Annotation of src/usr.bin/login/login.c, Revision 1.64
1.64 ! millert 1: /* $OpenBSD: login.c,v 1.63 2015/01/16 06:40:09 deraadt Exp $ */
1.3 deraadt 2: /* $NetBSD: login.c,v 1.13 1996/05/15 23:50:16 jtc Exp $ */
1.1 deraadt 3:
4: /*-
5: * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
6: * The Regents of the University of California. All rights reserved.
7: *
8: * Redistribution and use in source and binary forms, with or without
9: * modification, are permitted provided that the following conditions
10: * are met:
11: * 1. Redistributions of source code must retain the above copyright
12: * notice, this list of conditions and the following disclaimer.
13: * 2. Redistributions in binary form must reproduce the above copyright
14: * notice, this list of conditions and the following disclaimer in the
15: * documentation and/or other materials provided with the distribution.
1.50 millert 16: * 3. Neither the name of the University nor the names of its contributors
1.1 deraadt 17: * may be used to endorse or promote products derived from this software
18: * without specific prior written permission.
19: *
20: * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23: * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30: * SUCH DAMAGE.
31: */
1.36 millert 32: /*-
33: * Copyright (c) 1995 Berkeley Software Design, Inc. All rights reserved.
34: *
35: * Redistribution and use in source and binary forms, with or without
36: * modification, are permitted provided that the following conditions
37: * are met:
38: * 1. Redistributions of source code must retain the above copyright
39: * notice, this list of conditions and the following disclaimer.
40: * 2. Redistributions in binary form must reproduce the above copyright
41: * notice, this list of conditions and the following disclaimer in the
42: * documentation and/or other materials provided with the distribution.
43: * 3. All advertising materials mentioning features or use of this software
44: * must display the following acknowledgement:
45: * This product includes software developed by Berkeley Software Design,
46: * Inc.
47: * 4. The name of Berkeley Software Design, Inc. may not be used to endorse
48: * or promote products derived from this software without specific prior
49: * written permission.
50: *
51: * THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND
52: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
53: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
54: * ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE
55: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
56: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
57: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
58: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
59: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
60: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
61: * SUCH DAMAGE.
62: *
63: * BSDI $From: login.c,v 2.28 1999/09/08 22:35:36 prb Exp $
64: */
1.1 deraadt 65:
66: /*
67: * login [ name ]
68: * login -h hostname (for telnetd, etc.)
69: * login -f name (for pre-authenticated login: datakit, xterm, etc.)
1.49 millert 70: * login -p (preserve existing environment; for getty)
1.1 deraadt 71: */
72:
1.36 millert 73: #include <sys/socket.h>
1.1 deraadt 74: #include <sys/stat.h>
75: #include <sys/time.h>
76: #include <sys/resource.h>
1.11 millert 77: #include <sys/wait.h>
1.1 deraadt 78:
79: #include <err.h>
80: #include <errno.h>
1.27 millert 81: #include <fcntl.h>
1.1 deraadt 82: #include <grp.h>
1.30 millert 83: #include <login_cap.h>
1.36 millert 84: #include <netdb.h>
1.1 deraadt 85: #include <pwd.h>
86: #include <signal.h>
1.36 millert 87: #include <stdarg.h>
1.1 deraadt 88: #include <stdio.h>
89: #include <stdlib.h>
90: #include <string.h>
91: #include <syslog.h>
92: #include <ttyent.h>
93: #include <unistd.h>
1.63 deraadt 94: #include <limits.h>
1.1 deraadt 95: #include <utmp.h>
1.3 deraadt 96: #include <util.h>
1.36 millert 97: #include <bsd_auth.h>
98:
1.1 deraadt 99: #include "pathnames.h"
100:
1.45 millert 101: void badlogin(char *);
102: void dolastlog(int);
103: void getloginname(void);
104: void motd(void);
105: void quickexit(int);
106: int rootterm(char *);
107: void sigint(int);
108: void sighup(int);
109: void sleepexit(int);
110: char *stypeof(char *);
111: void timedout(int);
112: int main(int, char **);
1.1 deraadt 113:
1.45 millert 114: extern int check_failedlogin(uid_t);
115: extern void log_failedlogin(uid_t, char *, char *, char *);
1.1 deraadt 116:
117: #define TTYGRPNAME "tty" /* name of group to own ttys */
118:
1.64 ! millert 119: #define SECSPERDAY (24 * 60 * 60)
! 120: #define TWOWEEKS (2 * 7 * SECSPERDAY)
! 121:
1.1 deraadt 122: /*
1.37 millert 123: * This bounds the time given to login; may be overridden by /etc/login.conf.
1.1 deraadt 124: */
1.30 millert 125: u_int timeout = 300;
1.1 deraadt 126:
1.36 millert 127: struct passwd *pwd;
1.30 millert 128: login_cap_t *lc = NULL;
1.36 millert 129: auth_session_t *as = NULL;
1.30 millert 130: int failures;
1.36 millert 131: int needbanner = 1;
1.30 millert 132: char term[64], *hostname, *tty;
1.36 millert 133: char *style;
1.30 millert 134: char *username = NULL, *rusername = NULL;
1.1 deraadt 135:
1.47 deraadt 136: extern char **environ;
137:
1.1 deraadt 138: int
1.47 deraadt 139: main(int argc, char *argv[])
1.1 deraadt 140: {
1.47 deraadt 141: char *domain, *p, *ttyn, *shell, *fullname, *instance;
142: char *lipaddr, *script, *ripaddr, *style, *type, *fqdn;
1.63 deraadt 143: char tbuf[PATH_MAX + 2], tname[sizeof(_PATH_TTY) + 10];
144: char localhost[HOST_NAME_MAX+1], *copyright;
1.59 martynas 145: char mail[sizeof(_PATH_MAILDIR) + 1 + NAME_MAX];
1.47 deraadt 146: int ask, ch, cnt, fflag, pflag, quietlog, rootlogin, lastchance;
147: int error, homeless, needto, authok, tries, backoff;
1.36 millert 148: struct addrinfo *ai, hints;
1.47 deraadt 149: struct rlimit cds, scds;
150: quad_t expire, warning;
151: struct utmp utmp;
1.1 deraadt 152: struct group *gr;
153: struct stat st;
154: uid_t uid;
155:
156: openlog("login", LOG_ODELAY, LOG_AUTH);
157:
1.37 millert 158: fqdn = lipaddr = ripaddr = fullname = type = NULL;
159: authok = 0;
160: tries = 10;
161: backoff = 3;
1.36 millert 162:
1.1 deraadt 163: domain = NULL;
1.49 millert 164: if (gethostname(localhost, sizeof(localhost)) < 0) {
1.1 deraadt 165: syslog(LOG_ERR, "couldn't get local hostname: %m");
1.49 millert 166: strlcpy(localhost, "localhost", sizeof(localhost));
167: } else if ((domain = strchr(localhost, '.'))) {
1.21 deraadt 168: domain++;
169: if (*domain && strchr(domain, '.') == NULL)
170: domain = localhost;
171: }
1.1 deraadt 172:
1.36 millert 173: if ((as = auth_open()) == NULL) {
1.39 millert 174: syslog(LOG_ERR, "auth_open: %m");
175: err(1, "unable to initialize BSD authentication");
1.36 millert 176: }
1.39 millert 177: auth_setoption(as, "login", "yes");
1.36 millert 178:
1.49 millert 179: /*
180: * -p is used by getty to tell login not to destroy the environment
181: * -f is used to skip a second login authentication
182: * -h is used by other servers to pass the name of the remote
183: * host to login so that it may be placed in utmp and wtmp
184: */
1.36 millert 185: fflag = pflag = 0;
1.1 deraadt 186: uid = getuid();
1.36 millert 187: while ((ch = getopt(argc, argv, "fh:pu:L:R:")) != -1)
1.1 deraadt 188: switch (ch) {
189: case 'f':
190: fflag = 1;
191: break;
192: case 'h':
1.36 millert 193: if (uid) {
1.62 guenther 194: warnc(EPERM, "-h option");
1.36 millert 195: quickexit(1);
196: }
1.60 tobias 197: free(fqdn);
1.36 millert 198: if ((fqdn = strdup(optarg)) == NULL) {
199: warn(NULL);
200: quickexit(1);
201: }
202: auth_setoption(as, "fqdn", fqdn);
1.1 deraadt 203: if (domain && (p = strchr(optarg, '.')) &&
1.21 deraadt 204: strcasecmp(p+1, domain) == 0)
1.1 deraadt 205: *p = 0;
206: hostname = optarg;
1.36 millert 207: auth_setoption(as, "hostname", hostname);
208: break;
209: case 'L':
210: if (uid) {
1.62 guenther 211: warnc(EPERM, "-L option");
1.36 millert 212: quickexit(1);
213: }
214: if (lipaddr) {
215: warnx("duplicate -L option");
216: quickexit(1);
217: }
218: lipaddr = optarg;
219: memset(&hints, 0, sizeof(hints));
220: hints.ai_family = PF_UNSPEC;
221: hints.ai_flags = AI_CANONNAME;
222: error = getaddrinfo(lipaddr, NULL, &hints, &ai);
223: if (!error) {
224: strlcpy(localhost, ai->ai_canonname,
225: sizeof(localhost));
226: freeaddrinfo(ai);
227: } else
228: strlcpy(localhost, lipaddr, sizeof(localhost));
229: auth_setoption(as, "local_addr", lipaddr);
1.1 deraadt 230: break;
231: case 'p':
232: pflag = 1;
233: break;
1.36 millert 234: case 'R':
235: if (uid) {
1.62 guenther 236: warnc(EPERM, "-R option");
1.36 millert 237: quickexit(1);
238: }
239: if (ripaddr) {
240: warnx("duplicate -R option");
241: quickexit(1);
242: }
243: ripaddr = optarg;
244: auth_setoption(as, "remote_addr", ripaddr);
245: break;
1.14 millert 246: case 'u':
1.36 millert 247: if (uid) {
1.62 guenther 248: warnc(EPERM, "-u option");
1.36 millert 249: quickexit(1);
250: }
1.14 millert 251: rusername = optarg;
252: break;
1.1 deraadt 253: default:
254: if (!uid)
255: syslog(LOG_ERR, "invalid flag %c", ch);
256: (void)fprintf(stderr,
1.57 jmc 257: "usage: login [-fp] [-h hostname] [-L local-addr] "
258: "[-R remote-addr] [-u username]\n\t[user]\n");
1.36 millert 259: quickexit(1);
1.1 deraadt 260: }
261: argc -= optind;
262: argv += optind;
263:
264: if (*argv) {
265: username = *argv;
266: ask = 0;
267: } else
268: ask = 1;
269:
1.49 millert 270: /*
271: * If effective user is not root, just run su(1) to emulate login(1).
272: */
273: if (geteuid() != 0) {
274: char *av[5], **ap;
275:
276: auth_close(as);
277: closelog();
1.54 millert 278: closefrom(STDERR_FILENO + 1);
1.49 millert 279:
280: ap = av;
281: *ap++ = _PATH_SU;
282: *ap++ = "-L";
283: if (!pflag)
284: *ap++ = "-l";
285: if (!ask)
286: *ap++ = username;
287: *ap = NULL;
288: execv(_PATH_SU, av);
289: warn("unable to exec %s", _PATH_SU);
290: _exit(1);
291: }
292:
1.1 deraadt 293: ttyn = ttyname(STDIN_FILENO);
294: if (ttyn == NULL || *ttyn == '\0') {
295: (void)snprintf(tname, sizeof(tname), "%s??", _PATH_TTY);
296: ttyn = tname;
297: }
1.12 millert 298: if ((tty = strrchr(ttyn, '/')))
1.1 deraadt 299: ++tty;
300: else
301: tty = ttyn;
302:
1.49 millert 303: /*
304: * Since login deals with sensitive information, turn off coredumps.
305: */
306: if (getrlimit(RLIMIT_CORE, &scds) < 0) {
307: syslog(LOG_ERR, "couldn't get core dump size: %m");
308: scds.rlim_cur = scds.rlim_max = QUAD_MIN;
309: }
310: cds.rlim_cur = cds.rlim_max = 0;
311: if (setrlimit(RLIMIT_CORE, &cds) < 0) {
312: syslog(LOG_ERR, "couldn't set core dump size to 0: %m");
313: scds.rlim_cur = scds.rlim_max = QUAD_MIN;
314: }
315:
316: (void)signal(SIGALRM, timedout);
317: if (argc > 1) {
318: needto = 0;
319: (void)alarm(timeout);
320: } else
321: needto = 1;
322: (void)signal(SIGQUIT, SIG_IGN);
323: (void)signal(SIGINT, SIG_IGN);
324: (void)signal(SIGHUP, SIG_IGN);
325: (void)setpriority(PRIO_PROCESS, 0, 0);
326:
1.36 millert 327: #ifdef notyet
328: /* XXX - we don't (yet) support per-tty auth stuff */
329: /* BSDi uses a ttys.conf file but we could just overload /etc/ttys */
330: /*
331: * Classify the attempt.
332: * By default we use the value in the ttys file.
333: * If there is a classify script we run that as
334: *
335: * classify [-f] [username]
336: */
337: if (type = getttyauth(tty))
338: auth_setoption(as, "auth_type", type);
339: #endif
340:
341: /* get the default login class */
1.47 deraadt 342: if ((lc = login_getclass(0)) == NULL) { /* get the default class */
1.36 millert 343: warnx("Failure to retrieve default class");
344: quickexit(1);
345: }
1.37 millert 346: timeout = (u_int)login_getcapnum(lc, "login-timeout", 300, 300);
1.36 millert 347: if ((script = login_getcapstr(lc, "classify", NULL, NULL)) != NULL) {
348: unsetenv("AUTH_TYPE");
349: unsetenv("REMOTE_NAME");
350: if (script[0] != '/') {
351: syslog(LOG_ERR, "Invalid classify script: %s", script);
352: warnx("Classification failure");
353: quickexit(1);
354: }
355: shell = strrchr(script, '/') + 1;
356: auth_setstate(as, AUTH_OKAY);
1.47 deraadt 357: auth_call(as, script, shell,
1.49 millert 358: fflag ? "-f" : username, fflag ? username : 0, (char *)0);
1.36 millert 359: if (!(auth_getstate(as) & AUTH_ALLOW))
360: quickexit(1);
361: auth_setenv(as);
362: if ((p = getenv("AUTH_TYPE")) != NULL &&
363: strncmp(p, "auth-", 5) == 0)
364: type = p;
365: if ((p = getenv("REMOTE_NAME")) != NULL)
366: hostname = p;
367: /*
368: * we may have changed some values, reset them
369: */
370: auth_clroptions(as);
371: if (type)
372: auth_setoption(as, "auth_type", type);
373: if (fqdn)
374: auth_setoption(as, "fqdn", fqdn);
375: if (hostname)
376: auth_setoption(as, "hostname", hostname);
377: if (lipaddr)
378: auth_setoption(as, "local_addr", lipaddr);
379: if (ripaddr)
380: auth_setoption(as, "remote_addr", ripaddr);
381: }
382:
383: /*
384: * Request the things like the approval script print things
385: * to stdout (in particular, the nologins files)
386: */
387: auth_setitem(as, AUTHV_INTERACTIVE, "True");
388:
1.1 deraadt 389: for (cnt = 0;; ask = 1) {
1.36 millert 390: /*
391: * Clean up our current authentication session.
392: * Options are not cleared so we need to clear any
393: * we might set below.
394: */
395: auth_clean(as);
396: auth_clroption(as, "style");
397: auth_clroption(as, "lastchance");
398:
399: lastchance = 0;
400:
1.1 deraadt 401: if (ask) {
402: fflag = 0;
403: getloginname();
404: }
1.36 millert 405: if (needto) {
406: needto = 0;
407: alarm(timeout);
408: }
1.47 deraadt 409: if ((style = strchr(username, ':')) != NULL)
1.36 millert 410: *style++ = '\0';
411: if (fullname)
412: free(fullname);
413: if (auth_setitem(as, AUTHV_NAME, username) < 0 ||
414: (fullname = strdup(username)) == NULL) {
415: syslog(LOG_ERR, "%m");
416: warn(NULL);
417: quickexit(1);
418: }
1.1 deraadt 419: rootlogin = 0;
1.55 millert 420: if ((instance = strchr(username, '/')) != NULL) {
1.40 millert 421: if (strncmp(instance + 1, "root", 4) == 0)
1.1 deraadt 422: rootlogin = 1;
423: *instance++ = '\0';
424: } else
425: instance = "";
1.36 millert 426:
1.1 deraadt 427: if (strlen(username) > UT_NAMESIZE)
428: username[UT_NAMESIZE] = '\0';
429:
430: /*
431: * Note if trying multiple user names; log failures for
432: * previous user name, but don't bother logging one failure
433: * for nonexistent name (mistyped username).
434: */
435: if (failures && strcmp(tbuf, username)) {
436: if (failures > (pwd ? 0 : 1))
437: badlogin(tbuf);
438: failures = 0;
439: }
1.36 millert 440: (void)strlcpy(tbuf, username, sizeof(tbuf));
1.1 deraadt 441:
1.36 millert 442: if ((pwd = getpwnam(username)) != NULL &&
443: auth_setpwd(as, pwd) < 0) {
444: syslog(LOG_ERR, "%m");
445: warn(NULL);
446: quickexit(1);
447: }
1.1 deraadt 448:
1.36 millert 449: lc = login_getclass(pwd ? pwd->pw_class : NULL);
450: if (!lc)
451: goto failed;
1.1 deraadt 452:
1.36 millert 453: style = login_getstyle(lc, style, type);
454: if (!style)
455: goto failed;
1.1 deraadt 456:
1.36 millert 457: /*
1.37 millert 458: * We allow "login-tries" attempts to login but start
459: * slowing down after "login-backoff" attempts.
460: */
461: tries = (int)login_getcapnum(lc, "login-tries", 10, 10);
462: backoff = (int)login_getcapnum(lc, "login-backoff", 3, 3);
463:
464: /*
1.60 tobias 465: * Turn off the fflag if we have an invalid user
1.36 millert 466: * or we are not root and we are trying to change uids.
467: */
468: if (!pwd || (uid && uid != pwd->pw_uid))
469: fflag = 0;
1.1 deraadt 470:
1.36 millert 471: if (pwd && pwd->pw_uid == 0)
472: rootlogin = 1;
1.25 millert 473:
1.36 millert 474: /*
475: * If we do not have the force flag authenticate the user
476: */
1.44 millert 477: if (!fflag) {
1.36 millert 478: lastchance =
479: login_getcaptime(lc, "password-dead", 0, 0) != 0;
480: if (lastchance)
481: auth_setoption(as, "lastchance", "yes");
482: /*
483: * Once we start asking for a password
484: * we want to log a failure on a hup.
485: */
486: signal(SIGHUP, sighup);
487: auth_verify(as, style, NULL, lc->lc_class, NULL);
488: authok = auth_getstate(as);
489: /*
490: * If their password expired and it has not been
491: * too long since then, give the user one last
492: * chance to change their password
493: */
494: if ((authok & AUTH_PWEXPIRED) && lastchance) {
495: authok = AUTH_OKAY;
496: } else
497: lastchance = 0;
498: if ((authok & AUTH_ALLOW) == 0)
499: goto failed;
500: if (auth_setoption(as, "style", style) < 0) {
501: syslog(LOG_ERR, "%m");
502: warn(NULL);
503: quickexit(1);
1.25 millert 504: }
1.1 deraadt 505: }
1.36 millert 506: /*
507: * explicitly reject users without password file entries
508: */
1.47 deraadt 509: if (pwd == NULL)
1.36 millert 510: goto failed;
1.1 deraadt 511:
512: /*
1.36 millert 513: * If trying to log in as root on an insecure terminal,
514: * refuse the login attempt unless the authentication
515: * style explicitly says a root login is okay.
1.1 deraadt 516: */
1.44 millert 517: if (pwd && rootlogin && !rootterm(tty))
1.36 millert 518: goto failed;
1.29 millert 519:
1.36 millert 520: if (fflag) {
521: type = 0;
522: style = "forced";
523: }
524: break;
525:
526: failed:
527: if (authok & AUTH_SILENT)
528: quickexit(0);
1.29 millert 529: if (rootlogin && !rootterm(tty)) {
1.36 millert 530: warnx("%s login refused on this terminal.",
531: fullname);
1.1 deraadt 532: if (hostname)
533: syslog(LOG_NOTICE,
1.14 millert 534: "LOGIN %s REFUSED FROM %s%s%s ON TTY %s",
1.36 millert 535: fullname, rusername ? rusername : "",
1.14 millert 536: rusername ? "@" : "", hostname, tty);
1.1 deraadt 537: else
538: syslog(LOG_NOTICE,
539: "LOGIN %s REFUSED ON TTY %s",
1.47 deraadt 540: fullname, tty);
1.36 millert 541: } else {
542: if (!as || (p = auth_getvalue(as, "errormsg")) == NULL)
543: p = "Login incorrect";
544: (void)printf("%s\n", p);
545: }
1.1 deraadt 546: failures++;
1.13 millert 547: if (pwd)
1.14 millert 548: log_failedlogin(pwd->pw_uid, hostname, rusername, tty);
1.37 millert 549: /*
550: * By default, we allow 10 tries, but after 3 we start
551: * backing off to slow down password guessers.
552: */
553: if (++cnt > backoff) {
554: if (cnt >= tries) {
1.1 deraadt 555: badlogin(username);
556: sleepexit(1);
557: }
1.37 millert 558: sleep((u_int)((cnt - backoff) * tries / 2));
1.1 deraadt 559: }
560: }
561:
562: /* committed to login -- turn off timeout */
1.36 millert 563: (void)alarm(0);
1.1 deraadt 564:
565: endpwent();
566:
1.30 millert 567: shell = login_getcapstr(lc, "shell", pwd->pw_shell, pwd->pw_shell);
568: if (*shell == '\0')
569: shell = _PATH_BSHELL;
1.63 deraadt 570: else if (strlen(shell) >= PATH_MAX) {
1.30 millert 571: syslog(LOG_ERR, "shell path too long: %s", shell);
572: warnx("invalid shell");
1.36 millert 573: quickexit(1);
1.24 art 574: }
1.1 deraadt 575:
576: /* Destroy environment unless user has requested its preservation. */
1.24 art 577: if (!pflag) {
1.22 deraadt 578: if ((environ = calloc(1, sizeof (char *))) == NULL)
579: err(1, "calloc");
1.24 art 580: } else {
1.9 millert 581: char **cpp, **cpp2;
582:
583: for (cpp2 = cpp = environ; *cpp; cpp++) {
584: if (strncmp(*cpp, "LD_", 3) &&
1.29 millert 585: strncmp(*cpp, "ENV=", 4) &&
586: strncmp(*cpp, "BASH_ENV=", 9) &&
1.9 millert 587: strncmp(*cpp, "IFS=", 4))
588: *cpp2++ = *cpp;
589: }
590: *cpp2 = 0;
591: }
1.30 millert 592: /* Note: setusercontext(3) will set PATH */
1.34 deraadt 593: if (setenv("HOME", pwd->pw_dir, 1) == -1 ||
1.58 martynas 594: setenv("SHELL", pwd->pw_shell, 1) == -1) {
1.34 deraadt 595: warn("unable to setenv()");
1.36 millert 596: quickexit(1);
1.34 deraadt 597: }
1.1 deraadt 598: if (term[0] == '\0')
1.29 millert 599: (void)strlcpy(term, stypeof(tty), sizeof(term));
1.59 martynas 600: (void)snprintf(mail, sizeof(mail), "%s/%s", _PATH_MAILDIR,
601: pwd->pw_name);
1.34 deraadt 602: if (setenv("TERM", term, 0) == -1 ||
603: setenv("LOGNAME", pwd->pw_name, 1) == -1 ||
1.59 martynas 604: setenv("USER", pwd->pw_name, 1) == -1 ||
605: setenv("MAIL", mail, 1) == -1) {
1.34 deraadt 606: warn("unable to setenv()");
1.36 millert 607: quickexit(1);
1.34 deraadt 608: }
609: if (hostname) {
610: if (setenv("REMOTEHOST", hostname, 1) == -1) {
611: warn("unable to setenv()");
1.36 millert 612: quickexit(1);
1.34 deraadt 613: }
614: }
615: if (rusername) {
616: if (setenv("REMOTEUSER", rusername, 1) == -1) {
617: warn("unable to setenv()");
1.36 millert 618: quickexit(1);
1.34 deraadt 619: }
620: }
1.36 millert 621:
622: if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETPATH)) {
623: warn("unable to set user context");
624: quickexit(1);
625: }
626: auth_setenv(as);
627:
628: /* if user not super-user, check for disabled logins */
629: if (!rootlogin)
630: auth_checknologin(lc);
631:
632: setegid(pwd->pw_gid);
633: seteuid(pwd->pw_uid);
634:
635: homeless = chdir(pwd->pw_dir);
636: if (homeless) {
637: if (login_getcapbool(lc, "requirehome", 0)) {
638: (void)printf("No home directory %s!\n", pwd->pw_dir);
639: quickexit(1);
1.34 deraadt 640: }
1.36 millert 641: if (chdir("/"))
642: quickexit(0);
1.34 deraadt 643: }
1.36 millert 644:
645: quietlog = ((strcmp(pwd->pw_shell, "/sbin/nologin") == 0) ||
646: login_getcapbool(lc, "hushlogin", 0) ||
647: (access(_PATH_HUSHLOGIN, F_OK) == 0));
648:
649: seteuid(0);
650: setegid(0); /* XXX use a saved gid instead? */
651:
652: if ((p = auth_getvalue(as, "warnmsg")) != NULL)
653: (void)printf("WARNING: %s\n\n", p);
654:
655: expire = auth_check_expire(as);
656: if (expire < 0) {
657: (void)printf("Sorry -- your account has expired.\n");
658: quickexit(1);
659: } else if (expire > 0 && !quietlog) {
660: warning = login_getcaptime(lc, "expire-warn",
1.64 ! millert 661: TWOWEEKS, TWOWEEKS);
1.36 millert 662: if (expire < warning)
1.47 deraadt 663: (void)printf("Warning: your account expires on %s",
1.36 millert 664: ctime(&pwd->pw_expire));
1.34 deraadt 665: }
1.36 millert 666:
667: /* Nothing else left to fail -- really log in. */
668: (void)signal(SIGHUP, SIG_DFL);
669: memset(&utmp, 0, sizeof(utmp));
670: (void)time(&utmp.ut_time);
671: (void)strncpy(utmp.ut_name, username, sizeof(utmp.ut_name));
672: if (hostname)
673: (void)strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
674: (void)strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
675: login(&utmp);
676:
677: if (!quietlog)
678: (void)check_failedlogin(pwd->pw_uid);
679: dolastlog(quietlog);
680:
681: login_fbtab(tty, pwd->pw_uid, pwd->pw_gid);
682:
683: (void)chown(ttyn, pwd->pw_uid,
684: (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid);
685:
1.1 deraadt 686: /* If fflag is on, assume caller/authenticator has logged root login. */
1.24 art 687: if (rootlogin && fflag == 0) {
1.1 deraadt 688: if (hostname)
1.14 millert 689: syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s FROM %s%s%s",
690: username, tty, rusername ? rusername : "",
691: rusername ? "@" : "", hostname);
1.1 deraadt 692: else
693: syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s", username, tty);
1.24 art 694: }
1.1 deraadt 695:
696: if (!quietlog) {
1.36 millert 697: if ((copyright =
698: login_getcapstr(lc, "copyright", NULL, NULL)) != NULL)
699: auth_cat(copyright);
1.1 deraadt 700: motd();
1.59 martynas 701: if (stat(mail, &st) == 0 && st.st_size != 0)
1.1 deraadt 702: (void)printf("You have %smail.\n",
703: (st.st_mtime > st.st_atime) ? "new " : "");
704: }
705:
706: (void)signal(SIGALRM, SIG_DFL);
707: (void)signal(SIGQUIT, SIG_DFL);
1.36 millert 708: (void)signal(SIGHUP, SIG_DFL);
1.1 deraadt 709: (void)signal(SIGINT, SIG_DFL);
710: (void)signal(SIGTSTP, SIG_IGN);
711:
712: tbuf[0] = '-';
1.30 millert 713: (void)strlcpy(tbuf + 1, (p = strrchr(shell, '/')) ?
1.36 millert 714: p + 1 : shell, sizeof(tbuf) - 1);
715:
716: if ((scds.rlim_cur != QUAD_MIN || scds.rlim_max != QUAD_MIN) &&
717: setrlimit(RLIMIT_CORE, &scds) < 0)
718: syslog(LOG_ERR, "couldn't reset core dump size: %m");
719:
720: if (lastchance)
1.47 deraadt 721: (void)printf("WARNING: Your password has expired."
722: " You must change your password, now!\n");
1.1 deraadt 723:
1.38 millert 724: if (setusercontext(lc, pwd, rootlogin ? 0 : pwd->pw_uid,
1.36 millert 725: LOGIN_SETALL & ~LOGIN_SETPATH) < 0) {
1.30 millert 726: warn("unable to set user context");
1.36 millert 727: quickexit(1);
728: }
729:
730: if (homeless) {
731: (void)printf("No home directory %s!\n", pwd->pw_dir);
732: (void)printf("Logging in with home = \"/\".\n");
733: (void)setenv("HOME", "/", 1);
1.15 tholo 734: }
1.30 millert 735:
1.36 millert 736: if (auth_approval(as, lc, NULL, "login") == 0) {
737: if (auth_getstate(as) & AUTH_EXPIRED)
738: (void)printf("Sorry -- your account has expired.\n");
739: else
740: (void)printf("approval failure\n");
741: quickexit(1);
742: }
743:
744: /*
745: * The last thing we do is discard all of the open file descriptors.
746: * Last because the C library may have some open.
747: */
1.53 deraadt 748: closefrom(STDERR_FILENO + 1);
1.36 millert 749:
750: /*
751: * Close the authentication session, make sure it is marked
752: * as okay so no files are removed.
753: */
754: auth_setstate(as, AUTH_OKAY);
755: auth_close(as);
756:
1.42 deraadt 757: execlp(shell, tbuf, (char *)NULL);
1.30 millert 758: err(1, "%s", shell);
1.1 deraadt 759: }
760:
761: /*
1.36 millert 762: * Allow for a '.' and 16 characters for any instance as well as
1.60 tobias 763: * space for a ':' and 16 characters defining the authentication type.
1.1 deraadt 764: */
1.36 millert 765: #define NBUFSIZ (UT_NAMESIZE + 1 + 16 + 1 + 16)
1.1 deraadt 766:
767: void
1.47 deraadt 768: getloginname(void)
1.1 deraadt 769: {
1.47 deraadt 770: static char nbuf[NBUFSIZ], *p;
1.1 deraadt 771: int ch;
772:
773: for (;;) {
774: (void)printf("login: ");
775: for (p = nbuf; (ch = getchar()) != '\n'; ) {
776: if (ch == EOF) {
777: badlogin(username);
1.36 millert 778: quickexit(0);
1.1 deraadt 779: }
780: if (p < nbuf + (NBUFSIZ - 1))
781: *p++ = ch;
782: }
1.24 art 783: if (p > nbuf) {
1.1 deraadt 784: if (nbuf[0] == '-')
785: (void)fprintf(stderr,
786: "login names may not start with '-'.\n");
787: else {
788: *p = '\0';
789: username = nbuf;
790: break;
791: }
1.24 art 792: }
1.1 deraadt 793: }
794: }
795:
796: int
1.47 deraadt 797: rootterm(char *ttyn)
1.1 deraadt 798: {
799: struct ttyent *t;
800:
1.36 millert 801: /* XXX - stash output of getttynam() elsewhere */
1.1 deraadt 802: return ((t = getttynam(ttyn)) && t->ty_status & TTY_SECURE);
803: }
804:
805: void
1.47 deraadt 806: motd(void)
1.1 deraadt 807: {
1.47 deraadt 808: char tbuf[8192], *motd;
1.1 deraadt 809: int fd, nchars;
1.48 millert 810: struct sigaction sa, osa;
1.30 millert 811:
812: motd = login_getcapstr(lc, "welcome", _PATH_MOTDFILE, _PATH_MOTDFILE);
1.1 deraadt 813:
1.30 millert 814: if ((fd = open(motd, O_RDONLY, 0)) < 0)
1.1 deraadt 815: return;
1.48 millert 816:
817: memset(&sa, 0, sizeof(sa));
818: sa.sa_handler = sigint;
819: sigemptyset(&sa.sa_mask);
820: sa.sa_flags = 0; /* don't set SA_RESTART */
821: (void)sigaction(SIGINT, &sa, &osa);
822:
823: /* read and spew motd until EOF, error, or SIGINT */
824: while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0 &&
825: write(STDOUT_FILENO, tbuf, nchars) == nchars)
826: ;
827:
828: (void)sigaction(SIGINT, &osa, NULL);
1.1 deraadt 829: (void)close(fd);
830: }
831:
832: /* ARGSUSED */
833: void
1.47 deraadt 834: sigint(int signo)
1.1 deraadt 835: {
1.52 otto 836: return; /* just interrupt syscall */
1.1 deraadt 837: }
838:
839: /* ARGSUSED */
840: void
1.47 deraadt 841: timedout(int signo)
1.1 deraadt 842: {
1.47 deraadt 843: char warn[1024];
844:
845: snprintf(warn, sizeof warn,
846: "Login timed out after %d seconds\n", timeout);
847: write(STDERR_FILENO, warn, strlen(warn));
1.37 millert 848: if (username)
849: badlogin(username);
1.47 deraadt 850: _exit(0);
1.1 deraadt 851: }
852:
853: void
1.47 deraadt 854: dolastlog(int quiet)
1.1 deraadt 855: {
856: struct lastlog ll;
857: int fd;
858:
859: if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) {
1.26 millert 860: (void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET);
1.1 deraadt 861: if (!quiet) {
862: if (read(fd, (char *)&ll, sizeof(ll)) == sizeof(ll) &&
863: ll.ll_time != 0) {
864: (void)printf("Last login: %.*s ",
865: 24-5, (char *)ctime(&ll.ll_time));
1.14 millert 866: (void)printf("on %.*s",
867: (int)sizeof(ll.ll_line),
868: ll.ll_line);
1.1 deraadt 869: if (*ll.ll_host != '\0')
1.14 millert 870: (void)printf(" from %.*s",
1.1 deraadt 871: (int)sizeof(ll.ll_host),
872: ll.ll_host);
1.14 millert 873: (void)putchar('\n');
1.1 deraadt 874: }
1.26 millert 875: (void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll),
876: SEEK_SET);
1.1 deraadt 877: }
878: memset((void *)&ll, 0, sizeof(ll));
879: (void)time(&ll.ll_time);
880: (void)strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
881: if (hostname)
882: (void)strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));
883: (void)write(fd, (char *)&ll, sizeof(ll));
884: (void)close(fd);
885: }
886: }
887:
888: void
1.47 deraadt 889: badlogin(char *name)
1.1 deraadt 890: {
1.47 deraadt 891: struct syslog_data sdata = SYSLOG_DATA_INIT;
892:
1.1 deraadt 893: if (failures == 0)
894: return;
895: if (hostname) {
1.47 deraadt 896: syslog_r(LOG_NOTICE, &sdata,
897: "%d LOGIN FAILURE%s FROM %s%s%s",
1.14 millert 898: failures, failures > 1 ? "S" : "",
899: rusername ? rusername : "", rusername ? "@" : "", hostname);
1.47 deraadt 900: syslog_r(LOG_AUTHPRIV|LOG_NOTICE, &sdata,
1.14 millert 901: "%d LOGIN FAILURE%s FROM %s%s%s, %s",
902: failures, failures > 1 ? "S" : "",
903: rusername ? rusername : "", rusername ? "@" : "",
904: hostname, name);
1.1 deraadt 905: } else {
1.47 deraadt 906: syslog_r(LOG_NOTICE, &sdata,
907: "%d LOGIN FAILURE%s ON %s",
1.1 deraadt 908: failures, failures > 1 ? "S" : "", tty);
1.47 deraadt 909: syslog_r(LOG_AUTHPRIV|LOG_NOTICE, &sdata,
1.1 deraadt 910: "%d LOGIN FAILURE%s ON %s, %s",
911: failures, failures > 1 ? "S" : "", tty, name);
912: }
913: }
914:
915: #undef UNKNOWN
916: #define UNKNOWN "su"
917:
918: char *
1.47 deraadt 919: stypeof(char *ttyid)
1.1 deraadt 920: {
921: struct ttyent *t;
922:
1.30 millert 923: return (ttyid && (t = getttynam(ttyid)) ? t->ty_type :
924: login_getcapstr(lc, "term", UNKNOWN, UNKNOWN));
1.1 deraadt 925: }
926:
927: void
1.47 deraadt 928: sleepexit(int eval)
1.1 deraadt 929: {
1.36 millert 930: auth_close(as);
1.1 deraadt 931: (void)sleep(5);
932: exit(eval);
1.11 millert 933: }
934:
935: void
1.47 deraadt 936: quickexit(int eval)
1.36 millert 937: {
938: if (as)
939: auth_close(as);
940: exit(eval);
941: }
942:
943:
944: void
1.47 deraadt 945: sighup(int signum)
1.11 millert 946: {
947: if (username)
948: badlogin(username);
1.47 deraadt 949: _exit(0);
1.1 deraadt 950: }