void doit(struct sockaddr *fromp) { extern char *__rcmd_errstr; /* syslog hook from libc/net/rcmd.c. */ struct passwd *pwd; u_short port; fd_set ready, readfrom; int cc, fd, nfd, pv[2], pid, s; int one = 1; const char *cp, *errorstr; char sig, buf[BUFSIZ]; char *cmdbuf, luser[16], ruser[16]; char rhost[2 * MAXHOSTNAMELEN + 1]; char numericname[INET6_ADDRSTRLEN]; int af, srcport; int maxcmdlen; #ifndef __APPLE__ login_cap_t *lc; #else struct hostent *hp; char *hostname, *errorhost = NULL; #endif maxcmdlen = (int)sysconf(_SC_ARG_MAX); if (maxcmdlen <= 0 || (cmdbuf = malloc(maxcmdlen)) == NULL) exit(1); #if defined(KERBEROS) AUTH_DAT *kdata = (AUTH_DAT *) NULL; KTEXT ticket = (KTEXT) NULL; char instance[INST_SZ], version[VERSION_SIZE]; struct sockaddr_in fromaddr; int rc; long authopts; int pv1[2], pv2[2]; fd_set wready, writeto; fromaddr = *fromp; #endif /* KERBEROS */ (void) signal(SIGINT, SIG_DFL); (void) signal(SIGQUIT, SIG_DFL); (void) signal(SIGTERM, SIG_DFL); af = fromp->sa_family; srcport = ntohs(*((in_port_t *)&fromp->sa_data)); if (af == AF_INET) { inet_ntop(af, &((struct sockaddr_in *)fromp)->sin_addr, numericname, sizeof numericname); } else if (af == AF_INET6) { inet_ntop(af, &((struct sockaddr_in6 *)fromp)->sin6_addr, numericname, sizeof numericname); } else { syslog(LOG_ERR, "malformed \"from\" address (af %d)", af); exit(1); } #ifdef IP_OPTIONS if (af == AF_INET) { u_char optbuf[BUFSIZ/3]; socklen_t optsize = sizeof(optbuf), ipproto, i; struct protoent *ip; if ((ip = getprotobyname("ip")) != NULL) ipproto = ip->p_proto; else ipproto = IPPROTO_IP; if (!getsockopt(0, ipproto, IP_OPTIONS, optbuf, &optsize) && optsize != 0) { for (i = 0; i < optsize; ) { u_char c = optbuf[i]; if (c == IPOPT_LSRR || c == IPOPT_SSRR) { syslog(LOG_NOTICE, "connection refused from %s with IP option %s", numericname, c == IPOPT_LSRR ? "LSRR" : "SSRR"); exit(1); } if (c == IPOPT_EOL) break; i += (c == IPOPT_NOP) ? 1 : optbuf[i+1]; } } } #endif #if defined(KERBEROS) if (!use_kerberos) #endif if (srcport >= IPPORT_RESERVED || srcport < IPPORT_RESERVED/2) { syslog(LOG_NOTICE|LOG_AUTH, "connection from %s on illegal port %u", numericname, srcport); exit(1); } (void) alarm(60); port = 0; s = 0; /* not set or used if port == 0 */ for (;;) { char c; if ((cc = read(STDIN_FILENO, &c, 1)) != 1) { if (cc < 0) syslog(LOG_NOTICE, "read: %m"); shutdown(0, SHUT_RDWR); exit(1); } if (c == 0) break; port = port * 10 + c - '0'; } (void) alarm(0); if (port != 0) { int lport = IPPORT_RESERVED - 1; s = rresvport_af(&lport, af); if (s < 0) { syslog(LOG_ERR, "can't get stderr port: %m"); exit(1); } #if defined(KERBEROS) if (!use_kerberos) #endif if (port >= IPPORT_RESERVED || port < IPPORT_RESERVED/2) { syslog(LOG_NOTICE|LOG_AUTH, "2nd socket from %s on unreserved port %u", numericname, port); exit(1); } *((in_port_t *)&fromp->sa_data) = htons(port); if (connect(s, fromp, fromp->sa_len) < 0) { syslog(LOG_INFO, "connect second port %d: %m", port); exit(1); } } #if defined(KERBEROS) if (vacuous) { error("rshd: remote host requires Kerberos authentication\n"); exit(1); } #endif errorstr = NULL; #ifndef __APPLE__ realhostname_sa(rhost, sizeof(rhost) - 1, fromp, fromp->sa_len); rhost[sizeof(rhost) - 1] = '\0'; /* XXX truncation! */ #else errorstr = NULL; hp = gethostbyaddr((char *)&((struct sockaddr_in *)fromp)->sin_addr, sizeof (struct in_addr), ((struct sockaddr_in *)fromp)->sin_family); if (hp) { /* * If name returned by gethostbyaddr is in our domain, * attempt to verify that we haven't been fooled by someone * in a remote net; look up the name and check that this * address corresponds to the name. */ hostname = hp->h_name; #if defined(KERBEROS) if (!use_kerberos) #endif if (check_all || local_domain(hp->h_name)) { strncpy(rhost, hp->h_name, sizeof(rhost) - 1); rhost[sizeof(rhost) - 1] = 0; errorhost = rhost; hp = gethostbyname(rhost); if (hp == NULL) { syslog(LOG_INFO, "Couldn't look up address for %s", rhost); errorstr = "Couldn't look up address for your host (%s)\n"; hostname = inet_ntoa(((struct sockaddr_in *)fromp)->sin_addr); } else for (; ; hp->h_addr_list++) { if (hp->h_addr_list[0] == NULL) { syslog(LOG_NOTICE, "Host addr %s not listed for host %s", inet_ntoa(((struct sockaddr_in *)fromp)->sin_addr), hp->h_name); errorstr = "Host address mismatch for %s\n"; hostname = inet_ntoa(((struct sockaddr_in *)fromp)->sin_addr); break; } if (!bcmp(hp->h_addr_list[0], (caddr_t)&((struct sockaddr_in *)fromp)->sin_addr, sizeof(((struct sockaddr_in *)fromp)->sin_addr))) { hostname = hp->h_name; break; } } } } else errorhost = hostname = inet_ntoa(((struct sockaddr_in *)fromp)->sin_addr); #if defined(KERBEROS) if (use_kerberos) { kdata = (AUTH_DAT *) authbuf; ticket = (KTEXT) tickbuf; authopts = 0L; strcpy(instance, "*"); version[VERSION_SIZE - 1] = '\0'; #if defined(CRYPT) if (doencrypt) { struct sockaddr_in local_addr; rc = sizeof(local_addr); if (getsockname(0, (struct sockaddr *)&local_addr, &rc) < 0) { syslog(LOG_ERR, "getsockname: %m"); error("rshd: getsockname: %m"); exit(1); } authopts = KOPT_DO_MUTUAL; rc = krb_recvauth(authopts, 0, ticket, "rcmd", instance, &fromaddr, &local_addr, kdata, "", schedule, version); des_set_key(kdata->session, schedule); } else #endif /* CRYPT */ rc = krb_recvauth(authopts, 0, ticket, "rcmd", instance, &fromaddr, (struct sockaddr_in *) 0, kdata, "", (bit_64 *) 0, version); if (rc != KSUCCESS) { error("Kerberos authentication failure: %s\n", krb_err_txt[rc]); exit(1); } } else #endif /* KERBEROS */ #endif (void) alarm(60); getstr(ruser, sizeof(ruser), "ruser"); getstr(luser, sizeof(luser), "luser"); getstr(cmdbuf, maxcmdlen, "command"); (void) alarm(0); #if !TARGET_OS_EMBEDDED pam_err = pam_start("rshd", luser, &pamc, &pamh); if (pam_err != PAM_SUCCESS) { syslog(LOG_ERR|LOG_AUTH, "pam_start(): %s", pam_strerror(pamh, pam_err)); rshd_errx(1, "Login incorrect."); } if ((pam_err = pam_set_item(pamh, PAM_RUSER, ruser)) != PAM_SUCCESS || (pam_err = pam_set_item(pamh, PAM_RHOST, rhost) != PAM_SUCCESS)) { syslog(LOG_ERR|LOG_AUTH, "pam_set_item(): %s", pam_strerror(pamh, pam_err)); rshd_errx(1, "Login incorrect."); } pam_err = pam_authenticate(pamh, 0); if (pam_err == PAM_SUCCESS) { if ((pam_err = pam_get_user(pamh, &cp, NULL)) == PAM_SUCCESS) { strncpy(luser, cp, sizeof(luser)); luser[sizeof(luser) - 1] = '\0'; /* XXX truncation! */ } pam_err = pam_acct_mgmt(pamh, 0); } if (pam_err != PAM_SUCCESS) { syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: permission denied (%s). cmd='%.80s'", ruser, rhost, luser, pam_strerror(pamh, pam_err), cmdbuf); rshd_errx(1, "Login incorrect."); } #endif setpwent(); pwd = getpwnam(luser); if (pwd == NULL) { syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: unknown login. cmd='%.80s'", ruser, rhost, luser, cmdbuf); if (errorstr == NULL) errorstr = "Login incorrect."; rshd_errx(1, errorstr, rhost); } #ifndef __APPLE__ lc = login_getpwclass(pwd); if (pwd->pw_uid) auth_checknologin(lc); #endif if (chdir(pwd->pw_dir) < 0) { if (chdir("/") < 0 || #ifndef __APPLE__ login_getcapbool(lc, "requirehome", !!pwd->pw_uid)) { #else 0) { #endif /* __APPLE__ */ #ifdef notdef syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: no home directory. cmd='%.80s'", ruser, rhost, luser, cmdbuf); rshd_errx(0, "No remote home directory."); #endif } pwd->pw_dir = slash; } #if defined(KERBEROS) if (use_kerberos) { if (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0') { if (kuserok(kdata, luser) != 0) { syslog(LOG_INFO|LOG_AUTH, "Kerberos rsh denied to %s.%s@%s", kdata->pname, kdata->pinst, kdata->prealm); error("Permission denied.\n"); exit(1); } } } else #endif #ifdef __APPLE__ if (errorstr || (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' && iruserok(((struct sockaddr_in *)fromp)->sin_addr.s_addr, #if TARGET_OS_EMBEDDED // rdar://problem/5381734 0, #else pwd->pw_uid == 0, #endif ruser, luser) < 0)) { if (__rcmd_errstr) syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: permission denied (%s). cmd='%.80s'", ruser, rhost, luser, __rcmd_errstr, cmdbuf); else syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: permission denied. cmd='%.80s'", ruser, rhost, luser, cmdbuf); if (errorstr == NULL) errorstr = "Permission denied."; rshd_errx(1, errorstr, errorhost); } if (pwd->pw_uid && !access(_PATH_NOLOGIN, F_OK)) { rshd_errx(1, "Logins currently disabled."); } #else if (lc != NULL && fromp->sa_family == AF_INET) { /*XXX*/ char remote_ip[MAXHOSTNAMELEN]; strncpy(remote_ip, numericname, sizeof(remote_ip) - 1); remote_ip[sizeof(remote_ip) - 1] = 0; /* XXX truncation! */ if (!auth_hostok(lc, rhost, remote_ip)) { syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: permission denied (%s). cmd='%.80s'", ruser, rhost, luser, __rcmd_errstr, cmdbuf); rshd_errx(1, "Login incorrect."); } if (!auth_timeok(lc, time(NULL))) rshd_errx(1, "Logins not available right now"); } /* * PAM modules might add supplementary groups in * pam_setcred(), so initialize them first. * But we need to open the session as root. */ if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETGROUP) != 0) { syslog(LOG_ERR, "setusercontext: %m"); exit(1); } #endif /* !__APPLE__ */ #if !TARGET_OS_EMBEDDED if ((pam_err = pam_open_session(pamh, 0)) != PAM_SUCCESS) { syslog(LOG_ERR, "pam_open_session: %s", pam_strerror(pamh, pam_err)); } else if ((pam_err = pam_setcred(pamh, PAM_ESTABLISH_CRED)) != PAM_SUCCESS) { syslog(LOG_ERR, "pam_setcred: %s", pam_strerror(pamh, pam_err)); } #endif (void) write(STDERR_FILENO, "\0", 1); sent_null = 1; if (port) { if (pipe(pv) < 0) rshd_errx(1, "Can't make pipe."); #if defined(KERBEROS) && defined(CRYPT) if (doencrypt) { if (pipe(pv1) < 0) rshd_errx(1, "Can't make 2nd pipe."); if (pipe(pv2) < 0) rshd_errx(1, "Can't make 3rd pipe."); } #endif /* KERBEROS && CRYPT */ pid = fork(); if (pid == -1) rshd_errx(1, "Can't fork; try again."); if (pid) { #if defined(KERBEROS) && defined(CRYPT) if (doencrypt) { static char msg[] = SECURE_MESSAGE; (void) close(pv1[1]); (void) close(pv2[1]); des_write(s, msg, sizeof(msg) - 1); } else #endif /* KERBEROS && CRYPT */ (void) close(0); (void) close(1); (void) close(2); (void) close(pv[1]); FD_ZERO(&readfrom); FD_SET(s, &readfrom); FD_SET(pv[0], &readfrom); if (pv[0] > s) nfd = pv[0]; else nfd = s; #if defined(KERBEROS) && defined(CRYPT) if (doencrypt) { FD_ZERO(&writeto); FD_SET(pv2[0], &writeto); FD_SET(pv1[0], &readfrom); nfd = MAX(nfd, pv2[0]); nfd = MAX(nfd, pv1[0]); } else #endif /* KERBEROS && CRYPT */ ioctl(pv[0], FIONBIO, (char *)&one); /* should set s nbio! */ nfd++; do { ready = readfrom; #if defined(KERBEROS) && defined(CRYPT) if (doencrypt) { wready = writeto; if (select(nfd, &ready, &wready, (fd_set *) 0, (struct timeval *) 0) < 0) break; } else #endif /* KERBEROS && CRYPT */ if (select(nfd, &ready, (fd_set *)0, (fd_set *)0, (struct timeval *)0) < 0) break; if (FD_ISSET(s, &ready)) { int ret; #if defined(KERBEROS) && defined(CRYPT) if (doencrypt) ret = des_read(s, &sig, 1); else #endif /* KERBEROS && CRYPT */ ret = read(s, &sig, 1); if (ret <= 0) FD_CLR(s, &readfrom); else killpg(pid, sig); } if (FD_ISSET(pv[0], &ready)) { errno = 0; cc = read(pv[0], buf, sizeof(buf)); if (cc <= 0) { shutdown(s, SHUT_RDWR); FD_CLR(pv[0], &readfrom); } else { #if defined(KERBEROS) && defined(CRYPT) if (doencrypt) (void) des_write(s, buf, cc); else #endif /* KERBEROS && CRYPT */ (void)write(s, buf, cc); } } #if defined(KERBEROS) && defined(CRYPT) if (doencrypt && FD_ISSET(pv1[0], &ready)) { errno = 0; cc = read(pv1[0], buf, sizeof(buf)); if (cc <= 0) { shutdown(pv1[0], 1+1); FD_CLR(pv1[0], &readfrom); } else (void) des_write(STDOUT_FILENO, buf, cc); } if (doencrypt && FD_ISSET(pv2[0], &wready)) { errno = 0; cc = des_read(STDIN_FILENO, buf, sizeof(buf)); if (cc <= 0) { shutdown(pv2[0], 1+1); FD_CLR(pv2[0], &writeto); } else (void) write(pv2[0], buf, cc); } #endif /* KERBEROS && CRYPT */ } while (FD_ISSET(s, &readfrom) || #if defined(KERBEROS) && defined(CRYPT) (doencrypt && FD_ISSET(pv1[0], &readfrom)) || #endif /* KERBEROS && CRYPT */ FD_ISSET(pv[0], &readfrom)); #if !TARGET_OS_EMBEDDED PAM_END; #endif exit(0); } #ifdef __APPLE__ // rdar://problem/4485794 setpgid(0, getpid()); #endif (void) close(s); (void) close(pv[0]); #if defined(KERBEROS) && defined(CRYPT) if (doencrypt) { close(pv1[0]); close(pv2[0]); dup2(pv1[1], 1); dup2(pv2[1], 0); close(pv1[1]); close(pv2[1]); } #endif /* KERBEROS && CRYPT */ dup2(pv[1], 2); close(pv[1]); } #ifndef __APPLE__ else { pid = fork(); if (pid == -1) rshd_errx(1, "Can't fork; try again."); if (pid) { /* Parent. */ while (wait(NULL) > 0 || errno == EINTR) /* nothing */ ; PAM_END; exit(0); } } #endif for (fd = getdtablesize(); fd > 2; fd--) { #ifdef __APPLE__ (void) fcntl(fd, F_SETFD, FD_CLOEXEC); #else (void) close(fd); #endif } if (setsid() == -1) syslog(LOG_ERR, "setsid() failed: %m"); if (setlogin(pwd->pw_name) < 0) syslog(LOG_ERR, "setlogin() failed: %m"); if (*pwd->pw_shell == '\0') pwd->pw_shell = bshell; #ifdef __APPLE__ (void) setgid((gid_t)pwd->pw_gid); initgroups(pwd->pw_name, pwd->pw_gid); (void) setuid((uid_t)pwd->pw_uid); environ = envinit; strncat(homedir, pwd->pw_dir, sizeof(homedir)-6); strcat(path, _PATH_DEFPATH); strncat(shell, pwd->pw_shell, sizeof(shell)-7); strncat(username, pwd->pw_name, sizeof(username)-6); #endif #if !TARGET_OS_EMBEDDED (void) pam_setenv(pamh, "HOME", pwd->pw_dir, 1); (void) pam_setenv(pamh, "SHELL", pwd->pw_shell, 1); (void) pam_setenv(pamh, "USER", pwd->pw_name, 1); (void) pam_setenv(pamh, "PATH", _PATH_DEFPATH, 1); environ = pam_getenvlist(pamh); (void) pam_end(pamh, pam_err); #endif cp = strrchr(pwd->pw_shell, '/'); if (cp) cp++; else cp = pwd->pw_shell; #ifndef __APPLE__ if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETALL & ~LOGIN_SETGROUP) < 0) { syslog(LOG_ERR, "setusercontext(): %m"); exit(1); } login_close(lc); #endif endpwent(); if (log_success || pwd->pw_uid == 0) { #if defined(KERBEROS) if (use_kerberos) syslog(LOG_INFO|LOG_AUTH, "Kerberos shell from %s.%s@%s on %s as %s, cmd='%.80s'", kdata->pname, kdata->pinst, kdata->prealm, hostname, luser, cmdbuf); else #endif /* KERBEROS */ syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: cmd='%.80s'", ruser, rhost, luser, cmdbuf); } execl(pwd->pw_shell, cp, "-c", cmdbuf, (char *)NULL); err(1, "%s", pwd->pw_shell); exit(1); }
void doit(struct sockaddr *fromp) { extern char *__rcmd_errstr; /* syslog hook from libc/net/rcmd.c. */ struct addrinfo hints, *res, *res0; int gaierror; struct passwd *pwd; u_short port; in_port_t *portp; struct pollfd pfd[4]; int cc, nfd, pv[2], s = 0, one = 1; pid_t pid; char *hostname, *errorstr, *errorhost = (char *) NULL; char *cp, sig, buf[BUFSIZ]; char cmdbuf[NCARGS+1], locuser[_PW_NAME_LEN+1], remuser[_PW_NAME_LEN+1]; char remotehost[2 * MAXHOSTNAMELEN + 1]; char hostnamebuf[2 * MAXHOSTNAMELEN + 1]; char naddr[NI_MAXHOST]; char saddr[NI_MAXHOST]; char raddr[NI_MAXHOST]; char pbuf[NI_MAXSERV]; auth_session_t *as; const int niflags = NI_NUMERICHOST | NI_NUMERICSERV; #ifdef KERBEROS AUTH_DAT *kdata = (AUTH_DAT *) NULL; KTEXT ticket = (KTEXT) NULL; char instance[INST_SZ], version[VERSION_SIZE]; struct sockaddr_storage fromaddr; int rc; long authopts; #ifdef CRYPT int pv1[2], pv2[2]; #endif if (sizeof(fromaddr) < fromp->sa_len) { syslog(LOG_ERR, "malformed \"from\" address (af %d)", fromp->sa_family); exit(1); } memcpy(&fromaddr, fromp, fromp->sa_len); #endif (void) signal(SIGINT, SIG_DFL); (void) signal(SIGQUIT, SIG_DFL); (void) signal(SIGTERM, SIG_DFL); #ifdef DEBUG { int t = open(_PATH_TTY, 2); if (t >= 0) { ioctl(t, TIOCNOTTY, (char *)0); (void) close(t); } } #endif switch (fromp->sa_family) { case AF_INET: portp = &((struct sockaddr_in *)fromp)->sin_port; break; case AF_INET6: portp = &((struct sockaddr_in6 *)fromp)->sin6_port; break; default: syslog(LOG_ERR, "malformed \"from\" address (af %d)", fromp->sa_family); exit(1); } if (getnameinfo(fromp, fromp->sa_len, naddr, sizeof(naddr), pbuf, sizeof(pbuf), niflags) != 0) { syslog(LOG_ERR, "malformed \"from\" address (af %d)", fromp->sa_family); exit(1); } #ifdef IP_OPTIONS if (fromp->sa_family == AF_INET) { struct ipoption opts; socklen_t optsize = sizeof(opts); int ipproto, i; struct protoent *ip; if ((ip = getprotobyname("ip")) != NULL) ipproto = ip->p_proto; else ipproto = IPPROTO_IP; if (!getsockopt(STDIN_FILENO, ipproto, IP_OPTIONS, (char *)&opts, &optsize) && optsize != 0) { for (i = 0; (void *)&opts.ipopt_list[i] - (void *)&opts < optsize; ) { u_char c = (u_char)opts.ipopt_list[i]; if (c == IPOPT_LSRR || c == IPOPT_SSRR) exit(1); if (c == IPOPT_EOL) break; i += (c == IPOPT_NOP) ? 1 : (u_char)opts.ipopt_list[i+1]; } } } #endif #ifdef KERBEROS if (!use_kerberos) #endif if (ntohs(*portp) >= IPPORT_RESERVED || ntohs(*portp) < IPPORT_RESERVED/2) { syslog(LOG_NOTICE|LOG_AUTH, "Connection from %s on illegal port %u", naddr, ntohs(*portp)); exit(1); } (void) alarm(60); port = 0; for (;;) { char c; if ((cc = read(STDIN_FILENO, &c, 1)) != 1) { if (cc < 0) syslog(LOG_NOTICE, "read: %m"); shutdown(STDIN_FILENO, SHUT_RDWR); exit(1); } if (c == 0) break; port = port * 10 + c - '0'; } (void) alarm(0); if (port != 0) { int lport; #ifdef KERBEROS if (!use_kerberos) #endif if (port >= IPPORT_RESERVED || port < IPPORT_RESERVED/2) { syslog(LOG_ERR, "2nd port not reserved"); exit(1); } *portp = htons(port); lport = IPPORT_RESERVED - 1; s = rresvport_af(&lport, fromp->sa_family); if (s < 0) { syslog(LOG_ERR, "can't get stderr port: %m"); exit(1); } if (connect(s, (struct sockaddr *)fromp, fromp->sa_len) < 0) { syslog(LOG_INFO, "connect second port %d: %m", port); exit(1); } } #ifdef KERBEROS if (vacuous) { error("rshd: remote host requires Kerberos authentication\n"); exit(1); } #endif #ifdef notdef /* from inetd, socket is already on 0, 1, 2 */ dup2(f, 0); dup2(f, 1); dup2(f, 2); #endif errorstr = NULL; if (getnameinfo(fromp, fromp->sa_len, saddr, sizeof(saddr), NULL, 0, NI_NAMEREQD)== 0) { /* * If name returned by getnameinfo is in our domain, * attempt to verify that we haven't been fooled by someone * in a remote net; look up the name and check that this * address corresponds to the name. */ hostname = saddr; res0 = NULL; #ifdef KERBEROS if (!use_kerberos) #endif if (check_all || local_domain(saddr)) { strlcpy(remotehost, saddr, sizeof(remotehost)); errorhost = remotehost; memset(&hints, 0, sizeof(hints)); hints.ai_family = fromp->sa_family; hints.ai_socktype = SOCK_STREAM; hints.ai_flags = AI_CANONNAME; gaierror = getaddrinfo(remotehost, pbuf, &hints, &res0); if (gaierror) { syslog(LOG_INFO, "Couldn't look up address for %s: %s", remotehost, gai_strerror(gaierror)); errorstr = "Couldn't look up address for your host (%s)\n"; hostname = naddr; } else { for (res = res0; res; res = res->ai_next) { if (res->ai_family != fromp->sa_family) continue; if (res->ai_addrlen != fromp->sa_len) continue; if (getnameinfo(res->ai_addr, res->ai_addrlen, raddr, sizeof(raddr), NULL, 0, niflags) == 0 && strcmp(naddr, raddr) == 0) { hostname = res->ai_canonname ? res->ai_canonname : saddr; break; } } if (res == NULL) { syslog(LOG_NOTICE, "Host addr %s not listed for host %s", naddr, res0->ai_canonname ? res0->ai_canonname : saddr); errorstr = "Host address mismatch for %s\n"; hostname = naddr; } } } strlcpy(hostnamebuf, hostname, sizeof(hostnamebuf)); hostname = hostnamebuf; if (res0) freeaddrinfo(res0); } else strlcpy(hostnamebuf, naddr, sizeof(hostnamebuf)); errorhost = hostname = hostnamebuf; #ifdef KERBEROS if (use_kerberos) { kdata = (AUTH_DAT *) authbuf; ticket = (KTEXT) tickbuf; authopts = 0L; strlcpy(instance, "*", sizeof instance); version[VERSION_SIZE - 1] = '\0'; #ifdef CRYPT if (doencrypt) { struct sockaddr_in local_addr; rc = sizeof(local_addr); if (getsockname(STDIN_FILENO, (struct sockaddr *)&local_addr, &rc) < 0) { syslog(LOG_ERR, "getsockname: %m"); error("rshd: getsockname: %m"); exit(1); } authopts = KOPT_DO_MUTUAL; rc = krb_recvauth(authopts, 0, ticket, "rcmd", instance, (struct sockaddr_in *)&fromaddr, &local_addr, kdata, "", schedule, version); desrw_set_key(&kdata->session, &schedule); } else #endif rc = krb_recvauth(authopts, 0, ticket, "rcmd", instance, (struct sockaddr_in *)&fromaddr, NULL, kdata, "", NULL, version); if (rc != KSUCCESS) { error("Kerberos authentication failure: %s\n", krb_get_err_text(rc)); exit(1); } } else #endif getstr(remuser, sizeof(remuser), "remuser"); getstr(locuser, sizeof(locuser), "locuser"); getstr(cmdbuf, sizeof(cmdbuf), "command"); pwd = getpwnam(locuser); if (pwd == NULL) { syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: unknown login. cmd='%.80s'", remuser, hostname, locuser, cmdbuf); if (errorstr == NULL) errorstr = "Permission denied.\n"; goto fail; } lc = login_getclass(pwd->pw_class); if (lc == NULL) { syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: unknown class. cmd='%.80s'", remuser, hostname, locuser, cmdbuf); if (errorstr == NULL) errorstr = "Login incorrect.\n"; goto fail; } as = auth_open(); if (as == NULL || auth_setpwd(as, pwd) != 0) { syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: unable to allocate memory. cmd='%.80s'", remuser, hostname, locuser, cmdbuf); if (errorstr == NULL) errorstr = "Cannot allocate memory.\n"; goto fail; } setegid(pwd->pw_gid); seteuid(pwd->pw_uid); if (chdir(pwd->pw_dir) < 0) { (void) chdir("/"); #ifdef notdef syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: no home directory. cmd='%.80s'", remuser, hostname, locuser, cmdbuf); error("No remote directory.\n"); exit(1); #endif } seteuid(0); setegid(0); /* XXX use a saved gid instead? */ #ifdef KERBEROS if (use_kerberos) { if (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0') { if (kuserok(kdata, locuser) != 0) { syslog(LOG_INFO|LOG_AUTH, "Kerberos rsh denied to %s.%s@%s", kdata->pname, kdata->pinst, kdata->prealm); error("Permission denied.\n"); exit(1); } } } else #endif if (errorstr || (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' && iruserok_sa(fromp, fromp->sa_len, pwd->pw_uid == 0, remuser, locuser) < 0)) { if (__rcmd_errstr) syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: permission denied (%s). cmd='%.80s'", remuser, hostname, locuser, __rcmd_errstr, cmdbuf); else syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: permission denied. cmd='%.80s'", remuser, hostname, locuser, cmdbuf); fail: if (errorstr == NULL) errorstr = "Permission denied.\n"; error(errorstr, errorhost); exit(1); } if (pwd->pw_uid) auth_checknologin(lc); (void) write(STDERR_FILENO, "\0", 1); sent_null = 1; if (port) { if (pipe(pv) < 0) { error("Can't make pipe.\n"); exit(1); } #ifdef CRYPT #ifdef KERBEROS if (doencrypt) { if (pipe(pv1) < 0) { error("Can't make 2nd pipe.\n"); exit(1); } if (pipe(pv2) < 0) { error("Can't make 3rd pipe.\n"); exit(1); } } #endif #endif pid = fork(); if (pid == -1) { error("Can't fork; try again.\n"); exit(1); } if (pid) { #ifdef CRYPT #ifdef KERBEROS if (doencrypt) { static char msg[] = SECURE_MESSAGE; (void) close(pv1[1]); (void) close(pv2[1]); des_write(s, msg, sizeof(msg) - 1); } else #endif #endif { (void) close(STDIN_FILENO); (void) close(STDOUT_FILENO); } (void) close(STDERR_FILENO); (void) close(pv[1]); pfd[P_SOCKREAD].fd = s; pfd[P_SOCKREAD].events = POLLIN; pfd[P_PIPEREAD].fd = pv[0]; pfd[P_PIPEREAD].events = POLLIN; nfd = 2; #ifdef CRYPT #ifdef KERBEROS if (doencrypt) { pfd[P_CRYPTREAD].fd = pv1[0]; pfd[P_CRYPTREAD].events = POLLIN; pfd[P_CRYPTWRITE].fd = pv2[0]; pfd[P_CRYPTWRITE].events = POLLOUT; nfd += 2; } else #endif #endif ioctl(pv[0], FIONBIO, (char *)&one); /* should set s nbio! */ do { if (poll(pfd, nfd, INFTIM) < 0) break; if (pfd[P_SOCKREAD].revents & POLLIN) { int ret; #ifdef CRYPT #ifdef KERBEROS if (doencrypt) ret = des_read(s, &sig, 1); else #endif #endif ret = read(s, &sig, 1); if (ret <= 0) pfd[P_SOCKREAD].revents = 0; else killpg(pid, sig); } if (pfd[P_PIPEREAD].revents & POLLIN) { errno = 0; cc = read(pv[0], buf, sizeof(buf)); if (cc <= 0) { shutdown(s, SHUT_RDWR); pfd[P_PIPEREAD].revents = 0; } else { #ifdef CRYPT #ifdef KERBEROS if (doencrypt) (void) des_write(s, buf, cc); else #endif #endif (void) write(s, buf, cc); } } #ifdef CRYPT #ifdef KERBEROS if (doencrypt && (pfd[P_CRYPTREAD].revents & POLLIN)) { errno = 0; cc = read(pv1[0], buf, sizeof(buf)); if (cc <= 0) { shutdown(pv1[0], SHUT_RDWR); pfd[P_CRYPTREAD].revents = 0; } else (void) des_write(STDOUT_FILENO, buf, cc); } if (doencrypt && (pfd[P_CRYPTWRITE].revents & POLLIN)) { errno = 0; cc = des_read(STDIN_FILENO, buf, sizeof(buf)); if (cc <= 0) { shutdown(pv2[0], SHUT_RDWR); pfd[P_CRYPTWRITE].revents = 0; } else (void) write(pv2[0], buf, cc); } #endif #endif } while ((pfd[P_SOCKREAD].revents & POLLIN) || #ifdef CRYPT #ifdef KERBEROS (doencrypt && (pfd[P_CRYPTREAD].revents & POLLIN)) || #endif #endif (pfd[P_PIPEREAD].revents & POLLIN)); exit(0); } setsid(); (void) close(s); (void) close(pv[0]); #ifdef CRYPT #ifdef KERBEROS if (doencrypt) { close(pv1[0]); close(pv2[0]); dup2(pv1[1], 1); dup2(pv2[1], 0); close(pv1[1]); close(pv2[1]); } #endif #endif dup2(pv[1], 2); close(pv[1]); } else setsid(); if (*pwd->pw_shell == '\0') pwd->pw_shell = _PATH_BSHELL; environ = envinit; if (setenv("HOME", pwd->pw_dir, 1) == -1 || setenv("SHELL", pwd->pw_shell, 1) == -1 || setenv("USER", pwd->pw_name, 1) == -1 || setenv("LOGNAME", pwd->pw_name, 1) == -1) errx(1, "cannot setup environment"); if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETALL)) errx(1, "cannot set user context"); if (auth_approval(as, lc, pwd->pw_name, "rsh") <= 0) errx(1, "approval failure"); auth_close(as); login_close(lc); cp = strrchr(pwd->pw_shell, '/'); if (cp) cp++; else cp = pwd->pw_shell; endpwent(); if (log_success || pwd->pw_uid == 0) { #ifdef KERBEROS if (use_kerberos) syslog(LOG_INFO|LOG_AUTH, "Kerberos shell from %s.%s@%s on %s as %s, cmd='%.80s'", kdata->pname, kdata->pinst, kdata->prealm, hostname, locuser, cmdbuf); else #endif syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: cmd='%.80s'", remuser, hostname, locuser, cmdbuf); } execl(pwd->pw_shell, cp, "-c", cmdbuf, (char *)NULL); perror(pwd->pw_shell); exit(1); }
void doit(struct sockaddr *fromp) { extern char *__rcmd_errstr; /* syslog hook from libc/net/rcmd.c. */ struct passwd *pwd; u_short port; fd_set ready, readfrom; int cc, fd, nfd, pv[2], pid, s; int one = 1; const char *cp, *errorstr; char sig, buf[BUFSIZ]; char *cmdbuf, luser[16], ruser[16]; char rhost[2 * MAXHOSTNAMELEN + 1]; char numericname[INET6_ADDRSTRLEN]; int af, srcport; int maxcmdlen; login_cap_t *lc; maxcmdlen = (int)sysconf(_SC_ARG_MAX); if (maxcmdlen <= 0 || (cmdbuf = malloc(maxcmdlen)) == NULL) exit(1); (void) signal(SIGINT, SIG_DFL); (void) signal(SIGQUIT, SIG_DFL); (void) signal(SIGTERM, SIG_DFL); af = fromp->sa_family; srcport = ntohs(*((in_port_t *)&fromp->sa_data)); if (af == AF_INET) { inet_ntop(af, &((struct sockaddr_in *)fromp)->sin_addr, numericname, sizeof numericname); } else if (af == AF_INET6) { inet_ntop(af, &((struct sockaddr_in6 *)fromp)->sin6_addr, numericname, sizeof numericname); } else { syslog(LOG_ERR, "malformed \"from\" address (af %d)", af); exit(1); } #ifdef IP_OPTIONS if (af == AF_INET) { u_char optbuf[BUFSIZ/3]; socklen_t optsize = sizeof(optbuf), ipproto, i; struct protoent *ip; if ((ip = getprotobyname("ip")) != NULL) ipproto = ip->p_proto; else ipproto = IPPROTO_IP; if (!getsockopt(0, ipproto, IP_OPTIONS, optbuf, &optsize) && optsize != 0) { for (i = 0; i < optsize; ) { u_char c = optbuf[i]; if (c == IPOPT_LSRR || c == IPOPT_SSRR) { syslog(LOG_NOTICE, "connection refused from %s with IP option %s", numericname, c == IPOPT_LSRR ? "LSRR" : "SSRR"); exit(1); } if (c == IPOPT_EOL) break; i += (c == IPOPT_NOP) ? 1 : optbuf[i+1]; } } } #endif if (srcport >= IPPORT_RESERVED || srcport < IPPORT_RESERVED/2) { syslog(LOG_NOTICE|LOG_AUTH, "connection from %s on illegal port %u", numericname, srcport); exit(1); } (void) alarm(60); port = 0; s = 0; /* not set or used if port == 0 */ for (;;) { char c; if ((cc = read(STDIN_FILENO, &c, 1)) != 1) { if (cc < 0) syslog(LOG_NOTICE, "read: %m"); shutdown(0, SHUT_RDWR); exit(1); } if (c == 0) break; port = port * 10 + c - '0'; } (void) alarm(0); if (port != 0) { int lport = IPPORT_RESERVED - 1; s = rresvport_af(&lport, af); if (s < 0) { syslog(LOG_ERR, "can't get stderr port: %m"); exit(1); } if (port >= IPPORT_RESERVED || port < IPPORT_RESERVED/2) { syslog(LOG_NOTICE|LOG_AUTH, "2nd socket from %s on unreserved port %u", numericname, port); exit(1); } *((in_port_t *)&fromp->sa_data) = htons(port); if (connect(s, fromp, fromp->sa_len) < 0) { syslog(LOG_INFO, "connect second port %d: %m", port); exit(1); } } errorstr = NULL; realhostname_sa(rhost, sizeof(rhost) - 1, fromp, fromp->sa_len); rhost[sizeof(rhost) - 1] = '\0'; /* XXX truncation! */ (void) alarm(60); getstr(ruser, sizeof(ruser), "ruser"); getstr(luser, sizeof(luser), "luser"); getstr(cmdbuf, maxcmdlen, "command"); (void) alarm(0); pam_err = pam_start("rsh", luser, &pamc, &pamh); if (pam_err != PAM_SUCCESS) { syslog(LOG_ERR|LOG_AUTH, "pam_start(): %s", pam_strerror(pamh, pam_err)); rshd_errx(1, "Login incorrect."); } if ((pam_err = pam_set_item(pamh, PAM_RUSER, ruser)) != PAM_SUCCESS || (pam_err = pam_set_item(pamh, PAM_RHOST, rhost)) != PAM_SUCCESS) { syslog(LOG_ERR|LOG_AUTH, "pam_set_item(): %s", pam_strerror(pamh, pam_err)); rshd_errx(1, "Login incorrect."); } pam_err = pam_authenticate(pamh, 0); if (pam_err == PAM_SUCCESS) { if ((pam_err = pam_get_user(pamh, &cp, NULL)) == PAM_SUCCESS) { strncpy(luser, cp, sizeof(luser)); luser[sizeof(luser) - 1] = '\0'; /* XXX truncation! */ } pam_err = pam_acct_mgmt(pamh, 0); } if (pam_err != PAM_SUCCESS) { syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: permission denied (%s). cmd='%.80s'", ruser, rhost, luser, pam_strerror(pamh, pam_err), cmdbuf); rshd_errx(1, "Login incorrect."); } setpwent(); pwd = getpwnam(luser); if (pwd == NULL) { syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: unknown login. cmd='%.80s'", ruser, rhost, luser, cmdbuf); if (errorstr == NULL) errorstr = "Login incorrect."; rshd_errx(1, errorstr, rhost); } lc = login_getpwclass(pwd); if (pwd->pw_uid) auth_checknologin(lc); if (chdir(pwd->pw_dir) < 0) { if (chdir("/") < 0 || login_getcapbool(lc, "requirehome", !!pwd->pw_uid)) { syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: no home directory. cmd='%.80s'", ruser, rhost, luser, cmdbuf); rshd_errx(0, "No remote home directory."); } pwd->pw_dir = slash; } if (lc != NULL && fromp->sa_family == AF_INET) { /*XXX*/ char remote_ip[MAXHOSTNAMELEN]; strncpy(remote_ip, numericname, sizeof(remote_ip) - 1); remote_ip[sizeof(remote_ip) - 1] = 0; /* XXX truncation! */ if (!auth_hostok(lc, rhost, remote_ip)) { syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: permission denied (%s). cmd='%.80s'", ruser, rhost, luser, __rcmd_errstr, cmdbuf); rshd_errx(1, "Login incorrect."); } if (!auth_timeok(lc, time(NULL))) rshd_errx(1, "Logins not available right now"); } /* * PAM modules might add supplementary groups in * pam_setcred(), so initialize them first. * But we need to open the session as root. */ if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETGROUP) != 0) { syslog(LOG_ERR, "setusercontext: %m"); exit(1); } if ((pam_err = pam_open_session(pamh, 0)) != PAM_SUCCESS) { syslog(LOG_ERR, "pam_open_session: %s", pam_strerror(pamh, pam_err)); } else if ((pam_err = pam_setcred(pamh, PAM_ESTABLISH_CRED)) != PAM_SUCCESS) { syslog(LOG_ERR, "pam_setcred: %s", pam_strerror(pamh, pam_err)); } (void) write(STDERR_FILENO, "\0", 1); sent_null = 1; if (port) { if (pipe(pv) < 0) rshd_errx(1, "Can't make pipe."); pid = fork(); if (pid == -1) rshd_errx(1, "Can't fork; try again."); if (pid) { (void) close(0); (void) close(1); (void) close(2); (void) close(pv[1]); FD_ZERO(&readfrom); FD_SET(s, &readfrom); FD_SET(pv[0], &readfrom); if (pv[0] > s) nfd = pv[0]; else nfd = s; ioctl(pv[0], FIONBIO, (char *)&one); /* should set s nbio! */ nfd++; do { ready = readfrom; if (select(nfd, &ready, (fd_set *)0, (fd_set *)0, (struct timeval *)0) < 0) break; if (FD_ISSET(s, &ready)) { int ret; ret = read(s, &sig, 1); if (ret <= 0) FD_CLR(s, &readfrom); else killpg(pid, sig); } if (FD_ISSET(pv[0], &ready)) { errno = 0; cc = read(pv[0], buf, sizeof(buf)); if (cc <= 0) { shutdown(s, SHUT_RDWR); FD_CLR(pv[0], &readfrom); } else { (void)write(s, buf, cc); } } } while (FD_ISSET(s, &readfrom) || FD_ISSET(pv[0], &readfrom)); PAM_END; exit(0); } (void) close(s); (void) close(pv[0]); dup2(pv[1], 2); close(pv[1]); } else { pid = fork(); if (pid == -1) rshd_errx(1, "Can't fork; try again."); if (pid) { /* Parent. */ while (wait(NULL) > 0 || errno == EINTR) /* nothing */ ; PAM_END; exit(0); } } for (fd = getdtablesize(); fd > 2; fd--) (void) close(fd); if (setsid() == -1) syslog(LOG_ERR, "setsid() failed: %m"); if (setlogin(pwd->pw_name) < 0) syslog(LOG_ERR, "setlogin() failed: %m"); if (*pwd->pw_shell == '\0') pwd->pw_shell = bshell; (void) pam_setenv(pamh, "HOME", pwd->pw_dir, 1); (void) pam_setenv(pamh, "SHELL", pwd->pw_shell, 1); (void) pam_setenv(pamh, "USER", pwd->pw_name, 1); (void) pam_setenv(pamh, "PATH", _PATH_DEFPATH, 1); environ = pam_getenvlist(pamh); (void) pam_end(pamh, pam_err); cp = strrchr(pwd->pw_shell, '/'); if (cp) cp++; else cp = pwd->pw_shell; if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETALL & ~LOGIN_SETGROUP) < 0) { syslog(LOG_ERR, "setusercontext(): %m"); exit(1); } login_close(lc); endpwent(); if (log_success || pwd->pw_uid == 0) { syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: cmd='%.80s'", ruser, rhost, luser, cmdbuf); } execl(pwd->pw_shell, cp, "-c", cmdbuf, (char *)NULL); err(1, "%s", pwd->pw_shell); exit(1); }
int main(int argc, char *argv[]) { char *domain, *p, *ttyn, *shell, *fullname, *instance; char *lipaddr, *script, *ripaddr, *style, *type, *fqdn; char tbuf[MAXPATHLEN + 2], tname[sizeof(_PATH_TTY) + 10]; char localhost[MAXHOSTNAMELEN], *copyright; char mail[sizeof(_PATH_MAILDIR) + 1 + NAME_MAX]; int ask, ch, cnt, fflag, pflag, quietlog, rootlogin, lastchance; int error, homeless, needto, authok, tries, backoff; struct addrinfo *ai, hints; struct rlimit cds, scds; quad_t expire, warning; struct utmp utmp; struct group *gr; struct stat st; uid_t uid; openlog("login", LOG_ODELAY, LOG_AUTH); fqdn = lipaddr = ripaddr = fullname = type = NULL; authok = 0; tries = 10; backoff = 3; domain = NULL; if (gethostname(localhost, sizeof(localhost)) < 0) { syslog(LOG_ERR, "couldn't get local hostname: %m"); strlcpy(localhost, "localhost", sizeof(localhost)); } else if ((domain = strchr(localhost, '.'))) { domain++; if (*domain && strchr(domain, '.') == NULL) domain = localhost; } if ((as = auth_open()) == NULL) { syslog(LOG_ERR, "auth_open: %m"); err(1, "unable to initialize BSD authentication"); } auth_setoption(as, "login", "yes"); /* * -p is used by getty to tell login not to destroy the environment * -f is used to skip a second login authentication * -h is used by other servers to pass the name of the remote * host to login so that it may be placed in utmp and wtmp */ fflag = pflag = 0; uid = getuid(); while ((ch = getopt(argc, argv, "fh:pu:L:R:")) != -1) switch (ch) { case 'f': fflag = 1; break; case 'h': if (uid) { warnc(EPERM, "-h option"); quickexit(1); } free(fqdn); if ((fqdn = strdup(optarg)) == NULL) { warn(NULL); quickexit(1); } auth_setoption(as, "fqdn", fqdn); if (domain && (p = strchr(optarg, '.')) && strcasecmp(p+1, domain) == 0) *p = 0; hostname = optarg; auth_setoption(as, "hostname", hostname); break; case 'L': if (uid) { warnc(EPERM, "-L option"); quickexit(1); } if (lipaddr) { warnx("duplicate -L option"); quickexit(1); } lipaddr = optarg; memset(&hints, 0, sizeof(hints)); hints.ai_family = PF_UNSPEC; hints.ai_flags = AI_CANONNAME; error = getaddrinfo(lipaddr, NULL, &hints, &ai); if (!error) { strlcpy(localhost, ai->ai_canonname, sizeof(localhost)); freeaddrinfo(ai); } else strlcpy(localhost, lipaddr, sizeof(localhost)); auth_setoption(as, "local_addr", lipaddr); break; case 'p': pflag = 1; break; case 'R': if (uid) { warnc(EPERM, "-R option"); quickexit(1); } if (ripaddr) { warnx("duplicate -R option"); quickexit(1); } ripaddr = optarg; auth_setoption(as, "remote_addr", ripaddr); break; case 'u': if (uid) { warnc(EPERM, "-u option"); quickexit(1); } rusername = optarg; break; default: if (!uid) syslog(LOG_ERR, "invalid flag %c", ch); (void)fprintf(stderr, "usage: login [-fp] [-h hostname] [-L local-addr] " "[-R remote-addr] [-u username]\n\t[user]\n"); quickexit(1); } argc -= optind; argv += optind; if (*argv) { username = *argv; ask = 0; } else ask = 1; /* * If effective user is not root, just run su(1) to emulate login(1). */ if (geteuid() != 0) { char *av[5], **ap; auth_close(as); closelog(); closefrom(STDERR_FILENO + 1); ap = av; *ap++ = _PATH_SU; *ap++ = "-L"; if (!pflag) *ap++ = "-l"; if (!ask) *ap++ = username; *ap = NULL; execv(_PATH_SU, av); warn("unable to exec %s", _PATH_SU); _exit(1); } ttyn = ttyname(STDIN_FILENO); if (ttyn == NULL || *ttyn == '\0') { (void)snprintf(tname, sizeof(tname), "%s??", _PATH_TTY); ttyn = tname; } if ((tty = strrchr(ttyn, '/'))) ++tty; else tty = ttyn; /* * Since login deals with sensitive information, turn off coredumps. */ if (getrlimit(RLIMIT_CORE, &scds) < 0) { syslog(LOG_ERR, "couldn't get core dump size: %m"); scds.rlim_cur = scds.rlim_max = QUAD_MIN; } cds.rlim_cur = cds.rlim_max = 0; if (setrlimit(RLIMIT_CORE, &cds) < 0) { syslog(LOG_ERR, "couldn't set core dump size to 0: %m"); scds.rlim_cur = scds.rlim_max = QUAD_MIN; } (void)signal(SIGALRM, timedout); if (argc > 1) { needto = 0; (void)alarm(timeout); } else needto = 1; (void)signal(SIGQUIT, SIG_IGN); (void)signal(SIGINT, SIG_IGN); (void)signal(SIGHUP, SIG_IGN); (void)setpriority(PRIO_PROCESS, 0, 0); #ifdef notyet /* XXX - we don't (yet) support per-tty auth stuff */ /* BSDi uses a ttys.conf file but we could just overload /etc/ttys */ /* * Classify the attempt. * By default we use the value in the ttys file. * If there is a classify script we run that as * * classify [-f] [username] */ if (type = getttyauth(tty)) auth_setoption(as, "auth_type", type); #endif /* get the default login class */ if ((lc = login_getclass(0)) == NULL) { /* get the default class */ warnx("Failure to retrieve default class"); quickexit(1); } timeout = (u_int)login_getcapnum(lc, "login-timeout", 300, 300); if ((script = login_getcapstr(lc, "classify", NULL, NULL)) != NULL) { unsetenv("AUTH_TYPE"); unsetenv("REMOTE_NAME"); if (script[0] != '/') { syslog(LOG_ERR, "Invalid classify script: %s", script); warnx("Classification failure"); quickexit(1); } shell = strrchr(script, '/') + 1; auth_setstate(as, AUTH_OKAY); auth_call(as, script, shell, fflag ? "-f" : username, fflag ? username : 0, (char *)0); if (!(auth_getstate(as) & AUTH_ALLOW)) quickexit(1); auth_setenv(as); if ((p = getenv("AUTH_TYPE")) != NULL && strncmp(p, "auth-", 5) == 0) type = p; if ((p = getenv("REMOTE_NAME")) != NULL) hostname = p; /* * we may have changed some values, reset them */ auth_clroptions(as); if (type) auth_setoption(as, "auth_type", type); if (fqdn) auth_setoption(as, "fqdn", fqdn); if (hostname) auth_setoption(as, "hostname", hostname); if (lipaddr) auth_setoption(as, "local_addr", lipaddr); if (ripaddr) auth_setoption(as, "remote_addr", ripaddr); } /* * Request the things like the approval script print things * to stdout (in particular, the nologins files) */ auth_setitem(as, AUTHV_INTERACTIVE, "True"); for (cnt = 0;; ask = 1) { /* * Clean up our current authentication session. * Options are not cleared so we need to clear any * we might set below. */ auth_clean(as); auth_clroption(as, "style"); auth_clroption(as, "lastchance"); lastchance = 0; if (ask) { fflag = 0; getloginname(); } if (needto) { needto = 0; alarm(timeout); } if ((style = strchr(username, ':')) != NULL) *style++ = '\0'; if (fullname) free(fullname); if (auth_setitem(as, AUTHV_NAME, username) < 0 || (fullname = strdup(username)) == NULL) { syslog(LOG_ERR, "%m"); warn(NULL); quickexit(1); } rootlogin = 0; if ((instance = strchr(username, '/')) != NULL) { if (strncmp(instance + 1, "root", 4) == 0) rootlogin = 1; *instance++ = '\0'; } else instance = ""; if (strlen(username) > UT_NAMESIZE) username[UT_NAMESIZE] = '\0'; /* * Note if trying multiple user names; log failures for * previous user name, but don't bother logging one failure * for nonexistent name (mistyped username). */ if (failures && strcmp(tbuf, username)) { if (failures > (pwd ? 0 : 1)) badlogin(tbuf); failures = 0; } (void)strlcpy(tbuf, username, sizeof(tbuf)); if ((pwd = getpwnam(username)) != NULL && auth_setpwd(as, pwd) < 0) { syslog(LOG_ERR, "%m"); warn(NULL); quickexit(1); } lc = login_getclass(pwd ? pwd->pw_class : NULL); if (!lc) goto failed; style = login_getstyle(lc, style, type); if (!style) goto failed; /* * We allow "login-tries" attempts to login but start * slowing down after "login-backoff" attempts. */ tries = (int)login_getcapnum(lc, "login-tries", 10, 10); backoff = (int)login_getcapnum(lc, "login-backoff", 3, 3); /* * Turn off the fflag if we have an invalid user * or we are not root and we are trying to change uids. */ if (!pwd || (uid && uid != pwd->pw_uid)) fflag = 0; if (pwd && pwd->pw_uid == 0) rootlogin = 1; /* * If we do not have the force flag authenticate the user */ if (!fflag) { lastchance = login_getcaptime(lc, "password-dead", 0, 0) != 0; if (lastchance) auth_setoption(as, "lastchance", "yes"); /* * Once we start asking for a password * we want to log a failure on a hup. */ signal(SIGHUP, sighup); auth_verify(as, style, NULL, lc->lc_class, NULL); authok = auth_getstate(as); /* * If their password expired and it has not been * too long since then, give the user one last * chance to change their password */ if ((authok & AUTH_PWEXPIRED) && lastchance) { authok = AUTH_OKAY; } else lastchance = 0; if ((authok & AUTH_ALLOW) == 0) goto failed; if (auth_setoption(as, "style", style) < 0) { syslog(LOG_ERR, "%m"); warn(NULL); quickexit(1); } } /* * explicitly reject users without password file entries */ if (pwd == NULL) goto failed; /* * If trying to log in as root on an insecure terminal, * refuse the login attempt unless the authentication * style explicitly says a root login is okay. */ if (pwd && rootlogin && !rootterm(tty)) goto failed; if (fflag) { type = 0; style = "forced"; } break; failed: if (authok & AUTH_SILENT) quickexit(0); if (rootlogin && !rootterm(tty)) { warnx("%s login refused on this terminal.", fullname); if (hostname) syslog(LOG_NOTICE, "LOGIN %s REFUSED FROM %s%s%s ON TTY %s", fullname, rusername ? rusername : "", rusername ? "@" : "", hostname, tty); else syslog(LOG_NOTICE, "LOGIN %s REFUSED ON TTY %s", fullname, tty); } else { if (!as || (p = auth_getvalue(as, "errormsg")) == NULL) p = "Login incorrect"; (void)printf("%s\n", p); } failures++; if (pwd) log_failedlogin(pwd->pw_uid, hostname, rusername, tty); /* * By default, we allow 10 tries, but after 3 we start * backing off to slow down password guessers. */ if (++cnt > backoff) { if (cnt >= tries) { badlogin(username); sleepexit(1); } sleep((u_int)((cnt - backoff) * tries / 2)); } } /* committed to login -- turn off timeout */ (void)alarm(0); endpwent(); shell = login_getcapstr(lc, "shell", pwd->pw_shell, pwd->pw_shell); if (*shell == '\0') shell = _PATH_BSHELL; else if (strlen(shell) >= MAXPATHLEN) { syslog(LOG_ERR, "shell path too long: %s", shell); warnx("invalid shell"); quickexit(1); } /* Destroy environment unless user has requested its preservation. */ if (!pflag) { if ((environ = calloc(1, sizeof (char *))) == NULL) err(1, "calloc"); } else { char **cpp, **cpp2; for (cpp2 = cpp = environ; *cpp; cpp++) { if (strncmp(*cpp, "LD_", 3) && strncmp(*cpp, "ENV=", 4) && strncmp(*cpp, "BASH_ENV=", 9) && strncmp(*cpp, "IFS=", 4)) *cpp2++ = *cpp; } *cpp2 = 0; } /* Note: setusercontext(3) will set PATH */ if (setenv("HOME", pwd->pw_dir, 1) == -1 || setenv("SHELL", pwd->pw_shell, 1) == -1) { warn("unable to setenv()"); quickexit(1); } if (term[0] == '\0') (void)strlcpy(term, stypeof(tty), sizeof(term)); (void)snprintf(mail, sizeof(mail), "%s/%s", _PATH_MAILDIR, pwd->pw_name); if (setenv("TERM", term, 0) == -1 || setenv("LOGNAME", pwd->pw_name, 1) == -1 || setenv("USER", pwd->pw_name, 1) == -1 || setenv("MAIL", mail, 1) == -1) { warn("unable to setenv()"); quickexit(1); } if (hostname) { if (setenv("REMOTEHOST", hostname, 1) == -1) { warn("unable to setenv()"); quickexit(1); } } if (rusername) { if (setenv("REMOTEUSER", rusername, 1) == -1) { warn("unable to setenv()"); quickexit(1); } } if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETPATH)) { warn("unable to set user context"); quickexit(1); } auth_setenv(as); /* if user not super-user, check for disabled logins */ if (!rootlogin) auth_checknologin(lc); setegid(pwd->pw_gid); seteuid(pwd->pw_uid); homeless = chdir(pwd->pw_dir); if (homeless) { if (login_getcapbool(lc, "requirehome", 0)) { (void)printf("No home directory %s!\n", pwd->pw_dir); quickexit(1); } if (chdir("/")) quickexit(0); } quietlog = ((strcmp(pwd->pw_shell, "/sbin/nologin") == 0) || login_getcapbool(lc, "hushlogin", 0) || (access(_PATH_HUSHLOGIN, F_OK) == 0)); seteuid(0); setegid(0); /* XXX use a saved gid instead? */ if ((p = auth_getvalue(as, "warnmsg")) != NULL) (void)printf("WARNING: %s\n\n", p); expire = auth_check_expire(as); if (expire < 0) { (void)printf("Sorry -- your account has expired.\n"); quickexit(1); } else if (expire > 0 && !quietlog) { warning = login_getcaptime(lc, "expire-warn", 2 * DAYSPERWEEK * SECSPERDAY, 2 * DAYSPERWEEK * SECSPERDAY); if (expire < warning) (void)printf("Warning: your account expires on %s", ctime(&pwd->pw_expire)); } /* Nothing else left to fail -- really log in. */ (void)signal(SIGHUP, SIG_DFL); memset(&utmp, 0, sizeof(utmp)); (void)time(&utmp.ut_time); (void)strncpy(utmp.ut_name, username, sizeof(utmp.ut_name)); if (hostname) (void)strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host)); (void)strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line)); login(&utmp); if (!quietlog) (void)check_failedlogin(pwd->pw_uid); dolastlog(quietlog); login_fbtab(tty, pwd->pw_uid, pwd->pw_gid); (void)chown(ttyn, pwd->pw_uid, (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid); /* If fflag is on, assume caller/authenticator has logged root login. */ if (rootlogin && fflag == 0) { if (hostname) syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s FROM %s%s%s", username, tty, rusername ? rusername : "", rusername ? "@" : "", hostname); else syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s", username, tty); } if (!quietlog) { if ((copyright = login_getcapstr(lc, "copyright", NULL, NULL)) != NULL) auth_cat(copyright); motd(); if (stat(mail, &st) == 0 && st.st_size != 0) (void)printf("You have %smail.\n", (st.st_mtime > st.st_atime) ? "new " : ""); } (void)signal(SIGALRM, SIG_DFL); (void)signal(SIGQUIT, SIG_DFL); (void)signal(SIGHUP, SIG_DFL); (void)signal(SIGINT, SIG_DFL); (void)signal(SIGTSTP, SIG_IGN); tbuf[0] = '-'; (void)strlcpy(tbuf + 1, (p = strrchr(shell, '/')) ? p + 1 : shell, sizeof(tbuf) - 1); if ((scds.rlim_cur != QUAD_MIN || scds.rlim_max != QUAD_MIN) && setrlimit(RLIMIT_CORE, &scds) < 0) syslog(LOG_ERR, "couldn't reset core dump size: %m"); if (lastchance) (void)printf("WARNING: Your password has expired." " You must change your password, now!\n"); if (setusercontext(lc, pwd, rootlogin ? 0 : pwd->pw_uid, LOGIN_SETALL & ~LOGIN_SETPATH) < 0) { warn("unable to set user context"); quickexit(1); } if (homeless) { (void)printf("No home directory %s!\n", pwd->pw_dir); (void)printf("Logging in with home = \"/\".\n"); (void)setenv("HOME", "/", 1); } if (auth_approval(as, lc, NULL, "login") == 0) { if (auth_getstate(as) & AUTH_EXPIRED) (void)printf("Sorry -- your account has expired.\n"); else (void)printf("approval failure\n"); quickexit(1); } /* * The last thing we do is discard all of the open file descriptors. * Last because the C library may have some open. */ closefrom(STDERR_FILENO + 1); /* * Close the authentication session, make sure it is marked * as okay so no files are removed. */ auth_setstate(as, AUTH_OKAY); auth_close(as); execlp(shell, tbuf, (char *)NULL); err(1, "%s", shell); }