Commit Graph

187 Commits

Author SHA1 Message Date
wiz 3408fd1acc Use getprogname(); add -F to usage. From Kouichirou Hiratsuka in PR 26222. 2004-07-13 11:56:24 +00:00
lukem 32e6b841fb Generate the copyright string from sys/conf/copyright rather than
replicating it here.  Idea from Simon Burge.
2004-01-05 03:53:10 +00:00
mycroft a9866938b5 Welcome to 2004! 2004-01-01 00:00:05 +00:00
dyoung 4758291178 Fix the checkflist for builds without Kerberos 4 (MKKERBEROS4=no)
and without Kerberos 4 & 5 (MKKERBEROS=no). Previously checkflist
complained of missing files.

* move kerberos- and kerberos 4-only files into new flists,
  distrib/sets/lists/*/krb.*

* make the flist generators grok MKKERBEROS{,4} variables

* fix Makefiles which treat MKKERBEROS=no as MKKERBEROS5=no.
  9 out of 10 experts agree that it is ludicrous to build w/
  KERBEROS4 and w/o KERBEROS5.

* fix header files, also, which treat MKKERBEROS=no as MKKERBEROS5=no.

* omit some Kerberos-only subdirectories from the build as
  MKKERBEROS{,4} indicate

(I acknowledge the sentiment that flists are the wrong way to go,
and that the makefiles should produce the metalog directly.  That
sounds to me like the right way to go, but I am not prepared to do
revamp all the makefiles.  While my approach is expedient, it fits
painlessly within the current build architecture until we are
delivered from flist purgatory, and it does not postpone our
delivery. Fair enough?)
2003-12-11 09:46:26 +00:00
itojun 53284b73d0 snprintf() terminates string with \0, so there's no need for "sizeof(x)-1". 2003-10-16 05:31:47 +00:00
wiz 31fd31ccf7 Make getlastlogx have the pathname to the lastlogx database as first
argument, to be consistent with updlastlogx.

Approved by christos, reviewed by kleink.

[The lastlogxname function should not be used any longer.]
2003-08-26 16:48:32 +00:00
lha afad8d1f7c libkrb depends on libdes, patch in private mail from
Harold Gutch logix at foobar franken de
2003-08-23 23:03:42 +00:00
agc 89aaa1bb64 Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22365, verified by myself.
2003-08-07 11:13:06 +00:00
itojun adeab29eca include des.h, not kerberosIV/des.h 2003-07-23 20:31:18 +00:00
itojun e63468d8cc split MKKERBEROS4 from MKKERBEROS. based on work by lha at stacken.kth.se
(build confirmed with both MKKERBEROS4=yes and MKKERBEROS4=no)
2003-07-23 08:01:24 +00:00
itojun 01b2c2d070 simplify by asprintf/strdup 2003-05-15 00:52:53 +00:00
perry a3acb5bc30 facilty->facility, from Igor Sobrado in PR 19670 2003-03-29 18:05:29 +00:00
mycroft d73e77b28c Update copyright notice. 2003-01-01 00:00:13 +00:00
itojun 9593086444 use strlcpy 2002-11-16 04:34:13 +00:00
itojun e91a21c27c add DPADD. 2002-10-23 01:25:35 +00:00
itojun 7798fe3a64 disallow users from alter log file entries by using "login foo".
from xs@kittenz.org
2002-09-25 03:45:32 +00:00
itojun 129dc41857 make sure to use %s on printf format string. xs@kittenz.org 2002-09-20 21:01:31 +00:00
itojun 2994867f8f remove debugging message leftover 2002-07-30 14:37:38 +00:00
christos 51de4d82f7 make this compile without SUPPORT_UTMPX 2002-07-27 22:58:07 +00:00
christos 48715dcc0c Factor out the utmp/wtmp/lastlog updating and add utmpx/wtmpx/lastlogx updating.
Both are turned on for now.
2002-07-27 20:10:32 +00:00
thorpej 9c33b55e7c Split the notion of building Hesiod, Kerberos, S/key, and YP
infrastructure and using that infrastructure in programs.

	* MKHESIOD, MKKERBEROS, MKSKEY, and MKYP control building
	  of the infratsructure (libraries, support programs, etc.)

	* USE_HESIOD, USE_KERBEROS, USE_SKEY, and USE_YP control
	  building of support for using the corresponding API
	  in various libraries/programs that can use it.

As discussed on tech-toolchain.
2002-03-22 18:10:19 +00:00
joda 4929305fb3 when creating a v4 ticket file, name it after the users uid, not our
current (should finally fix bin/13040)
2002-02-20 08:17:17 +00:00
perry 57ff912445 Happy New Year! 2002-01-01 09:27:53 +00:00
assar 2a2aa85a8d update infrastructure for krb4 1.1 and heimdal 0.4e 2001-09-17 12:34:40 +00:00
assar 66bcd97e0c implement 5to4 (getting v4 tickets from the v5 ones)
from the patch in bin/13040 by lha@stacken.kth.se (slightly modified)
2001-09-10 00:02:29 +00:00
wiz 2e8e67fc3f Sort SEE ALSO section, and correct section for kerberos (1 -> 8). 2001-04-04 09:37:51 +00:00
pk 992d55d2a8 * Use krb5_warn() instead of non-functional com_err().
* knf patrol
* De-__P()
2001-01-19 21:55:19 +00:00
cgd d594ce939b comment or delete text after CPP directives. 2001-01-16 02:50:27 +00:00
lukem 8ea781a956 LOG_ODELAY is deprecated. use LOG_ERR for fatal errors 2001-01-10 12:24:38 +00:00
lukem df21faf565 don't need to specify facility LOG_AUTH as it's the default 2001-01-10 12:23:57 +00:00
thorpej eb80878b1b Happy new year! 2001-01-01 20:18:34 +00:00
wiz de67766c6a Don't strcpy the contents of an environment variable into a fixed-size
buffer, use strlcpy instead. Should fix security/11550.
2000-12-05 02:19:23 +00:00
aidan 631ff3454c Replace all calls to 'error_message()' with 'krb5_get_err_text()', since
error_message() does not seem to display meaningful information, under
Heimdal.
2000-10-28 03:51:26 +00:00
simonb 9b22175a26 Remove INSTALLFLAGS=-fschg, as per change to usr.bin/ssh/ssh/Makefile. 2000-10-18 00:24:18 +00:00
aidan b84b9c883a Check retrieved TGT against local keytab, if it exists. 2000-09-01 03:12:20 +00:00
thorpej d35819d6e3 krb5_get_in_tkt() (called by krb5_get_in_tkt_with_password()) may
eventually call krb5_free_principal() via krb5_free_creds_contents(),
(when it succeeds, in particular).  Check for the creds.server
already being freed, and don't free it again.
2000-08-09 17:44:18 +00:00
assar 6d7f2da1a1 remove -lvers, it's not used 2000-08-03 22:56:29 +00:00
assar 549a4d9cdc update build infrastructure for heimdal 0.3a 2000-08-03 04:02:29 +00:00
thorpej 3b5855e58d Don't syslog that krb5_init_context() failed if it failed due
to Kerberos not being configured on the system.
2000-08-02 16:51:17 +00:00
thorpej 9e2765e474 If neither Kerberos IV or Kerberos V are configured, don't
issue "Warning: no Kerberos tickets issued."
2000-08-02 05:58:35 +00:00
thorpej 676ddec5ac skey_keyinfo() returns const. 2000-07-28 16:36:53 +00:00
mycroft 98987090cb Fix library order. 2000-07-23 22:23:14 +00:00
ad 682d5ce7b8 Xr passwd.conf 2000-07-11 12:12:53 +00:00
thorpej df83a2a3cd Add MK... variables to enable/disable various aspects of building
crypto support into the system.  See share/mk/bsd.README for more
a full description.
2000-06-23 06:01:10 +00:00
thorpej e7d6b96938 Merge a bunch of things from crypto-us and crypto-intl into basesrc,
adding support for Heimdal/KTH Kerberos where easy to do so.  Eliminate
bsd.crypto.mk.

There is still a bunch more work to do, but crypto is now more-or-less
fully merged into the base NetBSD distribution.
2000-06-20 06:00:24 +00:00
aidan dbb0b2f74d Backout login_get_kconf function, because it breaks crypto-intl builds.
Keep the variables for setting default behaviour with krb4 and krb5
compiled in, even though they act like constants, to facilitate adding
another preference mechanism later.
2000-06-02 03:01:22 +00:00
aidan 39d1e5b7fd Allow krb5 and krb4 to be compiled in to the same login binary at once,
krb5 can request a forwardable TGT,
can get both krb4 and krb5 tickets, if explicitely configured to do so
by the krb5.conf.
2000-05-30 06:56:16 +00:00
enami 1d82270b8c - For root, if ignorenologin is set in login.conf, don't call
checknologin (previously, checknologin is called if ignorenologin is set).
- For non-root user, make ignorenologin take effect.
2000-03-07 14:11:22 +00:00
enami 6dccad067d Cosmetic changes. 2000-03-07 13:59:19 +00:00
aidan d6bf7fdb89 Move include/kerberosIV/com_err.h to include/com_err.h. 2000-02-14 03:21:02 +00:00
aidan 0c25a9e4d1 Patch from assar@netbsd.org to make k5login.c work with both MIT and Heimdal
kerberos trees.
2000-02-14 03:17:43 +00:00
mjl b3204d536b Add login_getpwclass to libutil as convenience function for
programs originally for FreeBSD.
Add parsing of "setenv" parameter which can be used to set
up an initial environment on login.
2000-02-04 02:17:14 +00:00
mjl 8e380b472c Removed some fallback cases since that is now done in libutil. 2000-01-22 09:48:52 +00:00
mjl eb1d660e28 Clean up changes a bit. 2000-01-13 12:43:19 +00:00
mjl 07053cf7c1 Re-enable login_cap processing, now that a non-existing login.conf
won't make it crash. Also make it less noisy in that case.
2000-01-13 06:52:47 +00:00
mjl cfdb7e0720 Ack. Disable login caps, until problems are fixed. 2000-01-13 06:30:31 +00:00
mjl 4863ee6f07 Add login.conf capability setting. 2000-01-13 06:17:56 +00:00
billc 7ad9ba975f copyright year change (thanks cgd) so we emit , 2000 now. 2000-01-07 00:00:37 +00:00
aidan 1cda1876da Fixed 'login in free' warning in kdestroy(). 1999-12-26 17:47:18 +00:00
aidan 5375ac8703 Made login continue without kerberos when there is no krb5.conf present
(and KERBEROS5 is defined).
1999-12-05 23:39:11 +00:00
christos f5241efcfa make this compile.... 1999-08-25 19:58:15 +00:00
mycroft ee0dfce003 Make this compile again in an ELF world. 1999-07-30 01:56:49 +00:00
mrg 51a96a002f optionally include CRYPTOPATH Makefile.frag files. 1999-07-20 09:35:18 +00:00
thorpej 9630ed475e Use bsd.crypto.mk. 1999-07-12 22:11:37 +00:00
aidan 3a4abbe0d1 Kerberos5 changes to login -- now supports forwarded TGTs. 1999-07-12 21:36:10 +00:00
christos 9966d744f2 Don't declare login here. It is declared in <util.h> 1999-06-15 14:19:53 +00:00
garbled 9e44e9b578 More and more .Os cleanups. .Os is defined in the tmac.doc-common file,
so we shouldn't override it with versions in the manpages.  Many more to
come.
1999-03-22 18:16:34 +00:00
kim 0d4599522a Build domestic login on domestic systems.
Incorporated (minor) diff from domestic man page.
1999-03-05 01:07:56 +00:00
scottr 8481f548e2 Remove the crypto-related bits until such time as we have a fully-
integrated source tree.  Export-controlled versions of these are now
built during the domestic build process.
1999-02-18 21:22:51 +00:00
fair 0a35ac96da Correct documentation of /etc/nologin to note that it does not
apply to the superuser, per PR#6328.
Correct some nroff nits in the process.
1999-01-13 10:51:07 +00:00
kim 0c127d7cef Show year of last login. 1999-01-11 20:20:54 +00:00
lukem 0e36738ca6 add copyright 1999 1999-01-06 13:51:09 +00:00
tsarna c89a574ffa Execute ttyaction on termination of rlogind/telnetd sessions.
Also, say a little bit about ttyaction in the getty and login manpages.
1998-08-29 17:31:55 +00:00
ross f670fa10c5 Add { and } to shut up egcs. Reformat the more questionable code. 1998-08-25 20:59:36 +00:00
mycroft 55ac0c2da3 const poisoning. 1998-07-26 21:58:46 +00:00
mrg 95b49ba52b do _NOT_ use system(3) in setuid programs. KNF. 1998-07-11 08:12:51 +00:00
mrg 2beab49a06 - use an array MAXHOSTNAMELEN+1 size to hold hostnames
- ensure hostname from gethostname() is nul-terminated in all cases
- minor KNF
- use MAXHOSTNAMELEN over various other values/defines
- be safe will buffers that hold hostnames
1998-07-06 06:45:41 +00:00
fair 3b04f8e0b1 Add .Xr ttyaction 3 per PR#4647 1998-04-10 09:31:55 +00:00
kleink fd366142a3 Need <time.h> for ctime() and time() prototypes. 1998-04-02 10:27:16 +00:00
hubertf 567c3f3e41 Also save groups before chdir($HOME). This fixes a problem pointed
out by Bernd Ernesti with /home/lusers/joe (being uid joe, gid lusers),
with /home/lusers mode 750 and owner root:lusers.
1998-01-16 00:31:53 +00:00
thorpej 974b59d07c Happy new year! 1998-01-07 00:41:43 +00:00
hubertf 5dda445628 Give up special privileges before chdir($HOME) and access(.hushlogin),
fixing PR 4636 by myself with some help from Jason Thorpe.
1997-12-05 08:29:39 +00:00
mrg 6bb686b3be print TNF copyright, like the kernel does. 1997-11-07 20:32:05 +00:00
mycroft 41b9ae035f Use S_IS*(), not S_IF*. 1997-10-19 19:11:56 +00:00
lukem 13ee7130b1 s/bzero/memset 1997-10-19 04:18:46 +00:00
lukem 33b5dd5c52 fix .Nm usage 1997-10-19 04:18:08 +00:00
lukem ca15d8c056 don't define WARNS=1 here 1997-10-19 03:44:21 +00:00
mycroft 83ef48db0a Undo part of the previous; don't allow logins if we've passed pw_change.
The semantics of this are not well documented.  *sigh*
1997-10-12 15:21:24 +00:00
mycroft 97734d5e35 Refuse login only when we've past pw_expire, not pw_change. Check pw_expire
first.
1997-10-12 15:11:24 +00:00
mycroft 879c3292d6 Several things:
* Change the semantics of the `-s' option somewhat.  If specified, allow
either Kerberos or S/Key login, but not a plain password.
* Eliminate the special `s/key' password; just type it at the prompt.
* Remove the root instance special case.  This is a serious security hole
waiting to happen, and no other system works this way.
* Don't force a password change if Kerberos was used.  Also, don't call
/bin/passwd at all if the password change isn't required.
1997-10-12 15:05:24 +00:00
mycroft 2b4b3f1ded SRCS must be defined *before* bsd.prog.mk is included... 1997-10-12 14:07:38 +00:00
mycroft fc2c065578 Get rid of special cases for `s/key' password. 1997-10-12 14:07:06 +00:00
mycroft d91c72fbd3 Minor changes. 1997-10-12 13:10:16 +00:00
mycroft e6751fc584 Minor changes. 1997-10-12 12:54:55 +00:00
mycroft 1434f98d69 If we compile without SKEY, abort if a -s option is used, rather than silently
failing to enforce it.
1997-10-12 12:42:38 +00:00
mycroft 40471d4e79 Pull in bsd.own.mk for SKEY, KERBEROS, KERBEROS5. 1997-10-12 12:39:17 +00:00
mycroft 5171059387 Fix uninitialized variable. 1997-10-12 12:31:40 +00:00
christos 470e6b8604 CFLAGS->CPPFLAGS; Conditionalize SKEY 1997-10-11 19:19:11 +00:00
kleink 66105c37fc Lseek(2) usage cleanup: the use of L_SET/L_INCR/L_XTND is deprecated,
use SEEK_SET/SEEK_CUR/SEEK_END instead.
1997-08-25 19:31:43 +00:00
mycroft 3110c7add1 Various changes to keep up with krb5, mostly addition of the kcontext
structure.  From PR 3826, by Chris Jones.
1997-08-19 17:26:13 +00:00