=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/login/login.c,v retrieving revision 1.46 retrieving revision 1.47 diff -c -r1.46 -r1.47 *** src/usr.bin/login/login.c 2002/03/30 18:16:05 1.46 --- src/usr.bin/login/login.c 2002/07/02 01:15:08 1.47 *************** *** 1,4 **** ! /* $OpenBSD: login.c,v 1.46 2002/03/30 18:16:05 vincent Exp $ */ /* $NetBSD: login.c,v 1.13 1996/05/15 23:50:16 jtc Exp $ */ /*- --- 1,4 ---- ! /* $OpenBSD: login.c,v 1.47 2002/07/02 01:15:08 deraadt Exp $ */ /* $NetBSD: login.c,v 1.13 1996/05/15 23:50:16 jtc Exp $ */ /*- *************** *** 77,83 **** #if 0 static char sccsid[] = "@(#)login.c 8.4 (Berkeley) 4/2/94"; #endif ! static char rcsid[] = "$OpenBSD: login.c,v 1.46 2002/03/30 18:16:05 vincent Exp $"; #endif /* not lint */ /* --- 77,83 ---- #if 0 static char sccsid[] = "@(#)login.c 8.4 (Berkeley) 4/2/94"; #endif ! static char rcsid[] = "$OpenBSD: login.c,v 1.47 2002/07/02 01:15:08 deraadt Exp $"; #endif /* not lint */ /* *************** *** 152,176 **** char *style; char *username = NULL, *rusername = NULL; int ! main(argc, argv) ! int argc; ! char *argv[]; { ! extern char **environ; struct addrinfo *ai, hints; - struct group *gr; struct rlimit cds, scds; - struct stat st; - struct utmp utmp; quad_t expire, warning; uid_t uid; - int ask, ch, cnt, fflag, pflag, quietlog, rootlogin, lastchance; - int error, homeless, needto, authok, tries, backoff; - char *domain, *p, *ttyn, *shell, *fullname, *instance; - char *lipaddr, *script, *ripaddr, *style, *type, *fqdn, *copyright; - char tbuf[MAXPATHLEN + 2], tname[sizeof(_PATH_TTY) + 10]; - char localhost[MAXHOSTNAMELEN]; (void)signal(SIGALRM, timedout); if (argc > 1) { --- 152,175 ---- char *style; char *username = NULL, *rusername = NULL; + extern char **environ; + int ! main(int argc, char *argv[]) { ! char *domain, *p, *ttyn, *shell, *fullname, *instance; ! char *lipaddr, *script, *ripaddr, *style, *type, *fqdn; ! char tbuf[MAXPATHLEN + 2], tname[sizeof(_PATH_TTY) + 10]; ! char localhost[MAXHOSTNAMELEN], *copyright; ! int ask, ch, cnt, fflag, pflag, quietlog, rootlogin, lastchance; ! int error, homeless, needto, authok, tries, backoff; struct addrinfo *ai, hints; struct rlimit cds, scds; quad_t expire, warning; + struct utmp utmp; + struct group *gr; + struct stat st; uid_t uid; (void)signal(SIGALRM, timedout); if (argc > 1) { *************** *** 297,303 **** if (!uid) syslog(LOG_ERR, "invalid flag %c", ch); (void)fprintf(stderr, ! "usage: login [-fp] [-h hostname] [-L lipaddr] [-R ripaddr] [-u username] [user]\n"); quickexit(1); } argc -= optind; --- 296,303 ---- if (!uid) syslog(LOG_ERR, "invalid flag %c", ch); (void)fprintf(stderr, ! "usage: login [-fp] [-h hostname] [-L lipaddr] " ! "[-R ripaddr] [-u username] [user]\n"); quickexit(1); } argc -= optind; *************** *** 337,343 **** #endif /* get the default login class */ ! if ((lc = login_getclass(0)) == NULL) { /* get the default class */ warnx("Failure to retrieve default class"); quickexit(1); } --- 337,343 ---- #endif /* get the default login class */ ! if ((lc = login_getclass(0)) == NULL) { /* get the default class */ warnx("Failure to retrieve default class"); quickexit(1); } *************** *** 352,358 **** } shell = strrchr(script, '/') + 1; auth_setstate(as, AUTH_OKAY); ! auth_call(as, script, shell, fflag ? "-f" : username, fflag ? username : 0, 0); if (!(auth_getstate(as) & AUTH_ALLOW)) quickexit(1); --- 352,358 ---- } shell = strrchr(script, '/') + 1; auth_setstate(as, AUTH_OKAY); ! auth_call(as, script, shell, fflag ? "-f" : username, fflag ? username : 0, 0); if (!(auth_getstate(as) & AUTH_ALLOW)) quickexit(1); *************** *** 404,410 **** needto = 0; alarm(timeout); } ! if ((style = strchr(username, ':')) != NULL) *style++ = '\0'; if (fullname) free(fullname); --- 404,410 ---- needto = 0; alarm(timeout); } ! if ((style = strchr(username, ':')) != NULL) *style++ = '\0'; if (fullname) free(fullname); *************** *** 504,510 **** /* * explicitly reject users without password file entries */ ! if (pwd == 0) goto failed; /* --- 504,510 ---- /* * explicitly reject users without password file entries */ ! if (pwd == NULL) goto failed; /* *************** *** 535,541 **** else syslog(LOG_NOTICE, "LOGIN %s REFUSED ON TTY %s", ! fullname, tty); } else { if (!as || (p = auth_getvalue(as, "errormsg")) == NULL) p = "Login incorrect"; --- 535,541 ---- else syslog(LOG_NOTICE, "LOGIN %s REFUSED ON TTY %s", ! fullname, tty); } else { if (!as || (p = auth_getvalue(as, "errormsg")) == NULL) p = "Login incorrect"; *************** *** 655,661 **** warning = login_getcaptime(lc, "expire-warn", 2 * DAYSPERWEEK * SECSPERDAY, 2 * DAYSPERWEEK * SECSPERDAY); if (expire < warning) ! (void)printf("Warning: your account expires on %s", ctime(&pwd->pw_expire)); } --- 655,661 ---- warning = login_getcaptime(lc, "expire-warn", 2 * DAYSPERWEEK * SECSPERDAY, 2 * DAYSPERWEEK * SECSPERDAY); if (expire < warning) ! (void)printf("Warning: your account expires on %s", ctime(&pwd->pw_expire)); } *************** *** 689,700 **** } if (!quietlog) { - #if 0 - (void)printf("%s\n\t%s %s\n\n", - "Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994", - "The Regents of the University of California. ", - "All rights reserved."); - #endif if ((copyright = login_getcapstr(lc, "copyright", NULL, NULL)) != NULL) auth_cat(copyright); --- 689,694 ---- *************** *** 721,727 **** syslog(LOG_ERR, "couldn't reset core dump size: %m"); if (lastchance) ! (void)printf("WARNING: Your password has expired. You must change your password, now!\n"); if (setusercontext(lc, pwd, rootlogin ? 0 : pwd->pw_uid, LOGIN_SETALL & ~LOGIN_SETPATH) < 0) { --- 715,722 ---- syslog(LOG_ERR, "couldn't reset core dump size: %m"); if (lastchance) ! (void)printf("WARNING: Your password has expired." ! " You must change your password, now!\n"); if (setusercontext(lc, pwd, rootlogin ? 0 : pwd->pw_uid, LOGIN_SETALL & ~LOGIN_SETPATH) < 0) { *************** *** 762,768 **** auth_close(as); #ifdef KERBEROS ! kgettokens(pwd->pw_dir); #endif execlp(shell, tbuf, (char *)NULL); --- 757,763 ---- auth_close(as); #ifdef KERBEROS ! kgettokens(pwd->pw_dir); #endif execlp(shell, tbuf, (char *)NULL); *************** *** 776,786 **** #define NBUFSIZ (UT_NAMESIZE + 1 + 16 + 1 + 16) void ! getloginname() { int ch; - char *p; - static char nbuf[NBUFSIZ]; for (;;) { (void)printf("login: "); --- 771,780 ---- #define NBUFSIZ (UT_NAMESIZE + 1 + 16 + 1 + 16) void ! getloginname(void) { + static char nbuf[NBUFSIZ], *p; int ch; for (;;) { (void)printf("login: "); *************** *** 806,813 **** } int ! rootterm(ttyn) ! char *ttyn; { struct ttyent *t; --- 800,806 ---- } int ! rootterm(char *ttyn) { struct ttyent *t; *************** *** 818,829 **** jmp_buf motdinterrupt; void ! motd() { int fd, nchars; sig_t oldint; - char tbuf[8192]; - char *motd; motd = login_getcapstr(lc, "welcome", _PATH_MOTDFILE, _PATH_MOTDFILE); --- 811,821 ---- jmp_buf motdinterrupt; void ! motd(void) { + char tbuf[8192], *motd; int fd, nchars; sig_t oldint; motd = login_getcapstr(lc, "welcome", _PATH_MOTDFILE, _PATH_MOTDFILE); *************** *** 839,864 **** /* ARGSUSED */ void ! sigint(signo) ! int signo; { longjmp(motdinterrupt, 1); } /* ARGSUSED */ void ! timedout(signo) ! int signo; { ! (void)fprintf(stderr, "Login timed out after %d seconds\n", timeout); if (username) badlogin(username); ! exit(0); } void ! dolastlog(quiet) ! int quiet; { struct lastlog ll; int fd; --- 831,857 ---- /* ARGSUSED */ void ! sigint(int signo) { longjmp(motdinterrupt, 1); } /* ARGSUSED */ void ! timedout(int signo) { ! char warn[1024]; ! ! snprintf(warn, sizeof warn, ! "Login timed out after %d seconds\n", timeout); ! write(STDERR_FILENO, warn, strlen(warn)); if (username) badlogin(username); ! _exit(0); } void ! dolastlog(int quiet) { struct lastlog ll; int fd; *************** *** 893,916 **** } void ! badlogin(name) ! char *name; { if (failures == 0) return; if (hostname) { ! syslog(LOG_NOTICE, "%d LOGIN FAILURE%s FROM %s%s%s", failures, failures > 1 ? "S" : "", rusername ? rusername : "", rusername ? "@" : "", hostname); ! syslog(LOG_AUTHPRIV|LOG_NOTICE, "%d LOGIN FAILURE%s FROM %s%s%s, %s", failures, failures > 1 ? "S" : "", rusername ? rusername : "", rusername ? "@" : "", hostname, name); } else { ! syslog(LOG_NOTICE, "%d LOGIN FAILURE%s ON %s", failures, failures > 1 ? "S" : "", tty); ! syslog(LOG_AUTHPRIV|LOG_NOTICE, "%d LOGIN FAILURE%s ON %s, %s", failures, failures > 1 ? "S" : "", tty, name); } --- 886,912 ---- } void ! badlogin(char *name) { + struct syslog_data sdata = SYSLOG_DATA_INIT; + if (failures == 0) return; if (hostname) { ! syslog_r(LOG_NOTICE, &sdata, ! "%d LOGIN FAILURE%s FROM %s%s%s", failures, failures > 1 ? "S" : "", rusername ? rusername : "", rusername ? "@" : "", hostname); ! syslog_r(LOG_AUTHPRIV|LOG_NOTICE, &sdata, "%d LOGIN FAILURE%s FROM %s%s%s, %s", failures, failures > 1 ? "S" : "", rusername ? rusername : "", rusername ? "@" : "", hostname, name); } else { ! syslog_r(LOG_NOTICE, &sdata, ! "%d LOGIN FAILURE%s ON %s", failures, failures > 1 ? "S" : "", tty); ! syslog_r(LOG_AUTHPRIV|LOG_NOTICE, &sdata, "%d LOGIN FAILURE%s ON %s, %s", failures, failures > 1 ? "S" : "", tty, name); } *************** *** 920,927 **** #define UNKNOWN "su" char * ! stypeof(ttyid) ! char *ttyid; { struct ttyent *t; --- 916,922 ---- #define UNKNOWN "su" char * ! stypeof(char *ttyid) { struct ttyent *t; *************** *** 930,937 **** } void ! sleepexit(eval) ! int eval; { auth_close(as); (void)sleep(5); --- 925,931 ---- } void ! sleepexit(int eval) { auth_close(as); (void)sleep(5); *************** *** 939,946 **** } void ! quickexit(eval) ! int eval; { if (as) auth_close(as); --- 933,939 ---- } void ! quickexit(int eval) { if (as) auth_close(as); *************** *** 949,974 **** void ! sighup(signum) ! int signum; { if (username) badlogin(username); ! exit(0); } #ifdef KERBEROS void ! kgettokens(homedir) ! char *homedir; { ! /* buy AFS-tokens for homedir */ ! if (k_hasafs()) { char cell[128]; k_setpag(); ! if (k_afs_cell_of_file(homedir, ! cell, sizeof(cell)) == 0) krb_afslog(cell, 0); krb_afslog(0, 0); } --- 942,965 ---- void ! sighup(int signum) { if (username) badlogin(username); ! _exit(0); } #ifdef KERBEROS void ! kgettokens(char *homedir) { ! /* buy AFS-tokens for homedir */ ! if (k_hasafs()) { char cell[128]; + k_setpag(); ! if (k_afs_cell_of_file(homedir, cell, sizeof(cell)) == 0) krb_afslog(cell, 0); krb_afslog(0, 0); }