src-test2/lib/libpam, branch releng/7.3 FreeBSD source tree https://cgit-dev.freebsd.org/src-test2/atom?h=releng%2F7.3 2011-12-23T15:00:37Z Fix a problem whereby a corrupt DNS record can cause named to crash. [11:06] 2011-12-23T15:00:37Z Colin Percival cperciva@FreeBSD.org 2011-12-23T15:00:37Z urn:sha1:d7071cce137418952864dba0c9c57ee4f858a5d0 Add an API for alerting internal libc routines to the presence of "unsafe" paths post-chroot, and use it in ftpd. [11:07] Fix a buffer overflow in telnetd. [11:08] Make pam_ssh ignore unpassphrased keys unless the "nullok" option is specified. [11:09] Add sanity checking of service names in pam_start. [11:10] Approved by: so (cperciva) Approved by: re (bz) Security: FreeBSD-SA-11:06.bind Security: FreeBSD-SA-11:07.chroot Security: FreeBSD-SA-11:08.telnetd Security: FreeBSD-SA-11:09.pam_ssh Security: FreeBSD-SA-11:10.pam MFC: OpenPAM Hydrangea 2008-01-18T13:29:05Z Dag-Erling Smørgrav des@FreeBSD.org 2008-01-18T13:29:05Z urn:sha1:8acf0a5bc09a79b0d5328d6a2d9dba5eda072b17 MFC: (1.10) correct documentation of ~/.opiealways 2008-01-18T13:28:24Z Dag-Erling Smørgrav des@FreeBSD.org 2008-01-18T13:28:24Z urn:sha1:8cfbe08463cbdf5cedde5a9ef11e79fe31463e90 PR: 117512 MFC: Added MK_INSTALLLIB support and fixed usr.bin/lex/lib/Makefile 2007-10-23T15:41:34Z Ruslan Ermilov ru@FreeBSD.org 2007-10-23T15:41:34Z urn:sha1:9939260597d96c1a04fc83aaab5ab7b08b9d5373 in case of installing with WITHOUT_INSTALLLIB (e.g. in nanobsd(8)). PR: bin/114200 Approved by: re (kensmith) Apply the same error checks to PAM_TTY in pam_sm_close_session() as in 2007-07-22T15:17:29Z Dag-Erling Smørgrav des@FreeBSD.org 2007-07-22T15:17:29Z urn:sha1:f0f1db2e4c62ff89dcf1f4d107eed8c9eebc5e7a pam_sm_open_session(), avoiding false negatives when no tty is present. Submitted by: Todd C. Miller <millert@courtesan.com> Approved by: re (rwatson) MFC after: 2 weeks Whitespace cleanup 2007-07-22T15:14:40Z Dag-Erling Smørgrav des@FreeBSD.org 2007-07-22T15:14:40Z urn:sha1:1173d3bb333b113fb4eb748780c6376ac2d4e57f Approved by: re (rwatson) - Bump share library version which were missed in last bump 2007-06-18T18:47:54Z Rong-En Fan rafan@FreeBSD.org 2007-06-18T18:47:54Z urn:sha1:27cfc42fc526d7b288e692272680ff13f1fd5676 Reported by: jhb Discussed with: deischen, des, doubg, harti Approved by: re (kensmith) Use the current user's login class for the decisions about where 2007-06-14T13:07:06Z Yaroslav Tykhiy ytykhiy@gmail.com 2007-06-14T13:07:06Z urn:sha1:58d6bdcbe0af72d6cdf9c21f917bec3daae906a4 the nologin(5) file is located and whether the user may bypass its restriction. Add some error checks. Approved by: des PR: bin/107612 Now pam_nologin(8) will provide an account management function 2007-06-10T18:57:20Z Yaroslav Tykhiy ytykhiy@gmail.com 2007-06-10T18:57:20Z urn:sha1:9cd40e64b4fb4a559eb67a266f768143086bc5d9 instead of an authentication function. There are a design reason and a practical reason for that. First, the module belongs in account management because it checks availability of the account and does no authentication. Second, there are existing and potential PAM consumers that skip PAM authentication for good or for bad. E.g., sshd(8) just prefers internal routines for public key auth; OTOH, cron(8) and atrun(8) do implicit authentication when running a job on behalf of its owner, so their inability to use PAM auth is fundamental, but they can benefit from PAM account management. Document this change in the manpage. Modify /etc/pam.d files accordingly, so that pam_nologin.so is listed under the "account" function class. Bump __FreeBSD_version (mostly for ports, as this change should be invisible to C code outside pam_nologin.) PR: bin/112574 Approved by: des, re Re-add support for NIS netgroups (heavily modified from patch in PR) 2007-05-25T07:50:18Z Dag-Erling Smørgrav des@FreeBSD.org 2007-05-25T07:50:18Z urn:sha1:ca2ddac3282b17bf838dab9ccb07758c2fcf55aa PR: bin/112955 Submitted by: A. Blake Cooper <blake@cluebie.net> MFC after: 3 weeks