version 1.13, 1996/11/09 20:17:17 |
version 1.14, 1996/12/04 04:04:41 |
|
|
|
|
extern void login __P((struct utmp *)); |
extern void login __P((struct utmp *)); |
extern int check_failedlogin __P((uid_t)); |
extern int check_failedlogin __P((uid_t)); |
extern void log_failedlogin __P((uid_t, char *, char *)); |
extern void log_failedlogin __P((uid_t, char *, char *, char *)); |
|
|
#define TTYGRPNAME "tty" /* name of group to own ttys */ |
#define TTYGRPNAME "tty" /* name of group to own ttys */ |
|
|
|
|
|
|
struct passwd *pwd; |
struct passwd *pwd; |
int failures; |
int failures; |
char term[64], *envinit[1], *hostname, *tty, *username = NULL; |
char term[64], *envinit[1], *hostname, *tty; |
|
char *username = NULL, *rusername = NULL; |
|
|
int |
int |
main(argc, argv) |
main(argc, argv) |
|
|
struct stat st; |
struct stat st; |
struct timeval tp; |
struct timeval tp; |
struct utmp utmp; |
struct utmp utmp; |
int ask, ch, cnt, fflag, hflag, pflag, quietlog, rootlogin, rval; |
int ask, ch, cnt, fflag, hflag, pflag, uflag, quietlog, rootlogin, rval; |
uid_t uid; |
uid_t uid; |
char *domain, *p, *salt, *ttyn; |
char *domain, *p, *salt, *ttyn; |
char tbuf[MAXPATHLEN + 2], tname[sizeof(_PATH_TTY) + 10]; |
char tbuf[MAXPATHLEN + 2], tname[sizeof(_PATH_TTY) + 10]; |
|
|
|
|
fflag = hflag = pflag = 0; |
fflag = hflag = pflag = 0; |
uid = getuid(); |
uid = getuid(); |
while ((ch = getopt(argc, argv, "fh:p")) != EOF) |
while ((ch = getopt(argc, argv, "fh:u:p")) != EOF) |
switch (ch) { |
switch (ch) { |
case 'f': |
case 'f': |
fflag = 1; |
fflag = 1; |
|
|
case 'p': |
case 'p': |
pflag = 1; |
pflag = 1; |
break; |
break; |
|
case 'u': |
|
if (uid) |
|
errx(1, "-u option: %s", strerror(EPERM)); |
|
uflag = 1; |
|
rusername = optarg; |
|
break; |
case '?': |
case '?': |
default: |
default: |
if (!uid) |
if (!uid) |
|
|
pwd->pw_name); |
pwd->pw_name); |
if (hostname) |
if (hostname) |
syslog(LOG_NOTICE, |
syslog(LOG_NOTICE, |
"LOGIN %s REFUSED FROM %s ON TTY %s", |
"LOGIN %s REFUSED FROM %s%s%s ON TTY %s", |
pwd->pw_name, hostname, tty); |
pwd->pw_name, rusername ? rusername : "", |
|
rusername ? "@" : "", hostname, tty); |
else |
else |
syslog(LOG_NOTICE, |
syslog(LOG_NOTICE, |
"LOGIN %s REFUSED ON TTY %s", |
"LOGIN %s REFUSED ON TTY %s", |
|
|
(void)printf("Login incorrect\n"); |
(void)printf("Login incorrect\n"); |
failures++; |
failures++; |
if (pwd) |
if (pwd) |
log_failedlogin(pwd->pw_uid, hostname, tty); |
log_failedlogin(pwd->pw_uid, hostname, rusername, tty); |
/* we allow 10 tries, but after 3 we start backing off */ |
/* we allow 10 tries, but after 3 we start backing off */ |
if (++cnt > 3) { |
if (++cnt > 3) { |
if (cnt >= 10) { |
if (cnt >= 10) { |
|
|
(void)setenv("LOGNAME", pwd->pw_name, 1); |
(void)setenv("LOGNAME", pwd->pw_name, 1); |
(void)setenv("USER", pwd->pw_name, 1); |
(void)setenv("USER", pwd->pw_name, 1); |
(void)setenv("PATH", _PATH_DEFPATH, 0); |
(void)setenv("PATH", _PATH_DEFPATH, 0); |
|
if (hostname) |
|
(void)setenv("REMOTEHOST", hostname, 1); |
|
if (rusername) |
|
(void)setenv("REMOTEUSER", rusername, 1); |
#ifdef KERBEROS |
#ifdef KERBEROS |
if (krbtkfile_env) |
if (krbtkfile_env) |
(void)setenv("KRBTKFILE", krbtkfile_env, 1); |
(void)setenv("KRBTKFILE", krbtkfile_env, 1); |
|
|
/* If fflag is on, assume caller/authenticator has logged root login. */ |
/* If fflag is on, assume caller/authenticator has logged root login. */ |
if (rootlogin && fflag == 0) |
if (rootlogin && fflag == 0) |
if (hostname) |
if (hostname) |
syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s FROM %s", |
syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s FROM %s%s%s", |
username, tty, hostname); |
username, tty, rusername ? rusername : "", |
|
rusername ? "@" : "", hostname); |
else |
else |
syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s", username, tty); |
syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s", username, tty); |
|
|
|
|
ll.ll_time != 0) { |
ll.ll_time != 0) { |
(void)printf("Last login: %.*s ", |
(void)printf("Last login: %.*s ", |
24-5, (char *)ctime(&ll.ll_time)); |
24-5, (char *)ctime(&ll.ll_time)); |
|
(void)printf("on %.*s", |
|
(int)sizeof(ll.ll_line), |
|
ll.ll_line); |
if (*ll.ll_host != '\0') |
if (*ll.ll_host != '\0') |
(void)printf("from %.*s\n", |
(void)printf(" from %.*s", |
(int)sizeof(ll.ll_host), |
(int)sizeof(ll.ll_host), |
ll.ll_host); |
ll.ll_host); |
else |
(void)putchar('\n'); |
(void)printf("on %.*s\n", |
|
(int)sizeof(ll.ll_line), |
|
ll.ll_line); |
|
} |
} |
(void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), L_SET); |
(void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), L_SET); |
} |
} |
|
|
if (failures == 0) |
if (failures == 0) |
return; |
return; |
if (hostname) { |
if (hostname) { |
syslog(LOG_NOTICE, "%d LOGIN FAILURE%s FROM %s", |
syslog(LOG_NOTICE, "%d LOGIN FAILURE%s FROM %s%s%s", |
failures, failures > 1 ? "S" : "", hostname); |
failures, failures > 1 ? "S" : "", |
|
rusername ? rusername : "", rusername ? "@" : "", hostname); |
syslog(LOG_AUTHPRIV|LOG_NOTICE, |
syslog(LOG_AUTHPRIV|LOG_NOTICE, |
"%d LOGIN FAILURE%s FROM %s, %s", |
"%d LOGIN FAILURE%s FROM %s%s%s, %s", |
failures, failures > 1 ? "S" : "", hostname, name); |
failures, failures > 1 ? "S" : "", |
|
rusername ? rusername : "", rusername ? "@" : "", |
|
hostname, name); |
} else { |
} else { |
syslog(LOG_NOTICE, "%d LOGIN FAILURE%s ON %s", |
syslog(LOG_NOTICE, "%d LOGIN FAILURE%s ON %s", |
failures, failures > 1 ? "S" : "", tty); |
failures, failures > 1 ? "S" : "", tty); |