272461 |
03-Oct-2014 |
gjb |
Copy stable/10@r272459 to releng/10.1 as part of the 10.1-RELEASE process.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
256281 |
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
235873 |
24-May-2012 |
wblock |
Fixes to man8 groff mandoc style, usage mistakes, or typos.
PR: 168016 Submitted by: Nobuyuki Koganemaru Approved by: gjb MFC after: 3 days
|
234184 |
12-Apr-2012 |
dumbbell |
Fix error messages containing the executed command name
Before, we took the first argument to pam_exec(8). With the addition of options in front of the command, this could be wrong.
Now, options are parsed before calling _pam_exec() and messages contain the proper command name.
While here, fix a warning.
Sponsored by: Yakaz (http://www.yakaz.com)
|
233507 |
26-Mar-2012 |
dumbbell |
Use program exit status as pam_exec return code (optional)
pam_exec(8) now accepts a new option "return_prog_exit_status". When set, the program exit status is used as the pam_exec return code. It allows the program to tell why the step failed (eg. user unknown). However, if it exits with a code not allowed by the calling PAM service module function (see $PAM_SM_FUNC below), a warning is logged and PAM_SERVICE_ERR is returned.
The following changes are related to this new feature but they apply no matter if the "return_prog_exit_status" option is set or not.
The environment passed to the program is extended: o $PAM_SM_FUNC contains the name of the PAM service module function (eg. pam_sm_authenticate). o All valid PAM return codes' numerical values are available through variables named after the return code name. For instance, $PAM_SUCCESS, $PAM_USER_UNKNOWN or $PAM_PERM_DENIED.
pam_exec return code better reflects what went on: o If the program exits with !0, the return code is now PAM_PERM_DENIED, not PAM_SYSTEM_ERR. o If the program fails because of a signal (WIFSIGNALED) or doesn't terminate normally (!WIFEXITED), the return code is now PAM_SERVICE_ERR, not PAM_SYSTEM_ERR. o If a syscall in pam_exec fails, the return code remains PAM_SYSTEM_ERR.
waitpid(2) is called in a loop. If it returns because of EINTR, do it again. Before, it would return PAM_SYSTEM_ERR without waiting for the child to exit.
Several log messages now include the PAM service module function name.
The man page is updated accordingly.
Reviewed by: gleb@, des@ Sponsored by: Yakaz (http://www.yakaz.com) MFC after: 2 weeks
|
201381 |
02-Jan-2010 |
ed |
Build lib/ with WARNS=6 by default.
Similar to libexec/, do the same with lib/. Make WARNS=6 the norm and lower it when needed.
I'm setting WARNS?=0 for secure/. It seems secure/ includes the Makefile.inc provided by lib/. I'm not going to touch that directory. Most of the code there is contributed anyway.
|
194188 |
14-Jun-2009 |
ed |
Include <stdio.h> for asprintf().
Submitted by: Pawel Worach
|
164154 |
10-Nov-2006 |
des |
childerr needs to be volatile so gcc won't optimize it away.
PR: bin/85830 MFC after: 1 week
|
150339 |
19-Sep-2005 |
cperciva |
When (re)allocating space for an array of pointers to char, use sizeof(*list), not sizeof(**list). (i.e., sizeof(pointer) rather than sizeof(char)).
It is possible that this buffer overflow is exploitable, but it was added after RELENG_5 forked and hasn't been MFCed, so this will not receive an advisory.
Submitted by: Vitezslav Novy MFC after: 1 day
|
147402 |
15-Jun-2005 |
ru |
Assorted markup fixes.
Approved by: re
|
141102 |
01-Feb-2005 |
des |
In addition to the PAM environment, export a handful of useful PAM items.
Suggested by: Ed Maste <emaste@phaedrus.sandvine.ca>
|
131504 |
02-Jul-2004 |
ru |
Mechanically kill hard sentence breaks.
|
112044 |
09-Mar-2003 |
obrien |
style.Makefile(5) police (I've tried to keep to the spirit of the original formatting)
Reviewed by: des
|
110451 |
06-Feb-2003 |
des |
Don't blame markm for what he didn't do - writing these man pages, for instance. Also bump the date since I made substantial modifications earlier today.
|
110448 |
06-Feb-2003 |
des |
Update copyright.
|
110446 |
06-Feb-2003 |
des |
Export the PAM environment to the child process instead of the "normal" environment list, which may be unsafe and / or sensitive.
Sponsored by: DARPA, NAI Labs
|
97182 |
23-May-2002 |
des |
Just to show that PAM can do almost anything from the ridiculous to the obscene, or - as they say in New York - sophisticated, add pam_echo(8) and pam_exec(8) to our ever-lengthening roster of PAM modules.
Sponsored by: DARPA, NAI Labs.
|