summaryrefslogtreecommitdiff
path: root/libexec/login_skey
AgeCommit message (Collapse)Author
2002-06-02minor KNFTheo de Raadt
2002-05-29a few more strlcatTheo de Raadt
2002-05-16No longer needs to be setuid root.Todd C. Miller
2002-03-13login(8) -> login(1)Marco S Hyman
2002-02-16Part one of userland __P removal. Done with a simple regexp with some minor ↵Todd C. Miller
hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
2001-12-07Catch SIGINT, SIGQUIT and SIGTSTP but ignore during the databaseTodd C. Miller
update. We have to be careful and drop our lock if we are suspended and then regain the lock on resume. This is necessary because the user must not be allowed to keep a record locked for a long period of time to avoid a DoS. We must be sure to re-lock when we resume because otherwise an attacker could suspend us until a user starts to login and then resume and then race the user for login using the challenge response from the user.
2001-12-06Do not set handler for SIGINT and SIGQUIT to SIG_IGN since it preventsTodd C. Miller
getpass()/readpassphrase() from being able to restore the tty mode on keyboard interrupt. Along with the recent readpassphrase.c commit this means that if you ^C things that use login scripts (like su(1)) with a non-CBREAK shell your tty mode will be restored nicely. TODO: The various login scripts need to install handlers to avoid leaving turd files or otherwise ending in a bad state. It would also be nice to send BI_REJECT to the back channel.
2001-10-24getopt(3) returns -1 when out of args, not EOF.Mike Pechkin
millert@ ok
2001-07-08Remove extraneous .Pp after .ShTodd C. Miller
2001-06-25Remove instance stuff now that su uses an explicit option to specifyTodd C. Miller
the invoking user.
2001-06-20Add an alarm to implement as timeout on the locked record.Todd C. Miller
2000-12-12skey login script; authenticates the user via S/KeyTodd C. Miller
will be used when BSD authentication is enabled