Annotation of src/usr.bin/login/login.c, Revision 1.49
1.49 ! millert 1: /* $OpenBSD: login.c,v 1.48 2002/07/02 01:36:19 millert Exp $ */
1.3 deraadt 2: /* $NetBSD: login.c,v 1.13 1996/05/15 23:50:16 jtc Exp $ */
1.1 deraadt 3:
4: /*-
5: * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
6: * The Regents of the University of California. All rights reserved.
7: *
8: * Redistribution and use in source and binary forms, with or without
9: * modification, are permitted provided that the following conditions
10: * are met:
11: * 1. Redistributions of source code must retain the above copyright
12: * notice, this list of conditions and the following disclaimer.
13: * 2. Redistributions in binary form must reproduce the above copyright
14: * notice, this list of conditions and the following disclaimer in the
15: * documentation and/or other materials provided with the distribution.
16: * 3. All advertising materials mentioning features or use of this software
17: * must display the following acknowledgement:
18: * This product includes software developed by the University of
19: * California, Berkeley and its contributors.
20: * 4. Neither the name of the University nor the names of its contributors
21: * may be used to endorse or promote products derived from this software
22: * without specific prior written permission.
23: *
24: * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27: * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34: * SUCH DAMAGE.
35: */
1.36 millert 36: /*-
37: * Copyright (c) 1995 Berkeley Software Design, Inc. All rights reserved.
38: *
39: * Redistribution and use in source and binary forms, with or without
40: * modification, are permitted provided that the following conditions
41: * are met:
42: * 1. Redistributions of source code must retain the above copyright
43: * notice, this list of conditions and the following disclaimer.
44: * 2. Redistributions in binary form must reproduce the above copyright
45: * notice, this list of conditions and the following disclaimer in the
46: * documentation and/or other materials provided with the distribution.
47: * 3. All advertising materials mentioning features or use of this software
48: * must display the following acknowledgement:
49: * This product includes software developed by Berkeley Software Design,
50: * Inc.
51: * 4. The name of Berkeley Software Design, Inc. may not be used to endorse
52: * or promote products derived from this software without specific prior
53: * written permission.
54: *
55: * THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND
56: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
57: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
58: * ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE
59: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
60: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
61: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
62: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
63: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
64: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
65: * SUCH DAMAGE.
66: *
67: * BSDI $From: login.c,v 2.28 1999/09/08 22:35:36 prb Exp $
68: */
1.1 deraadt 69:
70: #ifndef lint
1.49 ! millert 71: static const char copyright[] =
1.1 deraadt 72: "@(#) Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994\n\
73: The Regents of the University of California. All rights reserved.\n";
74: #endif /* not lint */
75:
76: #ifndef lint
77: #if 0
1.49 ! millert 78: static const char sccsid[] = "@(#)login.c 8.4 (Berkeley) 4/2/94";
1.1 deraadt 79: #endif
1.49 ! millert 80: static const char rcsid[] = "$OpenBSD: login.c,v 1.48 2002/07/02 01:36:19 millert Exp $";
1.1 deraadt 81: #endif /* not lint */
82:
83: /*
84: * login [ name ]
85: * login -h hostname (for telnetd, etc.)
86: * login -f name (for pre-authenticated login: datakit, xterm, etc.)
1.49 ! millert 87: * login -p (preserve existing environment; for getty)
1.1 deraadt 88: */
89:
90: #include <sys/param.h>
1.36 millert 91: #include <sys/socket.h>
1.1 deraadt 92: #include <sys/stat.h>
93: #include <sys/time.h>
94: #include <sys/resource.h>
1.11 millert 95: #include <sys/wait.h>
1.1 deraadt 96:
97: #include <err.h>
98: #include <errno.h>
1.27 millert 99: #include <fcntl.h>
1.1 deraadt 100: #include <grp.h>
1.30 millert 101: #include <login_cap.h>
1.36 millert 102: #include <netdb.h>
1.1 deraadt 103: #include <pwd.h>
104: #include <signal.h>
1.36 millert 105: #include <stdarg.h>
1.1 deraadt 106: #include <stdio.h>
107: #include <stdlib.h>
108: #include <string.h>
109: #include <syslog.h>
110: #include <ttyent.h>
111: #include <tzfile.h>
112: #include <unistd.h>
113: #include <utmp.h>
1.3 deraadt 114: #include <util.h>
1.36 millert 115: #include <bsd_auth.h>
116:
117: #ifdef KERBEROS
118: #include <kerberosIV/kafs.h>
119: #endif
1.1 deraadt 120:
121: #include "pathnames.h"
122:
1.45 millert 123: void badlogin(char *);
124: void dolastlog(int);
125: void getloginname(void);
126: void motd(void);
127: void quickexit(int);
128: int rootterm(char *);
129: void sigint(int);
130: void sighup(int);
131: void sleepexit(int);
132: char *stypeof(char *);
133: void timedout(int);
134: int main(int, char **);
1.1 deraadt 135:
1.45 millert 136: extern int check_failedlogin(uid_t);
137: extern void log_failedlogin(uid_t, char *, char *, char *);
1.1 deraadt 138:
139: #define TTYGRPNAME "tty" /* name of group to own ttys */
140:
141: /*
1.37 millert 142: * This bounds the time given to login; may be overridden by /etc/login.conf.
1.1 deraadt 143: */
1.30 millert 144: u_int timeout = 300;
1.1 deraadt 145:
1.36 millert 146: struct passwd *pwd;
1.30 millert 147: login_cap_t *lc = NULL;
1.36 millert 148: auth_session_t *as = NULL;
1.30 millert 149: int failures;
1.36 millert 150: int needbanner = 1;
1.30 millert 151: char term[64], *hostname, *tty;
1.36 millert 152: char *style;
1.30 millert 153: char *username = NULL, *rusername = NULL;
1.1 deraadt 154:
1.47 deraadt 155: extern char **environ;
156:
1.1 deraadt 157: int
1.47 deraadt 158: main(int argc, char *argv[])
1.1 deraadt 159: {
1.47 deraadt 160: char *domain, *p, *ttyn, *shell, *fullname, *instance;
161: char *lipaddr, *script, *ripaddr, *style, *type, *fqdn;
162: char tbuf[MAXPATHLEN + 2], tname[sizeof(_PATH_TTY) + 10];
163: char localhost[MAXHOSTNAMELEN], *copyright;
164: int ask, ch, cnt, fflag, pflag, quietlog, rootlogin, lastchance;
165: int error, homeless, needto, authok, tries, backoff;
1.36 millert 166: struct addrinfo *ai, hints;
1.47 deraadt 167: struct rlimit cds, scds;
168: quad_t expire, warning;
169: struct utmp utmp;
1.1 deraadt 170: struct group *gr;
171: struct stat st;
172: uid_t uid;
173:
174: openlog("login", LOG_ODELAY, LOG_AUTH);
175:
1.37 millert 176: fqdn = lipaddr = ripaddr = fullname = type = NULL;
177: authok = 0;
178: tries = 10;
179: backoff = 3;
1.36 millert 180:
1.1 deraadt 181: domain = NULL;
1.49 ! millert 182: if (gethostname(localhost, sizeof(localhost)) < 0) {
1.1 deraadt 183: syslog(LOG_ERR, "couldn't get local hostname: %m");
1.49 ! millert 184: strlcpy(localhost, "localhost", sizeof(localhost));
! 185: } else if ((domain = strchr(localhost, '.'))) {
1.21 deraadt 186: domain++;
187: if (*domain && strchr(domain, '.') == NULL)
188: domain = localhost;
189: }
1.1 deraadt 190:
1.36 millert 191: if ((as = auth_open()) == NULL) {
1.39 millert 192: syslog(LOG_ERR, "auth_open: %m");
193: err(1, "unable to initialize BSD authentication");
1.36 millert 194: }
1.39 millert 195: auth_setoption(as, "login", "yes");
1.36 millert 196:
1.49 ! millert 197: /*
! 198: * -p is used by getty to tell login not to destroy the environment
! 199: * -f is used to skip a second login authentication
! 200: * -h is used by other servers to pass the name of the remote
! 201: * host to login so that it may be placed in utmp and wtmp
! 202: */
1.36 millert 203: fflag = pflag = 0;
1.1 deraadt 204: uid = getuid();
1.36 millert 205: while ((ch = getopt(argc, argv, "fh:pu:L:R:")) != -1)
1.1 deraadt 206: switch (ch) {
207: case 'f':
208: fflag = 1;
209: break;
210: case 'h':
1.36 millert 211: if (uid) {
1.46 vincent 212: warnx("-h option: %s", strerror(EPERM));
1.36 millert 213: quickexit(1);
214: }
215: if ((fqdn = strdup(optarg)) == NULL) {
216: warn(NULL);
217: quickexit(1);
218: }
219: auth_setoption(as, "fqdn", fqdn);
1.1 deraadt 220: if (domain && (p = strchr(optarg, '.')) &&
1.21 deraadt 221: strcasecmp(p+1, domain) == 0)
1.1 deraadt 222: *p = 0;
223: hostname = optarg;
1.36 millert 224: auth_setoption(as, "hostname", hostname);
225: break;
226: case 'L':
227: if (uid) {
228: warnx("-L option: %s", strerror(EPERM));
229: quickexit(1);
230: }
231: if (lipaddr) {
232: warnx("duplicate -L option");
233: quickexit(1);
234: }
235: lipaddr = optarg;
236: memset(&hints, 0, sizeof(hints));
237: hints.ai_family = PF_UNSPEC;
238: hints.ai_flags = AI_CANONNAME;
239: error = getaddrinfo(lipaddr, NULL, &hints, &ai);
240: if (!error) {
241: strlcpy(localhost, ai->ai_canonname,
242: sizeof(localhost));
243: freeaddrinfo(ai);
244: } else
245: strlcpy(localhost, lipaddr, sizeof(localhost));
246: auth_setoption(as, "local_addr", lipaddr);
1.1 deraadt 247: break;
248: case 'p':
249: pflag = 1;
250: break;
1.36 millert 251: case 'R':
252: if (uid) {
253: warnx("-R option: %s", strerror(EPERM));
254: quickexit(1);
255: }
256: if (ripaddr) {
257: warnx("duplicate -R option");
258: quickexit(1);
259: }
260: ripaddr = optarg;
261: auth_setoption(as, "remote_addr", ripaddr);
262: break;
1.14 millert 263: case 'u':
1.36 millert 264: if (uid) {
265: warnx("-u option: %s", strerror(EPERM));
266: quickexit(1);
267: }
1.14 millert 268: rusername = optarg;
269: break;
1.1 deraadt 270: default:
271: if (!uid)
272: syslog(LOG_ERR, "invalid flag %c", ch);
273: (void)fprintf(stderr,
1.47 deraadt 274: "usage: login [-fp] [-h hostname] [-L lipaddr] "
275: "[-R ripaddr] [-u username] [user]\n");
1.36 millert 276: quickexit(1);
1.1 deraadt 277: }
278: argc -= optind;
279: argv += optind;
280:
281: if (*argv) {
282: username = *argv;
283: ask = 0;
284: } else
285: ask = 1;
286:
287: for (cnt = getdtablesize(); cnt > 2; cnt--)
288: (void)close(cnt);
289:
1.49 ! millert 290: /*
! 291: * If effective user is not root, just run su(1) to emulate login(1).
! 292: */
! 293: if (geteuid() != 0) {
! 294: char *av[5], **ap;
! 295:
! 296: auth_close(as);
! 297: closelog();
! 298:
! 299: ap = av;
! 300: *ap++ = _PATH_SU;
! 301: *ap++ = "-L";
! 302: if (!pflag)
! 303: *ap++ = "-l";
! 304: if (!ask)
! 305: *ap++ = username;
! 306: *ap = NULL;
! 307: execv(_PATH_SU, av);
! 308: warn("unable to exec %s", _PATH_SU);
! 309: _exit(1);
! 310: }
! 311:
1.1 deraadt 312: ttyn = ttyname(STDIN_FILENO);
313: if (ttyn == NULL || *ttyn == '\0') {
314: (void)snprintf(tname, sizeof(tname), "%s??", _PATH_TTY);
315: ttyn = tname;
316: }
1.12 millert 317: if ((tty = strrchr(ttyn, '/')))
1.1 deraadt 318: ++tty;
319: else
320: tty = ttyn;
321:
1.49 ! millert 322: /*
! 323: * Since login deals with sensitive information, turn off coredumps.
! 324: */
! 325: if (getrlimit(RLIMIT_CORE, &scds) < 0) {
! 326: syslog(LOG_ERR, "couldn't get core dump size: %m");
! 327: scds.rlim_cur = scds.rlim_max = QUAD_MIN;
! 328: }
! 329: cds.rlim_cur = cds.rlim_max = 0;
! 330: if (setrlimit(RLIMIT_CORE, &cds) < 0) {
! 331: syslog(LOG_ERR, "couldn't set core dump size to 0: %m");
! 332: scds.rlim_cur = scds.rlim_max = QUAD_MIN;
! 333: }
! 334:
! 335: (void)signal(SIGALRM, timedout);
! 336: if (argc > 1) {
! 337: needto = 0;
! 338: (void)alarm(timeout);
! 339: } else
! 340: needto = 1;
! 341: (void)signal(SIGQUIT, SIG_IGN);
! 342: (void)signal(SIGINT, SIG_IGN);
! 343: (void)signal(SIGHUP, SIG_IGN);
! 344: (void)setpriority(PRIO_PROCESS, 0, 0);
! 345:
1.36 millert 346: #ifdef notyet
347: /* XXX - we don't (yet) support per-tty auth stuff */
348: /* BSDi uses a ttys.conf file but we could just overload /etc/ttys */
349: /*
350: * Classify the attempt.
351: * By default we use the value in the ttys file.
352: * If there is a classify script we run that as
353: *
354: * classify [-f] [username]
355: */
356: if (type = getttyauth(tty))
357: auth_setoption(as, "auth_type", type);
358: #endif
359:
360: /* get the default login class */
1.47 deraadt 361: if ((lc = login_getclass(0)) == NULL) { /* get the default class */
1.36 millert 362: warnx("Failure to retrieve default class");
363: quickexit(1);
364: }
1.37 millert 365: timeout = (u_int)login_getcapnum(lc, "login-timeout", 300, 300);
1.36 millert 366: if ((script = login_getcapstr(lc, "classify", NULL, NULL)) != NULL) {
367: unsetenv("AUTH_TYPE");
368: unsetenv("REMOTE_NAME");
369: if (script[0] != '/') {
370: syslog(LOG_ERR, "Invalid classify script: %s", script);
371: warnx("Classification failure");
372: quickexit(1);
373: }
374: shell = strrchr(script, '/') + 1;
375: auth_setstate(as, AUTH_OKAY);
1.47 deraadt 376: auth_call(as, script, shell,
1.49 ! millert 377: fflag ? "-f" : username, fflag ? username : 0, (char *)0);
1.36 millert 378: if (!(auth_getstate(as) & AUTH_ALLOW))
379: quickexit(1);
380: auth_setenv(as);
381: if ((p = getenv("AUTH_TYPE")) != NULL &&
382: strncmp(p, "auth-", 5) == 0)
383: type = p;
384: if ((p = getenv("REMOTE_NAME")) != NULL)
385: hostname = p;
386: /*
387: * we may have changed some values, reset them
388: */
389: auth_clroptions(as);
390: if (type)
391: auth_setoption(as, "auth_type", type);
392: if (fqdn)
393: auth_setoption(as, "fqdn", fqdn);
394: if (hostname)
395: auth_setoption(as, "hostname", hostname);
396: if (lipaddr)
397: auth_setoption(as, "local_addr", lipaddr);
398: if (ripaddr)
399: auth_setoption(as, "remote_addr", ripaddr);
400: }
401:
402: /*
403: * Request the things like the approval script print things
404: * to stdout (in particular, the nologins files)
405: */
406: auth_setitem(as, AUTHV_INTERACTIVE, "True");
407:
1.1 deraadt 408: for (cnt = 0;; ask = 1) {
1.36 millert 409: /*
410: * Clean up our current authentication session.
411: * Options are not cleared so we need to clear any
412: * we might set below.
413: */
414: auth_clean(as);
415: auth_clroption(as, "style");
416: auth_clroption(as, "lastchance");
417:
418: lastchance = 0;
419:
1.1 deraadt 420: if (ask) {
421: fflag = 0;
422: getloginname();
423: }
1.36 millert 424: if (needto) {
425: needto = 0;
426: alarm(timeout);
427: }
1.47 deraadt 428: if ((style = strchr(username, ':')) != NULL)
1.36 millert 429: *style++ = '\0';
430: if (fullname)
431: free(fullname);
432: if (auth_setitem(as, AUTHV_NAME, username) < 0 ||
433: (fullname = strdup(username)) == NULL) {
434: syslog(LOG_ERR, "%m");
435: warn(NULL);
436: quickexit(1);
437: }
1.1 deraadt 438: rootlogin = 0;
1.40 millert 439: if ((instance = strpbrk(username, "./")) != NULL) {
440: if (strncmp(instance + 1, "root", 4) == 0)
1.1 deraadt 441: rootlogin = 1;
442: *instance++ = '\0';
443: } else
444: instance = "";
1.36 millert 445:
1.1 deraadt 446: if (strlen(username) > UT_NAMESIZE)
447: username[UT_NAMESIZE] = '\0';
448:
449: /*
450: * Note if trying multiple user names; log failures for
451: * previous user name, but don't bother logging one failure
452: * for nonexistent name (mistyped username).
453: */
454: if (failures && strcmp(tbuf, username)) {
455: if (failures > (pwd ? 0 : 1))
456: badlogin(tbuf);
457: failures = 0;
458: }
1.36 millert 459: (void)strlcpy(tbuf, username, sizeof(tbuf));
1.1 deraadt 460:
1.36 millert 461: if ((pwd = getpwnam(username)) != NULL &&
462: auth_setpwd(as, pwd) < 0) {
463: syslog(LOG_ERR, "%m");
464: warn(NULL);
465: quickexit(1);
466: }
1.1 deraadt 467:
1.36 millert 468: lc = login_getclass(pwd ? pwd->pw_class : NULL);
469: if (!lc)
470: goto failed;
1.1 deraadt 471:
1.36 millert 472: style = login_getstyle(lc, style, type);
473: if (!style)
474: goto failed;
1.1 deraadt 475:
1.36 millert 476: /*
1.37 millert 477: * We allow "login-tries" attempts to login but start
478: * slowing down after "login-backoff" attempts.
479: */
480: tries = (int)login_getcapnum(lc, "login-tries", 10, 10);
481: backoff = (int)login_getcapnum(lc, "login-backoff", 3, 3);
482:
483: /*
1.36 millert 484: * Turn off the fflag if we have an an invalid user
485: * or we are not root and we are trying to change uids.
486: */
487: if (!pwd || (uid && uid != pwd->pw_uid))
488: fflag = 0;
1.1 deraadt 489:
1.36 millert 490: if (pwd && pwd->pw_uid == 0)
491: rootlogin = 1;
1.25 millert 492:
1.36 millert 493: /*
494: * If we do not have the force flag authenticate the user
495: */
1.44 millert 496: if (!fflag) {
1.36 millert 497: lastchance =
498: login_getcaptime(lc, "password-dead", 0, 0) != 0;
499: if (lastchance)
500: auth_setoption(as, "lastchance", "yes");
501: /*
502: * Once we start asking for a password
503: * we want to log a failure on a hup.
504: */
505: signal(SIGHUP, sighup);
506: auth_verify(as, style, NULL, lc->lc_class, NULL);
507: authok = auth_getstate(as);
508: /*
509: * If their password expired and it has not been
510: * too long since then, give the user one last
511: * chance to change their password
512: */
513: if ((authok & AUTH_PWEXPIRED) && lastchance) {
514: authok = AUTH_OKAY;
515: } else
516: lastchance = 0;
517: if ((authok & AUTH_ALLOW) == 0)
518: goto failed;
519: if (auth_setoption(as, "style", style) < 0) {
520: syslog(LOG_ERR, "%m");
521: warn(NULL);
522: quickexit(1);
1.25 millert 523: }
1.1 deraadt 524: }
1.36 millert 525: /*
526: * explicitly reject users without password file entries
527: */
1.47 deraadt 528: if (pwd == NULL)
1.36 millert 529: goto failed;
1.1 deraadt 530:
531: /*
1.36 millert 532: * If trying to log in as root on an insecure terminal,
533: * refuse the login attempt unless the authentication
534: * style explicitly says a root login is okay.
1.1 deraadt 535: */
1.44 millert 536: if (pwd && rootlogin && !rootterm(tty))
1.36 millert 537: goto failed;
1.29 millert 538:
1.36 millert 539: if (fflag) {
540: type = 0;
541: style = "forced";
542: }
543: break;
544:
545: failed:
546: if (authok & AUTH_SILENT)
547: quickexit(0);
1.29 millert 548: if (rootlogin && !rootterm(tty)) {
1.36 millert 549: warnx("%s login refused on this terminal.",
550: fullname);
1.1 deraadt 551: if (hostname)
552: syslog(LOG_NOTICE,
1.14 millert 553: "LOGIN %s REFUSED FROM %s%s%s ON TTY %s",
1.36 millert 554: fullname, rusername ? rusername : "",
1.14 millert 555: rusername ? "@" : "", hostname, tty);
1.1 deraadt 556: else
557: syslog(LOG_NOTICE,
558: "LOGIN %s REFUSED ON TTY %s",
1.47 deraadt 559: fullname, tty);
1.36 millert 560: } else {
561: if (!as || (p = auth_getvalue(as, "errormsg")) == NULL)
562: p = "Login incorrect";
563: (void)printf("%s\n", p);
564: }
1.1 deraadt 565: failures++;
1.13 millert 566: if (pwd)
1.14 millert 567: log_failedlogin(pwd->pw_uid, hostname, rusername, tty);
1.37 millert 568: /*
569: * By default, we allow 10 tries, but after 3 we start
570: * backing off to slow down password guessers.
571: */
572: if (++cnt > backoff) {
573: if (cnt >= tries) {
1.1 deraadt 574: badlogin(username);
575: sleepexit(1);
576: }
1.37 millert 577: sleep((u_int)((cnt - backoff) * tries / 2));
1.1 deraadt 578: }
579: }
580:
581: /* committed to login -- turn off timeout */
1.36 millert 582: (void)alarm(0);
1.1 deraadt 583:
584: endpwent();
585:
1.30 millert 586: shell = login_getcapstr(lc, "shell", pwd->pw_shell, pwd->pw_shell);
587: if (*shell == '\0')
588: shell = _PATH_BSHELL;
589: else if (strlen(shell) >= MAXPATHLEN) {
590: syslog(LOG_ERR, "shell path too long: %s", shell);
591: warnx("invalid shell");
1.36 millert 592: quickexit(1);
1.24 art 593: }
1.1 deraadt 594:
595: /* Destroy environment unless user has requested its preservation. */
1.24 art 596: if (!pflag) {
1.22 deraadt 597: if ((environ = calloc(1, sizeof (char *))) == NULL)
598: err(1, "calloc");
1.24 art 599: } else {
1.9 millert 600: char **cpp, **cpp2;
601:
602: for (cpp2 = cpp = environ; *cpp; cpp++) {
603: if (strncmp(*cpp, "LD_", 3) &&
1.29 millert 604: strncmp(*cpp, "ENV=", 4) &&
605: strncmp(*cpp, "BASH_ENV=", 9) &&
1.9 millert 606: strncmp(*cpp, "IFS=", 4))
607: *cpp2++ = *cpp;
608: }
609: *cpp2 = 0;
610: }
1.30 millert 611: /* Note: setusercontext(3) will set PATH */
1.34 deraadt 612: if (setenv("HOME", pwd->pw_dir, 1) == -1 ||
613: setenv("SHELL", shell, 1) == -1) {
614: warn("unable to setenv()");
1.36 millert 615: quickexit(1);
1.34 deraadt 616: }
1.1 deraadt 617: if (term[0] == '\0')
1.29 millert 618: (void)strlcpy(term, stypeof(tty), sizeof(term));
1.34 deraadt 619: if (setenv("TERM", term, 0) == -1 ||
620: setenv("LOGNAME", pwd->pw_name, 1) == -1 ||
621: setenv("USER", pwd->pw_name, 1) == -1) {
622: warn("unable to setenv()");
1.36 millert 623: quickexit(1);
1.34 deraadt 624: }
625: if (hostname) {
626: if (setenv("REMOTEHOST", hostname, 1) == -1) {
627: warn("unable to setenv()");
1.36 millert 628: quickexit(1);
1.34 deraadt 629: }
630: }
631: if (rusername) {
632: if (setenv("REMOTEUSER", rusername, 1) == -1) {
633: warn("unable to setenv()");
1.36 millert 634: quickexit(1);
1.34 deraadt 635: }
636: }
1.36 millert 637:
638: if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETPATH)) {
639: warn("unable to set user context");
640: quickexit(1);
641: }
642: auth_setenv(as);
643:
644: /* if user not super-user, check for disabled logins */
645: if (!rootlogin)
646: auth_checknologin(lc);
647:
648: setegid(pwd->pw_gid);
649: seteuid(pwd->pw_uid);
650:
651: homeless = chdir(pwd->pw_dir);
652: if (homeless) {
653: if (login_getcapbool(lc, "requirehome", 0)) {
654: (void)printf("No home directory %s!\n", pwd->pw_dir);
655: quickexit(1);
1.34 deraadt 656: }
1.36 millert 657: if (chdir("/"))
658: quickexit(0);
1.34 deraadt 659: }
1.36 millert 660:
661: quietlog = ((strcmp(pwd->pw_shell, "/sbin/nologin") == 0) ||
662: login_getcapbool(lc, "hushlogin", 0) ||
663: (access(_PATH_HUSHLOGIN, F_OK) == 0));
664:
665: seteuid(0);
666: setegid(0); /* XXX use a saved gid instead? */
667:
668: if ((p = auth_getvalue(as, "warnmsg")) != NULL)
669: (void)printf("WARNING: %s\n\n", p);
670:
671: expire = auth_check_expire(as);
672: if (expire < 0) {
673: (void)printf("Sorry -- your account has expired.\n");
674: quickexit(1);
675: } else if (expire > 0 && !quietlog) {
676: warning = login_getcaptime(lc, "expire-warn",
677: 2 * DAYSPERWEEK * SECSPERDAY, 2 * DAYSPERWEEK * SECSPERDAY);
678: if (expire < warning)
1.47 deraadt 679: (void)printf("Warning: your account expires on %s",
1.36 millert 680: ctime(&pwd->pw_expire));
1.34 deraadt 681: }
1.36 millert 682:
683: /* Nothing else left to fail -- really log in. */
684: (void)signal(SIGHUP, SIG_DFL);
685: memset(&utmp, 0, sizeof(utmp));
686: (void)time(&utmp.ut_time);
687: (void)strncpy(utmp.ut_name, username, sizeof(utmp.ut_name));
688: if (hostname)
689: (void)strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
690: (void)strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
691: login(&utmp);
692:
693: if (!quietlog)
694: (void)check_failedlogin(pwd->pw_uid);
695: dolastlog(quietlog);
696:
697: login_fbtab(tty, pwd->pw_uid, pwd->pw_gid);
698:
699: (void)chown(ttyn, pwd->pw_uid,
700: (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid);
701:
1.1 deraadt 702: /* If fflag is on, assume caller/authenticator has logged root login. */
1.24 art 703: if (rootlogin && fflag == 0) {
1.1 deraadt 704: if (hostname)
1.14 millert 705: syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s FROM %s%s%s",
706: username, tty, rusername ? rusername : "",
707: rusername ? "@" : "", hostname);
1.1 deraadt 708: else
709: syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s", username, tty);
1.24 art 710: }
1.1 deraadt 711:
712: if (!quietlog) {
1.36 millert 713: if ((copyright =
714: login_getcapstr(lc, "copyright", NULL, NULL)) != NULL)
715: auth_cat(copyright);
1.1 deraadt 716: motd();
717: (void)snprintf(tbuf,
718: sizeof(tbuf), "%s/%s", _PATH_MAILDIR, pwd->pw_name);
719: if (stat(tbuf, &st) == 0 && st.st_size != 0)
720: (void)printf("You have %smail.\n",
721: (st.st_mtime > st.st_atime) ? "new " : "");
722: }
723:
724: (void)signal(SIGALRM, SIG_DFL);
725: (void)signal(SIGQUIT, SIG_DFL);
1.36 millert 726: (void)signal(SIGHUP, SIG_DFL);
1.1 deraadt 727: (void)signal(SIGINT, SIG_DFL);
728: (void)signal(SIGTSTP, SIG_IGN);
729:
730: tbuf[0] = '-';
1.30 millert 731: (void)strlcpy(tbuf + 1, (p = strrchr(shell, '/')) ?
1.36 millert 732: p + 1 : shell, sizeof(tbuf) - 1);
733:
734: if ((scds.rlim_cur != QUAD_MIN || scds.rlim_max != QUAD_MIN) &&
735: setrlimit(RLIMIT_CORE, &scds) < 0)
736: syslog(LOG_ERR, "couldn't reset core dump size: %m");
737:
738: if (lastchance)
1.47 deraadt 739: (void)printf("WARNING: Your password has expired."
740: " You must change your password, now!\n");
1.1 deraadt 741:
1.38 millert 742: if (setusercontext(lc, pwd, rootlogin ? 0 : pwd->pw_uid,
1.36 millert 743: LOGIN_SETALL & ~LOGIN_SETPATH) < 0) {
1.30 millert 744: warn("unable to set user context");
1.36 millert 745: quickexit(1);
746: }
747:
748: if (homeless) {
749: (void)printf("No home directory %s!\n", pwd->pw_dir);
750: (void)printf("Logging in with home = \"/\".\n");
751: (void)setenv("HOME", "/", 1);
1.15 tholo 752: }
1.30 millert 753:
1.36 millert 754: if (auth_approval(as, lc, NULL, "login") == 0) {
755: if (auth_getstate(as) & AUTH_EXPIRED)
756: (void)printf("Sorry -- your account has expired.\n");
757: else
758: (void)printf("approval failure\n");
759: quickexit(1);
760: }
761:
762: /*
763: * The last thing we do is discard all of the open file descriptors.
764: * Last because the C library may have some open.
765: *
766: * XXX
767: * Assume that stdin, stdout and stderr are 0, 1 and 2, and that
768: * STDERR_FILENO is 2.
769: */
770: for (cnt = getdtablesize(); cnt > STDERR_FILENO; cnt--)
771: (void)close(cnt);
772:
773: /*
774: * Close the authentication session, make sure it is marked
775: * as okay so no files are removed.
776: */
777: auth_setstate(as, AUTH_OKAY);
778: auth_close(as);
779:
1.24 art 780: #ifdef KERBEROS
1.47 deraadt 781: kgettokens(pwd->pw_dir);
1.24 art 782: #endif
1.1 deraadt 783:
1.42 deraadt 784: execlp(shell, tbuf, (char *)NULL);
1.30 millert 785: err(1, "%s", shell);
1.1 deraadt 786: }
787:
788: /*
1.36 millert 789: * Allow for a '.' and 16 characters for any instance as well as
790: * space for a ':' and 16 charcters defining the authentication type.
1.1 deraadt 791: */
1.36 millert 792: #define NBUFSIZ (UT_NAMESIZE + 1 + 16 + 1 + 16)
1.1 deraadt 793:
794: void
1.47 deraadt 795: getloginname(void)
1.1 deraadt 796: {
1.47 deraadt 797: static char nbuf[NBUFSIZ], *p;
1.1 deraadt 798: int ch;
799:
800: for (;;) {
801: (void)printf("login: ");
802: for (p = nbuf; (ch = getchar()) != '\n'; ) {
803: if (ch == EOF) {
804: badlogin(username);
1.36 millert 805: quickexit(0);
1.1 deraadt 806: }
807: if (p < nbuf + (NBUFSIZ - 1))
808: *p++ = ch;
809: }
1.24 art 810: if (p > nbuf) {
1.1 deraadt 811: if (nbuf[0] == '-')
812: (void)fprintf(stderr,
813: "login names may not start with '-'.\n");
814: else {
815: *p = '\0';
816: username = nbuf;
817: break;
818: }
1.24 art 819: }
1.1 deraadt 820: }
821: }
822:
823: int
1.47 deraadt 824: rootterm(char *ttyn)
1.1 deraadt 825: {
826: struct ttyent *t;
827:
1.36 millert 828: /* XXX - stash output of getttynam() elsewhere */
1.1 deraadt 829: return ((t = getttynam(ttyn)) && t->ty_status & TTY_SECURE);
830: }
831:
832: void
1.47 deraadt 833: motd(void)
1.1 deraadt 834: {
1.47 deraadt 835: char tbuf[8192], *motd;
1.1 deraadt 836: int fd, nchars;
1.48 millert 837: struct sigaction sa, osa;
1.30 millert 838:
839: motd = login_getcapstr(lc, "welcome", _PATH_MOTDFILE, _PATH_MOTDFILE);
1.1 deraadt 840:
1.30 millert 841: if ((fd = open(motd, O_RDONLY, 0)) < 0)
1.1 deraadt 842: return;
1.48 millert 843:
844: memset(&sa, 0, sizeof(sa));
845: sa.sa_handler = sigint;
846: sigemptyset(&sa.sa_mask);
847: sa.sa_flags = 0; /* don't set SA_RESTART */
848: (void)sigaction(SIGINT, &sa, &osa);
849:
850: /* read and spew motd until EOF, error, or SIGINT */
851: while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0 &&
852: write(STDOUT_FILENO, tbuf, nchars) == nchars)
853: ;
854:
855: (void)sigaction(SIGINT, &osa, NULL);
1.1 deraadt 856: (void)close(fd);
857: }
858:
859: /* ARGSUSED */
860: void
1.47 deraadt 861: sigint(int signo)
1.1 deraadt 862: {
1.48 millert 863: return; /* just interupt syscall */
1.1 deraadt 864: }
865:
866: /* ARGSUSED */
867: void
1.47 deraadt 868: timedout(int signo)
1.1 deraadt 869: {
1.47 deraadt 870: char warn[1024];
871:
872: snprintf(warn, sizeof warn,
873: "Login timed out after %d seconds\n", timeout);
874: write(STDERR_FILENO, warn, strlen(warn));
1.37 millert 875: if (username)
876: badlogin(username);
1.47 deraadt 877: _exit(0);
1.1 deraadt 878: }
879:
880: void
1.47 deraadt 881: dolastlog(int quiet)
1.1 deraadt 882: {
883: struct lastlog ll;
884: int fd;
885:
886: if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) {
1.26 millert 887: (void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET);
1.1 deraadt 888: if (!quiet) {
889: if (read(fd, (char *)&ll, sizeof(ll)) == sizeof(ll) &&
890: ll.ll_time != 0) {
891: (void)printf("Last login: %.*s ",
892: 24-5, (char *)ctime(&ll.ll_time));
1.14 millert 893: (void)printf("on %.*s",
894: (int)sizeof(ll.ll_line),
895: ll.ll_line);
1.1 deraadt 896: if (*ll.ll_host != '\0')
1.14 millert 897: (void)printf(" from %.*s",
1.1 deraadt 898: (int)sizeof(ll.ll_host),
899: ll.ll_host);
1.14 millert 900: (void)putchar('\n');
1.1 deraadt 901: }
1.26 millert 902: (void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll),
903: SEEK_SET);
1.1 deraadt 904: }
905: memset((void *)&ll, 0, sizeof(ll));
906: (void)time(&ll.ll_time);
907: (void)strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
908: if (hostname)
909: (void)strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));
910: (void)write(fd, (char *)&ll, sizeof(ll));
911: (void)close(fd);
912: }
913: }
914:
915: void
1.47 deraadt 916: badlogin(char *name)
1.1 deraadt 917: {
1.47 deraadt 918: struct syslog_data sdata = SYSLOG_DATA_INIT;
919:
1.1 deraadt 920: if (failures == 0)
921: return;
922: if (hostname) {
1.47 deraadt 923: syslog_r(LOG_NOTICE, &sdata,
924: "%d LOGIN FAILURE%s FROM %s%s%s",
1.14 millert 925: failures, failures > 1 ? "S" : "",
926: rusername ? rusername : "", rusername ? "@" : "", hostname);
1.47 deraadt 927: syslog_r(LOG_AUTHPRIV|LOG_NOTICE, &sdata,
1.14 millert 928: "%d LOGIN FAILURE%s FROM %s%s%s, %s",
929: failures, failures > 1 ? "S" : "",
930: rusername ? rusername : "", rusername ? "@" : "",
931: hostname, name);
1.1 deraadt 932: } else {
1.47 deraadt 933: syslog_r(LOG_NOTICE, &sdata,
934: "%d LOGIN FAILURE%s ON %s",
1.1 deraadt 935: failures, failures > 1 ? "S" : "", tty);
1.47 deraadt 936: syslog_r(LOG_AUTHPRIV|LOG_NOTICE, &sdata,
1.1 deraadt 937: "%d LOGIN FAILURE%s ON %s, %s",
938: failures, failures > 1 ? "S" : "", tty, name);
939: }
940: }
941:
942: #undef UNKNOWN
943: #define UNKNOWN "su"
944:
945: char *
1.47 deraadt 946: stypeof(char *ttyid)
1.1 deraadt 947: {
948: struct ttyent *t;
949:
1.30 millert 950: return (ttyid && (t = getttynam(ttyid)) ? t->ty_type :
951: login_getcapstr(lc, "term", UNKNOWN, UNKNOWN));
1.1 deraadt 952: }
953:
954: void
1.47 deraadt 955: sleepexit(int eval)
1.1 deraadt 956: {
1.36 millert 957: auth_close(as);
1.1 deraadt 958: (void)sleep(5);
959: exit(eval);
1.11 millert 960: }
961:
962: void
1.47 deraadt 963: quickexit(int eval)
1.36 millert 964: {
965: if (as)
966: auth_close(as);
967: exit(eval);
968: }
969:
970:
971: void
1.47 deraadt 972: sighup(int signum)
1.11 millert 973: {
974: if (username)
975: badlogin(username);
1.47 deraadt 976: _exit(0);
1.1 deraadt 977: }
1.36 millert 978:
979: #ifdef KERBEROS
980: void
1.47 deraadt 981: kgettokens(char *homedir)
1.36 millert 982: {
1.47 deraadt 983:
1.36 millert 984: /* buy AFS-tokens for homedir */
1.47 deraadt 985: if (k_hasafs()) {
1.36 millert 986: char cell[128];
1.47 deraadt 987:
1.36 millert 988: k_setpag();
1.47 deraadt 989: if (k_afs_cell_of_file(homedir, cell, sizeof(cell)) == 0)
1.36 millert 990: krb_afslog(cell, 0);
991: krb_afslog(0, 0);
992: }
993: }
994: #endif