int cleanopen(char *line) { int t; if (ptyslavefd != -1) return ptyslavefd; #ifdef STREAMSPTY if (!really_stream) #endif { /* * Make sure that other people can't open the * slave side of the connection. */ chown(line, 0, 0); chmod(line, 0600); } #ifdef HAVE_REVOKE revoke(line); #endif t = open(line, O_RDWR|O_NOCTTY); if (t < 0) return(-1); /* * Hangup anybody else using this ttyp, then reopen it for * ourselves. */ # if !(defined(_CRAY) || defined(__hpux)) && (BSD <= 43) && !defined(STREAMSPTY) signal(SIGHUP, SIG_IGN); #ifdef HAVE_VHANGUP vhangup(); #else #endif signal(SIGHUP, SIG_DFL); t = open(line, O_RDWR|O_NOCTTY); if (t < 0) return(-1); # endif # if defined(_CRAY) && defined(TCVHUP) { int i; signal(SIGHUP, SIG_IGN); ioctl(t, TCVHUP, (char *)0); signal(SIGHUP, SIG_DFL); i = open(line, O_RDWR); if (i < 0) return(-1); close(t); t = i; } # endif /* defined(CRAY) && defined(TCVHUP) */ return(t); }
int getty(char *tty, speed_t speed, char *term, char *user) { int fd; char name[30]; /* Detach from initial controlling TTY */ vhangup(); fd = open(tty, O_RDWR); if (fd < 0) err(1, "Failed opening %s", tty); dup2(fd, STDIN_FILENO); dup2(fd, STDOUT_FILENO); dup2(fd, STDERR_FILENO); if (ioctl(STDIN_FILENO, TIOCSCTTY, 1) < 0) warn("Failed TIOCSCTTY"); /* The getty process is responsible for the UTMP login record */ utmp_set_login(tty, NULL); if (!user) do_getty(tty, name, sizeof(name)); else strlcpy(name, user, sizeof(name)); /* Set up TTY, re-enabling ISIG et al. */ stty(fd, speed); close(fd); if (term && term[0]) setenv("TERM", term, 1); return do_login(name); }
void cleanup(int sig) { #if defined(HAVE_UTMPX_H) || !defined(HAVE_LOGWTMP) rmut(); #ifdef HAVE_VHANGUP #ifndef __sgi vhangup(); /* XXX */ #endif #endif #else char *p; p = line + sizeof("/dev/") - 1; if (logout(p)) logwtmp(p, "", ""); chmod(line, 0666); chown(line, 0, 0); *p = 'p'; chmod(line, 0666); chown(line, 0, 0); #endif shutdown(net, 2); exit(1); }
/* * Open the specified slave side of the pty, * making sure that we have a clean tty. */ static int cleanopen(char *lyne) { register int t; /* * Make sure that other people can't open the * slave side of the connection. */ chown(lyne, 0, 0); chmod(lyne, 0600); #ifndef NO_REVOKE revoke(lyne); #endif t = open(lyne, O_RDWR|O_NOCTTY); if (t < 0) return(-1); /* * Hangup anybody else using this ttyp, then reopen it for * ourselves. */ # if !defined(__linux__) /* this looks buggy to me, our ctty is really a pty at this point */ signal(SIGHUP, SIG_IGN); vhangup(); signal(SIGHUP, SIG_DFL); t = open(lyne, O_RDWR|O_NOCTTY); if (t < 0) return(-1); # endif return(t); }
int main(int argc, char **argv) { int lc; char *msg; pid_t pid; int retval, status; struct passwd *nobody; if ((msg = parse_opts(argc, argv, NULL, NULL)) != NULL) { tst_brkm(TBROK, NULL, "OPTION PARSING ERROR - %s", msg); } setup(); for (lc = 0; TEST_LOOPING(lc); lc++) { /* reset Tst_count in case we are looping */ Tst_count = 0; nobody = my_getpwnam(user1name); if ((pid = FORK_OR_VFORK()) < 0) { tst_brkm(TFAIL, cleanup, "fork failed"); } else if (pid > 0) { /* parent */ waitpid(pid, &status, 0); _exit(0); /* * Exit here and let the child clean up. * This allows the errno information set * by the TEST_ERROR_LOG macro and the * PASS/FAIL status to be preserved for * use during cleanup. */ } else { /* child */ retval = setreuid(nobody->pw_uid, nobody->pw_uid); if (retval < 0) { perror("setreuid"); tst_brkm(TFAIL, cleanup, "setreuid failed"); } TEST(vhangup()); if (TEST_RETURN != -1) { tst_brkm(TFAIL, cleanup, "vhangup() failed to " "fail"); } else if (TEST_ERRNO == EPERM) { TEST_ERROR_LOG(TEST_ERRNO); tst_resm(TPASS, "Got EPERM as expected."); } else { TEST_ERROR_LOG(TEST_ERRNO); tst_resm(TFAIL, "expected EPERM got %d", TEST_ERRNO); } } } cleanup(); tst_exit(); }
static int hangup(void *priv) { while(1) { sleep(random() % 2); if (vhangup()) { continue; } } return 0; }
int sh(char *tty) { int fd; char *arg0; char *args[2] = { NULL, NULL }; size_t len; struct termios term; /* Detach from initial controlling TTY */ vhangup(); fd = open(tty, O_RDWR); if (fd < 0) err(1, "Failed opening %s", tty); dup2(fd, STDIN_FILENO); dup2(fd, STDOUT_FILENO); dup2(fd, STDERR_FILENO); if (ioctl(STDIN_FILENO, TIOCSCTTY, 1) < 0) warn("Failed TIOCSCTTY"); /* The getty process is usually responsible for the UTMP login record */ utmp_set_login(tty, NULL); /* Set up TTY, re-enabling ISIG et al. */ stty(fd, B0); close(fd); /* Start /bin/sh as a login shell, i.e. with a prefix '-' */ len = strlen(_PATH_BSHELL) + 2; arg0 = malloc(len); if (!arg0) err(1, "Failed allocating memory"); snprintf(arg0, len, "-%s", _PATH_BSHELL); args[0] = arg0; /* Reenable Ctrl-D and Ctrl-C, and ... */ if (!tcgetattr(STDIN_FILENO, &term)) { term.c_lflag |= ISIG; term.c_cc[VEOF] = CTL('D'); term.c_cc[VINTR] = CTL('C'); tcsetattr(STDIN_FILENO, TCSANOW, &term); } /* ... unblock signals in general */ sig_unblock(); return execv(_PATH_BSHELL, args); }
void ptyint_vhangup(void) { #ifdef HAVE_VHANGUP #ifdef POSIX_SIGNALS struct sigaction sa; /* Initialize "sa" structure. */ (void) sigemptyset(&sa.sa_mask); sa.sa_flags = 0; #endif #ifdef POSIX_SIGNALS sa.sa_handler = SIG_IGN; (void) sigaction(SIGHUP, &sa, (struct sigaction *)0); vhangup(); sa.sa_handler = SIG_DFL; (void) sigaction(SIGHUP, &sa, (struct sigaction *)0); #else signal(SIGHUP, SIG_IGN); vhangup(); signal(SIGHUP, SIG_DFL); #endif #endif }
int main(int argc, char **argv) { int lc; char *msg; pid_t pid, pid1; int status; /* parse standard options */ if ((msg = parse_opts(argc, argv, NULL, NULL)) != NULL) { tst_brkm(TBROK, NULL, "OPTION PARSING ERROR - %s", msg); } setup(); for (lc = 0; TEST_LOOPING(lc); lc++) { /* reset Tst_count in case we are looping */ Tst_count = 0; fail = 0; if ((pid = FORK_OR_VFORK()) < 0) { tst_brkm(TFAIL, cleanup, "fork failed"); } else if (pid > 0) { /* parent */ waitpid(pid, &status, 0); _exit(0); } else { /* child */ pid1 = setsid(); if (pid1 < 0) { tst_brkm(TFAIL, cleanup, "setsid failed"); } TEST(vhangup()); if (TEST_RETURN == -1) { tst_resm(TFAIL, "vhangup() failed, errno:%d", errno); } else { tst_resm(TPASS, "vhangup() succeeded"); } } } cleanup(); tst_exit(); }
int main(int argc, char **argv) { int lc; pid_t pid, pid1; int status; tst_parse_opts(argc, argv, NULL, NULL); setup(); for (lc = 0; TEST_LOOPING(lc); lc++) { /* reset tst_count in case we are looping */ tst_count = 0; fail = 0; if ((pid = FORK_OR_VFORK()) < 0) { tst_brkm(TFAIL, cleanup, "fork failed"); } else if (pid > 0) { /* parent */ waitpid(pid, &status, 0); _exit(0); } else { /* child */ pid1 = setsid(); if (pid1 < 0) { tst_brkm(TFAIL, cleanup, "setsid failed"); } TEST(vhangup()); if (TEST_RETURN == -1) { tst_resm(TFAIL, "vhangup() failed, errno:%d", errno); } else { tst_resm(TPASS, "vhangup() succeeded"); } } } cleanup(); tst_exit(); }
static void do_work(const char *tty) { char buf[256]; unsigned int cnt = 0; unsigned int errc = 0; int fd, con; pid_t pid; if (signal(SIGHUP, SIG_IGN) == SIG_ERR) err(1, "signal(SIGHUP)"); setsid(); pid = getpid(); con = open("/tmp/aaa", O_WRONLY|O_NOCTTY|O_CREAT|O_APPEND); if (con < 0) err(2, "open cons"); while (1) { if (!(cnt++ % 10000)) { int len = sprintf(buf, "%d: err=%x\n", pid, errc); write(con, buf, len); errc = 0; } fd = open(tty, O_RDWR|O_NOCTTY); if (fd < 0) { errc |= 1; continue; } if (ioctl(fd, TIOCSCTTY, 1)) errc |= 2; else if (vhangup()) errc |= 4; close(fd); usleep(200 * (10 + random() % 50)); } close(con); exit(errc); }
/** * Secure the TTY from spying * * @param group The group, -1 for unchanged */ void secure_tty(gid_t group) { struct termios tty; struct termios saved_tty; char* tty_device; int fd, i; /* Set ownership of this TTY to root:root */ chown_tty(0, group, 1); /* Get TTY name for last part of this functions */ tty_device = ttyname(STDIN_FILENO); /* Kill other processes on this TTY */ tcgetattr(STDIN_FILENO, &tty); saved_tty = tty; tty.c_cflag &= (tcflag_t)~HUPCL; tcsetattr(0, TCSANOW, &tty); close(STDIN_FILENO); close(STDOUT_FILENO); close(STDERR_FILENO); signal(SIGHUP, SIG_IGN); vhangup(); signal(SIGHUP, SIG_DFL); /* Restore terminal and TTY modes */ fd = open(tty_device, O_RDWR | O_NONBLOCK); if (fd == -1) fail("open"); fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) & ~O_NONBLOCK); for (i = 0; i < fd; i++) close(i); for (i = 0; i < 3; i++) if (i != fd) dup2(fd, i); if (fd > 2) close(fd); tcgetattr(STDIN_FILENO, &saved_tty); }
int main(int argc, char **argv) { int lc; pid_t pid; int retval; tst_parse_opts(argc, argv, NULL, NULL); setup(); for (lc = 0; TEST_LOOPING(lc); lc++) { tst_count = 0; if ((pid = FORK_OR_VFORK()) < 0) { tst_brkm(TFAIL, NULL, "fork failed"); } else if (pid > 0) { tst_record_childstatus(NULL, pid); } else { retval = setreuid(nobody_uid, nobody_uid); if (retval < 0) { perror("setreuid"); tst_brkm(TFAIL, NULL, "setreuid failed"); } TEST(vhangup()); if (TEST_RETURN != -1) { tst_brkm(TFAIL, NULL, "vhangup() failed to " "fail"); } else if (TEST_ERRNO == EPERM) { tst_resm(TPASS, "Got EPERM as expected."); } else { tst_resm(TFAIL, "expected EPERM got %d", TEST_ERRNO); } } } tst_exit(); }
Boolean ssh_pty_internal_make_ctty(int *ttyfd, const char *ttyname) { int fd; /* First disconnect from the old controlling tty. */ #ifdef TIOCNOTTY fd = open("/dev/tty", O_RDWR|O_NOCTTY); if (fd >= 0) { (void)ioctl(fd, TIOCNOTTY, NULL); close(fd); } #endif /* TIOCNOTTY */ /* Verify that we are successfully disconnected from the controlling tty. */ fd = open("/dev/tty", O_RDWR|O_NOCTTY); if (fd >= 0) { ssh_warning("Failed to disconnect from controlling tty."); close(fd); } /* Make it our controlling tty. */ #ifdef TIOCSCTTY ssh_debug("Setting controlling tty using TIOCSCTTY."); /* We ignore errors from this, because HPSUX defines TIOCSCTTY, but returns EINVAL with these arguments, and there is absolutely no documentation. */ ioctl(*ttyfd, TIOCSCTTY, NULL); #endif /* TIOCSCTTY */ #ifdef HAVE_SETPGID /* This appears to be necessary on some machines... */ setpgid(0, 0); #endif fd = open(ttyname, O_RDWR); if (fd < 0) ssh_warning("%.100s: %.100s", ttyname, strerror(errno)); else close(fd); /* Verify that we now have a controlling tty. */ fd = open("/dev/tty", O_WRONLY); if (fd < 0) { ssh_warning("open /dev/tty failed; could not set controlling tty: %", strerror(errno)); return FALSE; } close(fd); #if defined(HAVE_VHANGUP) && !defined(HAVE_REVOKE) signal(SIGHUP, SIG_IGN); vhangup(); signal(SIGHUP, SIG_DFL); fd = open(ttyname, O_RDWR); if (fd == -1) ssh_warning("pty_make_controlling_tty: reopening controlling tty after vhangup failed for %.100s", ttyname); close(*ttyfd); *ttyfd = fd; #endif /* HAVE_VHANGUP && !HAVE_REVOKE */ return TRUE; }
int main() { /* Variables */ int fd; int stdout_fileno; char *username; char *home; char *conf_file_name; /* Initialize variables */ afterlist = ul_create(8); beforelist = ul_create(8); stdout_fileno = fileno(stdout); /* Get our username */ struct passwd *p = getpwuid(getuid()); if(p == NULL) fatalperror("getpwuid"); /* warning - username will now point to a static area, subsequent getpwuid calls may overwite it */ username = p->pw_name; /* Get our home directory */ home = getenv("HOME"); if(home == NULL) fatalerror("$HOME is not set.\n"); conf_file_name = malloc(strlen(home) + 1 + strlen(conf_file_basename) + 1); strcpy(conf_file_name, home); strcat(conf_file_name, "/"); strcat(conf_file_name, conf_file_basename); /* Set up atexit */ atexit(free_mem_on_exit); /* Read conf file */ config = load_config(conf_file_name); /* If we are supposed to print a user list upon startup, do it now, before fork()ing */ if(config->initialshow) { struct userlist *ls = ul_create(8); ul_populate(ls); ul_sort(ls); if(ls->array[0] == NULL) { printf("No users logged in.\n"); } else { printf("Users logged in: "); for(int i = 0; ls->array[i] != NULL; i++) { if(i > 0 && !strcmp(ls->array[i], ls->array[i-1])) continue; printf("%s, ", ls->array[i]); } printf("\b\b \n"); } ul_free(ls); } /* If we aren't supposed to listen to INs *or* OUTs, no point in continuing */ if(!config->listen_ins && !config->listen_outs) exit(EXIT_SUCCESS); /* If we are forking, fork() and then exit the parent */ if(config->forking) { pid_t pid = fork(); if(pid > 0) exit(0); else if(pid == -1) fatalperror("fork"); /* This setpgid() call changes the process-group ID so 'w' reports the shell (not us!) as the current command */ setpgid(getpid(),getpid()); /* Close stdin, and hang up the TTY, since we really can't access them from the "background" */ close(STDIN_FILENO); vhangup(); } /* Set up child-reaping for login-command */ signal(SIGCHLD, SIG_IGN); /* Start and setup inotify */ fd = inotify_init(); if(fd < 0) fatalperror("inotify_init"); if(inotify_add_watch(fd, _PATH_UTMP, IN_MODIFY) < 0) fatalperror("inotify_add_watch"); while(1) { ul_populate(beforelist); /* If we are fork()ing, we want to monitor stdout, which requires us to use select() with a timeout */ if(config->forking) { watch_and_wait(fd, stdout_fileno); } struct inotify_event evt; if(read(fd, &evt, sizeof(struct inotify_event)) < 0) fatalperror("read"); ul_populate(afterlist); int firstlen = ul_count(beforelist); int secondlen = ul_count(afterlist); if(firstlen == secondlen) { continue; } else if(firstlen > secondlen) { char *r = ul_subtract(beforelist, afterlist); if(r == NULL) continue; if(!strcmp(r, username)) continue; if(config->listen_outs) on_logout(r); } else { char *r = ul_subtract(afterlist, beforelist); if(r == NULL) continue; if(!strcmp(r, username)) continue; if(config->listen_ins) on_login(r); } if(config->oneshot) { exit(0); } } exit(SUCCESS); }
int main(int argc, char *argv[]) { char term[128], logname[LOGIN_NAME_MAX], c; char hostname[HOST_NAME_MAX + 1]; struct utmp usr; struct sigaction sa; FILE *fp; int fd; unsigned int i = 0; ssize_t n; long pos; ARGBEGIN { default: usage(); } ARGEND; strlcpy(term, defaultterm, sizeof(term)); if (argc > 0) { tty = argv[0]; if (argc > 1) strlcpy(term, argv[1], sizeof(term)); } sa.sa_handler = SIG_IGN; sa.sa_flags = 0; sigemptyset(&sa.sa_mask); sigaction(SIGHUP, &sa, NULL); setenv("TERM", term, 1); setsid(); fd = open(tty, O_RDWR); if (fd < 0) eprintf("open %s:", tty); if (isatty(fd) == 0) eprintf("%s is not a tty\n", tty); /* steal the controlling terminal if necessary */ if (ioctl(fd, TIOCSCTTY, (void *)1) != 0) weprintf("TIOCSCTTY: could not set controlling tty\n"); vhangup(); close(fd); fd = open(tty, O_RDWR); if (fd < 0) eprintf("open %s:", tty); dup2(fd, 0); dup2(fd, 1); dup2(fd, 2); if (fchown(fd, 0, 0) < 0) weprintf("fchown %s:", tty); if (fchmod(fd, 0600) < 0) weprintf("fchmod %s:", tty); if (fd > 2) close(fd); sa.sa_handler = SIG_DFL; sa.sa_flags = 0; sigemptyset(&sa.sa_mask); sigaction(SIGHUP, &sa, NULL); /* Clear all utmp entries for this tty */ fp = fopen(UTMP_PATH, "r+"); if (fp) { do { pos = ftell(fp); if (fread(&usr, sizeof(usr), 1, fp) != 1) break; if (usr.ut_line[0] == '\0') continue; if (strcmp(usr.ut_line, tty) != 0) continue; memset(&usr, 0, sizeof(usr)); fseek(fp, pos, SEEK_SET); if (fwrite(&usr, sizeof(usr), 1, fp) != 1) break; } while (1); if (ferror(fp)) weprintf("%s: I/O error:", UTMP_PATH); fclose(fp); } if (argc > 2) return execvp(argv[2], argv + 2); if (gethostname(hostname, sizeof(hostname)) == 0) printf("%s ", hostname); printf("login: "******"read:"); if (n == 0) return 1; if (i >= sizeof(logname) - 1) eprintf("login name too long\n"); if (c == '\n' || c == '\r') break; logname[i++] = c; } if (logname[0] == '-') eprintf("login name cannot start with '-'\n"); if (logname[0] == '\0') return 1; return execlp("/bin/login", "login", "-p", logname, NULL); }
/* * logoutd - logout daemon to enforce /etc/porttime file policy * * logoutd is started at system boot time and enforces the login * time and port restrictions specified in /etc/porttime. The * utmpx/utmp file is periodically scanned and offending users are logged * off from the system. */ int main (int argc, char **argv) { int i; int status; pid_t pid; #if HAVE_UTMPX_H struct utmpx *ut; #else struct utmp *ut; #endif char user[sizeof (ut->ut_user) + 1]; /* terminating NUL */ char tty_name[sizeof (ut->ut_line) + 6]; /* /dev/ + NUL */ int tty_fd; setlocale (LC_ALL, ""); bindtextdomain (PACKAGE, LOCALEDIR); textdomain (PACKAGE); #ifndef DEBUG for (i = 0; close (i) == 0; i++); setpgrp (); /* * Put this process in the background. */ pid = fork (); if (pid > 0) { /* parent */ exit (0); } else if (pid < 0) { /* error */ perror ("fork"); exit (1); } #endif /* !DEBUG */ /* * Start syslogging everything */ Prog = Basename (argv[0]); OPENLOG ("logoutd"); /* * Scan the utmpx/utmp file once per minute looking for users that * are not supposed to still be logged in. */ while (1) { /* * Attempt to re-open the utmpx/utmp file. The file is only * open while it is being used. */ #if HAVE_UTMPX_H setutxent (); #else setutent (); #endif /* * Read all of the entries in the utmpx/utmp file. The entries * for login sessions will be checked to see if the user * is permitted to be signed on at this time. */ #if HAVE_UTMPX_H while ((ut = getutxent ())) { #else while ((ut = getutent ())) { #endif #ifdef USER_PROCESS if (ut->ut_type != USER_PROCESS) continue; #endif if (ut->ut_user[0] == '\0') continue; if (check_login (ut)) continue; /* * Put the rest of this in a child process. This * keeps the scan from waiting on other ports to die. */ pid = fork (); if (pid > 0) { /* parent */ continue; } else if (pid < 0) { /* failed - give up until the next scan */ break; } /* child */ if (strncmp (ut->ut_line, "/dev/", 5) != 0) strcpy (tty_name, "/dev/"); else tty_name[0] = '\0'; strcat (tty_name, ut->ut_line); #ifndef O_NOCTTY #define O_NOCTTY 0 #endif tty_fd = open (tty_name, O_WRONLY | O_NDELAY | O_NOCTTY); if (tty_fd != -1) { send_mesg_to_tty (tty_fd); close (tty_fd); sleep (10); } #ifdef USER_PROCESS /* USG_UTMP */ if (ut->ut_pid > 1) { kill (-ut->ut_pid, SIGHUP); sleep (10); kill (-ut->ut_pid, SIGKILL); } #else /* BSD || SUN || SUN4 */ /* * vhangup() the line to kill try and kill * whatever is out there using it. */ if ((tty_fd = open (tty_name, O_RDONLY | O_NDELAY)) == -1) continue; vhangup (tty_fd); close (tty_fd); #endif /* BSD || SUN || SUN4 */ strncpy (user, ut->ut_user, sizeof (user) - 1); user[sizeof (user) - 1] = '\0'; SYSLOG ((LOG_NOTICE, "logged off user `%s' on `%s'", user, tty_name)); /* * This child has done all it can, drop dead. */ exit (0); } #if HAVE_UTMPX_H endutxent (); #else endutent (); #endif #ifndef DEBUG sleep (60); #endif /* * Reap any dead babies ... */ while (wait (&status) != -1); } return 1; /* NOT REACHED */ }
pid_t run_getty(char *cmd, char *args[], int console) { pid_t pid = fork(); if (!pid) { int fd; char c; if (console) { /* Detach from initial controlling TTY */ vhangup(); close(STDERR_FILENO); close(STDOUT_FILENO); close(STDIN_FILENO); /* Attach TTY to console */ fd = open(CONSOLE, O_RDWR); if (fd != STDIN_FILENO) exit(1); dup2(0, STDIN_FILENO); dup2(0, STDOUT_FILENO); dup2(0, STDERR_FILENO); prctl(PR_SET_NAME, "console", 0, 0, 0); } sig_unblock(); setsid(); if (ioctl(STDIN_FILENO, TIOCSCTTY, 1) < 0) _pe("Failed TIOCSCTTY"); while (!fexist(SYNC_SHUTDOWN)) { static const char msg[] = "\nPlease press Enter to activate this console."; if (fexist(SYNC_STOPPED)) { sleep(1); continue; } if (console) { (void)write(STDERR_FILENO, msg, sizeof(msg)); while (read(STDIN_FILENO, &c, 1) == 1 && c != '\n') continue; } if (fexist(SYNC_STOPPED)) continue; execv(cmd, args); } if (console) close(fd); exit(0); } return pid; }
/* pty_make_controlling_tty: Makes the slave pty the controlling terminal. * * slavefd contains the descriptor for the slave side of a pseudo terminal. * slavename: the device name of the slave side of the pseudo terminal * Returns : 0 on success or -1 on error. * * NOTE: The descriptor of the resulting controlling terminal will be stored * in slavefd. */ int pty_make_controlling_tty(int *slavefd, const char *slavename) { int fd; #ifdef USE_VHANGUP void (*old) (int); #endif /* USE_VHANGUP */ if (!slavefd || *slavefd < 0 || !slavename) return set_errno(EINVAL); /* First disconnect from the old controlling tty */ #ifdef TIOCNOTTY if ((fd = open(PATH_TTY, O_RDWR | O_NOCTTY)) >= 0) { ioctl(fd, TIOCNOTTY, NULL); close(fd); } #endif /* TIOCNOTTY */ setsid(); /* * Verify that we are successfully disconnected from the controlling * tty. */ #if 0 if ((fd = open(PATH_TTY, O_RDWR | O_NOCTTY)) >= 0) { close(fd); return set_errno(ENXIO); } #endif /* Make it our controlling tty */ #ifdef TIOCSCTTY if (ioctl(*slavefd, TIOCSCTTY, NULL) == -1) return -1; #endif /* TIOCSCTTY */ #ifdef HAVE_NEWS4 setpgrp(0, 0); #endif /* HAVE_NEWS4 */ #ifdef USE_VHANGUP old = signal(SIGHUP, SIG_IGN); vhangup(); signal(SIGHUP, old); #endif /* USE_VHANGUP */ /* Why do this? */ if ((fd = open(slavename, O_RDWR)) >= 0) { #ifdef USE_VHANGUP close(*slavefd); *slavefd = fd; #else /* USE_VHANGUP */ close(fd); #endif /* USE_VHANGUP */ } /* Verify that we now have a controlling tty */ if ((fd = open(PATH_TTY, O_RDWR)) == -1) return -1; close(fd); return 0; }
static void stage_capability_test(void) { char tmp1[128]; char tmp2[128]; memset(tmp1, 0, sizeof(tmp1)); memset(tmp2, 0, sizeof(tmp2)); capability = "inet_tcp_create"; set_capability(); if (write_policy()) { int fd = socket(AF_INET, SOCK_STREAM, 0); show_result(fd, 1); if (fd != EOF) close(fd); delete_policy(); fd = socket(AF_INET, SOCK_STREAM, 0); show_result(fd, 0); if (fd != EOF) close(fd); } unset_capability(); { int fd1 = socket(AF_INET, SOCK_STREAM, 0); int fd2 = socket(AF_INET, SOCK_STREAM, 0); int fd3 = socket(AF_INET, SOCK_STREAM, 0); int fd4 = socket(AF_INET, SOCK_STREAM, 0); struct sockaddr_in addr; socklen_t size = sizeof(addr); memset(&addr, 0, sizeof(addr)); addr.sin_family = AF_INET; addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); addr.sin_port = htons(0); bind(fd1, (struct sockaddr *) &addr, sizeof(addr)); bind(fd2, (struct sockaddr *) &addr, sizeof(addr)); bind(fd3, (struct sockaddr *) &addr, sizeof(addr)); bind(fd4, (struct sockaddr *) &addr, sizeof(addr)); getsockname(fd1, (struct sockaddr *) &addr, &size); capability = "inet_tcp_listen"; set_capability(); if (write_policy()) { show_result(listen(fd1, 5), 1); delete_policy(); show_result(listen(fd2, 5), 0); } unset_capability(); capability = "inet_tcp_connect"; set_capability(); if (write_policy()) { show_result(connect(fd3, (struct sockaddr *) &addr, sizeof(addr)), 1); delete_policy(); show_result(connect(fd4, (struct sockaddr *) &addr, sizeof(addr)), 0); } unset_capability(); if (fd1 != EOF) close(fd1); if (fd2 != EOF) close(fd2); if (fd3 != EOF) close(fd3); if (fd4 != EOF) close(fd4); } capability = "use_inet_udp"; set_capability(); if (write_policy()) { int fd = socket(AF_INET, SOCK_DGRAM, 0); show_result(fd, 1); if (fd != EOF) close(fd); delete_policy(); fd = socket(AF_INET, SOCK_DGRAM, 0); show_result(fd, 0); if (fd != EOF) close(fd); } unset_capability(); capability = "use_inet_ip"; set_capability(); if (write_policy()) { int fd = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); show_result(fd, 1); if (fd != EOF) close(fd); delete_policy(); fd = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); show_result(fd, 0); if (fd != EOF) close(fd); } unset_capability(); capability = "use_route"; set_capability(); if (write_policy()) { int fd = socket(AF_ROUTE, SOCK_RAW, 0); show_result(fd, 1); if (fd != EOF) close(fd); delete_policy(); fd = socket(AF_ROUTE, SOCK_RAW, 0); show_result(fd, 0); if (fd != EOF) close(fd); } unset_capability(); capability = "use_packet"; set_capability(); if (write_policy()) { int fd = socket(AF_PACKET, SOCK_RAW, 0); show_result(fd, 1); if (fd != EOF) close(fd); delete_policy(); fd = socket(AF_PACKET, SOCK_RAW, 0); show_result(fd, 0); if (fd != EOF) close(fd); } unset_capability(); capability = "use_kernel_module"; set_capability(); if (write_policy()) { if (!is_kernel26) show_result((int) create_module("", 0), 1); show_result(init_module("", NULL), 1); show_result(delete_module(""), 1); delete_policy(); if (!is_kernel26) show_result((int) create_module("", 0), 0); show_result(init_module("", NULL), 0); show_result(delete_module(""), 0); } unset_capability(); capability = "create_fifo"; set_capability(); if (write_policy()) { strcpy(tmp1, "/tmp/XXXXXX"); close(mkstemp(tmp1)); unlink(tmp1); show_result(mknod(tmp1, S_IFIFO, 0), 1); unlink(tmp1); delete_policy(); show_result(mknod(tmp1, S_IFIFO, 0), 0); unlink(tmp1); } unset_capability(); capability = "create_block_dev"; set_capability(); if (write_policy()) { strcpy(tmp1, "/tmp/XXXXXX"); close(mkstemp(tmp1)); unlink(tmp1); show_result(mknod(tmp1, S_IFBLK, MKDEV(1, 0)), 1); unlink(tmp1); delete_policy(); show_result(mknod(tmp1, S_IFBLK, MKDEV(1, 0)), 0); unlink(tmp1); } unset_capability(); capability = "create_char_dev"; set_capability(); if (write_policy()) { strcpy(tmp1, "/tmp/XXXXXX"); close(mkstemp(tmp1)); unlink(tmp1); show_result(mknod(tmp1, S_IFCHR, MKDEV(1, 3)), 1); unlink(tmp1); delete_policy(); show_result(mknod(tmp1, S_IFCHR, MKDEV(1, 3)), 0); unlink(tmp1); } unset_capability(); capability = "create_unix_socket"; set_capability(); if (write_policy()) { strcpy(tmp1, "/tmp/XXXXXX"); close(mkstemp(tmp1)); unlink(tmp1); show_result(mknod(tmp1, S_IFSOCK, 0), 1); unlink(tmp1); delete_policy(); show_result(mknod(tmp1, S_IFSOCK, 0), 0); unlink(tmp1); } if (write_policy()) { struct sockaddr_un addr; int fd1 = socket(AF_UNIX, SOCK_STREAM, 0); int fd2 = socket(AF_UNIX, SOCK_STREAM, 0); memset(&addr, 0, sizeof(addr)); addr.sun_family = AF_UNIX; strcpy(tmp1, "/tmp/XXXXXX"); strncpy(addr.sun_path, tmp1, sizeof(addr.sun_path) - 1); show_result(bind(fd1, (struct sockaddr *) &addr, sizeof(addr)), 1); unlink(tmp1); delete_policy(); show_result(bind(fd2, (struct sockaddr *) &addr, sizeof(addr)), 0); unlink(tmp1); if (fd1 != EOF) close(fd1); if (fd2 != EOF) close(fd2); } unset_capability(); capability = "SYS_MOUNT"; set_capability(); if (write_policy()) { show_result(mount("/", "/", "tmpfs", 0, NULL), 1); delete_policy(); show_result(mount("/", "/", "tmpfs", 0, NULL), 0); } unset_capability(); capability = "SYS_UMOUNT"; set_capability(); if (write_policy()) { mount("/tmp", "/tmp", "tmpfs", 0, NULL); show_result(umount("/tmp"), 1); delete_policy(); mount("/tmp", "/tmp", "tmpfs", 0, NULL); show_result(umount("/"), 0); } unset_capability(); capability = "SYS_REBOOT"; set_capability(); if (write_policy()) { FILE *fp = fopen("/proc/sys/kernel/ctrl-alt-del", "a+"); unsigned int c; if (fp && fscanf(fp, "%u", &c) == 1) { show_result(reboot(LINUX_REBOOT_CMD_CAD_ON), 1); delete_policy(); show_result(reboot(LINUX_REBOOT_CMD_CAD_ON), 0); fprintf(fp, "%u\n", c); } else { /* Use invalid value */ show_result(reboot(0x0000C0DE), 1); delete_policy(); show_result(reboot(0x0000C0DE), 0); } if (fp) fclose(fp); } unset_capability(); capability = "SYS_CHROOT"; set_capability(); if (write_policy()) { show_result(chroot("/"), 1); delete_policy(); show_result(chroot("/"), 0); } unset_capability(); capability = "SYS_PIVOT_ROOT"; set_capability(); if (write_policy()) { int error; char *stack = malloc(8192); pid_t pid = clone(child, stack + (8192 / 2), CLONE_NEWNS, NULL); while (waitpid(pid, &error, __WALL) == EOF && errno == EINTR) error += 0; /* Dummy. */ errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1; show_result(errno ? EOF : 0, 1); delete_policy(); pid = clone(child, stack + (8192 / 2), CLONE_NEWNS, NULL); while (waitpid(pid, &error, __WALL) == EOF && errno == EINTR) error += 0; /* Dummy. */ errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1; show_result(errno ? EOF : 0, 0); free(stack); } unset_capability(); signal(SIGINT, SIG_IGN); capability = "SYS_KILL"; set_capability(); if (write_policy()) { show_result(kill(pid, SIGINT), 1); show_result(tkill(gettid(), SIGINT), 1); #ifdef __NR_tgkill if (is_kernel26) show_result(tgkill(pid, gettid(), SIGINT), 1); #endif delete_policy(); show_result(kill(pid, SIGINT), 0); show_result(tkill(gettid(), SIGINT), 0); #ifdef __NR_tgkill if (is_kernel26) show_result(tgkill(pid, gettid(), SIGINT), 0); #endif } unset_capability(); signal(SIGINT, SIG_DFL); capability = "SYS_KEXEC_LOAD"; set_capability(); if (write_policy()) { #ifdef __NR_sys_kexec_load if (is_kernel26) show_result(sys_kexec_load(0, 0, NULL, 0), 1); #endif delete_policy(); #ifdef __NR_sys_kexec_load if (is_kernel26) show_result(sys_kexec_load(0, 0, NULL, 0), 0); #endif } unset_capability(); capability = "SYS_VHANGUP"; set_capability(); if (write_policy()) { int pty_fd = EOF, status = 0; int pipe_fd[2] = { EOF, EOF }; pipe(pipe_fd); switch (forkpty(&pty_fd, NULL, NULL, NULL)) { case 0: errno = 0; vhangup(); /* Unreachable if vhangup() succeeded. */ status = errno; write(pipe_fd[1], &status, sizeof(status)); _exit(0); case -1: fprintf(stderr, "forkpty() failed.\n"); break; default: close(pipe_fd[1]); read(pipe_fd[0], &status, sizeof(status)); wait(NULL); close(pipe_fd[0]); close(pty_fd); errno = status; show_result(status ? EOF : 0, 1); } delete_policy(); status = 0; pipe(pipe_fd); switch (forkpty(&pty_fd, NULL, NULL, NULL)) { case 0: errno = 0; vhangup(); /* Unreachable if vhangup() succeeded. */ status = errno; write(pipe_fd[1], &status, sizeof(status)); _exit(0); case -1: fprintf(stderr, "forkpty() failed.\n"); break; default: close(pipe_fd[1]); read(pipe_fd[0], &status, sizeof(status)); wait(NULL); close(pipe_fd[0]); close(pty_fd); errno = status; show_result(status ? EOF : 0, 0); } } unset_capability(); capability = "SYS_TIME"; set_capability(); if (write_policy()) { struct timeval tv; struct timezone tz; struct timex buf; time_t now = time(NULL); show_result(stime(&now), 1); gettimeofday(&tv, &tz); show_result(settimeofday(&tv, &tz), 1); memset(&buf, 0, sizeof(buf)); buf.modes = 0x100; /* Use invalid value so that the clock won't change. */ show_result(adjtimex(&buf), 1); delete_policy(); now = time(NULL); show_result(stime(&now), 0); gettimeofday(&tv, &tz); show_result(settimeofday(&tv, &tz), 0); memset(&buf, 0, sizeof(buf)); buf.modes = 0x100; /* Use invalid value so that the clock won't change. */ show_result(adjtimex(&buf), 0); } unset_capability(); capability = "SYS_NICE"; set_capability(); if (write_policy()) { show_result(nice(0), 1); show_result(setpriority(PRIO_PROCESS, pid, getpriority(PRIO_PROCESS, pid)), 1); delete_policy(); show_result(nice(0), 0); show_result(setpriority(PRIO_PROCESS, pid, getpriority(PRIO_PROCESS, pid)), 0); } unset_capability(); capability = "SYS_SETHOSTNAME"; set_capability(); if (write_policy()) { char buffer[4096]; memset(buffer, 0, sizeof(buffer)); gethostname(buffer, sizeof(buffer) - 1); show_result(sethostname(buffer, strlen(buffer)), 1); getdomainname(buffer, sizeof(buffer) - 1); show_result(setdomainname(buffer, strlen(buffer)), 1); delete_policy(); gethostname(buffer, sizeof(buffer) - 1); show_result(sethostname(buffer, strlen(buffer)), 0); getdomainname(buffer, sizeof(buffer) - 1); show_result(setdomainname(buffer, strlen(buffer)), 0); } unset_capability(); capability = "SYS_LINK"; set_capability(); if (write_policy()) { strcpy(tmp1, "/tmp/link_source_XXXXXX"); close(mkstemp(tmp1)); strcpy(tmp2, "/tmp/link_target_XXXXXX"); show_result(link(tmp1, tmp2), 1); unlink(tmp2); unlink(tmp1); delete_policy(); strcpy(tmp1, "/tmp/link_source_XXXXXX"); close(mkstemp(tmp1)); strcpy(tmp2, "/tmp/link_target_XXXXXX"); show_result(link(tmp1, tmp2), 0); unlink(tmp2); unlink(tmp1); } unset_capability(); capability = "SYS_SYMLINK"; set_capability(); if (write_policy()) { strcpy(tmp1, "/tmp/symlink_target_XXXXXX"); close(mkstemp(tmp1)); strcpy(tmp2, "/tmp/symlink_source_XXXXXX"); show_result(symlink(tmp1, tmp2), 1); unlink(tmp2); unlink(tmp1); delete_policy(); strcpy(tmp1, "/tmp/symlink_target_XXXXXX"); close(mkstemp(tmp1)); strcpy(tmp2, "/tmp/symlink_source_XXXXXX"); show_result(symlink(tmp1, tmp2), 0); unlink(tmp2); unlink(tmp1); } unset_capability(); capability = "SYS_RENAME"; set_capability(); if (write_policy()) { strcpy(tmp1, "/tmp/rename_old_XXXXXX"); close(mkstemp(tmp1)); strcpy(tmp2, "/tmp/rename_new_XXXXXX"); show_result(rename(tmp1, tmp2), 1); unlink(tmp2); unlink(tmp1); delete_policy(); strcpy(tmp1, "/tmp/rename_old_XXXXXX"); close(mkstemp(tmp1)); strcpy(tmp2, "/tmp/rename_new_XXXXXX"); show_result(rename(tmp1, tmp2), 0); unlink(tmp2); unlink(tmp1); } unset_capability(); capability = "SYS_UNLINK"; set_capability(); if (write_policy()) { strcpy(tmp1, "/tmp/unlinkXXXXXX"); close(mkstemp(tmp1)); show_result(unlink(tmp1), 1); delete_policy(); strcpy(tmp1, "/tmp/unlinkXXXXXX"); close(mkstemp(tmp1)); show_result(unlink(tmp1), 0); } unset_capability(); unlink(tmp1); capability = "SYS_CHMOD"; set_capability(); if (write_policy()) { show_result(chmod("/dev/null", 0222), 1); delete_policy(); show_result(chmod("/dev/null", 0444), 0); } unset_capability(); chmod("/dev/null", 0666); capability = "SYS_CHOWN"; set_capability(); if (write_policy()) { show_result(chown("/dev/null", 1, 1), 1); delete_policy(); show_result(chown("/dev/null", 2, 2), 0); } unset_capability(); chown("/dev/null", 0, 0); capability = "SYS_IOCTL"; set_capability(); if (0 && write_policy()) { int fd = open("/dev/null", O_RDONLY); show_result(ioctl(fd, 0 /* Use invalid value so that nothing happen. */), 1); delete_policy(); show_result(ioctl(fd, 0 /* Use invalid value so that nothing happen. */), 0); close(fd); } if (write_policy()) { struct ifreq ifreq; int fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP); memset(&ifreq, 0, sizeof(ifreq)); snprintf(ifreq.ifr_name, sizeof(ifreq.ifr_name) - 1, "lo"); show_result(ioctl(fd, 35123, &ifreq), 1); delete_policy(); show_result(ioctl(fd, 35123, &ifreq), 0); close(fd); } unset_capability(); capability = "SYS_PTRACE"; set_capability(); if (write_policy()) { int status = 0; int pipe_fd[2] = { EOF, EOF }; pipe(pipe_fd); switch (fork()) { case 0: errno = 0; ptrace(PTRACE_TRACEME, 0, NULL, NULL); status = errno; write(pipe_fd[1], &status, sizeof(status)); _exit(0); case -1: fprintf(stderr, "fork() failed.\n"); break; default: close(pipe_fd[1]); read(pipe_fd[0], &status, sizeof(status)); wait(NULL); close(pipe_fd[0]); errno = status; show_result(status ? EOF : 0, 1); } delete_policy(); status = 0; pipe(pipe_fd); switch (fork()) { case 0: errno = 0; ptrace(PTRACE_TRACEME, 0, NULL, NULL); status = errno; write(pipe_fd[1], &status, sizeof(status)); _exit(0); case -1: fprintf(stderr, "fork() failed.\n"); break; default: close(pipe_fd[1]); read(pipe_fd[0], &status, sizeof(status)); wait(NULL); close(pipe_fd[0]); errno = status; show_result(status ? EOF : 0, 0); } } unset_capability(); }
/* * Reads the currect terminal path and initializes cxt->tty_* variables. */ static void init_tty(struct login_context *cxt) { struct stat st; struct termios tt, ttt; cxt->tty_mode = (mode_t) getlogindefs_num("TTYPERM", TTY_MODE); get_terminal_name(0, &cxt->tty_path, &cxt->tty_name, &cxt->tty_number); /* * In case login is suid it was possible to use a hardlink as stdin * and exploit races for a local root exploit. (Wojciech Purczynski). * * More precisely, the problem is ttyn := ttyname(0); ...; chown(ttyn); * here ttyname() might return "/tmp/x", a hardlink to a pseudotty. * All of this is a problem only when login is suid, which it isn't. */ if (!cxt->tty_path || !*cxt->tty_path || lstat(cxt->tty_path, &st) != 0 || !S_ISCHR(st.st_mode) || (st.st_nlink > 1 && strncmp(cxt->tty_path, "/dev/", 5)) || access(cxt->tty_path, R_OK | W_OK) != 0) { syslog(LOG_ERR, _("FATAL: bad tty")); sleepexit(EXIT_FAILURE); } #ifdef LOGIN_CHOWN_VCS if (cxt->tty_number) { /* find names of Virtual Console devices, for later mode change */ snprintf(cxt->vcsn, sizeof(cxt->vcsn), "/dev/vcs%s", cxt->tty_number); snprintf(cxt->vcsan, sizeof(cxt->vcsan), "/dev/vcsa%s", cxt->tty_number); } #endif tcgetattr(0, &tt); ttt = tt; ttt.c_cflag &= ~HUPCL; if ((fchown(0, 0, 0) || fchmod(0, cxt->tty_mode)) && errno != EROFS) { syslog(LOG_ERR, _("FATAL: %s: change permissions failed: %m"), cxt->tty_path); sleepexit(EXIT_FAILURE); } /* Kill processes left on this tty */ tcsetattr(0, TCSANOW, &ttt); /* * Let's close file decriptors before vhangup * https://lkml.org/lkml/2012/6/5/145 */ close(STDIN_FILENO); close(STDOUT_FILENO); close(STDERR_FILENO); signal(SIGHUP, SIG_IGN); /* so vhangup() wont kill us */ vhangup(); signal(SIGHUP, SIG_DFL); /* open stdin,stdout,stderr to the tty */ open_tty(cxt->tty_path); /* restore tty modes */ tcsetattr(0, TCSAFLUSH, &tt); }
void pty_make_controlling_tty(int *ttyfd, const char *ttyname) { int fd; #ifdef USE_VHANGUP void *old; #endif /* USE_VHANGUP */ #ifdef _UNICOS if (setsid() < 0) error("setsid: %.100s", strerror(errno)); fd = open(ttyname, O_RDWR|O_NOCTTY); if (fd != -1) { signal(SIGHUP, SIG_IGN); ioctl(fd, TCVHUP, (char *)NULL); signal(SIGHUP, SIG_DFL); setpgid(0, 0); close(fd); } else { error("Failed to disconnect from controlling tty."); } debug("Setting controlling tty using TCSETCTTY."); ioctl(*ttyfd, TCSETCTTY, NULL); fd = open("/dev/tty", O_RDWR); if (fd < 0) error("%.100s: %.100s", ttyname, strerror(errno)); close(*ttyfd); *ttyfd = fd; #else /* _UNICOS */ /* First disconnect from the old controlling tty. */ #ifdef TIOCNOTTY fd = open(_PATH_TTY, O_RDWR | O_NOCTTY); if (fd >= 0) { (void) ioctl(fd, TIOCNOTTY, NULL); close(fd); } #endif /* TIOCNOTTY */ if (setsid() < 0) error("setsid: %.100s", strerror(errno)); /* * Verify that we are successfully disconnected from the controlling * tty. */ fd = open(_PATH_TTY, O_RDWR | O_NOCTTY); if (fd >= 0) { error("Failed to disconnect from controlling tty."); close(fd); } /* Make it our controlling tty. */ #ifdef TIOCSCTTY debug("Setting controlling tty using TIOCSCTTY."); if (ioctl(*ttyfd, TIOCSCTTY, NULL) < 0) error("ioctl(TIOCSCTTY): %.100s", strerror(errno)); #endif /* TIOCSCTTY */ #ifdef HAVE_NEWS4 if (setpgrp(0,0) < 0) error("SETPGRP %s",strerror(errno)); #endif /* HAVE_NEWS4 */ #ifdef USE_VHANGUP old = signal(SIGHUP, SIG_IGN); vhangup(); signal(SIGHUP, old); #endif /* USE_VHANGUP */ fd = open(ttyname, O_RDWR); if (fd < 0) { error("%.100s: %.100s", ttyname, strerror(errno)); } else { #ifdef USE_VHANGUP close(*ttyfd); *ttyfd = fd; #else /* USE_VHANGUP */ close(fd); #endif /* USE_VHANGUP */ } /* Verify that we now have a controlling tty. */ fd = open(_PATH_TTY, O_WRONLY); if (fd < 0) error("open /dev/tty failed - could not set controlling tty: %.100s", strerror(errno)); else close(fd); #endif /* _UNICOS */ }
void pty_make_controlling_tty(int *ttyfd, const char *tty_name) { int fd; #ifdef USE_VHANGUP void *old; #endif /* USE_VHANGUP */ /* Solaris has a problem with TIOCNOTTY for a bg process, so * we disable the signal which would STOP the process - matt */ signal(SIGTTOU, SIG_IGN); /* First disconnect from the old controlling tty. */ #ifdef TIOCNOTTY fd = open(_PATH_TTY, O_RDWR | O_NOCTTY); if (fd >= 0) { (void) ioctl(fd, TIOCNOTTY, NULL); close(fd); } #endif /* TIOCNOTTY */ if (setsid() < 0) { dropbear_log(LOG_ERR, "setsid: %.100s", strerror(errno)); } /* * Verify that we are successfully disconnected from the controlling * tty. */ fd = open(_PATH_TTY, O_RDWR | O_NOCTTY); if (fd >= 0) { dropbear_log(LOG_ERR, "Failed to disconnect from controlling tty.\n"); close(fd); } /* Make it our controlling tty. */ #ifdef TIOCSCTTY if (ioctl(*ttyfd, TIOCSCTTY, NULL) < 0) { dropbear_log(LOG_ERR, "ioctl(TIOCSCTTY): %.100s", strerror(errno)); } #endif /* TIOCSCTTY */ #ifdef HAVE_NEWS4 if (setpgrp(0,0) < 0) { dropbear_log(LOG_ERR, error("SETPGRP %s",strerror(errno))); } #endif /* HAVE_NEWS4 */ #ifdef USE_VHANGUP old = mysignal(SIGHUP, SIG_IGN); vhangup(); mysignal(SIGHUP, old); #endif /* USE_VHANGUP */ fd = open(tty_name, O_RDWR); if (fd < 0) { dropbear_log(LOG_ERR, "%.100s: %.100s", tty_name, strerror(errno)); } else { #ifdef USE_VHANGUP close(*ttyfd); *ttyfd = fd; #else /* USE_VHANGUP */ close(fd); #endif /* USE_VHANGUP */ } /* Verify that we now have a controlling tty. */ fd = open(_PATH_TTY, O_WRONLY); if (fd < 0) { dropbear_log(LOG_ERR, "open /dev/tty failed - could not set controlling tty: %.100s", strerror(errno)); } else { close(fd); } }
int main(int argc, char **argv) { extern int optind; extern char *optarg, **environ; struct group *gr; register int ch; register char *p; int ask, fflag, hflag, pflag, cnt, errsv; int quietlog, passwd_req; char *domain, *ttyn; char tbuf[MAXPATHLEN + 2], tname[sizeof(_PATH_TTY) + 10]; char *termenv; char *childArgv[10]; char *buff; int childArgc = 0; #ifdef HAVE_SECURITY_PAM_MISC_H int retcode; pam_handle_t *pamh = NULL; struct pam_conv conv = { misc_conv, NULL }; pid_t childPid; #else char *salt, *pp; #endif #ifdef LOGIN_CHOWN_VCS char vcsn[20], vcsan[20]; #endif pid = getpid(); signal(SIGALRM, timedout); alarm((unsigned int)timeout); signal(SIGQUIT, SIG_IGN); signal(SIGINT, SIG_IGN); setlocale(LC_ALL, ""); bindtextdomain(PACKAGE, LOCALEDIR); textdomain(PACKAGE); setpriority(PRIO_PROCESS, 0, 0); initproctitle(argc, argv); /* * -p is used by getty to tell login not to destroy the environment * -f is used to skip a second login authentication * -h is used by other servers to pass the name of the remote * host to login so that it may be placed in utmp and wtmp */ gethostname(tbuf, sizeof(tbuf)); xstrncpy(thishost, tbuf, sizeof(thishost)); domain = index(tbuf, '.'); username = tty_name = hostname = NULL; fflag = hflag = pflag = 0; passwd_req = 1; while ((ch = getopt(argc, argv, "fh:p")) != -1) switch (ch) { case 'f': fflag = 1; break; case 'h': if (getuid()) { fprintf(stderr, _("login: -h for super-user only.\n")); exit(1); } hflag = 1; if (domain && (p = index(optarg, '.')) && strcasecmp(p, domain) == 0) *p = 0; hostname = strdup(optarg); /* strdup: Ambrose C. Li */ { struct hostent *he = gethostbyname(hostname); /* he points to static storage; copy the part we use */ hostaddress[0] = 0; if (he && he->h_addr_list && he->h_addr_list[0]) memcpy(hostaddress, he->h_addr_list[0], sizeof(hostaddress)); } break; case 'p': pflag = 1; break; case '?': default: fprintf(stderr, _("usage: login [-fp] [username]\n")); exit(1); } argc -= optind; argv += optind; if (*argv) { char *p = *argv; username = strdup(p); ask = 0; /* wipe name - some people mistype their password here */ /* (of course we are too late, but perhaps this helps a little ..) */ while(*p) *p++ = ' '; } else ask = 1; for (cnt = getdtablesize(); cnt > 2; cnt--) close(cnt); ttyn = ttyname(0); if (ttyn == NULL || *ttyn == '\0') { /* no snprintf required - see definition of tname */ sprintf(tname, "%s??", _PATH_TTY); ttyn = tname; } check_ttyname(ttyn); if (strncmp(ttyn, "/dev/", 5) == 0) tty_name = ttyn+5; else tty_name = ttyn; if (strncmp(ttyn, "/dev/tty", 8) == 0) tty_number = ttyn+8; else { char *p = ttyn; while (*p && !isdigit(*p)) p++; tty_number = p; } #ifdef LOGIN_CHOWN_VCS /* find names of Virtual Console devices, for later mode change */ snprintf(vcsn, sizeof(vcsn), "/dev/vcs%s", tty_number); snprintf(vcsan, sizeof(vcsan), "/dev/vcsa%s", tty_number); #endif /* set pgid to pid */ setpgrp(); /* this means that setsid() will fail */ { struct termios tt, ttt; tcgetattr(0, &tt); ttt = tt; ttt.c_cflag &= ~HUPCL; /* These can fail, e.g. with ttyn on a read-only filesystem */ chown(ttyn, 0, 0); chmod(ttyn, TTY_MODE); /* Kill processes left on this tty */ tcsetattr(0,TCSAFLUSH,&ttt); signal(SIGHUP, SIG_IGN); /* so vhangup() wont kill us */ vhangup(); signal(SIGHUP, SIG_DFL); /* open stdin,stdout,stderr to the tty */ opentty(ttyn); /* restore tty modes */ tcsetattr(0,TCSAFLUSH,&tt); } openlog("login", LOG_ODELAY, LOG_AUTHPRIV); #if 0 /* other than iso-8859-1 */ printf("\033(K"); fprintf(stderr,"\033(K"); #endif #ifdef HAVE_SECURITY_PAM_MISC_H /* * username is initialized to NULL * and if specified on the command line it is set. * Therefore, we are safe not setting it to anything */ retcode = pam_start("login",username, &conv, &pamh); if(retcode != PAM_SUCCESS) { fprintf(stderr, _("login: PAM Failure, aborting: %s\n"), pam_strerror(pamh, retcode)); syslog(LOG_ERR, _("Couldn't initialize PAM: %s"), pam_strerror(pamh, retcode)); exit(99); } /* hostname & tty are either set to NULL or their correct values, depending on how much we know */ retcode = pam_set_item(pamh, PAM_RHOST, hostname); PAM_FAIL_CHECK; retcode = pam_set_item(pamh, PAM_TTY, tty_name); PAM_FAIL_CHECK; /* * [email protected]: Provide a user prompt to PAM * so that the "login: "******"Password: "******"login: "******"\033(K"); fprintf(stderr,"\033(K"); #endif /* if fflag == 1, then the user has already been authenticated */ if (fflag && (getuid() == 0)) passwd_req = 0; else passwd_req = 1; if(passwd_req == 1) { int failcount=0; /* if we didn't get a user on the command line, set it to NULL */ pam_get_item(pamh, PAM_USER, (const void **) &username); if (!username) pam_set_item(pamh, PAM_USER, NULL); /* there may be better ways to deal with some of these conditions, but at least this way I don't think we'll be giving away information... */ /* Perhaps someday we can trust that all PAM modules will pay attention to failure count and get rid of MAX_LOGIN_TRIES? */ retcode = pam_authenticate(pamh, 0); while((failcount++ < PAM_MAX_LOGIN_TRIES) && ((retcode == PAM_AUTH_ERR) || (retcode == PAM_USER_UNKNOWN) || (retcode == PAM_CRED_INSUFFICIENT) || (retcode == PAM_AUTHINFO_UNAVAIL))) { pam_get_item(pamh, PAM_USER, (const void **) &username); syslog(LOG_NOTICE,_("FAILED LOGIN %d FROM %s FOR %s, %s"), failcount, hostname, username, pam_strerror(pamh, retcode)); logbtmp(tty_name, username, hostname); fprintf(stderr,_("Login incorrect\n\n")); pam_set_item(pamh,PAM_USER,NULL); retcode = pam_authenticate(pamh, 0); } if (retcode != PAM_SUCCESS) { pam_get_item(pamh, PAM_USER, (const void **) &username); if (retcode == PAM_MAXTRIES) syslog(LOG_NOTICE,_("TOO MANY LOGIN TRIES (%d) FROM %s FOR " "%s, %s"), failcount, hostname, username, pam_strerror(pamh, retcode)); else syslog(LOG_NOTICE,_("FAILED LOGIN SESSION FROM %s FOR %s, %s"), hostname, username, pam_strerror(pamh, retcode)); logbtmp(tty_name, username, hostname); fprintf(stderr,_("\nLogin incorrect\n")); pam_end(pamh, retcode); exit(0); } retcode = pam_acct_mgmt(pamh, 0); if(retcode == PAM_NEW_AUTHTOK_REQD) { retcode = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK); } PAM_FAIL_CHECK; } /* * Grab the user information out of the password file for future usage * First get the username that we are actually using, though. */ retcode = pam_get_item(pamh, PAM_USER, (const void **) &username); PAM_FAIL_CHECK; if (!username || !*username) { fprintf(stderr, _("\nSession setup problem, abort.\n")); syslog(LOG_ERR, _("NULL user name in %s:%d. Abort."), __FUNCTION__, __LINE__); pam_end(pamh, PAM_SYSTEM_ERR); exit(1); } if (!(pwd = getpwnam(username))) { fprintf(stderr, _("\nSession setup problem, abort.\n")); syslog(LOG_ERR, _("Invalid user name \"%s\" in %s:%d. Abort."), username, __FUNCTION__, __LINE__); pam_end(pamh, PAM_SYSTEM_ERR); exit(1); } /* * Create a copy of the pwd struct - otherwise it may get * clobbered by PAM */ memcpy(&pwdcopy, pwd, sizeof(*pwd)); pwd = &pwdcopy; pwd->pw_name = strdup(pwd->pw_name); pwd->pw_passwd = strdup(pwd->pw_passwd); pwd->pw_gecos = strdup(pwd->pw_gecos); pwd->pw_dir = strdup(pwd->pw_dir); pwd->pw_shell = strdup(pwd->pw_shell); if (!pwd->pw_name || !pwd->pw_passwd || !pwd->pw_gecos || !pwd->pw_dir || !pwd->pw_shell) { fprintf(stderr, _("login: Out of memory\n")); syslog(LOG_ERR, "Out of memory"); pam_end(pamh, PAM_SYSTEM_ERR); exit(1); } username = pwd->pw_name; /* * Initialize the supplementary group list. * This should be done before pam_setcred because * the PAM modules might add groups during pam_setcred. */ if (initgroups(username, pwd->pw_gid) < 0) { syslog(LOG_ERR, "initgroups: %m"); fprintf(stderr, _("\nSession setup problem, abort.\n")); pam_end(pamh, PAM_SYSTEM_ERR); exit(1); } retcode = pam_open_session(pamh, 0); PAM_FAIL_CHECK; retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED); PAM_FAIL_CHECK; #else /* ! HAVE_SECURITY_PAM_MISC_H */ for (cnt = 0;; ask = 1) { if (ask) { fflag = 0; getloginname(); } /* Dirty patch to fix a gigantic security hole when using yellow pages. This problem should be solved by the libraries, and not by programs, but this must be fixed urgently! If the first char of the username is '+', we avoid login success. Feb 95 <*****@*****.**> */ if (username[0] == '+') { puts(_("Illegal username")); badlogin(username); sleepexit(1); } /* (void)strcpy(tbuf, username); why was this here? */ if ((pwd = getpwnam(username))) { # ifdef SHADOW_PWD struct spwd *sp; if ((sp = getspnam(username))) pwd->pw_passwd = sp->sp_pwdp; # endif salt = pwd->pw_passwd; } else salt = "xx"; if (pwd) { initgroups(username, pwd->pw_gid); checktty(username, tty_name, pwd); /* in checktty.c */ } /* if user not super-user, check for disabled logins */ if (pwd == NULL || pwd->pw_uid) checknologin(); /* * Disallow automatic login to root; if not invoked by * root, disallow if the uid's differ. */ if (fflag && pwd) { int uid = getuid(); passwd_req = pwd->pw_uid == 0 || (uid && uid != pwd->pw_uid); } /* * If trying to log in as root, but with insecure terminal, * refuse the login attempt. */ if (pwd && pwd->pw_uid == 0 && !rootterm(tty_name)) { fprintf(stderr, _("%s login refused on this terminal.\n"), pwd->pw_name); if (hostname) syslog(LOG_NOTICE, _("LOGIN %s REFUSED FROM %s ON TTY %s"), pwd->pw_name, hostname, tty_name); else syslog(LOG_NOTICE, _("LOGIN %s REFUSED ON TTY %s"), pwd->pw_name, tty_name); continue; } /* * If no pre-authentication and a password exists * for this user, prompt for one and verify it. */ if (!passwd_req || (pwd && !*pwd->pw_passwd)) break; setpriority(PRIO_PROCESS, 0, -4); pp = getpass(_("Password: "******"CRYPTO", 6) == 0) { if (pwd && cryptocard()) break; } # endif /* CRYPTOCARD */ p = crypt(pp, salt); setpriority(PRIO_PROCESS, 0, 0); # ifdef KERBEROS /* * If not present in pw file, act as we normally would. * If we aren't Kerberos-authenticated, try the normal * pw file for a password. If that's ok, log the user * in without issueing any tickets. */ if (pwd && !krb_get_lrealm(realm,1)) { /* * get TGT for local realm; be careful about uid's * here for ticket file ownership */ setreuid(geteuid(),pwd->pw_uid); kerror = krb_get_pw_in_tkt(pwd->pw_name, "", realm, "krbtgt", realm, DEFAULT_TKT_LIFE, pp); setuid(0); if (kerror == INTK_OK) { memset(pp, 0, strlen(pp)); notickets = 0; /* user got ticket */ break; } } # endif /* KERBEROS */ memset(pp, 0, strlen(pp)); if (pwd && !strcmp(p, pwd->pw_passwd)) break; printf(_("Login incorrect\n")); badlogin(username); /* log ALL bad logins */ failures++; /* we allow 10 tries, but after 3 we start backing off */ if (++cnt > 3) { if (cnt >= 10) { sleepexit(1); } sleep((unsigned int)((cnt - 3) * 5)); } } #endif /* !HAVE_SECURITY_PAM_MISC_H */ /* committed to login -- turn off timeout */ alarm((unsigned int)0); endpwent(); /* This requires some explanation: As root we may not be able to read the directory of the user if it is on an NFS mounted filesystem. We temporarily set our effective uid to the user-uid making sure that we keep root privs. in the real uid. A portable solution would require a fork(), but we rely on Linux having the BSD setreuid() */ { char tmpstr[MAXPATHLEN]; uid_t ruid = getuid(); gid_t egid = getegid(); /* avoid snprintf - old systems do not have it, or worse, have a libc in which snprintf is the same as sprintf */ if (strlen(pwd->pw_dir) + sizeof(_PATH_HUSHLOGIN) + 2 > MAXPATHLEN) quietlog = 0; else { sprintf(tmpstr, "%s/%s", pwd->pw_dir, _PATH_HUSHLOGIN); setregid(-1, pwd->pw_gid); setreuid(0, pwd->pw_uid); quietlog = (access(tmpstr, R_OK) == 0); setuid(0); /* setreuid doesn't do it alone! */ setreuid(ruid, 0); setregid(-1, egid); } } /* for linux, write entries in utmp and wtmp */ { struct utmp ut; struct utmp *utp; utmpname(_PATH_UTMP); setutent(); /* Find pid in utmp. login sometimes overwrites the runlevel entry in /var/run/utmp, confusing sysvinit. I added a test for the entry type, and the problem was gone. (In a runlevel entry, st_pid is not really a pid but some number calculated from the previous and current runlevel). Michael Riepe <*****@*****.**> */ while ((utp = getutent())) if (utp->ut_pid == pid && utp->ut_type >= INIT_PROCESS && utp->ut_type <= DEAD_PROCESS) break; /* If we can't find a pre-existing entry by pid, try by line. BSD network daemons may rely on this. (anonymous) */ if (utp == NULL) { setutent(); ut.ut_type = LOGIN_PROCESS; strncpy(ut.ut_line, tty_name, sizeof(ut.ut_line)); utp = getutline(&ut); } if (utp) { memcpy(&ut, utp, sizeof(ut)); } else { /* some gettys/telnetds don't initialize utmp... */ memset(&ut, 0, sizeof(ut)); } if (ut.ut_id[0] == 0) strncpy(ut.ut_id, tty_number, sizeof(ut.ut_id)); strncpy(ut.ut_user, username, sizeof(ut.ut_user)); xstrncpy(ut.ut_line, tty_name, sizeof(ut.ut_line)); #ifdef _HAVE_UT_TV /* in <utmpbits.h> included by <utmp.h> */ gettimeofday(&ut.ut_tv, NULL); #else { time_t t; time(&t); ut.ut_time = t; /* ut_time is not always a time_t */ /* glibc2 #defines it as ut_tv.tv_sec */ } #endif ut.ut_type = USER_PROCESS; ut.ut_pid = pid; if (hostname) { xstrncpy(ut.ut_host, hostname, sizeof(ut.ut_host)); if (hostaddress[0]) memcpy(&ut.ut_addr, hostaddress, sizeof(ut.ut_addr)); } pututline(&ut); endutent(); #if HAVE_UPDWTMP updwtmp(_PATH_WTMP, &ut); #else #if 0 /* The O_APPEND open() flag should be enough to guarantee atomic writes at end of file. */ { int wtmp; if((wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY)) >= 0) { write(wtmp, (char *)&ut, sizeof(ut)); close(wtmp); } } #else /* Probably all this locking below is just nonsense, and the short version is OK as well. */ { int lf, wtmp; if ((lf = open(_PATH_WTMPLOCK, O_CREAT|O_WRONLY, 0660)) >= 0) { flock(lf, LOCK_EX); if ((wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY)) >= 0) { write(wtmp, (char *)&ut, sizeof(ut)); close(wtmp); } flock(lf, LOCK_UN); close(lf); } } #endif #endif } dolastlog(quietlog); chown(ttyn, pwd->pw_uid, (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid); chmod(ttyn, TTY_MODE); #ifdef LOGIN_CHOWN_VCS /* if tty is one of the VC's then change owner and mode of the special /dev/vcs devices as well */ if (consoletty(0)) { chown(vcsn, pwd->pw_uid, (gr ? gr->gr_gid : pwd->pw_gid)); chown(vcsan, pwd->pw_uid, (gr ? gr->gr_gid : pwd->pw_gid)); chmod(vcsn, TTY_MODE); chmod(vcsan, TTY_MODE); } #endif setgid(pwd->pw_gid); if (*pwd->pw_shell == '\0') pwd->pw_shell = _PATH_BSHELL; /* preserve TERM even without -p flag */ { char *ep; if(!((ep = getenv("TERM")) && (termenv = strdup(ep)))) termenv = "dumb"; } /* destroy environment unless user has requested preservation */ if (!pflag) { environ = (char**)malloc(sizeof(char*)); memset(environ, 0, sizeof(char*)); } setenv("HOME", pwd->pw_dir, 0); /* legal to override */ if(pwd->pw_uid) setenv("PATH", _PATH_DEFPATH, 1); else setenv("PATH", _PATH_DEFPATH_ROOT, 1); setenv("SHELL", pwd->pw_shell, 1); setenv("TERM", termenv, 1); /* mailx will give a funny error msg if you forget this one */ { char tmp[MAXPATHLEN]; /* avoid snprintf */ if (sizeof(_PATH_MAILDIR) + strlen(pwd->pw_name) + 1 < MAXPATHLEN) { sprintf(tmp, "%s/%s", _PATH_MAILDIR, pwd->pw_name); setenv("MAIL",tmp,0); } } /* LOGNAME is not documented in login(1) but HP-UX 6.5 does it. We'll not allow modifying it. */ setenv("LOGNAME", pwd->pw_name, 1); #ifdef HAVE_SECURITY_PAM_MISC_H { int i; char ** env = pam_getenvlist(pamh); if (env != NULL) { for (i=0; env[i]; i++) { putenv(env[i]); /* D(("env[%d] = %s", i,env[i])); */ } } } #endif setproctitle("login", username); if (!strncmp(tty_name, "ttyS", 4)) syslog(LOG_INFO, _("DIALUP AT %s BY %s"), tty_name, pwd->pw_name); /* allow tracking of good logins. -steve philp ([email protected]) */ if (pwd->pw_uid == 0) { if (hostname) syslog(LOG_NOTICE, _("ROOT LOGIN ON %s FROM %s"), tty_name, hostname); else syslog(LOG_NOTICE, _("ROOT LOGIN ON %s"), tty_name); } else { if (hostname) syslog(LOG_INFO, _("LOGIN ON %s BY %s FROM %s"), tty_name, pwd->pw_name, hostname); else syslog(LOG_INFO, _("LOGIN ON %s BY %s"), tty_name, pwd->pw_name); } if (!quietlog) { motd(); #ifdef LOGIN_STAT_MAIL /* * This turns out to be a bad idea: when the mail spool * is NFS mounted, and the NFS connection hangs, the * login hangs, even root cannot login. * Checking for mail should be done from the shell. */ { struct stat st; char *mail; mail = getenv("MAIL"); if (mail && stat(mail, &st) == 0 && st.st_size != 0) { if (st.st_mtime > st.st_atime) printf(_("You have new mail.\n")); else printf(_("You have mail.\n")); } } #endif } signal(SIGALRM, SIG_DFL); signal(SIGQUIT, SIG_DFL); signal(SIGTSTP, SIG_IGN); #ifdef HAVE_SECURITY_PAM_MISC_H /* * We must fork before setuid() because we need to call * pam_close_session() as root. */ childPid = fork(); if (childPid < 0) { int errsv = errno; /* error in fork() */ fprintf(stderr, _("login: failure forking: %s"), strerror(errsv)); PAM_END; exit(0); } if (childPid) { /* parent - wait for child to finish, then cleanup session */ signal(SIGHUP, SIG_IGN); signal(SIGINT, SIG_IGN); signal(SIGQUIT, SIG_IGN); signal(SIGTSTP, SIG_IGN); signal(SIGTTIN, SIG_IGN); signal(SIGTTOU, SIG_IGN); wait(NULL); PAM_END; exit(0); } /* child */ /* * Problem: if the user's shell is a shell like ash that doesnt do * setsid() or setpgrp(), then a ctrl-\, sending SIGQUIT to every * process in the pgrp, will kill us. */ /* start new session */ setsid(); /* make sure we have a controlling tty */ opentty(ttyn); openlog("login", LOG_ODELAY, LOG_AUTHPRIV); /* reopen */ /* * TIOCSCTTY: steal tty from other process group. */ if (ioctl(0, TIOCSCTTY, 1)) syslog(LOG_ERR, _("TIOCSCTTY failed: %m")); #endif signal(SIGINT, SIG_DFL); /* discard permissions last so can't get killed and drop core */ if(setuid(pwd->pw_uid) < 0 && pwd->pw_uid) { syslog(LOG_ALERT, _("setuid() failed")); exit(1); } /* wait until here to change directory! */ if (chdir(pwd->pw_dir) < 0) { printf(_("No directory %s!\n"), pwd->pw_dir); if (chdir("/")) exit(0); pwd->pw_dir = "/"; printf(_("Logging in with home = \"/\".\n")); } /* if the shell field has a space: treat it like a shell script */ if (strchr(pwd->pw_shell, ' ')) { buff = malloc(strlen(pwd->pw_shell) + 6); if (!buff) { fprintf(stderr, _("login: no memory for shell script.\n")); exit(0); } strcpy(buff, "exec "); strcat(buff, pwd->pw_shell); childArgv[childArgc++] = "/bin/sh"; childArgv[childArgc++] = "-sh"; childArgv[childArgc++] = "-c"; childArgv[childArgc++] = buff; } else { tbuf[0] = '-'; xstrncpy(tbuf + 1, ((p = rindex(pwd->pw_shell, '/')) ? p + 1 : pwd->pw_shell), sizeof(tbuf)-1); childArgv[childArgc++] = pwd->pw_shell; childArgv[childArgc++] = tbuf; } childArgv[childArgc++] = NULL; execvp(childArgv[0], childArgv + 1); errsv = errno; if (!strcmp(childArgv[0], "/bin/sh")) fprintf(stderr, _("login: couldn't exec shell script: %s.\n"), strerror(errsv)); else fprintf(stderr, _("login: no shell: %s.\n"), strerror(errsv)); exit(0); }