Commit Graph

212 Commits

Author SHA1 Message Date
kamil df9cced477 Avoid use-after-free bug in PAM environment
Traditional BSD putenv(3) was creating an internal copy of the passed
argument. Unfortunately this was causing memory leaks and was changed by
POSIX to not allocate.

Adapt the putenv(3) usage to modern POSIX (and NetBSD) semantics.
2020-02-08 13:44:35 +00:00
mrg de11d87641 introduce some common variables for use in GCC warning disables:
GCC_NO_FORMAT_TRUNCATION    -Wno-format-truncation (GCC 7/8)
GCC_NO_STRINGOP_TRUNCATION  -Wno-stringop-truncation (GCC 8)
GCC_NO_STRINGOP_OVERFLOW    -Wno-stringop-overflow (GCC 8)
GCC_NO_CAST_FUNCTION_TYPE   -Wno-cast-function-type (GCC 8)

use these to turn off warnings for most GCC-8 complaints.  many
of these are false positives, most of the real bugs are already
commited, or are yet to come.


we plan to introduce versions of (some?) of these that use the
"-Wno-error=" form, which still displays the warnings but does
not make it an error, and all of the above will be re-considered
as either being "fix me" (warning still displayed) or "warning
is wrong."
2019-10-13 07:28:04 +00:00
mrg 2e19323388 add LIBKRB5_LDADD/LIBKRB5_DPADD and their static counterparts
to bsd.prog.mk.  use them instead of hard coding various lists
of libraries for krb5.

this fixes static builds.
2018-02-25 00:16:48 +00:00
shm c4764e65c8 - Added error checks for initgroups(3) and setgroups(2).
- Reorder functions in privilege regain - setgroups(2) should be called after
  seteuid(2).

OK christos@
2015-10-29 11:31:52 +00:00
shm 39d8d23068 Fixed off-by-one in decode_ss (CID 977426)
OK kamil@
2015-10-28 07:27:24 +00:00
shm 805afefc0d Added namelen initialization in getpeername(3) call (CID 979631)
OK kamil@
2015-10-27 14:53:00 +00:00
aymeric 072d5fd039 Remove the syslogging of a dial out login warning based on the tty name, because
the test is sloppy and doesn't correspond to the current naming anyway.
OK gdt@
PR#377 can remain closed.
2014-11-12 22:23:38 +00:00
dholland 19d6c717ae Fix gcc48 build without Kerberos.
While here, rectify related bug where if gethostname() failed, login
would null-terminate uninitialized stack trash and cheerfully pass it
on to kerberos. In this case, revert to "amnesiac" instead.
2014-03-16 00:33:13 +00:00
christos 6e28978d84 fix unused variable warnings 2013-10-18 20:47:06 +00:00
dholland 7899f1dc15 Remove redundant WARNS=5. 2013-08-11 06:32:13 +00:00
christos ec88541aff - use __dead consistently.
- more clang build.
2012-05-19 00:02:44 +00:00
christos b3f77d243b dead for sigint 2012-05-10 01:25:24 +00:00
wiz e8c42d35c6 Add some noreturn attributes for clang. 2012-04-29 01:26:56 +00:00
christos 0827265996 no more KRB5_DEPRECATED 2012-04-24 16:52:26 +00:00
christos 39d6d02b14 last commit before I nuke the old code. 2012-04-24 16:51:19 +00:00
christos 769f2e22f8 move more of the compat code in the compat block. 2012-04-24 16:12:44 +00:00
christos d3fb120e97 don't abuse the instance variable 2012-04-23 21:09:27 +00:00
christos 08935f4cd9 make kerberos work again:
1. make notickets external
2. don't use the tty as part of the credential cache, since pts/1 will not work.
3. Attempt to use the newer functions, but punt for now since it does not work yet.
2012-04-23 20:57:04 +00:00
christos 0c647c7841 remove obsolete comment. 2012-04-23 20:54:40 +00:00
christos 925babedcc fix the USE_KERBEROS=no USE_PAM=no build. 2012-04-23 18:27:15 +00:00
christos dbd9f683e7 centralize error function processing. 2012-04-23 15:07:02 +00:00
martin 6192dc18bf trimusername (which does not exist) probably was meant to be called
trimloginname (which does exist, at least)
2012-04-23 09:27:36 +00:00
christos e694c7c9d0 make krb5 compile again. XXX: one function left that is deprecated, what's
the new equivalent?
2012-04-22 23:26:19 +00:00
plunky 9f61b80465 NULL does not need a cast 2011-08-31 16:24:54 +00:00
elric 07b0c75a48 We no longer need -I/usr/include/krb5. 2011-04-24 21:42:06 +00:00
christos f550d323b5 don't repeat the word login twice (syslog prepends the program name login:) 2009-12-29 20:15:15 +00:00
christos c56d2f766e kill the space in address formatting to match what other daemons do. 2009-12-29 19:27:43 +00:00
christos d74e5fa896 PR/42540: Ed Ravin: /usr/bin/login does not log normal logins, and does not
log ip addresses.
- Factor out the common code in login.c and login_pam.c into common.c
- Always log a login event
- Check passed in sockaddr against the one from getpeername(2).
2009-12-29 19:26:13 +00:00
lukem c1ceae17f0 Enable WARNS=4 by default for usr.bin, except for:
awk  bdes  checknr  compile_et  error  gss  hxtool  kgetcred  kinit
	klist  ldd  less  lex  locale  login  m4  man  menuc  mk_cmds
	mklocale  msgc  openssl  rpcgen  rpcinfo  sdiff  spell  ssh
	string2key  telnet  tn3270  verify_krb5_conf  xlint
2009-04-14 22:15:16 +00:00
ginsbach 66acf4d33d Add newgrp(1) to SEE ALSO cross-reference list. 2008-11-19 17:56:53 +00:00
wiz cc64f2edab Use Nm instead of Xr to itself, remove reference to uucp(1), fix casing
of Kerberos.
2008-11-18 15:52:57 +00:00
reed 3e3e695194 Reference login.conf. 2008-11-18 13:02:51 +00:00
apb f3f295c281 Use ${TOOL_AWK} instead of ${AWK} or plain "awk" in make commands.
Pass AWK=${TOOL_AWK:Q} to shell scripts that use awk.
2008-10-19 22:05:23 +00:00
lukem 98e5374ccb Remove the \n and tabs from the __COPYRIGHT() strings.
Tweak to use a consistent format.
2008-07-21 14:19:20 +00:00
lukem 050e20c6d5 Be consistent about making USE_PAM!=no be exclusive to USE_SKEY!=no. 2008-04-06 09:54:37 +00:00
tls 4147a3c54a Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry.  RedHat has
evidently built all "core system packages" with this option for some time.

This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.

This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros.  Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.

Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default.  Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
2007-05-28 12:06:17 +00:00
christos 81d59b255c PR/36294: De Zeurkous: login(1) -- inconsistent exit behavior on EOF
- Always EXIT_FAILURE when login fails.
- Cleanup fork code in krb5 (old login).
2007-05-09 01:56:25 +00:00
hubertf 48b31403c5 Remove duplicate #includes
From Slava Semushin <slava.semushin@gmail.com>, via private mail
2007-01-17 00:21:43 +00:00
isaki 21b8eaae35 Correct indent. It's important around many #ifdefs. 2007-01-07 10:36:56 +00:00
mrg aa349aa646 s/0/NULL/ for execl*'s last argument. 2006-05-20 10:31:59 +00:00
christos 862fe20f05 GC old signal handling and merge it in 4 places:
1. Immediately ignore all the signals we want to ignore and set the alarm.
    2. Before we exit on error, restore all signals we modified
    3. Before we exec a shell, restore all signals we modified and ignore TSTP.
       Job control aware shells know how to deal with this.
    4. Temporarily handle SIGINT while we read motd.
2006-04-17 16:29:44 +00:00
simonb 372d44b647 Use TABs instead of spaces. 2006-04-06 00:48:14 +00:00
hubertf 517eb6559a Remove unused variable 'salt'
Found by code inspection in one of my classes, not via Coverity :)

OK'd by christos
2006-03-26 16:45:33 +00:00
wiz 54cd24faa5 Get rid of more Kerberos 4 code. 2006-03-23 23:33:28 +00:00
christos f88156c66b PR/33128: Martin Husemann: When login in on the console, SIGABRT is ignored
Both SIGINT and SIGABRT should be restored before executing the shell.
2006-03-22 15:36:49 +00:00
christos 85e611dd01 Goodbye KerberosIV 2006-03-20 04:03:10 +00:00
jnemeth 4be1f2c6fd Fix Coverity run 5, issue 1931 -- memory leak. This was noted as being a
bug by cgilbert.
Approved by christos@.
2006-03-19 22:52:01 +00:00
jnemeth 1a6a87b59b PR/23616: Christian Biere: login might not back-off as expected 2006-03-08 03:09:04 +00:00
jnemeth 2e3c4f59d7 PR/23616: Christian Biere: login might not back-off as expected 2006-03-08 02:49:18 +00:00
jnemeth 99089ba6f8 PR/30923: Zafer Aydogan: pam too verbose
Don't display a different message for root logins on insecure terminals.

Approved by christos@.
2006-03-06 23:06:18 +00:00