Change the order in which pam_sm_open_session() updates the logs. This
doesn't really make any difference, except it matches wtmp(5) better.
Don't do anything in pam_sm_close_session(); init(8) will take care of
utmp and wtmp when the tty is released. Clearing them here would make it
possible to create a ghost session by logging in, running 'login -f $USER'
and exiting the subshell.
Sponsored by: DARPA, NAI Labs (but the bugs are all mine)
Chain caching is a feature of Linux-PAM, where pam_authenticate() and
pam_open_session() "freeze" the chain so that their companion
primitive (pam_setcred() and pam_close_session() respectively) will
call the exact same modules, skipping those that failed in the
previous call.
There are several reasons not to do this, the most prominent of which
is that it makes it impossible to call pam_setcred() without first
calling pam_authenticate() - which is perfectly valid according to
DCE/RFC 86.0 and XSSO, and is necessary to make 'login -f' work.
Instead of chain caching, implement something similar to the way
Solaris' libpam behaves: pam_setcred treats "sufficient" modules as if
they were "required", i.e. does not break the chain when they succeed.
PAM modules whose pam_sm_setcred() should not be called unless their
pam_sm_authenticate() succeeded can simply set a state variable using
pam_set_data() in pam_sm_authenticate(), and use pam_get_data() to
check it in pam_sm_setcred().
Guido van Rooij [Thu, 24 Jan 2002 15:10:53 +0000 (15:10 +0000)]
1) Fix a debug statement by filling in its data before the printf in
stead of after
2) Honour NO_TEST_UNIT_READY quirk for atapi devices as well
3) Actually support FujiFilm FinePix 6800 camera's. Will very likely also
work for other FinePix models.
Based on a debug session about half a year ago with Nik Hibma.
MFC after: 2 weeks
David Malone [Thu, 24 Jan 2002 12:11:31 +0000 (12:11 +0000)]
Change brk's prototype from char *brk(const char *) to int brk(const void *)
and sbrk's prototype from char *sbrk(int) to void *sbrk(intptr_t).
This makes us more consistant with NetBSD and standards which include
these functions. Bruce pointed out that ptrdiff_t would probably
have been better than intptr_t, but this doesn't match other
implimentations.
Also remove local declarations of sbrk and unnecessary casting.
Murray Stokely [Thu, 24 Jan 2002 10:44:16 +0000 (10:44 +0000)]
Providing long filename support on the Macintosh requires over 30
megabytes of additional space on the install CD. Given our premium
for space, I don't think this is a wise use of 30MB. HFS support was
not provided on the FreeBSD 4.4 CDs and I received a grand total of 0
complaints.
Andrew Gallatin [Wed, 23 Jan 2002 22:46:14 +0000 (22:46 +0000)]
Linux/alpha uses the same BSDish return mechanism we do for
getpid, getuid, getgid and pipe, since they bootstrapped from
OSF/1 and never cleaned up. Switch to the native syscalls
on alpha so that the above functions work
Add a PAM module that provides an account management component for checking
either PAM_RHOST or PAM_TTY against /etc/login.access.o
This uncovers a problem with PAM_RHOST, in that if we always set it, there
is no way to distinguish between a user logging in locally and a user
logging in using 'ssh localhost'. This will be fixed by first making sure
that all PAM modules can handle PAM_RHOST being unset (which is currently
not the case), and then modifying su(1) and login(1) to not set it for
local logins.
Ruslan Ermilov [Wed, 23 Jan 2002 15:54:17 +0000 (15:54 +0000)]
Add pam_ssh support to the static PAM library, libpam.a:
- Spam /usr/lib some more by making libssh a standard library.
- Tweak ${LIBPAM} and ${MINUSLPAM}.
- Garbage collect unused libssh_pic.a.
- Add fake -lz dependency to secure/ makefiles needed for
dynamic linkage with -lssh.
Cameron Grant [Wed, 23 Jan 2002 05:10:56 +0000 (05:10 +0000)]
make the feederchain builder work for recording. this has not been tested
extensively as none of my testboxes have speakers or an audio source at
present, but the chains built look correct and reading /dev/audio (ulaw,
translated from signed 16 bit little-endian) gives values within the
expected range for silence.
Cameron Grant [Wed, 23 Jan 2002 04:44:03 +0000 (04:44 +0000)]
add more error checking to open of /dev/dsp* and /dev/audio* - if the
default format for the chosen subdevice cannot be obtained return an error
instead of returning success with an indeteterminate format selected.
note that this should never happen once the feederchain builder works for
recording.
Ian Dowse [Tue, 22 Jan 2002 22:54:52 +0000 (22:54 +0000)]
The mode of files created by ctm_rmail was always 0600, even if the
umask was less restrictive. This was caused by the use of mkstemp()
which internally passes a mode of 0600 to open(). Fix this by
explicitly chmod'ing the files to (0666 & ~umask).
David Greenman [Tue, 22 Jan 2002 17:38:58 +0000 (17:38 +0000)]
Null commit - the previous log message should have read:
Fixed bug in calculation of amount of file sent when nbytes !=0 and
headers or trailers are supplied. Reported by Vladislav Shabanov
<vs@rambler-co.ru>.
David Greenman [Tue, 22 Jan 2002 17:32:10 +0000 (17:32 +0000)]
Fixed bug in calculation of amount of file to send when nbytes !=0 and
headers or trailers are supplied. Reported by Vladislav Shabanov
<vs@rambler-co.ru>.
Ruslan Ermilov [Tue, 22 Jan 2002 15:15:38 +0000 (15:15 +0000)]
Reincarnate SETUID code in man(1), not compiled in by default.
The code will be fixed for all known security vulnerabilities,
and a make.conf(5) knob (ENABLE_SUID_MAN) will be provided for
those who still want it installed setuid for whatever reasons.
Kirk McKusick [Tue, 22 Jan 2002 06:17:22 +0000 (06:17 +0000)]
This patch fixes a long standing complaint with soft updates in
which small and/or nearly full filesystems would fail with `file
system full' messages when trying to replace a number of existing
files (for example during a system installation). When the allocation
routines are about to fail with a file system full condition, they
make a call to softdep_request_cleanup() which attempts to accelerate
the flushing of pending deletion requests in an effort to free up
space. In the face of filesystem I/O requests that exceed the
available disk transfer capacity, the cleanup request could take
an unbounded amount of time. Thus, the softdep_request_cleanup()
routine will only try for tickdelay seconds (default 2 seconds)
before giving up and returning a filesystem full error. Under typical
conditions, the softdep_request_cleanup() routine is able to free
up space in under fifty milliseconds.
The idea of mapping non-existen characters to space (0x20) was nice alone,
but those maps also used as backward maps for Paste, so space becomes mapped
to last non-existen character on Paste as result.
Fix it by mapping non-existen characters to another non-existen one, i.e. to
0x00, so unused 0x00 can be backward-mapped to some junk without real harm.
Hajimu UMEMOTO [Mon, 21 Jan 2002 20:04:22 +0000 (20:04 +0000)]
- Check the address family of the destination cached in a PCB.
- Clear the cached destination before getting another cached route.
Otherwise, garbage in the padding space (which might be filled in if it was
used for IPv4) could annoy rtalloc.
Return PAM_SERVICE_ERR rather than PAM_USER_UNKNOWN if getpwnam() fails, as
PAM_USER_UNKNOWN will break the chain, revealing to an attacker that the
user does not exist.
Enable OPIE by default, using the no_fake_prompts option to hide it from
users who don't wish to use it. If the admin is worried about leaking
information about which users exist and which have OPIE enabled, the
no_fake_prompts option can simply be removed.
Also insert the appropriate pam_opieaccess lines after pam_opie to break
the chain in case the user is logging in from an untrusted host, or has a
.opiealways file. The entire opieaccess / opiealways concept is slightly
unpammish, but admins familiar with OPIE will expect it to work.
Reviewed by: ache, markm
Sponsored by: DARPA, NAI Labs
Further changes to allow enabling pam_opie(8) by default:
- Ignore the {try,use}_first_pass options by clearing PAM_AUTHTOK before
challenging the user. These options are meaningless for pam_opie(8)
since the user can't possibly know the right response before she sees
the challenge.
- Introduce the no_fake_prompts option. If this option is set, pam_opie(8)
will fail - rather than present a bogus challenge - if the target user
does not have an OPIE key. With this option, users who haven't set up
OPIE won't have to wonder what that "weird otp-md5 s**t" means :)
Reviewed by: ache, markm
Sponsored by: DARPA, NAI Labs
Add a new module, pam_opieaccess(8), which is responsible for checking
/etc/opieaccess and ~/.opiealways so we can decide what to do after
pam_opie(8) fails.
Sponsored by: DARPA, NAI Labs
Reviewed by: ache, markm