Commit Graph

69234 Commits

Author SHA1 Message Date
David Malone
24bd57cbbd Add new option HAVE_STRERROR to CFLAGS. 2002-01-24 17:59:39 +00:00
David Malone
337fd7a891 Resolve conflicts. 2002-01-24 17:58:42 +00:00
David Malone
db6a108dbf Resolve conflicts (our -t option, we'd fixed a bug in a slightly different way). 2002-01-24 17:55:40 +00:00
David Malone
bc2856b282 Resolve conflicts (we have a -t option). 2002-01-24 17:54:04 +00:00
David Malone
73e3ae1c4e Resolve conflict: We made a fix renaming a structure member error,
but it was renamed errnum on the vendor branch.
2002-01-24 17:52:26 +00:00
Jens Schweikhardt
ac512bd99a Insert a missing paragraph break (.Pp).
MFC after:	3 weeks
2002-01-24 17:49:09 +00:00
Dag-Erling Smørgrav
f748a713da PAM modules shouldn't call putenv(); pam_putenv() is sufficient. The
caller is supposed to check the PAM envlist and export the variables it
contains; if it doesn't, it's broken.

Sponsored by:	DARPA, NAI Labs
2002-01-24 17:26:27 +00:00
David Malone
30be5b1b49 This commit was generated by cvs2svn to compensate for changes in r89750,
which included commits to RCS files with non-trunk default branches.
2002-01-24 17:24:16 +00:00
David Malone
4f4f23c131 import top_3_5beta12 2002-01-24 17:24:16 +00:00
Jonathan Lemon
cd75bfa75f Add entry for EVFILT_NETDEV, which was inadverdently omitted back in Sept. 2002-01-24 17:20:55 +00:00
Dag-Erling Smørgrav
9201dc40bf Change the order in which pam_sm_open_session() updates the logs. This
doesn't really make any difference, except it matches wtmp(5) better.

Don't do anything in pam_sm_close_session(); init(8) will take care of
utmp and wtmp when the tty is released.  Clearing them here would make it
possible to create a ghost session by logging in, running 'login -f $USER'
and exiting the subshell.

Sponsored by:	DARPA, NAI Labs (but the bugs are all mine)
2002-01-24 17:15:04 +00:00
Ruslan Ermilov
485318d4d8 Style.
Approved by:	ken
2002-01-24 16:53:08 +00:00
Dag-Erling Smørgrav
905fd6f3ee Don't set PAM_RHOST, this is a local login.
Sponsored by:	DARPA, NAI Labs
2002-01-24 16:20:17 +00:00
Dag-Erling Smørgrav
ca355e5451 Correctly interpret PAM_RHOST being unset as an indicator of a local
login.

Sponsored by:	DARPA, NAI Labs
2002-01-24 16:18:43 +00:00
Dag-Erling Smørgrav
d233082fbe Correctly interpret PAM_RHOST being unset as an indicator of a local
login.
2002-01-24 16:16:01 +00:00
Dag-Erling Smørgrav
e4536f1138 Style nits.
Sponsored by:	DARPA, NAI Labs
2002-01-24 16:14:56 +00:00
Alexey Zelkin
a2fb0481d7 get __time_load_locale() prototype from include file, rather than declare
own
2002-01-24 15:38:59 +00:00
Dag-Erling Smørgrav
e9ae7bc234 This commit disables chain caching.
Chain caching is a feature of Linux-PAM, where pam_authenticate() and
pam_open_session() "freeze" the chain so that their companion
primitive (pam_setcred() and pam_close_session() respectively) will
call the exact same modules, skipping those that failed in the
previous call.

There are several reasons not to do this, the most prominent of which
is that it makes it impossible to call pam_setcred() without first
calling pam_authenticate() - which is perfectly valid according to
DCE/RFC 86.0 and XSSO, and is necessary to make 'login -f' work.

Instead of chain caching, implement something similar to the way
Solaris' libpam behaves: pam_setcred treats "sufficient" modules as if
they were "required", i.e. does not break the chain when they succeed.

PAM modules whose pam_sm_setcred() should not be called unless their
pam_sm_authenticate() succeeded can simply set a state variable using
pam_set_data() in pam_sm_authenticate(), and use pam_get_data() to
check it in pam_sm_setcred().

Sponsored by:	DARPA, NAI Labs
2002-01-24 15:30:03 +00:00
Guido van Rooij
a3e5380a47 1) Fix a debug statement by filling in its data before the printf in
stead of after
2) Honour NO_TEST_UNIT_READY quirk for atapi devices as well
3) Actually support FujiFilm FinePix 6800 camera's. Will very likely also
work for other FinePix models.

Based on a debug session about half a year ago with Nik Hibma.
MFC after:	2 weeks
2002-01-24 15:10:53 +00:00
Alexey Zelkin
bcbeac34ae * style(9)'fy
* declare prototype for __time_load_locale() in timelocal.h
2002-01-24 15:07:44 +00:00
David E. O'Brien
e95d27b9ae Fix problem where with PicoBSD the shell coredumps if it does not find an
entry for its terminal type in /etc/termcap.

Submitted by:	bde
2002-01-24 13:54:19 +00:00
Dag-Erling Smørgrav
f433d6afed Document the even_root option.
Sponsored by:	DARPA, NAI Labs
2002-01-24 13:35:06 +00:00
Dag-Erling Smørgrav
76f95f4dc2 Don't let root through unless the "even_root" option was specified.
Sponsored by:	DARPA, NAI Labs
2002-01-24 12:47:42 +00:00
David Malone
98d1592458 Change brk's prototype from char *brk(const char *) to int brk(const void *)
and sbrk's prototype from char *sbrk(int) to void *sbrk(intptr_t).

This makes us more consistant with NetBSD and standards which include
these functions. Bruce pointed out that ptrdiff_t would probably
have been better than intptr_t, but this doesn't match other
implimentations.

Also remove local declarations of sbrk and unnecessary casting.

PR:		32296
Tested by:	Harti Brandt <brandt@fokus.gmd.de>
MFC after:	1 month
2002-01-24 12:11:31 +00:00
Murray Stokely
e4e61f7853 Providing long filename support on the Macintosh requires over 30
megabytes of additional space on the install CD.  Given our premium
for space, I don't think this is a wise use of 30MB.  HFS support was
not provided on the FreeBSD 4.4 CDs and I received a grand total of 0
complaints.
2002-01-24 10:44:16 +00:00
Dag-Erling Smørgrav
16e058b5d6 Add a PAM module that records sessions in utmp/wtmp/lastlog.
Sponsored by:	DARPA, NAI Labs
2002-01-24 09:45:17 +00:00
Dag-Erling Smørgrav
c2d5249eaf Fix some pastos. Rather shoddy of me...
Sponsored by:	DARPA, NAI Labs
2002-01-24 09:44:22 +00:00
David E. O'Brien
fb609a2178 Add libfetch.so.2 from a 10-Dec-2001 releng4 build. 2002-01-24 00:54:44 +00:00
Jun Kuriyama
8ecbf394e0 MFen (1.265 --> 1.266). 2002-01-24 00:27:53 +00:00
Brian Somers
c3805e0152 Detect if a udp socket on STDIN_FILENO is connected by calling
getpeername() and don't set PASSIVE mode if it's is.
2002-01-23 23:36:35 +00:00
Andrew Gallatin
ae967e6461 Regenerated file from previous commit to syscalls.master 2002-01-23 22:47:47 +00:00
Andrew Gallatin
21e06996e4 Linux/alpha uses the same BSDish return mechanism we do for
getpid, getuid, getgid and pipe, since they bootstrapped from
OSF/1 and never cleaned up.  Switch to the native syscalls
on alpha so that the above functions work

MFC after: 7 days
2002-01-23 22:46:14 +00:00
Brian Somers
97dd5500aa Cross reference the NETWORK ADDRESS TRANSLATION section when describing
the -nat flag.

Requested by:	eivind
2002-01-23 21:11:33 +00:00
Bruce A. Mah
5e6b58fcbe New release note: smmsp/mailnull users.
Reviewed by:	gshapiro
2002-01-23 18:49:43 +00:00
Dag-Erling Smørgrav
53f3167d07 Add a PAM module that provides an account management component for checking
either PAM_RHOST or PAM_TTY against /etc/login.access.o

This uncovers a problem with PAM_RHOST, in that if we always set it, there
is no way to distinguish between a user logging in locally and a user
logging in using 'ssh localhost'.  This will be fixed by first making sure
that all PAM modules can handle PAM_RHOST being unset (which is currently
not the case), and then modifying su(1) and login(1) to not set it for
local logins.

Sponsored by:	DARPA, NAI Labs
2002-01-23 17:42:16 +00:00
Dag-Erling Smørgrav
774a10071d Add an AUTHORS section crediting ThinkSec, DARPA and NAI Labs.
Sponsored by:	DARPA, NAI Labs
2002-01-23 17:16:00 +00:00
Ruslan Ermilov
0509dca0c3 Add pam_ssh support to the static PAM library, libpam.a:
- Spam /usr/lib some more by making libssh a standard library.
- Tweak ${LIBPAM} and ${MINUSLPAM}.
- Garbage collect unused libssh_pic.a.
- Add fake -lz dependency to secure/ makefiles needed for
  dynamic linkage with -lssh.

Reviewed by:	des, markm
Approved by:	markm
2002-01-23 15:54:17 +00:00
Dag-Erling Smørgrav
b6b756b58b Base the comparison on UIDs, not on user names.
Sponsored by:	DARPA, NAI Labs
2002-01-23 15:16:01 +00:00
Ruslan Ermilov
fd4ca9e02d Make libssh.so useable (undefined reference to IPv4or6).
Reviewed by:	des, markm
Approved by:	markm
2002-01-23 15:06:47 +00:00
Giorgos Keramidas
0063afffd5 dhclient-script.conf lives in /etc and not /sbin.
PR:		docs/32008
Submitted by:	John E Hein <jhein@timing.com>
Approved by:	obrien
2002-01-23 13:56:41 +00:00
Dag-Erling Smørgrav
c84317d7ad Add local/share/java/classes, local/share/sgml, local/share/xml
Approved by:	ru, silence on -ports
MFC after:	1 week
2002-01-23 13:02:16 +00:00
Ruslan Ermilov
0e65089b79 The sixth argument to the NET_RT_IFLIST sysctl is actually 0 for
all interfaces, and ifnet.if_index value for a single interface.
2002-01-23 12:48:08 +00:00
Maxim Sobolev
21367f05ab CG hard sentence breaks.
Submitted by:	ru
2002-01-23 09:35:55 +00:00
Alfred Perlstein
095f670d4e in fget() return EINVAL when the descriptor requested is negative. 2002-01-23 08:40:35 +00:00
Alfred Perlstein
b9a999ddbf Remove holdfp() prototype now that the function no longer exists 2002-01-23 08:28:55 +00:00
Alfred Perlstein
54e588636b forced commit, Previous revision also removed the holdfp() function
from the kernel.
2002-01-23 08:28:15 +00:00
Alfred Perlstein
97fa4397d3 make pread use fget_read instead of holdfp. 2002-01-23 08:22:59 +00:00
Matt Jacob
d9f1ea7b2b Roll to latest production level firmware.
MFC after:	1 day
2002-01-23 06:42:54 +00:00
Cameron Grant
4c68642adb improve sndstat output of feederchains so it can be understood without
reading the feeder sourcecode
2002-01-23 06:02:15 +00:00
Cameron Grant
4e60be3473 print warnings if a pcm*.buffersize hint is out of range or a non-power-of-2 2002-01-23 05:49:41 +00:00