d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
71,826 Commits 4 Branches 49 Tags
Commit Graph

5830 Commits

Author SHA1 Message Date
ru
c9d8bf8608 Add pam_ssh support to the static PAM library, libpam.a: 
- Spam /usr/lib some more by making libssh a standard library.
- Tweak ${LIBPAM} and ${MINUSLPAM}.
- Garbage collect unused libssh_pic.a.
- Add fake -lz dependency to secure/ makefiles needed for
  dynamic linkage with -lssh.

Reviewed by:	des, markm
Approved by:	markm
 2002-01-23 15:54:17 +00:00
des
e64688fcfb Base the comparison on UIDs, not on user names. 
Sponsored by:	DARPA, NAI Labs
 2002-01-23 15:16:01 +00:00
ru
5307ecb83c Make libssh.so useable (undefined reference to IPv4or6). 
Reviewed by:	des, markm
Approved by:	markm
 2002-01-23 15:06:47 +00:00
ru
0d2b999d27 The sixth argument to the NET_RT_IFLIST sysctl is actually 0 for 
all interfaces, and ifnet.if_index value for a single interface.
 2002-01-23 12:48:08 +00:00
dg
ef8f790f5d Undo the work-around for the sendfile bug where nbytes needed the hdr/trl 
size added to it in order for it to work properly when nbytes != 0.

Reviewed by:	alfred
MFC after:	3 days
 2002-01-22 23:35:09 +00:00
ache
e854bbe7d4 Restore C99 standard conformance information, isblank() _is_ in final 
standard document

Pointed by: "Jacques A. Vidrine" <n@nectar.cc>
 2002-01-22 20:14:35 +00:00
markm
e2a2029185 Use the proper type (gid_t) for (group)->gr_gid to be orthogonal 
with uid_t usage and (user)->pw_uid.

PR:		3242
 2002-01-22 17:32:53 +00:00
ru
c03187444b Fix the description of the O_NONBLOCK flag to match reality. 
Prodded by:	Maxim Konovalov <maxim@macomnet.ru>
Obtained from:	BSD/OS
 2002-01-22 14:18:55 +00:00
ru
5fcc558004 Fix a typo I made in revision 1.5. 
Submitted by:	trevor
 2002-01-22 12:38:43 +00:00
ru
c4b08ff306 Finish cleanup in kvm.c revisions 1.10 and 1.11 -- mark sf (swapfile) 
argument to kvm_open() and kvm_openfiles() as unused.

BSD didn't read swap since kvm.c CSRG revision 5.21 (u-area is pageable
under new VM.  no need to read from swap.)

The old !NEWVM code was removed in CSRG revision 5.23 (~ten years ago).
 2002-01-22 10:07:03 +00:00
des
ce9baa2c50 Link pam_opieaccess, pam_self and pam_ssh into the static library. 
Sponsored by:	DARPA, NAI Labs
 2002-01-21 20:43:01 +00:00
des
ac843e8b75 On second thought, getpwnam() failure should be treated just as if the user 
existed, but had no OPIE key, i.e. PAM_IGNORE.

Pointed out by:	ache
Sponsored by:	DARPA, NAI Labs
 2002-01-21 19:05:45 +00:00
des
aeaf48654b Return PAM_SERVICE_ERR rather than PAM_USER_UNKNOWN if getpwnam() fails, as 
PAM_USER_UNKNOWN will break the chain, revealing to an attacker that the
user does not exist.

Sponsored by:	DARPA, NAI Labs
 2002-01-21 18:53:03 +00:00
des
bc31e1293b Further changes to allow enabling pam_opie(8) by default: 
- Ignore the {try,use}_first_pass options by clearing PAM_AUTHTOK before
   challenging the user.  These options are meaningless for pam_opie(8)
   since the user can't possibly know the right response before she sees
   the challenge.

 - Introduce the no_fake_prompts option.  If this option is set, pam_opie(8)
   will fail - rather than present a bogus challenge - if the target user
   does not have an OPIE key.  With this option, users who haven't set up
   OPIE won't have to wonder what that "weird otp-md5 s**t" means :)

Reviewed by:	ache, markm
Sponsored by:	DARPA, NAI Labs
 2002-01-21 18:46:25 +00:00
des
14be282b68 Add a new module, pam_opieaccess(8), which is responsible for checking 
/etc/opieaccess and ~/.opiealways so we can decide what to do after
pam_opie(8) fails.

Sponsored by:	DARPA, NAI Labs
Reviewed by:	ache, markm
 2002-01-21 13:43:53 +00:00
ache
b7343f3a64 snprintf bloat -> strlcpy 
Add getpwnam return check

Approved by:	des, markm
 2002-01-20 20:56:47 +00:00
des
69f2f16cb4 Check the return value from read() when reading the CR/LF at the end of a 
chunk.

PR:		bin/33608
MFC after:	2 weeks
 2002-01-20 19:53:12 +00:00
des
9f6167dc5a Mark uploads as O_WRONLY, not O_RDONLY. 
PR:		misc/34043
MFC after:	2 weeks
 2002-01-20 19:52:25 +00:00
yar
1c60c1c170 Minor typo fix: uquad_t -> u_quad_t. 2002-01-20 16:50:29 +00:00
dillon
c3dbbbabdf I've been meaning to do this for a while. Add an underscore to the 
time_to_xxx() and xxx_to_time() functions.  e.g. _time_to_xxx()
instead of time_to_xxx(), to make it more obvious that these are
stopgap functions & placemarkers and not meant to create a defacto
standard.  They will eventually be replaced when a real standard
comes out of committee.
 2002-01-19 23:20:02 +00:00
ache
d90ac373d0 Back out recent changes 2002-01-19 18:03:11 +00:00
ache
f9d407de0b If user not exist in OPIE system, return failure immediately instead 
of producing fake prompts with random numbers which can be detected by
potential intruder in two tries and totally confuse non-OPIE users.
 2002-01-19 10:09:05 +00:00
ache
0262fc4b8f Back out second right-now-expired password check in pam_sm_chauthtok, 
old expired password assumed there
 2002-01-19 09:23:36 +00:00
ache
b0127287cc Previous commit was incomplete, use new error code PAM_CRED_ERR to 
indicate die case, different from PAM_SUCCESS and PAM_AUTH_ERR
 2002-01-19 08:36:47 +00:00
ache
4d1c54018e Rewrite 'pwok' fallback in the way it can be properly chained with pam_unix 
Replace snprintf %s with strlcpy

Check for NULL returned from getpwnam()
 2002-01-19 07:23:48 +00:00
ache
35ada60969 Add yet one expired-right-now password check, in pam_sm_chauthtok 
srandomdev() can't be used in libraries, replace srandomdev()+random()
by arc4random()
 2002-01-19 04:58:51 +00:00
ache
30b45f48f0 Set pwok to 1 for non-OPIE users 2002-01-19 03:31:39 +00:00
ache
a38e044747 Add missing check for right-now-expired password 2002-01-19 02:45:24 +00:00
ache
3d4ab3ebc5 Implement 'pwok', i.e. conditional fallback to unix password 
as supposed by opieaccessfile() and opiealways()
 2002-01-19 02:38:43 +00:00
ru
127a9d6012 mdoc(7) police: tidy up OpenBSD fixes. 2002-01-16 15:21:39 +00:00
mike
1ba2eb7fe9 Add a few cleanups from rev 1.1: 
o Restore vendor ID.
o Order variable types by size.
o Remove a gratuitous temporary variable.

Submitted by:	bde
 2002-01-15 17:52:21 +00:00
mike
beadda288c o Add prototype for printf(3). 
style(9):
o Order variables in declarations.
o Move initialization out of declaration.
o Fix over-indents in previous delta.
 2002-01-15 08:50:28 +00:00
mike
b87cdc2c64 style(9) 
Submitted by:	Joseph Mallett <jmallett@xmach.org>
Reviewed by:	md5(1)
 2002-01-15 08:26:58 +00:00
ru
7aa3bf6364 yp(4) -> yp(8). 
PR:		docs/30797
 2002-01-14 16:59:03 +00:00
cjc
840adbd42c Merge some updates and markup fixes from OpenBSD. This is mainly 
motivated by the new "CAVEATS" section.

Inspired by:	alfred noting NetBSD's merging OpenBSD's changes
Obtained from:	OpenBSD
 2002-01-14 02:08:02 +00:00
dwhite
0b02189319 Add xref for timeradd(3). 
PR:		13079
 2002-01-14 00:38:41 +00:00
jake
3f719eddda Comment out the retrieval of a termination function from %g1. It is 
doubtful this will ever be used by anything and rtld uses %g1.
Comment out references to _init and _fini for now too.
 2002-01-13 06:17:19 +00:00
deischen
732c36b4f3 Include <stddef.h> to fix build problem when namespace pollution 
by <signal.h> (including <time.h> so that NULL is accidentally defined)
is removed.

Style nits.

Submitted by:	bde
 2002-01-11 19:46:08 +00:00
bde
dc0928a2d4 Fixed unsorting and splitting of SRCS in previous commit. 2002-01-11 17:10:35 +00:00
bde
6c6aee2cdc Fixed missing backslash in previous commit. 2002-01-11 16:08:49 +00:00
bde
db24453e8e Fixed accumulated unsorting and some other style bugs (long lines). 2002-01-11 15:59:30 +00:00
bde
b57a6501b2 Replaced bogus cross references by the usual one for the ctype family 
(ctype(3)).
 2002-01-11 15:39:50 +00:00
bde
20c0be082c Removed assertion that isblank() conforms to C90 too. This assertion 
is correct but less than useful.  There is some uncertainty about whether
isblank() is in C99, but it is certainly not in C90.  It just conforms
to C89 because it is a conforming extension.
 2002-01-11 15:21:03 +00:00
bde
7ae245ff23 Fixed unsorting of almost all lists in previous commit. 
Removed assertion that isblank() is in C99 here too.
 2002-01-11 15:15:17 +00:00
bde
1aba435a49 Fixed unsorting of MLINKS in previous commit. 
Fixed unsorting of SRCS in rev.1.18.
 2002-01-11 14:57:11 +00:00
nik
c16e18ce7c Remove assertion that isblank() is in C99, pointed out by ache. 2002-01-10 12:22:00 +00:00
deischen
e1f74be694 Add getcontext, setcontext, makecontext, and swapcontext. These 
functions are defined in SUSv2 and the latest POSIX spec.

Thanks to Bernd Walter <ticso@cicely8.cicely.de> for helping debug my
alpha assembly.

Approved by:	-arch
 2002-01-10 02:40:59 +00:00
sheldonh
28458ea28c Document behaviour with respect to interval timers. 
PR:		33156
Submitted by:	Peter Jeremy <peter.jeremy@alcatel.com.au>
 2002-01-09 14:44:06 +00:00
ru
89069aaa17 mdoc(7) police: add missing markup bits for ``errno''. 2002-01-09 14:03:54 +00:00
ru
fa7886b781 mdoc(7) police: 
Stop abusing the .%J macro for where the .Pa macro should have been used.
 2002-01-09 14:01:22 +00:00