Annotation of src/usr.bin/login/login.c, Revision 1.62
1.62 ! guenther 1: /* $OpenBSD: login.c,v 1.61 2009/10/27 23:59:40 deraadt Exp $ */
1.3 deraadt 2: /* $NetBSD: login.c,v 1.13 1996/05/15 23:50:16 jtc Exp $ */
1.1 deraadt 3:
4: /*-
5: * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
6: * The Regents of the University of California. All rights reserved.
7: *
8: * Redistribution and use in source and binary forms, with or without
9: * modification, are permitted provided that the following conditions
10: * are met:
11: * 1. Redistributions of source code must retain the above copyright
12: * notice, this list of conditions and the following disclaimer.
13: * 2. Redistributions in binary form must reproduce the above copyright
14: * notice, this list of conditions and the following disclaimer in the
15: * documentation and/or other materials provided with the distribution.
1.50 millert 16: * 3. Neither the name of the University nor the names of its contributors
1.1 deraadt 17: * may be used to endorse or promote products derived from this software
18: * without specific prior written permission.
19: *
20: * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23: * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30: * SUCH DAMAGE.
31: */
1.36 millert 32: /*-
33: * Copyright (c) 1995 Berkeley Software Design, Inc. All rights reserved.
34: *
35: * Redistribution and use in source and binary forms, with or without
36: * modification, are permitted provided that the following conditions
37: * are met:
38: * 1. Redistributions of source code must retain the above copyright
39: * notice, this list of conditions and the following disclaimer.
40: * 2. Redistributions in binary form must reproduce the above copyright
41: * notice, this list of conditions and the following disclaimer in the
42: * documentation and/or other materials provided with the distribution.
43: * 3. All advertising materials mentioning features or use of this software
44: * must display the following acknowledgement:
45: * This product includes software developed by Berkeley Software Design,
46: * Inc.
47: * 4. The name of Berkeley Software Design, Inc. may not be used to endorse
48: * or promote products derived from this software without specific prior
49: * written permission.
50: *
51: * THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND
52: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
53: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
54: * ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE
55: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
56: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
57: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
58: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
59: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
60: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
61: * SUCH DAMAGE.
62: *
63: * BSDI $From: login.c,v 2.28 1999/09/08 22:35:36 prb Exp $
64: */
1.1 deraadt 65:
66: /*
67: * login [ name ]
68: * login -h hostname (for telnetd, etc.)
69: * login -f name (for pre-authenticated login: datakit, xterm, etc.)
1.49 millert 70: * login -p (preserve existing environment; for getty)
1.1 deraadt 71: */
72:
73: #include <sys/param.h>
1.36 millert 74: #include <sys/socket.h>
1.1 deraadt 75: #include <sys/stat.h>
76: #include <sys/time.h>
77: #include <sys/resource.h>
1.11 millert 78: #include <sys/wait.h>
1.1 deraadt 79:
80: #include <err.h>
81: #include <errno.h>
1.27 millert 82: #include <fcntl.h>
1.1 deraadt 83: #include <grp.h>
1.30 millert 84: #include <login_cap.h>
1.36 millert 85: #include <netdb.h>
1.1 deraadt 86: #include <pwd.h>
87: #include <signal.h>
1.36 millert 88: #include <stdarg.h>
1.1 deraadt 89: #include <stdio.h>
90: #include <stdlib.h>
91: #include <string.h>
92: #include <syslog.h>
93: #include <ttyent.h>
94: #include <tzfile.h>
95: #include <unistd.h>
96: #include <utmp.h>
1.3 deraadt 97: #include <util.h>
1.36 millert 98: #include <bsd_auth.h>
99:
1.1 deraadt 100: #include "pathnames.h"
101:
1.45 millert 102: void badlogin(char *);
103: void dolastlog(int);
104: void getloginname(void);
105: void motd(void);
106: void quickexit(int);
107: int rootterm(char *);
108: void sigint(int);
109: void sighup(int);
110: void sleepexit(int);
111: char *stypeof(char *);
112: void timedout(int);
113: int main(int, char **);
1.1 deraadt 114:
1.45 millert 115: extern int check_failedlogin(uid_t);
116: extern void log_failedlogin(uid_t, char *, char *, char *);
1.1 deraadt 117:
118: #define TTYGRPNAME "tty" /* name of group to own ttys */
119:
120: /*
1.37 millert 121: * This bounds the time given to login; may be overridden by /etc/login.conf.
1.1 deraadt 122: */
1.30 millert 123: u_int timeout = 300;
1.1 deraadt 124:
1.36 millert 125: struct passwd *pwd;
1.30 millert 126: login_cap_t *lc = NULL;
1.36 millert 127: auth_session_t *as = NULL;
1.30 millert 128: int failures;
1.36 millert 129: int needbanner = 1;
1.30 millert 130: char term[64], *hostname, *tty;
1.36 millert 131: char *style;
1.30 millert 132: char *username = NULL, *rusername = NULL;
1.1 deraadt 133:
1.47 deraadt 134: extern char **environ;
135:
1.1 deraadt 136: int
1.47 deraadt 137: main(int argc, char *argv[])
1.1 deraadt 138: {
1.47 deraadt 139: char *domain, *p, *ttyn, *shell, *fullname, *instance;
140: char *lipaddr, *script, *ripaddr, *style, *type, *fqdn;
141: char tbuf[MAXPATHLEN + 2], tname[sizeof(_PATH_TTY) + 10];
142: char localhost[MAXHOSTNAMELEN], *copyright;
1.59 martynas 143: char mail[sizeof(_PATH_MAILDIR) + 1 + NAME_MAX];
1.47 deraadt 144: int ask, ch, cnt, fflag, pflag, quietlog, rootlogin, lastchance;
145: int error, homeless, needto, authok, tries, backoff;
1.36 millert 146: struct addrinfo *ai, hints;
1.47 deraadt 147: struct rlimit cds, scds;
148: quad_t expire, warning;
149: struct utmp utmp;
1.1 deraadt 150: struct group *gr;
151: struct stat st;
152: uid_t uid;
153:
154: openlog("login", LOG_ODELAY, LOG_AUTH);
155:
1.37 millert 156: fqdn = lipaddr = ripaddr = fullname = type = NULL;
157: authok = 0;
158: tries = 10;
159: backoff = 3;
1.36 millert 160:
1.1 deraadt 161: domain = NULL;
1.49 millert 162: if (gethostname(localhost, sizeof(localhost)) < 0) {
1.1 deraadt 163: syslog(LOG_ERR, "couldn't get local hostname: %m");
1.49 millert 164: strlcpy(localhost, "localhost", sizeof(localhost));
165: } else if ((domain = strchr(localhost, '.'))) {
1.21 deraadt 166: domain++;
167: if (*domain && strchr(domain, '.') == NULL)
168: domain = localhost;
169: }
1.1 deraadt 170:
1.36 millert 171: if ((as = auth_open()) == NULL) {
1.39 millert 172: syslog(LOG_ERR, "auth_open: %m");
173: err(1, "unable to initialize BSD authentication");
1.36 millert 174: }
1.39 millert 175: auth_setoption(as, "login", "yes");
1.36 millert 176:
1.49 millert 177: /*
178: * -p is used by getty to tell login not to destroy the environment
179: * -f is used to skip a second login authentication
180: * -h is used by other servers to pass the name of the remote
181: * host to login so that it may be placed in utmp and wtmp
182: */
1.36 millert 183: fflag = pflag = 0;
1.1 deraadt 184: uid = getuid();
1.36 millert 185: while ((ch = getopt(argc, argv, "fh:pu:L:R:")) != -1)
1.1 deraadt 186: switch (ch) {
187: case 'f':
188: fflag = 1;
189: break;
190: case 'h':
1.36 millert 191: if (uid) {
1.62 ! guenther 192: warnc(EPERM, "-h option");
1.36 millert 193: quickexit(1);
194: }
1.60 tobias 195: free(fqdn);
1.36 millert 196: if ((fqdn = strdup(optarg)) == NULL) {
197: warn(NULL);
198: quickexit(1);
199: }
200: auth_setoption(as, "fqdn", fqdn);
1.1 deraadt 201: if (domain && (p = strchr(optarg, '.')) &&
1.21 deraadt 202: strcasecmp(p+1, domain) == 0)
1.1 deraadt 203: *p = 0;
204: hostname = optarg;
1.36 millert 205: auth_setoption(as, "hostname", hostname);
206: break;
207: case 'L':
208: if (uid) {
1.62 ! guenther 209: warnc(EPERM, "-L option");
1.36 millert 210: quickexit(1);
211: }
212: if (lipaddr) {
213: warnx("duplicate -L option");
214: quickexit(1);
215: }
216: lipaddr = optarg;
217: memset(&hints, 0, sizeof(hints));
218: hints.ai_family = PF_UNSPEC;
219: hints.ai_flags = AI_CANONNAME;
220: error = getaddrinfo(lipaddr, NULL, &hints, &ai);
221: if (!error) {
222: strlcpy(localhost, ai->ai_canonname,
223: sizeof(localhost));
224: freeaddrinfo(ai);
225: } else
226: strlcpy(localhost, lipaddr, sizeof(localhost));
227: auth_setoption(as, "local_addr", lipaddr);
1.1 deraadt 228: break;
229: case 'p':
230: pflag = 1;
231: break;
1.36 millert 232: case 'R':
233: if (uid) {
1.62 ! guenther 234: warnc(EPERM, "-R option");
1.36 millert 235: quickexit(1);
236: }
237: if (ripaddr) {
238: warnx("duplicate -R option");
239: quickexit(1);
240: }
241: ripaddr = optarg;
242: auth_setoption(as, "remote_addr", ripaddr);
243: break;
1.14 millert 244: case 'u':
1.36 millert 245: if (uid) {
1.62 ! guenther 246: warnc(EPERM, "-u option");
1.36 millert 247: quickexit(1);
248: }
1.14 millert 249: rusername = optarg;
250: break;
1.1 deraadt 251: default:
252: if (!uid)
253: syslog(LOG_ERR, "invalid flag %c", ch);
254: (void)fprintf(stderr,
1.57 jmc 255: "usage: login [-fp] [-h hostname] [-L local-addr] "
256: "[-R remote-addr] [-u username]\n\t[user]\n");
1.36 millert 257: quickexit(1);
1.1 deraadt 258: }
259: argc -= optind;
260: argv += optind;
261:
262: if (*argv) {
263: username = *argv;
264: ask = 0;
265: } else
266: ask = 1;
267:
1.49 millert 268: /*
269: * If effective user is not root, just run su(1) to emulate login(1).
270: */
271: if (geteuid() != 0) {
272: char *av[5], **ap;
273:
274: auth_close(as);
275: closelog();
1.54 millert 276: closefrom(STDERR_FILENO + 1);
1.49 millert 277:
278: ap = av;
279: *ap++ = _PATH_SU;
280: *ap++ = "-L";
281: if (!pflag)
282: *ap++ = "-l";
283: if (!ask)
284: *ap++ = username;
285: *ap = NULL;
286: execv(_PATH_SU, av);
287: warn("unable to exec %s", _PATH_SU);
288: _exit(1);
289: }
290:
1.1 deraadt 291: ttyn = ttyname(STDIN_FILENO);
292: if (ttyn == NULL || *ttyn == '\0') {
293: (void)snprintf(tname, sizeof(tname), "%s??", _PATH_TTY);
294: ttyn = tname;
295: }
1.12 millert 296: if ((tty = strrchr(ttyn, '/')))
1.1 deraadt 297: ++tty;
298: else
299: tty = ttyn;
300:
1.49 millert 301: /*
302: * Since login deals with sensitive information, turn off coredumps.
303: */
304: if (getrlimit(RLIMIT_CORE, &scds) < 0) {
305: syslog(LOG_ERR, "couldn't get core dump size: %m");
306: scds.rlim_cur = scds.rlim_max = QUAD_MIN;
307: }
308: cds.rlim_cur = cds.rlim_max = 0;
309: if (setrlimit(RLIMIT_CORE, &cds) < 0) {
310: syslog(LOG_ERR, "couldn't set core dump size to 0: %m");
311: scds.rlim_cur = scds.rlim_max = QUAD_MIN;
312: }
313:
314: (void)signal(SIGALRM, timedout);
315: if (argc > 1) {
316: needto = 0;
317: (void)alarm(timeout);
318: } else
319: needto = 1;
320: (void)signal(SIGQUIT, SIG_IGN);
321: (void)signal(SIGINT, SIG_IGN);
322: (void)signal(SIGHUP, SIG_IGN);
323: (void)setpriority(PRIO_PROCESS, 0, 0);
324:
1.36 millert 325: #ifdef notyet
326: /* XXX - we don't (yet) support per-tty auth stuff */
327: /* BSDi uses a ttys.conf file but we could just overload /etc/ttys */
328: /*
329: * Classify the attempt.
330: * By default we use the value in the ttys file.
331: * If there is a classify script we run that as
332: *
333: * classify [-f] [username]
334: */
335: if (type = getttyauth(tty))
336: auth_setoption(as, "auth_type", type);
337: #endif
338:
339: /* get the default login class */
1.47 deraadt 340: if ((lc = login_getclass(0)) == NULL) { /* get the default class */
1.36 millert 341: warnx("Failure to retrieve default class");
342: quickexit(1);
343: }
1.37 millert 344: timeout = (u_int)login_getcapnum(lc, "login-timeout", 300, 300);
1.36 millert 345: if ((script = login_getcapstr(lc, "classify", NULL, NULL)) != NULL) {
346: unsetenv("AUTH_TYPE");
347: unsetenv("REMOTE_NAME");
348: if (script[0] != '/') {
349: syslog(LOG_ERR, "Invalid classify script: %s", script);
350: warnx("Classification failure");
351: quickexit(1);
352: }
353: shell = strrchr(script, '/') + 1;
354: auth_setstate(as, AUTH_OKAY);
1.47 deraadt 355: auth_call(as, script, shell,
1.49 millert 356: fflag ? "-f" : username, fflag ? username : 0, (char *)0);
1.36 millert 357: if (!(auth_getstate(as) & AUTH_ALLOW))
358: quickexit(1);
359: auth_setenv(as);
360: if ((p = getenv("AUTH_TYPE")) != NULL &&
361: strncmp(p, "auth-", 5) == 0)
362: type = p;
363: if ((p = getenv("REMOTE_NAME")) != NULL)
364: hostname = p;
365: /*
366: * we may have changed some values, reset them
367: */
368: auth_clroptions(as);
369: if (type)
370: auth_setoption(as, "auth_type", type);
371: if (fqdn)
372: auth_setoption(as, "fqdn", fqdn);
373: if (hostname)
374: auth_setoption(as, "hostname", hostname);
375: if (lipaddr)
376: auth_setoption(as, "local_addr", lipaddr);
377: if (ripaddr)
378: auth_setoption(as, "remote_addr", ripaddr);
379: }
380:
381: /*
382: * Request the things like the approval script print things
383: * to stdout (in particular, the nologins files)
384: */
385: auth_setitem(as, AUTHV_INTERACTIVE, "True");
386:
1.1 deraadt 387: for (cnt = 0;; ask = 1) {
1.36 millert 388: /*
389: * Clean up our current authentication session.
390: * Options are not cleared so we need to clear any
391: * we might set below.
392: */
393: auth_clean(as);
394: auth_clroption(as, "style");
395: auth_clroption(as, "lastchance");
396:
397: lastchance = 0;
398:
1.1 deraadt 399: if (ask) {
400: fflag = 0;
401: getloginname();
402: }
1.36 millert 403: if (needto) {
404: needto = 0;
405: alarm(timeout);
406: }
1.47 deraadt 407: if ((style = strchr(username, ':')) != NULL)
1.36 millert 408: *style++ = '\0';
409: if (fullname)
410: free(fullname);
411: if (auth_setitem(as, AUTHV_NAME, username) < 0 ||
412: (fullname = strdup(username)) == NULL) {
413: syslog(LOG_ERR, "%m");
414: warn(NULL);
415: quickexit(1);
416: }
1.1 deraadt 417: rootlogin = 0;
1.55 millert 418: if ((instance = strchr(username, '/')) != NULL) {
1.40 millert 419: if (strncmp(instance + 1, "root", 4) == 0)
1.1 deraadt 420: rootlogin = 1;
421: *instance++ = '\0';
422: } else
423: instance = "";
1.36 millert 424:
1.1 deraadt 425: if (strlen(username) > UT_NAMESIZE)
426: username[UT_NAMESIZE] = '\0';
427:
428: /*
429: * Note if trying multiple user names; log failures for
430: * previous user name, but don't bother logging one failure
431: * for nonexistent name (mistyped username).
432: */
433: if (failures && strcmp(tbuf, username)) {
434: if (failures > (pwd ? 0 : 1))
435: badlogin(tbuf);
436: failures = 0;
437: }
1.36 millert 438: (void)strlcpy(tbuf, username, sizeof(tbuf));
1.1 deraadt 439:
1.36 millert 440: if ((pwd = getpwnam(username)) != NULL &&
441: auth_setpwd(as, pwd) < 0) {
442: syslog(LOG_ERR, "%m");
443: warn(NULL);
444: quickexit(1);
445: }
1.1 deraadt 446:
1.36 millert 447: lc = login_getclass(pwd ? pwd->pw_class : NULL);
448: if (!lc)
449: goto failed;
1.1 deraadt 450:
1.36 millert 451: style = login_getstyle(lc, style, type);
452: if (!style)
453: goto failed;
1.1 deraadt 454:
1.36 millert 455: /*
1.37 millert 456: * We allow "login-tries" attempts to login but start
457: * slowing down after "login-backoff" attempts.
458: */
459: tries = (int)login_getcapnum(lc, "login-tries", 10, 10);
460: backoff = (int)login_getcapnum(lc, "login-backoff", 3, 3);
461:
462: /*
1.60 tobias 463: * Turn off the fflag if we have an invalid user
1.36 millert 464: * or we are not root and we are trying to change uids.
465: */
466: if (!pwd || (uid && uid != pwd->pw_uid))
467: fflag = 0;
1.1 deraadt 468:
1.36 millert 469: if (pwd && pwd->pw_uid == 0)
470: rootlogin = 1;
1.25 millert 471:
1.36 millert 472: /*
473: * If we do not have the force flag authenticate the user
474: */
1.44 millert 475: if (!fflag) {
1.36 millert 476: lastchance =
477: login_getcaptime(lc, "password-dead", 0, 0) != 0;
478: if (lastchance)
479: auth_setoption(as, "lastchance", "yes");
480: /*
481: * Once we start asking for a password
482: * we want to log a failure on a hup.
483: */
484: signal(SIGHUP, sighup);
485: auth_verify(as, style, NULL, lc->lc_class, NULL);
486: authok = auth_getstate(as);
487: /*
488: * If their password expired and it has not been
489: * too long since then, give the user one last
490: * chance to change their password
491: */
492: if ((authok & AUTH_PWEXPIRED) && lastchance) {
493: authok = AUTH_OKAY;
494: } else
495: lastchance = 0;
496: if ((authok & AUTH_ALLOW) == 0)
497: goto failed;
498: if (auth_setoption(as, "style", style) < 0) {
499: syslog(LOG_ERR, "%m");
500: warn(NULL);
501: quickexit(1);
1.25 millert 502: }
1.1 deraadt 503: }
1.36 millert 504: /*
505: * explicitly reject users without password file entries
506: */
1.47 deraadt 507: if (pwd == NULL)
1.36 millert 508: goto failed;
1.1 deraadt 509:
510: /*
1.36 millert 511: * If trying to log in as root on an insecure terminal,
512: * refuse the login attempt unless the authentication
513: * style explicitly says a root login is okay.
1.1 deraadt 514: */
1.44 millert 515: if (pwd && rootlogin && !rootterm(tty))
1.36 millert 516: goto failed;
1.29 millert 517:
1.36 millert 518: if (fflag) {
519: type = 0;
520: style = "forced";
521: }
522: break;
523:
524: failed:
525: if (authok & AUTH_SILENT)
526: quickexit(0);
1.29 millert 527: if (rootlogin && !rootterm(tty)) {
1.36 millert 528: warnx("%s login refused on this terminal.",
529: fullname);
1.1 deraadt 530: if (hostname)
531: syslog(LOG_NOTICE,
1.14 millert 532: "LOGIN %s REFUSED FROM %s%s%s ON TTY %s",
1.36 millert 533: fullname, rusername ? rusername : "",
1.14 millert 534: rusername ? "@" : "", hostname, tty);
1.1 deraadt 535: else
536: syslog(LOG_NOTICE,
537: "LOGIN %s REFUSED ON TTY %s",
1.47 deraadt 538: fullname, tty);
1.36 millert 539: } else {
540: if (!as || (p = auth_getvalue(as, "errormsg")) == NULL)
541: p = "Login incorrect";
542: (void)printf("%s\n", p);
543: }
1.1 deraadt 544: failures++;
1.13 millert 545: if (pwd)
1.14 millert 546: log_failedlogin(pwd->pw_uid, hostname, rusername, tty);
1.37 millert 547: /*
548: * By default, we allow 10 tries, but after 3 we start
549: * backing off to slow down password guessers.
550: */
551: if (++cnt > backoff) {
552: if (cnt >= tries) {
1.1 deraadt 553: badlogin(username);
554: sleepexit(1);
555: }
1.37 millert 556: sleep((u_int)((cnt - backoff) * tries / 2));
1.1 deraadt 557: }
558: }
559:
560: /* committed to login -- turn off timeout */
1.36 millert 561: (void)alarm(0);
1.1 deraadt 562:
563: endpwent();
564:
1.30 millert 565: shell = login_getcapstr(lc, "shell", pwd->pw_shell, pwd->pw_shell);
566: if (*shell == '\0')
567: shell = _PATH_BSHELL;
568: else if (strlen(shell) >= MAXPATHLEN) {
569: syslog(LOG_ERR, "shell path too long: %s", shell);
570: warnx("invalid shell");
1.36 millert 571: quickexit(1);
1.24 art 572: }
1.1 deraadt 573:
574: /* Destroy environment unless user has requested its preservation. */
1.24 art 575: if (!pflag) {
1.22 deraadt 576: if ((environ = calloc(1, sizeof (char *))) == NULL)
577: err(1, "calloc");
1.24 art 578: } else {
1.9 millert 579: char **cpp, **cpp2;
580:
581: for (cpp2 = cpp = environ; *cpp; cpp++) {
582: if (strncmp(*cpp, "LD_", 3) &&
1.29 millert 583: strncmp(*cpp, "ENV=", 4) &&
584: strncmp(*cpp, "BASH_ENV=", 9) &&
1.9 millert 585: strncmp(*cpp, "IFS=", 4))
586: *cpp2++ = *cpp;
587: }
588: *cpp2 = 0;
589: }
1.30 millert 590: /* Note: setusercontext(3) will set PATH */
1.34 deraadt 591: if (setenv("HOME", pwd->pw_dir, 1) == -1 ||
1.58 martynas 592: setenv("SHELL", pwd->pw_shell, 1) == -1) {
1.34 deraadt 593: warn("unable to setenv()");
1.36 millert 594: quickexit(1);
1.34 deraadt 595: }
1.1 deraadt 596: if (term[0] == '\0')
1.29 millert 597: (void)strlcpy(term, stypeof(tty), sizeof(term));
1.59 martynas 598: (void)snprintf(mail, sizeof(mail), "%s/%s", _PATH_MAILDIR,
599: pwd->pw_name);
1.34 deraadt 600: if (setenv("TERM", term, 0) == -1 ||
601: setenv("LOGNAME", pwd->pw_name, 1) == -1 ||
1.59 martynas 602: setenv("USER", pwd->pw_name, 1) == -1 ||
603: setenv("MAIL", mail, 1) == -1) {
1.34 deraadt 604: warn("unable to setenv()");
1.36 millert 605: quickexit(1);
1.34 deraadt 606: }
607: if (hostname) {
608: if (setenv("REMOTEHOST", hostname, 1) == -1) {
609: warn("unable to setenv()");
1.36 millert 610: quickexit(1);
1.34 deraadt 611: }
612: }
613: if (rusername) {
614: if (setenv("REMOTEUSER", rusername, 1) == -1) {
615: warn("unable to setenv()");
1.36 millert 616: quickexit(1);
1.34 deraadt 617: }
618: }
1.36 millert 619:
620: if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETPATH)) {
621: warn("unable to set user context");
622: quickexit(1);
623: }
624: auth_setenv(as);
625:
626: /* if user not super-user, check for disabled logins */
627: if (!rootlogin)
628: auth_checknologin(lc);
629:
630: setegid(pwd->pw_gid);
631: seteuid(pwd->pw_uid);
632:
633: homeless = chdir(pwd->pw_dir);
634: if (homeless) {
635: if (login_getcapbool(lc, "requirehome", 0)) {
636: (void)printf("No home directory %s!\n", pwd->pw_dir);
637: quickexit(1);
1.34 deraadt 638: }
1.36 millert 639: if (chdir("/"))
640: quickexit(0);
1.34 deraadt 641: }
1.36 millert 642:
643: quietlog = ((strcmp(pwd->pw_shell, "/sbin/nologin") == 0) ||
644: login_getcapbool(lc, "hushlogin", 0) ||
645: (access(_PATH_HUSHLOGIN, F_OK) == 0));
646:
647: seteuid(0);
648: setegid(0); /* XXX use a saved gid instead? */
649:
650: if ((p = auth_getvalue(as, "warnmsg")) != NULL)
651: (void)printf("WARNING: %s\n\n", p);
652:
653: expire = auth_check_expire(as);
654: if (expire < 0) {
655: (void)printf("Sorry -- your account has expired.\n");
656: quickexit(1);
657: } else if (expire > 0 && !quietlog) {
658: warning = login_getcaptime(lc, "expire-warn",
659: 2 * DAYSPERWEEK * SECSPERDAY, 2 * DAYSPERWEEK * SECSPERDAY);
660: if (expire < warning)
1.47 deraadt 661: (void)printf("Warning: your account expires on %s",
1.36 millert 662: ctime(&pwd->pw_expire));
1.34 deraadt 663: }
1.36 millert 664:
665: /* Nothing else left to fail -- really log in. */
666: (void)signal(SIGHUP, SIG_DFL);
667: memset(&utmp, 0, sizeof(utmp));
668: (void)time(&utmp.ut_time);
669: (void)strncpy(utmp.ut_name, username, sizeof(utmp.ut_name));
670: if (hostname)
671: (void)strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
672: (void)strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
673: login(&utmp);
674:
675: if (!quietlog)
676: (void)check_failedlogin(pwd->pw_uid);
677: dolastlog(quietlog);
678:
679: login_fbtab(tty, pwd->pw_uid, pwd->pw_gid);
680:
681: (void)chown(ttyn, pwd->pw_uid,
682: (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid);
683:
1.1 deraadt 684: /* If fflag is on, assume caller/authenticator has logged root login. */
1.24 art 685: if (rootlogin && fflag == 0) {
1.1 deraadt 686: if (hostname)
1.14 millert 687: syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s FROM %s%s%s",
688: username, tty, rusername ? rusername : "",
689: rusername ? "@" : "", hostname);
1.1 deraadt 690: else
691: syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s", username, tty);
1.24 art 692: }
1.1 deraadt 693:
694: if (!quietlog) {
1.36 millert 695: if ((copyright =
696: login_getcapstr(lc, "copyright", NULL, NULL)) != NULL)
697: auth_cat(copyright);
1.1 deraadt 698: motd();
1.59 martynas 699: if (stat(mail, &st) == 0 && st.st_size != 0)
1.1 deraadt 700: (void)printf("You have %smail.\n",
701: (st.st_mtime > st.st_atime) ? "new " : "");
702: }
703:
704: (void)signal(SIGALRM, SIG_DFL);
705: (void)signal(SIGQUIT, SIG_DFL);
1.36 millert 706: (void)signal(SIGHUP, SIG_DFL);
1.1 deraadt 707: (void)signal(SIGINT, SIG_DFL);
708: (void)signal(SIGTSTP, SIG_IGN);
709:
710: tbuf[0] = '-';
1.30 millert 711: (void)strlcpy(tbuf + 1, (p = strrchr(shell, '/')) ?
1.36 millert 712: p + 1 : shell, sizeof(tbuf) - 1);
713:
714: if ((scds.rlim_cur != QUAD_MIN || scds.rlim_max != QUAD_MIN) &&
715: setrlimit(RLIMIT_CORE, &scds) < 0)
716: syslog(LOG_ERR, "couldn't reset core dump size: %m");
717:
718: if (lastchance)
1.47 deraadt 719: (void)printf("WARNING: Your password has expired."
720: " You must change your password, now!\n");
1.1 deraadt 721:
1.38 millert 722: if (setusercontext(lc, pwd, rootlogin ? 0 : pwd->pw_uid,
1.36 millert 723: LOGIN_SETALL & ~LOGIN_SETPATH) < 0) {
1.30 millert 724: warn("unable to set user context");
1.36 millert 725: quickexit(1);
726: }
727:
728: if (homeless) {
729: (void)printf("No home directory %s!\n", pwd->pw_dir);
730: (void)printf("Logging in with home = \"/\".\n");
731: (void)setenv("HOME", "/", 1);
1.15 tholo 732: }
1.30 millert 733:
1.36 millert 734: if (auth_approval(as, lc, NULL, "login") == 0) {
735: if (auth_getstate(as) & AUTH_EXPIRED)
736: (void)printf("Sorry -- your account has expired.\n");
737: else
738: (void)printf("approval failure\n");
739: quickexit(1);
740: }
741:
742: /*
743: * The last thing we do is discard all of the open file descriptors.
744: * Last because the C library may have some open.
745: */
1.53 deraadt 746: closefrom(STDERR_FILENO + 1);
1.36 millert 747:
748: /*
749: * Close the authentication session, make sure it is marked
750: * as okay so no files are removed.
751: */
752: auth_setstate(as, AUTH_OKAY);
753: auth_close(as);
754:
1.42 deraadt 755: execlp(shell, tbuf, (char *)NULL);
1.30 millert 756: err(1, "%s", shell);
1.1 deraadt 757: }
758:
759: /*
1.36 millert 760: * Allow for a '.' and 16 characters for any instance as well as
1.60 tobias 761: * space for a ':' and 16 characters defining the authentication type.
1.1 deraadt 762: */
1.36 millert 763: #define NBUFSIZ (UT_NAMESIZE + 1 + 16 + 1 + 16)
1.1 deraadt 764:
765: void
1.47 deraadt 766: getloginname(void)
1.1 deraadt 767: {
1.47 deraadt 768: static char nbuf[NBUFSIZ], *p;
1.1 deraadt 769: int ch;
770:
771: for (;;) {
772: (void)printf("login: ");
773: for (p = nbuf; (ch = getchar()) != '\n'; ) {
774: if (ch == EOF) {
775: badlogin(username);
1.36 millert 776: quickexit(0);
1.1 deraadt 777: }
778: if (p < nbuf + (NBUFSIZ - 1))
779: *p++ = ch;
780: }
1.24 art 781: if (p > nbuf) {
1.1 deraadt 782: if (nbuf[0] == '-')
783: (void)fprintf(stderr,
784: "login names may not start with '-'.\n");
785: else {
786: *p = '\0';
787: username = nbuf;
788: break;
789: }
1.24 art 790: }
1.1 deraadt 791: }
792: }
793:
794: int
1.47 deraadt 795: rootterm(char *ttyn)
1.1 deraadt 796: {
797: struct ttyent *t;
798:
1.36 millert 799: /* XXX - stash output of getttynam() elsewhere */
1.1 deraadt 800: return ((t = getttynam(ttyn)) && t->ty_status & TTY_SECURE);
801: }
802:
803: void
1.47 deraadt 804: motd(void)
1.1 deraadt 805: {
1.47 deraadt 806: char tbuf[8192], *motd;
1.1 deraadt 807: int fd, nchars;
1.48 millert 808: struct sigaction sa, osa;
1.30 millert 809:
810: motd = login_getcapstr(lc, "welcome", _PATH_MOTDFILE, _PATH_MOTDFILE);
1.1 deraadt 811:
1.30 millert 812: if ((fd = open(motd, O_RDONLY, 0)) < 0)
1.1 deraadt 813: return;
1.48 millert 814:
815: memset(&sa, 0, sizeof(sa));
816: sa.sa_handler = sigint;
817: sigemptyset(&sa.sa_mask);
818: sa.sa_flags = 0; /* don't set SA_RESTART */
819: (void)sigaction(SIGINT, &sa, &osa);
820:
821: /* read and spew motd until EOF, error, or SIGINT */
822: while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0 &&
823: write(STDOUT_FILENO, tbuf, nchars) == nchars)
824: ;
825:
826: (void)sigaction(SIGINT, &osa, NULL);
1.1 deraadt 827: (void)close(fd);
828: }
829:
830: /* ARGSUSED */
831: void
1.47 deraadt 832: sigint(int signo)
1.1 deraadt 833: {
1.52 otto 834: return; /* just interrupt syscall */
1.1 deraadt 835: }
836:
837: /* ARGSUSED */
838: void
1.47 deraadt 839: timedout(int signo)
1.1 deraadt 840: {
1.47 deraadt 841: char warn[1024];
842:
843: snprintf(warn, sizeof warn,
844: "Login timed out after %d seconds\n", timeout);
845: write(STDERR_FILENO, warn, strlen(warn));
1.37 millert 846: if (username)
847: badlogin(username);
1.47 deraadt 848: _exit(0);
1.1 deraadt 849: }
850:
851: void
1.47 deraadt 852: dolastlog(int quiet)
1.1 deraadt 853: {
854: struct lastlog ll;
855: int fd;
856:
857: if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) {
1.26 millert 858: (void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET);
1.1 deraadt 859: if (!quiet) {
860: if (read(fd, (char *)&ll, sizeof(ll)) == sizeof(ll) &&
861: ll.ll_time != 0) {
862: (void)printf("Last login: %.*s ",
863: 24-5, (char *)ctime(&ll.ll_time));
1.14 millert 864: (void)printf("on %.*s",
865: (int)sizeof(ll.ll_line),
866: ll.ll_line);
1.1 deraadt 867: if (*ll.ll_host != '\0')
1.14 millert 868: (void)printf(" from %.*s",
1.1 deraadt 869: (int)sizeof(ll.ll_host),
870: ll.ll_host);
1.14 millert 871: (void)putchar('\n');
1.1 deraadt 872: }
1.26 millert 873: (void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll),
874: SEEK_SET);
1.1 deraadt 875: }
876: memset((void *)&ll, 0, sizeof(ll));
877: (void)time(&ll.ll_time);
878: (void)strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
879: if (hostname)
880: (void)strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));
881: (void)write(fd, (char *)&ll, sizeof(ll));
882: (void)close(fd);
883: }
884: }
885:
886: void
1.47 deraadt 887: badlogin(char *name)
1.1 deraadt 888: {
1.47 deraadt 889: struct syslog_data sdata = SYSLOG_DATA_INIT;
890:
1.1 deraadt 891: if (failures == 0)
892: return;
893: if (hostname) {
1.47 deraadt 894: syslog_r(LOG_NOTICE, &sdata,
895: "%d LOGIN FAILURE%s FROM %s%s%s",
1.14 millert 896: failures, failures > 1 ? "S" : "",
897: rusername ? rusername : "", rusername ? "@" : "", hostname);
1.47 deraadt 898: syslog_r(LOG_AUTHPRIV|LOG_NOTICE, &sdata,
1.14 millert 899: "%d LOGIN FAILURE%s FROM %s%s%s, %s",
900: failures, failures > 1 ? "S" : "",
901: rusername ? rusername : "", rusername ? "@" : "",
902: hostname, name);
1.1 deraadt 903: } else {
1.47 deraadt 904: syslog_r(LOG_NOTICE, &sdata,
905: "%d LOGIN FAILURE%s ON %s",
1.1 deraadt 906: failures, failures > 1 ? "S" : "", tty);
1.47 deraadt 907: syslog_r(LOG_AUTHPRIV|LOG_NOTICE, &sdata,
1.1 deraadt 908: "%d LOGIN FAILURE%s ON %s, %s",
909: failures, failures > 1 ? "S" : "", tty, name);
910: }
911: }
912:
913: #undef UNKNOWN
914: #define UNKNOWN "su"
915:
916: char *
1.47 deraadt 917: stypeof(char *ttyid)
1.1 deraadt 918: {
919: struct ttyent *t;
920:
1.30 millert 921: return (ttyid && (t = getttynam(ttyid)) ? t->ty_type :
922: login_getcapstr(lc, "term", UNKNOWN, UNKNOWN));
1.1 deraadt 923: }
924:
925: void
1.47 deraadt 926: sleepexit(int eval)
1.1 deraadt 927: {
1.36 millert 928: auth_close(as);
1.1 deraadt 929: (void)sleep(5);
930: exit(eval);
1.11 millert 931: }
932:
933: void
1.47 deraadt 934: quickexit(int eval)
1.36 millert 935: {
936: if (as)
937: auth_close(as);
938: exit(eval);
939: }
940:
941:
942: void
1.47 deraadt 943: sighup(int signum)
1.11 millert 944: {
945: if (username)
946: badlogin(username);
1.47 deraadt 947: _exit(0);
1.1 deraadt 948: }