Commit Graph

126 Commits

Author SHA1 Message Date
mycroft ee0dfce003 Make this compile again in an ELF world. 1999-07-30 01:56:49 +00:00
mrg 51a96a002f optionally include CRYPTOPATH Makefile.frag files. 1999-07-20 09:35:18 +00:00
thorpej 9630ed475e Use bsd.crypto.mk. 1999-07-12 22:11:37 +00:00
aidan 3a4abbe0d1 Kerberos5 changes to login -- now supports forwarded TGTs. 1999-07-12 21:36:10 +00:00
christos 9966d744f2 Don't declare login here. It is declared in <util.h> 1999-06-15 14:19:53 +00:00
garbled 9e44e9b578 More and more .Os cleanups. .Os is defined in the tmac.doc-common file,
so we shouldn't override it with versions in the manpages.  Many more to
come.
1999-03-22 18:16:34 +00:00
kim 0d4599522a Build domestic login on domestic systems.
Incorporated (minor) diff from domestic man page.
1999-03-05 01:07:56 +00:00
scottr 8481f548e2 Remove the crypto-related bits until such time as we have a fully-
integrated source tree.  Export-controlled versions of these are now
built during the domestic build process.
1999-02-18 21:22:51 +00:00
fair 0a35ac96da Correct documentation of /etc/nologin to note that it does not
apply to the superuser, per PR#6328.
Correct some nroff nits in the process.
1999-01-13 10:51:07 +00:00
kim 0c127d7cef Show year of last login. 1999-01-11 20:20:54 +00:00
lukem 0e36738ca6 add copyright 1999 1999-01-06 13:51:09 +00:00
tsarna c89a574ffa Execute ttyaction on termination of rlogind/telnetd sessions.
Also, say a little bit about ttyaction in the getty and login manpages.
1998-08-29 17:31:55 +00:00
ross f670fa10c5 Add { and } to shut up egcs. Reformat the more questionable code. 1998-08-25 20:59:36 +00:00
mycroft 55ac0c2da3 const poisoning. 1998-07-26 21:58:46 +00:00
mrg 95b49ba52b do _NOT_ use system(3) in setuid programs. KNF. 1998-07-11 08:12:51 +00:00
mrg 2beab49a06 - use an array MAXHOSTNAMELEN+1 size to hold hostnames
- ensure hostname from gethostname() is nul-terminated in all cases
- minor KNF
- use MAXHOSTNAMELEN over various other values/defines
- be safe will buffers that hold hostnames
1998-07-06 06:45:41 +00:00
fair 3b04f8e0b1 Add .Xr ttyaction 3 per PR#4647 1998-04-10 09:31:55 +00:00
kleink fd366142a3 Need <time.h> for ctime() and time() prototypes. 1998-04-02 10:27:16 +00:00
hubertf 567c3f3e41 Also save groups before chdir($HOME). This fixes a problem pointed
out by Bernd Ernesti with /home/lusers/joe (being uid joe, gid lusers),
with /home/lusers mode 750 and owner root:lusers.
1998-01-16 00:31:53 +00:00
thorpej 974b59d07c Happy new year! 1998-01-07 00:41:43 +00:00
hubertf 5dda445628 Give up special privileges before chdir($HOME) and access(.hushlogin),
fixing PR 4636 by myself with some help from Jason Thorpe.
1997-12-05 08:29:39 +00:00
mrg 6bb686b3be print TNF copyright, like the kernel does. 1997-11-07 20:32:05 +00:00
mycroft 41b9ae035f Use S_IS*(), not S_IF*. 1997-10-19 19:11:56 +00:00
lukem 13ee7130b1 s/bzero/memset 1997-10-19 04:18:46 +00:00
lukem 33b5dd5c52 fix .Nm usage 1997-10-19 04:18:08 +00:00
lukem ca15d8c056 don't define WARNS=1 here 1997-10-19 03:44:21 +00:00
mycroft 83ef48db0a Undo part of the previous; don't allow logins if we've passed pw_change.
The semantics of this are not well documented.  *sigh*
1997-10-12 15:21:24 +00:00
mycroft 97734d5e35 Refuse login only when we've past pw_expire, not pw_change. Check pw_expire
first.
1997-10-12 15:11:24 +00:00
mycroft 879c3292d6 Several things:
* Change the semantics of the `-s' option somewhat.  If specified, allow
either Kerberos or S/Key login, but not a plain password.
* Eliminate the special `s/key' password; just type it at the prompt.
* Remove the root instance special case.  This is a serious security hole
waiting to happen, and no other system works this way.
* Don't force a password change if Kerberos was used.  Also, don't call
/bin/passwd at all if the password change isn't required.
1997-10-12 15:05:24 +00:00
mycroft 2b4b3f1ded SRCS must be defined *before* bsd.prog.mk is included... 1997-10-12 14:07:38 +00:00
mycroft fc2c065578 Get rid of special cases for `s/key' password. 1997-10-12 14:07:06 +00:00
mycroft d91c72fbd3 Minor changes. 1997-10-12 13:10:16 +00:00
mycroft e6751fc584 Minor changes. 1997-10-12 12:54:55 +00:00
mycroft 1434f98d69 If we compile without SKEY, abort if a -s option is used, rather than silently
failing to enforce it.
1997-10-12 12:42:38 +00:00
mycroft 40471d4e79 Pull in bsd.own.mk for SKEY, KERBEROS, KERBEROS5. 1997-10-12 12:39:17 +00:00
mycroft 5171059387 Fix uninitialized variable. 1997-10-12 12:31:40 +00:00
christos 470e6b8604 CFLAGS->CPPFLAGS; Conditionalize SKEY 1997-10-11 19:19:11 +00:00
kleink 66105c37fc Lseek(2) usage cleanup: the use of L_SET/L_INCR/L_XTND is deprecated,
use SEEK_SET/SEEK_CUR/SEEK_END instead.
1997-08-25 19:31:43 +00:00
mycroft 3110c7add1 Various changes to keep up with krb5, mostly addition of the kcontext
structure.  From PR 3826, by Chris Jones.
1997-08-19 17:26:13 +00:00
lukem 049da32c75 * add functionality to `force password change at next login'. to use,
set the pw_change field of the user to -1 (defined in <pwd.h> as
  _PASSWORD_CHGNOW). based on [bin/936] by Simon Gerraty <sjg@quick.com.au>
* clean up for WARNS?=1
1997-08-16 13:50:43 +00:00
mikel 2064aaafaa add comparisons to NULL implicit in my last changes
compare result of getopt() to -1, not EOF
1997-07-11 03:47:53 +00:00
lukem 6840bd89be Don't leak some information (``you have no s/key'').
Only information leaks now are:
* if '-s -s' is used (only allow s/key users, and force s/key use),
  then "login incorrect" will be given if a non-s/key user (or
  non-existant user) attempts to login; no password will be prompted
  for.
  XXX: maybe this should be fixed, but further analysis is required.
* an s/key user will be reminded in the "Password" prompt that they
  have an s/key. Therefore it would be possible to determine if a user
  is active on the machine if they have an s/key.
  XXX: maybe an option is required to control this behaviour
1997-06-29 02:38:25 +00:00
lukem 9c9e83ed7f use _PASSWORD_WARNDAYS from <pwd.h> 1997-06-27 16:42:22 +00:00
lukem 5170144fac Apply [bin/3270] from Simon J. Gerraty <sjg@quick.com.au>, with fixes by me:
* if the user has an s/key, provide a reminder in the password prompt
* if '-s' is given once, force a user that has an s/key to use it
* if '-s' is given more than once, only permit s/key logins
1997-06-25 00:15:04 +00:00
lukem 806ac9275c Install statically linked, as suggested by mrg@eterna.com.au in [bin/1715]. 1997-06-23 12:47:45 +00:00
veego de140ea979 Move stdio.h before skey.h to get the FILE struct. 1997-06-23 11:19:10 +00:00
mikel 63482e654c include <skey.h> for skey function prototypes, add parens for gcc -Wall 1997-06-23 01:20:40 +00:00
mellon 3921fa8412 Prototype everything, fix RCS Id 1997-06-21 04:41:27 +00:00
mouse 650ee578da alternate -> alternative, per PR 2643 1997-03-08 14:13:54 +00:00
mrg 56d95f62f0 remove dangerous sprintf calls. 1997-02-11 08:15:08 +00:00
sommerfe 36da84b7df Longer login name support: use MAXLOGNAME, not UT_NAMESIZE 1996-12-20 20:17:30 +00:00
gwr 6efa6770fc After the chown(ttyn, ...), call ttyaction(ttyn, "login", pwd->pw_name) 1996-11-14 19:28:29 +00:00
explorer e1fa4673e0 Don't display skey error on s/key logins... This gives attackers some
information
1996-09-18 21:23:37 +00:00
mrg 6b86dc1440 use == not =. pr#2449 (aaron) 1996-05-21 22:07:04 +00:00
jtc 01120f4477 Updated to use <util.h>.
From Greg Hudson <ghudson@MIT.EDU>.
1996-05-15 23:46:50 +00:00
jtc 9cffeee5b2 Sync with 4.4lite2 1995-08-31 22:50:22 +00:00
jtc 1a62dfd970 Fix typo, noted by Masanobu Saitoh in PR #1272 1995-07-25 18:16:57 +00:00
brezak f7b66ca83f Use tty as cred file uniquifier. (From Michael Graff) 1995-03-08 19:41:36 +00:00
jtc b412b86505 Merged with 4.4lite.
Changed to conform to NetBSD's new RCS Id convention.
1994-12-23 06:52:56 +00:00
deraadt 80ba474bd2 pr#377: dialup line hack is silly 1994-08-03 10:04:25 +00:00
brezak b491643425 Add support for Kerberos5 authentication. 1994-07-25 21:11:08 +00:00
deraadt 4693d9a138 add s/key support 1994-05-24 06:50:57 +00:00
cgd 2ab4a0ae5c some changes to make Kerberos a bit easier to use. from
Michael Graff <explorer@vorpal.com>, with some work by myself...
1994-03-30 02:49:15 +00:00
jtc 7e06b2a1e2 Fix spelling errors. 1994-01-11 02:21:43 +00:00
mycroft 23cbd7cc0b Oops. Fix typo. 1993-12-02 04:30:47 +00:00
mycroft 7888a80f6c Make sure we check the tty `secure' status even if root has no password.
Suggested by Havard Eidnes <Havard.Eidnes@runit.sintef.no>, but reimplemented
due to bugs in his patch.
Also, don't display `root login refused ...' if the password was mistyped.
1993-12-02 04:24:05 +00:00
cgd 4b30c543a0 always use libcrypt 1993-10-07 02:16:39 +00:00
mycroft e9d867ef50 Add RCS identifiers. 1993-08-01 17:54:45 +00:00
mycroft c3e42d1c64 Add RCS indentifiers. 1993-08-01 07:22:47 +00:00
mycroft 690cae8181 Add RCS indentifiers. 1993-07-31 15:17:49 +00:00
cgd 673442398b update to new version from uunet 1993-04-26 23:13:43 +00:00
cgd 86677cb02a changed to use new libcrypt scheme. 1993-04-26 14:42:34 +00:00
mycroft cbe290f125 Cleanup for GCC 2 and make copyright notice look better. 1993-04-19 07:02:13 +00:00
cgd 7d9faa5403 fixed wfj's trampling on UCB copyright notices. 1993-04-03 01:42:13 +00:00
cgd 649bd7ccc5 added support for using real crypt 1993-03-22 23:27:33 +00:00
cgd 61f282557f initial import of 386bsd-0.1 sources 1993-03-21 09:45:37 +00:00