Make sure that -n overrides -t even when -n precedes -t, like it
does in FreeBSD and in NetBSD, and fully document that behaviour.
Input, feedback, and OK jca@.

While -n is now the default, it's been useful since 1996. Keep it for compat.

Agreement from schwarze@ (who proposed a thorough but longer diff) and millert@
ok tb@ kn@ cheloha@

Amend comment: entering the root password won't unlock the terminal

Mention -p (user password) while here.

lock(1): remove default timeout

It makes little sense from a security standpoint to unlock the terminal
and expose the user's session after fifteen minutes by default.

Default behavior is now to reserve the terminal forever. Add instructions
to the manpage to help the user employ the -t timeout option more safely.

Manpage greatly improved by jmc@; bug(s) caught by millert@; with input
from claudio@.

ok millert@

lock(1): make "-n" and "-t timeout" mutually exclusive.

It doesn't make sense to simultaneously say "never time out" and "release
this terminal in a few minutes".

Input from kn@.

"just go for it" deraadt@

After recent changes, we need to clear hash, not s1.

From Scott Cheloha
ok deraadt

this program was infected with lint era casts. i think we're past that now.

remove ARGSUSED, from Scott Cheloha.
and while we're cleaning, switch __progname to getprogname.

use crypt_newhash to protect the password. from Scott Cheloha

clean up some unused variables. also, making a variable global isn't the
best way to zero initialize it if that's all you need.

instead of using time(), refer to getitimer to find out how long the
timeout is.
from Scott Cheloha

can just continue after readpassphrase returns null, the sighandler will
have already printed a message.
from Scott Cheloha

Use the safe idiom of cleaning sensitive data from memory with explicit_bzero,
instead of relying on other methods, after readpassphrase. Some programs on
this diff won't benefit that much since it happens near the terminal path, but
someone might copy the unsafe idiom to another program and place it where it
may leak sensitive data.

Discussed aeons ago with tb@, OK deraadt@ and beck@

repair braces. from ilya.kaliman/gsoares/natano

lock needs pledge(proc exec) to use bsd auth system. from trondd

normalize a few more tame request orderings, to help review

Change all tame callers to namechange to pledge(2).

tame "stdio getpw rpath wpath tty". "tty" allows this to use
readpassphrase().

Replace <sys/param.h> with <limits.h> and other less dirty headers where
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)

Correct format string mismatches turned up by -Wformat=2

suggestions and ok millert@

Prevent a segmentation fault. It could occur when login_getclass fails and
the key "s/key" is entered with supplied -a or -p option.

ok millert (with better error message)

rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and
unmaintainable). these days, people use source. these id's do not provide
any benefit, and do hurt the small install media
(the 33,000 line diff is essentially mechanical)
ok with the idea millert, ok dms

like login(1), back off password guesses after login-backoff; and
reset cnt after login-tries. tweak & ok millert@

pleasing lint, without displeasing future developers

merge parts of strtonum() cleanup from tan.dang@gmail.com

- better synopsis
- sort options
- sync usage()

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

knf

ansi

uid_t and gid_t are unsigned

_exit() not exit() in signal handler.

Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.

avoid stdio in signal handler

adapt to BSD authentication and clean things up a bit while I am at it

back out changes that should not have escaped my local tree

add missing reference to infocmp

A bit of KNF

-Wall

getopt(3) returns -1 when out of args, not EOF, whee!

s/key support now works (s/key lookup must be done with euid == 0)

Add -n/no timeout option. FreeBSD PR bin/1567, obrien@Nuxi.cs.ucdavis.edu.

type cleanup

readable

rcsid

use protos

branches: 1.1.1;
Initial revision

While -n is now the default, it's been useful since 1996. Keep it for compat.

Agreement from schwarze@ (who proposed a thorough but longer diff) and millert@
ok tb@ kn@ cheloha@

Amend comment: entering the root password won't unlock the terminal

Mention -p (user password) while here.

lock(1): remove default timeout

It makes little sense from a security standpoint to unlock the terminal
and expose the user's session after fifteen minutes by default.

Default behavior is now to reserve the terminal forever. Add instructions
to the manpage to help the user employ the -t timeout option more safely.

Manpage greatly improved by jmc@; bug(s) caught by millert@; with input
from claudio@.

ok millert@

lock(1): make "-n" and "-t timeout" mutually exclusive.

It doesn't make sense to simultaneously say "never time out" and "release
this terminal in a few minutes".

Input from kn@.

"just go for it" deraadt@

After recent changes, we need to clear hash, not s1.

From Scott Cheloha
ok deraadt

this program was infected with lint era casts. i think we're past that now.

remove ARGSUSED, from Scott Cheloha.
and while we're cleaning, switch __progname to getprogname.

use crypt_newhash to protect the password. from Scott Cheloha

clean up some unused variables. also, making a variable global isn't the
best way to zero initialize it if that's all you need.

instead of using time(), refer to getitimer to find out how long the
timeout is.
from Scott Cheloha

can just continue after readpassphrase returns null, the sighandler will
have already printed a message.
from Scott Cheloha

Use the safe idiom of cleaning sensitive data from memory with explicit_bzero,
instead of relying on other methods, after readpassphrase. Some programs on
this diff won't benefit that much since it happens near the terminal path, but
someone might copy the unsafe idiom to another program and place it where it
may leak sensitive data.

Discussed aeons ago with tb@, OK deraadt@ and beck@

repair braces. from ilya.kaliman/gsoares/natano

lock needs pledge(proc exec) to use bsd auth system. from trondd

normalize a few more tame request orderings, to help review

Change all tame callers to namechange to pledge(2).

tame "stdio getpw rpath wpath tty". "tty" allows this to use
readpassphrase().

Replace <sys/param.h> with <limits.h> and other less dirty headers where
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)

Correct format string mismatches turned up by -Wformat=2

suggestions and ok millert@

Prevent a segmentation fault. It could occur when login_getclass fails and
the key "s/key" is entered with supplied -a or -p option.

ok millert (with better error message)

rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and
unmaintainable). these days, people use source. these id's do not provide
any benefit, and do hurt the small install media
(the 33,000 line diff is essentially mechanical)
ok with the idea millert, ok dms

like login(1), back off password guesses after login-backoff; and
reset cnt after login-tries. tweak & ok millert@

pleasing lint, without displeasing future developers

merge parts of strtonum() cleanup from tan.dang@gmail.com

- better synopsis
- sort options
- sync usage()

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

knf

ansi

uid_t and gid_t are unsigned

_exit() not exit() in signal handler.

Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.

avoid stdio in signal handler

adapt to BSD authentication and clean things up a bit while I am at it

back out changes that should not have escaped my local tree

add missing reference to infocmp

A bit of KNF

-Wall

getopt(3) returns -1 when out of args, not EOF, whee!

s/key support now works (s/key lookup must be done with euid == 0)

Add -n/no timeout option. FreeBSD PR bin/1567, obrien@Nuxi.cs.ucdavis.edu.

type cleanup

readable

rcsid

use protos

branches: 1.1.1;
Initial revision

lock(1): remove default timeout

It makes little sense from a security standpoint to unlock the terminal
and expose the user's session after fifteen minutes by default.

Default behavior is now to reserve the terminal forever. Add instructions
to the manpage to help the user employ the -t timeout option more safely.

Manpage greatly improved by jmc@; bug(s) caught by millert@; with input
from claudio@.

ok millert@

lock(1): make "-n" and "-t timeout" mutually exclusive.

It doesn't make sense to simultaneously say "never time out" and "release
this terminal in a few minutes".

Input from kn@.

"just go for it" deraadt@

After recent changes, we need to clear hash, not s1.

From Scott Cheloha
ok deraadt

this program was infected with lint era casts. i think we're past that now.

remove ARGSUSED, from Scott Cheloha.
and while we're cleaning, switch __progname to getprogname.

use crypt_newhash to protect the password. from Scott Cheloha

clean up some unused variables. also, making a variable global isn't the
best way to zero initialize it if that's all you need.

instead of using time(), refer to getitimer to find out how long the
timeout is.
from Scott Cheloha

can just continue after readpassphrase returns null, the sighandler will
have already printed a message.
from Scott Cheloha

Use the safe idiom of cleaning sensitive data from memory with explicit_bzero,
instead of relying on other methods, after readpassphrase. Some programs on
this diff won't benefit that much since it happens near the terminal path, but
someone might copy the unsafe idiom to another program and place it where it
may leak sensitive data.

Discussed aeons ago with tb@, OK deraadt@ and beck@

repair braces. from ilya.kaliman/gsoares/natano

lock needs pledge(proc exec) to use bsd auth system. from trondd

normalize a few more tame request orderings, to help review

Change all tame callers to namechange to pledge(2).

tame "stdio getpw rpath wpath tty". "tty" allows this to use
readpassphrase().

Replace <sys/param.h> with <limits.h> and other less dirty headers where
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)

Correct format string mismatches turned up by -Wformat=2

suggestions and ok millert@

Prevent a segmentation fault. It could occur when login_getclass fails and
the key "s/key" is entered with supplied -a or -p option.

ok millert (with better error message)

rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and
unmaintainable). these days, people use source. these id's do not provide
any benefit, and do hurt the small install media
(the 33,000 line diff is essentially mechanical)
ok with the idea millert, ok dms

like login(1), back off password guesses after login-backoff; and
reset cnt after login-tries. tweak & ok millert@

pleasing lint, without displeasing future developers

merge parts of strtonum() cleanup from tan.dang@gmail.com

- better synopsis
- sort options
- sync usage()

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

knf

ansi

uid_t and gid_t are unsigned

_exit() not exit() in signal handler.

Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.

avoid stdio in signal handler

adapt to BSD authentication and clean things up a bit while I am at it

back out changes that should not have escaped my local tree

add missing reference to infocmp

A bit of KNF

-Wall

getopt(3) returns -1 when out of args, not EOF, whee!

s/key support now works (s/key lookup must be done with euid == 0)

Add -n/no timeout option. FreeBSD PR bin/1567, obrien@Nuxi.cs.ucdavis.edu.

type cleanup

readable

rcsid

use protos

branches: 1.1.1;
Initial revision

lock(1): make "-n" and "-t timeout" mutually exclusive.

It doesn't make sense to simultaneously say "never time out" and "release
this terminal in a few minutes".

Input from kn@.

"just go for it" deraadt@

After recent changes, we need to clear hash, not s1.

From Scott Cheloha
ok deraadt

this program was infected with lint era casts. i think we're past that now.

remove ARGSUSED, from Scott Cheloha.
and while we're cleaning, switch __progname to getprogname.

use crypt_newhash to protect the password. from Scott Cheloha

clean up some unused variables. also, making a variable global isn't the
best way to zero initialize it if that's all you need.

instead of using time(), refer to getitimer to find out how long the
timeout is.
from Scott Cheloha

can just continue after readpassphrase returns null, the sighandler will
have already printed a message.
from Scott Cheloha

Use the safe idiom of cleaning sensitive data from memory with explicit_bzero,
instead of relying on other methods, after readpassphrase. Some programs on
this diff won't benefit that much since it happens near the terminal path, but
someone might copy the unsafe idiom to another program and place it where it
may leak sensitive data.

Discussed aeons ago with tb@, OK deraadt@ and beck@

repair braces. from ilya.kaliman/gsoares/natano

lock needs pledge(proc exec) to use bsd auth system. from trondd

normalize a few more tame request orderings, to help review

Change all tame callers to namechange to pledge(2).

tame "stdio getpw rpath wpath tty". "tty" allows this to use
readpassphrase().

Replace <sys/param.h> with <limits.h> and other less dirty headers where
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)

Correct format string mismatches turned up by -Wformat=2

suggestions and ok millert@

Prevent a segmentation fault. It could occur when login_getclass fails and
the key "s/key" is entered with supplied -a or -p option.

ok millert (with better error message)

rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and
unmaintainable). these days, people use source. these id's do not provide
any benefit, and do hurt the small install media
(the 33,000 line diff is essentially mechanical)
ok with the idea millert, ok dms

like login(1), back off password guesses after login-backoff; and
reset cnt after login-tries. tweak & ok millert@

pleasing lint, without displeasing future developers

merge parts of strtonum() cleanup from tan.dang@gmail.com

- better synopsis
- sort options
- sync usage()

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

knf

ansi

uid_t and gid_t are unsigned

_exit() not exit() in signal handler.

Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.

avoid stdio in signal handler

adapt to BSD authentication and clean things up a bit while I am at it

back out changes that should not have escaped my local tree

add missing reference to infocmp

A bit of KNF

-Wall

getopt(3) returns -1 when out of args, not EOF, whee!

s/key support now works (s/key lookup must be done with euid == 0)

Add -n/no timeout option. FreeBSD PR bin/1567, obrien@Nuxi.cs.ucdavis.edu.

type cleanup

readable

rcsid

use protos

branches: 1.1.1;
Initial revision

After recent changes, we need to clear hash, not s1.

From Scott Cheloha
ok deraadt

this program was infected with lint era casts. i think we're past that now.

remove ARGSUSED, from Scott Cheloha.
and while we're cleaning, switch __progname to getprogname.

use crypt_newhash to protect the password. from Scott Cheloha

clean up some unused variables. also, making a variable global isn't the
best way to zero initialize it if that's all you need.

instead of using time(), refer to getitimer to find out how long the
timeout is.
from Scott Cheloha

can just continue after readpassphrase returns null, the sighandler will
have already printed a message.
from Scott Cheloha

Use the safe idiom of cleaning sensitive data from memory with explicit_bzero,
instead of relying on other methods, after readpassphrase. Some programs on
this diff won't benefit that much since it happens near the terminal path, but
someone might copy the unsafe idiom to another program and place it where it
may leak sensitive data.

Discussed aeons ago with tb@, OK deraadt@ and beck@

repair braces. from ilya.kaliman/gsoares/natano

lock needs pledge(proc exec) to use bsd auth system. from trondd

normalize a few more tame request orderings, to help review

Change all tame callers to namechange to pledge(2).

tame "stdio getpw rpath wpath tty". "tty" allows this to use
readpassphrase().

Replace <sys/param.h> with <limits.h> and other less dirty headers where
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)

Correct format string mismatches turned up by -Wformat=2

suggestions and ok millert@

Prevent a segmentation fault. It could occur when login_getclass fails and
the key "s/key" is entered with supplied -a or -p option.

ok millert (with better error message)

rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and
unmaintainable). these days, people use source. these id's do not provide
any benefit, and do hurt the small install media
(the 33,000 line diff is essentially mechanical)
ok with the idea millert, ok dms

like login(1), back off password guesses after login-backoff; and
reset cnt after login-tries. tweak & ok millert@

pleasing lint, without displeasing future developers

merge parts of strtonum() cleanup from tan.dang@gmail.com

- better synopsis
- sort options
- sync usage()

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

knf

ansi

uid_t and gid_t are unsigned

_exit() not exit() in signal handler.

Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.

avoid stdio in signal handler

adapt to BSD authentication and clean things up a bit while I am at it

back out changes that should not have escaped my local tree

add missing reference to infocmp

A bit of KNF

-Wall

getopt(3) returns -1 when out of args, not EOF, whee!

s/key support now works (s/key lookup must be done with euid == 0)

Add -n/no timeout option. FreeBSD PR bin/1567, obrien@Nuxi.cs.ucdavis.edu.

type cleanup

readable

rcsid

use protos

branches: 1.1.1;
Initial revision