| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
PR: 252194
Approved by: so
Security: CVE-2020-25580
Security: FreeBSD-SA-21:03.pam_login_access
|
| |
|
|
|
|
|
|
|
| |
lib/libpam/modules/pam_exec/pam_exec.c:222:56: error: format specifies type 'char *' but the argument has type 'const void *' [-Werror,-Wformat]
if (asprintf(&envstr, "%s=%s", pam_item_env[i].name, item) < 0)
~~ ^~~~
Notes:
svn path=/projects/clang1100-import/; revision=363986
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
up to par with the Linux pam_access(8).
Like the Linux pam_access(8) our pam_login_access(8) is a service module
for pam(3) that allows a administrator to limit access from specified
remote hosts or terminals. Unlike the Linux pam_access, pam_login_access
is missing some features which are added by this commit:
Access file can now be specified. The default remains /etc/access.conf.
The syntax is consistent with Linux pam_access.
By default usernames are matched. If the username fails to match a match
against a group name is attempted. The new nodefgroup module option will
only match a username and no attempt to match a group name is made.
Group names must be specified in brackets, "()" when nodefgroup is
specified. Otherwise the old backward compatible behavior is used.
This is consistent with Linux pam_access.
A new field separator module option allows the replacement of the default
colon (:) with any other character. This facilitates potential future
specification of X displays. This is also consistent with Linux pam_access.
A new list separator module option to replace the default space/comma/tab
with another character. This too is consistent with Linux pam_access.
Linux pam_access options not implemented in this commit are the debug
and audit options. These will be implemented at a later date.
Reviewed by: bjk, bcr (for manpages)
Approved by: des (blanket, implicit)
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D23198
Notes:
svn path=/head/; revision=358070
|
| |
|
|
|
|
|
|
|
| |
Reported by: bjk
Approved by: des (blanket, implicit)
MFC after: 3 days
Notes:
svn path=/head/; revision=358069
|
| |
|
|
|
|
|
|
| |
Reported by: ports/textproc/igor
MFC after: 3 days
Notes:
svn path=/head/; revision=358068
|
| |
|
|
|
|
|
|
| |
Approved by: des (implicit, blanket)
MFC after: 3 days
Notes:
svn path=/head/; revision=358067
|
| |
|
|
|
|
|
|
|
|
|
| |
match the primary group a user belongs to. This commit extends the
match to secondary groups a user belongs to as well, just as the Linux
pam_access(5) does.
Approved by: des (implicit, blanket)
Notes:
svn path=/head/; revision=358066
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
as in the login.access(5) man page. However strcasecmp() is used to compare
for these special strings. Because of this User accounts and groups with
the corresponding lowercase names are misintrepreted to have special
whereas they should not.
This commit fixes this, conforming to the man page and to how the Linux
pam_access(8) handles these special words.
Approved by: des (implicit, blanket)
Notes:
svn path=/head/; revision=358065
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Update a bunch of Makefile.depend files as
a result of adding Makefile.depend.options files
Reviewed by: bdrewery
MFC after: 1 week
Sponsored by: Juniper Networks
Differential Revision: https://reviews.freebsd.org/D22494
Notes:
svn path=/head/; revision=355617
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Leaf directories that have dependencies impacted
by options need a Makefile.depend.options file
to avoid churn in Makefile.depend
DIRDEPS for cases such as OPENSSL, TCP_WRAPPERS etc
can be set in local.dirdeps-options.mk
which can add to those set in Makefile.depend.options
See share/mk/dirdeps-options.mk
Reviewed by: bdrewery
MFC after: 1 week
Sponsored by: Juniper Networks
Differential Revision: https://reviews.freebsd.org/D22469
Notes:
svn path=/head/; revision=355616
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- Implement use_first_pass, allowing expose_password to be used by other
service functions than pam_auth() without prompting a second time.
- Don't prompt for a password during pam_setcred().
PR: 238041
MFC after: 3 weeks
Notes:
svn path=/head/; revision=349556
|
| |
|
|
|
|
|
|
|
| |
each argument into its own paragraph.
MFC after: 3 days
Notes:
svn path=/head/; revision=347234
|
| |
|
|
|
|
|
| |
Approved by: re (kib@)
Notes:
svn path=/head/; revision=338561
|
| |
|
|
|
|
|
|
|
|
|
|
| |
passing the authentication token to the external program.
Approved by: re (kib)
Submitted by: Thomas Munro <munro@ip9.org>
MFC after: 1 week
Differential Revision: D16950
Notes:
svn path=/head/; revision=338453
|
| |
|
|
|
|
|
|
|
| |
Submitted by: Thomas Munro <munro@ip9.org>
MFC after: 1 week
Differential Revision: D16171
Notes:
svn path=/head/; revision=337732
|
| |
|
|
|
|
|
|
|
|
| |
new no_reply_message option.
MFC after: 1 week
Sponsored by: The University of Oslo
Notes:
svn path=/head/; revision=333674
|
| |
|
|
| |
Notes:
svn path=/head/; revision=333490
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using mis-identified many licenses so this was mostly a manual - error
prone - task.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
Notes:
svn path=/head/; revision=326219
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mainly focus on files that use BSD 3-Clause license.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
Notes:
svn path=/head/; revision=326025
|
| |
|
|
|
|
|
| |
Sponsored by: Dell EMC Isilon
Notes:
svn path=/head/; revision=325188
|
| |
|
|
|
|
|
|
|
|
|
|
| |
bother passing it to crypt(). It won't succeed and may allow an attacker
to confirm that the user exists.
Reported by: jkim@
MFC after: 1 week
Security: CVE-2016-6210
Notes:
svn path=/head/; revision=325010
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
to the user. There is currently no buffering, so the result may be
somewhat unpredictable if the conversation function adds a newline,
like openpam_ttyconv() does.
Clean up and simplify the environment handling code, which triggered
an inexplicable bug on some systems.
MFC after: 2 weeks
Notes:
svn path=/head/; revision=315710
|
| |
|
|
|
|
|
|
|
|
|
|
| |
libpam: extra bounds checking through reallocarray(3).
It appears to be causing brokenness when reporting PAM_* environment
variables. This requires more investigation.
Reported by: lstewart
Notes:
svn path=/head/; revision=315164
|
| |
|
|
|
|
|
|
| |
Reviewed by: des
MFC after: 1 week
Notes:
svn path=/head/; revision=314780
|
| |
|
|
| |
Notes:
svn path=/head/; revision=314779
|
| |
|
|
|
|
|
|
| |
Reviewed by: des
MFC after: 1 week
Notes:
svn path=/head/; revision=314777
|
| |
|
|
|
|
|
|
|
| |
PR: 213909
Reported by: basarevych@gmail.com
MFC after: 1 week
Notes:
svn path=/head/; revision=314598
|
| |
|
|
|
|
|
|
|
|
| |
This implifies pathing in make/displayed output
MFC after: 3 weeks
Sponsored by: Dell EMC Isilon
Notes:
svn path=/head/; revision=312452
|
| |
|
|
|
|
|
|
| |
Submitted by: vangyzen
MFC after: 2 weeks
Notes:
svn path=/head/; revision=304635
|
| |
|
|
|
|
|
|
| |
Reported by: mwlucas
MFH: 2 weeks
Notes:
svn path=/head/; revision=304626
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
code that fails to set retval before falling through to the final
return().
Reported by: emaste
Reported by: Coverity
CID: 1018711
MFC after: 1 week
Notes:
svn path=/head/; revision=299948
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
pam_sm_chauthtok(). Set user = getlogin() inside the true
branch so that it is initialized for the following PAM_LOG()
call. This is how it is done in pam_sm_authenticate().
Reported by: Coverity
CID: 272498
MFC after: 1 week
Notes:
svn path=/head/; revision=299926
|
| |\
| |
| |
| |
| |
| |
| | |
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/projects/release-pkg/; revision=298092
|
| | |
| |
| |
| |
| |
| |
| |
| | |
MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
Notes:
svn path=/head/; revision=297947
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
r284345.
The change in r284345 moved the creation of openpam_static_modules.o to
lib/libpam/static_modules but never managed to get them into libpam.a.
Move this logic to lib/libpam/static_libpam and have it create a static
library for libpam.a The main lib/libpam/libpam will only create a
shared library. No redundancy in compilation or installation exists
in this solution.
This avoids requiring a pass with -D_NO_LIBPAM_SO_YET.
Sponsored by: EMC / Isilon Storage Division
Notes:
svn path=/head/; revision=297946
|
| |\|
| |
| |
| |
| |
| |
| | |
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/projects/release-pkg/; revision=297824
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Found with devel/coccinelle.
Reviewed by: des
Notes:
svn path=/head/; revision=297755
|
| |\|
| |
| |
| |
| |
| |
| | |
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/projects/release-pkg/; revision=296869
|
| | |
| |
| |
| |
| |
| |
| | |
Sponsored by: EMC / Isilon Storage Division
Notes:
svn path=/head/; revision=296708
|
| | |
| |
| |
| | |
Notes:
svn path=/head/; revision=296657
|
| | |
| |
| |
| | |
Notes:
svn path=/head/; revision=296651
|
| | |
| |
| |
| | |
Notes:
svn path=/head/; revision=296633
|
| |\|
| |
| |
| |
| |
| |
| | |
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/projects/release-pkg/; revision=294408
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
First, the authfd API now uses a direct file descriptor for the control
socket instead of a more abstract AuthenticationConnection structure.
Second, the functions now consistently return an error value.
Reviewed by: bdrewery
Notes:
svn path=/head/; revision=294367
|
| |\|
| |
| |
| |
| |
| |
| | |
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/projects/release-pkg/; revision=293172
|
| | |
| |
| |
| |
| |
| |
| | |
Sponsored by: EMC / Isilon Storage Division
Notes:
svn path=/head/; revision=291972
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
bsd.lib.mk and bsd.prog.mk already depend all objs on headers in SRCS if
there is not yet a depend file. The headers in SRCS are never built or
installed. After 'make depend' the header was already added as a proper
dependency on the objects where needed.
MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
Notes:
svn path=/head/; revision=291941
|
| |\|
| |
| |
| | |
Notes:
svn path=/projects/release-pkg/; revision=284410
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.
Still need to add real targets under targets/ to build packages.
Differential Revision: D2796
Reviewed by: brooks imp
Notes:
svn path=/head/; revision=284345
|
| | | |\
| | |/
| |/|
| | | |
Notes:
svn path=/projects/bmake/; revision=283595
|
