Commit Graph

367 Commits

Author SHA1 Message Date
Mark Murray
804b0f979a Remove a GCC specifig CFLAG. We should be using WARNS=? for this.
WARNS=? is not added here at this point, because I've not tested
it on enough platforms, and I don't want to break builds.
2003-10-18 09:58:39 +00:00
Ruslan Ermilov
743d5d518c mdoc(7): Properly mark C headers. 2003-09-10 19:24:35 +00:00
David E. O'Brien
4f4a104ee8 style.Makefile(5) 2003-08-18 15:25:39 +00:00
Gordon Tetlow
41d8423f71 Stage 3 of dynamic root support. Make all the libraries needed to run
binaries in /bin and /sbin installed in /lib. Only the versioned files
reside in /lib, the .so symlink continues to live /usr/lib so the
toolchain doesn't need to be modified.
2003-08-17 08:28:46 +00:00
Mark Murray
0ebec5d3c8 Tidy up. Sort headers. 2003-06-14 18:42:37 +00:00
Murray Stokely
eb8b21f78b Backout last commit. It is redundant in -CURRENT.
Pointed out by:	David Schultz
2003-05-05 06:25:03 +00:00
Murray Stokely
d8082d11aa Note that the idletime setting is not enforced.
PR:		docs/40952
MFC After:	3 days
2003-05-04 21:35:41 +00:00
Murray Stokely
df788a526f Document the login-backoff and login-retries capabilities.
PR:		docs/51397
MFC After:	3 days
2003-05-04 06:43:24 +00:00
Tom Rhodes
6c4e78ae1a Add vmemoryuse to the list.
PR:		50796
Submitted by:	Dmitry Sivachenko <mitya@cavia.pp.ru>
2003-04-26 15:15:05 +00:00
Dag-Erling Smørgrav
b7d6bb0833 Brucify. 2003-04-10 10:26:18 +00:00
Dag-Erling Smørgrav
e7d9d9217c Correctly detect the case where a password entry was changed while we were
preparing to edit it.

PR:		bin/50563
2003-04-09 18:20:51 +00:00
Dag-Erling Smørgrav
e947f78c16 Apply the correct fix for bin/50679: don't mess around with process groups
or the tty, just block selected signals in the parent like system(3) does.
Many thanks to bde for his assistance in finding the correct solution.

PR:		bin/50679
2003-04-09 16:39:47 +00:00
Dag-Erling Smørgrav
c794881f8c Band-aid for the "^C kills the editor" problem. I haven't yet found the
proper way to fix this.  The way this works is to prepend "exec " to
the editor command to eliminate the "shell in the middle" which prevents
us from properly reawakening the editor after a SIGTSTP.

PR:		bin/50679
2003-04-08 18:04:30 +00:00
Philippe Charnier
0552350ecc The .Fn function 2003-03-24 16:02:05 +00:00
David Schultz
5d907c3dd2 Make pw_edit() use /bin/sh to interpret the EDITOR environment
variable.

PR:		48748
Reviewed by:	mike (mentor)
2003-03-17 02:12:55 +00:00
David Schultz
9c04284549 Re-document unimplemented capabilities that were removed in the last
revision of this file, but note that they are not supported in the
base system.

Requested by:	ache
Reviewed by:	ache, mike (mentor)
2003-03-05 00:21:35 +00:00
David Schultz
9f7b7e45d1 - Document the fact that we now use pam_passwdqc(8) to check
password quality, not login.conf(5).
- Move warnexpire and warnpasswd from the ``Accounting Limits''
  section to ``Authentication'', and nix everything else in the
  former section.  The accounting knobs are not available in
  the base system, and the subset of them available in ports
  should be documented in the ports' manpages.

PR:		47960
Reviewed by:	mike (mentor), doc
2003-03-03 05:09:24 +00:00
Ruslan Ermilov
522ccf3f35 mdoc(7) police: markup laundry. 2003-02-23 01:47:49 +00:00
Andrey A. Chernov
5fe03aba37 Now return NULLified struct in case of empty config file
(previous variant return NULL pointer for both empty file case and error case,
so caller can't sense error properly).

It not affect existen programs because property_find() now returns NULL
for both NULL pointer and NULLified struct.
2003-01-27 03:39:33 +00:00
Andrey A. Chernov
33a155e400 Handle read errors 2003-01-27 03:14:04 +00:00
Andrey A. Chernov
779092a489 Add (unsigned char) cast to ctype macros
Handle NULL return from malloc and strdup
2003-01-19 03:05:01 +00:00
Jens Schweikhardt
d64ada501a Fix typos, mostly s/ an / a / where appropriate and a few s/an/and/
Add FreeBSD Id tag where missing.
2002-12-30 21:18:15 +00:00
Jens Schweikhardt
57bd0fc6e8 english(4) police. 2002-12-27 12:15:40 +00:00
Chris Costello
2db19028d3 Document the `label' capability.
Approved by:	re
Sponsored by:	DARPA, Network Associates Labs
Obtained from:	TrustedBSD Project
2002-11-22 22:22:10 +00:00
Peter Wemm
f316609eb4 Oops. Some ut_time stuff slipped through the cracks. These turned out
to be non-fatal due to stack alignment roundups.
2002-11-17 23:46:45 +00:00
Robert Watson
433c28e012 Add LOGIN_SETMAC to the list of flags that can't be set without class
information, since we rely on the pwd entry to know what MAC labels
to set as part of the login process.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-11-12 22:30:01 +00:00
Sheldon Hearn
a4df5101a3 Use "deprecated" instead of "depreciated" where appropriate. 2002-10-30 07:49:11 +00:00
Dag-Erling Smørgrav
6dcfea0f37 Don't forget to '\n'-terminate new entries. This unbreaks chpass -a.
Submitted by:	joerg
2002-10-29 13:58:42 +00:00
Robert Watson
84333872d8 If LOGIN_SETMAC is set and MAC is enabled in the kernel, then see
if the user has a 'label' entry in their login class.  If so, attempt
to set that label on the process as part of the credential setup.  If
we're unable to parse the label, or unable to set the label, fail.
In the future, we may also want to warn if a label is set but the
kernel doesn't support MAC.

Approved by:	re
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-23 03:17:22 +00:00
Peter Wemm
224af215a6 Zap now-unused SHLIB_MINOR 2002-09-28 00:25:32 +00:00
Philippe Charnier
7fed38d0a0 Replace various spelling with FALLTHROUGH which is lint()able 2002-08-25 13:10:45 +00:00
Robert Watson
27a68d26ae Add LOGIN_SETMAC, which will indicate to the user context management code
that it should also set the user's default MAC label, if available and
permitted.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-16 02:14:21 +00:00
Robert Watson
909410cf5b Whitespace cleanup--it's not style(9), but it is consistent. Prep
for MAC-related commits to the login infrastructure.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-11 01:48:43 +00:00
Ruslan Ermilov
cc6638bd55 mdoc(7) police: spelling. 2002-08-09 12:08:47 +00:00
Andrey A. Chernov
cc1b8dcb1c Add additional field 'overwrite' to login_vars. It mainly needed to handle
"term" according to manpage, i.e. not overwrite it, if already present in
environment.
2002-06-28 14:45:30 +00:00
Maxim Sobolev
07a1fb30e3 Backout previous delta (addition of -I${.CURDIR}/../../sys).
Submitted by:	bde
2002-06-26 13:25:23 +00:00
Maxim Sobolev
af244dd67c Add -I${.CURDIR}/../../sys into CFLAGS, which should fix the world broken
by RLIMIT_VMEM addition.
2002-06-26 10:33:10 +00:00
Matthew Dillon
b5c7be5728 Add documentation for vmemoryuse 2002-06-26 03:58:31 +00:00
Matthew Dillon
67577126f9 Make libutil aware of vmemoryuse in its login.conf cap processing (aka
sshd, /usr/bin/login, etc)
2002-06-26 03:54:18 +00:00
Nick Hibma
074dccd545 Be more clear in error messages.
Distinguish between a held lock and a failed lock op.

If rpc.lockd is not running on a diskless client this makes clearer
what the problem is.
2002-06-23 19:23:46 +00:00
Hajimu UMEMOTO
82684fa6da Return HOSTNAME_INVALIDADDR when reverse lookup is fail.
Submitted by:	Sergey Zorin <sergey@cc.tpu.edu.ru>
2002-06-07 17:25:19 +00:00
Garrett Wollman
5685a7738f Add used include of <string.h>. 2002-05-30 19:38:07 +00:00
Dag-Erling Smørgrav
95ed2ab27f If no old_pw was passed to pw_copy, compare just the name.
Sponsored by:	DARPA, NAI Labs
2002-05-08 14:52:32 +00:00
Dag-Erling Smørgrav
e2ef54de51 Add passwd manipulation code based on parts of vipw and chpass.
Sponsored by:	DARPA, NAI Labs
2002-05-08 00:50:07 +00:00
Dag-Erling Smørgrav
c720dea0f2 login(3) doesn't care about the controlling terminal any more. 2002-04-20 12:24:20 +00:00
Dag-Erling Smørgrav
324e8fd88f Fix for the sshd(8) utmp problem. Previously, login(3) would ignore the tty
named by its argument and use ttyslot(3) instead to determine what slot to
use.  The problem is that sshd(8) calls pam_open_session(3) before forking
the child (as it should), at which point it does not have a controlling
terminal.  Also, ttyslot(3) is very crude as it assumes fd 0, 1 or 2 refers
to the controlling terminal, which is usually (but not always) the case.

Instead of using ttyslot(3) to determine the slot number, look up the
specified tty in /etc/ttys ourselves (this is what ttyslot(3) does anyway).

(perforce change 9969)

Sponsored by:	DARPA, NAI Labs
2002-04-20 12:23:04 +00:00
Dag-Erling Smørgrav
f9eaa746eb Make mppath and masterpasswd pointers instead of arrays, and initialize
them to point at static strings that contain the default paths.  This
makes 'vipw -d' work again (I broke it in rev 1.21; apologies for taking
so long to fix it.)

Spotted by:	Olivier Houchard <doginou@cognet.ci0.org>
Sponsored by:	DARPA, NAI Labs
2002-04-17 00:18:15 +00:00
Ceri Davies
8133673540 Add a missing cross-ref.
Approved by:	murray
MFC after:	1 week
2002-04-16 10:15:51 +00:00
Dag-Erling Smørgrav
1c9fd646f6 Remove bogus reference to _use_yp. 2002-04-15 15:50:59 +00:00
Ruslan Ermilov
b00ba4ccbb Const poisoning. 2002-04-08 11:04:56 +00:00
David E. O'Brien
1372519b15 Remove multi-line __P() usage. 2002-03-22 09:22:15 +00:00
David E. O'Brien
69160b1eb7 Remove __P() usage. 2002-03-21 23:54:04 +00:00
David E. O'Brien
be04b6d190 Remove 'register' keyword. 2002-03-21 23:39:28 +00:00
Dag-Erling Smørgrav
40e0f7deed Remove a bogus cast. 2002-03-06 15:24:51 +00:00
Dima Dorfman
246b0f8487 Correct a typo.
PR:		35273
Submitted by:	Nicola Vitale <nivit@libero.it>
2002-03-03 01:13:47 +00:00
Bruce Evans
3798cf8a70 #include <time.h> for the definition of time functions instead of
depending on namespace pollution 2 layers deep in <sys/stat.h>.

Sorted includes.
2002-02-25 12:02:03 +00:00
Bruce Evans
163ae6707c #include <stddef.h> for the definition of NULL instead of depending on
namespace pollution 2 layers deep in <sys/stat.h>.

Sorted includes.
2002-02-25 01:25:30 +00:00
Dag-Erling Smørgrav
93deb2ae12 ANSIfy and constify.
Sponsored by:	DARPA, NAI Labs
2002-02-05 06:49:11 +00:00
Robert Watson
5acb7446b0 o Reflect repo-copy of extattr.[c3] from libutil to libc, moving
extattr namespace routines to the libc/posix1e directory.  While
  the extattr calls are not strictly POSIX.1e, POSIX.1e wasn't
  strictly ever approved, so I think that's OK.

Obtained from:	TrustedBSD Project
2001-11-16 05:09:45 +00:00
Robert Watson
9d58ead2eb o Document 'nocheckmail' login capability. 2001-11-16 04:39:43 +00:00
Robert Watson
22524ffbb2 Although the 'bool' type is referenced in the list of capabilities, it
is not defined in the capability type list.  Provide a definition for
'bool', if a slightly less than elegant one.  Note that this definition
does not include the complete scope of available behavior defined
in cgetcap(3), and could probably be improved.
2001-11-16 02:40:09 +00:00
Yaroslav Tykhiy
dc72bf81a8 Fix the phrase about "both files", which must be left
from login(3). This page, logwtmp(3), speaks of only
one file -- wtmp(5).

MFC after:	1 week
2001-10-11 11:02:50 +00:00
Ruslan Ermilov
32eef9aeb1 mdoc(7) police: Use the new .In macro for #include statements. 2001-10-01 16:09:29 +00:00
Matthew Dillon
8719c58fef Add __FBSDID()s to libutil 2001-09-30 22:35:07 +00:00
Andrey A. Chernov
e36b245ca8 1) Back out ~/.login_conf disable
2) Pick only "me" class from ~/.login_conf as documented
2001-09-25 11:07:26 +00:00
Robert Watson
35105a5f91 Disable per-user .login_conf support due to incorrect merging of local
and globaly settings.  An alternative implementation will be developed.

Reported by:	Przemyslaw Frasunek <venglin@freebsd.lublin.pl>
2001-09-16 16:48:40 +00:00
Robert Watson
8df8b73f3c o Add a comment noting that the early setting of privileges for the purpose
of NFS home directory and root directory processing fails to include
  additional groups.  This doesn't impact the final credential, but does
  mean that users may be denied login even when additional groups might
  allow it.
2001-09-15 16:12:56 +00:00
Ruslan Ermilov
8af1452cf8 Removed duplicate VCS ID tags, as per style(9). 2001-08-13 14:06:34 +00:00
Ruslan Ermilov
57e4378bf6 mdoc(7) police: protect trailing full stops of abbreviations
with a trailing zero-width space: `e.g.\&'.
2001-08-10 13:45:36 +00:00
Hajimu UMEMOTO
27daeab3ec Simplify IPv4 mapped IPv6 address handling.
Reviewed by:	brian
MFC after:	5 days
2001-07-23 21:42:22 +00:00
Assar Westerlund
27e79ba285 remove emalloc,ecalloc,erealloc,estrdup 2001-07-23 12:42:07 +00:00
Assar Westerlund
c9a4f950b3 add ecalloc, emalloc, erealloc, estrdup - versions of the e-less
functions that exit instead of failing
2001-07-22 22:26:37 +00:00
Brian Somers
3ee63d3929 Hint getaddrinfo() correctly if we're looking up a name that we got from
an AF_INET6 address.

MFC after: 1 week
2001-07-21 00:18:54 +00:00
Dima Dorfman
7ebcc426ef Remove whitespace at EOL. 2001-07-15 07:53:42 +00:00
Ruslan Ermilov
a307d59838 mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 13:41:46 +00:00
Dima Dorfman
70d51341bf mdoc(7) police: remove extraneous .Pp before and/or after .Sh. 2001-07-09 09:54:33 +00:00
Brian Somers
7bc6d0158f Fix the type of the NULL arg to execl()
Idea from: Theo de Raadt <deraadt@openbsd.org>
2001-07-09 09:24:06 +00:00
Dima Dorfman
2b47b55f69 Add RETURN VALUES and ERRORS sections. 2001-06-25 01:25:01 +00:00
Dima Dorfman
444a2d61e8 Add a manual page for extattr_string_to_namespace and
extattr_namespace_to_string.

Reviewed by:	rwatson
2001-06-24 23:54:46 +00:00
Ruslan Ermilov
3ab9a9d0e0 Removed -I${.CURDIR}/.../sys from CFLAGS. 2001-05-18 13:41:42 +00:00
David E. O'Brien
708b042526 Sort. 2001-05-18 05:05:50 +00:00
David E. O'Brien
078ae588ab Add the "prompt" and "passwd_prompt" fields to /etc/login.conf,
which makes lgoin more like getty in its ability to be configured.

Submitted by:	tlambert (code only)
2001-05-18 04:55:16 +00:00
Dima Dorfman
3babad2e42 Don't pass NULL to the %s format.
Reviewed by:	kris
2001-04-22 03:00:09 +00:00
Ruslan Ermilov
eb0838029f mdoc(7) police: normalize .Nd. 2001-04-18 15:54:10 +00:00
Ruslan Ermilov
4a558355e5 MAN[1-9] -> MAN. 2001-03-27 17:27:19 +00:00
Robert Watson
4482ce0f57 o Slap some "_"'s in front of variable names relating to extattr functions,
so as not to pollute application namespace.

Submitted by:	bde
2001-03-22 04:05:40 +00:00
Robert Watson
d51048c93b o Rename "namespace" argument to "attrnamespace" as namespace is a C++
reserved word.

Submitted by:	jkh
Obtained from:	TrustedBSD Project
2001-03-19 05:05:41 +00:00
Robert Watson
270ad63e6b o Rename "namespace" argument to "attrnamespace" as namespace is a C++
reserved word, causing breakage when a C++ program included libutil.h
  This change will be propagated elsewhere shortly.

Submitted by:	jkh
Obtained from:	TrustedBSD Project
2001-03-19 05:04:30 +00:00
Brian Somers
a9c6c69f89 Fix some further style nits
Pointed out by: bde
2001-03-17 10:09:52 +00:00
Brian Somers
61a1695b80 Actually commit the new version of trimdomain *blush*
Thanks for covering my blunder to:	peter
2001-03-15 08:30:05 +00:00
Robert Watson
1bc2362e07 o To support new EA interface with explicit namespaces, introduce two
utility functions which convert between string namespace names and
  numeric constants used by the interface.  Right now, two namespaces
  are supported, EXTATTR_NAMESPACE_SYSTEM ("system") and
  EXTATTR_NAMESPACE_USER ("user").  These functions are used by
  various userland EA utilities, rather than hard coding the routines
  all over the place.

Obtained from:	TrustedBSD Project
2001-03-15 03:00:39 +00:00
Peter Wemm
60d410ce42 It would help if trimdomain.c was actually committed. This is a stopgap
world-unbreaker until Brian Somers commits the one he intended to.

Pointy Hat to: brian
2001-03-15 00:15:22 +00:00
Brian Somers
c61b512ccc Move trimdomain() into it's own source file and tidy things up a bit.
Fix disorder in the Makefile.

Reviewed (mostly) by: bde
2001-03-14 20:51:15 +00:00
Brian Somers
ec86eec797 MAXHOSTNAMELEN includes space for the NUL
Don't read past the end of the host passed to realhostname()

Not objected to by: freebsd-audit
Interface disliked by: imp
2001-03-14 20:50:52 +00:00
Mark Murray
82e377fd12 Updates for Blowfish password hashing. 2001-03-11 16:37:33 +00:00
Bill Fumerola
f6f1b6b676 In theory it would be perfectly legal for a system administrator to
# cd /dev && ./MAKEDEV pty0 pty3
and/or
# rm -rf /dev/ptyp0

and expect all programs that use openpty() to still try to find available ptys.
2001-03-10 10:39:52 +00:00
Jeroen Ruigrok van der Werven
9a01d32bfd Fix typo: seperate -> separate.
Seperate does not exist in the english language.

Submitted to look at by:	kris
2001-02-06 10:39:38 +00:00
Bruce Evans
3ffb2fd399 Fixed prototype of logout() (const poisoning). 2001-02-06 01:06:25 +00:00
Ruslan Ermilov
d0353b836e mdoc(7) police: split punctuation characters + misc fixes. 2001-02-01 16:38:02 +00:00
Brian Somers
f169f2f020 Call trimdomain properly for ip4 addresses.
PR:	24659
realhostname_sa() stuff submitted by: Jim.Pirzyk@disney.com
2001-01-28 21:51:25 +00:00