#
1.19 |
|
01-Mar-2022 |
tedu |
add rtable capability to login.conf. from Matthew Martin
|
#
1.18 |
|
10-Feb-2022 |
robert |
introduce support for storing capability databases in /etc/login.conf.d;
anytime a class is looked up, the /etc/login.conf.d/${class} file will be checked first for a matching class definition; this will allow us to easily add custom login classes from packages
ok millert@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.17 |
|
03-Jun-2021 |
deraadt |
secure_path(3) hasn't been called since we recognized the TOCTOU issues a few years back, so we can remove it. Since nothing in the ecosystem calls it, I am not cranking the libc major as required, surely another crank will come along soon. noticed by Dante Catalfamo ok millert
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.16 |
|
29-Jul-2018 |
deraadt |
Add _PATH_AUTHPROGDIR = "/usr/libexec/auth", this path will be used to unveil. Unfortunately the auth subsystem uses _PATH_AUTHPROG = "/usr/libexec/auth/login_", which it auth-program is appended to -- a rather gross idea which now shows lack of wisdom.
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.15 |
|
21-Nov-2014 |
tedu |
change prototype for crypt_newhash. the login_cap_t is a holdover from its pwd_gensalt origins, but a string argument works equally work and is more friendly to consumers beyond local user accounts. ok deraadt
|
#
1.14 |
|
19-Nov-2014 |
tedu |
prototype for crypt_newhash(). adding it here because this is where login_cap_t lives and i don't want to forward declare it in unistd.h
|
Revision tags: OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.13 |
|
28-Jan-2005 |
millert |
LOGIN_SETALL did not include LOGIN_SETENV as it should.
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.12 |
|
09-Aug-2004 |
millert |
Support the "setenv" capability in login.conf ala FreeBSD. Following FreeBSD's example, a '~' in an environment variable is replaced with the user's homedir. A '$' is replaced by the user's login name. Both can be escaped with a backslash to get the literal char. OK deraadt@
|
#
1.11 |
|
03-Aug-2004 |
millert |
Define BI_FDPASS for the BSD auth fd passing changes.
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.10 |
|
22-Jan-2004 |
espie |
Remove unnecessary typedef usage.
u_char -> unsigned char u_short -> unsigned short u_long -> unsigned long u_int -> unsigned int
okay millert@
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE OPENBSD_3_4_BASE
|
#
1.9 |
|
02-Aug-2002 |
millert |
Change value of LOGIN_DEFSTYLE from "krb4-or-pwd" to just "passwd". If there is no login.conf or it is corrupt we don't want to make any assumptions about kerberos. By request of deraadt@
|
#
1.8 |
|
03-Jun-2002 |
deraadt |
compatiblity -> compatibility decriptor -> descriptor authentciated -> authenticated transmition -> transmission
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.7 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.6 |
|
15-Jul-2001 |
millert |
Give login_cap_t a struct name so we can use forward declarations.
|
#
1.5 |
|
30-Jun-2001 |
millert |
Default login style is now krb4-or-pwd, not krb-or-pwd.
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.4 |
|
01-Jan-2001 |
millert |
Guard against multiple inclusion
|
#
1.3 |
|
21-Nov-2000 |
millert |
BSD authentication routines from BSDI. Presently this is not used but the login_* helper programs and other support will be committed in the near future.
|
#
1.2 |
|
19-Nov-2000 |
millert |
Remove prototypes for old BSD auth functions. New ones will live in bsd_auth.h when BSD authentication is committed.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.1 |
|
20-Aug-2000 |
millert |
login.conf code from BSDi. This does not include the bsd auth code which will come later. At this stage it is primarily used for setting resource limits.
|
#
1.18 |
|
10-Feb-2022 |
robert |
introduce support for storing capability databases in /etc/login.conf.d;
anytime a class is looked up, the /etc/login.conf.d/${class} file will be checked first for a matching class definition; this will allow us to easily add custom login classes from packages
ok millert@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.17 |
|
03-Jun-2021 |
deraadt |
secure_path(3) hasn't been called since we recognized the TOCTOU issues a few years back, so we can remove it. Since nothing in the ecosystem calls it, I am not cranking the libc major as required, surely another crank will come along soon. noticed by Dante Catalfamo ok millert
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.16 |
|
29-Jul-2018 |
deraadt |
Add _PATH_AUTHPROGDIR = "/usr/libexec/auth", this path will be used to unveil. Unfortunately the auth subsystem uses _PATH_AUTHPROG = "/usr/libexec/auth/login_", which it auth-program is appended to -- a rather gross idea which now shows lack of wisdom.
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.15 |
|
21-Nov-2014 |
tedu |
change prototype for crypt_newhash. the login_cap_t is a holdover from its pwd_gensalt origins, but a string argument works equally work and is more friendly to consumers beyond local user accounts. ok deraadt
|
#
1.14 |
|
19-Nov-2014 |
tedu |
prototype for crypt_newhash(). adding it here because this is where login_cap_t lives and i don't want to forward declare it in unistd.h
|
Revision tags: OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.13 |
|
28-Jan-2005 |
millert |
LOGIN_SETALL did not include LOGIN_SETENV as it should.
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.12 |
|
09-Aug-2004 |
millert |
Support the "setenv" capability in login.conf ala FreeBSD. Following FreeBSD's example, a '~' in an environment variable is replaced with the user's homedir. A '$' is replaced by the user's login name. Both can be escaped with a backslash to get the literal char. OK deraadt@
|
#
1.11 |
|
03-Aug-2004 |
millert |
Define BI_FDPASS for the BSD auth fd passing changes.
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.10 |
|
22-Jan-2004 |
espie |
Remove unnecessary typedef usage.
u_char -> unsigned char u_short -> unsigned short u_long -> unsigned long u_int -> unsigned int
okay millert@
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE OPENBSD_3_4_BASE
|
#
1.9 |
|
02-Aug-2002 |
millert |
Change value of LOGIN_DEFSTYLE from "krb4-or-pwd" to just "passwd". If there is no login.conf or it is corrupt we don't want to make any assumptions about kerberos. By request of deraadt@
|
#
1.8 |
|
03-Jun-2002 |
deraadt |
compatiblity -> compatibility decriptor -> descriptor authentciated -> authenticated transmition -> transmission
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.7 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.6 |
|
15-Jul-2001 |
millert |
Give login_cap_t a struct name so we can use forward declarations.
|
#
1.5 |
|
30-Jun-2001 |
millert |
Default login style is now krb4-or-pwd, not krb-or-pwd.
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.4 |
|
01-Jan-2001 |
millert |
Guard against multiple inclusion
|
#
1.3 |
|
21-Nov-2000 |
millert |
BSD authentication routines from BSDI. Presently this is not used but the login_* helper programs and other support will be committed in the near future.
|
#
1.2 |
|
19-Nov-2000 |
millert |
Remove prototypes for old BSD auth functions. New ones will live in bsd_auth.h when BSD authentication is committed.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.1 |
|
20-Aug-2000 |
millert |
login.conf code from BSDi. This does not include the bsd auth code which will come later. At this stage it is primarily used for setting resource limits.
|
#
1.17 |
|
03-Jun-2021 |
deraadt |
secure_path(3) hasn't been called since we recognized the TOCTOU issues a few years back, so we can remove it. Since nothing in the ecosystem calls it, I am not cranking the libc major as required, surely another crank will come along soon. noticed by Dante Catalfamo ok millert
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.16 |
|
29-Jul-2018 |
deraadt |
Add _PATH_AUTHPROGDIR = "/usr/libexec/auth", this path will be used to unveil. Unfortunately the auth subsystem uses _PATH_AUTHPROG = "/usr/libexec/auth/login_", which it auth-program is appended to -- a rather gross idea which now shows lack of wisdom.
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.15 |
|
21-Nov-2014 |
tedu |
change prototype for crypt_newhash. the login_cap_t is a holdover from its pwd_gensalt origins, but a string argument works equally work and is more friendly to consumers beyond local user accounts. ok deraadt
|
#
1.14 |
|
19-Nov-2014 |
tedu |
prototype for crypt_newhash(). adding it here because this is where login_cap_t lives and i don't want to forward declare it in unistd.h
|
Revision tags: OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.13 |
|
28-Jan-2005 |
millert |
LOGIN_SETALL did not include LOGIN_SETENV as it should.
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.12 |
|
09-Aug-2004 |
millert |
Support the "setenv" capability in login.conf ala FreeBSD. Following FreeBSD's example, a '~' in an environment variable is replaced with the user's homedir. A '$' is replaced by the user's login name. Both can be escaped with a backslash to get the literal char. OK deraadt@
|
#
1.11 |
|
03-Aug-2004 |
millert |
Define BI_FDPASS for the BSD auth fd passing changes.
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.10 |
|
22-Jan-2004 |
espie |
Remove unnecessary typedef usage.
u_char -> unsigned char u_short -> unsigned short u_long -> unsigned long u_int -> unsigned int
okay millert@
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE OPENBSD_3_4_BASE
|
#
1.9 |
|
02-Aug-2002 |
millert |
Change value of LOGIN_DEFSTYLE from "krb4-or-pwd" to just "passwd". If there is no login.conf or it is corrupt we don't want to make any assumptions about kerberos. By request of deraadt@
|
#
1.8 |
|
03-Jun-2002 |
deraadt |
compatiblity -> compatibility decriptor -> descriptor authentciated -> authenticated transmition -> transmission
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.7 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.6 |
|
15-Jul-2001 |
millert |
Give login_cap_t a struct name so we can use forward declarations.
|
#
1.5 |
|
30-Jun-2001 |
millert |
Default login style is now krb4-or-pwd, not krb-or-pwd.
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.4 |
|
01-Jan-2001 |
millert |
Guard against multiple inclusion
|
#
1.3 |
|
21-Nov-2000 |
millert |
BSD authentication routines from BSDI. Presently this is not used but the login_* helper programs and other support will be committed in the near future.
|
#
1.2 |
|
19-Nov-2000 |
millert |
Remove prototypes for old BSD auth functions. New ones will live in bsd_auth.h when BSD authentication is committed.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.1 |
|
20-Aug-2000 |
millert |
login.conf code from BSDi. This does not include the bsd auth code which will come later. At this stage it is primarily used for setting resource limits.
|
#
1.16 |
|
29-Jul-2018 |
deraadt |
Add _PATH_AUTHPROGDIR = "/usr/libexec/auth", this path will be used to unveil. Unfortunately the auth subsystem uses _PATH_AUTHPROG = "/usr/libexec/auth/login_", which it auth-program is appended to -- a rather gross idea which now shows lack of wisdom.
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.15 |
|
21-Nov-2014 |
tedu |
change prototype for crypt_newhash. the login_cap_t is a holdover from its pwd_gensalt origins, but a string argument works equally work and is more friendly to consumers beyond local user accounts. ok deraadt
|
#
1.14 |
|
19-Nov-2014 |
tedu |
prototype for crypt_newhash(). adding it here because this is where login_cap_t lives and i don't want to forward declare it in unistd.h
|
Revision tags: OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.13 |
|
28-Jan-2005 |
millert |
LOGIN_SETALL did not include LOGIN_SETENV as it should.
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.12 |
|
09-Aug-2004 |
millert |
Support the "setenv" capability in login.conf ala FreeBSD. Following FreeBSD's example, a '~' in an environment variable is replaced with the user's homedir. A '$' is replaced by the user's login name. Both can be escaped with a backslash to get the literal char. OK deraadt@
|
#
1.11 |
|
03-Aug-2004 |
millert |
Define BI_FDPASS for the BSD auth fd passing changes.
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.10 |
|
22-Jan-2004 |
espie |
Remove unnecessary typedef usage.
u_char -> unsigned char u_short -> unsigned short u_long -> unsigned long u_int -> unsigned int
okay millert@
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE OPENBSD_3_4_BASE
|
#
1.9 |
|
02-Aug-2002 |
millert |
Change value of LOGIN_DEFSTYLE from "krb4-or-pwd" to just "passwd". If there is no login.conf or it is corrupt we don't want to make any assumptions about kerberos. By request of deraadt@
|
#
1.8 |
|
03-Jun-2002 |
deraadt |
compatiblity -> compatibility decriptor -> descriptor authentciated -> authenticated transmition -> transmission
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.7 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.6 |
|
15-Jul-2001 |
millert |
Give login_cap_t a struct name so we can use forward declarations.
|
#
1.5 |
|
30-Jun-2001 |
millert |
Default login style is now krb4-or-pwd, not krb-or-pwd.
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.4 |
|
01-Jan-2001 |
millert |
Guard against multiple inclusion
|
#
1.3 |
|
21-Nov-2000 |
millert |
BSD authentication routines from BSDI. Presently this is not used but the login_* helper programs and other support will be committed in the near future.
|
#
1.2 |
|
19-Nov-2000 |
millert |
Remove prototypes for old BSD auth functions. New ones will live in bsd_auth.h when BSD authentication is committed.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.1 |
|
20-Aug-2000 |
millert |
login.conf code from BSDi. This does not include the bsd auth code which will come later. At this stage it is primarily used for setting resource limits.
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.15 |
|
21-Nov-2014 |
tedu |
change prototype for crypt_newhash. the login_cap_t is a holdover from its pwd_gensalt origins, but a string argument works equally work and is more friendly to consumers beyond local user accounts. ok deraadt
|
#
1.14 |
|
19-Nov-2014 |
tedu |
prototype for crypt_newhash(). adding it here because this is where login_cap_t lives and i don't want to forward declare it in unistd.h
|
Revision tags: OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.13 |
|
28-Jan-2005 |
millert |
LOGIN_SETALL did not include LOGIN_SETENV as it should.
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.12 |
|
09-Aug-2004 |
millert |
Support the "setenv" capability in login.conf ala FreeBSD. Following FreeBSD's example, a '~' in an environment variable is replaced with the user's homedir. A '$' is replaced by the user's login name. Both can be escaped with a backslash to get the literal char. OK deraadt@
|
#
1.11 |
|
03-Aug-2004 |
millert |
Define BI_FDPASS for the BSD auth fd passing changes.
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.10 |
|
22-Jan-2004 |
espie |
Remove unnecessary typedef usage.
u_char -> unsigned char u_short -> unsigned short u_long -> unsigned long u_int -> unsigned int
okay millert@
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE OPENBSD_3_4_BASE
|
#
1.9 |
|
02-Aug-2002 |
millert |
Change value of LOGIN_DEFSTYLE from "krb4-or-pwd" to just "passwd". If there is no login.conf or it is corrupt we don't want to make any assumptions about kerberos. By request of deraadt@
|
#
1.8 |
|
03-Jun-2002 |
deraadt |
compatiblity -> compatibility decriptor -> descriptor authentciated -> authenticated transmition -> transmission
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.7 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.6 |
|
15-Jul-2001 |
millert |
Give login_cap_t a struct name so we can use forward declarations.
|
#
1.5 |
|
30-Jun-2001 |
millert |
Default login style is now krb4-or-pwd, not krb-or-pwd.
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.4 |
|
01-Jan-2001 |
millert |
Guard against multiple inclusion
|
#
1.3 |
|
21-Nov-2000 |
millert |
BSD authentication routines from BSDI. Presently this is not used but the login_* helper programs and other support will be committed in the near future.
|
#
1.2 |
|
19-Nov-2000 |
millert |
Remove prototypes for old BSD auth functions. New ones will live in bsd_auth.h when BSD authentication is committed.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.1 |
|
20-Aug-2000 |
millert |
login.conf code from BSDi. This does not include the bsd auth code which will come later. At this stage it is primarily used for setting resource limits.
|