/**
* Asks for an alternative new name for a file, in case of a clash
*/
static __inline__ int ask_rename(doscp_t *cp, ClashHandling_t *ch,
dos_name_t *shortname,
char *longname,
int isprimary)
{
int mangled;
/* TODO: Would be nice to suggest "autorenamed" version of name, press
* <Return> to get it.
*/
#if 0
fprintf(stderr,"Entering ask_rename, isprimary=%d.\n", isprimary);
#endif
if(!opentty(0))
return 0;
#define maxsize (isprimary ? MAX_VNAMELEN+1 : 11+1)
#define name (isprimary ? argname : shortname)
mangled = 0;
do {
char tname[4*MAX_VNAMELEN+1];
fprintf(stderr, "New %s name for \"%s\": ",
isprimary ? "primary" : "secondary", longname);
fflush(stderr);
if (! fgets(tname, 4*MAX_VNAMELEN+1, opentty(0)))
return 0;
chomp(tname);
if (isprimary)
strcpy(longname, tname);
else
mangled = convert_to_shortname(cp,
ch, tname, shortname);
} while (mangled & 1);
return 1;
#undef maxsize
#undef name
}
int ask_confirmation(const char *format, const char *p1, const char *p2)
{
char ans[10];
if(!opentty(-1))
return 0;
while (1) {
fprintf(stderr, format, p1, p2);
fflush(stderr);
fflush(opentty(-1));
if (mtools_raw_tty) {
ans[0] = fgetc(opentty(1));
fputs("\n", stderr);
} else {
fgets(ans,9, opentty(0));
}
if (ans[0] == 'y' || ans[0] == 'Y')
return 0;
if (ans[0] == 'n' || ans[0] == 'N')
return -1;
}
}
static inline int ask_rename(ClashHandling_t *ch,
char *longname, int isprimary, char *argname)
{
char shortname[13];
int mangled;
/* TODO: Would be nice to suggest "autorenamed" version of name, press
* <Return> to get it.
*/
#if 0
fprintf(stderr,"Entering ask_rename, isprimary=%d.\n", isprimary);
#endif
if(!opentty(0))
return 0;
#define maxsize (isprimary ? MAX_VNAMELEN+1 : 11+1)
#define name (isprimary ? argname : shortname)
mangled = 0;
do {
fprintf(stderr, "New %s name for \"%s\": ",
isprimary ? "primary" : "secondary", longname);
fflush(stderr);
if (! fgets(name, maxsize, opentty(0)))
return 0;
/* Eliminate newline(s) in the file name */
name[strlen(name)-1]='\0';
if (!isprimary)
ch->name_converter(shortname,0, &mangled, argname);
} while (mangled & 1);
return 1;
#undef maxsize
#undef name
}
int main()
{
pthread_t thread1, thread2;
int fd;
fd = opentty ();
if (fd < 0) {
perror ("Error: cannot open tty\n");
return -1;
}
pthread_create(&thread1, NULL, &receive, &fd);
pthread_create(&thread2, NULL, &send, &fd);
printf("Tiny Minicom 0.2.0\n\n");
do {
} while (1);
return 0;
}
int
main(int argc, char *argv[])
{
extern char **environ;
int first_sleep = 1, first_time = 1;
struct rlimit limit;
int rval;
signal(SIGINT, SIG_IGN);
signal(SIGQUIT, SIG_IGN);
openlog("getty", LOG_ODELAY|LOG_CONS|LOG_PID, LOG_AUTH);
gethostname(hostname, sizeof(hostname) - 1);
hostname[sizeof(hostname) - 1] = '\0';
if (hostname[0] == '\0')
strcpy(hostname, "Amnesiac");
/*
* Limit running time to deal with broken or dead lines.
*/
(void)signal(SIGXCPU, timeoverrun);
limit.rlim_max = RLIM_INFINITY;
limit.rlim_cur = GETTY_TIMEOUT;
(void)setrlimit(RLIMIT_CPU, &limit);
gettable("default", defent);
gendefaults();
tname = "default";
if (argc > 1)
tname = argv[1];
/*
* The following is a work around for vhangup interactions
* which cause great problems getting window systems started.
* If the tty line is "-", we do the old style getty presuming
* that the file descriptors are already set up for us.
* J. Gettys - MIT Project Athena.
*/
if (argc <= 2 || strcmp(argv[2], "-") == 0)
strcpy(ttyn, ttyname(STDIN_FILENO));
else {
strcpy(ttyn, dev);
strncat(ttyn, argv[2], sizeof(ttyn)-sizeof(dev));
if (strcmp(argv[0], "+") != 0) {
chown(ttyn, 0, 0);
chmod(ttyn, 0600);
revoke(ttyn);
/*
* Do the first scan through gettytab.
* Terminal mode parameters will be wrong until
* defttymode() called, but they're irrelevant for
* the initial setup of the terminal device.
*/
dogettytab();
/*
* Init or answer modem sequence has been specified.
*/
if (IC || AC) {
if (!opentty(ttyn, O_RDWR|O_NONBLOCK))
exit(1);
defttymode();
setttymode(1);
}
if (IC) {
if (getty_chat(IC, CT, DC) > 0) {
syslog(LOG_ERR, "modem init problem on %s", ttyn);
(void)tcsetattr(STDIN_FILENO, TCSANOW, &tmode);
exit(1);
}
}
if (AC) {
int i, rfds;
struct timeval to;
rfds = 1 << 0; /* FD_SET */
to.tv_sec = RT;
to.tv_usec = 0;
i = select(32, (fd_set*)&rfds, (fd_set*)NULL,
(fd_set*)NULL, RT ? &to : NULL);
if (i < 0) {
syslog(LOG_ERR, "select %s: %m", ttyn);
} else if (i == 0) {
syslog(LOG_NOTICE, "recycle tty %s", ttyn);
(void)tcsetattr(STDIN_FILENO, TCSANOW, &tmode);
exit(0); /* recycle for init */
}
i = getty_chat(AC, CT, DC);
if (i > 0) {
syslog(LOG_ERR, "modem answer problem on %s", ttyn);
(void)tcsetattr(STDIN_FILENO, TCSANOW, &tmode);
exit(1);
}
} else { /* maybe blocking open */
if (!opentty(ttyn, O_RDWR | (NC ? O_NONBLOCK : 0 )))
exit(1);
}
}
}
defttymode();
for (;;) {
/*
* if a delay was specified then sleep for that
* number of seconds before writing the initial prompt
*/
if (first_sleep && DE) {
sleep(DE);
/* remove any noise */
(void)tcflush(STDIN_FILENO, TCIOFLUSH);
}
first_sleep = 0;
setttymode(0);
if (AB) {
tname = autobaud();
dogettytab();
continue;
}
if (PS) {
tname = portselector();
dogettytab();
continue;
}
if (CL && *CL)
putpad(CL);
edithost(HE);
/* if this is the first time through this, and an
issue file has been given, then send it */
if (first_time && IF) {
int fd;
if ((fd = open(IF, O_RDONLY)) != -1) {
char * cp;
while ((cp = getline(fd)) != NULL) {
putf(cp);
}
close(fd);
}
}
first_time = 0;
if (IM && *IM && !(PL && PP))
putf(IM);
if (setjmp(timeout)) {
cfsetispeed(&tmode, B0);
cfsetospeed(&tmode, B0);
(void)tcsetattr(STDIN_FILENO, TCSANOW, &tmode);
exit(1);
}
if (TO) {
signal(SIGALRM, dingdong);
alarm(TO);
}
rval = 0;
if (AL) {
const char *p = AL;
char *q = name;
while (*p && q < &name[sizeof name - 1]) {
if (isupper(*p))
upper = 1;
else if (islower(*p))
lower = 1;
else if (isdigit(*p))
digit = 1;
*q++ = *p++;
}
} else if (!(PL && PP))
rval = getname();
if (rval == 2 || (PL && PP)) {
oflush();
alarm(0);
limit.rlim_max = RLIM_INFINITY;
limit.rlim_cur = RLIM_INFINITY;
(void)setrlimit(RLIMIT_CPU, &limit);
execle(PP, "ppplogin", ttyn, (char *) 0, env);
syslog(LOG_ERR, "%s: %m", PP);
exit(1);
} else if (rval || AL) {
int i;
oflush();
alarm(0);
signal(SIGALRM, SIG_DFL);
if (name[0] == '\0')
continue;
if (name[0] == '-') {
puts("user names may not start with '-'.");
continue;
}
if (!(upper || lower || digit)) {
if (AL) {
syslog(LOG_ERR,
"invalid auto-login name: %s", AL);
exit(1);
} else
continue;
}
set_flags(2);
if (crmod) {
tmode.c_iflag |= ICRNL;
tmode.c_oflag |= ONLCR;
}
#if REALLY_OLD_TTYS
if (upper || UC)
tmode.sg_flags |= LCASE;
if (lower || LC)
tmode.sg_flags &= ~LCASE;
#endif
if (tcsetattr(STDIN_FILENO, TCSANOW, &tmode) < 0) {
syslog(LOG_ERR, "tcsetattr %s: %m", ttyn);
exit(1);
}
signal(SIGINT, SIG_DFL);
for (i = 0; environ[i] != (char *)0; i++)
env[i] = environ[i];
makeenv(&env[i]);
limit.rlim_max = RLIM_INFINITY;
limit.rlim_cur = RLIM_INFINITY;
(void)setrlimit(RLIMIT_CPU, &limit);
execle(LO, "login", AL ? "-fp" : "-p", name,
(char *) 0, env);
syslog(LOG_ERR, "%s: %m", LO);
exit(1);
}
alarm(0);
signal(SIGALRM, SIG_DFL);
signal(SIGINT, SIG_IGN);
if (NX && *NX) {
tname = NX;
dogettytab();
}
}
}
/**
* This function determines the action to be taken in case there is a problem
* with target name (clash, illegal characters, or reserved)
* The decision either comes from the default (ch), or the user will be
* prompted if there is no default
*/
static __inline__ clash_action ask_namematch(doscp_t *cp,
dos_name_t *dosname,
char *longname,
int isprimary,
ClashHandling_t *ch,
int no_overwrite,
int reason)
{
/* User's answer letter (from keyboard). Only first letter is used,
* but we allocate space for 10 in order to account for extra garbage
* that user may enter
*/
char ans[10];
/**
* Return value: action to be taken
*/
clash_action a;
/**
* Should this decision be made permanent (do no longer ask same
* question)
*/
int perm;
/**
* Buffer for shortname
*/
char name_buffer[4*13];
/**
* Name to be printed
*/
char *name;
#define EXISTS 0
#define RESERVED 1
#define ILLEGALS 2
static const char *reasons[]= {
"already exists",
"is reserved",
"contains illegal character(s)"};
a = ch->action[isprimary];
if(a == NAMEMATCH_NONE && !opentty(1)) {
/* no default, and no tty either . Skip the troublesome file */
return NAMEMATCH_SKIP;
}
if (!isprimary)
name = unix_normalize(cp, name_buffer, dosname);
else
name = longname;
perm = 0;
while (a == NAMEMATCH_NONE) {
fprintf(stderr, "%s file name \"%s\" %s.\n",
isprimary ? "Long" : "Short", name, reasons[reason]);
fprintf(stderr,
"a)utorename A)utorename-all r)ename R)ename-all ");
if(!no_overwrite)
fprintf(stderr,"o)verwrite O)verwrite-all");
fprintf(stderr,
"\ns)kip S)kip-all q)uit (aArR");
if(!no_overwrite)
fprintf(stderr,"oO");
fprintf(stderr,"sSq): ");
fflush(stderr);
fflush(opentty(1));
if (mtools_raw_tty) {
int rep;
rep = fgetc(opentty(1));
fputs("\n", stderr);
if(rep == EOF)
ans[0] = 'q';
else
ans[0] = rep;
} else {
fgets(ans, 9, opentty(0));
}
perm = isupper((unsigned char)ans[0]);
switch(tolower((unsigned char)ans[0])) {
case 'a':
a = NAMEMATCH_AUTORENAME;
break;
case 'r':
if(isprimary)
a = NAMEMATCH_PRENAME;
else
a = NAMEMATCH_RENAME;
break;
case 'o':
if(no_overwrite)
continue;
a = NAMEMATCH_OVERWRITE;
break;
case 's':
a = NAMEMATCH_SKIP;
break;
case 'q':
perm = 0;
a = NAMEMATCH_QUIT;
break;
default:
perm = 0;
}
}
/* Keep track of this action in case this file collides again */
ch->action[isprimary] = a;
if (perm)
ch->namematch_default[isprimary] = a;
/* if we were asked to overwrite be careful. We can't set the action
* to overwrite, else we get won't get a chance to specify another
* action, should overwrite fail. Indeed, we'll be caught in an
* infinite loop because overwrite will fail the same way for the
* second time */
if(a == NAMEMATCH_OVERWRITE)
ch->action[isprimary] = NAMEMATCH_NONE;
return a;
}
int main(int argc, char *argv[])
{
int c;
unsigned long flags = 0, eflags = 0;
char ttyname[256];
int status;
int ret, use_clone = 0;
int pid;
char *pid_file = NULL;
procname = basename(argv[0]);
memset(ttyname, '\0', sizeof(ttyname));
if(readlink("/proc/self/fd/0", ttyname, sizeof(ttyname))<0) {
perror("readlink /proc/self/fd/0");
exit(1);
}
while ((c = getopt(argc, argv, "+mguUiphcnf:P:")) != EOF) {
switch (c) {
case 'g': do_newcgrp = getpid(); break;
case 'm': flags |= CLONE_NEWNS; break;
case 'c': use_clone = 1; break;
case 'P': pid_file = optarg; break;
case 'u': flags |= CLONE_NEWUTS; break;
case 'i': flags |= CLONE_NEWIPC; break;
case 'U': flags |= CLONE_NEWUSER; break;
case 'n': flags |= CLONE_NEWNET; break;
case 'p': flags |= CLONE_NEWNS|CLONE_NEWPID; break;
case 'f': if (!string_to_ul(optarg, &eflags)) {
flags |= eflags;
break;
}
case 'h':
default:
usage(procname);
}
};
argv = &argv[optind];
argc = argc - optind;
if (do_newcgrp) {
ret = pipe(pipefd);
if (ret) {
perror("pipe");
return -1;
}
do_newcgrp = pipefd[0];
}
if (use_clone) {
int stacksize = 4*getpagesize();
void *childstack, *stack = malloc(stacksize);
if (!stack) {
perror("malloc");
return -1;
}
childstack = stack + stacksize - 1;
printf("about to clone with %lx\n", flags);
flags |= SIGCHLD;
pid = clone(do_child, childstack, flags, (void *)argv);
if (pid == -1) {
perror("clone");
return -1;
}
} else {
if ((pid = fork()) == 0) {
// Child.
//print_my_info(procname, ttyname);
if (check_newcgrp())
return 1;
opentty(ttyname);
printf("about to unshare with %lx\n", flags);
ret = unshare(flags);
if (ret < 0) {
perror("unshare");
return 1;
}
return do_child((void*)argv);
}
}
if (pid != -1 && do_newcgrp) {
char buf[20];
snprintf(buf, 20, "%d", pid);
close(pipefd[0]);
if(write(pipefd[1], buf, strlen(buf)+1)<0) {
perror("write to pipe");
exit(1);
}
close(pipefd[1]);
}
write_pid(pid_file, pid);
if ((ret = waitpid(pid, &status, __WALL)) < 0)
printf("waitpid() returns %d, errno %d\n", ret, errno);
exit(0);
}
int
main(int argc, char **argv)
{
extern int optind;
extern char *optarg, **environ;
register int ch;
register char *p;
int ask, fflag, hflag, pflag, cnt, errsv;
int quietlog, passwd_req;
char *domain, *ttyn;
char tbuf[MAXPATHLEN + 2], tname[sizeof(_PATH_TTY) + 10];
char *termenv;
char *childArgv[10];
char *buff;
int childArgc = 0;
char *salt, *pp;
pid = getpid();
signal(SIGALRM, timedout);
alarm((unsigned int)timeout);
signal(SIGQUIT, SIG_IGN);
signal(SIGINT, SIG_IGN);
setpriority(PRIO_PROCESS, 0, 0);
/*
* -p is used by getty to tell login not to destroy the environment
* -f is used to skip a second login authentication
* -h is used by other servers to pass the name of the remote
* host to login so that it may be placed in utmp and wtmp
*/
gethostname(tbuf, sizeof(tbuf));
xstrncpy(thishost, tbuf, sizeof(thishost));
domain = index(tbuf, '.');
username = tty_name = hostname = NULL;
fflag = hflag = pflag = 0;
passwd_req = 1;
while ((ch = getopt(argc, argv, "fh:p")) != -1)
switch (ch) {
case 'f':
fflag = 1;
break;
case 'h':
if (getuid()) {
fprintf(stderr,
"login: -h for super-user only.\n");
exit(1);
}
hflag = 1;
if (domain && (p = index(optarg, '.')) &&
strcasecmp(p, domain) == 0)
*p = 0;
hostname = strdup(optarg); /* strdup: Ambrose C. Li */
{
struct hostent *he = gethostbyname(hostname);
/* he points to static storage; copy the part we use */
hostaddress[0] = 0;
if (he && he->h_addr_list && he->h_addr_list[0])
memcpy(hostaddress, he->h_addr_list[0],
sizeof(hostaddress));
}
break;
case 'p':
pflag = 1;
break;
case '?':
default:
fprintf(stderr,
"usage: login [-fp] [username]\n");
exit(1);
}
argc -= optind;
argv += optind;
if (*argv) {
char *p = *argv;
username = strdup(p);
ask = 0;
/* wipe name - some people mistype their password here */
/* (of course we are too late, but perhaps this helps a little ..) */
while(*p)
*p++ = ' ';
} else
ask = 1;
for (cnt = getdtablesize(); cnt > 2; cnt--)
close(cnt);
ttyn = ttyname(0);
if (ttyn == NULL || *ttyn == '\0') {
/* no snprintf required - see definition of tname */
sprintf(tname, "%s??", _PATH_TTY);
ttyn = tname;
}
check_ttyname(ttyn);
if (strncmp(ttyn, "/dev/", 5) == 0)
tty_name = ttyn+5;
else
tty_name = ttyn;
if (strncmp(ttyn, "/dev/tty", 8) == 0)
tty_number = ttyn+8;
else {
char *p = ttyn;
while (*p && !isdigit(*p)) p++;
tty_number = p;
}
/* set pgid to pid */
setpgrp();
/* this means that setsid() will fail */
{
struct termios tt, ttt;
tcgetattr(0, &tt);
ttt = tt;
ttt.c_cflag &= ~HUPCL;
/* These can fail, e.g. with ttyn on a read-only filesystem */
chown(ttyn, 0, 0);
chmod(ttyn, TTY_MODE);
/* Kill processes left on this tty */
tcsetattr(0,TCSAFLUSH,&ttt);
signal(SIGHUP, SIG_IGN); /* so vhangup() wont kill us */
//vhangup();
signal(SIGHUP, SIG_DFL);
/* open stdin,stdout,stderr to the tty */
opentty(ttyn);
/* restore tty modes */
tcsetattr(0,TCSAFLUSH,&tt);
}
openlog("login", LOG_ODELAY, LOG_AUTHPRIV);
#if 0
/* other than iso-8859-1 */
printf("\033(K");
fprintf(stderr,"\033(K");
#endif
for (cnt = 0;; ask = 1) {
if (ask) {
fflag = 0;
getloginname();
}
/* Dirty patch to fix a gigantic security hole when using
yellow pages. This problem should be solved by the
libraries, and not by programs, but this must be fixed
urgently! If the first char of the username is '+', we
avoid login success.
Feb 95 <*****@*****.**> */
if (username[0] == '+') {
puts("Illegal username");
badlogin(username);
sleepexit(1);
}
/* (void)strcpy(tbuf, username); why was this here? */
if ((pwd = getpwnam(username))) {
salt = pwd->pw_passwd;
} else
salt = (char *) "xx";
if (pwd) {
initgroups(username, pwd->pw_gid);
}
/* if user not super-user, check for disabled logins */
if (pwd == NULL || pwd->pw_uid)
checknologin();
/*
* Disallow automatic login to root; if not invoked by
* root, disallow if the uid's differ.
*/
if (fflag && pwd) {
int uid = getuid();
passwd_req = pwd->pw_uid == 0 ||
(uid && uid != pwd->pw_uid);
}
/*
* If no pre-authentication and a password exists
* for this user, prompt for one and verify it.
*/
if (!passwd_req || (pwd && !*pwd->pw_passwd))
break;
setpriority(PRIO_PROCESS, 0, -4);
pp = getpass("Password: "******"Login incorrect\n");
badlogin(username); /* log ALL bad logins */
failures++;
/* we allow 10 tries, but after 3 we start backing off */
if (++cnt > 3) {
if (cnt >= 10) {
sleepexit(1);
}
sleep((unsigned int)((cnt - 3) * 5));
}
}
/* committed to login -- turn off timeout */
alarm((unsigned int)0);
endpwent();
/* This requires some explanation: As root we may not be able to
read the directory of the user if it is on an NFS mounted
filesystem. We temporarily set our effective uid to the user-uid
making sure that we keep root privs. in the real uid.
A portable solution would require a fork(), but we rely on Linux
having the BSD setreuid() */
quietlog = 0;
dolastlog(quietlog);
chown(ttyn, pwd->pw_uid, pwd->pw_gid);
chmod(ttyn, TTY_MODE);
setgid(pwd->pw_gid);
if (*pwd->pw_shell == '\0')
pwd->pw_shell = (char *)_PATH_BSHELL;
/* preserve TERM even without -p flag */
{
char *ep;
if(!((ep = getenv("TERM")) && (termenv = strdup(ep))))
termenv = (char *) "dumb";
}
/* destroy environment unless user has requested preservation */
if (!pflag)
{
environ = (char**)malloc(sizeof(char*));
memset(environ, 0, sizeof(char*));
}
setenv("HOME", pwd->pw_dir, 0); /* legal to override */
if(pwd->pw_uid)
setenv("PATH", _PATH_DEFPATH, 1);
else
setenv("PATH", _PATH_DEFPATH_ROOT, 1);
setenv("SHELL", pwd->pw_shell, 1);
setenv("TERM", termenv, 1);
/* mailx will give a funny error msg if you forget this one */
{
char tmp[MAXPATHLEN];
/* avoid snprintf */
if (sizeof(_PATH_MAILDIR) + strlen(pwd->pw_name) + 1 < MAXPATHLEN) {
sprintf(tmp, "%s/%s", _PATH_MAILDIR, pwd->pw_name);
setenv("MAIL",tmp,0);
}
}
/* LOGNAME is not documented in login(1) but
HP-UX 6.5 does it. We'll not allow modifying it.
*/
setenv("LOGNAME", pwd->pw_name, 1);
if (!strncmp(tty_name, "ttyS", 4))
syslog(LOG_INFO, "DIALUP AT %s BY %s", tty_name, pwd->pw_name);
/* allow tracking of good logins.
-steve philp ([email protected]) */
if (pwd->pw_uid == 0) {
if (hostname)
syslog(LOG_NOTICE, "ROOT LOGIN ON %s FROM %s",
tty_name, hostname);
else
syslog(LOG_NOTICE, "ROOT LOGIN ON %s", tty_name);
} else {
if (hostname)
syslog(LOG_INFO, "LOGIN ON %s BY %s FROM %s", tty_name,
pwd->pw_name, hostname);
else
syslog(LOG_INFO, "LOGIN ON %s BY %s", tty_name,
pwd->pw_name);
}
if (!quietlog) {
struct stat st;
char *mail;
mail = getenv("MAIL");
if (mail && stat(mail, &st) == 0 && st.st_size != 0) {
if (st.st_mtime > st.st_atime)
printf("You have new mail.\n");
else
printf("You have mail.\n");
}
}
signal(SIGALRM, SIG_DFL);
signal(SIGQUIT, SIG_DFL);
signal(SIGTSTP, SIG_IGN);
signal(SIGINT, SIG_DFL);
/* discard permissions last so can't get killed and drop core */
if(setuid(pwd->pw_uid) < 0 && pwd->pw_uid) {
syslog(LOG_ALERT, "setuid() failed");
exit(1);
}
/* wait until here to change directory! */
if (chdir(pwd->pw_dir) < 0) {
printf("No directory %s!\n", pwd->pw_dir);
if (chdir("/"))
exit(0);
pwd->pw_dir = (char *) "/";
printf("Logging in with home = \"/\".\n");
}
/* if the shell field has a space: treat it like a shell script */
if (strchr(pwd->pw_shell, ' ')) {
buff = malloc(strlen(pwd->pw_shell) + 6);
if (!buff) {
fprintf(stderr, "login: no memory for shell script.\n");
exit(0);
}
strcpy(buff, "exec ");
strcat(buff, pwd->pw_shell);
childArgv[childArgc++] = (char *) "/bin/sh";
childArgv[childArgc++] = (char *) "-sh";
childArgv[childArgc++] = (char *) "-c";
childArgv[childArgc++] = buff;
} else {
tbuf[0] = '-';
xstrncpy(tbuf + 1, ((p = rindex(pwd->pw_shell, '/')) ?
p + 1 : pwd->pw_shell),
sizeof(tbuf)-1);
childArgv[childArgc++] = pwd->pw_shell;
childArgv[childArgc++] = tbuf;
}
childArgv[childArgc++] = NULL;
execvp(childArgv[0], childArgv + 1);
errsv = errno;
if (!strcmp(childArgv[0], "/bin/sh"))
fprintf(stderr, "login: couldn't exec shell script: %s.\n",
strerror(errsv));
else
fprintf(stderr, "login: no shell: %s.\n", strerror(errsv));
exit(0);
}
static inline clash_action ask_namematch(char *name, int isprimary,
ClashHandling_t *ch, int no_overwrite,
int reason)
{
char ans[10];
clash_action a;
int perm;
char unix_shortname[13];
#define EXISTS 0
#define RESERVED 1
#define ILLEGALS 2
static const char *reasons[]= {
"already exists",
"is reserved",
"contains illegal character(s)"};
if (!isprimary)
name = unix_normalize(unix_shortname, name, name+8);
a = ch->action[isprimary];
if(a == NAMEMATCH_NONE && !opentty(1)) {
/* no default, and no tty either . Skip the troublesome file */
return NAMEMATCH_SKIP;
}
perm = 0;
while (a == NAMEMATCH_NONE) {
fprintf(stderr, "%s file name \"%s\" %s.\n",
isprimary ? "Long" : "Short", name, reasons[reason]);
fprintf(stderr,
"a)utorename A)utorename-all r)ename R)ename-all ");
if(!no_overwrite)
fprintf(stderr,"o)verwrite O)verwrite-all");
fprintf(stderr,
"\ns)kip S)kip-all q)uit (aArR");
if(!no_overwrite)
fprintf(stderr,"oO");
fprintf(stderr,"sSq): ");
fflush(stderr);
fflush(opentty(1));
if (mtools_raw_tty) {
int rep;
rep = fgetc(opentty(1));
fputs("\n", stderr);
if(rep == EOF)
ans[0] = 'q';
else
ans[0] = rep;
} else {
fgets(ans, 9, opentty(0));
}
perm = isupper((unsigned char)ans[0]);
switch(tolower((unsigned char)ans[0])) {
case 'a':
a = NAMEMATCH_AUTORENAME;
break;
case 'r':
if(isprimary)
a = NAMEMATCH_PRENAME;
else
a = NAMEMATCH_RENAME;
break;
case 'o':
if(no_overwrite)
continue;
a = NAMEMATCH_OVERWRITE;
break;
case 's':
a = NAMEMATCH_SKIP;
break;
case 'q':
perm = 0;
a = NAMEMATCH_QUIT;
break;
default:
perm = 0;
}
}
/* Keep track of this action in case this file collides again */
ch->action[isprimary] = a;
if (perm)
ch->namematch_default[isprimary] = a;
/* if we were asked to overwrite be careful. We can't set the action
* to overwrite, else we get won't get a chance to specify another
* action, should overwrite fail. Indeed, we'll be caught in an
* infinite loop because overwrite will fail the same way for the
* second time */
if(a == NAMEMATCH_OVERWRITE)
ch->action[isprimary] = NAMEMATCH_NONE;
return a;
}
int main(int argc, char *argv[])
{
int c;
unsigned long flags = CLONE_NEWUSER | CLONE_NEWNS;
char ttyname0[256], ttyname1[256], ttyname2[256];
int status;
int ret;
int pid;
char *default_args[] = {"/bin/sh", NULL};
char buf[1];
int pipe1[2], // child tells parent it has unshared
pipe2[2]; // parent tells child it is mapped and may proceed
memset(ttyname0, '\0', sizeof(ttyname0));
memset(ttyname1, '\0', sizeof(ttyname1));
memset(ttyname2, '\0', sizeof(ttyname2));
if (isatty(0)) {
ret = readlink("/proc/self/fd/0", ttyname0, sizeof(ttyname0));
if (ret < 0) {
perror("unable to open stdin.");
exit(1);
}
ret = readlink("/proc/self/fd/1", ttyname1, sizeof(ttyname1));
if (ret < 0) {
printf("Warning: unable to open stdout, continuing.");
memset(ttyname1, '\0', sizeof(ttyname1));
}
ret = readlink("/proc/self/fd/2", ttyname2, sizeof(ttyname2));
if (ret < 0) {
printf("Warning: unable to open stderr, continuing.");
memset(ttyname2, '\0', sizeof(ttyname2));
}
}
lxc_list_init(&active_map);
while ((c = getopt(argc, argv, "m:h")) != EOF) {
switch (c) {
case 'm': if (parse_map(optarg)) usage(argv[0]); break;
case 'h':
default:
usage(argv[0]);
}
};
if (lxc_list_empty(&active_map)) {
if (find_default_map()) {
fprintf(stderr, "You have no allocated subuids or subgids\n");
exit(1);
}
}
argv = &argv[optind];
argc = argc - optind;
if (argc < 1) {
argv = default_args;
argc = 1;
}
if (pipe(pipe1) < 0 || pipe(pipe2) < 0) {
perror("pipe");
exit(1);
}
if ((pid = fork()) == 0) {
// Child.
close(pipe1[0]);
close(pipe2[1]);
opentty(ttyname0, 0);
opentty(ttyname1, 1);
opentty(ttyname2, 2);
ret = unshare(flags);
if (ret < 0) {
perror("unshare");
return 1;
}
buf[0] = '1';
if (write(pipe1[1], buf, 1) < 1) {
perror("write pipe");
exit(1);
}
if (read(pipe2[0], buf, 1) < 1) {
perror("read pipe");
exit(1);
}
if (buf[0] != '1') {
fprintf(stderr, "parent had an error, child exiting\n");
exit(1);
}
close(pipe1[1]);
close(pipe2[0]);
return do_child((void*)argv);
}
close(pipe1[1]);
close(pipe2[0]);
if (read(pipe1[0], buf, 1) < 1) {
perror("read pipe");
exit(1);
}
buf[0] = '1';
if (lxc_map_ids(&active_map, pid)) {
fprintf(stderr, "error mapping child\n");
ret = 0;
}
if (write(pipe2[1], buf, 1) < 0) {
perror("write to pipe");
exit(1);
}
if ((ret = waitpid(pid, &status, __WALL)) < 0) {
printf("waitpid() returns %d, errno %d\n", ret, errno);
exit(1);
}
exit(WEXITSTATUS(status));
}
int main(int argc, char *argv[])
{
int c, pid, ret, status;
char buf[1];
int pipe_fds1[2], /* child tells parent it has unshared */
pipe_fds2[2]; /* parent tells child it is mapped and may proceed */
unsigned long flags = CLONE_NEWUSER | CLONE_NEWNS;
char ttyname0[256] = {0}, ttyname1[256] = {0}, ttyname2[256] = {0};
char *default_args[] = {"/bin/sh", NULL};
lxc_log_fd = STDERR_FILENO;
if (isatty(STDIN_FILENO)) {
ret = readlink("/proc/self/fd/0", ttyname0, sizeof(ttyname0));
if (ret < 0) {
CMD_SYSERROR("Failed to open stdin");
_exit(EXIT_FAILURE);
}
ret = readlink("/proc/self/fd/1", ttyname1, sizeof(ttyname1));
if (ret < 0) {
CMD_SYSINFO("Failed to open stdout. Continuing");
ttyname1[0] = '\0';
}
ret = readlink("/proc/self/fd/2", ttyname2, sizeof(ttyname2));
if (ret < 0) {
CMD_SYSINFO("Failed to open stderr. Continuing");
ttyname2[0] = '\0';
}
}
lxc_list_init(&active_map);
while ((c = getopt(argc, argv, "m:h")) != EOF) {
switch (c) {
case 'm':
ret = parse_map(optarg);
if (ret < 0) {
usage(argv[0]);
_exit(EXIT_FAILURE);
}
break;
case 'h':
usage(argv[0]);
_exit(EXIT_SUCCESS);
default:
usage(argv[0]);
_exit(EXIT_FAILURE);
}
};
if (lxc_list_empty(&active_map)) {
ret = find_default_map();
if (ret < 0) {
fprintf(stderr, "Failed to find subuid or subgid allocation\n");
_exit(EXIT_FAILURE);
}
}
argv = &argv[optind];
argc = argc - optind;
if (argc < 1)
argv = default_args;
ret = pipe2(pipe_fds1, O_CLOEXEC);
if (ret < 0) {
CMD_SYSERROR("Failed to open new pipe");
_exit(EXIT_FAILURE);
}
ret = pipe2(pipe_fds2, O_CLOEXEC);
if (ret < 0) {
CMD_SYSERROR("Failed to open new pipe");
close(pipe_fds1[0]);
close(pipe_fds1[1]);
_exit(EXIT_FAILURE);
}
pid = fork();
if (pid < 0) {
close(pipe_fds1[0]);
close(pipe_fds1[1]);
close(pipe_fds2[0]);
close(pipe_fds2[1]);
_exit(EXIT_FAILURE);
}
if (pid == 0) {
close(pipe_fds1[0]);
close(pipe_fds2[1]);
opentty(ttyname0, STDIN_FILENO);
opentty(ttyname1, STDOUT_FILENO);
opentty(ttyname2, STDERR_FILENO);
ret = unshare(flags);
if (ret < 0) {
CMD_SYSERROR("Failed to unshare mount and user namespace");
close(pipe_fds1[1]);
close(pipe_fds2[0]);
_exit(EXIT_FAILURE);
}
buf[0] = '1';
ret = lxc_write_nointr(pipe_fds1[1], buf, 1);
if (ret != 1) {
CMD_SYSERROR("Failed to write to pipe file descriptor %d",
pipe_fds1[1]);
close(pipe_fds1[1]);
close(pipe_fds2[0]);
_exit(EXIT_FAILURE);
}
ret = lxc_read_nointr(pipe_fds2[0], buf, 1);
if (ret != 1) {
CMD_SYSERROR("Failed to read from pipe file descriptor %d",
pipe_fds2[0]);
close(pipe_fds1[1]);
close(pipe_fds2[0]);
_exit(EXIT_FAILURE);
}
close(pipe_fds1[1]);
close(pipe_fds2[0]);
if (buf[0] != '1') {
fprintf(stderr, "Received unexpected value from parent process\n");
_exit(EXIT_FAILURE);
}
ret = do_child((void *)argv);
if (ret < 0)
_exit(EXIT_FAILURE);
_exit(EXIT_SUCCESS);
}
close(pipe_fds1[1]);
close(pipe_fds2[0]);
ret = lxc_read_nointr(pipe_fds1[0], buf, 1);
if (ret <= 0)
CMD_SYSERROR("Failed to read from pipe file descriptor %d", pipe_fds1[0]);
buf[0] = '1';
ret = lxc_map_ids(&active_map, pid);
if (ret < 0)
fprintf(stderr, "Failed to write id mapping for child process\n");
ret = lxc_write_nointr(pipe_fds2[1], buf, 1);
if (ret < 0) {
CMD_SYSERROR("Failed to write to pipe file descriptor %d", pipe_fds2[1]);
_exit(EXIT_FAILURE);
}
ret = waitpid(pid, &status, __WALL);
if (ret < 0) {
CMD_SYSERROR("Failed to wait on child process");
_exit(EXIT_FAILURE);
}
_exit(WEXITSTATUS(status));
}
int
main(int argc, char **argv)
{
extern int optind;
extern char *optarg, **environ;
struct group *gr;
register int ch;
register char *p;
int ask, fflag, hflag, pflag, cnt, errsv;
int quietlog, passwd_req;
char *domain, *ttyn;
char tbuf[MAXPATHLEN + 2], tname[sizeof(_PATH_TTY) + 10];
char *termenv;
char *childArgv[10];
char *buff;
int childArgc = 0;
#ifdef HAVE_SECURITY_PAM_MISC_H
int retcode;
pam_handle_t *pamh = NULL;
struct pam_conv conv = { misc_conv, NULL };
pid_t childPid;
#else
char *salt, *pp;
#endif
#ifdef LOGIN_CHOWN_VCS
char vcsn[20], vcsan[20];
#endif
pid = getpid();
signal(SIGALRM, timedout);
alarm((unsigned int)timeout);
signal(SIGQUIT, SIG_IGN);
signal(SIGINT, SIG_IGN);
setlocale(LC_ALL, "");
bindtextdomain(PACKAGE, LOCALEDIR);
textdomain(PACKAGE);
setpriority(PRIO_PROCESS, 0, 0);
initproctitle(argc, argv);
/*
* -p is used by getty to tell login not to destroy the environment
* -f is used to skip a second login authentication
* -h is used by other servers to pass the name of the remote
* host to login so that it may be placed in utmp and wtmp
*/
gethostname(tbuf, sizeof(tbuf));
xstrncpy(thishost, tbuf, sizeof(thishost));
domain = index(tbuf, '.');
username = tty_name = hostname = NULL;
fflag = hflag = pflag = 0;
passwd_req = 1;
while ((ch = getopt(argc, argv, "fh:p")) != -1)
switch (ch) {
case 'f':
fflag = 1;
break;
case 'h':
if (getuid()) {
fprintf(stderr,
_("login: -h for super-user only.\n"));
exit(1);
}
hflag = 1;
if (domain && (p = index(optarg, '.')) &&
strcasecmp(p, domain) == 0)
*p = 0;
hostname = strdup(optarg); /* strdup: Ambrose C. Li */
{
struct hostent *he = gethostbyname(hostname);
/* he points to static storage; copy the part we use */
hostaddress[0] = 0;
if (he && he->h_addr_list && he->h_addr_list[0])
memcpy(hostaddress, he->h_addr_list[0],
sizeof(hostaddress));
}
break;
case 'p':
pflag = 1;
break;
case '?':
default:
fprintf(stderr,
_("usage: login [-fp] [username]\n"));
exit(1);
}
argc -= optind;
argv += optind;
if (*argv) {
char *p = *argv;
username = strdup(p);
ask = 0;
/* wipe name - some people mistype their password here */
/* (of course we are too late, but perhaps this helps a little ..) */
while(*p)
*p++ = ' ';
} else
ask = 1;
for (cnt = getdtablesize(); cnt > 2; cnt--)
close(cnt);
ttyn = ttyname(0);
if (ttyn == NULL || *ttyn == '\0') {
/* no snprintf required - see definition of tname */
sprintf(tname, "%s??", _PATH_TTY);
ttyn = tname;
}
check_ttyname(ttyn);
if (strncmp(ttyn, "/dev/", 5) == 0)
tty_name = ttyn+5;
else
tty_name = ttyn;
if (strncmp(ttyn, "/dev/tty", 8) == 0)
tty_number = ttyn+8;
else {
char *p = ttyn;
while (*p && !isdigit(*p)) p++;
tty_number = p;
}
#ifdef LOGIN_CHOWN_VCS
/* find names of Virtual Console devices, for later mode change */
snprintf(vcsn, sizeof(vcsn), "/dev/vcs%s", tty_number);
snprintf(vcsan, sizeof(vcsan), "/dev/vcsa%s", tty_number);
#endif
/* set pgid to pid */
setpgrp();
/* this means that setsid() will fail */
{
struct termios tt, ttt;
tcgetattr(0, &tt);
ttt = tt;
ttt.c_cflag &= ~HUPCL;
/* These can fail, e.g. with ttyn on a read-only filesystem */
chown(ttyn, 0, 0);
chmod(ttyn, TTY_MODE);
/* Kill processes left on this tty */
tcsetattr(0,TCSAFLUSH,&ttt);
signal(SIGHUP, SIG_IGN); /* so vhangup() wont kill us */
vhangup();
signal(SIGHUP, SIG_DFL);
/* open stdin,stdout,stderr to the tty */
opentty(ttyn);
/* restore tty modes */
tcsetattr(0,TCSAFLUSH,&tt);
}
openlog("login", LOG_ODELAY, LOG_AUTHPRIV);
#if 0
/* other than iso-8859-1 */
printf("\033(K");
fprintf(stderr,"\033(K");
#endif
#ifdef HAVE_SECURITY_PAM_MISC_H
/*
* username is initialized to NULL
* and if specified on the command line it is set.
* Therefore, we are safe not setting it to anything
*/
retcode = pam_start("login",username, &conv, &pamh);
if(retcode != PAM_SUCCESS) {
fprintf(stderr, _("login: PAM Failure, aborting: %s\n"),
pam_strerror(pamh, retcode));
syslog(LOG_ERR, _("Couldn't initialize PAM: %s"),
pam_strerror(pamh, retcode));
exit(99);
}
/* hostname & tty are either set to NULL or their correct values,
depending on how much we know */
retcode = pam_set_item(pamh, PAM_RHOST, hostname);
PAM_FAIL_CHECK;
retcode = pam_set_item(pamh, PAM_TTY, tty_name);
PAM_FAIL_CHECK;
/*
* [email protected]: Provide a user prompt to PAM
* so that the "login: "******"Password: "******"login: "******"\033(K");
fprintf(stderr,"\033(K");
#endif
/* if fflag == 1, then the user has already been authenticated */
if (fflag && (getuid() == 0))
passwd_req = 0;
else
passwd_req = 1;
if(passwd_req == 1) {
int failcount=0;
/* if we didn't get a user on the command line, set it to NULL */
pam_get_item(pamh, PAM_USER, (const void **) &username);
if (!username)
pam_set_item(pamh, PAM_USER, NULL);
/* there may be better ways to deal with some of these
conditions, but at least this way I don't think we'll
be giving away information... */
/* Perhaps someday we can trust that all PAM modules will
pay attention to failure count and get rid of MAX_LOGIN_TRIES? */
retcode = pam_authenticate(pamh, 0);
while((failcount++ < PAM_MAX_LOGIN_TRIES) &&
((retcode == PAM_AUTH_ERR) ||
(retcode == PAM_USER_UNKNOWN) ||
(retcode == PAM_CRED_INSUFFICIENT) ||
(retcode == PAM_AUTHINFO_UNAVAIL))) {
pam_get_item(pamh, PAM_USER, (const void **) &username);
syslog(LOG_NOTICE,_("FAILED LOGIN %d FROM %s FOR %s, %s"),
failcount, hostname, username, pam_strerror(pamh, retcode));
logbtmp(tty_name, username, hostname);
fprintf(stderr,_("Login incorrect\n\n"));
pam_set_item(pamh,PAM_USER,NULL);
retcode = pam_authenticate(pamh, 0);
}
if (retcode != PAM_SUCCESS) {
pam_get_item(pamh, PAM_USER, (const void **) &username);
if (retcode == PAM_MAXTRIES)
syslog(LOG_NOTICE,_("TOO MANY LOGIN TRIES (%d) FROM %s FOR "
"%s, %s"), failcount, hostname, username,
pam_strerror(pamh, retcode));
else
syslog(LOG_NOTICE,_("FAILED LOGIN SESSION FROM %s FOR %s, %s"),
hostname, username, pam_strerror(pamh, retcode));
logbtmp(tty_name, username, hostname);
fprintf(stderr,_("\nLogin incorrect\n"));
pam_end(pamh, retcode);
exit(0);
}
retcode = pam_acct_mgmt(pamh, 0);
if(retcode == PAM_NEW_AUTHTOK_REQD) {
retcode = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
}
PAM_FAIL_CHECK;
}
/*
* Grab the user information out of the password file for future usage
* First get the username that we are actually using, though.
*/
retcode = pam_get_item(pamh, PAM_USER, (const void **) &username);
PAM_FAIL_CHECK;
if (!username || !*username) {
fprintf(stderr, _("\nSession setup problem, abort.\n"));
syslog(LOG_ERR, _("NULL user name in %s:%d. Abort."),
__FUNCTION__, __LINE__);
pam_end(pamh, PAM_SYSTEM_ERR);
exit(1);
}
if (!(pwd = getpwnam(username))) {
fprintf(stderr, _("\nSession setup problem, abort.\n"));
syslog(LOG_ERR, _("Invalid user name \"%s\" in %s:%d. Abort."),
username, __FUNCTION__, __LINE__);
pam_end(pamh, PAM_SYSTEM_ERR);
exit(1);
}
/*
* Create a copy of the pwd struct - otherwise it may get
* clobbered by PAM
*/
memcpy(&pwdcopy, pwd, sizeof(*pwd));
pwd = &pwdcopy;
pwd->pw_name = strdup(pwd->pw_name);
pwd->pw_passwd = strdup(pwd->pw_passwd);
pwd->pw_gecos = strdup(pwd->pw_gecos);
pwd->pw_dir = strdup(pwd->pw_dir);
pwd->pw_shell = strdup(pwd->pw_shell);
if (!pwd->pw_name || !pwd->pw_passwd || !pwd->pw_gecos ||
!pwd->pw_dir || !pwd->pw_shell) {
fprintf(stderr, _("login: Out of memory\n"));
syslog(LOG_ERR, "Out of memory");
pam_end(pamh, PAM_SYSTEM_ERR);
exit(1);
}
username = pwd->pw_name;
/*
* Initialize the supplementary group list.
* This should be done before pam_setcred because
* the PAM modules might add groups during pam_setcred.
*/
if (initgroups(username, pwd->pw_gid) < 0) {
syslog(LOG_ERR, "initgroups: %m");
fprintf(stderr, _("\nSession setup problem, abort.\n"));
pam_end(pamh, PAM_SYSTEM_ERR);
exit(1);
}
retcode = pam_open_session(pamh, 0);
PAM_FAIL_CHECK;
retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED);
PAM_FAIL_CHECK;
#else /* ! HAVE_SECURITY_PAM_MISC_H */
for (cnt = 0;; ask = 1) {
if (ask) {
fflag = 0;
getloginname();
}
/* Dirty patch to fix a gigantic security hole when using
yellow pages. This problem should be solved by the
libraries, and not by programs, but this must be fixed
urgently! If the first char of the username is '+', we
avoid login success.
Feb 95 <*****@*****.**> */
if (username[0] == '+') {
puts(_("Illegal username"));
badlogin(username);
sleepexit(1);
}
/* (void)strcpy(tbuf, username); why was this here? */
if ((pwd = getpwnam(username))) {
# ifdef SHADOW_PWD
struct spwd *sp;
if ((sp = getspnam(username)))
pwd->pw_passwd = sp->sp_pwdp;
# endif
salt = pwd->pw_passwd;
} else
salt = "xx";
if (pwd) {
initgroups(username, pwd->pw_gid);
checktty(username, tty_name, pwd); /* in checktty.c */
}
/* if user not super-user, check for disabled logins */
if (pwd == NULL || pwd->pw_uid)
checknologin();
/*
* Disallow automatic login to root; if not invoked by
* root, disallow if the uid's differ.
*/
if (fflag && pwd) {
int uid = getuid();
passwd_req = pwd->pw_uid == 0 ||
(uid && uid != pwd->pw_uid);
}
/*
* If trying to log in as root, but with insecure terminal,
* refuse the login attempt.
*/
if (pwd && pwd->pw_uid == 0 && !rootterm(tty_name)) {
fprintf(stderr,
_("%s login refused on this terminal.\n"),
pwd->pw_name);
if (hostname)
syslog(LOG_NOTICE,
_("LOGIN %s REFUSED FROM %s ON TTY %s"),
pwd->pw_name, hostname, tty_name);
else
syslog(LOG_NOTICE,
_("LOGIN %s REFUSED ON TTY %s"),
pwd->pw_name, tty_name);
continue;
}
/*
* If no pre-authentication and a password exists
* for this user, prompt for one and verify it.
*/
if (!passwd_req || (pwd && !*pwd->pw_passwd))
break;
setpriority(PRIO_PROCESS, 0, -4);
pp = getpass(_("Password: "******"CRYPTO", 6) == 0) {
if (pwd && cryptocard()) break;
}
# endif /* CRYPTOCARD */
p = crypt(pp, salt);
setpriority(PRIO_PROCESS, 0, 0);
# ifdef KERBEROS
/*
* If not present in pw file, act as we normally would.
* If we aren't Kerberos-authenticated, try the normal
* pw file for a password. If that's ok, log the user
* in without issueing any tickets.
*/
if (pwd && !krb_get_lrealm(realm,1)) {
/*
* get TGT for local realm; be careful about uid's
* here for ticket file ownership
*/
setreuid(geteuid(),pwd->pw_uid);
kerror = krb_get_pw_in_tkt(pwd->pw_name, "", realm,
"krbtgt", realm, DEFAULT_TKT_LIFE, pp);
setuid(0);
if (kerror == INTK_OK) {
memset(pp, 0, strlen(pp));
notickets = 0; /* user got ticket */
break;
}
}
# endif /* KERBEROS */
memset(pp, 0, strlen(pp));
if (pwd && !strcmp(p, pwd->pw_passwd))
break;
printf(_("Login incorrect\n"));
badlogin(username); /* log ALL bad logins */
failures++;
/* we allow 10 tries, but after 3 we start backing off */
if (++cnt > 3) {
if (cnt >= 10) {
sleepexit(1);
}
sleep((unsigned int)((cnt - 3) * 5));
}
}
#endif /* !HAVE_SECURITY_PAM_MISC_H */
/* committed to login -- turn off timeout */
alarm((unsigned int)0);
endpwent();
/* This requires some explanation: As root we may not be able to
read the directory of the user if it is on an NFS mounted
filesystem. We temporarily set our effective uid to the user-uid
making sure that we keep root privs. in the real uid.
A portable solution would require a fork(), but we rely on Linux
having the BSD setreuid() */
{
char tmpstr[MAXPATHLEN];
uid_t ruid = getuid();
gid_t egid = getegid();
/* avoid snprintf - old systems do not have it, or worse,
have a libc in which snprintf is the same as sprintf */
if (strlen(pwd->pw_dir) + sizeof(_PATH_HUSHLOGIN) + 2 > MAXPATHLEN)
quietlog = 0;
else {
sprintf(tmpstr, "%s/%s", pwd->pw_dir, _PATH_HUSHLOGIN);
setregid(-1, pwd->pw_gid);
setreuid(0, pwd->pw_uid);
quietlog = (access(tmpstr, R_OK) == 0);
setuid(0); /* setreuid doesn't do it alone! */
setreuid(ruid, 0);
setregid(-1, egid);
}
}
/* for linux, write entries in utmp and wtmp */
{
struct utmp ut;
struct utmp *utp;
utmpname(_PATH_UTMP);
setutent();
/* Find pid in utmp.
login sometimes overwrites the runlevel entry in /var/run/utmp,
confusing sysvinit. I added a test for the entry type, and the problem
was gone. (In a runlevel entry, st_pid is not really a pid but some number
calculated from the previous and current runlevel).
Michael Riepe <*****@*****.**>
*/
while ((utp = getutent()))
if (utp->ut_pid == pid
&& utp->ut_type >= INIT_PROCESS
&& utp->ut_type <= DEAD_PROCESS)
break;
/* If we can't find a pre-existing entry by pid, try by line.
BSD network daemons may rely on this. (anonymous) */
if (utp == NULL) {
setutent();
ut.ut_type = LOGIN_PROCESS;
strncpy(ut.ut_line, tty_name, sizeof(ut.ut_line));
utp = getutline(&ut);
}
if (utp) {
memcpy(&ut, utp, sizeof(ut));
} else {
/* some gettys/telnetds don't initialize utmp... */
memset(&ut, 0, sizeof(ut));
}
if (ut.ut_id[0] == 0)
strncpy(ut.ut_id, tty_number, sizeof(ut.ut_id));
strncpy(ut.ut_user, username, sizeof(ut.ut_user));
xstrncpy(ut.ut_line, tty_name, sizeof(ut.ut_line));
#ifdef _HAVE_UT_TV /* in <utmpbits.h> included by <utmp.h> */
gettimeofday(&ut.ut_tv, NULL);
#else
{
time_t t;
time(&t);
ut.ut_time = t; /* ut_time is not always a time_t */
/* glibc2 #defines it as ut_tv.tv_sec */
}
#endif
ut.ut_type = USER_PROCESS;
ut.ut_pid = pid;
if (hostname) {
xstrncpy(ut.ut_host, hostname, sizeof(ut.ut_host));
if (hostaddress[0])
memcpy(&ut.ut_addr, hostaddress, sizeof(ut.ut_addr));
}
pututline(&ut);
endutent();
#if HAVE_UPDWTMP
updwtmp(_PATH_WTMP, &ut);
#else
#if 0
/* The O_APPEND open() flag should be enough to guarantee
atomic writes at end of file. */
{
int wtmp;
if((wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY)) >= 0) {
write(wtmp, (char *)&ut, sizeof(ut));
close(wtmp);
}
}
#else
/* Probably all this locking below is just nonsense,
and the short version is OK as well. */
{
int lf, wtmp;
if ((lf = open(_PATH_WTMPLOCK, O_CREAT|O_WRONLY, 0660)) >= 0) {
flock(lf, LOCK_EX);
if ((wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY)) >= 0) {
write(wtmp, (char *)&ut, sizeof(ut));
close(wtmp);
}
flock(lf, LOCK_UN);
close(lf);
}
}
#endif
#endif
}
dolastlog(quietlog);
chown(ttyn, pwd->pw_uid,
(gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid);
chmod(ttyn, TTY_MODE);
#ifdef LOGIN_CHOWN_VCS
/* if tty is one of the VC's then change owner and mode of the
special /dev/vcs devices as well */
if (consoletty(0)) {
chown(vcsn, pwd->pw_uid, (gr ? gr->gr_gid : pwd->pw_gid));
chown(vcsan, pwd->pw_uid, (gr ? gr->gr_gid : pwd->pw_gid));
chmod(vcsn, TTY_MODE);
chmod(vcsan, TTY_MODE);
}
#endif
setgid(pwd->pw_gid);
if (*pwd->pw_shell == '\0')
pwd->pw_shell = _PATH_BSHELL;
/* preserve TERM even without -p flag */
{
char *ep;
if(!((ep = getenv("TERM")) && (termenv = strdup(ep))))
termenv = "dumb";
}
/* destroy environment unless user has requested preservation */
if (!pflag)
{
environ = (char**)malloc(sizeof(char*));
memset(environ, 0, sizeof(char*));
}
setenv("HOME", pwd->pw_dir, 0); /* legal to override */
if(pwd->pw_uid)
setenv("PATH", _PATH_DEFPATH, 1);
else
setenv("PATH", _PATH_DEFPATH_ROOT, 1);
setenv("SHELL", pwd->pw_shell, 1);
setenv("TERM", termenv, 1);
/* mailx will give a funny error msg if you forget this one */
{
char tmp[MAXPATHLEN];
/* avoid snprintf */
if (sizeof(_PATH_MAILDIR) + strlen(pwd->pw_name) + 1 < MAXPATHLEN) {
sprintf(tmp, "%s/%s", _PATH_MAILDIR, pwd->pw_name);
setenv("MAIL",tmp,0);
}
}
/* LOGNAME is not documented in login(1) but
HP-UX 6.5 does it. We'll not allow modifying it.
*/
setenv("LOGNAME", pwd->pw_name, 1);
#ifdef HAVE_SECURITY_PAM_MISC_H
{
int i;
char ** env = pam_getenvlist(pamh);
if (env != NULL) {
for (i=0; env[i]; i++) {
putenv(env[i]);
/* D(("env[%d] = %s", i,env[i])); */
}
}
}
#endif
setproctitle("login", username);
if (!strncmp(tty_name, "ttyS", 4))
syslog(LOG_INFO, _("DIALUP AT %s BY %s"), tty_name, pwd->pw_name);
/* allow tracking of good logins.
-steve philp ([email protected]) */
if (pwd->pw_uid == 0) {
if (hostname)
syslog(LOG_NOTICE, _("ROOT LOGIN ON %s FROM %s"),
tty_name, hostname);
else
syslog(LOG_NOTICE, _("ROOT LOGIN ON %s"), tty_name);
} else {
if (hostname)
syslog(LOG_INFO, _("LOGIN ON %s BY %s FROM %s"), tty_name,
pwd->pw_name, hostname);
else
syslog(LOG_INFO, _("LOGIN ON %s BY %s"), tty_name,
pwd->pw_name);
}
if (!quietlog) {
motd();
#ifdef LOGIN_STAT_MAIL
/*
* This turns out to be a bad idea: when the mail spool
* is NFS mounted, and the NFS connection hangs, the
* login hangs, even root cannot login.
* Checking for mail should be done from the shell.
*/
{
struct stat st;
char *mail;
mail = getenv("MAIL");
if (mail && stat(mail, &st) == 0 && st.st_size != 0) {
if (st.st_mtime > st.st_atime)
printf(_("You have new mail.\n"));
else
printf(_("You have mail.\n"));
}
}
#endif
}
signal(SIGALRM, SIG_DFL);
signal(SIGQUIT, SIG_DFL);
signal(SIGTSTP, SIG_IGN);
#ifdef HAVE_SECURITY_PAM_MISC_H
/*
* We must fork before setuid() because we need to call
* pam_close_session() as root.
*/
childPid = fork();
if (childPid < 0) {
int errsv = errno;
/* error in fork() */
fprintf(stderr, _("login: failure forking: %s"), strerror(errsv));
PAM_END;
exit(0);
}
if (childPid) {
/* parent - wait for child to finish, then cleanup session */
signal(SIGHUP, SIG_IGN);
signal(SIGINT, SIG_IGN);
signal(SIGQUIT, SIG_IGN);
signal(SIGTSTP, SIG_IGN);
signal(SIGTTIN, SIG_IGN);
signal(SIGTTOU, SIG_IGN);
wait(NULL);
PAM_END;
exit(0);
}
/* child */
/*
* Problem: if the user's shell is a shell like ash that doesnt do
* setsid() or setpgrp(), then a ctrl-\, sending SIGQUIT to every
* process in the pgrp, will kill us.
*/
/* start new session */
setsid();
/* make sure we have a controlling tty */
opentty(ttyn);
openlog("login", LOG_ODELAY, LOG_AUTHPRIV); /* reopen */
/*
* TIOCSCTTY: steal tty from other process group.
*/
if (ioctl(0, TIOCSCTTY, 1))
syslog(LOG_ERR, _("TIOCSCTTY failed: %m"));
#endif
signal(SIGINT, SIG_DFL);
/* discard permissions last so can't get killed and drop core */
if(setuid(pwd->pw_uid) < 0 && pwd->pw_uid) {
syslog(LOG_ALERT, _("setuid() failed"));
exit(1);
}
/* wait until here to change directory! */
if (chdir(pwd->pw_dir) < 0) {
printf(_("No directory %s!\n"), pwd->pw_dir);
if (chdir("/"))
exit(0);
pwd->pw_dir = "/";
printf(_("Logging in with home = \"/\".\n"));
}
/* if the shell field has a space: treat it like a shell script */
if (strchr(pwd->pw_shell, ' ')) {
buff = malloc(strlen(pwd->pw_shell) + 6);
if (!buff) {
fprintf(stderr, _("login: no memory for shell script.\n"));
exit(0);
}
strcpy(buff, "exec ");
strcat(buff, pwd->pw_shell);
childArgv[childArgc++] = "/bin/sh";
childArgv[childArgc++] = "-sh";
childArgv[childArgc++] = "-c";
childArgv[childArgc++] = buff;
} else {
tbuf[0] = '-';
xstrncpy(tbuf + 1, ((p = rindex(pwd->pw_shell, '/')) ?
p + 1 : pwd->pw_shell),
sizeof(tbuf)-1);
childArgv[childArgc++] = pwd->pw_shell;
childArgv[childArgc++] = tbuf;
}
childArgv[childArgc++] = NULL;
execvp(childArgv[0], childArgv + 1);
errsv = errno;
if (!strcmp(childArgv[0], "/bin/sh"))
fprintf(stderr, _("login: couldn't exec shell script: %s.\n"),
strerror(errsv));
else
fprintf(stderr, _("login: no shell: %s.\n"), strerror(errsv));
exit(0);
}
void
main(int argc, char *argv[])
{
Dir *db;
Lsym *l;
Node *n;
char buf[128], *s;
int pid, i;
char *p;
char afile[512];
argv0 = argv[0];
pid = 0;
aout = "v.out";
quiet = 1;
/* turn off all debugging */
protodebug = 0;
mtype = 0;
ARGBEGIN{
case 'm':
mtype = ARGF();
break;
case 'w':
wtflag = 1;
break;
case 'l':
s = ARGF();
if(s == 0)
usage();
lm[nlm++] = s;
break;
case 'd':
p = ARGF();
if (p == 0)
usage();
while (*p) {
setdbg_opt(*p, 0); /* don't print set message */
p++;
}
break;
case 'k':
kernel++;
break;
case 'q':
quiet = 0;
break;
case 'r':
pid = 1;
remote++;
kernel++;
break;
case 'R':
pid = 1;
rdebug++;
s = ARGF();
if(s == 0)
usage();
remfd = opentty(s, 0);
if(remfd < 0){
fprint(2, "acid: can't open %s: %r\n", s);
exits("open");
}
break;
default:
usage();
}ARGEND
if(argc > 0) {
if(remote || rdebug)
aout = argv[0];
else
if(isnumeric(argv[0])) {
pid = atoi(argv[0]);
sprint(prog, "/proc/%d/text", pid);
aout = prog;
if(argc > 1)
aout = argv[1];
else if(kernel)
aout = mysystem();
}
else {
if(kernel) {
print("-k requires a pid");
kernel = 0;
}
aout = argv[0];
}
} else if(rdebug)
aout = "/386/bpc";
else if(remote)
aout = "/mips/bcarrera";
fmtinstall('x', xfmt);
fmtinstall('L', Lfmt);
fmtinstall('f', gfltconv);
fmtinstall('F', gfltconv);
fmtinstall('g', gfltconv);
fmtinstall('G', gfltconv);
fmtinstall('e', gfltconv);
fmtinstall('E', gfltconv);
Binit(&bioout, 1, OWRITE);
bout = &bioout;
kinit();
initialising = 1;
pushfile(0);
loadvars();
installbuiltin();
if(mtype && machbyname(mtype) == 0)
print("unknown machine %s", mtype);
if (attachfiles(aout, pid) < 0)
varreg(); /* use default register set on error */
acidlib = getenv("ACIDLIB");
if(acidlib == nil){
p = getenv("ROOT");
if(p == nil)
p = "/usr/inferno";
snprint(afile, sizeof(afile)-1, "%s/lib/acid", p);
acidlib = strdup(afile);
}
snprint(afile, sizeof(afile)-1, "%s/port", acidlib);
loadmodule(afile);
for(i = 0; i < nlm; i++) {
if((db = dirstat(lm[i])) != nil) {
free(db);
loadmodule(lm[i]);
} else {
sprint(buf, "%s/%s", acidlib, lm[i]);
loadmodule(buf);
}
}
userinit();
varsym();
l = look("acidmap");
if(l && l->proc) {
n = an(ONAME, ZN, ZN);
n->sym = l;
n = an(OCALL, n, ZN);
execute(n);
}
interactive = 1;
initialising = 0;
line = 1;
setup_os_notify();
for(;;) {
if(setjmp(err)) {
Binit(&bioout, 1, OWRITE);
unwind();
}
stacked = 0;
Bprint(bout, "acid: ");
if(yyparse() != 1)
die();
restartio();
unwind();
}
/* not reached */
}
