Annotation of src/usr.bin/login/login.c, Revision 1.42
1.42 ! deraadt 1: /* $OpenBSD: login.c,v 1.41 2001/07/06 18:12:06 pvalchev Exp $ */
1.3 deraadt 2: /* $NetBSD: login.c,v 1.13 1996/05/15 23:50:16 jtc Exp $ */
1.1 deraadt 3:
4: /*-
5: * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
6: * The Regents of the University of California. All rights reserved.
7: *
8: * Redistribution and use in source and binary forms, with or without
9: * modification, are permitted provided that the following conditions
10: * are met:
11: * 1. Redistributions of source code must retain the above copyright
12: * notice, this list of conditions and the following disclaimer.
13: * 2. Redistributions in binary form must reproduce the above copyright
14: * notice, this list of conditions and the following disclaimer in the
15: * documentation and/or other materials provided with the distribution.
16: * 3. All advertising materials mentioning features or use of this software
17: * must display the following acknowledgement:
18: * This product includes software developed by the University of
19: * California, Berkeley and its contributors.
20: * 4. Neither the name of the University nor the names of its contributors
21: * may be used to endorse or promote products derived from this software
22: * without specific prior written permission.
23: *
24: * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27: * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34: * SUCH DAMAGE.
35: */
1.36 millert 36: /*-
37: * Copyright (c) 1995 Berkeley Software Design, Inc. All rights reserved.
38: *
39: * Redistribution and use in source and binary forms, with or without
40: * modification, are permitted provided that the following conditions
41: * are met:
42: * 1. Redistributions of source code must retain the above copyright
43: * notice, this list of conditions and the following disclaimer.
44: * 2. Redistributions in binary form must reproduce the above copyright
45: * notice, this list of conditions and the following disclaimer in the
46: * documentation and/or other materials provided with the distribution.
47: * 3. All advertising materials mentioning features or use of this software
48: * must display the following acknowledgement:
49: * This product includes software developed by Berkeley Software Design,
50: * Inc.
51: * 4. The name of Berkeley Software Design, Inc. may not be used to endorse
52: * or promote products derived from this software without specific prior
53: * written permission.
54: *
55: * THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND
56: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
57: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
58: * ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE
59: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
60: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
61: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
62: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
63: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
64: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
65: * SUCH DAMAGE.
66: *
67: * BSDI $From: login.c,v 2.28 1999/09/08 22:35:36 prb Exp $
68: */
1.1 deraadt 69:
70: #ifndef lint
71: static char copyright[] =
72: "@(#) Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994\n\
73: The Regents of the University of California. All rights reserved.\n";
74: #endif /* not lint */
75:
76: #ifndef lint
77: #if 0
78: static char sccsid[] = "@(#)login.c 8.4 (Berkeley) 4/2/94";
79: #endif
1.42 ! deraadt 80: static char rcsid[] = "$OpenBSD: login.c,v 1.41 2001/07/06 18:12:06 pvalchev Exp $";
1.1 deraadt 81: #endif /* not lint */
82:
83: /*
84: * login [ name ]
85: * login -h hostname (for telnetd, etc.)
86: * login -f name (for pre-authenticated login: datakit, xterm, etc.)
87: */
88:
89: #include <sys/param.h>
1.36 millert 90: #include <sys/socket.h>
1.1 deraadt 91: #include <sys/stat.h>
92: #include <sys/time.h>
93: #include <sys/resource.h>
1.11 millert 94: #include <sys/wait.h>
1.1 deraadt 95:
96: #include <err.h>
97: #include <errno.h>
1.27 millert 98: #include <fcntl.h>
1.1 deraadt 99: #include <grp.h>
1.30 millert 100: #include <login_cap.h>
1.36 millert 101: #include <netdb.h>
1.1 deraadt 102: #include <pwd.h>
103: #include <setjmp.h>
104: #include <signal.h>
1.36 millert 105: #include <stdarg.h>
1.1 deraadt 106: #include <stdio.h>
107: #include <stdlib.h>
108: #include <string.h>
109: #include <syslog.h>
110: #include <ttyent.h>
111: #include <tzfile.h>
112: #include <unistd.h>
113: #include <utmp.h>
1.3 deraadt 114: #include <util.h>
1.36 millert 115: #include <bsd_auth.h>
116:
117: #ifdef KERBEROS
118: #include <kerberosIV/kafs.h>
119: #endif
1.1 deraadt 120:
121: #include "pathnames.h"
122:
123: void badlogin __P((char *));
124: void dolastlog __P((int));
125: void getloginname __P((void));
126: void motd __P((void));
1.36 millert 127: void quickexit __P((int));
1.1 deraadt 128: int rootterm __P((char *));
129: void sigint __P((int));
1.11 millert 130: void sighup __P((int));
1.1 deraadt 131: void sleepexit __P((int));
132: char *stypeof __P((char *));
133: void timedout __P((int));
1.41 pvalchev 134: int main __P((int, char **));
1.1 deraadt 135:
1.13 millert 136: extern int check_failedlogin __P((uid_t));
1.14 millert 137: extern void log_failedlogin __P((uid_t, char *, char *, char *));
1.1 deraadt 138:
139: #define TTYGRPNAME "tty" /* name of group to own ttys */
140:
141: /*
1.37 millert 142: * This bounds the time given to login; may be overridden by /etc/login.conf.
1.1 deraadt 143: */
1.30 millert 144: u_int timeout = 300;
1.1 deraadt 145:
1.36 millert 146: struct passwd *pwd;
1.30 millert 147: login_cap_t *lc = NULL;
1.36 millert 148: auth_session_t *as = NULL;
1.30 millert 149: int failures;
1.36 millert 150: int needbanner = 1;
1.30 millert 151: char term[64], *hostname, *tty;
1.36 millert 152: char *style;
1.30 millert 153: char *username = NULL, *rusername = NULL;
1.1 deraadt 154:
155: int
156: main(argc, argv)
157: int argc;
158: char *argv[];
159: {
160: extern char **environ;
1.36 millert 161: struct addrinfo *ai, hints;
1.1 deraadt 162: struct group *gr;
1.36 millert 163: struct rlimit cds, scds;
1.1 deraadt 164: struct stat st;
165: struct utmp utmp;
1.36 millert 166: quad_t expire, warning;
1.1 deraadt 167: uid_t uid;
1.36 millert 168: int ask, ch, cnt, fflag, pflag, quietlog, rootlogin, lastchance;
1.37 millert 169: int error, homeless, needto, authok, tries, backoff;
1.36 millert 170: char *domain, *p, *ttyn, *shell, *fullname, *instance;
171: char *lipaddr, *script, *ripaddr, *style, *type, *fqdn, *copyright;
1.1 deraadt 172: char tbuf[MAXPATHLEN + 2], tname[sizeof(_PATH_TTY) + 10];
173: char localhost[MAXHOSTNAMELEN];
174:
175: (void)signal(SIGALRM, timedout);
1.36 millert 176: if (argc > 1) {
177: needto = 0;
178: (void)alarm(timeout);
179: } else
180: needto = 1;
1.1 deraadt 181: (void)signal(SIGQUIT, SIG_IGN);
182: (void)signal(SIGINT, SIG_IGN);
1.36 millert 183: (void)signal(SIGHUP, SIG_IGN);
1.1 deraadt 184: (void)setpriority(PRIO_PROCESS, 0, 0);
185:
186: openlog("login", LOG_ODELAY, LOG_AUTH);
187:
1.37 millert 188: fqdn = lipaddr = ripaddr = fullname = type = NULL;
189: authok = 0;
190: tries = 10;
191: backoff = 3;
1.36 millert 192:
193: /*
194: * Since login deals with sensitive information, turn off coredumps.
195: */
196: if (getrlimit(RLIMIT_CORE, &scds) < 0) {
197: syslog(LOG_ERR, "couldn't get core dump size: %m");
198: scds.rlim_cur = scds.rlim_max = QUAD_MIN;
199: }
200: cds.rlim_cur = cds.rlim_max = 0;
201: if (setrlimit(RLIMIT_CORE, &cds) < 0) {
202: syslog(LOG_ERR, "couldn't set core dump size to 0: %m");
203: scds.rlim_cur = scds.rlim_max = QUAD_MIN;
204: }
205:
1.1 deraadt 206: /*
207: * -p is used by getty to tell login not to destroy the environment
208: * -f is used to skip a second login authentication
209: * -h is used by other servers to pass the name of the remote
210: * host to login so that it may be placed in utmp and wtmp
211: */
212: domain = NULL;
213: if (gethostname(localhost, sizeof(localhost)) < 0)
214: syslog(LOG_ERR, "couldn't get local hostname: %m");
215: else
216: domain = strchr(localhost, '.');
1.21 deraadt 217: if (domain) {
218: domain++;
219: if (*domain && strchr(domain, '.') == NULL)
220: domain = localhost;
221: }
1.1 deraadt 222:
1.36 millert 223: if ((as = auth_open()) == NULL) {
1.39 millert 224: syslog(LOG_ERR, "auth_open: %m");
225: err(1, "unable to initialize BSD authentication");
1.36 millert 226: }
1.39 millert 227: auth_setoption(as, "login", "yes");
1.36 millert 228:
229: fflag = pflag = 0;
1.1 deraadt 230: uid = getuid();
1.36 millert 231: while ((ch = getopt(argc, argv, "fh:pu:L:R:")) != -1)
1.1 deraadt 232: switch (ch) {
233: case 'f':
234: fflag = 1;
235: break;
236: case 'h':
1.36 millert 237: if (uid) {
238: warn("-h option: %s", strerror(EPERM));
239: quickexit(1);
240: }
241: if ((fqdn = strdup(optarg)) == NULL) {
242: warn(NULL);
243: quickexit(1);
244: }
245: auth_setoption(as, "fqdn", fqdn);
1.1 deraadt 246: if (domain && (p = strchr(optarg, '.')) &&
1.21 deraadt 247: strcasecmp(p+1, domain) == 0)
1.1 deraadt 248: *p = 0;
249: hostname = optarg;
1.36 millert 250: auth_setoption(as, "hostname", hostname);
251: break;
252: case 'L':
253: if (uid) {
254: warnx("-L option: %s", strerror(EPERM));
255: quickexit(1);
256: }
257: if (lipaddr) {
258: warnx("duplicate -L option");
259: quickexit(1);
260: }
261: lipaddr = optarg;
262: memset(&hints, 0, sizeof(hints));
263: hints.ai_family = PF_UNSPEC;
264: hints.ai_flags = AI_CANONNAME;
265: error = getaddrinfo(lipaddr, NULL, &hints, &ai);
266: if (!error) {
267: strlcpy(localhost, ai->ai_canonname,
268: sizeof(localhost));
269: freeaddrinfo(ai);
270: } else
271: strlcpy(localhost, lipaddr, sizeof(localhost));
272: auth_setoption(as, "local_addr", lipaddr);
1.1 deraadt 273: break;
274: case 'p':
275: pflag = 1;
276: break;
1.36 millert 277: case 'R':
278: if (uid) {
279: warnx("-R option: %s", strerror(EPERM));
280: quickexit(1);
281: }
282: if (ripaddr) {
283: warnx("duplicate -R option");
284: quickexit(1);
285: }
286: ripaddr = optarg;
287: auth_setoption(as, "remote_addr", ripaddr);
288: break;
1.14 millert 289: case 'u':
1.36 millert 290: if (uid) {
291: warnx("-u option: %s", strerror(EPERM));
292: quickexit(1);
293: }
1.14 millert 294: rusername = optarg;
295: break;
1.1 deraadt 296: default:
297: if (!uid)
298: syslog(LOG_ERR, "invalid flag %c", ch);
299: (void)fprintf(stderr,
1.36 millert 300: "usage: login [-fp] [-h hostname] [-L lipaddr] [-R ripaddr] [username]\n");
301: quickexit(1);
1.1 deraadt 302: }
303: argc -= optind;
304: argv += optind;
305:
306: if (*argv) {
307: username = *argv;
308: ask = 0;
309: } else
310: ask = 1;
311:
312: for (cnt = getdtablesize(); cnt > 2; cnt--)
313: (void)close(cnt);
314:
315: ttyn = ttyname(STDIN_FILENO);
316: if (ttyn == NULL || *ttyn == '\0') {
317: (void)snprintf(tname, sizeof(tname), "%s??", _PATH_TTY);
318: ttyn = tname;
319: }
1.12 millert 320: if ((tty = strrchr(ttyn, '/')))
1.1 deraadt 321: ++tty;
322: else
323: tty = ttyn;
324:
1.36 millert 325: #ifdef notyet
326: /* XXX - we don't (yet) support per-tty auth stuff */
327: /* BSDi uses a ttys.conf file but we could just overload /etc/ttys */
328: /*
329: * Classify the attempt.
330: * By default we use the value in the ttys file.
331: * If there is a classify script we run that as
332: *
333: * classify [-f] [username]
334: */
335: if (type = getttyauth(tty))
336: auth_setoption(as, "auth_type", type);
337: #endif
338:
339: /* get the default login class */
340: if ((lc = login_getclass(0)) == NULL) { /* get the default class */
341: warnx("Failure to retrieve default class");
342: quickexit(1);
343: }
1.37 millert 344: timeout = (u_int)login_getcapnum(lc, "login-timeout", 300, 300);
1.36 millert 345: if ((script = login_getcapstr(lc, "classify", NULL, NULL)) != NULL) {
346: unsetenv("AUTH_TYPE");
347: unsetenv("REMOTE_NAME");
348: if (script[0] != '/') {
349: syslog(LOG_ERR, "Invalid classify script: %s", script);
350: warnx("Classification failure");
351: quickexit(1);
352: }
353: shell = strrchr(script, '/') + 1;
354: auth_setstate(as, AUTH_OKAY);
355: auth_call(as, script, shell,
356: fflag ? "-f" : username, fflag ? username : 0, 0);
357: if (!(auth_getstate(as) & AUTH_ALLOW))
358: quickexit(1);
359: auth_setenv(as);
360: if ((p = getenv("AUTH_TYPE")) != NULL &&
361: strncmp(p, "auth-", 5) == 0)
362: type = p;
363: if ((p = getenv("REMOTE_NAME")) != NULL)
364: hostname = p;
365: /*
366: * we may have changed some values, reset them
367: */
368: auth_clroptions(as);
369: if (type)
370: auth_setoption(as, "auth_type", type);
371: if (fqdn)
372: auth_setoption(as, "fqdn", fqdn);
373: if (hostname)
374: auth_setoption(as, "hostname", hostname);
375: if (lipaddr)
376: auth_setoption(as, "local_addr", lipaddr);
377: if (ripaddr)
378: auth_setoption(as, "remote_addr", ripaddr);
379: }
380:
381: /*
382: * Request the things like the approval script print things
383: * to stdout (in particular, the nologins files)
384: */
385: auth_setitem(as, AUTHV_INTERACTIVE, "True");
386:
1.1 deraadt 387: for (cnt = 0;; ask = 1) {
1.36 millert 388: /*
389: * Clean up our current authentication session.
390: * Options are not cleared so we need to clear any
391: * we might set below.
392: */
393: auth_clean(as);
394: auth_clroption(as, "style");
395: auth_clroption(as, "lastchance");
396:
397: lastchance = 0;
398:
1.1 deraadt 399: if (ask) {
400: fflag = 0;
401: getloginname();
402: }
1.36 millert 403: if (needto) {
404: needto = 0;
405: alarm(timeout);
406: }
407: if ((style = strchr(username, ':')) != NULL)
408: *style++ = '\0';
409: if (fullname)
410: free(fullname);
411: if (auth_setitem(as, AUTHV_NAME, username) < 0 ||
412: (fullname = strdup(username)) == NULL) {
413: syslog(LOG_ERR, "%m");
414: warn(NULL);
415: quickexit(1);
416: }
1.1 deraadt 417: rootlogin = 0;
1.40 millert 418: if ((instance = strpbrk(username, "./")) != NULL) {
419: if (strncmp(instance + 1, "root", 4) == 0)
1.1 deraadt 420: rootlogin = 1;
421: *instance++ = '\0';
422: } else
423: instance = "";
1.36 millert 424:
1.1 deraadt 425: if (strlen(username) > UT_NAMESIZE)
426: username[UT_NAMESIZE] = '\0';
427:
428: /*
429: * Note if trying multiple user names; log failures for
430: * previous user name, but don't bother logging one failure
431: * for nonexistent name (mistyped username).
432: */
433: if (failures && strcmp(tbuf, username)) {
434: if (failures > (pwd ? 0 : 1))
435: badlogin(tbuf);
436: failures = 0;
437: }
1.36 millert 438: (void)strlcpy(tbuf, username, sizeof(tbuf));
1.1 deraadt 439:
1.36 millert 440: if ((pwd = getpwnam(username)) != NULL &&
441: auth_setpwd(as, pwd) < 0) {
442: syslog(LOG_ERR, "%m");
443: warn(NULL);
444: quickexit(1);
445: }
1.1 deraadt 446:
1.36 millert 447: lc = login_getclass(pwd ? pwd->pw_class : NULL);
448: if (!lc)
449: goto failed;
1.1 deraadt 450:
1.36 millert 451: style = login_getstyle(lc, style, type);
452: if (!style)
453: goto failed;
1.1 deraadt 454:
1.36 millert 455: /*
1.37 millert 456: * We allow "login-tries" attempts to login but start
457: * slowing down after "login-backoff" attempts.
458: */
459: tries = (int)login_getcapnum(lc, "login-tries", 10, 10);
460: backoff = (int)login_getcapnum(lc, "login-backoff", 3, 3);
461:
462: /*
1.36 millert 463: * Turn off the fflag if we have an an invalid user
464: * or we are not root and we are trying to change uids.
465: */
466: if (!pwd || (uid && uid != pwd->pw_uid))
467: fflag = 0;
1.1 deraadt 468:
1.36 millert 469: if (pwd && pwd->pw_uid == 0)
470: rootlogin = 1;
1.25 millert 471:
1.36 millert 472: /*
473: * If we do not have the force flag authenticate the user
474: */
475: if (fflag)
476: authok = AUTH_SECURE;
477: else {
478: lastchance =
479: login_getcaptime(lc, "password-dead", 0, 0) != 0;
480: if (lastchance)
481: auth_setoption(as, "lastchance", "yes");
482: /*
483: * Once we start asking for a password
484: * we want to log a failure on a hup.
485: */
486: signal(SIGHUP, sighup);
487: auth_verify(as, style, NULL, lc->lc_class, NULL);
488: authok = auth_getstate(as);
489: /*
490: * If their password expired and it has not been
491: * too long since then, give the user one last
492: * chance to change their password
493: */
494: if ((authok & AUTH_PWEXPIRED) && lastchance) {
495: authok = AUTH_OKAY;
496: } else
497: lastchance = 0;
498: if ((authok & AUTH_ALLOW) == 0)
499: goto failed;
500: if (auth_setoption(as, "style", style) < 0) {
501: syslog(LOG_ERR, "%m");
502: warn(NULL);
503: quickexit(1);
1.25 millert 504: }
1.1 deraadt 505: }
1.36 millert 506: /*
507: * explicitly reject users without password file entries
508: */
509: if (pwd == 0)
510: goto failed;
1.1 deraadt 511:
1.36 millert 512: authok &= AUTH_SECURE;
1.1 deraadt 513:
514: /*
1.36 millert 515: * If trying to log in as root on an insecure terminal,
516: * refuse the login attempt unless the authentication
517: * style explicitly says a root login is okay.
1.1 deraadt 518: */
1.36 millert 519: if (authok == 0 && pwd && rootlogin && !rootterm(tty))
520: goto failed;
1.29 millert 521:
1.36 millert 522: if (fflag) {
523: type = 0;
524: style = "forced";
525: }
526: break;
527:
528: failed:
529: if (authok & AUTH_SILENT)
530: quickexit(0);
1.29 millert 531: if (rootlogin && !rootterm(tty)) {
1.36 millert 532: warnx("%s login refused on this terminal.",
533: fullname);
1.1 deraadt 534: if (hostname)
535: syslog(LOG_NOTICE,
1.14 millert 536: "LOGIN %s REFUSED FROM %s%s%s ON TTY %s",
1.36 millert 537: fullname, rusername ? rusername : "",
1.14 millert 538: rusername ? "@" : "", hostname, tty);
1.1 deraadt 539: else
540: syslog(LOG_NOTICE,
541: "LOGIN %s REFUSED ON TTY %s",
1.36 millert 542: fullname, tty);
543: } else {
544: if (!as || (p = auth_getvalue(as, "errormsg")) == NULL)
545: p = "Login incorrect";
546: (void)printf("%s\n", p);
547: }
1.1 deraadt 548: failures++;
1.13 millert 549: if (pwd)
1.14 millert 550: log_failedlogin(pwd->pw_uid, hostname, rusername, tty);
1.37 millert 551: /*
552: * By default, we allow 10 tries, but after 3 we start
553: * backing off to slow down password guessers.
554: */
555: if (++cnt > backoff) {
556: if (cnt >= tries) {
1.1 deraadt 557: badlogin(username);
558: sleepexit(1);
559: }
1.37 millert 560: sleep((u_int)((cnt - backoff) * tries / 2));
1.1 deraadt 561: }
562: }
563:
564: /* committed to login -- turn off timeout */
1.36 millert 565: (void)alarm(0);
1.1 deraadt 566:
567: endpwent();
568:
1.30 millert 569: shell = login_getcapstr(lc, "shell", pwd->pw_shell, pwd->pw_shell);
570: if (*shell == '\0')
571: shell = _PATH_BSHELL;
572: else if (strlen(shell) >= MAXPATHLEN) {
573: syslog(LOG_ERR, "shell path too long: %s", shell);
574: warnx("invalid shell");
1.36 millert 575: quickexit(1);
1.24 art 576: }
1.1 deraadt 577:
578: /* Destroy environment unless user has requested its preservation. */
1.24 art 579: if (!pflag) {
1.22 deraadt 580: if ((environ = calloc(1, sizeof (char *))) == NULL)
581: err(1, "calloc");
1.24 art 582: } else {
1.9 millert 583: char **cpp, **cpp2;
584:
585: for (cpp2 = cpp = environ; *cpp; cpp++) {
586: if (strncmp(*cpp, "LD_", 3) &&
1.29 millert 587: strncmp(*cpp, "ENV=", 4) &&
588: strncmp(*cpp, "BASH_ENV=", 9) &&
1.9 millert 589: strncmp(*cpp, "IFS=", 4))
590: *cpp2++ = *cpp;
591: }
592: *cpp2 = 0;
593: }
1.30 millert 594: /* Note: setusercontext(3) will set PATH */
1.34 deraadt 595: if (setenv("HOME", pwd->pw_dir, 1) == -1 ||
596: setenv("SHELL", shell, 1) == -1) {
597: warn("unable to setenv()");
1.36 millert 598: quickexit(1);
1.34 deraadt 599: }
1.1 deraadt 600: if (term[0] == '\0')
1.29 millert 601: (void)strlcpy(term, stypeof(tty), sizeof(term));
1.34 deraadt 602: if (setenv("TERM", term, 0) == -1 ||
603: setenv("LOGNAME", pwd->pw_name, 1) == -1 ||
604: setenv("USER", pwd->pw_name, 1) == -1) {
605: warn("unable to setenv()");
1.36 millert 606: quickexit(1);
1.34 deraadt 607: }
608: if (hostname) {
609: if (setenv("REMOTEHOST", hostname, 1) == -1) {
610: warn("unable to setenv()");
1.36 millert 611: quickexit(1);
1.34 deraadt 612: }
613: }
614: if (rusername) {
615: if (setenv("REMOTEUSER", rusername, 1) == -1) {
616: warn("unable to setenv()");
1.36 millert 617: quickexit(1);
1.34 deraadt 618: }
619: }
1.36 millert 620:
621: if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETPATH)) {
622: warn("unable to set user context");
623: quickexit(1);
624: }
625: auth_setenv(as);
626:
627: /* if user not super-user, check for disabled logins */
628: if (!rootlogin)
629: auth_checknologin(lc);
630:
631: setegid(pwd->pw_gid);
632: seteuid(pwd->pw_uid);
633:
634: homeless = chdir(pwd->pw_dir);
635: if (homeless) {
636: if (login_getcapbool(lc, "requirehome", 0)) {
637: (void)printf("No home directory %s!\n", pwd->pw_dir);
638: quickexit(1);
1.34 deraadt 639: }
1.36 millert 640: if (chdir("/"))
641: quickexit(0);
1.34 deraadt 642: }
1.36 millert 643:
644: quietlog = ((strcmp(pwd->pw_shell, "/sbin/nologin") == 0) ||
645: login_getcapbool(lc, "hushlogin", 0) ||
646: (access(_PATH_HUSHLOGIN, F_OK) == 0));
647:
648: seteuid(0);
649: setegid(0); /* XXX use a saved gid instead? */
650:
651: if ((p = auth_getvalue(as, "warnmsg")) != NULL)
652: (void)printf("WARNING: %s\n\n", p);
653:
654: expire = auth_check_expire(as);
655: if (expire < 0) {
656: (void)printf("Sorry -- your account has expired.\n");
657: quickexit(1);
658: } else if (expire > 0 && !quietlog) {
659: warning = login_getcaptime(lc, "expire-warn",
660: 2 * DAYSPERWEEK * SECSPERDAY, 2 * DAYSPERWEEK * SECSPERDAY);
661: if (expire < warning)
662: (void)printf("Warning: your account expires on %s",
663: ctime(&pwd->pw_expire));
1.34 deraadt 664: }
1.36 millert 665:
666: /* Nothing else left to fail -- really log in. */
667: (void)signal(SIGHUP, SIG_DFL);
668: memset(&utmp, 0, sizeof(utmp));
669: (void)time(&utmp.ut_time);
670: (void)strncpy(utmp.ut_name, username, sizeof(utmp.ut_name));
671: if (hostname)
672: (void)strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
673: (void)strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
674: login(&utmp);
675:
676: if (!quietlog)
677: (void)check_failedlogin(pwd->pw_uid);
678: dolastlog(quietlog);
679:
680: login_fbtab(tty, pwd->pw_uid, pwd->pw_gid);
681:
682: (void)chown(ttyn, pwd->pw_uid,
683: (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid);
684:
1.1 deraadt 685: /* If fflag is on, assume caller/authenticator has logged root login. */
1.24 art 686: if (rootlogin && fflag == 0) {
1.1 deraadt 687: if (hostname)
1.14 millert 688: syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s FROM %s%s%s",
689: username, tty, rusername ? rusername : "",
690: rusername ? "@" : "", hostname);
1.1 deraadt 691: else
692: syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s", username, tty);
1.24 art 693: }
1.1 deraadt 694:
695: if (!quietlog) {
1.2 deraadt 696: #if 0
1.1 deraadt 697: (void)printf("%s\n\t%s %s\n\n",
698: "Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994",
699: "The Regents of the University of California. ",
700: "All rights reserved.");
1.2 deraadt 701: #endif
1.36 millert 702: if ((copyright =
703: login_getcapstr(lc, "copyright", NULL, NULL)) != NULL)
704: auth_cat(copyright);
1.1 deraadt 705: motd();
706: (void)snprintf(tbuf,
707: sizeof(tbuf), "%s/%s", _PATH_MAILDIR, pwd->pw_name);
708: if (stat(tbuf, &st) == 0 && st.st_size != 0)
709: (void)printf("You have %smail.\n",
710: (st.st_mtime > st.st_atime) ? "new " : "");
711: }
712:
713: (void)signal(SIGALRM, SIG_DFL);
714: (void)signal(SIGQUIT, SIG_DFL);
1.36 millert 715: (void)signal(SIGHUP, SIG_DFL);
1.1 deraadt 716: (void)signal(SIGINT, SIG_DFL);
717: (void)signal(SIGTSTP, SIG_IGN);
718:
719: tbuf[0] = '-';
1.30 millert 720: (void)strlcpy(tbuf + 1, (p = strrchr(shell, '/')) ?
1.36 millert 721: p + 1 : shell, sizeof(tbuf) - 1);
722:
723: if ((scds.rlim_cur != QUAD_MIN || scds.rlim_max != QUAD_MIN) &&
724: setrlimit(RLIMIT_CORE, &scds) < 0)
725: syslog(LOG_ERR, "couldn't reset core dump size: %m");
726:
727: if (lastchance)
728: (void)printf("WARNING: Your password has expired. You must change your password, now!\n");
1.1 deraadt 729:
1.38 millert 730: if (setusercontext(lc, pwd, rootlogin ? 0 : pwd->pw_uid,
1.36 millert 731: LOGIN_SETALL & ~LOGIN_SETPATH) < 0) {
1.30 millert 732: warn("unable to set user context");
1.36 millert 733: quickexit(1);
734: }
735:
736: if (homeless) {
737: (void)printf("No home directory %s!\n", pwd->pw_dir);
738: (void)printf("Logging in with home = \"/\".\n");
739: (void)setenv("HOME", "/", 1);
1.15 tholo 740: }
1.30 millert 741:
1.36 millert 742: if (auth_approval(as, lc, NULL, "login") == 0) {
743: if (auth_getstate(as) & AUTH_EXPIRED)
744: (void)printf("Sorry -- your account has expired.\n");
745: else
746: (void)printf("approval failure\n");
747: quickexit(1);
748: }
749:
750: /*
751: * The last thing we do is discard all of the open file descriptors.
752: * Last because the C library may have some open.
753: *
754: * XXX
755: * Assume that stdin, stdout and stderr are 0, 1 and 2, and that
756: * STDERR_FILENO is 2.
757: */
758: for (cnt = getdtablesize(); cnt > STDERR_FILENO; cnt--)
759: (void)close(cnt);
760:
761: /*
762: * Close the authentication session, make sure it is marked
763: * as okay so no files are removed.
764: */
765: auth_setstate(as, AUTH_OKAY);
766: auth_close(as);
767:
1.24 art 768: #ifdef KERBEROS
1.36 millert 769: kgettokens(pwd->pw_dir);
1.24 art 770: #endif
1.1 deraadt 771:
1.42 ! deraadt 772: execlp(shell, tbuf, (char *)NULL);
1.30 millert 773: err(1, "%s", shell);
1.1 deraadt 774: }
775:
776: /*
1.36 millert 777: * Allow for a '.' and 16 characters for any instance as well as
778: * space for a ':' and 16 charcters defining the authentication type.
1.1 deraadt 779: */
1.36 millert 780: #define NBUFSIZ (UT_NAMESIZE + 1 + 16 + 1 + 16)
1.1 deraadt 781:
782: void
783: getloginname()
784: {
785: int ch;
786: char *p;
787: static char nbuf[NBUFSIZ];
788:
789: for (;;) {
790: (void)printf("login: ");
791: for (p = nbuf; (ch = getchar()) != '\n'; ) {
792: if (ch == EOF) {
793: badlogin(username);
1.36 millert 794: quickexit(0);
1.1 deraadt 795: }
796: if (p < nbuf + (NBUFSIZ - 1))
797: *p++ = ch;
798: }
1.24 art 799: if (p > nbuf) {
1.1 deraadt 800: if (nbuf[0] == '-')
801: (void)fprintf(stderr,
802: "login names may not start with '-'.\n");
803: else {
804: *p = '\0';
805: username = nbuf;
806: break;
807: }
1.24 art 808: }
1.1 deraadt 809: }
810: }
811:
812: int
813: rootterm(ttyn)
814: char *ttyn;
815: {
816: struct ttyent *t;
817:
1.36 millert 818: /* XXX - stash output of getttynam() elsewhere */
1.1 deraadt 819: return ((t = getttynam(ttyn)) && t->ty_status & TTY_SECURE);
820: }
821:
822: jmp_buf motdinterrupt;
823:
824: void
825: motd()
826: {
827: int fd, nchars;
828: sig_t oldint;
829: char tbuf[8192];
1.30 millert 830: char *motd;
831:
832: motd = login_getcapstr(lc, "welcome", _PATH_MOTDFILE, _PATH_MOTDFILE);
1.1 deraadt 833:
1.30 millert 834: if ((fd = open(motd, O_RDONLY, 0)) < 0)
1.1 deraadt 835: return;
836: oldint = signal(SIGINT, sigint);
837: if (setjmp(motdinterrupt) == 0)
838: while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0)
839: (void)write(fileno(stdout), tbuf, nchars);
840: (void)signal(SIGINT, oldint);
841: (void)close(fd);
842: }
843:
844: /* ARGSUSED */
845: void
846: sigint(signo)
847: int signo;
848: {
849: longjmp(motdinterrupt, 1);
850: }
851:
852: /* ARGSUSED */
853: void
854: timedout(signo)
855: int signo;
856: {
857: (void)fprintf(stderr, "Login timed out after %d seconds\n", timeout);
1.37 millert 858: if (username)
859: badlogin(username);
1.1 deraadt 860: exit(0);
861: }
862:
863: void
864: dolastlog(quiet)
865: int quiet;
866: {
867: struct lastlog ll;
868: int fd;
869:
870: if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) {
1.26 millert 871: (void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET);
1.1 deraadt 872: if (!quiet) {
873: if (read(fd, (char *)&ll, sizeof(ll)) == sizeof(ll) &&
874: ll.ll_time != 0) {
875: (void)printf("Last login: %.*s ",
876: 24-5, (char *)ctime(&ll.ll_time));
1.14 millert 877: (void)printf("on %.*s",
878: (int)sizeof(ll.ll_line),
879: ll.ll_line);
1.1 deraadt 880: if (*ll.ll_host != '\0')
1.14 millert 881: (void)printf(" from %.*s",
1.1 deraadt 882: (int)sizeof(ll.ll_host),
883: ll.ll_host);
1.14 millert 884: (void)putchar('\n');
1.1 deraadt 885: }
1.26 millert 886: (void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll),
887: SEEK_SET);
1.1 deraadt 888: }
889: memset((void *)&ll, 0, sizeof(ll));
890: (void)time(&ll.ll_time);
891: (void)strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
892: if (hostname)
893: (void)strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));
894: (void)write(fd, (char *)&ll, sizeof(ll));
895: (void)close(fd);
896: }
897: }
898:
899: void
900: badlogin(name)
901: char *name;
902: {
903: if (failures == 0)
904: return;
905: if (hostname) {
1.14 millert 906: syslog(LOG_NOTICE, "%d LOGIN FAILURE%s FROM %s%s%s",
907: failures, failures > 1 ? "S" : "",
908: rusername ? rusername : "", rusername ? "@" : "", hostname);
1.1 deraadt 909: syslog(LOG_AUTHPRIV|LOG_NOTICE,
1.14 millert 910: "%d LOGIN FAILURE%s FROM %s%s%s, %s",
911: failures, failures > 1 ? "S" : "",
912: rusername ? rusername : "", rusername ? "@" : "",
913: hostname, name);
1.1 deraadt 914: } else {
915: syslog(LOG_NOTICE, "%d LOGIN FAILURE%s ON %s",
916: failures, failures > 1 ? "S" : "", tty);
917: syslog(LOG_AUTHPRIV|LOG_NOTICE,
918: "%d LOGIN FAILURE%s ON %s, %s",
919: failures, failures > 1 ? "S" : "", tty, name);
920: }
921: }
922:
923: #undef UNKNOWN
924: #define UNKNOWN "su"
925:
926: char *
927: stypeof(ttyid)
928: char *ttyid;
929: {
930: struct ttyent *t;
931:
1.30 millert 932: return (ttyid && (t = getttynam(ttyid)) ? t->ty_type :
933: login_getcapstr(lc, "term", UNKNOWN, UNKNOWN));
1.1 deraadt 934: }
935:
936: void
937: sleepexit(eval)
938: int eval;
939: {
1.36 millert 940: auth_close(as);
1.1 deraadt 941: (void)sleep(5);
942: exit(eval);
1.11 millert 943: }
944:
945: void
1.36 millert 946: quickexit(eval)
947: int eval;
948: {
949: if (as)
950: auth_close(as);
951: exit(eval);
952: }
953:
954:
955: void
1.11 millert 956: sighup(signum)
957: int signum;
958: {
959: if (username)
960: badlogin(username);
1.30 millert 961: exit(0);
1.1 deraadt 962: }
1.36 millert 963:
964: #ifdef KERBEROS
965: void
966: kgettokens(homedir)
967: char *homedir;
968: {
969:
970: /* buy AFS-tokens for homedir */
971: if (k_hasafs()) {
972: char cell[128];
973: k_setpag();
974: if (k_afs_cell_of_file(homedir,
975: cell, sizeof(cell)) == 0)
976: krb_afslog(cell, 0);
977: krb_afslog(0, 0);
978: }
979: }
980: #endif