/*
* Record login in wtmp file.
*/
void
dologin(struct passwd *pw, struct sockaddr_in *sin)
{
char line[32];
char remotehost[32];
int wtmp, f;
struct hostent *hp = gethostbyaddr((char *)&sin->sin_addr,
sizeof (struct in_addr), AF_INET);
if (hp) {
strncpy(remotehost, hp->h_name, sizeof (remotehost));
endhostent();
} else
strncpy(remotehost, inet_ntoa(sin->sin_addr),
sizeof (remotehost));
sprintf(line, "uucp%.4d", getpid());
logwtmp (line, pw->pw_name, remotehost);
#if defined (PATH_LASTLOG) && defined (HAVE_STRUCT_LASTLOG)
#define SCPYN(a, b) strncpy(a, b, sizeof (a))
if ((f = open(PATH_LASTLOG, O_RDWR)) >= 0) {
struct lastlog ll;
time(&ll.ll_time);
lseek(f, (long)pw->pw_uid * sizeof(struct lastlog), 0);
strcpy(line, remotehost);
SCPYN(ll.ll_line, line);
SCPYN(ll.ll_host, remotehost);
(void) write(f, (char *) &ll, sizeof ll);
(void) close(f);
}
#endif
}
/*
* Record login in wtmp file.
*/
void dologin(struct passwd *pw, struct sockaddr *sin)
{
#if __FreeBSD_version >= 900007
struct utmpx ut;
memset(&ut, 0, sizeof ut);
ut.ut_type = USER_PROCESS;
gettimeofday(&ut.ut_tv, NULL);
ut.ut_pid = getpid();
snprintf(ut.ut_id, sizeof ut.ut_id, "%xuucp", ut.ut_pid);
SCPYN(ut.ut_user, pw->pw_name);
realhostname_sa(ut.ut_host, sizeof ut.ut_host, sin, sin->sa_len);
pututxline(&ut);
#else
char line[32];
char remotehost[UT_HOSTSIZE + 1];
int f;
time_t cur_time;
realhostname_sa(remotehost, sizeof(remotehost) - 1, sin, sin->sa_len);
remotehost[sizeof remotehost - 1] = '\0';
/* hack, but must be unique and no tty line */
sprintf(line, "uucp%ld", (long)getpid());
time(&cur_time);
if ((f = open(_PATH_LASTLOG, O_RDWR)) >= 0) {
struct lastlog ll;
ll.ll_time = cur_time;
lseek(f, (off_t)pw->pw_uid * sizeof(struct lastlog), L_SET);
SCPYN(ll.ll_line, line);
SCPYN(ll.ll_host, remotehost);
(void) write(f, (char *) &ll, sizeof ll);
(void) close(f);
}
logwtmp(line, pw->pw_name, remotehost);
#endif
}
int
main(int argc, char **argv)
{
char *namep;
int pflag = 0, hflag = 0, t, f, c;
int invalid, quietlog;
FILE *nlfd;
char *ttyn, *tty;
int ldisc = 0, zero = 0, i;
char **envnew;
#ifdef AFS_AIX32_ENV
/*
* The following signal action for AIX is necessary so that in case of a
* crash (i.e. core is generated) we can include the user's data section
* in the core dump. Unfortunately, by default, only a partial core is
* generated which, in many cases, isn't too useful.
*/
struct sigaction nsa;
sigemptyset(&nsa.sa_mask);
nsa.sa_handler = SIG_DFL;
nsa.sa_flags = SA_FULLDUMP;
sigaction(SIGSEGV, &nsa, NULL);
#endif
signal(SIGALRM, timedout);
alarm(timeout);
signal(SIGQUIT, SIG_IGN);
signal(SIGINT, SIG_IGN);
setpriority(PRIO_PROCESS, 0, 0);
quota(Q_SETUID, 0, 0, 0);
/* create a dummy user */
memset(&nouser, 0, sizeof(nouser));
nouser.pw_name = "";
nouser.pw_passwd = "*";
nouser.pw_dir = nouser.pw_shell = "";
nouser.pw_uid = nouser.pw_gid = -1;
/*
* -p is used by getty to tell login not to destroy the environment
* -r is used by rlogind to cause the autologin protocol;
* -h is used by other servers to pass the name of the
* remote host to login so that it may be placed in utmp and wtmp
*/
while (argc > 1) {
if (strcmp(argv[1], "-r") == 0) {
if (rflag || hflag) {
printf("Only one of -r and -h allowed\n");
exit(1);
}
rflag = 1;
usererr = doremotelogin(argv[2]);
SCPYN(utmp.ut_host, argv[2]);
argc -= 2;
argv += 2;
continue;
}
if (strcmp(argv[1], "-h") == 0 && getuid() == 0) {
if (rflag || hflag) {
printf("Only one of -r and -h allowed\n");
exit(1);
}
hflag = 1;
SCPYN(utmp.ut_host, argv[2]);
argc -= 2;
argv += 2;
continue;
}
if (strcmp(argv[1], "-p") == 0) {
argc--;
argv++;
pflag = 1;
continue;
}
break;
}
ioctl(0, TIOCLSET, &zero);
ioctl(0, TIOCNXCL, 0);
ioctl(0, FIONBIO, &zero);
ioctl(0, FIOASYNC, &zero);
ioctl(0, TIOCGETP, &ttyb);
/*
* If talking to an rlogin process,
* propagate the terminal type and
* baud rate across the network.
*/
if (rflag)
doremoteterm(term, &ttyb);
ttyb.sg_erase = CERASE;
ttyb.sg_kill = CKILL;
ioctl(0, TIOCSLTC, <c);
ioctl(0, TIOCSETC, &tc);
ioctl(0, TIOCSETP, &ttyb);
for (t = getdtablesize(); t > 2; t--)
close(t);
ttyn = ttyname(0);
if (ttyn == (char *)0 || *ttyn == '\0')
ttyn = "/dev/tty??";
tty = strrchr(ttyn, '/');
if (tty == NULL)
tty = ttyn;
else
tty++;
openlog("login", LOG_ODELAY, LOG_AUTH);
t = 0;
invalid = FALSE;
do {
ldisc = 0;
ioctl(0, TIOCSETD, &ldisc);
SCPYN(utmp.ut_name, "");
/*
* Name specified, take it.
*/
if (argc > 1) {
SCPYN(utmp.ut_name, argv[1]);
argc = 0;
}
/*
* If remote login take given name,
* otherwise prompt user for something.
*/
if (rflag && !invalid)
SCPYN(utmp.ut_name, lusername);
else
getloginname(&utmp);
invalid = FALSE;
if (!strcmp(pwd->pw_shell, "/bin/csh")) {
ldisc = NTTYDISC;
ioctl(0, TIOCSETD, &ldisc);
}
/*
* If no remote login authentication and
* a password exists for this user, prompt
* for one and verify it.
*/
if (usererr == -1 && *pwd->pw_passwd != '\0') {
#ifdef KAUTH
char password[BUFSIZ];
char *reason;
if (ka_UserReadPassword
("Password:"******"Unable to login because %s,\n", reason);
invalid = TRUE;
} else
if (ka_UserAuthenticate
(pwd->pw_name, /*inst */ 0, /*realm */ 0, password,
/*sepag */ 1, &reason)) {
printf("Unable to authenticate to AFS because %s.\n", reason);
printf(" proceeding with local authentication... \n");
/* try local login */
namep = crypt(password, pwd->pw_passwd);
if (strcmp(namep, pwd->pw_passwd))
invalid = TRUE;
}
#else
char *pp;
setpriority(PRIO_PROCESS, 0, -4);
pp = getpass("Password:"******"r")) != 0) {
while ((c = getc(nlfd)) != EOF)
putchar(c);
fflush(stdout);
sleep(5);
exit(0);
}
/*
* If valid so far and root is logging in,
* see if root logins on this terminal are permitted.
*/
if (!invalid && pwd->pw_uid == 0 && !rootterm(tty)) {
if (utmp.ut_host[0])
syslog(LOG_CRIT, "ROOT LOGIN REFUSED ON %s FROM %.*s", tty,
HMAX, utmp.ut_host);
else
syslog(LOG_CRIT, "ROOT LOGIN REFUSED ON %s", tty);
invalid = TRUE;
}
if (invalid) {
printf("Login incorrect\n");
if (++t >= 5) {
if (utmp.ut_host[0])
syslog(LOG_CRIT,
"REPEATED LOGIN FAILURES ON %s FROM %.*s, %.*s",
tty, HMAX, utmp.ut_host, NMAX, utmp.ut_name);
else
syslog(LOG_CRIT, "REPEATED LOGIN FAILURES ON %s, %.*s",
tty, NMAX, utmp.ut_name);
ioctl(0, TIOCHPCL, NULL);
close(0), close(1), close(2);
sleep(10);
exit(1);
}
}
if (*pwd->pw_shell == '\0')
pwd->pw_shell = "/bin/sh";
if (chdir(pwd->pw_dir) < 0 && !invalid) {
if (chdir("/") < 0) {
printf("No directory!\n");
invalid = TRUE;
} else {
printf("No directory! %s\n", "Logging in with home=/");
pwd->pw_dir = "/";
}
}
/*
* Remote login invalid must have been because
* of a restriction of some sort, no extra chances.
*/
if (!usererr && invalid)
exit(1);
} while (invalid);
/* committed to login turn off timeout */
alarm(0);
if (quota(Q_SETUID, pwd->pw_uid, 0, 0) < 0 && errno != EINVAL) {
if (errno == EUSERS)
printf("%s.\n%s.\n", "Too many users logged on already",
"Try again later");
else if (errno == EPROCLIM)
printf("You have too many processes running.\n");
else
perror("quota (Q_SETUID)");
sleep(5);
exit(0);
}
time(&utmp.ut_time);
t = ttyslot();
if (t > 0 && (f = open("/etc/utmp", O_WRONLY)) >= 0) {
lseek(f, (afs_int32) (t * sizeof(utmp)), 0);
SCPYN(utmp.ut_line, tty);
write(f, (char *)&utmp, sizeof(utmp));
close(f);
}
if ((f = open("/usr/adm/wtmp", O_WRONLY | O_APPEND)) >= 0) {
write(f, (char *)&utmp, sizeof(utmp));
close(f);
}
quietlog = access(qlog, F_OK) == 0;
if ((f = open(lastlog, O_RDWR)) >= 0) {
struct lastlog ll;
lseek(f, (afs_int32) pwd->pw_uid * sizeof(struct lastlog), 0);
if (read(f, (char *)&ll, sizeof ll) == sizeof ll && ll.ll_time != 0
&& !quietlog) {
printf("Last login: %.*s ", 24 - 5, (char *)ctime(&ll.ll_time));
if (*ll.ll_host != '\0')
printf("from %.*s\n", sizeof(ll.ll_host), ll.ll_host);
else
printf("on %.*s\n", sizeof(ll.ll_line), ll.ll_line);
}
lseek(f, (afs_int32) pwd->pw_uid * sizeof(struct lastlog), 0);
time(&ll.ll_time);
SCPYN(ll.ll_line, tty);
SCPYN(ll.ll_host, utmp.ut_host);
write(f, (char *)&ll, sizeof ll);
close(f);
}
chown(ttyn, pwd->pw_uid, TTYGID(pwd->pw_gid));
if (!hflag && !rflag) /* XXX */
ioctl(0, TIOCSWINSZ, &win);
chmod(ttyn, 0620);
setgid(pwd->pw_gid);
strncpy(name, utmp.ut_name, NMAX);
name[NMAX] = '\0';
initgroups(name, pwd->pw_gid);
quota(Q_DOWARN, pwd->pw_uid, (dev_t) - 1, 0);
setuid(pwd->pw_uid);
/* destroy environment unless user has asked to preserve it */
if (!pflag)
environ = envinit;
/* set up environment, this time without destruction */
/* copy the environment before setenving */
i = 0;
while (environ[i] != NULL)
i++;
envnew = (char **)malloc(sizeof(char *) * (i + 1));
for (; i >= 0; i--)
envnew[i] = environ[i];
environ = envnew;
setenv("HOME=", pwd->pw_dir, 1);
setenv("SHELL=", pwd->pw_shell, 1);
if (term[0] == '\0')
strncpy(term, stypeof(tty), sizeof(term));
setenv("TERM=", term, 0);
setenv("USER="******"PATH=", ":/usr/ucb:/bin:/usr/bin", 0);
if ((namep = strrchr(pwd->pw_shell, '/')) == NULL)
namep = pwd->pw_shell;
else
namep++;
strcat(minusnam, namep);
if (tty[sizeof("tty") - 1] == 'd')
syslog(LOG_INFO, "DIALUP %s, %s", tty, pwd->pw_name);
if (pwd->pw_uid == 0)
if (utmp.ut_host[0])
syslog(LOG_NOTICE, "ROOT LOGIN %s FROM %.*s", tty, HMAX,
utmp.ut_host);
else
syslog(LOG_NOTICE, "ROOT LOGIN %s", tty);
if (!quietlog) {
struct stat st;
showmotd();
strcat(maildir, pwd->pw_name);
if (stat(maildir, &st) == 0 && st.st_size != 0)
printf("You have %smail.\n",
(st.st_mtime > st.st_atime) ? "new " : "");
}
signal(SIGALRM, SIG_DFL);
signal(SIGQUIT, SIG_DFL);
signal(SIGINT, SIG_DFL);
signal(SIGTSTP, SIG_IGN);
execlp(pwd->pw_shell, minusnam, 0);
perror(pwd->pw_shell);
printf("No shell\n");
exit(0);
}
int main(int argc, char **argv)
{
register char *namep;
int t, f, c;
char *ttyn;
alarm(60);
signal(SIGQUIT, SIG_IGN);
signal(SIGINT, SIG_IGN);
nice(-100);
nice(20);
nice(0);
gtty(0, &ttyb);
ttyb.sg_erase = '#';
ttyb.sg_kill = '@';
stty(0, &ttyb);
for (t=3; t<20; t++)
close(t);
ttyn = ttyname(0);
if (ttyn==0)
ttyn = "/dev/tty??";
loop:
SCPYN(utmp.ut_name, "");
if (argc>1) {
SCPYN(utmp.ut_name, argv[1]);
argc = 0;
}
while (utmp.ut_name[0] == '\0') {
namep = utmp.ut_name;
printf("login: "******"Password:"******"Login incorrect\n");
goto loop;
}
}
if(chdir(pwd->pw_dir) < 0) {
printf("No directory\n");
goto loop;
}
time(&utmp.ut_time);
t = ttyslot();
if (t>0 && (f = open("/etc/utmp", 1)) >= 0) {
lseek(f, (long)(t*sizeof(utmp)), 0);
SCPYN(utmp.ut_line, strchr(ttyn+1, '/')+1);
write(f, (char *)&utmp, sizeof(utmp));
close(f);
}
if (t>0 && (f = open("/usr/adm/wtmp", 1)) >= 0) {
lseek(f, 0L, 2);
write(f, (char *)&utmp, sizeof(utmp));
close(f);
}
chown(ttyn, pwd->pw_uid, pwd->pw_gid);
setgid(pwd->pw_gid);
setuid(pwd->pw_uid);
if (*pwd->pw_shell == '\0')
pwd->pw_shell = "/bin/sh";
environ = envinit;
strncat(homedir, pwd->pw_dir, sizeof(homedir)-6);
if ((namep = strrchr(pwd->pw_shell, '/')) == NULL)
namep = pwd->pw_shell;
else
namep++;
strcat(minusnam, namep);
alarm(0);
umask(02);
showmotd();
strcat(maildir, pwd->pw_name);
if(access(maildir,4)==0) {
struct stat statb;
stat(maildir, &statb);
if (statb.st_size)
printf("You have mail.\n");
}
signal(SIGQUIT, SIG_DFL);
signal(SIGINT, SIG_DFL);
execlp(pwd->pw_shell, minusnam, 0);
printf("No shell\n");
exit(0);
return 0;
}
int
pam_sm_authenticate(
pam_handle_t *pamh,
int flags,
int argc,
const char **argv)
{
char *ttyn, *user;
struct pam_conv *pam_convp;
FILE *fp;
char defpass[30];
char line[80];
char *p1, *p2;
struct passwd pwd;
char pwd_buffer[1024];
char *password;
static struct pam_response *ret_resp;
int retcode;
char messages[PAM_MAX_NUM_MSG][PAM_MAX_MSG_SIZE];
int num_msg;
int i;
int debug = 0;
for (i = 0; i < argc; i++) {
if (strcasecmp(argv[i], "debug") == 0)
debug = 1;
else
syslog(LOG_DEBUG, "illegal option %s", argv[i]);
}
if ((retcode = pam_get_user(pamh, &user, NULL))
!= PAM_SUCCESS ||
(retcode = pam_get_item(pamh, PAM_TTY, (void **)&ttyn))
!= PAM_SUCCESS ||
(retcode = pam_get_item(pamh, PAM_CONV, (void **)&pam_convp))
!= PAM_SUCCESS)
return (retcode);
if (debug) {
syslog(LOG_DEBUG,
"Dialpass authenticate user = %s, ttyn = %s",
user, ttyn);
}
if (getpwnam_r(user, &pwd, pwd_buffer, sizeof (pwd_buffer)) == NULL)
return (PAM_USER_UNKNOWN);
if ((fp = fopen(DIAL_FILE, "r")) == NULL) {
return (PAM_SUCCESS);
}
while ((p1 = fgets(line, sizeof (line), fp)) != NULL) {
while (*p1 != '\n' && *p1 != ' ' && *p1 != '\t')
p1++;
*p1 = '\0';
if (strcmp(line, ttyn) == 0)
break;
}
(void) fclose(fp);
if (p1 == NULL || (fp = fopen(DPASS_FILE, "r")) == NULL)
return (PAM_SUCCESS);
defpass[0] = '\0';
p2 = 0;
while ((p1 = fgets(line, sizeof (line)-1, fp)) != NULL) {
while (*p1 && *p1 != ':')
p1++;
*p1++ = '\0';
p2 = p1;
while (*p1 && *p1 != ':')
p1++;
*p1 = '\0';
if (pwd.pw_shell != NULL && strcmp(pwd.pw_shell, line) == 0)
break;
if (strcmp(SHELL, line) == 0)
SCPYN(defpass, p2);
p2 = 0;
}
(void) fclose(fp);
if (!p2)
p2 = defpass;
if (*p2 != '\0') {
strcpy(messages[0], PAM_MSG(pamh, 1, "Dialup Password: "));
num_msg = 1;
retcode = __pam_get_input(PAM_PROMPT_ECHO_OFF, pam_convp->conv,
num_msg, messages, NULL, &ret_resp);
if (retcode != PAM_SUCCESS)
return (retcode);
password = ret_resp->resp;
/* UNIX passwords can only be 8 characters long */
password[8] = '\0';
if (strcmp(crypt(password, p2), p2)) {
__pam_free_resp(num_msg, ret_resp);
return (PAM_SERVICE_ERR);
}
__pam_free_resp(num_msg, ret_resp);
}
return (PAM_SUCCESS);
}
