Annotation of src/usr.bin/login/login.c, Revision 1.48
1.48 ! millert 1: /* $OpenBSD: login.c,v 1.47 2002/07/02 01:15:08 deraadt Exp $ */
1.3 deraadt 2: /* $NetBSD: login.c,v 1.13 1996/05/15 23:50:16 jtc Exp $ */
1.1 deraadt 3:
4: /*-
5: * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
6: * The Regents of the University of California. All rights reserved.
7: *
8: * Redistribution and use in source and binary forms, with or without
9: * modification, are permitted provided that the following conditions
10: * are met:
11: * 1. Redistributions of source code must retain the above copyright
12: * notice, this list of conditions and the following disclaimer.
13: * 2. Redistributions in binary form must reproduce the above copyright
14: * notice, this list of conditions and the following disclaimer in the
15: * documentation and/or other materials provided with the distribution.
16: * 3. All advertising materials mentioning features or use of this software
17: * must display the following acknowledgement:
18: * This product includes software developed by the University of
19: * California, Berkeley and its contributors.
20: * 4. Neither the name of the University nor the names of its contributors
21: * may be used to endorse or promote products derived from this software
22: * without specific prior written permission.
23: *
24: * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27: * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34: * SUCH DAMAGE.
35: */
1.36 millert 36: /*-
37: * Copyright (c) 1995 Berkeley Software Design, Inc. All rights reserved.
38: *
39: * Redistribution and use in source and binary forms, with or without
40: * modification, are permitted provided that the following conditions
41: * are met:
42: * 1. Redistributions of source code must retain the above copyright
43: * notice, this list of conditions and the following disclaimer.
44: * 2. Redistributions in binary form must reproduce the above copyright
45: * notice, this list of conditions and the following disclaimer in the
46: * documentation and/or other materials provided with the distribution.
47: * 3. All advertising materials mentioning features or use of this software
48: * must display the following acknowledgement:
49: * This product includes software developed by Berkeley Software Design,
50: * Inc.
51: * 4. The name of Berkeley Software Design, Inc. may not be used to endorse
52: * or promote products derived from this software without specific prior
53: * written permission.
54: *
55: * THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND
56: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
57: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
58: * ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE
59: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
60: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
61: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
62: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
63: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
64: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
65: * SUCH DAMAGE.
66: *
67: * BSDI $From: login.c,v 2.28 1999/09/08 22:35:36 prb Exp $
68: */
1.1 deraadt 69:
70: #ifndef lint
71: static char copyright[] =
72: "@(#) Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994\n\
73: The Regents of the University of California. All rights reserved.\n";
74: #endif /* not lint */
75:
76: #ifndef lint
77: #if 0
78: static char sccsid[] = "@(#)login.c 8.4 (Berkeley) 4/2/94";
79: #endif
1.48 ! millert 80: static char rcsid[] = "$OpenBSD: login.c,v 1.47 2002/07/02 01:15:08 deraadt Exp $";
1.1 deraadt 81: #endif /* not lint */
82:
83: /*
84: * login [ name ]
85: * login -h hostname (for telnetd, etc.)
86: * login -f name (for pre-authenticated login: datakit, xterm, etc.)
87: */
88:
89: #include <sys/param.h>
1.36 millert 90: #include <sys/socket.h>
1.1 deraadt 91: #include <sys/stat.h>
92: #include <sys/time.h>
93: #include <sys/resource.h>
1.11 millert 94: #include <sys/wait.h>
1.1 deraadt 95:
96: #include <err.h>
97: #include <errno.h>
1.27 millert 98: #include <fcntl.h>
1.1 deraadt 99: #include <grp.h>
1.30 millert 100: #include <login_cap.h>
1.36 millert 101: #include <netdb.h>
1.1 deraadt 102: #include <pwd.h>
103: #include <signal.h>
1.36 millert 104: #include <stdarg.h>
1.1 deraadt 105: #include <stdio.h>
106: #include <stdlib.h>
107: #include <string.h>
108: #include <syslog.h>
109: #include <ttyent.h>
110: #include <tzfile.h>
111: #include <unistd.h>
112: #include <utmp.h>
1.3 deraadt 113: #include <util.h>
1.36 millert 114: #include <bsd_auth.h>
115:
116: #ifdef KERBEROS
117: #include <kerberosIV/kafs.h>
118: #endif
1.1 deraadt 119:
120: #include "pathnames.h"
121:
1.45 millert 122: void badlogin(char *);
123: void dolastlog(int);
124: void getloginname(void);
125: void motd(void);
126: void quickexit(int);
127: int rootterm(char *);
128: void sigint(int);
129: void sighup(int);
130: void sleepexit(int);
131: char *stypeof(char *);
132: void timedout(int);
133: int main(int, char **);
1.1 deraadt 134:
1.45 millert 135: extern int check_failedlogin(uid_t);
136: extern void log_failedlogin(uid_t, char *, char *, char *);
1.1 deraadt 137:
138: #define TTYGRPNAME "tty" /* name of group to own ttys */
139:
140: /*
1.37 millert 141: * This bounds the time given to login; may be overridden by /etc/login.conf.
1.1 deraadt 142: */
1.30 millert 143: u_int timeout = 300;
1.1 deraadt 144:
1.36 millert 145: struct passwd *pwd;
1.30 millert 146: login_cap_t *lc = NULL;
1.36 millert 147: auth_session_t *as = NULL;
1.30 millert 148: int failures;
1.36 millert 149: int needbanner = 1;
1.30 millert 150: char term[64], *hostname, *tty;
1.36 millert 151: char *style;
1.30 millert 152: char *username = NULL, *rusername = NULL;
1.1 deraadt 153:
1.47 deraadt 154: extern char **environ;
155:
1.1 deraadt 156: int
1.47 deraadt 157: main(int argc, char *argv[])
1.1 deraadt 158: {
1.47 deraadt 159: char *domain, *p, *ttyn, *shell, *fullname, *instance;
160: char *lipaddr, *script, *ripaddr, *style, *type, *fqdn;
161: char tbuf[MAXPATHLEN + 2], tname[sizeof(_PATH_TTY) + 10];
162: char localhost[MAXHOSTNAMELEN], *copyright;
163: int ask, ch, cnt, fflag, pflag, quietlog, rootlogin, lastchance;
164: int error, homeless, needto, authok, tries, backoff;
1.36 millert 165: struct addrinfo *ai, hints;
1.47 deraadt 166: struct rlimit cds, scds;
167: quad_t expire, warning;
168: struct utmp utmp;
1.1 deraadt 169: struct group *gr;
170: struct stat st;
171: uid_t uid;
172:
173: (void)signal(SIGALRM, timedout);
1.36 millert 174: if (argc > 1) {
175: needto = 0;
176: (void)alarm(timeout);
177: } else
178: needto = 1;
1.1 deraadt 179: (void)signal(SIGQUIT, SIG_IGN);
180: (void)signal(SIGINT, SIG_IGN);
1.36 millert 181: (void)signal(SIGHUP, SIG_IGN);
1.1 deraadt 182: (void)setpriority(PRIO_PROCESS, 0, 0);
183:
184: openlog("login", LOG_ODELAY, LOG_AUTH);
185:
1.37 millert 186: fqdn = lipaddr = ripaddr = fullname = type = NULL;
187: authok = 0;
188: tries = 10;
189: backoff = 3;
1.36 millert 190:
191: /*
192: * Since login deals with sensitive information, turn off coredumps.
193: */
194: if (getrlimit(RLIMIT_CORE, &scds) < 0) {
195: syslog(LOG_ERR, "couldn't get core dump size: %m");
196: scds.rlim_cur = scds.rlim_max = QUAD_MIN;
197: }
198: cds.rlim_cur = cds.rlim_max = 0;
199: if (setrlimit(RLIMIT_CORE, &cds) < 0) {
200: syslog(LOG_ERR, "couldn't set core dump size to 0: %m");
201: scds.rlim_cur = scds.rlim_max = QUAD_MIN;
202: }
203:
1.1 deraadt 204: /*
205: * -p is used by getty to tell login not to destroy the environment
206: * -f is used to skip a second login authentication
207: * -h is used by other servers to pass the name of the remote
208: * host to login so that it may be placed in utmp and wtmp
209: */
210: domain = NULL;
211: if (gethostname(localhost, sizeof(localhost)) < 0)
212: syslog(LOG_ERR, "couldn't get local hostname: %m");
213: else
214: domain = strchr(localhost, '.');
1.21 deraadt 215: if (domain) {
216: domain++;
217: if (*domain && strchr(domain, '.') == NULL)
218: domain = localhost;
219: }
1.1 deraadt 220:
1.36 millert 221: if ((as = auth_open()) == NULL) {
1.39 millert 222: syslog(LOG_ERR, "auth_open: %m");
223: err(1, "unable to initialize BSD authentication");
1.36 millert 224: }
1.39 millert 225: auth_setoption(as, "login", "yes");
1.36 millert 226:
227: fflag = pflag = 0;
1.1 deraadt 228: uid = getuid();
1.36 millert 229: while ((ch = getopt(argc, argv, "fh:pu:L:R:")) != -1)
1.1 deraadt 230: switch (ch) {
231: case 'f':
232: fflag = 1;
233: break;
234: case 'h':
1.36 millert 235: if (uid) {
1.46 vincent 236: warnx("-h option: %s", strerror(EPERM));
1.36 millert 237: quickexit(1);
238: }
239: if ((fqdn = strdup(optarg)) == NULL) {
240: warn(NULL);
241: quickexit(1);
242: }
243: auth_setoption(as, "fqdn", fqdn);
1.1 deraadt 244: if (domain && (p = strchr(optarg, '.')) &&
1.21 deraadt 245: strcasecmp(p+1, domain) == 0)
1.1 deraadt 246: *p = 0;
247: hostname = optarg;
1.36 millert 248: auth_setoption(as, "hostname", hostname);
249: break;
250: case 'L':
251: if (uid) {
252: warnx("-L option: %s", strerror(EPERM));
253: quickexit(1);
254: }
255: if (lipaddr) {
256: warnx("duplicate -L option");
257: quickexit(1);
258: }
259: lipaddr = optarg;
260: memset(&hints, 0, sizeof(hints));
261: hints.ai_family = PF_UNSPEC;
262: hints.ai_flags = AI_CANONNAME;
263: error = getaddrinfo(lipaddr, NULL, &hints, &ai);
264: if (!error) {
265: strlcpy(localhost, ai->ai_canonname,
266: sizeof(localhost));
267: freeaddrinfo(ai);
268: } else
269: strlcpy(localhost, lipaddr, sizeof(localhost));
270: auth_setoption(as, "local_addr", lipaddr);
1.1 deraadt 271: break;
272: case 'p':
273: pflag = 1;
274: break;
1.36 millert 275: case 'R':
276: if (uid) {
277: warnx("-R option: %s", strerror(EPERM));
278: quickexit(1);
279: }
280: if (ripaddr) {
281: warnx("duplicate -R option");
282: quickexit(1);
283: }
284: ripaddr = optarg;
285: auth_setoption(as, "remote_addr", ripaddr);
286: break;
1.14 millert 287: case 'u':
1.36 millert 288: if (uid) {
289: warnx("-u option: %s", strerror(EPERM));
290: quickexit(1);
291: }
1.14 millert 292: rusername = optarg;
293: break;
1.1 deraadt 294: default:
295: if (!uid)
296: syslog(LOG_ERR, "invalid flag %c", ch);
297: (void)fprintf(stderr,
1.47 deraadt 298: "usage: login [-fp] [-h hostname] [-L lipaddr] "
299: "[-R ripaddr] [-u username] [user]\n");
1.36 millert 300: quickexit(1);
1.1 deraadt 301: }
302: argc -= optind;
303: argv += optind;
304:
305: if (*argv) {
306: username = *argv;
307: ask = 0;
308: } else
309: ask = 1;
310:
311: for (cnt = getdtablesize(); cnt > 2; cnt--)
312: (void)close(cnt);
313:
314: ttyn = ttyname(STDIN_FILENO);
315: if (ttyn == NULL || *ttyn == '\0') {
316: (void)snprintf(tname, sizeof(tname), "%s??", _PATH_TTY);
317: ttyn = tname;
318: }
1.12 millert 319: if ((tty = strrchr(ttyn, '/')))
1.1 deraadt 320: ++tty;
321: else
322: tty = ttyn;
323:
1.36 millert 324: #ifdef notyet
325: /* XXX - we don't (yet) support per-tty auth stuff */
326: /* BSDi uses a ttys.conf file but we could just overload /etc/ttys */
327: /*
328: * Classify the attempt.
329: * By default we use the value in the ttys file.
330: * If there is a classify script we run that as
331: *
332: * classify [-f] [username]
333: */
334: if (type = getttyauth(tty))
335: auth_setoption(as, "auth_type", type);
336: #endif
337:
338: /* get the default login class */
1.47 deraadt 339: if ((lc = login_getclass(0)) == NULL) { /* get the default class */
1.36 millert 340: warnx("Failure to retrieve default class");
341: quickexit(1);
342: }
1.37 millert 343: timeout = (u_int)login_getcapnum(lc, "login-timeout", 300, 300);
1.36 millert 344: if ((script = login_getcapstr(lc, "classify", NULL, NULL)) != NULL) {
345: unsetenv("AUTH_TYPE");
346: unsetenv("REMOTE_NAME");
347: if (script[0] != '/') {
348: syslog(LOG_ERR, "Invalid classify script: %s", script);
349: warnx("Classification failure");
350: quickexit(1);
351: }
352: shell = strrchr(script, '/') + 1;
353: auth_setstate(as, AUTH_OKAY);
1.47 deraadt 354: auth_call(as, script, shell,
1.36 millert 355: fflag ? "-f" : username, fflag ? username : 0, 0);
356: if (!(auth_getstate(as) & AUTH_ALLOW))
357: quickexit(1);
358: auth_setenv(as);
359: if ((p = getenv("AUTH_TYPE")) != NULL &&
360: strncmp(p, "auth-", 5) == 0)
361: type = p;
362: if ((p = getenv("REMOTE_NAME")) != NULL)
363: hostname = p;
364: /*
365: * we may have changed some values, reset them
366: */
367: auth_clroptions(as);
368: if (type)
369: auth_setoption(as, "auth_type", type);
370: if (fqdn)
371: auth_setoption(as, "fqdn", fqdn);
372: if (hostname)
373: auth_setoption(as, "hostname", hostname);
374: if (lipaddr)
375: auth_setoption(as, "local_addr", lipaddr);
376: if (ripaddr)
377: auth_setoption(as, "remote_addr", ripaddr);
378: }
379:
380: /*
381: * Request the things like the approval script print things
382: * to stdout (in particular, the nologins files)
383: */
384: auth_setitem(as, AUTHV_INTERACTIVE, "True");
385:
1.1 deraadt 386: for (cnt = 0;; ask = 1) {
1.36 millert 387: /*
388: * Clean up our current authentication session.
389: * Options are not cleared so we need to clear any
390: * we might set below.
391: */
392: auth_clean(as);
393: auth_clroption(as, "style");
394: auth_clroption(as, "lastchance");
395:
396: lastchance = 0;
397:
1.1 deraadt 398: if (ask) {
399: fflag = 0;
400: getloginname();
401: }
1.36 millert 402: if (needto) {
403: needto = 0;
404: alarm(timeout);
405: }
1.47 deraadt 406: if ((style = strchr(username, ':')) != NULL)
1.36 millert 407: *style++ = '\0';
408: if (fullname)
409: free(fullname);
410: if (auth_setitem(as, AUTHV_NAME, username) < 0 ||
411: (fullname = strdup(username)) == NULL) {
412: syslog(LOG_ERR, "%m");
413: warn(NULL);
414: quickexit(1);
415: }
1.1 deraadt 416: rootlogin = 0;
1.40 millert 417: if ((instance = strpbrk(username, "./")) != NULL) {
418: if (strncmp(instance + 1, "root", 4) == 0)
1.1 deraadt 419: rootlogin = 1;
420: *instance++ = '\0';
421: } else
422: instance = "";
1.36 millert 423:
1.1 deraadt 424: if (strlen(username) > UT_NAMESIZE)
425: username[UT_NAMESIZE] = '\0';
426:
427: /*
428: * Note if trying multiple user names; log failures for
429: * previous user name, but don't bother logging one failure
430: * for nonexistent name (mistyped username).
431: */
432: if (failures && strcmp(tbuf, username)) {
433: if (failures > (pwd ? 0 : 1))
434: badlogin(tbuf);
435: failures = 0;
436: }
1.36 millert 437: (void)strlcpy(tbuf, username, sizeof(tbuf));
1.1 deraadt 438:
1.36 millert 439: if ((pwd = getpwnam(username)) != NULL &&
440: auth_setpwd(as, pwd) < 0) {
441: syslog(LOG_ERR, "%m");
442: warn(NULL);
443: quickexit(1);
444: }
1.1 deraadt 445:
1.36 millert 446: lc = login_getclass(pwd ? pwd->pw_class : NULL);
447: if (!lc)
448: goto failed;
1.1 deraadt 449:
1.36 millert 450: style = login_getstyle(lc, style, type);
451: if (!style)
452: goto failed;
1.1 deraadt 453:
1.36 millert 454: /*
1.37 millert 455: * We allow "login-tries" attempts to login but start
456: * slowing down after "login-backoff" attempts.
457: */
458: tries = (int)login_getcapnum(lc, "login-tries", 10, 10);
459: backoff = (int)login_getcapnum(lc, "login-backoff", 3, 3);
460:
461: /*
1.36 millert 462: * Turn off the fflag if we have an an invalid user
463: * or we are not root and we are trying to change uids.
464: */
465: if (!pwd || (uid && uid != pwd->pw_uid))
466: fflag = 0;
1.1 deraadt 467:
1.36 millert 468: if (pwd && pwd->pw_uid == 0)
469: rootlogin = 1;
1.25 millert 470:
1.36 millert 471: /*
472: * If we do not have the force flag authenticate the user
473: */
1.44 millert 474: if (!fflag) {
1.36 millert 475: lastchance =
476: login_getcaptime(lc, "password-dead", 0, 0) != 0;
477: if (lastchance)
478: auth_setoption(as, "lastchance", "yes");
479: /*
480: * Once we start asking for a password
481: * we want to log a failure on a hup.
482: */
483: signal(SIGHUP, sighup);
484: auth_verify(as, style, NULL, lc->lc_class, NULL);
485: authok = auth_getstate(as);
486: /*
487: * If their password expired and it has not been
488: * too long since then, give the user one last
489: * chance to change their password
490: */
491: if ((authok & AUTH_PWEXPIRED) && lastchance) {
492: authok = AUTH_OKAY;
493: } else
494: lastchance = 0;
495: if ((authok & AUTH_ALLOW) == 0)
496: goto failed;
497: if (auth_setoption(as, "style", style) < 0) {
498: syslog(LOG_ERR, "%m");
499: warn(NULL);
500: quickexit(1);
1.25 millert 501: }
1.1 deraadt 502: }
1.36 millert 503: /*
504: * explicitly reject users without password file entries
505: */
1.47 deraadt 506: if (pwd == NULL)
1.36 millert 507: goto failed;
1.1 deraadt 508:
509: /*
1.36 millert 510: * If trying to log in as root on an insecure terminal,
511: * refuse the login attempt unless the authentication
512: * style explicitly says a root login is okay.
1.1 deraadt 513: */
1.44 millert 514: if (pwd && rootlogin && !rootterm(tty))
1.36 millert 515: goto failed;
1.29 millert 516:
1.36 millert 517: if (fflag) {
518: type = 0;
519: style = "forced";
520: }
521: break;
522:
523: failed:
524: if (authok & AUTH_SILENT)
525: quickexit(0);
1.29 millert 526: if (rootlogin && !rootterm(tty)) {
1.36 millert 527: warnx("%s login refused on this terminal.",
528: fullname);
1.1 deraadt 529: if (hostname)
530: syslog(LOG_NOTICE,
1.14 millert 531: "LOGIN %s REFUSED FROM %s%s%s ON TTY %s",
1.36 millert 532: fullname, rusername ? rusername : "",
1.14 millert 533: rusername ? "@" : "", hostname, tty);
1.1 deraadt 534: else
535: syslog(LOG_NOTICE,
536: "LOGIN %s REFUSED ON TTY %s",
1.47 deraadt 537: fullname, tty);
1.36 millert 538: } else {
539: if (!as || (p = auth_getvalue(as, "errormsg")) == NULL)
540: p = "Login incorrect";
541: (void)printf("%s\n", p);
542: }
1.1 deraadt 543: failures++;
1.13 millert 544: if (pwd)
1.14 millert 545: log_failedlogin(pwd->pw_uid, hostname, rusername, tty);
1.37 millert 546: /*
547: * By default, we allow 10 tries, but after 3 we start
548: * backing off to slow down password guessers.
549: */
550: if (++cnt > backoff) {
551: if (cnt >= tries) {
1.1 deraadt 552: badlogin(username);
553: sleepexit(1);
554: }
1.37 millert 555: sleep((u_int)((cnt - backoff) * tries / 2));
1.1 deraadt 556: }
557: }
558:
559: /* committed to login -- turn off timeout */
1.36 millert 560: (void)alarm(0);
1.1 deraadt 561:
562: endpwent();
563:
1.30 millert 564: shell = login_getcapstr(lc, "shell", pwd->pw_shell, pwd->pw_shell);
565: if (*shell == '\0')
566: shell = _PATH_BSHELL;
567: else if (strlen(shell) >= MAXPATHLEN) {
568: syslog(LOG_ERR, "shell path too long: %s", shell);
569: warnx("invalid shell");
1.36 millert 570: quickexit(1);
1.24 art 571: }
1.1 deraadt 572:
573: /* Destroy environment unless user has requested its preservation. */
1.24 art 574: if (!pflag) {
1.22 deraadt 575: if ((environ = calloc(1, sizeof (char *))) == NULL)
576: err(1, "calloc");
1.24 art 577: } else {
1.9 millert 578: char **cpp, **cpp2;
579:
580: for (cpp2 = cpp = environ; *cpp; cpp++) {
581: if (strncmp(*cpp, "LD_", 3) &&
1.29 millert 582: strncmp(*cpp, "ENV=", 4) &&
583: strncmp(*cpp, "BASH_ENV=", 9) &&
1.9 millert 584: strncmp(*cpp, "IFS=", 4))
585: *cpp2++ = *cpp;
586: }
587: *cpp2 = 0;
588: }
1.30 millert 589: /* Note: setusercontext(3) will set PATH */
1.34 deraadt 590: if (setenv("HOME", pwd->pw_dir, 1) == -1 ||
591: setenv("SHELL", shell, 1) == -1) {
592: warn("unable to setenv()");
1.36 millert 593: quickexit(1);
1.34 deraadt 594: }
1.1 deraadt 595: if (term[0] == '\0')
1.29 millert 596: (void)strlcpy(term, stypeof(tty), sizeof(term));
1.34 deraadt 597: if (setenv("TERM", term, 0) == -1 ||
598: setenv("LOGNAME", pwd->pw_name, 1) == -1 ||
599: setenv("USER", pwd->pw_name, 1) == -1) {
600: warn("unable to setenv()");
1.36 millert 601: quickexit(1);
1.34 deraadt 602: }
603: if (hostname) {
604: if (setenv("REMOTEHOST", hostname, 1) == -1) {
605: warn("unable to setenv()");
1.36 millert 606: quickexit(1);
1.34 deraadt 607: }
608: }
609: if (rusername) {
610: if (setenv("REMOTEUSER", rusername, 1) == -1) {
611: warn("unable to setenv()");
1.36 millert 612: quickexit(1);
1.34 deraadt 613: }
614: }
1.36 millert 615:
616: if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETPATH)) {
617: warn("unable to set user context");
618: quickexit(1);
619: }
620: auth_setenv(as);
621:
622: /* if user not super-user, check for disabled logins */
623: if (!rootlogin)
624: auth_checknologin(lc);
625:
626: setegid(pwd->pw_gid);
627: seteuid(pwd->pw_uid);
628:
629: homeless = chdir(pwd->pw_dir);
630: if (homeless) {
631: if (login_getcapbool(lc, "requirehome", 0)) {
632: (void)printf("No home directory %s!\n", pwd->pw_dir);
633: quickexit(1);
1.34 deraadt 634: }
1.36 millert 635: if (chdir("/"))
636: quickexit(0);
1.34 deraadt 637: }
1.36 millert 638:
639: quietlog = ((strcmp(pwd->pw_shell, "/sbin/nologin") == 0) ||
640: login_getcapbool(lc, "hushlogin", 0) ||
641: (access(_PATH_HUSHLOGIN, F_OK) == 0));
642:
643: seteuid(0);
644: setegid(0); /* XXX use a saved gid instead? */
645:
646: if ((p = auth_getvalue(as, "warnmsg")) != NULL)
647: (void)printf("WARNING: %s\n\n", p);
648:
649: expire = auth_check_expire(as);
650: if (expire < 0) {
651: (void)printf("Sorry -- your account has expired.\n");
652: quickexit(1);
653: } else if (expire > 0 && !quietlog) {
654: warning = login_getcaptime(lc, "expire-warn",
655: 2 * DAYSPERWEEK * SECSPERDAY, 2 * DAYSPERWEEK * SECSPERDAY);
656: if (expire < warning)
1.47 deraadt 657: (void)printf("Warning: your account expires on %s",
1.36 millert 658: ctime(&pwd->pw_expire));
1.34 deraadt 659: }
1.36 millert 660:
661: /* Nothing else left to fail -- really log in. */
662: (void)signal(SIGHUP, SIG_DFL);
663: memset(&utmp, 0, sizeof(utmp));
664: (void)time(&utmp.ut_time);
665: (void)strncpy(utmp.ut_name, username, sizeof(utmp.ut_name));
666: if (hostname)
667: (void)strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
668: (void)strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
669: login(&utmp);
670:
671: if (!quietlog)
672: (void)check_failedlogin(pwd->pw_uid);
673: dolastlog(quietlog);
674:
675: login_fbtab(tty, pwd->pw_uid, pwd->pw_gid);
676:
677: (void)chown(ttyn, pwd->pw_uid,
678: (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid);
679:
1.1 deraadt 680: /* If fflag is on, assume caller/authenticator has logged root login. */
1.24 art 681: if (rootlogin && fflag == 0) {
1.1 deraadt 682: if (hostname)
1.14 millert 683: syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s FROM %s%s%s",
684: username, tty, rusername ? rusername : "",
685: rusername ? "@" : "", hostname);
1.1 deraadt 686: else
687: syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s", username, tty);
1.24 art 688: }
1.1 deraadt 689:
690: if (!quietlog) {
1.36 millert 691: if ((copyright =
692: login_getcapstr(lc, "copyright", NULL, NULL)) != NULL)
693: auth_cat(copyright);
1.1 deraadt 694: motd();
695: (void)snprintf(tbuf,
696: sizeof(tbuf), "%s/%s", _PATH_MAILDIR, pwd->pw_name);
697: if (stat(tbuf, &st) == 0 && st.st_size != 0)
698: (void)printf("You have %smail.\n",
699: (st.st_mtime > st.st_atime) ? "new " : "");
700: }
701:
702: (void)signal(SIGALRM, SIG_DFL);
703: (void)signal(SIGQUIT, SIG_DFL);
1.36 millert 704: (void)signal(SIGHUP, SIG_DFL);
1.1 deraadt 705: (void)signal(SIGINT, SIG_DFL);
706: (void)signal(SIGTSTP, SIG_IGN);
707:
708: tbuf[0] = '-';
1.30 millert 709: (void)strlcpy(tbuf + 1, (p = strrchr(shell, '/')) ?
1.36 millert 710: p + 1 : shell, sizeof(tbuf) - 1);
711:
712: if ((scds.rlim_cur != QUAD_MIN || scds.rlim_max != QUAD_MIN) &&
713: setrlimit(RLIMIT_CORE, &scds) < 0)
714: syslog(LOG_ERR, "couldn't reset core dump size: %m");
715:
716: if (lastchance)
1.47 deraadt 717: (void)printf("WARNING: Your password has expired."
718: " You must change your password, now!\n");
1.1 deraadt 719:
1.38 millert 720: if (setusercontext(lc, pwd, rootlogin ? 0 : pwd->pw_uid,
1.36 millert 721: LOGIN_SETALL & ~LOGIN_SETPATH) < 0) {
1.30 millert 722: warn("unable to set user context");
1.36 millert 723: quickexit(1);
724: }
725:
726: if (homeless) {
727: (void)printf("No home directory %s!\n", pwd->pw_dir);
728: (void)printf("Logging in with home = \"/\".\n");
729: (void)setenv("HOME", "/", 1);
1.15 tholo 730: }
1.30 millert 731:
1.36 millert 732: if (auth_approval(as, lc, NULL, "login") == 0) {
733: if (auth_getstate(as) & AUTH_EXPIRED)
734: (void)printf("Sorry -- your account has expired.\n");
735: else
736: (void)printf("approval failure\n");
737: quickexit(1);
738: }
739:
740: /*
741: * The last thing we do is discard all of the open file descriptors.
742: * Last because the C library may have some open.
743: *
744: * XXX
745: * Assume that stdin, stdout and stderr are 0, 1 and 2, and that
746: * STDERR_FILENO is 2.
747: */
748: for (cnt = getdtablesize(); cnt > STDERR_FILENO; cnt--)
749: (void)close(cnt);
750:
751: /*
752: * Close the authentication session, make sure it is marked
753: * as okay so no files are removed.
754: */
755: auth_setstate(as, AUTH_OKAY);
756: auth_close(as);
757:
1.24 art 758: #ifdef KERBEROS
1.47 deraadt 759: kgettokens(pwd->pw_dir);
1.24 art 760: #endif
1.1 deraadt 761:
1.42 deraadt 762: execlp(shell, tbuf, (char *)NULL);
1.30 millert 763: err(1, "%s", shell);
1.1 deraadt 764: }
765:
766: /*
1.36 millert 767: * Allow for a '.' and 16 characters for any instance as well as
768: * space for a ':' and 16 charcters defining the authentication type.
1.1 deraadt 769: */
1.36 millert 770: #define NBUFSIZ (UT_NAMESIZE + 1 + 16 + 1 + 16)
1.1 deraadt 771:
772: void
1.47 deraadt 773: getloginname(void)
1.1 deraadt 774: {
1.47 deraadt 775: static char nbuf[NBUFSIZ], *p;
1.1 deraadt 776: int ch;
777:
778: for (;;) {
779: (void)printf("login: ");
780: for (p = nbuf; (ch = getchar()) != '\n'; ) {
781: if (ch == EOF) {
782: badlogin(username);
1.36 millert 783: quickexit(0);
1.1 deraadt 784: }
785: if (p < nbuf + (NBUFSIZ - 1))
786: *p++ = ch;
787: }
1.24 art 788: if (p > nbuf) {
1.1 deraadt 789: if (nbuf[0] == '-')
790: (void)fprintf(stderr,
791: "login names may not start with '-'.\n");
792: else {
793: *p = '\0';
794: username = nbuf;
795: break;
796: }
1.24 art 797: }
1.1 deraadt 798: }
799: }
800:
801: int
1.47 deraadt 802: rootterm(char *ttyn)
1.1 deraadt 803: {
804: struct ttyent *t;
805:
1.36 millert 806: /* XXX - stash output of getttynam() elsewhere */
1.1 deraadt 807: return ((t = getttynam(ttyn)) && t->ty_status & TTY_SECURE);
808: }
809:
810: void
1.47 deraadt 811: motd(void)
1.1 deraadt 812: {
1.47 deraadt 813: char tbuf[8192], *motd;
1.1 deraadt 814: int fd, nchars;
1.48 ! millert 815: struct sigaction sa, osa;
1.30 millert 816:
817: motd = login_getcapstr(lc, "welcome", _PATH_MOTDFILE, _PATH_MOTDFILE);
1.1 deraadt 818:
1.30 millert 819: if ((fd = open(motd, O_RDONLY, 0)) < 0)
1.1 deraadt 820: return;
1.48 ! millert 821:
! 822: memset(&sa, 0, sizeof(sa));
! 823: sa.sa_handler = sigint;
! 824: sigemptyset(&sa.sa_mask);
! 825: sa.sa_flags = 0; /* don't set SA_RESTART */
! 826: (void)sigaction(SIGINT, &sa, &osa);
! 827:
! 828: /* read and spew motd until EOF, error, or SIGINT */
! 829: while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0 &&
! 830: write(STDOUT_FILENO, tbuf, nchars) == nchars)
! 831: ;
! 832:
! 833: (void)sigaction(SIGINT, &osa, NULL);
1.1 deraadt 834: (void)close(fd);
835: }
836:
837: /* ARGSUSED */
838: void
1.47 deraadt 839: sigint(int signo)
1.1 deraadt 840: {
1.48 ! millert 841: return; /* just interupt syscall */
1.1 deraadt 842: }
843:
844: /* ARGSUSED */
845: void
1.47 deraadt 846: timedout(int signo)
1.1 deraadt 847: {
1.47 deraadt 848: char warn[1024];
849:
850: snprintf(warn, sizeof warn,
851: "Login timed out after %d seconds\n", timeout);
852: write(STDERR_FILENO, warn, strlen(warn));
1.37 millert 853: if (username)
854: badlogin(username);
1.47 deraadt 855: _exit(0);
1.1 deraadt 856: }
857:
858: void
1.47 deraadt 859: dolastlog(int quiet)
1.1 deraadt 860: {
861: struct lastlog ll;
862: int fd;
863:
864: if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) {
1.26 millert 865: (void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET);
1.1 deraadt 866: if (!quiet) {
867: if (read(fd, (char *)&ll, sizeof(ll)) == sizeof(ll) &&
868: ll.ll_time != 0) {
869: (void)printf("Last login: %.*s ",
870: 24-5, (char *)ctime(&ll.ll_time));
1.14 millert 871: (void)printf("on %.*s",
872: (int)sizeof(ll.ll_line),
873: ll.ll_line);
1.1 deraadt 874: if (*ll.ll_host != '\0')
1.14 millert 875: (void)printf(" from %.*s",
1.1 deraadt 876: (int)sizeof(ll.ll_host),
877: ll.ll_host);
1.14 millert 878: (void)putchar('\n');
1.1 deraadt 879: }
1.26 millert 880: (void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll),
881: SEEK_SET);
1.1 deraadt 882: }
883: memset((void *)&ll, 0, sizeof(ll));
884: (void)time(&ll.ll_time);
885: (void)strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
886: if (hostname)
887: (void)strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));
888: (void)write(fd, (char *)&ll, sizeof(ll));
889: (void)close(fd);
890: }
891: }
892:
893: void
1.47 deraadt 894: badlogin(char *name)
1.1 deraadt 895: {
1.47 deraadt 896: struct syslog_data sdata = SYSLOG_DATA_INIT;
897:
1.1 deraadt 898: if (failures == 0)
899: return;
900: if (hostname) {
1.47 deraadt 901: syslog_r(LOG_NOTICE, &sdata,
902: "%d LOGIN FAILURE%s FROM %s%s%s",
1.14 millert 903: failures, failures > 1 ? "S" : "",
904: rusername ? rusername : "", rusername ? "@" : "", hostname);
1.47 deraadt 905: syslog_r(LOG_AUTHPRIV|LOG_NOTICE, &sdata,
1.14 millert 906: "%d LOGIN FAILURE%s FROM %s%s%s, %s",
907: failures, failures > 1 ? "S" : "",
908: rusername ? rusername : "", rusername ? "@" : "",
909: hostname, name);
1.1 deraadt 910: } else {
1.47 deraadt 911: syslog_r(LOG_NOTICE, &sdata,
912: "%d LOGIN FAILURE%s ON %s",
1.1 deraadt 913: failures, failures > 1 ? "S" : "", tty);
1.47 deraadt 914: syslog_r(LOG_AUTHPRIV|LOG_NOTICE, &sdata,
1.1 deraadt 915: "%d LOGIN FAILURE%s ON %s, %s",
916: failures, failures > 1 ? "S" : "", tty, name);
917: }
918: }
919:
920: #undef UNKNOWN
921: #define UNKNOWN "su"
922:
923: char *
1.47 deraadt 924: stypeof(char *ttyid)
1.1 deraadt 925: {
926: struct ttyent *t;
927:
1.30 millert 928: return (ttyid && (t = getttynam(ttyid)) ? t->ty_type :
929: login_getcapstr(lc, "term", UNKNOWN, UNKNOWN));
1.1 deraadt 930: }
931:
932: void
1.47 deraadt 933: sleepexit(int eval)
1.1 deraadt 934: {
1.36 millert 935: auth_close(as);
1.1 deraadt 936: (void)sleep(5);
937: exit(eval);
1.11 millert 938: }
939:
940: void
1.47 deraadt 941: quickexit(int eval)
1.36 millert 942: {
943: if (as)
944: auth_close(as);
945: exit(eval);
946: }
947:
948:
949: void
1.47 deraadt 950: sighup(int signum)
1.11 millert 951: {
952: if (username)
953: badlogin(username);
1.47 deraadt 954: _exit(0);
1.1 deraadt 955: }
1.36 millert 956:
957: #ifdef KERBEROS
958: void
1.47 deraadt 959: kgettokens(char *homedir)
1.36 millert 960: {
1.47 deraadt 961:
1.36 millert 962: /* buy AFS-tokens for homedir */
1.47 deraadt 963: if (k_hasafs()) {
1.36 millert 964: char cell[128];
1.47 deraadt 965:
1.36 millert 966: k_setpag();
1.47 deraadt 967: if (k_afs_cell_of_file(homedir, cell, sizeof(cell)) == 0)
1.36 millert 968: krb_afslog(cell, 0);
969: krb_afslog(0, 0);
970: }
971: }
972: #endif