From owner-freebsd-audit Tue Sep 4 10:43:58 2001 Delivered-To: freebsd-audit@freebsd.org Received: from arb.arb.za.net (www.powerbox.co.za [196.7.148.4]) by hub.freebsd.org (Postfix) with ESMTP id D593037B408 for ; Tue, 4 Sep 2001 10:43:31 -0700 (PDT) Received: (from uucp@localhost) by arb.arb.za.net (8.11.3/8.11.3) with UUCP id f84HhVd36466 for audit@freebsd.org; Tue, 4 Sep 2001 19:43:31 +0200 (SAST) (envelope-from mark@grondar.za) Received: from grondar.za (localhost [127.0.0.1]) by grimreaper.grondar.za (8.11.6/8.11.4) with ESMTP id f84Hbik03671 for ; Tue, 4 Sep 2001 18:37:44 +0100 (BST) (envelope-from mark@grondar.za) Message-Id: <200109041737.f84Hbik03671@grimreaper.grondar.za> To: audit@freebsd.org Subject: login(1) WARNS=2 cleanup Date: Tue, 04 Sep 2001 18:37:44 +0100 From: Mark Murray Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello all! Please take a look at this; it is primarily a WARNS=2 cleanup for login(1). What is not WARNS=2, is a general code cleanup and ANSIfication. This breaks: K&R M Index: Makefile =================================================================== RCS file: /home/ncvs/src/usr.bin/login/Makefile,v retrieving revision 1.36 diff -u -d -r1.36 Makefile --- Makefile 30 Aug 2001 11:27:36 -0000 1.36 +++ Makefile 1 Sep 2001 17:09:07 -0000 @@ -10,6 +10,8 @@ DPADD= ${LIBUTIL} ${LIBCRYPT} ${LIBPAM} LDADD= -lutil -lcrypt ${MINUSLPAM} +WARNS?= 2 + BINMODE=4555 INSTALLFLAGS=-fschg NEED_LIBNAMES= yes Index: login.c =================================================================== RCS file: /home/ncvs/src/usr.bin/login/login.c,v retrieving revision 1.68 diff -u -d -r1.68 login.c --- login.c 30 Aug 2001 11:27:36 -0000 1.68 +++ login.c 1 Sep 2001 19:20:25 -0000 @@ -82,6 +82,7 @@ #include #include +#include "login.h" #include "pathnames.h" /* wrapper for KAME-special getnameinfo() */ @@ -89,22 +90,24 @@ #define NI_WITHSCOPEID 0 #endif -void badlogin __P((char *)); -void dolastlog __P((int)); -void getloginname __P((void)); -void motd __P((char *)); -int rootterm __P((char *)); -void sigint __P((int)); -void sleepexit __P((int)); -void refused __P((char *,char *,int)); -char *stypeof __P((char *)); -void timedout __P((int)); -int login_access __P((char *, char *)); -void login_fbtab __P((char *, uid_t, gid_t)); +static void badlogin(char *); +static void dolastlog(int); +static void getloginname(void); +static void motd(const char *); +static int rootterm(char *); +static void sigint(int); +static void sleepexit(int); +static void refused(const char *,const char *,int); +static const char *stypeof(char *); +static void timedout(int); -static int auth_pam __P((void)); -static int export_pam_environment __P((void)); -static int ok_to_export __P((const char *)); +static int auth_pam(void); +static int export_pam_environment(void); +static int ok_to_export(const char *); + +static int auth_pam(void); +static int export_pam_environment(void); +static int ok_to_export(const char *); static pam_handle_t *pamh = NULL; static char **environ_pam; @@ -118,9 +121,9 @@ syslog(LOG_ERR, "pam_end: %s", pam_strerror(pamh, e)); \ } -static int auth_traditional __P((void)); -extern void login __P((struct utmp *)); -static void usage __P((void)); +static int auth_traditional(void); +extern void login(struct utmp *); +static void usage(void); #define TTYGRPNAME "tty" /* name of group to own ttys */ #define DEFAULT_BACKOFF 3 @@ -143,9 +146,7 @@ char full_hostname[MAXHOSTNAMELEN]; int -main(argc, argv) - int argc; - char *argv[]; +main(int argc, char *argv[]) { extern char **environ; struct group *gr; @@ -161,6 +162,8 @@ char tbuf[MAXPATHLEN + 2]; char tname[sizeof(_PATH_TTY) + 10]; char *shell = NULL; + char default_prompt[] = DEFAULT_PROMPT; + char default_passwd_prompt[] = DEFAULT_PASSWD_PROMPT; login_cap_t *lc = NULL; pid_t pid; int e; @@ -234,7 +237,7 @@ sleepexit(1); } } else - optarg = "invalid hostname"; + optarg = strdup("invalid hostname"); if (res != NULL) freeaddrinfo(res); } @@ -275,9 +278,9 @@ * Get "login-retries" & "login-backoff" from default class */ lc = login_getclass(NULL); - prompt = login_getcapstr(lc, "prompt", DEFAULT_PROMPT, DEFAULT_PROMPT); + prompt = login_getcapstr(lc, "prompt", default_prompt, default_prompt); passwd_prompt = login_getcapstr(lc, "passwd_prompt", - DEFAULT_PASSWD_PROMPT, DEFAULT_PASSWD_PROMPT); + default_passwd_prompt, default_passwd_prompt); retries = login_getcapnum(lc, "login-retries", DEFAULT_RETRIES, DEFAULT_RETRIES); backoff = login_getcapnum(lc, "login-backoff", DEFAULT_BACKOFF, @@ -404,7 +407,7 @@ refused("Cannot find root directory", "ROOTDIR", 1); if (!quietlog || *pwd->pw_dir) printf("No home directory.\nLogging in with home = \"/\".\n"); - pwd->pw_dir = "/"; + pwd->pw_dir = strdup("/"); } (void)seteuid(euid); (void)setegid(egid); @@ -463,7 +466,7 @@ } shell = login_getcapstr(lc, "shell", pwd->pw_shell, pwd->pw_shell); if (*pwd->pw_shell == '\0') - pwd->pw_shell = _PATH_BSHELL; + pwd->pw_shell = strdup(_PATH_BSHELL); if (*shell == '\0') /* Not overridden */ shell = pwd->pw_shell; if ((shell = strdup(shell)) == NULL) { @@ -637,7 +640,7 @@ (void)setenv("PATH", rootlogin ? _PATH_STDPATH : _PATH_DEFPATH, 0); if (!quietlog) { - char *cw; + const char *cw; cw = login_getcapstr(lc, "copyright", NULL, NULL); if (cw != NULL && access(cw, F_OK) == 0) @@ -676,7 +679,7 @@ /* * Login shells have a leading '-' in front of argv[0] */ - if (snprintf(tbuf, sizeof(tbuf), "-%s", + if ((size_t)snprintf(tbuf, sizeof(tbuf), "-%s", (p = strrchr(pwd->pw_shell, '/')) ? p + 1 : pwd->pw_shell) >= sizeof(tbuf)) { syslog(LOG_ERR, "user: %s: shell exceeds maximum pathname size", @@ -689,12 +692,12 @@ } static int -auth_traditional() +auth_traditional(void) { int rval; char *p; - char *ep; - char *salt; + const char *ep; + const char *salt; rval = 1; salt = pwd != NULL ? pwd->pw_passwd : "xx"; @@ -722,7 +725,7 @@ * fall back to a different authentication mechanism. */ static int -auth_pam() +auth_pam(void) { const char *tmpl_user; const void *item; @@ -813,7 +816,7 @@ } static int -export_pam_environment() +export_pam_environment(void) { char **pp; @@ -833,8 +836,7 @@ * Solaris pam_putenv(3) man page. */ static int -ok_to_export(s) - const char *s; +ok_to_export(const char *s) { static const char *noexport[] = { "SHELL", "HOME", "LOGNAME", "MAIL", "CDPATH", @@ -856,7 +858,7 @@ } static void -usage() +usage(void) { (void)fprintf(stderr, "usage: login [-fp] [-h hostname] [username]\n"); @@ -870,7 +872,7 @@ #define NBUFSIZ UT_NAMESIZE + 64 void -getloginname() +getloginname(void) { int ch; char *p; @@ -900,8 +902,7 @@ } int -rootterm(ttyn) - char *ttyn; +rootterm(char *ttyn) { struct ttyent *t; @@ -911,15 +912,13 @@ volatile int motdinterrupt; void -sigint(signo) - int signo __unused; +sigint(int signo __unused) { motdinterrupt = 1; } void -motd(motdfile) - char *motdfile; +motd(const char *motdfile) { int fd, nchars; sig_t oldint; @@ -937,8 +936,7 @@ /* ARGSUSED */ void -timedout(signo) - int signo; +timedout(int signo) { longjmp(timeout_buf, signo); @@ -946,8 +944,7 @@ void -dolastlog(quiet) - int quiet; +dolastlog(int quiet) { struct lastlog ll; int fd; @@ -983,8 +980,7 @@ } void -badlogin(name) - char *name; +badlogin(char *name) { if (failures == 0) @@ -1008,9 +1004,8 @@ #undef UNKNOWN #define UNKNOWN "su" -char * -stypeof(ttyid) - char *ttyid; +const char * +stypeof(char *ttyid) { struct ttyent *t; @@ -1023,10 +1018,7 @@ } void -refused(msg, rtype, lout) - char *msg; - char *rtype; - int lout; +refused(const char *msg, const char *rtype, int lout) { if (msg != NULL) @@ -1042,8 +1034,7 @@ } void -sleepexit(eval) - int eval; +sleepexit(int eval) { (void)sleep(5); Index: login.h =================================================================== RCS file: login.h diff -N login.h --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ login.h 30 Aug 2001 14:54:12 -0000 @@ -0,0 +1,37 @@ +/*- + * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +extern int login_access(char *r, char *); +extern void login_fbtab(char *tty, uid_t uid, gid_t gid); Index: login_access.c =================================================================== RCS file: /home/ncvs/src/usr.bin/login/login_access.c,v retrieving revision 1.4 diff -u -d -r1.4 login_access.c --- login_access.c 28 Sep 1997 08:49:22 -0000 1.4 +++ login_access.c 30 Aug 2001 14:51:58 -0000 @@ -22,6 +22,7 @@ #include #include +#include "login.h" #include "pathnames.h" /* Delimiters for fields and for lists of users, ttys or hosts. */ @@ -34,17 +35,15 @@ #define YES 1 #define NO 0 -static int list_match(); -static int user_match(); -static int from_match(); -static int string_match(); +static int list_match(char *, char *, int (*)(char *, char *)); +static int user_match(char *, char *); +static int from_match(char *, char *); +static int string_match(char *, char *); /* login_access - match username/group and host/tty with access control file */ int -login_access(user, from) -char *user; -char *from; +login_access(char *user, char *from) { FILE *fp; char line[BUFSIZ]; @@ -103,10 +102,8 @@ /* list_match - match an item against a list of tokens with exceptions */ -static int list_match(list, item, match_fn) -char *list; -char *item; -int (*match_fn) (); +static int +list_match(char *list, char *item, int (*match_fn)(char *, char *)) { char *tok; int match = NO; @@ -137,28 +134,17 @@ /* netgroup_match - match group against machine or user */ -static int netgroup_match(group, machine, user) -gid_t group; -char *machine; -char *user; +static int +netgroup_match(char *group __unused, char *machine __unused, char *user __unused) { -#ifdef NIS - static char *mydomain = 0; - - if (mydomain == 0) - yp_get_default_domain(&mydomain); - return (innetgr(group, machine, user, mydomain)); -#else syslog(LOG_ERR, "NIS netgroup support not configured"); return 0; -#endif } /* user_match - match a username against one token */ -static int user_match(tok, string) -char *tok; -char *string; +static int +user_match(char *tok, char *string) { struct group *group; int i; @@ -183,9 +169,8 @@ /* from_match - match a host or tty against a list of tokens */ -static int from_match(tok, string) -char *tok; -char *string; +static int +from_match(char *tok, char *string) { int tok_len; int str_len; @@ -219,9 +204,8 @@ /* string_match - match a string against one token */ -static int string_match(tok, string) -char *tok; -char *string; +static int +string_match(char *tok, char *string) { /* Index: login_fbtab.c =================================================================== RCS file: /home/ncvs/src/usr.bin/login/login_fbtab.c,v retrieving revision 1.9 diff -u -d -r1.9 login_fbtab.c --- login_fbtab.c 9 Dec 2000 09:35:41 -0000 1.9 +++ login_fbtab.c 30 Aug 2001 14:54:39 -0000 @@ -68,27 +68,25 @@ #include #include #include + +#include "login.h" #include "pathnames.h" -void login_protect __P((char *, char *, int, uid_t, gid_t)); -void login_fbtab __P((char *tty, uid_t uid, gid_t gid)); +static void login_protect(const char *, char *, int, uid_t, gid_t); #define WSPACE " \t\n" /* login_fbtab - apply protections specified in /etc/fbtab or logindevperm */ void -login_fbtab(tty, uid, gid) -char *tty; -uid_t uid; -gid_t gid; +login_fbtab(char *tty, uid_t uid, gid_t gid) { FILE *fp; char buf[BUFSIZ]; char *devname; char *cp; int prot; - char *table; + const char *table; if ((fp = fopen(table = _PATH_FBTAB, "r")) == 0 && (fp = fopen(table = _PATH_LOGINDEVPERM, "r")) == 0) @@ -121,12 +119,7 @@ /* login_protect - protect one device entry */ void -login_protect(table, path, mask, uid, gid) -char *table; -char *path; -int mask; -uid_t uid; -gid_t gid; +login_protect(const char *table, char *path, int mask, uid_t uid, gid_t gid) { char buf[BUFSIZ]; int pathlen = strlen(path); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message