Commit Graph

515 Commits

Author SHA1 Message Date
Baptiste Daroussin
dad2fb7ece Merge from head 2015-06-15 10:56:01 +00:00
Simon J. Gerraty
ccfb965433 Add META_MODE support.
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.

Still need to add real targets under targets/ to build packages.

Differential Revision:       D2796
Reviewed by: brooks imp
2015-06-13 19:20:56 +00:00
Simon J. Gerraty
98e0ffaefb Merge sync of head 2015-05-27 01:19:58 +00:00
Baptiste Daroussin
0bd7d22e03 Move ssh into a dedicated package
Flag config files as "to be merged on upgrade"
2015-03-05 20:25:09 +00:00
Enji Cooper
31a741f473 Conditionalize building radius support into libpam, ppp, etc via
MK_RADIUS_SUPPORT

MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
2015-02-04 06:53:45 +00:00
Dag-Erling Smørgrav
f8b83996fe If PAM_RHOST is non-NULL, pass it in the Calling-Station-ID attribute of
the RADIUS access request.

MFC after:	1 week
2015-01-16 09:07:31 +00:00
Joel Dahl
4990a1c050 mdoc: improvements to SEE ALSO. 2014-12-27 08:31:52 +00:00
Simon J. Gerraty
838e37378e Need headers staged by libpam 2014-11-30 18:48:17 +00:00
Baptiste Daroussin
6b129086dc Convert libraries to use LIBADD
While here reduce a bit overlinking
2014-11-25 11:07:26 +00:00
Simon J. Gerraty
488c975a1f Updated/new dependencies 2014-11-19 07:10:38 +00:00
Simon J. Gerraty
9268022b74 Merge from head@274682 2014-11-19 01:07:58 +00:00
Dag-Erling Smørgrav
1628e293fd Consistently cast tty and user to const char * in printf()-like contexts. 2014-10-01 07:15:02 +00:00
Bjoern A. Zeeb
5e24ef8793 Hopefully fix build breakage with gcc passing void * instead of char *
to "%s" format string after r272280.

PR:		83099 193927
MFC after:	3 days
X-MFC with:	r272280
2014-09-29 10:36:14 +00:00
Dag-Erling Smørgrav
4c37ae3065 Instead of failing when neither PAM_TTY nor PAM_RHOST are available, call
login_access() with "**unknown**" as the second argument.  This will allow
"ALL" rules to match.

Reported by:	Tim Daneliuk <tundra@tundraware.com>
Tested by:	dim@
PR:		83099 193927
MFC after:	3 days
2014-09-29 08:57:36 +00:00
Dag-Erling Smørgrav
4c1d902bb2 r271256 fixed one segfault condition but introduced another due to the
wrong operator being used in the tty check.

Reported by:	avg@
MFH:		3 days
2014-09-15 11:32:08 +00:00
Dag-Erling Smørgrav
067268edfc Fail rather than segfault if neither PAM_TTY nor PAM_RHOST is set.
PR:		83099
MFC after:	3 days
2014-09-08 09:19:01 +00:00
Simon J. Gerraty
ee7b0571c2 Merge head from 7/28 2014-08-19 06:50:54 +00:00
Andrey A. Chernov
412d134acc According to opie code and even direct mention in opie(4) challenge buffer
size must be OPIE_CHALLENGE_MAX + 1, not OPIE_CHALLENGE_MAX

Reviewed by:    des
MFC after:      1 week
2014-08-12 13:28:46 +00:00
Baptiste Daroussin
d029c3aa25 Rework privatelib/internallib
Make sure everything linking to a privatelib and/or an internallib does it directly
from the OBJDIR rather than DESTDIR.
Add src.libnames.mk so bsd.libnames.mk is not polluted by libraries not existsing
in final installation
Introduce the LD* variable which is what ld(1) is expecting (via LDADD) to link to
internal/privatelib
Directly link to the .so in case of private library to avoid having to complexify
LDFLAGS.

Phabric:	https://phabric.freebsd.org/D553
Reviewed by:	imp, emaste
2014-08-06 22:17:26 +00:00
Dag-Erling Smørgrav
3cc381b09f Remove useless getpwnam() call.
Submitted by:	Arthur Mesh <amesh@juniper.net>
MFC after:	1 week
2014-07-26 07:40:31 +00:00
Dag-Erling Smørgrav
16722cb2c1 Add support for the "account" facility.
PR:		115164
MFC after:	1 week
2014-07-19 21:04:21 +00:00
Dag-Erling Smørgrav
ec5622ad86 Check if the specified group is the user's primary group before
iterating over the (possibly empty) list of members.  Otherwise, we
get a false negative when the target group has no members listed in
/etc/group.  This went mostly unnoticed because root is explicitly
listed as a member of wheel, so the bug is never triggered in the most
common use case, which is su(8).

PR:		109416
MFC after:	1 week
2014-07-19 20:55:13 +00:00
Joel Dahl
df2d82e003 mdoc: remove superfluous paragraph macros. 2014-06-23 18:40:21 +00:00
Baptiste Daroussin
2b7af31cf5 use .Mt to mark up email addresses consistently (part3)
PR:		191174
Submitted by:	Franco Fichtner  <franco at lastsummer.de>
2014-06-23 08:23:05 +00:00
Simon J. Gerraty
fae50821ae Updated dependencies 2014-05-16 14:09:51 +00:00
Simon J. Gerraty
76b28ad6ab Updated dependencies 2014-05-10 05:16:28 +00:00
Simon J. Gerraty
cc3f4b9965 Merge from head 2014-05-08 23:54:15 +00:00
Warner Losh
c6063d0da8 Use src.opts.mk in preference to bsd.own.mk except where we need stuff
from the latter.
2014-05-06 04:22:01 +00:00
Simon J. Gerraty
9d2ab4a62d Merge head 2014-04-27 08:13:43 +00:00
Warner Losh
98407b8bc2 Spell NO_PROFILE= as MK_PROFILE=no. 2014-04-25 19:25:26 +00:00
Warner Losh
7ebd341f25 Kill last remaining NO_INSTALLLIB in tree by converting it over to
MK_INSTALLIB=no.
2014-04-25 19:25:13 +00:00
Eitan Adler
dda5b39711 multiple: Remove 3rd clause from BSD license where approved by the
regents and renumber.

This patch skips files in contrib/ and crypto/

Acked by:	imp
Discussed with:	emaste
2014-03-14 03:07:51 +00:00
Simon J. Gerraty
d466a5b069 Merge head 2013-09-11 18:16:18 +00:00
Dag-Erling Smørgrav
0b2766bd4e Make libldns and libssh private.
Approved by:	re (blanket)
2013-09-08 10:04:26 +00:00
Simon J. Gerraty
d1d0158641 Merge from head 2013-09-05 20:18:59 +00:00
Will Andrews
caf6fbd81a Make the PAM password strength checking module WARNS=2 safe.
lib/libpam/modules/pam_passwdqc/Makefile:
	Bump WARNS to 2.

contrib/pam_modules/pam_passwdqc/pam_passwdqc.c:
	Bump  _XOPEN_SOURCE and _XOPEN_VERSION from 500 to 600
	so that vsnprint() is declared.

	Use the two new union types (pam_conv_item_t and
	pam_text_item_t) to resolve strict aliasing violations
	caused by casts to comply with the pam_get_item() API taking
	a "const void **" for all item types.  Warnings are
	generated for casts that create "type puns" (pointers of
	conflicting sized types that are set to access the same
	memory location) since these pointers may be used in ways
	that violate C's strict aliasing rules.  Casts to a new
	type must be performed through a union in order to be
	compliant, and access must be performed through only one
	of the union's data types during the lifetime of the union
	instance.  Handle strict-aliasing warnings through pointer
	assignments, which drastically simplifies this change.

	Correct a CLANG "printf-like function with more arguments
	than format" error.

Submitted by:	gibbs
Sponsored by:	Spectra Logic
2013-08-27 15:50:26 +00:00
Simon J. Gerraty
69e6d7b75e sync from head 2013-04-12 20:48:55 +00:00
Jung-uk Kim
068f3d2f84 Fix declaration vs. definition inconsistency. No functional change. 2013-04-05 23:41:34 +00:00
Simon J. Gerraty
7cf3a1c6b2 Updated dependencies 2013-03-11 17:21:52 +00:00
Simon J. Gerraty
f5f7c05209 Updated dependencies 2013-02-16 01:23:54 +00:00
Simon J. Gerraty
7cd2dcf076 Updated/new Makefile.depend 2012-11-08 21:24:17 +00:00
Simon J. Gerraty
23090366f7 Sync from head 2012-11-04 02:52:03 +00:00
Eitan Adler
db702c59cf remove duplicate semicolons where possible.
Approved by:	cperciva
MFC after:	1 week
2012-10-22 03:00:37 +00:00
Dag-Erling Smørgrav
a612142b11 Remove unnecessary #include. 2012-09-28 12:29:25 +00:00
Eitan Adler
eae8be706e Bump date missed in r202756
PR:		docs/171624
Submitted by:	bdrewery
Approved by:	gabor
MFC after:	3 days
2012-09-14 17:50:42 +00:00
Marcel Moolenaar
7750ad47a9 Sync FreeBSD's bmake branch with Juniper's internal bmake branch.
Requested by: Simon Gerraty <sjg@juniper.net>
2012-08-22 19:25:57 +00:00
Dimitry Andric
1843e23c48 Fix an instance in pam_krb5(8), where the variable 'user' could be used
uninitialized.

Found by:	clang 3.2
Reviewed by:	des
MFC after:	1 week
2012-08-06 18:44:59 +00:00
Dimitry Andric
2251b30757 Fix two instances in pam_krb5(8), where the variable 'princ_name' could
be used uninitialized.

Found by:	clang 3.2
Reviewed by:	des
MFC after:	1 week
2012-08-06 18:40:14 +00:00
Doug Rabson
957487515e Add an option for pam_krb5 to allow it to authenticate users which don't have
a local account.

PR:		76678
Submitted by:	daved at tamu.edu
MFC after:	2 weeks
2012-08-05 13:40:35 +00:00
Dag-Erling Smørgrav
8d6900eab8 Passing NULL as a key casues a segfault when loading SSH 1 keys. Use
an empty string instead.
2012-05-26 17:03:45 +00:00
Warren Block
344c81a166 Fixes to man8 groff mandoc style, usage mistakes, or typos.
PR:		168016
Submitted by:	Nobuyuki Koganemaru
Approved by:	gjb
MFC after:	3 days
2012-05-24 02:24:03 +00:00
Jean-Sébastien Pédron
3902d8a991 Fix error messages containing the executed command name
Before, we took the first argument to pam_exec(8). With the addition of
options in front of the command, this could be wrong.

Now, options are parsed before calling _pam_exec() and messages contain
the proper command name.

While here, fix a warning.

Sponsored by:	Yakaz (http://www.yakaz.com)
2012-04-12 14:02:59 +00:00
Eitan Adler
50d675f7a9 Remove trailing whitespace per mdoc lint warning
Disussed with:	gavin
No objection from:	doc
Approved by:	joel
MFC after:	3 days
2012-03-29 05:02:12 +00:00
Jean-Sébastien Pédron
7e3d5c1fca Use program exit status as pam_exec return code (optional)
pam_exec(8) now accepts a new option "return_prog_exit_status". When
set, the program exit status is used as the pam_exec return code. It
allows the program to tell why the step failed (eg. user unknown).
However, if it exits with a code not allowed by the calling PAM service
module function (see $PAM_SM_FUNC below), a warning is logged and
PAM_SERVICE_ERR is returned.

The following changes are related to this new feature but they apply no
matter if the "return_prog_exit_status" option is set or not.

The environment passed to the program is extended:
    o  $PAM_SM_FUNC contains the name of the PAM service module function
       (eg. pam_sm_authenticate).
    o  All valid PAM return codes' numerical values are available
       through variables named after the return code name. For instance,
       $PAM_SUCCESS, $PAM_USER_UNKNOWN or $PAM_PERM_DENIED.

pam_exec return code better reflects what went on:
    o  If the program exits with !0, the return code is now
       PAM_PERM_DENIED, not PAM_SYSTEM_ERR.
    o  If the program fails because of a signal (WIFSIGNALED) or doesn't
       terminate normally (!WIFEXITED), the return code is now
       PAM_SERVICE_ERR, not PAM_SYSTEM_ERR.
    o  If a syscall in pam_exec fails, the return code remains
       PAM_SYSTEM_ERR.

waitpid(2) is called in a loop. If it returns because of EINTR, do it
again. Before, it would return PAM_SYSTEM_ERR without waiting for the
child to exit.

Several log messages now include the PAM service module function name.

The man page is updated accordingly.

Reviewed by:	gleb@, des@
Sponsored by:	Yakaz (http://www.yakaz.com)
MFC after:	2 weeks
2012-03-26 12:18:15 +00:00
Stanislav Sedov
26ec46c8d6 - Avoid using deprecated heimdal functions in pam_krb5. 2012-03-24 01:02:03 +00:00
Stanislav Sedov
bbbc13f8cf - Avoid use of deprecated KRB5 functions. 2012-03-22 11:18:14 +00:00
Stanislav Sedov
ae77177087 - Update FreeBSD Heimdal distribution to version 1.5.1. This also brings
several new kerberos related libraries and applications to FreeBSD:
  o kgetcred(1) allows one to manually get a ticket for a particular service.
  o kf(1) securily forwards ticket to another host through an authenticated
    and encrypted stream.
  o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1)
    and other user kerberos operations. klist and kswitch are just symlinks
    to kcc(1) now.
  o kswitch(1) allows you to easily switch between kerberos credentials if
    you're running KCM.
  o hxtool(1) is a certificate management tool to use with PKINIT.
  o string2key(1) maps a password into key.
  o kdigest(8) is a userland tool to access the KDC's digest interface.
  o kimpersonate(8) creates a "fake" ticket for a service.

  We also now install manpages for some lirbaries that were not installed
  before, libheimntlm and libhx509.

- The new HEIMDAL version no longer supports Kerberos 4.  All users are
  recommended to switch to Kerberos 5.

- Weak ciphers are now disabled by default.  To enable DES support (used
  by telnet(8)), use "allow_weak_crypto" option in krb5.conf.

- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings
  disabled due to the function they use (krb5_get_err_text(3)) being
  deprecated.  I plan to work on this next.

- Heimdal's KDC now require sqlite to operate.  We use the bundled version
  and install it as libheimsqlite.  If some other FreeBSD components will
  require it in the future we can rename it to libbsdsqlite and use for these
  components as well.

- This is not a latest Heimdal version, the new one was released while I was
  working on the update.  I will update it to 1.5.2 soon, as it fixes some
  important bugs and security issues.
2012-03-22 08:48:42 +00:00
Peter Wemm
925c02f9dd Rev 228065 (change bsd.own.mk -> bsd.init.mk) broke pam_unix.so by causing
the LDADD/DPADD to lose the -lpam, and causing openpam_dynamic() to fail
due to "openpam_get_options" being undefined.

This would cause obscure console log messages like:
  openpam_dynamic(): No error: 0
  openpam_load_module(): no pam_unix.so found
and other helpful messages which are no help in diagnosing the problem.

Fortunately this change was not mfc'ed to 9.x, it isn't broken there.
2012-01-18 18:26:56 +00:00
Max Khon
106235a4b8 .include <bsd.init.mk> instead of <bsd.own.mk>
The former allows common settings from ../Makefile.inc to be used.
2011-11-28 14:01:17 +00:00
Dag-Erling Smørgrav
dcf83bf794 Revert r227841 and part of r227798. We still build libpam in two passes,
but we use STATIC_CFLAGS instead of our own private .c.o rule.

MFC after:	3 weeks
2011-11-24 13:18:58 +00:00
Dag-Erling Smørgrav
e03e3b699e Simplify the libpam build by removing the shared modules' dependency
on the shared library.  The modules are loaded by the library, so we
know it'll be there when we need it.

MFC after:	3 weeks
2011-11-21 16:40:39 +00:00
Dag-Erling Smørgrav
4520e72ebf key_load_private() ignores the passphrase argument if the private key
is unencrypted.  This defeats the nullok check, because it means a
non-null passphrase will successfully unlock the key.

To address this, try at first to load the key without a passphrase.
If this succeeds and the user provided a non-empty passphrase *or*
nullok is false, reject the key.

MFC after:	1 week
Noticed by:	Guy Helmer <guy.helmer@palisadesystems.com>
2011-11-20 15:18:49 +00:00
Ed Schouten
f1b61fc829 Ensure pam_lastlog removes the /dev/ component of the TTY name.
Some consumers of PAM remove the /dev/ component (i.e. login), while
others don't (i.e. su). We must ensure that the /dev/ component is
removed to ensure that the utmpx entries properly work with tools such
as w(1).

Discussed with:	des
MFC after:	1 week
2011-11-07 19:57:42 +00:00
Ed Schouten
82a36aefae Remove an unused variable from pam_unix.
This variable was added in r82352 back in 2001, but even then it didn't
have any use. Because it's not marked static, the C compiler won't
complain about it.

Discussed with:	des
2011-11-05 10:00:29 +00:00
Dag-Erling Smørgrav
23b8f4d84a Note that pam_unix(8) does not respect PAM_CHANGE_EXPIRED_AUTHTOK. 2011-11-02 23:40:21 +00:00
Dag-Erling Smørgrav
32627537b8 Load the ECDSA key if there is one.
MFC after:	1 week
2011-10-07 12:58:33 +00:00
Dag-Erling Smørgrav
864cac079f Mention the name of the module in warning messages. 2011-03-12 11:26:37 +00:00
Dag-Erling Smørgrav
e84da6fb39 Add "ruser" and "luser" options. The former corresponds to the current
behavior, where the module checks that the supplicant is a member of the
required group.  The latter checks the target user instead.  If neither
option was specified, pam_group(8) assumes "ruser" and issues a warning.
I intend to eventually change the default to "luser" to match the
behavior of similarly-named service modules in other operating systems.

MFC after:	1 month
2011-03-12 11:12:30 +00:00
Dag-Erling Smørgrav
8e391be103 No newline required.
MFC after:	2 weeks
2011-03-09 14:38:00 +00:00
Dag-Erling Smørgrav
beb8ef4a7d Add <time.h> for ctime(), which we accidentally picked up through
<sys/time.h>.

Submitted by:	Garrett Cooper <yanegomi@gmail.com>
MFC after:	3 days
2010-11-22 14:45:16 +00:00
Xin LI
f93beda98a Bump .Dd date.
Forgotten by:	delphij
2010-05-03 09:49:42 +00:00
Martin Matuska
54c7282725 Code indent according to style(9).
PR:		bin/146186
Submitted by:	myself
Approved by:	delphij (mentor)
MFC after:	2 weeks
2010-05-03 07:39:51 +00:00
Martin Matuska
551e75c7af Implement the no_user_check option to pam_krb5.
This option is available in the Linux implementation of pam_krb5
and allows to authorize a user not known to the local system.

Ccache is not used as we don't have a secure uid/gid for the cache file.

Usable for authentication of external kerberos users (e.g Active Directory)
via PAM from applications like Cyrus saslauthd, PHP or perl.

PR:		bin/146186
Submitted by:	myself
Approved by:	deplhij (mentor)
MFC after:	2 weeks
2010-05-03 07:32:24 +00:00
Dag-Erling Smørgrav
b15c83408c Upgrade to OpenSSH 5.4p1.
MFC after:	1 month
2010-03-09 19:16:43 +00:00
Ulrich Spörlein
7729e3ba40 Remove redundant WARNS?=6 overrides and inherit the WARNS setting from
the toplevel directory.

This does not change any WARNS level and survives a make universe.

Approved by:        ed (co-mentor)
2010-03-02 18:44:08 +00:00
Ulrich Spörlein
47e1a877c5 Always assign WARNS using ?=
- fix some nearby style bugs
- include Makefile.inc where it makes sense and reduces duplication

Approved by:	ed (co-mentor)
2010-03-02 16:58:04 +00:00
Ruslan Ermilov
e363756c8f %U was macroized in mdoc(7), escape. 2010-02-16 12:29:02 +00:00
Dag-Erling Smørgrav
cc5c81f89d Respect passwordtime from login.conf if set.
PR:		bin/93473
Submitted by:	Björn König <bkoenig@cs.tu-berlin.de>
MFC after:	1 week
2010-02-02 13:47:18 +00:00
Ed Schouten
0806dd9238 Remove stale references to utmp(5) and its corresponding filenames.
I removed utmp and its manpage, but not other manpages referring to it.
2010-01-21 17:25:12 +00:00
Ed Schouten
d1b8647f1c Let pam_lastlog use random ut_id's.
By using random values for ut_id, not based on the TTY name, it is
possible to run for example login(1) multiple times on the same TTY,
without overwriting any previous records.

The output of w(1) will then be as follows:

| 12:26PM  up 2 days,  2:31, 5 users, load averages: 0.01, 0.03, 0.03
| USER       TTY      FROM                      LOGIN@  IDLE WHAT
| ed         pts/2    mekker.80386.nl          12:26PM     - w
| root       pts/2    -                        12:26PM     - w
| root       pts/2    -                        12:26PM     - w
| root       pts/2    -                        12:26PM     - w

Approved by:	des
2010-01-18 11:29:51 +00:00
Marcel Moolenaar
d3e5c802a9 Unbreak builds with _FREEFALL_CONFIG=yes, by forcing a lower WARNS
level in that case.
2010-01-17 19:47:42 +00:00
Ed Schouten
2957240805 Let pam_lastlog use utmpx instead of libulog's utmpx interface.
It will still use ulog_login(3) and ulog_logout(3), which will remain
present.
2010-01-13 18:32:31 +00:00
Ed Schouten
daaf575910 Build lib/ with WARNS=6 by default.
Similar to libexec/, do the same with lib/. Make WARNS=6 the norm and
lower it when needed.

I'm setting WARNS?=0 for secure/. It seems secure/ includes the
Makefile.inc provided by lib/. I'm not going to touch that directory.
Most of the code there is contributed anyway.
2010-01-02 09:58:07 +00:00
Ed Schouten
444999a314 Several refinements to libulog's API.
- Only set the fields in the ulog_utmpx structure that are valid for the
  command in question. This means that strings like "shutdown" or "~"
  are not visible to the user anymore.
- Rename UTXF_* to UTXI_*, indicating the indexation, instead of using
  the `antique' filename. If we ever get rid of utmp, it makes little
  sense calling it by its old name.
2009-12-26 22:36:05 +00:00
Ed Schouten
17c79ad08c Convert pam_lastlog(8) to libulog.
The information used by the "Last login:"-line is obtained by using
ulog_setutxfile(3) to switch to the lastlog database. Login and logout
are performed using the utility functions ulog_login(3) and
ulog_logout(3).

This also means we must build libulog during bootstrap.

Approved by:	des
2009-12-11 14:15:55 +00:00
Dag-Erling Smørgrav
13e1b162b9 Note that nullok should not be used by processes that can't access the
password database.

PR:		bin/126650, misc/140514
MFC after:	1 week
2009-11-13 11:19:26 +00:00
Dag-Erling Smørgrav
040b962309 pam_ssh needs roaming_dummy to link correctly against libssh. 2009-10-05 18:56:18 +00:00
Jonathan Chen
43b4dc3625 Prevents pam_lastlog from segfaulting on session close when tty is null.
MFC after:	1 month
2009-08-30 05:12:37 +00:00
Dag-Erling Smørgrav
84e3202f58 Rewrap; this was getting painful. Translators can ignore this.
MFC after:	1 week
2009-06-20 10:09:59 +00:00
Dag-Erling Smørgrav
e83105d1d9 Reword.
MFC after:	1 week
2009-06-20 10:06:10 +00:00
Ed Schouten
8bdb099ade Include <stdio.h> for asprintf().
Submitted by:	Pawel Worach
2009-06-14 12:45:48 +00:00
Dag-Erling Smørgrav
1dde0f9745 Don't try to auto-detect dynamic linking; it fails on mips. The Makefile
part of the patch is an ugly (and hopefully temporary) hack.

Discussed with:	imp@
2009-02-17 16:35:19 +00:00
Doug Rabson
c24d228096 Add new heimdal-1.1 library. 2008-05-15 15:28:18 +00:00
Doug Rabson
33f1219925 Fix conflicts after heimdal-1.1 import and add build infrastructure. Import
all non-style changes made by heimdal to our own libgssapi.
2008-05-07 13:53:12 +00:00
Dag-Erling Smørgrav
64dbe1a7af Adjust for OpenPAM Hydrangea. 2007-12-21 12:00:16 +00:00
Dag-Erling Smørgrav
c47b138a96 Correct documentation of ~/.opiealways
PR:		117512
Submitted by:	Jeremy C. Reed <reed@reedmedia.net>
MFC after:	1 week
2007-10-26 07:50:11 +00:00
Ruslan Ermilov
4f6d329f1e - Convert NO_INSTALLLIB option to a new syntax: makefiles should
test MK_INSTALLLIB, users can set WITHOUT_INSTALLLIB.  The old
  NO_INSTALLLIB is still supported as several makefiles set it.

- While here, fix an install when instructed not to install libs
  (usr.bin/lex/lib/Makefile).

PR:		bin/114200
Submitted by:	Henrik Brix Andersen
2007-10-20 19:01:50 +00:00
Dag-Erling Smørgrav
f0f1db2e4c Apply the same error checks to PAM_TTY in pam_sm_close_session() as in
pam_sm_open_session(), avoiding false negatives when no tty is present.

Submitted by:	Todd C. Miller <millert@courtesan.com>
Approved by:	re (rwatson)
MFC after:	2 weeks
2007-07-22 15:17:29 +00:00
Dag-Erling Smørgrav
1173d3bb33 Whitespace cleanup
Approved by:	re (rwatson)
2007-07-22 15:14:40 +00:00
Yaroslav Tykhiy
58d6bdcbe0 Use the current user's login class for the decisions about where
the nologin(5) file is located and whether the user may bypass its
restriction.

Add some error checks.

Approved by:	des
PR:		bin/107612
2007-06-14 13:07:06 +00:00