Since we expect the entry to still be valid after calling into PAM,
which may call getpwnam() itself, we need to use getpwnam_r().
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: kevans, imp, allanjude, markj
Differential Revision: https://reviews.freebsd.org/D43376
Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.
Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/
Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/
Remove /\n+#if.*\n#endif.*\n+/
Remove /^#if.*\n#endif.*\n/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/
Sponsored by: Netflix
Remove ancient SCCS tags from the tree, automated scripting, with two
minor fixup to keep things compiling. All the common forms in the tree
were removed with a perl script.
Sponsored by: Netflix
I was debugging why login(1) wasn't working as expected on a minimal
MFS_ROOT disk image. This image doesn't have syslogd running so the
warnings were lost and I had to use GDB to find out why login(1) was
failing (missing PAM libraries) instead of being able to see it in
the console output.
MFC after: 1 week
Reviewed By: pfg
Differential Revision: https://reviews.freebsd.org/D30892
When exporting a variable we correctly check all the preconditions that
could make setenv(3) fail. Checking the setenv(3) return value seems
redundant, but given that login(1) is critical, it doesn't hurt to have
a post-check.
This change is based on the "Principles of Secure Coding" course by
Matthew Bishop, PhD., which specifically discusses this code in FreeBSD.
(This change redoes r368776 due to a silly mistake)
When exporting a variable we correctly check all the preconditions that
could make setenv(3) fail. Checking the setenv(3) return value seems
redundant, but given that login(1) is critical, it doesn't hurt to have
a post-check.
This change is based on the "Principles of Secure Coding" course by
Matthew Bishop, PhD., which specifically discusses this code in FreeBSD.
Differential Revision: https://reviews.freebsd.org/D26966
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
Initially, only tag files that use BSD 4-Clause "Original" license.
RelNotes: yes
Differential Revision: https://reviews.freebsd.org/D13133
For 10 years, the "DIALUP <tty>, <user>" message has required having a
hostname (-h) instead of not having a hostname; therefore, it is never
logged. Given that dialup is obsolete and this has not been fixed, remove
the log message.
Note that LOGALL, which is defined by default, logs a message for all
logins, including dialup logins.
This avoids leaving stale entries in utmpx after the connection is closed on
an open login session. It also allows a clean way (SIGTERM) to forcibly
terminate a user's terminal session.
This does not affect the situation for "hung" processes after the connection
is closed. The foreground process group receives SIGHUP and the tty becomes
inaccessible.
Also replace all use of the obsolete signal() function with sigaction() (not
only the part where it is actually required: SIGHUP and SIGTERM must mask
the other as well when caught).
PR: misc/183495
Reviewed by: ed
It is not clear to what this copyright should apply, and this is in line
with what other operating systems do.
For ssh specifically, printing of the copyright string is not in the
upstream version so this reduces our FreeBSD-local diffs.
Approved by: core, des (ssh)
We've seen this bug in other applications before: we have some
applications that use strrchr(tty, '/') on the TTY device name. This
isn't valid when using pts(4), because the device name will be stripped
to "0" instead of "pts/0".
This fixes issues with login(1) ignoring /etc/ttys and missing utmp
records.
Reported by: Barney Cordoba <barney_cordoba yahoo com>
Reviewed by: rwatson
setenv(3) by tracking the size of the memory allocated instead of using
strlen() on the current value.
Convert all calls to POSIX from historic BSD API:
- unsetenv returns an int.
- putenv takes a char * instead of const char *.
- putenv no longer makes a copy of the input string.
- errno is set appropriately for POSIX. Exceptions involve bad environ
variable and internal initialization code. These both set errno to
EFAULT.
Several patches to base utilities to handle the POSIX changes from
Andrey Chernov's previous commit. A few I re-wrote to use setenv()
instead of putenv().
New regression module for tools/regression/environ to test these
functions. It also can be used to test the performance.
Bump __FreeBSD_version to 700050 due to API change.
PR: kern/99826
Approved by: wes
Approved by: re (kensmith)
Not because I admit they are technically wrong and not because of bug
reports (I receive nothing). But because I surprisingly meets so
strong opposition and resistance so lost any desire to continue that.
Anyone who interested in POSIX can dig out what changes and how
through cvs diffs.
dereference it.
This will happen if we ^D at the Login: prompt without having provided a
valid login before.
Set pwd to NULL on bad login attempts to prevent audit_logout() from being
called for a user which didn't actually log on.
Reported by: Jerome Magnin jethro at docisland dot org
events. The specifics of submitting the records is contained within
login_audit.c.
Document the auditing behavior in the man page.
Obtained from: TrustedBSD Project, Apple Computer, Inc.
Approved by: rwatson (mentor)
"login_prompt". This makes more sense than "prompt" which is what
login actually used, so change the code to match the documentation.
PR: docs/51396
MFC in: 3 days
it complains that it can't do it because the filesystem is readonly.
Assume that when the user has a readonly /dev that they don't care if
login can't change the permissions/flags. While this does break a few
things like msgs, we'll assume that the user setting up the read only
system knows what they are doing.
All this change does is to stop the complaint when the file system is
read only. It also adds comments as to why EROFS and EOPNOTSUPP are
ignored.
This allows one to have a read-only / w/o a /dev MFS and have a
relatively warning-free existence. /etc/rc still complains when it
can't chown/chflags/chmod things, but that's easy to ignore/tweak.
Reviewed by: roberto, phk
Sponsored by: Timing Solutions
applications linked with Linux-PAM will still work.
Remove pam_get_pass(); OpenPAM has pam_get_authtok().
Remove pam_prompt(); OpenPAM has pam_{,v}{error,info,prompt}().
Remove pam_set_item(3) man page as OpenPAM has its own.
Sponsored by: DARPA, NAI Labs
