Annotation of src/usr.bin/login/login.c, Revision 1.38
1.38 ! millert 1: /* $OpenBSD: login.c,v 1.37 2001/06/19 16:21:49 millert Exp $ */
1.3 deraadt 2: /* $NetBSD: login.c,v 1.13 1996/05/15 23:50:16 jtc Exp $ */
1.1 deraadt 3:
4: /*-
5: * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
6: * The Regents of the University of California. All rights reserved.
7: *
8: * Redistribution and use in source and binary forms, with or without
9: * modification, are permitted provided that the following conditions
10: * are met:
11: * 1. Redistributions of source code must retain the above copyright
12: * notice, this list of conditions and the following disclaimer.
13: * 2. Redistributions in binary form must reproduce the above copyright
14: * notice, this list of conditions and the following disclaimer in the
15: * documentation and/or other materials provided with the distribution.
16: * 3. All advertising materials mentioning features or use of this software
17: * must display the following acknowledgement:
18: * This product includes software developed by the University of
19: * California, Berkeley and its contributors.
20: * 4. Neither the name of the University nor the names of its contributors
21: * may be used to endorse or promote products derived from this software
22: * without specific prior written permission.
23: *
24: * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27: * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34: * SUCH DAMAGE.
35: */
1.36 millert 36: /*-
37: * Copyright (c) 1995 Berkeley Software Design, Inc. All rights reserved.
38: *
39: * Redistribution and use in source and binary forms, with or without
40: * modification, are permitted provided that the following conditions
41: * are met:
42: * 1. Redistributions of source code must retain the above copyright
43: * notice, this list of conditions and the following disclaimer.
44: * 2. Redistributions in binary form must reproduce the above copyright
45: * notice, this list of conditions and the following disclaimer in the
46: * documentation and/or other materials provided with the distribution.
47: * 3. All advertising materials mentioning features or use of this software
48: * must display the following acknowledgement:
49: * This product includes software developed by Berkeley Software Design,
50: * Inc.
51: * 4. The name of Berkeley Software Design, Inc. may not be used to endorse
52: * or promote products derived from this software without specific prior
53: * written permission.
54: *
55: * THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND
56: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
57: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
58: * ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE
59: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
60: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
61: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
62: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
63: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
64: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
65: * SUCH DAMAGE.
66: *
67: * BSDI $From: login.c,v 2.28 1999/09/08 22:35:36 prb Exp $
68: */
1.1 deraadt 69:
70: #ifndef lint
71: static char copyright[] =
72: "@(#) Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994\n\
73: The Regents of the University of California. All rights reserved.\n";
74: #endif /* not lint */
75:
76: #ifndef lint
77: #if 0
78: static char sccsid[] = "@(#)login.c 8.4 (Berkeley) 4/2/94";
79: #endif
1.38 ! millert 80: static char rcsid[] = "$OpenBSD: login.c,v 1.37 2001/06/19 16:21:49 millert Exp $";
1.1 deraadt 81: #endif /* not lint */
82:
83: /*
84: * login [ name ]
85: * login -h hostname (for telnetd, etc.)
86: * login -f name (for pre-authenticated login: datakit, xterm, etc.)
87: */
88:
89: #include <sys/param.h>
1.36 millert 90: #include <sys/socket.h>
1.1 deraadt 91: #include <sys/stat.h>
92: #include <sys/time.h>
93: #include <sys/resource.h>
1.11 millert 94: #include <sys/wait.h>
1.1 deraadt 95:
96: #include <err.h>
97: #include <errno.h>
1.27 millert 98: #include <fcntl.h>
1.1 deraadt 99: #include <grp.h>
1.30 millert 100: #include <login_cap.h>
1.36 millert 101: #include <netdb.h>
1.1 deraadt 102: #include <pwd.h>
103: #include <setjmp.h>
104: #include <signal.h>
1.36 millert 105: #include <stdarg.h>
1.1 deraadt 106: #include <stdio.h>
107: #include <stdlib.h>
108: #include <string.h>
109: #include <syslog.h>
110: #include <ttyent.h>
111: #include <tzfile.h>
112: #include <unistd.h>
113: #include <utmp.h>
1.3 deraadt 114: #include <util.h>
1.36 millert 115: #include <bsd_auth.h>
116:
117: #ifdef KERBEROS
118: #include <kerberosIV/kafs.h>
119: #endif
1.1 deraadt 120:
121: #include "pathnames.h"
122:
123: void badlogin __P((char *));
124: void dolastlog __P((int));
125: void getloginname __P((void));
126: void motd __P((void));
1.36 millert 127: void quickexit __P((int));
1.1 deraadt 128: int rootterm __P((char *));
129: void sigint __P((int));
1.11 millert 130: void sighup __P((int));
1.1 deraadt 131: void sleepexit __P((int));
132: char *stypeof __P((char *));
133: void timedout __P((int));
134:
1.13 millert 135: extern int check_failedlogin __P((uid_t));
1.14 millert 136: extern void log_failedlogin __P((uid_t, char *, char *, char *));
1.1 deraadt 137:
138: #define TTYGRPNAME "tty" /* name of group to own ttys */
139:
140: /*
1.37 millert 141: * This bounds the time given to login; may be overridden by /etc/login.conf.
1.1 deraadt 142: */
1.30 millert 143: u_int timeout = 300;
1.1 deraadt 144:
1.36 millert 145: struct passwd *pwd;
1.30 millert 146: login_cap_t *lc = NULL;
1.36 millert 147: auth_session_t *as = NULL;
1.30 millert 148: int failures;
1.36 millert 149: int needbanner = 1;
1.30 millert 150: char term[64], *hostname, *tty;
1.36 millert 151: char *style;
1.30 millert 152: char *username = NULL, *rusername = NULL;
1.1 deraadt 153:
154: int
155: main(argc, argv)
156: int argc;
157: char *argv[];
158: {
159: extern char **environ;
1.36 millert 160: struct addrinfo *ai, hints;
1.1 deraadt 161: struct group *gr;
1.36 millert 162: struct rlimit cds, scds;
1.1 deraadt 163: struct stat st;
164: struct utmp utmp;
1.36 millert 165: quad_t expire, warning;
1.1 deraadt 166: uid_t uid;
1.36 millert 167: int ask, ch, cnt, fflag, pflag, quietlog, rootlogin, lastchance;
1.37 millert 168: int error, homeless, needto, authok, tries, backoff;
1.36 millert 169: char *domain, *p, *ttyn, *shell, *fullname, *instance;
170: char *lipaddr, *script, *ripaddr, *style, *type, *fqdn, *copyright;
1.1 deraadt 171: char tbuf[MAXPATHLEN + 2], tname[sizeof(_PATH_TTY) + 10];
172: char localhost[MAXHOSTNAMELEN];
173:
174: (void)signal(SIGALRM, timedout);
1.36 millert 175: if (argc > 1) {
176: needto = 0;
177: (void)alarm(timeout);
178: } else
179: needto = 1;
1.1 deraadt 180: (void)signal(SIGQUIT, SIG_IGN);
181: (void)signal(SIGINT, SIG_IGN);
1.36 millert 182: (void)signal(SIGHUP, SIG_IGN);
1.1 deraadt 183: (void)setpriority(PRIO_PROCESS, 0, 0);
184:
185: openlog("login", LOG_ODELAY, LOG_AUTH);
186:
1.37 millert 187: fqdn = lipaddr = ripaddr = fullname = type = NULL;
188: authok = 0;
189: tries = 10;
190: backoff = 3;
1.36 millert 191:
192: /*
193: * Since login deals with sensitive information, turn off coredumps.
194: */
195: if (getrlimit(RLIMIT_CORE, &scds) < 0) {
196: syslog(LOG_ERR, "couldn't get core dump size: %m");
197: scds.rlim_cur = scds.rlim_max = QUAD_MIN;
198: }
199: cds.rlim_cur = cds.rlim_max = 0;
200: if (setrlimit(RLIMIT_CORE, &cds) < 0) {
201: syslog(LOG_ERR, "couldn't set core dump size to 0: %m");
202: scds.rlim_cur = scds.rlim_max = QUAD_MIN;
203: }
204:
1.1 deraadt 205: /*
206: * -p is used by getty to tell login not to destroy the environment
207: * -f is used to skip a second login authentication
208: * -h is used by other servers to pass the name of the remote
209: * host to login so that it may be placed in utmp and wtmp
210: */
211: domain = NULL;
212: if (gethostname(localhost, sizeof(localhost)) < 0)
213: syslog(LOG_ERR, "couldn't get local hostname: %m");
214: else
215: domain = strchr(localhost, '.');
1.21 deraadt 216: if (domain) {
217: domain++;
218: if (*domain && strchr(domain, '.') == NULL)
219: domain = localhost;
220: }
1.1 deraadt 221:
1.36 millert 222: if ((as = auth_open()) == NULL) {
223: syslog(LOG_ERR, "%m");
224: err(1, NULL);
225: }
226:
227: fflag = pflag = 0;
1.1 deraadt 228: uid = getuid();
1.36 millert 229: while ((ch = getopt(argc, argv, "fh:pu:L:R:")) != -1)
1.1 deraadt 230: switch (ch) {
231: case 'f':
232: fflag = 1;
233: break;
234: case 'h':
1.36 millert 235: if (uid) {
236: warn("-h option: %s", strerror(EPERM));
237: quickexit(1);
238: }
239: if ((fqdn = strdup(optarg)) == NULL) {
240: warn(NULL);
241: quickexit(1);
242: }
243: auth_setoption(as, "fqdn", fqdn);
1.1 deraadt 244: if (domain && (p = strchr(optarg, '.')) &&
1.21 deraadt 245: strcasecmp(p+1, domain) == 0)
1.1 deraadt 246: *p = 0;
247: hostname = optarg;
1.36 millert 248: auth_setoption(as, "hostname", hostname);
249: break;
250: case 'L':
251: if (uid) {
252: warnx("-L option: %s", strerror(EPERM));
253: quickexit(1);
254: }
255: if (lipaddr) {
256: warnx("duplicate -L option");
257: quickexit(1);
258: }
259: lipaddr = optarg;
260: memset(&hints, 0, sizeof(hints));
261: hints.ai_family = PF_UNSPEC;
262: hints.ai_flags = AI_CANONNAME;
263: error = getaddrinfo(lipaddr, NULL, &hints, &ai);
264: if (!error) {
265: strlcpy(localhost, ai->ai_canonname,
266: sizeof(localhost));
267: freeaddrinfo(ai);
268: } else
269: strlcpy(localhost, lipaddr, sizeof(localhost));
270: auth_setoption(as, "local_addr", lipaddr);
1.1 deraadt 271: break;
272: case 'p':
273: pflag = 1;
274: break;
1.36 millert 275: case 'R':
276: if (uid) {
277: warnx("-R option: %s", strerror(EPERM));
278: quickexit(1);
279: }
280: if (ripaddr) {
281: warnx("duplicate -R option");
282: quickexit(1);
283: }
284: ripaddr = optarg;
285: auth_setoption(as, "remote_addr", ripaddr);
286: break;
1.14 millert 287: case 'u':
1.36 millert 288: if (uid) {
289: warnx("-u option: %s", strerror(EPERM));
290: quickexit(1);
291: }
1.14 millert 292: rusername = optarg;
293: break;
1.1 deraadt 294: default:
295: if (!uid)
296: syslog(LOG_ERR, "invalid flag %c", ch);
297: (void)fprintf(stderr,
1.36 millert 298: "usage: login [-fp] [-h hostname] [-L lipaddr] [-R ripaddr] [username]\n");
299: quickexit(1);
1.1 deraadt 300: }
301: argc -= optind;
302: argv += optind;
303:
304: if (*argv) {
305: username = *argv;
306: ask = 0;
307: } else
308: ask = 1;
309:
310: for (cnt = getdtablesize(); cnt > 2; cnt--)
311: (void)close(cnt);
312:
313: ttyn = ttyname(STDIN_FILENO);
314: if (ttyn == NULL || *ttyn == '\0') {
315: (void)snprintf(tname, sizeof(tname), "%s??", _PATH_TTY);
316: ttyn = tname;
317: }
1.12 millert 318: if ((tty = strrchr(ttyn, '/')))
1.1 deraadt 319: ++tty;
320: else
321: tty = ttyn;
322:
1.36 millert 323: #ifdef notyet
324: /* XXX - we don't (yet) support per-tty auth stuff */
325: /* BSDi uses a ttys.conf file but we could just overload /etc/ttys */
326: /*
327: * Classify the attempt.
328: * By default we use the value in the ttys file.
329: * If there is a classify script we run that as
330: *
331: * classify [-f] [username]
332: */
333: if (type = getttyauth(tty))
334: auth_setoption(as, "auth_type", type);
335: #endif
336:
337: /* get the default login class */
338: if ((lc = login_getclass(0)) == NULL) { /* get the default class */
339: warnx("Failure to retrieve default class");
340: quickexit(1);
341: }
1.37 millert 342: timeout = (u_int)login_getcapnum(lc, "login-timeout", 300, 300);
1.36 millert 343: if ((script = login_getcapstr(lc, "classify", NULL, NULL)) != NULL) {
344: unsetenv("AUTH_TYPE");
345: unsetenv("REMOTE_NAME");
346: if (script[0] != '/') {
347: syslog(LOG_ERR, "Invalid classify script: %s", script);
348: warnx("Classification failure");
349: quickexit(1);
350: }
351: shell = strrchr(script, '/') + 1;
352: auth_setstate(as, AUTH_OKAY);
353: auth_call(as, script, shell,
354: fflag ? "-f" : username, fflag ? username : 0, 0);
355: if (!(auth_getstate(as) & AUTH_ALLOW))
356: quickexit(1);
357: auth_setenv(as);
358: if ((p = getenv("AUTH_TYPE")) != NULL &&
359: strncmp(p, "auth-", 5) == 0)
360: type = p;
361: if ((p = getenv("REMOTE_NAME")) != NULL)
362: hostname = p;
363: /*
364: * we may have changed some values, reset them
365: */
366: auth_clroptions(as);
367: if (type)
368: auth_setoption(as, "auth_type", type);
369: if (fqdn)
370: auth_setoption(as, "fqdn", fqdn);
371: if (hostname)
372: auth_setoption(as, "hostname", hostname);
373: if (lipaddr)
374: auth_setoption(as, "local_addr", lipaddr);
375: if (ripaddr)
376: auth_setoption(as, "remote_addr", ripaddr);
377: }
378:
379: /*
380: * Request the things like the approval script print things
381: * to stdout (in particular, the nologins files)
382: */
383: auth_setitem(as, AUTHV_INTERACTIVE, "True");
384:
1.1 deraadt 385: for (cnt = 0;; ask = 1) {
1.36 millert 386: /*
387: * Clean up our current authentication session.
388: * Options are not cleared so we need to clear any
389: * we might set below.
390: */
391: auth_clean(as);
392: auth_clroption(as, "style");
393: auth_clroption(as, "lastchance");
394:
395: lastchance = 0;
396:
1.1 deraadt 397: if (ask) {
398: fflag = 0;
399: getloginname();
400: }
1.36 millert 401: if (needto) {
402: needto = 0;
403: alarm(timeout);
404: }
405: if ((style = strchr(username, ':')) != NULL)
406: *style++ = '\0';
407: if (fullname)
408: free(fullname);
409: if (auth_setitem(as, AUTHV_NAME, username) < 0 ||
410: (fullname = strdup(username)) == NULL) {
411: syslog(LOG_ERR, "%m");
412: warn(NULL);
413: quickexit(1);
414: }
1.1 deraadt 415: rootlogin = 0;
416: if ((instance = strchr(username, '.')) != NULL) {
417: if (strncmp(instance, ".root", 5) == 0)
418: rootlogin = 1;
419: *instance++ = '\0';
420: } else
421: instance = "";
1.36 millert 422:
1.1 deraadt 423: if (strlen(username) > UT_NAMESIZE)
424: username[UT_NAMESIZE] = '\0';
425:
426: /*
427: * Note if trying multiple user names; log failures for
428: * previous user name, but don't bother logging one failure
429: * for nonexistent name (mistyped username).
430: */
431: if (failures && strcmp(tbuf, username)) {
432: if (failures > (pwd ? 0 : 1))
433: badlogin(tbuf);
434: failures = 0;
435: }
1.36 millert 436: (void)strlcpy(tbuf, username, sizeof(tbuf));
1.1 deraadt 437:
1.36 millert 438: if ((pwd = getpwnam(username)) != NULL &&
439: auth_setpwd(as, pwd) < 0) {
440: syslog(LOG_ERR, "%m");
441: warn(NULL);
442: quickexit(1);
443: }
1.1 deraadt 444:
1.36 millert 445: lc = login_getclass(pwd ? pwd->pw_class : NULL);
446: if (!lc)
447: goto failed;
1.1 deraadt 448:
1.36 millert 449: style = login_getstyle(lc, style, type);
450: if (!style)
451: goto failed;
1.1 deraadt 452:
1.36 millert 453: /*
1.37 millert 454: * We allow "login-tries" attempts to login but start
455: * slowing down after "login-backoff" attempts.
456: */
457: tries = (int)login_getcapnum(lc, "login-tries", 10, 10);
458: backoff = (int)login_getcapnum(lc, "login-backoff", 3, 3);
459:
460: /*
1.36 millert 461: * Turn off the fflag if we have an an invalid user
462: * or we are not root and we are trying to change uids.
463: */
464: if (!pwd || (uid && uid != pwd->pw_uid))
465: fflag = 0;
1.1 deraadt 466:
1.36 millert 467: if (pwd && pwd->pw_uid == 0)
468: rootlogin = 1;
1.25 millert 469:
1.36 millert 470: /*
471: * If we do not have the force flag authenticate the user
472: */
473: if (fflag)
474: authok = AUTH_SECURE;
475: else {
476: lastchance =
477: login_getcaptime(lc, "password-dead", 0, 0) != 0;
478: if (lastchance)
479: auth_setoption(as, "lastchance", "yes");
480: /*
481: * Once we start asking for a password
482: * we want to log a failure on a hup.
483: */
484: signal(SIGHUP, sighup);
485: auth_verify(as, style, NULL, lc->lc_class, NULL);
486: authok = auth_getstate(as);
487: /*
488: * If their password expired and it has not been
489: * too long since then, give the user one last
490: * chance to change their password
491: */
492: if ((authok & AUTH_PWEXPIRED) && lastchance) {
493: authok = AUTH_OKAY;
494: } else
495: lastchance = 0;
496: if ((authok & AUTH_ALLOW) == 0)
497: goto failed;
498: if (auth_setoption(as, "style", style) < 0) {
499: syslog(LOG_ERR, "%m");
500: warn(NULL);
501: quickexit(1);
1.25 millert 502: }
1.1 deraadt 503: }
1.36 millert 504: /*
505: * explicitly reject users without password file entries
506: */
507: if (pwd == 0)
508: goto failed;
1.1 deraadt 509:
1.36 millert 510: authok &= AUTH_SECURE;
1.1 deraadt 511:
512: /*
1.36 millert 513: * If trying to log in as root on an insecure terminal,
514: * refuse the login attempt unless the authentication
515: * style explicitly says a root login is okay.
1.1 deraadt 516: */
1.36 millert 517: if (authok == 0 && pwd && rootlogin && !rootterm(tty))
518: goto failed;
1.29 millert 519:
1.36 millert 520: if (fflag) {
521: type = 0;
522: style = "forced";
523: }
524: break;
525:
526: failed:
527: if (authok & AUTH_SILENT)
528: quickexit(0);
1.29 millert 529: if (rootlogin && !rootterm(tty)) {
1.36 millert 530: warnx("%s login refused on this terminal.",
531: fullname);
1.1 deraadt 532: if (hostname)
533: syslog(LOG_NOTICE,
1.14 millert 534: "LOGIN %s REFUSED FROM %s%s%s ON TTY %s",
1.36 millert 535: fullname, rusername ? rusername : "",
1.14 millert 536: rusername ? "@" : "", hostname, tty);
1.1 deraadt 537: else
538: syslog(LOG_NOTICE,
539: "LOGIN %s REFUSED ON TTY %s",
1.36 millert 540: fullname, tty);
541: } else {
542: if (!as || (p = auth_getvalue(as, "errormsg")) == NULL)
543: p = "Login incorrect";
544: (void)printf("%s\n", p);
545: }
1.1 deraadt 546: failures++;
1.13 millert 547: if (pwd)
1.14 millert 548: log_failedlogin(pwd->pw_uid, hostname, rusername, tty);
1.37 millert 549: /*
550: * By default, we allow 10 tries, but after 3 we start
551: * backing off to slow down password guessers.
552: */
553: if (++cnt > backoff) {
554: if (cnt >= tries) {
1.1 deraadt 555: badlogin(username);
556: sleepexit(1);
557: }
1.37 millert 558: sleep((u_int)((cnt - backoff) * tries / 2));
1.1 deraadt 559: }
560: }
561:
562: /* committed to login -- turn off timeout */
1.36 millert 563: (void)alarm(0);
1.1 deraadt 564:
565: endpwent();
566:
1.30 millert 567: shell = login_getcapstr(lc, "shell", pwd->pw_shell, pwd->pw_shell);
568: if (*shell == '\0')
569: shell = _PATH_BSHELL;
570: else if (strlen(shell) >= MAXPATHLEN) {
571: syslog(LOG_ERR, "shell path too long: %s", shell);
572: warnx("invalid shell");
1.36 millert 573: quickexit(1);
1.24 art 574: }
1.1 deraadt 575:
576: /* Destroy environment unless user has requested its preservation. */
1.24 art 577: if (!pflag) {
1.22 deraadt 578: if ((environ = calloc(1, sizeof (char *))) == NULL)
579: err(1, "calloc");
1.24 art 580: } else {
1.9 millert 581: char **cpp, **cpp2;
582:
583: for (cpp2 = cpp = environ; *cpp; cpp++) {
584: if (strncmp(*cpp, "LD_", 3) &&
1.29 millert 585: strncmp(*cpp, "ENV=", 4) &&
586: strncmp(*cpp, "BASH_ENV=", 9) &&
1.9 millert 587: strncmp(*cpp, "IFS=", 4))
588: *cpp2++ = *cpp;
589: }
590: *cpp2 = 0;
591: }
1.30 millert 592: /* Note: setusercontext(3) will set PATH */
1.34 deraadt 593: if (setenv("HOME", pwd->pw_dir, 1) == -1 ||
594: setenv("SHELL", shell, 1) == -1) {
595: warn("unable to setenv()");
1.36 millert 596: quickexit(1);
1.34 deraadt 597: }
1.1 deraadt 598: if (term[0] == '\0')
1.29 millert 599: (void)strlcpy(term, stypeof(tty), sizeof(term));
1.34 deraadt 600: if (setenv("TERM", term, 0) == -1 ||
601: setenv("LOGNAME", pwd->pw_name, 1) == -1 ||
602: setenv("USER", pwd->pw_name, 1) == -1) {
603: warn("unable to setenv()");
1.36 millert 604: quickexit(1);
1.34 deraadt 605: }
606: if (hostname) {
607: if (setenv("REMOTEHOST", hostname, 1) == -1) {
608: warn("unable to setenv()");
1.36 millert 609: quickexit(1);
1.34 deraadt 610: }
611: }
612: if (rusername) {
613: if (setenv("REMOTEUSER", rusername, 1) == -1) {
614: warn("unable to setenv()");
1.36 millert 615: quickexit(1);
1.34 deraadt 616: }
617: }
1.36 millert 618:
619: if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETPATH)) {
620: warn("unable to set user context");
621: quickexit(1);
622: }
623: auth_setenv(as);
624:
625: /* if user not super-user, check for disabled logins */
626: if (!rootlogin)
627: auth_checknologin(lc);
628:
629: setegid(pwd->pw_gid);
630: seteuid(pwd->pw_uid);
631:
632: homeless = chdir(pwd->pw_dir);
633: if (homeless) {
634: if (login_getcapbool(lc, "requirehome", 0)) {
635: (void)printf("No home directory %s!\n", pwd->pw_dir);
636: quickexit(1);
1.34 deraadt 637: }
1.36 millert 638: if (chdir("/"))
639: quickexit(0);
1.34 deraadt 640: }
1.36 millert 641:
642: quietlog = ((strcmp(pwd->pw_shell, "/sbin/nologin") == 0) ||
643: login_getcapbool(lc, "hushlogin", 0) ||
644: (access(_PATH_HUSHLOGIN, F_OK) == 0));
645:
646: seteuid(0);
647: setegid(0); /* XXX use a saved gid instead? */
648:
649: if ((p = auth_getvalue(as, "warnmsg")) != NULL)
650: (void)printf("WARNING: %s\n\n", p);
651:
652: expire = auth_check_expire(as);
653: if (expire < 0) {
654: (void)printf("Sorry -- your account has expired.\n");
655: quickexit(1);
656: } else if (expire > 0 && !quietlog) {
657: warning = login_getcaptime(lc, "expire-warn",
658: 2 * DAYSPERWEEK * SECSPERDAY, 2 * DAYSPERWEEK * SECSPERDAY);
659: if (expire < warning)
660: (void)printf("Warning: your account expires on %s",
661: ctime(&pwd->pw_expire));
1.34 deraadt 662: }
1.36 millert 663:
664: /* Nothing else left to fail -- really log in. */
665: (void)signal(SIGHUP, SIG_DFL);
666: memset(&utmp, 0, sizeof(utmp));
667: (void)time(&utmp.ut_time);
668: (void)strncpy(utmp.ut_name, username, sizeof(utmp.ut_name));
669: if (hostname)
670: (void)strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
671: (void)strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
672: login(&utmp);
673:
674: if (!quietlog)
675: (void)check_failedlogin(pwd->pw_uid);
676: dolastlog(quietlog);
677:
678: login_fbtab(tty, pwd->pw_uid, pwd->pw_gid);
679:
680: (void)chown(ttyn, pwd->pw_uid,
681: (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid);
682:
1.1 deraadt 683: /* If fflag is on, assume caller/authenticator has logged root login. */
1.24 art 684: if (rootlogin && fflag == 0) {
1.1 deraadt 685: if (hostname)
1.14 millert 686: syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s FROM %s%s%s",
687: username, tty, rusername ? rusername : "",
688: rusername ? "@" : "", hostname);
1.1 deraadt 689: else
690: syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s", username, tty);
1.24 art 691: }
1.1 deraadt 692:
693: if (!quietlog) {
1.2 deraadt 694: #if 0
1.1 deraadt 695: (void)printf("%s\n\t%s %s\n\n",
696: "Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994",
697: "The Regents of the University of California. ",
698: "All rights reserved.");
1.2 deraadt 699: #endif
1.36 millert 700: if ((copyright =
701: login_getcapstr(lc, "copyright", NULL, NULL)) != NULL)
702: auth_cat(copyright);
1.1 deraadt 703: motd();
704: (void)snprintf(tbuf,
705: sizeof(tbuf), "%s/%s", _PATH_MAILDIR, pwd->pw_name);
706: if (stat(tbuf, &st) == 0 && st.st_size != 0)
707: (void)printf("You have %smail.\n",
708: (st.st_mtime > st.st_atime) ? "new " : "");
709: }
710:
711: (void)signal(SIGALRM, SIG_DFL);
712: (void)signal(SIGQUIT, SIG_DFL);
1.36 millert 713: (void)signal(SIGHUP, SIG_DFL);
1.1 deraadt 714: (void)signal(SIGINT, SIG_DFL);
715: (void)signal(SIGTSTP, SIG_IGN);
716:
717: tbuf[0] = '-';
1.30 millert 718: (void)strlcpy(tbuf + 1, (p = strrchr(shell, '/')) ?
1.36 millert 719: p + 1 : shell, sizeof(tbuf) - 1);
720:
721: if ((scds.rlim_cur != QUAD_MIN || scds.rlim_max != QUAD_MIN) &&
722: setrlimit(RLIMIT_CORE, &scds) < 0)
723: syslog(LOG_ERR, "couldn't reset core dump size: %m");
724:
725: if (lastchance)
726: (void)printf("WARNING: Your password has expired. You must change your password, now!\n");
1.1 deraadt 727:
1.38 ! millert 728: if (setusercontext(lc, pwd, rootlogin ? 0 : pwd->pw_uid,
1.36 millert 729: LOGIN_SETALL & ~LOGIN_SETPATH) < 0) {
1.30 millert 730: warn("unable to set user context");
1.36 millert 731: quickexit(1);
732: }
733:
734: if (homeless) {
735: (void)printf("No home directory %s!\n", pwd->pw_dir);
736: (void)printf("Logging in with home = \"/\".\n");
737: (void)setenv("HOME", "/", 1);
1.15 tholo 738: }
1.30 millert 739:
1.36 millert 740: if (auth_approval(as, lc, NULL, "login") == 0) {
741: if (auth_getstate(as) & AUTH_EXPIRED)
742: (void)printf("Sorry -- your account has expired.\n");
743: else
744: (void)printf("approval failure\n");
745: quickexit(1);
746: }
747:
748: /*
749: * The last thing we do is discard all of the open file descriptors.
750: * Last because the C library may have some open.
751: *
752: * XXX
753: * Assume that stdin, stdout and stderr are 0, 1 and 2, and that
754: * STDERR_FILENO is 2.
755: */
756: for (cnt = getdtablesize(); cnt > STDERR_FILENO; cnt--)
757: (void)close(cnt);
758:
759: /*
760: * Close the authentication session, make sure it is marked
761: * as okay so no files are removed.
762: */
763: auth_setstate(as, AUTH_OKAY);
764: auth_close(as);
765:
1.24 art 766: #ifdef KERBEROS
1.36 millert 767: kgettokens(pwd->pw_dir);
1.24 art 768: #endif
1.1 deraadt 769:
1.30 millert 770: execlp(shell, tbuf, 0);
771: err(1, "%s", shell);
1.1 deraadt 772: }
773:
774: /*
1.36 millert 775: * Allow for a '.' and 16 characters for any instance as well as
776: * space for a ':' and 16 charcters defining the authentication type.
1.1 deraadt 777: */
1.36 millert 778: #define NBUFSIZ (UT_NAMESIZE + 1 + 16 + 1 + 16)
1.1 deraadt 779:
780: void
781: getloginname()
782: {
783: int ch;
784: char *p;
785: static char nbuf[NBUFSIZ];
786:
787: for (;;) {
788: (void)printf("login: ");
789: for (p = nbuf; (ch = getchar()) != '\n'; ) {
790: if (ch == EOF) {
791: badlogin(username);
1.36 millert 792: quickexit(0);
1.1 deraadt 793: }
794: if (p < nbuf + (NBUFSIZ - 1))
795: *p++ = ch;
796: }
1.24 art 797: if (p > nbuf) {
1.1 deraadt 798: if (nbuf[0] == '-')
799: (void)fprintf(stderr,
800: "login names may not start with '-'.\n");
801: else {
802: *p = '\0';
803: username = nbuf;
804: break;
805: }
1.24 art 806: }
1.1 deraadt 807: }
808: }
809:
810: int
811: rootterm(ttyn)
812: char *ttyn;
813: {
814: struct ttyent *t;
815:
1.36 millert 816: /* XXX - stash output of getttynam() elsewhere */
1.1 deraadt 817: return ((t = getttynam(ttyn)) && t->ty_status & TTY_SECURE);
818: }
819:
820: jmp_buf motdinterrupt;
821:
822: void
823: motd()
824: {
825: int fd, nchars;
826: sig_t oldint;
827: char tbuf[8192];
1.30 millert 828: char *motd;
829:
830: motd = login_getcapstr(lc, "welcome", _PATH_MOTDFILE, _PATH_MOTDFILE);
1.1 deraadt 831:
1.30 millert 832: if ((fd = open(motd, O_RDONLY, 0)) < 0)
1.1 deraadt 833: return;
834: oldint = signal(SIGINT, sigint);
835: if (setjmp(motdinterrupt) == 0)
836: while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0)
837: (void)write(fileno(stdout), tbuf, nchars);
838: (void)signal(SIGINT, oldint);
839: (void)close(fd);
840: }
841:
842: /* ARGSUSED */
843: void
844: sigint(signo)
845: int signo;
846: {
847: longjmp(motdinterrupt, 1);
848: }
849:
850: /* ARGSUSED */
851: void
852: timedout(signo)
853: int signo;
854: {
855: (void)fprintf(stderr, "Login timed out after %d seconds\n", timeout);
1.37 millert 856: if (username)
857: badlogin(username);
1.1 deraadt 858: exit(0);
859: }
860:
861: void
862: dolastlog(quiet)
863: int quiet;
864: {
865: struct lastlog ll;
866: int fd;
867:
868: if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) {
1.26 millert 869: (void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET);
1.1 deraadt 870: if (!quiet) {
871: if (read(fd, (char *)&ll, sizeof(ll)) == sizeof(ll) &&
872: ll.ll_time != 0) {
873: (void)printf("Last login: %.*s ",
874: 24-5, (char *)ctime(&ll.ll_time));
1.14 millert 875: (void)printf("on %.*s",
876: (int)sizeof(ll.ll_line),
877: ll.ll_line);
1.1 deraadt 878: if (*ll.ll_host != '\0')
1.14 millert 879: (void)printf(" from %.*s",
1.1 deraadt 880: (int)sizeof(ll.ll_host),
881: ll.ll_host);
1.14 millert 882: (void)putchar('\n');
1.1 deraadt 883: }
1.26 millert 884: (void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll),
885: SEEK_SET);
1.1 deraadt 886: }
887: memset((void *)&ll, 0, sizeof(ll));
888: (void)time(&ll.ll_time);
889: (void)strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
890: if (hostname)
891: (void)strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));
892: (void)write(fd, (char *)&ll, sizeof(ll));
893: (void)close(fd);
894: }
895: }
896:
897: void
898: badlogin(name)
899: char *name;
900: {
901: if (failures == 0)
902: return;
903: if (hostname) {
1.14 millert 904: syslog(LOG_NOTICE, "%d LOGIN FAILURE%s FROM %s%s%s",
905: failures, failures > 1 ? "S" : "",
906: rusername ? rusername : "", rusername ? "@" : "", hostname);
1.1 deraadt 907: syslog(LOG_AUTHPRIV|LOG_NOTICE,
1.14 millert 908: "%d LOGIN FAILURE%s FROM %s%s%s, %s",
909: failures, failures > 1 ? "S" : "",
910: rusername ? rusername : "", rusername ? "@" : "",
911: hostname, name);
1.1 deraadt 912: } else {
913: syslog(LOG_NOTICE, "%d LOGIN FAILURE%s ON %s",
914: failures, failures > 1 ? "S" : "", tty);
915: syslog(LOG_AUTHPRIV|LOG_NOTICE,
916: "%d LOGIN FAILURE%s ON %s, %s",
917: failures, failures > 1 ? "S" : "", tty, name);
918: }
919: }
920:
921: #undef UNKNOWN
922: #define UNKNOWN "su"
923:
924: char *
925: stypeof(ttyid)
926: char *ttyid;
927: {
928: struct ttyent *t;
929:
1.30 millert 930: return (ttyid && (t = getttynam(ttyid)) ? t->ty_type :
931: login_getcapstr(lc, "term", UNKNOWN, UNKNOWN));
1.1 deraadt 932: }
933:
934: void
935: sleepexit(eval)
936: int eval;
937: {
1.36 millert 938: auth_close(as);
1.1 deraadt 939: (void)sleep(5);
940: exit(eval);
1.11 millert 941: }
942:
943: void
1.36 millert 944: quickexit(eval)
945: int eval;
946: {
947: if (as)
948: auth_close(as);
949: exit(eval);
950: }
951:
952:
953: void
1.11 millert 954: sighup(signum)
955: int signum;
956: {
957: if (username)
958: badlogin(username);
1.30 millert 959: exit(0);
1.1 deraadt 960: }
1.36 millert 961:
962: #ifdef KERBEROS
963: void
964: kgettokens(homedir)
965: char *homedir;
966: {
967:
968: /* buy AFS-tokens for homedir */
969: if (k_hasafs()) {
970: char cell[128];
971: k_setpag();
972: if (k_afs_cell_of_file(homedir,
973: cell, sizeof(cell)) == 0)
974: krb_afslog(cell, 0);
975: krb_afslog(0, 0);
976: }
977: }
978: #endif