File: [local] / src / usr.bin / login / failedlogin.c (download)
Revision 1.19, Sun Oct 24 21:24:16 2021 UTC (2 years, 6 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE, OPENBSD_7_5, OPENBSD_7_4_BASE, OPENBSD_7_4, OPENBSD_7_3_BASE, OPENBSD_7_3, OPENBSD_7_2_BASE, OPENBSD_7_2, OPENBSD_7_1_BASE, OPENBSD_7_1, HEAD
Changes since 1.18: +3 -3 lines
For open/openat, if the flags parameter does not contain O_CREAT, the
3rd (variadic) mode_t parameter is irrelevant. Many developers in the past
have passed mode_t (0, 044, 0644, or such), which might lead future people
to copy this broken idiom, and perhaps even believe this parameter has some
meaning or implication or application. Delete them all.
This comes out of a conversation where tb@ noticed that a strange (but
intentional) pledge behaviour is to always knock-out high-bits from
mode_t on a number of system calls as a safety factor, and his bewilderment
that this appeared to be happening against valid modes (at least visually),
but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef.
ok millert
|
/* $OpenBSD: failedlogin.c,v 1.19 2021/10/24 21:24:16 deraadt Exp $ */
/*
* Copyright (c) 1996 Todd C. Miller <millert@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/*
* failedlogin.c
* Log to failedlogin file and read from it, reporting the number of
* failed logins since the last good login and when/from where
* the last failed login was.
*/
#include <sys/stat.h>
#include <sys/time.h>
#include <fcntl.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <utmp.h>
#include "pathnames.h"
struct badlogin {
char bl_line[UT_LINESIZE]; /* tty used */
char bl_name[UT_NAMESIZE]; /* remote username */
char bl_host[UT_HOSTSIZE]; /* remote host */
time_t bl_time; /* time of the login attempt */
size_t count; /* number of bad logins */
};
void log_failedlogin(uid_t, char *, char *, char *);
int check_failedlogin(uid_t);
/*
* Log a bad login to the failedlogin file.
*/
void
log_failedlogin(uid_t uid, char *host, char *name, char *tty)
{
struct badlogin failedlogin;
int fd;
/* Add O_CREAT if you want to create failedlogin if it doesn't exist */
if ((fd = open(_PATH_FAILEDLOGIN, O_RDWR)) >= 0) {
(void)lseek(fd, (off_t)uid * sizeof(failedlogin), SEEK_SET);
/* Read in last bad login so can get the count */
if (read(fd, (char *)&failedlogin, sizeof(failedlogin)) !=
sizeof(failedlogin) || failedlogin.bl_time == 0)
memset((void *)&failedlogin, 0, sizeof(failedlogin));
(void)lseek(fd, (off_t)uid * sizeof(failedlogin), SEEK_SET);
/* Increment count of bad logins */
++failedlogin.count;
(void)time(&failedlogin.bl_time);
strncpy(failedlogin.bl_line, tty, sizeof(failedlogin.bl_line));
if (host)
strncpy(failedlogin.bl_host, host, sizeof(failedlogin.bl_host));
else
*failedlogin.bl_host = '\0'; /* NULL host field */
if (name)
strncpy(failedlogin.bl_name, name, sizeof(failedlogin.bl_name));
else
*failedlogin.bl_name = '\0'; /* NULL name field */
(void)write(fd, (char *)&failedlogin, sizeof(failedlogin));
(void)close(fd);
}
}
/*
* Check the failedlogin file and report about the number of unsuccessful
* logins and info about the last one in lastlogin style.
* NOTE: zeros the count field since this is assumed to be called after the
* user has been validated.
*/
int
check_failedlogin(uid_t uid)
{
struct badlogin failedlogin;
int fd, was_bad = 0;
(void)memset((void *)&failedlogin, 0, sizeof(failedlogin));
if ((fd = open(_PATH_FAILEDLOGIN, O_RDWR)) >= 0) {
(void)lseek(fd, (off_t)uid * sizeof(failedlogin), SEEK_SET);
if (read(fd, (char *)&failedlogin, sizeof(failedlogin)) ==
sizeof(failedlogin) && failedlogin.count > 0 ) {
/* There was a bad login */
was_bad = 1;
if (failedlogin.count > 1)
(void)printf("There have been %lu unsuccessful "
"login attempts to your account.\n",
(u_long)failedlogin.count);
(void)printf("Last unsuccessful login: %.*s", 24-5,
(char *)ctime(&failedlogin.bl_time));
(void)printf(" on %.*s",
(int)sizeof(failedlogin.bl_line),
failedlogin.bl_line);
if (*failedlogin.bl_host != '\0') {
if (*failedlogin.bl_name != '\0')
(void)printf(" from %.*s@%.*s",
(int)sizeof(failedlogin.bl_name),
failedlogin.bl_name,
(int)sizeof(failedlogin.bl_host),
failedlogin.bl_host);
else
(void)printf(" from %.*s",
(int)sizeof(failedlogin.bl_host),
failedlogin.bl_host);
}
(void)putchar('\n');
/* Reset since this is a good login and write record */
failedlogin.count = 0;
(void)lseek(fd, (off_t)uid * sizeof(failedlogin),
SEEK_SET);
(void)write(fd, (char *)&failedlogin,
sizeof(failedlogin));
}
(void)close(fd);
}
return(was_bad);
}
![[BACK]](/icons/back.gif){kind=icon}
Return to failedlogin.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / login