![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / libexec / login_passwd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.21, Sat Dec 21 18:56:27 2019 UTC (4 years, 5 months ago) by millert
Branch: MAIN
CVS Tags: HEAD
Changes since 1.20: +1 -1 lines
FILE REMOVED
Replace modular version with origin BSDi version with our updates. In 2001 login_passwd was made modular so we could use the same source for passwd and kerberos auth. Now that we no longer have kerberos integrated we can simplify login_passwd. OK deraadt@
Revision 1.20 / (download) - annotate - [select for diffs], Sat Dec 14 15:22:48 2019 UTC (4 years, 5 months ago) by millert
Branch: MAIN
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored)
Return BI_SILENT not BI_AUTH if the challenge service is requested. This bug was introduced in the login_passwd rewrite back in 2001. From Tom Longshine.
Revision 1.19 / (download) - annotate - [select for diffs], Sun Sep 30 13:29:24 2018 UTC (5 years, 8 months ago) by ajacoutot
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.18: +1 -12 lines
Diff to previous 1.18 (colored)
Remove the hopefully last remnants of kerberos in there: arg_login, arg_notickets and invokinguser. ok kn@ millert@
Revision 1.18 / (download) - annotate - [select for diffs], Wed Jun 13 15:02:09 2018 UTC (5 years, 11 months ago) by reyk
Branch: MAIN
Changes since 1.17: +11 -2 lines
Diff to previous 1.17 (colored)
Call pledge(2) earlier before opening the auth channel and readpassphrase() Before this change, only the password validation was pledged, now it also includes some more code including the "Password:" prompt. To pledge the code earlier, the getpwnam_shadow() had to be moved up - it works under "getpw" but it does not return the actual password hash under pledge. This also works with yp(ldap). OK deraadt@ tb@ brynet@
Revision 1.17 / (download) - annotate - [select for diffs], Wed Jun 13 14:54:42 2018 UTC (5 years, 11 months ago) by reyk
Branch: MAIN
Changes since 1.16: +2 -6 lines
Diff to previous 1.16 (colored)
Remove #ifdef PASSWD, it was always enabled and is a leftover from krb5 days. No other uses of -DPASSWD were found in the tree. OK deraadt@ tb@ brynet@
Revision 1.16 / (download) - annotate - [select for diffs], Sat Sep 3 11:24:40 2016 UTC (7 years, 9 months ago) by tedu
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2,
OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.15: +2 -3 lines
Diff to previous 1.15 (colored)
set password to return of readpassphrase(), not always the buffer.
Revision 1.15 / (download) - annotate - [select for diffs], Sat Sep 3 10:50:16 2016 UTC (7 years, 9 months ago) by gsoares
Branch: MAIN
Changes since 1.14: +4 -2 lines
Diff to previous 1.14 (colored)
convert to use readpassphrase() instead of DEPRECATED/getpass() OK millert@
Revision 1.14 / (download) - annotate - [select for diffs], Fri Sep 2 10:36:51 2016 UTC (7 years, 9 months ago) by gsoares
Branch: MAIN
Changes since 1.13: +1 -5 lines
Diff to previous 1.13 (colored)
krb5 bits should rest in peace OK deraadt
Revision 1.13 / (download) - annotate - [select for diffs], Tue Aug 16 04:44:38 2016 UTC (7 years, 9 months ago) by tedu
Branch: MAIN
Changes since 1.12: +2 -2 lines
Diff to previous 1.12 (colored)
remove unneeded casts
Revision 1.12 / (download) - annotate - [select for diffs], Mon Oct 5 17:31:17 2015 UTC (8 years, 7 months ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.11: +2 -2 lines
Diff to previous 1.11 (colored)
Use explicit_bzero() instead of memset() for zeroing out secrets. OK deraadt@
Revision 1.11 / (download) - annotate - [select for diffs], Fri Jan 16 06:39:50 2015 UTC (9 years, 4 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.10: +2 -2 lines
Diff to previous 1.10 (colored)
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
Revision 1.10 / (download) - annotate - [select for diffs], Fri Jun 1 01:43:19 2012 UTC (12 years ago) by dlg
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6,
OPENBSD_5_5_BASE,
OPENBSD_5_5,
OPENBSD_5_4_BASE,
OPENBSD_5_4,
OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2
Changes since 1.9: +2 -2 lines
Diff to previous 1.9 (colored)
add a krb5-noverify option for login.conf that disables verification of the server against a local host keytab file when you're authing users with login_krb5. useful for when you need to auth users but dealing with the domain admins is painful... ok sthen@ jj@ millert@
Revision 1.9 / (download) - annotate - [select for diffs], Sun Apr 2 01:00:40 2006 UTC (18 years, 2 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0,
OPENBSD_4_9_BASE,
OPENBSD_4_9,
OPENBSD_4_8_BASE,
OPENBSD_4_8,
OPENBSD_4_7_BASE,
OPENBSD_4_7,
OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5,
OPENBSD_4_4_BASE,
OPENBSD_4_4,
OPENBSD_4_3_BASE,
OPENBSD_4_3,
OPENBSD_4_2_BASE,
OPENBSD_4_2,
OPENBSD_4_1_BASE,
OPENBSD_4_1,
OPENBSD_4_0_BASE,
OPENBSD_4_0
Changes since 1.8: +3 -2 lines
Diff to previous 1.8 (colored)
a FALLTHROUGH and one size_t cast
Revision 1.8 / (download) - annotate - [select for diffs], Thu Apr 14 18:33:42 2005 UTC (19 years, 1 month ago) by biorn
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE,
OPENBSD_3_9,
OPENBSD_3_8_BASE,
OPENBSD_3_8
Changes since 1.7: +1 -4 lines
Diff to previous 1.7 (colored)
drop some krb4 stuff ok beck@
Revision 1.7 / (download) - annotate - [select for diffs], Wed Mar 10 21:30:27 2004 UTC (20 years, 2 months ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_3_7_BASE,
OPENBSD_3_7,
OPENBSD_3_6_BASE,
OPENBSD_3_6,
OPENBSD_3_5_BASE,
OPENBSD_3_5
Changes since 1.6: +3 -2 lines
Diff to previous 1.6 (colored)
More checking for a NULL return value from getpass(). otto@ OK
Revision 1.6 / (download) - annotate - [select for diffs], Mon Mar 17 02:20:17 2003 UTC (21 years, 2 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE,
OPENBSD_3_4,
OPENBSD_3_3_BASE,
OPENBSD_3_3
Changes since 1.5: +7 -7 lines
Diff to previous 1.5 (colored)
incorrect string length matching; ianm@cit.uws.edu.au
Revision 1.5 / (download) - annotate - [select for diffs], Fri Sep 6 18:45:06 2002 UTC (21 years, 9 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_3_2_BASE,
OPENBSD_3_2
Changes since 1.4: +1 -2 lines
Diff to previous 1.4 (colored)
ansi; ok millert pvalchev
Revision 1.4 / (download) - annotate - [select for diffs], Sun Jun 2 01:27:15 2002 UTC (22 years ago) by deraadt
Branch: MAIN
Changes since 1.3: +4 -4 lines
Diff to previous 1.3 (colored)
minor KNF
Revision 1.3 / (download) - annotate - [select for diffs], Thu Dec 6 05:37:04 2001 UTC (22 years, 6 months ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_3_1_BASE,
OPENBSD_3_1
Changes since 1.2: +1 -3 lines
Diff to previous 1.2 (colored)
Do not set handler for SIGINT and SIGQUIT to SIG_IGN since it prevents getpass()/readpassphrase() from being able to restore the tty mode on keyboard interrupt. Along with the recent readpassphrase.c commit this means that if you ^C things that use login scripts (like su(1)) with a non-CBREAK shell your tty mode will be restored nicely. TODO: The various login scripts need to install handlers to avoid leaving turd files or otherwise ending in a bad state. It would also be nice to send BI_REJECT to the back channel.
Revision 1.2 / (download) - annotate - [select for diffs], Thu Aug 9 15:18:45 2001 UTC (22 years, 9 months ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_3_0_BASE,
OPENBSD_3_0
Changes since 1.1: +25 -22 lines
Diff to previous 1.1 (colored)
o wheel and lastchance are -v args (variable), not -s (service) o an unknown service is a fatal error o some KNF
Revision 1.1 / (download) - annotate - [select for diffs], Tue Jun 26 05:03:28 2001 UTC (22 years, 11 months ago) by hin
Branch: MAIN
Cleanup and unify login_passwd, login_krb4, login_krb4-or-pwd, login_krb5 and login_krb5-or-pwd.