn try_first_pass +#auth sufficient pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass + +# account +account required pam_nologin.so +#account required pam_krb5.so +account required pam_login_access.so +account required pam_unix.so + +# session +#session optional pam_ssh.so want_agent +session required pam_permit.so + +# password +#password sufficient pam_krb5.so no_warn try_first_pass +password required pam_unix.so no_warn try_first_pass Property changes on: head/lib/libpam/pam.d/sshd ___________________________________________________________________ Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Index: head/lib/libpam/pam.d/system =================================================================== --- head/lib/libpam/pam.d/system (nonexistent) +++ head/lib/libpam/pam.d/system (revision 338621) @@ -0,0 +1,25 @@ +# +# $FreeBSD$ +# +# System-wide defaults +# + +# auth +auth sufficient pam_opie.so no_warn no_fake_prompts +auth requisite pam_opieaccess.so no_warn allow_local +#auth sufficient pam_krb5.so no_warn try_first_pass +#auth sufficient pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass nullok + +# account +#account required pam_krb5.so +account required pam_login_access.so +account required pam_unix.so + +# session +#session optional pam_ssh.so want_agent +session required pam_lastlog.so no_fail + +# password +#password sufficient pam_krb5.so no_warn try_first_pass +password required pam_unix.so no_warn try_first_pass Property changes on: head/lib/libpam/pam.d/system ___________________________________________________________________ Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Index: head/lib/libpam/pam.d/telnetd =================================================================== --- head/lib/libpam/pam.d/telnetd (nonexistent) +++ head/lib/libpam/pam.d/telnetd (revision 338621) @@ -0,0 +1,26 @@ +# +# $FreeBSD$ +# +# PAM configuration for the "telnetd" service +# + +# auth +auth sufficient pam_opie.so no_warn no_fake_prompts +auth requisite pam_opieaccess.so no_warn allow_local +#auth sufficient pam_krb5.so no_warn try_first_pass +#auth sufficient pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass + +# account +account required pam_nologin.so +#account required pam_krb5.so +account required pam_login_access.so +account required pam_unix.so + +# session +#session optional pam_ssh.so want_agent +session required pam_lastlog.so no_fail + +# password +#password sufficient pam_krb5.so no_warn try_first_pass +password required pam_unix.so no_warn try_first_pass Property changes on: head/lib/libpam/pam.d/telnetd ___________________________________________________________________ Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Index: head/lib/libpam/pam.d/xdm =================================================================== --- head/lib/libpam/pam.d/xdm (nonexistent) +++ head/lib/libpam/pam.d/xdm (revision 338621) @@ -0,0 +1,22 @@ +# +# $FreeBSD$ +# +# PAM configuration for the "xdm" service +# + +# auth +#auth sufficient pam_krb5.so no_warn try_first_pass +#auth sufficient pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass + +# account +account required pam_nologin.so +#account required pam_krb5.so +account required pam_unix.so + +# session +#session required pam_ssh.so want_agent +session required pam_lastlog.so no_fail + +# password +password required pam_deny.so Property changes on: head/lib/libpam/pam.d/xdm ___________________________________________________________________ Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Index: head/lib/libpam/pam.d/cron =================================================================== --- head/lib/libpam/pam.d/cron (nonexistent) +++ head/lib/libpam/pam.d/cron (revision 338621) @@ -0,0 +1,9 @@ +# +# $FreeBSD$ +# +# PAM configuration for the "cron" service +# + +# account +account required pam_nologin.so +account required pam_unix.so Property changes on: head/lib/libpam/pam.d/cron ___________________________________________________________________ Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Index: head/lib/libpam/pam.d/atrun =================================================================== --- head/lib/libpam/pam.d/atrun (nonexistent) +++ head/lib/libpam/pam.d/atrun (revision 338621) @@ -0,0 +1,10 @@ +# +# $FreeBSD$ +# +# PAM configuration for the "atrun" service +# + +# Note well: enabling pam_nologin for atrun will currently result +# in jobs discarded, not just delayed, during a no-login period. +#account required pam_nologin.so +account required pam_unix.so Property changes on: head/lib/libpam/pam.d/atrun ___________________________________________________________________ Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Index: head/lib/libpam/pam.d/imap =================================================================== --- head/lib/libpam/pam.d/imap (nonexistent) +++ head/lib/libpam/pam.d/imap (revision 338621) @@ -0,0 +1,14 @@ +# +# $FreeBSD$ +# +# PAM configuration for the "imap" service +# + +# auth +#auth sufficient pam_krb5.so no_warn try_first_pass +#auth sufficient pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass + +# account +#account required pam_nologin.so +account required pam_unix.so Property changes on: head/lib/libpam/pam.d/imap ___________________________________________________________________ Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Index: head/lib/libpam/pam.d/pop3 =================================================================== --- head/lib/libpam/pam.d/pop3 (nonexistent) +++ head/lib/libpam/pam.d/pop3 (revision 338621) @@ -0,0 +1,14 @@ +# +# $FreeBSD$ +# +# PAM configuration for the "pop3" service +# + +# auth +#auth sufficient pam_krb5.so no_warn try_first_pass +#auth sufficient pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass + +# account +#account required pam_nologin.so +account required pam_unix.so Property changes on: head/lib/libpam/pam.d/pop3 ___________________________________________________________________ Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Index: head/lib/libpam/pam.d/login =================================================================== --- head/lib/libpam/pam.d/login (nonexistent) +++ head/lib/libpam/pam.d/login (revision 338621) @@ -0,0 +1,20 @@ +# +# $FreeBSD$ +# +# PAM configuration for the "login" service +# + +# auth +auth sufficient pam_self.so no_warn +auth include system + +# account +account requisite pam_securetty.so +account required pam_nologin.so +account include system + +# session +session include system + +# password +password include system Property changes on: head/lib/libpam/pam.d/login ___________________________________________________________________ Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Index: head/lib/libpam/pam.d/passwd =================================================================== --- head/lib/libpam/pam.d/passwd (nonexistent) +++ head/lib/libpam/pam.d/passwd (revision 338621) @@ -0,0 +1,11 @@ +# +# $FreeBSD$ +# +# PAM configuration for the "passwd" service +# + +# passwd(1) does not use the auth, account or session services. + +# password +#password requisite pam_passwdqc.so enforce=users +password required pam_unix.so no_warn try_first_pass nullok Property changes on: head/lib/libpam/pam.d/passwd ___________________________________________________________________ Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property