| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
on GSS-API authenticated NFS where the kerberos credentials need to be
saved so that the kernel can authenticate to the NFS server.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
It is not clear to what this copyright should apply, and this is in line
with what other operating systems do.
For ssh specifically, printing of the copyright string is not in the
upstream version so this reduces our FreeBSD-local diffs.
Approved by: core, des (ssh)
|
|
|
|
|
| |
Most of these tools properly build at WARNS=6, except for their K&R
function declarations. Fix this, so we can bump WARNS as well.
|
|
|
|
| |
needed.
|
|
|
|
| |
Tested with: make universe
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We've seen this bug in other applications before: we have some
applications that use strrchr(tty, '/') on the TTY device name. This
isn't valid when using pts(4), because the device name will be stripped
to "0" instead of "pts/0".
This fixes issues with login(1) ignoring /etc/ttys and missing utmp
records.
Reported by: Barney Cordoba <barney_cordoba yahoo com>
Reviewed by: rwatson
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
setenv(3) by tracking the size of the memory allocated instead of using
strlen() on the current value.
Convert all calls to POSIX from historic BSD API:
- unsetenv returns an int.
- putenv takes a char * instead of const char *.
- putenv no longer makes a copy of the input string.
- errno is set appropriately for POSIX. Exceptions involve bad environ
variable and internal initialization code. These both set errno to
EFAULT.
Several patches to base utilities to handle the POSIX changes from
Andrey Chernov's previous commit. A few I re-wrote to use setenv()
instead of putenv().
New regression module for tools/regression/environ to test these
functions. It also can be used to test the performance.
Bump __FreeBSD_version to 700050 due to API change.
PR: kern/99826
Approved by: wes
Approved by: re (kensmith)
|
|
|
|
|
|
|
|
|
| |
Not because I admit they are technically wrong and not because of bug
reports (I receive nothing). But because I surprisingly meets so
strong opposition and resistance so lost any desire to continue that.
Anyone who interested in POSIX can dig out what changes and how
through cvs diffs.
|
| |
|
|
|
|
| |
don't free memory after putenv()
|
|
|
|
|
|
|
| |
conditionally build in audit support.
Submitted by: bz
MFC after: 1 week
|
|
|
|
|
|
|
|
|
|
| |
dereference it.
This will happen if we ^D at the Login: prompt without having provided a
valid login before.
Set pwd to NULL on bad login attempts to prevent audit_logout() from being
called for a user which didn't actually log on.
Reported by: Jerome Magnin jethro at docisland dot org
|
|
|
|
|
|
|
|
|
| |
events. The specifics of submitting the records is contained within
login_audit.c.
Document the auditing behavior in the man page.
Obtained from: TrustedBSD Project, Apple Computer, Inc.
Approved by: rwatson (mentor)
|
|
|
|
|
|
|
|
| |
defined in user's $HOME/.login_conf.
PR: bin/75001
Submitted by: Rostislav Krasny
MFC after: 2 weeks
|
|
|
|
|
| |
PR: 61354
Submitted by: Eugeny Grosbein <eugen (at) kuzbass.ru>
|
|
|
|
| |
chmod() failure.
|
|
|
|
|
|
|
|
| |
"login_prompt". This makes more sense than "prompt" which is what
login actually used, so change the code to match the documentation.
PR: docs/51396
MFC in: 3 days
|
| |
|
|
|
|
| |
pam_opieaccess() to work as expected for local logins.
|
|
|
|
| |
are waiting for, and we don't want to reap the wrong process.
|
|
|
|
|
|
|
|
| |
the command line by getty(8). This is not a perfect fix, but drastically
reduces the window of exposure.
Approved by: re (rwatson)
MFC after: 1 week
|
|
|
|
| |
Spotted by: FlexeLint
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
it complains that it can't do it because the filesystem is readonly.
Assume that when the user has a readonly /dev that they don't care if
login can't change the permissions/flags. While this does break a few
things like msgs, we'll assume that the user setting up the read only
system knows what they are doing.
All this change does is to stop the complaint when the file system is
read only. It also adds comments as to why EROFS and EOPNOTSUPP are
ignored.
This allows one to have a read-only / w/o a /dev MFS and have a
relatively warning-free existence. /etc/rc still complains when it
can't chown/chflags/chmod things, but that's easy to ignore/tweak.
Reviewed by: roberto, phk
Sponsored by: Timing Solutions
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Sponsored by: DARPA, NAI Labs
|
| |
|
| |
|
|
|
|
|
|
|
| |
the correct userid, instead of random garbage. This bug does not
exist in -stable.
Reviewed by: freebsd-audit
|
|
|
|
|
|
|
|
|
| |
applications linked with Linux-PAM will still work.
Remove pam_get_pass(); OpenPAM has pam_get_authtok().
Remove pam_prompt(); OpenPAM has pam_{,v}{error,info,prompt}().
Remove pam_set_item(3) man page as OpenPAM has its own.
Sponsored by: DARPA, NAI Labs
|
|
|
|
|
|
| |
code made redundant by various PAM modules (primarily pam_unix(8)).
Sponsored by: DARPA, NAI Labs
|
|
|
|
| |
fixed to accept a NULL PAM_RHOST.
|
|
|
|
| |
Sponsored by: DARPA, NAI Labs
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
of the recent WARNS commits. The idea is:
1) FreeBSD id tags should follow vendor tags.
2) Vendor tags should not be compiled (though copyrights probably should).
3) There should be no blank line between including cdefs and __FBSDIF.
|
|
|
|
| |
cleaning-up.
|
| |
|
|
|
|
|
|
|
| |
Sort function declarations, includes. Make consistent WRT use of _P()
macro (ugh!)
Inspired by: bde
|
|
|
|
| |
Reviewed by: bde (a while back)
|
|
|
|
|
|
|
|
|
| |
the 'You have mail.' check. This is useful for sites that rely on
remote mail access, rather than a local mail spool. Due to the
behavior of login_getcapbool(), the negated form is required so as
to have appropriate results.
o This behavior may have to be independently added to sshd due to
redundant implementation.
|
|
|
|
|
|
| |
to test for a home directory don't set up the additional groups, and
as such may limit users conservatively. This does not affect the
eventual credentials selected.
|
|
|
|
| |
logic that are handled by PAM. Fix documentation to reflect this.
|
|
|
|
|
|
|
| |
revision. <utmp.h> structures don't leave room for a NUL character.
Also fix "UNKNOWN" which should have just been UNKNOWN.
Pointed out by: bde
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the uses of it were wrong anyway.
o Always check for NULL returns on strdup(3).
o Fix a possible buffer overflow in strcpy(3).
o Fix a format string vulnerability.
o t->ty_type in stypeof() could be NULL and eventually cause
a segmentation fault in setenv(3), so check for that.
Eyeballed by: kris
Reviewed by: murray
MFC after: 3 days
|
|
|
|
|
|
|
|
| |
However, there's still a bug in login.c
because you copy the environment *before* the call to pam_open_session,
which won't set the necessary variables set by /usr/ports/security/pam_ssh.
Submitted by: Volker Stolz <stolz@hyperion.informatik.rwth-aachen.de>
|
|
|
|
| |
Idea from: Theo de Raadt <deraadt@openbsd.org>
|