Annotation of src/usr.bin/login/login.c, Revision 1.50
1.50 ! millert 1: /* $OpenBSD: login.c,v 1.49 2002/10/16 01:08:56 millert Exp $ */
1.3 deraadt 2: /* $NetBSD: login.c,v 1.13 1996/05/15 23:50:16 jtc Exp $ */
1.1 deraadt 3:
4: /*-
5: * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
6: * The Regents of the University of California. All rights reserved.
7: *
8: * Redistribution and use in source and binary forms, with or without
9: * modification, are permitted provided that the following conditions
10: * are met:
11: * 1. Redistributions of source code must retain the above copyright
12: * notice, this list of conditions and the following disclaimer.
13: * 2. Redistributions in binary form must reproduce the above copyright
14: * notice, this list of conditions and the following disclaimer in the
15: * documentation and/or other materials provided with the distribution.
1.50 ! millert 16: * 3. Neither the name of the University nor the names of its contributors
1.1 deraadt 17: * may be used to endorse or promote products derived from this software
18: * without specific prior written permission.
19: *
20: * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23: * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30: * SUCH DAMAGE.
31: */
1.36 millert 32: /*-
33: * Copyright (c) 1995 Berkeley Software Design, Inc. All rights reserved.
34: *
35: * Redistribution and use in source and binary forms, with or without
36: * modification, are permitted provided that the following conditions
37: * are met:
38: * 1. Redistributions of source code must retain the above copyright
39: * notice, this list of conditions and the following disclaimer.
40: * 2. Redistributions in binary form must reproduce the above copyright
41: * notice, this list of conditions and the following disclaimer in the
42: * documentation and/or other materials provided with the distribution.
43: * 3. All advertising materials mentioning features or use of this software
44: * must display the following acknowledgement:
45: * This product includes software developed by Berkeley Software Design,
46: * Inc.
47: * 4. The name of Berkeley Software Design, Inc. may not be used to endorse
48: * or promote products derived from this software without specific prior
49: * written permission.
50: *
51: * THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND
52: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
53: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
54: * ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE
55: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
56: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
57: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
58: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
59: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
60: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
61: * SUCH DAMAGE.
62: *
63: * BSDI $From: login.c,v 2.28 1999/09/08 22:35:36 prb Exp $
64: */
1.1 deraadt 65:
66: #ifndef lint
1.49 millert 67: static const char copyright[] =
1.1 deraadt 68: "@(#) Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994\n\
69: The Regents of the University of California. All rights reserved.\n";
70: #endif /* not lint */
71:
72: #ifndef lint
73: #if 0
1.49 millert 74: static const char sccsid[] = "@(#)login.c 8.4 (Berkeley) 4/2/94";
1.1 deraadt 75: #endif
1.50 ! millert 76: static const char rcsid[] = "$OpenBSD: login.c,v 1.49 2002/10/16 01:08:56 millert Exp $";
1.1 deraadt 77: #endif /* not lint */
78:
79: /*
80: * login [ name ]
81: * login -h hostname (for telnetd, etc.)
82: * login -f name (for pre-authenticated login: datakit, xterm, etc.)
1.49 millert 83: * login -p (preserve existing environment; for getty)
1.1 deraadt 84: */
85:
86: #include <sys/param.h>
1.36 millert 87: #include <sys/socket.h>
1.1 deraadt 88: #include <sys/stat.h>
89: #include <sys/time.h>
90: #include <sys/resource.h>
1.11 millert 91: #include <sys/wait.h>
1.1 deraadt 92:
93: #include <err.h>
94: #include <errno.h>
1.27 millert 95: #include <fcntl.h>
1.1 deraadt 96: #include <grp.h>
1.30 millert 97: #include <login_cap.h>
1.36 millert 98: #include <netdb.h>
1.1 deraadt 99: #include <pwd.h>
100: #include <signal.h>
1.36 millert 101: #include <stdarg.h>
1.1 deraadt 102: #include <stdio.h>
103: #include <stdlib.h>
104: #include <string.h>
105: #include <syslog.h>
106: #include <ttyent.h>
107: #include <tzfile.h>
108: #include <unistd.h>
109: #include <utmp.h>
1.3 deraadt 110: #include <util.h>
1.36 millert 111: #include <bsd_auth.h>
112:
113: #ifdef KERBEROS
114: #include <kerberosIV/kafs.h>
115: #endif
1.1 deraadt 116:
117: #include "pathnames.h"
118:
1.45 millert 119: void badlogin(char *);
120: void dolastlog(int);
121: void getloginname(void);
122: void motd(void);
123: void quickexit(int);
124: int rootterm(char *);
125: void sigint(int);
126: void sighup(int);
127: void sleepexit(int);
128: char *stypeof(char *);
129: void timedout(int);
130: int main(int, char **);
1.1 deraadt 131:
1.45 millert 132: extern int check_failedlogin(uid_t);
133: extern void log_failedlogin(uid_t, char *, char *, char *);
1.1 deraadt 134:
135: #define TTYGRPNAME "tty" /* name of group to own ttys */
136:
137: /*
1.37 millert 138: * This bounds the time given to login; may be overridden by /etc/login.conf.
1.1 deraadt 139: */
1.30 millert 140: u_int timeout = 300;
1.1 deraadt 141:
1.36 millert 142: struct passwd *pwd;
1.30 millert 143: login_cap_t *lc = NULL;
1.36 millert 144: auth_session_t *as = NULL;
1.30 millert 145: int failures;
1.36 millert 146: int needbanner = 1;
1.30 millert 147: char term[64], *hostname, *tty;
1.36 millert 148: char *style;
1.30 millert 149: char *username = NULL, *rusername = NULL;
1.1 deraadt 150:
1.47 deraadt 151: extern char **environ;
152:
1.1 deraadt 153: int
1.47 deraadt 154: main(int argc, char *argv[])
1.1 deraadt 155: {
1.47 deraadt 156: char *domain, *p, *ttyn, *shell, *fullname, *instance;
157: char *lipaddr, *script, *ripaddr, *style, *type, *fqdn;
158: char tbuf[MAXPATHLEN + 2], tname[sizeof(_PATH_TTY) + 10];
159: char localhost[MAXHOSTNAMELEN], *copyright;
160: int ask, ch, cnt, fflag, pflag, quietlog, rootlogin, lastchance;
161: int error, homeless, needto, authok, tries, backoff;
1.36 millert 162: struct addrinfo *ai, hints;
1.47 deraadt 163: struct rlimit cds, scds;
164: quad_t expire, warning;
165: struct utmp utmp;
1.1 deraadt 166: struct group *gr;
167: struct stat st;
168: uid_t uid;
169:
170: openlog("login", LOG_ODELAY, LOG_AUTH);
171:
1.37 millert 172: fqdn = lipaddr = ripaddr = fullname = type = NULL;
173: authok = 0;
174: tries = 10;
175: backoff = 3;
1.36 millert 176:
1.1 deraadt 177: domain = NULL;
1.49 millert 178: if (gethostname(localhost, sizeof(localhost)) < 0) {
1.1 deraadt 179: syslog(LOG_ERR, "couldn't get local hostname: %m");
1.49 millert 180: strlcpy(localhost, "localhost", sizeof(localhost));
181: } else if ((domain = strchr(localhost, '.'))) {
1.21 deraadt 182: domain++;
183: if (*domain && strchr(domain, '.') == NULL)
184: domain = localhost;
185: }
1.1 deraadt 186:
1.36 millert 187: if ((as = auth_open()) == NULL) {
1.39 millert 188: syslog(LOG_ERR, "auth_open: %m");
189: err(1, "unable to initialize BSD authentication");
1.36 millert 190: }
1.39 millert 191: auth_setoption(as, "login", "yes");
1.36 millert 192:
1.49 millert 193: /*
194: * -p is used by getty to tell login not to destroy the environment
195: * -f is used to skip a second login authentication
196: * -h is used by other servers to pass the name of the remote
197: * host to login so that it may be placed in utmp and wtmp
198: */
1.36 millert 199: fflag = pflag = 0;
1.1 deraadt 200: uid = getuid();
1.36 millert 201: while ((ch = getopt(argc, argv, "fh:pu:L:R:")) != -1)
1.1 deraadt 202: switch (ch) {
203: case 'f':
204: fflag = 1;
205: break;
206: case 'h':
1.36 millert 207: if (uid) {
1.46 vincent 208: warnx("-h option: %s", strerror(EPERM));
1.36 millert 209: quickexit(1);
210: }
211: if ((fqdn = strdup(optarg)) == NULL) {
212: warn(NULL);
213: quickexit(1);
214: }
215: auth_setoption(as, "fqdn", fqdn);
1.1 deraadt 216: if (domain && (p = strchr(optarg, '.')) &&
1.21 deraadt 217: strcasecmp(p+1, domain) == 0)
1.1 deraadt 218: *p = 0;
219: hostname = optarg;
1.36 millert 220: auth_setoption(as, "hostname", hostname);
221: break;
222: case 'L':
223: if (uid) {
224: warnx("-L option: %s", strerror(EPERM));
225: quickexit(1);
226: }
227: if (lipaddr) {
228: warnx("duplicate -L option");
229: quickexit(1);
230: }
231: lipaddr = optarg;
232: memset(&hints, 0, sizeof(hints));
233: hints.ai_family = PF_UNSPEC;
234: hints.ai_flags = AI_CANONNAME;
235: error = getaddrinfo(lipaddr, NULL, &hints, &ai);
236: if (!error) {
237: strlcpy(localhost, ai->ai_canonname,
238: sizeof(localhost));
239: freeaddrinfo(ai);
240: } else
241: strlcpy(localhost, lipaddr, sizeof(localhost));
242: auth_setoption(as, "local_addr", lipaddr);
1.1 deraadt 243: break;
244: case 'p':
245: pflag = 1;
246: break;
1.36 millert 247: case 'R':
248: if (uid) {
249: warnx("-R option: %s", strerror(EPERM));
250: quickexit(1);
251: }
252: if (ripaddr) {
253: warnx("duplicate -R option");
254: quickexit(1);
255: }
256: ripaddr = optarg;
257: auth_setoption(as, "remote_addr", ripaddr);
258: break;
1.14 millert 259: case 'u':
1.36 millert 260: if (uid) {
261: warnx("-u option: %s", strerror(EPERM));
262: quickexit(1);
263: }
1.14 millert 264: rusername = optarg;
265: break;
1.1 deraadt 266: default:
267: if (!uid)
268: syslog(LOG_ERR, "invalid flag %c", ch);
269: (void)fprintf(stderr,
1.47 deraadt 270: "usage: login [-fp] [-h hostname] [-L lipaddr] "
271: "[-R ripaddr] [-u username] [user]\n");
1.36 millert 272: quickexit(1);
1.1 deraadt 273: }
274: argc -= optind;
275: argv += optind;
276:
277: if (*argv) {
278: username = *argv;
279: ask = 0;
280: } else
281: ask = 1;
282:
283: for (cnt = getdtablesize(); cnt > 2; cnt--)
284: (void)close(cnt);
285:
1.49 millert 286: /*
287: * If effective user is not root, just run su(1) to emulate login(1).
288: */
289: if (geteuid() != 0) {
290: char *av[5], **ap;
291:
292: auth_close(as);
293: closelog();
294:
295: ap = av;
296: *ap++ = _PATH_SU;
297: *ap++ = "-L";
298: if (!pflag)
299: *ap++ = "-l";
300: if (!ask)
301: *ap++ = username;
302: *ap = NULL;
303: execv(_PATH_SU, av);
304: warn("unable to exec %s", _PATH_SU);
305: _exit(1);
306: }
307:
1.1 deraadt 308: ttyn = ttyname(STDIN_FILENO);
309: if (ttyn == NULL || *ttyn == '\0') {
310: (void)snprintf(tname, sizeof(tname), "%s??", _PATH_TTY);
311: ttyn = tname;
312: }
1.12 millert 313: if ((tty = strrchr(ttyn, '/')))
1.1 deraadt 314: ++tty;
315: else
316: tty = ttyn;
317:
1.49 millert 318: /*
319: * Since login deals with sensitive information, turn off coredumps.
320: */
321: if (getrlimit(RLIMIT_CORE, &scds) < 0) {
322: syslog(LOG_ERR, "couldn't get core dump size: %m");
323: scds.rlim_cur = scds.rlim_max = QUAD_MIN;
324: }
325: cds.rlim_cur = cds.rlim_max = 0;
326: if (setrlimit(RLIMIT_CORE, &cds) < 0) {
327: syslog(LOG_ERR, "couldn't set core dump size to 0: %m");
328: scds.rlim_cur = scds.rlim_max = QUAD_MIN;
329: }
330:
331: (void)signal(SIGALRM, timedout);
332: if (argc > 1) {
333: needto = 0;
334: (void)alarm(timeout);
335: } else
336: needto = 1;
337: (void)signal(SIGQUIT, SIG_IGN);
338: (void)signal(SIGINT, SIG_IGN);
339: (void)signal(SIGHUP, SIG_IGN);
340: (void)setpriority(PRIO_PROCESS, 0, 0);
341:
1.36 millert 342: #ifdef notyet
343: /* XXX - we don't (yet) support per-tty auth stuff */
344: /* BSDi uses a ttys.conf file but we could just overload /etc/ttys */
345: /*
346: * Classify the attempt.
347: * By default we use the value in the ttys file.
348: * If there is a classify script we run that as
349: *
350: * classify [-f] [username]
351: */
352: if (type = getttyauth(tty))
353: auth_setoption(as, "auth_type", type);
354: #endif
355:
356: /* get the default login class */
1.47 deraadt 357: if ((lc = login_getclass(0)) == NULL) { /* get the default class */
1.36 millert 358: warnx("Failure to retrieve default class");
359: quickexit(1);
360: }
1.37 millert 361: timeout = (u_int)login_getcapnum(lc, "login-timeout", 300, 300);
1.36 millert 362: if ((script = login_getcapstr(lc, "classify", NULL, NULL)) != NULL) {
363: unsetenv("AUTH_TYPE");
364: unsetenv("REMOTE_NAME");
365: if (script[0] != '/') {
366: syslog(LOG_ERR, "Invalid classify script: %s", script);
367: warnx("Classification failure");
368: quickexit(1);
369: }
370: shell = strrchr(script, '/') + 1;
371: auth_setstate(as, AUTH_OKAY);
1.47 deraadt 372: auth_call(as, script, shell,
1.49 millert 373: fflag ? "-f" : username, fflag ? username : 0, (char *)0);
1.36 millert 374: if (!(auth_getstate(as) & AUTH_ALLOW))
375: quickexit(1);
376: auth_setenv(as);
377: if ((p = getenv("AUTH_TYPE")) != NULL &&
378: strncmp(p, "auth-", 5) == 0)
379: type = p;
380: if ((p = getenv("REMOTE_NAME")) != NULL)
381: hostname = p;
382: /*
383: * we may have changed some values, reset them
384: */
385: auth_clroptions(as);
386: if (type)
387: auth_setoption(as, "auth_type", type);
388: if (fqdn)
389: auth_setoption(as, "fqdn", fqdn);
390: if (hostname)
391: auth_setoption(as, "hostname", hostname);
392: if (lipaddr)
393: auth_setoption(as, "local_addr", lipaddr);
394: if (ripaddr)
395: auth_setoption(as, "remote_addr", ripaddr);
396: }
397:
398: /*
399: * Request the things like the approval script print things
400: * to stdout (in particular, the nologins files)
401: */
402: auth_setitem(as, AUTHV_INTERACTIVE, "True");
403:
1.1 deraadt 404: for (cnt = 0;; ask = 1) {
1.36 millert 405: /*
406: * Clean up our current authentication session.
407: * Options are not cleared so we need to clear any
408: * we might set below.
409: */
410: auth_clean(as);
411: auth_clroption(as, "style");
412: auth_clroption(as, "lastchance");
413:
414: lastchance = 0;
415:
1.1 deraadt 416: if (ask) {
417: fflag = 0;
418: getloginname();
419: }
1.36 millert 420: if (needto) {
421: needto = 0;
422: alarm(timeout);
423: }
1.47 deraadt 424: if ((style = strchr(username, ':')) != NULL)
1.36 millert 425: *style++ = '\0';
426: if (fullname)
427: free(fullname);
428: if (auth_setitem(as, AUTHV_NAME, username) < 0 ||
429: (fullname = strdup(username)) == NULL) {
430: syslog(LOG_ERR, "%m");
431: warn(NULL);
432: quickexit(1);
433: }
1.1 deraadt 434: rootlogin = 0;
1.40 millert 435: if ((instance = strpbrk(username, "./")) != NULL) {
436: if (strncmp(instance + 1, "root", 4) == 0)
1.1 deraadt 437: rootlogin = 1;
438: *instance++ = '\0';
439: } else
440: instance = "";
1.36 millert 441:
1.1 deraadt 442: if (strlen(username) > UT_NAMESIZE)
443: username[UT_NAMESIZE] = '\0';
444:
445: /*
446: * Note if trying multiple user names; log failures for
447: * previous user name, but don't bother logging one failure
448: * for nonexistent name (mistyped username).
449: */
450: if (failures && strcmp(tbuf, username)) {
451: if (failures > (pwd ? 0 : 1))
452: badlogin(tbuf);
453: failures = 0;
454: }
1.36 millert 455: (void)strlcpy(tbuf, username, sizeof(tbuf));
1.1 deraadt 456:
1.36 millert 457: if ((pwd = getpwnam(username)) != NULL &&
458: auth_setpwd(as, pwd) < 0) {
459: syslog(LOG_ERR, "%m");
460: warn(NULL);
461: quickexit(1);
462: }
1.1 deraadt 463:
1.36 millert 464: lc = login_getclass(pwd ? pwd->pw_class : NULL);
465: if (!lc)
466: goto failed;
1.1 deraadt 467:
1.36 millert 468: style = login_getstyle(lc, style, type);
469: if (!style)
470: goto failed;
1.1 deraadt 471:
1.36 millert 472: /*
1.37 millert 473: * We allow "login-tries" attempts to login but start
474: * slowing down after "login-backoff" attempts.
475: */
476: tries = (int)login_getcapnum(lc, "login-tries", 10, 10);
477: backoff = (int)login_getcapnum(lc, "login-backoff", 3, 3);
478:
479: /*
1.36 millert 480: * Turn off the fflag if we have an an invalid user
481: * or we are not root and we are trying to change uids.
482: */
483: if (!pwd || (uid && uid != pwd->pw_uid))
484: fflag = 0;
1.1 deraadt 485:
1.36 millert 486: if (pwd && pwd->pw_uid == 0)
487: rootlogin = 1;
1.25 millert 488:
1.36 millert 489: /*
490: * If we do not have the force flag authenticate the user
491: */
1.44 millert 492: if (!fflag) {
1.36 millert 493: lastchance =
494: login_getcaptime(lc, "password-dead", 0, 0) != 0;
495: if (lastchance)
496: auth_setoption(as, "lastchance", "yes");
497: /*
498: * Once we start asking for a password
499: * we want to log a failure on a hup.
500: */
501: signal(SIGHUP, sighup);
502: auth_verify(as, style, NULL, lc->lc_class, NULL);
503: authok = auth_getstate(as);
504: /*
505: * If their password expired and it has not been
506: * too long since then, give the user one last
507: * chance to change their password
508: */
509: if ((authok & AUTH_PWEXPIRED) && lastchance) {
510: authok = AUTH_OKAY;
511: } else
512: lastchance = 0;
513: if ((authok & AUTH_ALLOW) == 0)
514: goto failed;
515: if (auth_setoption(as, "style", style) < 0) {
516: syslog(LOG_ERR, "%m");
517: warn(NULL);
518: quickexit(1);
1.25 millert 519: }
1.1 deraadt 520: }
1.36 millert 521: /*
522: * explicitly reject users without password file entries
523: */
1.47 deraadt 524: if (pwd == NULL)
1.36 millert 525: goto failed;
1.1 deraadt 526:
527: /*
1.36 millert 528: * If trying to log in as root on an insecure terminal,
529: * refuse the login attempt unless the authentication
530: * style explicitly says a root login is okay.
1.1 deraadt 531: */
1.44 millert 532: if (pwd && rootlogin && !rootterm(tty))
1.36 millert 533: goto failed;
1.29 millert 534:
1.36 millert 535: if (fflag) {
536: type = 0;
537: style = "forced";
538: }
539: break;
540:
541: failed:
542: if (authok & AUTH_SILENT)
543: quickexit(0);
1.29 millert 544: if (rootlogin && !rootterm(tty)) {
1.36 millert 545: warnx("%s login refused on this terminal.",
546: fullname);
1.1 deraadt 547: if (hostname)
548: syslog(LOG_NOTICE,
1.14 millert 549: "LOGIN %s REFUSED FROM %s%s%s ON TTY %s",
1.36 millert 550: fullname, rusername ? rusername : "",
1.14 millert 551: rusername ? "@" : "", hostname, tty);
1.1 deraadt 552: else
553: syslog(LOG_NOTICE,
554: "LOGIN %s REFUSED ON TTY %s",
1.47 deraadt 555: fullname, tty);
1.36 millert 556: } else {
557: if (!as || (p = auth_getvalue(as, "errormsg")) == NULL)
558: p = "Login incorrect";
559: (void)printf("%s\n", p);
560: }
1.1 deraadt 561: failures++;
1.13 millert 562: if (pwd)
1.14 millert 563: log_failedlogin(pwd->pw_uid, hostname, rusername, tty);
1.37 millert 564: /*
565: * By default, we allow 10 tries, but after 3 we start
566: * backing off to slow down password guessers.
567: */
568: if (++cnt > backoff) {
569: if (cnt >= tries) {
1.1 deraadt 570: badlogin(username);
571: sleepexit(1);
572: }
1.37 millert 573: sleep((u_int)((cnt - backoff) * tries / 2));
1.1 deraadt 574: }
575: }
576:
577: /* committed to login -- turn off timeout */
1.36 millert 578: (void)alarm(0);
1.1 deraadt 579:
580: endpwent();
581:
1.30 millert 582: shell = login_getcapstr(lc, "shell", pwd->pw_shell, pwd->pw_shell);
583: if (*shell == '\0')
584: shell = _PATH_BSHELL;
585: else if (strlen(shell) >= MAXPATHLEN) {
586: syslog(LOG_ERR, "shell path too long: %s", shell);
587: warnx("invalid shell");
1.36 millert 588: quickexit(1);
1.24 art 589: }
1.1 deraadt 590:
591: /* Destroy environment unless user has requested its preservation. */
1.24 art 592: if (!pflag) {
1.22 deraadt 593: if ((environ = calloc(1, sizeof (char *))) == NULL)
594: err(1, "calloc");
1.24 art 595: } else {
1.9 millert 596: char **cpp, **cpp2;
597:
598: for (cpp2 = cpp = environ; *cpp; cpp++) {
599: if (strncmp(*cpp, "LD_", 3) &&
1.29 millert 600: strncmp(*cpp, "ENV=", 4) &&
601: strncmp(*cpp, "BASH_ENV=", 9) &&
1.9 millert 602: strncmp(*cpp, "IFS=", 4))
603: *cpp2++ = *cpp;
604: }
605: *cpp2 = 0;
606: }
1.30 millert 607: /* Note: setusercontext(3) will set PATH */
1.34 deraadt 608: if (setenv("HOME", pwd->pw_dir, 1) == -1 ||
609: setenv("SHELL", shell, 1) == -1) {
610: warn("unable to setenv()");
1.36 millert 611: quickexit(1);
1.34 deraadt 612: }
1.1 deraadt 613: if (term[0] == '\0')
1.29 millert 614: (void)strlcpy(term, stypeof(tty), sizeof(term));
1.34 deraadt 615: if (setenv("TERM", term, 0) == -1 ||
616: setenv("LOGNAME", pwd->pw_name, 1) == -1 ||
617: setenv("USER", pwd->pw_name, 1) == -1) {
618: warn("unable to setenv()");
1.36 millert 619: quickexit(1);
1.34 deraadt 620: }
621: if (hostname) {
622: if (setenv("REMOTEHOST", hostname, 1) == -1) {
623: warn("unable to setenv()");
1.36 millert 624: quickexit(1);
1.34 deraadt 625: }
626: }
627: if (rusername) {
628: if (setenv("REMOTEUSER", rusername, 1) == -1) {
629: warn("unable to setenv()");
1.36 millert 630: quickexit(1);
1.34 deraadt 631: }
632: }
1.36 millert 633:
634: if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETPATH)) {
635: warn("unable to set user context");
636: quickexit(1);
637: }
638: auth_setenv(as);
639:
640: /* if user not super-user, check for disabled logins */
641: if (!rootlogin)
642: auth_checknologin(lc);
643:
644: setegid(pwd->pw_gid);
645: seteuid(pwd->pw_uid);
646:
647: homeless = chdir(pwd->pw_dir);
648: if (homeless) {
649: if (login_getcapbool(lc, "requirehome", 0)) {
650: (void)printf("No home directory %s!\n", pwd->pw_dir);
651: quickexit(1);
1.34 deraadt 652: }
1.36 millert 653: if (chdir("/"))
654: quickexit(0);
1.34 deraadt 655: }
1.36 millert 656:
657: quietlog = ((strcmp(pwd->pw_shell, "/sbin/nologin") == 0) ||
658: login_getcapbool(lc, "hushlogin", 0) ||
659: (access(_PATH_HUSHLOGIN, F_OK) == 0));
660:
661: seteuid(0);
662: setegid(0); /* XXX use a saved gid instead? */
663:
664: if ((p = auth_getvalue(as, "warnmsg")) != NULL)
665: (void)printf("WARNING: %s\n\n", p);
666:
667: expire = auth_check_expire(as);
668: if (expire < 0) {
669: (void)printf("Sorry -- your account has expired.\n");
670: quickexit(1);
671: } else if (expire > 0 && !quietlog) {
672: warning = login_getcaptime(lc, "expire-warn",
673: 2 * DAYSPERWEEK * SECSPERDAY, 2 * DAYSPERWEEK * SECSPERDAY);
674: if (expire < warning)
1.47 deraadt 675: (void)printf("Warning: your account expires on %s",
1.36 millert 676: ctime(&pwd->pw_expire));
1.34 deraadt 677: }
1.36 millert 678:
679: /* Nothing else left to fail -- really log in. */
680: (void)signal(SIGHUP, SIG_DFL);
681: memset(&utmp, 0, sizeof(utmp));
682: (void)time(&utmp.ut_time);
683: (void)strncpy(utmp.ut_name, username, sizeof(utmp.ut_name));
684: if (hostname)
685: (void)strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
686: (void)strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
687: login(&utmp);
688:
689: if (!quietlog)
690: (void)check_failedlogin(pwd->pw_uid);
691: dolastlog(quietlog);
692:
693: login_fbtab(tty, pwd->pw_uid, pwd->pw_gid);
694:
695: (void)chown(ttyn, pwd->pw_uid,
696: (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid);
697:
1.1 deraadt 698: /* If fflag is on, assume caller/authenticator has logged root login. */
1.24 art 699: if (rootlogin && fflag == 0) {
1.1 deraadt 700: if (hostname)
1.14 millert 701: syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s FROM %s%s%s",
702: username, tty, rusername ? rusername : "",
703: rusername ? "@" : "", hostname);
1.1 deraadt 704: else
705: syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s", username, tty);
1.24 art 706: }
1.1 deraadt 707:
708: if (!quietlog) {
1.36 millert 709: if ((copyright =
710: login_getcapstr(lc, "copyright", NULL, NULL)) != NULL)
711: auth_cat(copyright);
1.1 deraadt 712: motd();
713: (void)snprintf(tbuf,
714: sizeof(tbuf), "%s/%s", _PATH_MAILDIR, pwd->pw_name);
715: if (stat(tbuf, &st) == 0 && st.st_size != 0)
716: (void)printf("You have %smail.\n",
717: (st.st_mtime > st.st_atime) ? "new " : "");
718: }
719:
720: (void)signal(SIGALRM, SIG_DFL);
721: (void)signal(SIGQUIT, SIG_DFL);
1.36 millert 722: (void)signal(SIGHUP, SIG_DFL);
1.1 deraadt 723: (void)signal(SIGINT, SIG_DFL);
724: (void)signal(SIGTSTP, SIG_IGN);
725:
726: tbuf[0] = '-';
1.30 millert 727: (void)strlcpy(tbuf + 1, (p = strrchr(shell, '/')) ?
1.36 millert 728: p + 1 : shell, sizeof(tbuf) - 1);
729:
730: if ((scds.rlim_cur != QUAD_MIN || scds.rlim_max != QUAD_MIN) &&
731: setrlimit(RLIMIT_CORE, &scds) < 0)
732: syslog(LOG_ERR, "couldn't reset core dump size: %m");
733:
734: if (lastchance)
1.47 deraadt 735: (void)printf("WARNING: Your password has expired."
736: " You must change your password, now!\n");
1.1 deraadt 737:
1.38 millert 738: if (setusercontext(lc, pwd, rootlogin ? 0 : pwd->pw_uid,
1.36 millert 739: LOGIN_SETALL & ~LOGIN_SETPATH) < 0) {
1.30 millert 740: warn("unable to set user context");
1.36 millert 741: quickexit(1);
742: }
743:
744: if (homeless) {
745: (void)printf("No home directory %s!\n", pwd->pw_dir);
746: (void)printf("Logging in with home = \"/\".\n");
747: (void)setenv("HOME", "/", 1);
1.15 tholo 748: }
1.30 millert 749:
1.36 millert 750: if (auth_approval(as, lc, NULL, "login") == 0) {
751: if (auth_getstate(as) & AUTH_EXPIRED)
752: (void)printf("Sorry -- your account has expired.\n");
753: else
754: (void)printf("approval failure\n");
755: quickexit(1);
756: }
757:
758: /*
759: * The last thing we do is discard all of the open file descriptors.
760: * Last because the C library may have some open.
761: *
762: * XXX
763: * Assume that stdin, stdout and stderr are 0, 1 and 2, and that
764: * STDERR_FILENO is 2.
765: */
766: for (cnt = getdtablesize(); cnt > STDERR_FILENO; cnt--)
767: (void)close(cnt);
768:
769: /*
770: * Close the authentication session, make sure it is marked
771: * as okay so no files are removed.
772: */
773: auth_setstate(as, AUTH_OKAY);
774: auth_close(as);
775:
1.24 art 776: #ifdef KERBEROS
1.47 deraadt 777: kgettokens(pwd->pw_dir);
1.24 art 778: #endif
1.1 deraadt 779:
1.42 deraadt 780: execlp(shell, tbuf, (char *)NULL);
1.30 millert 781: err(1, "%s", shell);
1.1 deraadt 782: }
783:
784: /*
1.36 millert 785: * Allow for a '.' and 16 characters for any instance as well as
786: * space for a ':' and 16 charcters defining the authentication type.
1.1 deraadt 787: */
1.36 millert 788: #define NBUFSIZ (UT_NAMESIZE + 1 + 16 + 1 + 16)
1.1 deraadt 789:
790: void
1.47 deraadt 791: getloginname(void)
1.1 deraadt 792: {
1.47 deraadt 793: static char nbuf[NBUFSIZ], *p;
1.1 deraadt 794: int ch;
795:
796: for (;;) {
797: (void)printf("login: ");
798: for (p = nbuf; (ch = getchar()) != '\n'; ) {
799: if (ch == EOF) {
800: badlogin(username);
1.36 millert 801: quickexit(0);
1.1 deraadt 802: }
803: if (p < nbuf + (NBUFSIZ - 1))
804: *p++ = ch;
805: }
1.24 art 806: if (p > nbuf) {
1.1 deraadt 807: if (nbuf[0] == '-')
808: (void)fprintf(stderr,
809: "login names may not start with '-'.\n");
810: else {
811: *p = '\0';
812: username = nbuf;
813: break;
814: }
1.24 art 815: }
1.1 deraadt 816: }
817: }
818:
819: int
1.47 deraadt 820: rootterm(char *ttyn)
1.1 deraadt 821: {
822: struct ttyent *t;
823:
1.36 millert 824: /* XXX - stash output of getttynam() elsewhere */
1.1 deraadt 825: return ((t = getttynam(ttyn)) && t->ty_status & TTY_SECURE);
826: }
827:
828: void
1.47 deraadt 829: motd(void)
1.1 deraadt 830: {
1.47 deraadt 831: char tbuf[8192], *motd;
1.1 deraadt 832: int fd, nchars;
1.48 millert 833: struct sigaction sa, osa;
1.30 millert 834:
835: motd = login_getcapstr(lc, "welcome", _PATH_MOTDFILE, _PATH_MOTDFILE);
1.1 deraadt 836:
1.30 millert 837: if ((fd = open(motd, O_RDONLY, 0)) < 0)
1.1 deraadt 838: return;
1.48 millert 839:
840: memset(&sa, 0, sizeof(sa));
841: sa.sa_handler = sigint;
842: sigemptyset(&sa.sa_mask);
843: sa.sa_flags = 0; /* don't set SA_RESTART */
844: (void)sigaction(SIGINT, &sa, &osa);
845:
846: /* read and spew motd until EOF, error, or SIGINT */
847: while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0 &&
848: write(STDOUT_FILENO, tbuf, nchars) == nchars)
849: ;
850:
851: (void)sigaction(SIGINT, &osa, NULL);
1.1 deraadt 852: (void)close(fd);
853: }
854:
855: /* ARGSUSED */
856: void
1.47 deraadt 857: sigint(int signo)
1.1 deraadt 858: {
1.48 millert 859: return; /* just interupt syscall */
1.1 deraadt 860: }
861:
862: /* ARGSUSED */
863: void
1.47 deraadt 864: timedout(int signo)
1.1 deraadt 865: {
1.47 deraadt 866: char warn[1024];
867:
868: snprintf(warn, sizeof warn,
869: "Login timed out after %d seconds\n", timeout);
870: write(STDERR_FILENO, warn, strlen(warn));
1.37 millert 871: if (username)
872: badlogin(username);
1.47 deraadt 873: _exit(0);
1.1 deraadt 874: }
875:
876: void
1.47 deraadt 877: dolastlog(int quiet)
1.1 deraadt 878: {
879: struct lastlog ll;
880: int fd;
881:
882: if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) {
1.26 millert 883: (void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET);
1.1 deraadt 884: if (!quiet) {
885: if (read(fd, (char *)&ll, sizeof(ll)) == sizeof(ll) &&
886: ll.ll_time != 0) {
887: (void)printf("Last login: %.*s ",
888: 24-5, (char *)ctime(&ll.ll_time));
1.14 millert 889: (void)printf("on %.*s",
890: (int)sizeof(ll.ll_line),
891: ll.ll_line);
1.1 deraadt 892: if (*ll.ll_host != '\0')
1.14 millert 893: (void)printf(" from %.*s",
1.1 deraadt 894: (int)sizeof(ll.ll_host),
895: ll.ll_host);
1.14 millert 896: (void)putchar('\n');
1.1 deraadt 897: }
1.26 millert 898: (void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll),
899: SEEK_SET);
1.1 deraadt 900: }
901: memset((void *)&ll, 0, sizeof(ll));
902: (void)time(&ll.ll_time);
903: (void)strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
904: if (hostname)
905: (void)strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));
906: (void)write(fd, (char *)&ll, sizeof(ll));
907: (void)close(fd);
908: }
909: }
910:
911: void
1.47 deraadt 912: badlogin(char *name)
1.1 deraadt 913: {
1.47 deraadt 914: struct syslog_data sdata = SYSLOG_DATA_INIT;
915:
1.1 deraadt 916: if (failures == 0)
917: return;
918: if (hostname) {
1.47 deraadt 919: syslog_r(LOG_NOTICE, &sdata,
920: "%d LOGIN FAILURE%s FROM %s%s%s",
1.14 millert 921: failures, failures > 1 ? "S" : "",
922: rusername ? rusername : "", rusername ? "@" : "", hostname);
1.47 deraadt 923: syslog_r(LOG_AUTHPRIV|LOG_NOTICE, &sdata,
1.14 millert 924: "%d LOGIN FAILURE%s FROM %s%s%s, %s",
925: failures, failures > 1 ? "S" : "",
926: rusername ? rusername : "", rusername ? "@" : "",
927: hostname, name);
1.1 deraadt 928: } else {
1.47 deraadt 929: syslog_r(LOG_NOTICE, &sdata,
930: "%d LOGIN FAILURE%s ON %s",
1.1 deraadt 931: failures, failures > 1 ? "S" : "", tty);
1.47 deraadt 932: syslog_r(LOG_AUTHPRIV|LOG_NOTICE, &sdata,
1.1 deraadt 933: "%d LOGIN FAILURE%s ON %s, %s",
934: failures, failures > 1 ? "S" : "", tty, name);
935: }
936: }
937:
938: #undef UNKNOWN
939: #define UNKNOWN "su"
940:
941: char *
1.47 deraadt 942: stypeof(char *ttyid)
1.1 deraadt 943: {
944: struct ttyent *t;
945:
1.30 millert 946: return (ttyid && (t = getttynam(ttyid)) ? t->ty_type :
947: login_getcapstr(lc, "term", UNKNOWN, UNKNOWN));
1.1 deraadt 948: }
949:
950: void
1.47 deraadt 951: sleepexit(int eval)
1.1 deraadt 952: {
1.36 millert 953: auth_close(as);
1.1 deraadt 954: (void)sleep(5);
955: exit(eval);
1.11 millert 956: }
957:
958: void
1.47 deraadt 959: quickexit(int eval)
1.36 millert 960: {
961: if (as)
962: auth_close(as);
963: exit(eval);
964: }
965:
966:
967: void
1.47 deraadt 968: sighup(int signum)
1.11 millert 969: {
970: if (username)
971: badlogin(username);
1.47 deraadt 972: _exit(0);
1.1 deraadt 973: }
1.36 millert 974:
975: #ifdef KERBEROS
976: void
1.47 deraadt 977: kgettokens(char *homedir)
1.36 millert 978: {
1.47 deraadt 979:
1.36 millert 980: /* buy AFS-tokens for homedir */
1.47 deraadt 981: if (k_hasafs()) {
1.36 millert 982: char cell[128];
1.47 deraadt 983:
1.36 millert 984: k_setpag();
1.47 deraadt 985: if (k_afs_cell_of_file(homedir, cell, sizeof(cell)) == 0)
1.36 millert 986: krb_afslog(cell, 0);
987: krb_afslog(0, 0);
988: }
989: }
990: #endif