Page MenuHomeFreeBSD
Differential D4981

Add PAM support for lock(1). This makes "lock -p" actually useful.
ClosedPublic
Actions

Authored by trasz on Jan 18 2016, 1:41 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Apr 20, 2:35 PM
Unknown Object (File)
Sat, Apr 20, 1:33 PM
Unknown Object (File)
Mar 7 2024, 10:48 PM
Unknown Object (File)
Mar 7 2024, 8:52 PM
Unknown Object (File)
Feb 9 2024, 2:49 AM
Unknown Object (File)
Dec 13 2023, 5:45 PM
Unknown Object (File)
Oct 4 2023, 4:55 PM
Unknown Object (File)
Jul 27 2023, 9:27 AM
View All 46 Files
Subscribers
imp

Details

Reviewers
des
Commits
rS329123: Make lock(1) use PAM. This makes the -p option work again. (Well, kind of,

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

trasz updated this revision to Diff 12417.Jan 18 2016, 1:41 PM
trasz retitled this revision from to Add PAM support for lock(1). This makes "lock -p" actually useful..
trasz updated this object.
trasz edited the test plan for this revision. (Show Details)
Herald added a subscriber: imp. · View Herald TranscriptJan 18 2016, 1:41 PM
trasz added a reviewer: des.Jan 18 2016, 1:41 PM
des added inline comments.Aug 5 2017, 3:42 PM
usr.bin/lock/lock.c
74 ↗(On Diff #12417)

PAM isn't optional in FreeBSD, so there is no need for USE_PAM.

144 ↗(On Diff #12417)

PAM is not optional; S/KEY aka OPIE is only supported through PAM.

172–191 ↗(On Diff #12417)

You should probably replace this with getpass() or even openpam_ttyconv() (you can either call it directly or use pam_prompt() if you have a PAM handle, which you can get even if you don't intend to use PAM to unlock).

258–263 ↗(On Diff #12417)

As mentioned earlier, you can use getpass() or openpam_ttyconv() / pam_prompt() here instead of fgets().

trasz updated this revision to Diff 32797.Sep 8 2017, 1:36 PM

Get rid of USE_PAM and do some other cleanups.

Harbormaster completed remote builds in B11431: Diff 32797.Sep 8 2017, 1:36 PM
trasz added inline comments.Sep 8 2017, 1:37 PM
usr.bin/lock/lock.c
172–191 ↗(On Diff #12417)

It's a good idea, but IMHO it's orthogonal to adding PAM support. I'd prefer to do that in a separate patch, especially that it might change the behaviour slightly (getpass() reads from console, the code above reads from standard input; no idea if it could make a practical difference).

trasz marked 2 inline comments as done.Sep 8 2017, 1:37 PM
des added inline comments.Sep 22 2017, 2:15 PM
usr.bin/lock/lock.c
246 ↗(On Diff #32797)

Please use an explicit comparison to 0 as strcmp() is not a predicate.

trasz added inline comments.Oct 3 2017, 12:03 PM
usr.bin/lock/lock.c
246 ↗(On Diff #32797)

Erm, but that's existing code - I'm only removing the "else" clause.

trasz updated this revision to Diff 33650.Oct 3 2017, 12:05 PM

Regenerate; upstream changed a bit.

Harbormaster completed remote builds in B11852: Diff 33650.Oct 3 2017, 12:05 PM
des accepted this revision.Nov 30 2017, 12:07 PM

Approved, but I hope you also find the time to make the other modifications I suggested in a later commit.

This revision is now accepted and ready to land.Nov 30 2017, 12:07 PM
trasz updated this revision to Diff 39155.Feb 10 2018, 7:12 PM

Make tinderbox happy.

This revision now requires review to proceed.Feb 10 2018, 7:12 PM
Harbormaster completed remote builds in B14941: Diff 39155.Feb 10 2018, 7:12 PM
This revision was not accepted when it landed; it landed in state Needs Review.Feb 11 2018, 1:35 PM
Closed by commit rS329123: Make lock(1) use PAM. This makes the -p option work again. (Well, kind of, (authored by trasz). · Explain Why
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
head/
usr.bin/
lock/
2 lines
53 lines

Diff 39179

View Options

head/usr.bin/lock/Makefile

Loading...
View Options

head/usr.bin/lock/lock.c

Loading...