diff options
Diffstat (limited to 'usr.bin/login')
-rw-r--r-- | usr.bin/login/klogin.c | 2 | ||||
-rw-r--r-- | usr.bin/login/login.1 | 35 | ||||
-rw-r--r-- | usr.bin/login/login.access.5 | 14 | ||||
-rw-r--r-- | usr.bin/login/login.c | 18 |
4 files changed, 41 insertions, 28 deletions
diff --git a/usr.bin/login/klogin.c b/usr.bin/login/klogin.c index 4263786..6e30949 100644 --- a/usr.bin/login/klogin.c +++ b/usr.bin/login/klogin.c @@ -184,7 +184,7 @@ klogin(pw, instance, localhost, password) } /* undecipherable: probably didn't have a srvtab on the local host */ - if (kerror = RD_AP_UNDEC) { + if (kerror == RD_AP_UNDEC) { syslog(LOG_NOTICE, "krb_rd_req: (%s)\n", krb_err_txt[kerror]); dest_tkt(); return (1); diff --git a/usr.bin/login/login.1 b/usr.bin/login/login.1 index e0a4f02..f3f7852 100644 --- a/usr.bin/login/login.1 +++ b/usr.bin/login/login.1 @@ -29,28 +29,28 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" @(#)login.1 8.1 (Berkeley) 6/9/93 -.\" $Id$ +.\" @(#)login.1 8.2 (Berkeley) 5/5/94 +.\" $Id: login.1,v 1.8 1997/02/22 19:55:57 peter Exp $ .\" -.Dd June 9, 1993 +.Dd May 5, 1994 .Dt LOGIN 1 .Os BSD 4 .Sh NAME .Nm login .Nd log into the computer .Sh SYNOPSIS -.Nm login +.Nm .Op Fl fp .Op Fl h Ar hostname .Op Ar user .Sh DESCRIPTION The -.Nm login +.Nm utility logs users (and pseudo-users) into the computer system. .Pp If no user is specified, or if a user is specified and authentication of the user fails, -.Nm login +.Nm prompts for a user name. Authentication of users is done via passwords. .Pp @@ -73,7 +73,7 @@ It is used by various daemons such as This option may only be used by the super-user. .It Fl p By default, -.Nm login +.Nm discards any previous environment. The .Fl p @@ -83,7 +83,7 @@ option disables this behavior. If the file .Pa /etc/nologin exists, -.Nm login +.Nm displays its contents to the user and exits. This is used by .Xr shutdown 8 @@ -92,7 +92,7 @@ to prevent users from logging in when the system is about to go down. If the file .Pa /etc/login.access exists, -.Nm login +.Nm checks to see if the user and host pair are specifically allowed or denied access. Login access may also be controlled via the login class, which provides @@ -101,12 +101,12 @@ allow and deny records based on time, tty and remote host name. If the file .Pa /etc/fbtab exists, -.Nm login +.Nm changes the protection and ownership of certain devices specified in this file. .Pp Immediately after logging a user in, -.Nm login +.Nm displays the system copyright notice, the date and time the user last logged in, the message of the day as well as other information. If the file @@ -119,9 +119,10 @@ then records an entry in the .Xr wtmp 5 and .Xr utmp 5 -files and executes the user's command interpretor. +files and executes the user's command interpreter. .Pp -Login enters information into the environment (see +.Nm Login +enters information into the environment (see .Xr environ 7 ) specifying the user's home directory (HOME), command interpreter (SHELL), search path (PATH), terminal type (TERM) and user name (both LOGNAME and @@ -138,7 +139,7 @@ The standard shells, and .Xr sh 1 , do not fork before executing the -.Nm login +.Nm utility. .Sh FILES .Bl -tag -width /var/mail/userXXX -compact @@ -154,6 +155,8 @@ disallows logins login access control table .It Pa /var/run/utmp current logins +.It Pa /var/log/lastlog +last login account records .It Pa /var/log/wtmp login account records .It Pa /var/mail/user @@ -174,6 +177,6 @@ makes login quieter .Xr nologin 8 .Sh HISTORY A -.Nm login -appeared in +.Nm +utility appeared in .At v6 . diff --git a/usr.bin/login/login.access.5 b/usr.bin/login/login.access.5 index 201c185..80c9afa 100644 --- a/usr.bin/login/login.access.5 +++ b/usr.bin/login/login.access.5 @@ -4,15 +4,15 @@ .Os FreeBSD 1.2 .Sh NAME .Nm login.access -.Nd Login access control table +.Nd login access control table .Sh DESCRIPTION The -.Nm login.access +.Nm file specifies (user, host) combinations and/or (user, tty) combinations for which a login will be either accepted or refused. .Pp When someone logs in, the -.Nm login.access +.Nm is scanned for the first entry that matches the (user, host) combination, or, in case of non-networked logins, the first entry that matches the (user, tty) combination. The @@ -21,7 +21,7 @@ be accepted or refused. .Pp Each line of the login access control table has three fields separated by a ":" character: permission : users : origins - +.Pp The first field should be a "+" (access granted) or "-" (access denied) character. The second field should be a list of one or more login names, group names, or ALL (always matches). The third field should be a list @@ -30,9 +30,9 @@ names (begin with "."), host addresses, internet network numbers (end with "."), ALL (always matches) or LOCAL (matches any string that does not contain a "." character). If you run NIS you can use @netgroupname in host or user patterns. - +.Pp The EXCEPT operator makes it possible to write very compact rules. - +.Pp The group file is searched only when a name does not match that of the logged-in user. Only groups are matched in which users are explicitly listed: the program does not look at a user's primary group id value. @@ -40,7 +40,7 @@ listed: the program does not look at a user's primary group id value. .Bl -tag -width /etc/login.access -compact .It Pa /etc/login.access The -.Nm login.access +.Nm file resides in .Pa /etc . .El diff --git a/usr.bin/login/login.c b/usr.bin/login/login.c index 77edbbf..ec6ed39 100644 --- a/usr.bin/login/login.c +++ b/usr.bin/login/login.c @@ -38,7 +38,11 @@ static char copyright[] = #endif #ifndef lint +#if 0 static char sccsid[] = "@(#)login.c 8.4 (Berkeley) 4/2/94"; +#endif +static const char rcsid[] = + "$Id$"; #endif /* not lint */ /* @@ -113,6 +117,7 @@ int klogin __P((struct passwd *, char *, char *, char *)); #endif extern void login __P((struct utmp *)); +static void usage __P((void)); #define TTYGRPNAME "tty" /* name of group to own ttys */ #define DEFAULT_BACKOFF 3 @@ -226,9 +231,7 @@ main(argc, argv) default: if (!uid) syslog(LOG_ERR, "invalid flag %c", ch); - (void)fprintf(stderr, - "usage: login [-fp] [-h hostname] [username]\n"); - exit(1); + usage(); } argc -= optind; argv += optind; @@ -318,7 +321,8 @@ main(argc, argv) badlogin(tbuf); failures = 0; } - (void)strcpy(tbuf, username); + (void)strncpy(tbuf, username, sizeof tbuf-1); + tbuf[sizeof tbuf-1] = '\0'; if ((pwd = getpwnam(username)) != NULL) salt = pwd->pw_passwd; @@ -801,6 +805,12 @@ main(argc, argv) err(1, "%s", shell); } +static void +usage() +{ + (void)fprintf(stderr, "usage: login [-fp] [-h hostname] [username]\n"); + exit(1); +} /* * Allow for authentication style and/or kerberos instance |