Commit Graph

137 Commits

Author SHA1 Message Date
Ruslan Ermilov
f2f306b622 Align for const poisoning in -lutil. 2002-04-08 11:07:51 +00:00
Warner Losh
f1bb2cd2aa remove __P 2002-03-22 01:22:50 +00:00
Garance A Drosehn
3be0f8f038 Simple fix so the 'LOGIN FAILURE' message send to syslog will include
the correct userid, instead of random garbage.  This bug does not
exist in -stable.

Reviewed by:	freebsd-audit
2002-03-12 19:48:32 +00:00
Dag-Erling Smørgrav
519b6a4c8f Switch to OpenPAM. Bump library version. Modules are now versioned, so
applications linked with Linux-PAM will still work.
Remove pam_get_pass(); OpenPAM has pam_get_authtok().
Remove pam_prompt(); OpenPAM has pam_{,v}{error,info,prompt}().
Remove pam_set_item(3) man page as OpenPAM has its own.

Sponsored by:	DARPA, NAI Labs
2002-03-05 21:56:25 +00:00
Mark Murray
e35f9517d6 Remove NO_WERRORs and WARNS=n's. To be revisited after GCC3. 2002-02-08 23:07:37 +00:00
Dag-Erling Smørgrav
c60ed00a43 Still with asbestos longjohns on, completely PAMify login(1) and remove
code made redundant by various PAM modules (primarily pam_unix(8)).

Sponsored by:	DARPA, NAI Labs
2002-01-30 19:10:21 +00:00
Dag-Erling Smørgrav
554b9a6e8e Back out rev 1.78, which is incorrect now that the PAM modules have been
fixed to accept a NULL PAM_RHOST.
2002-01-29 23:27:54 +00:00
Dag-Erling Smørgrav
f2c44ccec8 When running on a local terminal, set PAM_RHOST to the local hostname.
Sponsored by:	DARPA, NAI Labs
2002-01-21 16:19:38 +00:00
Andrey A. Chernov
07977587ab Back out PAM_CRED_ERR addition 2002-01-19 18:06:05 +00:00
Andrey A. Chernov
3e4f7c7f99 Add PAM_CRED_ERR as valid failure case 2002-01-19 09:01:17 +00:00
David Malone
9f5b04e925 Style improvements recommended by Bruce as a follow up to some
of the recent WARNS commits. The idea is:

1) FreeBSD id tags should follow vendor tags.
2) Vendor tags should not be compiled (though copyrights probably should).
3) There should be no blank line between including cdefs and __FBSDIF.
2001-12-10 21:13:08 +00:00
Mark Murray
1a8b24c257 Use __FBSDID(). Also do a bit of cosmetic #if and header-order
cleaning-up.
2001-12-02 20:54:57 +00:00
Mark Murray
a9648779a5 Sort includes. 2001-12-02 00:06:22 +00:00
Mark Murray
d2f6cd8fd5 Style fixups.
Sort function declarations, includes. Make consistent WRT use of _P()
macro (ugh!)

Inspired by:	bde
2001-12-01 21:12:04 +00:00
Bruce Evans
42f9157b63 Work around world breakage in previous commit. The bug is in
<security/pam_misc.h>.  It declares a function parameter named 'send',
so nothing that includes both <unistd.h> (which declares send(2)) and
<security/pam_misc.h> be compiled with WARNS=2 unless NO_WERRROR is
set.

Fixed order of WARNS.
2001-12-01 19:48:59 +00:00
Mark Murray
e317b97026 WARNS=2 fixes.
Reviewed by:	bde (a while back)
2001-12-01 17:46:46 +00:00
Robert Watson
0e80e8b216 o Add support for a 'nocheckmail' capability, which (if true) prevents
the 'You have mail.' check.  This is useful for sites that rely on
  remote mail access, rather than a local mail spool.  Due to the
  behavior of login_getcapbool(), the negated form is required so as
  to have appropriate results.
o This behavior may have to be independently added to sshd due to
  redundant implementation.
2001-11-16 04:39:16 +00:00
Robert Watson
0cd9461353 o Restore previous inconsistent style to login_fbtab.c, following its
modification to add glob support.  The submitted patch used a degraded
  form of KNF.

Reviewed by:	bde
2001-10-28 22:54:16 +00:00
Robert Watson
4983b09404 o Modify format of /etc/fbtab to accept glob matching patterns for
target devices, not just individual devices and directories.  This
  permits activities such as:

	ttyv0		0600	/dev/dsp*

  Whereas previously that was not supported.  This change is
  backwards-compatible, except where device names included globbing
  characters, which is not the case for any devices listed in MAKEDEV.

Submitted by:	Maxime Henrion <mux@qualys.com>
MFC after:	3 weeks
2001-10-25 20:45:47 +00:00
Robert Watson
2c19b38f62 o Modify NFS rights comment to note that the early credential changes
to test for a home directory don't set up the additional groups, and
  as such may limit users conservatively.  This does not affect the
  eventual credentials selected.
2001-09-15 17:09:39 +00:00
Ruslan Ermilov
cda2a9b2f0 Set BINOWN=root explicitly for setuid root binaries.
This is not "useless", as one may have non-default
setting for BINOWN in make.conf, and we still want
these to be installed setuid root in this case.
2001-09-13 06:48:18 +00:00
Ruslan Ermilov
63462b0c3a mdoc(7) police: tighten label width. 2001-09-04 10:24:52 +00:00
Mark Murray
142277ce04 Like su(1), make PAM use mandatory. Remove parts of the authentication
logic that are handled by PAM. Fix documentation to reflect this.
2001-08-30 11:27:36 +00:00
Mike Barcroft
ede8b1c50a Fix some bogus strncpy(3) to strlcpy(3) changes I made in the previous
revision.  <utmp.h> structures don't leave room for a NUL character.
Also fix "UNKNOWN" which should have just been UNKNOWN.

Pointed out by:	bde
2001-08-13 05:56:27 +00:00
Mike Barcroft
9ab4f41231 o Replace occurrences of strncpy(3) with strlcpy(3); most of
the uses of it were wrong anyway.
o Always check for NULL returns on strdup(3).
o Fix a possible buffer overflow in strcpy(3).
o Fix a format string vulnerability.
o t->ty_type in stypeof() could be NULL and eventually cause
  a segmentation fault in setenv(3), so check for that.

Eyeballed by:	kris
Reviewed by:	murray
MFC after:	3 days
2001-08-12 17:54:49 +00:00
Mark Murray
9567ba9dda Fix the environment handling:
However, there's still a bug in login.c
because you copy the environment *before* the call to pam_open_session,
which won't set the necessary variables set by /usr/ports/security/pam_ssh.

Submitted by:	Volker Stolz <stolz@hyperion.informatik.rwth-aachen.de>
2001-07-28 19:53:10 +00:00
Dima Dorfman
f247324df7 Remove whitespace at EOL. 2001-07-15 08:06:20 +00:00
Ruslan Ermilov
625003720a mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 14:16:33 +00:00
Brian Somers
7bc6d0158f Fix the type of the NULL arg to execl()
Idea from: Theo de Raadt <deraadt@openbsd.org>
2001-07-09 09:24:06 +00:00
Eric Melville
a37b5e8e4c Remove an accidentaly added extra blank line.
Approved by:	murray
2001-05-22 06:20:27 +00:00
Guido van Rooij
5345e89b9d Disable SIGHUP while getting the login name.
Reviewed by:	security-officer
2001-05-21 20:19:59 +00:00
David E. O'Brien
5de20e57b2 Missed a few things. 2001-05-18 05:46:40 +00:00
David E. O'Brien
91a72a92d6 In a word -- style(9). 2001-05-18 05:33:42 +00:00
David E. O'Brien
078ae588ab Add the "prompt" and "passwd_prompt" fields to /etc/login.conf,
which makes lgoin more like getty in its ability to be configured.

Submitted by:	tlambert (code only)
2001-05-18 04:55:16 +00:00
Eric Melville
40c65ba9c7 Check for the expiration of an account and its password in the proper
order.

Reviewed by:	-audit (silence)
Approved by:	murray
Obtained from:	OpenBSD
MFC after:	5 days
2001-05-17 03:10:04 +00:00
Mark Murray
31a651fa98 Clean out some cruft that has been put in a better (central) place. 2001-05-01 10:30:08 +00:00
Mark Murray
289ef82e3c Enable (optional) static linking. 2001-04-28 08:06:33 +00:00
Mark Murray
5bc9d93db3 Add full PAM support for account management and sessions.
The PAM_FAIL_CHECK and PAM_END macros in su.c came from the util-linux
package's PAM patches to the BSD login.c

Submitted by:	"David J. MacKenzie" <djm@web.us.uu.net>
2001-03-27 19:40:51 +00:00
Ruslan Ermilov
dc12be5258 MAN[1-9] -> MAN. 2001-03-27 10:52:19 +00:00
Jacques Vidrine
17ada68462 Fix login so that it exports environmental variables that are set by PAM
modules (via pam_putenv).  The following variables will never be set in
this fashion:

   SHELL, HOME, LOGNAME, MAIL, CDPATH, IFS, PATH
   any variable starting with `LD_'
2001-02-09 13:21:50 +00:00
Jacques Vidrine
8ad2668439 Call pam_setcred.
Reviewed by:	markm, months ago
2001-01-23 21:43:32 +00:00
David E. O'Brien
1a37aa566b Add `_PATH_DEVZERO'.
Use _PATH_* where where possible.
2000-12-09 09:35:55 +00:00
Sheldon Hearn
69f2cf17a3 Add braces to avoid ambiguity in a nested conditional (silences a gcc
warning).
2000-04-26 10:38:19 +00:00
Sheldon Hearn
508d9a5b59 Fix excessive use of parenthesis in previous commit.
Requested by:	bde
2000-04-25 08:59:51 +00:00
Sheldon Hearn
1806a85c5a Do not issue a warning when chflags() fails with EOPNOTSUPP.
PR:		17875
Submitted by:	Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE>
2000-04-13 09:39:29 +00:00
Sheldon Hearn
87faa07bec Remove single-space hard sentence breaks. These degrade the quality
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.
2000-03-01 12:20:22 +00:00
Andrey A. Chernov
5403e5e3f3 Fix diagnostic printing test condition (was always true)
Approved by:	jkh
2000-02-28 01:48:50 +00:00
Ruslan Ermilov
6861fa8643 Remove option's description that has gone with PAM. 2000-02-27 07:14:33 +00:00
Yoshinobu Inoue
6d939e82e0 Added IPv6 name resolving support for utmp logging.
Approved by: jkh
2000-02-19 15:57:52 +00:00
Chris Costello
111b70aa08 Remove the version information from `.Os FreeBSD' here. Not only
might it confuse people, but it causes a warning message with
nroff, and no version history mentions a 1.2 version of FreeBSD.

If anything, a ``HISTORY'' section should show which version this
appeared in.
2000-02-14 01:47:54 +00:00