| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
|
|
|
|
|
|
| |
These are picked up by xgettext and put in the POT file.
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
| |
login.c: In function ‘main’:
login.c:389:40: warning: variable ‘errsv’ set but not used [-Wunused-but-set-variable]
login.c:389:9: warning: variable ‘ask’ set but not used [-Wunused-but-set-variable]
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
| |
Reported-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
| |
Solaris lacks err, errx, warn and warnx. This also means the err.h header
doesn't exist. Removed err.h include from all files, and included err.h from
c.h instead if it exists, otherwise alternatives are provided.
Signed-off-by: Fabian Groffen <grobian@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Check for crypt.h existence, and use it if available over using unistd.h
for which a certain feature level has to be set to export a definition
for crypt. On Solaris this set causes a standards conflict in the
headers, because at the time of this check C99 mode is already enabled,
which implies certain standards non-compatible with _XOPEN_SOURCE.
92 #define _XOPEN_SOURCE
93 #include <unistd.h>
configure:16259: gcc -std=gnu99 -c -g -O2 conftest.c >&5
In file included from /usr/include/unistd.h:18,
from conftest.c:93:
/prefix/gentoo/usr/lib/gcc/i386-pc-solaris2.10/4.4.5/include-fixed/sys/feature_tests.h:341:2: error: #error "Compiler or options invalid for pre-UNIX 03 X/Open applications and pre-2001 POSIX applications"
configure.ac: improve crypt check
login-utils/my_crypt.h: replace old GNU_LIBRARY check with autoconf
define for crypt.h
[kzak@redhat.com: - remove my_crypt.h]
Signed-off-by: Fabian Groffen <grobian@gentoo.org>
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
login.c:542:8: warning: ignoring return value of ‘fchown’, declared
with attribute warn_unused_result
login.c:1013:11: warning: ignoring return value of ‘fchown’, declared
with attribute warn_unused_result
login.c: In function ‘dolastlog’:
login.c:1452:7: warning: ignoring return value of ‘write’, declared
with attribute warn_unused_result
login.c: In function ‘motd’:
login.c:1391:7: warning: ignoring return value of ‘write’, declared
with attribute warn_unused_result
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
| |
[kzak@redhat.com: - cleanup return codes
- use warn()]
Signed-off-by: Marek Polacek <mmpolacek@gmail.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Davidlohr Bueso <dave@gnu.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch replaces a few functions used throughout the source:
* Renames getnum (from schedutils) to strtol_or_err
* Moves strtosize (from lib/strtosize.c)
* Moves xstrncpy (from include/xstrncpy.h)
* Adds strnlen, strnchr and strndup if not available (remove it from libmount utils)
A few Makefile.am files were modified to compile accordingly along with trivial renaming
in schedutils source code.
Signed-off-by: Davidlohr Bueso <dave@gnu.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* the login code assumes that stdin is a terminal, it's better to
check (by isatty()) that after tty reopen we still have a terminal
* this patch also removes very old obscure fallback for situations where
ttyname() returns nothing (then ttyn = "/dev/tty??"). I guess that the
fake string was originally for utmp records or so. Currently (in last 10
years...) code requires that the tty name is a real open-able file.
It means the fake tty name is completely useless.
Reported-by: Yann Droneaud <yann@droneaud.fr>
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
| |
To avoid some nasty races, use the only true tty:
the one already opened, don't use the path.
Signed-off-by: Yann Droneaud <yann@droneaud.fr>
|
|
|
|
|
|
|
|
|
| |
Those 4 functions are marked as LEGACY in POSIX.1-2001 and removed in
POSIX.1-2008.
Replaced with memmove,memset,strchr and strrchr.
Signed-off-by: Daniel Mierswa <impulze@impulze.org>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
As an NFS client with home directories on mounted NFS share - If the
NFS server exports the share with default root squashed, login cannot
access the filesystem to check for the existence of .hushlogin file.
It seems better to use open(2) rather than access(2).
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
login.c: In function ‘dolastlog’:
login.c:1438 warning: passing argument 1 of ‘time’ from incompatible pointer type
Unfortunately, on-disk lastlog format is always 32bit, bits/utmp.h:
struct lastlog
{
#if __WORDSIZE == 64 && defined __WORDSIZE_COMPAT32
int32_t ll_time;
#else
__time_t ll_time;
#endif
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
|
| |
strict-aliasing rules"
This patch fix problems with odd pam_get_iten( ..., void **) API.
(tested by gcc-4.1.2-42.el5.i386)
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A while back I found a couple audit log injection attacks which became
CVE-2007-3102. I forgot to look at login to see if its vulnerable and Mirek
found that it is. To verify the problem, type:
root addr=xyz.com
for the account name while logging in. It will look like root logged in with
an address of xyz.com.
Signed-off-by: Steve Grubb <sgrubb@redhat.com>
|
|
|
|
| |
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
|
|
|
|
|
|
|
|
|
| |
This patch fix a small memory leak (rh#251539) and also remove
unnecessary pam_set_item(). We needn't to zeroing PAM_USER when the
value is already NULL, it doesn't make sense.
Addresses-Red-Hat-Bugzilla: #251539
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Stupid bug in audit code:
$ login
login: ^D
login: ^D
Segmentation fault
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
| |
The login command reports AUDIT_USER_LOGIN message to audit system
(depends on --with-audit).
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
This support includes:
* non-PAM version supports IPv6 ranges in /etc/usertty
* utmp records with IPv6 addresses
Based on patch by: Milan Zazrivec <mzazrivec@redhat.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
On 64-bit platforms such as x86_64, glibc is usually built with 32-bit
compatibility for various structures. One of them is utmp.
What this means is that gettimeofday(&ut.ut_tv, NULL) on x86_64 will
end up overwriting the first parts of ut_addr_v6, leading to garbage
in the utmp file.
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The login omits pam_acct_mgmt & chauth_tok when authentication is skipped.
Authentication may be skipped, for example, during krlogin because Kerberos
already took care of it. The problem with skipping pam_acct_mgmt is that it
allows users to use the system when maybe they should not be allowed, such that
if they have a Kerberos ticket, the other checks do not apply.
If a user had to use password authentication, pam_acct_mgmt may reject the user
for several reasons: not allowed to use the system at this time, not allowed to
use this system, user's account has been disabled, etc. Why should these tests
be skipped just because the user has a ticket?
Same with pam_chauthtok: the user may have a valid ticket, but if their
password has expired, they need to enter a new one right now.
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If you manage to exec login with a userid other than root, and its
input / output directed to a terminal for which it does not have
read/write access, it will attempt to proceed (and can potentially
hang forever -- but this hang has been fixed in a previous commit).
It's better to check if we have permissions for terminal rather than
do any useless things.
From: Jason Vas Dias <jvdias@redhat.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
| |
The PAM session modules typically write to syslog when leaving the
session. The openlog() is way how define a "ident" for syslog messages.
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Login tries to set a timeout in main() by SIGALARM. If any restartable system
call is entered, such system calls can block indefinitely and will NOT be
interrupted by the SIGALRM.
The bug appears when the login program is run for a terminal for which it
doens't have read or write permission.
In that case, login hung until manually killed by the administrator in its
tcsetattr(...) call at login.c, line 460:
/* Kill processes left on this tty */
tcsetattr(0,TCSAFLUSH,&ttt);
This may possibly be a kernel bug - instead of returning EIO / EPERM, the
kernel continously sends an infinite number of SIGTTOU signals to the process .
An 80MB strace log file was generated, consisting of >1,000,000 repetitions
of :
4964 11:00:18 ioctl(0, SNDCTL_TMR_CONTINUE or TCSETSF, {c_iflags=0x106,
c_oflags=0x1805, c_cflags=0x800000be, c_lflags=0x3b, c_line=0,
c_cc="\x03\x1c\x7f\x15\x04\x00\x01\x00\x11\x13\x1a\x00\x12\x0f\x17\x16\x00\x00\x00"})
= ? ERESTARTSYS (To be restarted)
4964 11:00:18 --- SIGTTOU (Stopped (tty output)) @ 0 (0) ---
4964 11:00:18 --- SIGTTOU (Stopped (tty output)) @ 0 (0) ---
Login's alarm signal handler DOES get the SIGALRM after the 60 second timeout,
and timedout() is called; but then timedout2 calls ioctl(0, TCSETA, &ti), which
also blocks, because the ioctl(0, TCSETSF...) of tcsetattr is in progress, and
the exit() call of timedout2 is never reached, and the tcsetattr call is
restarted.
From: Jason Vas Dias <jvdias@redhat.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The login cannot ignore signals, because:
* SIGHUP is only way how inform session leader that controlling
tty goes away. The leader has to inform others processes in same
process group about the signal.
* SIGHUP/SIGTERM cannot kill wait(2)-ing login, we have to wait as long
as any child process exists. The PAM session has to be closed correctly.
* The child process (before setsid()) has to call exit() if a controlling
tty goes away.
This patch is inspired by patch from Red Hat that is very well tested for last
4 years in all Red Hat distros.
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
| |
If for some reason the pam set credential call fails, it does not close the pam
session. pam open can mount drives, so calling pam close is important.
From: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|