int cleanopen(char *line)
{
int t;
if (ptyslavefd != -1)
return ptyslavefd;
#ifdef STREAMSPTY
if (!really_stream)
#endif
{
/*
* Make sure that other people can't open the
* slave side of the connection.
*/
chown(line, 0, 0);
chmod(line, 0600);
}
#ifdef HAVE_REVOKE
revoke(line);
#endif
t = open(line, O_RDWR|O_NOCTTY);
if (t < 0)
return(-1);
/*
* Hangup anybody else using this ttyp, then reopen it for
* ourselves.
*/
# if !(defined(_CRAY) || defined(__hpux)) && (BSD <= 43) && !defined(STREAMSPTY)
signal(SIGHUP, SIG_IGN);
#ifdef HAVE_VHANGUP
vhangup();
#else
#endif
signal(SIGHUP, SIG_DFL);
t = open(line, O_RDWR|O_NOCTTY);
if (t < 0)
return(-1);
# endif
# if defined(_CRAY) && defined(TCVHUP)
{
int i;
signal(SIGHUP, SIG_IGN);
ioctl(t, TCVHUP, (char *)0);
signal(SIGHUP, SIG_DFL);
i = open(line, O_RDWR);
if (i < 0)
return(-1);
close(t);
t = i;
}
# endif /* defined(CRAY) && defined(TCVHUP) */
return(t);
}
int getty(char *tty, speed_t speed, char *term, char *user)
{
int fd;
char name[30];
/* Detach from initial controlling TTY */
vhangup();
fd = open(tty, O_RDWR);
if (fd < 0)
err(1, "Failed opening %s", tty);
dup2(fd, STDIN_FILENO);
dup2(fd, STDOUT_FILENO);
dup2(fd, STDERR_FILENO);
if (ioctl(STDIN_FILENO, TIOCSCTTY, 1) < 0)
warn("Failed TIOCSCTTY");
/* The getty process is responsible for the UTMP login record */
utmp_set_login(tty, NULL);
if (!user)
do_getty(tty, name, sizeof(name));
else
strlcpy(name, user, sizeof(name));
/* Set up TTY, re-enabling ISIG et al. */
stty(fd, speed);
close(fd);
if (term && term[0])
setenv("TERM", term, 1);
return do_login(name);
}
void
cleanup(int sig)
{
#if defined(HAVE_UTMPX_H) || !defined(HAVE_LOGWTMP)
rmut();
#ifdef HAVE_VHANGUP
#ifndef __sgi
vhangup(); /* XXX */
#endif
#endif
#else
char *p;
p = line + sizeof("/dev/") - 1;
if (logout(p))
logwtmp(p, "", "");
chmod(line, 0666);
chown(line, 0, 0);
*p = 'p';
chmod(line, 0666);
chown(line, 0, 0);
#endif
shutdown(net, 2);
exit(1);
}
/*
* Open the specified slave side of the pty,
* making sure that we have a clean tty.
*/
static int cleanopen(char *lyne) {
register int t;
/*
* Make sure that other people can't open the
* slave side of the connection.
*/
chown(lyne, 0, 0);
chmod(lyne, 0600);
#ifndef NO_REVOKE
revoke(lyne);
#endif
t = open(lyne, O_RDWR|O_NOCTTY);
if (t < 0) return(-1);
/*
* Hangup anybody else using this ttyp, then reopen it for
* ourselves.
*/
# if !defined(__linux__)
/* this looks buggy to me, our ctty is really a pty at this point */
signal(SIGHUP, SIG_IGN);
vhangup();
signal(SIGHUP, SIG_DFL);
t = open(lyne, O_RDWR|O_NOCTTY);
if (t < 0) return(-1);
# endif
return(t);
}
int main(int argc, char **argv)
{
int lc;
char *msg;
pid_t pid;
int retval, status;
struct passwd *nobody;
if ((msg = parse_opts(argc, argv, NULL, NULL)) != NULL) {
tst_brkm(TBROK, NULL, "OPTION PARSING ERROR - %s", msg);
}
setup();
for (lc = 0; TEST_LOOPING(lc); lc++) {
/* reset Tst_count in case we are looping */
Tst_count = 0;
nobody = my_getpwnam(user1name);
if ((pid = FORK_OR_VFORK()) < 0) {
tst_brkm(TFAIL, cleanup, "fork failed");
} else if (pid > 0) { /* parent */
waitpid(pid, &status, 0);
_exit(0); /*
* Exit here and let the child clean up.
* This allows the errno information set
* by the TEST_ERROR_LOG macro and the
* PASS/FAIL status to be preserved for
* use during cleanup.
*/
} else { /* child */
retval = setreuid(nobody->pw_uid, nobody->pw_uid);
if (retval < 0) {
perror("setreuid");
tst_brkm(TFAIL, cleanup, "setreuid failed");
}
TEST(vhangup());
if (TEST_RETURN != -1) {
tst_brkm(TFAIL, cleanup, "vhangup() failed to "
"fail");
} else if (TEST_ERRNO == EPERM) {
TEST_ERROR_LOG(TEST_ERRNO);
tst_resm(TPASS, "Got EPERM as expected.");
} else {
TEST_ERROR_LOG(TEST_ERRNO);
tst_resm(TFAIL, "expected EPERM got %d",
TEST_ERRNO);
}
}
}
cleanup();
tst_exit();
}
static int hangup(void *priv)
{
while(1) {
sleep(random() % 2);
if (vhangup()) {
continue;
}
}
return 0;
}
int sh(char *tty)
{
int fd;
char *arg0;
char *args[2] = {
NULL,
NULL
};
size_t len;
struct termios term;
/* Detach from initial controlling TTY */
vhangup();
fd = open(tty, O_RDWR);
if (fd < 0)
err(1, "Failed opening %s", tty);
dup2(fd, STDIN_FILENO);
dup2(fd, STDOUT_FILENO);
dup2(fd, STDERR_FILENO);
if (ioctl(STDIN_FILENO, TIOCSCTTY, 1) < 0)
warn("Failed TIOCSCTTY");
/* The getty process is usually responsible for the UTMP login record */
utmp_set_login(tty, NULL);
/* Set up TTY, re-enabling ISIG et al. */
stty(fd, B0);
close(fd);
/* Start /bin/sh as a login shell, i.e. with a prefix '-' */
len = strlen(_PATH_BSHELL) + 2;
arg0 = malloc(len);
if (!arg0)
err(1, "Failed allocating memory");
snprintf(arg0, len, "-%s", _PATH_BSHELL);
args[0] = arg0;
/* Reenable Ctrl-D and Ctrl-C, and ... */
if (!tcgetattr(STDIN_FILENO, &term)) {
term.c_lflag |= ISIG;
term.c_cc[VEOF] = CTL('D');
term.c_cc[VINTR] = CTL('C');
tcsetattr(STDIN_FILENO, TCSANOW, &term);
}
/* ... unblock signals in general */
sig_unblock();
return execv(_PATH_BSHELL, args);
}
void ptyint_vhangup(void)
{
#ifdef HAVE_VHANGUP
#ifdef POSIX_SIGNALS
struct sigaction sa;
/* Initialize "sa" structure. */
(void) sigemptyset(&sa.sa_mask);
sa.sa_flags = 0;
#endif
#ifdef POSIX_SIGNALS
sa.sa_handler = SIG_IGN;
(void) sigaction(SIGHUP, &sa, (struct sigaction *)0);
vhangup();
sa.sa_handler = SIG_DFL;
(void) sigaction(SIGHUP, &sa, (struct sigaction *)0);
#else
signal(SIGHUP, SIG_IGN);
vhangup();
signal(SIGHUP, SIG_DFL);
#endif
#endif
}
int main(int argc, char **argv)
{
int lc;
char *msg;
pid_t pid, pid1;
int status;
/* parse standard options */
if ((msg = parse_opts(argc, argv, NULL, NULL)) !=
NULL) {
tst_brkm(TBROK, NULL, "OPTION PARSING ERROR - %s", msg);
}
setup();
for (lc = 0; TEST_LOOPING(lc); lc++) {
/* reset Tst_count in case we are looping */
Tst_count = 0;
fail = 0;
if ((pid = FORK_OR_VFORK()) < 0) {
tst_brkm(TFAIL, cleanup, "fork failed");
} else if (pid > 0) { /* parent */
waitpid(pid, &status, 0);
_exit(0);
} else { /* child */
pid1 = setsid();
if (pid1 < 0) {
tst_brkm(TFAIL, cleanup, "setsid failed");
}
TEST(vhangup());
if (TEST_RETURN == -1) {
tst_resm(TFAIL, "vhangup() failed, errno:%d",
errno);
} else {
tst_resm(TPASS, "vhangup() succeeded");
}
}
}
cleanup();
tst_exit();
}
int main(int argc, char **argv)
{
int lc;
pid_t pid, pid1;
int status;
tst_parse_opts(argc, argv, NULL, NULL);
setup();
for (lc = 0; TEST_LOOPING(lc); lc++) {
/* reset tst_count in case we are looping */
tst_count = 0;
fail = 0;
if ((pid = FORK_OR_VFORK()) < 0) {
tst_brkm(TFAIL, cleanup, "fork failed");
} else if (pid > 0) { /* parent */
waitpid(pid, &status, 0);
_exit(0);
} else { /* child */
pid1 = setsid();
if (pid1 < 0) {
tst_brkm(TFAIL, cleanup, "setsid failed");
}
TEST(vhangup());
if (TEST_RETURN == -1) {
tst_resm(TFAIL, "vhangup() failed, errno:%d",
errno);
} else {
tst_resm(TPASS, "vhangup() succeeded");
}
}
}
cleanup();
tst_exit();
}
static void do_work(const char *tty)
{
char buf[256];
unsigned int cnt = 0;
unsigned int errc = 0;
int fd, con;
pid_t pid;
if (signal(SIGHUP, SIG_IGN) == SIG_ERR)
err(1, "signal(SIGHUP)");
setsid();
pid = getpid();
con = open("/tmp/aaa", O_WRONLY|O_NOCTTY|O_CREAT|O_APPEND);
if (con < 0)
err(2, "open cons");
while (1) {
if (!(cnt++ % 10000)) {
int len = sprintf(buf, "%d: err=%x\n", pid, errc);
write(con, buf, len);
errc = 0;
}
fd = open(tty, O_RDWR|O_NOCTTY);
if (fd < 0) {
errc |= 1;
continue;
}
if (ioctl(fd, TIOCSCTTY, 1))
errc |= 2;
else if (vhangup())
errc |= 4;
close(fd);
usleep(200 * (10 + random() % 50));
}
close(con);
exit(errc);
}
/**
* Secure the TTY from spying
*
* @param group The group, -1 for unchanged
*/
void secure_tty(gid_t group)
{
struct termios tty;
struct termios saved_tty;
char* tty_device;
int fd, i;
/* Set ownership of this TTY to root:root */
chown_tty(0, group, 1);
/* Get TTY name for last part of this functions */
tty_device = ttyname(STDIN_FILENO);
/* Kill other processes on this TTY */
tcgetattr(STDIN_FILENO, &tty);
saved_tty = tty;
tty.c_cflag &= (tcflag_t)~HUPCL;
tcsetattr(0, TCSANOW, &tty);
close(STDIN_FILENO);
close(STDOUT_FILENO);
close(STDERR_FILENO);
signal(SIGHUP, SIG_IGN);
vhangup();
signal(SIGHUP, SIG_DFL);
/* Restore terminal and TTY modes */
fd = open(tty_device, O_RDWR | O_NONBLOCK);
if (fd == -1)
fail("open");
fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) & ~O_NONBLOCK);
for (i = 0; i < fd; i++)
close(i);
for (i = 0; i < 3; i++)
if (i != fd)
dup2(fd, i);
if (fd > 2)
close(fd);
tcgetattr(STDIN_FILENO, &saved_tty);
}
int main(int argc, char **argv)
{
int lc;
pid_t pid;
int retval;
tst_parse_opts(argc, argv, NULL, NULL);
setup();
for (lc = 0; TEST_LOOPING(lc); lc++) {
tst_count = 0;
if ((pid = FORK_OR_VFORK()) < 0) {
tst_brkm(TFAIL, NULL, "fork failed");
} else if (pid > 0) {
tst_record_childstatus(NULL, pid);
} else {
retval = setreuid(nobody_uid, nobody_uid);
if (retval < 0) {
perror("setreuid");
tst_brkm(TFAIL, NULL, "setreuid failed");
}
TEST(vhangup());
if (TEST_RETURN != -1) {
tst_brkm(TFAIL, NULL, "vhangup() failed to "
"fail");
} else if (TEST_ERRNO == EPERM) {
tst_resm(TPASS, "Got EPERM as expected.");
} else {
tst_resm(TFAIL, "expected EPERM got %d",
TEST_ERRNO);
}
}
}
tst_exit();
}
Boolean ssh_pty_internal_make_ctty(int *ttyfd, const char *ttyname)
{
int fd;
/* First disconnect from the old controlling tty. */
#ifdef TIOCNOTTY
fd = open("/dev/tty", O_RDWR|O_NOCTTY);
if (fd >= 0)
{
(void)ioctl(fd, TIOCNOTTY, NULL);
close(fd);
}
#endif /* TIOCNOTTY */
/* Verify that we are successfully disconnected from the controlling tty. */
fd = open("/dev/tty", O_RDWR|O_NOCTTY);
if (fd >= 0)
{
ssh_warning("Failed to disconnect from controlling tty.");
close(fd);
}
/* Make it our controlling tty. */
#ifdef TIOCSCTTY
ssh_debug("Setting controlling tty using TIOCSCTTY.");
/* We ignore errors from this, because HPSUX defines TIOCSCTTY, but returns
EINVAL with these arguments, and there is absolutely no documentation. */
ioctl(*ttyfd, TIOCSCTTY, NULL);
#endif /* TIOCSCTTY */
#ifdef HAVE_SETPGID
/* This appears to be necessary on some machines... */
setpgid(0, 0);
#endif
fd = open(ttyname, O_RDWR);
if (fd < 0)
ssh_warning("%.100s: %.100s", ttyname, strerror(errno));
else
close(fd);
/* Verify that we now have a controlling tty. */
fd = open("/dev/tty", O_WRONLY);
if (fd < 0)
{
ssh_warning("open /dev/tty failed; could not set controlling tty: %",
strerror(errno));
return FALSE;
}
close(fd);
#if defined(HAVE_VHANGUP) && !defined(HAVE_REVOKE)
signal(SIGHUP, SIG_IGN);
vhangup();
signal(SIGHUP, SIG_DFL);
fd = open(ttyname, O_RDWR);
if (fd == -1)
ssh_warning("pty_make_controlling_tty: reopening controlling tty after vhangup failed for %.100s",
ttyname);
close(*ttyfd);
*ttyfd = fd;
#endif /* HAVE_VHANGUP && !HAVE_REVOKE */
return TRUE;
}
int main()
{
/* Variables */
int fd;
int stdout_fileno;
char *username;
char *home;
char *conf_file_name;
/* Initialize variables */
afterlist = ul_create(8);
beforelist = ul_create(8);
stdout_fileno = fileno(stdout);
/* Get our username */
struct passwd *p = getpwuid(getuid());
if(p == NULL)
fatalperror("getpwuid");
/* warning - username will now point to a static area, subsequent getpwuid calls may overwite it */
username = p->pw_name;
/* Get our home directory */
home = getenv("HOME");
if(home == NULL)
fatalerror("$HOME is not set.\n");
conf_file_name = malloc(strlen(home) + 1 + strlen(conf_file_basename) + 1);
strcpy(conf_file_name, home);
strcat(conf_file_name, "/");
strcat(conf_file_name, conf_file_basename);
/* Set up atexit */
atexit(free_mem_on_exit);
/* Read conf file */
config = load_config(conf_file_name);
/* If we are supposed to print a user list upon startup, do it now, before fork()ing */
if(config->initialshow)
{
struct userlist *ls = ul_create(8);
ul_populate(ls);
ul_sort(ls);
if(ls->array[0] == NULL)
{
printf("No users logged in.\n");
}
else
{
printf("Users logged in: ");
for(int i = 0; ls->array[i] != NULL; i++)
{
if(i > 0 && !strcmp(ls->array[i], ls->array[i-1]))
continue;
printf("%s, ", ls->array[i]);
}
printf("\b\b \n");
}
ul_free(ls);
}
/* If we aren't supposed to listen to INs *or* OUTs, no point in continuing */
if(!config->listen_ins && !config->listen_outs)
exit(EXIT_SUCCESS);
/* If we are forking, fork() and then exit the parent */
if(config->forking)
{
pid_t pid = fork();
if(pid > 0)
exit(0);
else if(pid == -1)
fatalperror("fork");
/* This setpgid() call changes the process-group ID so 'w' reports the shell (not us!) as the current command */
setpgid(getpid(),getpid());
/* Close stdin, and hang up the TTY, since we really can't access them from the "background" */
close(STDIN_FILENO);
vhangup();
}
/* Set up child-reaping for login-command */
signal(SIGCHLD, SIG_IGN);
/* Start and setup inotify */
fd = inotify_init();
if(fd < 0)
fatalperror("inotify_init");
if(inotify_add_watch(fd, _PATH_UTMP, IN_MODIFY) < 0)
fatalperror("inotify_add_watch");
while(1)
{
ul_populate(beforelist);
/* If we are fork()ing, we want to monitor stdout, which requires us to use select() with a timeout */
if(config->forking)
{
watch_and_wait(fd, stdout_fileno);
}
struct inotify_event evt;
if(read(fd, &evt, sizeof(struct inotify_event)) < 0)
fatalperror("read");
ul_populate(afterlist);
int firstlen = ul_count(beforelist);
int secondlen = ul_count(afterlist);
if(firstlen == secondlen)
{
continue;
}
else if(firstlen > secondlen)
{
char *r = ul_subtract(beforelist, afterlist);
if(r == NULL)
continue;
if(!strcmp(r, username))
continue;
if(config->listen_outs)
on_logout(r);
}
else
{
char *r = ul_subtract(afterlist, beforelist);
if(r == NULL)
continue;
if(!strcmp(r, username))
continue;
if(config->listen_ins)
on_login(r);
}
if(config->oneshot)
{
exit(0);
}
}
exit(SUCCESS);
}
int
main(int argc, char *argv[])
{
char term[128], logname[LOGIN_NAME_MAX], c;
char hostname[HOST_NAME_MAX + 1];
struct utmp usr;
struct sigaction sa;
FILE *fp;
int fd;
unsigned int i = 0;
ssize_t n;
long pos;
ARGBEGIN {
default:
usage();
} ARGEND;
strlcpy(term, defaultterm, sizeof(term));
if (argc > 0) {
tty = argv[0];
if (argc > 1)
strlcpy(term, argv[1], sizeof(term));
}
sa.sa_handler = SIG_IGN;
sa.sa_flags = 0;
sigemptyset(&sa.sa_mask);
sigaction(SIGHUP, &sa, NULL);
setenv("TERM", term, 1);
setsid();
fd = open(tty, O_RDWR);
if (fd < 0)
eprintf("open %s:", tty);
if (isatty(fd) == 0)
eprintf("%s is not a tty\n", tty);
/* steal the controlling terminal if necessary */
if (ioctl(fd, TIOCSCTTY, (void *)1) != 0)
weprintf("TIOCSCTTY: could not set controlling tty\n");
vhangup();
close(fd);
fd = open(tty, O_RDWR);
if (fd < 0)
eprintf("open %s:", tty);
dup2(fd, 0);
dup2(fd, 1);
dup2(fd, 2);
if (fchown(fd, 0, 0) < 0)
weprintf("fchown %s:", tty);
if (fchmod(fd, 0600) < 0)
weprintf("fchmod %s:", tty);
if (fd > 2)
close(fd);
sa.sa_handler = SIG_DFL;
sa.sa_flags = 0;
sigemptyset(&sa.sa_mask);
sigaction(SIGHUP, &sa, NULL);
/* Clear all utmp entries for this tty */
fp = fopen(UTMP_PATH, "r+");
if (fp) {
do {
pos = ftell(fp);
if (fread(&usr, sizeof(usr), 1, fp) != 1)
break;
if (usr.ut_line[0] == '\0')
continue;
if (strcmp(usr.ut_line, tty) != 0)
continue;
memset(&usr, 0, sizeof(usr));
fseek(fp, pos, SEEK_SET);
if (fwrite(&usr, sizeof(usr), 1, fp) != 1)
break;
} while (1);
if (ferror(fp))
weprintf("%s: I/O error:", UTMP_PATH);
fclose(fp);
}
if (argc > 2)
return execvp(argv[2], argv + 2);
if (gethostname(hostname, sizeof(hostname)) == 0)
printf("%s ", hostname);
printf("login: "******"read:");
if (n == 0)
return 1;
if (i >= sizeof(logname) - 1)
eprintf("login name too long\n");
if (c == '\n' || c == '\r')
break;
logname[i++] = c;
}
if (logname[0] == '-')
eprintf("login name cannot start with '-'\n");
if (logname[0] == '\0')
return 1;
return execlp("/bin/login", "login", "-p", logname, NULL);
}
/*
* logoutd - logout daemon to enforce /etc/porttime file policy
*
* logoutd is started at system boot time and enforces the login
* time and port restrictions specified in /etc/porttime. The
* utmpx/utmp file is periodically scanned and offending users are logged
* off from the system.
*/
int main (int argc, char **argv)
{
int i;
int status;
pid_t pid;
#if HAVE_UTMPX_H
struct utmpx *ut;
#else
struct utmp *ut;
#endif
char user[sizeof (ut->ut_user) + 1]; /* terminating NUL */
char tty_name[sizeof (ut->ut_line) + 6]; /* /dev/ + NUL */
int tty_fd;
setlocale (LC_ALL, "");
bindtextdomain (PACKAGE, LOCALEDIR);
textdomain (PACKAGE);
#ifndef DEBUG
for (i = 0; close (i) == 0; i++);
setpgrp ();
/*
* Put this process in the background.
*/
pid = fork ();
if (pid > 0) {
/* parent */
exit (0);
} else if (pid < 0) {
/* error */
perror ("fork");
exit (1);
}
#endif /* !DEBUG */
/*
* Start syslogging everything
*/
Prog = Basename (argv[0]);
OPENLOG ("logoutd");
/*
* Scan the utmpx/utmp file once per minute looking for users that
* are not supposed to still be logged in.
*/
while (1) {
/*
* Attempt to re-open the utmpx/utmp file. The file is only
* open while it is being used.
*/
#if HAVE_UTMPX_H
setutxent ();
#else
setutent ();
#endif
/*
* Read all of the entries in the utmpx/utmp file. The entries
* for login sessions will be checked to see if the user
* is permitted to be signed on at this time.
*/
#if HAVE_UTMPX_H
while ((ut = getutxent ())) {
#else
while ((ut = getutent ())) {
#endif
#ifdef USER_PROCESS
if (ut->ut_type != USER_PROCESS)
continue;
#endif
if (ut->ut_user[0] == '\0')
continue;
if (check_login (ut))
continue;
/*
* Put the rest of this in a child process. This
* keeps the scan from waiting on other ports to die.
*/
pid = fork ();
if (pid > 0) {
/* parent */
continue;
} else if (pid < 0) {
/* failed - give up until the next scan */
break;
}
/* child */
if (strncmp (ut->ut_line, "/dev/", 5) != 0)
strcpy (tty_name, "/dev/");
else
tty_name[0] = '\0';
strcat (tty_name, ut->ut_line);
#ifndef O_NOCTTY
#define O_NOCTTY 0
#endif
tty_fd =
open (tty_name, O_WRONLY | O_NDELAY | O_NOCTTY);
if (tty_fd != -1) {
send_mesg_to_tty (tty_fd);
close (tty_fd);
sleep (10);
}
#ifdef USER_PROCESS /* USG_UTMP */
if (ut->ut_pid > 1) {
kill (-ut->ut_pid, SIGHUP);
sleep (10);
kill (-ut->ut_pid, SIGKILL);
}
#else /* BSD || SUN || SUN4 */
/*
* vhangup() the line to kill try and kill
* whatever is out there using it.
*/
if ((tty_fd =
open (tty_name, O_RDONLY | O_NDELAY)) == -1)
continue;
vhangup (tty_fd);
close (tty_fd);
#endif /* BSD || SUN || SUN4 */
strncpy (user, ut->ut_user, sizeof (user) - 1);
user[sizeof (user) - 1] = '\0';
SYSLOG ((LOG_NOTICE,
"logged off user `%s' on `%s'", user,
tty_name));
/*
* This child has done all it can, drop dead.
*/
exit (0);
}
#if HAVE_UTMPX_H
endutxent ();
#else
endutent ();
#endif
#ifndef DEBUG
sleep (60);
#endif
/*
* Reap any dead babies ...
*/
while (wait (&status) != -1);
}
return 1;
/* NOT REACHED */
}
pid_t run_getty(char *cmd, char *args[], int console)
{
pid_t pid = fork();
if (!pid) {
int fd;
char c;
if (console) {
/* Detach from initial controlling TTY */
vhangup();
close(STDERR_FILENO);
close(STDOUT_FILENO);
close(STDIN_FILENO);
/* Attach TTY to console */
fd = open(CONSOLE, O_RDWR);
if (fd != STDIN_FILENO)
exit(1);
dup2(0, STDIN_FILENO);
dup2(0, STDOUT_FILENO);
dup2(0, STDERR_FILENO);
prctl(PR_SET_NAME, "console", 0, 0, 0);
}
sig_unblock();
setsid();
if (ioctl(STDIN_FILENO, TIOCSCTTY, 1) < 0)
_pe("Failed TIOCSCTTY");
while (!fexist(SYNC_SHUTDOWN)) {
static const char msg[] = "\nPlease press Enter to activate this console.";
if (fexist(SYNC_STOPPED)) {
sleep(1);
continue;
}
if (console) {
(void)write(STDERR_FILENO, msg, sizeof(msg));
while (read(STDIN_FILENO, &c, 1) == 1 && c != '\n')
continue;
}
if (fexist(SYNC_STOPPED))
continue;
execv(cmd, args);
}
if (console)
close(fd);
exit(0);
}
return pid;
}
/* pty_make_controlling_tty: Makes the slave pty the controlling terminal.
*
* slavefd contains the descriptor for the slave side of a pseudo terminal.
* slavename: the device name of the slave side of the pseudo terminal
* Returns : 0 on success or -1 on error.
*
* NOTE: The descriptor of the resulting controlling terminal will be stored
* in slavefd.
*/
int pty_make_controlling_tty(int *slavefd, const char *slavename)
{
int fd;
#ifdef USE_VHANGUP
void (*old) (int);
#endif /* USE_VHANGUP */
if (!slavefd || *slavefd < 0 || !slavename)
return set_errno(EINVAL);
/* First disconnect from the old controlling tty */
#ifdef TIOCNOTTY
if ((fd = open(PATH_TTY, O_RDWR | O_NOCTTY)) >= 0) {
ioctl(fd, TIOCNOTTY, NULL);
close(fd);
}
#endif /* TIOCNOTTY */
setsid();
/*
* Verify that we are successfully disconnected from the controlling
* tty.
*/
#if 0
if ((fd = open(PATH_TTY, O_RDWR | O_NOCTTY)) >= 0) {
close(fd);
return set_errno(ENXIO);
}
#endif
/* Make it our controlling tty */
#ifdef TIOCSCTTY
if (ioctl(*slavefd, TIOCSCTTY, NULL) == -1)
return -1;
#endif /* TIOCSCTTY */
#ifdef HAVE_NEWS4
setpgrp(0, 0);
#endif /* HAVE_NEWS4 */
#ifdef USE_VHANGUP
old = signal(SIGHUP, SIG_IGN);
vhangup();
signal(SIGHUP, old);
#endif /* USE_VHANGUP */
/* Why do this? */
if ((fd = open(slavename, O_RDWR)) >= 0) {
#ifdef USE_VHANGUP
close(*slavefd);
*slavefd = fd;
#else /* USE_VHANGUP */
close(fd);
#endif /* USE_VHANGUP */
}
/* Verify that we now have a controlling tty */
if ((fd = open(PATH_TTY, O_RDWR)) == -1)
return -1;
close(fd);
return 0;
}
static void stage_capability_test(void)
{
char tmp1[128];
char tmp2[128];
memset(tmp1, 0, sizeof(tmp1));
memset(tmp2, 0, sizeof(tmp2));
capability = "inet_tcp_create";
set_capability();
if (write_policy()) {
int fd = socket(AF_INET, SOCK_STREAM, 0);
show_result(fd, 1);
if (fd != EOF)
close(fd);
delete_policy();
fd = socket(AF_INET, SOCK_STREAM, 0);
show_result(fd, 0);
if (fd != EOF)
close(fd);
}
unset_capability();
{
int fd1 = socket(AF_INET, SOCK_STREAM, 0);
int fd2 = socket(AF_INET, SOCK_STREAM, 0);
int fd3 = socket(AF_INET, SOCK_STREAM, 0);
int fd4 = socket(AF_INET, SOCK_STREAM, 0);
struct sockaddr_in addr;
socklen_t size = sizeof(addr);
memset(&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
addr.sin_port = htons(0);
bind(fd1, (struct sockaddr *) &addr, sizeof(addr));
bind(fd2, (struct sockaddr *) &addr, sizeof(addr));
bind(fd3, (struct sockaddr *) &addr, sizeof(addr));
bind(fd4, (struct sockaddr *) &addr, sizeof(addr));
getsockname(fd1, (struct sockaddr *) &addr, &size);
capability = "inet_tcp_listen";
set_capability();
if (write_policy()) {
show_result(listen(fd1, 5), 1);
delete_policy();
show_result(listen(fd2, 5), 0);
}
unset_capability();
capability = "inet_tcp_connect";
set_capability();
if (write_policy()) {
show_result(connect(fd3, (struct sockaddr *) &addr,
sizeof(addr)), 1);
delete_policy();
show_result(connect(fd4, (struct sockaddr *) &addr,
sizeof(addr)), 0);
}
unset_capability();
if (fd1 != EOF)
close(fd1);
if (fd2 != EOF)
close(fd2);
if (fd3 != EOF)
close(fd3);
if (fd4 != EOF)
close(fd4);
}
capability = "use_inet_udp";
set_capability();
if (write_policy()) {
int fd = socket(AF_INET, SOCK_DGRAM, 0);
show_result(fd, 1);
if (fd != EOF)
close(fd);
delete_policy();
fd = socket(AF_INET, SOCK_DGRAM, 0);
show_result(fd, 0);
if (fd != EOF)
close(fd);
}
unset_capability();
capability = "use_inet_ip";
set_capability();
if (write_policy()) {
int fd = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
show_result(fd, 1);
if (fd != EOF)
close(fd);
delete_policy();
fd = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
show_result(fd, 0);
if (fd != EOF)
close(fd);
}
unset_capability();
capability = "use_route";
set_capability();
if (write_policy()) {
int fd = socket(AF_ROUTE, SOCK_RAW, 0);
show_result(fd, 1);
if (fd != EOF)
close(fd);
delete_policy();
fd = socket(AF_ROUTE, SOCK_RAW, 0);
show_result(fd, 0);
if (fd != EOF)
close(fd);
}
unset_capability();
capability = "use_packet";
set_capability();
if (write_policy()) {
int fd = socket(AF_PACKET, SOCK_RAW, 0);
show_result(fd, 1);
if (fd != EOF)
close(fd);
delete_policy();
fd = socket(AF_PACKET, SOCK_RAW, 0);
show_result(fd, 0);
if (fd != EOF)
close(fd);
}
unset_capability();
capability = "use_kernel_module";
set_capability();
if (write_policy()) {
if (!is_kernel26)
show_result((int) create_module("", 0), 1);
show_result(init_module("", NULL), 1);
show_result(delete_module(""), 1);
delete_policy();
if (!is_kernel26)
show_result((int) create_module("", 0), 0);
show_result(init_module("", NULL), 0);
show_result(delete_module(""), 0);
}
unset_capability();
capability = "create_fifo";
set_capability();
if (write_policy()) {
strcpy(tmp1, "/tmp/XXXXXX");
close(mkstemp(tmp1));
unlink(tmp1);
show_result(mknod(tmp1, S_IFIFO, 0), 1);
unlink(tmp1);
delete_policy();
show_result(mknod(tmp1, S_IFIFO, 0), 0);
unlink(tmp1);
}
unset_capability();
capability = "create_block_dev";
set_capability();
if (write_policy()) {
strcpy(tmp1, "/tmp/XXXXXX");
close(mkstemp(tmp1));
unlink(tmp1);
show_result(mknod(tmp1, S_IFBLK, MKDEV(1, 0)), 1);
unlink(tmp1);
delete_policy();
show_result(mknod(tmp1, S_IFBLK, MKDEV(1, 0)), 0);
unlink(tmp1);
}
unset_capability();
capability = "create_char_dev";
set_capability();
if (write_policy()) {
strcpy(tmp1, "/tmp/XXXXXX");
close(mkstemp(tmp1));
unlink(tmp1);
show_result(mknod(tmp1, S_IFCHR, MKDEV(1, 3)), 1);
unlink(tmp1);
delete_policy();
show_result(mknod(tmp1, S_IFCHR, MKDEV(1, 3)), 0);
unlink(tmp1);
}
unset_capability();
capability = "create_unix_socket";
set_capability();
if (write_policy()) {
strcpy(tmp1, "/tmp/XXXXXX");
close(mkstemp(tmp1));
unlink(tmp1);
show_result(mknod(tmp1, S_IFSOCK, 0), 1);
unlink(tmp1);
delete_policy();
show_result(mknod(tmp1, S_IFSOCK, 0), 0);
unlink(tmp1);
}
if (write_policy()) {
struct sockaddr_un addr;
int fd1 = socket(AF_UNIX, SOCK_STREAM, 0);
int fd2 = socket(AF_UNIX, SOCK_STREAM, 0);
memset(&addr, 0, sizeof(addr));
addr.sun_family = AF_UNIX;
strcpy(tmp1, "/tmp/XXXXXX");
strncpy(addr.sun_path, tmp1, sizeof(addr.sun_path) - 1);
show_result(bind(fd1, (struct sockaddr *) &addr, sizeof(addr)),
1);
unlink(tmp1);
delete_policy();
show_result(bind(fd2, (struct sockaddr *) &addr, sizeof(addr)),
0);
unlink(tmp1);
if (fd1 != EOF)
close(fd1);
if (fd2 != EOF)
close(fd2);
}
unset_capability();
capability = "SYS_MOUNT";
set_capability();
if (write_policy()) {
show_result(mount("/", "/", "tmpfs", 0, NULL), 1);
delete_policy();
show_result(mount("/", "/", "tmpfs", 0, NULL), 0);
}
unset_capability();
capability = "SYS_UMOUNT";
set_capability();
if (write_policy()) {
mount("/tmp", "/tmp", "tmpfs", 0, NULL);
show_result(umount("/tmp"), 1);
delete_policy();
mount("/tmp", "/tmp", "tmpfs", 0, NULL);
show_result(umount("/"), 0);
}
unset_capability();
capability = "SYS_REBOOT";
set_capability();
if (write_policy()) {
FILE *fp = fopen("/proc/sys/kernel/ctrl-alt-del", "a+");
unsigned int c;
if (fp && fscanf(fp, "%u", &c) == 1) {
show_result(reboot(LINUX_REBOOT_CMD_CAD_ON), 1);
delete_policy();
show_result(reboot(LINUX_REBOOT_CMD_CAD_ON), 0);
fprintf(fp, "%u\n", c);
} else {
/* Use invalid value */
show_result(reboot(0x0000C0DE), 1);
delete_policy();
show_result(reboot(0x0000C0DE), 0);
}
if (fp)
fclose(fp);
}
unset_capability();
capability = "SYS_CHROOT";
set_capability();
if (write_policy()) {
show_result(chroot("/"), 1);
delete_policy();
show_result(chroot("/"), 0);
}
unset_capability();
capability = "SYS_PIVOT_ROOT";
set_capability();
if (write_policy()) {
int error;
char *stack = malloc(8192);
pid_t pid = clone(child, stack + (8192 / 2), CLONE_NEWNS, NULL);
while (waitpid(pid, &error, __WALL) == EOF && errno == EINTR)
error += 0; /* Dummy. */
errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1;
show_result(errno ? EOF : 0, 1);
delete_policy();
pid = clone(child, stack + (8192 / 2), CLONE_NEWNS, NULL);
while (waitpid(pid, &error, __WALL) == EOF && errno == EINTR)
error += 0; /* Dummy. */
errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1;
show_result(errno ? EOF : 0, 0);
free(stack);
}
unset_capability();
signal(SIGINT, SIG_IGN);
capability = "SYS_KILL";
set_capability();
if (write_policy()) {
show_result(kill(pid, SIGINT), 1);
show_result(tkill(gettid(), SIGINT), 1);
#ifdef __NR_tgkill
if (is_kernel26)
show_result(tgkill(pid, gettid(), SIGINT), 1);
#endif
delete_policy();
show_result(kill(pid, SIGINT), 0);
show_result(tkill(gettid(), SIGINT), 0);
#ifdef __NR_tgkill
if (is_kernel26)
show_result(tgkill(pid, gettid(), SIGINT), 0);
#endif
}
unset_capability();
signal(SIGINT, SIG_DFL);
capability = "SYS_KEXEC_LOAD";
set_capability();
if (write_policy()) {
#ifdef __NR_sys_kexec_load
if (is_kernel26)
show_result(sys_kexec_load(0, 0, NULL, 0), 1);
#endif
delete_policy();
#ifdef __NR_sys_kexec_load
if (is_kernel26)
show_result(sys_kexec_load(0, 0, NULL, 0), 0);
#endif
}
unset_capability();
capability = "SYS_VHANGUP";
set_capability();
if (write_policy()) {
int pty_fd = EOF, status = 0;
int pipe_fd[2] = { EOF, EOF };
pipe(pipe_fd);
switch (forkpty(&pty_fd, NULL, NULL, NULL)) {
case 0:
errno = 0;
vhangup();
/* Unreachable if vhangup() succeeded. */
status = errno;
write(pipe_fd[1], &status, sizeof(status));
_exit(0);
case -1:
fprintf(stderr, "forkpty() failed.\n");
break;
default:
close(pipe_fd[1]);
read(pipe_fd[0], &status, sizeof(status));
wait(NULL);
close(pipe_fd[0]);
close(pty_fd);
errno = status;
show_result(status ? EOF : 0, 1);
}
delete_policy();
status = 0;
pipe(pipe_fd);
switch (forkpty(&pty_fd, NULL, NULL, NULL)) {
case 0:
errno = 0;
vhangup();
/* Unreachable if vhangup() succeeded. */
status = errno;
write(pipe_fd[1], &status, sizeof(status));
_exit(0);
case -1:
fprintf(stderr, "forkpty() failed.\n");
break;
default:
close(pipe_fd[1]);
read(pipe_fd[0], &status, sizeof(status));
wait(NULL);
close(pipe_fd[0]);
close(pty_fd);
errno = status;
show_result(status ? EOF : 0, 0);
}
}
unset_capability();
capability = "SYS_TIME";
set_capability();
if (write_policy()) {
struct timeval tv;
struct timezone tz;
struct timex buf;
time_t now = time(NULL);
show_result(stime(&now), 1);
gettimeofday(&tv, &tz);
show_result(settimeofday(&tv, &tz), 1);
memset(&buf, 0, sizeof(buf));
buf.modes = 0x100; /* Use invalid value so that the clock
won't change. */
show_result(adjtimex(&buf), 1);
delete_policy();
now = time(NULL);
show_result(stime(&now), 0);
gettimeofday(&tv, &tz);
show_result(settimeofday(&tv, &tz), 0);
memset(&buf, 0, sizeof(buf));
buf.modes = 0x100; /* Use invalid value so that the clock
won't change. */
show_result(adjtimex(&buf), 0);
}
unset_capability();
capability = "SYS_NICE";
set_capability();
if (write_policy()) {
show_result(nice(0), 1);
show_result(setpriority(PRIO_PROCESS, pid,
getpriority(PRIO_PROCESS, pid)), 1);
delete_policy();
show_result(nice(0), 0);
show_result(setpriority(PRIO_PROCESS, pid,
getpriority(PRIO_PROCESS, pid)), 0);
}
unset_capability();
capability = "SYS_SETHOSTNAME";
set_capability();
if (write_policy()) {
char buffer[4096];
memset(buffer, 0, sizeof(buffer));
gethostname(buffer, sizeof(buffer) - 1);
show_result(sethostname(buffer, strlen(buffer)), 1);
getdomainname(buffer, sizeof(buffer) - 1);
show_result(setdomainname(buffer, strlen(buffer)), 1);
delete_policy();
gethostname(buffer, sizeof(buffer) - 1);
show_result(sethostname(buffer, strlen(buffer)), 0);
getdomainname(buffer, sizeof(buffer) - 1);
show_result(setdomainname(buffer, strlen(buffer)), 0);
}
unset_capability();
capability = "SYS_LINK";
set_capability();
if (write_policy()) {
strcpy(tmp1, "/tmp/link_source_XXXXXX");
close(mkstemp(tmp1));
strcpy(tmp2, "/tmp/link_target_XXXXXX");
show_result(link(tmp1, tmp2), 1);
unlink(tmp2);
unlink(tmp1);
delete_policy();
strcpy(tmp1, "/tmp/link_source_XXXXXX");
close(mkstemp(tmp1));
strcpy(tmp2, "/tmp/link_target_XXXXXX");
show_result(link(tmp1, tmp2), 0);
unlink(tmp2);
unlink(tmp1);
}
unset_capability();
capability = "SYS_SYMLINK";
set_capability();
if (write_policy()) {
strcpy(tmp1, "/tmp/symlink_target_XXXXXX");
close(mkstemp(tmp1));
strcpy(tmp2, "/tmp/symlink_source_XXXXXX");
show_result(symlink(tmp1, tmp2), 1);
unlink(tmp2);
unlink(tmp1);
delete_policy();
strcpy(tmp1, "/tmp/symlink_target_XXXXXX");
close(mkstemp(tmp1));
strcpy(tmp2, "/tmp/symlink_source_XXXXXX");
show_result(symlink(tmp1, tmp2), 0);
unlink(tmp2);
unlink(tmp1);
}
unset_capability();
capability = "SYS_RENAME";
set_capability();
if (write_policy()) {
strcpy(tmp1, "/tmp/rename_old_XXXXXX");
close(mkstemp(tmp1));
strcpy(tmp2, "/tmp/rename_new_XXXXXX");
show_result(rename(tmp1, tmp2), 1);
unlink(tmp2);
unlink(tmp1);
delete_policy();
strcpy(tmp1, "/tmp/rename_old_XXXXXX");
close(mkstemp(tmp1));
strcpy(tmp2, "/tmp/rename_new_XXXXXX");
show_result(rename(tmp1, tmp2), 0);
unlink(tmp2);
unlink(tmp1);
}
unset_capability();
capability = "SYS_UNLINK";
set_capability();
if (write_policy()) {
strcpy(tmp1, "/tmp/unlinkXXXXXX");
close(mkstemp(tmp1));
show_result(unlink(tmp1), 1);
delete_policy();
strcpy(tmp1, "/tmp/unlinkXXXXXX");
close(mkstemp(tmp1));
show_result(unlink(tmp1), 0);
}
unset_capability();
unlink(tmp1);
capability = "SYS_CHMOD";
set_capability();
if (write_policy()) {
show_result(chmod("/dev/null", 0222), 1);
delete_policy();
show_result(chmod("/dev/null", 0444), 0);
}
unset_capability();
chmod("/dev/null", 0666);
capability = "SYS_CHOWN";
set_capability();
if (write_policy()) {
show_result(chown("/dev/null", 1, 1), 1);
delete_policy();
show_result(chown("/dev/null", 2, 2), 0);
}
unset_capability();
chown("/dev/null", 0, 0);
capability = "SYS_IOCTL";
set_capability();
if (0 && write_policy()) {
int fd = open("/dev/null", O_RDONLY);
show_result(ioctl(fd, 0 /* Use invalid value so that nothing
happen. */), 1);
delete_policy();
show_result(ioctl(fd, 0 /* Use invalid value so that nothing
happen. */), 0);
close(fd);
}
if (write_policy()) {
struct ifreq ifreq;
int fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
memset(&ifreq, 0, sizeof(ifreq));
snprintf(ifreq.ifr_name, sizeof(ifreq.ifr_name) - 1, "lo");
show_result(ioctl(fd, 35123, &ifreq), 1);
delete_policy();
show_result(ioctl(fd, 35123, &ifreq), 0);
close(fd);
}
unset_capability();
capability = "SYS_PTRACE";
set_capability();
if (write_policy()) {
int status = 0;
int pipe_fd[2] = { EOF, EOF };
pipe(pipe_fd);
switch (fork()) {
case 0:
errno = 0;
ptrace(PTRACE_TRACEME, 0, NULL, NULL);
status = errno;
write(pipe_fd[1], &status, sizeof(status));
_exit(0);
case -1:
fprintf(stderr, "fork() failed.\n");
break;
default:
close(pipe_fd[1]);
read(pipe_fd[0], &status, sizeof(status));
wait(NULL);
close(pipe_fd[0]);
errno = status;
show_result(status ? EOF : 0, 1);
}
delete_policy();
status = 0;
pipe(pipe_fd);
switch (fork()) {
case 0:
errno = 0;
ptrace(PTRACE_TRACEME, 0, NULL, NULL);
status = errno;
write(pipe_fd[1], &status, sizeof(status));
_exit(0);
case -1:
fprintf(stderr, "fork() failed.\n");
break;
default:
close(pipe_fd[1]);
read(pipe_fd[0], &status, sizeof(status));
wait(NULL);
close(pipe_fd[0]);
errno = status;
show_result(status ? EOF : 0, 0);
}
}
unset_capability();
}
/*
* Reads the currect terminal path and initializes cxt->tty_* variables.
*/
static void init_tty(struct login_context *cxt)
{
struct stat st;
struct termios tt, ttt;
cxt->tty_mode = (mode_t) getlogindefs_num("TTYPERM", TTY_MODE);
get_terminal_name(0, &cxt->tty_path, &cxt->tty_name, &cxt->tty_number);
/*
* In case login is suid it was possible to use a hardlink as stdin
* and exploit races for a local root exploit. (Wojciech Purczynski).
*
* More precisely, the problem is ttyn := ttyname(0); ...; chown(ttyn);
* here ttyname() might return "/tmp/x", a hardlink to a pseudotty.
* All of this is a problem only when login is suid, which it isn't.
*/
if (!cxt->tty_path || !*cxt->tty_path ||
lstat(cxt->tty_path, &st) != 0 || !S_ISCHR(st.st_mode) ||
(st.st_nlink > 1 && strncmp(cxt->tty_path, "/dev/", 5)) ||
access(cxt->tty_path, R_OK | W_OK) != 0) {
syslog(LOG_ERR, _("FATAL: bad tty"));
sleepexit(EXIT_FAILURE);
}
#ifdef LOGIN_CHOWN_VCS
if (cxt->tty_number) {
/* find names of Virtual Console devices, for later mode change */
snprintf(cxt->vcsn, sizeof(cxt->vcsn), "/dev/vcs%s", cxt->tty_number);
snprintf(cxt->vcsan, sizeof(cxt->vcsan), "/dev/vcsa%s", cxt->tty_number);
}
#endif
tcgetattr(0, &tt);
ttt = tt;
ttt.c_cflag &= ~HUPCL;
if ((fchown(0, 0, 0) || fchmod(0, cxt->tty_mode)) && errno != EROFS) {
syslog(LOG_ERR, _("FATAL: %s: change permissions failed: %m"),
cxt->tty_path);
sleepexit(EXIT_FAILURE);
}
/* Kill processes left on this tty */
tcsetattr(0, TCSANOW, &ttt);
/*
* Let's close file decriptors before vhangup
* https://lkml.org/lkml/2012/6/5/145
*/
close(STDIN_FILENO);
close(STDOUT_FILENO);
close(STDERR_FILENO);
signal(SIGHUP, SIG_IGN); /* so vhangup() wont kill us */
vhangup();
signal(SIGHUP, SIG_DFL);
/* open stdin,stdout,stderr to the tty */
open_tty(cxt->tty_path);
/* restore tty modes */
tcsetattr(0, TCSAFLUSH, &tt);
}
void
pty_make_controlling_tty(int *ttyfd, const char *ttyname)
{
int fd;
#ifdef USE_VHANGUP
void *old;
#endif /* USE_VHANGUP */
#ifdef _UNICOS
if (setsid() < 0)
error("setsid: %.100s", strerror(errno));
fd = open(ttyname, O_RDWR|O_NOCTTY);
if (fd != -1) {
signal(SIGHUP, SIG_IGN);
ioctl(fd, TCVHUP, (char *)NULL);
signal(SIGHUP, SIG_DFL);
setpgid(0, 0);
close(fd);
} else {
error("Failed to disconnect from controlling tty.");
}
debug("Setting controlling tty using TCSETCTTY.");
ioctl(*ttyfd, TCSETCTTY, NULL);
fd = open("/dev/tty", O_RDWR);
if (fd < 0)
error("%.100s: %.100s", ttyname, strerror(errno));
close(*ttyfd);
*ttyfd = fd;
#else /* _UNICOS */
/* First disconnect from the old controlling tty. */
#ifdef TIOCNOTTY
fd = open(_PATH_TTY, O_RDWR | O_NOCTTY);
if (fd >= 0) {
(void) ioctl(fd, TIOCNOTTY, NULL);
close(fd);
}
#endif /* TIOCNOTTY */
if (setsid() < 0)
error("setsid: %.100s", strerror(errno));
/*
* Verify that we are successfully disconnected from the controlling
* tty.
*/
fd = open(_PATH_TTY, O_RDWR | O_NOCTTY);
if (fd >= 0) {
error("Failed to disconnect from controlling tty.");
close(fd);
}
/* Make it our controlling tty. */
#ifdef TIOCSCTTY
debug("Setting controlling tty using TIOCSCTTY.");
if (ioctl(*ttyfd, TIOCSCTTY, NULL) < 0)
error("ioctl(TIOCSCTTY): %.100s", strerror(errno));
#endif /* TIOCSCTTY */
#ifdef HAVE_NEWS4
if (setpgrp(0,0) < 0)
error("SETPGRP %s",strerror(errno));
#endif /* HAVE_NEWS4 */
#ifdef USE_VHANGUP
old = signal(SIGHUP, SIG_IGN);
vhangup();
signal(SIGHUP, old);
#endif /* USE_VHANGUP */
fd = open(ttyname, O_RDWR);
if (fd < 0) {
error("%.100s: %.100s", ttyname, strerror(errno));
} else {
#ifdef USE_VHANGUP
close(*ttyfd);
*ttyfd = fd;
#else /* USE_VHANGUP */
close(fd);
#endif /* USE_VHANGUP */
}
/* Verify that we now have a controlling tty. */
fd = open(_PATH_TTY, O_WRONLY);
if (fd < 0)
error("open /dev/tty failed - could not set controlling tty: %.100s",
strerror(errno));
else
close(fd);
#endif /* _UNICOS */
}
void
pty_make_controlling_tty(int *ttyfd, const char *tty_name)
{
int fd;
#ifdef USE_VHANGUP
void *old;
#endif /* USE_VHANGUP */
/* Solaris has a problem with TIOCNOTTY for a bg process, so
* we disable the signal which would STOP the process - matt */
signal(SIGTTOU, SIG_IGN);
/* First disconnect from the old controlling tty. */
#ifdef TIOCNOTTY
fd = open(_PATH_TTY, O_RDWR | O_NOCTTY);
if (fd >= 0) {
(void) ioctl(fd, TIOCNOTTY, NULL);
close(fd);
}
#endif /* TIOCNOTTY */
if (setsid() < 0) {
dropbear_log(LOG_ERR,
"setsid: %.100s", strerror(errno));
}
/*
* Verify that we are successfully disconnected from the controlling
* tty.
*/
fd = open(_PATH_TTY, O_RDWR | O_NOCTTY);
if (fd >= 0) {
dropbear_log(LOG_ERR,
"Failed to disconnect from controlling tty.\n");
close(fd);
}
/* Make it our controlling tty. */
#ifdef TIOCSCTTY
if (ioctl(*ttyfd, TIOCSCTTY, NULL) < 0) {
dropbear_log(LOG_ERR,
"ioctl(TIOCSCTTY): %.100s", strerror(errno));
}
#endif /* TIOCSCTTY */
#ifdef HAVE_NEWS4
if (setpgrp(0,0) < 0) {
dropbear_log(LOG_ERR,
error("SETPGRP %s",strerror(errno)));
}
#endif /* HAVE_NEWS4 */
#ifdef USE_VHANGUP
old = mysignal(SIGHUP, SIG_IGN);
vhangup();
mysignal(SIGHUP, old);
#endif /* USE_VHANGUP */
fd = open(tty_name, O_RDWR);
if (fd < 0) {
dropbear_log(LOG_ERR,
"%.100s: %.100s", tty_name, strerror(errno));
} else {
#ifdef USE_VHANGUP
close(*ttyfd);
*ttyfd = fd;
#else /* USE_VHANGUP */
close(fd);
#endif /* USE_VHANGUP */
}
/* Verify that we now have a controlling tty. */
fd = open(_PATH_TTY, O_WRONLY);
if (fd < 0) {
dropbear_log(LOG_ERR,
"open /dev/tty failed - could not set controlling tty: %.100s",
strerror(errno));
} else {
close(fd);
}
}
int
main(int argc, char **argv)
{
extern int optind;
extern char *optarg, **environ;
struct group *gr;
register int ch;
register char *p;
int ask, fflag, hflag, pflag, cnt, errsv;
int quietlog, passwd_req;
char *domain, *ttyn;
char tbuf[MAXPATHLEN + 2], tname[sizeof(_PATH_TTY) + 10];
char *termenv;
char *childArgv[10];
char *buff;
int childArgc = 0;
#ifdef HAVE_SECURITY_PAM_MISC_H
int retcode;
pam_handle_t *pamh = NULL;
struct pam_conv conv = { misc_conv, NULL };
pid_t childPid;
#else
char *salt, *pp;
#endif
#ifdef LOGIN_CHOWN_VCS
char vcsn[20], vcsan[20];
#endif
pid = getpid();
signal(SIGALRM, timedout);
alarm((unsigned int)timeout);
signal(SIGQUIT, SIG_IGN);
signal(SIGINT, SIG_IGN);
setlocale(LC_ALL, "");
bindtextdomain(PACKAGE, LOCALEDIR);
textdomain(PACKAGE);
setpriority(PRIO_PROCESS, 0, 0);
initproctitle(argc, argv);
/*
* -p is used by getty to tell login not to destroy the environment
* -f is used to skip a second login authentication
* -h is used by other servers to pass the name of the remote
* host to login so that it may be placed in utmp and wtmp
*/
gethostname(tbuf, sizeof(tbuf));
xstrncpy(thishost, tbuf, sizeof(thishost));
domain = index(tbuf, '.');
username = tty_name = hostname = NULL;
fflag = hflag = pflag = 0;
passwd_req = 1;
while ((ch = getopt(argc, argv, "fh:p")) != -1)
switch (ch) {
case 'f':
fflag = 1;
break;
case 'h':
if (getuid()) {
fprintf(stderr,
_("login: -h for super-user only.\n"));
exit(1);
}
hflag = 1;
if (domain && (p = index(optarg, '.')) &&
strcasecmp(p, domain) == 0)
*p = 0;
hostname = strdup(optarg); /* strdup: Ambrose C. Li */
{
struct hostent *he = gethostbyname(hostname);
/* he points to static storage; copy the part we use */
hostaddress[0] = 0;
if (he && he->h_addr_list && he->h_addr_list[0])
memcpy(hostaddress, he->h_addr_list[0],
sizeof(hostaddress));
}
break;
case 'p':
pflag = 1;
break;
case '?':
default:
fprintf(stderr,
_("usage: login [-fp] [username]\n"));
exit(1);
}
argc -= optind;
argv += optind;
if (*argv) {
char *p = *argv;
username = strdup(p);
ask = 0;
/* wipe name - some people mistype their password here */
/* (of course we are too late, but perhaps this helps a little ..) */
while(*p)
*p++ = ' ';
} else
ask = 1;
for (cnt = getdtablesize(); cnt > 2; cnt--)
close(cnt);
ttyn = ttyname(0);
if (ttyn == NULL || *ttyn == '\0') {
/* no snprintf required - see definition of tname */
sprintf(tname, "%s??", _PATH_TTY);
ttyn = tname;
}
check_ttyname(ttyn);
if (strncmp(ttyn, "/dev/", 5) == 0)
tty_name = ttyn+5;
else
tty_name = ttyn;
if (strncmp(ttyn, "/dev/tty", 8) == 0)
tty_number = ttyn+8;
else {
char *p = ttyn;
while (*p && !isdigit(*p)) p++;
tty_number = p;
}
#ifdef LOGIN_CHOWN_VCS
/* find names of Virtual Console devices, for later mode change */
snprintf(vcsn, sizeof(vcsn), "/dev/vcs%s", tty_number);
snprintf(vcsan, sizeof(vcsan), "/dev/vcsa%s", tty_number);
#endif
/* set pgid to pid */
setpgrp();
/* this means that setsid() will fail */
{
struct termios tt, ttt;
tcgetattr(0, &tt);
ttt = tt;
ttt.c_cflag &= ~HUPCL;
/* These can fail, e.g. with ttyn on a read-only filesystem */
chown(ttyn, 0, 0);
chmod(ttyn, TTY_MODE);
/* Kill processes left on this tty */
tcsetattr(0,TCSAFLUSH,&ttt);
signal(SIGHUP, SIG_IGN); /* so vhangup() wont kill us */
vhangup();
signal(SIGHUP, SIG_DFL);
/* open stdin,stdout,stderr to the tty */
opentty(ttyn);
/* restore tty modes */
tcsetattr(0,TCSAFLUSH,&tt);
}
openlog("login", LOG_ODELAY, LOG_AUTHPRIV);
#if 0
/* other than iso-8859-1 */
printf("\033(K");
fprintf(stderr,"\033(K");
#endif
#ifdef HAVE_SECURITY_PAM_MISC_H
/*
* username is initialized to NULL
* and if specified on the command line it is set.
* Therefore, we are safe not setting it to anything
*/
retcode = pam_start("login",username, &conv, &pamh);
if(retcode != PAM_SUCCESS) {
fprintf(stderr, _("login: PAM Failure, aborting: %s\n"),
pam_strerror(pamh, retcode));
syslog(LOG_ERR, _("Couldn't initialize PAM: %s"),
pam_strerror(pamh, retcode));
exit(99);
}
/* hostname & tty are either set to NULL or their correct values,
depending on how much we know */
retcode = pam_set_item(pamh, PAM_RHOST, hostname);
PAM_FAIL_CHECK;
retcode = pam_set_item(pamh, PAM_TTY, tty_name);
PAM_FAIL_CHECK;
/*
* [email protected]: Provide a user prompt to PAM
* so that the "login: "******"Password: "******"login: "******"\033(K");
fprintf(stderr,"\033(K");
#endif
/* if fflag == 1, then the user has already been authenticated */
if (fflag && (getuid() == 0))
passwd_req = 0;
else
passwd_req = 1;
if(passwd_req == 1) {
int failcount=0;
/* if we didn't get a user on the command line, set it to NULL */
pam_get_item(pamh, PAM_USER, (const void **) &username);
if (!username)
pam_set_item(pamh, PAM_USER, NULL);
/* there may be better ways to deal with some of these
conditions, but at least this way I don't think we'll
be giving away information... */
/* Perhaps someday we can trust that all PAM modules will
pay attention to failure count and get rid of MAX_LOGIN_TRIES? */
retcode = pam_authenticate(pamh, 0);
while((failcount++ < PAM_MAX_LOGIN_TRIES) &&
((retcode == PAM_AUTH_ERR) ||
(retcode == PAM_USER_UNKNOWN) ||
(retcode == PAM_CRED_INSUFFICIENT) ||
(retcode == PAM_AUTHINFO_UNAVAIL))) {
pam_get_item(pamh, PAM_USER, (const void **) &username);
syslog(LOG_NOTICE,_("FAILED LOGIN %d FROM %s FOR %s, %s"),
failcount, hostname, username, pam_strerror(pamh, retcode));
logbtmp(tty_name, username, hostname);
fprintf(stderr,_("Login incorrect\n\n"));
pam_set_item(pamh,PAM_USER,NULL);
retcode = pam_authenticate(pamh, 0);
}
if (retcode != PAM_SUCCESS) {
pam_get_item(pamh, PAM_USER, (const void **) &username);
if (retcode == PAM_MAXTRIES)
syslog(LOG_NOTICE,_("TOO MANY LOGIN TRIES (%d) FROM %s FOR "
"%s, %s"), failcount, hostname, username,
pam_strerror(pamh, retcode));
else
syslog(LOG_NOTICE,_("FAILED LOGIN SESSION FROM %s FOR %s, %s"),
hostname, username, pam_strerror(pamh, retcode));
logbtmp(tty_name, username, hostname);
fprintf(stderr,_("\nLogin incorrect\n"));
pam_end(pamh, retcode);
exit(0);
}
retcode = pam_acct_mgmt(pamh, 0);
if(retcode == PAM_NEW_AUTHTOK_REQD) {
retcode = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
}
PAM_FAIL_CHECK;
}
/*
* Grab the user information out of the password file for future usage
* First get the username that we are actually using, though.
*/
retcode = pam_get_item(pamh, PAM_USER, (const void **) &username);
PAM_FAIL_CHECK;
if (!username || !*username) {
fprintf(stderr, _("\nSession setup problem, abort.\n"));
syslog(LOG_ERR, _("NULL user name in %s:%d. Abort."),
__FUNCTION__, __LINE__);
pam_end(pamh, PAM_SYSTEM_ERR);
exit(1);
}
if (!(pwd = getpwnam(username))) {
fprintf(stderr, _("\nSession setup problem, abort.\n"));
syslog(LOG_ERR, _("Invalid user name \"%s\" in %s:%d. Abort."),
username, __FUNCTION__, __LINE__);
pam_end(pamh, PAM_SYSTEM_ERR);
exit(1);
}
/*
* Create a copy of the pwd struct - otherwise it may get
* clobbered by PAM
*/
memcpy(&pwdcopy, pwd, sizeof(*pwd));
pwd = &pwdcopy;
pwd->pw_name = strdup(pwd->pw_name);
pwd->pw_passwd = strdup(pwd->pw_passwd);
pwd->pw_gecos = strdup(pwd->pw_gecos);
pwd->pw_dir = strdup(pwd->pw_dir);
pwd->pw_shell = strdup(pwd->pw_shell);
if (!pwd->pw_name || !pwd->pw_passwd || !pwd->pw_gecos ||
!pwd->pw_dir || !pwd->pw_shell) {
fprintf(stderr, _("login: Out of memory\n"));
syslog(LOG_ERR, "Out of memory");
pam_end(pamh, PAM_SYSTEM_ERR);
exit(1);
}
username = pwd->pw_name;
/*
* Initialize the supplementary group list.
* This should be done before pam_setcred because
* the PAM modules might add groups during pam_setcred.
*/
if (initgroups(username, pwd->pw_gid) < 0) {
syslog(LOG_ERR, "initgroups: %m");
fprintf(stderr, _("\nSession setup problem, abort.\n"));
pam_end(pamh, PAM_SYSTEM_ERR);
exit(1);
}
retcode = pam_open_session(pamh, 0);
PAM_FAIL_CHECK;
retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED);
PAM_FAIL_CHECK;
#else /* ! HAVE_SECURITY_PAM_MISC_H */
for (cnt = 0;; ask = 1) {
if (ask) {
fflag = 0;
getloginname();
}
/* Dirty patch to fix a gigantic security hole when using
yellow pages. This problem should be solved by the
libraries, and not by programs, but this must be fixed
urgently! If the first char of the username is '+', we
avoid login success.
Feb 95 <*****@*****.**> */
if (username[0] == '+') {
puts(_("Illegal username"));
badlogin(username);
sleepexit(1);
}
/* (void)strcpy(tbuf, username); why was this here? */
if ((pwd = getpwnam(username))) {
# ifdef SHADOW_PWD
struct spwd *sp;
if ((sp = getspnam(username)))
pwd->pw_passwd = sp->sp_pwdp;
# endif
salt = pwd->pw_passwd;
} else
salt = "xx";
if (pwd) {
initgroups(username, pwd->pw_gid);
checktty(username, tty_name, pwd); /* in checktty.c */
}
/* if user not super-user, check for disabled logins */
if (pwd == NULL || pwd->pw_uid)
checknologin();
/*
* Disallow automatic login to root; if not invoked by
* root, disallow if the uid's differ.
*/
if (fflag && pwd) {
int uid = getuid();
passwd_req = pwd->pw_uid == 0 ||
(uid && uid != pwd->pw_uid);
}
/*
* If trying to log in as root, but with insecure terminal,
* refuse the login attempt.
*/
if (pwd && pwd->pw_uid == 0 && !rootterm(tty_name)) {
fprintf(stderr,
_("%s login refused on this terminal.\n"),
pwd->pw_name);
if (hostname)
syslog(LOG_NOTICE,
_("LOGIN %s REFUSED FROM %s ON TTY %s"),
pwd->pw_name, hostname, tty_name);
else
syslog(LOG_NOTICE,
_("LOGIN %s REFUSED ON TTY %s"),
pwd->pw_name, tty_name);
continue;
}
/*
* If no pre-authentication and a password exists
* for this user, prompt for one and verify it.
*/
if (!passwd_req || (pwd && !*pwd->pw_passwd))
break;
setpriority(PRIO_PROCESS, 0, -4);
pp = getpass(_("Password: "******"CRYPTO", 6) == 0) {
if (pwd && cryptocard()) break;
}
# endif /* CRYPTOCARD */
p = crypt(pp, salt);
setpriority(PRIO_PROCESS, 0, 0);
# ifdef KERBEROS
/*
* If not present in pw file, act as we normally would.
* If we aren't Kerberos-authenticated, try the normal
* pw file for a password. If that's ok, log the user
* in without issueing any tickets.
*/
if (pwd && !krb_get_lrealm(realm,1)) {
/*
* get TGT for local realm; be careful about uid's
* here for ticket file ownership
*/
setreuid(geteuid(),pwd->pw_uid);
kerror = krb_get_pw_in_tkt(pwd->pw_name, "", realm,
"krbtgt", realm, DEFAULT_TKT_LIFE, pp);
setuid(0);
if (kerror == INTK_OK) {
memset(pp, 0, strlen(pp));
notickets = 0; /* user got ticket */
break;
}
}
# endif /* KERBEROS */
memset(pp, 0, strlen(pp));
if (pwd && !strcmp(p, pwd->pw_passwd))
break;
printf(_("Login incorrect\n"));
badlogin(username); /* log ALL bad logins */
failures++;
/* we allow 10 tries, but after 3 we start backing off */
if (++cnt > 3) {
if (cnt >= 10) {
sleepexit(1);
}
sleep((unsigned int)((cnt - 3) * 5));
}
}
#endif /* !HAVE_SECURITY_PAM_MISC_H */
/* committed to login -- turn off timeout */
alarm((unsigned int)0);
endpwent();
/* This requires some explanation: As root we may not be able to
read the directory of the user if it is on an NFS mounted
filesystem. We temporarily set our effective uid to the user-uid
making sure that we keep root privs. in the real uid.
A portable solution would require a fork(), but we rely on Linux
having the BSD setreuid() */
{
char tmpstr[MAXPATHLEN];
uid_t ruid = getuid();
gid_t egid = getegid();
/* avoid snprintf - old systems do not have it, or worse,
have a libc in which snprintf is the same as sprintf */
if (strlen(pwd->pw_dir) + sizeof(_PATH_HUSHLOGIN) + 2 > MAXPATHLEN)
quietlog = 0;
else {
sprintf(tmpstr, "%s/%s", pwd->pw_dir, _PATH_HUSHLOGIN);
setregid(-1, pwd->pw_gid);
setreuid(0, pwd->pw_uid);
quietlog = (access(tmpstr, R_OK) == 0);
setuid(0); /* setreuid doesn't do it alone! */
setreuid(ruid, 0);
setregid(-1, egid);
}
}
/* for linux, write entries in utmp and wtmp */
{
struct utmp ut;
struct utmp *utp;
utmpname(_PATH_UTMP);
setutent();
/* Find pid in utmp.
login sometimes overwrites the runlevel entry in /var/run/utmp,
confusing sysvinit. I added a test for the entry type, and the problem
was gone. (In a runlevel entry, st_pid is not really a pid but some number
calculated from the previous and current runlevel).
Michael Riepe <*****@*****.**>
*/
while ((utp = getutent()))
if (utp->ut_pid == pid
&& utp->ut_type >= INIT_PROCESS
&& utp->ut_type <= DEAD_PROCESS)
break;
/* If we can't find a pre-existing entry by pid, try by line.
BSD network daemons may rely on this. (anonymous) */
if (utp == NULL) {
setutent();
ut.ut_type = LOGIN_PROCESS;
strncpy(ut.ut_line, tty_name, sizeof(ut.ut_line));
utp = getutline(&ut);
}
if (utp) {
memcpy(&ut, utp, sizeof(ut));
} else {
/* some gettys/telnetds don't initialize utmp... */
memset(&ut, 0, sizeof(ut));
}
if (ut.ut_id[0] == 0)
strncpy(ut.ut_id, tty_number, sizeof(ut.ut_id));
strncpy(ut.ut_user, username, sizeof(ut.ut_user));
xstrncpy(ut.ut_line, tty_name, sizeof(ut.ut_line));
#ifdef _HAVE_UT_TV /* in <utmpbits.h> included by <utmp.h> */
gettimeofday(&ut.ut_tv, NULL);
#else
{
time_t t;
time(&t);
ut.ut_time = t; /* ut_time is not always a time_t */
/* glibc2 #defines it as ut_tv.tv_sec */
}
#endif
ut.ut_type = USER_PROCESS;
ut.ut_pid = pid;
if (hostname) {
xstrncpy(ut.ut_host, hostname, sizeof(ut.ut_host));
if (hostaddress[0])
memcpy(&ut.ut_addr, hostaddress, sizeof(ut.ut_addr));
}
pututline(&ut);
endutent();
#if HAVE_UPDWTMP
updwtmp(_PATH_WTMP, &ut);
#else
#if 0
/* The O_APPEND open() flag should be enough to guarantee
atomic writes at end of file. */
{
int wtmp;
if((wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY)) >= 0) {
write(wtmp, (char *)&ut, sizeof(ut));
close(wtmp);
}
}
#else
/* Probably all this locking below is just nonsense,
and the short version is OK as well. */
{
int lf, wtmp;
if ((lf = open(_PATH_WTMPLOCK, O_CREAT|O_WRONLY, 0660)) >= 0) {
flock(lf, LOCK_EX);
if ((wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY)) >= 0) {
write(wtmp, (char *)&ut, sizeof(ut));
close(wtmp);
}
flock(lf, LOCK_UN);
close(lf);
}
}
#endif
#endif
}
dolastlog(quietlog);
chown(ttyn, pwd->pw_uid,
(gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid);
chmod(ttyn, TTY_MODE);
#ifdef LOGIN_CHOWN_VCS
/* if tty is one of the VC's then change owner and mode of the
special /dev/vcs devices as well */
if (consoletty(0)) {
chown(vcsn, pwd->pw_uid, (gr ? gr->gr_gid : pwd->pw_gid));
chown(vcsan, pwd->pw_uid, (gr ? gr->gr_gid : pwd->pw_gid));
chmod(vcsn, TTY_MODE);
chmod(vcsan, TTY_MODE);
}
#endif
setgid(pwd->pw_gid);
if (*pwd->pw_shell == '\0')
pwd->pw_shell = _PATH_BSHELL;
/* preserve TERM even without -p flag */
{
char *ep;
if(!((ep = getenv("TERM")) && (termenv = strdup(ep))))
termenv = "dumb";
}
/* destroy environment unless user has requested preservation */
if (!pflag)
{
environ = (char**)malloc(sizeof(char*));
memset(environ, 0, sizeof(char*));
}
setenv("HOME", pwd->pw_dir, 0); /* legal to override */
if(pwd->pw_uid)
setenv("PATH", _PATH_DEFPATH, 1);
else
setenv("PATH", _PATH_DEFPATH_ROOT, 1);
setenv("SHELL", pwd->pw_shell, 1);
setenv("TERM", termenv, 1);
/* mailx will give a funny error msg if you forget this one */
{
char tmp[MAXPATHLEN];
/* avoid snprintf */
if (sizeof(_PATH_MAILDIR) + strlen(pwd->pw_name) + 1 < MAXPATHLEN) {
sprintf(tmp, "%s/%s", _PATH_MAILDIR, pwd->pw_name);
setenv("MAIL",tmp,0);
}
}
/* LOGNAME is not documented in login(1) but
HP-UX 6.5 does it. We'll not allow modifying it.
*/
setenv("LOGNAME", pwd->pw_name, 1);
#ifdef HAVE_SECURITY_PAM_MISC_H
{
int i;
char ** env = pam_getenvlist(pamh);
if (env != NULL) {
for (i=0; env[i]; i++) {
putenv(env[i]);
/* D(("env[%d] = %s", i,env[i])); */
}
}
}
#endif
setproctitle("login", username);
if (!strncmp(tty_name, "ttyS", 4))
syslog(LOG_INFO, _("DIALUP AT %s BY %s"), tty_name, pwd->pw_name);
/* allow tracking of good logins.
-steve philp ([email protected]) */
if (pwd->pw_uid == 0) {
if (hostname)
syslog(LOG_NOTICE, _("ROOT LOGIN ON %s FROM %s"),
tty_name, hostname);
else
syslog(LOG_NOTICE, _("ROOT LOGIN ON %s"), tty_name);
} else {
if (hostname)
syslog(LOG_INFO, _("LOGIN ON %s BY %s FROM %s"), tty_name,
pwd->pw_name, hostname);
else
syslog(LOG_INFO, _("LOGIN ON %s BY %s"), tty_name,
pwd->pw_name);
}
if (!quietlog) {
motd();
#ifdef LOGIN_STAT_MAIL
/*
* This turns out to be a bad idea: when the mail spool
* is NFS mounted, and the NFS connection hangs, the
* login hangs, even root cannot login.
* Checking for mail should be done from the shell.
*/
{
struct stat st;
char *mail;
mail = getenv("MAIL");
if (mail && stat(mail, &st) == 0 && st.st_size != 0) {
if (st.st_mtime > st.st_atime)
printf(_("You have new mail.\n"));
else
printf(_("You have mail.\n"));
}
}
#endif
}
signal(SIGALRM, SIG_DFL);
signal(SIGQUIT, SIG_DFL);
signal(SIGTSTP, SIG_IGN);
#ifdef HAVE_SECURITY_PAM_MISC_H
/*
* We must fork before setuid() because we need to call
* pam_close_session() as root.
*/
childPid = fork();
if (childPid < 0) {
int errsv = errno;
/* error in fork() */
fprintf(stderr, _("login: failure forking: %s"), strerror(errsv));
PAM_END;
exit(0);
}
if (childPid) {
/* parent - wait for child to finish, then cleanup session */
signal(SIGHUP, SIG_IGN);
signal(SIGINT, SIG_IGN);
signal(SIGQUIT, SIG_IGN);
signal(SIGTSTP, SIG_IGN);
signal(SIGTTIN, SIG_IGN);
signal(SIGTTOU, SIG_IGN);
wait(NULL);
PAM_END;
exit(0);
}
/* child */
/*
* Problem: if the user's shell is a shell like ash that doesnt do
* setsid() or setpgrp(), then a ctrl-\, sending SIGQUIT to every
* process in the pgrp, will kill us.
*/
/* start new session */
setsid();
/* make sure we have a controlling tty */
opentty(ttyn);
openlog("login", LOG_ODELAY, LOG_AUTHPRIV); /* reopen */
/*
* TIOCSCTTY: steal tty from other process group.
*/
if (ioctl(0, TIOCSCTTY, 1))
syslog(LOG_ERR, _("TIOCSCTTY failed: %m"));
#endif
signal(SIGINT, SIG_DFL);
/* discard permissions last so can't get killed and drop core */
if(setuid(pwd->pw_uid) < 0 && pwd->pw_uid) {
syslog(LOG_ALERT, _("setuid() failed"));
exit(1);
}
/* wait until here to change directory! */
if (chdir(pwd->pw_dir) < 0) {
printf(_("No directory %s!\n"), pwd->pw_dir);
if (chdir("/"))
exit(0);
pwd->pw_dir = "/";
printf(_("Logging in with home = \"/\".\n"));
}
/* if the shell field has a space: treat it like a shell script */
if (strchr(pwd->pw_shell, ' ')) {
buff = malloc(strlen(pwd->pw_shell) + 6);
if (!buff) {
fprintf(stderr, _("login: no memory for shell script.\n"));
exit(0);
}
strcpy(buff, "exec ");
strcat(buff, pwd->pw_shell);
childArgv[childArgc++] = "/bin/sh";
childArgv[childArgc++] = "-sh";
childArgv[childArgc++] = "-c";
childArgv[childArgc++] = buff;
} else {
tbuf[0] = '-';
xstrncpy(tbuf + 1, ((p = rindex(pwd->pw_shell, '/')) ?
p + 1 : pwd->pw_shell),
sizeof(tbuf)-1);
childArgv[childArgc++] = pwd->pw_shell;
childArgv[childArgc++] = tbuf;
}
childArgv[childArgc++] = NULL;
execvp(childArgv[0], childArgv + 1);
errsv = errno;
if (!strcmp(childArgv[0], "/bin/sh"))
fprintf(stderr, _("login: couldn't exec shell script: %s.\n"),
strerror(errsv));
else
fprintf(stderr, _("login: no shell: %s.\n"), strerror(errsv));
exit(0);
}
