d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
69,224 Commits 6 Branches 133 Tags 2.6 GiB
9201dc40bf
Commit Graph

5601 Commits

Author SHA1 Message Date
Dag-Erling Smørgrav
9201dc40bf Change the order in which pam_sm_open_session() updates the logs. This 
doesn't really make any difference, except it matches wtmp(5) better.

Don't do anything in pam_sm_close_session(); init(8) will take care of
utmp and wtmp when the tty is released.  Clearing them here would make it
possible to create a ghost session by logging in, running 'login -f $USER'
and exiting the subshell.

Sponsored by:	DARPA, NAI Labs (but the bugs are all mine)
 2002-01-24 17:15:04 +00:00
Dag-Erling Smørgrav
ca355e5451 Correctly interpret PAM_RHOST being unset as an indicator of a local 
login.

Sponsored by:	DARPA, NAI Labs
 2002-01-24 16:18:43 +00:00
Dag-Erling Smørgrav
d233082fbe Correctly interpret PAM_RHOST being unset as an indicator of a local 
login.
 2002-01-24 16:16:01 +00:00
Dag-Erling Smørgrav
e4536f1138 Style nits. 
Sponsored by:	DARPA, NAI Labs
 2002-01-24 16:14:56 +00:00
Alexey Zelkin
a2fb0481d7 get __time_load_locale() prototype from include file, rather than declare 
own
 2002-01-24 15:38:59 +00:00
Alexey Zelkin
bcbeac34ae * style(9)'fy 
* declare prototype for __time_load_locale() in timelocal.h
 2002-01-24 15:07:44 +00:00
David E. O'Brien
e95d27b9ae Fix problem where with PicoBSD the shell coredumps if it does not find an 
entry for its terminal type in /etc/termcap.

Submitted by:	bde
 2002-01-24 13:54:19 +00:00
Dag-Erling Smørgrav
f433d6afed Document the even_root option. 
Sponsored by:	DARPA, NAI Labs
 2002-01-24 13:35:06 +00:00
Dag-Erling Smørgrav
76f95f4dc2 Don't let root through unless the "even_root" option was specified. 
Sponsored by:	DARPA, NAI Labs
 2002-01-24 12:47:42 +00:00
David Malone
98d1592458 Change brk's prototype from char *brk(const char *) to int brk(const void *) 
and sbrk's prototype from char *sbrk(int) to void *sbrk(intptr_t).

This makes us more consistant with NetBSD and standards which include
these functions. Bruce pointed out that ptrdiff_t would probably
have been better than intptr_t, but this doesn't match other
implimentations.

Also remove local declarations of sbrk and unnecessary casting.

PR:		32296
Tested by:	Harti Brandt <brandt@fokus.gmd.de>
MFC after:	1 month
 2002-01-24 12:11:31 +00:00
Dag-Erling Smørgrav
16e058b5d6 Add a PAM module that records sessions in utmp/wtmp/lastlog. 
Sponsored by:	DARPA, NAI Labs
 2002-01-24 09:45:17 +00:00
Dag-Erling Smørgrav
c2d5249eaf Fix some pastos. Rather shoddy of me... 
Sponsored by:	DARPA, NAI Labs
 2002-01-24 09:44:22 +00:00
David E. O'Brien
fb609a2178 Add libfetch.so.2 from a 10-Dec-2001 releng4 build. 2002-01-24 00:54:44 +00:00
Dag-Erling Smørgrav
53f3167d07 Add a PAM module that provides an account management component for checking 
either PAM_RHOST or PAM_TTY against /etc/login.access.o

This uncovers a problem with PAM_RHOST, in that if we always set it, there
is no way to distinguish between a user logging in locally and a user
logging in using 'ssh localhost'.  This will be fixed by first making sure
that all PAM modules can handle PAM_RHOST being unset (which is currently
not the case), and then modifying su(1) and login(1) to not set it for
local logins.

Sponsored by:	DARPA, NAI Labs
 2002-01-23 17:42:16 +00:00
Dag-Erling Smørgrav
774a10071d Add an AUTHORS section crediting ThinkSec, DARPA and NAI Labs. 
Sponsored by:	DARPA, NAI Labs
 2002-01-23 17:16:00 +00:00
Ruslan Ermilov
0509dca0c3 Add pam_ssh support to the static PAM library, libpam.a: 
- Spam /usr/lib some more by making libssh a standard library.
- Tweak ${LIBPAM} and ${MINUSLPAM}.
- Garbage collect unused libssh_pic.a.
- Add fake -lz dependency to secure/ makefiles needed for
  dynamic linkage with -lssh.

Reviewed by:	des, markm
Approved by:	markm
 2002-01-23 15:54:17 +00:00
Dag-Erling Smørgrav
b6b756b58b Base the comparison on UIDs, not on user names. 
Sponsored by:	DARPA, NAI Labs
 2002-01-23 15:16:01 +00:00
Ruslan Ermilov
fd4ca9e02d Make libssh.so useable (undefined reference to IPv4or6). 
Reviewed by:	des, markm
Approved by:	markm
 2002-01-23 15:06:47 +00:00
Ruslan Ermilov
0e65089b79 The sixth argument to the NET_RT_IFLIST sysctl is actually 0 for 
all interfaces, and ifnet.if_index value for a single interface.
 2002-01-23 12:48:08 +00:00
David Greenman
2e4bf827e5 Undo the work-around for the sendfile bug where nbytes needed the hdr/trl 
size added to it in order for it to work properly when nbytes != 0.

Reviewed by:	alfred
MFC after:	3 days
 2002-01-22 23:35:09 +00:00
Andrey A. Chernov
ff7448f849 Restore C99 standard conformance information, isblank() _is_ in final 
standard document

Pointed by: "Jacques A. Vidrine" <n@nectar.cc>
 2002-01-22 20:14:35 +00:00
Mark Murray
5567b258eb Use the proper type (gid_t) for (group)->gr_gid to be orthogonal 
with uid_t usage and (user)->pw_uid.

PR:		3242
 2002-01-22 17:32:53 +00:00
Ruslan Ermilov
0dc5e09ec6 Fix the description of the O_NONBLOCK flag to match reality. 
Prodded by:	Maxim Konovalov <maxim@macomnet.ru>
Obtained from:	BSD/OS
 2002-01-22 14:18:55 +00:00
Ruslan Ermilov
0c7f152b7b Fix a typo I made in revision 1.5. 
Submitted by:	trevor
 2002-01-22 12:38:43 +00:00
Ruslan Ermilov
fe42e96eff Finish cleanup in kvm.c revisions 1.10 and 1.11 -- mark sf (swapfile) 
argument to kvm_open() and kvm_openfiles() as unused.

BSD didn't read swap since kvm.c CSRG revision 5.21 (u-area is pageable
under new VM.  no need to read from swap.)

The old !NEWVM code was removed in CSRG revision 5.23 (~ten years ago).
 2002-01-22 10:07:03 +00:00
Dag-Erling Smørgrav
1e22a4f048 Link pam_opieaccess, pam_self and pam_ssh into the static library. 
Sponsored by:	DARPA, NAI Labs
 2002-01-21 20:43:01 +00:00
Dag-Erling Smørgrav
b0aa095ad0 On second thought, getpwnam() failure should be treated just as if the user 
existed, but had no OPIE key, i.e. PAM_IGNORE.

Pointed out by:	ache
Sponsored by:	DARPA, NAI Labs
 2002-01-21 19:05:45 +00:00
Dag-Erling Smørgrav
b4b56d051a Return PAM_SERVICE_ERR rather than PAM_USER_UNKNOWN if getpwnam() fails, as 
PAM_USER_UNKNOWN will break the chain, revealing to an attacker that the
user does not exist.

Sponsored by:	DARPA, NAI Labs
 2002-01-21 18:53:03 +00:00
Dag-Erling Smørgrav
03adba96a0 Further changes to allow enabling pam_opie(8) by default: 
- Ignore the {try,use}_first_pass options by clearing PAM_AUTHTOK before
   challenging the user.  These options are meaningless for pam_opie(8)
   since the user can't possibly know the right response before she sees
   the challenge.

 - Introduce the no_fake_prompts option.  If this option is set, pam_opie(8)
   will fail - rather than present a bogus challenge - if the target user
   does not have an OPIE key.  With this option, users who haven't set up
   OPIE won't have to wonder what that "weird otp-md5 s**t" means :)

Reviewed by:	ache, markm
Sponsored by:	DARPA, NAI Labs
 2002-01-21 18:46:25 +00:00
Dag-Erling Smørgrav
f460490260 Add a new module, pam_opieaccess(8), which is responsible for checking 
/etc/opieaccess and ~/.opiealways so we can decide what to do after
pam_opie(8) fails.

Sponsored by:	DARPA, NAI Labs
Reviewed by:	ache, markm
 2002-01-21 13:43:53 +00:00
Andrey A. Chernov
186caeedcb snprintf bloat -> strlcpy 
Add getpwnam return check

Approved by:	des, markm
 2002-01-20 20:56:47 +00:00
Dag-Erling Smørgrav
e6f0a33e68 Check the return value from read() when reading the CR/LF at the end of a 
chunk.

PR:		bin/33608
MFC after:	2 weeks
 2002-01-20 19:53:12 +00:00
Dag-Erling Smørgrav
e0583e0c23 Mark uploads as O_WRONLY, not O_RDONLY. 
PR:		misc/34043
MFC after:	2 weeks
 2002-01-20 19:52:25 +00:00
Yaroslav Tykhiy
b454be098e Minor typo fix: uquad_t -> u_quad_t. 2002-01-20 16:50:29 +00:00
Matthew Dillon
170ac683f2 I've been meaning to do this for a while. Add an underscore to the 
time_to_xxx() and xxx_to_time() functions.  e.g. _time_to_xxx()
instead of time_to_xxx(), to make it more obvious that these are
stopgap functions & placemarkers and not meant to create a defacto
standard.  They will eventually be replaced when a real standard
comes out of committee.
 2002-01-19 23:20:02 +00:00
Andrey A. Chernov
0b836dfaf1 Back out recent changes 2002-01-19 18:03:11 +00:00
Andrey A. Chernov
6874115893 If user not exist in OPIE system, return failure immediately instead 
of producing fake prompts with random numbers which can be detected by
potential intruder in two tries and totally confuse non-OPIE users.
 2002-01-19 10:09:05 +00:00
Andrey A. Chernov
3195cd6712 Back out second right-now-expired password check in pam_sm_chauthtok, 
old expired password assumed there
 2002-01-19 09:23:36 +00:00
Andrey A. Chernov
012400dfcd Previous commit was incomplete, use new error code PAM_CRED_ERR to 
indicate die case, different from PAM_SUCCESS and PAM_AUTH_ERR
 2002-01-19 08:36:47 +00:00
Andrey A. Chernov
d97cc81fa4 Rewrite 'pwok' fallback in the way it can be properly chained with pam_unix 
Replace snprintf %s with strlcpy

Check for NULL returned from getpwnam()
 2002-01-19 07:23:48 +00:00
Andrey A. Chernov
c8e3fac7a1 Add yet one expired-right-now password check, in pam_sm_chauthtok 
srandomdev() can't be used in libraries, replace srandomdev()+random()
by arc4random()
 2002-01-19 04:58:51 +00:00
Andrey A. Chernov
8c70adab72 Set pwok to 1 for non-OPIE users 2002-01-19 03:31:39 +00:00
Andrey A. Chernov
d54c36388e Add missing check for right-now-expired password 2002-01-19 02:45:24 +00:00
Andrey A. Chernov
3f9a326a7a Implement 'pwok', i.e. conditional fallback to unix password 
as supposed by opieaccessfile() and opiealways()
 2002-01-19 02:38:43 +00:00
Ruslan Ermilov
89ac4ecce1 mdoc(7) police: tidy up OpenBSD fixes. 2002-01-16 15:21:39 +00:00
Mike Barcroft
4681597d9a Add a few cleanups from rev 1.1: 
o Restore vendor ID.
o Order variable types by size.
o Remove a gratuitous temporary variable.

Submitted by:	bde
 2002-01-15 17:52:21 +00:00
Mike Barcroft
1936b2c83b o Add prototype for printf(3). 
style(9):
o Order variables in declarations.
o Move initialization out of declaration.
o Fix over-indents in previous delta.
 2002-01-15 08:50:28 +00:00
Mike Barcroft
f601b5ba4b style(9) 
Submitted by:	Joseph Mallett <jmallett@xmach.org>
Reviewed by:	md5(1)
 2002-01-15 08:26:58 +00:00
Ruslan Ermilov
491a842962 yp(4) -> yp(8). 
PR:		docs/30797
 2002-01-14 16:59:03 +00:00
Crist J. Clark
971730fc67 Merge some updates and markup fixes from OpenBSD. This is mainly 
motivated by the new "CAVEATS" section.

Inspired by:	alfred noting NetBSD's merging OpenBSD's changes
Obtained from:	OpenBSD
 2002-01-14 02:08:02 +00:00