lib: Automated cleanup of cdefs and other formatting

Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.

Remov

lib: Automated cleanup of cdefs and other formatting

Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.

Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/
Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/
Remove /\n+#if.*\n#endif.*\n+/
Remove /^#if.*\n#endif.*\n/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/

Sponsored by: Netflix

show more ...

Remove $FreeBSD$: one-line .c pattern

Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/

pam_exec: fix segfault when authtok is null

According to pam_exec(8), the `expose_authtok` option should be ignored
when the service function is `pam_sm_setcred`. Currently `pam_exec` only
prevent p

pam_exec: fix segfault when authtok is null

According to pam_exec(8), the `expose_authtok` option should be ignored
when the service function is `pam_sm_setcred`. Currently `pam_exec` only
prevent prompt for anth token when `expose_authtok` is set on
`pam_sm_setcred`. This subsequently led to segfault when there isn't an
existing auth token available.

Bug reported on this: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263893

After reading https://reviews.freebsd.org/rS349556 I am not sure if the
default behaviour supposed to be simply not prompt for authentication
token, or is it to ignore the option entirely as stated in the man page.

This patch is therefore only adding an additional NULL check on the item
`pam_get_item` provide, and exit with `PAM_SYSTEM_ERR` when such item is
NULL.

MFC after: 1 week
Reviewed by: des, khng
Differential Revision: https://reviews.freebsd.org/D35169

show more ...

MFH

Sponsored by: Rubicon Communications, LLC (netgate.com)

Merge llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and openmp
release/11.x llvmorg-11.0.0-rc1-47-gff47911ddfc.

MFC after: 6 weeks

Apply tentative fix for clang 11 warning in pam_exec(8):

lib/libpam/modules/pam_exec/pam_exec.c:222:56: error: format specifies type 'char *' but the argument has type 'const void *' [-Werror,-Wform

Apply tentative fix for clang 11 warning in pam_exec(8):

lib/libpam/modules/pam_exec/pam_exec.c:222:56: error: format specifies type 'char *' but the argument has type 'const void *' [-Werror,-Wformat]
if (asprintf(&envstr, "%s=%s", pam_item_env[i].name, item) < 0)
~~ ^~~~

show more ...

MFHead @r350386

Sponsored by: The FreeBSD Foundation

Changes to the expose_password functionality:

- Implement use_first_pass, allowing expose_password to be used by other
service functions than pam_auth() without prompting a second time.

- Don'

Changes to the expose_password functionality:

- Implement use_first_pass, allowing expose_password to be used by other
service functions than pam_auth() without prompting a second time.

- Don't prompt for a password during pam_setcred().

PR: 238041
MFC after: 3 weeks

show more ...

Merge ^/head r338392 through r338594.

For full Linux-PAM compatibility, add a trailing NUL character when
passing the authentication token to the external program.

Approved by: re (kib)
Submitted by: Thomas Munro <munro@ip9.org>
MFC aft

For full Linux-PAM compatibility, add a trailing NUL character when
passing the authentication token to the external program.

Approved by: re (kib)
Submitted by: Thomas Munro <munro@ip9.org>
MFC after: 1 week
Differential Revision: D16950

show more ...

Merge ^/head r337646 through r338014.

lib: Automated cleanup of cdefs and other formatting

Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.

Remov

lib: Automated cleanup of cdefs and other formatting

Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.

Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/
Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/
Remove /\n+#if.*\n#endif.*\n+/
Remove /^#if.*\n#endif.*\n/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/

Sponsored by: Netflix

show more ...

Remove $FreeBSD$: one-line .c pattern

Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/

pam_exec: fix segfault when authtok is null

According to pam_exec(8), the `expose_authtok` option should be ignored
when the service function is `pam_sm_setcred`. Currently `pam_exec` only
prevent p

pam_exec: fix segfault when authtok is null

According to pam_exec(8), the `expose_authtok` option should be ignored
when the service function is `pam_sm_setcred`. Currently `pam_exec` only
prevent prompt for anth token when `expose_authtok` is set on
`pam_sm_setcred`. This subsequently led to segfault when there isn't an
existing auth token available.

Bug reported on this: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263893

After reading https://reviews.freebsd.org/rS349556 I am not sure if the
default behaviour supposed to be simply not prompt for authentication
token, or is it to ignore the option entirely as stated in the man page.

This patch is therefore only adding an additional NULL check on the item
`pam_get_item` provide, and exit with `PAM_SYSTEM_ERR` when such item is
NULL.

MFC after: 1 week
Reviewed by: des, khng
Differential Revision: https://reviews.freebsd.org/D35169

show more ...

MFH

Sponsored by: Rubicon Communications, LLC (netgate.com)

Merge llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and openmp
release/11.x llvmorg-11.0.0-rc1-47-gff47911ddfc.

MFC after: 6 weeks

Apply tentative fix for clang 11 warning in pam_exec(8):

lib/libpam/modules/pam_exec/pam_exec.c:222:56: error: format specifies type 'char *' but the argument has type 'const void *' [-Werror,-Wform

Apply tentative fix for clang 11 warning in pam_exec(8):

lib/libpam/modules/pam_exec/pam_exec.c:222:56: error: format specifies type 'char *' but the argument has type 'const void *' [-Werror,-Wformat]
if (asprintf(&envstr, "%s=%s", pam_item_env[i].name, item) < 0)
~~ ^~~~

show more ...

MFHead @r350386

Sponsored by: The FreeBSD Foundation

Changes to the expose_password functionality:

- Implement use_first_pass, allowing expose_password to be used by other
service functions than pam_auth() without prompting a second time.

- Don'

Changes to the expose_password functionality:

- Implement use_first_pass, allowing expose_password to be used by other
service functions than pam_auth() without prompting a second time.

- Don't prompt for a password during pam_setcred().

PR: 238041
MFC after: 3 weeks

show more ...

Merge ^/head r338392 through r338594.

For full Linux-PAM compatibility, add a trailing NUL character when
passing the authentication token to the external program.

Approved by: re (kib)
Submitted by: Thomas Munro <munro@ip9.org>
MFC aft

For full Linux-PAM compatibility, add a trailing NUL character when
passing the authentication token to the external program.

Approved by: re (kib)
Submitted by: Thomas Munro <munro@ip9.org>
MFC after: 1 week
Differential Revision: D16950

show more ...

Merge ^/head r337646 through r338014.

Add support for Linux-PAM's badly named expose_authtok option.

Submitted by: Thomas Munro <munro@ip9.org>
MFC after: 1 week
Differential Revision: D16171

lib: further adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 2-Clause license, however the tool I
was using mis-identified many licenses so this was mostly a manual - error
pr

lib: further adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 2-Clause license, however the tool I
was using mis-identified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

show more ...

Add options to capture stdout and / or stderr and pass the output on
to the user. There is currently no buffering, so the result may be
somewhat unpredictable if the conversation function adds a new

Add options to capture stdout and / or stderr and pass the output on
to the user. There is currently no buffering, so the result may be
somewhat unpredictable if the conversation function adds a newline,
like openpam_ttyconv() does.

Clean up and simplify the environment handling code, which triggered
an inexplicable bug on some systems.

MFC after: 2 weeks

show more ...