#
331722 |
|
29-Mar-2018 |
eadler |
Revert r330897:
This was intended to be a non-functional change. It wasn't. The commit message was thus wrong. In addition it broke arm, and merged crypto related code.
Revert with prejudice.
This revert skips files touched in r316370 since that commit was since MFCed. This revert also skips files that require $FreeBSD$ property changes.
Thank you to those who helped me get out of this mess including but not limited to gonzo, kevans, rgrimes.
Requested by: gjb (re)
|
#
234184 |
|
12-Apr-2012 |
dumbbell |
Fix error messages containing the executed command name
Before, we took the first argument to pam_exec(8). With the addition of options in front of the command, this could be wrong.
Now, options are parsed before calling _pam_exec() and messages contain the proper command name.
While here, fix a warning.
Sponsored by: Yakaz (http://www.yakaz.com)
|
#
233507 |
|
26-Mar-2012 |
dumbbell |
Use program exit status as pam_exec return code (optional)
pam_exec(8) now accepts a new option "return_prog_exit_status". When set, the program exit status is used as the pam_exec return code. It allows the program to tell why the step failed (eg. user unknown). However, if it exits with a code not allowed by the calling PAM service module function (see $PAM_SM_FUNC below), a warning is logged and PAM_SERVICE_ERR is returned.
The following changes are related to this new feature but they apply no matter if the "return_prog_exit_status" option is set or not.
The environment passed to the program is extended: o $PAM_SM_FUNC contains the name of the PAM service module function (eg. pam_sm_authenticate). o All valid PAM return codes' numerical values are available through variables named after the return code name. For instance, $PAM_SUCCESS, $PAM_USER_UNKNOWN or $PAM_PERM_DENIED.
pam_exec return code better reflects what went on: o If the program exits with !0, the return code is now PAM_PERM_DENIED, not PAM_SYSTEM_ERR. o If the program fails because of a signal (WIFSIGNALED) or doesn't terminate normally (!WIFEXITED), the return code is now PAM_SERVICE_ERR, not PAM_SYSTEM_ERR. o If a syscall in pam_exec fails, the return code remains PAM_SYSTEM_ERR.
waitpid(2) is called in a loop. If it returns because of EINTR, do it again. Before, it would return PAM_SYSTEM_ERR without waiting for the child to exit.
Several log messages now include the PAM service module function name.
The man page is updated accordingly.
Reviewed by: gleb@, des@ Sponsored by: Yakaz (http://www.yakaz.com) MFC after: 2 weeks
|
#
150339 |
|
19-Sep-2005 |
cperciva |
When (re)allocating space for an array of pointers to char, use sizeof(*list), not sizeof(**list). (i.e., sizeof(pointer) rather than sizeof(char)).
It is possible that this buffer overflow is exploitable, but it was added after RELENG_5 forked and hasn't been MFCed, so this will not receive an advisory.
Submitted by: Vitezslav Novy MFC after: 1 day
|
#
97182 |
|
23-May-2002 |
des |
Just to show that PAM can do almost anything from the ridiculous to the obscene, or - as they say in New York - sophisticated, add pam_echo(8) and pam_exec(8) to our ever-lengthening roster of PAM modules.
Sponsored by: DARPA, NAI Labs.
|