summaryrefslogtreecommitdiff
path: root/libexec
AgeCommit message (Collapse)Author
2015-12-02in response to EHLO, don't offer STARTTLS if we already completed theHenning Brauer
STARTTLS dance. ok millert
2015-12-02I misread the standard when adding TLS; clients are supposed to start overHenning Brauer
and issue a new EHLO after STARTTLS. The misunderstaning seems to be common, so we'll still grok MAIL FROM right after the STARTTLS dance, as well as accepting a second EHLO. ok phessler beck millert
2015-12-02fix error messages to say tls_write after tls_write and not tls_read...Henning Brauer
with bluhm
2015-12-01knock out duplicate rcs id;Jason McIntyre
2015-12-01needs utf8.c from the ls tree alsoTheo de Raadt
2015-12-01rpc.rstatd(8) and rpc.rusersd(8) don't run as user nobody for quite some time.Tim van der Molen
2015-12-01Remove superfluous check; "Of course" deraadt@Tim van der Molen
2015-12-01Don't fall back to user nobody if _rusersd doesn't exist; "Of course!" deraadt@Tim van der Molen
2015-11-29Document that the pfdev check for 63 is /dev/fd/ only contains those nodesTheo de Raadt
2015-11-26passwd no longer has an -l flag; ok deraadtJason McIntyre
2015-11-26pledge in login_radius(8).YASUOKA Masahiko
ok deraadt
2015-11-26rpc.yppasswdd goes to the bitbucket.Theo de Raadt
(The story is that some people do use YP still as a libc -> non-file lookup mechanism; some of them with standard ypbind/ypserv, but more of them with ypbind/ypldap. That however does not justify these cruddy tools dealing with passwords, which are more likely to contain problems)
2015-11-26Delete YP password related code. As a result, these can also beTheo de Raadt
pledged. Keep an eye out for regressions, because they could be uncomfortable. ok beck semarie
2015-11-25rename internally to ntalkd, after the binary; this way bothJason McIntyre
"man talkd" and "man ntalkd" work; issue reported by sobrado; fix from schwarze
2015-11-24missing pledge "getpw"Theo de Raadt
2015-11-21zap the yppasswdd mlink, at ingo's behest (its original purpose being,Jason McIntyre
obviously, to provide a drunk spell test);
2015-11-21remove mlinks for aliases: ntalkd, mfs, updatedbJason McIntyre
ok schwarze
2015-11-20Remove login_tis, no one should be using the TIS authenticationTodd C. Miller
server these days.
2015-11-19Call syslog() if login_* pledge fails; OK deraadt@Todd C. Miller
2015-11-18use _shadow getpw functions. these utilities obviously deal with hashes.Ted Unangst
2015-11-16Observe that FIOASYNC clearing for stdin is only done in the case whereTheo de Raadt
getty receives the fd from init, so hoist it upwards. Since revoke(2) is now allowed by pledge "rpath tty", the pledges can be hoisted much higher. ok millert semarie tedu guenther
2015-11-16don't need to ifdef setproctitleTed Unangst
2015-11-15ldd(1) sets environment variable LD_TRACE_LOADED_OBJECTS to tell ld.soTheo de Raadt
that it should show information about the program it loads, rather than run it. In that specific case, ld.so can pledge to "stdio rpath" to ensure that code path in ld.so has no bugs. Yes, a pledge in ld.so.... who'd have thought! ok guenther
2015-11-15pledge "stdio rpath wpath cpath tmppath fattr"Theo de Raadt
ok guenther
2015-11-134-step pledge in a program noone really uses anymore.Theo de Raadt
pledge "stdio inet dns proc exec" at startup. In the logging codepath, "stdio dns proc exec" after getpeername() drop to stdio proc exec(), before fork / execve Parent moving data out of the pipe only needs "stdio"
2015-11-13_exit() in the child; as a result, must use syslog() directly.Theo de Raadt
2015-11-06further PPP reduction, hint from sthenTed Unangst
2015-11-06remove ppplogin support. ok sthenTed Unangst
2015-11-06Fix unloading of load groups when the last reference wasn't on thePhilip Guenther
load_object but rather some descendent. Detect that case in _dl_unload_shlib() and switch to unloading the entire group. Based on partial analyses by Henri Kemppainen (duclare (at) guu.fi) and Peter Hajdu (peter.ferenc.hajdu (at) gmail.com) ok millert@
2015-11-02Remove duplicate declarationPhilip Guenther
2015-11-02Factor out the logic for mprotecting the memory between two symbols intoPhilip Guenther
a new MI routine _dl_protect_segment(), and use that for protecting the GOT and--on some archs--the PLT. Amazing testing turnaround by miod@, who apparently violated relativity to get back results on some archs as fast as he did
2015-11-02Fix typo: s/DT_JUMPREL/DT_JMPREL/Philip Guenther
2015-10-29remove tests for LD_HINTS_VERSION_1; ok kettenisTheo de Raadt
2015-10-25No longer create /var/run/ftpd.pid in daemon mode; OK jung@ jca@Todd C. Miller
2015-10-25unifdef some oldness. (BSD not defined since removal of param.h)Ted Unangst
ok jca sthen
2015-10-25No need to declare pwd_gensalt; it's unused and gone.Antoine Jacoutot
ok tedu@
2015-10-24Don't compile pwd_gensalt, it's not needed since we use crypt_checkpass.Antoine Jacoutot
ok tedu@
2015-10-22Add pledge support to login_yubikey. Much feedback and OK millert@Brandon Mercer
2015-10-22use crypt_checkpass("password", NULL) to fake a login instead of bcryptTed Unangst
2015-10-22use crypt_checkpass to check passwordTed Unangst
2015-10-22use crypt_checkpass instead of doing things the hard way with crypt.Ted Unangst
2015-10-19Delete the empty example file "ftpchroot"; no example is needed.Ingo Schwarze
Move the one useful bit of information contained in the file ("one user name per line") to the ftpd(8) manual page where it belongs. OK deraadt@ sthen@
2015-10-17login_token needs pledge "flock" now.Alexander Bluhm
OK millert@
2015-10-16Hoist clearing of FIOASYNC to much earlier, then getty can useTheo de Raadt
pledge "stdio rpath fattr proc exec tty".
2015-10-16Implement real "flock" request and add it to userland programs thatTodd C. Miller
use pledge and file locking. OK deraadt@
2015-10-15Pledge login_token with "stdio rpath wpath cpath fattr getpw tty".Alexander Bluhm
OK deraadt@
2015-10-14Check mmap and read return values. While at it, remove unused duplicated file.Tobias Stoeckmann
ok millert@
2015-10-14pledge "stdio rpath" is good enough for these mainline BSD auth loginTheo de Raadt
programs. (I am very surprised pledge ended up working for programs like this) ok semarie millert
2015-10-13pledge "stdio rpath wpath cpath fattr"; fattr due to locking code borrowedTheo de Raadt
from mail.local
2015-10-12Call pledge(2) after initial getsockname(2) to avoid "inet" addition.Masao Uebayashi
From & OK deraadt@