Annotation of src/usr.bin/login/login.c, Revision 1.60
1.60 ! tobias 1: /* $OpenBSD: login.c,v 1.59 2009/08/31 22:25:43 martynas Exp $ */
1.3 deraadt 2: /* $NetBSD: login.c,v 1.13 1996/05/15 23:50:16 jtc Exp $ */
1.1 deraadt 3:
4: /*-
5: * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
6: * The Regents of the University of California. All rights reserved.
7: *
8: * Redistribution and use in source and binary forms, with or without
9: * modification, are permitted provided that the following conditions
10: * are met:
11: * 1. Redistributions of source code must retain the above copyright
12: * notice, this list of conditions and the following disclaimer.
13: * 2. Redistributions in binary form must reproduce the above copyright
14: * notice, this list of conditions and the following disclaimer in the
15: * documentation and/or other materials provided with the distribution.
1.50 millert 16: * 3. Neither the name of the University nor the names of its contributors
1.1 deraadt 17: * may be used to endorse or promote products derived from this software
18: * without specific prior written permission.
19: *
20: * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23: * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30: * SUCH DAMAGE.
31: */
1.36 millert 32: /*-
33: * Copyright (c) 1995 Berkeley Software Design, Inc. All rights reserved.
34: *
35: * Redistribution and use in source and binary forms, with or without
36: * modification, are permitted provided that the following conditions
37: * are met:
38: * 1. Redistributions of source code must retain the above copyright
39: * notice, this list of conditions and the following disclaimer.
40: * 2. Redistributions in binary form must reproduce the above copyright
41: * notice, this list of conditions and the following disclaimer in the
42: * documentation and/or other materials provided with the distribution.
43: * 3. All advertising materials mentioning features or use of this software
44: * must display the following acknowledgement:
45: * This product includes software developed by Berkeley Software Design,
46: * Inc.
47: * 4. The name of Berkeley Software Design, Inc. may not be used to endorse
48: * or promote products derived from this software without specific prior
49: * written permission.
50: *
51: * THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND
52: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
53: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
54: * ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE
55: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
56: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
57: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
58: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
59: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
60: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
61: * SUCH DAMAGE.
62: *
63: * BSDI $From: login.c,v 2.28 1999/09/08 22:35:36 prb Exp $
64: */
1.1 deraadt 65:
66: #ifndef lint
1.49 millert 67: static const char copyright[] =
1.1 deraadt 68: "@(#) Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994\n\
69: The Regents of the University of California. All rights reserved.\n";
70: #endif /* not lint */
71:
72: #ifndef lint
73: #if 0
1.49 millert 74: static const char sccsid[] = "@(#)login.c 8.4 (Berkeley) 4/2/94";
1.1 deraadt 75: #endif
1.60 ! tobias 76: static const char rcsid[] = "$OpenBSD: login.c,v 1.59 2009/08/31 22:25:43 martynas Exp $";
1.1 deraadt 77: #endif /* not lint */
78:
79: /*
80: * login [ name ]
81: * login -h hostname (for telnetd, etc.)
82: * login -f name (for pre-authenticated login: datakit, xterm, etc.)
1.49 millert 83: * login -p (preserve existing environment; for getty)
1.1 deraadt 84: */
85:
86: #include <sys/param.h>
1.36 millert 87: #include <sys/socket.h>
1.1 deraadt 88: #include <sys/stat.h>
89: #include <sys/time.h>
90: #include <sys/resource.h>
1.11 millert 91: #include <sys/wait.h>
1.1 deraadt 92:
93: #include <err.h>
94: #include <errno.h>
1.27 millert 95: #include <fcntl.h>
1.1 deraadt 96: #include <grp.h>
1.30 millert 97: #include <login_cap.h>
1.36 millert 98: #include <netdb.h>
1.1 deraadt 99: #include <pwd.h>
100: #include <signal.h>
1.36 millert 101: #include <stdarg.h>
1.1 deraadt 102: #include <stdio.h>
103: #include <stdlib.h>
104: #include <string.h>
105: #include <syslog.h>
106: #include <ttyent.h>
107: #include <tzfile.h>
108: #include <unistd.h>
109: #include <utmp.h>
1.3 deraadt 110: #include <util.h>
1.36 millert 111: #include <bsd_auth.h>
112:
1.1 deraadt 113: #include "pathnames.h"
114:
1.45 millert 115: void badlogin(char *);
116: void dolastlog(int);
117: void getloginname(void);
118: void motd(void);
119: void quickexit(int);
120: int rootterm(char *);
121: void sigint(int);
122: void sighup(int);
123: void sleepexit(int);
124: char *stypeof(char *);
125: void timedout(int);
126: int main(int, char **);
1.1 deraadt 127:
1.45 millert 128: extern int check_failedlogin(uid_t);
129: extern void log_failedlogin(uid_t, char *, char *, char *);
1.1 deraadt 130:
131: #define TTYGRPNAME "tty" /* name of group to own ttys */
132:
133: /*
1.37 millert 134: * This bounds the time given to login; may be overridden by /etc/login.conf.
1.1 deraadt 135: */
1.30 millert 136: u_int timeout = 300;
1.1 deraadt 137:
1.36 millert 138: struct passwd *pwd;
1.30 millert 139: login_cap_t *lc = NULL;
1.36 millert 140: auth_session_t *as = NULL;
1.30 millert 141: int failures;
1.36 millert 142: int needbanner = 1;
1.30 millert 143: char term[64], *hostname, *tty;
1.36 millert 144: char *style;
1.30 millert 145: char *username = NULL, *rusername = NULL;
1.1 deraadt 146:
1.47 deraadt 147: extern char **environ;
148:
1.1 deraadt 149: int
1.47 deraadt 150: main(int argc, char *argv[])
1.1 deraadt 151: {
1.47 deraadt 152: char *domain, *p, *ttyn, *shell, *fullname, *instance;
153: char *lipaddr, *script, *ripaddr, *style, *type, *fqdn;
154: char tbuf[MAXPATHLEN + 2], tname[sizeof(_PATH_TTY) + 10];
155: char localhost[MAXHOSTNAMELEN], *copyright;
1.59 martynas 156: char mail[sizeof(_PATH_MAILDIR) + 1 + NAME_MAX];
1.47 deraadt 157: int ask, ch, cnt, fflag, pflag, quietlog, rootlogin, lastchance;
158: int error, homeless, needto, authok, tries, backoff;
1.36 millert 159: struct addrinfo *ai, hints;
1.47 deraadt 160: struct rlimit cds, scds;
161: quad_t expire, warning;
162: struct utmp utmp;
1.1 deraadt 163: struct group *gr;
164: struct stat st;
165: uid_t uid;
166:
167: openlog("login", LOG_ODELAY, LOG_AUTH);
168:
1.37 millert 169: fqdn = lipaddr = ripaddr = fullname = type = NULL;
170: authok = 0;
171: tries = 10;
172: backoff = 3;
1.36 millert 173:
1.1 deraadt 174: domain = NULL;
1.49 millert 175: if (gethostname(localhost, sizeof(localhost)) < 0) {
1.1 deraadt 176: syslog(LOG_ERR, "couldn't get local hostname: %m");
1.49 millert 177: strlcpy(localhost, "localhost", sizeof(localhost));
178: } else if ((domain = strchr(localhost, '.'))) {
1.21 deraadt 179: domain++;
180: if (*domain && strchr(domain, '.') == NULL)
181: domain = localhost;
182: }
1.1 deraadt 183:
1.36 millert 184: if ((as = auth_open()) == NULL) {
1.39 millert 185: syslog(LOG_ERR, "auth_open: %m");
186: err(1, "unable to initialize BSD authentication");
1.36 millert 187: }
1.39 millert 188: auth_setoption(as, "login", "yes");
1.36 millert 189:
1.49 millert 190: /*
191: * -p is used by getty to tell login not to destroy the environment
192: * -f is used to skip a second login authentication
193: * -h is used by other servers to pass the name of the remote
194: * host to login so that it may be placed in utmp and wtmp
195: */
1.36 millert 196: fflag = pflag = 0;
1.1 deraadt 197: uid = getuid();
1.36 millert 198: while ((ch = getopt(argc, argv, "fh:pu:L:R:")) != -1)
1.1 deraadt 199: switch (ch) {
200: case 'f':
201: fflag = 1;
202: break;
203: case 'h':
1.36 millert 204: if (uid) {
1.46 vincent 205: warnx("-h option: %s", strerror(EPERM));
1.36 millert 206: quickexit(1);
207: }
1.60 ! tobias 208: free(fqdn);
1.36 millert 209: if ((fqdn = strdup(optarg)) == NULL) {
210: warn(NULL);
211: quickexit(1);
212: }
213: auth_setoption(as, "fqdn", fqdn);
1.1 deraadt 214: if (domain && (p = strchr(optarg, '.')) &&
1.21 deraadt 215: strcasecmp(p+1, domain) == 0)
1.1 deraadt 216: *p = 0;
217: hostname = optarg;
1.36 millert 218: auth_setoption(as, "hostname", hostname);
219: break;
220: case 'L':
221: if (uid) {
222: warnx("-L option: %s", strerror(EPERM));
223: quickexit(1);
224: }
225: if (lipaddr) {
226: warnx("duplicate -L option");
227: quickexit(1);
228: }
229: lipaddr = optarg;
230: memset(&hints, 0, sizeof(hints));
231: hints.ai_family = PF_UNSPEC;
232: hints.ai_flags = AI_CANONNAME;
233: error = getaddrinfo(lipaddr, NULL, &hints, &ai);
234: if (!error) {
235: strlcpy(localhost, ai->ai_canonname,
236: sizeof(localhost));
237: freeaddrinfo(ai);
238: } else
239: strlcpy(localhost, lipaddr, sizeof(localhost));
240: auth_setoption(as, "local_addr", lipaddr);
1.1 deraadt 241: break;
242: case 'p':
243: pflag = 1;
244: break;
1.36 millert 245: case 'R':
246: if (uid) {
247: warnx("-R option: %s", strerror(EPERM));
248: quickexit(1);
249: }
250: if (ripaddr) {
251: warnx("duplicate -R option");
252: quickexit(1);
253: }
254: ripaddr = optarg;
255: auth_setoption(as, "remote_addr", ripaddr);
256: break;
1.14 millert 257: case 'u':
1.36 millert 258: if (uid) {
259: warnx("-u option: %s", strerror(EPERM));
260: quickexit(1);
261: }
1.14 millert 262: rusername = optarg;
263: break;
1.1 deraadt 264: default:
265: if (!uid)
266: syslog(LOG_ERR, "invalid flag %c", ch);
267: (void)fprintf(stderr,
1.57 jmc 268: "usage: login [-fp] [-h hostname] [-L local-addr] "
269: "[-R remote-addr] [-u username]\n\t[user]\n");
1.36 millert 270: quickexit(1);
1.1 deraadt 271: }
272: argc -= optind;
273: argv += optind;
274:
275: if (*argv) {
276: username = *argv;
277: ask = 0;
278: } else
279: ask = 1;
280:
1.49 millert 281: /*
282: * If effective user is not root, just run su(1) to emulate login(1).
283: */
284: if (geteuid() != 0) {
285: char *av[5], **ap;
286:
287: auth_close(as);
288: closelog();
1.54 millert 289: closefrom(STDERR_FILENO + 1);
1.49 millert 290:
291: ap = av;
292: *ap++ = _PATH_SU;
293: *ap++ = "-L";
294: if (!pflag)
295: *ap++ = "-l";
296: if (!ask)
297: *ap++ = username;
298: *ap = NULL;
299: execv(_PATH_SU, av);
300: warn("unable to exec %s", _PATH_SU);
301: _exit(1);
302: }
303:
1.1 deraadt 304: ttyn = ttyname(STDIN_FILENO);
305: if (ttyn == NULL || *ttyn == '\0') {
306: (void)snprintf(tname, sizeof(tname), "%s??", _PATH_TTY);
307: ttyn = tname;
308: }
1.12 millert 309: if ((tty = strrchr(ttyn, '/')))
1.1 deraadt 310: ++tty;
311: else
312: tty = ttyn;
313:
1.49 millert 314: /*
315: * Since login deals with sensitive information, turn off coredumps.
316: */
317: if (getrlimit(RLIMIT_CORE, &scds) < 0) {
318: syslog(LOG_ERR, "couldn't get core dump size: %m");
319: scds.rlim_cur = scds.rlim_max = QUAD_MIN;
320: }
321: cds.rlim_cur = cds.rlim_max = 0;
322: if (setrlimit(RLIMIT_CORE, &cds) < 0) {
323: syslog(LOG_ERR, "couldn't set core dump size to 0: %m");
324: scds.rlim_cur = scds.rlim_max = QUAD_MIN;
325: }
326:
327: (void)signal(SIGALRM, timedout);
328: if (argc > 1) {
329: needto = 0;
330: (void)alarm(timeout);
331: } else
332: needto = 1;
333: (void)signal(SIGQUIT, SIG_IGN);
334: (void)signal(SIGINT, SIG_IGN);
335: (void)signal(SIGHUP, SIG_IGN);
336: (void)setpriority(PRIO_PROCESS, 0, 0);
337:
1.36 millert 338: #ifdef notyet
339: /* XXX - we don't (yet) support per-tty auth stuff */
340: /* BSDi uses a ttys.conf file but we could just overload /etc/ttys */
341: /*
342: * Classify the attempt.
343: * By default we use the value in the ttys file.
344: * If there is a classify script we run that as
345: *
346: * classify [-f] [username]
347: */
348: if (type = getttyauth(tty))
349: auth_setoption(as, "auth_type", type);
350: #endif
351:
352: /* get the default login class */
1.47 deraadt 353: if ((lc = login_getclass(0)) == NULL) { /* get the default class */
1.36 millert 354: warnx("Failure to retrieve default class");
355: quickexit(1);
356: }
1.37 millert 357: timeout = (u_int)login_getcapnum(lc, "login-timeout", 300, 300);
1.36 millert 358: if ((script = login_getcapstr(lc, "classify", NULL, NULL)) != NULL) {
359: unsetenv("AUTH_TYPE");
360: unsetenv("REMOTE_NAME");
361: if (script[0] != '/') {
362: syslog(LOG_ERR, "Invalid classify script: %s", script);
363: warnx("Classification failure");
364: quickexit(1);
365: }
366: shell = strrchr(script, '/') + 1;
367: auth_setstate(as, AUTH_OKAY);
1.47 deraadt 368: auth_call(as, script, shell,
1.49 millert 369: fflag ? "-f" : username, fflag ? username : 0, (char *)0);
1.36 millert 370: if (!(auth_getstate(as) & AUTH_ALLOW))
371: quickexit(1);
372: auth_setenv(as);
373: if ((p = getenv("AUTH_TYPE")) != NULL &&
374: strncmp(p, "auth-", 5) == 0)
375: type = p;
376: if ((p = getenv("REMOTE_NAME")) != NULL)
377: hostname = p;
378: /*
379: * we may have changed some values, reset them
380: */
381: auth_clroptions(as);
382: if (type)
383: auth_setoption(as, "auth_type", type);
384: if (fqdn)
385: auth_setoption(as, "fqdn", fqdn);
386: if (hostname)
387: auth_setoption(as, "hostname", hostname);
388: if (lipaddr)
389: auth_setoption(as, "local_addr", lipaddr);
390: if (ripaddr)
391: auth_setoption(as, "remote_addr", ripaddr);
392: }
393:
394: /*
395: * Request the things like the approval script print things
396: * to stdout (in particular, the nologins files)
397: */
398: auth_setitem(as, AUTHV_INTERACTIVE, "True");
399:
1.1 deraadt 400: for (cnt = 0;; ask = 1) {
1.36 millert 401: /*
402: * Clean up our current authentication session.
403: * Options are not cleared so we need to clear any
404: * we might set below.
405: */
406: auth_clean(as);
407: auth_clroption(as, "style");
408: auth_clroption(as, "lastchance");
409:
410: lastchance = 0;
411:
1.1 deraadt 412: if (ask) {
413: fflag = 0;
414: getloginname();
415: }
1.36 millert 416: if (needto) {
417: needto = 0;
418: alarm(timeout);
419: }
1.47 deraadt 420: if ((style = strchr(username, ':')) != NULL)
1.36 millert 421: *style++ = '\0';
422: if (fullname)
423: free(fullname);
424: if (auth_setitem(as, AUTHV_NAME, username) < 0 ||
425: (fullname = strdup(username)) == NULL) {
426: syslog(LOG_ERR, "%m");
427: warn(NULL);
428: quickexit(1);
429: }
1.1 deraadt 430: rootlogin = 0;
1.55 millert 431: if ((instance = strchr(username, '/')) != NULL) {
1.40 millert 432: if (strncmp(instance + 1, "root", 4) == 0)
1.1 deraadt 433: rootlogin = 1;
434: *instance++ = '\0';
435: } else
436: instance = "";
1.36 millert 437:
1.1 deraadt 438: if (strlen(username) > UT_NAMESIZE)
439: username[UT_NAMESIZE] = '\0';
440:
441: /*
442: * Note if trying multiple user names; log failures for
443: * previous user name, but don't bother logging one failure
444: * for nonexistent name (mistyped username).
445: */
446: if (failures && strcmp(tbuf, username)) {
447: if (failures > (pwd ? 0 : 1))
448: badlogin(tbuf);
449: failures = 0;
450: }
1.36 millert 451: (void)strlcpy(tbuf, username, sizeof(tbuf));
1.1 deraadt 452:
1.36 millert 453: if ((pwd = getpwnam(username)) != NULL &&
454: auth_setpwd(as, pwd) < 0) {
455: syslog(LOG_ERR, "%m");
456: warn(NULL);
457: quickexit(1);
458: }
1.1 deraadt 459:
1.36 millert 460: lc = login_getclass(pwd ? pwd->pw_class : NULL);
461: if (!lc)
462: goto failed;
1.1 deraadt 463:
1.36 millert 464: style = login_getstyle(lc, style, type);
465: if (!style)
466: goto failed;
1.1 deraadt 467:
1.36 millert 468: /*
1.37 millert 469: * We allow "login-tries" attempts to login but start
470: * slowing down after "login-backoff" attempts.
471: */
472: tries = (int)login_getcapnum(lc, "login-tries", 10, 10);
473: backoff = (int)login_getcapnum(lc, "login-backoff", 3, 3);
474:
475: /*
1.60 ! tobias 476: * Turn off the fflag if we have an invalid user
1.36 millert 477: * or we are not root and we are trying to change uids.
478: */
479: if (!pwd || (uid && uid != pwd->pw_uid))
480: fflag = 0;
1.1 deraadt 481:
1.36 millert 482: if (pwd && pwd->pw_uid == 0)
483: rootlogin = 1;
1.25 millert 484:
1.36 millert 485: /*
486: * If we do not have the force flag authenticate the user
487: */
1.44 millert 488: if (!fflag) {
1.36 millert 489: lastchance =
490: login_getcaptime(lc, "password-dead", 0, 0) != 0;
491: if (lastchance)
492: auth_setoption(as, "lastchance", "yes");
493: /*
494: * Once we start asking for a password
495: * we want to log a failure on a hup.
496: */
497: signal(SIGHUP, sighup);
498: auth_verify(as, style, NULL, lc->lc_class, NULL);
499: authok = auth_getstate(as);
500: /*
501: * If their password expired and it has not been
502: * too long since then, give the user one last
503: * chance to change their password
504: */
505: if ((authok & AUTH_PWEXPIRED) && lastchance) {
506: authok = AUTH_OKAY;
507: } else
508: lastchance = 0;
509: if ((authok & AUTH_ALLOW) == 0)
510: goto failed;
511: if (auth_setoption(as, "style", style) < 0) {
512: syslog(LOG_ERR, "%m");
513: warn(NULL);
514: quickexit(1);
1.25 millert 515: }
1.1 deraadt 516: }
1.36 millert 517: /*
518: * explicitly reject users without password file entries
519: */
1.47 deraadt 520: if (pwd == NULL)
1.36 millert 521: goto failed;
1.1 deraadt 522:
523: /*
1.36 millert 524: * If trying to log in as root on an insecure terminal,
525: * refuse the login attempt unless the authentication
526: * style explicitly says a root login is okay.
1.1 deraadt 527: */
1.44 millert 528: if (pwd && rootlogin && !rootterm(tty))
1.36 millert 529: goto failed;
1.29 millert 530:
1.36 millert 531: if (fflag) {
532: type = 0;
533: style = "forced";
534: }
535: break;
536:
537: failed:
538: if (authok & AUTH_SILENT)
539: quickexit(0);
1.29 millert 540: if (rootlogin && !rootterm(tty)) {
1.36 millert 541: warnx("%s login refused on this terminal.",
542: fullname);
1.1 deraadt 543: if (hostname)
544: syslog(LOG_NOTICE,
1.14 millert 545: "LOGIN %s REFUSED FROM %s%s%s ON TTY %s",
1.36 millert 546: fullname, rusername ? rusername : "",
1.14 millert 547: rusername ? "@" : "", hostname, tty);
1.1 deraadt 548: else
549: syslog(LOG_NOTICE,
550: "LOGIN %s REFUSED ON TTY %s",
1.47 deraadt 551: fullname, tty);
1.36 millert 552: } else {
553: if (!as || (p = auth_getvalue(as, "errormsg")) == NULL)
554: p = "Login incorrect";
555: (void)printf("%s\n", p);
556: }
1.1 deraadt 557: failures++;
1.13 millert 558: if (pwd)
1.14 millert 559: log_failedlogin(pwd->pw_uid, hostname, rusername, tty);
1.37 millert 560: /*
561: * By default, we allow 10 tries, but after 3 we start
562: * backing off to slow down password guessers.
563: */
564: if (++cnt > backoff) {
565: if (cnt >= tries) {
1.1 deraadt 566: badlogin(username);
567: sleepexit(1);
568: }
1.37 millert 569: sleep((u_int)((cnt - backoff) * tries / 2));
1.1 deraadt 570: }
571: }
572:
573: /* committed to login -- turn off timeout */
1.36 millert 574: (void)alarm(0);
1.1 deraadt 575:
576: endpwent();
577:
1.30 millert 578: shell = login_getcapstr(lc, "shell", pwd->pw_shell, pwd->pw_shell);
579: if (*shell == '\0')
580: shell = _PATH_BSHELL;
581: else if (strlen(shell) >= MAXPATHLEN) {
582: syslog(LOG_ERR, "shell path too long: %s", shell);
583: warnx("invalid shell");
1.36 millert 584: quickexit(1);
1.24 art 585: }
1.1 deraadt 586:
587: /* Destroy environment unless user has requested its preservation. */
1.24 art 588: if (!pflag) {
1.22 deraadt 589: if ((environ = calloc(1, sizeof (char *))) == NULL)
590: err(1, "calloc");
1.24 art 591: } else {
1.9 millert 592: char **cpp, **cpp2;
593:
594: for (cpp2 = cpp = environ; *cpp; cpp++) {
595: if (strncmp(*cpp, "LD_", 3) &&
1.29 millert 596: strncmp(*cpp, "ENV=", 4) &&
597: strncmp(*cpp, "BASH_ENV=", 9) &&
1.9 millert 598: strncmp(*cpp, "IFS=", 4))
599: *cpp2++ = *cpp;
600: }
601: *cpp2 = 0;
602: }
1.30 millert 603: /* Note: setusercontext(3) will set PATH */
1.34 deraadt 604: if (setenv("HOME", pwd->pw_dir, 1) == -1 ||
1.58 martynas 605: setenv("SHELL", pwd->pw_shell, 1) == -1) {
1.34 deraadt 606: warn("unable to setenv()");
1.36 millert 607: quickexit(1);
1.34 deraadt 608: }
1.1 deraadt 609: if (term[0] == '\0')
1.29 millert 610: (void)strlcpy(term, stypeof(tty), sizeof(term));
1.59 martynas 611: (void)snprintf(mail, sizeof(mail), "%s/%s", _PATH_MAILDIR,
612: pwd->pw_name);
1.34 deraadt 613: if (setenv("TERM", term, 0) == -1 ||
614: setenv("LOGNAME", pwd->pw_name, 1) == -1 ||
1.59 martynas 615: setenv("USER", pwd->pw_name, 1) == -1 ||
616: setenv("MAIL", mail, 1) == -1) {
1.34 deraadt 617: warn("unable to setenv()");
1.36 millert 618: quickexit(1);
1.34 deraadt 619: }
620: if (hostname) {
621: if (setenv("REMOTEHOST", hostname, 1) == -1) {
622: warn("unable to setenv()");
1.36 millert 623: quickexit(1);
1.34 deraadt 624: }
625: }
626: if (rusername) {
627: if (setenv("REMOTEUSER", rusername, 1) == -1) {
628: warn("unable to setenv()");
1.36 millert 629: quickexit(1);
1.34 deraadt 630: }
631: }
1.36 millert 632:
633: if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETPATH)) {
634: warn("unable to set user context");
635: quickexit(1);
636: }
637: auth_setenv(as);
638:
639: /* if user not super-user, check for disabled logins */
640: if (!rootlogin)
641: auth_checknologin(lc);
642:
643: setegid(pwd->pw_gid);
644: seteuid(pwd->pw_uid);
645:
646: homeless = chdir(pwd->pw_dir);
647: if (homeless) {
648: if (login_getcapbool(lc, "requirehome", 0)) {
649: (void)printf("No home directory %s!\n", pwd->pw_dir);
650: quickexit(1);
1.34 deraadt 651: }
1.36 millert 652: if (chdir("/"))
653: quickexit(0);
1.34 deraadt 654: }
1.36 millert 655:
656: quietlog = ((strcmp(pwd->pw_shell, "/sbin/nologin") == 0) ||
657: login_getcapbool(lc, "hushlogin", 0) ||
658: (access(_PATH_HUSHLOGIN, F_OK) == 0));
659:
660: seteuid(0);
661: setegid(0); /* XXX use a saved gid instead? */
662:
663: if ((p = auth_getvalue(as, "warnmsg")) != NULL)
664: (void)printf("WARNING: %s\n\n", p);
665:
666: expire = auth_check_expire(as);
667: if (expire < 0) {
668: (void)printf("Sorry -- your account has expired.\n");
669: quickexit(1);
670: } else if (expire > 0 && !quietlog) {
671: warning = login_getcaptime(lc, "expire-warn",
672: 2 * DAYSPERWEEK * SECSPERDAY, 2 * DAYSPERWEEK * SECSPERDAY);
673: if (expire < warning)
1.47 deraadt 674: (void)printf("Warning: your account expires on %s",
1.36 millert 675: ctime(&pwd->pw_expire));
1.34 deraadt 676: }
1.36 millert 677:
678: /* Nothing else left to fail -- really log in. */
679: (void)signal(SIGHUP, SIG_DFL);
680: memset(&utmp, 0, sizeof(utmp));
681: (void)time(&utmp.ut_time);
682: (void)strncpy(utmp.ut_name, username, sizeof(utmp.ut_name));
683: if (hostname)
684: (void)strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
685: (void)strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
686: login(&utmp);
687:
688: if (!quietlog)
689: (void)check_failedlogin(pwd->pw_uid);
690: dolastlog(quietlog);
691:
692: login_fbtab(tty, pwd->pw_uid, pwd->pw_gid);
693:
694: (void)chown(ttyn, pwd->pw_uid,
695: (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid);
696:
1.1 deraadt 697: /* If fflag is on, assume caller/authenticator has logged root login. */
1.24 art 698: if (rootlogin && fflag == 0) {
1.1 deraadt 699: if (hostname)
1.14 millert 700: syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s FROM %s%s%s",
701: username, tty, rusername ? rusername : "",
702: rusername ? "@" : "", hostname);
1.1 deraadt 703: else
704: syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s", username, tty);
1.24 art 705: }
1.1 deraadt 706:
707: if (!quietlog) {
1.36 millert 708: if ((copyright =
709: login_getcapstr(lc, "copyright", NULL, NULL)) != NULL)
710: auth_cat(copyright);
1.1 deraadt 711: motd();
1.59 martynas 712: if (stat(mail, &st) == 0 && st.st_size != 0)
1.1 deraadt 713: (void)printf("You have %smail.\n",
714: (st.st_mtime > st.st_atime) ? "new " : "");
715: }
716:
717: (void)signal(SIGALRM, SIG_DFL);
718: (void)signal(SIGQUIT, SIG_DFL);
1.36 millert 719: (void)signal(SIGHUP, SIG_DFL);
1.1 deraadt 720: (void)signal(SIGINT, SIG_DFL);
721: (void)signal(SIGTSTP, SIG_IGN);
722:
723: tbuf[0] = '-';
1.30 millert 724: (void)strlcpy(tbuf + 1, (p = strrchr(shell, '/')) ?
1.36 millert 725: p + 1 : shell, sizeof(tbuf) - 1);
726:
727: if ((scds.rlim_cur != QUAD_MIN || scds.rlim_max != QUAD_MIN) &&
728: setrlimit(RLIMIT_CORE, &scds) < 0)
729: syslog(LOG_ERR, "couldn't reset core dump size: %m");
730:
731: if (lastchance)
1.47 deraadt 732: (void)printf("WARNING: Your password has expired."
733: " You must change your password, now!\n");
1.1 deraadt 734:
1.38 millert 735: if (setusercontext(lc, pwd, rootlogin ? 0 : pwd->pw_uid,
1.36 millert 736: LOGIN_SETALL & ~LOGIN_SETPATH) < 0) {
1.30 millert 737: warn("unable to set user context");
1.36 millert 738: quickexit(1);
739: }
740:
741: if (homeless) {
742: (void)printf("No home directory %s!\n", pwd->pw_dir);
743: (void)printf("Logging in with home = \"/\".\n");
744: (void)setenv("HOME", "/", 1);
1.15 tholo 745: }
1.30 millert 746:
1.36 millert 747: if (auth_approval(as, lc, NULL, "login") == 0) {
748: if (auth_getstate(as) & AUTH_EXPIRED)
749: (void)printf("Sorry -- your account has expired.\n");
750: else
751: (void)printf("approval failure\n");
752: quickexit(1);
753: }
754:
755: /*
756: * The last thing we do is discard all of the open file descriptors.
757: * Last because the C library may have some open.
758: */
1.53 deraadt 759: closefrom(STDERR_FILENO + 1);
1.36 millert 760:
761: /*
762: * Close the authentication session, make sure it is marked
763: * as okay so no files are removed.
764: */
765: auth_setstate(as, AUTH_OKAY);
766: auth_close(as);
767:
1.42 deraadt 768: execlp(shell, tbuf, (char *)NULL);
1.30 millert 769: err(1, "%s", shell);
1.1 deraadt 770: }
771:
772: /*
1.36 millert 773: * Allow for a '.' and 16 characters for any instance as well as
1.60 ! tobias 774: * space for a ':' and 16 characters defining the authentication type.
1.1 deraadt 775: */
1.36 millert 776: #define NBUFSIZ (UT_NAMESIZE + 1 + 16 + 1 + 16)
1.1 deraadt 777:
778: void
1.47 deraadt 779: getloginname(void)
1.1 deraadt 780: {
1.47 deraadt 781: static char nbuf[NBUFSIZ], *p;
1.1 deraadt 782: int ch;
783:
784: for (;;) {
785: (void)printf("login: ");
786: for (p = nbuf; (ch = getchar()) != '\n'; ) {
787: if (ch == EOF) {
788: badlogin(username);
1.36 millert 789: quickexit(0);
1.1 deraadt 790: }
791: if (p < nbuf + (NBUFSIZ - 1))
792: *p++ = ch;
793: }
1.24 art 794: if (p > nbuf) {
1.1 deraadt 795: if (nbuf[0] == '-')
796: (void)fprintf(stderr,
797: "login names may not start with '-'.\n");
798: else {
799: *p = '\0';
800: username = nbuf;
801: break;
802: }
1.24 art 803: }
1.1 deraadt 804: }
805: }
806:
807: int
1.47 deraadt 808: rootterm(char *ttyn)
1.1 deraadt 809: {
810: struct ttyent *t;
811:
1.36 millert 812: /* XXX - stash output of getttynam() elsewhere */
1.1 deraadt 813: return ((t = getttynam(ttyn)) && t->ty_status & TTY_SECURE);
814: }
815:
816: void
1.47 deraadt 817: motd(void)
1.1 deraadt 818: {
1.47 deraadt 819: char tbuf[8192], *motd;
1.1 deraadt 820: int fd, nchars;
1.48 millert 821: struct sigaction sa, osa;
1.30 millert 822:
823: motd = login_getcapstr(lc, "welcome", _PATH_MOTDFILE, _PATH_MOTDFILE);
1.1 deraadt 824:
1.30 millert 825: if ((fd = open(motd, O_RDONLY, 0)) < 0)
1.1 deraadt 826: return;
1.48 millert 827:
828: memset(&sa, 0, sizeof(sa));
829: sa.sa_handler = sigint;
830: sigemptyset(&sa.sa_mask);
831: sa.sa_flags = 0; /* don't set SA_RESTART */
832: (void)sigaction(SIGINT, &sa, &osa);
833:
834: /* read and spew motd until EOF, error, or SIGINT */
835: while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0 &&
836: write(STDOUT_FILENO, tbuf, nchars) == nchars)
837: ;
838:
839: (void)sigaction(SIGINT, &osa, NULL);
1.1 deraadt 840: (void)close(fd);
841: }
842:
843: /* ARGSUSED */
844: void
1.47 deraadt 845: sigint(int signo)
1.1 deraadt 846: {
1.52 otto 847: return; /* just interrupt syscall */
1.1 deraadt 848: }
849:
850: /* ARGSUSED */
851: void
1.47 deraadt 852: timedout(int signo)
1.1 deraadt 853: {
1.47 deraadt 854: char warn[1024];
855:
856: snprintf(warn, sizeof warn,
857: "Login timed out after %d seconds\n", timeout);
858: write(STDERR_FILENO, warn, strlen(warn));
1.37 millert 859: if (username)
860: badlogin(username);
1.47 deraadt 861: _exit(0);
1.1 deraadt 862: }
863:
864: void
1.47 deraadt 865: dolastlog(int quiet)
1.1 deraadt 866: {
867: struct lastlog ll;
868: int fd;
869:
870: if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) {
1.26 millert 871: (void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET);
1.1 deraadt 872: if (!quiet) {
873: if (read(fd, (char *)&ll, sizeof(ll)) == sizeof(ll) &&
874: ll.ll_time != 0) {
875: (void)printf("Last login: %.*s ",
876: 24-5, (char *)ctime(&ll.ll_time));
1.14 millert 877: (void)printf("on %.*s",
878: (int)sizeof(ll.ll_line),
879: ll.ll_line);
1.1 deraadt 880: if (*ll.ll_host != '\0')
1.14 millert 881: (void)printf(" from %.*s",
1.1 deraadt 882: (int)sizeof(ll.ll_host),
883: ll.ll_host);
1.14 millert 884: (void)putchar('\n');
1.1 deraadt 885: }
1.26 millert 886: (void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll),
887: SEEK_SET);
1.1 deraadt 888: }
889: memset((void *)&ll, 0, sizeof(ll));
890: (void)time(&ll.ll_time);
891: (void)strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
892: if (hostname)
893: (void)strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));
894: (void)write(fd, (char *)&ll, sizeof(ll));
895: (void)close(fd);
896: }
897: }
898:
899: void
1.47 deraadt 900: badlogin(char *name)
1.1 deraadt 901: {
1.47 deraadt 902: struct syslog_data sdata = SYSLOG_DATA_INIT;
903:
1.1 deraadt 904: if (failures == 0)
905: return;
906: if (hostname) {
1.47 deraadt 907: syslog_r(LOG_NOTICE, &sdata,
908: "%d LOGIN FAILURE%s FROM %s%s%s",
1.14 millert 909: failures, failures > 1 ? "S" : "",
910: rusername ? rusername : "", rusername ? "@" : "", hostname);
1.47 deraadt 911: syslog_r(LOG_AUTHPRIV|LOG_NOTICE, &sdata,
1.14 millert 912: "%d LOGIN FAILURE%s FROM %s%s%s, %s",
913: failures, failures > 1 ? "S" : "",
914: rusername ? rusername : "", rusername ? "@" : "",
915: hostname, name);
1.1 deraadt 916: } else {
1.47 deraadt 917: syslog_r(LOG_NOTICE, &sdata,
918: "%d LOGIN FAILURE%s ON %s",
1.1 deraadt 919: failures, failures > 1 ? "S" : "", tty);
1.47 deraadt 920: syslog_r(LOG_AUTHPRIV|LOG_NOTICE, &sdata,
1.1 deraadt 921: "%d LOGIN FAILURE%s ON %s, %s",
922: failures, failures > 1 ? "S" : "", tty, name);
923: }
924: }
925:
926: #undef UNKNOWN
927: #define UNKNOWN "su"
928:
929: char *
1.47 deraadt 930: stypeof(char *ttyid)
1.1 deraadt 931: {
932: struct ttyent *t;
933:
1.30 millert 934: return (ttyid && (t = getttynam(ttyid)) ? t->ty_type :
935: login_getcapstr(lc, "term", UNKNOWN, UNKNOWN));
1.1 deraadt 936: }
937:
938: void
1.47 deraadt 939: sleepexit(int eval)
1.1 deraadt 940: {
1.36 millert 941: auth_close(as);
1.1 deraadt 942: (void)sleep(5);
943: exit(eval);
1.11 millert 944: }
945:
946: void
1.47 deraadt 947: quickexit(int eval)
1.36 millert 948: {
949: if (as)
950: auth_close(as);
951: exit(eval);
952: }
953:
954:
955: void
1.47 deraadt 956: sighup(int signum)
1.11 millert 957: {
958: if (username)
959: badlogin(username);
1.47 deraadt 960: _exit(0);
1.1 deraadt 961: }