Module Name: src
Committed By: riz
Date: Mon May 7 16:24:07 UTC 2012
Modified Files:
src/usr.bin/login [netbsd-6]: Makefile common.c common.h k5login.c
login.c login_pam.c
Log Message:
Pull up following revision(s) (requested by christos in ticket #215):
usr.bin/login/login.c: revision 1.100
usr.bin/login/login.c: revision 1.101
usr.bin/login/login.c: revision 1.102
usr.bin/login/common.c: revision 1.4
usr.bin/login/common.h: revision 1.2
usr.bin/login/k5login.c: revision 1.28
usr.bin/login/k5login.c: revision 1.29
usr.bin/login/login.c: revision 1.99
usr.bin/login/login_pam.c: revision 1.21
usr.bin/login/Makefile: revision 1.53
usr.bin/login/Makefile: revision 1.54
usr.bin/login/Makefile: revision 1.55
usr.bin/login/k5login.c: revision 1.30
usr.bin/login/k5login.c: revision 1.31
usr.bin/login/k5login.c: revision 1.32
usr.bin/login/k5login.c: revision 1.33
make krb5 compile again. XXX: one function left that is deprecated, what's
the new equivalent?
centralize error function processing.
fix the USE_KERBEROS=no USE_PAM=no build.
remove obsolete comment.
make kerberos work again:
1. make notickets external
2. don't use the tty as part of the credential cache, since pts/1 will not work.
3. Attempt to use the newer functions, but punt for now since it does not work
yet.
don't abuse the instance variable
move more of the compat code in the compat block.
last commit before I nuke the old code.
no more KRB5_DEPRECATED
To generate a diff of this commit:
cvs rdiff -u -r1.52 -r1.52.6.1 src/usr.bin/login/Makefile
cvs rdiff -u -r1.3 -r1.3.8.1 src/usr.bin/login/common.c
cvs rdiff -u -r1.1 -r1.1.8.1 src/usr.bin/login/common.h
cvs rdiff -u -r1.27 -r1.27.46.1 src/usr.bin/login/k5login.c
cvs rdiff -u -r1.98 -r1.98.4.1 src/usr.bin/login/login.c
cvs rdiff -u -r1.20 -r1.20.8.1 src/usr.bin/login/login_pam.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.bin/login/Makefile
diff -u src/usr.bin/login/Makefile:1.52 src/usr.bin/login/Makefile:1.52.6.1
--- src/usr.bin/login/Makefile:1.52 Sun Apr 24 21:42:06 2011
+++ src/usr.bin/login/Makefile Mon May 7 16:24:07 2012
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.52 2011/04/24 21:42:06 elric Exp $
+# $NetBSD: Makefile,v 1.52.6.1 2012/05/07 16:24:07 riz Exp $
# @(#)Makefile 8.1 (Berkeley) 7/19/93
-WARNS?= 2 # XXX -Wcast-qual issues
+WARNS?= 5
.include <bsd.own.mk>
Index: src/usr.bin/login/common.c
diff -u src/usr.bin/login/common.c:1.3 src/usr.bin/login/common.c:1.3.8.1
--- src/usr.bin/login/common.c:1.3 Tue Dec 29 20:15:15 2009
+++ src/usr.bin/login/common.c Mon May 7 16:24:07 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: common.c,v 1.3 2009/12/29 20:15:15 christos Exp $ */
+/* $NetBSD: common.c,v 1.3.8.1 2012/05/07 16:24:07 riz Exp $ */
/*-
* Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
@@ -29,7 +29,7 @@
* SUCH DAMAGE.
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: common.c,v 1.3 2009/12/29 20:15:15 christos Exp $");
+__RCSID("$NetBSD: common.c,v 1.3.8.1 2012/05/07 16:24:07 riz Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -77,11 +77,20 @@ u_int timeout = 300;
void decode_ss(const char *);
struct passwd *pwd;
int failures, have_ss;
-char term[64], *envinit[1], *hostname, *username, *tty, *nested;
+char term[64], *envinit[1], *hostname, *tty, *nested;
+const char *username;
struct timeval now;
struct sockaddr_storage ss;
-void
+char *
+trimloginname(char *u)
+{
+ if (strlen(u) > MAXLOGNAME)
+ u[MAXLOGNAME] = '\0';
+ return u;
+}
+
+char *
getloginname(void)
{
int ch;
@@ -104,8 +113,7 @@ getloginname(void)
"login names may not start with '-'.\n");
else {
*p = '\0';
- username = nbuf;
- break;
+ return nbuf;
}
}
}
@@ -122,7 +130,7 @@ rootterm(char *ttyn)
static jmp_buf motdinterrupt;
void
-motd(char *fname)
+motd(const char *fname)
{
int fd, nchars;
sig_t oldint;
@@ -243,7 +251,7 @@ doutmpx(void)
utmpx.ut_type = USER_PROCESS;
utmpx.ut_pid = getpid();
t = tty + strlen(tty);
- if (t - tty >= sizeof(utmpx.ut_id)) {
+ if ((size_t)(t - tty) >= sizeof(utmpx.ut_id)) {
(void)strncpy(utmpx.ut_id, t - sizeof(utmpx.ut_id),
sizeof(utmpx.ut_id));
} else {
Index: src/usr.bin/login/common.h
diff -u src/usr.bin/login/common.h:1.1 src/usr.bin/login/common.h:1.1.8.1
--- src/usr.bin/login/common.h:1.1 Tue Dec 29 19:26:13 2009
+++ src/usr.bin/login/common.h Mon May 7 16:24:07 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: common.h,v 1.1 2009/12/29 19:26:13 christos Exp $ */
+/* $NetBSD: common.h,v 1.1.8.1 2012/05/07 16:24:07 riz Exp $ */
/*-
* Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
@@ -33,8 +33,9 @@ __BEGIN_DECLS
void badlogin(const char *);
void update_db(int, int, int);
-void getloginname(void);
-void motd(char *);
+char *trimloginname(char *);
+char *getloginname(void);
+void motd(const char *);
int rootterm(char *);
void sigint(int);
void sleepexit(int);
@@ -45,7 +46,8 @@ void decode_ss(const char *);
extern u_int timeout;
extern struct passwd *pwd;
extern int failures, have_ss;
-extern char term[64], *envinit[1], *hostname, *username, *tty, *nested;
+extern char term[64], *envinit[1], *hostname, *tty, *nested;
+extern const char *username;
extern struct timeval now;
extern struct sockaddr_storage ss;
extern const char copyrightstr[];
Index: src/usr.bin/login/k5login.c
diff -u src/usr.bin/login/k5login.c:1.27 src/usr.bin/login/k5login.c:1.27.46.1
--- src/usr.bin/login/k5login.c:1.27 Thu Mar 23 23:33:28 2006
+++ src/usr.bin/login/k5login.c Mon May 7 16:24:07 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: k5login.c,v 1.27 2006/03/23 23:33:28 wiz Exp $ */
+/* $NetBSD: k5login.c,v 1.27.46.1 2012/05/07 16:24:07 riz Exp $ */
/*-
* Copyright (c) 1990 The Regents of the University of California.
@@ -51,7 +51,7 @@
#if 0
static char sccsid[] = "@(#)klogin.c 5.11 (Berkeley) 7/12/92";
#endif
-__RCSID("$NetBSD: k5login.c,v 1.27 2006/03/23 23:33:28 wiz Exp $");
+__RCSID("$NetBSD: k5login.c,v 1.27.46.1 2012/05/07 16:24:07 riz Exp $");
#endif /* not lint */
#ifdef KERBEROS5
@@ -71,7 +71,7 @@ __RCSID("$NetBSD: k5login.c,v 1.27 2006/
krb5_context kcontext;
-int notickets;
+extern int notickets;
int krb5_configured;
char *krb5tkfile_env;
extern char *tty;
@@ -81,7 +81,7 @@ extern int has_ccache;
static char tkt_location[MAXPATHLEN];
static krb5_creds forw_creds;
int have_forward;
-static krb5_principal me, server;
+static krb5_principal me;
int k5_read_creds(char *);
int k5_write_creds(void);
@@ -89,12 +89,26 @@ int k5_verify_creds(krb5_context, krb5_c
int k5login(struct passwd *, char *, char *, char *);
void k5destroy(void);
-#ifndef krb5_realm_length
-#define krb5_realm_length(r) ((r).length)
-#endif
-#ifndef krb5_realm_data
-#define krb5_realm_data(r) ((r).data)
-#endif
+static void __printflike(3, 4)
+k5_log(krb5_context context, krb5_error_code kerror, const char *fmt, ...)
+{
+ const char *msg = krb5_get_error_message(context, kerror);
+ char *str;
+ va_list ap;
+
+ va_start(ap, fmt);
+ if (vasprintf(&str, fmt, ap) == -1) {
+ va_end(ap);
+ syslog(LOG_NOTICE, "Cannot allocate memory for error %s: %s",
+ fmt, msg);
+ return;
+ }
+ va_end(ap);
+
+ syslog(LOG_NOTICE, "warning: %s: %s", str, msg);
+ krb5_free_error_message(kcontext, msg);
+ free(str);
+}
/*
* Verify the Kerberos ticket-granting ticket just retrieved for the
@@ -163,8 +177,7 @@ k5_verify_creds(krb5_context c, krb5_cca
else if (kerror) {
krb5_warn(kcontext, kerror,
"Unable to verify Kerberos V5 TGT: %s", phost);
- syslog(LOG_NOTICE, "Kerberos V5 TGT bad: %s",
- krb5_get_err_text(kcontext, kerror));
+ k5_log(kcontext, kerror, "Kerberos V5 TGT bad");
retval = -1;
goto EGRESS;
}
@@ -192,11 +205,9 @@ k5_verify_creds(krb5_context c, krb5_cca
retval = -1;
}
krb5_warn(kcontext, kerror, "Unable to verify host ticket");
- syslog(LOG_NOTICE, "can't verify v5 ticket: %s; %s\n",
- krb5_get_err_text(kcontext, kerror),
- retval
- ? "keytab found, assuming failure"
- : "no keytab found, assuming success");
+ k5_log(kcontext, kerror, "can't verify v5 ticket (%s)",
+ retval ? "keytab found, assuming failure" :
+ "no keytab found, assuming success");
goto EGRESS;
}
/*
@@ -243,13 +254,13 @@ k5_read_creds(char *username)
}
mcreds.client = me;
+ const char *realm = krb5_principal_get_realm(kcontext, me);
+ size_t rlen = strlen(realm);
kerror = krb5_build_principal_ext(kcontext, &mcreds.server,
- krb5_realm_length(*krb5_princ_realm(kcontext, me)),
- krb5_realm_data(*krb5_princ_realm(kcontext, me)),
+ rlen, realm,
KRB5_TGS_NAME_SIZE,
KRB5_TGS_NAME,
- krb5_realm_length(*krb5_princ_realm(kcontext, me)),
- krb5_realm_data(*krb5_princ_realm(kcontext, me)),
+ rlen, realm,
0);
if (kerror) {
krb5_warn(kcontext, kerror, "while building server name");
@@ -321,17 +332,12 @@ k5login(struct passwd *pw, char *instanc
{
krb5_error_code kerror;
krb5_creds my_creds;
- krb5_timestamp now;
krb5_ccache ccache = NULL;
- long lifetime = KRB5_DEFAULT_LIFE;
- int options = KRB5_DEFAULT_OPTIONS;
char *realm, *client_name;
char *principal;
krb5_configured = 1;
- if (login_krb5_forwardable_tgt)
- options |= KDC_OPT_FORWARDABLE;
/*
* Root logins don't use Kerberos.
@@ -355,10 +361,10 @@ k5login(struct passwd *pw, char *instanc
if (strcmp(instance, "root") != 0)
(void)snprintf(tkt_location, sizeof tkt_location,
- "FILE:/tmp/krb5cc_%d.%s", pw->pw_uid, tty);
+ "FILE:/tmp/krb5cc_%d", pw->pw_uid);
else
(void)snprintf(tkt_location, sizeof tkt_location,
- "FILE:/tmp/krb5cc_root_%d.%s", pw->pw_uid, tty);
+ "FILE:/tmp/krb5cc_root_%d", pw->pw_uid);
krb5tkfile_env = tkt_location;
has_ccache = 1;
@@ -372,71 +378,43 @@ k5login(struct passwd *pw, char *instanc
}
if ((kerror = krb5_cc_resolve(kcontext, tkt_location, &ccache)) != 0) {
- syslog(LOG_NOTICE, "warning: %s while getting default ccache",
- krb5_get_err_text(kcontext, kerror));
+ k5_log(kcontext, kerror, "while getting default ccache");
return (1);
}
if ((kerror = krb5_parse_name(kcontext, principal, &me)) != 0) {
- syslog(LOG_NOTICE, "warning: %s when parsing name %s",
- krb5_get_err_text(kcontext, kerror), principal);
+ k5_log(kcontext, kerror, "when parsing name %s", principal);
return (1);
}
if ((kerror = krb5_unparse_name(kcontext, me, &client_name)) != 0) {
- syslog(LOG_NOTICE, "warning: %s when unparsing name %s",
- krb5_get_err_text(kcontext, kerror), principal);
+ k5_log(kcontext, kerror, "when unparsing name %s", principal);
return (1);
}
kerror = krb5_cc_initialize(kcontext, ccache, me);
if (kerror != 0) {
- syslog(LOG_NOTICE, "%s when initializing cache %s",
- krb5_get_err_text(kcontext, kerror), tkt_location);
- return (1);
- }
-
- memset((char *)&my_creds, 0, sizeof(my_creds));
-
- my_creds.client = me;
-
- if ((kerror = krb5_build_principal_ext(kcontext,
- &server,
- krb5_realm_length(*krb5_princ_realm(kcontext, me)),
- krb5_realm_data(*krb5_princ_realm(kcontext, me)),
- KRB5_TGS_NAME_SIZE,
- KRB5_TGS_NAME,
- krb5_realm_length(*krb5_princ_realm(kcontext, me)),
- krb5_realm_data(*krb5_princ_realm(kcontext, me)),
- 0)) != 0) {
- syslog(LOG_NOTICE, "%s while building server name",
- krb5_get_err_text(kcontext, kerror));
+ k5_log(kcontext, kerror, "when initializing cache %s",
+ tkt_location);
return (1);
}
- my_creds.server = server;
+ memset(&my_creds, 0, sizeof(my_creds));
+ krb5_get_init_creds_opt *opt;
- if ((kerror = krb5_timeofday(kcontext, &now)) != 0) {
- syslog(LOG_NOTICE, "%s while getting time of day",
- krb5_get_err_text(kcontext, kerror));
+ if ((kerror = krb5_get_init_creds_opt_alloc(kcontext, &opt)) != 0) {
+ k5_log(kcontext, kerror, "while getting options");
return (1);
}
+ if (login_krb5_forwardable_tgt)
+ krb5_get_init_creds_opt_set_forwardable(opt, 1);
- my_creds.times.starttime = 0; /* start timer when request
- gets to KDC */
- my_creds.times.endtime = now + lifetime;
- my_creds.times.renew_till = 0;
-
- kerror = krb5_get_in_tkt_with_password(kcontext, options,
- NULL,
- NULL,
- NULL,
- password,
- ccache,
- &my_creds, 0);
+ kerror = krb5_get_init_creds_password(kcontext, &my_creds, me, password,
+ NULL, NULL, 0, NULL, opt);
- if (my_creds.server != NULL)
- krb5_free_principal(kcontext, my_creds.server);
+ krb5_get_init_creds_opt_free(kcontext, opt);
+ if (kerror == 0)
+ kerror = krb5_cc_store_cred(kcontext, ccache, &my_creds);
if (chown(&tkt_location[5], pw->pw_uid, pw->pw_gid) < 0)
syslog(LOG_ERR, "chown tkfile (%s): %m", &tkt_location[5]);
Index: src/usr.bin/login/login.c
diff -u src/usr.bin/login/login.c:1.98 src/usr.bin/login/login.c:1.98.4.1
--- src/usr.bin/login/login.c:1.98 Wed Aug 31 16:24:57 2011
+++ src/usr.bin/login/login.c Mon May 7 16:24:07 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: login.c,v 1.98 2011/08/31 16:24:57 plunky Exp $ */
+/* $NetBSD: login.c,v 1.98.4.1 2012/05/07 16:24:07 riz Exp $ */
/*-
* Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
@@ -39,7 +39,7 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 19
#if 0
static char sccsid[] = "@(#)login.c 8.4 (Berkeley) 4/2/94";
#endif
-__RCSID("$NetBSD: login.c,v 1.98 2011/08/31 16:24:57 plunky Exp $");
+__RCSID("$NetBSD: login.c,v 1.98.4.1 2012/05/07 16:24:07 riz Exp $");
#endif /* not lint */
/*
@@ -83,7 +83,7 @@ __RCSID("$NetBSD: login.c,v 1.98 2011/08
#endif
#ifdef KERBEROS5
#include <krb5/krb5.h>
-#include <com_err.h>
+#include <krb5/com_err.h>
#endif
#ifdef LOGIN_CAP
#include <login_cap.h>
@@ -103,7 +103,7 @@ static void checknologin(char *);
#ifdef KERBEROS5
int k5login(struct passwd *, char *, char *, char *);
void k5destroy(void);
-int k5_read_creds(char*);
+int k5_read_creds(const char *);
int k5_write_creds(void);
#endif
#if defined(KERBEROS5)
@@ -118,10 +118,10 @@ static void usage(void);
#if defined(KERBEROS5)
int has_ccache = 0;
-static int notickets = 1;
-static char *instance;
+int notickets = 1;
extern krb5_context kcontext;
extern int have_forward;
+static char *instance;
extern char *krb5tkfile_env;
extern int krb5_configured;
#endif
@@ -142,13 +142,15 @@ main(int argc, char *argv[])
uid_t uid, saved_uid;
gid_t saved_gid, saved_gids[NGROUPS_MAX];
int nsaved_gids;
- char *domain, *p, *ttyn, *pwprompt;
+ char *domain, *p, *ttyn;
+ const char *pwprompt;
char tbuf[MAXPATHLEN + 2], tname[sizeof(_PATH_TTY) + 10];
char localhost[MAXHOSTNAMELEN + 1];
int need_chpass, require_chpass;
int login_retries = DEFAULT_RETRIES,
login_backoff = DEFAULT_BACKOFF;
time_t pw_warntime = _PASSWORD_WARNDAYS * SECSPERDAY;
+ char *loginname = NULL;
#ifdef KERBEROS5
krb5_error_code kerror;
#endif
@@ -241,7 +243,7 @@ main(int argc, char *argv[])
argv += optind;
if (*argv) {
- username = *argv;
+ username = loginname = *argv;
ask = 0;
} else
ask = 1;
@@ -313,18 +315,16 @@ main(int argc, char *argv[])
#endif
if (ask) {
fflag = 0;
- getloginname();
+ loginname = getloginname();
}
rootlogin = 0;
#ifdef KERBEROS5
- if ((instance = strchr(username, '/')) != NULL)
+ if ((instance = strchr(loginname, '/')) != NULL)
*instance++ = '\0';
else
- instance = "";
+ instance = __UNCONST("");
#endif
- if (strlen(username) > MAXLOGNAME)
- username[MAXLOGNAME] = '\0';
-
+ username = trimloginname(loginname);
/*
* Note if trying multiple user names; log failures for
* previous user name, but don't bother logging one failure
@@ -506,7 +506,7 @@ main(int argc, char *argv[])
(void)printf("No home directory %s!\n", pwd->pw_dir);
if (chdir("/") == -1)
exit(EXIT_FAILURE);
- pwd->pw_dir = "/";
+ pwd->pw_dir = __UNCONST("/");
(void)printf("Logging in with home = \"/\".\n");
}
@@ -592,7 +592,7 @@ main(int argc, char *argv[])
#endif
if (*pwd->pw_shell == '\0')
- pwd->pw_shell = _PATH_BSHELL;
+ pwd->pw_shell = __UNCONST(_PATH_BSHELL);
#ifdef LOGIN_CAP
if ((shell = login_getcapstr(lc, "shell", NULL, NULL)) != NULL) {
if ((shell = strdup(shell)) == NULL) {
@@ -606,7 +606,7 @@ main(int argc, char *argv[])
(void)setenv("HOME", pwd->pw_dir, 1);
(void)setenv("SHELL", pwd->pw_shell, 1);
if (term[0] == '\0') {
- char *tt = (char *)stypeof(tty);
+ const char *tt = stypeof(tty);
#ifdef LOGIN_CAP
if (tt == NULL)
tt = login_getcapstr(lc, "term", NULL, NULL);
@@ -648,7 +648,7 @@ main(int argc, char *argv[])
#endif
if (!quietlog) {
- char *fname;
+ const char *fname;
#ifdef LOGIN_CAP
fname = login_getcapstr(lc, "copyright", NULL, NULL);
if (fname != NULL && access(fname, F_OK) == 0)
Index: src/usr.bin/login/login_pam.c
diff -u src/usr.bin/login/login_pam.c:1.20 src/usr.bin/login/login_pam.c:1.20.8.1
--- src/usr.bin/login/login_pam.c:1.20 Tue Dec 29 19:26:13 2009
+++ src/usr.bin/login/login_pam.c Mon May 7 16:24:07 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: login_pam.c,v 1.20 2009/12/29 19:26:13 christos Exp $ */
+/* $NetBSD: login_pam.c,v 1.20.8.1 2012/05/07 16:24:07 riz Exp $ */
/*-
* Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
@@ -39,7 +39,7 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 19
#if 0
static char sccsid[] = "@(#)login.c 8.4 (Berkeley) 4/2/94";
#endif
-__RCSID("$NetBSD: login_pam.c,v 1.20 2009/12/29 19:26:13 christos Exp $");
+__RCSID("$NetBSD: login_pam.c,v 1.20.8.1 2012/05/07 16:24:07 riz Exp $");
#endif /* not lint */
/*
@@ -194,7 +194,7 @@ main(int argc, char *argv[])
argv += optind;
if (*argv) {
- username = *argv;
+ username = trimloginname(*argv);
ask = 0;
} else
ask = 1;
@@ -240,12 +240,10 @@ main(int argc, char *argv[])
for (cnt = 0;; ask = 1) {
if (ask) {
fflag = 0;
- getloginname();
+ username = trimusername(getloginname());
}
rootlogin = 0;
auth_passed = 0;
- if (strlen(username) > MAXLOGNAME)
- username[MAXLOGNAME] = '\0';
/*
* Note if trying multiple user names; log failures for
@@ -334,7 +332,7 @@ main(int argc, char *argv[])
if (pam_err != PAM_SUCCESS)
PAM_END("pam_get_item(PAM_USER)");
- username = (char *)newuser;
+ username = newuser;
/*
* Don't check for errors, because we don't want to give
* out any information.
@@ -441,7 +439,7 @@ skip_auth:
pam_end(pamh, PAM_SUCCESS);
exit(EXIT_FAILURE);
}
- pwd->pw_dir = "/";
+ pwd->pw_dir = __UNCONST("/");
(void)printf("Logging in with home = \"/\".\n");
}
@@ -570,7 +568,7 @@ skip_auth:
}
if (*pwd->pw_shell == '\0')
- pwd->pw_shell = _PATH_BSHELL;
+ pwd->pw_shell = __UNCONST(_PATH_BSHELL);
shell = login_getcapstr(lc, "shell", pwd->pw_shell, pwd->pw_shell);
if (*shell == '\0')
@@ -584,7 +582,7 @@ skip_auth:
(void)setenv("HOME", pwd->pw_dir, 1);
(void)setenv("SHELL", pwd->pw_shell, 1);
if (term[0] == '\0') {
- char *tt = (char *)stypeof(tty);
+ const char *tt = stypeof(tty);
if (tt == NULL)
tt = login_getcapstr(lc, "term", NULL, NULL);
@@ -618,7 +616,7 @@ skip_auth:
}
if (!quietlog) {
- char *fname;
+ const char *fname;
fname = login_getcapstr(lc, "copyright", NULL, NULL);
if (fname != NULL && access(fname, F_OK) == 0)
