Commit Graph

189 Commits

Author SHA1 Message Date
plunky 9f61b80465 NULL does not need a cast 2011-08-31 16:24:54 +00:00
elric 07b0c75a48 We no longer need -I/usr/include/krb5. 2011-04-24 21:42:06 +00:00
christos f550d323b5 don't repeat the word login twice (syslog prepends the program name login:) 2009-12-29 20:15:15 +00:00
christos c56d2f766e kill the space in address formatting to match what other daemons do. 2009-12-29 19:27:43 +00:00
christos d74e5fa896 PR/42540: Ed Ravin: /usr/bin/login does not log normal logins, and does not
log ip addresses.
- Factor out the common code in login.c and login_pam.c into common.c
- Always log a login event
- Check passed in sockaddr against the one from getpeername(2).
2009-12-29 19:26:13 +00:00
lukem c1ceae17f0 Enable WARNS=4 by default for usr.bin, except for:
awk  bdes  checknr  compile_et  error  gss  hxtool  kgetcred  kinit
	klist  ldd  less  lex  locale  login  m4  man  menuc  mk_cmds
	mklocale  msgc  openssl  rpcgen  rpcinfo  sdiff  spell  ssh
	string2key  telnet  tn3270  verify_krb5_conf  xlint
2009-04-14 22:15:16 +00:00
ginsbach 66acf4d33d Add newgrp(1) to SEE ALSO cross-reference list. 2008-11-19 17:56:53 +00:00
wiz cc64f2edab Use Nm instead of Xr to itself, remove reference to uucp(1), fix casing
of Kerberos.
2008-11-18 15:52:57 +00:00
reed 3e3e695194 Reference login.conf. 2008-11-18 13:02:51 +00:00
apb f3f295c281 Use ${TOOL_AWK} instead of ${AWK} or plain "awk" in make commands.
Pass AWK=${TOOL_AWK:Q} to shell scripts that use awk.
2008-10-19 22:05:23 +00:00
lukem 98e5374ccb Remove the \n and tabs from the __COPYRIGHT() strings.
Tweak to use a consistent format.
2008-07-21 14:19:20 +00:00
lukem 050e20c6d5 Be consistent about making USE_PAM!=no be exclusive to USE_SKEY!=no. 2008-04-06 09:54:37 +00:00
tls 4147a3c54a Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry.  RedHat has
evidently built all "core system packages" with this option for some time.

This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.

This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros.  Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.

Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default.  Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
2007-05-28 12:06:17 +00:00
christos 81d59b255c PR/36294: De Zeurkous: login(1) -- inconsistent exit behavior on EOF
- Always EXIT_FAILURE when login fails.
- Cleanup fork code in krb5 (old login).
2007-05-09 01:56:25 +00:00
hubertf 48b31403c5 Remove duplicate #includes
From Slava Semushin <slava.semushin@gmail.com>, via private mail
2007-01-17 00:21:43 +00:00
isaki 21b8eaae35 Correct indent. It's important around many #ifdefs. 2007-01-07 10:36:56 +00:00
mrg aa349aa646 s/0/NULL/ for execl*'s last argument. 2006-05-20 10:31:59 +00:00
christos 862fe20f05 GC old signal handling and merge it in 4 places:
1. Immediately ignore all the signals we want to ignore and set the alarm.
    2. Before we exit on error, restore all signals we modified
    3. Before we exec a shell, restore all signals we modified and ignore TSTP.
       Job control aware shells know how to deal with this.
    4. Temporarily handle SIGINT while we read motd.
2006-04-17 16:29:44 +00:00
simonb 372d44b647 Use TABs instead of spaces. 2006-04-06 00:48:14 +00:00
hubertf 517eb6559a Remove unused variable 'salt'
Found by code inspection in one of my classes, not via Coverity :)

OK'd by christos
2006-03-26 16:45:33 +00:00
wiz 54cd24faa5 Get rid of more Kerberos 4 code. 2006-03-23 23:33:28 +00:00
christos f88156c66b PR/33128: Martin Husemann: When login in on the console, SIGABRT is ignored
Both SIGINT and SIGABRT should be restored before executing the shell.
2006-03-22 15:36:49 +00:00
christos 85e611dd01 Goodbye KerberosIV 2006-03-20 04:03:10 +00:00
jnemeth 4be1f2c6fd Fix Coverity run 5, issue 1931 -- memory leak. This was noted as being a
bug by cgilbert.
Approved by christos@.
2006-03-19 22:52:01 +00:00
jnemeth 1a6a87b59b PR/23616: Christian Biere: login might not back-off as expected 2006-03-08 03:09:04 +00:00
jnemeth 2e3c4f59d7 PR/23616: Christian Biere: login might not back-off as expected 2006-03-08 02:49:18 +00:00
jnemeth 99089ba6f8 PR/30923: Zafer Aydogan: pam too verbose
Don't display a different message for root logins on insecure terminals.

Approved by christos@.
2006-03-06 23:06:18 +00:00
jnemeth a2645cdaf4 PR/31059: Zafer Aydogan: login too verbose
Don't display a different message for root login on insecure terminal.

Approved by christos@.
2006-03-06 22:59:27 +00:00
christos 63780e0b44 Propagate change from login.c where if getpeername succeeded, then we have
the sockaddr from the remote peer.
2006-02-20 05:05:16 +00:00
christos 539c95af37 PR/32873: Johan Veenhuizen: login(1) does not initialize lastlogx struct
properly
2006-02-19 00:48:34 +00:00
christos e551462e89 PR/32870: Johan Veenhuizen: login(1) does not obey .hushlogin 2006-02-19 00:12:36 +00:00
wiz 5cc6a637b8 Prefer mdoc markup to roff. 2005-11-08 18:54:15 +00:00
wiz 07006c8815 Remove trailing whitespace. 2005-11-08 17:59:45 +00:00
christos 4f38beeb43 Update documentation for pam, and don't accept flags that we don't support
anymore.
2005-11-01 15:47:43 +00:00
christos c9f5645213 use getgrnam_r; from Jon Nemeth 2005-09-21 12:24:11 +00:00
matt 0e46a38f38 Terminate variable argument list with NULL, not 0. 2005-04-25 01:33:03 +00:00
lukem 9830ed3053 Safety boots: don't depend upon getpwnam_r() to set pwd to NULL on all
failures, especially as we're ignoring the return result.
2005-04-19 03:40:58 +00:00
christos cc3c0f2c9c Don't report that we don't know the username. We don't want to give out
more information that we need to.
2005-04-03 06:56:39 +00:00
christos 13f609d284 - use getpwnam_r
- KNF
2005-03-30 01:30:21 +00:00
jmmv f9774bdb30 Add a colon before %m in calls to syslog(3) for consistency with other
messages in this same file and in many other tools.
2005-03-29 17:00:21 +00:00
tron f4d67200a3 Make S/Key prompt compliant with RFC 2289. Patch supplied by Dave Huang
in PR bin/23167.
2005-03-20 13:20:07 +00:00
he 8e8728c45c Introduce PAM_STATIC_LDADD and PAM_STATIC_DPADD. When compiling
with MKPIC=no, possibly because the target does not support shared
libraries, these include libraries required to resolve all symbols
which end up referenced from PAM-using applications.  The libraries
presently required are -lcrypt, -lrpcsvc and -lutil.

Add use of these variables which are currently set up to use PAM,
so that they compile when MKPIC=no.

Also, in the telnetd case, reorder the order of the libraries, so
that libtelnet.a comes before -ltermcap and -lutil, again to fix
link error when MKPIC=no.

Discussed with thorpej and christos.
2005-03-04 20:41:08 +00:00
christos 3f0344e8e8 1. Restore missing tty action.
2. Pass the nested user name to pam.
3. always try to fill in sockaddr.
2005-03-03 02:06:16 +00:00
christos 10cd3dcdb4 - use F_CLOSEM instead of walking the fd list
- determine pty name properly for ptyfs ptys
- use setproctitle(NULL) to kill our args
2005-02-28 16:13:02 +00:00
christos 70a8501f05 - deal with ptyfs pty names.
- put back chown pty code.
- use setproctitle(NULL) to kill our argument display.
- don't wait for any pid, just the one we forked.
2005-02-28 16:11:36 +00:00
christos c641ee7f72 Add setting of PAM_SOCKADDR. 2005-02-01 17:57:16 +00:00
manu 3113fa979d Add PAM support to login(8) 2005-01-23 09:47:43 +00:00
xtraeme a35b6d287f Kill __P(), ANSIfy, remove main() prototype, whitespace; WARNS=2 2005-01-20 15:41:14 +00:00
xtraeme 61ae8d8c7b Kill __P() and ANSIfy, ok christos. 2005-01-12 05:34:23 +00:00
lha c2e518e56e Only include Kerberos 4 headers when compiling in a Kerberos enviroment
From Jukka Salmi in NetBSD PR misc/28727
2004-12-22 01:28:56 +00:00