Patch #2 to shadow login package
John F. Haugh II
jfh at rpp386.Dallas.TX.US
Sun Feb 19 11:31:21 AEST 1989
This file constitutes patch level 2 for the shadow login replacement.
These patches correct a problem where the shell field in the password
file might have been blank. Sigh. It also provides the README file
which was omitted from the original distribution. This patch may
cause some problems.
To apply these patches, change to the directory where the login
sources are currently contained and execute patch using this file
as the input.
- John.
--
*** README
--- new/README
**************
*** 1,0
--- 1,146 -----
+ This is the explanatory document for John F. Haugh II's login replacement.
+
+ This software is copyright 1989, John F. Haugh II. All rights reserved.
+ Use, duplication and disclosure is permitted according to the guidelines
+ listed below. At some point in the future this licence will be
+ modified to conform to the GNU General Public License.
+
+ This software is being provided as a freely redistributable login clone.
+ You may distribute this software provided you do not charge for other than
+ transmission costs. You are free to transfer this software provided you
+ do not restrict the rights of the recipients to further transfer this
+ software.
+
+ This software is being distributed AS-IS. The author disclaims all
+ liability for any consequences of use. The user is solely responsible
+ for the maintenance of this software package. The author is under no
+ obligation to provide modifications or improvements.
+
+ Begin by reading and editting the config.h file. All options are selected
+ by using #define's. A brief description for each available option appears
+ below.
+
+ Note that there are MANY options.
+
+ Dialup Password Files -
+ This option permits individual ports to have an additional
+ password prompted for on a by-shell basis. /etc/dialups
+ contains a list of dialup ports, d_passwd contains the
+ password for each shell requiring a dialup password.
+
+ Select this option by defining the DIALUP macro.
+
+ Shadow [ unreadable ] Password Files -
+ This option utilizes an alternate, non-readable file to
+ contain the actual encrypted passwords. This is presumed
+ to increase system security by increasing the difficulty
+ with which system crackers obtain encrypted passwords.
+
+ Select this option by defining the SHADOWPWD macro.
+
+ Obscure Password Testing -
+ This option includes code to test user passwords for
+ complexity. The programmer is encouraged to edit the
+ file obscure.c to add additional methods for detecting
+ simplistic passwords.
+
+ Select this option by defining the OBSCURE macro.
+
+ Additionally, the PASSLENGTH macro must be defined to
+ control the minimum length for a legal password.
+
+ Mandatory Password Prompting -
+ This option requires all passwords, including null ones,
+ to be prompted for. Traditionally an account with a
+ password field of '::' does not require prompting for.
+ This option modifies this behavior to require even
+ null passwords be prompted for.
+
+ Select this option by defining the NOBLANK macro.
+
+ HZ Environmental Variable -
+ This option pre-defines the HZ environmental variable.
+ Certain systems require this variable be defined for
+ system time reporting functions to work properly.
+
+ Select this option by defining the HZ macro to have
+ the desired environmental variable value.
+
+ TZ Environmental Variable -
+ This option pre-defines the TZ environmental variable.
+ This provides a default timezone variable for use by
+ various utilities.
+
+ Select this option by defining the TZ macro to have
+ the desired environmental variable value.
+
+ Password Aging -
+ This option includes code to perform password aging.
+ Password aging is presumed to increase system security
+ by forcing users to change passwords on a regular
+ basis. The resolution on password age is in weeks for
+ non-shadow password systems and in days otherwise.
+
+ Select this option by defining the AGING macro.
+
+ Mailbox Checking -
+ This option includes code to check the status of the
+ user's mailbox. One of three messages are produced
+ depending on the status of the user's mailbox.
+
+ Select this option by defining the MAILCHECK macro.
+
+ Console Restricted Root Logins -
+ This option restricts the port which root may legally
+ login on. This option presumably increases system
+ security by preventing outside attacks against the root
+ account.
+
+ Select this option by defining the CONSOLE macro to
+ have the desired port name.
+
+ Message of the Day Printing -
+ This option causes the message of the day to be
+ printed at login time.
+
+ Select this option by defining the MOTD macro.
+
+ If you wish this feature to be overriden on a per-user
+ basis, define the macro HUSHLOGIN and users may then
+ turn off the /etc/motd message by creating a file
+ '.hushlogin' in their home directories.
+
+ Last Login Time Logging -
+ This option causes a record to be made of successful
+ logins in /usr/adm/lastlog. The format of the
+ structure is defined in lastlog.h.
+
+ Select this option by defining the LASTLOG macro.
+
+ You will need to determine if you system already has
+ a lastlog.h file and use that file if present.
+
+ Terminal Permissions -
+ This option allows the terminal modes to be set at
+ login time. This is particularly useful to disable
+ messages on user's terminals.
+
+ Select this option by defining the TTYPERM macro as
+ having the desired mode.
+
+ File Size Setting -
+ This option includes code to set the user's ulimit
+ at login time. Additional code to set the umask and
+ nice value is also included.
+
+ Select this option by defining the QUOTAS macro.
+
+ Switch-User Logging -
+ This option causes su(1) to log attempts to switch
+ users. Su(1) will log all attempt, giving the old
+ and new user ID's, tty port, and time. It also
+ indicates if the attempt was successful.
+
+ Select this option by defining the SULOG macro to
+ have the value of the name of the file you want
+ attempts logged to.
*** Makefile
--- new/Makefile
**************
*** 1,5
#
! # @(#)Makefile 1.2 - System V shadow password system
#
# @(#)Makefile 1.2 13:59:26 2/5/89
#
--- 1,5 -----
#
! # @(#)Makefile 1.3 - System V shadow password system
#
# @(#)Makefile 1.3 18:58:25 2/18/89
#
**************
*** 1,7
#
# @(#)Makefile 1.2 - System V shadow password system
#
! # @(#)Makefile 1.2 13:59:26 2/5/89
#
SHELL = /bin/sh
--- 1,7 -----
#
# @(#)Makefile 1.3 - System V shadow password system
#
! # @(#)Makefile 1.3 18:58:25 2/18/89
#
SHELL = /bin/sh
**************
*** 46,52
SULOGSRCS = sulogin.c entry.c env.c password.c age.c pwent.c setup.c \
shadow.c shell.c valid.c
! FILES1 = log.c mail.c shadow.h sulog.c Makefile entry.c obscure.c \
setup.c sub.c config.h pmain.c sulogin.c dialup.h
FILES2 = lastlog.h login.c motd.c password.c shell.c utmp.c age.c env.c \
--- 46,52 -----
SULOGSRCS = sulogin.c entry.c env.c password.c age.c pwent.c setup.c \
shadow.c shell.c valid.c
! FILES1 = README log.c mail.c shadow.h sulog.c Makefile entry.c obscure.c \
setup.c sub.c config.h pmain.c sulogin.c dialup.h
FILES2 = lastlog.h login.c motd.c password.c shell.c utmp.c age.c env.c \
*** lmain.c
--- new/lmain.c
**************
*** 8,13
#include "config.h"
#include "lastlog.h"
char name[BUFSIZ];
char pass[BUFSIZ];
char home[BUFSIZ];
--- 8,17 -----
#include "config.h"
#include "lastlog.h"
+ #ifndef lint
+ static char _sccsid[] = "@(#)lmain.c 1.2 19:00:57 2/18/89";
+ #endif
+
char name[BUFSIZ];
char pass[BUFSIZ];
char home[BUFSIZ];
**************
*** 132,138
strncmp (CONSOLE, utent.ut_line, sizeof utent.ut_line))
exit (1); /* then exit! */
#endif
! if (pwent.pw_shell[0] == '*') /* subsystem root required */
subsystem (); /* figure out what to execute */
#ifdef LASTLOG
--- 136,142 -----
strncmp (CONSOLE, utent.ut_line, sizeof utent.ut_line))
exit (1); /* then exit! */
#endif
! if (pwent.pw_shell && pwent.pw_shell[0] == '*') /* subsystem root */
subsystem (); /* figure out what to execute */
#ifdef LASTLOG
*** pwent.c
--- new/pwent.c
**************
*** 2,8
#include <pwd.h>
#include <string.h>
! #define SBUFSIZ 64
static char *tokcpy (buf, token)
char *buf;
--- 2,10 -----
#include <pwd.h>
#include <string.h>
! #ifndef lint
! static char _sccsid[] = "@(#)pwent.c 1.2 19:01:00 2/18/89";
! #endif
#define SBUFSIZ 64
**************
*** 4,9
#define SBUFSIZ 64
static char *tokcpy (buf, token)
char *buf;
char *token;
--- 6,13 -----
static char _sccsid[] = "@(#)pwent.c 1.2 19:01:00 2/18/89";
#endif
+ #define SBUFSIZ 64
+
static char *tokcpy (buf, token)
char *buf;
char *token;
**************
*** 21,27
if (*buf == '\0')
return ((char *) 0);
! while (*buf && *buf != ':')
*token++ = *buf++;
*token = '\0';
--- 25,31 -----
if (*buf == '\0')
return ((char *) 0);
! while (buf - start < (SBUFSIZ-1) && *buf && *buf != ':')
*token++ = *buf++;
*token = '\0';
**************
*** 85,91
if (! tokcpy ((char *) 0, home))
return ((struct passwd *) 0);
! if (! tokcpy ((char *) 0, shell) && *shell)
pwent.pw_shell = (char *) 0;
if (pwent.pw_passwd && pwent.pw_passwd[0] == '\0')
--- 89,95 -----
if (! tokcpy ((char *) 0, home))
return ((struct passwd *) 0);
! if (! tokcpy ((char *) 0, shell))
pwent.pw_shell = (char *) 0;
if (pwent.pw_passwd && pwent.pw_passwd[0] == '\0')
*** smain.c
--- new/smain.c
**************
*** 7,13
#include "lastlog.h"
#ifndef lint
! static char _sccsid[] = "@(#)smain.c 1.2 13:59:37 2/5/89";
#endif
#ifndef MAXENV
--- 7,13 -----
#include "lastlog.h"
#ifndef lint
! static char _sccsid[] = "@(#)smain.c 1.3 18:58:30 2/18/89";
#endif
#ifndef MAXENV
**************
*** 80,85
(void) strcpy (name, "root");
entry (name, &pwent); /* get password file entry */
if (pwent.pw_name == (char *) 0) { /* unknown user */
(void) fprintf (stderr, "Unknown id: %s\n", pwent.pw_name);
--- 80,87 -----
(void) strcpy (name, "root");
entry (name, &pwent); /* get password file entry */
+ if (pwent.pw_shell == (char *) 0)
+ pwent.pw_shell = "/bin/sh";
if (pwent.pw_name == (char *) 0) { /* unknown user */
(void) fprintf (stderr, "Unknown id: %s\n", pwent.pw_name);
**************
*** 134,142
}
}
if (! doshell) { /* execute arguments as command */
- if (! pwent.pw_shell)
- pwent.pw_shell = "/bin/sh";
-
argv[-1] = pwent.pw_shell;
(void) execv (pwent.pw_shell, &argv[-1]);
(void) fprintf (stderr, "No shell\n");
--- 136,141 -----
}
}
if (! doshell) { /* execute arguments as command */
argv[-1] = pwent.pw_shell;
(void) execv (pwent.pw_shell, &argv[-1]);
(void) fprintf (stderr, "No shell\n");
**************
*** 151,159
#endif
shell (pwent.pw_shell); /* exec the shell finally. */
} else {
- if (pwent.pw_shell == (char *) 0)
- pwent.pw_shell = "/bin/sh";
-
execl (pwent.pw_shell, "su", (char *) 0);
perror (pwent.pw_shell);
exit (1);
--- 150,155 -----
#endif
shell (pwent.pw_shell); /* exec the shell finally. */
} else {
execl (pwent.pw_shell, "su", (char *) 0);
perror (pwent.pw_shell);
exit (1);
*** sub.c
--- new/sub.c
**************
*** 3,8
#include <utmp.h>
#include <string.h>
extern struct passwd pwent;
#ifndef SU
extern struct utmp utent;
--- 3,12 -----
#include <utmp.h>
#include <string.h>
+ #ifndef lint
+ static char _sccsid[] = "@(#)sub.c 1.2 19:01:01 2/18/89";
+ #endif
+
extern struct passwd pwent;
#ifndef SU
extern struct utmp utent;
**************
*** 39,46
puts ("No /bin/login or /etc/login on root");
exit (1);
#else
! if (pwent.pw_shell[1] == '\0')
! pwent.pw_shell = "/bin/sh";
else
pwent.pw_shell++;
#endif
--- 43,50 -----
puts ("No /bin/login or /etc/login on root");
exit (1);
#else
! if (! pwent.pw_shell || strlen (pwent.pw_shell) == 1)
! pwent.pw_shell = "/bin/sh"; /* default shell */
else
pwent.pw_shell++; /* skip over '*' */
#endif
**************
*** 42,47
if (pwent.pw_shell[1] == '\0')
pwent.pw_shell = "/bin/sh";
else
! pwent.pw_shell++;
#endif
}
--- 46,51 -----
if (! pwent.pw_shell || strlen (pwent.pw_shell) == 1)
pwent.pw_shell = "/bin/sh"; /* default shell */
else
! pwent.pw_shell++; /* skip over '*' */
#endif
}
--
John F. Haugh II +--Quote of the Week:------------------
VoiceNet: (214) 250-3311 Data: -6272 | "If I do not want others to quote me,
InterNet: jfh at rpp386.Dallas.TX.US | I do not speak." -- Phil Wayne
UucpNet : <backbone>!killer!rpp386!jfh +--------------------------------------
More information about the Comp.sources.bugs
mailing list