| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
| |
Do this conversion on locale load stage instead.
|
|
|
|
|
|
| |
o update copyright dates.
Reviewed by: rwatson
|
|
|
|
|
|
|
|
| |
clobber a ctime buffer which is passed in.
PR: 34022
Submitted by: Hartmut Brandt <brandt@fokus.gmd.de>
MFC after: 2 weeks
|
| |
|
|
|
|
| |
warnings that are hard to fix or that I've been asked to leave alone.
|
|
|
|
|
|
|
| |
caller is supposed to check the PAM envlist and export the variables it
contains; if it doesn't, it's broken.
Sponsored by: DARPA, NAI Labs
|
|
|
|
|
|
|
|
|
|
|
| |
doesn't really make any difference, except it matches wtmp(5) better.
Don't do anything in pam_sm_close_session(); init(8) will take care of
utmp and wtmp when the tty is released. Clearing them here would make it
possible to create a ghost session by logging in, running 'login -f $USER'
and exiting the subshell.
Sponsored by: DARPA, NAI Labs (but the bugs are all mine)
|
|
|
|
|
|
| |
login.
Sponsored by: DARPA, NAI Labs
|
|
|
|
| |
login.
|
|
|
|
| |
Sponsored by: DARPA, NAI Labs
|
|
|
|
| |
own
|
|
|
|
| |
* declare prototype for __time_load_locale() in timelocal.h
|
|
|
|
|
|
| |
entry for its terminal type in /etc/termcap.
Submitted by: bde
|
|
|
|
| |
Sponsored by: DARPA, NAI Labs
|
|
|
|
| |
Sponsored by: DARPA, NAI Labs
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and sbrk's prototype from char *sbrk(int) to void *sbrk(intptr_t).
This makes us more consistant with NetBSD and standards which include
these functions. Bruce pointed out that ptrdiff_t would probably
have been better than intptr_t, but this doesn't match other
implimentations.
Also remove local declarations of sbrk and unnecessary casting.
PR: 32296
Tested by: Harti Brandt <brandt@fokus.gmd.de>
MFC after: 1 month
|
|
|
|
| |
Sponsored by: DARPA, NAI Labs
|
|
|
|
| |
Sponsored by: DARPA, NAI Labs
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
either PAM_RHOST or PAM_TTY against /etc/login.access.o
This uncovers a problem with PAM_RHOST, in that if we always set it, there
is no way to distinguish between a user logging in locally and a user
logging in using 'ssh localhost'. This will be fixed by first making sure
that all PAM modules can handle PAM_RHOST being unset (which is currently
not the case), and then modifying su(1) and login(1) to not set it for
local logins.
Sponsored by: DARPA, NAI Labs
|
|
|
|
| |
Sponsored by: DARPA, NAI Labs
|
|
|
|
|
|
|
|
|
|
|
| |
- Spam /usr/lib some more by making libssh a standard library.
- Tweak ${LIBPAM} and ${MINUSLPAM}.
- Garbage collect unused libssh_pic.a.
- Add fake -lz dependency to secure/ makefiles needed for
dynamic linkage with -lssh.
Reviewed by: des, markm
Approved by: markm
|
|
|
|
| |
Sponsored by: DARPA, NAI Labs
|
|
|
|
|
| |
Reviewed by: des, markm
Approved by: markm
|
|
|
|
| |
all interfaces, and ifnet.if_index value for a single interface.
|
|
|
|
|
|
|
| |
size added to it in order for it to work properly when nbytes != 0.
Reviewed by: alfred
MFC after: 3 days
|
|
|
|
|
|
| |
standard document
Pointed by: "Jacques A. Vidrine" <n@nectar.cc>
|
|
|
|
|
|
| |
with uid_t usage and (user)->pw_uid.
PR: 3242
|
|
|
|
|
| |
Prodded by: Maxim Konovalov <maxim@macomnet.ru>
Obtained from: BSD/OS
|
|
|
|
| |
Submitted by: trevor
|
|
|
|
|
|
|
|
|
| |
argument to kvm_open() and kvm_openfiles() as unused.
BSD didn't read swap since kvm.c CSRG revision 5.21 (u-area is pageable
under new VM. no need to read from swap.)
The old !NEWVM code was removed in CSRG revision 5.23 (~ten years ago).
|
|
|
|
| |
Sponsored by: DARPA, NAI Labs
|
|
|
|
|
|
|
| |
existed, but had no OPIE key, i.e. PAM_IGNORE.
Pointed out by: ache
Sponsored by: DARPA, NAI Labs
|
|
|
|
|
|
|
| |
PAM_USER_UNKNOWN will break the chain, revealing to an attacker that the
user does not exist.
Sponsored by: DARPA, NAI Labs
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Ignore the {try,use}_first_pass options by clearing PAM_AUTHTOK before
challenging the user. These options are meaningless for pam_opie(8)
since the user can't possibly know the right response before she sees
the challenge.
- Introduce the no_fake_prompts option. If this option is set, pam_opie(8)
will fail - rather than present a bogus challenge - if the target user
does not have an OPIE key. With this option, users who haven't set up
OPIE won't have to wonder what that "weird otp-md5 s**t" means :)
Reviewed by: ache, markm
Sponsored by: DARPA, NAI Labs
|
|
|
|
|
|
|
|
| |
/etc/opieaccess and ~/.opiealways so we can decide what to do after
pam_opie(8) fails.
Sponsored by: DARPA, NAI Labs
Reviewed by: ache, markm
|
|
|
|
|
|
| |
Add getpwnam return check
Approved by: des, markm
|
|
|
|
|
|
|
| |
chunk.
PR: bin/33608
MFC after: 2 weeks
|
|
|
|
|
| |
PR: misc/34043
MFC after: 2 weeks
|
| |
|
|
|
|
|
|
|
|
| |
time_to_xxx() and xxx_to_time() functions. e.g. _time_to_xxx()
instead of time_to_xxx(), to make it more obvious that these are
stopgap functions & placemarkers and not meant to create a defacto
standard. They will eventually be replaced when a real standard
comes out of committee.
|
| |
|
|
|
|
|
| |
of producing fake prompts with random numbers which can be detected by
potential intruder in two tries and totally confuse non-OPIE users.
|
|
|
|
| |
old expired password assumed there
|
|
|
|
| |
indicate die case, different from PAM_SUCCESS and PAM_AUTH_ERR
|
|
|
|
|
|
| |
Replace snprintf %s with strlcpy
Check for NULL returned from getpwnam()
|
|
|
|
|
| |
srandomdev() can't be used in libraries, replace srandomdev()+random()
by arc4random()
|
| |
|
| |
|