From owner-freebsd-audit Mon Nov 26 7:55: 5 2001 Delivered-To: freebsd-audit@freebsd.org Received: from freebsd.org.ru (sweet.etrust.ru [194.84.67.5]) by hub.freebsd.org (Postfix) with ESMTP id CE99637B41A for ; Mon, 26 Nov 2001 07:54:52 -0800 (PST) Received: by freebsd.org.ru (Postfix, from userid 1000) id 2B8682CE; Mon, 26 Nov 2001 18:54:50 +0300 (MSK) Date: Mon, 26 Nov 2001 18:54:50 +0300 From: "Sergey A. Osokin" To: audit@FreeBSD.org Cc: Dave Chapeskie Subject: Re: date(1) WARNS=2 cleanup Message-ID: <20011126185449.A29823@freebsd.org.ru> References: <20011123150934.A10406@freebsd.org.ru> <20011123161136.A11027@freebsd.org.ru> <20011123171705.A2462@ddm.wox.org> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="IJpNTDwzlM2Ie8A6" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011123171705.A2462@ddm.wox.org>; from freebsd@ddm.wox.org on Fri, Nov 23, 2001 at 05:17:05PM -0500 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --IJpNTDwzlM2Ie8A6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline [skip] OK. Please review new version of patch. Thanks. -- Rgdz, /"\ Sergey Osokin aka oZZ, \ / ASCII RIBBON CAMPAIGN osa@freebsd.org.ru X AGAINST HTML MAIL http://freebsd.org.ru/~osa/ / \ --IJpNTDwzlM2Ie8A6 Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=patch-date diff -ruN date.orig/Makefile date/Makefile --- date.orig/Makefile Mon Nov 26 00:54:55 2001 +++ date/Makefile Mon Nov 26 05:45:11 2001 @@ -6,4 +6,6 @@ DPADD= ${LIBUTIL} LDADD= -lutil +WARNS?= 2 + .include diff -ruN date.orig/date.c date/date.c --- date.orig/date.c Mon Nov 26 00:54:55 2001 +++ date/date.c Mon Nov 26 05:40:41 2001 @@ -50,12 +50,13 @@ #include #include +#include +#include #include #include #include #include #include -#include #include "extern.h" #include "vary.h" @@ -71,8 +72,6 @@ static void badformat __P((void)); static void usage __P((void)); -int logwtmp __P((char *, char *, char *)); - int main(argc, argv) int argc; @@ -148,7 +147,7 @@ if (!rflag && time(&tval) == -1) err(1, "time"); - format = "%+"; + (const char *)format = "%+"; /* allow the operands in any order */ if (*argv && **argv == '+') { diff -ruN date.orig/netdate.c date/netdate.c --- date.orig/netdate.c Mon Nov 26 00:54:55 2001 +++ date/netdate.c Fri Nov 23 13:08:41 2001 @@ -74,10 +74,10 @@ struct timeval tout; struct servent *sp; struct tsp msg; - struct sockaddr_in sin, dest, from; + struct sockaddr_in osin, dest, from; fd_set ready; long waittime; - int s, length, port, timed_ack, found, err; + int s, length, port, timed_ack, found, oerr; char hostname[MAXHOSTNAMELEN]; if ((sp = getservbyname("timed", "udp")) == NULL) { @@ -95,11 +95,11 @@ return (retval = 2); } - memset(&sin, 0, sizeof(sin)); - sin.sin_family = AF_INET; + memset(&osin, 0, sizeof(osin)); + osin.sin_family = AF_INET; for (port = IPPORT_RESERVED - 1; port > IPPORT_RESERVED / 2; port--) { - sin.sin_port = htons((u_short)port); - if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0) + osin.sin_port = htons((u_short)port); + if (bind(s, (struct sockaddr *)&osin, sizeof(osin)) >= 0) break; if (errno == EADDRINUSE) continue; @@ -143,11 +143,11 @@ FD_SET(s, &ready); found = select(FD_SETSIZE, &ready, (fd_set *)0, (fd_set *)0, &tout); - length = sizeof(err); + length = sizeof(oerr); if (!getsockopt(s, - SOL_SOCKET, SO_ERROR, (char *)&err, &length) && err) { - if (err != ECONNREFUSED) - warnc(err, "send (delayed error)"); + SOL_SOCKET, SO_ERROR, (char *)&oerr, &length) && oerr) { + if (oerr != ECONNREFUSED) + warnc(oerr, "send (delayed error)"); goto bad; } diff -ruN date.orig/vary.c date/vary.c --- date.orig/vary.c Mon Nov 26 00:54:55 2001 +++ date/vary.c Sun Nov 25 23:59:42 2001 @@ -37,7 +37,7 @@ struct trans { int val; - char *str; + const char *str; }; static struct trans trans_mon[] = { @@ -203,14 +203,14 @@ static int adjday(struct tm *t, char type, int val, int mk) { - int mdays; + int omdays; switch (type) { case '+': while (val) { - mdays = daysinmonth(t); - if (val > mdays - t->tm_mday) { - val -= mdays - t->tm_mday + 1; + omdays = daysinmonth(t); + if (val > omdays - t->tm_mday) { + val -= omdays - t->tm_mday + 1; t->tm_mday = 1; if (!adjmon(t, '+', 1, 0, 0)) return 0; @@ -413,7 +413,7 @@ char type; char which; char *arg; - int len; + size_t len; int val; for (; v; v = v->next) { --IJpNTDwzlM2Ie8A6-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Nov 26 8:34:54 2001 Delivered-To: freebsd-audit@freebsd.org Received: from bazooka.trit.org (bazooka.trit.org [63.198.170.138]) by hub.freebsd.org (Postfix) with ESMTP id 7443D37B419; Mon, 26 Nov 2001 08:34:45 -0800 (PST) Received: by bazooka.trit.org (Postfix, from userid 1000) id 24CC43EC8; Mon, 26 Nov 2001 16:34:45 +0000 (UTC) Received: from bazooka (localhost [127.0.0.1]) by bazooka.trit.org (Postfix) with ESMTP id 235173C12F; Mon, 26 Nov 2001 16:34:45 +0000 (UTC) To: audit@freebsd.org Cc: jhb@freebsd.org Subject: DDB 'kill' command Date: Mon, 26 Nov 2001 16:34:40 +0000 From: Dima Dorfman Message-Id: <20011126163445.24CC43EC8@bazooka.trit.org> Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG The attached patch implements a 'kill' command in DDB. Previously, it was possible to do `call psignal(xxx,yyy)` and have it DTRT. (This was very useful when you accidently got your system so deep in the hole that spawning kill(1) takes forever and even then possibly doesn't succeed.) However, psignal() doesn't respect locking by itself, so trying that now leads to all kinds of badness. This patch basically wraps the psignal() call in a 'kill' command that respects all necessary locks. Actually, it isn't very clear exactly which locks it should respect. The debugger is a special case in this way. This patch uses the PROC_TRYLOCK macro; if it fails, the command bails out. Thus, it can't use pfind()--the latter automatically does a PROC_LOCK--so it has to walk the allproc list manually. It does *not* attempt to get a shared lock on the allproc list. There is similar code in db_trace.c, and it doesn't call sx_slock(), either; I asked jhb about this a while ago, and all he said was that it is intentional. Please review. Thanks. Index: db_command.c =================================================================== RCS file: /ref/cvsf/src/sys/ddb/db_command.c,v retrieving revision 1.40 diff -u -r1.40 db_command.c --- db_command.c 2001/11/05 21:50:55 1.40 +++ db_command.c 2001/11/26 00:52:40 @@ -36,7 +36,11 @@ */ #include #include +#include +#include +#include #include +#include #include #include @@ -63,6 +67,7 @@ static db_cmdfcn_t db_fncall; static db_cmdfcn_t db_gdb; +static db_cmdfcn_t db_kill; static db_cmdfcn_t db_reset; /* XXX this is actually forward-static. */ @@ -418,6 +423,7 @@ { "ps", db_ps, 0, 0 }, { "gdb", db_gdb, 0, 0 }, { "reset", db_reset, 0, 0 }, + { "kill", db_kill, CS_OWN, 0 }, { (char *)0, } }; @@ -571,6 +577,59 @@ db_printf("Next trap will enter %s\n", boothowto & RB_GDB ? "GDB remote protocol mode" : "DDB debugger"); +} + +static void +db_kill(dummy1, dummy2, dummy3, dummy4) + db_expr_t dummy1; + boolean_t dummy2; + db_expr_t dummy3; + char * dummy4; +{ + db_expr_t old_radix, pid, sig; + struct proc *p; + +#define DB_ERROR(f) do { db_printf f; db_flush_lex(); goto out; } while (0) + + /* + * PIDs and signal numbers are typically represented in base + * 10, so make that the default here. It can, of course, be + * overridden by specifying a prefix. + */ + old_radix = db_radix; + db_radix = 10; + /* Retrieve arguments. */ + if (!db_expression(&sig)) + DB_ERROR(("Missing signal number\n")); + if (!db_expression(&pid)) + DB_ERROR(("Missing process ID\n")); + db_skip_to_eol(); + if (sig < 0 || sig > _SIG_MAXSIG) + DB_ERROR(("Signal number out of range\n")); + + /* + * Find the process in question. allproc_lock is not needed + * since we're in DDB. + */ + /* sx_slock(&allproc_lock); */ + LIST_FOREACH(p, &allproc, p_list) + if (p->p_pid == pid) + break; + /* sx_sunlock(&allproc_lock); */ + if (p == NULL) + DB_ERROR(("Can't find process with pid %d\n", pid)); + + /* If it's already locked, bail; otherwise, do the deed. */ + if (PROC_TRYLOCK(p) == 0) + DB_ERROR(("Can't lock process with pid %d\n", pid)); + else { + psignal(p, sig); + PROC_UNLOCK(p); + } + +out: + db_radix = old_radix; +#undef DB_ERROR } static void To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Nov 26 8:45:52 2001 Delivered-To: freebsd-audit@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 799D437B417; Mon, 26 Nov 2001 08:44:51 -0800 (PST) Received: by flood.ping.uio.no (Postfix, from userid 2602) id F0CD414C52; Mon, 26 Nov 2001 17:44:46 +0100 (CET) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: audit@freebsd.org Cc: markm@freebsd.org Subject: PAM module patch for review From: Dag-Erling Smorgrav Date: 26 Nov 2001 17:44:46 +0100 Message-ID: Lines: 28 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --=-=-= Attached. Not as much as I'd like - I did absolutely zip on PAM last week - but better than nothing, and I'll try to pick up the pace a bit. Summary of changes: - Dummy facilities as previously discussed; they all return PAM_IGNORE, which is possibly wrong for at least some of them, but I'll take a closer look at each of them and tweak them later as I gain more experience with PAM. - New pam_self(8) module with man page. - New pam_ssh(8) man page. - Ndditions to the pam_unix(8) man page. - Some minor style(9) fixes. I'm going to continue cleaning up the module man pages and tweak the dummy facilities a bit. DES -- Dag-Erling Smorgrav - des@ofug.org --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=pam-modules.diff Index: Makefile =================================================================== RCS file: /home/ncvs/src/lib/libpam/modules/Makefile,v retrieving revision 1.14 diff -u -r1.14 Makefile --- Makefile 2 Aug 2001 19:01:02 -0000 1.14 +++ Makefile 19 Nov 2001 16:12:27 -0000 @@ -38,6 +38,7 @@ SUBDIR+= pam_radius SUBDIR+= pam_rootok SUBDIR+= pam_securetty +SUBDIR+= pam_self .if !defined(NOCRYPT) && !defined(NO_OPENSSL) && !defined(NO_OPENSSH) SUBDIR+= pam_ssh .endif Index: pam_deny/pam_deny.c =================================================================== RCS file: /home/ncvs/src/lib/libpam/modules/pam_deny/pam_deny.c,v retrieving revision 1.3 diff -u -r1.3 pam_deny.c --- pam_deny/pam_deny.c 30 Sep 2001 22:10:59 -0000 1.3 +++ pam_deny/pam_deny.c 19 Nov 2001 14:52:41 -0000 @@ -1,6 +1,13 @@ /*- * Copyright 2001 Mark R V Murray * All rights reserved. + * Copyright (c) 2001 Networks Associates Technologies, Inc. + * All rights reserved. + * + * Portions of this software were developed for the FreeBSD Project by + * ThinkSec AS and NAI Labs, the Security Research Division of Network + * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -10,6 +17,9 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE Index: pam_ftp/pam_ftp.c =================================================================== RCS file: /home/ncvs/src/lib/libpam/modules/pam_ftp/pam_ftp.c,v retrieving revision 1.4 diff -u -r1.4 pam_ftp.c --- pam_ftp/pam_ftp.c 30 Sep 2001 22:10:59 -0000 1.4 +++ pam_ftp/pam_ftp.c 19 Nov 2001 14:53:54 -0000 @@ -1,6 +1,13 @@ /*- * Copyright (c) 2001 Mark R V Murray * All rights reserved. + * Copyright (c) 2001 Networks Associates Technologies, Inc. + * All rights reserved. + * + * Portions of this software were developed for the FreeBSD Project by + * ThinkSec AS and NAI Labs, the Security Research Division of Network + * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -10,6 +17,9 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE @@ -40,6 +50,10 @@ #include #define PAM_SM_AUTH +#define PAM_SM_ACCOUNT +#define PAM_SM_SESSION +#define PAM_SM_PASSWORD + #include #include @@ -80,8 +94,7 @@ } locallist = NULL; } - } - else { + } else { for (i = 0; anonusers[i] != NULL; i++) { if (strcmp(anonusers[i], user) == 0) { *userret = anonusers[0]; @@ -131,8 +144,7 @@ PAM_RETURN(retval); prompt = GUEST_PROMPT; PAM_LOG("Doing anonymous"); - } - else { + } else { prompt = PROMPT; PAM_LOG("Doing non-anonymous"); } @@ -158,16 +170,14 @@ } } } - } - else + } else PAM_LOG("Ignoring supplied password structure"); PAM_LOG("Done anonymous"); retval = PAM_SUCCESS; - } - else { + } else { pam_set_item(pamh, PAM_AUTHTOK, token); PAM_VERBOSE_ERROR("Anonymous module reject"); @@ -190,6 +200,54 @@ PAM_LOG("Options processed"); PAM_RETURN(PAM_SUCCESS); +} + +PAM_EXTERN int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc ,const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); +} + +PAM_EXTERN int +pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); +} + +PAM_EXTERN int +pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); +} + +PAM_EXTERN int +pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); } PAM_MODULE_ENTRY("pam_ftp"); Index: pam_nologin/pam_nologin.c =================================================================== RCS file: /home/ncvs/src/lib/libpam/modules/pam_nologin/pam_nologin.c,v retrieving revision 1.4 diff -u -r1.4 pam_nologin.c --- pam_nologin/pam_nologin.c 30 Sep 2001 22:11:01 -0000 1.4 +++ pam_nologin/pam_nologin.c 19 Nov 2001 14:53:13 -0000 @@ -1,6 +1,13 @@ /*- * Copyright 2001 Mark R V Murray * All rights reserved. + * Copyright (c) 2001 Networks Associates Technologies, Inc. + * All rights reserved. + * + * Portions of this software were developed for the FreeBSD Project by + * ThinkSec AS and NAI Labs, the Security Research Division of Network + * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -10,6 +17,9 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE @@ -27,8 +37,6 @@ #include __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_nologin/pam_nologin.c,v 1.4 2001/09/30 22:11:01 dillon Exp $"); -#define PAM_SM_AUTH - #include #include #include @@ -38,6 +46,11 @@ #include #include +#define PAM_SM_AUTH +#define PAM_SM_ACCOUNT +#define PAM_SM_SESSION +#define PAM_SM_PASSWORD + #include #include #include "pam_mod_misc.h" @@ -113,6 +126,54 @@ PAM_LOG("Options processed"); PAM_RETURN(PAM_SUCCESS); +} + +PAM_EXTERN int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc ,const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); +} + +PAM_EXTERN int +pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); +} + +PAM_EXTERN int +pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); +} + +PAM_EXTERN int +pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); } PAM_MODULE_ENTRY("pam_nologin"); Index: pam_opie/pam_opie.c =================================================================== RCS file: /home/ncvs/src/lib/libpam/modules/pam_opie/pam_opie.c,v retrieving revision 1.6 diff -u -r1.6 pam_opie.c --- pam_opie/pam_opie.c 30 Sep 2001 22:11:01 -0000 1.6 +++ pam_opie/pam_opie.c 19 Nov 2001 14:53:46 -0000 @@ -1,7 +1,14 @@ /*- * Copyright 2000 James Bloom * All rights reserved. - * Based upon code Copyright 1998 Juniper Networks, Inc. + * Based upon code Copyright 1998 Juniper Networks, Inc. + * Copyright (c) 2001 Networks Associates Technologies, Inc. + * All rights reserved. + * + * Portions of this software were developed for the FreeBSD Project by + * ThinkSec AS and NAI Labs, the Security Research Division of Network + * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -11,6 +18,9 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE @@ -36,6 +46,10 @@ #include #define PAM_SM_AUTH +#define PAM_SM_ACCOUNT +#define PAM_SM_SESSION +#define PAM_SM_PASSWORD + #include #include "pam_mod_misc.h" @@ -77,8 +91,7 @@ if (pam_test_option(&options, PAM_OPT_AUTH_AS_SELF, NULL)) { pwd = getpwnam(getlogin()); user = pwd->pw_name; - } - else { + } else { retval = pam_get_user(pamh, (const char **)&user, NULL); if (retval != PAM_SUCCESS) PAM_RETURN(retval); @@ -133,6 +146,54 @@ PAM_LOG("Options processed"); PAM_RETURN(PAM_SUCCESS); +} + +PAM_EXTERN int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc ,const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); +} + +PAM_EXTERN int +pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); +} + +PAM_EXTERN int +pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); +} + +PAM_EXTERN int +pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); } PAM_MODULE_ENTRY("pam_opie"); Index: pam_permit/pam_permit.c =================================================================== RCS file: /home/ncvs/src/lib/libpam/modules/pam_permit/pam_permit.c,v retrieving revision 1.2 diff -u -r1.2 pam_permit.c --- pam_permit/pam_permit.c 30 Sep 2001 22:11:02 -0000 1.2 +++ pam_permit/pam_permit.c 19 Nov 2001 14:53:42 -0000 @@ -1,6 +1,13 @@ /*- * Copyright 2001 Mark R V Murray * All rights reserved. + * Copyright (c) 2001 Networks Associates Technologies, Inc. + * All rights reserved. + * + * Portions of this software were developed for the FreeBSD Project by + * ThinkSec AS and NAI Labs, the Security Research Division of Network + * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -10,6 +17,9 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE Index: pam_radius/pam_radius.c =================================================================== RCS file: /home/ncvs/src/lib/libpam/modules/pam_radius/pam_radius.c,v retrieving revision 1.5 diff -u -r1.5 pam_radius.c --- pam_radius/pam_radius.c 30 Sep 2001 22:11:02 -0000 1.5 +++ pam_radius/pam_radius.c 19 Nov 2001 14:53:24 -0000 @@ -1,6 +1,13 @@ /*- * Copyright 1998 Juniper Networks, Inc. * All rights reserved. + * Copyright (c) 2001 Networks Associates Technologies, Inc. + * All rights reserved. + * + * Portions of this software were developed for the FreeBSD Project by + * ThinkSec AS and NAI Labs, the Security Research Division of Network + * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -10,6 +17,9 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE @@ -36,6 +46,10 @@ #include #define PAM_SM_AUTH +#define PAM_SM_ACCOUNT +#define PAM_SM_SESSION +#define PAM_SM_PASSWORD + #include #include "pam_mod_misc.h" @@ -252,7 +266,7 @@ PAM_LOG("Radius build access done"); - for ( ; ; ) { + for (;;) { switch (rad_send_request(radh)) { case RAD_ACCESS_ACCEPT: @@ -324,6 +338,54 @@ PAM_LOG("Options processed"); PAM_RETURN(PAM_SUCCESS); +} + +PAM_EXTERN int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc ,const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); +} + +PAM_EXTERN int +pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); +} + +PAM_EXTERN int +pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); +} + +PAM_EXTERN int +pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); } PAM_MODULE_ENTRY("pam_radius"); Index: pam_rootok/pam_rootok.c =================================================================== RCS file: /home/ncvs/src/lib/libpam/modules/pam_rootok/pam_rootok.c,v retrieving revision 1.3 diff -u -r1.3 pam_rootok.c --- pam_rootok/pam_rootok.c 30 Sep 2001 22:11:03 -0000 1.3 +++ pam_rootok/pam_rootok.c 19 Nov 2001 14:34:34 -0000 @@ -1,6 +1,13 @@ /*- * Copyright (c) 2001 Mark R V Murray * All rights reserved. + * Copyright (c) 2001 Networks Associates Technologies, Inc. + * All rights reserved. + * + * Portions of this software were developed for the FreeBSD Project by + * ThinkSec AS and NAI Labs, the Security Research Division of Network + * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -10,6 +17,9 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE @@ -33,6 +43,9 @@ #include #define PAM_SM_AUTH +#define PAM_SM_ACCOUNT +#define PAM_SM_SESSION +#define PAM_SM_PASSWORD #include #include @@ -65,6 +78,54 @@ PAM_LOG("Options processed"); PAM_RETURN(PAM_SUCCESS); +} + +PAM_EXTERN int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc ,const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); +} + +PAM_EXTERN int +pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); +} + +PAM_EXTERN int +pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); +} + +PAM_EXTERN int +pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); } PAM_MODULE_ENTRY("pam_rootok"); Index: pam_securetty/pam_securetty.c =================================================================== RCS file: /home/ncvs/src/lib/libpam/modules/pam_securetty/pam_securetty.c,v retrieving revision 1.4 diff -u -r1.4 pam_securetty.c --- pam_securetty/pam_securetty.c 30 Sep 2001 22:11:03 -0000 1.4 +++ pam_securetty/pam_securetty.c 19 Nov 2001 14:35:24 -0000 @@ -1,6 +1,13 @@ /*- * Copyright (c) 2001 Mark R V Murray * All rights reserved. + * Copyright (c) 2001 Networks Associates Technologies, Inc. + * All rights reserved. + * + * Portions of this software were developed for the FreeBSD Project by + * ThinkSec AS and NAI Labs, the Security Research Division of Network + * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -10,6 +17,9 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE @@ -34,6 +44,10 @@ #include #define PAM_SM_AUTH +#define PAM_SM_ACCOUNT +#define PAM_SM_SESSION +#define PAM_SM_PASSWORD + #include #include @@ -102,6 +116,54 @@ PAM_LOG("Options processed"); PAM_RETURN(PAM_SUCCESS); +} + +PAM_EXTERN int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc ,const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); +} + +PAM_EXTERN int +pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); +} + +PAM_EXTERN int +pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); +} + +PAM_EXTERN int +pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); } PAM_MODULE_ENTRY("pam_securetty"); Index: pam_self/Makefile =================================================================== RCS file: pam_self/Makefile diff -N pam_self/Makefile --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ pam_self/Makefile 19 Nov 2001 16:22:31 -0000 @@ -0,0 +1,32 @@ +# Copyright 2001 Mark R V Murray +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ + +LIB= pam_self +SHLIB_NAME= pam_self.so +SRCS= pam_self.c +MAN= pam_self.8 + +.include Index: pam_self/pam_self.8 =================================================================== RCS file: pam_self/pam_self.8 diff -N pam_self/pam_self.8 --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ pam_self/pam_self.8 19 Nov 2001 16:21:40 -0000 @@ -0,0 +1,82 @@ +.\" Copyright (c) 2001 Mark R V Murray +.\" All rights reserved. +.\" Copyright (c) 2001 Networks Associates Technologies, Inc. +.\" All rights reserved. +.\" +.\" Portions of this software were developed for the FreeBSD Project by +.\" ThinkSec AS and NAI Labs, the Security Research Division of Network +.\" Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd July 8, 2001 +.Dt PAM_SELF 8 +.Os +.Sh NAME +.Nm pam_self +.Nd Self PAM module +.Sh SYNOPSIS +.Op Ar service-name +.Ar module-type +.Ar control-flag +.Pa pam_self +.Op Ar options +.Sh DESCRIPTION +The Self authentication service module for PAM, +.Nm +provides functionality for only one PAM category: +authentication. +In terms of the +.Ar module-type +parameter, this is the +.Dq Li auth +feature. +It also provides a null function for session management. +.Ss Self Authentication Module +The Self authentication component +.Pq Fn pam_sm_authenticate , +returns success if and only if the source and target user names are +identical. +.Pp +The following options may be passed to the authentication module: +.Bl -tag -width ".Cm no_warn" +.It Cm debug +.Xr syslog 3 +debugging information at +.Dv LOG_DEBUG +level. +.It Cm no_warn +suppress warning messages to the user. +These messages include reasons why the user's authentication attempt +was declined. +.El +.Sh SEE ALSO +.Xr getuid 2 , +.Xr pam.conf 5 , +.Xr pam 8 Index: pam_self/pam_self.c =================================================================== RCS file: pam_self/pam_self.c diff -N pam_self/pam_self.c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ pam_self/pam_self.c 19 Nov 2001 16:22:46 -0000 @@ -0,0 +1,142 @@ +/*- + * Copyright (c) 2001 Mark R V Murray + * All rights reserved. + * Copyright (c) 2001 Networks Associates Technologies, Inc. + * All rights reserved. + * + * Portions of this software were developed for the FreeBSD Project by + * ThinkSec AS and NAI Labs, the Security Research Division of Network + * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +__FBSDID("$FreeBSD$"); + +#define _BSD_SOURCE + +#include +#include + +#define PAM_SM_AUTH +#define PAM_SM_ACCOUNT +#define PAM_SM_SESSION +#define PAM_SM_PASSWORD + +#include +#include + +PAM_EXTERN int +pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + struct options options; + const char *luser, *ruser; + int r; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + r = pam_get_item(pamh, PAM_USER, (const void **)&luser); + if (r != PAM_SUCCESS) + PAM_RETURN(r); + if (luser == NULL) + PAM_RETURN(PAM_USER_UNKNOWN); + + r = pam_get_item(pamh, PAM_RUSER, (const void **)&ruser); + if (r != PAM_SUCCESS) + PAM_RETURN(r); + + if (strcmp(luser, ruser) == 0) + PAM_RETURN(PAM_SUCCESS); + + PAM_VERBOSE_ERROR("Refused; source and target users differ"); + + PAM_RETURN(PAM_AUTH_ERR); +} + +PAM_EXTERN int +pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_SUCCESS); +} + +PAM_EXTERN int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc ,const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); +} + +PAM_EXTERN int +pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); +} + +PAM_EXTERN int +pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); +} + +PAM_EXTERN int +pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); +} + +PAM_MODULE_ENTRY("pam_self"); Index: pam_ssh/Makefile =================================================================== RCS file: /home/ncvs/src/lib/libpam/modules/pam_ssh/Makefile,v retrieving revision 1.6 diff -u -r1.6 Makefile --- pam_ssh/Makefile 4 Aug 2001 21:51:14 -0000 1.6 +++ pam_ssh/Makefile 26 Nov 2001 16:09:24 -0000 @@ -10,5 +10,6 @@ DPADD= ${LIBCRYPTO} ${LIBCRYPT} ${LIBUTIL} ${LIBZ} LDADD= -L${.OBJDIR}/../../../../secure/lib/libssh -lssh -lcrypto \ -lcrypt -lutil -lz +MAN= pam_ssh.8 .include Index: pam_ssh/pam_ssh.8 =================================================================== RCS file: pam_ssh/pam_ssh.8 diff -N pam_ssh/pam_ssh.8 --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ pam_ssh/pam_ssh.8 26 Nov 2001 16:32:31 -0000 @@ -0,0 +1,148 @@ +.\" Copyright (c) 2001 Mark R V Murray +.\" All rights reserved. +.\" Copyright (c) 2001 Networks Associates Technologies, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" NAI Labs, the Security Research Division of Network Associates, Inc. +.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +.\" DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd November 26, 2001 +.Dt PAM_SSH 8 +.Os +.Sh NAME +.Nm pam_ssh +.Nd SSH PAM module +.Sh SYNOPSIS +.Op Ar service-name +.Ar module-type +.Ar control-flag +.Pa pam_ssh +.Op Ar options +.Sh DESCRIPTION +The +SSH +authentication service module for PAM, +.Nm +provides functionality for two PAM categories: +authentication +and session management. +In terms of the +.Ar module-type +parameter, they are the +.Dq Li auth +and +.Dq Li session +features. +It also provides null functions for the remaining categories. +.Ss SSH Authentication Module +The +SSH +authentication component +provides a function to verify the identity of a user +.Pq Fn pam_sm_authenticate , +by prompting the user for a passphrase and verifying that it can +decrypt the target user's SSH key using that passphrase. +.Pp +The following options may be passed to the authentication module: +.Bl -tag -width ".Cm use_first_pass" +.It Cm debug +.Xr syslog 3 +debugging information at +.Dv LOG_DEBUG +level. +.It Cm use_first_pass +If the authentication module +is not the first in the stack, +and a previous module +obtained the user's password, +that password is used +to authenticate the user. +If this fails, +the authentication module returns failure +without prompting the user for a password. +This option has no effect +if the authentication module +is the first in the stack, +or if no previous modules +obtained the user's password. +.It Cm try_first_pass +This option is similar to the +.Cm use_first_pass +option, +except that if the previously obtained password fails, +the user is prompted for another password. +.El +.Ss SSH Session Management Module +The +.Ux +session management component +provides functions to initiate +.Pq Fn pam_sm_open_session +and terminate +.Pq Fn pam_sm_close_session +sessions. +The +.Fn pam_sm_open_session +function starts an SSH agent, +passing it any private keys it decrypted +during the authentication phase, +and sets the environment variables +the agent specifies. +The +.Fn pam_sm_close_session +function kills the previously started SSH agent +by sending it a +.Dv SIGTERM . +.Pp +The following options may be passed to the session management module: +.Bl -tag -width ".Cm use_first_pass" +.It Cm debug +.Xr syslog 3 +debugging information at +.Dv LOG_DEBUG +level. +.El +.Sh FILES +.Bl -tag -width ".Pa $HOME/.ssh2/id_dsa_*" -compact +.It Pa $HOME/.ssh/identity +SSH1/OpenSSH RSA key. +.It Pa $HOME/.ssh/id_dsa +OpenSSH DSA key. +.It Pa $HOME/.ssh2/id_rsa_* +SSH2 RSA keys. +.It Pa $HOME/.ssh2/id_dsa_* +SSH2 DSA keys. +.El +.Sh SEE ALSO +.Xr pam 8 , +.Xr pam.conf 5 , +.Xr ssh-agent 1 , +.Xr syslog 3 Index: pam_ssh/pam_ssh.c =================================================================== RCS file: /home/ncvs/src/lib/libpam/modules/pam_ssh/pam_ssh.c,v retrieving revision 1.17 diff -u -r1.17 pam_ssh.c --- pam_ssh/pam_ssh.c 30 Sep 2001 22:11:04 -0000 1.17 +++ pam_ssh/pam_ssh.c 19 Nov 2001 14:37:03 -0000 @@ -1,6 +1,13 @@ /*- * Copyright (c) 1999, 2000 Andrew J. Korty * All rights reserved. + * Copyright (c) 2001 Networks Associates Technologies, Inc. + * All rights reserved. + * + * Portions of this software were developed for the FreeBSD Project by + * ThinkSec AS and NAI Labs, the Security Research Division of Network + * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -10,6 +17,9 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE @@ -41,7 +51,10 @@ #include #define PAM_SM_AUTH -#define PAM_SM_SESSION +#define PAM_SM_ACCOUNT +#define PAM_SM_SESSION +#define PAM_SM_PASSWORD + #include #include @@ -281,6 +294,29 @@ PAM_RETURN(PAM_SUCCESS); } +PAM_EXTERN int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc ,const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); +} + +PAM_EXTERN int +pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); +} typedef AuthenticationConnection AC; @@ -332,8 +368,7 @@ syslog(LOG_CRIT, "%s: %m", MODULE_NAME); PAM_RETURN(PAM_SERVICE_ERR); } - } - else if (asprintf(&env_file, "%s/.ssh/agent-%s", pwd->pw_dir, + } else if (asprintf(&env_file, "%s/.ssh/agent-%s", pwd->pw_dir, tty) == -1) { syslog(LOG_CRIT, "%s: %m", MODULE_NAME); PAM_RETURN(PAM_SERVICE_ERR); @@ -401,8 +436,7 @@ syslog(LOG_CRIT, "%s: %m", MODULE_NAME); PAM_RETURN(PAM_SERVICE_ERR); } - } - else if (strcmp(&env_string[strlen(env_string) - + } else if (strcmp(&env_string[strlen(env_string) - strlen(ENV_PID_SUFFIX)], ENV_PID_SUFFIX) == 0) { retval = pam_set_data(pamh, "ssh_agent_pid", env_value, ssh_cleanup); Index: pam_tacplus/pam_tacplus.c =================================================================== RCS file: /home/ncvs/src/lib/libpam/modules/pam_tacplus/pam_tacplus.c,v retrieving revision 1.5 diff -u -r1.5 pam_tacplus.c --- pam_tacplus/pam_tacplus.c 30 Sep 2001 22:11:05 -0000 1.5 +++ pam_tacplus/pam_tacplus.c 19 Nov 2001 14:41:03 -0000 @@ -1,6 +1,13 @@ /*- * Copyright 1998 Juniper Networks, Inc. * All rights reserved. + * Copyright (c) 2001 Networks Associates Technologies, Inc. + * All rights reserved. + * + * Portions of this software were developed for the FreeBSD Project by + * ThinkSec AS and NAI Labs, the Security Research Division of Network + * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -10,6 +17,9 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE @@ -37,6 +47,10 @@ #include #define PAM_SM_AUTH +#define PAM_SM_ACCOUNT +#define PAM_SM_SESSION +#define PAM_SM_PASSWORD + #include #include "pam_mod_misc.h" @@ -276,7 +290,61 @@ PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) { - return PAM_SUCCESS; + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_SUCCESS); +} + +PAM_EXTERN int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc ,const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); +} + +PAM_EXTERN int +pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); +} + +PAM_EXTERN int +pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); +} + +PAM_EXTERN int +pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); } PAM_MODULE_ENTRY("pam_tacplus"); Index: pam_unix/pam_unix.8 =================================================================== RCS file: /home/ncvs/src/lib/libpam/modules/pam_unix/pam_unix.8,v retrieving revision 1.5 diff -u -r1.5 pam_unix.8 --- pam_unix/pam_unix.8 26 Aug 2001 17:41:13 -0000 1.5 +++ pam_unix/pam_unix.8 26 Nov 2001 16:34:06 -0000 @@ -1,5 +1,12 @@ .\" Copyright (c) 2001 Mark R V Murray .\" All rights reserved. +.\" Copyright (c) 2001 Networks Associates Technologies, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" NAI Labs, the Security Research Division of Network Associates, Inc. +.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +.\" DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions @@ -9,6 +16,9 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE @@ -24,7 +34,7 @@ .\" .\" $FreeBSD: src/lib/libpam/modules/pam_unix/pam_unix.8,v 1.5 2001/08/26 17:41:13 markm Exp $ .\" -.Dd July 7, 2001 +.Dd November 26, 2001 .Dt PAM_UNIX 8 .Os .Sh NAME @@ -111,6 +121,17 @@ then this option will forgo password prompting, and silently allow authentication to succeed. +.It Cm local_pass +Use only the local password database, +even if NIS is in use. +This will cause an authentication failure +if the system is configured +to only use NIS. +.It Cm nis_pass +Use only the NIS password database. +This will cause an authentication failure +if the system is not configured +to use NIS. .El .Ss Ux Ss Account Management Module The @@ -169,10 +190,13 @@ password database. .El .Sh SEE ALSO -.Xr passwd 1 , -.Xr getlogin 2 , .Xr crypt 3 , -.Xr syslog 3 , +.Xr getlogin 2 , +.Xr getpwent 3 , +.Xr nsswitch.conf 5 , +.Xr pam 8 , .Xr pam.conf 5 , +.Xr passwd 1 , .Xr passwd 5 , -.Xr pam 8 +.Xr syslog 3 , +.Xr nis 4 Index: pam_unix/pam_unix.c =================================================================== RCS file: /home/ncvs/src/lib/libpam/modules/pam_unix/pam_unix.c,v retrieving revision 1.11 diff -u -r1.11 pam_unix.c --- pam_unix/pam_unix.c 25 Oct 2001 15:51:50 -0000 1.11 +++ pam_unix/pam_unix.c 19 Nov 2001 14:53:10 -0000 @@ -1,6 +1,13 @@ /*- * Copyright 1998 Juniper Networks, Inc. * All rights reserved. + * Copyright (c) 2001 Networks Associates Technologies, Inc. + * All rights reserved. + * + * Portions of this software were developed for the FreeBSD Project by + * ThinkSec AS and NAI Labs, the Security Research Division of Network + * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -10,6 +17,9 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE @@ -135,8 +145,7 @@ */ PAM_LOG("No password, and null password OK"); PAM_RETURN(PAM_SUCCESS); - } - else { + } else { retval = pam_get_pass(pamh, &pass, password_prompt, &options); if (retval != PAM_SUCCESS) @@ -152,8 +161,7 @@ retval = strcmp(encrypted, pwd->pw_passwd) == 0 ? PAM_SUCCESS : PAM_AUTH_ERR; - } - else { + } else { PAM_LOG("Doing dummy authentication"); @@ -334,8 +342,7 @@ */ PAM_LOG("No password, and null password OK"); PAM_RETURN(PAM_SUCCESS); - } - else { + } else { retval = pam_get_pass(pamh, &pass, PASSWORD_PROMPT_EXPIRED, &options); if (retval != PAM_SUCCESS) @@ -366,8 +373,7 @@ PAM_LOG("Voided old password"); PAM_RETURN(PAM_SUCCESS); - } - else if (flags & PAM_UPDATE_AUTHTOK) { + } else if (flags & PAM_UPDATE_AUTHTOK) { PAM_LOG("UPDATE round; checking user password"); retval = pam_get_item(pamh, PAM_OLDAUTHTOK, @@ -399,8 +405,7 @@ if (strcmp(new_pass, new_pass_) == 0) { got = 1; break; - } - else + } else PAM_VERBOSE_ERROR("Password mismatch"); } } @@ -427,8 +432,7 @@ retval = PAM_PERM_DENIED; PAM_LOG("Unknown local user: %s", user); } - } - else if (res == USER_LOCAL_ONLY) { + } else if (res == USER_LOCAL_ONLY) { if (!pam_test_option(&options, PAM_OPT_NIS_PASS, NULL)) retval = local_passwd(user, new_pass); else { @@ -436,14 +440,12 @@ retval = PAM_PERM_DENIED; PAM_LOG("Unknown NIS user: %s", user); } - } - else if (res == USER_YP_AND_LOCAL) { + } else if (res == USER_YP_AND_LOCAL) { if (pam_test_option(&options, PAM_OPT_NIS_PASS, NULL)) retval = yp_passwd(user, new_pass); else retval = local_passwd(user, new_pass); - } - else + } else retval = PAM_ABORT; /* Bad juju */ #else retval = local_passwd(user, new_pass); @@ -452,8 +454,7 @@ /* XXX wipe the mem as well */ pass = NULL; new_pass = NULL; - } - else { + } else { /* Very bad juju */ retval = PAM_ABORT; PAM_LOG("Illegal 'flags'"); @@ -620,8 +621,7 @@ master, clnt_spcreateerror("")); return PAM_ABORT; } - } - else { + } else { if ((clnt = clnt_create(master, YPPASSWDPROG, YPPASSWDVERS, "udp")) == NULL) { syslog(LOG_ERR, Index: pam_wheel/pam_wheel.c =================================================================== RCS file: /home/ncvs/src/lib/libpam/modules/pam_wheel/pam_wheel.c,v retrieving revision 1.6 diff -u -r1.6 pam_wheel.c --- pam_wheel/pam_wheel.c 30 Sep 2001 22:11:06 -0000 1.6 +++ pam_wheel/pam_wheel.c 19 Nov 2001 14:53:08 -0000 @@ -1,6 +1,13 @@ /*- * Copyright (c) 2001 Mark R V Murray * All rights reserved. + * Copyright (c) 2001 Networks Associates Technologies, Inc. + * All rights reserved. + * + * Portions of this software were developed for the FreeBSD Project by + * ThinkSec AS and NAI Labs, the Security Research Division of Network + * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -10,6 +17,9 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE @@ -39,6 +49,10 @@ #include #define PAM_SM_AUTH +#define PAM_SM_ACCOUNT +#define PAM_SM_SESSION +#define PAM_SM_PASSWORD + #include #include @@ -93,8 +107,7 @@ if (pam_test_option(&options, PAM_OPT_AUTH_AS_SELF, NULL)) { pwd = getpwnam(getlogin()); user = strdup(pwd->pw_name); - } - else { + } else { user = targetuser; pwd = getpwnam(user); } @@ -120,8 +133,7 @@ if (!pam_test_option(&options, PAM_OPT_GROUP, &use_group)) { if ((grp = getgrnam("wheel")) == NULL) grp = getgrgid(0); - } - else + } else grp = getgrnam(use_group); if (grp == NULL || grp->gr_mem == NULL) { @@ -164,6 +176,54 @@ PAM_LOG("Options processed"); PAM_RETURN(PAM_SUCCESS); +} + +PAM_EXTERN int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc ,const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); +} + +PAM_EXTERN int +pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); +} + +PAM_EXTERN int +pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); +} + +PAM_EXTERN int +pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + struct options options; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_IGNORE); } PAM_MODULE_ENTRY("pam_wheel"); --=-=-=-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Nov 26 9: 8:37 2001 Delivered-To: freebsd-audit@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 7B6B837B405 for ; Mon, 26 Nov 2001 09:08:35 -0800 (PST) Received: from localhost (arr@localhost) by fledge.watson.org (8.11.6/8.11.5) with SMTP id fAQH8D593601; Mon, 26 Nov 2001 12:08:18 -0500 (EST) (envelope-from arr@FreeBSD.org) X-Authentication-Warning: fledge.watson.org: arr owned process doing -bs Date: Mon, 26 Nov 2001 12:08:12 -0500 (EST) From: "Andrew R. Reiter" X-Sender: arr@fledge.watson.org To: "Sergey A. Osokin" Cc: audit@FreeBSD.org, Dave Chapeskie Subject: Re: date(1) WARNS=2 cleanup In-Reply-To: <20011126185449.A29823@freebsd.org.ru> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Why is there a need to change sin -> osin? Andrew On Mon, 26 Nov 2001, Sergey A. Osokin wrote: :[skip] :OK. :Please review new version of patch. :Thanks. :-- : :Rgdz, /"\ :Sergey Osokin aka oZZ, \ / ASCII RIBBON CAMPAIGN :osa@freebsd.org.ru X AGAINST HTML MAIL :http://freebsd.org.ru/~osa/ / \ : -- Andrew R. Reiter arr@watson.org arr@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Nov 26 9:14: 8 2001 Delivered-To: freebsd-audit@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id D06A337B419; Mon, 26 Nov 2001 09:14:02 -0800 (PST) Received: from localhost (arr@localhost) by fledge.watson.org (8.11.6/8.11.5) with SMTP id fAQHDip93792; Mon, 26 Nov 2001 12:13:44 -0500 (EST) (envelope-from arr@FreeBSD.org) X-Authentication-Warning: fledge.watson.org: arr owned process doing -bs Date: Mon, 26 Nov 2001 12:13:43 -0500 (EST) From: "Andrew R. Reiter" X-Sender: arr@fledge.watson.org To: Dag-Erling Smorgrav Cc: audit@FreeBSD.org, markm@FreeBSD.org Subject: Re: PAM module patch for review In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I would imagine people not being happy about style(9) fix commits and functional change commits occuring one on the same. Andrew On 26 Nov 2001, Dag-Erling Smorgrav wrote: :Attached. Not as much as I'd like - I did absolutely zip on PAM last :week - but better than nothing, and I'll try to pick up the pace a :bit. : :Summary of changes: : : - Dummy facilities as previously discussed; they all return : PAM_IGNORE, which is possibly wrong for at least some of them, but : I'll take a closer look at each of them and tweak them later as I : gain more experience with PAM. : : - New pam_self(8) module with man page. : : - New pam_ssh(8) man page. : : - Ndditions to the pam_unix(8) man page. : : - Some minor style(9) fixes. : :I'm going to continue cleaning up the module man pages and tweak the :dummy facilities a bit. : :DES :-- :Dag-Erling Smorgrav - des@ofug.org : : -- Andrew R. Reiter arr@watson.org arr@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Nov 26 9:31:51 2001 Delivered-To: freebsd-audit@freebsd.org Received: from straylight.ringlet.net (sentinel.office1.bg [217.75.134.126]) by hub.freebsd.org (Postfix) with SMTP id 6717337B416 for ; Mon, 26 Nov 2001 09:31:46 -0800 (PST) Received: (qmail 16588 invoked by uid 1000); 26 Nov 2001 17:27:52 -0000 Date: Mon, 26 Nov 2001 19:27:52 +0200 From: Peter Pentchev To: "Andrew R. Reiter" Cc: "Sergey A. Osokin" , audit@FreeBSD.org, Dave Chapeskie Subject: Re: date(1) WARNS=2 cleanup Message-ID: <20011126192752.C1570@straylight.oblivion.bg> Mail-Followup-To: "Andrew R. Reiter" , "Sergey A. Osokin" , audit@FreeBSD.org, Dave Chapeskie References: <20011126185449.A29823@freebsd.org.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from arr@FreeBSD.org on Mon, Nov 26, 2001 at 12:08:12PM -0500 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Nov 26, 2001 at 12:08:12PM -0500, Andrew R. Reiter wrote: > > Why is there a need to change sin -> osin? Most probably, gcc -Wshadow complaining that 'sin' conflicts with an external declaration. G'luck, Peter -- I am the thought you are now thinking. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Nov 26 9:43:43 2001 Delivered-To: freebsd-audit@freebsd.org Received: from mail5.speakeasy.net (mail5.speakeasy.net [216.254.0.205]) by hub.freebsd.org (Postfix) with ESMTP id 03DDB37B416 for ; Mon, 26 Nov 2001 09:43:32 -0800 (PST) Received: (qmail 28850 invoked from network); 26 Nov 2001 17:43:31 -0000 Received: from unknown (HELO laptop.baldwin.cx) ([64.81.54.73]) (envelope-sender ) by mail5.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 26 Nov 2001 17:43:31 -0000 Message-ID: X-Mailer: XFMail 1.4.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <20011126163445.24CC43EC8@bazooka.trit.org> Date: Mon, 26 Nov 2001 09:43:30 -0800 (PST) From: John Baldwin To: Dima Dorfman Subject: RE: DDB 'kill' command Cc: audit@freebsd.org Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 26-Nov-01 Dima Dorfman wrote: > The attached patch implements a 'kill' command in DDB. Previously, it > was possible to do `call psignal(xxx,yyy)` and have it DTRT. (This > was very useful when you accidently got your system so deep in the > hole that spawning kill(1) takes forever and even then possibly > doesn't succeed.) However, psignal() doesn't respect locking by > itself, so trying that now leads to all kinds of badness. This patch > basically wraps the psignal() call in a 'kill' command that respects > all necessary locks. > > Actually, it isn't very clear exactly which locks it should respect. > The debugger is a special case in this way. This patch uses the > PROC_TRYLOCK macro; if it fails, the command bails out. Thus, it > can't use pfind()--the latter automatically does a PROC_LOCK--so it > has to walk the allproc list manually. It does *not* attempt to get a > shared lock on the allproc list. There is similar code in db_trace.c, > and it doesn't call sx_slock(), either; I asked jhb about this a while > ago, and all he said was that it is intentional. > > Please review. Looks fine. The lack of locks and using a trylock is indeed intentional since you can't block in the debugger. -- John Baldwin <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Nov 26 11:14:35 2001 Delivered-To: freebsd-audit@freebsd.org Received: from espresso.q9media.com (espresso.q9media.com [216.254.138.122]) by hub.freebsd.org (Postfix) with ESMTP id 7532537B417; Mon, 26 Nov 2001 11:14:31 -0800 (PST) Received: (from mike@localhost) by espresso.q9media.com (8.11.6/8.11.6) id fAQJDia06021; Mon, 26 Nov 2001 14:13:44 -0500 (EST) (envelope-from mike) Date: Mon, 26 Nov 2001 14:13:44 -0500 From: Mike Barcroft To: "Andrew R. Reiter" Cc: "Sergey A. Osokin" , audit@FreeBSD.org, Dave Chapeskie Subject: Re: date(1) WARNS=2 cleanup Message-ID: <20011126141344.C84711@espresso.q9media.com> References: <20011126185449.A29823@freebsd.org.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: ; from arr@FreeBSD.org on Mon, Nov 26, 2001 at 12:08:12PM -0500 Organization: The FreeBSD Project Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Andrew R. Reiter writes: > Why is there a need to change sin -> osin? The sin variable shadows the global declaration of the GCC builtin sin(). Some time ago, DES suggested we disable GCC builtins when WARNS=2 is enable, but we actually want the builtins. The real solution is, ofcourse, to fix GCC; it should not prototype functions on its own, without a header. Best regards, Mike Barcroft To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Nov 26 11:17:21 2001 Delivered-To: freebsd-audit@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 3A3CF37B419; Mon, 26 Nov 2001 11:17:17 -0800 (PST) Received: from localhost (arr@localhost) by fledge.watson.org (8.11.6/8.11.5) with SMTP id fAQJH1x96448; Mon, 26 Nov 2001 14:17:01 -0500 (EST) (envelope-from arr@FreeBSD.org) X-Authentication-Warning: fledge.watson.org: arr owned process doing -bs Date: Mon, 26 Nov 2001 14:17:01 -0500 (EST) From: "Andrew R. Reiter" X-Sender: arr@fledge.watson.org To: Mike Barcroft Cc: "Sergey A. Osokin" , audit@FreeBSD.org, Dave Chapeskie Subject: Re: date(1) WARNS=2 cleanup In-Reply-To: <20011126141344.C84711@espresso.q9media.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, 26 Nov 2001, Mike Barcroft wrote: :The sin variable shadows the global declaration of the GCC builtin :sin(). Some time ago, DES suggested we disable GCC builtins when :WARNS=2 is enable, but we actually want the builtins. The real :solution is, ofcourse, to fix GCC; it should not prototype functions :on its own, without a header. OK, cool this is what I was looking for and why I dont think all WARNS fixes need to be fixed. Cheers, Andrew -- Andrew R. Reiter arr@watson.org arr@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Nov 26 14:56: 5 2001 Delivered-To: freebsd-audit@freebsd.org Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.139.170]) by hub.freebsd.org (Postfix) with ESMTP id 29CF737B405; Mon, 26 Nov 2001 14:56:01 -0800 (PST) Received: (from uucp@localhost) by storm.FreeBSD.org.uk (8.11.6/8.11.6) with UUCP id fAQMtwo54268; Mon, 26 Nov 2001 22:55:58 GMT (envelope-from mark@grondar.za) Received: from grondar.za (mark@localhost [127.0.0.1]) by grimreaper.grondar.org (8.11.6/8.11.6) with ESMTP id fAQLgWF01871; Mon, 26 Nov 2001 21:42:32 GMT (envelope-from mark@grondar.za) Message-Id: <200111262142.fAQLgWF01871@grimreaper.grondar.org> To: Dag-Erling Smorgrav Cc: audit@freebsd.org, markm@freebsd.org Subject: Re: PAM module patch for review References: In-Reply-To: ; from Dag-Erling Smorgrav "26 Nov 2001 17:44:46 +0100." Date: Mon, 26 Nov 2001 21:42:32 +0000 From: Mark Murray Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > Attached. Not as much as I'd like - I did absolutely zip on PAM last > week - but better than nothing, and I'll try to pick up the pace a > bit. > > Summary of changes: > > - Dummy facilities as previously discussed; they all return > PAM_IGNORE, which is possibly wrong for at least some of them, but > I'll take a closer look at each of them and tweak them later as I > gain more experience with PAM. Ok - good first srat, but I'm not keen to see this committed until all of the effects are at least understood. I'll read documentation and play so i can contruibute here. > - New pam_self(8) module with man page. Cool! :-) > - New pam_ssh(8) man page. Cool^2! > - Ndditions to the pam_unix(8) man page. Cool^3! > - Some minor style(9) fixes. I personally disagree with - } - else { + } else { as these get too caught up in other diffs. stuff { : } else { : } Separates the blocks out better. The others don't seem too bad. > I'm going to continue cleaning up the module man pages and tweak the > dummy facilities a bit. Yes please! M -- o Mark Murray \_ FreeBSD Services Limited O.\_ Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Nov 26 16:44:10 2001 Delivered-To: freebsd-audit@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 0936B37B416; Mon, 26 Nov 2001 16:44:07 -0800 (PST) Received: by flood.ping.uio.no (Postfix, from userid 2602) id 655B714C54; Tue, 27 Nov 2001 01:44:05 +0100 (CET) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: "Andrew R. Reiter" Cc: audit@FreeBSD.org, markm@FreeBSD.org Subject: Re: PAM module patch for review References: From: Dag-Erling Smorgrav Date: 27 Nov 2001 01:44:04 +0100 In-Reply-To: Message-ID: Lines: 11 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG "Andrew R. Reiter" writes: > I would imagine people not being happy about style(9) fix commits and > functional change commits occuring one on the same. They're very minor - just pulling up a few elses to the same line as the closing brace for the if clause. I can revert them before committing if people don't like it. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Nov 26 17:30:23 2001 Delivered-To: freebsd-audit@freebsd.org Received: from squigy.ddm.wox.org (p39b.argon.sentex.ca [64.7.130.103]) by hub.freebsd.org (Postfix) with ESMTP id 246B737B41A for ; Mon, 26 Nov 2001 17:30:19 -0800 (PST) Received: from rama.ddm.wox.org (rama.ddm.wox.org [204.50.152.20]) by squigy.ddm.wox.org (Postfix) with ESMTP id 62C058BB1A; Mon, 26 Nov 2001 20:30:17 -0500 (EST) Received: by rama.ddm.wox.org (Postfix, from userid 5000) id E6B3432000; Mon, 26 Nov 2001 20:30:02 -0500 (EST) Date: Mon, 26 Nov 2001 20:30:02 -0500 From: Dave Chapeskie To: audit@FreeBSD.org Cc: "Sergey A. Osokin" Subject: Re: date(1) WARNS=2 cleanup Message-ID: <20011126203002.A993@ddm.wox.org> Mail-Followup-To: Dave Chapeskie , audit@FreeBSD.org, "Sergey A. Osokin" References: <20011123150934.A10406@freebsd.org.ru> <20011123161136.A11027@freebsd.org.ru> <20011123171705.A2462@ddm.wox.org> <20011126185449.A29823@freebsd.org.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011126185449.A29823@freebsd.org.ru>; from osa@freebsd.org.ru on Mon, Nov 26, 2001 at 06:54:50PM +0300 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Nov 26, 2001 at 06:54:50PM +0300, Sergey A. Osokin wrote: > - format = "%+"; > + (const char *)format = "%+"; That's not what I ment. As far as I'm aware, casting an l-value is bogus. Change the definition of 'format' itself. E.g. something like: @@ -81,7 +80,8 @@ struct timezone tz; int ch, rflag; int jflag, nflag; - char *format, buf[1024]; + const char *format; + char buf[1024]; char *endptr, *fmt; char *tmp; int set_timezone; -- Dave Chapeskie OpenPGP Key ID: 0x3D2B6B34 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Tue Nov 27 1: 0:18 2001 Delivered-To: freebsd-audit@freebsd.org Received: from freebsd.org.ru (sweet.etrust.ru [194.84.67.5]) by hub.freebsd.org (Postfix) with ESMTP id 4A27637B720 for ; Tue, 27 Nov 2001 01:00:05 -0800 (PST) Received: by freebsd.org.ru (Postfix, from userid 1000) id 59C282C9; Tue, 27 Nov 2001 11:59:58 +0300 (MSK) Date: Tue, 27 Nov 2001 11:59:58 +0300 From: "Sergey A. Osokin" To: audit@FreeBSD.org Subject: Re: date(1) WARNS=2 cleanup Message-ID: <20011127115958.A33964@freebsd.org.ru> References: <20011123150934.A10406@freebsd.org.ru> <20011123161136.A11027@freebsd.org.ru> <20011123171705.A2462@ddm.wox.org> <20011126185449.A29823@freebsd.org.ru> <20011126203002.A993@ddm.wox.org> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="UlVJffcvxoiEqYs2" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011126203002.A993@ddm.wox.org>; from freebsd@ddm.wox.org on Mon, Nov 26, 2001 at 08:30:02PM -0500 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --UlVJffcvxoiEqYs2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Mon, Nov 26, 2001 at 08:30:02PM -0500, Dave Chapeskie wrote: > On Mon, Nov 26, 2001 at 06:54:50PM +0300, Sergey A. Osokin wrote: > > int ch, rflag; > int jflag, nflag; > - char *format, buf[1024]; > + const char *format; > + char buf[1024]; > char *endptr, *fmt; > char *tmp; > int set_timezone; OK. Please review patch one more time. -- Rgdz, /"\ Sergey Osokin aka oZZ, \ / ASCII RIBBON CAMPAIGN osa@freebsd.org.ru X AGAINST HTML MAIL http://freebsd.org.ru/~osa/ / \ --UlVJffcvxoiEqYs2 Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=patch-date diff -ruN date.orig/Makefile date/Makefile --- date.orig/Makefile Mon Nov 26 00:54:55 2001 +++ date/Makefile Mon Nov 26 05:45:11 2001 @@ -6,4 +6,6 @@ DPADD= ${LIBUTIL} LDADD= -lutil +WARNS?= 2 + .include diff -ruN date.orig/date.c date/date.c --- date.orig/date.c Mon Nov 26 00:54:55 2001 +++ date/date.c Tue Nov 27 09:39:53 2001 @@ -50,12 +50,13 @@ #include #include +#include +#include #include #include #include #include #include -#include #include "extern.h" #include "vary.h" @@ -71,8 +72,6 @@ static void badformat __P((void)); static void usage __P((void)); -int logwtmp __P((char *, char *, char *)); - int main(argc, argv) int argc; @@ -81,7 +80,8 @@ struct timezone tz; int ch, rflag; int jflag, nflag; - char *format, buf[1024]; + const char *format; + char buf[1024]; char *endptr, *fmt; char *tmp; int set_timezone; diff -ruN date.orig/netdate.c date/netdate.c --- date.orig/netdate.c Mon Nov 26 00:54:55 2001 +++ date/netdate.c Fri Nov 23 13:08:41 2001 @@ -74,10 +74,10 @@ struct timeval tout; struct servent *sp; struct tsp msg; - struct sockaddr_in sin, dest, from; + struct sockaddr_in osin, dest, from; fd_set ready; long waittime; - int s, length, port, timed_ack, found, err; + int s, length, port, timed_ack, found, oerr; char hostname[MAXHOSTNAMELEN]; if ((sp = getservbyname("timed", "udp")) == NULL) { @@ -95,11 +95,11 @@ return (retval = 2); } - memset(&sin, 0, sizeof(sin)); - sin.sin_family = AF_INET; + memset(&osin, 0, sizeof(osin)); + osin.sin_family = AF_INET; for (port = IPPORT_RESERVED - 1; port > IPPORT_RESERVED / 2; port--) { - sin.sin_port = htons((u_short)port); - if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0) + osin.sin_port = htons((u_short)port); + if (bind(s, (struct sockaddr *)&osin, sizeof(osin)) >= 0) break; if (errno == EADDRINUSE) continue; @@ -143,11 +143,11 @@ FD_SET(s, &ready); found = select(FD_SETSIZE, &ready, (fd_set *)0, (fd_set *)0, &tout); - length = sizeof(err); + length = sizeof(oerr); if (!getsockopt(s, - SOL_SOCKET, SO_ERROR, (char *)&err, &length) && err) { - if (err != ECONNREFUSED) - warnc(err, "send (delayed error)"); + SOL_SOCKET, SO_ERROR, (char *)&oerr, &length) && oerr) { + if (oerr != ECONNREFUSED) + warnc(oerr, "send (delayed error)"); goto bad; } diff -ruN date.orig/vary.c date/vary.c --- date.orig/vary.c Mon Nov 26 00:54:55 2001 +++ date/vary.c Sun Nov 25 23:59:42 2001 @@ -37,7 +37,7 @@ struct trans { int val; - char *str; + const char *str; }; static struct trans trans_mon[] = { @@ -203,14 +203,14 @@ static int adjday(struct tm *t, char type, int val, int mk) { - int mdays; + int omdays; switch (type) { case '+': while (val) { - mdays = daysinmonth(t); - if (val > mdays - t->tm_mday) { - val -= mdays - t->tm_mday + 1; + omdays = daysinmonth(t); + if (val > omdays - t->tm_mday) { + val -= omdays - t->tm_mday + 1; t->tm_mday = 1; if (!adjmon(t, '+', 1, 0, 0)) return 0; @@ -413,7 +413,7 @@ char type; char which; char *arg; - int len; + size_t len; int val; for (; v; v = v->next) { --UlVJffcvxoiEqYs2-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Wed Nov 28 13:34: 7 2001 Delivered-To: freebsd-audit@freebsd.org Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by hub.freebsd.org (Postfix) with ESMTP id 914DA37B41B for ; Wed, 28 Nov 2001 13:33:55 -0800 (PST) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.11.6/8.11.2) id fASLXqR26002 for audit@FreeBSD.org; Wed, 28 Nov 2001 23:33:52 +0200 (EET) (envelope-from ru) Date: Wed, 28 Nov 2001 23:33:52 +0200 From: Ruslan Ermilov To: audit@FreeBSD.org Subject: fmt(1) patch Message-ID: <20011128233352.D16849@sunbay.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="DocE+STaALJfprDB" Content-Disposition: inline User-Agent: Mutt/1.3.23i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --DocE+STaALJfprDB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi! The attached patch restores an undocumented feature of the old pre-4.4 fmt(1) to avoid formatting the troff requests (lines beginning with a dot character). There's an open PR on this subject, bin/31392. Also, the old fmt(1) did not do this quite right by expanding tabs into spaces and skipping non-printable characters in the troff requests. This patch fixes this as well. Comments, reviews? Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age --DocE+STaALJfprDB Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=p Index: fmt.c =================================================================== RCS file: /home/ncvs/src/usr.bin/fmt/fmt.c,v retrieving revision 1.16 diff -u -p -r1.16 fmt.c --- fmt.c 2001/08/15 14:53:55 1.16 +++ fmt.c 2001/11/28 20:56:55 @@ -30,6 +30,8 @@ * preceded by a non-blank non-message-header line, is * taken to start a new paragraph, which also contains * any subsequent lines with non-empty leading whitespace. + * Unless the `-n' option is given, lines beginning with + * a . (dot) are not formatted. * 3. The "everything else" is split into words; a word * includes its trailing whitespace, and a word at the * end of a line is deemed to be followed by a single @@ -222,6 +224,7 @@ static int tab_width=8; /* Number of sp static size_t output_tab_width=8; /* Ditto, when squashing leading spaces */ static const char *sentence_enders=".?!"; /* Double-space after these */ static int grok_mail_headers=0; /* treat embedded mail headers magically? */ +static int format_troff=0; /* Format troff? */ static int n_errors=0; /* Number of failed files. Return on exit. */ static char *output_buffer=0; /* Output line will be built here */ @@ -257,7 +260,7 @@ main(int argc, char *argv[]) { /* 1. Grok parameters. */ - while ((ch = getopt(argc, argv, "0123456789cd:hl:mpst:w:")) != -1) + while ((ch = getopt(argc, argv, "0123456789cd:hl:mnpst:w:")) != -1) switch(ch) { case 'c': centerP = 1; @@ -272,6 +275,9 @@ main(int argc, char *argv[]) { case 'm': grok_mail_headers = 1; continue; + case 'n': + format_troff = 1; + continue; case 'p': allow_indented_paragraphs = 1; continue; @@ -307,6 +313,7 @@ main(int argc, char *argv[]) { " -d double-space after at line end\n" " -l turn each spaces at start of line into a tab\n" " -m try to make sure mail header lines stay separate\n" +" -n format lines beginning with a dot\n" " -p allow indented paragraphs\n" " -s coalesce whitespace inside lines\n" " -t have tabs every columns\n" @@ -395,6 +402,7 @@ process_stream(FILE *stream, const char } /* We need a new paragraph if and only if: * this line is blank, + * OR it's a troff request, * OR it's a mail header, * OR it's not a mail header AND the last line was one, * OR the indentation has changed @@ -402,6 +410,7 @@ process_stream(FILE *stream, const char * AND this isn't the second line of an indented paragraph. */ if ( length==0 + || (line[0]=='.' && !format_troff) || header_type==hdr_Header || (header_type==hdr_NonHeader && prev_header_type>hdr_NonHeader) || (np!=last_indent @@ -411,6 +420,11 @@ process_stream(FILE *stream, const char para_line_number = 0; first_indent = np; last_indent = np; + /* nroff compatibility */ + if (length>0 && line[0]=='.' && !format_troff) { + printf("%.*s\n", (int)length, line); + continue; + } if (header_type==hdr_Header) last_indent=2; /* for cont. lines */ if (length==0) { putchar('\n'); @@ -594,11 +608,13 @@ get_line(FILE *stream, size_t *lengthp) size_t len=0; int ch; size_t spaces_pending=0; + int troff=0; if (buf==NULL) { length=100; buf=XMALLOC(length); } while ((ch=getc(stream)) != '\n' && ch != EOF) { + if (len+spaces_pending==0 && ch=='.' && !format_troff) troff=1; if (ch==' ') ++spaces_pending; - else if (isprint(ch)) { + else if (troff || isprint(ch)) { while (len+spaces_pending >= length) { length*=2; buf=xrealloc(buf, length); } Index: fmt.1 =================================================================== RCS file: /home/ncvs/src/usr.bin/fmt/fmt.1,v retrieving revision 1.9 diff -u -r1.9 fmt.1 --- fmt.1 2001/08/15 14:53:55 1.9 +++ fmt.1 2001/11/28 21:23:59 @@ -42,7 +42,7 @@ .Nd simple text formatter .Sh SYNOPSIS .Nm fmt -.Op Fl cmps +.Op Fl cmnps .Op Fl d Ar chars .Op Fl l Ar num .Op Fl t Ar num @@ -88,6 +88,14 @@ options are ignored; no splitting or joining of lines is done. .It Fl m Try to format mail header lines contained in the input sensibly. +.It Fl n +Format lines beginning with a +.Ql \&. +(dot) character. +Normally, +.Nm +does not fill these lines, for compatibility with +.Xr nroff 1 . .It Fl p Allow indented paragraphs. Without the --DocE+STaALJfprDB-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Wed Nov 28 22:18:44 2001 Delivered-To: freebsd-audit@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 729) id 7CC5437B427; Wed, 28 Nov 2001 22:18:41 -0800 (PST) X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0 To: freebsd-audit@FreeBSD.ORG Cc: Subject: [PATCH] Support for _SC_NPROCESSORS_{CONF,ONLN} Mime-Version: 1.0 Content-Type: multipart/mixed ; boundary="==_Exmh_-19242870810" Message-Id: <20011129061841.7CC5437B427@hub.freebsd.org> Date: Wed, 28 Nov 2001 22:18:41 -0800 (PST) From: jkoshy@FreeBSD.ORG (Joseph Koshy) Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This is a multipart MIME message. --==_Exmh_-19242870810 Content-Type: text/plain For review: `sysconf(3)' names _SC_NPROCESSORS_CONF and _SC_NPROCESSORS_ONLN allow a user program to query the number of processors on a multiprocessor system. _SC_PROCESSORS_CONF queries the number of configured processors and _SC_NPROCESSORS_ONLN queries the number of currently online processors. This API is supported in SVR4.0MP, AIX, Solaris, Tru64 and Linux. [Original patch in PR bin/27489] Regards, Koshy --==_Exmh_-19242870810 Content-Type: text/plain ; name="foo" Content-Description: foo Content-Disposition: attachment; filename="foo" Index: sys/sys/unistd.h =================================================================== RCS file: /home/ncvs/src/sys/sys/unistd.h,v retrieving revision 1.27 diff -u -r1.27 unistd.h --- sys/sys/unistd.h 18 Jun 2001 20:24:54 -0000 1.27 +++ sys/sys/unistd.h 29 Nov 2001 11:52:37 -0000 @@ -200,6 +200,10 @@ #define _SC_IOV_MAX 56 +/* Solaris/AIX/SVR4.0MP API */ +#define _SC_NPROCESSORS_CONF 57 +#define _SC_NPROCESSORS_ONLN 58 + #ifndef _POSIX_SOURCE /* * rfork() options. Index: lib/libc/gen//sysconf.3 =================================================================== RCS file: /home/ncvs/src/lib/libc/gen/sysconf.3,v retrieving revision 1.16 diff -u -r1.16 sysconf.3 --- lib/libc/gen//sysconf.3 1 Oct 2001 16:08:51 -0000 1.16 +++ lib/libc/gen//sysconf.3 29 Nov 2001 11:13:11 -0000 @@ -83,6 +83,10 @@ .Xr sendmsg 2 . .It Li _SC_NGROUPS_MAX The maximum number of supplemental groups. +.It Li _SC_NPROCESSORS_CONF +The number of processors configured. +.It Li _SC_NPROCESSORS_ONLN +The number of processors currently online. .It Li _SC_OPEN_MAX The maximum number of open files per user id. .It Li _SC_STREAM_MAX Index: lib/libc/gen//sysconf.c =================================================================== RCS file: /home/ncvs/src/lib/libc/gen/sysconf.c,v retrieving revision 1.11 diff -u -r1.11 sysconf.c --- lib/libc/gen//sysconf.c 18 Jun 2001 20:24:24 -0000 1.11 +++ lib/libc/gen//sysconf.c 29 Nov 2001 11:18:55 -0000 @@ -290,6 +290,14 @@ goto yesno; #endif /* _P1003_1B_VISIBLE */ +#if defined(_SC_NPROCESSORS_CONF) && defined(_SC_NPROCESSORS_ONLN) + case _SC_NPROCESSORS_CONF: + case _SC_NPROCESSORS_ONLN: + mib[0] = CTL_HW; + mib[1] = HW_NCPU; + break; +#endif + #ifdef _SC_IOV_MAX case _SC_IOV_MAX: mib[0] = CTL_KERN; --==_Exmh_-19242870810-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message