static void copy_gecos(const struct passwd *w, char *name, size_t sz)
{
char *src, *dst;
size_t len, nlen;
nlen = strlen(w->pw_name);
/* Traditionally GECOS field had office phone numbers etc, separated
* with commas. Also & stands for capitalized form of the login name.
*/
for (len = 0, dst = name, src = get_gecos(w); len < sz; src++) {
int ch = *src;
if (ch != '&') {
*dst++ = ch;
if (ch == 0 || ch == ',')
break;
len++;
continue;
}
if (len + nlen < sz) {
/* Sorry, Mr. McDonald... */
*dst++ = toupper(*w->pw_name);
memcpy(dst, w->pw_name + 1, nlen - 1);
dst += nlen - 1;
len += nlen;
}
}
if (len < sz)
name[len] = 0;
else
die("Your parents must have hated you!");
}
static void copy_gecos(const struct passwd *w, struct strbuf *name)
{
char *src;
/* Traditionally GECOS field had office phone numbers etc, separated
* with commas. Also & stands for capitalized form of the login name.
*/
for (src = get_gecos(w); *src && *src != ','; src++) {
int ch = *src;
if (ch != '&')
strbuf_addch(name, ch);
else {
/* Sorry, Mr. McDonald... */
strbuf_addch(name, toupper(*w->pw_name));
strbuf_addstr(name, w->pw_name + 1);
}
}
}
static char *rewrite_from(const char *oldfrom, const char *newuser,
const char *newhost, const char *newname)
{
struct rfc822t *rfct;
struct rfc822a *rfca;
struct rfc822t *usert, *hostt, *namet;
struct rfc822token attoken, **tp;
char *p;
const char *q;
char *gecosname=0;
if (!oldfrom)
{
char *p=courier_malloc(
(newuser ? strlen(newuser):0)+
(newhost ? strlen(newhost):0)+4);
strcpy(p, "<");
if (newuser) strcat(p, newuser);
if (newuser && newhost)
strcat(strcat(p, "@"), newhost);
strcat(p, ">");
if (newname)
{
char *q, *r;
namet=tokenize_name(newname);
q=rfc822_gettok(namet->tokens);
rfc822t_free(namet);
r=courier_malloc(strlen(p)+strlen(q)+2);
strcat(strcat(strcpy(r, q), " "), p);
free(p);
p=r;
free(q);
}
return (p);
}
if ((rfct=rfc822t_alloc_new(oldfrom, NULL, NULL)) == 0 ||
(rfca=rfc822a_alloc(rfct)) == 0)
{
clog_msg_errno();
return(0);
}
if ((q=env("MAILNAME")) || (q=env("NAME")))
newname=q;
if (!newname && rfca->naddrs == 0)
newname=gecosname=get_gecos();
if ((rfca->naddrs == 0 || rfca->addrs[0].tokens == 0) && newuser == 0)
{
struct passwd *pw=mypwd();
if (pw) newuser=pw->pw_name;
}
namet=newname ? tokenize_name(newname):0;
usert=newuser ? rw_rewrite_tokenize(newuser):0;
hostt=newhost ? rw_rewrite_tokenize(newhost):0;
if (rfca->naddrs == 0 || rfca->addrs[0].tokens == 0)
{
struct rfc822addr a;
struct rfc822a fakea;
if (hostt)
{
struct rfc822token *t;
attoken.token='@';
attoken.next=hostt->tokens;
attoken.ptr=0;
attoken.len=0;
for (t=usert->tokens; t->next; t=t->next)
;
t->next=&attoken;
}
fakea.naddrs=1;
fakea.addrs= &a;
if (!namet) namet=tokenize_name("");
if (!usert) usert=rw_rewrite_tokenize("");
a.name=namet->tokens;
a.tokens=usert->tokens;
p=rfc822_getaddrs(&fakea);
}
else
{
struct rfc822token *t, *u;
rfca->naddrs=1;
if (usert)
{
for (t=rfca->addrs[0].tokens; t; t=t->next)
if (t->token == '@') break;
for (u=usert->tokens; u->next; u=u->next)
;
u->next=t;
rfca->addrs[0].tokens=usert->tokens;;
}
if (hostt && rfca->addrs[0].tokens)
{
for (tp= &rfca->addrs[0].tokens; *tp;
tp= &(*tp)->next)
if ( (*tp)->token == '@') break;
*tp=&attoken;
attoken.token='@';
attoken.next=hostt->tokens;
attoken.ptr=0;
attoken.len=0;
}
if (namet)
rfca->addrs[0].name=namet->tokens;
p=rfc822_getaddrs(rfca);
}
if (!p) clog_msg_errno();
if (usert) rfc822t_free(usert);
if (hostt) rfc822t_free(hostt);
if (namet) rfc822t_free(namet);
rfc822t_free(rfct);
rfc822a_free(rfca);
if (gecosname) free(gecosname);
return (p);
}
static void rewrite_headers(const char *From)
{
int seen_from=0;
char headerbuf[5000];
int c, i;
const char *mailuser, *mailuser2, *mailhost;
char *p;
char *pfrom=From ? strcpy(courier_malloc(strlen(From)+1), From):0;
if ((mailuser=env("MAILUSER")) == 0 &&
(mailuser=env("LOGNAME")) == 0)
mailuser=env("USER");
mailuser2=env("MAILUSER");
mailhost=env("MAILHOST");
while (fgets(headerbuf, sizeof(headerbuf), stdin))
{
char *p=strchr(headerbuf, '\n');
if (p)
{
*p=0;
if (p == headerbuf || strcmp(headerbuf, "\r") == 0)
break;
}
#if HAVE_STRNCASECMP
if (strncasecmp(headerbuf, "from:", 5))
#else
if (strnicmp(headerbuf, "from:", 5))
#endif
{
fprintf(submit_to, "%s", headerbuf);
if (!p)
while ((c=getchar()) != EOF && c != '\n')
putc(c, submit_to);
putc('\n', submit_to);
continue;
}
if (!p)
while ((c=getchar()) != EOF && c != '\n')
; /* I don't care */
if (seen_from) continue; /* Screwit */
seen_from=1;
i=strlen(headerbuf);
for (;;)
{
c=getchar();
if (c != EOF) ungetc(c, stdin);
if (c == EOF || c == '\r' || c == '\n') break;
if (!isspace((int)(unsigned char)c)) break;
while ((c=getchar()) != EOF && c != '\n')
{
if (i < sizeof(headerbuf)-1)
headerbuf[i++]=c;
}
headerbuf[i]=0;
}
p=rewrite_from(headerbuf+5, mailuser2, mailhost, pfrom);
fprintf(submit_to, "From: %s\n", p);
free(p);
}
if (!seen_from)
{
if (!mailuser)
{
struct passwd *pw=mypwd();
mailuser=pw ? pw->pw_name:"nobody";
}
if (!pfrom)
{
if ( !(From=env("MAILNAME")) && !(From=env("NAME")))
{
pfrom=get_gecos();
}
else pfrom=strcpy(courier_malloc(strlen(From)+1),
From);
}
p=rewrite_from(NULL, mailuser, mailhost, pfrom);
fprintf(submit_to, "From: %s\n", p);
free(p);
}
putc('\n', submit_to);
if (pfrom) free(pfrom);
}
void
auth_log(Authctxt *authctxt, int authenticated, char *method, char *info)
{
void (*authlog) (const char *fmt,...) = verbose;
void (*final_authlog) (const char *fmt,...) = logit_notice;
char *authmsg;
char *gecos = NULL;
int is_none_first_failure = 0;
if (use_privsep && !mm_is_monitor() && !authctxt->postponed)
return;
/*
* Avoid unhelpful messages about "Failed none", which happen
* because the infrastructure always first tries to see if
* logging in with an empty password will work.
*/
if (authenticated == 0 && !(authctxt->postponed) &&
authctxt->failures == 0 && strcmp(method, "none") == 0) {
is_none_first_failure = 1;
authlog = debug;
final_authlog = debug;
}
/* Raise logging level */
else if (authenticated == 1 ||
!authctxt->valid ||
authctxt->failures >= AUTH_FAIL_LOG ||
strcmp(method, "password") == 0)
authlog = logit;
if (authctxt->postponed)
authmsg = "Postponed";
else
authmsg = authenticated ? "Accepted" : "Failed";
if (authctxt->valid || aaa_log_unknown_usernames_flag) {
(*authlog)("%s %s for %s%.100s from %.200s port %d%s",
authmsg,
method,
authctxt->valid ? "" : "unknown user ",
authctxt->user,
get_remote_ipaddr(),
get_remote_port(),
info);
}
else {
debug("%s %s for %s%.100s from %.200s port %d%s",
authmsg,
method,
authctxt->valid ? "" : "unknown user ",
authctxt->user,
get_remote_ipaddr(),
get_remote_port(),
info);
(*authlog)("%s %s for unknown user from %.200s port %d%s",
authmsg,
method,
get_remote_ipaddr(),
get_remote_port(),
info);
}
if (!(authctxt->postponed)) {
gecos = get_gecos(authctxt->user);
if (authenticated) {
(*final_authlog)("%s %s%s logged in via%s from %s",
authctxt->valid ? "User" : "Unknown user",
authctxt->user, gecos ? gecos : "",
info, get_remote_ipaddr());
}
else {
if (authctxt->valid || aaa_log_unknown_usernames_flag) {
(*final_authlog)("%s %s%s failed to login via%s from %s",
authctxt->valid ? "User" : "Unknown user",
authctxt->user, gecos ? gecos : "",
info, get_remote_ipaddr());
}
else {
debug("%s %s%s failed to login via%s from %s",
authctxt->valid ? "User" : "Unknown user",
authctxt->user, gecos ? gecos : "",
info, get_remote_ipaddr());
(*final_authlog)("Unknown user failed to login via%s from %s",
info, get_remote_ipaddr());
}
}
if (gecos) {
free(gecos);
}
}
#ifdef CUSTOM_FAILED_LOGIN
if (authenticated == 0 && !authctxt->postponed &&
!is_none_first_failure &&
(strcmp(method, "password") == 0 ||
strncmp(method, "keyboard-interactive", 20) == 0 ||
strcmp(method, "challenge-response") == 0))
record_failed_login(authctxt->user,
get_canonical_hostname(options.use_dns), "ssh");
#endif
}
