static void loginpam_auth(struct login_context *cxt) { int rc, show_unknown; unsigned int retries, failcount = 0; const char *hostname = cxt->hostname ? cxt->hostname : cxt->tty_name ? cxt->tty_name : "<unknown>"; pam_handle_t *pamh = cxt->pamh; /* if we didn't get a user on the command line, set it to NULL */ loginpam_get_username(pamh, &cxt->username); show_unknown = getlogindefs_bool("LOG_UNKFAIL_ENAB", 0); retries = getlogindefs_num("LOGIN_RETRIES", LOGIN_MAX_TRIES); /* * There may be better ways to deal with some of these conditions, but * at least this way I don't think we'll be giving away information... * * Perhaps someday we can trust that all PAM modules will pay attention * to failure count and get rid of LOGIN_MAX_TRIES? */ rc = pam_authenticate(pamh, 0); while ((++failcount < retries) && ((rc == PAM_AUTH_ERR) || (rc == PAM_USER_UNKNOWN) || (rc == PAM_CRED_INSUFFICIENT) || (rc == PAM_AUTHINFO_UNAVAIL))) { if (rc == PAM_USER_UNKNOWN && !show_unknown) /* * Logging unknown usernames may be a security issue if * a user enters her password instead of her login name. */ cxt->username = NULL; else loginpam_get_username(pamh, &cxt->username); syslog(LOG_NOTICE, _("FAILED LOGIN %u FROM %s FOR %s, %s"), failcount, hostname, cxt->username ? cxt->username : "******", pam_strerror(pamh, rc)); log_btmp(cxt); log_audit(cxt, 0); fprintf(stderr, _("Login incorrect\n\n")); pam_set_item(pamh, PAM_USER, NULL); rc = pam_authenticate(pamh, 0); } if (is_pam_failure(rc)) { if (rc == PAM_USER_UNKNOWN && !show_unknown) cxt->username = NULL; else loginpam_get_username(pamh, &cxt->username); if (rc == PAM_MAXTRIES) syslog(LOG_NOTICE, _("TOO MANY LOGIN TRIES (%u) FROM %s FOR %s, %s"), failcount, hostname, cxt->username ? cxt->username : "******", pam_strerror(pamh, rc)); else syslog(LOG_NOTICE, _("FAILED LOGIN SESSION FROM %s FOR %s, %s"), hostname, cxt->username ? cxt->username : "******", pam_strerror(pamh, rc)); log_btmp(cxt); log_audit(cxt, 0); fprintf(stderr, _("\nLogin incorrect\n")); pam_end(pamh, rc); sleepexit(EXIT_SUCCESS); } }
int main(int argc, char **argv) { int c; int cnt; char *childArgv[10]; char *buff; int childArgc = 0; int retcode; char *pwdbuf = NULL; struct passwd *pwd = NULL, _pwd; struct login_context cxt = { .tty_mode = TTY_MODE, /* tty chmod() */ .pid = getpid(), /* PID */ .conv = { misc_conv, NULL } /* PAM conversation function */ }; timeout = getlogindefs_num("LOGIN_TIMEOUT", LOGIN_TIMEOUT); signal(SIGALRM, timedout); siginterrupt(SIGALRM, 1); /* we have to interrupt syscalls like ioclt() */ alarm((unsigned int)timeout); signal(SIGQUIT, SIG_IGN); signal(SIGINT, SIG_IGN); setlocale(LC_ALL, ""); bindtextdomain(PACKAGE, LOCALEDIR); textdomain(PACKAGE); setpriority(PRIO_PROCESS, 0, 0); initproctitle(argc, argv); /* * -p is used by getty to tell login not to destroy the environment * -f is used to skip a second login authentication * -h is used by other servers to pass the name of the remote * host to login so that it may be placed in utmp and wtmp */ while ((c = getopt(argc, argv, "fHh:pV")) != -1) switch (c) { case 'f': cxt.noauth = 1; break; case 'H': cxt.nohost = 1; break; case 'h': if (getuid()) { fprintf(stderr, _("login: -h for super-user only.\n")); exit(EXIT_FAILURE); } init_remote_info(&cxt, optarg); break; case 'p': cxt.keep_env = 1; break; case 'V': printf(UTIL_LINUX_VERSION); return EXIT_SUCCESS; case '?': default: fprintf(stderr, _("usage: login [ -p ] [ -h host ] [ -H ] [ -f username | username ]\n")); exit(EXIT_FAILURE); } argc -= optind; argv += optind; if (*argv) { char *p = *argv; cxt.username = xstrdup(p); /* wipe name - some people mistype their password here */ /* (of course we are too late, but perhaps this helps a little ..) */ while (*p) *p++ = ' '; } for (cnt = get_fd_tabsize() - 1; cnt > 2; cnt--) close(cnt); setpgrp(); /* set pgid to pid this means that setsid() will fail */ openlog("login", LOG_ODELAY, LOG_AUTHPRIV); init_tty(&cxt); init_loginpam(&cxt); /* login -f, then the user has already been authenticated */ cxt.noauth = cxt.noauth && getuid() == 0 ? 1 : 0; if (!cxt.noauth) loginpam_auth(&cxt); /* * Authentication may be skipped (for example, during krlogin, rlogin, * etc...), but it doesn't mean that we can skip other account checks. * The account could be disabled or password expired (althought * kerberos ticket is valid). -- [email protected] (22-Feb-2006) */ loginpam_acct(&cxt); if (!(cxt.pwd = get_passwd_entry(cxt.username, &pwdbuf, &_pwd))) { warnx(_("\nSession setup problem, abort.")); syslog(LOG_ERR, _("Invalid user name \"%s\" in %s:%d. Abort."), cxt.username, __FUNCTION__, __LINE__); pam_end(cxt.pamh, PAM_SYSTEM_ERR); sleepexit(EXIT_FAILURE); } pwd = cxt.pwd; cxt.username = pwd->pw_name; /* * Initialize the supplementary group list. This should be done before * pam_setcred because the PAM modules might add groups during * pam_setcred. * * For root we don't call initgroups, instead we call setgroups with * group 0. This avoids the need to step through the whole group file, * which can cause problems if NIS, NIS+, LDAP or something similar * is used and the machine has network problems. */ retcode = pwd->pw_uid ? initgroups(cxt.username, pwd->pw_gid) : /* user */ setgroups(0, NULL); /* root */ if (retcode < 0) { syslog(LOG_ERR, _("groups initialization failed: %m")); warnx(_("\nSession setup problem, abort.")); pam_end(cxt.pamh, PAM_SYSTEM_ERR); sleepexit(EXIT_FAILURE); } /* * Open PAM session (after successful authentication and account check) */ loginpam_session(&cxt); /* committed to login -- turn off timeout */ alarm((unsigned int)0); endpwent(); cxt.quiet = get_hushlogin_status(pwd); log_utmp(&cxt); log_audit(&cxt, 1); log_lastlog(&cxt); chown_tty(&cxt); if (setgid(pwd->pw_gid) < 0 && pwd->pw_gid) { syslog(LOG_ALERT, _("setgid() failed")); exit(EXIT_FAILURE); } if (pwd->pw_shell == NULL || *pwd->pw_shell == '\0') pwd->pw_shell = _PATH_BSHELL; init_environ(&cxt); /* init $HOME, $TERM ... */ setproctitle("login", cxt.username); log_syslog(&cxt); if (!cxt.quiet) { motd(); #ifdef LOGIN_STAT_MAIL /* * This turns out to be a bad idea: when the mail spool * is NFS mounted, and the NFS connection hangs, the * login hangs, even root cannot login. * Checking for mail should be done from the shell. */ { struct stat st; char *mail; mail = getenv("MAIL"); if (mail && stat(mail, &st) == 0 && st.st_size != 0) { if (st.st_mtime > st.st_atime) printf(_("You have new mail.\n")); else printf(_("You have mail.\n")); } } #endif } /* * Detach the controlling terminal, fork() and create, new session * and reinilizalize syslog stuff. */ fork_session(&cxt); /* discard permissions last so can't get killed and drop core */ if (setuid(pwd->pw_uid) < 0 && pwd->pw_uid) { syslog(LOG_ALERT, _("setuid() failed")); exit(EXIT_FAILURE); } /* wait until here to change directory! */ if (chdir(pwd->pw_dir) < 0) { warn(_("%s: change directory failed"), pwd->pw_dir); if (!getlogindefs_bool("DEFAULT_HOME", 1)) exit(0); if (chdir("/")) exit(EXIT_FAILURE); pwd->pw_dir = "/"; printf(_("Logging in with home = \"/\".\n")); } /* if the shell field has a space: treat it like a shell script */ if (strchr(pwd->pw_shell, ' ')) { buff = xmalloc(strlen(pwd->pw_shell) + 6); strcpy(buff, "exec "); strcat(buff, pwd->pw_shell); childArgv[childArgc++] = "/bin/sh"; childArgv[childArgc++] = "-sh"; childArgv[childArgc++] = "-c"; childArgv[childArgc++] = buff; } else { char tbuf[PATH_MAX + 2], *p; tbuf[0] = '-'; xstrncpy(tbuf + 1, ((p = strrchr(pwd->pw_shell, '/')) ? p + 1 : pwd->pw_shell), sizeof(tbuf) - 1); childArgv[childArgc++] = pwd->pw_shell; childArgv[childArgc++] = xstrdup(tbuf); } childArgv[childArgc++] = NULL; execvp(childArgv[0], childArgv + 1); if (!strcmp(childArgv[0], "/bin/sh")) warn(_("couldn't exec shell script")); else warn(_("no shell")); exit(EXIT_SUCCESS); }