#
a2f733ab |
|
24-Nov-2023 |
Warner Losh <imp@FreeBSD.org> |
lib: Automated cleanup of cdefs and other formatting Apply the following automated changes to try to eliminate no-longer-needed sys/cdefs.h includes as well as now-empty blank lines in a row. Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/ Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/ Remove /\n+#if.*\n#endif.*\n+/ Remove /^#if.*\n#endif.*\n/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/ Sponsored by: Netflix
|
#
1d386b48 |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line .c pattern Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
|
#
b75e0eed |
|
21-May-2022 |
Yan Ka Chiu <nyan@myuji.xyz> |
pam_exec: fix segfault when authtok is null According to pam_exec(8), the `expose_authtok` option should be ignored when the service function is `pam_sm_setcred`. Currently `pam_exec` only prevent prompt for anth token when `expose_authtok` is set on `pam_sm_setcred`. This subsequently led to segfault when there isn't an existing auth token available. Bug reported on this: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263893 After reading https://reviews.freebsd.org/rS349556 I am not sure if the default behaviour supposed to be simply not prompt for authentication token, or is it to ignore the option entirely as stated in the man page. This patch is therefore only adding an additional NULL check on the item `pam_get_item` provide, and exit with `PAM_SYSTEM_ERR` when such item is NULL. MFC after: 1 week Reviewed by: des, khng Differential Revision: https://reviews.freebsd.org/D35169
|
#
22800593 |
|
06-Aug-2020 |
Dimitry Andric <dim@FreeBSD.org> |
Apply tentative fix for clang 11 warning in pam_exec(8): lib/libpam/modules/pam_exec/pam_exec.c:222:56: error: format specifies type 'char *' but the argument has type 'const void *' [-Werror,-Wformat] if (asprintf(&envstr, "%s=%s", pam_item_env[i].name, item) < 0) ~~ ^~~~
|
#
4d34b914 |
|
30-Jun-2019 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Changes to the expose_password functionality: - Implement use_first_pass, allowing expose_password to be used by other service functions than pam_auth() without prompting a second time. - Don't prompt for a password during pam_setcred(). PR: 238041 MFC after: 3 weeks
|
#
e165d7bc |
|
04-Sep-2018 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
For full Linux-PAM compatibility, add a trailing NUL character when passing the authentication token to the external program. Approved by: re (kib) Submitted by: Thomas Munro <munro@ip9.org> MFC after: 1 week Differential Revision: D16950
|
#
bb3ba83e |
|
13-Aug-2018 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Add support for Linux-PAM's badly named expose_authtok option. Submitted by: Thomas Munro <munro@ip9.org> MFC after: 1 week Differential Revision: D16171
|
#
5e53a4f9 |
|
25-Nov-2017 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
lib: further adoption of SPDX licensing ID tags. Mainly focus on files that use BSD 2-Clause license, however the tool I was using mis-identified many licenses so this was mostly a manual - error prone - task. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts.
|
#
3869fb78 |
|
22-Mar-2017 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Add options to capture stdout and / or stderr and pass the output on to the user. There is currently no buffering, so the result may be somewhat unpredictable if the conversation function adds a newline, like openpam_ttyconv() does. Clean up and simplify the environment handling code, which triggered an inexplicable bug on some systems. MFC after: 2 weeks
|
#
94a13445 |
|
12-Mar-2017 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
Revert r314780 libpam: extra bounds checking through reallocarray(3). It appears to be causing brokenness when reporting PAM_* environment variables. This requires more investigation. Reported by: lstewart
|
#
b5120bba |
|
06-Mar-2017 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
libpam: extra bounds checking through reallocarray(3). Reviewed by: des MFC after: 1 week
|
#
fdd2f2eb |
|
06-Mar-2017 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
Revert r314777: wrong log, the change was to libpam.
|
#
bb7d0109 |
|
06-Mar-2017 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
libfetch: extra bounds checking through reallocarray(3). Reviewed by: des MFC after: 1 week
|
#
3902d8a9 |
|
12-Apr-2012 |
Jean-Sébastien Pédron <dumbbell@FreeBSD.org> |
Fix error messages containing the executed command name Before, we took the first argument to pam_exec(8). With the addition of options in front of the command, this could be wrong. Now, options are parsed before calling _pam_exec() and messages contain the proper command name. While here, fix a warning. Sponsored by: Yakaz (http://www.yakaz.com)
|
#
7e3d5c1f |
|
25-Mar-2012 |
Jean-Sébastien Pédron <dumbbell@FreeBSD.org> |
Use program exit status as pam_exec return code (optional) pam_exec(8) now accepts a new option "return_prog_exit_status". When set, the program exit status is used as the pam_exec return code. It allows the program to tell why the step failed (eg. user unknown). However, if it exits with a code not allowed by the calling PAM service module function (see $PAM_SM_FUNC below), a warning is logged and PAM_SERVICE_ERR is returned. The following changes are related to this new feature but they apply no matter if the "return_prog_exit_status" option is set or not. The environment passed to the program is extended: o $PAM_SM_FUNC contains the name of the PAM service module function (eg. pam_sm_authenticate). o All valid PAM return codes' numerical values are available through variables named after the return code name. For instance, $PAM_SUCCESS, $PAM_USER_UNKNOWN or $PAM_PERM_DENIED. pam_exec return code better reflects what went on: o If the program exits with !0, the return code is now PAM_PERM_DENIED, not PAM_SYSTEM_ERR. o If the program fails because of a signal (WIFSIGNALED) or doesn't terminate normally (!WIFEXITED), the return code is now PAM_SERVICE_ERR, not PAM_SYSTEM_ERR. o If a syscall in pam_exec fails, the return code remains PAM_SYSTEM_ERR. waitpid(2) is called in a loop. If it returns because of EINTR, do it again. Before, it would return PAM_SYSTEM_ERR without waiting for the child to exit. Several log messages now include the PAM service module function name. The man page is updated accordingly. Reviewed by: gleb@, des@ Sponsored by: Yakaz (http://www.yakaz.com) MFC after: 2 weeks
|
#
a7d5f7eb |
|
19-Oct-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
A new jail(8) with a configuration file, to replace the work currently done by /etc/rc.d/jail.
|
#
fe0506d7 |
|
09-Mar-2010 |
Marcel Moolenaar <marcel@FreeBSD.org> |
Create the altix project branch. The altix project will add support for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting is a two-module system, consisting of a base compute module and a CPU expansion module. SGI's NUMAFlex architecture can be an excellent platform to test CPU affinity and NUMA-aware features in FreeBSD.
|
#
8bdb099a |
|
13-Jun-2009 |
Ed Schouten <ed@FreeBSD.org> |
Include <stdio.h> for asprintf(). Submitted by: Pawel Worach
|
#
d7f03759 |
|
19-Oct-2008 |
Ulf Lilleengen <lulf@FreeBSD.org> |
- Import the HEAD csup code which is the basis for the cvsmode work.
|
#
1cede0c9 |
|
10-Nov-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
childerr needs to be volatile so gcc won't optimize it away. PR: bin/85830 MFC after: 1 week
|
#
25284732 |
|
19-Sep-2005 |
Colin Percival <cperciva@FreeBSD.org> |
When (re)allocating space for an array of pointers to char, use sizeof(*list), not sizeof(**list). (i.e., sizeof(pointer) rather than sizeof(char)). It is possible that this buffer overflow is exploitable, but it was added after RELENG_5 forked and hasn't been MFCed, so this will not receive an advisory. Submitted by: Vitezslav Novy MFC after: 1 day
|
#
9d97c7ee |
|
01-Feb-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
In addition to the PAM environment, export a handful of useful PAM items. Suggested by: Ed Maste <emaste@phaedrus.sandvine.ca>
|
#
37def36f |
|
05-Feb-2003 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update copyright.
|
#
a76a4d44 |
|
05-Feb-2003 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Export the PAM environment to the child process instead of the "normal" environment list, which may be unsafe and / or sensitive. Sponsored by: DARPA, NAI Labs
|
#
f65b2180 |
|
23-May-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Just to show that PAM can do almost anything from the ridiculous to the obscene, or - as they say in New York - sophisticated, add pam_echo(8) and pam_exec(8) to our ever-lengthening roster of PAM modules. Sponsored by: DARPA, NAI Labs.
|