Commit Graph

197 Commits

Author SHA1 Message Date
Doug Rabson
ba675b4176 Call pam_setcred() before login_getpwclass to support home directories
on GSS-API authenticated NFS where the kerberos credentials need to be
saved so that the kernel can authenticate to the NFS server.
2011-05-03 10:18:27 +00:00
Joel Dahl
da52b4caaf Remove the advertising clause from UCB copyrighted files in usr.bin. This
is in accordance with the information provided at
ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change

Also add $FreeBSD$ to a few files to keep svn happy.

Discussed with:	imp, rwatson
2010-12-11 08:32:16 +00:00
Ed Schouten
587250b286 Get rid of hand-rolled closefrom(3). 2010-10-20 19:53:29 +00:00
Ed Maste
905571c031 Remove copyright strings printed at login time via login(1) or sshd(8).
It is not clear to what this copyright should apply, and this is in line
with what other operating systems do.

For ssh specifically, printing of the copyright string is not in the
upstream version so this reduces our FreeBSD-local diffs.

Approved by:	core, des (ssh)
2010-09-28 20:57:14 +00:00
Ed Schouten
b7946da96b Build usr.bin/ with WARNS=6 by default.
Also add some missing $FreeBSD$ to keep svn happy.
2010-01-02 10:27:05 +00:00
Ed Schouten
ef636796f6 ANSIfy various tools in usr.bin/.
Most of these tools properly build at WARNS=6, except for their K&R
function declarations. Fix this, so we can bump WARNS as well.
2010-01-02 10:09:20 +00:00
Xin LI
821df508e8 Revert most part of 200420 as requested, as more review and polish is
needed.
2009-12-13 03:14:06 +00:00
Xin LI
6f2d322192 Remove unneeded header includes from usr.bin/ except contributed code.
Tested with:	make universe
2009-12-11 23:35:38 +00:00
Robert Watson
781202d7fd Pass int arguments to auditon(2)'s A_GETCOND API rather than long
arguments.  This change should be MFC'd with OpenBSM 1.1 since they
are interdependent.

MFC after:	2 weeks
Obtained from:	TrustedBSD Project
Sponsored by:	Apple, Inc.
2009-04-19 23:34:22 +00:00
Ed Schouten
95e7b94a05 Don't strip TTY device name to the last '/'.
We've seen this bug in other applications before: we have some
applications that use strrchr(tty, '/') on the TTY device name. This
isn't valid when using pts(4), because the device name will be stripped
to "0" instead of "pts/0".

This fixes issues with login(1) ignoring /etc/ttys and missing utmp
records.

Reported by:	Barney Cordoba <barney_cordoba yahoo com>
Reviewed by:	rwatson
2009-03-27 19:13:36 +00:00
Philip Paeps
db3dfd0efa Add a cross-reference to newgrp(1).
Every time I need newgrp, I forget its name but I remember it's like
login for groups - newgrp(1) already cross-references login(1).

MFC after:	2 days
2007-11-30 11:02:36 +00:00
Kevin Lo
8bcd62f2ff Use NULL instead of 0 for the return value of fopen().
Approved by: re (kensmith)
2007-09-21 01:55:11 +00:00
Sean Farley
2966d28c32 Significantly reduce the memory leak as noted in BUGS section for
setenv(3) by tracking the size of the memory allocated instead of using
strlen() on the current value.

Convert all calls to POSIX from historic BSD API:
 - unsetenv returns an int.
 - putenv takes a char * instead of const char *.
 - putenv no longer makes a copy of the input string.
 - errno is set appropriately for POSIX.  Exceptions involve bad environ
   variable and internal initialization code.  These both set errno to
   EFAULT.

Several patches to base utilities to handle the POSIX changes from
Andrey Chernov's previous commit.  A few I re-wrote to use setenv()
instead of putenv().

New regression module for tools/regression/environ to test these
functions.  It also can be used to test the performance.

Bump __FreeBSD_version to 700050 due to API change.

PR:		kern/99826
Approved by:	wes
Approved by:	re (kensmith)
2007-07-04 00:00:41 +00:00
David Malone
bc7e443092 Fix some warnings by making things const, adding missing headers,
removing some unused variables and making a variable unsigned.

MFC after:	3 weeks
2007-05-07 11:01:36 +00:00
Andrey A. Chernov
ba174a5e38 Back out all POSIXified *env() changes.
Not because I admit they are technically wrong and not because of bug
reports (I receive nothing). But because I surprisingly meets so
strong opposition and resistance so lost any desire to continue that.

Anyone who interested in POSIX can dig out what changes and how
through cvs diffs.
2007-05-01 16:02:44 +00:00
Andrey A. Chernov
8673ed1565 Slightly tune previous fix: free memory if !export 2007-04-30 12:54:02 +00:00
Andrey A. Chernov
2efaac818f Prepare for upcoming POSIXed putenv() rewrite:
don't free memory after putenv()
2007-04-30 12:44:04 +00:00
Christian S.J. Peron
0c59c145ed Teach login(1) about the make.conf NO_AUDIT variable. This allows us to
conditionally build in audit support.

Submitted by:	bz
MFC after:	1 week
2006-12-13 06:13:32 +00:00
Ruslan Ermilov
cb29445a92 Markup fixes. 2006-09-29 15:20:48 +00:00
Joel Dahl
3e1f331553 Remove references to the pam(8) manual page. It does not exist.
Requested by:	novel
Discussed with:	brueffer, simon
2006-09-13 17:46:20 +00:00
Ruslan Ermilov
e4a9274404 Add missing library dependencies. 2006-04-13 12:49:24 +00:00
Olivier Houchard
8f9370b050 Don't call audit_logout() if pwd is NULL, as audit_logout() attempts to
dereference it.
This will happen if we ^D at the Login: prompt without having provided a
valid login before.
Set pwd to NULL on bad login attempts to prevent audit_logout() from being
called for a user which didn't actually log on.

Reported by:    Jerome Magnin jethro at docisland dot org
2006-03-28 15:30:42 +00:00
Ruslan Ermilov
e1fe3dba5c Reimplementation of world/kernel build options. For details, see:
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html

The src.conf(5) manpage is to follow in a few days.

Brought to you by:	imp, jhb, kris, phk, ru (all bugs are mine)
2006-03-17 18:54:44 +00:00
Yaroslav Tykhiy
ebf3356a26 Managing login.access is no longer a responsibility of login(1).
Therefore give a xref, not details.

MFC after:	3 days
2006-03-06 13:07:17 +00:00
Yaroslav Tykhiy
d072921b75 Remove the last reference to LOGIN_ACCESS from login(1).
MFC after:	3 days
2006-03-06 12:56:35 +00:00
Yaroslav Tykhiy
700c87c3db login.access.5 and login_access.c are no longer used
in usr.bin/login because the login.access feature has
moved to PAM completely.

Their counterparts in lib/libpam/modules/pam_login_access
have been found to be in sync with, and even in better shape
than, login.access.5 and login_access.c here.

Therefore cvs rm login.access.5 and login_access.c from
usr.bin/login so that nobody will waste their time on fixing
or developing the files here.

MFC after:	3 days
2006-03-06 12:54:03 +00:00
Yaroslav Tykhiy
e65f3545ff login(1) no longer handles /etc/login.access by itself,
it's PAM's job.

MFC after:	3 days
2006-03-06 12:38:42 +00:00
Yaroslav Tykhiy
08284aaa25 Since the whole login.access feature has moved to PAM,
login.access.5 will be installed from the respective PAM
module's src directory.

MFC after:	3 days
2006-03-06 12:31:25 +00:00
Wayne Salamon
a1c73d21bf Make login audit-enabled, submitting audit records for the login and logout
events. The specifics of submitting the records is contained within
login_audit.c.
Document the auditing behavior in the man page.

Obtained from: TrustedBSD Project, Apple Computer, Inc.
Approved by: rwatson (mentor)
2006-02-04 20:20:02 +00:00
Maxim Konovalov
42dc3715bb o Teach login(1) to respect "hushlogin" and "nocheckmail" attributes
defined in user's $HOME/.login_conf.

PR:		bin/75001
Submitted by:	Rostislav Krasny
MFC after:	2 weeks
2005-06-01 12:23:06 +00:00
Ruslan Ermilov
dee651eb15 Introduce the PRECIOUSPROG knob in bsd.prog.mk, similar
to PRECIOUSLIB from bsd.lib.mk.  The side effect of this
is making installing the world under jail(8) possible by
using another knob, NOFSCHG.

Reviewed by:	oliver
2004-11-03 18:01:21 +00:00
Christian Brueffer
b4ccfe1a27 Bump document date
Reminded by:	simon in ru-mode
2004-10-16 00:13:38 +00:00
Christian Brueffer
a0d974b1e5 We use /etc/pam.d/login nowadays 2004-10-15 23:46:00 +00:00
Ruslan Ermilov
557b7fa148 Deal with double whitespace. 2004-07-03 00:24:45 +00:00
Ruslan Ermilov
6a3e8b0adc Mechanically kill hard sentence breaks. 2004-07-02 22:22:35 +00:00
Ruslan Ermilov
839693c44f Deal with unsafe tab characters. 2004-07-02 19:55:26 +00:00
Bruce Evans
77585df415 Fixed style bugs in previous commit (.ifndef instead of .if defined(),
and tab lossage).

Garbage-collected NEED_LIBNAMES.
2004-02-29 06:39:11 +00:00
Dag-Erling Smørgrav
76e4339aa7 I am a moron. 2004-02-27 19:00:41 +00:00
Dag-Erling Smørgrav
13ae56f84d Re-add the setuid bit, conditional on NO_SETUID_LOGIN being undefined. 2004-02-27 17:50:59 +00:00
Dag-Erling Smørgrav
c9d0616d93 Cut through the bikeshed and remove login(1)'s setuid bit. It has no
business trying to impersonate su(1), and it does not need to be setuid
to function properly when invoked by getty(8) or telnetd(8).
2004-02-27 08:39:16 +00:00
Ruslan Ermilov
3826278409 GC (now unused here) -lcrypt. 2004-02-02 18:00:06 +00:00
Max Khon
71f4a30d59 Fix ~/.hushlogin handling.
PR:		61354
Submitted by:	Eugeny Grosbein <eugen (at) kuzbass.ru>
2004-01-26 20:04:47 +00:00
Daniel Harris
d47b06fccf Remove utmp references, no longer done by login(1) in 5.x.
PR:		54201
Submitted by:	mdg <mdg@secureworks.net>
2003-07-08 13:01:28 +00:00
Robert Watson
a2ba8df6c4 When the tty chown() fails, report a chown() failure rather than a
chmod() failure.
2003-04-26 02:51:03 +00:00
Dag-Erling Smørgrav
5c4b7a56c6 The documented login.conf variable for setting the login prompt is
"login_prompt".  This makes more sense than "prompt" which is what
login actually used, so change the code to match the documentation.

PR:		docs/51396
MFC in:		3 days
2003-04-25 11:57:20 +00:00
Dag-Erling Smørgrav
d477c0ca56 Back out previous commit, I wasn't thinking clearly. 2003-02-15 23:20:04 +00:00
Dag-Erling Smørgrav
b9c5354345 Set PAM_RHOST to "localhost" if no remote host was specified. This allows
pam_opieaccess() to work as expected for local logins.
2003-02-15 23:16:41 +00:00
Dag-Erling Smørgrav
fea1e414df Use waitpid() instead of wait() since we know the pid of the process we
are waiting for, and we don't want to reap the wrong process.
2003-02-08 16:11:20 +00:00
Dag-Erling Smørgrav
2517862ed9 Change the process title as soon as possible to mask information passed on
the command line by getty(8).  This is not a perfect fix, but drastically
reduces the window of exposure.

Approved by:	re (rwatson)
MFC after:	1 week
2002-12-04 15:00:10 +00:00
Philippe Charnier
e72bbdf42e Do not reuse flag name in its definition. Remove inadequate sentence. 2002-10-16 15:17:38 +00:00