| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
These are user-facing manpages, but were installed in the runtime-dev
package since the PAM modules use bsd.lib.mk. Use MANNODEV instead of
MAN to put them in the base runtime package instead.
Fixes: 031e711647c3 ("packages: Install development manpages in the -dev package")
MFC after: 3 days
Reviewed by: bapt
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D53601
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
These were reported by `mandoc -T lint ...` as warnings:
- unusual Xr order
- unusual Xr punctuation
Fixes made by script in https://github.com/Tarsnap/freebsd-doc-scripts
Signed-off-by: Graham Percival <gperciva@tarsnap.com>
Reviewed by: mhorne, Alexander Ziaee <concussious.bugzilla@runbox.com>
Sponsored by: Tarsnap Backup Inc.
Pull Request: https://github.com/freebsd/freebsd-src/pull/1464
|
| |
|
|
|
|
|
| |
This is a residual of the $FreeBSD$ removal.
MFC After: 3 days (though I'll just run the command on the branches)
Sponsored by: Netflix
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.
Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/
Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/
Remove /\n+#if.*\n#endif.*\n+/
Remove /^#if.*\n#endif.*\n/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/
Sponsored by: Netflix
|
| |
|
|
| |
Remove /^\.\\"\n\.\\"\s*\$FreeBSD\$$\n/
|
| |
|
|
| |
Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
|
| |
|
|
| |
Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to pam_exec(8), the `expose_authtok` option should be ignored
when the service function is `pam_sm_setcred`. Currently `pam_exec` only
prevent prompt for anth token when `expose_authtok` is set on
`pam_sm_setcred`. This subsequently led to segfault when there isn't an
existing auth token available.
Bug reported on this: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263893
After reading https://reviews.freebsd.org/rS349556 I am not sure if the
default behaviour supposed to be simply not prompt for authentication
token, or is it to ignore the option entirely as stated in the man page.
This patch is therefore only adding an additional NULL check on the item
`pam_get_item` provide, and exit with `PAM_SYSTEM_ERR` when such item is
NULL.
MFC after: 1 week
Reviewed by: des, khng
Differential Revision: https://reviews.freebsd.org/D35169
|
| |
|
|
|
|
|
|
|
| |
lib/libpam/modules/pam_exec/pam_exec.c:222:56: error: format specifies type 'char *' but the argument has type 'const void *' [-Werror,-Wformat]
if (asprintf(&envstr, "%s=%s", pam_item_env[i].name, item) < 0)
~~ ^~~~
Notes:
svn path=/projects/clang1100-import/; revision=363986
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- Implement use_first_pass, allowing expose_password to be used by other
service functions than pam_auth() without prompting a second time.
- Don't prompt for a password during pam_setcred().
PR: 238041
MFC after: 3 weeks
Notes:
svn path=/head/; revision=349556
|
| |
|
|
|
|
|
|
|
|
|
|
| |
passing the authentication token to the external program.
Approved by: re (kib)
Submitted by: Thomas Munro <munro@ip9.org>
MFC after: 1 week
Differential Revision: D16950
Notes:
svn path=/head/; revision=338453
|
| |
|
|
|
|
|
|
|
| |
Submitted by: Thomas Munro <munro@ip9.org>
MFC after: 1 week
Differential Revision: D16171
Notes:
svn path=/head/; revision=337732
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using mis-identified many licenses so this was mostly a manual - error
prone - task.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
Notes:
svn path=/head/; revision=326219
|
| |
|
|
|
|
|
| |
Sponsored by: Dell EMC Isilon
Notes:
svn path=/head/; revision=325188
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
to the user. There is currently no buffering, so the result may be
somewhat unpredictable if the conversation function adds a newline,
like openpam_ttyconv() does.
Clean up and simplify the environment handling code, which triggered
an inexplicable bug on some systems.
MFC after: 2 weeks
Notes:
svn path=/head/; revision=315710
|
| |
|
|
|
|
|
|
|
|
|
|
| |
libpam: extra bounds checking through reallocarray(3).
It appears to be causing brokenness when reporting PAM_* environment
variables. This requires more investigation.
Reported by: lstewart
Notes:
svn path=/head/; revision=315164
|
| |
|
|
|
|
|
|
| |
Reviewed by: des
MFC after: 1 week
Notes:
svn path=/head/; revision=314780
|
| |
|
|
| |
Notes:
svn path=/head/; revision=314779
|
| |
|
|
|
|
|
|
| |
Reviewed by: des
MFC after: 1 week
Notes:
svn path=/head/; revision=314777
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.
Still need to add real targets under targets/ to build packages.
Differential Revision: D2796
Reviewed by: brooks imp
Notes:
svn path=/head/; revision=284345
|
| | |
| |
| |
| | |
Notes:
svn path=/projects/bmake/; revision=274694
|
| | |
| |
| |
| | |
Notes:
svn path=/projects/bmake/; revision=266219
|
| | |
| |
| |
| | |
Notes:
svn path=/projects/bmake/; revision=265802
|
| | |
| |
| |
| | |
Notes:
svn path=/projects/bmake/; revision=248169
|
| | |
| |
| |
| | |
Notes:
svn path=/projects/bmake/; revision=246868
|
| | |
| |
| |
| | |
Notes:
svn path=/projects/bmake/; revision=242788
|
| |/
|
|
|
|
|
| |
Requested by: Simon Gerraty <sjg@juniper.net>
Notes:
svn path=/projects/bmake/; revision=239572
|
| |
|
|
|
|
|
|
|
|
| |
PR: 168016
Submitted by: Nobuyuki Koganemaru
Approved by: gjb
MFC after: 3 days
Notes:
svn path=/head/; revision=235873
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before, we took the first argument to pam_exec(8). With the addition of
options in front of the command, this could be wrong.
Now, options are parsed before calling _pam_exec() and messages contain
the proper command name.
While here, fix a warning.
Sponsored by: Yakaz (http://www.yakaz.com)
Notes:
svn path=/head/; revision=234184
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pam_exec(8) now accepts a new option "return_prog_exit_status". When
set, the program exit status is used as the pam_exec return code. It
allows the program to tell why the step failed (eg. user unknown).
However, if it exits with a code not allowed by the calling PAM service
module function (see $PAM_SM_FUNC below), a warning is logged and
PAM_SERVICE_ERR is returned.
The following changes are related to this new feature but they apply no
matter if the "return_prog_exit_status" option is set or not.
The environment passed to the program is extended:
o $PAM_SM_FUNC contains the name of the PAM service module function
(eg. pam_sm_authenticate).
o All valid PAM return codes' numerical values are available
through variables named after the return code name. For instance,
$PAM_SUCCESS, $PAM_USER_UNKNOWN or $PAM_PERM_DENIED.
pam_exec return code better reflects what went on:
o If the program exits with !0, the return code is now
PAM_PERM_DENIED, not PAM_SYSTEM_ERR.
o If the program fails because of a signal (WIFSIGNALED) or doesn't
terminate normally (!WIFEXITED), the return code is now
PAM_SERVICE_ERR, not PAM_SYSTEM_ERR.
o If a syscall in pam_exec fails, the return code remains
PAM_SYSTEM_ERR.
waitpid(2) is called in a loop. If it returns because of EINTR, do it
again. Before, it would return PAM_SYSTEM_ERR without waiting for the
child to exit.
Several log messages now include the PAM service module function name.
The man page is updated accordingly.
Reviewed by: gleb@, des@
Sponsored by: Yakaz (http://www.yakaz.com)
MFC after: 2 weeks
Notes:
svn path=/head/; revision=233507
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Similar to libexec/, do the same with lib/. Make WARNS=6 the norm and
lower it when needed.
I'm setting WARNS?=0 for secure/. It seems secure/ includes the
Makefile.inc provided by lib/. I'm not going to touch that directory.
Most of the code there is contributed anyway.
Notes:
svn path=/head/; revision=201381
|
| |
|
|
|
|
|
| |
Submitted by: Pawel Worach
Notes:
svn path=/head/; revision=194188
|
| |
|
|
|
|
|
|
| |
PR: bin/85830
MFC after: 1 week
Notes:
svn path=/head/; revision=164154
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sizeof(*list), not sizeof(**list). (i.e., sizeof(pointer) rather than
sizeof(char)).
It is possible that this buffer overflow is exploitable, but it was
added after RELENG_5 forked and hasn't been MFCed, so this will not
receive an advisory.
Submitted by: Vitezslav Novy
MFC after: 1 day
Notes:
svn path=/head/; revision=150339
|
| |
|
|
|
|
|
| |
Approved by: re
Notes:
svn path=/head/; revision=147402
|
| |
|
|
|
|
|
| |
Suggested by: Ed Maste <emaste@phaedrus.sandvine.ca>
Notes:
svn path=/head/; revision=141102
|
| |
|
|
| |
Notes:
svn path=/head/; revision=131504
|
| |
|
|
|
|
|
|
|
| |
(I've tried to keep to the spirit of the original formatting)
Reviewed by: des
Notes:
svn path=/head/; revision=112044
|
| |
|
|
|
|
|
|
| |
instance. Also bump the date since I made substantial modifications
earlier today.
Notes:
svn path=/head/; revision=110451
|
| |
|
|
| |
Notes:
svn path=/head/; revision=110448
|
| |
|
|
|
|
|
|
|
| |
environment list, which may be unsafe and / or sensitive.
Sponsored by: DARPA, NAI Labs
Notes:
svn path=/head/; revision=110446
|
|
|
obscene, or - as they say in New York - sophisticated, add pam_echo(8) and
pam_exec(8) to our ever-lengthening roster of PAM modules.
Sponsored by: DARPA, NAI Labs.
Notes:
svn path=/head/; revision=97182
|
