| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
conditionally build in audit support.
Submitted by: bz
MFC after: 1 week
|
| |
|
|
|
|
|
| |
Requested by: novel
Discussed with: brueffer, simon
|
| |
|
|
|
|
|
|
|
|
|
|
| |
dereference it.
This will happen if we ^D at the Login: prompt without having provided a
valid login before.
Set pwd to NULL on bad login attempts to prevent audit_logout() from being
called for a user which didn't actually log on.
Reported by: Jerome Magnin jethro at docisland dot org
|
|
|
|
|
|
|
|
| |
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html
The src.conf(5) manpage is to follow in a few days.
Brought to you by: imp, jhb, kris, phk, ru (all bugs are mine)
|
|
|
|
|
|
| |
Therefore give a xref, not details.
MFC after: 3 days
|
|
|
|
| |
MFC after: 3 days
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
in usr.bin/login because the login.access feature has
moved to PAM completely.
Their counterparts in lib/libpam/modules/pam_login_access
have been found to be in sync with, and even in better shape
than, login.access.5 and login_access.c here.
Therefore cvs rm login.access.5 and login_access.c from
usr.bin/login so that nobody will waste their time on fixing
or developing the files here.
MFC after: 3 days
|
|
|
|
|
|
| |
it's PAM's job.
MFC after: 3 days
|
|
|
|
|
|
|
| |
login.access.5 will be installed from the respective PAM
module's src directory.
MFC after: 3 days
|
|
|
|
|
|
|
|
|
| |
events. The specifics of submitting the records is contained within
login_audit.c.
Document the auditing behavior in the man page.
Obtained from: TrustedBSD Project, Apple Computer, Inc.
Approved by: rwatson (mentor)
|
|
|
|
|
|
|
|
| |
defined in user's $HOME/.login_conf.
PR: bin/75001
Submitted by: Rostislav Krasny
MFC after: 2 weeks
|
|
|
|
|
|
|
|
| |
to PRECIOUSLIB from bsd.lib.mk. The side effect of this
is making installing the world under jail(8) possible by
using another knob, NOFSCHG.
Reviewed by: oliver
|
|
|
|
| |
Reminded by: simon in ru-mode
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
and tab lossage).
Garbage-collected NEED_LIBNAMES.
|
| |
|
| |
|
|
|
|
|
| |
business trying to impersonate su(1), and it does not need to be setuid
to function properly when invoked by getty(8) or telnetd(8).
|
| |
|
|
|
|
|
| |
PR: 61354
Submitted by: Eugeny Grosbein <eugen (at) kuzbass.ru>
|
|
|
|
|
| |
PR: 54201
Submitted by: mdg <mdg@secureworks.net>
|
|
|
|
| |
chmod() failure.
|
|
|
|
|
|
|
|
| |
"login_prompt". This makes more sense than "prompt" which is what
login actually used, so change the code to match the documentation.
PR: docs/51396
MFC in: 3 days
|
| |
|
|
|
|
| |
pam_opieaccess() to work as expected for local logins.
|
|
|
|
| |
are waiting for, and we don't want to reap the wrong process.
|
|
|
|
|
|
|
|
| |
the command line by getty(8). This is not a perfect fix, but drastically
reduces the window of exposure.
Approved by: re (rwatson)
MFC after: 1 week
|
| |
|
|
|
|
| |
Spotted by: FlexeLint
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
it complains that it can't do it because the filesystem is readonly.
Assume that when the user has a readonly /dev that they don't care if
login can't change the permissions/flags. While this does break a few
things like msgs, we'll assume that the user setting up the read only
system knows what they are doing.
All this change does is to stop the complaint when the file system is
read only. It also adds comments as to why EROFS and EOPNOTSUPP are
ignored.
This allows one to have a read-only / w/o a /dev MFS and have a
relatively warning-free existence. /etc/rc still complains when it
can't chown/chflags/chmod things, but that's easy to ignore/tweak.
Reviewed by: roberto, phk
Sponsored by: Timing Solutions
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Sponsored by: DARPA, NAI Labs
|
|
|
|
|
|
| |
blank lines).
Not unapproved of by: markm
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
the correct userid, instead of random garbage. This bug does not
exist in -stable.
Reviewed by: freebsd-audit
|
|
|
|
|
|
|
|
|
| |
applications linked with Linux-PAM will still work.
Remove pam_get_pass(); OpenPAM has pam_get_authtok().
Remove pam_prompt(); OpenPAM has pam_{,v}{error,info,prompt}().
Remove pam_set_item(3) man page as OpenPAM has its own.
Sponsored by: DARPA, NAI Labs
|
| |
|
|
|
|
|
|
| |
code made redundant by various PAM modules (primarily pam_unix(8)).
Sponsored by: DARPA, NAI Labs
|
|
|
|
| |
fixed to accept a NULL PAM_RHOST.
|