Commit Graph

99 Commits

Author SHA1 Message Date
Maxim Konovalov
42dc3715bb o Teach login(1) to respect "hushlogin" and "nocheckmail" attributes
defined in user's $HOME/.login_conf.

PR:		bin/75001
Submitted by:	Rostislav Krasny
MFC after:	2 weeks
2005-06-01 12:23:06 +00:00
Max Khon
71f4a30d59 Fix ~/.hushlogin handling.
PR:		61354
Submitted by:	Eugeny Grosbein <eugen (at) kuzbass.ru>
2004-01-26 20:04:47 +00:00
Robert Watson
a2ba8df6c4 When the tty chown() fails, report a chown() failure rather than a
chmod() failure.
2003-04-26 02:51:03 +00:00
Dag-Erling Smørgrav
5c4b7a56c6 The documented login.conf variable for setting the login prompt is
"login_prompt".  This makes more sense than "prompt" which is what
login actually used, so change the code to match the documentation.

PR:		docs/51396
MFC in:		3 days
2003-04-25 11:57:20 +00:00
Dag-Erling Smørgrav
d477c0ca56 Back out previous commit, I wasn't thinking clearly. 2003-02-15 23:20:04 +00:00
Dag-Erling Smørgrav
b9c5354345 Set PAM_RHOST to "localhost" if no remote host was specified. This allows
pam_opieaccess() to work as expected for local logins.
2003-02-15 23:16:41 +00:00
Dag-Erling Smørgrav
fea1e414df Use waitpid() instead of wait() since we know the pid of the process we
are waiting for, and we don't want to reap the wrong process.
2003-02-08 16:11:20 +00:00
Dag-Erling Smørgrav
2517862ed9 Change the process title as soon as possible to mask information passed on
the command line by getty(8).  This is not a perfect fix, but drastically
reduces the window of exposure.

Approved by:	re (rwatson)
MFC after:	1 week
2002-12-04 15:00:10 +00:00
Poul-Henning Kamp
0845b8fa43 Be consistent about functions being static.
Spotted by:	FlexeLint
2002-10-15 18:24:31 +00:00
Warner Losh
84bbb6cab3 When login tries to do the chmod/chflags on a read only file system,
it complains that it can't do it because the filesystem is readonly.
Assume that when the user has a readonly /dev that they don't care if
login can't change the permissions/flags.  While this does break a few
things like msgs, we'll assume that the user setting up the read only
system knows what they are doing.

All this change does is to stop the complaint when the file system is
read only.  It also adds comments as to why EROFS and EOPNOTSUPP are
ignored.

This allows one to have a read-only / w/o a /dev MFS and have a
relatively warning-free existence.  /etc/rc still complains when it
can't chown/chflags/chmod things, but that's easy to ignore/tweak.

Reviewed by: roberto, phk
Sponsored by: Timing Solutions
2002-08-19 20:54:00 +00:00
David Malone
81b4504baa Don't reuse a const char * when we really want a char *. 2002-07-28 16:17:38 +00:00
Andrey A. Chernov
55f0377c44 Simplify TERM handling since now libutil not overwrites existen TERM for "term" 2002-06-28 22:56:31 +00:00
Andrey A. Chernov
79a20d3b58 Overwrite "term" from login.conf(5) for any known TERM 2002-06-28 04:59:39 +00:00
Dag-Erling Smørgrav
c51edfb77d Drive-by whitespace cleanup. 2002-05-28 06:46:37 +00:00
Dag-Erling Smørgrav
05da55ee50 Don't use PAM_SILENT unless hushlogin is set (perforce change 10123)
Sponsored by:	DARPA, NAI Labs
2002-04-22 06:27:16 +00:00
Dag-Erling Smørgrav
b897c4dfe0 Remove unused #define. 2002-04-16 22:07:15 +00:00
Ruslan Ermilov
f2f306b622 Align for const poisoning in -lutil. 2002-04-08 11:07:51 +00:00
Garance A Drosehn
3be0f8f038 Simple fix so the 'LOGIN FAILURE' message send to syslog will include
the correct userid, instead of random garbage.  This bug does not
exist in -stable.

Reviewed by:	freebsd-audit
2002-03-12 19:48:32 +00:00
Dag-Erling Smørgrav
519b6a4c8f Switch to OpenPAM. Bump library version. Modules are now versioned, so
applications linked with Linux-PAM will still work.
Remove pam_get_pass(); OpenPAM has pam_get_authtok().
Remove pam_prompt(); OpenPAM has pam_{,v}{error,info,prompt}().
Remove pam_set_item(3) man page as OpenPAM has its own.

Sponsored by:	DARPA, NAI Labs
2002-03-05 21:56:25 +00:00
Dag-Erling Smørgrav
c60ed00a43 Still with asbestos longjohns on, completely PAMify login(1) and remove
code made redundant by various PAM modules (primarily pam_unix(8)).

Sponsored by:	DARPA, NAI Labs
2002-01-30 19:10:21 +00:00
Dag-Erling Smørgrav
554b9a6e8e Back out rev 1.78, which is incorrect now that the PAM modules have been
fixed to accept a NULL PAM_RHOST.
2002-01-29 23:27:54 +00:00
Dag-Erling Smørgrav
f2c44ccec8 When running on a local terminal, set PAM_RHOST to the local hostname.
Sponsored by:	DARPA, NAI Labs
2002-01-21 16:19:38 +00:00
Andrey A. Chernov
07977587ab Back out PAM_CRED_ERR addition 2002-01-19 18:06:05 +00:00
Andrey A. Chernov
3e4f7c7f99 Add PAM_CRED_ERR as valid failure case 2002-01-19 09:01:17 +00:00
David Malone
9f5b04e925 Style improvements recommended by Bruce as a follow up to some
of the recent WARNS commits. The idea is:

1) FreeBSD id tags should follow vendor tags.
2) Vendor tags should not be compiled (though copyrights probably should).
3) There should be no blank line between including cdefs and __FBSDIF.
2001-12-10 21:13:08 +00:00
Mark Murray
1a8b24c257 Use __FBSDID(). Also do a bit of cosmetic #if and header-order
cleaning-up.
2001-12-02 20:54:57 +00:00
Mark Murray
a9648779a5 Sort includes. 2001-12-02 00:06:22 +00:00
Mark Murray
d2f6cd8fd5 Style fixups.
Sort function declarations, includes. Make consistent WRT use of _P()
macro (ugh!)

Inspired by:	bde
2001-12-01 21:12:04 +00:00
Mark Murray
e317b97026 WARNS=2 fixes.
Reviewed by:	bde (a while back)
2001-12-01 17:46:46 +00:00
Robert Watson
0e80e8b216 o Add support for a 'nocheckmail' capability, which (if true) prevents
the 'You have mail.' check.  This is useful for sites that rely on
  remote mail access, rather than a local mail spool.  Due to the
  behavior of login_getcapbool(), the negated form is required so as
  to have appropriate results.
o This behavior may have to be independently added to sshd due to
  redundant implementation.
2001-11-16 04:39:16 +00:00
Robert Watson
2c19b38f62 o Modify NFS rights comment to note that the early credential changes
to test for a home directory don't set up the additional groups, and
  as such may limit users conservatively.  This does not affect the
  eventual credentials selected.
2001-09-15 17:09:39 +00:00
Mark Murray
142277ce04 Like su(1), make PAM use mandatory. Remove parts of the authentication
logic that are handled by PAM. Fix documentation to reflect this.
2001-08-30 11:27:36 +00:00
Mike Barcroft
ede8b1c50a Fix some bogus strncpy(3) to strlcpy(3) changes I made in the previous
revision.  <utmp.h> structures don't leave room for a NUL character.
Also fix "UNKNOWN" which should have just been UNKNOWN.

Pointed out by:	bde
2001-08-13 05:56:27 +00:00
Mike Barcroft
9ab4f41231 o Replace occurrences of strncpy(3) with strlcpy(3); most of
the uses of it were wrong anyway.
o Always check for NULL returns on strdup(3).
o Fix a possible buffer overflow in strcpy(3).
o Fix a format string vulnerability.
o t->ty_type in stypeof() could be NULL and eventually cause
  a segmentation fault in setenv(3), so check for that.

Eyeballed by:	kris
Reviewed by:	murray
MFC after:	3 days
2001-08-12 17:54:49 +00:00
Mark Murray
9567ba9dda Fix the environment handling:
However, there's still a bug in login.c
because you copy the environment *before* the call to pam_open_session,
which won't set the necessary variables set by /usr/ports/security/pam_ssh.

Submitted by:	Volker Stolz <stolz@hyperion.informatik.rwth-aachen.de>
2001-07-28 19:53:10 +00:00
Brian Somers
7bc6d0158f Fix the type of the NULL arg to execl()
Idea from: Theo de Raadt <deraadt@openbsd.org>
2001-07-09 09:24:06 +00:00
Eric Melville
a37b5e8e4c Remove an accidentaly added extra blank line.
Approved by:	murray
2001-05-22 06:20:27 +00:00
Guido van Rooij
5345e89b9d Disable SIGHUP while getting the login name.
Reviewed by:	security-officer
2001-05-21 20:19:59 +00:00
David E. O'Brien
5de20e57b2 Missed a few things. 2001-05-18 05:46:40 +00:00
David E. O'Brien
91a72a92d6 In a word -- style(9). 2001-05-18 05:33:42 +00:00
David E. O'Brien
078ae588ab Add the "prompt" and "passwd_prompt" fields to /etc/login.conf,
which makes lgoin more like getty in its ability to be configured.

Submitted by:	tlambert (code only)
2001-05-18 04:55:16 +00:00
Eric Melville
40c65ba9c7 Check for the expiration of an account and its password in the proper
order.

Reviewed by:	-audit (silence)
Approved by:	murray
Obtained from:	OpenBSD
MFC after:	5 days
2001-05-17 03:10:04 +00:00
Mark Murray
5bc9d93db3 Add full PAM support for account management and sessions.
The PAM_FAIL_CHECK and PAM_END macros in su.c came from the util-linux
package's PAM patches to the BSD login.c

Submitted by:	"David J. MacKenzie" <djm@web.us.uu.net>
2001-03-27 19:40:51 +00:00
Jacques Vidrine
17ada68462 Fix login so that it exports environmental variables that are set by PAM
modules (via pam_putenv).  The following variables will never be set in
this fashion:

   SHELL, HOME, LOGNAME, MAIL, CDPATH, IFS, PATH
   any variable starting with `LD_'
2001-02-09 13:21:50 +00:00
Jacques Vidrine
8ad2668439 Call pam_setcred.
Reviewed by:	markm, months ago
2001-01-23 21:43:32 +00:00
Sheldon Hearn
69f2cf17a3 Add braces to avoid ambiguity in a nested conditional (silences a gcc
warning).
2000-04-26 10:38:19 +00:00
Sheldon Hearn
508d9a5b59 Fix excessive use of parenthesis in previous commit.
Requested by:	bde
2000-04-25 08:59:51 +00:00
Sheldon Hearn
1806a85c5a Do not issue a warning when chflags() fails with EOPNOTSUPP.
PR:		17875
Submitted by:	Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE>
2000-04-13 09:39:29 +00:00
Andrey A. Chernov
5403e5e3f3 Fix diagnostic printing test condition (was always true)
Approved by:	jkh
2000-02-28 01:48:50 +00:00
Yoshinobu Inoue
6d939e82e0 Added IPv6 name resolving support for utmp logging.
Approved by: jkh
2000-02-19 15:57:52 +00:00