ensure that sensitive data is zeroed out from mem.

ok beck@

Use <fcntl.h> instead of <sys/file.h> for open() and friends.
Delete a bunch of unnecessary #includes and sort to match style(9)
while doing the above cleanup.

ok deraadt@ krw@

convert to use readpassphrase() instead of DEPRECATED/getpass()
OK millert@

remove unneeded casts

Add missing "tty" promise to the pledge(2) call

This is needed since getpass(3) calls readpassphrase(3) which in turn tries
to open(2) a tty in O_RDWR mode

Problem reported by Kevin Chadwick <m8il1ists ! gmail.com>

Cluebat stick provided by deraadt@, OK millert@

Call syslog() if login_* pledge fails; OK deraadt@

use crypt_checkpass("password", NULL) to fake a login instead of bcrypt

pledge "stdio rpath" is good enough for these mainline BSD auth login
programs.
(I am very surprised pledge ended up working for programs like this)
ok semarie millert

reduce dependency on passwd. just call bcrypt_newhash to do the dummy work.

remove some unnecessary sys/param.h inclusions

some extern and goo

Foil potential timing attacks by using the correct password hash
instead of "xx". In practice this means bcrypt() will be used for
non-existent users instead of DES crypt().
Adapted from a patch by Peter Philipp. OK deraadt@

ansi; ok millert pvalchev

minor indent cleanup

minor KNF

Do not set handler for SIGINT and SIGQUIT to SIG_IGN since it prevents
getpass()/readpassphrase() from being able to restore the tty mode
on keyboard interrupt. Along with the recent readpassphrase.c commit
this means that if you ^C things that use login scripts (like su(1))
with a non-CBREAK shell your tty mode will be restored nicely.

TODO:
The various login scripts need to install handlers to avoid leaving
turd files or otherwise ending in a bad state. It would also be
nice to send BI_REJECT to the back channel.

getopt(3) returns -1 when out of args, not EOF.

millert@ ok

reject login script; rejects attempted authentication
will be used when BSD authentication is enabled

Use <fcntl.h> instead of <sys/file.h> for open() and friends.
Delete a bunch of unnecessary #includes and sort to match style(9)
while doing the above cleanup.

ok deraadt@ krw@

convert to use readpassphrase() instead of DEPRECATED/getpass()
OK millert@

remove unneeded casts

Add missing "tty" promise to the pledge(2) call

This is needed since getpass(3) calls readpassphrase(3) which in turn tries
to open(2) a tty in O_RDWR mode

Problem reported by Kevin Chadwick <m8il1ists ! gmail.com>

Cluebat stick provided by deraadt@, OK millert@

Call syslog() if login_* pledge fails; OK deraadt@

use crypt_checkpass("password", NULL) to fake a login instead of bcrypt

pledge "stdio rpath" is good enough for these mainline BSD auth login
programs.
(I am very surprised pledge ended up working for programs like this)
ok semarie millert

reduce dependency on passwd. just call bcrypt_newhash to do the dummy work.

remove some unnecessary sys/param.h inclusions

some extern and goo

Foil potential timing attacks by using the correct password hash
instead of "xx". In practice this means bcrypt() will be used for
non-existent users instead of DES crypt().
Adapted from a patch by Peter Philipp. OK deraadt@

ansi; ok millert pvalchev

minor indent cleanup

minor KNF

Do not set handler for SIGINT and SIGQUIT to SIG_IGN since it prevents
getpass()/readpassphrase() from being able to restore the tty mode
on keyboard interrupt. Along with the recent readpassphrase.c commit
this means that if you ^C things that use login scripts (like su(1))
with a non-CBREAK shell your tty mode will be restored nicely.

TODO:
The various login scripts need to install handlers to avoid leaving
turd files or otherwise ending in a bad state. It would also be
nice to send BI_REJECT to the back channel.

getopt(3) returns -1 when out of args, not EOF.

millert@ ok

reject login script; rejects attempted authentication
will be used when BSD authentication is enabled

convert to use readpassphrase() instead of DEPRECATED/getpass()
OK millert@

remove unneeded casts

Add missing "tty" promise to the pledge(2) call

This is needed since getpass(3) calls readpassphrase(3) which in turn tries
to open(2) a tty in O_RDWR mode

Problem reported by Kevin Chadwick <m8il1ists ! gmail.com>

Cluebat stick provided by deraadt@, OK millert@

Call syslog() if login_* pledge fails; OK deraadt@

use crypt_checkpass("password", NULL) to fake a login instead of bcrypt

pledge "stdio rpath" is good enough for these mainline BSD auth login
programs.
(I am very surprised pledge ended up working for programs like this)
ok semarie millert

reduce dependency on passwd. just call bcrypt_newhash to do the dummy work.

remove some unnecessary sys/param.h inclusions

some extern and goo

Foil potential timing attacks by using the correct password hash
instead of "xx". In practice this means bcrypt() will be used for
non-existent users instead of DES crypt().
Adapted from a patch by Peter Philipp. OK deraadt@

ansi; ok millert pvalchev

minor indent cleanup

minor KNF

Do not set handler for SIGINT and SIGQUIT to SIG_IGN since it prevents
getpass()/readpassphrase() from being able to restore the tty mode
on keyboard interrupt. Along with the recent readpassphrase.c commit
this means that if you ^C things that use login scripts (like su(1))
with a non-CBREAK shell your tty mode will be restored nicely.

TODO:
The various login scripts need to install handlers to avoid leaving
turd files or otherwise ending in a bad state. It would also be
nice to send BI_REJECT to the back channel.

getopt(3) returns -1 when out of args, not EOF.

millert@ ok

reject login script; rejects attempted authentication
will be used when BSD authentication is enabled