| #
805ea040 |
| 01-Mar-2022 |
tedu <tedu@openbsd.org> |
add rtable capability to login.conf.
from Matthew Martin
|
| #
d7bd1adb |
| 10-Feb-2022 |
robert <robert@openbsd.org> |
introduce support for storing capability databases in /etc/login.conf.d;
anytime a class is looked up, the /etc/login.conf.d/${class} file will be
checked first for a matching class definition; this
introduce support for storing capability databases in /etc/login.conf.d;
anytime a class is looked up, the /etc/login.conf.d/${class} file will be
checked first for a matching class definition; this will allow us to easily
add custom login classes from packages
ok millert@
show more ...
|
| #
c0455c86 |
| 03-Jun-2021 |
deraadt <deraadt@openbsd.org> |
secure_path(3) hasn't been called since we recognized the TOCTOU issues a few
years back, so we can remove it. Since nothing in the ecosystem calls it, I
am not cranking the libc major as required,
secure_path(3) hasn't been called since we recognized the TOCTOU issues a few
years back, so we can remove it. Since nothing in the ecosystem calls it, I
am not cranking the libc major as required, surely another crank will come
along soon.
noticed by Dante Catalfamo
ok millert
show more ...
|
| #
2b699e5c |
| 29-Jul-2018 |
deraadt <deraadt@openbsd.org> |
Add _PATH_AUTHPROGDIR = "/usr/libexec/auth", this path will be used
to unveil. Unfortunately the auth subsystem uses _PATH_AUTHPROG =
"/usr/libexec/auth/login_", which it auth-program is appended to
Add _PATH_AUTHPROGDIR = "/usr/libexec/auth", this path will be used
to unveil. Unfortunately the auth subsystem uses _PATH_AUTHPROG =
"/usr/libexec/auth/login_", which it auth-program is appended to -- a
rather gross idea which now shows lack of wisdom.
show more ...
|
| #
817d1ee3 |
| 21-Nov-2014 |
tedu <tedu@openbsd.org> |
change prototype for crypt_newhash. the login_cap_t is a holdover from its
pwd_gensalt origins, but a string argument works equally work and is more
friendly to consumers beyond local user accounts.
change prototype for crypt_newhash. the login_cap_t is a holdover from its
pwd_gensalt origins, but a string argument works equally work and is more
friendly to consumers beyond local user accounts.
ok deraadt
show more ...
|
| #
faa4eeec |
| 19-Nov-2014 |
tedu <tedu@openbsd.org> |
prototype for crypt_newhash(). adding it here because this is where
login_cap_t lives and i don't want to forward declare it in unistd.h
|
| #
02272fec |
| 28-Jan-2005 |
millert <millert@openbsd.org> |
LOGIN_SETALL did not include LOGIN_SETENV as it should.
|
| #
1b4bf431 |
| 09-Aug-2004 |
millert <millert@openbsd.org> |
Support the "setenv" capability in login.conf ala FreeBSD. Following
FreeBSD's example, a '~' in an environment variable is replaced
with the user's homedir. A '$' is replaced by the user's login
n
Support the "setenv" capability in login.conf ala FreeBSD. Following
FreeBSD's example, a '~' in an environment variable is replaced
with the user's homedir. A '$' is replaced by the user's login
name. Both can be escaped with a backslash to get the literal char.
OK deraadt@
show more ...
|
| #
4f52662f |
| 03-Aug-2004 |
millert <millert@openbsd.org> |
Define BI_FDPASS for the BSD auth fd passing changes.
|
| #
d1f942ab |
| 22-Jan-2004 |
espie <espie@openbsd.org> |
Remove unnecessary typedef usage.
u_char -> unsigned char
u_short -> unsigned short
u_long -> unsigned long
u_int -> unsigned int
okay millert@
|
| #
756873d8 |
| 02-Aug-2002 |
millert <millert@openbsd.org> |
Change value of LOGIN_DEFSTYLE from "krb4-or-pwd" to just "passwd".
If there is no login.conf or it is corrupt we don't want to make
any assumptions about kerberos. By request of deraadt@
|
| #
82fb7937 |
| 03-Jun-2002 |
deraadt <deraadt@openbsd.org> |
compatiblity -> compatibility
decriptor -> descriptor
authentciated -> authenticated
transmition -> transmission
|
| #
c72b5b24 |
| 16-Feb-2002 |
millert <millert@openbsd.org> |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be don
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
show more ...
|
| #
9528a93a |
| 15-Jul-2001 |
millert <millert@openbsd.org> |
Give login_cap_t a struct name so we can use forward declarations.
|
| #
77c76821 |
| 30-Jun-2001 |
millert <millert@openbsd.org> |
Default login style is now krb4-or-pwd, not krb-or-pwd.
|
| #
504e5da2 |
| 01-Jan-2001 |
millert <millert@openbsd.org> |
Guard against multiple inclusion
|
| #
e802aa69 |
| 21-Nov-2000 |
millert <millert@openbsd.org> |
BSD authentication routines from BSDI. Presently this is not used but
the login_* helper programs and other support will be committed in the
near future.
|
| #
6bedce01 |
| 19-Nov-2000 |
millert <millert@openbsd.org> |
Remove prototypes for old BSD auth functions. New ones will live in
bsd_auth.h when BSD authentication is committed.
|
| #
362f029c |
| 20-Aug-2000 |
millert <millert@openbsd.org> |
login.conf code from BSDi. This does not include the bsd auth code
which will come later. At this stage it is primarily used for setting
resource limits.
|