Commit Graph

48 Commits

Author SHA1 Message Date
Ruslan Ermilov
dee651eb15 Introduce the PRECIOUSPROG knob in bsd.prog.mk, similar
to PRECIOUSLIB from bsd.lib.mk.  The side effect of this
is making installing the world under jail(8) possible by
using another knob, NOFSCHG.

Reviewed by:	oliver
2004-11-03 18:01:21 +00:00
Bruce Evans
77585df415 Fixed style bugs in previous commit (.ifndef instead of .if defined(),
and tab lossage).

Garbage-collected NEED_LIBNAMES.
2004-02-29 06:39:11 +00:00
Dag-Erling Smørgrav
76e4339aa7 I am a moron. 2004-02-27 19:00:41 +00:00
Dag-Erling Smørgrav
13ae56f84d Re-add the setuid bit, conditional on NO_SETUID_LOGIN being undefined. 2004-02-27 17:50:59 +00:00
Dag-Erling Smørgrav
c9d0616d93 Cut through the bikeshed and remove login(1)'s setuid bit. It has no
business trying to impersonate su(1), and it does not need to be setuid
to function properly when invoked by getty(8) or telnetd(8).
2004-02-27 08:39:16 +00:00
Ruslan Ermilov
3826278409 GC (now unused here) -lcrypt. 2004-02-02 18:00:06 +00:00
Bruce Evans
85549fe96b Fixed some style bugs ("From:" in vendor id line, disordered MAN line, and
blank lines).

Not unapproved of by:	markm
2002-04-21 12:43:14 +00:00
Mark Murray
e35f9517d6 Remove NO_WERRORs and WARNS=n's. To be revisited after GCC3. 2002-02-08 23:07:37 +00:00
Dag-Erling Smørgrav
c60ed00a43 Still with asbestos longjohns on, completely PAMify login(1) and remove
code made redundant by various PAM modules (primarily pam_unix(8)).

Sponsored by:	DARPA, NAI Labs
2002-01-30 19:10:21 +00:00
Bruce Evans
42f9157b63 Work around world breakage in previous commit. The bug is in
<security/pam_misc.h>.  It declares a function parameter named 'send',
so nothing that includes both <unistd.h> (which declares send(2)) and
<security/pam_misc.h> be compiled with WARNS=2 unless NO_WERRROR is
set.

Fixed order of WARNS.
2001-12-01 19:48:59 +00:00
Mark Murray
e317b97026 WARNS=2 fixes.
Reviewed by:	bde (a while back)
2001-12-01 17:46:46 +00:00
Ruslan Ermilov
cda2a9b2f0 Set BINOWN=root explicitly for setuid root binaries.
This is not "useless", as one may have non-default
setting for BINOWN in make.conf, and we still want
these to be installed setuid root in this case.
2001-09-13 06:48:18 +00:00
Mark Murray
142277ce04 Like su(1), make PAM use mandatory. Remove parts of the authentication
logic that are handled by PAM. Fix documentation to reflect this.
2001-08-30 11:27:36 +00:00
Mark Murray
31a651fa98 Clean out some cruft that has been put in a better (central) place. 2001-05-01 10:30:08 +00:00
Mark Murray
289ef82e3c Enable (optional) static linking. 2001-04-28 08:06:33 +00:00
Mark Murray
5bc9d93db3 Add full PAM support for account management and sessions.
The PAM_FAIL_CHECK and PAM_END macros in su.c came from the util-linux
package's PAM patches to the BSD login.c

Submitted by:	"David J. MacKenzie" <djm@web.us.uu.net>
2001-03-27 19:40:51 +00:00
Ruslan Ermilov
dc12be5258 MAN[1-9] -> MAN. 2001-03-27 10:52:19 +00:00
Peter Wemm
6e2578e4c4 Revert the libcrypt/libmd stuff back to how it was. This should not have
happened as it was working around problems elsewhere (ie: binutils/ld
not doing the right thing according to the ELF design).  libcrypt has
been adjusted to not need the runtime -lmd.  It's still not quite right
(ld is supposed to work damnit) but at least it doesn't impact all the
users of libcrypt in Marcel's cross-build model.
1999-12-18 13:55:17 +00:00
Marcel Moolenaar
7c99ddf2cc Add libmd (or move it after libcrypt). We don't want the linker to be
smart because it will definitely get it wrong. This popped up during
cross-linking.
1999-12-16 10:55:45 +00:00
Peter Wemm
c3aac50f28 $Id$ -> $FreeBSD$ 1999-08-28 01:08:13 +00:00
John Polstra
4a05a998b2 Force <bsd.libnames.mk> to be included, regardless of the object
format.  This fixes the undefined symbols when building login for
a.out.
1999-01-22 12:44:55 +00:00
John Polstra
e40131079f Allow login to be linked statically even when PAM is used, since
there is now a static version of libpam.
1999-01-20 21:58:46 +00:00
Andrzej Bialecki
11468b741a Add a compile knob to avoid using PAM code (login will use standard Unix
authentication only). This comes handy when you're tight on space.

Submitted by:	mostly John Baldwin <jobaldwi@vt.edu>
Reviewed by:	John D. Polstra <jdp@polstra.com>
1999-01-19 22:59:37 +00:00
John Polstra
cc4b11542b Work around the problem that login won't link if NOSHARED=yes,
because libpam is built shared only.  There is a way to build PAM
into a static library that contains all (or a selected subset) of
the modules.  But our Makefiles don't support that yet.  Until I get
that working, just force NOSHARED=no in login's Makefile.  Of
course, it still won't work if NOPIC is set.

Submitted by:	bde
1998-11-21 18:27:15 +00:00
John Polstra
e83348169b ATTENTION: INSTALL "/etc/pam.conf" FROM "src/etc"!!!
Change login to use PAM for authentication.  I kept the built-in
passwd/NIS authentication support, to handle cases where the system
is missing its "/etc/pam.conf" file.  S/Key and KerberosIV
authentication methods are removed from the login program, but
still available in PAM modules.
1998-11-21 02:22:14 +00:00
John Polstra
6717b4a8dd unifdef -DLOGIN_CAP. After almost 2 years, I think we can assume
it's here to stay.

This code is starting to look almost reasonable again.
1998-11-11 05:47:45 +00:00
John Polstra
8e32ad3bde Remove support for LOGIN_CAP_AUTH. It was never enabled, it was
not complete, and it hasn't been touched for 18 months.  All the
ifdefs obfuscate the code.  I discussed the LOGIN_CAP_AUTH support
with its author and he agreed that it is a dead end.  I am bringing
PAM into the tree within the next two weeks.  It is much more
flexible than LOGIN_CAP_AUTH, and will serve as a superior replacement
for it.
1998-11-11 02:16:01 +00:00
David E. O'Brien
be0cde6f10 Remove useless `BINOWN=root' now that it is the default. 1998-09-19 22:42:06 +00:00
Mark Murray
448bbb5805 Fix LIBDIR (for aout/ELF). 1998-08-06 21:41:13 +00:00
Mark Murray
7f80a02080 Changes for KTH KerberosIV.
Also quieten -Wall a bit.
1997-09-28 08:57:24 +00:00
Nate Williams
b82359df88 "lmd" -> "-lmd"
Submitted by:	Vincent Poy <vince@venus.gaianet.net>
1997-09-05 18:15:29 +00:00
Peter Wemm
10da1efd82 If building elf, don't link in libmd.a just for libskey.so to use. Under
elf, libskey.so will not expose it's implementation on it's caller.
1997-09-05 12:00:01 +00:00
Peter Wemm
c115df18cd Revert $FreeBSD$ to $Id$ 1997-02-22 19:58:13 +00:00
Jordan K. Hubbard
1130b656e5 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
David Nugent
6acc486b3f Makes login login_cap-savvy.
Note that LOGIN_CAP_AUTH code (login authentication) is not (yet) enabled
and requires /usr/libexec/login_<style> authentication program support to
be added at a later date. The Makefile contains a macro LC_AUTH to turn
it on and prevent unnecessarily linking against skey/krb libs and the
addition of klogin.c module.

All other aspects of login_cap support are fully functional.
1997-01-11 07:16:35 +00:00
Rodney W. Grimes
7799f52a32 Remove trailing whitespace. 1995-05-30 06:41:30 +00:00
Nate Williams
c36c788214 Change the library order so libcrypt is the last library in the list.
libskey contains references to _crypt and can't resolve it unless
-lcrypt occurs after it in the link command.  This only occurs when
linking statically.
1995-03-18 17:18:15 +00:00
Garrett Wollman
758f3a64bd Modify klogin to:
1) Don't spit out an error message if Kerberos is installed but not yet
   set up.

2) Don't attempt to verify the ticket you got back, as workstations
   are not intended to have srvtab files of their own.

Both behaviors can be re-enabled with KLOGIN_PARANOID.
1995-01-14 22:57:41 +00:00
Garrett Wollman
a38c3127e1 Add distribution=krb for P-HK 1994-11-20 23:23:28 +00:00
Paul Traina
2ddadf840c Include most of the logdaemon v4.4 S/key changes 1994-10-19 00:03:45 +00:00
Geoff Rehmet
3c6459e594 Undo damage done between revisions 1.6 and 1.7
(Guys, please don't DAMAGE commits that have just gone in.)
1994-09-30 13:26:15 +00:00
Paul Traina
c9bdc15213 Install support for skey and login.access 1994-09-29 18:59:15 +00:00
Geoff Rehmet
c368d11dd2 First level of changes for bringing in eBones (kerberos).
- Get rid of inverse logic (NOKERBEROS and NOEBONES) in src/makefile,
and replace with MAKE_KERBEROS and MAKE_EBONES.  (Far fewer contortions,
and both default to off.)  IF YOU WANT KERBEROS, YOU HAVE TO EXPLICITLY
DEFINE ONE OF THESE.
- Make Makefiles kerberos-aware.
1994-09-29 13:06:54 +00:00
Guido van Rooij
f88fe8675b Implemnet fbtab ala SunOS (thanks to WZV, see login_fbtab.c)
Reviewed by:
Submitted by:	guido
1994-08-22 19:56:14 +00:00
Guido van Rooij
7c4c6e58ba Add skey supprot
Reviewed by:
Submitted by:	guido
1994-08-21 19:26:22 +00:00
Geoff Rehmet
4714bb15be LDADD= -lcrypt
Submitted by:	Geoff
1994-08-20 21:19:46 +00:00
Garrett Wollman
b4e99cd8d6 Don't compile with kerberos yet, we aren't ready. 1994-08-05 20:32:22 +00:00
Rodney W. Grimes
9b50d90275 BSD 4.4 Lite Usr.bin Sources 1994-05-27 12:33:43 +00:00