FreeBSD source tree https://cgit-dev.freebsd.org/src-test/atom?h=releng%2F9.2 2013-03-01T19:42:50Z 2013-03-01T19:42:50Z Dag-Erling Smørgrav des@FreeBSD.org 2013-03-01T19:42:50Z urn:sha1:50ca4f35f1b2bf2e7280603b4b18fe16fdd30f61 changes, most importantly support for ECDSA keys in pam_ssh. 2012-11-04T01:21:49Z Eitan Adler eadler@FreeBSD.org 2012-11-04T01:21:49Z urn:sha1:de26c73155eff0146cfaad45fa78275ccf8abada remove duplicate semicolons where possible. Approved by: cperciva (implicit) 2012-09-17T00:56:10Z Eitan Adler eadler@FreeBSD.org 2012-09-17T00:56:10Z urn:sha1:a872079ae4bc10a4797af60e9118f4a61e5de61d Bump date missed in r202756 PR: docs/171624 Approved by: cperciva (implicit) 2012-08-21T19:13:53Z Dimitry Andric dim@FreeBSD.org 2012-08-21T19:13:53Z urn:sha1:cc7b459b67051ece14960fa792df5302893ff744 Fix an instance in pam_krb5(8), where the variable 'user' could be used uninitialized. Found by: clang 3.2 Reviewed by: des 2012-08-21T19:11:12Z Dimitry Andric dim@FreeBSD.org 2012-08-21T19:11:12Z urn:sha1:bbb1648522229f9c90a22e086208e786b3b7cd18 Fix two instances in pam_krb5(8), where the variable 'princ_name' could be used uninitialized. Found by: clang 3.2 Reviewed by: des 2012-08-20T17:46:22Z Dag-Erling Smørgrav des@FreeBSD.org 2012-08-20T17:46:22Z urn:sha1:dba6a5de8960ab6817292150a2bfcb99e1567d56 2012-06-19T02:54:54Z Warren Block wblock@FreeBSD.org 2012-06-19T02:54:54Z urn:sha1:f580beed60996d944db09089bd559a39bd6e9059 Fixes to man8 groff mandoc style, usage mistakes, or typos. PR: 168016 Submitted by: Nobuyuki Koganemaru Approved by: gjb (mentor) 2012-06-18T04:55:07Z Eitan Adler eadler@FreeBSD.org 2012-06-18T04:55:07Z urn:sha1:1be2e5bd8cc6faf5b25f9b39445ed5e3d1b6d5f5 Remove trailing whitespace per mdoc lint warning Approved by: cperciva (implicit) 2012-05-26T17:56:54Z Dag-Erling Smørgrav des@FreeBSD.org 2012-05-26T17:56:54Z urn:sha1:fcce91a677a959f50d5395ed3abe602f3b67457f 2012-04-30T13:34:15Z Jean-Sébastien Pédron dumbbell@FreeBSD.org 2012-04-30T13:34:15Z urn:sha1:23a5a956d243e77bebbcf3266e88b865ed39101b Use program exit status as pam_exec return code (optional) pam_exec(8) now accepts a new option "return_prog_exit_status". When set, the program exit status is used as the pam_exec return code. It allows the program to tell why the step failed (eg. user unknown). However, if it exits with a code not allowed by the calling PAM service module function (see $PAM_SM_FUNC below), a warning is logged and PAM_SERVICE_ERR is returned. The following changes are related to this new feature but they apply no matter if the "return_prog_exit_status" option is set or not. The environment passed to the program is extended: o $PAM_SM_FUNC contains the name of the PAM service module function (eg. pam_sm_authenticate). o All valid PAM return codes' numerical values are available through variables named after the return code name. For instance, $PAM_SUCCESS, $PAM_USER_UNKNOWN or $PAM_PERM_DENIED. pam_exec return code better reflects what went on: o If the program exits with !0, the return code is now PAM_PERM_DENIED, not PAM_SYSTEM_ERR. o If the program fails because of a signal (WIFSIGNALED) or doesn't terminate normally (!WIFEXITED), the return code is now PAM_SERVICE_ERR, not PAM_SYSTEM_ERR. o If a syscall in pam_exec fails, the return code remains PAM_SYSTEM_ERR. waitpid(2) is called in a loop. If it returns because of EINTR, do it again. Before, it would return PAM_SYSTEM_ERR without waiting for the child to exit. Several log messages now include the PAM service module function name. The man page is updated accordingly. Reviewed by: des@ Sponsored by: Yakaz (http://www.yakaz.com) MFC r234184: Fix error messages containing the executed command name Before, we took the first argument to pam_exec(8). With the addition of options in front of the command, this could be wrong. Now, options are parsed before calling _pam_exec() and messages contain the proper command name. While here, fix a warning. Sponsored by: Yakaz (http://www.yakaz.com)