Check auth_mkvalue(3) return value for NULL (malloc failure).
For constant strings we don't actually need to use auth_mkvalue(3).
Problem reported by Ross L Richardson.

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

assign pointers to NULL rather than 0

Call syslog() if login_* pledge fails; OK deraadt@

login_token needs pledge "flock" now.
OK millert@

Pledge login_token with "stdio rpath wpath cpath fattr getpw tty".
OK deraadt@

use LOGIN_NAME_MAX instead of L_cuserid, and adjust .h includes; ok millert

Fix warnings.
millert@ ok.

remove some unnecessary sys/param.h inclusions

More checking for a NULL return value from getpass(). otto@ OK

spaces

minor KNF

Block keyboard-generated signals during database accesses.

Do not set handler for SIGINT and SIGQUIT to SIG_IGN since it prevents
getpass()/readpassphrase() from being able to restore the tty mode
on keyboard interrupt. Along with the recent readpassphrase.c commit
this means that if you ^C things that use login scripts (like su(1))
with a non-CBREAK shell your tty mode will be restored nicely.

TODO:
The various login scripts need to install handlers to avoid leaving
turd files or otherwise ending in a bad state. It would also be
nice to send BI_REJECT to the back channel.

getopt(3) returns -1 when out of args, not EOF.

millert@ ok

use arc4random, clear secrets, use readpassphrase in tokeninit; ok millert@

Provides ActivCard, CRYPTOCard and SNK-004 authentication from BSDi
Will be used when BSD authentication is enabled

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

assign pointers to NULL rather than 0

Call syslog() if login_* pledge fails; OK deraadt@

login_token needs pledge "flock" now.
OK millert@

Pledge login_token with "stdio rpath wpath cpath fattr getpw tty".
OK deraadt@

use LOGIN_NAME_MAX instead of L_cuserid, and adjust .h includes; ok millert

Fix warnings.
millert@ ok.

remove some unnecessary sys/param.h inclusions

More checking for a NULL return value from getpass(). otto@ OK

spaces

minor KNF

Block keyboard-generated signals during database accesses.

Do not set handler for SIGINT and SIGQUIT to SIG_IGN since it prevents
getpass()/readpassphrase() from being able to restore the tty mode
on keyboard interrupt. Along with the recent readpassphrase.c commit
this means that if you ^C things that use login scripts (like su(1))
with a non-CBREAK shell your tty mode will be restored nicely.

TODO:
The various login scripts need to install handlers to avoid leaving
turd files or otherwise ending in a bad state. It would also be
nice to send BI_REJECT to the back channel.

getopt(3) returns -1 when out of args, not EOF.

millert@ ok

use arc4random, clear secrets, use readpassphrase in tokeninit; ok millert@

Provides ActivCard, CRYPTOCard and SNK-004 authentication from BSDi
Will be used when BSD authentication is enabled

assign pointers to NULL rather than 0

Call syslog() if login_* pledge fails; OK deraadt@

login_token needs pledge "flock" now.
OK millert@

Pledge login_token with "stdio rpath wpath cpath fattr getpw tty".
OK deraadt@

use LOGIN_NAME_MAX instead of L_cuserid, and adjust .h includes; ok millert

Fix warnings.
millert@ ok.

remove some unnecessary sys/param.h inclusions

More checking for a NULL return value from getpass(). otto@ OK

spaces

minor KNF

Block keyboard-generated signals during database accesses.

Do not set handler for SIGINT and SIGQUIT to SIG_IGN since it prevents
getpass()/readpassphrase() from being able to restore the tty mode
on keyboard interrupt. Along with the recent readpassphrase.c commit
this means that if you ^C things that use login scripts (like su(1))
with a non-CBREAK shell your tty mode will be restored nicely.

TODO:
The various login scripts need to install handlers to avoid leaving
turd files or otherwise ending in a bad state. It would also be
nice to send BI_REJECT to the back channel.

getopt(3) returns -1 when out of args, not EOF.

millert@ ok

use arc4random, clear secrets, use readpassphrase in tokeninit; ok millert@

Provides ActivCard, CRYPTOCard and SNK-004 authentication from BSDi
Will be used when BSD authentication is enabled