| version 1.36, 2001/05/29 21:39:26 |
version 1.37, 2001/06/19 16:21:49 |
|
|
| #define TTYGRPNAME "tty" /* name of group to own ttys */ |
#define TTYGRPNAME "tty" /* name of group to own ttys */ |
| |
|
| /* |
/* |
| * This bounds the time given to login. Not a define so it can |
* This bounds the time given to login; may be overridden by /etc/login.conf. |
| * be patched on machines where it's too small. |
|
| * XXX - should be a login.conf variable! |
|
| */ |
*/ |
| u_int timeout = 300; |
u_int timeout = 300; |
| |
|
|
|
| quad_t expire, warning; |
quad_t expire, warning; |
| uid_t uid; |
uid_t uid; |
| int ask, ch, cnt, fflag, pflag, quietlog, rootlogin, lastchance; |
int ask, ch, cnt, fflag, pflag, quietlog, rootlogin, lastchance; |
| int error, homeless, needto, authok; |
int error, homeless, needto, authok, tries, backoff; |
| char *domain, *p, *ttyn, *shell, *fullname, *instance; |
char *domain, *p, *ttyn, *shell, *fullname, *instance; |
| char *lipaddr, *script, *ripaddr, *style, *type, *fqdn, *copyright; |
char *lipaddr, *script, *ripaddr, *style, *type, *fqdn, *copyright; |
| char tbuf[MAXPATHLEN + 2], tname[sizeof(_PATH_TTY) + 10]; |
char tbuf[MAXPATHLEN + 2], tname[sizeof(_PATH_TTY) + 10]; |
|
|
| |
|
| openlog("login", LOG_ODELAY, LOG_AUTH); |
openlog("login", LOG_ODELAY, LOG_AUTH); |
| |
|
| fqdn = lipaddr = ripaddr = fullname = NULL; |
fqdn = lipaddr = ripaddr = fullname = type = NULL; |
| |
authok = 0; |
| |
tries = 10; |
| |
backoff = 3; |
| |
|
| /* |
/* |
| * Since login deals with sensitive information, turn off coredumps. |
* Since login deals with sensitive information, turn off coredumps. |
|
|
| warnx("Failure to retrieve default class"); |
warnx("Failure to retrieve default class"); |
| quickexit(1); |
quickexit(1); |
| } |
} |
| |
timeout = (u_int)login_getcapnum(lc, "login-timeout", 300, 300); |
| if ((script = login_getcapstr(lc, "classify", NULL, NULL)) != NULL) { |
if ((script = login_getcapstr(lc, "classify", NULL, NULL)) != NULL) { |
| unsetenv("AUTH_TYPE"); |
unsetenv("AUTH_TYPE"); |
| unsetenv("REMOTE_NAME"); |
unsetenv("REMOTE_NAME"); |
|
|
| } |
} |
| |
|
| lc = login_getclass(pwd ? pwd->pw_class : NULL); |
lc = login_getclass(pwd ? pwd->pw_class : NULL); |
| |
|
| if (!lc) |
if (!lc) |
| goto failed; |
goto failed; |
| |
|
| style = login_getstyle(lc, style, type); |
style = login_getstyle(lc, style, type); |
| |
|
| if (!style) |
if (!style) |
| goto failed; |
goto failed; |
| |
|
| /* |
/* |
| |
* We allow "login-tries" attempts to login but start |
| |
* slowing down after "login-backoff" attempts. |
| |
*/ |
| |
tries = (int)login_getcapnum(lc, "login-tries", 10, 10); |
| |
backoff = (int)login_getcapnum(lc, "login-backoff", 3, 3); |
| |
|
| |
/* |
| * Turn off the fflag if we have an an invalid user |
* Turn off the fflag if we have an an invalid user |
| * or we are not root and we are trying to change uids. |
* or we are not root and we are trying to change uids. |
| */ |
*/ |
|
|
| failures++; |
failures++; |
| if (pwd) |
if (pwd) |
| log_failedlogin(pwd->pw_uid, hostname, rusername, tty); |
log_failedlogin(pwd->pw_uid, hostname, rusername, tty); |
| /* we allow 10 tries, but after 3 we start backing off */ |
/* |
| /* XXX - should be configurable */ |
* By default, we allow 10 tries, but after 3 we start |
| if (++cnt > 3) { |
* backing off to slow down password guessers. |
| if (cnt >= 10) { |
*/ |
| |
if (++cnt > backoff) { |
| |
if (cnt >= tries) { |
| badlogin(username); |
badlogin(username); |
| sleepexit(1); |
sleepexit(1); |
| } |
} |
| sleep((u_int)((cnt - 3) * 5)); |
sleep((u_int)((cnt - backoff) * tries / 2)); |
| } |
} |
| } |
} |
| |
|
|
|
| int signo; |
int signo; |
| { |
{ |
| (void)fprintf(stderr, "Login timed out after %d seconds\n", timeout); |
(void)fprintf(stderr, "Login timed out after %d seconds\n", timeout); |
| |
if (username) |
| |
badlogin(username); |
| exit(0); |
exit(0); |
| } |
} |
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to login.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / login