summaryrefslogtreecommitdiffstats
path: root/usr.bin/login
diff options
context:
space:
mode:
authormarkm <markm@FreeBSD.org>2001-12-01 17:46:46 +0000
committermarkm <markm@FreeBSD.org>2001-12-01 17:46:46 +0000
commit144609e3310de11b40933f0a8191d178e04b5591 (patch)
treef09052d0c46490524c6d23a6b34a1774a9afb443 /usr.bin/login
parent65ffba233bc282ad6bbf25ed229b72457e6750de (diff)
downloadFreeBSD-src-144609e3310de11b40933f0a8191d178e04b5591.zip
FreeBSD-src-144609e3310de11b40933f0a8191d178e04b5591.tar.gz
WARNS=2 fixes.
Reviewed by: bde (a while back)
Diffstat (limited to 'usr.bin/login')
-rw-r--r--usr.bin/login/Makefile2
-rw-r--r--usr.bin/login/login.c101
-rw-r--r--usr.bin/login/login.h31
-rw-r--r--usr.bin/login/login_access.c27
-rw-r--r--usr.bin/login/login_fbtab.c9
5 files changed, 107 insertions, 63 deletions
diff --git a/usr.bin/login/Makefile b/usr.bin/login/Makefile
index 6769090..4a27706 100644
--- a/usr.bin/login/Makefile
+++ b/usr.bin/login/Makefile
@@ -10,6 +10,8 @@ CFLAGS+=-DLOGIN_ACCESS -DLOGALL
DPADD= ${LIBUTIL} ${LIBCRYPT} ${LIBPAM}
LDADD= -lutil -lcrypt ${MINUSLPAM}
+WARNS?= 2
+
BINOWN= root
BINMODE=4555
INSTALLFLAGS=-fschg
diff --git a/usr.bin/login/login.c b/usr.bin/login/login.c
index 127467d..ef7a5a1 100644
--- a/usr.bin/login/login.c
+++ b/usr.bin/login/login.c
@@ -82,6 +82,7 @@ static const char rcsid[] =
#include <security/pam_misc.h>
#include <sys/wait.h>
+#include "login.h"
#include "pathnames.h"
/* wrapper for KAME-special getnameinfo() */
@@ -89,19 +90,18 @@ static const char rcsid[] =
#define NI_WITHSCOPEID 0
#endif
-void badlogin __P((char *));
-void dolastlog __P((int));
-void getloginname __P((void));
-void motd __P((char *));
-int rootterm __P((char *));
-void sigint __P((int));
-void sleepexit __P((int));
-void refused __P((char *,char *,int));
-char *stypeof __P((char *));
-void timedout __P((int));
-int login_access __P((char *, char *));
-void login_fbtab __P((char *, uid_t, gid_t));
-
+static void badlogin __P((char *));
+static void dolastlog __P((int));
+static void getloginname __P((void));
+static void motd __P((const char *));
+static int rootterm __P((char *));
+static void sigint __P((int));
+static void sleepexit __P((int));
+static void refused __P((const char *,const char *,int));
+static const char *stypeof __P((char *));
+static void timedout __P((int));
+
+#ifndef NO_PAM
static int auth_pam __P((void));
static int export_pam_environment __P((void));
static int ok_to_export __P((const char *));
@@ -117,16 +117,20 @@ static char **environ_pam;
if ((e = pam_end(pamh, e)) != PAM_SUCCESS) \
syslog(LOG_ERR, "pam_end: %s", pam_strerror(pamh, e)); \
}
+#endif /* NO_PAM */
static int auth_traditional __P((void));
-extern void login __P((struct utmp *));
static void usage __P((void));
-#define TTYGRPNAME "tty" /* name of group to own ttys */
-#define DEFAULT_BACKOFF 3
-#define DEFAULT_RETRIES 10
+#define TTYGRPNAME "tty" /* group to own ttys */
+#define DEFAULT_BACKOFF 3
+#define DEFAULT_RETRIES 10
#define DEFAULT_PROMPT "login: "
#define DEFAULT_PASSWD_PROMPT "Password:"
+#define INVALID_HOST "invalid hostname"
+#define UNKNOWN "su"
+#define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */
+#define NBUFSIZ UT_NAMESIZE + 64
/*
* This bounds the time given to login. Not a define so it can
@@ -147,7 +151,6 @@ main(argc, argv)
int argc;
char *argv[];
{
- extern char **environ;
struct group *gr;
struct stat st;
struct timeval tp;
@@ -161,9 +164,14 @@ main(argc, argv)
char tbuf[MAXPATHLEN + 2];
char tname[sizeof(_PATH_TTY) + 10];
char *shell = NULL;
+ static char default_prompt[] = DEFAULT_PROMPT;
+ static char default_passwd_prompt[] = DEFAULT_PASSWD_PROMPT;
+ static char invalid_host[] = INVALID_HOST;
login_cap_t *lc = NULL;
+#ifndef NO_PAM
pid_t pid;
int e;
+#endif /* NO_PAM */
(void)signal(SIGQUIT, SIG_IGN);
(void)signal(SIGINT, SIG_IGN);
@@ -234,7 +242,7 @@ main(argc, argv)
sleepexit(1);
}
} else
- optarg = "invalid hostname";
+ optarg = invalid_host;
if (res != NULL)
freeaddrinfo(res);
}
@@ -275,9 +283,9 @@ main(argc, argv)
* Get "login-retries" & "login-backoff" from default class
*/
lc = login_getclass(NULL);
- prompt = login_getcapstr(lc, "prompt", DEFAULT_PROMPT, DEFAULT_PROMPT);
+ prompt = login_getcapstr(lc, "prompt", default_prompt, default_prompt);
passwd_prompt = login_getcapstr(lc, "passwd_prompt",
- DEFAULT_PASSWD_PROMPT, DEFAULT_PASSWD_PROMPT);
+ default_passwd_prompt, default_passwd_prompt);
retries = login_getcapnum(lc, "login-retries", DEFAULT_RETRIES,
DEFAULT_RETRIES);
backoff = login_getcapnum(lc, "login-backoff", DEFAULT_BACKOFF,
@@ -336,12 +344,14 @@ main(argc, argv)
(void)setpriority(PRIO_PROCESS, 0, -4);
+#ifndef NO_PAM
/*
* Try to authenticate using PAM. If a PAM system error
* occurs, perhaps because of a botched configuration,
* then fall back to using traditional Unix authentication.
*/
if ((rval = auth_pam()) == -1)
+#endif /* NO_PAM */
rval = auth_traditional();
(void)setpriority(PRIO_PROCESS, 0, 0);
@@ -410,7 +420,11 @@ main(argc, argv)
refused("Cannot find root directory", "ROOTDIR", 1);
if (!quietlog || *pwd->pw_dir)
printf("No home directory.\nLogging in with home = \"/\".\n");
- pwd->pw_dir = "/";
+ pwd->pw_dir = strdup("/");
+ if (pwd->pw_dir == NULL) {
+ syslog(LOG_NOTICE, "strdup(): %m");
+ sleepexit(1);
+ }
}
(void)seteuid(euid);
(void)setegid(egid);
@@ -420,8 +434,6 @@ main(argc, argv)
if (pwd->pw_change || pwd->pw_expire)
(void)gettimeofday(&tp, (struct timezone *)NULL);
-#define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */
-
warntime = login_getcaptime(lc, "warnexpire", DEFAULT_WARN,
DEFAULT_WARN);
@@ -469,7 +481,11 @@ main(argc, argv)
}
shell = login_getcapstr(lc, "shell", pwd->pw_shell, pwd->pw_shell);
if (*pwd->pw_shell == '\0')
- pwd->pw_shell = _PATH_BSHELL;
+ pwd->pw_shell = strdup(_PATH_BSHELL);
+ if (pwd->pw_shell == NULL) {
+ syslog(LOG_NOTICE, "strdup(): %m");
+ sleepexit(1);
+ }
if (*shell == '\0') /* Not overridden */
shell = pwd->pw_shell;
if ((shell = strdup(shell)) == NULL) {
@@ -574,6 +590,7 @@ main(argc, argv)
exit(1);
}
+#ifndef NO_PAM
if (pamh) {
if ((e = pam_open_session(pamh, 0)) != PAM_SUCCESS) {
syslog(LOG_ERR, "pam_open_session: %s",
@@ -616,6 +633,7 @@ main(argc, argv)
pam_strerror(pamh, e));
}
}
+#endif /* NO_PAM */
/*
* We don't need to be root anymore, so
@@ -643,7 +661,7 @@ main(argc, argv)
(void)setenv("PATH", rootlogin ? _PATH_STDPATH : _PATH_DEFPATH, 0);
if (!quietlog) {
- char *cw;
+ const char *cw;
cw = login_getcapstr(lc, "copyright", NULL, NULL);
if (cw != NULL && access(cw, F_OK) == 0)
@@ -685,7 +703,7 @@ main(argc, argv)
/*
* Login shells have a leading '-' in front of argv[0]
*/
- if (snprintf(tbuf, sizeof(tbuf), "-%s",
+ if ((size_t)snprintf(tbuf, sizeof(tbuf), "-%s",
(p = strrchr(pwd->pw_shell, '/')) ? p + 1 : pwd->pw_shell) >=
sizeof(tbuf)) {
syslog(LOG_ERR, "user: %s: shell exceeds maximum pathname size",
@@ -698,12 +716,12 @@ main(argc, argv)
}
static int
-auth_traditional()
+auth_traditional(void)
{
int rval;
char *p;
- char *ep;
- char *salt;
+ const char *ep;
+ const char *salt;
rval = 1;
salt = pwd != NULL ? pwd->pw_passwd : "xx";
@@ -723,6 +741,7 @@ auth_traditional()
return rval;
}
+#ifndef NO_PAM
/*
* Attempt to authenticate the user using PAM. Returns 0 if the user is
* authenticated, or 1 if not authenticated. If some sort of PAM system
@@ -731,7 +750,7 @@ auth_traditional()
* fall back to a different authentication mechanism.
*/
static int
-auth_pam()
+auth_pam(void)
{
const char *tmpl_user;
const void *item;
@@ -822,7 +841,7 @@ auth_pam()
}
static int
-export_pam_environment()
+export_pam_environment(void)
{
char **pp;
@@ -863,9 +882,10 @@ ok_to_export(s)
}
return 1;
}
+#endif /* NO_PAM */
static void
-usage()
+usage(void)
{
(void)fprintf(stderr, "usage: login [-fp] [-h hostname] [username]\n");
@@ -876,10 +896,8 @@ usage()
* Allow for authentication style and/or kerberos instance
*/
-#define NBUFSIZ UT_NAMESIZE + 64
-
void
-getloginname()
+getloginname(void)
{
int ch;
char *p;
@@ -928,7 +946,7 @@ sigint(signo)
void
motd(motdfile)
- char *motdfile;
+ const char *motdfile;
{
int fd, nchars;
sig_t oldint;
@@ -1014,10 +1032,7 @@ badlogin(name)
failures = 0;
}
-#undef UNKNOWN
-#define UNKNOWN "su"
-
-char *
+const char *
stypeof(ttyid)
char *ttyid;
{
@@ -1033,8 +1048,8 @@ stypeof(ttyid)
void
refused(msg, rtype, lout)
- char *msg;
- char *rtype;
+ const char *msg;
+ const char *rtype;
int lout;
{
diff --git a/usr.bin/login/login.h b/usr.bin/login/login.h
new file mode 100644
index 0000000..4658450
--- /dev/null
+++ b/usr.bin/login/login.h
@@ -0,0 +1,31 @@
+/*-
+ * Copyright (c) 2001 FreeBSD, Inc
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+int login_access(char *, char *);
+void login_fbtab(char *, uid_t, gid_t);
+
+extern char **environ;
diff --git a/usr.bin/login/login_access.c b/usr.bin/login/login_access.c
index cfb24d2..e3452ab 100644
--- a/usr.bin/login/login_access.c
+++ b/usr.bin/login/login_access.c
@@ -5,6 +5,7 @@
* non-networked logins. Diagnostics are reported through syslog(3).
*
* Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
+ * $FreeBSD$
*/
#ifdef LOGIN_ACCESS
@@ -22,6 +23,7 @@ static const char sccsid[] = "%Z% %M% %I% %E% %U%";
#include <unistd.h>
#include <stdlib.h>
+#include "login.h"
#include "pathnames.h"
/* Delimiters for fields and for lists of users, ttys or hosts. */
@@ -34,10 +36,11 @@ static char sep[] = ", \t"; /* list-element separator */
#define YES 1
#define NO 0
-static int list_match();
-static int user_match();
-static int from_match();
-static int string_match();
+static int list_match __P((char *, char *, int (*)(char *, char *)));
+static int user_match __P((char *, char *));
+static int from_match __P((char *, char *));
+static int string_match __P((char *, char *));
+static int netgroup_match __P((char *, char *, char *));
/* login_access - match username/group and host/tty with access control file */
@@ -106,7 +109,7 @@ char *from;
static int list_match(list, item, match_fn)
char *list;
char *item;
-int (*match_fn) ();
+int (*match_fn) __P((char *, char *));
{
char *tok;
int match = NO;
@@ -138,20 +141,12 @@ int (*match_fn) ();
/* netgroup_match - match group against machine or user */
static int netgroup_match(group, machine, user)
-gid_t group;
-char *machine;
-char *user;
+char *group __unused;
+char *machine __unused;
+char *user __unused;
{
-#ifdef NIS
- static char *mydomain = 0;
-
- if (mydomain == 0)
- yp_get_default_domain(&mydomain);
- return (innetgr(group, machine, user, mydomain));
-#else
syslog(LOG_ERR, "NIS netgroup support not configured");
return 0;
-#endif
}
/* user_match - match a username against one token */
diff --git a/usr.bin/login/login_fbtab.c b/usr.bin/login/login_fbtab.c
index a40d83f..a43b612 100644
--- a/usr.bin/login/login_fbtab.c
+++ b/usr.bin/login/login_fbtab.c
@@ -68,10 +68,11 @@
#include <glob.h>
#include <paths.h>
#include <unistd.h>
+
+#include "login.h"
#include "pathnames.h"
-void login_protect __P((char *, char *, int, uid_t, gid_t));
-void login_fbtab __P((char *tty, uid_t uid, gid_t gid));
+static void login_protect __P((const char *, char *, int, uid_t, gid_t));
#define WSPACE " \t\n"
@@ -88,7 +89,7 @@ gid_t gid;
char *devname;
char *cp;
int prot;
- char *table;
+ const char *table;
if ((fp = fopen(table = _PATH_FBTAB, "r")) == 0
&& (fp = fopen(table = _PATH_LOGINDEVPERM, "r")) == 0)
@@ -122,7 +123,7 @@ gid_t gid;
void
login_protect(table, pattern, mask, uid, gid)
-char *table;
+const char *table;
char *pattern;
int mask;
uid_t uid;
OpenPOWER on IntegriCloud