Ruslan Ermilov
e4a9274404
Add missing library dependencies.
2006-04-13 12:49:24 +00:00
Olivier Houchard
8f9370b050
Don't call audit_logout() if pwd is NULL, as audit_logout() attempts to
...
dereference it.
This will happen if we ^D at the Login: prompt without having provided a
valid login before.
Set pwd to NULL on bad login attempts to prevent audit_logout() from being
called for a user which didn't actually log on.
Reported by: Jerome Magnin jethro at docisland dot org
2006-03-28 15:30:42 +00:00
Ruslan Ermilov
e1fe3dba5c
Reimplementation of world/kernel build options. For details, see:
...
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html
The src.conf(5) manpage is to follow in a few days.
Brought to you by: imp, jhb, kris, phk, ru (all bugs are mine)
2006-03-17 18:54:44 +00:00
Yaroslav Tykhiy
ebf3356a26
Managing login.access is no longer a responsibility of login(1).
...
Therefore give a xref, not details.
MFC after: 3 days
2006-03-06 13:07:17 +00:00
Yaroslav Tykhiy
d072921b75
Remove the last reference to LOGIN_ACCESS from login(1).
...
MFC after: 3 days
2006-03-06 12:56:35 +00:00
Yaroslav Tykhiy
700c87c3db
login.access.5 and login_access.c are no longer used
...
in usr.bin/login because the login.access feature has
moved to PAM completely.
Their counterparts in lib/libpam/modules/pam_login_access
have been found to be in sync with, and even in better shape
than, login.access.5 and login_access.c here.
Therefore cvs rm login.access.5 and login_access.c from
usr.bin/login so that nobody will waste their time on fixing
or developing the files here.
MFC after: 3 days
2006-03-06 12:54:03 +00:00
Yaroslav Tykhiy
e65f3545ff
login(1) no longer handles /etc/login.access by itself,
...
it's PAM's job.
MFC after: 3 days
2006-03-06 12:38:42 +00:00
Yaroslav Tykhiy
08284aaa25
Since the whole login.access feature has moved to PAM,
...
login.access.5 will be installed from the respective PAM
module's src directory.
MFC after: 3 days
2006-03-06 12:31:25 +00:00
Wayne Salamon
a1c73d21bf
Make login audit-enabled, submitting audit records for the login and logout
...
events. The specifics of submitting the records is contained within
login_audit.c.
Document the auditing behavior in the man page.
Obtained from: TrustedBSD Project, Apple Computer, Inc.
Approved by: rwatson (mentor)
2006-02-04 20:20:02 +00:00
Maxim Konovalov
42dc3715bb
o Teach login(1) to respect "hushlogin" and "nocheckmail" attributes
...
defined in user's $HOME/.login_conf.
PR: bin/75001
Submitted by: Rostislav Krasny
MFC after: 2 weeks
2005-06-01 12:23:06 +00:00
Ruslan Ermilov
dee651eb15
Introduce the PRECIOUSPROG knob in bsd.prog.mk, similar
...
to PRECIOUSLIB from bsd.lib.mk. The side effect of this
is making installing the world under jail(8) possible by
using another knob, NOFSCHG.
Reviewed by: oliver
2004-11-03 18:01:21 +00:00
Christian Brueffer
b4ccfe1a27
Bump document date
...
Reminded by: simon in ru-mode
2004-10-16 00:13:38 +00:00
Christian Brueffer
a0d974b1e5
We use /etc/pam.d/login nowadays
2004-10-15 23:46:00 +00:00
Ruslan Ermilov
557b7fa148
Deal with double whitespace.
2004-07-03 00:24:45 +00:00
Ruslan Ermilov
6a3e8b0adc
Mechanically kill hard sentence breaks.
2004-07-02 22:22:35 +00:00
Ruslan Ermilov
839693c44f
Deal with unsafe tab characters.
2004-07-02 19:55:26 +00:00
Bruce Evans
77585df415
Fixed style bugs in previous commit (.ifndef instead of .if defined(),
...
and tab lossage).
Garbage-collected NEED_LIBNAMES.
2004-02-29 06:39:11 +00:00
Dag-Erling Smørgrav
76e4339aa7
I am a moron.
2004-02-27 19:00:41 +00:00
Dag-Erling Smørgrav
13ae56f84d
Re-add the setuid bit, conditional on NO_SETUID_LOGIN being undefined.
2004-02-27 17:50:59 +00:00
Dag-Erling Smørgrav
c9d0616d93
Cut through the bikeshed and remove login(1)'s setuid bit. It has no
...
business trying to impersonate su(1), and it does not need to be setuid
to function properly when invoked by getty(8) or telnetd(8).
2004-02-27 08:39:16 +00:00
Ruslan Ermilov
3826278409
GC (now unused here) -lcrypt.
2004-02-02 18:00:06 +00:00
Max Khon
71f4a30d59
Fix ~/.hushlogin handling.
...
PR: 61354
Submitted by: Eugeny Grosbein <eugen (at) kuzbass.ru>
2004-01-26 20:04:47 +00:00
Daniel Harris
d47b06fccf
Remove utmp references, no longer done by login(1) in 5.x.
...
PR: 54201
Submitted by: mdg <mdg@secureworks.net>
2003-07-08 13:01:28 +00:00
Robert Watson
a2ba8df6c4
When the tty chown() fails, report a chown() failure rather than a
...
chmod() failure.
2003-04-26 02:51:03 +00:00
Dag-Erling Smørgrav
5c4b7a56c6
The documented login.conf variable for setting the login prompt is
...
"login_prompt". This makes more sense than "prompt" which is what
login actually used, so change the code to match the documentation.
PR: docs/51396
MFC in: 3 days
2003-04-25 11:57:20 +00:00
Dag-Erling Smørgrav
d477c0ca56
Back out previous commit, I wasn't thinking clearly.
2003-02-15 23:20:04 +00:00
Dag-Erling Smørgrav
b9c5354345
Set PAM_RHOST to "localhost" if no remote host was specified. This allows
...
pam_opieaccess() to work as expected for local logins.
2003-02-15 23:16:41 +00:00
Dag-Erling Smørgrav
fea1e414df
Use waitpid() instead of wait() since we know the pid of the process we
...
are waiting for, and we don't want to reap the wrong process.
2003-02-08 16:11:20 +00:00
Dag-Erling Smørgrav
2517862ed9
Change the process title as soon as possible to mask information passed on
...
the command line by getty(8). This is not a perfect fix, but drastically
reduces the window of exposure.
Approved by: re (rwatson)
MFC after: 1 week
2002-12-04 15:00:10 +00:00
Philippe Charnier
e72bbdf42e
Do not reuse flag name in its definition. Remove inadequate sentence.
2002-10-16 15:17:38 +00:00
Poul-Henning Kamp
0845b8fa43
Be consistent about functions being static.
...
Spotted by: FlexeLint
2002-10-15 18:24:31 +00:00
Warner Losh
84bbb6cab3
When login tries to do the chmod/chflags on a read only file system,
...
it complains that it can't do it because the filesystem is readonly.
Assume that when the user has a readonly /dev that they don't care if
login can't change the permissions/flags. While this does break a few
things like msgs, we'll assume that the user setting up the read only
system knows what they are doing.
All this change does is to stop the complaint when the file system is
read only. It also adds comments as to why EROFS and EOPNOTSUPP are
ignored.
This allows one to have a read-only / w/o a /dev MFS and have a
relatively warning-free existence. /etc/rc still complains when it
can't chown/chflags/chmod things, but that's easy to ignore/tweak.
Reviewed by: roberto, phk
Sponsored by: Timing Solutions
2002-08-19 20:54:00 +00:00
David Malone
81b4504baa
Don't reuse a const char * when we really want a char *.
2002-07-28 16:17:38 +00:00
Andrey A. Chernov
55f0377c44
Simplify TERM handling since now libutil not overwrites existen TERM for "term"
2002-06-28 22:56:31 +00:00
Andrey A. Chernov
79a20d3b58
Overwrite "term" from login.conf(5) for any known TERM
2002-06-28 04:59:39 +00:00
Dag-Erling Smørgrav
c51edfb77d
Drive-by whitespace cleanup.
2002-05-28 06:46:37 +00:00
Dag-Erling Smørgrav
05da55ee50
Don't use PAM_SILENT unless hushlogin is set (perforce change 10123)
...
Sponsored by: DARPA, NAI Labs
2002-04-22 06:27:16 +00:00
Bruce Evans
85549fe96b
Fixed some style bugs ("From:" in vendor id line, disordered MAN line, and
...
blank lines).
Not unapproved of by: markm
2002-04-21 12:43:14 +00:00
Philippe Charnier
e8937ba009
Use `The .Nm utility'
2002-04-20 12:18:28 +00:00
Dag-Erling Smørgrav
b897c4dfe0
Remove unused #define.
2002-04-16 22:07:15 +00:00
Ruslan Ermilov
f2f306b622
Align for const poisoning in -lutil.
2002-04-08 11:07:51 +00:00
Warner Losh
f1bb2cd2aa
remove __P
2002-03-22 01:22:50 +00:00
Garance A Drosehn
3be0f8f038
Simple fix so the 'LOGIN FAILURE' message send to syslog will include
...
the correct userid, instead of random garbage. This bug does not
exist in -stable.
Reviewed by: freebsd-audit
2002-03-12 19:48:32 +00:00
Dag-Erling Smørgrav
519b6a4c8f
Switch to OpenPAM. Bump library version. Modules are now versioned, so
...
applications linked with Linux-PAM will still work.
Remove pam_get_pass(); OpenPAM has pam_get_authtok().
Remove pam_prompt(); OpenPAM has pam_{,v}{error,info,prompt}().
Remove pam_set_item(3) man page as OpenPAM has its own.
Sponsored by: DARPA, NAI Labs
2002-03-05 21:56:25 +00:00
Mark Murray
e35f9517d6
Remove NO_WERRORs and WARNS=n's. To be revisited after GCC3.
2002-02-08 23:07:37 +00:00
Dag-Erling Smørgrav
c60ed00a43
Still with asbestos longjohns on, completely PAMify login(1) and remove
...
code made redundant by various PAM modules (primarily pam_unix(8)).
Sponsored by: DARPA, NAI Labs
2002-01-30 19:10:21 +00:00
Dag-Erling Smørgrav
554b9a6e8e
Back out rev 1.78, which is incorrect now that the PAM modules have been
...
fixed to accept a NULL PAM_RHOST.
2002-01-29 23:27:54 +00:00
Dag-Erling Smørgrav
f2c44ccec8
When running on a local terminal, set PAM_RHOST to the local hostname.
...
Sponsored by: DARPA, NAI Labs
2002-01-21 16:19:38 +00:00
Andrey A. Chernov
07977587ab
Back out PAM_CRED_ERR addition
2002-01-19 18:06:05 +00:00
Andrey A. Chernov
3e4f7c7f99
Add PAM_CRED_ERR as valid failure case
2002-01-19 09:01:17 +00:00