Commit Graph

69471 Commits

Author SHA1 Message Date
Dag-Erling Smørgrav
ca355e5451 Correctly interpret PAM_RHOST being unset as an indicator of a local
login.

Sponsored by:	DARPA, NAI Labs
2002-01-24 16:18:43 +00:00
Dag-Erling Smørgrav
d233082fbe Correctly interpret PAM_RHOST being unset as an indicator of a local
login.
2002-01-24 16:16:01 +00:00
Dag-Erling Smørgrav
e4536f1138 Style nits.
Sponsored by:	DARPA, NAI Labs
2002-01-24 16:14:56 +00:00
Alexey Zelkin
a2fb0481d7 get __time_load_locale() prototype from include file, rather than declare
own
2002-01-24 15:38:59 +00:00
Dag-Erling Smørgrav
e9ae7bc234 This commit disables chain caching.
Chain caching is a feature of Linux-PAM, where pam_authenticate() and
pam_open_session() "freeze" the chain so that their companion
primitive (pam_setcred() and pam_close_session() respectively) will
call the exact same modules, skipping those that failed in the
previous call.

There are several reasons not to do this, the most prominent of which
is that it makes it impossible to call pam_setcred() without first
calling pam_authenticate() - which is perfectly valid according to
DCE/RFC 86.0 and XSSO, and is necessary to make 'login -f' work.

Instead of chain caching, implement something similar to the way
Solaris' libpam behaves: pam_setcred treats "sufficient" modules as if
they were "required", i.e. does not break the chain when they succeed.

PAM modules whose pam_sm_setcred() should not be called unless their
pam_sm_authenticate() succeeded can simply set a state variable using
pam_set_data() in pam_sm_authenticate(), and use pam_get_data() to
check it in pam_sm_setcred().

Sponsored by:	DARPA, NAI Labs
2002-01-24 15:30:03 +00:00
Guido van Rooij
a3e5380a47 1) Fix a debug statement by filling in its data before the printf in
stead of after
2) Honour NO_TEST_UNIT_READY quirk for atapi devices as well
3) Actually support FujiFilm FinePix 6800 camera's. Will very likely also
work for other FinePix models.

Based on a debug session about half a year ago with Nik Hibma.
MFC after:	2 weeks
2002-01-24 15:10:53 +00:00
Alexey Zelkin
bcbeac34ae * style(9)'fy
* declare prototype for __time_load_locale() in timelocal.h
2002-01-24 15:07:44 +00:00
David E. O'Brien
e95d27b9ae Fix problem where with PicoBSD the shell coredumps if it does not find an
entry for its terminal type in /etc/termcap.

Submitted by:	bde
2002-01-24 13:54:19 +00:00
Dag-Erling Smørgrav
f433d6afed Document the even_root option.
Sponsored by:	DARPA, NAI Labs
2002-01-24 13:35:06 +00:00
Dag-Erling Smørgrav
76f95f4dc2 Don't let root through unless the "even_root" option was specified.
Sponsored by:	DARPA, NAI Labs
2002-01-24 12:47:42 +00:00
David Malone
98d1592458 Change brk's prototype from char *brk(const char *) to int brk(const void *)
and sbrk's prototype from char *sbrk(int) to void *sbrk(intptr_t).

This makes us more consistant with NetBSD and standards which include
these functions. Bruce pointed out that ptrdiff_t would probably
have been better than intptr_t, but this doesn't match other
implimentations.

Also remove local declarations of sbrk and unnecessary casting.

PR:		32296
Tested by:	Harti Brandt <brandt@fokus.gmd.de>
MFC after:	1 month
2002-01-24 12:11:31 +00:00
Murray Stokely
e4e61f7853 Providing long filename support on the Macintosh requires over 30
megabytes of additional space on the install CD.  Given our premium
for space, I don't think this is a wise use of 30MB.  HFS support was
not provided on the FreeBSD 4.4 CDs and I received a grand total of 0
complaints.
2002-01-24 10:44:16 +00:00
Dag-Erling Smørgrav
16e058b5d6 Add a PAM module that records sessions in utmp/wtmp/lastlog.
Sponsored by:	DARPA, NAI Labs
2002-01-24 09:45:17 +00:00
Dag-Erling Smørgrav
c2d5249eaf Fix some pastos. Rather shoddy of me...
Sponsored by:	DARPA, NAI Labs
2002-01-24 09:44:22 +00:00
David E. O'Brien
fb609a2178 Add libfetch.so.2 from a 10-Dec-2001 releng4 build. 2002-01-24 00:54:44 +00:00
Jun Kuriyama
8ecbf394e0 MFen (1.265 --> 1.266). 2002-01-24 00:27:53 +00:00
Brian Somers
c3805e0152 Detect if a udp socket on STDIN_FILENO is connected by calling
getpeername() and don't set PASSIVE mode if it's is.
2002-01-23 23:36:35 +00:00
Andrew Gallatin
ae967e6461 Regenerated file from previous commit to syscalls.master 2002-01-23 22:47:47 +00:00
Andrew Gallatin
21e06996e4 Linux/alpha uses the same BSDish return mechanism we do for
getpid, getuid, getgid and pipe, since they bootstrapped from
OSF/1 and never cleaned up.  Switch to the native syscalls
on alpha so that the above functions work

MFC after: 7 days
2002-01-23 22:46:14 +00:00
Brian Somers
97dd5500aa Cross reference the NETWORK ADDRESS TRANSLATION section when describing
the -nat flag.

Requested by:	eivind
2002-01-23 21:11:33 +00:00
Bruce A. Mah
5e6b58fcbe New release note: smmsp/mailnull users.
Reviewed by:	gshapiro
2002-01-23 18:49:43 +00:00
Dag-Erling Smørgrav
53f3167d07 Add a PAM module that provides an account management component for checking
either PAM_RHOST or PAM_TTY against /etc/login.access.o

This uncovers a problem with PAM_RHOST, in that if we always set it, there
is no way to distinguish between a user logging in locally and a user
logging in using 'ssh localhost'.  This will be fixed by first making sure
that all PAM modules can handle PAM_RHOST being unset (which is currently
not the case), and then modifying su(1) and login(1) to not set it for
local logins.

Sponsored by:	DARPA, NAI Labs
2002-01-23 17:42:16 +00:00
Dag-Erling Smørgrav
774a10071d Add an AUTHORS section crediting ThinkSec, DARPA and NAI Labs.
Sponsored by:	DARPA, NAI Labs
2002-01-23 17:16:00 +00:00
Ruslan Ermilov
0509dca0c3 Add pam_ssh support to the static PAM library, libpam.a:
- Spam /usr/lib some more by making libssh a standard library.
- Tweak ${LIBPAM} and ${MINUSLPAM}.
- Garbage collect unused libssh_pic.a.
- Add fake -lz dependency to secure/ makefiles needed for
  dynamic linkage with -lssh.

Reviewed by:	des, markm
Approved by:	markm
2002-01-23 15:54:17 +00:00
Dag-Erling Smørgrav
b6b756b58b Base the comparison on UIDs, not on user names.
Sponsored by:	DARPA, NAI Labs
2002-01-23 15:16:01 +00:00
Ruslan Ermilov
fd4ca9e02d Make libssh.so useable (undefined reference to IPv4or6).
Reviewed by:	des, markm
Approved by:	markm
2002-01-23 15:06:47 +00:00
Giorgos Keramidas
0063afffd5 dhclient-script.conf lives in /etc and not /sbin.
PR:		docs/32008
Submitted by:	John E Hein <jhein@timing.com>
Approved by:	obrien
2002-01-23 13:56:41 +00:00
Dag-Erling Smørgrav
c84317d7ad Add local/share/java/classes, local/share/sgml, local/share/xml
Approved by:	ru, silence on -ports
MFC after:	1 week
2002-01-23 13:02:16 +00:00
Ruslan Ermilov
0e65089b79 The sixth argument to the NET_RT_IFLIST sysctl is actually 0 for
all interfaces, and ifnet.if_index value for a single interface.
2002-01-23 12:48:08 +00:00
Maxim Sobolev
21367f05ab CG hard sentence breaks.
Submitted by:	ru
2002-01-23 09:35:55 +00:00
Alfred Perlstein
095f670d4e in fget() return EINVAL when the descriptor requested is negative. 2002-01-23 08:40:35 +00:00
Alfred Perlstein
b9a999ddbf Remove holdfp() prototype now that the function no longer exists 2002-01-23 08:28:55 +00:00
Alfred Perlstein
54e588636b forced commit, Previous revision also removed the holdfp() function
from the kernel.
2002-01-23 08:28:15 +00:00
Alfred Perlstein
97fa4397d3 make pread use fget_read instead of holdfp. 2002-01-23 08:22:59 +00:00
Matt Jacob
d9f1ea7b2b Roll to latest production level firmware.
MFC after:	1 day
2002-01-23 06:42:54 +00:00
Cameron Grant
4c68642adb improve sndstat output of feederchains so it can be understood without
reading the feeder sourcecode
2002-01-23 06:02:15 +00:00
Cameron Grant
4e60be3473 print warnings if a pcm*.buffersize hint is out of range or a non-power-of-2 2002-01-23 05:49:41 +00:00
Cameron Grant
23bc171b29 fix some comments accidentally hit by search/replace several revisions ago 2002-01-23 05:41:35 +00:00
Cameron Grant
0dd4f3508e set the speeds the right way round for recording using the rate feeder 2002-01-23 05:35:12 +00:00
Cameron Grant
1e59d53c22 add more error checking in chn_init() and chn_reset() 2002-01-23 05:21:27 +00:00
Cameron Grant
79e6a82b48 make the feederchain builder work for recording. this has not been tested
extensively as none of my testboxes have speakers or an audio source at
present, but the chains built look correct and reading /dev/audio (ulaw,
translated from signed 16 bit little-endian) gives values within the
expected range for silence.
2002-01-23 05:10:56 +00:00
Cameron Grant
f6126456ef don't bother checking if an unsigned parameter is less than 0 in a KASSERT 2002-01-23 04:50:51 +00:00
Cameron Grant
095159ecd1 add more error checking to open of /dev/dsp* and /dev/audio* - if the
default format for the chosen subdevice cannot be obtained return an error
instead of returning success with an indeteterminate format selected.

note that this should never happen once the feederchain builder works for
recording.
2002-01-23 04:44:03 +00:00
Cameron Grant
1c72c53f4e don't allow mmap beyond the end of the buffer
Submitted by:	Philippe Anel <philippe.anel@noos.fr> (partially)
2002-01-23 04:32:18 +00:00
Cameron Grant
0b9030a00f remove modules no longer built 2002-01-23 03:43:16 +00:00
Cameron Grant
9480149ab0 consolidate bits that don't need to be seperate modules into the modules
that want them
2002-01-23 03:32:36 +00:00
Kirk McKusick
7b60855308 Add a stub for softdep_request_cleanup() so that compilation without
SOFTUPDATES option works properly.

Submitted by:	Benno Rice <benno@jeamland.net>
2002-01-23 02:18:56 +00:00
Wes Peters
ce6d929bb5 Add missing destroy_dev().
Submitted by:	Maxime Henrion <mux@sneakerz.org>
Reviewed by:	msmith@
MFC after:	3 weeks
2002-01-23 01:11:52 +00:00
Jun Kuriyama
a8131f63ea MFen (1.264 --> 1.265).
Refine translation (by y-koga@jp).
2002-01-23 00:46:49 +00:00
David Greenman
2e4bf827e5 Undo the work-around for the sendfile bug where nbytes needed the hdr/trl
size added to it in order for it to work properly when nbytes != 0.

Reviewed by:	alfred
MFC after:	3 days
2002-01-22 23:35:09 +00:00