272461 |
03-Oct-2014 |
gjb |
Copy stable/10@r272459 to releng/10.1 as part of the 10.1-RELEASE process.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
264192 |
06-Apr-2014 |
jilles |
login: Clean up PAM and audit, then exit, on SIGHUP and SIGTERM.
This avoids leaving stale entries in utmpx after the connection is closed on an open login session. It also allows a clean way (SIGTERM) to forcibly terminate a user's terminal session.
This does not affect the situation for "hung" processes after the connection is closed. The foreground process group receives SIGHUP and the tty becomes inaccessible.
Also replace all use of the obsolete signal() function with sigaction() (not only the part where it is actually required: SIGHUP and SIGTERM must mask the other as well when caught).
PR: misc/183495
|
256281 |
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
236892 |
11-Jun-2012 |
des |
None of these programs actually use auth.conf.
MFC after: 1 week
|
231651 |
14-Feb-2012 |
kevlo |
Remove unnecessary cast
|
228992 |
30-Dec-2011 |
uqs |
Spelling fixes for usr.bin/
|
221374 |
03-May-2011 |
dfr |
Call pam_setcred() before login_getpwclass to support home directories on GSS-API authenticated NFS where the kerberos credentials need to be saved so that the kernel can authenticate to the NFS server.
|
216370 |
11-Dec-2010 |
joel |
Remove the advertising clause from UCB copyrighted files in usr.bin. This is in accordance with the information provided at ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change
Also add $FreeBSD$ to a few files to keep svn happy.
Discussed with: imp, rwatson
|
214115 |
20-Oct-2010 |
ed |
Get rid of hand-rolled closefrom(3).
|
213250 |
28-Sep-2010 |
emaste |
Remove copyright strings printed at login time via login(1) or sshd(8). It is not clear to what this copyright should apply, and this is in line with what other operating systems do.
For ssh specifically, printing of the copyright string is not in the upstream version so this reduces our FreeBSD-local diffs.
Approved by: core, des (ssh)
|
201386 |
02-Jan-2010 |
ed |
Build usr.bin/ with WARNS=6 by default.
Also add some missing $FreeBSD$ to keep svn happy.
|
201382 |
02-Jan-2010 |
ed |
ANSIfy various tools in usr.bin/.
Most of these tools properly build at WARNS=6, except for their K&R function declarations. Fix this, so we can bump WARNS as well.
|
200462 |
13-Dec-2009 |
delphij |
Revert most part of 200420 as requested, as more review and polish is needed.
|
200420 |
11-Dec-2009 |
delphij |
Remove unneeded header includes from usr.bin/ except contributed code.
Tested with: make universe
|
191297 |
19-Apr-2009 |
rwatson |
Pass int arguments to auditon(2)'s A_GETCOND API rather than long arguments. This change should be MFC'd with OpenBSM 1.1 since they are interdependent.
MFC after: 2 weeks Obtained from: TrustedBSD Project Sponsored by: Apple, Inc.
|
190474 |
27-Mar-2009 |
ed |
Don't strip TTY device name to the last '/'.
We've seen this bug in other applications before: we have some applications that use strrchr(tty, '/') on the TTY device name. This isn't valid when using pts(4), because the device name will be stripped to "0" instead of "pts/0".
This fixes issues with login(1) ignoring /etc/ttys and missing utmp records.
Reported by: Barney Cordoba <barney_cordoba yahoo com> Reviewed by: rwatson
|
174105 |
30-Nov-2007 |
philip |
Add a cross-reference to newgrp(1).
Every time I need newgrp, I forget its name but I remember it's like login for groups - newgrp(1) already cross-references login(1).
MFC after: 2 days
|
172261 |
21-Sep-2007 |
kevlo |
Use NULL instead of 0 for the return value of fopen().
Approved by: re (kensmith)
|
171195 |
04-Jul-2007 |
scf |
Significantly reduce the memory leak as noted in BUGS section for setenv(3) by tracking the size of the memory allocated instead of using strlen() on the current value.
Convert all calls to POSIX from historic BSD API: - unsetenv returns an int. - putenv takes a char * instead of const char *. - putenv no longer makes a copy of the input string. - errno is set appropriately for POSIX. Exceptions involve bad environ variable and internal initialization code. These both set errno to EFAULT.
Several patches to base utilities to handle the POSIX changes from Andrey Chernov's previous commit. A few I re-wrote to use setenv() instead of putenv().
New regression module for tools/regression/environ to test these functions. It also can be used to test the performance.
Bump __FreeBSD_version to 700050 due to API change.
PR: kern/99826 Approved by: wes Approved by: re (kensmith)
|
169342 |
07-May-2007 |
dwmalone |
Fix some warnings by making things const, adding missing headers, removing some unused variables and making a variable unsigned.
MFC after: 3 weeks
|
169177 |
01-May-2007 |
ache |
Back out all POSIXified *env() changes.
Not because I admit they are technically wrong and not because of bug reports (I receive nothing). But because I surprisingly meets so strong opposition and resistance so lost any desire to continue that.
Anyone who interested in POSIX can dig out what changes and how through cvs diffs.
|
169126 |
30-Apr-2007 |
ache |
Slightly tune previous fix: free memory if !export
|
169124 |
30-Apr-2007 |
ache |
Prepare for upcoming POSIXed putenv() rewrite: don't free memory after putenv()
|
165152 |
13-Dec-2006 |
csjp |
Teach login(1) about the make.conf NO_AUDIT variable. This allows us to conditionally build in audit support.
Submitted by: bz MFC after: 1 week
|
162792 |
29-Sep-2006 |
ru |
Markup fixes.
|
162286 |
13-Sep-2006 |
joel |
Remove references to the pam(8) manual page. It does not exist.
Requested by: novel Discussed with: brueffer, simon
|
157721 |
13-Apr-2006 |
ru |
Add missing library dependencies.
|
157215 |
28-Mar-2006 |
cognet |
Don't call audit_logout() if pwd is NULL, as audit_logout() attempts to dereference it. This will happen if we ^D at the Login: prompt without having provided a valid login before. Set pwd to NULL on bad login attempts to prevent audit_logout() from being called for a user which didn't actually log on.
Reported by: Jerome Magnin jethro at docisland dot org
|
156813 |
17-Mar-2006 |
ru |
Reimplementation of world/kernel build options. For details, see:
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html
The src.conf(5) manpage is to follow in a few days.
Brought to you by: imp, jhb, kris, phk, ru (all bugs are mine)
|
156349 |
06-Mar-2006 |
yar |
Managing login.access is no longer a responsibility of login(1). Therefore give a xref, not details.
MFC after: 3 days
|
156347 |
06-Mar-2006 |
yar |
Remove the last reference to LOGIN_ACCESS from login(1).
MFC after: 3 days
|
156346 |
06-Mar-2006 |
yar |
login.access.5 and login_access.c are no longer used in usr.bin/login because the login.access feature has moved to PAM completely.
Their counterparts in lib/libpam/modules/pam_login_access have been found to be in sync with, and even in better shape than, login.access.5 and login_access.c here.
Therefore cvs rm login.access.5 and login_access.c from usr.bin/login so that nobody will waste their time on fixing or developing the files here.
MFC after: 3 days
|
156345 |
06-Mar-2006 |
yar |
login(1) no longer handles /etc/login.access by itself, it's PAM's job.
MFC after: 3 days
|
156344 |
06-Mar-2006 |
yar |
Since the whole login.access feature has moved to PAM, login.access.5 will be installed from the respective PAM module's src directory.
MFC after: 3 days
|
155312 |
04-Feb-2006 |
wsalamon |
Make login audit-enabled, submitting audit records for the login and logout events. The specifics of submitting the records is contained within login_audit.c. Document the auditing behavior in the man page.
Obtained from: TrustedBSD Project, Apple Computer, Inc. Approved by: rwatson (mentor)
|
146867 |
01-Jun-2005 |
maxim |
o Teach login(1) to respect "hushlogin" and "nocheckmail" attributes defined in user's $HOME/.login_conf.
PR: bin/75001 Submitted by: Rostislav Krasny MFC after: 2 weeks
|
137164 |
03-Nov-2004 |
ru |
Introduce the PRECIOUSPROG knob in bsd.prog.mk, similar to PRECIOUSLIB from bsd.lib.mk. The side effect of this is making installing the world under jail(8) possible by using another knob, NOFSCHG.
Reviewed by: oliver
|
136571 |
16-Oct-2004 |
brueffer |
Bump document date
Reminded by: simon in ru-mode
|
136570 |
15-Oct-2004 |
brueffer |
We use /etc/pam.d/login nowadays
|
131507 |
03-Jul-2004 |
ru |
Deal with double whitespace.
|
131491 |
02-Jul-2004 |
ru |
Mechanically kill hard sentence breaks.
|
131479 |
02-Jul-2004 |
ru |
Deal with unsafe tab characters.
|
126395 |
29-Feb-2004 |
bde |
Fixed style bugs in previous commit (.ifndef instead of .if defined(), and tab lossage).
Garbage-collected NEED_LIBNAMES.
|
126327 |
27-Feb-2004 |
des |
I am a moron.
|
126323 |
27-Feb-2004 |
des |
Re-add the setuid bit, conditional on NO_SETUID_LOGIN being undefined.
|
126302 |
27-Feb-2004 |
des |
Cut through the bikeshed and remove login(1)'s setuid bit. It has no business trying to impersonate su(1), and it does not need to be setuid to function properly when invoked by getty(8) or telnetd(8).
|
125333 |
02-Feb-2004 |
ru |
GC (now unused here) -lcrypt.
|
125055 |
26-Jan-2004 |
fjoe |
Fix ~/.hushlogin handling.
PR: 61354 Submitted by: Eugeny Grosbein <eugen (at) kuzbass.ru>
|
117333 |
08-Jul-2003 |
dannyboy |
Remove utmp references, no longer done by login(1) in 5.x.
PR: 54201 Submitted by: mdg <mdg@secureworks.net>
|
114048 |
26-Apr-2003 |
rwatson |
When the tty chown() fails, report a chown() failure rather than a chmod() failure.
|
114010 |
25-Apr-2003 |
des |
The documented login.conf variable for setting the login prompt is "login_prompt". This makes more sense than "prompt" which is what login actually used, so change the code to match the documentation.
PR: docs/51396 MFC in: 3 days
|
110966 |
15-Feb-2003 |
des |
Back out previous commit, I wasn't thinking clearly.
|
110964 |
15-Feb-2003 |
des |
Set PAM_RHOST to "localhost" if no remote host was specified. This allows pam_opieaccess() to work as expected for local logins.
|
110549 |
08-Feb-2003 |
des |
Use waitpid() instead of wait() since we know the pid of the process we are waiting for, and we don't want to reap the wrong process.
|
107585 |
04-Dec-2002 |
des |
Change the process title as soon as possible to mask information passed on the command line by getty(8). This is not a perfect fix, but drastically reduces the window of exposure.
Approved by: re (rwatson) MFC after: 1 week
|
105254 |
16-Oct-2002 |
charnier |
Do not reuse flag name in its definition. Remove inadequate sentence.
|
105164 |
15-Oct-2002 |
phk |
Be consistent about functions being static.
Spotted by: FlexeLint
|
102141 |
19-Aug-2002 |
imp |
When login tries to do the chmod/chflags on a read only file system, it complains that it can't do it because the filesystem is readonly. Assume that when the user has a readonly /dev that they don't care if login can't change the permissions/flags. While this does break a few things like msgs, we'll assume that the user setting up the read only system knows what they are doing.
All this change does is to stop the complaint when the file system is read only. It also adds comments as to why EROFS and EOPNOTSUPP are ignored.
This allows one to have a read-only / w/o a /dev MFS and have a relatively warning-free existence. /etc/rc still complains when it can't chown/chflags/chmod things, but that's easy to ignore/tweak.
Reviewed by: roberto, phk Sponsored by: Timing Solutions
|
100825 |
28-Jul-2002 |
dwmalone |
Don't reuse a const char * when we really want a char *.
|
98990 |
28-Jun-2002 |
ache |
Simplify TERM handling since now libutil not overwrites existen TERM for "term"
|
98960 |
28-Jun-2002 |
ache |
Overwrite "term" from login.conf(5) for any known TERM
|
97376 |
28-May-2002 |
des |
Drive-by whitespace cleanup.
|
95243 |
22-Apr-2002 |
des |
Don't use PAM_SILENT unless hushlogin is set (perforce change 10123)
Sponsored by: DARPA, NAI Labs
|
95203 |
21-Apr-2002 |
bde |
Fixed some style bugs ("From:" in vendor id line, disordered MAN line, and blank lines).
Not unapproved of by: markm
|
95124 |
20-Apr-2002 |
charnier |
Use `The .Nm utility'
|
94886 |
16-Apr-2002 |
des |
Remove unused #define.
|
94203 |
08-Apr-2002 |
ru |
Align for const poisoning in -lutil.
|
92920 |
22-Mar-2002 |
imp |
remove __P
|
92174 |
12-Mar-2002 |
gad |
Simple fix so the 'LOGIN FAILURE' message send to syslog will include the correct userid, instead of random garbage. This bug does not exist in -stable.
Reviewed by: freebsd-audit
|
91714 |
05-Mar-2002 |
des |
Switch to OpenPAM. Bump library version. Modules are now versioned, so applications linked with Linux-PAM will still work. Remove pam_get_pass(); OpenPAM has pam_get_authtok(). Remove pam_prompt(); OpenPAM has pam_{,v}{error,info,prompt}(). Remove pam_set_item(3) man page as OpenPAM has its own.
Sponsored by: DARPA, NAI Labs
|
90416 |
08-Feb-2002 |
markm |
Remove NO_WERRORs and WARNS=n's. To be revisited after GCC3.
|
89994 |
30-Jan-2002 |
des |
Still with asbestos longjohns on, completely PAMify login(1) and remove code made redundant by various PAM modules (primarily pam_unix(8)).
Sponsored by: DARPA, NAI Labs
|
89970 |
29-Jan-2002 |
des |
Back out rev 1.78, which is incorrect now that the PAM modules have been fixed to accept a NULL PAM_RHOST.
|
89615 |
21-Jan-2002 |
des |
When running on a local terminal, set PAM_RHOST to the local hostname.
Sponsored by: DARPA, NAI Labs
|
89568 |
19-Jan-2002 |
ache |
Back out PAM_CRED_ERR addition
|
89552 |
19-Jan-2002 |
ache |
Add PAM_CRED_ERR as valid failure case
|
87628 |
10-Dec-2001 |
dwmalone |
Style improvements recommended by Bruce as a follow up to some of the recent WARNS commits. The idea is:
1) FreeBSD id tags should follow vendor tags. 2) Vendor tags should not be compiled (though copyrights probably should). 3) There should be no blank line between including cdefs and __FBSDIF.
|
87233 |
02-Dec-2001 |
markm |
Use __FBSDID(). Also do a bit of cosmetic #if and header-order cleaning-up.
|
87180 |
02-Dec-2001 |
markm |
Sort includes.
|
87177 |
01-Dec-2001 |
markm |
Style fixups.
Sort function declarations, includes. Make consistent WRT use of _P() macro (ugh!)
Inspired by: bde
|
87176 |
01-Dec-2001 |
bde |
Work around world breakage in previous commit. The bug is in <security/pam_misc.h>. It declares a function parameter named 'send', so nothing that includes both <unistd.h> (which declares send(2)) and <security/pam_misc.h> be compiled with WARNS=2 unless NO_WERRROR is set.
Fixed order of WARNS.
|
87173 |
01-Dec-2001 |
markm |
WARNS=2 fixes.
Reviewed by: bde (a while back)
|
86450 |
16-Nov-2001 |
rwatson |
o Add support for a 'nocheckmail' capability, which (if true) prevents the 'You have mail.' check. This is useful for sites that rely on remote mail access, rather than a local mail spool. Due to the behavior of login_getcapbool(), the negated form is required so as to have appropriate results. o This behavior may have to be independently added to sshd due to redundant implementation.
|
85645 |
28-Oct-2001 |
rwatson |
o Restore previous inconsistent style to login_fbtab.c, following its modification to add glob support. The submitted patch used a degraded form of KNF.
Reviewed by: bde
|
85504 |
25-Oct-2001 |
rwatson |
o Modify format of /etc/fbtab to accept glob matching patterns for target devices, not just individual devices and directories. This permits activities such as:
ttyv0 0600 /dev/dsp*
Whereas previously that was not supported. This change is backwards-compatible, except where device names included globbing characters, which is not the case for any devices listed in MAKEDEV.
Submitted by: Maxime Henrion <mux@qualys.com> MFC after: 3 weeks
|
83519 |
15-Sep-2001 |
rwatson |
o Modify NFS rights comment to note that the early credential changes to test for a home directory don't set up the additional groups, and as such may limit users conservatively. This does not affect the eventual credentials selected.
|
83391 |
13-Sep-2001 |
ru |
Set BINOWN=root explicitly for setuid root binaries.
This is not "useless", as one may have non-default setting for BINOWN in make.conf, and we still want these to be installed setuid root in this case.
|
82956 |
04-Sep-2001 |
ru |
mdoc(7) police: tighten label width.
|
82562 |
30-Aug-2001 |
markm |
Like su(1), make PAM use mandatory. Remove parts of the authentication logic that are handled by PAM. Fix documentation to reflect this.
|
81575 |
13-Aug-2001 |
mike |
Fix some bogus strncpy(3) to strlcpy(3) changes I made in the previous revision. <utmp.h> structures don't leave room for a NUL character. Also fix "UNKNOWN" which should have just been UNKNOWN.
Pointed out by: bde
|
81555 |
12-Aug-2001 |
mike |
o Replace occurrences of strncpy(3) with strlcpy(3); most of the uses of it were wrong anyway. o Always check for NULL returns on strdup(3). o Fix a possible buffer overflow in strcpy(3). o Fix a format string vulnerability. o t->ty_type in stypeof() could be NULL and eventually cause a segmentation fault in setenv(3), so check for that.
Eyeballed by: kris Reviewed by: murray MFC after: 3 days
|
80514 |
28-Jul-2001 |
markm |
Fix the environment handling:
However, there's still a bug in login.c because you copy the environment *before* the call to pam_open_session, which won't set the necessary variables set by /usr/ports/security/pam_ssh.
Submitted by: Volker Stolz <stolz@hyperion.informatik.rwth-aachen.de>
|
79755 |
15-Jul-2001 |
dd |
Remove whitespace at EOL.
|
79535 |
10-Jul-2001 |
ru |
mdoc(7) police: removed HISTORY info from the .Os call.
|
79452 |
09-Jul-2001 |
brian |
Fix the type of the NULL arg to execl()
Idea from: Theo de Raadt <deraadt@openbsd.org>
|
76977 |
22-May-2001 |
eric |
Remove an accidentaly added extra blank line.
Approved by: murray
|
76942 |
21-May-2001 |
guido |
Disable SIGHUP while getting the login name.
Reviewed by: security-officer
|
76791 |
18-May-2001 |
obrien |
Missed a few things.
|
76788 |
18-May-2001 |
obrien |
In a word -- style(9).
|
76786 |
18-May-2001 |
obrien |
Add the "prompt" and "passwd_prompt" fields to /etc/login.conf, which makes lgoin more like getty in its ability to be configured.
Submitted by: tlambert (code only)
|
76710 |
17-May-2001 |
eric |
Check for the expiration of an account and its password in the proper order.
Reviewed by: -audit (silence) Approved by: murray Obtained from: OpenBSD MFC after: 5 days
|
76181 |
01-May-2001 |
markm |
Clean out some cruft that has been put in a better (central) place.
|
76099 |
28-Apr-2001 |
markm |
Enable (optional) static linking.
|
74874 |
27-Mar-2001 |
markm |
Add full PAM support for account management and sessions.
The PAM_FAIL_CHECK and PAM_END macros in su.c came from the util-linux package's PAM patches to the BSD login.c
Submitted by: "David J. MacKenzie" <djm@web.us.uu.net>
|
74848 |
27-Mar-2001 |
ru |
MAN[1-9] -> MAN.
|
72215 |
09-Feb-2001 |
nectar |
Fix login so that it exports environmental variables that are set by PAM modules (via pam_putenv). The following variables will never be set in this fashion:
SHELL, HOME, LOGNAME, MAIL, CDPATH, IFS, PATH any variable starting with `LD_'
|
71457 |
23-Jan-2001 |
nectar |
Call pam_setcred.
Reviewed by: markm, months ago
|
69793 |
09-Dec-2000 |
obrien |
Add `_PATH_DEVZERO'. Use _PATH_* where where possible.
|
59645 |
26-Apr-2000 |
sheldonh |
Add braces to avoid ambiguity in a nested conditional (silences a gcc warning).
|
59621 |
25-Apr-2000 |
sheldonh |
Fix excessive use of parenthesis in previous commit.
Requested by: bde
|
59198 |
13-Apr-2000 |
sheldonh |
Do not issue a warning when chflags() fails with EOPNOTSUPP.
PR: 17875 Submitted by: Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE>
|
57670 |
01-Mar-2000 |
sheldonh |
Remove single-space hard sentence breaks. These degrade the quality of the typeset output, tend to make diffs harder to read and provide bad examples for new-comers to mdoc.
|
57546 |
28-Feb-2000 |
ache |
Fix diagnostic printing test condition (was always true)
Approved by: jkh
|
57530 |
27-Feb-2000 |
ru |
Remove option's description that has gone with PAM.
|
57339 |
19-Feb-2000 |
shin |
Added IPv6 name resolving support for utmp logging.
Approved by: jkh
|
57196 |
14-Feb-2000 |
chris |
Remove the version information from `.Os FreeBSD' here. Not only might it confuse people, but it causes a warning message with nroff, and no version history mentions a 1.2 version of FreeBSD.
If anything, a ``HISTORY'' section should show which version this appeared in.
|
54782 |
18-Dec-1999 |
peter |
Revert the libcrypt/libmd stuff back to how it was. This should not have happened as it was working around problems elsewhere (ie: binutils/ld not doing the right thing according to the ELF design). libcrypt has been adjusted to not need the runtime -lmd. It's still not quite right (ld is supposed to work damnit) but at least it doesn't impact all the users of libcrypt in Marcel's cross-build model.
|
54677 |
16-Dec-1999 |
marcel |
Add libmd (or move it after libcrypt). We don't want the linker to be smart because it will definitely get it wrong. This popped up during cross-linking.
|
51275 |
14-Sep-1999 |
sheldonh |
Correct some hard sentence breaks. Only those surrounding the previous commit and those which cause ugly nroff output have been fixed, since the purpose of the style guideline which they contravene is to reduce the sizes of deltas.
Reported by: bde
|
51090 |
08-Sep-1999 |
sheldonh |
Improve shell documentation:
* Consistently misspell built-in as builtin.
* Add a builtin(1) manpage and create builtin(1) MLINKS for all shell builtin commands for which no standalone utility exists. These MLINKS replace those that were created for csh(1).
* Add appropriate xrefs for builtin(1) to the csh(1) and sh(1) manpages, as well as to the manpages of standalone utilities which are supported as shell builtin commands in at least one of the shells. In such manpages, explain that similar functionality may be provided as a shell builtin command.
* Improve sh(1)'s description of the cd builtin command. Csh(1) already describes it adequately. Replace the cd(1) manpage with a builtin(1) MLINKS link.
* Clean up some mdoc problems: use Xr instead of literal "foo(n)"; use Ic instead of Xr for shell builtin commands.
* Undo English contractions.
Reviewed by: mpp, rgrimes
|
50477 |
28-Aug-1999 |
peter |
$Id$ -> $FreeBSD$
|
50124 |
21-Aug-1999 |
imp |
Clear all file flags when taking ownership of devices. Do not ignore chown failures in some places, but instead log them like we do all other errors.
|
48792 |
12-Jul-1999 |
nik |
Add $Id$, to make it simpler for members of the translation teams to track.
The $Id$ line is normally at the bottom of the main comment block in the man page, separated from the rest of the manpage by an empty comment, like so;
.\" $Id$ .\"
If the immediately preceding comment is a @(#) format ID marker than the the $Id$ will line up underneath it with no intervening blank lines. Otherwise, an additional blank line is inserted.
Approved by: bde
|
46007 |
24-Apr-1999 |
ache |
remove uid switching before login_getpwclass, now done inside libutil add gid switching before chdir and comment why it needed
|
45431 |
07-Apr-1999 |
brian |
Don't perform the trimdomain() functionality twice, trimdomain() now works as expected.
|
43511 |
01-Feb-1999 |
wosch |
Added xref to nologin(5)
|
43057 |
22-Jan-1999 |
jdp |
Force <bsd.libnames.mk> to be included, regardless of the object format. This fixes the undefined symbols when building login for a.out.
|
42918 |
20-Jan-1999 |
jdp |
Allow login to be linked statically even when PAM is used, since there is now a static version of libpam.
|
42850 |
19-Jan-1999 |
abial |
Add a compile knob to avoid using PAM code (login will use standard Unix authentication only). This comes handy when you're tight on space.
Submitted by: mostly John Baldwin <jobaldwi@vt.edu> Reviewed by: John D. Polstra <jdp@polstra.com>
|
42515 |
11-Jan-1999 |
asami |
Move nologin from /etc to /var/run. This means one less file that has to be written to /etc.
The only essential change is in paths.h, so any third-party software written correctly will pick it up in the next rebuild.
Reviewed by: the committers list (actually an old version)
|
42272 |
03-Jan-1999 |
eivind |
Make the timeout handler log any failed logins, to make sure failed logins get logged.
|
41437 |
01-Dec-1998 |
dillon |
Obtained from: "Jan B. Koum " <jkb@best.com>
Add a reference to pam(8) in the login(1) and login.access(5) manual pages.
|
41281 |
21-Nov-1998 |
jdp |
Work around the problem that login won't link if NOSHARED=yes, because libpam is built shared only. There is a way to build PAM into a static library that contains all (or a selected subset) of the modules. But our Makefiles don't support that yet. Until I get that working, just force NOSHARED=no in login's Makefile. Of course, it still won't work if NOPIC is set.
Submitted by: bde
|
41279 |
21-Nov-1998 |
jdp |
ATTENTION: INSTALL "/etc/pam.conf" FROM "src/etc"!!!
Change login to use PAM for authentication. I kept the built-in passwd/NIS authentication support, to handle cases where the system is missing its "/etc/pam.conf" file. S/Key and KerberosIV authentication methods are removed from the login program, but still available in PAM modules.
|
41079 |
11-Nov-1998 |
jdp |
unifdef -DLOGIN_CAP. After almost 2 years, I think we can assume it's here to stay.
This code is starting to look almost reasonable again.
|
41069 |
11-Nov-1998 |
jdp |
Remove support for LOGIN_CAP_AUTH. It was never enabled, it was not complete, and it hasn't been touched for 18 months. All the ifdefs obfuscate the code. I discussed the LOGIN_CAP_AUTH support with its author and he agreed that it is a dead end. I am bringing PAM into the tree within the next two weeks. It is much more flexible than LOGIN_CAP_AUTH, and will serve as a superior replacement for it.
|
41068 |
11-Nov-1998 |
jdp |
Fix a const-related compiler warning.
|
40102 |
09-Oct-1998 |
markm |
Use KJH's auth.conf parser to turn on/off Kerberos in userland.
|
39495 |
19-Sep-1998 |
obrien |
Remove useless `BINOWN=root' now that it is the default.
|
38374 |
17-Aug-1998 |
jkoshy |
Remove hardcoded constant in favour of login.conf value.
PR: 6529 Submitted by: Dan Lukes <dan@obluda.cz>
|
38149 |
06-Aug-1998 |
markm |
Fix LIBDIR (for aout/ELF).
|
37980 |
31-Jul-1998 |
bde |
Backed out rev.1.31. It was a workaround for bugs in rev.1.4 of libc/gen/getpass.c. The old behaviour of blocking SIGINT and not changing SIGQUIT was restored in rev.1.5 of getpass.c. The change here completely restores the old behaviour of not supporting killing login with keyboard signals (only) at the password prompt. There is no reason to support this, since login can be exited normally by typing a couple of ^D's. Login certainly shouldn't dump core in response to user input. Previously, SIGQUIT killed login immediately but SIGINT killed it only after the password was entered.
PR: 7444
|
37812 |
22-Jul-1998 |
jdp |
Fix a couple of little bugs that prevented login.c from compiling if LOGIN_CAP_AUTH was defined. This is kind of silly, because LOGIN_CAP_AUTH doesn't work anyway, is not defined currently, probably will never be defined, and IMHO should not be defined. But I'm sure you'll sleep better tonight, knowing that these bugs are gone.
|
36559 |
01-Jun-1998 |
amurai |
Trim a domain part for wtmp as same as showed by "netstat -r". Here is a some example for avoiding a confusion.
It asssumes a logged host domain is "spec.co.jp". All example is longer than UT_HOSTNAMELEN value.
1) turbo.tama.spec.co.jp: 192.19.0.2 -> trubo.tama 2) turbo.tama.foo.co.jp : 192.19.0.2 -> 192.19.0.2 3) specgw.spec.co.jp : 202.32.13.1 -> specgw
Submitted by: Atsushi Murai <amurai@spec.co.jp>
|
35559 |
30-Apr-1998 |
peter |
*blush*, typo during last minute editing..
|
35557 |
30-Apr-1998 |
peter |
Change euid while reading the user's .login_cap file in case the homedir is on a NFS partion without root read access. Also, flip euid again for the duration of the chdir() to the homedir for the same reason.
PR: 5145 Submitted by: Joel.Faedi@esial.u-nancy.fr Also tested by: A Joseph Koshy <koshy@india.hp.com>
|
34801 |
23-Mar-1998 |
charnier |
.Sh AUTHOR -> .Sh AUTHORS. Use .An/.Aq.
|
33358 |
15-Feb-1998 |
jb |
gcc on alpha complains about nested comments. A comment in this file referred to a path ending in "/*" which was reasonable to me, but gcc wasn't so sure. So now the comment refers to a path ending in "*".
|
33332 |
13-Feb-1998 |
ache |
Fix very rare but dangerous bug: for some DES passwords crypt(real_password, salt) is equal to crypt("", salt); It means that this user (and not only he) can login without entering password at all, just pressing Return. So if empty password entered and crypted password is not empty, invalidate any crypt result by assigning ":"
|
33123 |
05-Feb-1998 |
guido |
Reset SGINT and SIGQUIT handling to default when asking for passwords. Otherwise, when pressing the INT ke at the password prompt, the password will be displayed. Now login will be killed.
Probably the same will have to be done for the LOGIN_CAP_AUTH case. I have not done that. Reviewed by: Joerg Wunsch
|
32321 |
07-Jan-1998 |
obrien |
Mention S/key and the skey /etc files.
|
30564 |
19-Oct-1997 |
joerg |
Fix a fatal typo.
PR: bin/4801 Submitted by: mishania@demos.su (Mikhail A. Sokolov)
|
29922 |
28-Sep-1997 |
markm |
Changes for KTH KerberosIV. Also quieten -Wall a bit.
|
29152 |
05-Sep-1997 |
nate |
"lmd" -> "-lmd" Submitted by: Vincent Poy <vince@venus.gaianet.net>
|
29144 |
05-Sep-1997 |
peter |
If building elf, don't link in libmd.a just for libskey.so to use. Under elf, libskey.so will not expose it's implementation on it's caller.
|
27605 |
22-Jul-1997 |
charnier |
= -> ==, strcpy -> strncpy from OpenBSD. update man page. Add usage(). Obtained from: OpenBSD
|
26386 |
02-Jun-1997 |
max |
Fix the man page's title (.Dt). (It has been ``SKEY.ACCESS''.)
|
26021 |
23-May-1997 |
pst |
Restore backwards compatible default behavior for requirehome
|
25671 |
10-May-1997 |
davidn |
login_getclass() -> login_getpwclass(). auth_rmfiles() was being called in error without LOGIN_CAP_AUTH defined.
|
24894 |
13-Apr-1997 |
davidn |
Use isdialuptty() rather than hard-coded heuristic.
|
24485 |
01-Apr-1997 |
davidn |
Submitted by: Sergei Chechetkin <csl@whale.sunbay.crimea.ua>
Fix incorrect bracket nesting. Closes PR#3144.
|
24360 |
29-Mar-1997 |
imp |
compare return value from getopt against -1 rather than EOF, per the final posix standard on the topic.
|
24321 |
27-Mar-1997 |
davidn |
Fix for logic in no-password accounts.
|
24251 |
25-Mar-1997 |
davidn |
Don't bypass password prompt for root logins on insecure tty if the root password is empty.
|
24222 |
24-Mar-1997 |
davidn |
strdup() value of term to correctly preserve contents. Rearrange validation logic so that it works correctly when compiled with kerberos support. Closes PR#3056.
|
23985 |
18-Mar-1997 |
davidn |
Submitted by: Paul Traina <root@shockwave.com> (partially)
Cleanup of #ifdef's for LOGIN_CAP.
Fixed bug in empty shell (closes PR#2550).
Refused root logins now displays standard "Login incorrect" and exhibits identical backoff behaviour to a failed login.
Cleaned up logging of refused logins.
Use #defines for login retries and backoff. Also implemented definable variables if LOGIN_CAP is defined, with "login-retries" and "login-backoff" as capabilities in the default class (closes PR#2805).
TERM from previous environment is no longer truncated.
|
23246 |
01-Mar-1997 |
wosch |
Include copyright message from <sys/copyright.h>
|
23148 |
27-Feb-1997 |
ache |
Back out "shell" / pw_shell change, I was confused by the same variable name (with different functionality)
|
23146 |
27-Feb-1997 |
ache |
Fix few bogons with pw_shell / shell variables values mismatch introduced by LOGIN_CAP
|
23012 |
22-Feb-1997 |
peter |
Revert $FreeBSD$ to $Id$
|
22230 |
02-Feb-1997 |
pst |
Cruft cleanup to eliminate useless warnings
|
21950 |
22-Jan-1997 |
jkh |
Don't dereference NULL pwd on non-existant username (I wonder how long THAT has been in here!).
|
21942 |
22-Jan-1997 |
davidn |
Fix handling of empty shell field in passwd file (use /bin/sh); problem was caused by introduction of login classes. Closes PR bin/2550. Added references to login.conf to manpage, crossreference to login.conf(5).
|
21673 |
14-Jan-1997 |
jkh |
Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
|
21528 |
11-Jan-1997 |
davidn |
Makes login login_cap-savvy.
Note that LOGIN_CAP_AUTH code (login authentication) is not (yet) enabled and requires /usr/libexec/login_<style> authentication program support to be added at a later date. The Makefile contains a macro LC_AUTH to turn it on and prevent unnecessarily linking against skey/krb libs and the addition of klogin.c module.
All other aspects of login_cap support are fully functional.
|
20888 |
23-Dec-1996 |
wosch |
comma typos
|
18449 |
21-Sep-1996 |
pst |
Fix some compilation warnings.
|
16929 |
03-Jul-1996 |
mpp |
Document login's use of /etc/login.access.
Submitted by: David E. O'Brien
|
16423 |
17-Jun-1996 |
ache |
Write numerical address instead of hostname for hostnames > UT_HOSTSIZE to keep valid information in utmp and lastlog
|
14024 |
11-Feb-1996 |
markm |
#include <kerberosIV/des.h> -> #include <des.h>
|
13744 |
30-Jan-1996 |
mpp |
Fix a bunch of spelling errors in a bunch of man pages.
|
13122 |
30-Dec-1995 |
peter |
recording cvs-1.6 file death
|
9987 |
07-Aug-1995 |
wollman |
Delete bogus referneces to timezone code internal header file `tzfile.h', which is no longer bogusly installed in /usr/include.
|
8874 |
30-May-1995 |
rgrimes |
Remove trailing whitespace.
|
8626 |
19-May-1995 |
guido |
Set copyright so we can actually distribute and use it.
Reviewed by: David Greenman Submitted by: Wietse Venema Obtained from:
|
7893 |
16-Apr-1995 |
rgrimes |
Fix spelling error that keeps this from compiling with KERBEROS & SKEY defined.
Submitted by: Mark Murray <mark@grondar.za>
|
7800 |
13-Apr-1995 |
wollman |
Disallow Kerberos when S/Key is required. Fixes PR #339.
Submitted by: Paul Traina <pst@Shockwave.com>
|
7140 |
18-Mar-1995 |
nate |
Change the library order so libcrypt is the last library in the list. libskey contains references to _crypt and can't resolve it unless -lcrypt occurs after it in the link command. This only occurs when linking statically.
|
5758 |
20-Jan-1995 |
wollman |
In the non-PARANOID case, make sure to set `notickets' to 0 sothat login.c doesn't complain.
|
5627 |
14-Jan-1995 |
wollman |
Modify klogin to:
1) Don't spit out an error message if Kerberos is installed but not yet set up.
2) Don't attempt to verify the ticket you got back, as workstations are not intended to have srvtab files of their own.
Both behaviors can be re-enabled with KLOGIN_PARANOID.
|
4881 |
01-Dec-1994 |
ugen |
Sorry..forgot something for yesterdays login patch.. (Umm..i hope nobody "make world" this time:)
|
4878 |
30-Nov-1994 |
ugen |
Patch of password expired bug. Now password changed for right user and no longer possible to skip password change. I hope it will be ok....
|
4715 |
20-Nov-1994 |
wollman |
Add distribution=krb for P-HK
|
3702 |
19-Oct-1994 |
pst |
Include most of the logdaemon v4.4 S/key changes
|
3236 |
30-Sep-1994 |
csgr |
Undo damage done between revisions 1.6 and 1.7 (Guys, please don't DAMAGE commits that have just gone in.)
|
3205 |
29-Sep-1994 |
pst |
Install support for skey and login.access
|
3197 |
29-Sep-1994 |
csgr |
First level of changes for bringing in eBones (kerberos). - Get rid of inverse logic (NOKERBEROS and NOEBONES) in src/makefile, and replace with MAKE_KERBEROS and MAKE_EBONES. (Far fewer contortions, and both default to off.) IF YOU WANT KERBEROS, YOU HAVE TO EXPLICITLY DEFINE ONE OF THESE. - Make Makefiles kerberos-aware.
|
2532 |
07-Sep-1994 |
jkh |
Problem: Accounts that have "pw_change" set, are supposed to change their passwords by the date specified in "pw_change". If they have not changed their passwords by that date, currently they get "LOCKED OUT" of the system. This is not the correct behavior, the user should be prompt (forced?) to change their password at this time. If the behavior of "pw_change" was meant to be a LOCKOUT, then you should use "pw_expire".
Solution: Instead of locking out the user, prompt them to change their password.
Reviewed by: jkh Submitted by: rls
|
2224 |
22-Aug-1994 |
guido |
Implemnet fbtab ala SunOS (thanks to WZV, see login_fbtab.c) Reviewed by: Submitted by: guido
|
2198 |
21-Aug-1994 |
guido |
Add skey supprot Reviewed by: Submitted by: guido
|
2158 |
20-Aug-1994 |
csgr |
LDADD= -lcrypt Submitted by: Geoff
|
1867 |
05-Aug-1994 |
wollman |
Don't compile with kerberos yet, we aren't ready.
|
1591 |
27-May-1994 |
rgrimes |
This commit was generated by cvs2svn to compensate for changes in r1590, which included commits to RCS files with non-trunk default branches.
|