d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
70,899 Commits 6 Branches 133 Tags 2.6 GiB
Commit Graph

5737 Commits

Author SHA1 Message Date
Dag-Erling Smørgrav
774a10071d Add an AUTHORS section crediting ThinkSec, DARPA and NAI Labs. 
Sponsored by:	DARPA, NAI Labs
 2002-01-23 17:16:00 +00:00
Ruslan Ermilov
0509dca0c3 Add pam_ssh support to the static PAM library, libpam.a: 
- Spam /usr/lib some more by making libssh a standard library.
- Tweak ${LIBPAM} and ${MINUSLPAM}.
- Garbage collect unused libssh_pic.a.
- Add fake -lz dependency to secure/ makefiles needed for
  dynamic linkage with -lssh.

Reviewed by:	des, markm
Approved by:	markm
 2002-01-23 15:54:17 +00:00
Dag-Erling Smørgrav
b6b756b58b Base the comparison on UIDs, not on user names. 
Sponsored by:	DARPA, NAI Labs
 2002-01-23 15:16:01 +00:00
Ruslan Ermilov
fd4ca9e02d Make libssh.so useable (undefined reference to IPv4or6). 
Reviewed by:	des, markm
Approved by:	markm
 2002-01-23 15:06:47 +00:00
Ruslan Ermilov
0e65089b79 The sixth argument to the NET_RT_IFLIST sysctl is actually 0 for 
all interfaces, and ifnet.if_index value for a single interface.
 2002-01-23 12:48:08 +00:00
David Greenman
2e4bf827e5 Undo the work-around for the sendfile bug where nbytes needed the hdr/trl 
size added to it in order for it to work properly when nbytes != 0.

Reviewed by:	alfred
MFC after:	3 days
 2002-01-22 23:35:09 +00:00
Andrey A. Chernov
ff7448f849 Restore C99 standard conformance information, isblank() _is_ in final 
standard document

Pointed by: "Jacques A. Vidrine" <n@nectar.cc>
 2002-01-22 20:14:35 +00:00
Mark Murray
5567b258eb Use the proper type (gid_t) for (group)->gr_gid to be orthogonal 
with uid_t usage and (user)->pw_uid.

PR:		3242
 2002-01-22 17:32:53 +00:00
Ruslan Ermilov
0dc5e09ec6 Fix the description of the O_NONBLOCK flag to match reality. 
Prodded by:	Maxim Konovalov <maxim@macomnet.ru>
Obtained from:	BSD/OS
 2002-01-22 14:18:55 +00:00
Ruslan Ermilov
0c7f152b7b Fix a typo I made in revision 1.5. 
Submitted by:	trevor
 2002-01-22 12:38:43 +00:00
Ruslan Ermilov
fe42e96eff Finish cleanup in kvm.c revisions 1.10 and 1.11 -- mark sf (swapfile) 
argument to kvm_open() and kvm_openfiles() as unused.

BSD didn't read swap since kvm.c CSRG revision 5.21 (u-area is pageable
under new VM.  no need to read from swap.)

The old !NEWVM code was removed in CSRG revision 5.23 (~ten years ago).
 2002-01-22 10:07:03 +00:00
Dag-Erling Smørgrav
1e22a4f048 Link pam_opieaccess, pam_self and pam_ssh into the static library. 
Sponsored by:	DARPA, NAI Labs
 2002-01-21 20:43:01 +00:00
Dag-Erling Smørgrav
b0aa095ad0 On second thought, getpwnam() failure should be treated just as if the user 
existed, but had no OPIE key, i.e. PAM_IGNORE.

Pointed out by:	ache
Sponsored by:	DARPA, NAI Labs
 2002-01-21 19:05:45 +00:00
Dag-Erling Smørgrav
b4b56d051a Return PAM_SERVICE_ERR rather than PAM_USER_UNKNOWN if getpwnam() fails, as 
PAM_USER_UNKNOWN will break the chain, revealing to an attacker that the
user does not exist.

Sponsored by:	DARPA, NAI Labs
 2002-01-21 18:53:03 +00:00
Dag-Erling Smørgrav
03adba96a0 Further changes to allow enabling pam_opie(8) by default: 
- Ignore the {try,use}_first_pass options by clearing PAM_AUTHTOK before
   challenging the user.  These options are meaningless for pam_opie(8)
   since the user can't possibly know the right response before she sees
   the challenge.

 - Introduce the no_fake_prompts option.  If this option is set, pam_opie(8)
   will fail - rather than present a bogus challenge - if the target user
   does not have an OPIE key.  With this option, users who haven't set up
   OPIE won't have to wonder what that "weird otp-md5 s**t" means :)

Reviewed by:	ache, markm
Sponsored by:	DARPA, NAI Labs
 2002-01-21 18:46:25 +00:00
Dag-Erling Smørgrav
f460490260 Add a new module, pam_opieaccess(8), which is responsible for checking 
/etc/opieaccess and ~/.opiealways so we can decide what to do after
pam_opie(8) fails.

Sponsored by:	DARPA, NAI Labs
Reviewed by:	ache, markm
 2002-01-21 13:43:53 +00:00
Andrey A. Chernov
186caeedcb snprintf bloat -> strlcpy 
Add getpwnam return check

Approved by:	des, markm
 2002-01-20 20:56:47 +00:00
Dag-Erling Smørgrav
e6f0a33e68 Check the return value from read() when reading the CR/LF at the end of a 
chunk.

PR:		bin/33608
MFC after:	2 weeks
 2002-01-20 19:53:12 +00:00
Dag-Erling Smørgrav
e0583e0c23 Mark uploads as O_WRONLY, not O_RDONLY. 
PR:		misc/34043
MFC after:	2 weeks
 2002-01-20 19:52:25 +00:00
Yaroslav Tykhiy
b454be098e Minor typo fix: uquad_t -> u_quad_t. 2002-01-20 16:50:29 +00:00
Matthew Dillon
170ac683f2 I've been meaning to do this for a while. Add an underscore to the 
time_to_xxx() and xxx_to_time() functions.  e.g. _time_to_xxx()
instead of time_to_xxx(), to make it more obvious that these are
stopgap functions & placemarkers and not meant to create a defacto
standard.  They will eventually be replaced when a real standard
comes out of committee.
 2002-01-19 23:20:02 +00:00
Andrey A. Chernov
0b836dfaf1 Back out recent changes 2002-01-19 18:03:11 +00:00
Andrey A. Chernov
6874115893 If user not exist in OPIE system, return failure immediately instead 
of producing fake prompts with random numbers which can be detected by
potential intruder in two tries and totally confuse non-OPIE users.
 2002-01-19 10:09:05 +00:00
Andrey A. Chernov
3195cd6712 Back out second right-now-expired password check in pam_sm_chauthtok, 
old expired password assumed there
 2002-01-19 09:23:36 +00:00
Andrey A. Chernov
012400dfcd Previous commit was incomplete, use new error code PAM_CRED_ERR to 
indicate die case, different from PAM_SUCCESS and PAM_AUTH_ERR
 2002-01-19 08:36:47 +00:00
Andrey A. Chernov
d97cc81fa4 Rewrite 'pwok' fallback in the way it can be properly chained with pam_unix 
Replace snprintf %s with strlcpy

Check for NULL returned from getpwnam()
 2002-01-19 07:23:48 +00:00
Andrey A. Chernov
c8e3fac7a1 Add yet one expired-right-now password check, in pam_sm_chauthtok 
srandomdev() can't be used in libraries, replace srandomdev()+random()
by arc4random()
 2002-01-19 04:58:51 +00:00
Andrey A. Chernov
8c70adab72 Set pwok to 1 for non-OPIE users 2002-01-19 03:31:39 +00:00
Andrey A. Chernov
d54c36388e Add missing check for right-now-expired password 2002-01-19 02:45:24 +00:00
Andrey A. Chernov
3f9a326a7a Implement 'pwok', i.e. conditional fallback to unix password 
as supposed by opieaccessfile() and opiealways()
 2002-01-19 02:38:43 +00:00
Ruslan Ermilov
89ac4ecce1 mdoc(7) police: tidy up OpenBSD fixes. 2002-01-16 15:21:39 +00:00
Mike Barcroft
4681597d9a Add a few cleanups from rev 1.1: 
o Restore vendor ID.
o Order variable types by size.
o Remove a gratuitous temporary variable.

Submitted by:	bde
 2002-01-15 17:52:21 +00:00
Mike Barcroft
1936b2c83b o Add prototype for printf(3). 
style(9):
o Order variables in declarations.
o Move initialization out of declaration.
o Fix over-indents in previous delta.
 2002-01-15 08:50:28 +00:00
Mike Barcroft
f601b5ba4b style(9) 
Submitted by:	Joseph Mallett <jmallett@xmach.org>
Reviewed by:	md5(1)
 2002-01-15 08:26:58 +00:00
Ruslan Ermilov
491a842962 yp(4) -> yp(8). 
PR:		docs/30797
 2002-01-14 16:59:03 +00:00
Crist J. Clark
971730fc67 Merge some updates and markup fixes from OpenBSD. This is mainly 
motivated by the new "CAVEATS" section.

Inspired by:	alfred noting NetBSD's merging OpenBSD's changes
Obtained from:	OpenBSD
 2002-01-14 02:08:02 +00:00
Doug White
2b8877f486 Add xref for timeradd(3). 
PR:		13079
 2002-01-14 00:38:41 +00:00
Jake Burkholder
f2602cd538 Comment out the retrieval of a termination function from %g1. It is 
doubtful this will ever be used by anything and rtld uses %g1.
Comment out references to _init and _fini for now too.
 2002-01-13 06:17:19 +00:00
Daniel Eischen
aee4cebfe7 Include <stddef.h> to fix build problem when namespace pollution 
by <signal.h> (including <time.h> so that NULL is accidentally defined)
is removed.

Style nits.

Submitted by:	bde
 2002-01-11 19:46:08 +00:00
Bruce Evans
b9c35b6942 Fixed unsorting and splitting of SRCS in previous commit. 2002-01-11 17:10:35 +00:00
Bruce Evans
614acf2fad Fixed missing backslash in previous commit. 2002-01-11 16:08:49 +00:00
Bruce Evans
b944866c25 Fixed accumulated unsorting and some other style bugs (long lines). 2002-01-11 15:59:30 +00:00
Bruce Evans
afac94af5c Replaced bogus cross references by the usual one for the ctype family 
(ctype(3)).
 2002-01-11 15:39:50 +00:00
Bruce Evans
87e0032026 Removed assertion that isblank() conforms to C90 too. This assertion 
is correct but less than useful.  There is some uncertainty about whether
isblank() is in C99, but it is certainly not in C90.  It just conforms
to C89 because it is a conforming extension.
 2002-01-11 15:21:03 +00:00
Bruce Evans
5fb3acfaaf Fixed unsorting of almost all lists in previous commit. 
Removed assertion that isblank() is in C99 here too.
 2002-01-11 15:15:17 +00:00
Bruce Evans
758671eb0d Fixed unsorting of MLINKS in previous commit. 
Fixed unsorting of SRCS in rev.1.18.
 2002-01-11 14:57:11 +00:00
Nik Clayton
6a3003ce51 Remove assertion that isblank() is in C99, pointed out by ache. 2002-01-10 12:22:00 +00:00
Daniel Eischen
b66b8326e5 Add getcontext, setcontext, makecontext, and swapcontext. These 
functions are defined in SUSv2 and the latest POSIX spec.

Thanks to Bernd Walter <ticso@cicely8.cicely.de> for helping debug my
alpha assembly.

Approved by:	-arch
 2002-01-10 02:40:59 +00:00
Sheldon Hearn
7f6a22a549 Document behaviour with respect to interval timers. 
PR:		33156
Submitted by:	Peter Jeremy <peter.jeremy@alcatel.com.au>
 2002-01-09 14:44:06 +00:00
Ruslan Ermilov
58c0fdd850 mdoc(7) police: add missing markup bits for ``errno''. 2002-01-09 14:03:54 +00:00