s/begining/beginning/ in comments and messages.

usr.bin: remove unnecessary lint comment CONSTCOND

Since 2021-01-31, lint no longer warns about 'do ... while (0)'.

No functional change.

Avoid use-after-free bug in PAM environment

Traditional BSD putenv(3) was creating an internal copy of the passed
argument. Unfortunately this was causing memory leaks and was changed by
POSIX to not allocate.

Adapt the putenv(3) usage to modern POSIX (and NetBSD) semantics.

branches: 1.25.16;
- Added error checks for initgroups(3) and setgroups(2).
- Reorder functions in privilege regain - setgroups(2) should be called after
seteuid(2).

OK christos@

Remove the syslogging of a dial out login warning based on the tty name, because
the test is sloppy and doesn't correspond to the current naming anyway.
OK gdt@
PR#377 can remain closed.

branches: 1.23.4;
fix unused variable warnings

branches: 1.22.2;
trimusername (which does not exist) probably was meant to be called
trimloginname (which does exist, at least)

make krb5 compile again. XXX: one function left that is deprecated, what's
the new equivalent?

branches: 1.20.6; 1.20.8;
PR/42540: Ed Ravin: /usr/bin/login does not log normal logins, and does not
log ip addresses.
- Factor out the common code in login.c and login_pam.c into common.c
- Always log a login event
- Check passed in sockaddr against the one from getpeername(2).

Remove the \n and tabs from the __COPYRIGHT() strings.
Tweak to use a consistent format.

branches: 1.18.12;
PR/36294: De Zeurkous: login(1) -- inconsistent exit behavior on EOF
- Always EXIT_FAILURE when login fails.
- Cleanup fork code in krb5 (old login).

GC old signal handling and merge it in 4 places:
1. Immediately ignore all the signals we want to ignore and set the alarm.
2. Before we exit on error, restore all signals we modified
3. Before we exec a shell, restore all signals we modified and ignore TSTP.
Job control aware shells know how to deal with this.
4. Temporarily handle SIGINT while we read motd.

PR/33128: Martin Husemann: When login in on the console, SIGABRT is ignored
Both SIGINT and SIGABRT should be restored before executing the shell.

Fix Coverity run 5, issue 1931 -- memory leak. This was noted as being a
bug by cgilbert.
Approved by christos@.

PR/23616: Christian Biere: login might not back-off as expected

PR/30923: Zafer Aydogan: pam too verbose

Don't display a different message for root logins on insecure terminals.

Approved by christos@.

Propagate change from login.c where if getpeername succeeded, then we have
the sockaddr from the remote peer.

PR/32870: Johan Veenhuizen: login(1) does not obey .hushlogin

Update documentation for pam, and don't accept flags that we don't support
anymore.

use getgrnam_r; from Jon Nemeth

Terminate variable argument list with NULL, not 0.

Safety boots: don't depend upon getpwnam_r() to set pwd to NULL on all
failures, especially as we're ignoring the return result.

Don't report that we don't know the username. We don't want to give out
more information that we need to.

- use getpwnam_r
- KNF

branches: 1.4.2;
1. Restore missing tty action.
2. Pass the nested user name to pam.
3. always try to fill in sockaddr.

- deal with ptyfs pty names.
- put back chown pty code.
- use setproctitle(NULL) to kill our argument display.
- don't wait for any pid, just the one we forked.

Add setting of PAM_SOCKADDR.

Add PAM support to login(8)

usr.bin: remove unnecessary lint comment CONSTCOND

Since 2021-01-31, lint no longer warns about 'do ... while (0)'.

No functional change.

Avoid use-after-free bug in PAM environment

Traditional BSD putenv(3) was creating an internal copy of the passed
argument. Unfortunately this was causing memory leaks and was changed by
POSIX to not allocate.

Adapt the putenv(3) usage to modern POSIX (and NetBSD) semantics.

branches: 1.25.16;
- Added error checks for initgroups(3) and setgroups(2).
- Reorder functions in privilege regain - setgroups(2) should be called after
seteuid(2).

OK christos@

Remove the syslogging of a dial out login warning based on the tty name, because
the test is sloppy and doesn't correspond to the current naming anyway.
OK gdt@
PR#377 can remain closed.

branches: 1.23.4;
fix unused variable warnings

branches: 1.22.2;
trimusername (which does not exist) probably was meant to be called
trimloginname (which does exist, at least)

make krb5 compile again. XXX: one function left that is deprecated, what's
the new equivalent?

branches: 1.20.6; 1.20.8;
PR/42540: Ed Ravin: /usr/bin/login does not log normal logins, and does not
log ip addresses.
- Factor out the common code in login.c and login_pam.c into common.c
- Always log a login event
- Check passed in sockaddr against the one from getpeername(2).

Remove the \n and tabs from the __COPYRIGHT() strings.
Tweak to use a consistent format.

branches: 1.18.12;
PR/36294: De Zeurkous: login(1) -- inconsistent exit behavior on EOF
- Always EXIT_FAILURE when login fails.
- Cleanup fork code in krb5 (old login).

GC old signal handling and merge it in 4 places:
1. Immediately ignore all the signals we want to ignore and set the alarm.
2. Before we exit on error, restore all signals we modified
3. Before we exec a shell, restore all signals we modified and ignore TSTP.
Job control aware shells know how to deal with this.
4. Temporarily handle SIGINT while we read motd.

PR/33128: Martin Husemann: When login in on the console, SIGABRT is ignored
Both SIGINT and SIGABRT should be restored before executing the shell.

Fix Coverity run 5, issue 1931 -- memory leak. This was noted as being a
bug by cgilbert.
Approved by christos@.

PR/23616: Christian Biere: login might not back-off as expected

PR/30923: Zafer Aydogan: pam too verbose

Don't display a different message for root logins on insecure terminals.

Approved by christos@.

Propagate change from login.c where if getpeername succeeded, then we have
the sockaddr from the remote peer.

PR/32870: Johan Veenhuizen: login(1) does not obey .hushlogin

Update documentation for pam, and don't accept flags that we don't support
anymore.

use getgrnam_r; from Jon Nemeth

Terminate variable argument list with NULL, not 0.

Safety boots: don't depend upon getpwnam_r() to set pwd to NULL on all
failures, especially as we're ignoring the return result.

Don't report that we don't know the username. We don't want to give out
more information that we need to.

- use getpwnam_r
- KNF

branches: 1.4.2;
1. Restore missing tty action.
2. Pass the nested user name to pam.
3. always try to fill in sockaddr.

- deal with ptyfs pty names.
- put back chown pty code.
- use setproctitle(NULL) to kill our argument display.
- don't wait for any pid, just the one we forked.

Add setting of PAM_SOCKADDR.

Add PAM support to login(8)

Avoid use-after-free bug in PAM environment

Traditional BSD putenv(3) was creating an internal copy of the passed
argument. Unfortunately this was causing memory leaks and was changed by
POSIX to not allocate.

Adapt the putenv(3) usage to modern POSIX (and NetBSD) semantics.

- Added error checks for initgroups(3) and setgroups(2).
- Reorder functions in privilege regain - setgroups(2) should be called after
seteuid(2).

OK christos@

Remove the syslogging of a dial out login warning based on the tty name, because
the test is sloppy and doesn't correspond to the current naming anyway.
OK gdt@
PR#377 can remain closed.

branches: 1.23.4;
fix unused variable warnings

branches: 1.22.2;
trimusername (which does not exist) probably was meant to be called
trimloginname (which does exist, at least)

make krb5 compile again. XXX: one function left that is deprecated, what's
the new equivalent?

branches: 1.20.6; 1.20.8;
PR/42540: Ed Ravin: /usr/bin/login does not log normal logins, and does not
log ip addresses.
- Factor out the common code in login.c and login_pam.c into common.c
- Always log a login event
- Check passed in sockaddr against the one from getpeername(2).

Remove the \n and tabs from the __COPYRIGHT() strings.
Tweak to use a consistent format.

branches: 1.18.12;
PR/36294: De Zeurkous: login(1) -- inconsistent exit behavior on EOF
- Always EXIT_FAILURE when login fails.
- Cleanup fork code in krb5 (old login).

GC old signal handling and merge it in 4 places:
1. Immediately ignore all the signals we want to ignore and set the alarm.
2. Before we exit on error, restore all signals we modified
3. Before we exec a shell, restore all signals we modified and ignore TSTP.
Job control aware shells know how to deal with this.
4. Temporarily handle SIGINT while we read motd.

PR/33128: Martin Husemann: When login in on the console, SIGABRT is ignored
Both SIGINT and SIGABRT should be restored before executing the shell.

Fix Coverity run 5, issue 1931 -- memory leak. This was noted as being a
bug by cgilbert.
Approved by christos@.

PR/23616: Christian Biere: login might not back-off as expected

PR/30923: Zafer Aydogan: pam too verbose

Don't display a different message for root logins on insecure terminals.

Approved by christos@.

Propagate change from login.c where if getpeername succeeded, then we have
the sockaddr from the remote peer.

PR/32870: Johan Veenhuizen: login(1) does not obey .hushlogin

Update documentation for pam, and don't accept flags that we don't support
anymore.

use getgrnam_r; from Jon Nemeth

Terminate variable argument list with NULL, not 0.

Safety boots: don't depend upon getpwnam_r() to set pwd to NULL on all
failures, especially as we're ignoring the return result.

Don't report that we don't know the username. We don't want to give out
more information that we need to.

- use getpwnam_r
- KNF

branches: 1.4.2;
1. Restore missing tty action.
2. Pass the nested user name to pam.
3. always try to fill in sockaddr.

- deal with ptyfs pty names.
- put back chown pty code.
- use setproctitle(NULL) to kill our argument display.
- don't wait for any pid, just the one we forked.

Add setting of PAM_SOCKADDR.

Add PAM support to login(8)

- Added error checks for initgroups(3) and setgroups(2).
- Reorder functions in privilege regain - setgroups(2) should be called after
seteuid(2).

OK christos@

Remove the syslogging of a dial out login warning based on the tty name, because
the test is sloppy and doesn't correspond to the current naming anyway.
OK gdt@
PR#377 can remain closed.

branches: 1.23.4;
fix unused variable warnings

branches: 1.22.2;
trimusername (which does not exist) probably was meant to be called
trimloginname (which does exist, at least)

make krb5 compile again. XXX: one function left that is deprecated, what's
the new equivalent?

branches: 1.20.6; 1.20.8;
PR/42540: Ed Ravin: /usr/bin/login does not log normal logins, and does not
log ip addresses.
- Factor out the common code in login.c and login_pam.c into common.c
- Always log a login event
- Check passed in sockaddr against the one from getpeername(2).

Remove the \n and tabs from the __COPYRIGHT() strings.
Tweak to use a consistent format.

branches: 1.18.12;
PR/36294: De Zeurkous: login(1) -- inconsistent exit behavior on EOF
- Always EXIT_FAILURE when login fails.
- Cleanup fork code in krb5 (old login).

GC old signal handling and merge it in 4 places:
1. Immediately ignore all the signals we want to ignore and set the alarm.
2. Before we exit on error, restore all signals we modified
3. Before we exec a shell, restore all signals we modified and ignore TSTP.
Job control aware shells know how to deal with this.
4. Temporarily handle SIGINT while we read motd.

PR/33128: Martin Husemann: When login in on the console, SIGABRT is ignored
Both SIGINT and SIGABRT should be restored before executing the shell.

Fix Coverity run 5, issue 1931 -- memory leak. This was noted as being a
bug by cgilbert.
Approved by christos@.

PR/23616: Christian Biere: login might not back-off as expected

PR/30923: Zafer Aydogan: pam too verbose

Don't display a different message for root logins on insecure terminals.

Approved by christos@.

Propagate change from login.c where if getpeername succeeded, then we have
the sockaddr from the remote peer.

PR/32870: Johan Veenhuizen: login(1) does not obey .hushlogin

Update documentation for pam, and don't accept flags that we don't support
anymore.

use getgrnam_r; from Jon Nemeth

Terminate variable argument list with NULL, not 0.

Safety boots: don't depend upon getpwnam_r() to set pwd to NULL on all
failures, especially as we're ignoring the return result.

Don't report that we don't know the username. We don't want to give out
more information that we need to.

- use getpwnam_r
- KNF

branches: 1.4.2;
1. Restore missing tty action.
2. Pass the nested user name to pam.
3. always try to fill in sockaddr.

- deal with ptyfs pty names.
- put back chown pty code.
- use setproctitle(NULL) to kill our argument display.
- don't wait for any pid, just the one we forked.

Add setting of PAM_SOCKADDR.

Add PAM support to login(8)