Annotation of src/usr.bin/login/login.c, Revision 1.36
1.35 miod 1: /* $OpenBSD: login.c,v 1.34 2000/09/15 07:13:48 deraadt Exp $ */
1.3 deraadt 2: /* $NetBSD: login.c,v 1.13 1996/05/15 23:50:16 jtc Exp $ */
1.1 deraadt 3:
4: /*-
5: * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
6: * The Regents of the University of California. All rights reserved.
7: *
8: * Redistribution and use in source and binary forms, with or without
9: * modification, are permitted provided that the following conditions
10: * are met:
11: * 1. Redistributions of source code must retain the above copyright
12: * notice, this list of conditions and the following disclaimer.
13: * 2. Redistributions in binary form must reproduce the above copyright
14: * notice, this list of conditions and the following disclaimer in the
15: * documentation and/or other materials provided with the distribution.
16: * 3. All advertising materials mentioning features or use of this software
17: * must display the following acknowledgement:
18: * This product includes software developed by the University of
19: * California, Berkeley and its contributors.
20: * 4. Neither the name of the University nor the names of its contributors
21: * may be used to endorse or promote products derived from this software
22: * without specific prior written permission.
23: *
24: * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27: * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34: * SUCH DAMAGE.
35: */
1.36 ! millert 36: /*-
! 37: * Copyright (c) 1995 Berkeley Software Design, Inc. All rights reserved.
! 38: *
! 39: * Redistribution and use in source and binary forms, with or without
! 40: * modification, are permitted provided that the following conditions
! 41: * are met:
! 42: * 1. Redistributions of source code must retain the above copyright
! 43: * notice, this list of conditions and the following disclaimer.
! 44: * 2. Redistributions in binary form must reproduce the above copyright
! 45: * notice, this list of conditions and the following disclaimer in the
! 46: * documentation and/or other materials provided with the distribution.
! 47: * 3. All advertising materials mentioning features or use of this software
! 48: * must display the following acknowledgement:
! 49: * This product includes software developed by Berkeley Software Design,
! 50: * Inc.
! 51: * 4. The name of Berkeley Software Design, Inc. may not be used to endorse
! 52: * or promote products derived from this software without specific prior
! 53: * written permission.
! 54: *
! 55: * THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND
! 56: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
! 57: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
! 58: * ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE
! 59: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
! 60: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
! 61: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
! 62: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
! 63: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
! 64: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
! 65: * SUCH DAMAGE.
! 66: *
! 67: * BSDI $From: login.c,v 2.28 1999/09/08 22:35:36 prb Exp $
! 68: */
1.1 deraadt 69:
70: #ifndef lint
71: static char copyright[] =
72: "@(#) Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994\n\
73: The Regents of the University of California. All rights reserved.\n";
74: #endif /* not lint */
75:
76: #ifndef lint
77: #if 0
78: static char sccsid[] = "@(#)login.c 8.4 (Berkeley) 4/2/94";
79: #endif
1.35 miod 80: static char rcsid[] = "$OpenBSD: login.c,v 1.34 2000/09/15 07:13:48 deraadt Exp $";
1.1 deraadt 81: #endif /* not lint */
82:
83: /*
84: * login [ name ]
85: * login -h hostname (for telnetd, etc.)
86: * login -f name (for pre-authenticated login: datakit, xterm, etc.)
87: */
88:
89: #include <sys/param.h>
1.36 ! millert 90: #include <sys/socket.h>
1.1 deraadt 91: #include <sys/stat.h>
92: #include <sys/time.h>
93: #include <sys/resource.h>
1.11 millert 94: #include <sys/wait.h>
1.1 deraadt 95:
96: #include <err.h>
97: #include <errno.h>
1.27 millert 98: #include <fcntl.h>
1.1 deraadt 99: #include <grp.h>
1.30 millert 100: #include <login_cap.h>
1.36 ! millert 101: #include <netdb.h>
1.1 deraadt 102: #include <pwd.h>
103: #include <setjmp.h>
104: #include <signal.h>
1.36 ! millert 105: #include <stdarg.h>
1.1 deraadt 106: #include <stdio.h>
107: #include <stdlib.h>
108: #include <string.h>
109: #include <syslog.h>
110: #include <ttyent.h>
111: #include <tzfile.h>
112: #include <unistd.h>
113: #include <utmp.h>
1.3 deraadt 114: #include <util.h>
1.36 ! millert 115: #include <bsd_auth.h>
! 116:
! 117: #ifdef KERBEROS
! 118: #include <kerberosIV/kafs.h>
! 119: #endif
1.1 deraadt 120:
121: #include "pathnames.h"
122:
123: void badlogin __P((char *));
124: void dolastlog __P((int));
125: void getloginname __P((void));
126: void motd __P((void));
1.36 ! millert 127: void quickexit __P((int));
1.1 deraadt 128: int rootterm __P((char *));
129: void sigint __P((int));
1.11 millert 130: void sighup __P((int));
1.1 deraadt 131: void sleepexit __P((int));
132: char *stypeof __P((char *));
133: void timedout __P((int));
134:
1.13 millert 135: extern int check_failedlogin __P((uid_t));
1.14 millert 136: extern void log_failedlogin __P((uid_t, char *, char *, char *));
1.1 deraadt 137:
138: #define TTYGRPNAME "tty" /* name of group to own ttys */
139:
140: /*
141: * This bounds the time given to login. Not a define so it can
142: * be patched on machines where it's too small.
1.30 millert 143: * XXX - should be a login.conf variable!
1.1 deraadt 144: */
1.30 millert 145: u_int timeout = 300;
1.1 deraadt 146:
1.36 ! millert 147: struct passwd *pwd;
1.30 millert 148: login_cap_t *lc = NULL;
1.36 ! millert 149: auth_session_t *as = NULL;
1.30 millert 150: int failures;
1.36 ! millert 151: int needbanner = 1;
1.30 millert 152: char term[64], *hostname, *tty;
1.36 ! millert 153: char *style;
1.30 millert 154: char *username = NULL, *rusername = NULL;
1.1 deraadt 155:
156: int
157: main(argc, argv)
158: int argc;
159: char *argv[];
160: {
161: extern char **environ;
1.36 ! millert 162: struct addrinfo *ai, hints;
1.1 deraadt 163: struct group *gr;
1.36 ! millert 164: struct rlimit cds, scds;
1.1 deraadt 165: struct stat st;
166: struct utmp utmp;
1.36 ! millert 167: quad_t expire, warning;
1.1 deraadt 168: uid_t uid;
1.36 ! millert 169: int ask, ch, cnt, fflag, pflag, quietlog, rootlogin, lastchance;
! 170: int error, homeless, needto, authok;
! 171: char *domain, *p, *ttyn, *shell, *fullname, *instance;
! 172: char *lipaddr, *script, *ripaddr, *style, *type, *fqdn, *copyright;
1.1 deraadt 173: char tbuf[MAXPATHLEN + 2], tname[sizeof(_PATH_TTY) + 10];
174: char localhost[MAXHOSTNAMELEN];
175:
176: (void)signal(SIGALRM, timedout);
1.36 ! millert 177: if (argc > 1) {
! 178: needto = 0;
! 179: (void)alarm(timeout);
! 180: } else
! 181: needto = 1;
1.1 deraadt 182: (void)signal(SIGQUIT, SIG_IGN);
183: (void)signal(SIGINT, SIG_IGN);
1.36 ! millert 184: (void)signal(SIGHUP, SIG_IGN);
1.1 deraadt 185: (void)setpriority(PRIO_PROCESS, 0, 0);
186:
187: openlog("login", LOG_ODELAY, LOG_AUTH);
188:
1.36 ! millert 189: fqdn = lipaddr = ripaddr = fullname = NULL;
! 190:
! 191: /*
! 192: * Since login deals with sensitive information, turn off coredumps.
! 193: */
! 194: if (getrlimit(RLIMIT_CORE, &scds) < 0) {
! 195: syslog(LOG_ERR, "couldn't get core dump size: %m");
! 196: scds.rlim_cur = scds.rlim_max = QUAD_MIN;
! 197: }
! 198: cds.rlim_cur = cds.rlim_max = 0;
! 199: if (setrlimit(RLIMIT_CORE, &cds) < 0) {
! 200: syslog(LOG_ERR, "couldn't set core dump size to 0: %m");
! 201: scds.rlim_cur = scds.rlim_max = QUAD_MIN;
! 202: }
! 203:
1.1 deraadt 204: /*
205: * -p is used by getty to tell login not to destroy the environment
206: * -f is used to skip a second login authentication
207: * -h is used by other servers to pass the name of the remote
208: * host to login so that it may be placed in utmp and wtmp
209: */
210: domain = NULL;
211: if (gethostname(localhost, sizeof(localhost)) < 0)
212: syslog(LOG_ERR, "couldn't get local hostname: %m");
213: else
214: domain = strchr(localhost, '.');
1.21 deraadt 215: if (domain) {
216: domain++;
217: if (*domain && strchr(domain, '.') == NULL)
218: domain = localhost;
219: }
1.1 deraadt 220:
1.36 ! millert 221: if ((as = auth_open()) == NULL) {
! 222: syslog(LOG_ERR, "%m");
! 223: err(1, NULL);
! 224: }
! 225:
! 226: fflag = pflag = 0;
1.1 deraadt 227: uid = getuid();
1.36 ! millert 228: while ((ch = getopt(argc, argv, "fh:pu:L:R:")) != -1)
1.1 deraadt 229: switch (ch) {
230: case 'f':
231: fflag = 1;
232: break;
233: case 'h':
1.36 ! millert 234: if (uid) {
! 235: warn("-h option: %s", strerror(EPERM));
! 236: quickexit(1);
! 237: }
! 238: if ((fqdn = strdup(optarg)) == NULL) {
! 239: warn(NULL);
! 240: quickexit(1);
! 241: }
! 242: auth_setoption(as, "fqdn", fqdn);
1.1 deraadt 243: if (domain && (p = strchr(optarg, '.')) &&
1.21 deraadt 244: strcasecmp(p+1, domain) == 0)
1.1 deraadt 245: *p = 0;
246: hostname = optarg;
1.36 ! millert 247: auth_setoption(as, "hostname", hostname);
! 248: break;
! 249: case 'L':
! 250: if (uid) {
! 251: warnx("-L option: %s", strerror(EPERM));
! 252: quickexit(1);
! 253: }
! 254: if (lipaddr) {
! 255: warnx("duplicate -L option");
! 256: quickexit(1);
! 257: }
! 258: lipaddr = optarg;
! 259: memset(&hints, 0, sizeof(hints));
! 260: hints.ai_family = PF_UNSPEC;
! 261: hints.ai_flags = AI_CANONNAME;
! 262: error = getaddrinfo(lipaddr, NULL, &hints, &ai);
! 263: if (!error) {
! 264: strlcpy(localhost, ai->ai_canonname,
! 265: sizeof(localhost));
! 266: freeaddrinfo(ai);
! 267: } else
! 268: strlcpy(localhost, lipaddr, sizeof(localhost));
! 269: auth_setoption(as, "local_addr", lipaddr);
1.1 deraadt 270: break;
271: case 'p':
272: pflag = 1;
273: break;
1.36 ! millert 274: case 'R':
! 275: if (uid) {
! 276: warnx("-R option: %s", strerror(EPERM));
! 277: quickexit(1);
! 278: }
! 279: if (ripaddr) {
! 280: warnx("duplicate -R option");
! 281: quickexit(1);
! 282: }
! 283: ripaddr = optarg;
! 284: auth_setoption(as, "remote_addr", ripaddr);
! 285: break;
1.14 millert 286: case 'u':
1.36 ! millert 287: if (uid) {
! 288: warnx("-u option: %s", strerror(EPERM));
! 289: quickexit(1);
! 290: }
1.14 millert 291: rusername = optarg;
292: break;
1.1 deraadt 293: default:
294: if (!uid)
295: syslog(LOG_ERR, "invalid flag %c", ch);
296: (void)fprintf(stderr,
1.36 ! millert 297: "usage: login [-fp] [-h hostname] [-L lipaddr] [-R ripaddr] [username]\n");
! 298: quickexit(1);
1.1 deraadt 299: }
300: argc -= optind;
301: argv += optind;
302:
303: if (*argv) {
304: username = *argv;
305: ask = 0;
306: } else
307: ask = 1;
308:
309: for (cnt = getdtablesize(); cnt > 2; cnt--)
310: (void)close(cnt);
311:
312: ttyn = ttyname(STDIN_FILENO);
313: if (ttyn == NULL || *ttyn == '\0') {
314: (void)snprintf(tname, sizeof(tname), "%s??", _PATH_TTY);
315: ttyn = tname;
316: }
1.12 millert 317: if ((tty = strrchr(ttyn, '/')))
1.1 deraadt 318: ++tty;
319: else
320: tty = ttyn;
321:
1.36 ! millert 322: #ifdef notyet
! 323: /* XXX - we don't (yet) support per-tty auth stuff */
! 324: /* BSDi uses a ttys.conf file but we could just overload /etc/ttys */
! 325: /*
! 326: * Classify the attempt.
! 327: * By default we use the value in the ttys file.
! 328: * If there is a classify script we run that as
! 329: *
! 330: * classify [-f] [username]
! 331: */
! 332: if (type = getttyauth(tty))
! 333: auth_setoption(as, "auth_type", type);
! 334: #endif
! 335:
! 336: /* get the default login class */
! 337: if ((lc = login_getclass(0)) == NULL) { /* get the default class */
! 338: warnx("Failure to retrieve default class");
! 339: quickexit(1);
! 340: }
! 341: if ((script = login_getcapstr(lc, "classify", NULL, NULL)) != NULL) {
! 342: unsetenv("AUTH_TYPE");
! 343: unsetenv("REMOTE_NAME");
! 344: if (script[0] != '/') {
! 345: syslog(LOG_ERR, "Invalid classify script: %s", script);
! 346: warnx("Classification failure");
! 347: quickexit(1);
! 348: }
! 349: shell = strrchr(script, '/') + 1;
! 350: auth_setstate(as, AUTH_OKAY);
! 351: auth_call(as, script, shell,
! 352: fflag ? "-f" : username, fflag ? username : 0, 0);
! 353: if (!(auth_getstate(as) & AUTH_ALLOW))
! 354: quickexit(1);
! 355: auth_setenv(as);
! 356: if ((p = getenv("AUTH_TYPE")) != NULL &&
! 357: strncmp(p, "auth-", 5) == 0)
! 358: type = p;
! 359: if ((p = getenv("REMOTE_NAME")) != NULL)
! 360: hostname = p;
! 361: /*
! 362: * we may have changed some values, reset them
! 363: */
! 364: auth_clroptions(as);
! 365: if (type)
! 366: auth_setoption(as, "auth_type", type);
! 367: if (fqdn)
! 368: auth_setoption(as, "fqdn", fqdn);
! 369: if (hostname)
! 370: auth_setoption(as, "hostname", hostname);
! 371: if (lipaddr)
! 372: auth_setoption(as, "local_addr", lipaddr);
! 373: if (ripaddr)
! 374: auth_setoption(as, "remote_addr", ripaddr);
! 375: }
! 376:
! 377: /*
! 378: * Request the things like the approval script print things
! 379: * to stdout (in particular, the nologins files)
! 380: */
! 381: auth_setitem(as, AUTHV_INTERACTIVE, "True");
! 382:
1.1 deraadt 383: for (cnt = 0;; ask = 1) {
1.36 ! millert 384: /*
! 385: * Clean up our current authentication session.
! 386: * Options are not cleared so we need to clear any
! 387: * we might set below.
! 388: */
! 389: auth_clean(as);
! 390: auth_clroption(as, "style");
! 391: auth_clroption(as, "lastchance");
! 392:
! 393: lastchance = 0;
! 394:
1.1 deraadt 395: if (ask) {
396: fflag = 0;
397: getloginname();
398: }
1.36 ! millert 399: if (needto) {
! 400: needto = 0;
! 401: alarm(timeout);
! 402: }
! 403: if ((style = strchr(username, ':')) != NULL)
! 404: *style++ = '\0';
! 405: if (fullname)
! 406: free(fullname);
! 407: if (auth_setitem(as, AUTHV_NAME, username) < 0 ||
! 408: (fullname = strdup(username)) == NULL) {
! 409: syslog(LOG_ERR, "%m");
! 410: warn(NULL);
! 411: quickexit(1);
! 412: }
1.1 deraadt 413: rootlogin = 0;
1.36 ! millert 414: /* XXX - kerb5 uses a '/' not a '.' ??? */
1.1 deraadt 415: if ((instance = strchr(username, '.')) != NULL) {
416: if (strncmp(instance, ".root", 5) == 0)
417: rootlogin = 1;
418: *instance++ = '\0';
419: } else
420: instance = "";
1.36 ! millert 421:
1.1 deraadt 422: if (strlen(username) > UT_NAMESIZE)
423: username[UT_NAMESIZE] = '\0';
424:
425: /*
426: * Note if trying multiple user names; log failures for
427: * previous user name, but don't bother logging one failure
428: * for nonexistent name (mistyped username).
429: */
430: if (failures && strcmp(tbuf, username)) {
431: if (failures > (pwd ? 0 : 1))
432: badlogin(tbuf);
433: failures = 0;
434: }
1.36 ! millert 435: (void)strlcpy(tbuf, username, sizeof(tbuf));
1.1 deraadt 436:
1.36 ! millert 437: if ((pwd = getpwnam(username)) != NULL &&
! 438: auth_setpwd(as, pwd) < 0) {
! 439: syslog(LOG_ERR, "%m");
! 440: warn(NULL);
! 441: quickexit(1);
! 442: }
1.1 deraadt 443:
1.36 ! millert 444: lc = login_getclass(pwd ? pwd->pw_class : NULL);
1.1 deraadt 445:
1.36 ! millert 446: if (!lc)
! 447: goto failed;
1.1 deraadt 448:
1.36 ! millert 449: style = login_getstyle(lc, style, type);
1.1 deraadt 450:
1.36 ! millert 451: if (!style)
! 452: goto failed;
1.1 deraadt 453:
1.36 ! millert 454: /*
! 455: * Turn off the fflag if we have an an invalid user
! 456: * or we are not root and we are trying to change uids.
! 457: */
! 458: if (!pwd || (uid && uid != pwd->pw_uid))
! 459: fflag = 0;
1.1 deraadt 460:
1.36 ! millert 461: if (pwd && pwd->pw_uid == 0)
! 462: rootlogin = 1;
1.25 millert 463:
1.36 ! millert 464: /*
! 465: * If we do not have the force flag authenticate the user
! 466: */
! 467: if (fflag)
! 468: authok = AUTH_SECURE;
! 469: else {
! 470: lastchance =
! 471: login_getcaptime(lc, "password-dead", 0, 0) != 0;
! 472: if (lastchance)
! 473: auth_setoption(as, "lastchance", "yes");
! 474: /*
! 475: * Once we start asking for a password
! 476: * we want to log a failure on a hup.
! 477: */
! 478: signal(SIGHUP, sighup);
! 479: auth_verify(as, style, NULL, lc->lc_class, NULL);
! 480: authok = auth_getstate(as);
! 481: /*
! 482: * If their password expired and it has not been
! 483: * too long since then, give the user one last
! 484: * chance to change their password
! 485: */
! 486: if ((authok & AUTH_PWEXPIRED) && lastchance) {
! 487: authok = AUTH_OKAY;
! 488: } else
! 489: lastchance = 0;
! 490: if ((authok & AUTH_ALLOW) == 0)
! 491: goto failed;
! 492: if (auth_setoption(as, "style", style) < 0) {
! 493: syslog(LOG_ERR, "%m");
! 494: warn(NULL);
! 495: quickexit(1);
1.25 millert 496: }
1.1 deraadt 497: }
1.36 ! millert 498: /*
! 499: * explicitly reject users without password file entries
! 500: */
! 501: if (pwd == 0)
! 502: goto failed;
1.1 deraadt 503:
1.36 ! millert 504: authok &= AUTH_SECURE;
1.1 deraadt 505:
506: /*
1.36 ! millert 507: * If trying to log in as root on an insecure terminal,
! 508: * refuse the login attempt unless the authentication
! 509: * style explicitly says a root login is okay.
1.1 deraadt 510: */
1.36 ! millert 511: if (authok == 0 && pwd && rootlogin && !rootterm(tty))
! 512: goto failed;
1.29 millert 513:
1.36 ! millert 514: if (fflag) {
! 515: type = 0;
! 516: style = "forced";
! 517: }
! 518: break;
! 519:
! 520: failed:
! 521: if (authok & AUTH_SILENT)
! 522: quickexit(0);
1.29 millert 523: if (rootlogin && !rootterm(tty)) {
1.36 ! millert 524: warnx("%s login refused on this terminal.",
! 525: fullname);
1.1 deraadt 526: if (hostname)
527: syslog(LOG_NOTICE,
1.14 millert 528: "LOGIN %s REFUSED FROM %s%s%s ON TTY %s",
1.36 ! millert 529: fullname, rusername ? rusername : "",
1.14 millert 530: rusername ? "@" : "", hostname, tty);
1.1 deraadt 531: else
532: syslog(LOG_NOTICE,
533: "LOGIN %s REFUSED ON TTY %s",
1.36 ! millert 534: fullname, tty);
! 535: } else {
! 536: if (!as || (p = auth_getvalue(as, "errormsg")) == NULL)
! 537: p = "Login incorrect";
! 538: (void)printf("%s\n", p);
! 539: }
1.1 deraadt 540: failures++;
1.13 millert 541: if (pwd)
1.14 millert 542: log_failedlogin(pwd->pw_uid, hostname, rusername, tty);
1.1 deraadt 543: /* we allow 10 tries, but after 3 we start backing off */
1.36 ! millert 544: /* XXX - should be configurable */
1.1 deraadt 545: if (++cnt > 3) {
546: if (cnt >= 10) {
547: badlogin(username);
548: sleepexit(1);
549: }
550: sleep((u_int)((cnt - 3) * 5));
551: }
552: }
553:
554: /* committed to login -- turn off timeout */
1.36 ! millert 555: (void)alarm(0);
1.1 deraadt 556:
557: endpwent();
558:
1.30 millert 559: shell = login_getcapstr(lc, "shell", pwd->pw_shell, pwd->pw_shell);
560: if (*shell == '\0')
561: shell = _PATH_BSHELL;
562: else if (strlen(shell) >= MAXPATHLEN) {
563: syslog(LOG_ERR, "shell path too long: %s", shell);
564: warnx("invalid shell");
1.36 ! millert 565: quickexit(1);
1.24 art 566: }
1.1 deraadt 567:
568: /* Destroy environment unless user has requested its preservation. */
1.24 art 569: if (!pflag) {
1.22 deraadt 570: if ((environ = calloc(1, sizeof (char *))) == NULL)
571: err(1, "calloc");
1.24 art 572: } else {
1.9 millert 573: char **cpp, **cpp2;
574:
575: for (cpp2 = cpp = environ; *cpp; cpp++) {
576: if (strncmp(*cpp, "LD_", 3) &&
1.29 millert 577: strncmp(*cpp, "ENV=", 4) &&
578: strncmp(*cpp, "BASH_ENV=", 9) &&
1.9 millert 579: strncmp(*cpp, "IFS=", 4))
580: *cpp2++ = *cpp;
581: }
582: *cpp2 = 0;
583: }
1.30 millert 584: /* Note: setusercontext(3) will set PATH */
1.34 deraadt 585: if (setenv("HOME", pwd->pw_dir, 1) == -1 ||
586: setenv("SHELL", shell, 1) == -1) {
587: warn("unable to setenv()");
1.36 ! millert 588: quickexit(1);
1.34 deraadt 589: }
1.1 deraadt 590: if (term[0] == '\0')
1.29 millert 591: (void)strlcpy(term, stypeof(tty), sizeof(term));
1.34 deraadt 592: if (setenv("TERM", term, 0) == -1 ||
593: setenv("LOGNAME", pwd->pw_name, 1) == -1 ||
594: setenv("USER", pwd->pw_name, 1) == -1) {
595: warn("unable to setenv()");
1.36 ! millert 596: quickexit(1);
1.34 deraadt 597: }
598: if (hostname) {
599: if (setenv("REMOTEHOST", hostname, 1) == -1) {
600: warn("unable to setenv()");
1.36 ! millert 601: quickexit(1);
1.34 deraadt 602: }
603: }
604: if (rusername) {
605: if (setenv("REMOTEUSER", rusername, 1) == -1) {
606: warn("unable to setenv()");
1.36 ! millert 607: quickexit(1);
1.34 deraadt 608: }
609: }
1.36 ! millert 610:
! 611: if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETPATH)) {
! 612: warn("unable to set user context");
! 613: quickexit(1);
! 614: }
! 615: auth_setenv(as);
! 616:
! 617: /* if user not super-user, check for disabled logins */
! 618: if (!rootlogin)
! 619: auth_checknologin(lc);
! 620:
! 621: setegid(pwd->pw_gid);
! 622: seteuid(pwd->pw_uid);
! 623:
! 624: homeless = chdir(pwd->pw_dir);
! 625: if (homeless) {
! 626: if (login_getcapbool(lc, "requirehome", 0)) {
! 627: (void)printf("No home directory %s!\n", pwd->pw_dir);
! 628: quickexit(1);
1.34 deraadt 629: }
1.36 ! millert 630: if (chdir("/"))
! 631: quickexit(0);
1.34 deraadt 632: }
1.36 ! millert 633:
! 634: quietlog = ((strcmp(pwd->pw_shell, "/sbin/nologin") == 0) ||
! 635: login_getcapbool(lc, "hushlogin", 0) ||
! 636: (access(_PATH_HUSHLOGIN, F_OK) == 0));
! 637:
! 638: seteuid(0);
! 639: setegid(0); /* XXX use a saved gid instead? */
! 640:
! 641: if ((p = auth_getvalue(as, "warnmsg")) != NULL)
! 642: (void)printf("WARNING: %s\n\n", p);
! 643:
! 644: expire = auth_check_expire(as);
! 645: if (expire < 0) {
! 646: (void)printf("Sorry -- your account has expired.\n");
! 647: quickexit(1);
! 648: } else if (expire > 0 && !quietlog) {
! 649: warning = login_getcaptime(lc, "expire-warn",
! 650: 2 * DAYSPERWEEK * SECSPERDAY, 2 * DAYSPERWEEK * SECSPERDAY);
! 651: if (expire < warning)
! 652: (void)printf("Warning: your account expires on %s",
! 653: ctime(&pwd->pw_expire));
1.34 deraadt 654: }
1.36 ! millert 655:
! 656: /* Nothing else left to fail -- really log in. */
! 657: (void)signal(SIGHUP, SIG_DFL);
! 658: memset(&utmp, 0, sizeof(utmp));
! 659: (void)time(&utmp.ut_time);
! 660: (void)strncpy(utmp.ut_name, username, sizeof(utmp.ut_name));
! 661: if (hostname)
! 662: (void)strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
! 663: (void)strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
! 664: login(&utmp);
! 665:
! 666: if (!quietlog)
! 667: (void)check_failedlogin(pwd->pw_uid);
! 668: dolastlog(quietlog);
! 669:
! 670: login_fbtab(tty, pwd->pw_uid, pwd->pw_gid);
! 671:
! 672: (void)chown(ttyn, pwd->pw_uid,
! 673: (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid);
! 674:
1.1 deraadt 675: /* If fflag is on, assume caller/authenticator has logged root login. */
1.24 art 676: if (rootlogin && fflag == 0) {
1.1 deraadt 677: if (hostname)
1.14 millert 678: syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s FROM %s%s%s",
679: username, tty, rusername ? rusername : "",
680: rusername ? "@" : "", hostname);
1.1 deraadt 681: else
682: syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s", username, tty);
1.24 art 683: }
1.1 deraadt 684:
685: if (!quietlog) {
1.2 deraadt 686: #if 0
1.1 deraadt 687: (void)printf("%s\n\t%s %s\n\n",
688: "Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994",
689: "The Regents of the University of California. ",
690: "All rights reserved.");
1.2 deraadt 691: #endif
1.36 ! millert 692: if ((copyright =
! 693: login_getcapstr(lc, "copyright", NULL, NULL)) != NULL)
! 694: auth_cat(copyright);
1.1 deraadt 695: motd();
696: (void)snprintf(tbuf,
697: sizeof(tbuf), "%s/%s", _PATH_MAILDIR, pwd->pw_name);
698: if (stat(tbuf, &st) == 0 && st.st_size != 0)
699: (void)printf("You have %smail.\n",
700: (st.st_mtime > st.st_atime) ? "new " : "");
701: }
702:
703: (void)signal(SIGALRM, SIG_DFL);
704: (void)signal(SIGQUIT, SIG_DFL);
1.36 ! millert 705: (void)signal(SIGHUP, SIG_DFL);
1.1 deraadt 706: (void)signal(SIGINT, SIG_DFL);
707: (void)signal(SIGTSTP, SIG_IGN);
708:
709: tbuf[0] = '-';
1.30 millert 710: (void)strlcpy(tbuf + 1, (p = strrchr(shell, '/')) ?
1.36 ! millert 711: p + 1 : shell, sizeof(tbuf) - 1);
! 712:
! 713: if ((scds.rlim_cur != QUAD_MIN || scds.rlim_max != QUAD_MIN) &&
! 714: setrlimit(RLIMIT_CORE, &scds) < 0)
! 715: syslog(LOG_ERR, "couldn't reset core dump size: %m");
! 716:
! 717: if (lastchance)
! 718: (void)printf("WARNING: Your password has expired. You must change your password, now!\n");
1.1 deraadt 719:
1.36 ! millert 720: if (setusercontext(lc, pwd, pwd->pw_uid,
! 721: LOGIN_SETALL & ~LOGIN_SETPATH) < 0) {
1.30 millert 722: warn("unable to set user context");
1.36 ! millert 723: quickexit(1);
! 724: }
! 725:
! 726: if (homeless) {
! 727: (void)printf("No home directory %s!\n", pwd->pw_dir);
! 728: (void)printf("Logging in with home = \"/\".\n");
! 729: (void)setenv("HOME", "/", 1);
1.15 tholo 730: }
1.30 millert 731:
1.36 ! millert 732: if (auth_approval(as, lc, NULL, "login") == 0) {
! 733: if (auth_getstate(as) & AUTH_EXPIRED)
! 734: (void)printf("Sorry -- your account has expired.\n");
! 735: else
! 736: (void)printf("approval failure\n");
! 737: quickexit(1);
! 738: }
! 739:
! 740: /*
! 741: * The last thing we do is discard all of the open file descriptors.
! 742: * Last because the C library may have some open.
! 743: *
! 744: * XXX
! 745: * Assume that stdin, stdout and stderr are 0, 1 and 2, and that
! 746: * STDERR_FILENO is 2.
! 747: */
! 748: for (cnt = getdtablesize(); cnt > STDERR_FILENO; cnt--)
! 749: (void)close(cnt);
! 750:
! 751: /*
! 752: * Close the authentication session, make sure it is marked
! 753: * as okay so no files are removed.
! 754: */
! 755: auth_setstate(as, AUTH_OKAY);
! 756: auth_close(as);
! 757:
1.24 art 758: #ifdef KERBEROS
1.36 ! millert 759: kgettokens(pwd->pw_dir);
1.24 art 760: #endif
1.1 deraadt 761:
1.30 millert 762: execlp(shell, tbuf, 0);
763: err(1, "%s", shell);
1.1 deraadt 764: }
765:
766: /*
1.36 ! millert 767: * Allow for a '.' and 16 characters for any instance as well as
! 768: * space for a ':' and 16 charcters defining the authentication type.
1.1 deraadt 769: */
1.36 ! millert 770: #define NBUFSIZ (UT_NAMESIZE + 1 + 16 + 1 + 16)
1.1 deraadt 771:
772: void
773: getloginname()
774: {
775: int ch;
776: char *p;
777: static char nbuf[NBUFSIZ];
778:
779: for (;;) {
780: (void)printf("login: ");
781: for (p = nbuf; (ch = getchar()) != '\n'; ) {
782: if (ch == EOF) {
783: badlogin(username);
1.36 ! millert 784: quickexit(0);
1.1 deraadt 785: }
786: if (p < nbuf + (NBUFSIZ - 1))
787: *p++ = ch;
788: }
1.24 art 789: if (p > nbuf) {
1.1 deraadt 790: if (nbuf[0] == '-')
791: (void)fprintf(stderr,
792: "login names may not start with '-'.\n");
793: else {
794: *p = '\0';
795: username = nbuf;
796: break;
797: }
1.24 art 798: }
1.1 deraadt 799: }
800: }
801:
802: int
803: rootterm(ttyn)
804: char *ttyn;
805: {
806: struct ttyent *t;
807:
1.36 ! millert 808: /* XXX - stash output of getttynam() elsewhere */
1.1 deraadt 809: return ((t = getttynam(ttyn)) && t->ty_status & TTY_SECURE);
810: }
811:
812: jmp_buf motdinterrupt;
813:
814: void
815: motd()
816: {
817: int fd, nchars;
818: sig_t oldint;
819: char tbuf[8192];
1.30 millert 820: char *motd;
821:
822: motd = login_getcapstr(lc, "welcome", _PATH_MOTDFILE, _PATH_MOTDFILE);
1.1 deraadt 823:
1.30 millert 824: if ((fd = open(motd, O_RDONLY, 0)) < 0)
1.1 deraadt 825: return;
826: oldint = signal(SIGINT, sigint);
827: if (setjmp(motdinterrupt) == 0)
828: while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0)
829: (void)write(fileno(stdout), tbuf, nchars);
830: (void)signal(SIGINT, oldint);
831: (void)close(fd);
832: }
833:
834: /* ARGSUSED */
835: void
836: sigint(signo)
837: int signo;
838: {
839: longjmp(motdinterrupt, 1);
840: }
841:
842: /* ARGSUSED */
843: void
844: timedout(signo)
845: int signo;
846: {
847: (void)fprintf(stderr, "Login timed out after %d seconds\n", timeout);
848: exit(0);
849: }
850:
851: void
852: dolastlog(quiet)
853: int quiet;
854: {
855: struct lastlog ll;
856: int fd;
857:
858: if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) {
1.26 millert 859: (void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET);
1.1 deraadt 860: if (!quiet) {
861: if (read(fd, (char *)&ll, sizeof(ll)) == sizeof(ll) &&
862: ll.ll_time != 0) {
863: (void)printf("Last login: %.*s ",
864: 24-5, (char *)ctime(&ll.ll_time));
1.14 millert 865: (void)printf("on %.*s",
866: (int)sizeof(ll.ll_line),
867: ll.ll_line);
1.1 deraadt 868: if (*ll.ll_host != '\0')
1.14 millert 869: (void)printf(" from %.*s",
1.1 deraadt 870: (int)sizeof(ll.ll_host),
871: ll.ll_host);
1.14 millert 872: (void)putchar('\n');
1.1 deraadt 873: }
1.26 millert 874: (void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll),
875: SEEK_SET);
1.1 deraadt 876: }
877: memset((void *)&ll, 0, sizeof(ll));
878: (void)time(&ll.ll_time);
879: (void)strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
880: if (hostname)
881: (void)strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));
882: (void)write(fd, (char *)&ll, sizeof(ll));
883: (void)close(fd);
884: }
885: }
886:
887: void
888: badlogin(name)
889: char *name;
890: {
891: if (failures == 0)
892: return;
893: if (hostname) {
1.14 millert 894: syslog(LOG_NOTICE, "%d LOGIN FAILURE%s FROM %s%s%s",
895: failures, failures > 1 ? "S" : "",
896: rusername ? rusername : "", rusername ? "@" : "", hostname);
1.1 deraadt 897: syslog(LOG_AUTHPRIV|LOG_NOTICE,
1.14 millert 898: "%d LOGIN FAILURE%s FROM %s%s%s, %s",
899: failures, failures > 1 ? "S" : "",
900: rusername ? rusername : "", rusername ? "@" : "",
901: hostname, name);
1.1 deraadt 902: } else {
903: syslog(LOG_NOTICE, "%d LOGIN FAILURE%s ON %s",
904: failures, failures > 1 ? "S" : "", tty);
905: syslog(LOG_AUTHPRIV|LOG_NOTICE,
906: "%d LOGIN FAILURE%s ON %s, %s",
907: failures, failures > 1 ? "S" : "", tty, name);
908: }
909: }
910:
911: #undef UNKNOWN
912: #define UNKNOWN "su"
913:
914: char *
915: stypeof(ttyid)
916: char *ttyid;
917: {
918: struct ttyent *t;
919:
1.30 millert 920: return (ttyid && (t = getttynam(ttyid)) ? t->ty_type :
921: login_getcapstr(lc, "term", UNKNOWN, UNKNOWN));
1.1 deraadt 922: }
923:
924: void
925: sleepexit(eval)
926: int eval;
927: {
1.36 ! millert 928: auth_close(as);
1.1 deraadt 929: (void)sleep(5);
930: exit(eval);
1.11 millert 931: }
932:
933: void
1.36 ! millert 934: quickexit(eval)
! 935: int eval;
! 936: {
! 937: if (as)
! 938: auth_close(as);
! 939: exit(eval);
! 940: }
! 941:
! 942:
! 943: void
1.11 millert 944: sighup(signum)
945: int signum;
946: {
947: if (username)
948: badlogin(username);
1.30 millert 949: exit(0);
1.1 deraadt 950: }
1.36 ! millert 951:
! 952: #ifdef KERBEROS
! 953: void
! 954: kgettokens(homedir)
! 955: char *homedir;
! 956: {
! 957:
! 958: /* buy AFS-tokens for homedir */
! 959: if (k_hasafs()) {
! 960: char cell[128];
! 961: k_setpag();
! 962: if (k_afs_cell_of_file(homedir,
! 963: cell, sizeof(cell)) == 0)
! 964: krb_afslog(cell, 0);
! 965: krb_afslog(0, 0);
! 966: }
! 967: }
! 968: #endif