CVS commit: src/usr.bin/login
Module Name:src Committed By: kamil Date: Sat Feb 8 13:44:35 UTC 2020 Modified Files: src/usr.bin/login: login_pam.c Log Message: Avoid use-after-free bug in PAM environment Traditional BSD putenv(3) was creating an internal copy of the passed argument. Unfortunately this was causing memory leaks and was changed by POSIX to not allocate. Adapt the putenv(3) usage to modern POSIX (and NetBSD) semantics. To generate a diff of this commit: cvs rdiff -u -r1.25 -r1.26 src/usr.bin/login/login_pam.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.bin/login/login_pam.c diff -u src/usr.bin/login/login_pam.c:1.25 src/usr.bin/login/login_pam.c:1.26 --- src/usr.bin/login/login_pam.c:1.25 Thu Oct 29 11:31:52 2015 +++ src/usr.bin/login/login_pam.c Sat Feb 8 13:44:35 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: login_pam.c,v 1.25 2015/10/29 11:31:52 shm Exp $ */ +/* $NetBSD: login_pam.c,v 1.26 2020/02/08 13:44:35 kamil Exp $ */ /*- * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994 @@ -39,7 +39,7 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 19 #if 0 static char sccsid[] = "@(#)login.c 8.4 (Berkeley) 4/2/94"; #endif -__RCSID("$NetBSD: login_pam.c,v 1.25 2015/10/29 11:31:52 shm Exp $"); +__RCSID("$NetBSD: login_pam.c,v 1.26 2020/02/08 13:44:35 kamil Exp $"); #endif /* not lint */ /* @@ -602,8 +602,8 @@ skip_auth: char **envitem; for (envitem = pamenv; *envitem; envitem++) { - putenv(*envitem); - free(*envitem); + if (putenv(*envitem) == -1) +free(*envitem); } free(pamenv);
CVS commit: src/usr.bin/login
Module Name:src Committed By: shm Date: Thu Oct 29 11:31:52 UTC 2015 Modified Files: src/usr.bin/login: login_pam.c Log Message: - Added error checks for initgroups(3) and setgroups(2). - Reorder functions in privilege regain - setgroups(2) should be called after seteuid(2). OK christos@ To generate a diff of this commit: cvs rdiff -u -r1.24 -r1.25 src/usr.bin/login/login_pam.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.bin/login/login_pam.c diff -u src/usr.bin/login/login_pam.c:1.24 src/usr.bin/login/login_pam.c:1.25 --- src/usr.bin/login/login_pam.c:1.24 Wed Nov 12 22:23:38 2014 +++ src/usr.bin/login/login_pam.c Thu Oct 29 11:31:52 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: login_pam.c,v 1.24 2014/11/12 22:23:38 aymeric Exp $ */ +/* $NetBSD: login_pam.c,v 1.25 2015/10/29 11:31:52 shm Exp $ */ /*- * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994 @@ -39,7 +39,7 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 19 #if 0 static char sccsid[] = "@(#)login.c 8.4 (Berkeley) 4/2/94"; #endif -__RCSID("$NetBSD: login_pam.c,v 1.24 2014/11/12 22:23:38 aymeric Exp $"); +__RCSID("$NetBSD: login_pam.c,v 1.25 2015/10/29 11:31:52 shm Exp $"); #endif /* not lint */ /* @@ -420,7 +420,11 @@ skip_auth: nsaved_gids = getgroups(NGROUPS_MAX, saved_gids); (void)setegid(pwd->pw_gid); - initgroups(username, pwd->pw_gid); + if (initgroups(username, pwd->pw_gid) == -1) { + syslog(LOG_ERR, "initgroups failed"); + pam_end(pamh, PAM_SUCCESS); + exit(EXIT_FAILURE); + } (void)seteuid(pwd->pw_uid); if (chdir(pwd->pw_dir) != 0) { @@ -446,9 +450,13 @@ skip_auth: } /* regain special privileges */ - setegid(saved_gid); - setgroups(nsaved_gids, saved_gids); - seteuid(saved_uid); + (void)setegid(saved_gid); + (void)seteuid(saved_uid); + if (setgroups(nsaved_gids, saved_gids) == -1) { + syslog(LOG_ERR, "setgroups failed: %m"); + pam_end(pamh, PAM_SUCCESS); + exit(EXIT_FAILURE); + } (void)getgrnam_r(TTYGRPNAME, , grbuf, sizeof(grbuf), ); (void)chown(ttyn, pwd->pw_uid,
CVS commit: src/usr.bin/login
Module Name:src Committed By: shm Date: Wed Oct 28 07:27:24 UTC 2015 Modified Files: src/usr.bin/login: common.c Log Message: Fixed off-by-one in decode_ss (CID 977426) To generate a diff of this commit: cvs rdiff -u -r1.7 -r1.8 src/usr.bin/login/common.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.bin/login/common.c diff -u src/usr.bin/login/common.c:1.7 src/usr.bin/login/common.c:1.8 --- src/usr.bin/login/common.c:1.7 Tue Oct 27 14:53:00 2015 +++ src/usr.bin/login/common.c Wed Oct 28 07:27:24 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: common.c,v 1.7 2015/10/27 14:53:00 shm Exp $ */ +/* $NetBSD: common.c,v 1.8 2015/10/28 07:27:24 shm Exp $ */ /*- * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994 @@ -29,7 +29,7 @@ * SUCH DAMAGE. */ #include -__RCSID("$NetBSD: common.c,v 1.7 2015/10/27 14:53:00 shm Exp $"); +__RCSID("$NetBSD: common.c,v 1.8 2015/10/28 07:27:24 shm Exp $"); #include #include @@ -390,7 +390,7 @@ decode_ss(const char *arg) if (len > sizeof(*ssp) * 4 + 1 || len < sizeof(*ssp)) errx(EXIT_FAILURE, "Bad argument"); - if ((ssp = malloc(len)) == NULL) + if ((ssp = malloc(len + 1)) == NULL) err(EXIT_FAILURE, NULL); if (strunvis((char *)ssp, arg) != sizeof(*ssp))
CVS commit: src/usr.bin/login
Module Name:src Committed By: shm Date: Tue Oct 27 14:53:00 UTC 2015 Modified Files: src/usr.bin/login: common.c Log Message: Added namelen initialization in getpeername(3) call (CID 979631) OK kamil@ To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/usr.bin/login/common.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.bin/login/common.c diff -u src/usr.bin/login/common.c:1.6 src/usr.bin/login/common.c:1.7 --- src/usr.bin/login/common.c:1.6 Sat May 19 00:02:44 2012 +++ src/usr.bin/login/common.c Tue Oct 27 14:53:00 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: common.c,v 1.6 2012/05/19 00:02:44 christos Exp $ */ +/* $NetBSD: common.c,v 1.7 2015/10/27 14:53:00 shm Exp $ */ /*- * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994 @@ -29,7 +29,7 @@ * SUCH DAMAGE. */ #include -__RCSID("$NetBSD: common.c,v 1.6 2012/05/19 00:02:44 christos Exp $"); +__RCSID("$NetBSD: common.c,v 1.7 2015/10/27 14:53:00 shm Exp $"); #include #include @@ -173,6 +173,7 @@ update_db(int quietlog, int rootlogin, i int remote; hname = (hostname == NULL) ? "?" : hostname; + alen = sizeof(ass); if (getpeername(STDIN_FILENO, (struct sockaddr *), ) != -1) { (void)sockaddr_snprintf(assbuf, sizeof(assbuf), "%A (%a)", (void *));
CVS commit: src/usr.bin/login
Module Name:src Committed By: aymeric Date: Wed Nov 12 22:23:38 UTC 2014 Modified Files: src/usr.bin/login: login.c login_pam.c Log Message: Remove the syslogging of a dial out login warning based on the tty name, because the test is sloppy and doesn't correspond to the current naming anyway. OK gdt@ PR#377 can remain closed. To generate a diff of this commit: cvs rdiff -u -r1.104 -r1.105 src/usr.bin/login/login.c cvs rdiff -u -r1.23 -r1.24 src/usr.bin/login/login_pam.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.bin/login/login.c diff -u src/usr.bin/login/login.c:1.104 src/usr.bin/login/login.c:1.105 --- src/usr.bin/login/login.c:1.104 Sun Mar 16 00:33:13 2014 +++ src/usr.bin/login/login.c Wed Nov 12 22:23:38 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: login.c,v 1.104 2014/03/16 00:33:13 dholland Exp $ */ +/* $NetBSD: login.c,v 1.105 2014/11/12 22:23:38 aymeric Exp $ */ /*- * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994 @@ -39,7 +39,7 @@ __COPYRIGHT(@(#) Copyright (c) 1980, 19 #if 0 static char sccsid[] = @(#)login.c 8.4 (Berkeley) 4/2/94; #endif -__RCSID($NetBSD: login.c,v 1.104 2014/03/16 00:33:13 dholland Exp $); +__RCSID($NetBSD: login.c,v 1.105 2014/11/12 22:23:38 aymeric Exp $); #endif /* not lint */ /* @@ -637,9 +637,6 @@ main(int argc, char *argv[]) (void)setenv(KRB5CCNAME, krb5tkfile_env, 1); #endif - if (tty[sizeof(tty)-1] == 'd') - syslog(LOG_INFO, DIALUP %s, %s, tty, pwd-pw_name); - /* If fflag is on, assume caller/authenticator has logged root login. */ if (rootlogin fflag == 0) { if (hostname) Index: src/usr.bin/login/login_pam.c diff -u src/usr.bin/login/login_pam.c:1.23 src/usr.bin/login/login_pam.c:1.24 --- src/usr.bin/login/login_pam.c:1.23 Fri Oct 18 20:47:06 2013 +++ src/usr.bin/login/login_pam.c Wed Nov 12 22:23:38 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: login_pam.c,v 1.23 2013/10/18 20:47:06 christos Exp $ */ +/* $NetBSD: login_pam.c,v 1.24 2014/11/12 22:23:38 aymeric Exp $ */ /*- * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994 @@ -39,7 +39,7 @@ __COPYRIGHT(@(#) Copyright (c) 1980, 19 #if 0 static char sccsid[] = @(#)login.c 8.4 (Berkeley) 4/2/94; #endif -__RCSID($NetBSD: login_pam.c,v 1.23 2013/10/18 20:47:06 christos Exp $); +__RCSID($NetBSD: login_pam.c,v 1.24 2014/11/12 22:23:38 aymeric Exp $); #endif /* not lint */ /* @@ -467,10 +467,6 @@ skip_auth: exit(EXIT_FAILURE); } - if (tty[sizeof(tty)-1] == 'd') - syslog(LOG_INFO, DIALUP %s, %s, tty, pwd-pw_name); - - /* * Establish groups */
CVS commit: src/usr.bin/login
Module Name:src Committed By: dholland Date: Sun Mar 16 00:33:13 UTC 2014 Modified Files: src/usr.bin/login: login.c Log Message: Fix gcc48 build without Kerberos. While here, rectify related bug where if gethostname() failed, login would null-terminate uninitialized stack trash and cheerfully pass it on to kerberos. In this case, revert to amnesiac instead. To generate a diff of this commit: cvs rdiff -u -r1.103 -r1.104 src/usr.bin/login/login.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.bin/login/login.c diff -u src/usr.bin/login/login.c:1.103 src/usr.bin/login/login.c:1.104 --- src/usr.bin/login/login.c:1.103 Sun Apr 29 01:26:56 2012 +++ src/usr.bin/login/login.c Sun Mar 16 00:33:13 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: login.c,v 1.103 2012/04/29 01:26:56 wiz Exp $ */ +/* $NetBSD: login.c,v 1.104 2014/03/16 00:33:13 dholland Exp $ */ /*- * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994 @@ -39,7 +39,7 @@ __COPYRIGHT(@(#) Copyright (c) 1980, 19 #if 0 static char sccsid[] = @(#)login.c 8.4 (Berkeley) 4/2/94; #endif -__RCSID($NetBSD: login.c,v 1.103 2012/04/29 01:26:56 wiz Exp $); +__RCSID($NetBSD: login.c,v 1.104 2014/03/16 00:33:13 dholland Exp $); #endif /* not lint */ /* @@ -138,11 +138,13 @@ main(int argc, char *argv[]) struct group *gr; struct stat st; int ask, ch, cnt, fflag, hflag, pflag, sflag, quietlog, rootlogin, rval; - int Fflag; uid_t uid, saved_uid; gid_t saved_gid, saved_gids[NGROUPS_MAX]; int nsaved_gids; - char *domain, *p, *ttyn; +#ifdef notdef + char *domain; +#endif + char *p, *ttyn; const char *pwprompt; char tbuf[MAXPATHLEN + 2], tname[sizeof(_PATH_TTY) + 10]; char localhost[MAXHOSTNAMELEN + 1]; @@ -152,6 +154,7 @@ main(int argc, char *argv[]) time_t pw_warntime = _PASSWORD_WARNDAYS * SECSPERDAY; char *loginname = NULL; #ifdef KERBEROS5 + int Fflag; krb5_error_code kerror; #endif #if defined(KERBEROS5) @@ -185,16 +188,19 @@ main(int argc, char *argv[]) *server address. * -s is used to force use of S/Key or equivalent. */ - domain = NULL; - if (gethostname(localhost, sizeof(localhost)) 0) + if (gethostname(localhost, sizeof(localhost)) 0) { syslog(LOG_ERR, couldn't get local hostname: %m); - else - domain = strchr(localhost, '.'); + strcpy(hostname, amnesiac); + } +#ifdef notdef + domain = strchr(localhost, '.'); +#endif localhost[sizeof(localhost) - 1] = '\0'; - Fflag = fflag = hflag = pflag = sflag = 0; + fflag = hflag = pflag = sflag = 0; have_ss = 0; #ifdef KERBEROS5 + Fflag = 0; have_forward = 0; #endif uid = getuid(); @@ -210,7 +216,9 @@ main(int argc, char *argv[]) #endif break; case 'F': +#ifdef KERBEROS5 Fflag = 1; +#endif /* FALLTHROUGH */ case 'f': fflag = 1;
CVS commit: src/usr.bin/login
Module Name:src Committed By: dholland Date: Sun Aug 11 06:32:13 UTC 2013 Modified Files: src/usr.bin/login: Makefile Log Message: Remove redundant WARNS=5. To generate a diff of this commit: cvs rdiff -u -r1.55 -r1.56 src/usr.bin/login/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.bin/login/Makefile diff -u src/usr.bin/login/Makefile:1.55 src/usr.bin/login/Makefile:1.56 --- src/usr.bin/login/Makefile:1.55 Tue Apr 24 16:52:26 2012 +++ src/usr.bin/login/Makefile Sun Aug 11 06:32:13 2013 @@ -1,8 +1,6 @@ -# $NetBSD: Makefile,v 1.55 2012/04/24 16:52:26 christos Exp $ +# $NetBSD: Makefile,v 1.56 2013/08/11 06:32:13 dholland Exp $ # @(#)Makefile 8.1 (Berkeley) 7/19/93 -WARNS?= 5 - .include bsd.own.mk USE_FORT?= yes # setuid
CVS commit: src/usr.bin/login
Module Name:src Committed By: christos Date: Sat May 19 00:02:44 UTC 2012 Modified Files: src/usr.bin/login: common.c common.h Log Message: - use __dead consistently. - more clang build. To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 src/usr.bin/login/common.c cvs rdiff -u -r1.3 -r1.4 src/usr.bin/login/common.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.bin/login/common.c diff -u src/usr.bin/login/common.c:1.5 src/usr.bin/login/common.c:1.6 --- src/usr.bin/login/common.c:1.5 Wed May 9 21:25:24 2012 +++ src/usr.bin/login/common.c Fri May 18 20:02:44 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: common.c,v 1.5 2012/05/10 01:25:24 christos Exp $ */ +/* $NetBSD: common.c,v 1.6 2012/05/19 00:02:44 christos Exp $ */ /*- * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994 @@ -29,7 +29,7 @@ * SUCH DAMAGE. */ #include sys/cdefs.h -__RCSID($NetBSD: common.c,v 1.5 2012/05/10 01:25:24 christos Exp $); +__RCSID($NetBSD: common.c,v 1.6 2012/05/19 00:02:44 christos Exp $); #include sys/types.h #include sys/param.h @@ -155,7 +155,7 @@ sigint(int signo) } /* ARGSUSED */ -void +void __dead timedout(int signo) { @@ -372,7 +372,7 @@ stypeof(const char *ttyid) return (ttyid (t = getttynam(ttyid)) ? t-ty_type : NULL); } -void +void __dead sleepexit(int eval) { Index: src/usr.bin/login/common.h diff -u src/usr.bin/login/common.h:1.3 src/usr.bin/login/common.h:1.4 --- src/usr.bin/login/common.h:1.3 Sat Apr 28 21:26:56 2012 +++ src/usr.bin/login/common.h Fri May 18 20:02:44 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: common.h,v 1.3 2012/04/29 01:26:56 wiz Exp $ */ +/* $NetBSD: common.h,v 1.4 2012/05/19 00:02:44 christos Exp $ */ /*- * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994 @@ -37,10 +37,10 @@ char *trimloginname(char *); char *getloginname(void); void motd(const char *); int rootterm(char *); -void sigint(int) __attribute__((__noreturn__)); -void sleepexit(int) __attribute__((__noreturn__)); +void __dead sigint(int); +void __dead sleepexit(int); const char *stypeof(const char *); -void timedout(int) __attribute__((__noreturn__)); +void __dead timedout(int); void decode_ss(const char *); extern u_int timeout;
CVS commit: src/usr.bin/login
Module Name:src Committed By: christos Date: Thu May 10 01:25:25 UTC 2012 Modified Files: src/usr.bin/login: common.c Log Message: dead for sigint To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/usr.bin/login/common.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.bin/login/common.c diff -u src/usr.bin/login/common.c:1.4 src/usr.bin/login/common.c:1.5 --- src/usr.bin/login/common.c:1.4 Sun Apr 22 19:26:19 2012 +++ src/usr.bin/login/common.c Wed May 9 21:25:24 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: common.c,v 1.4 2012/04/22 23:26:19 christos Exp $ */ +/* $NetBSD: common.c,v 1.5 2012/05/10 01:25:24 christos Exp $ */ /*- * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994 @@ -29,7 +29,7 @@ * SUCH DAMAGE. */ #include sys/cdefs.h -__RCSID($NetBSD: common.c,v 1.4 2012/04/22 23:26:19 christos Exp $); +__RCSID($NetBSD: common.c,v 1.5 2012/05/10 01:25:24 christos Exp $); #include sys/types.h #include sys/param.h @@ -147,7 +147,7 @@ motd(const char *fname) } /* ARGSUSED */ -void +void __dead sigint(int signo) {
CVS commit: src/usr.bin/login
Module Name:src Committed By: christos Date: Tue Apr 24 16:12:44 UTC 2012 Modified Files: src/usr.bin/login: k5login.c Log Message: move more of the compat code in the compat block. To generate a diff of this commit: cvs rdiff -u -r1.30 -r1.31 src/usr.bin/login/k5login.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.bin/login/k5login.c diff -u src/usr.bin/login/k5login.c:1.30 src/usr.bin/login/k5login.c:1.31 --- src/usr.bin/login/k5login.c:1.30 Mon Apr 23 16:57:04 2012 +++ src/usr.bin/login/k5login.c Tue Apr 24 12:12:44 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: k5login.c,v 1.30 2012/04/23 20:57:04 christos Exp $ */ +/* $NetBSD: k5login.c,v 1.31 2012/04/24 16:12:44 christos Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. @@ -51,7 +51,7 @@ #if 0 static char sccsid[] = @(#)klogin.c 5.11 (Berkeley) 7/12/92; #endif -__RCSID($NetBSD: k5login.c,v 1.30 2012/04/23 20:57:04 christos Exp $); +__RCSID($NetBSD: k5login.c,v 1.31 2012/04/24 16:12:44 christos Exp $); #endif /* not lint */ #ifdef KERBEROS5 @@ -81,7 +81,7 @@ extern int has_ccache; static char tkt_location[MAXPATHLEN]; static krb5_creds forw_creds; int have_forward; -static krb5_principal me, server; +static krb5_principal me; int k5_read_creds(char *); int k5_write_creds(void); @@ -332,9 +332,7 @@ k5login(struct passwd *pw, char *instanc { krb5_error_code kerror; krb5_creds my_creds; - krb5_timestamp now; krb5_ccache ccache = NULL; - long lifetime = KRB5_DEFAULT_LIFE; char *realm, *client_name; char *principal; @@ -401,7 +399,11 @@ k5login(struct passwd *pw, char *instanc return (1); } - memset((char *)my_creds, 0, sizeof(my_creds)); +#if 1 + krb5_principal server; + krb5_timestamp now; + long lifetime = KRB5_DEFAULT_LIFE; + memset(my_creds, 0, sizeof(my_creds)); my_creds.client = me; @@ -430,7 +432,6 @@ k5login(struct passwd *pw, char *instanc my_creds.times.endtime = now + lifetime; my_creds.times.renew_till = 0; -#if 1 int options = KRB5_DEFAULT_OPTIONS; if (login_krb5_forwardable_tgt) @@ -438,6 +439,9 @@ k5login(struct passwd *pw, char *instanc kerror = krb5_get_in_tkt_with_password(kcontext, options, NULL, NULL, NULL, password, ccache, my_creds, 0); + + if (my_creds.server != NULL) + krb5_free_principal(kcontext, my_creds.server); #else /* This does not work yet */ krb5_get_init_creds_opt *opt; @@ -455,9 +459,6 @@ k5login(struct passwd *pw, char *instanc krb5_get_init_creds_opt_free(kcontext, opt); #endif - if (my_creds.server != NULL) - krb5_free_principal(kcontext, my_creds.server); - if (chown(tkt_location[5], pw-pw_uid, pw-pw_gid) 0) syslog(LOG_ERR, chown tkfile (%s): %m, tkt_location[5]);
CVS commit: src/usr.bin/login
Module Name:src Committed By: christos Date: Tue Apr 24 16:51:19 UTC 2012 Modified Files: src/usr.bin/login: k5login.c Log Message: last commit before I nuke the old code. To generate a diff of this commit: cvs rdiff -u -r1.31 -r1.32 src/usr.bin/login/k5login.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.bin/login/k5login.c diff -u src/usr.bin/login/k5login.c:1.31 src/usr.bin/login/k5login.c:1.32 --- src/usr.bin/login/k5login.c:1.31 Tue Apr 24 12:12:44 2012 +++ src/usr.bin/login/k5login.c Tue Apr 24 12:51:19 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: k5login.c,v 1.31 2012/04/24 16:12:44 christos Exp $ */ +/* $NetBSD: k5login.c,v 1.32 2012/04/24 16:51:19 christos Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. @@ -51,7 +51,7 @@ #if 0 static char sccsid[] = @(#)klogin.c 5.11 (Berkeley) 7/12/92; #endif -__RCSID($NetBSD: k5login.c,v 1.31 2012/04/24 16:12:44 christos Exp $); +__RCSID($NetBSD: k5login.c,v 1.32 2012/04/24 16:51:19 christos Exp $); #endif /* not lint */ #ifdef KERBEROS5 @@ -399,11 +399,11 @@ k5login(struct passwd *pw, char *instanc return (1); } -#if 1 + memset(my_creds, 0, sizeof(my_creds)); +#if 0 krb5_principal server; krb5_timestamp now; long lifetime = KRB5_DEFAULT_LIFE; - memset(my_creds, 0, sizeof(my_creds)); my_creds.client = me; @@ -457,6 +457,8 @@ k5login(struct passwd *pw, char *instanc NULL, NULL, 0, NULL, opt); krb5_get_init_creds_opt_free(kcontext, opt); + if (kerror == 0) + kerror = krb5_cc_store_cred(kcontext, ccache, my_creds); #endif if (chown(tkt_location[5], pw-pw_uid, pw-pw_gid) 0)
CVS commit: src/usr.bin/login
Module Name:src Committed By: christos Date: Tue Apr 24 16:52:26 UTC 2012 Modified Files: src/usr.bin/login: Makefile k5login.c Log Message: no more KRB5_DEPRECATED To generate a diff of this commit: cvs rdiff -u -r1.54 -r1.55 src/usr.bin/login/Makefile cvs rdiff -u -r1.32 -r1.33 src/usr.bin/login/k5login.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.bin/login/Makefile diff -u src/usr.bin/login/Makefile:1.54 src/usr.bin/login/Makefile:1.55 --- src/usr.bin/login/Makefile:1.54 Mon Apr 23 16:54:40 2012 +++ src/usr.bin/login/Makefile Tue Apr 24 12:52:26 2012 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.54 2012/04/23 20:54:40 christos Exp $ +# $NetBSD: Makefile,v 1.55 2012/04/24 16:52:26 christos Exp $ # @(#)Makefile 8.1 (Berkeley) 7/19/93 WARNS?= 5 @@ -25,8 +25,6 @@ CPPFLAGS+=-DLOGIN_CAP -DSUPPORT_UTMP -DS .if (${USE_KERBEROS} != no) SRCS+= k5login.c CPPFLAGS+=-DKERBEROS5 -# XXX: for krb5_get_in_tkt_with_password -CPPFLAGS+=-DKRB5_DEPRECATED= DPADD+= ${LIBKRB5} ${LIBASN1} LDADD+= -lkrb5 -lasn1 Index: src/usr.bin/login/k5login.c diff -u src/usr.bin/login/k5login.c:1.32 src/usr.bin/login/k5login.c:1.33 --- src/usr.bin/login/k5login.c:1.32 Tue Apr 24 12:51:19 2012 +++ src/usr.bin/login/k5login.c Tue Apr 24 12:52:26 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: k5login.c,v 1.32 2012/04/24 16:51:19 christos Exp $ */ +/* $NetBSD: k5login.c,v 1.33 2012/04/24 16:52:26 christos Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. @@ -51,7 +51,7 @@ #if 0 static char sccsid[] = @(#)klogin.c 5.11 (Berkeley) 7/12/92; #endif -__RCSID($NetBSD: k5login.c,v 1.32 2012/04/24 16:51:19 christos Exp $); +__RCSID($NetBSD: k5login.c,v 1.33 2012/04/24 16:52:26 christos Exp $); #endif /* not lint */ #ifdef KERBEROS5 @@ -400,50 +400,6 @@ k5login(struct passwd *pw, char *instanc } memset(my_creds, 0, sizeof(my_creds)); -#if 0 - krb5_principal server; - krb5_timestamp now; - long lifetime = KRB5_DEFAULT_LIFE; - - my_creds.client = me; - - const char *xrealm = krb5_principal_get_realm(kcontext, me); - size_t rlen = strlen(xrealm); - if ((kerror = krb5_build_principal_ext(kcontext, - server, - rlen, xrealm, - KRB5_TGS_NAME_SIZE, - KRB5_TGS_NAME, - rlen, xrealm, - 0)) != 0) { - k5_log(kcontext, kerror, while building server name); - return (1); - } - - my_creds.server = server; - - if ((kerror = krb5_timeofday(kcontext, now)) != 0) { - k5_log(kcontext, kerror, while getting time of day); - return (1); - } - - my_creds.times.starttime = 0; /* start timer when request - gets to KDC */ - my_creds.times.endtime = now + lifetime; - my_creds.times.renew_till = 0; - - int options = KRB5_DEFAULT_OPTIONS; - - if (login_krb5_forwardable_tgt) - options |= KDC_OPT_FORWARDABLE; - - kerror = krb5_get_in_tkt_with_password(kcontext, options, - NULL, NULL, NULL, password, ccache, my_creds, 0); - - if (my_creds.server != NULL) - krb5_free_principal(kcontext, my_creds.server); -#else - /* This does not work yet */ krb5_get_init_creds_opt *opt; if ((kerror = krb5_get_init_creds_opt_alloc(kcontext, opt)) != 0) { @@ -459,7 +415,6 @@ k5login(struct passwd *pw, char *instanc krb5_get_init_creds_opt_free(kcontext, opt); if (kerror == 0) kerror = krb5_cc_store_cred(kcontext, ccache, my_creds); -#endif if (chown(tkt_location[5], pw-pw_uid, pw-pw_gid) 0) syslog(LOG_ERR, chown tkfile (%s): %m, tkt_location[5]);
CVS commit: src/usr.bin/login
Module Name:src Committed By: martin Date: Mon Apr 23 09:27:36 UTC 2012 Modified Files: src/usr.bin/login: login_pam.c Log Message: trimusername (which does not exist) probably was meant to be called trimloginname (which does exist, at least) To generate a diff of this commit: cvs rdiff -u -r1.21 -r1.22 src/usr.bin/login/login_pam.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.bin/login/login_pam.c diff -u src/usr.bin/login/login_pam.c:1.21 src/usr.bin/login/login_pam.c:1.22 --- src/usr.bin/login/login_pam.c:1.21 Sun Apr 22 23:26:19 2012 +++ src/usr.bin/login/login_pam.c Mon Apr 23 09:27:36 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: login_pam.c,v 1.21 2012/04/22 23:26:19 christos Exp $ */ +/* $NetBSD: login_pam.c,v 1.22 2012/04/23 09:27:36 martin Exp $ */ /*- * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994 @@ -39,7 +39,7 @@ __COPYRIGHT(@(#) Copyright (c) 1980, 19 #if 0 static char sccsid[] = @(#)login.c 8.4 (Berkeley) 4/2/94; #endif -__RCSID($NetBSD: login_pam.c,v 1.21 2012/04/22 23:26:19 christos Exp $); +__RCSID($NetBSD: login_pam.c,v 1.22 2012/04/23 09:27:36 martin Exp $); #endif /* not lint */ /* @@ -240,7 +240,7 @@ main(int argc, char *argv[]) for (cnt = 0;; ask = 1) { if (ask) { fflag = 0; - username = trimusername(getloginname()); + username = trimloginname(getloginname()); } rootlogin = 0; auth_passed = 0;
CVS commit: src/usr.bin/login
Module Name:src Committed By: christos Date: Mon Apr 23 15:07:02 UTC 2012 Modified Files: src/usr.bin/login: k5login.c Log Message: centralize error function processing. To generate a diff of this commit: cvs rdiff -u -r1.28 -r1.29 src/usr.bin/login/k5login.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.bin/login/k5login.c diff -u src/usr.bin/login/k5login.c:1.28 src/usr.bin/login/k5login.c:1.29 --- src/usr.bin/login/k5login.c:1.28 Sun Apr 22 19:26:19 2012 +++ src/usr.bin/login/k5login.c Mon Apr 23 11:07:02 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: k5login.c,v 1.28 2012/04/22 23:26:19 christos Exp $ */ +/* $NetBSD: k5login.c,v 1.29 2012/04/23 15:07:02 christos Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. @@ -51,7 +51,7 @@ #if 0 static char sccsid[] = @(#)klogin.c 5.11 (Berkeley) 7/12/92; #endif -__RCSID($NetBSD: k5login.c,v 1.28 2012/04/22 23:26:19 christos Exp $); +__RCSID($NetBSD: k5login.c,v 1.29 2012/04/23 15:07:02 christos Exp $); #endif /* not lint */ #ifdef KERBEROS5 @@ -89,6 +89,27 @@ int k5_verify_creds(krb5_context, krb5_c int k5login(struct passwd *, char *, char *, char *); void k5destroy(void); +static void __printflike(3, 4) +k5_log(krb5_context context, krb5_error_code kerror, const char *fmt, ...) +{ + const char *msg = krb5_get_error_message(context, kerror); + char *str; + va_list ap; + + va_start(ap, fmt); + if (vasprintf(str, fmt, ap) == -1) { + va_end(ap); + syslog(LOG_NOTICE, Cannot allocate memory for error %s: %s, + fmt, msg); + return; + } + va_end(ap); + + syslog(LOG_NOTICE, warning: %s: %s, str, msg); + krb5_free_error_message(kcontext, msg); + free(str); +} + /* * Verify the Kerberos ticket-granting ticket just retrieved for the * user. If the Kerberos server doesn't respond, assume the user is @@ -156,9 +177,7 @@ k5_verify_creds(krb5_context c, krb5_cca else if (kerror) { krb5_warn(kcontext, kerror, Unable to verify Kerberos V5 TGT: %s, phost); - const char *msg = krb5_get_error_message(kcontext, kerror); - syslog(LOG_NOTICE, Kerberos V5 TGT bad: %s, msg); - krb5_free_error_message(kcontext, msg); + k5_log(kcontext, kerror, Kerberos V5 TGT bad); retval = -1; goto EGRESS; } @@ -186,11 +205,9 @@ k5_verify_creds(krb5_context c, krb5_cca retval = -1; } krb5_warn(kcontext, kerror, Unable to verify host ticket); - const char *msg = krb5_get_error_message(kcontext, kerror); - syslog(LOG_NOTICE, can't verify v5 ticket: %s; %s\n, - msg, retval ? keytab found, assuming failure - : no keytab found, assuming success); - krb5_free_error_message(kcontext, msg); + k5_log(kcontext, kerror, can't verify v5 ticket (%s), + retval ? keytab found, assuming failure : + no keytab found, assuming success); goto EGRESS; } /* @@ -366,35 +383,24 @@ k5login(struct passwd *pw, char *instanc } if ((kerror = krb5_cc_resolve(kcontext, tkt_location, ccache)) != 0) { - const char *msg = krb5_get_error_message(kcontext, kerror); - syslog(LOG_NOTICE, warning: %s while getting default ccache, - msg); - krb5_free_error_message(kcontext, msg); + k5_log(kcontext, kerror, while getting default ccache); return (1); } if ((kerror = krb5_parse_name(kcontext, principal, me)) != 0) { - const char *msg = krb5_get_error_message(kcontext, kerror); - syslog(LOG_NOTICE, warning: %s when parsing name %s, msg, - principal); - krb5_free_error_message(kcontext, msg); + k5_log(kcontext, kerror, when parsing name %s, principal); return (1); } if ((kerror = krb5_unparse_name(kcontext, me, client_name)) != 0) { - const char *msg = krb5_get_error_message(kcontext, kerror); - syslog(LOG_NOTICE, warning: %s when unparsing name %s, - msg, principal); - krb5_free_error_message(kcontext, msg); + k5_log(kcontext, kerror, when unparsing name %s, principal); return (1); } kerror = krb5_cc_initialize(kcontext, ccache, me); if (kerror != 0) { - const char *msg = krb5_get_error_message(kcontext, kerror); - syslog(LOG_NOTICE, %s when initializing cache %s, - msg, tkt_location); - krb5_free_error_message(kcontext, msg); + k5_log(kcontext, kerror, when initializing cache %s, + tkt_location); return (1); } @@ -411,18 +417,14 @@ k5login(struct passwd *pw, char *instanc KRB5_TGS_NAME, rlen, xrealm, 0)) != 0) { - const char *msg = krb5_get_error_message(kcontext, kerror); - syslog(LOG_NOTICE, %s while building server name, msg); - krb5_free_error_message(kcontext, msg); + k5_log(kcontext, kerror, while building server name); return (1); } my_creds.server = server; if ((kerror = krb5_timeofday(kcontext, now)) != 0) { - const char *msg = krb5_get_error_message(kcontext, kerror); - syslog(LOG_NOTICE, %s while getting time of day, msg); - krb5_free_error_message(kcontext, msg); + k5_log(kcontext,
CVS commit: src/usr.bin/login
Module Name:src Committed By: christos Date: Mon Apr 23 18:27:15 UTC 2012 Modified Files: src/usr.bin/login: login.c Log Message: fix the USE_KERBEROS=no USE_PAM=no build. To generate a diff of this commit: cvs rdiff -u -r1.99 -r1.100 src/usr.bin/login/login.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.bin/login/login.c diff -u src/usr.bin/login/login.c:1.99 src/usr.bin/login/login.c:1.100 --- src/usr.bin/login/login.c:1.99 Sun Apr 22 19:26:19 2012 +++ src/usr.bin/login/login.c Mon Apr 23 14:27:15 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: login.c,v 1.99 2012/04/22 23:26:19 christos Exp $ */ +/* $NetBSD: login.c,v 1.100 2012/04/23 18:27:15 christos Exp $ */ /*- * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994 @@ -39,7 +39,7 @@ __COPYRIGHT(@(#) Copyright (c) 1980, 19 #if 0 static char sccsid[] = @(#)login.c 8.4 (Berkeley) 4/2/94; #endif -__RCSID($NetBSD: login.c,v 1.99 2012/04/22 23:26:19 christos Exp $); +__RCSID($NetBSD: login.c,v 1.100 2012/04/23 18:27:15 christos Exp $); #endif /* not lint */ /* @@ -119,13 +119,14 @@ static void usage(void); #if defined(KERBEROS5) int has_ccache = 0; static int notickets = 1; -static char *instance; extern krb5_context kcontext; extern int have_forward; extern char *krb5tkfile_env; extern int krb5_configured; #endif +static char *instance; + #if defined(KERBEROS5) #define KERBEROS_CONFIGURED krb5_configured #endif
CVS commit: src/usr.bin/login
Module Name:src Committed By: christos Date: Mon Apr 23 20:54:40 UTC 2012 Modified Files: src/usr.bin/login: Makefile Log Message: remove obsolete comment. To generate a diff of this commit: cvs rdiff -u -r1.53 -r1.54 src/usr.bin/login/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.bin/login/Makefile diff -u src/usr.bin/login/Makefile:1.53 src/usr.bin/login/Makefile:1.54 --- src/usr.bin/login/Makefile:1.53 Sun Apr 22 19:26:19 2012 +++ src/usr.bin/login/Makefile Mon Apr 23 16:54:40 2012 @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.53 2012/04/22 23:26:19 christos Exp $ +# $NetBSD: Makefile,v 1.54 2012/04/23 20:54:40 christos Exp $ # @(#)Makefile 8.1 (Berkeley) 7/19/93 -WARNS?= 5 # XXX -Wcast-qual issues +WARNS?= 5 .include bsd.own.mk
CVS commit: src/usr.bin/login
Module Name:src Committed By: christos Date: Mon Apr 23 20:57:04 UTC 2012 Modified Files: src/usr.bin/login: k5login.c login.c Log Message: make kerberos work again: 1. make notickets external 2. don't use the tty as part of the credential cache, since pts/1 will not work. 3. Attempt to use the newer functions, but punt for now since it does not work yet. To generate a diff of this commit: cvs rdiff -u -r1.29 -r1.30 src/usr.bin/login/k5login.c cvs rdiff -u -r1.100 -r1.101 src/usr.bin/login/login.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.bin/login/k5login.c diff -u src/usr.bin/login/k5login.c:1.29 src/usr.bin/login/k5login.c:1.30 --- src/usr.bin/login/k5login.c:1.29 Mon Apr 23 11:07:02 2012 +++ src/usr.bin/login/k5login.c Mon Apr 23 16:57:04 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: k5login.c,v 1.29 2012/04/23 15:07:02 christos Exp $ */ +/* $NetBSD: k5login.c,v 1.30 2012/04/23 20:57:04 christos Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. @@ -51,7 +51,7 @@ #if 0 static char sccsid[] = @(#)klogin.c 5.11 (Berkeley) 7/12/92; #endif -__RCSID($NetBSD: k5login.c,v 1.29 2012/04/23 15:07:02 christos Exp $); +__RCSID($NetBSD: k5login.c,v 1.30 2012/04/23 20:57:04 christos Exp $); #endif /* not lint */ #ifdef KERBEROS5 @@ -71,7 +71,7 @@ __RCSID($NetBSD: k5login.c,v 1.29 2012/ krb5_context kcontext; -int notickets; +extern int notickets; int krb5_configured; char *krb5tkfile_env; extern char *tty; @@ -335,14 +335,11 @@ k5login(struct passwd *pw, char *instanc krb5_timestamp now; krb5_ccache ccache = NULL; long lifetime = KRB5_DEFAULT_LIFE; - int options = KRB5_DEFAULT_OPTIONS; char *realm, *client_name; char *principal; krb5_configured = 1; - if (login_krb5_forwardable_tgt) - options |= KDC_OPT_FORWARDABLE; /* * Root logins don't use Kerberos. @@ -366,10 +363,10 @@ k5login(struct passwd *pw, char *instanc if (strcmp(instance, root) != 0) (void)snprintf(tkt_location, sizeof tkt_location, -FILE:/tmp/krb5cc_%d.%s, pw-pw_uid, tty); +FILE:/tmp/krb5cc_%d, pw-pw_uid); else (void)snprintf(tkt_location, sizeof tkt_location, -FILE:/tmp/krb5cc_root_%d.%s, pw-pw_uid, tty); +FILE:/tmp/krb5cc_root_%d, pw-pw_uid); krb5tkfile_env = tkt_location; has_ccache = 1; @@ -433,8 +430,30 @@ k5login(struct passwd *pw, char *instanc my_creds.times.endtime = now + lifetime; my_creds.times.renew_till = 0; +#if 1 + int options = KRB5_DEFAULT_OPTIONS; + + if (login_krb5_forwardable_tgt) + options |= KDC_OPT_FORWARDABLE; + kerror = krb5_get_in_tkt_with_password(kcontext, options, NULL, NULL, NULL, password, ccache, my_creds, 0); +#else + /* This does not work yet */ + krb5_get_init_creds_opt *opt; + + if ((kerror = krb5_get_init_creds_opt_alloc(kcontext, opt)) != 0) { + k5_log(kcontext, kerror, while getting options); + return (1); + } + if (login_krb5_forwardable_tgt) + krb5_get_init_creds_opt_set_forwardable(opt, 1); + +kerror = krb5_get_init_creds_password(kcontext, my_creds, me, password, + NULL, NULL, 0, NULL, opt); + + krb5_get_init_creds_opt_free(kcontext, opt); +#endif if (my_creds.server != NULL) krb5_free_principal(kcontext, my_creds.server); Index: src/usr.bin/login/login.c diff -u src/usr.bin/login/login.c:1.100 src/usr.bin/login/login.c:1.101 --- src/usr.bin/login/login.c:1.100 Mon Apr 23 14:27:15 2012 +++ src/usr.bin/login/login.c Mon Apr 23 16:57:04 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: login.c,v 1.100 2012/04/23 18:27:15 christos Exp $ */ +/* $NetBSD: login.c,v 1.101 2012/04/23 20:57:04 christos Exp $ */ /*- * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994 @@ -39,7 +39,7 @@ __COPYRIGHT(@(#) Copyright (c) 1980, 19 #if 0 static char sccsid[] = @(#)login.c 8.4 (Berkeley) 4/2/94; #endif -__RCSID($NetBSD: login.c,v 1.100 2012/04/23 18:27:15 christos Exp $); +__RCSID($NetBSD: login.c,v 1.101 2012/04/23 20:57:04 christos Exp $); #endif /* not lint */ /* @@ -118,7 +118,7 @@ static void usage(void); #if defined(KERBEROS5) int has_ccache = 0; -static int notickets = 1; +int notickets = 1; extern krb5_context kcontext; extern int have_forward; extern char *krb5tkfile_env;
CVS commit: src/usr.bin/login
Module Name:src Committed By: christos Date: Mon Apr 23 21:09:27 UTC 2012 Modified Files: src/usr.bin/login: login.c Log Message: don't abuse the instance variable To generate a diff of this commit: cvs rdiff -u -r1.101 -r1.102 src/usr.bin/login/login.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.bin/login/login.c diff -u src/usr.bin/login/login.c:1.101 src/usr.bin/login/login.c:1.102 --- src/usr.bin/login/login.c:1.101 Mon Apr 23 16:57:04 2012 +++ src/usr.bin/login/login.c Mon Apr 23 17:09:27 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: login.c,v 1.101 2012/04/23 20:57:04 christos Exp $ */ +/* $NetBSD: login.c,v 1.102 2012/04/23 21:09:27 christos Exp $ */ /*- * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994 @@ -39,7 +39,7 @@ __COPYRIGHT(@(#) Copyright (c) 1980, 19 #if 0 static char sccsid[] = @(#)login.c 8.4 (Berkeley) 4/2/94; #endif -__RCSID($NetBSD: login.c,v 1.101 2012/04/23 20:57:04 christos Exp $); +__RCSID($NetBSD: login.c,v 1.102 2012/04/23 21:09:27 christos Exp $); #endif /* not lint */ /* @@ -121,12 +121,11 @@ int has_ccache = 0; int notickets = 1; extern krb5_context kcontext; extern int have_forward; +static char *instance; extern char *krb5tkfile_env; extern int krb5_configured; #endif -static char *instance; - #if defined(KERBEROS5) #define KERBEROS_CONFIGURED krb5_configured #endif @@ -151,6 +150,7 @@ main(int argc, char *argv[]) int login_retries = DEFAULT_RETRIES, login_backoff = DEFAULT_BACKOFF; time_t pw_warntime = _PASSWORD_WARNDAYS * SECSPERDAY; + char *loginname = NULL; #ifdef KERBEROS5 krb5_error_code kerror; #endif @@ -243,7 +243,7 @@ main(int argc, char *argv[]) argv += optind; if (*argv) { - username = instance = *argv; + username = loginname = *argv; ask = 0; } else ask = 1; @@ -309,24 +309,22 @@ main(int argc, char *argv[]) #endif /* KERBEROS5 */ for (cnt = 0;; ask = 1) { - char *ptr; #if defined(KERBEROS5) if (login_krb5_get_tickets) k5destroy(); #endif if (ask) { fflag = 0; - instance = getloginname(); + loginname = getloginname(); } rootlogin = 0; - ptr = instance; #ifdef KERBEROS5 - if ((instance = strchr(instance, '/')) != NULL) + if ((instance = strchr(loginname, '/')) != NULL) *instance++ = '\0'; else instance = __UNCONST(); #endif - username = trimloginname(ptr); + username = trimloginname(loginname); /* * Note if trying multiple user names; log failures for * previous user name, but don't bother logging one failure
CVS commit: src/usr.bin/login
Module Name:src Committed By: christos Date: Sun Apr 22 23:26:19 UTC 2012 Modified Files: src/usr.bin/login: Makefile common.c common.h k5login.c login.c login_pam.c Log Message: make krb5 compile again. XXX: one function left that is deprecated, what's the new equivalent? To generate a diff of this commit: cvs rdiff -u -r1.52 -r1.53 src/usr.bin/login/Makefile cvs rdiff -u -r1.3 -r1.4 src/usr.bin/login/common.c cvs rdiff -u -r1.1 -r1.2 src/usr.bin/login/common.h cvs rdiff -u -r1.27 -r1.28 src/usr.bin/login/k5login.c cvs rdiff -u -r1.98 -r1.99 src/usr.bin/login/login.c cvs rdiff -u -r1.20 -r1.21 src/usr.bin/login/login_pam.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.bin/login/Makefile diff -u src/usr.bin/login/Makefile:1.52 src/usr.bin/login/Makefile:1.53 --- src/usr.bin/login/Makefile:1.52 Sun Apr 24 17:42:06 2011 +++ src/usr.bin/login/Makefile Sun Apr 22 19:26:19 2012 @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.52 2011/04/24 21:42:06 elric Exp $ +# $NetBSD: Makefile,v 1.53 2012/04/22 23:26:19 christos Exp $ # @(#)Makefile 8.1 (Berkeley) 7/19/93 -WARNS?= 2 # XXX -Wcast-qual issues +WARNS?= 5 # XXX -Wcast-qual issues .include bsd.own.mk @@ -25,6 +25,8 @@ CPPFLAGS+=-DLOGIN_CAP -DSUPPORT_UTMP -DS .if (${USE_KERBEROS} != no) SRCS+= k5login.c CPPFLAGS+=-DKERBEROS5 +# XXX: for krb5_get_in_tkt_with_password +CPPFLAGS+=-DKRB5_DEPRECATED= DPADD+= ${LIBKRB5} ${LIBASN1} LDADD+= -lkrb5 -lasn1 Index: src/usr.bin/login/common.c diff -u src/usr.bin/login/common.c:1.3 src/usr.bin/login/common.c:1.4 --- src/usr.bin/login/common.c:1.3 Tue Dec 29 15:15:15 2009 +++ src/usr.bin/login/common.c Sun Apr 22 19:26:19 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: common.c,v 1.3 2009/12/29 20:15:15 christos Exp $ */ +/* $NetBSD: common.c,v 1.4 2012/04/22 23:26:19 christos Exp $ */ /*- * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994 @@ -29,7 +29,7 @@ * SUCH DAMAGE. */ #include sys/cdefs.h -__RCSID($NetBSD: common.c,v 1.3 2009/12/29 20:15:15 christos Exp $); +__RCSID($NetBSD: common.c,v 1.4 2012/04/22 23:26:19 christos Exp $); #include sys/types.h #include sys/param.h @@ -77,11 +77,20 @@ u_int timeout = 300; void decode_ss(const char *); struct passwd *pwd; int failures, have_ss; -char term[64], *envinit[1], *hostname, *username, *tty, *nested; +char term[64], *envinit[1], *hostname, *tty, *nested; +const char *username; struct timeval now; struct sockaddr_storage ss; -void +char * +trimloginname(char *u) +{ + if (strlen(u) MAXLOGNAME) + u[MAXLOGNAME] = '\0'; + return u; +} + +char * getloginname(void) { int ch; @@ -104,8 +113,7 @@ getloginname(void) login names may not start with '-'.\n); else { *p = '\0'; -username = nbuf; -break; +return nbuf; } } } @@ -122,7 +130,7 @@ rootterm(char *ttyn) static jmp_buf motdinterrupt; void -motd(char *fname) +motd(const char *fname) { int fd, nchars; sig_t oldint; @@ -243,7 +251,7 @@ doutmpx(void) utmpx.ut_type = USER_PROCESS; utmpx.ut_pid = getpid(); t = tty + strlen(tty); - if (t - tty = sizeof(utmpx.ut_id)) { + if ((size_t)(t - tty) = sizeof(utmpx.ut_id)) { (void)strncpy(utmpx.ut_id, t - sizeof(utmpx.ut_id), sizeof(utmpx.ut_id)); } else { Index: src/usr.bin/login/common.h diff -u src/usr.bin/login/common.h:1.1 src/usr.bin/login/common.h:1.2 --- src/usr.bin/login/common.h:1.1 Tue Dec 29 14:26:13 2009 +++ src/usr.bin/login/common.h Sun Apr 22 19:26:19 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: common.h,v 1.1 2009/12/29 19:26:13 christos Exp $ */ +/* $NetBSD: common.h,v 1.2 2012/04/22 23:26:19 christos Exp $ */ /*- * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994 @@ -33,8 +33,9 @@ __BEGIN_DECLS void badlogin(const char *); void update_db(int, int, int); -void getloginname(void); -void motd(char *); +char *trimloginname(char *); +char *getloginname(void); +void motd(const char *); int rootterm(char *); void sigint(int); void sleepexit(int); @@ -45,7 +46,8 @@ void decode_ss(const char *); extern u_int timeout; extern struct passwd *pwd; extern int failures, have_ss; -extern char term[64], *envinit[1], *hostname, *username, *tty, *nested; +extern char term[64], *envinit[1], *hostname, *tty, *nested; +extern const char *username; extern struct timeval now; extern struct sockaddr_storage ss; extern const char copyrightstr[]; Index: src/usr.bin/login/k5login.c diff -u src/usr.bin/login/k5login.c:1.27 src/usr.bin/login/k5login.c:1.28 --- src/usr.bin/login/k5login.c:1.27 Thu Mar 23 18:33:28 2006 +++ src/usr.bin/login/k5login.c Sun Apr 22 19:26:19 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: k5login.c,v 1.27 2006/03/23 23:33:28 wiz Exp $ */ +/* $NetBSD: k5login.c,v 1.28 2012/04/22 23:26:19 christos Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. @@ -51,7 +51,7 @@ #if 0 static char sccsid[] = @(#)klogin.c 5.11 (Berkeley)
CVS commit: src/usr.bin/login
Module Name:src Committed By: christos Date: Tue Dec 29 20:15:15 UTC 2009 Modified Files: src/usr.bin/login: common.c Log Message: don't repeat the word login twice (syslog prepends the program name login:) To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/usr.bin/login/common.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.bin/login/common.c diff -u src/usr.bin/login/common.c:1.2 src/usr.bin/login/common.c:1.3 --- src/usr.bin/login/common.c:1.2 Tue Dec 29 14:27:43 2009 +++ src/usr.bin/login/common.c Tue Dec 29 15:15:15 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: common.c,v 1.2 2009/12/29 19:27:43 christos Exp $ */ +/* $NetBSD: common.c,v 1.3 2009/12/29 20:15:15 christos Exp $ */ /*- * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994 @@ -29,7 +29,7 @@ * SUCH DAMAGE. */ #include sys/cdefs.h -__RCSID($NetBSD: common.c,v 1.2 2009/12/29 19:27:43 christos Exp $); +__RCSID($NetBSD: common.c,v 1.3 2009/12/29 20:15:15 christos Exp $); #include sys/types.h #include sys/param.h @@ -200,17 +200,17 @@ username, tty); } else if (nested != NULL) { if (remote) - syslog(LOG_NOTICE, login %s to %s on tty %s from %s / + syslog(LOG_NOTICE, %s to %s on tty %s from %s / %s, nested, pwd-pw_name, tty, hname, assbuf); else - syslog(LOG_NOTICE, login %s to %s on tty %s, nested, + syslog(LOG_NOTICE, %s to %s on tty %s, nested, pwd-pw_name, tty); } else { if (remote) - syslog(LOG_NOTICE, login %s on tty %s from %s / %s, + syslog(LOG_NOTICE, %s on tty %s from %s / %s, pwd-pw_name, tty, hname, assbuf); else - syslog(LOG_NOTICE, login %s on tty %s, + syslog(LOG_NOTICE, %s on tty %s, pwd-pw_name, tty); } (void)gettimeofday(now, NULL);