summaryrefslogtreecommitdiffstats
path: root/usr.bin/login/login.c
Commit message (Collapse)AuthorAgeFilesLines
* Add a compile knob to avoid using PAM code (login will use standard Unixabial1999-01-191-1/+11
| | | | | | | authentication only). This comes handy when you're tight on space. Submitted by: mostly John Baldwin <jobaldwi@vt.edu> Reviewed by: John D. Polstra <jdp@polstra.com>
* Make the timeout handler log any failed logins, to make sure failedeivind1999-01-031-7/+17
| | | | logins get logged.
* ATTENTION: INSTALL "/etc/pam.conf" FROM "src/etc"!!!jdp1998-11-211-106/+145
| | | | | | | | Change login to use PAM for authentication. I kept the built-in passwd/NIS authentication support, to handle cases where the system is missing its "/etc/pam.conf" file. S/Key and KerberosIV authentication methods are removed from the login program, but still available in PAM modules.
* unifdef -DLOGIN_CAP. After almost 2 years, I think we can assumejdp1998-11-111-73/+2
| | | | | | it's here to stay. This code is starting to look almost reasonable again.
* Remove support for LOGIN_CAP_AUTH. It was never enabled, it wasjdp1998-11-111-125/+2
| | | | | | | | | not complete, and it hasn't been touched for 18 months. All the ifdefs obfuscate the code. I discussed the LOGIN_CAP_AUTH support with its author and he agreed that it is a dead end. I am bringing PAM into the tree within the next two weeks. It is much more flexible than LOGIN_CAP_AUTH, and will serve as a superior replacement for it.
* Fix a const-related compiler warning.jdp1998-11-111-2/+3
|
* Use KJH's auth.conf parser to turn on/off Kerberos in userland.markm1998-10-091-2/+9
|
* Remove hardcoded constant in favour of login.conf value.jkoshy1998-08-171-2/+2
| | | | | PR: 6529 Submitted by: Dan Lukes <dan@obluda.cz>
* Backed out rev.1.31. It was a workaround for bugs in rev.1.4 ofbde1998-07-311-5/+1
| | | | | | | | | | | | | | libc/gen/getpass.c. The old behaviour of blocking SIGINT and not changing SIGQUIT was restored in rev.1.5 of getpass.c. The change here completely restores the old behaviour of not supporting killing login with keyboard signals (only) at the password prompt. There is no reason to support this, since login can be exited normally by typing a couple of ^D's. Login certainly shouldn't dump core in response to user input. Previously, SIGQUIT killed login immediately but SIGINT killed it only after the password was entered. PR: 7444
* Fix a couple of little bugs that prevented login.c from compilingjdp1998-07-221-3/+3
| | | | | | | | if LOGIN_CAP_AUTH was defined. This is kind of silly, because LOGIN_CAP_AUTH doesn't work anyway, is not defined currently, probably will never be defined, and IMHO should not be defined. But I'm sure you'll sleep better tonight, knowing that these bugs are gone.
* Trim a domain part for wtmp as same as showed by "netstat -r".amurai1998-06-011-1/+5
| | | | | | | | | | | | | Here is a some example for avoiding a confusion. It asssumes a logged host domain is "spec.co.jp". All example is longer than UT_HOSTNAMELEN value. 1) turbo.tama.spec.co.jp: 192.19.0.2 -> trubo.tama 2) turbo.tama.foo.co.jp : 192.19.0.2 -> 192.19.0.2 3) specgw.spec.co.jp : 202.32.13.1 -> specgw Submitted by: Atsushi Murai <amurai@spec.co.jp>
* *blush*, typo during last minute editing..peter1998-04-301-2/+2
|
* Change euid while reading the user's .login_cap file in case the homedirpeter1998-04-301-2/+8
| | | | | | | | | is on a NFS partion without root read access. Also, flip euid again for the duration of the chdir() to the homedir for the same reason. PR: 5145 Submitted by: Joel.Faedi@esial.u-nancy.fr Also tested by: A Joseph Koshy <koshy@india.hp.com>
* Fix very rare but dangerous bug:ache1998-02-131-1/+3
| | | | | | | | | | | for some DES passwords crypt(real_password, salt) is equal to crypt("", salt); It means that this user (and not only he) can login without entering password at all, just pressing Return. So if empty password entered and crypted password is not empty, invalidate any crypt result by assigning ":"
* Reset SGINT and SIGQUIT handling to default when asking for passwords.guido1998-02-051-1/+5
| | | | | | | | | Otherwise, when pressing the INT ke at the password prompt, the password will be displayed. Now login will be killed. Probably the same will have to be done for the LOGIN_CAP_AUTH case. I have not done that. Reviewed by: Joerg Wunsch
* Fix a fatal typo.joerg1997-10-191-2/+2
| | | | | PR: bin/4801 Submitted by: mishania@demos.su (Mikhail A. Sokolov)
* Changes for KTH KerberosIV.markm1997-09-281-1/+2
| | | | Also quieten -Wall a bit.
* = -> ==, strcpy -> strncpy from OpenBSD.charnier1997-07-221-4/+14
| | | | | update man page. Add usage(). Obtained from: OpenBSD
* Restore backwards compatible default behavior for requirehomepst1997-05-231-1/+1
|
* login_getclass() -> login_getpwclass().davidn1997-05-101-2/+2
| | | | auth_rmfiles() was being called in error without LOGIN_CAP_AUTH defined.
* Use isdialuptty() rather than hard-coded heuristic.davidn1997-04-131-1/+1
|
* Submitted by: Sergei Chechetkin <csl@whale.sunbay.crimea.ua>davidn1997-04-011-2/+1
| | | | Fix incorrect bracket nesting. Closes PR#3144.
* compare return value from getopt against -1 rather than EOF, per the finalimp1997-03-291-1/+1
| | | | posix standard on the topic.
* Fix for logic in no-password accounts.davidn1997-03-271-1/+1
|
* Don't bypass password prompt for root logins on insecure tty ifdavidn1997-03-251-3/+5
| | | | the root password is empty.
* strdup() value of term to correctly preserve contents.davidn1997-03-241-11/+9
| | | | | Rearrange validation logic so that it works correctly when compiled with kerberos support. Closes PR#3056.
* Submitted by: Paul Traina <root@shockwave.com> (partially)davidn1997-03-181-153/+243
| | | | | | | | | | | | | | | | | | Cleanup of #ifdef's for LOGIN_CAP. Fixed bug in empty shell (closes PR#2550). Refused root logins now displays standard "Login incorrect" and exhibits identical backoff behaviour to a failed login. Cleaned up logging of refused logins. Use #defines for login retries and backoff. Also implemented definable variables if LOGIN_CAP is defined, with "login-retries" and "login-backoff" as capabilities in the default class (closes PR#2805). TERM from previous environment is no longer truncated.
* Include copyright message from <sys/copyright.h>wosch1997-03-011-5/+4
|
* Back out "shell" / pw_shell change, I was confused by the sameache1997-02-271-4/+7
| | | | variable name (with different functionality)
* Fix few bogons with pw_shell / shell variables values mismatchache1997-02-271-7/+4
| | | | introduced by LOGIN_CAP
* Don't dereference NULL pwd on non-existant username (I wonder how longjkh1997-01-221-1/+2
| | | | THAT has been in here!).
* Fix handling of empty shell field in passwd file (use /bin/sh); problemdavidn1997-01-221-1/+4
| | | | | was caused by introduction of login classes. Closes PR bin/2550. Added references to login.conf to manpage, crossreference to login.conf(5).
* Makes login login_cap-savvy.davidn1997-01-111-152/+365
| | | | | | | | | | Note that LOGIN_CAP_AUTH code (login authentication) is not (yet) enabled and requires /usr/libexec/login_<style> authentication program support to be added at a later date. The Makefile contains a macro LC_AUTH to turn it on and prevent unnecessarily linking against skey/krb libs and the addition of klogin.c module. All other aspects of login_cap support are fully functional.
* Write numerical address instead of hostname for hostnames > UT_HOSTSIZEache1996-06-171-7/+21
| | | | to keep valid information in utmp and lastlog
* Delete bogus referneces to timezone code internal header file `tzfile.h',wollman1995-08-071-3/+2
| | | | which is no longer bogusly installed in /usr/include.
* Remove trailing whitespace.rgrimes1995-05-301-2/+2
|
* Fix spelling error that keeps this from compiling with KERBEROS & SKEYrgrimes1995-04-161-1/+1
| | | | | | defined. Submitted by: Mark Murray <mark@grondar.za>
* Disallow Kerberos when S/Key is required. Fixes PR #339.wollman1995-04-131-0/+11
| | | | Submitted by: Paul Traina <pst@Shockwave.com>
* Modify klogin to:wollman1995-01-141-1/+2
| | | | | | | | | | 1) Don't spit out an error message if Kerberos is installed but not yet set up. 2) Don't attempt to verify the ticket you got back, as workstations are not intended to have srvtab files of their own. Both behaviors can be re-enabled with KLOGIN_PARANOID.
* Patch of password expired bug.ugen1994-11-301-26/+11
| | | | | | Now password changed for right user and no longer possible to skip password change. I hope it will be ok....
* Include most of the logdaemon v4.4 S/key changespst1994-10-191-2/+6
|
* Install support for skey and login.accesspst1994-09-291-9/+59
|
* Problem:jkh1994-09-071-1/+27
| | | | | | | | | | | | | | | Accounts that have "pw_change" set, are supposed to change their passwords by the date specified in "pw_change". If they have not changed their passwords by that date, currently they get "LOCKED OUT" of the system. This is not the correct behavior, the user should be prompt (forced?) to change their password at this time. If the behavior of "pw_change" was meant to be a LOCKOUT, then you should use "pw_expire". Solution: Instead of locking out the user, prompt them to change their password. Reviewed by: jkh Submitted by: rls
* Implemnet fbtab ala SunOS (thanks to WZV, see login_fbtab.c)guido1994-08-221-0/+8
| | | | | Reviewed by: Submitted by: guido
* BSD 4.4 Lite Usr.bin Sourcesrgrimes1994-05-271-0/+594
OpenPOWER on IntegriCloud