static void loginpam_auth(struct login_context *cxt)
{
int rc, show_unknown;
unsigned int retries, failcount = 0;
const char *hostname = cxt->hostname ? cxt->hostname :
cxt->tty_name ? cxt->tty_name : "<unknown>";
pam_handle_t *pamh = cxt->pamh;
/* if we didn't get a user on the command line, set it to NULL */
loginpam_get_username(pamh, &cxt->username);
show_unknown = getlogindefs_bool("LOG_UNKFAIL_ENAB", 0);
retries = getlogindefs_num("LOGIN_RETRIES", LOGIN_MAX_TRIES);
/*
* There may be better ways to deal with some of these conditions, but
* at least this way I don't think we'll be giving away information...
*
* Perhaps someday we can trust that all PAM modules will pay attention
* to failure count and get rid of LOGIN_MAX_TRIES?
*/
rc = pam_authenticate(pamh, 0);
while ((++failcount < retries) &&
((rc == PAM_AUTH_ERR) ||
(rc == PAM_USER_UNKNOWN) ||
(rc == PAM_CRED_INSUFFICIENT) ||
(rc == PAM_AUTHINFO_UNAVAIL))) {
if (rc == PAM_USER_UNKNOWN && !show_unknown)
/*
* Logging unknown usernames may be a security issue if
* a user enters her password instead of her login name.
*/
cxt->username = NULL;
else
loginpam_get_username(pamh, &cxt->username);
syslog(LOG_NOTICE,
_("FAILED LOGIN %u FROM %s FOR %s, %s"),
failcount, hostname,
cxt->username ? cxt->username : "******",
pam_strerror(pamh, rc));
log_btmp(cxt);
log_audit(cxt, 0);
fprintf(stderr, _("Login incorrect\n\n"));
pam_set_item(pamh, PAM_USER, NULL);
rc = pam_authenticate(pamh, 0);
}
if (is_pam_failure(rc)) {
if (rc == PAM_USER_UNKNOWN && !show_unknown)
cxt->username = NULL;
else
loginpam_get_username(pamh, &cxt->username);
if (rc == PAM_MAXTRIES)
syslog(LOG_NOTICE,
_("TOO MANY LOGIN TRIES (%u) FROM %s FOR %s, %s"),
failcount, hostname,
cxt->username ? cxt->username : "******",
pam_strerror(pamh, rc));
else
syslog(LOG_NOTICE,
_("FAILED LOGIN SESSION FROM %s FOR %s, %s"),
hostname,
cxt->username ? cxt->username : "******",
pam_strerror(pamh, rc));
log_btmp(cxt);
log_audit(cxt, 0);
fprintf(stderr, _("\nLogin incorrect\n"));
pam_end(pamh, rc);
sleepexit(EXIT_SUCCESS);
}
}
int main(int argc, char **argv)
{
int c;
int cnt;
char *childArgv[10];
char *buff;
int childArgc = 0;
int retcode;
char *pwdbuf = NULL;
struct passwd *pwd = NULL, _pwd;
struct login_context cxt = {
.tty_mode = TTY_MODE, /* tty chmod() */
.pid = getpid(), /* PID */
.conv = { misc_conv, NULL } /* PAM conversation function */
};
timeout = getlogindefs_num("LOGIN_TIMEOUT", LOGIN_TIMEOUT);
signal(SIGALRM, timedout);
siginterrupt(SIGALRM, 1); /* we have to interrupt syscalls like ioclt() */
alarm((unsigned int)timeout);
signal(SIGQUIT, SIG_IGN);
signal(SIGINT, SIG_IGN);
setlocale(LC_ALL, "");
bindtextdomain(PACKAGE, LOCALEDIR);
textdomain(PACKAGE);
setpriority(PRIO_PROCESS, 0, 0);
initproctitle(argc, argv);
/*
* -p is used by getty to tell login not to destroy the environment
* -f is used to skip a second login authentication
* -h is used by other servers to pass the name of the remote
* host to login so that it may be placed in utmp and wtmp
*/
while ((c = getopt(argc, argv, "fHh:pV")) != -1)
switch (c) {
case 'f':
cxt.noauth = 1;
break;
case 'H':
cxt.nohost = 1;
break;
case 'h':
if (getuid()) {
fprintf(stderr,
_("login: -h for super-user only.\n"));
exit(EXIT_FAILURE);
}
init_remote_info(&cxt, optarg);
break;
case 'p':
cxt.keep_env = 1;
break;
case 'V':
printf(UTIL_LINUX_VERSION);
return EXIT_SUCCESS;
case '?':
default:
fprintf(stderr, _("usage: login [ -p ] [ -h host ] [ -H ] [ -f username | username ]\n"));
exit(EXIT_FAILURE);
}
argc -= optind;
argv += optind;
if (*argv) {
char *p = *argv;
cxt.username = xstrdup(p);
/* wipe name - some people mistype their password here */
/* (of course we are too late, but perhaps this helps a little ..) */
while (*p)
*p++ = ' ';
}
for (cnt = get_fd_tabsize() - 1; cnt > 2; cnt--)
close(cnt);
setpgrp(); /* set pgid to pid this means that setsid() will fail */
openlog("login", LOG_ODELAY, LOG_AUTHPRIV);
init_tty(&cxt);
init_loginpam(&cxt);
/* login -f, then the user has already been authenticated */
cxt.noauth = cxt.noauth && getuid() == 0 ? 1 : 0;
if (!cxt.noauth)
loginpam_auth(&cxt);
/*
* Authentication may be skipped (for example, during krlogin, rlogin,
* etc...), but it doesn't mean that we can skip other account checks.
* The account could be disabled or password expired (althought
* kerberos ticket is valid). -- [email protected] (22-Feb-2006)
*/
loginpam_acct(&cxt);
if (!(cxt.pwd = get_passwd_entry(cxt.username, &pwdbuf, &_pwd))) {
warnx(_("\nSession setup problem, abort."));
syslog(LOG_ERR, _("Invalid user name \"%s\" in %s:%d. Abort."),
cxt.username, __FUNCTION__, __LINE__);
pam_end(cxt.pamh, PAM_SYSTEM_ERR);
sleepexit(EXIT_FAILURE);
}
pwd = cxt.pwd;
cxt.username = pwd->pw_name;
/*
* Initialize the supplementary group list. This should be done before
* pam_setcred because the PAM modules might add groups during
* pam_setcred.
*
* For root we don't call initgroups, instead we call setgroups with
* group 0. This avoids the need to step through the whole group file,
* which can cause problems if NIS, NIS+, LDAP or something similar
* is used and the machine has network problems.
*/
retcode = pwd->pw_uid ? initgroups(cxt.username, pwd->pw_gid) : /* user */
setgroups(0, NULL); /* root */
if (retcode < 0) {
syslog(LOG_ERR, _("groups initialization failed: %m"));
warnx(_("\nSession setup problem, abort."));
pam_end(cxt.pamh, PAM_SYSTEM_ERR);
sleepexit(EXIT_FAILURE);
}
/*
* Open PAM session (after successful authentication and account check)
*/
loginpam_session(&cxt);
/* committed to login -- turn off timeout */
alarm((unsigned int)0);
endpwent();
cxt.quiet = get_hushlogin_status(pwd);
log_utmp(&cxt);
log_audit(&cxt, 1);
log_lastlog(&cxt);
chown_tty(&cxt);
if (setgid(pwd->pw_gid) < 0 && pwd->pw_gid) {
syslog(LOG_ALERT, _("setgid() failed"));
exit(EXIT_FAILURE);
}
if (pwd->pw_shell == NULL || *pwd->pw_shell == '\0')
pwd->pw_shell = _PATH_BSHELL;
init_environ(&cxt); /* init $HOME, $TERM ... */
setproctitle("login", cxt.username);
log_syslog(&cxt);
if (!cxt.quiet) {
motd();
#ifdef LOGIN_STAT_MAIL
/*
* This turns out to be a bad idea: when the mail spool
* is NFS mounted, and the NFS connection hangs, the
* login hangs, even root cannot login.
* Checking for mail should be done from the shell.
*/
{
struct stat st;
char *mail;
mail = getenv("MAIL");
if (mail && stat(mail, &st) == 0 && st.st_size != 0) {
if (st.st_mtime > st.st_atime)
printf(_("You have new mail.\n"));
else
printf(_("You have mail.\n"));
}
}
#endif
}
/*
* Detach the controlling terminal, fork() and create, new session
* and reinilizalize syslog stuff.
*/
fork_session(&cxt);
/* discard permissions last so can't get killed and drop core */
if (setuid(pwd->pw_uid) < 0 && pwd->pw_uid) {
syslog(LOG_ALERT, _("setuid() failed"));
exit(EXIT_FAILURE);
}
/* wait until here to change directory! */
if (chdir(pwd->pw_dir) < 0) {
warn(_("%s: change directory failed"), pwd->pw_dir);
if (!getlogindefs_bool("DEFAULT_HOME", 1))
exit(0);
if (chdir("/"))
exit(EXIT_FAILURE);
pwd->pw_dir = "/";
printf(_("Logging in with home = \"/\".\n"));
}
/* if the shell field has a space: treat it like a shell script */
if (strchr(pwd->pw_shell, ' ')) {
buff = xmalloc(strlen(pwd->pw_shell) + 6);
strcpy(buff, "exec ");
strcat(buff, pwd->pw_shell);
childArgv[childArgc++] = "/bin/sh";
childArgv[childArgc++] = "-sh";
childArgv[childArgc++] = "-c";
childArgv[childArgc++] = buff;
} else {
char tbuf[PATH_MAX + 2], *p;
tbuf[0] = '-';
xstrncpy(tbuf + 1, ((p = strrchr(pwd->pw_shell, '/')) ?
p + 1 : pwd->pw_shell), sizeof(tbuf) - 1);
childArgv[childArgc++] = pwd->pw_shell;
childArgv[childArgc++] = xstrdup(tbuf);
}
childArgv[childArgc++] = NULL;
execvp(childArgv[0], childArgv + 1);
if (!strcmp(childArgv[0], "/bin/sh"))
warn(_("couldn't exec shell script"));
else
warn(_("no shell"));
exit(EXIT_SUCCESS);
}
