Commit Graph

5580 Commits

Author SHA1 Message Date
Mark Murray
5567b258eb Use the proper type (gid_t) for (group)->gr_gid to be orthogonal
with uid_t usage and (user)->pw_uid.

PR:		3242
2002-01-22 17:32:53 +00:00
Ruslan Ermilov
0dc5e09ec6 Fix the description of the O_NONBLOCK flag to match reality.
Prodded by:	Maxim Konovalov <maxim@macomnet.ru>
Obtained from:	BSD/OS
2002-01-22 14:18:55 +00:00
Ruslan Ermilov
0c7f152b7b Fix a typo I made in revision 1.5.
Submitted by:	trevor
2002-01-22 12:38:43 +00:00
Ruslan Ermilov
fe42e96eff Finish cleanup in kvm.c revisions 1.10 and 1.11 -- mark sf (swapfile)
argument to kvm_open() and kvm_openfiles() as unused.

BSD didn't read swap since kvm.c CSRG revision 5.21 (u-area is pageable
under new VM.  no need to read from swap.)

The old !NEWVM code was removed in CSRG revision 5.23 (~ten years ago).
2002-01-22 10:07:03 +00:00
Dag-Erling Smørgrav
1e22a4f048 Link pam_opieaccess, pam_self and pam_ssh into the static library.
Sponsored by:	DARPA, NAI Labs
2002-01-21 20:43:01 +00:00
Dag-Erling Smørgrav
b0aa095ad0 On second thought, getpwnam() failure should be treated just as if the user
existed, but had no OPIE key, i.e. PAM_IGNORE.

Pointed out by:	ache
Sponsored by:	DARPA, NAI Labs
2002-01-21 19:05:45 +00:00
Dag-Erling Smørgrav
b4b56d051a Return PAM_SERVICE_ERR rather than PAM_USER_UNKNOWN if getpwnam() fails, as
PAM_USER_UNKNOWN will break the chain, revealing to an attacker that the
user does not exist.

Sponsored by:	DARPA, NAI Labs
2002-01-21 18:53:03 +00:00
Dag-Erling Smørgrav
03adba96a0 Further changes to allow enabling pam_opie(8) by default:
- Ignore the {try,use}_first_pass options by clearing PAM_AUTHTOK before
   challenging the user.  These options are meaningless for pam_opie(8)
   since the user can't possibly know the right response before she sees
   the challenge.

 - Introduce the no_fake_prompts option.  If this option is set, pam_opie(8)
   will fail - rather than present a bogus challenge - if the target user
   does not have an OPIE key.  With this option, users who haven't set up
   OPIE won't have to wonder what that "weird otp-md5 s**t" means :)

Reviewed by:	ache, markm
Sponsored by:	DARPA, NAI Labs
2002-01-21 18:46:25 +00:00
Dag-Erling Smørgrav
f460490260 Add a new module, pam_opieaccess(8), which is responsible for checking
/etc/opieaccess and ~/.opiealways so we can decide what to do after
pam_opie(8) fails.

Sponsored by:	DARPA, NAI Labs
Reviewed by:	ache, markm
2002-01-21 13:43:53 +00:00
Andrey A. Chernov
186caeedcb snprintf bloat -> strlcpy
Add getpwnam return check

Approved by:	des, markm
2002-01-20 20:56:47 +00:00
Dag-Erling Smørgrav
e6f0a33e68 Check the return value from read() when reading the CR/LF at the end of a
chunk.

PR:		bin/33608
MFC after:	2 weeks
2002-01-20 19:53:12 +00:00
Dag-Erling Smørgrav
e0583e0c23 Mark uploads as O_WRONLY, not O_RDONLY.
PR:		misc/34043
MFC after:	2 weeks
2002-01-20 19:52:25 +00:00
Yaroslav Tykhiy
b454be098e Minor typo fix: uquad_t -> u_quad_t. 2002-01-20 16:50:29 +00:00
Matthew Dillon
170ac683f2 I've been meaning to do this for a while. Add an underscore to the
time_to_xxx() and xxx_to_time() functions.  e.g. _time_to_xxx()
instead of time_to_xxx(), to make it more obvious that these are
stopgap functions & placemarkers and not meant to create a defacto
standard.  They will eventually be replaced when a real standard
comes out of committee.
2002-01-19 23:20:02 +00:00
Andrey A. Chernov
0b836dfaf1 Back out recent changes 2002-01-19 18:03:11 +00:00
Andrey A. Chernov
6874115893 If user not exist in OPIE system, return failure immediately instead
of producing fake prompts with random numbers which can be detected by
potential intruder in two tries and totally confuse non-OPIE users.
2002-01-19 10:09:05 +00:00
Andrey A. Chernov
3195cd6712 Back out second right-now-expired password check in pam_sm_chauthtok,
old expired password assumed there
2002-01-19 09:23:36 +00:00
Andrey A. Chernov
012400dfcd Previous commit was incomplete, use new error code PAM_CRED_ERR to
indicate die case, different from PAM_SUCCESS and PAM_AUTH_ERR
2002-01-19 08:36:47 +00:00
Andrey A. Chernov
d97cc81fa4 Rewrite 'pwok' fallback in the way it can be properly chained with pam_unix
Replace snprintf %s with strlcpy

Check for NULL returned from getpwnam()
2002-01-19 07:23:48 +00:00
Andrey A. Chernov
c8e3fac7a1 Add yet one expired-right-now password check, in pam_sm_chauthtok
srandomdev() can't be used in libraries, replace srandomdev()+random()
by arc4random()
2002-01-19 04:58:51 +00:00
Andrey A. Chernov
8c70adab72 Set pwok to 1 for non-OPIE users 2002-01-19 03:31:39 +00:00
Andrey A. Chernov
d54c36388e Add missing check for right-now-expired password 2002-01-19 02:45:24 +00:00
Andrey A. Chernov
3f9a326a7a Implement 'pwok', i.e. conditional fallback to unix password
as supposed by opieaccessfile() and opiealways()
2002-01-19 02:38:43 +00:00
Ruslan Ermilov
89ac4ecce1 mdoc(7) police: tidy up OpenBSD fixes. 2002-01-16 15:21:39 +00:00
Mike Barcroft
4681597d9a Add a few cleanups from rev 1.1:
o Restore vendor ID.
o Order variable types by size.
o Remove a gratuitous temporary variable.

Submitted by:	bde
2002-01-15 17:52:21 +00:00
Mike Barcroft
1936b2c83b o Add prototype for printf(3).
style(9):
o Order variables in declarations.
o Move initialization out of declaration.
o Fix over-indents in previous delta.
2002-01-15 08:50:28 +00:00
Mike Barcroft
f601b5ba4b style(9)
Submitted by:	Joseph Mallett <jmallett@xmach.org>
Reviewed by:	md5(1)
2002-01-15 08:26:58 +00:00
Ruslan Ermilov
491a842962 yp(4) -> yp(8).
PR:		docs/30797
2002-01-14 16:59:03 +00:00
Crist J. Clark
971730fc67 Merge some updates and markup fixes from OpenBSD. This is mainly
motivated by the new "CAVEATS" section.

Inspired by:	alfred noting NetBSD's merging OpenBSD's changes
Obtained from:	OpenBSD
2002-01-14 02:08:02 +00:00
Doug White
2b8877f486 Add xref for timeradd(3).
PR:		13079
2002-01-14 00:38:41 +00:00
Jake Burkholder
f2602cd538 Comment out the retrieval of a termination function from %g1. It is
doubtful this will ever be used by anything and rtld uses %g1.
Comment out references to _init and _fini for now too.
2002-01-13 06:17:19 +00:00
Daniel Eischen
aee4cebfe7 Include <stddef.h> to fix build problem when namespace pollution
by <signal.h> (including <time.h> so that NULL is accidentally defined)
is removed.

Style nits.

Submitted by:	bde
2002-01-11 19:46:08 +00:00
Bruce Evans
b9c35b6942 Fixed unsorting and splitting of SRCS in previous commit. 2002-01-11 17:10:35 +00:00
Bruce Evans
614acf2fad Fixed missing backslash in previous commit. 2002-01-11 16:08:49 +00:00
Bruce Evans
b944866c25 Fixed accumulated unsorting and some other style bugs (long lines). 2002-01-11 15:59:30 +00:00
Bruce Evans
afac94af5c Replaced bogus cross references by the usual one for the ctype family
(ctype(3)).
2002-01-11 15:39:50 +00:00
Bruce Evans
87e0032026 Removed assertion that isblank() conforms to C90 too. This assertion
is correct but less than useful.  There is some uncertainty about whether
isblank() is in C99, but it is certainly not in C90.  It just conforms
to C89 because it is a conforming extension.
2002-01-11 15:21:03 +00:00
Bruce Evans
5fb3acfaaf Fixed unsorting of almost all lists in previous commit.
Removed assertion that isblank() is in C99 here too.
2002-01-11 15:15:17 +00:00
Bruce Evans
758671eb0d Fixed unsorting of MLINKS in previous commit.
Fixed unsorting of SRCS in rev.1.18.
2002-01-11 14:57:11 +00:00
Nik Clayton
6a3003ce51 Remove assertion that isblank() is in C99, pointed out by ache. 2002-01-10 12:22:00 +00:00
Daniel Eischen
b66b8326e5 Add getcontext, setcontext, makecontext, and swapcontext. These
functions are defined in SUSv2 and the latest POSIX spec.

Thanks to Bernd Walter <ticso@cicely8.cicely.de> for helping debug my
alpha assembly.

Approved by:	-arch
2002-01-10 02:40:59 +00:00
Sheldon Hearn
7f6a22a549 Document behaviour with respect to interval timers.
PR:		33156
Submitted by:	Peter Jeremy <peter.jeremy@alcatel.com.au>
2002-01-09 14:44:06 +00:00
Ruslan Ermilov
58c0fdd850 mdoc(7) police: add missing markup bits for ``errno''. 2002-01-09 14:03:54 +00:00
Ruslan Ermilov
ce9df6eefc mdoc(7) police:
Stop abusing the .%J macro for where the .Pa macro should have been used.
2002-01-09 14:01:22 +00:00
Nik Clayton
26dabb6003 From the PR:
1. ctype.h defines digittoint(), isnumber() and ishexnmber(), yet
        they are not documented in any of the manpages.

        2. The ctype manpage references a non-existent manpage for
        digittoint().

        3. The isascii() manpage claims it is standards compliant, when
        it isn't.

        4. isblank() claims it is _not_ standards compliant, when it
        is.

Fix by including the appropriate .Nm entries, and with a new digittoint.3
page.

PR:		docs/26451
Submitted by:	Adrian Filipi-Martin <adrian@ubergeeks.com>
2002-01-09 13:43:31 +00:00
John Baldwin
7b5f59222e Fix some 32/64-bit bugs. IPv4 addresses are 32-bits, not longs. On the
alpha these bugs didn't cause any problems because it was little endian,
but on sparc64, we ended up with garbage for the IP address when we tried
to contact the server.  (Usually 3.253.0.0)

Not objected to by:	wpaul
2002-01-08 18:05:03 +00:00
Chris D. Faulhaber
98a32f6de6 Correct phrase 'get an ACL' to 'set an ACL'.
PR:		33660
Submitted by:	Rich Morin <rdm@cfcl.com>, Tom Rhodes <darklogik@pittgoth.com>
2002-01-07 22:46:14 +00:00
Matthew Dillon
d010343b82 Modify Delete_Chunk() into Delete_Chunk2() which can take a flags
argument.  Leave a compatibility shim for Delete_Chunk().

Implement DELCHUNK_RECOVER flag so sysinstall can ask libdisk
to recover space when deleting a chunk.
2002-01-07 07:47:25 +00:00
Dima Dorfman
bfe4f323ec We are munmap(2), so there's no need to list ourselves in the SEE ALSO
section; instead, list our partner in crime, mmap(2).

PR:		33153
Submitted by:	Faried Nawaz <fn@hungry.org>
2002-01-07 06:12:25 +00:00
Dima Dorfman
cf1b88ff74 Nuke the paragraph that says "One can obtain user connection request
data without confirming the connection by issuing a recvmsg(2) [...]".
There's no such code in the kernel.

PR:		26861
Submitted by:	Richard A Steenbergen <ras@e-gerbil.net>,
		Tom Rhodes <darklogik@pittgoth.com>
2002-01-07 06:10:37 +00:00