diff options
author | markm <markm@FreeBSD.org> | 2001-12-01 17:46:46 +0000 |
---|---|---|
committer | markm <markm@FreeBSD.org> | 2001-12-01 17:46:46 +0000 |
commit | 144609e3310de11b40933f0a8191d178e04b5591 (patch) | |
tree | f09052d0c46490524c6d23a6b34a1774a9afb443 /usr.bin/login | |
parent | 65ffba233bc282ad6bbf25ed229b72457e6750de (diff) | |
download | FreeBSD-src-144609e3310de11b40933f0a8191d178e04b5591.zip FreeBSD-src-144609e3310de11b40933f0a8191d178e04b5591.tar.gz |
WARNS=2 fixes.
Reviewed by: bde (a while back)
Diffstat (limited to 'usr.bin/login')
-rw-r--r-- | usr.bin/login/Makefile | 2 | ||||
-rw-r--r-- | usr.bin/login/login.c | 101 | ||||
-rw-r--r-- | usr.bin/login/login.h | 31 | ||||
-rw-r--r-- | usr.bin/login/login_access.c | 27 | ||||
-rw-r--r-- | usr.bin/login/login_fbtab.c | 9 |
5 files changed, 107 insertions, 63 deletions
diff --git a/usr.bin/login/Makefile b/usr.bin/login/Makefile index 6769090..4a27706 100644 --- a/usr.bin/login/Makefile +++ b/usr.bin/login/Makefile @@ -10,6 +10,8 @@ CFLAGS+=-DLOGIN_ACCESS -DLOGALL DPADD= ${LIBUTIL} ${LIBCRYPT} ${LIBPAM} LDADD= -lutil -lcrypt ${MINUSLPAM} +WARNS?= 2 + BINOWN= root BINMODE=4555 INSTALLFLAGS=-fschg diff --git a/usr.bin/login/login.c b/usr.bin/login/login.c index 127467d..ef7a5a1 100644 --- a/usr.bin/login/login.c +++ b/usr.bin/login/login.c @@ -82,6 +82,7 @@ static const char rcsid[] = #include <security/pam_misc.h> #include <sys/wait.h> +#include "login.h" #include "pathnames.h" /* wrapper for KAME-special getnameinfo() */ @@ -89,19 +90,18 @@ static const char rcsid[] = #define NI_WITHSCOPEID 0 #endif -void badlogin __P((char *)); -void dolastlog __P((int)); -void getloginname __P((void)); -void motd __P((char *)); -int rootterm __P((char *)); -void sigint __P((int)); -void sleepexit __P((int)); -void refused __P((char *,char *,int)); -char *stypeof __P((char *)); -void timedout __P((int)); -int login_access __P((char *, char *)); -void login_fbtab __P((char *, uid_t, gid_t)); - +static void badlogin __P((char *)); +static void dolastlog __P((int)); +static void getloginname __P((void)); +static void motd __P((const char *)); +static int rootterm __P((char *)); +static void sigint __P((int)); +static void sleepexit __P((int)); +static void refused __P((const char *,const char *,int)); +static const char *stypeof __P((char *)); +static void timedout __P((int)); + +#ifndef NO_PAM static int auth_pam __P((void)); static int export_pam_environment __P((void)); static int ok_to_export __P((const char *)); @@ -117,16 +117,20 @@ static char **environ_pam; if ((e = pam_end(pamh, e)) != PAM_SUCCESS) \ syslog(LOG_ERR, "pam_end: %s", pam_strerror(pamh, e)); \ } +#endif /* NO_PAM */ static int auth_traditional __P((void)); -extern void login __P((struct utmp *)); static void usage __P((void)); -#define TTYGRPNAME "tty" /* name of group to own ttys */ -#define DEFAULT_BACKOFF 3 -#define DEFAULT_RETRIES 10 +#define TTYGRPNAME "tty" /* group to own ttys */ +#define DEFAULT_BACKOFF 3 +#define DEFAULT_RETRIES 10 #define DEFAULT_PROMPT "login: " #define DEFAULT_PASSWD_PROMPT "Password:" +#define INVALID_HOST "invalid hostname" +#define UNKNOWN "su" +#define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */ +#define NBUFSIZ UT_NAMESIZE + 64 /* * This bounds the time given to login. Not a define so it can @@ -147,7 +151,6 @@ main(argc, argv) int argc; char *argv[]; { - extern char **environ; struct group *gr; struct stat st; struct timeval tp; @@ -161,9 +164,14 @@ main(argc, argv) char tbuf[MAXPATHLEN + 2]; char tname[sizeof(_PATH_TTY) + 10]; char *shell = NULL; + static char default_prompt[] = DEFAULT_PROMPT; + static char default_passwd_prompt[] = DEFAULT_PASSWD_PROMPT; + static char invalid_host[] = INVALID_HOST; login_cap_t *lc = NULL; +#ifndef NO_PAM pid_t pid; int e; +#endif /* NO_PAM */ (void)signal(SIGQUIT, SIG_IGN); (void)signal(SIGINT, SIG_IGN); @@ -234,7 +242,7 @@ main(argc, argv) sleepexit(1); } } else - optarg = "invalid hostname"; + optarg = invalid_host; if (res != NULL) freeaddrinfo(res); } @@ -275,9 +283,9 @@ main(argc, argv) * Get "login-retries" & "login-backoff" from default class */ lc = login_getclass(NULL); - prompt = login_getcapstr(lc, "prompt", DEFAULT_PROMPT, DEFAULT_PROMPT); + prompt = login_getcapstr(lc, "prompt", default_prompt, default_prompt); passwd_prompt = login_getcapstr(lc, "passwd_prompt", - DEFAULT_PASSWD_PROMPT, DEFAULT_PASSWD_PROMPT); + default_passwd_prompt, default_passwd_prompt); retries = login_getcapnum(lc, "login-retries", DEFAULT_RETRIES, DEFAULT_RETRIES); backoff = login_getcapnum(lc, "login-backoff", DEFAULT_BACKOFF, @@ -336,12 +344,14 @@ main(argc, argv) (void)setpriority(PRIO_PROCESS, 0, -4); +#ifndef NO_PAM /* * Try to authenticate using PAM. If a PAM system error * occurs, perhaps because of a botched configuration, * then fall back to using traditional Unix authentication. */ if ((rval = auth_pam()) == -1) +#endif /* NO_PAM */ rval = auth_traditional(); (void)setpriority(PRIO_PROCESS, 0, 0); @@ -410,7 +420,11 @@ main(argc, argv) refused("Cannot find root directory", "ROOTDIR", 1); if (!quietlog || *pwd->pw_dir) printf("No home directory.\nLogging in with home = \"/\".\n"); - pwd->pw_dir = "/"; + pwd->pw_dir = strdup("/"); + if (pwd->pw_dir == NULL) { + syslog(LOG_NOTICE, "strdup(): %m"); + sleepexit(1); + } } (void)seteuid(euid); (void)setegid(egid); @@ -420,8 +434,6 @@ main(argc, argv) if (pwd->pw_change || pwd->pw_expire) (void)gettimeofday(&tp, (struct timezone *)NULL); -#define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */ - warntime = login_getcaptime(lc, "warnexpire", DEFAULT_WARN, DEFAULT_WARN); @@ -469,7 +481,11 @@ main(argc, argv) } shell = login_getcapstr(lc, "shell", pwd->pw_shell, pwd->pw_shell); if (*pwd->pw_shell == '\0') - pwd->pw_shell = _PATH_BSHELL; + pwd->pw_shell = strdup(_PATH_BSHELL); + if (pwd->pw_shell == NULL) { + syslog(LOG_NOTICE, "strdup(): %m"); + sleepexit(1); + } if (*shell == '\0') /* Not overridden */ shell = pwd->pw_shell; if ((shell = strdup(shell)) == NULL) { @@ -574,6 +590,7 @@ main(argc, argv) exit(1); } +#ifndef NO_PAM if (pamh) { if ((e = pam_open_session(pamh, 0)) != PAM_SUCCESS) { syslog(LOG_ERR, "pam_open_session: %s", @@ -616,6 +633,7 @@ main(argc, argv) pam_strerror(pamh, e)); } } +#endif /* NO_PAM */ /* * We don't need to be root anymore, so @@ -643,7 +661,7 @@ main(argc, argv) (void)setenv("PATH", rootlogin ? _PATH_STDPATH : _PATH_DEFPATH, 0); if (!quietlog) { - char *cw; + const char *cw; cw = login_getcapstr(lc, "copyright", NULL, NULL); if (cw != NULL && access(cw, F_OK) == 0) @@ -685,7 +703,7 @@ main(argc, argv) /* * Login shells have a leading '-' in front of argv[0] */ - if (snprintf(tbuf, sizeof(tbuf), "-%s", + if ((size_t)snprintf(tbuf, sizeof(tbuf), "-%s", (p = strrchr(pwd->pw_shell, '/')) ? p + 1 : pwd->pw_shell) >= sizeof(tbuf)) { syslog(LOG_ERR, "user: %s: shell exceeds maximum pathname size", @@ -698,12 +716,12 @@ main(argc, argv) } static int -auth_traditional() +auth_traditional(void) { int rval; char *p; - char *ep; - char *salt; + const char *ep; + const char *salt; rval = 1; salt = pwd != NULL ? pwd->pw_passwd : "xx"; @@ -723,6 +741,7 @@ auth_traditional() return rval; } +#ifndef NO_PAM /* * Attempt to authenticate the user using PAM. Returns 0 if the user is * authenticated, or 1 if not authenticated. If some sort of PAM system @@ -731,7 +750,7 @@ auth_traditional() * fall back to a different authentication mechanism. */ static int -auth_pam() +auth_pam(void) { const char *tmpl_user; const void *item; @@ -822,7 +841,7 @@ auth_pam() } static int -export_pam_environment() +export_pam_environment(void) { char **pp; @@ -863,9 +882,10 @@ ok_to_export(s) } return 1; } +#endif /* NO_PAM */ static void -usage() +usage(void) { (void)fprintf(stderr, "usage: login [-fp] [-h hostname] [username]\n"); @@ -876,10 +896,8 @@ usage() * Allow for authentication style and/or kerberos instance */ -#define NBUFSIZ UT_NAMESIZE + 64 - void -getloginname() +getloginname(void) { int ch; char *p; @@ -928,7 +946,7 @@ sigint(signo) void motd(motdfile) - char *motdfile; + const char *motdfile; { int fd, nchars; sig_t oldint; @@ -1014,10 +1032,7 @@ badlogin(name) failures = 0; } -#undef UNKNOWN -#define UNKNOWN "su" - -char * +const char * stypeof(ttyid) char *ttyid; { @@ -1033,8 +1048,8 @@ stypeof(ttyid) void refused(msg, rtype, lout) - char *msg; - char *rtype; + const char *msg; + const char *rtype; int lout; { diff --git a/usr.bin/login/login.h b/usr.bin/login/login.h new file mode 100644 index 0000000..4658450 --- /dev/null +++ b/usr.bin/login/login.h @@ -0,0 +1,31 @@ +/*- + * Copyright (c) 2001 FreeBSD, Inc + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +int login_access(char *, char *); +void login_fbtab(char *, uid_t, gid_t); + +extern char **environ; diff --git a/usr.bin/login/login_access.c b/usr.bin/login/login_access.c index cfb24d2..e3452ab 100644 --- a/usr.bin/login/login_access.c +++ b/usr.bin/login/login_access.c @@ -5,6 +5,7 @@ * non-networked logins. Diagnostics are reported through syslog(3). * * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. + * $FreeBSD$ */ #ifdef LOGIN_ACCESS @@ -22,6 +23,7 @@ static const char sccsid[] = "%Z% %M% %I% %E% %U%"; #include <unistd.h> #include <stdlib.h> +#include "login.h" #include "pathnames.h" /* Delimiters for fields and for lists of users, ttys or hosts. */ @@ -34,10 +36,11 @@ static char sep[] = ", \t"; /* list-element separator */ #define YES 1 #define NO 0 -static int list_match(); -static int user_match(); -static int from_match(); -static int string_match(); +static int list_match __P((char *, char *, int (*)(char *, char *))); +static int user_match __P((char *, char *)); +static int from_match __P((char *, char *)); +static int string_match __P((char *, char *)); +static int netgroup_match __P((char *, char *, char *)); /* login_access - match username/group and host/tty with access control file */ @@ -106,7 +109,7 @@ char *from; static int list_match(list, item, match_fn) char *list; char *item; -int (*match_fn) (); +int (*match_fn) __P((char *, char *)); { char *tok; int match = NO; @@ -138,20 +141,12 @@ int (*match_fn) (); /* netgroup_match - match group against machine or user */ static int netgroup_match(group, machine, user) -gid_t group; -char *machine; -char *user; +char *group __unused; +char *machine __unused; +char *user __unused; { -#ifdef NIS - static char *mydomain = 0; - - if (mydomain == 0) - yp_get_default_domain(&mydomain); - return (innetgr(group, machine, user, mydomain)); -#else syslog(LOG_ERR, "NIS netgroup support not configured"); return 0; -#endif } /* user_match - match a username against one token */ diff --git a/usr.bin/login/login_fbtab.c b/usr.bin/login/login_fbtab.c index a40d83f..a43b612 100644 --- a/usr.bin/login/login_fbtab.c +++ b/usr.bin/login/login_fbtab.c @@ -68,10 +68,11 @@ #include <glob.h> #include <paths.h> #include <unistd.h> + +#include "login.h" #include "pathnames.h" -void login_protect __P((char *, char *, int, uid_t, gid_t)); -void login_fbtab __P((char *tty, uid_t uid, gid_t gid)); +static void login_protect __P((const char *, char *, int, uid_t, gid_t)); #define WSPACE " \t\n" @@ -88,7 +89,7 @@ gid_t gid; char *devname; char *cp; int prot; - char *table; + const char *table; if ((fp = fopen(table = _PATH_FBTAB, "r")) == 0 && (fp = fopen(table = _PATH_LOGINDEVPERM, "r")) == 0) @@ -122,7 +123,7 @@ gid_t gid; void login_protect(table, pattern, mask, uid, gid) -char *table; +const char *table; char *pattern; int mask; uid_t uid; |