int
main(int argc, char *argv[])
{
struct group *gr;
struct stat st;
int ask, ch, cnt, fflag, hflag, pflag, sflag, quietlog, rootlogin, rval;
uid_t uid, saved_uid;
gid_t saved_gid, saved_gids[NGROUPS_MAX];
int nsaved_gids;
#ifdef notdef
char *domain;
#endif
char *p, *ttyn;
const char *pwprompt;
char tbuf[MAXPATHLEN + 2], tname[sizeof(_PATH_TTY) + 10];
char localhost[MAXHOSTNAMELEN + 1];
int need_chpass, require_chpass;
int login_retries = DEFAULT_RETRIES,
login_backoff = DEFAULT_BACKOFF;
time_t pw_warntime = _PASSWORD_WARNDAYS * SECSPERDAY;
char *loginname = NULL;
#ifdef KERBEROS5
int Fflag;
krb5_error_code kerror;
#endif
#if defined(KERBEROS5)
int got_tickets = 0;
#endif
#ifdef LOGIN_CAP
char *shell = NULL;
login_cap_t *lc = NULL;
#endif
tbuf[0] = '\0';
rval = 0;
pwprompt = NULL;
nested = NULL;
need_chpass = require_chpass = 0;
(void)signal(SIGALRM, timedout);
(void)alarm(timeout);
(void)signal(SIGQUIT, SIG_IGN);
(void)signal(SIGINT, SIG_IGN);
(void)setpriority(PRIO_PROCESS, 0, 0);
openlog("login", 0, LOG_AUTH);
/*
* -p is used by getty to tell login not to destroy the environment
* -f is used to skip a second login authentication
* -h is used by other servers to pass the name of the remote host to
* login so that it may be placed in utmp/utmpx and wtmp/wtmpx
* -a in addition to -h, a server may supply -a to pass the actual
* server address.
* -s is used to force use of S/Key or equivalent.
*/
if (gethostname(localhost, sizeof(localhost)) < 0) {
syslog(LOG_ERR, "couldn't get local hostname: %m");
strcpy(hostname, "amnesiac");
}
#ifdef notdef
domain = strchr(localhost, '.');
#endif
localhost[sizeof(localhost) - 1] = '\0';
fflag = hflag = pflag = sflag = 0;
have_ss = 0;
#ifdef KERBEROS5
Fflag = 0;
have_forward = 0;
#endif
uid = getuid();
while ((ch = getopt(argc, argv, "a:Ffh:ps")) != -1)
switch (ch) {
case 'a':
if (uid)
errx(EXIT_FAILURE, "-a option: %s", strerror(EPERM));
decode_ss(optarg);
#ifdef notdef
(void)sockaddr_snprintf(optarg,
sizeof(struct sockaddr_storage), "%a", (void *)&ss);
#endif
break;
case 'F':
#ifdef KERBEROS5
Fflag = 1;
#endif
/* FALLTHROUGH */
case 'f':
fflag = 1;
break;
case 'h':
if (uid)
errx(EXIT_FAILURE, "-h option: %s", strerror(EPERM));
hflag = 1;
#ifdef notdef
if (domain && (p = strchr(optarg, '.')) != NULL &&
strcasecmp(p, domain) == 0)
*p = '\0';
#endif
hostname = optarg;
break;
case 'p':
pflag = 1;
break;
case 's':
sflag = 1;
break;
default:
case '?':
usage();
break;
}
setproctitle(NULL);
argc -= optind;
argv += optind;
if (*argv) {
username = loginname = *argv;
ask = 0;
} else
ask = 1;
#ifdef F_CLOSEM
(void)fcntl(3, F_CLOSEM, 0);
#else
for (cnt = getdtablesize(); cnt > 2; cnt--)
(void)close(cnt);
#endif
ttyn = ttyname(STDIN_FILENO);
if (ttyn == NULL || *ttyn == '\0') {
(void)snprintf(tname, sizeof(tname), "%s??", _PATH_TTY);
ttyn = tname;
}
if ((tty = strstr(ttyn, "/pts/")) != NULL)
++tty;
else if ((tty = strrchr(ttyn, '/')) != NULL)
++tty;
else
tty = ttyn;
if (issetugid()) {
nested = strdup(user_from_uid(getuid(), 0));
if (nested == NULL) {
syslog(LOG_ERR, "strdup: %m");
sleepexit(EXIT_FAILURE);
}
}
#ifdef LOGIN_CAP
/* Get "login-retries" and "login-backoff" from default class */
if ((lc = login_getclass(NULL)) != NULL) {
login_retries = (int)login_getcapnum(lc, "login-retries",
DEFAULT_RETRIES, DEFAULT_RETRIES);
login_backoff = (int)login_getcapnum(lc, "login-backoff",
DEFAULT_BACKOFF, DEFAULT_BACKOFF);
login_close(lc);
lc = NULL;
}
#endif
#ifdef KERBEROS5
kerror = krb5_init_context(&kcontext);
if (kerror) {
/*
* If Kerberos is not configured, that is, we are
* not using Kerberos, do not log the error message.
* However, if Kerberos is configured, and the
* context init fails for some other reason, we need
* to issue a no tickets warning to the user when the
* login succeeds.
*/
if (kerror != ENXIO) { /* XXX NetBSD-local Heimdal hack */
syslog(LOG_NOTICE,
"%s when initializing Kerberos context",
error_message(kerror));
krb5_configured = 1;
}
login_krb5_get_tickets = 0;
}
#endif /* KERBEROS5 */
for (cnt = 0;; ask = 1) {
#if defined(KERBEROS5)
if (login_krb5_get_tickets)
k5destroy();
#endif
if (ask) {
fflag = 0;
loginname = getloginname();
}
rootlogin = 0;
#ifdef KERBEROS5
if ((instance = strchr(loginname, '/')) != NULL)
*instance++ = '\0';
else
instance = __UNCONST("");
#endif
username = trimloginname(loginname);
/*
* Note if trying multiple user names; log failures for
* previous user name, but don't bother logging one failure
* for nonexistent name (mistyped username).
*/
if (failures && strcmp(tbuf, username)) {
if (failures > (pwd ? 0 : 1))
badlogin(tbuf);
failures = 0;
}
(void)strlcpy(tbuf, username, sizeof(tbuf));
pwd = getpwnam(username);
#ifdef LOGIN_CAP
/*
* Establish the class now, before we might goto
* within the next block. pwd can be NULL since it
* falls back to the "default" class if it is.
*/
lc = login_getclass(pwd ? pwd->pw_class : NULL);
#endif
/*
* if we have a valid account name, and it doesn't have a
* password, or the -f option was specified and the caller
* is root or the caller isn't changing their uid, don't
* authenticate.
*/
if (pwd) {
if (pwd->pw_uid == 0)
rootlogin = 1;
if (fflag && (uid == 0 || uid == pwd->pw_uid)) {
/* already authenticated */
#ifdef KERBEROS5
if (login_krb5_get_tickets && Fflag)
k5_read_creds(username);
#endif
break;
} else if (pwd->pw_passwd[0] == '\0') {
/* pretend password okay */
rval = 0;
goto ttycheck;
}
}
fflag = 0;
(void)setpriority(PRIO_PROCESS, 0, -4);
#ifdef SKEY
if (skey_haskey(username) == 0) {
static char skprompt[80];
const char *skinfo = skey_keyinfo(username);
(void)snprintf(skprompt, sizeof(skprompt),
"Password [ %s ]:",
skinfo ? skinfo : "error getting challenge");
pwprompt = skprompt;
} else
#endif
pwprompt = "Password:"******"Login incorrect or refused on this "
"terminal.\n");
if (hostname)
syslog(LOG_NOTICE,
"LOGIN %s REFUSED FROM %s ON TTY %s",
pwd->pw_name, hostname, tty);
else
syslog(LOG_NOTICE,
"LOGIN %s REFUSED ON TTY %s",
pwd->pw_name, tty);
continue;
}
if (pwd && !rval)
break;
(void)printf("Login incorrect or refused on this "
"terminal.\n");
failures++;
cnt++;
/*
* We allow login_retries tries, but after login_backoff
* we start backing off. These default to 10 and 3
* respectively.
*/
if (cnt > login_backoff) {
if (cnt >= login_retries) {
badlogin(username);
sleepexit(EXIT_FAILURE);
}
sleep((u_int)((cnt - login_backoff) * 5));
}
}
/* committed to login -- turn off timeout */
(void)alarm((u_int)0);
endpwent();
/* if user not super-user, check for disabled logins */
#ifdef LOGIN_CAP
if (!login_getcapbool(lc, "ignorenologin", rootlogin))
checknologin(login_getcapstr(lc, "nologin", NULL, NULL));
#else
if (!rootlogin)
checknologin(NULL);
#endif
#ifdef LOGIN_CAP
quietlog = login_getcapbool(lc, "hushlogin", 0);
#else
quietlog = 0;
#endif
/* Temporarily give up special privileges so we can change */
/* into NFS-mounted homes that are exported for non-root */
/* access and have mode 7x0 */
saved_uid = geteuid();
saved_gid = getegid();
nsaved_gids = getgroups(NGROUPS_MAX, saved_gids);
(void)setegid(pwd->pw_gid);
initgroups(username, pwd->pw_gid);
(void)seteuid(pwd->pw_uid);
if (chdir(pwd->pw_dir) < 0) {
#ifdef LOGIN_CAP
if (login_getcapbool(lc, "requirehome", 0)) {
(void)printf("Home directory %s required\n",
pwd->pw_dir);
sleepexit(EXIT_FAILURE);
}
#endif
(void)printf("No home directory %s!\n", pwd->pw_dir);
if (chdir("/") == -1)
exit(EXIT_FAILURE);
pwd->pw_dir = __UNCONST("/");
(void)printf("Logging in with home = \"/\".\n");
}
if (!quietlog)
quietlog = access(_PATH_HUSHLOGIN, F_OK) == 0;
/* regain special privileges */
(void)seteuid(saved_uid);
setgroups(nsaved_gids, saved_gids);
(void)setegid(saved_gid);
#ifdef LOGIN_CAP
pw_warntime = login_getcaptime(lc, "password-warn",
_PASSWORD_WARNDAYS * SECSPERDAY,
_PASSWORD_WARNDAYS * SECSPERDAY);
#endif
(void)gettimeofday(&now, NULL);
if (pwd->pw_expire) {
if (now.tv_sec >= pwd->pw_expire) {
(void)printf("Sorry -- your account has expired.\n");
sleepexit(EXIT_FAILURE);
} else if (pwd->pw_expire - now.tv_sec < pw_warntime &&
!quietlog)
(void)printf("Warning: your account expires on %s",
ctime(&pwd->pw_expire));
}
if (pwd->pw_change) {
if (pwd->pw_change == _PASSWORD_CHGNOW)
need_chpass = 1;
else if (now.tv_sec >= pwd->pw_change) {
(void)printf("Sorry -- your password has expired.\n");
sleepexit(EXIT_FAILURE);
} else if (pwd->pw_change - now.tv_sec < pw_warntime &&
!quietlog)
(void)printf("Warning: your password expires on %s",
ctime(&pwd->pw_change));
}
/* Nothing else left to fail -- really log in. */
update_db(quietlog, rootlogin, fflag);
(void)chown(ttyn, pwd->pw_uid,
(gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid);
if (ttyaction(ttyn, "login", pwd->pw_name))
(void)printf("Warning: ttyaction failed.\n");
#if defined(KERBEROS5)
/* Fork so that we can call kdestroy */
if (! login_krb5_retain_ccache && has_ccache)
dofork();
#endif
/* Destroy environment unless user has requested its preservation. */
if (!pflag)
environ = envinit;
#ifdef LOGIN_CAP
if (nested == NULL && setusercontext(lc, pwd, pwd->pw_uid,
LOGIN_SETLOGIN) != 0) {
syslog(LOG_ERR, "setusercontext failed");
exit(EXIT_FAILURE);
}
if (setusercontext(lc, pwd, pwd->pw_uid,
(LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETLOGIN))) != 0) {
syslog(LOG_ERR, "setusercontext failed");
exit(EXIT_FAILURE);
}
#else
(void)setgid(pwd->pw_gid);
initgroups(username, pwd->pw_gid);
if (nested == NULL && setlogin(pwd->pw_name) < 0)
syslog(LOG_ERR, "setlogin() failure: %m");
/* Discard permissions last so can't get killed and drop core. */
if (rootlogin)
(void)setuid(0);
else
(void)setuid(pwd->pw_uid);
#endif
if (*pwd->pw_shell == '\0')
pwd->pw_shell = __UNCONST(_PATH_BSHELL);
#ifdef LOGIN_CAP
if ((shell = login_getcapstr(lc, "shell", NULL, NULL)) != NULL) {
if ((shell = strdup(shell)) == NULL) {
syslog(LOG_ERR, "Cannot alloc mem");
sleepexit(EXIT_FAILURE);
}
pwd->pw_shell = shell;
}
#endif
(void)setenv("HOME", pwd->pw_dir, 1);
(void)setenv("SHELL", pwd->pw_shell, 1);
if (term[0] == '\0') {
const char *tt = stypeof(tty);
#ifdef LOGIN_CAP
if (tt == NULL)
tt = login_getcapstr(lc, "term", NULL, NULL);
#endif
/* unknown term -> "su" */
(void)strlcpy(term, tt != NULL ? tt : "su", sizeof(term));
}
(void)setenv("TERM", term, 0);
(void)setenv("LOGNAME", pwd->pw_name, 1);
(void)setenv("USER", pwd->pw_name, 1);
#ifdef LOGIN_CAP
setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETPATH);
#else
(void)setenv("PATH", _PATH_DEFPATH, 0);
#endif
#ifdef KERBEROS5
if (krb5tkfile_env)
(void)setenv("KRB5CCNAME", krb5tkfile_env, 1);
#endif
/* If fflag is on, assume caller/authenticator has logged root login. */
if (rootlogin && fflag == 0) {
if (hostname)
syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s FROM %s",
username, tty, hostname);
else
syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s",
username, tty);
}
#if defined(KERBEROS5)
if (KERBEROS_CONFIGURED && !quietlog && notickets == 1)
(void)printf("Warning: no Kerberos tickets issued.\n");
#endif
if (!quietlog) {
const char *fname;
#ifdef LOGIN_CAP
fname = login_getcapstr(lc, "copyright", NULL, NULL);
if (fname != NULL && access(fname, F_OK) == 0)
motd(fname);
else
#endif
(void)printf("%s", copyrightstr);
#ifdef LOGIN_CAP
fname = login_getcapstr(lc, "welcome", NULL, NULL);
if (fname == NULL || access(fname, F_OK) != 0)
#endif
fname = _PATH_MOTDFILE;
motd(fname);
(void)snprintf(tbuf,
sizeof(tbuf), "%s/%s", _PATH_MAILDIR, pwd->pw_name);
if (stat(tbuf, &st) == 0 && st.st_size != 0)
(void)printf("You have %smail.\n",
(st.st_mtime > st.st_atime) ? "new " : "");
}
#ifdef LOGIN_CAP
login_close(lc);
#endif
(void)signal(SIGALRM, SIG_DFL);
(void)signal(SIGQUIT, SIG_DFL);
(void)signal(SIGINT, SIG_DFL);
(void)signal(SIGTSTP, SIG_IGN);
tbuf[0] = '-';
(void)strlcpy(tbuf + 1, (p = strrchr(pwd->pw_shell, '/')) ?
p + 1 : pwd->pw_shell, sizeof(tbuf) - 1);
/* Wait to change password until we're unprivileged */
if (need_chpass) {
if (!require_chpass)
(void)printf(
"Warning: your password has expired. Please change it as soon as possible.\n");
else {
int status;
(void)printf(
"Your password has expired. Please choose a new one.\n");
switch (fork()) {
case -1:
warn("fork");
sleepexit(EXIT_FAILURE);
case 0:
execl(_PATH_BINPASSWD, "passwd", NULL);
_exit(EXIT_FAILURE);
default:
if (wait(&status) == -1 ||
WEXITSTATUS(status))
sleepexit(EXIT_FAILURE);
}
}
}
#ifdef KERBEROS5
if (login_krb5_get_tickets)
k5_write_creds();
#endif
execlp(pwd->pw_shell, tbuf, NULL);
err(EXIT_FAILURE, "%s", pwd->pw_shell);
}
int
main(int argc, char **argv)
{
char *namep;
int pflag = 0, hflag = 0, t, f, c;
int invalid, quietlog;
FILE *nlfd;
char *ttyn, *tty;
int ldisc = 0, zero = 0, i;
char **envnew;
#ifdef AFS_AIX32_ENV
/*
* The following signal action for AIX is necessary so that in case of a
* crash (i.e. core is generated) we can include the user's data section
* in the core dump. Unfortunately, by default, only a partial core is
* generated which, in many cases, isn't too useful.
*/
struct sigaction nsa;
sigemptyset(&nsa.sa_mask);
nsa.sa_handler = SIG_DFL;
nsa.sa_flags = SA_FULLDUMP;
sigaction(SIGSEGV, &nsa, NULL);
#endif
signal(SIGALRM, timedout);
alarm(timeout);
signal(SIGQUIT, SIG_IGN);
signal(SIGINT, SIG_IGN);
setpriority(PRIO_PROCESS, 0, 0);
quota(Q_SETUID, 0, 0, 0);
/* create a dummy user */
memset(&nouser, 0, sizeof(nouser));
nouser.pw_name = "";
nouser.pw_passwd = "*";
nouser.pw_dir = nouser.pw_shell = "";
nouser.pw_uid = nouser.pw_gid = -1;
/*
* -p is used by getty to tell login not to destroy the environment
* -r is used by rlogind to cause the autologin protocol;
* -h is used by other servers to pass the name of the
* remote host to login so that it may be placed in utmp and wtmp
*/
while (argc > 1) {
if (strcmp(argv[1], "-r") == 0) {
if (rflag || hflag) {
printf("Only one of -r and -h allowed\n");
exit(1);
}
rflag = 1;
usererr = doremotelogin(argv[2]);
SCPYN(utmp.ut_host, argv[2]);
argc -= 2;
argv += 2;
continue;
}
if (strcmp(argv[1], "-h") == 0 && getuid() == 0) {
if (rflag || hflag) {
printf("Only one of -r and -h allowed\n");
exit(1);
}
hflag = 1;
SCPYN(utmp.ut_host, argv[2]);
argc -= 2;
argv += 2;
continue;
}
if (strcmp(argv[1], "-p") == 0) {
argc--;
argv++;
pflag = 1;
continue;
}
break;
}
ioctl(0, TIOCLSET, &zero);
ioctl(0, TIOCNXCL, 0);
ioctl(0, FIONBIO, &zero);
ioctl(0, FIOASYNC, &zero);
ioctl(0, TIOCGETP, &ttyb);
/*
* If talking to an rlogin process,
* propagate the terminal type and
* baud rate across the network.
*/
if (rflag)
doremoteterm(term, &ttyb);
ttyb.sg_erase = CERASE;
ttyb.sg_kill = CKILL;
ioctl(0, TIOCSLTC, <c);
ioctl(0, TIOCSETC, &tc);
ioctl(0, TIOCSETP, &ttyb);
for (t = getdtablesize(); t > 2; t--)
close(t);
ttyn = ttyname(0);
if (ttyn == (char *)0 || *ttyn == '\0')
ttyn = "/dev/tty??";
tty = strrchr(ttyn, '/');
if (tty == NULL)
tty = ttyn;
else
tty++;
openlog("login", LOG_ODELAY, LOG_AUTH);
t = 0;
invalid = FALSE;
do {
ldisc = 0;
ioctl(0, TIOCSETD, &ldisc);
SCPYN(utmp.ut_name, "");
/*
* Name specified, take it.
*/
if (argc > 1) {
SCPYN(utmp.ut_name, argv[1]);
argc = 0;
}
/*
* If remote login take given name,
* otherwise prompt user for something.
*/
if (rflag && !invalid)
SCPYN(utmp.ut_name, lusername);
else
getloginname(&utmp);
invalid = FALSE;
if (!strcmp(pwd->pw_shell, "/bin/csh")) {
ldisc = NTTYDISC;
ioctl(0, TIOCSETD, &ldisc);
}
/*
* If no remote login authentication and
* a password exists for this user, prompt
* for one and verify it.
*/
if (usererr == -1 && *pwd->pw_passwd != '\0') {
#ifdef KAUTH
char password[BUFSIZ];
char *reason;
if (ka_UserReadPassword
("Password:"******"Unable to login because %s,\n", reason);
invalid = TRUE;
} else
if (ka_UserAuthenticate
(pwd->pw_name, /*inst */ 0, /*realm */ 0, password,
/*sepag */ 1, &reason)) {
printf("Unable to authenticate to AFS because %s.\n", reason);
printf(" proceeding with local authentication... \n");
/* try local login */
namep = crypt(password, pwd->pw_passwd);
if (strcmp(namep, pwd->pw_passwd))
invalid = TRUE;
}
#else
char *pp;
setpriority(PRIO_PROCESS, 0, -4);
pp = getpass("Password:"******"r")) != 0) {
while ((c = getc(nlfd)) != EOF)
putchar(c);
fflush(stdout);
sleep(5);
exit(0);
}
/*
* If valid so far and root is logging in,
* see if root logins on this terminal are permitted.
*/
if (!invalid && pwd->pw_uid == 0 && !rootterm(tty)) {
if (utmp.ut_host[0])
syslog(LOG_CRIT, "ROOT LOGIN REFUSED ON %s FROM %.*s", tty,
HMAX, utmp.ut_host);
else
syslog(LOG_CRIT, "ROOT LOGIN REFUSED ON %s", tty);
invalid = TRUE;
}
if (invalid) {
printf("Login incorrect\n");
if (++t >= 5) {
if (utmp.ut_host[0])
syslog(LOG_CRIT,
"REPEATED LOGIN FAILURES ON %s FROM %.*s, %.*s",
tty, HMAX, utmp.ut_host, NMAX, utmp.ut_name);
else
syslog(LOG_CRIT, "REPEATED LOGIN FAILURES ON %s, %.*s",
tty, NMAX, utmp.ut_name);
ioctl(0, TIOCHPCL, NULL);
close(0), close(1), close(2);
sleep(10);
exit(1);
}
}
if (*pwd->pw_shell == '\0')
pwd->pw_shell = "/bin/sh";
if (chdir(pwd->pw_dir) < 0 && !invalid) {
if (chdir("/") < 0) {
printf("No directory!\n");
invalid = TRUE;
} else {
printf("No directory! %s\n", "Logging in with home=/");
pwd->pw_dir = "/";
}
}
/*
* Remote login invalid must have been because
* of a restriction of some sort, no extra chances.
*/
if (!usererr && invalid)
exit(1);
} while (invalid);
/* committed to login turn off timeout */
alarm(0);
if (quota(Q_SETUID, pwd->pw_uid, 0, 0) < 0 && errno != EINVAL) {
if (errno == EUSERS)
printf("%s.\n%s.\n", "Too many users logged on already",
"Try again later");
else if (errno == EPROCLIM)
printf("You have too many processes running.\n");
else
perror("quota (Q_SETUID)");
sleep(5);
exit(0);
}
time(&utmp.ut_time);
t = ttyslot();
if (t > 0 && (f = open("/etc/utmp", O_WRONLY)) >= 0) {
lseek(f, (afs_int32) (t * sizeof(utmp)), 0);
SCPYN(utmp.ut_line, tty);
write(f, (char *)&utmp, sizeof(utmp));
close(f);
}
if ((f = open("/usr/adm/wtmp", O_WRONLY | O_APPEND)) >= 0) {
write(f, (char *)&utmp, sizeof(utmp));
close(f);
}
quietlog = access(qlog, F_OK) == 0;
if ((f = open(lastlog, O_RDWR)) >= 0) {
struct lastlog ll;
lseek(f, (afs_int32) pwd->pw_uid * sizeof(struct lastlog), 0);
if (read(f, (char *)&ll, sizeof ll) == sizeof ll && ll.ll_time != 0
&& !quietlog) {
printf("Last login: %.*s ", 24 - 5, (char *)ctime(&ll.ll_time));
if (*ll.ll_host != '\0')
printf("from %.*s\n", sizeof(ll.ll_host), ll.ll_host);
else
printf("on %.*s\n", sizeof(ll.ll_line), ll.ll_line);
}
lseek(f, (afs_int32) pwd->pw_uid * sizeof(struct lastlog), 0);
time(&ll.ll_time);
SCPYN(ll.ll_line, tty);
SCPYN(ll.ll_host, utmp.ut_host);
write(f, (char *)&ll, sizeof ll);
close(f);
}
chown(ttyn, pwd->pw_uid, TTYGID(pwd->pw_gid));
if (!hflag && !rflag) /* XXX */
ioctl(0, TIOCSWINSZ, &win);
chmod(ttyn, 0620);
setgid(pwd->pw_gid);
strncpy(name, utmp.ut_name, NMAX);
name[NMAX] = '\0';
initgroups(name, pwd->pw_gid);
quota(Q_DOWARN, pwd->pw_uid, (dev_t) - 1, 0);
setuid(pwd->pw_uid);
/* destroy environment unless user has asked to preserve it */
if (!pflag)
environ = envinit;
/* set up environment, this time without destruction */
/* copy the environment before setenving */
i = 0;
while (environ[i] != NULL)
i++;
envnew = (char **)malloc(sizeof(char *) * (i + 1));
for (; i >= 0; i--)
envnew[i] = environ[i];
environ = envnew;
setenv("HOME=", pwd->pw_dir, 1);
setenv("SHELL=", pwd->pw_shell, 1);
if (term[0] == '\0')
strncpy(term, stypeof(tty), sizeof(term));
setenv("TERM=", term, 0);
setenv("USER="******"PATH=", ":/usr/ucb:/bin:/usr/bin", 0);
if ((namep = strrchr(pwd->pw_shell, '/')) == NULL)
namep = pwd->pw_shell;
else
namep++;
strcat(minusnam, namep);
if (tty[sizeof("tty") - 1] == 'd')
syslog(LOG_INFO, "DIALUP %s, %s", tty, pwd->pw_name);
if (pwd->pw_uid == 0)
if (utmp.ut_host[0])
syslog(LOG_NOTICE, "ROOT LOGIN %s FROM %.*s", tty, HMAX,
utmp.ut_host);
else
syslog(LOG_NOTICE, "ROOT LOGIN %s", tty);
if (!quietlog) {
struct stat st;
showmotd();
strcat(maildir, pwd->pw_name);
if (stat(maildir, &st) == 0 && st.st_size != 0)
printf("You have %smail.\n",
(st.st_mtime > st.st_atime) ? "new " : "");
}
signal(SIGALRM, SIG_DFL);
signal(SIGQUIT, SIG_DFL);
signal(SIGINT, SIG_DFL);
signal(SIGTSTP, SIG_IGN);
execlp(pwd->pw_shell, minusnam, 0);
perror(pwd->pw_shell);
printf("No shell\n");
exit(0);
}
int
main(int argc, char **argv)
{
struct group *gr;
struct stat st;
int retries, backoff;
int ask, ch, cnt, quietlog, rootlogin, rval;
uid_t uid, euid;
gid_t egid;
char *term;
char *p, *ttyn;
char tname[sizeof(_PATH_TTY) + 10];
char *arg0;
const char *tp;
const char *shell = NULL;
login_cap_t *lc = NULL;
login_cap_t *lc_user = NULL;
pid_t pid;
#ifdef USE_BSM_AUDIT
char auditsuccess = 1;
#endif
signal(SIGQUIT, SIG_IGN);
signal(SIGINT, SIG_IGN);
signal(SIGHUP, SIG_IGN);
if (setjmp(timeout_buf)) {
if (failures)
badlogin(username);
fprintf(stderr, "Login timed out after %d seconds\n",
timeout);
bail(NO_SLEEP_EXIT, 0);
}
signal(SIGALRM, timedout);
alarm(timeout);
setpriority(PRIO_PROCESS, 0, 0);
openlog("login", LOG_ODELAY, LOG_AUTH);
uid = getuid();
euid = geteuid();
egid = getegid();
while ((ch = getopt(argc, argv, "fh:p")) != -1)
switch (ch) {
case 'f':
fflag = 1;
break;
case 'h':
if (uid != 0)
errx(1, "-h option: %s", strerror(EPERM));
if (strlen(optarg) >= MAXHOSTNAMELEN)
errx(1, "-h option: %s: exceeds maximum "
"hostname size", optarg);
hflag = 1;
hostname = optarg;
break;
case 'p':
pflag = 1;
break;
case '?':
default:
if (uid == 0)
syslog(LOG_ERR, "invalid flag %c", ch);
usage();
}
argc -= optind;
argv += optind;
if (argc > 0) {
username = strdup(*argv);
if (username == NULL)
err(1, "strdup()");
ask = 0;
} else {
ask = 1;
}
setproctitle("-%s", getprogname());
for (cnt = getdtablesize(); cnt > 2; cnt--)
close(cnt);
/*
* Get current TTY
*/
ttyn = ttyname(STDIN_FILENO);
if (ttyn == NULL || *ttyn == '\0') {
snprintf(tname, sizeof(tname), "%s??", _PATH_TTY);
ttyn = tname;
}
if (strncmp(ttyn, _PATH_DEV, sizeof(_PATH_DEV) -1) == 0)
tty = ttyn + sizeof(_PATH_DEV) -1;
else
tty = ttyn;
/*
* Get "login-retries" & "login-backoff" from default class
*/
lc = login_getclass(NULL);
prompt = login_getcapstr(lc, "login_prompt",
default_prompt, default_prompt);
passwd_prompt = login_getcapstr(lc, "passwd_prompt",
default_passwd_prompt, default_passwd_prompt);
retries = login_getcapnum(lc, "login-retries",
DEFAULT_RETRIES, DEFAULT_RETRIES);
backoff = login_getcapnum(lc, "login-backoff",
DEFAULT_BACKOFF, DEFAULT_BACKOFF);
login_close(lc);
lc = NULL;
/*
* Try to authenticate the user until we succeed or time out.
*/
for (cnt = 0;; ask = 1) {
if (ask) {
fflag = 0;
if (olduser != NULL)
free(olduser);
olduser = username;
username = getloginname();
}
rootlogin = 0;
/*
* Note if trying multiple user names; log failures for
* previous user name, but don't bother logging one failure
* for nonexistent name (mistyped username).
*/
if (failures && strcmp(olduser, username) != 0) {
if (failures > (pwd ? 0 : 1))
badlogin(olduser);
}
/*
* Load the PAM policy and set some variables
*/
pam_err = pam_start("login", username, &pamc, &pamh);
if (pam_err != PAM_SUCCESS) {
pam_syslog("pam_start()");
#ifdef USE_BSM_AUDIT
au_login_fail("PAM Error", 1);
#endif
bail(NO_SLEEP_EXIT, 1);
}
pam_err = pam_set_item(pamh, PAM_TTY, tty);
if (pam_err != PAM_SUCCESS) {
pam_syslog("pam_set_item(PAM_TTY)");
#ifdef USE_BSM_AUDIT
au_login_fail("PAM Error", 1);
#endif
bail(NO_SLEEP_EXIT, 1);
}
pam_err = pam_set_item(pamh, PAM_RHOST, hostname);
if (pam_err != PAM_SUCCESS) {
pam_syslog("pam_set_item(PAM_RHOST)");
#ifdef USE_BSM_AUDIT
au_login_fail("PAM Error", 1);
#endif
bail(NO_SLEEP_EXIT, 1);
}
pwd = getpwnam(username);
if (pwd != NULL && pwd->pw_uid == 0)
rootlogin = 1;
/*
* If the -f option was specified and the caller is
* root or the caller isn't changing their uid, don't
* authenticate.
*/
if (pwd != NULL && fflag &&
(uid == (uid_t)0 || uid == (uid_t)pwd->pw_uid)) {
/* already authenticated */
rval = 0;
#ifdef USE_BSM_AUDIT
auditsuccess = 0; /* opened a terminal window only */
#endif
} else {
fflag = 0;
setpriority(PRIO_PROCESS, 0, -4);
rval = auth_pam();
setpriority(PRIO_PROCESS, 0, 0);
}
if (pwd && rval == 0)
break;
pam_cleanup();
/*
* We are not exiting here, but this corresponds to a failed
* login event, so set exitstatus to 1.
*/
#ifdef USE_BSM_AUDIT
au_login_fail("Login incorrect", 1);
#endif
printf("Login incorrect\n");
failures++;
pwd = NULL;
/*
* Allow up to 'retry' (10) attempts, but start
* backing off after 'backoff' (3) attempts.
*/
if (++cnt > backoff) {
if (cnt >= retries) {
badlogin(username);
bail(SLEEP_EXIT, 1);
}
sleep((u_int)((cnt - backoff) * 5));
}
}
/* committed to login -- turn off timeout */
alarm((u_int)0);
signal(SIGHUP, SIG_DFL);
endpwent();
#ifdef USE_BSM_AUDIT
/* Audit successful login. */
if (auditsuccess)
au_login_success();
#endif
/*
* Establish the login class.
*/
lc = login_getpwclass(pwd);
lc_user = login_getuserclass(pwd);
if (!(quietlog = login_getcapbool(lc_user, "hushlogin", 0)))
quietlog = login_getcapbool(lc, "hushlogin", 0);
/*
* Switching needed for NFS with root access disabled.
*
* XXX: This change fails to modify the additional groups for the
* process, and as such, may restrict rights normally granted
* through those groups.
*/
setegid(pwd->pw_gid);
seteuid(rootlogin ? 0 : pwd->pw_uid);
if (!*pwd->pw_dir || chdir(pwd->pw_dir) < 0) {
if (login_getcapbool(lc, "requirehome", 0))
refused("Home directory not available", "HOMEDIR", 1);
if (chdir("/") < 0)
refused("Cannot find root directory", "ROOTDIR", 1);
if (!quietlog || *pwd->pw_dir)
printf("No home directory.\nLogging in with home = \"/\".\n");
pwd->pw_dir = strdup("/");
if (pwd->pw_dir == NULL) {
syslog(LOG_NOTICE, "strdup(): %m");
bail(SLEEP_EXIT, 1);
}
}
seteuid(euid);
setegid(egid);
if (!quietlog) {
quietlog = access(_PATH_HUSHLOGIN, F_OK) == 0;
if (!quietlog)
pam_silent = 0;
}
shell = login_getcapstr(lc, "shell", pwd->pw_shell, pwd->pw_shell);
if (*pwd->pw_shell == '\0')
pwd->pw_shell = strdup(_PATH_BSHELL);
if (pwd->pw_shell == NULL) {
syslog(LOG_NOTICE, "strdup(): %m");
bail(SLEEP_EXIT, 1);
}
if (*shell == '\0') /* Not overridden */
shell = pwd->pw_shell;
if ((shell = strdup(shell)) == NULL) {
syslog(LOG_NOTICE, "strdup(): %m");
bail(SLEEP_EXIT, 1);
}
/*
* Set device protections, depending on what terminal the
* user is logged in. This feature is used on Suns to give
* console users better privacy.
*/
login_fbtab(tty, pwd->pw_uid, pwd->pw_gid);
/*
* Clear flags of the tty. None should be set, and when the
* user sets them otherwise, this can cause the chown to fail.
* Since it isn't clear that flags are useful on character
* devices, we just clear them.
*
* We don't log in the case of EOPNOTSUPP because dev might be
* on NFS, which doesn't support chflags.
*
* We don't log in the EROFS because that means that /dev is on
* a read only file system and we assume that the permissions there
* are sane.
*/
if (ttyn != tname && chflags(ttyn, 0))
if (errno != EOPNOTSUPP && errno != EROFS)
syslog(LOG_ERR, "chflags(%s): %m", ttyn);
if (ttyn != tname && chown(ttyn, pwd->pw_uid,
(gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid))
if (errno != EROFS)
syslog(LOG_ERR, "chown(%s): %m", ttyn);
/*
* Exclude cons/vt/ptys only, assume dialup otherwise
* TODO: Make dialup tty determination a library call
* for consistency (finger etc.)
*/
if (hflag && isdialuptty(tty))
syslog(LOG_INFO, "DIALUP %s, %s", tty, pwd->pw_name);
#ifdef LOGALL
/*
* Syslog each successful login, so we don't have to watch
* hundreds of wtmp or lastlogin files.
*/
if (hflag)
syslog(LOG_INFO, "login from %s on %s as %s",
hostname, tty, pwd->pw_name);
else
syslog(LOG_INFO, "login on %s as %s",
tty, pwd->pw_name);
#endif
/*
* If fflag is on, assume caller/authenticator has logged root
* login.
*/
if (rootlogin && fflag == 0) {
if (hflag)
syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s FROM %s",
username, tty, hostname);
else
syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s",
username, tty);
}
/*
* Destroy environment unless user has requested its
* preservation - but preserve TERM in all cases
*/
term = getenv("TERM");
if (!pflag)
environ = envinit;
if (term != NULL) {
if (setenv("TERM", term, 0) == -1)
err(1, "setenv: cannot set TERM=%s", term);
}
/*
* PAM modules might add supplementary groups during pam_setcred().
*/
if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETGROUP) != 0) {
syslog(LOG_ERR, "setusercontext() failed - exiting");
bail(NO_SLEEP_EXIT, 1);
}
pam_err = pam_setcred(pamh, pam_silent|PAM_ESTABLISH_CRED);
if (pam_err != PAM_SUCCESS) {
pam_syslog("pam_setcred()");
bail(NO_SLEEP_EXIT, 1);
}
pam_cred_established = 1;
pam_err = pam_open_session(pamh, pam_silent);
if (pam_err != PAM_SUCCESS) {
pam_syslog("pam_open_session()");
bail(NO_SLEEP_EXIT, 1);
}
pam_session_established = 1;
/*
* We must fork() before setuid() because we need to call
* pam_close_session() as root.
*/
pid = fork();
if (pid < 0) {
err(1, "fork");
} else if (pid != 0) {
/*
* Parent: wait for child to finish, then clean up
* session.
*/
int status;
setproctitle("-%s [pam]", getprogname());
waitpid(pid, &status, 0);
bail(NO_SLEEP_EXIT, 0);
}
/*
* NOTICE: We are now in the child process!
*/
/*
* Add any environment variables the PAM modules may have set.
*/
export_pam_environment();
/*
* We're done with PAM now; our parent will deal with the rest.
*/
pam_end(pamh, 0);
pamh = NULL;
/*
* We don't need to be root anymore, so set the login name and
* the UID.
*/
if (setlogin(username) != 0) {
syslog(LOG_ERR, "setlogin(%s): %m - exiting", username);
bail(NO_SLEEP_EXIT, 1);
}
if (setusercontext(lc, pwd, pwd->pw_uid,
LOGIN_SETALL & ~(LOGIN_SETLOGIN|LOGIN_SETGROUP)) != 0) {
syslog(LOG_ERR, "setusercontext() failed - exiting");
exit(1);
}
if (setenv("SHELL", pwd->pw_shell, 1) == -1)
err(1, "setenv: cannot set SHELL=%s", pwd->pw_shell);
if (setenv("HOME", pwd->pw_dir, 1) == -1)
err(1, "setenv: cannot set HOME=%s", pwd->pw_dir);
/* Overwrite "term" from login.conf(5) for any known TERM */
if (term == NULL && (tp = stypeof(tty)) != NULL) {
if (setenv("TERM", tp, 1) == -1)
err(1, "setenv: cannot set TERM=%s", tp);
} else {
if (setenv("TERM", TERM_UNKNOWN, 0) == -1)
err(1, "setenv: cannot set TERM=%s", TERM_UNKNOWN);
}
if (setenv("LOGNAME", username, 1) == -1)
err(1, "setenv: cannot set LOGNAME=%s", username);
if (setenv("USER", username, 1) == -1)
err(1, "setenv: cannot set USER=%s", username);
if (setenv("PATH",
rootlogin ? _PATH_STDPATH : _PATH_DEFPATH, 0) == -1) {
err(1, "setenv: cannot set PATH=%s",
rootlogin ? _PATH_STDPATH : _PATH_DEFPATH);
}
if (!quietlog) {
const char *cw;
cw = login_getcapstr(lc, "copyright", NULL, NULL);
if (cw == NULL || motd(cw) == -1)
printf("%s", copyright);
printf("\n");
cw = login_getcapstr(lc, "welcome", NULL, NULL);
if (cw != NULL && access(cw, F_OK) == 0)
motd(cw);
else
motd(_PATH_MOTDFILE);
if (login_getcapbool(lc_user, "nocheckmail", 0) == 0 &&
login_getcapbool(lc, "nocheckmail", 0) == 0) {
char *cx;
/* $MAIL may have been set by class. */
cx = getenv("MAIL");
if (cx == NULL) {
asprintf(&cx, "%s/%s",
_PATH_MAILDIR, pwd->pw_name);
}
if (cx && stat(cx, &st) == 0 && st.st_size != 0)
printf("You have %smail.\n",
(st.st_mtime > st.st_atime) ? "new " : "");
if (getenv("MAIL") == NULL)
free(cx);
}
}
login_close(lc_user);
login_close(lc);
signal(SIGALRM, SIG_DFL);
signal(SIGQUIT, SIG_DFL);
signal(SIGINT, SIG_DFL);
signal(SIGTSTP, SIG_IGN);
/*
* Login shells have a leading '-' in front of argv[0]
*/
p = strrchr(pwd->pw_shell, '/');
if (asprintf(&arg0, "-%s", p ? p + 1 : pwd->pw_shell) >= MAXPATHLEN) {
syslog(LOG_ERR, "user: %s: shell exceeds maximum pathname size",
username);
errx(1, "shell exceeds maximum pathname size");
} else if (arg0 == NULL) {
err(1, "asprintf()");
}
execlp(shell, arg0, NULL);
err(1, "%s", shell);
/*
* That's it, folks!
*/
}
int
main(int argc, char *argv[])
{
char *domain, *p, *ttyn, *shell, *fullname, *instance;
char *lipaddr, *script, *ripaddr, *style, *type, *fqdn;
char tbuf[MAXPATHLEN + 2], tname[sizeof(_PATH_TTY) + 10];
char localhost[MAXHOSTNAMELEN], *copyright;
char mail[sizeof(_PATH_MAILDIR) + 1 + NAME_MAX];
int ask, ch, cnt, fflag, pflag, quietlog, rootlogin, lastchance;
int error, homeless, needto, authok, tries, backoff;
struct addrinfo *ai, hints;
struct rlimit cds, scds;
quad_t expire, warning;
struct utmp utmp;
struct group *gr;
struct stat st;
uid_t uid;
openlog("login", LOG_ODELAY, LOG_AUTH);
fqdn = lipaddr = ripaddr = fullname = type = NULL;
authok = 0;
tries = 10;
backoff = 3;
domain = NULL;
if (gethostname(localhost, sizeof(localhost)) < 0) {
syslog(LOG_ERR, "couldn't get local hostname: %m");
strlcpy(localhost, "localhost", sizeof(localhost));
} else if ((domain = strchr(localhost, '.'))) {
domain++;
if (*domain && strchr(domain, '.') == NULL)
domain = localhost;
}
if ((as = auth_open()) == NULL) {
syslog(LOG_ERR, "auth_open: %m");
err(1, "unable to initialize BSD authentication");
}
auth_setoption(as, "login", "yes");
/*
* -p is used by getty to tell login not to destroy the environment
* -f is used to skip a second login authentication
* -h is used by other servers to pass the name of the remote
* host to login so that it may be placed in utmp and wtmp
*/
fflag = pflag = 0;
uid = getuid();
while ((ch = getopt(argc, argv, "fh:pu:L:R:")) != -1)
switch (ch) {
case 'f':
fflag = 1;
break;
case 'h':
if (uid) {
warnc(EPERM, "-h option");
quickexit(1);
}
free(fqdn);
if ((fqdn = strdup(optarg)) == NULL) {
warn(NULL);
quickexit(1);
}
auth_setoption(as, "fqdn", fqdn);
if (domain && (p = strchr(optarg, '.')) &&
strcasecmp(p+1, domain) == 0)
*p = 0;
hostname = optarg;
auth_setoption(as, "hostname", hostname);
break;
case 'L':
if (uid) {
warnc(EPERM, "-L option");
quickexit(1);
}
if (lipaddr) {
warnx("duplicate -L option");
quickexit(1);
}
lipaddr = optarg;
memset(&hints, 0, sizeof(hints));
hints.ai_family = PF_UNSPEC;
hints.ai_flags = AI_CANONNAME;
error = getaddrinfo(lipaddr, NULL, &hints, &ai);
if (!error) {
strlcpy(localhost, ai->ai_canonname,
sizeof(localhost));
freeaddrinfo(ai);
} else
strlcpy(localhost, lipaddr, sizeof(localhost));
auth_setoption(as, "local_addr", lipaddr);
break;
case 'p':
pflag = 1;
break;
case 'R':
if (uid) {
warnc(EPERM, "-R option");
quickexit(1);
}
if (ripaddr) {
warnx("duplicate -R option");
quickexit(1);
}
ripaddr = optarg;
auth_setoption(as, "remote_addr", ripaddr);
break;
case 'u':
if (uid) {
warnc(EPERM, "-u option");
quickexit(1);
}
rusername = optarg;
break;
default:
if (!uid)
syslog(LOG_ERR, "invalid flag %c", ch);
(void)fprintf(stderr,
"usage: login [-fp] [-h hostname] [-L local-addr] "
"[-R remote-addr] [-u username]\n\t[user]\n");
quickexit(1);
}
argc -= optind;
argv += optind;
if (*argv) {
username = *argv;
ask = 0;
} else
ask = 1;
/*
* If effective user is not root, just run su(1) to emulate login(1).
*/
if (geteuid() != 0) {
char *av[5], **ap;
auth_close(as);
closelog();
closefrom(STDERR_FILENO + 1);
ap = av;
*ap++ = _PATH_SU;
*ap++ = "-L";
if (!pflag)
*ap++ = "-l";
if (!ask)
*ap++ = username;
*ap = NULL;
execv(_PATH_SU, av);
warn("unable to exec %s", _PATH_SU);
_exit(1);
}
ttyn = ttyname(STDIN_FILENO);
if (ttyn == NULL || *ttyn == '\0') {
(void)snprintf(tname, sizeof(tname), "%s??", _PATH_TTY);
ttyn = tname;
}
if ((tty = strrchr(ttyn, '/')))
++tty;
else
tty = ttyn;
/*
* Since login deals with sensitive information, turn off coredumps.
*/
if (getrlimit(RLIMIT_CORE, &scds) < 0) {
syslog(LOG_ERR, "couldn't get core dump size: %m");
scds.rlim_cur = scds.rlim_max = QUAD_MIN;
}
cds.rlim_cur = cds.rlim_max = 0;
if (setrlimit(RLIMIT_CORE, &cds) < 0) {
syslog(LOG_ERR, "couldn't set core dump size to 0: %m");
scds.rlim_cur = scds.rlim_max = QUAD_MIN;
}
(void)signal(SIGALRM, timedout);
if (argc > 1) {
needto = 0;
(void)alarm(timeout);
} else
needto = 1;
(void)signal(SIGQUIT, SIG_IGN);
(void)signal(SIGINT, SIG_IGN);
(void)signal(SIGHUP, SIG_IGN);
(void)setpriority(PRIO_PROCESS, 0, 0);
#ifdef notyet
/* XXX - we don't (yet) support per-tty auth stuff */
/* BSDi uses a ttys.conf file but we could just overload /etc/ttys */
/*
* Classify the attempt.
* By default we use the value in the ttys file.
* If there is a classify script we run that as
*
* classify [-f] [username]
*/
if (type = getttyauth(tty))
auth_setoption(as, "auth_type", type);
#endif
/* get the default login class */
if ((lc = login_getclass(0)) == NULL) { /* get the default class */
warnx("Failure to retrieve default class");
quickexit(1);
}
timeout = (u_int)login_getcapnum(lc, "login-timeout", 300, 300);
if ((script = login_getcapstr(lc, "classify", NULL, NULL)) != NULL) {
unsetenv("AUTH_TYPE");
unsetenv("REMOTE_NAME");
if (script[0] != '/') {
syslog(LOG_ERR, "Invalid classify script: %s", script);
warnx("Classification failure");
quickexit(1);
}
shell = strrchr(script, '/') + 1;
auth_setstate(as, AUTH_OKAY);
auth_call(as, script, shell,
fflag ? "-f" : username, fflag ? username : 0, (char *)0);
if (!(auth_getstate(as) & AUTH_ALLOW))
quickexit(1);
auth_setenv(as);
if ((p = getenv("AUTH_TYPE")) != NULL &&
strncmp(p, "auth-", 5) == 0)
type = p;
if ((p = getenv("REMOTE_NAME")) != NULL)
hostname = p;
/*
* we may have changed some values, reset them
*/
auth_clroptions(as);
if (type)
auth_setoption(as, "auth_type", type);
if (fqdn)
auth_setoption(as, "fqdn", fqdn);
if (hostname)
auth_setoption(as, "hostname", hostname);
if (lipaddr)
auth_setoption(as, "local_addr", lipaddr);
if (ripaddr)
auth_setoption(as, "remote_addr", ripaddr);
}
/*
* Request the things like the approval script print things
* to stdout (in particular, the nologins files)
*/
auth_setitem(as, AUTHV_INTERACTIVE, "True");
for (cnt = 0;; ask = 1) {
/*
* Clean up our current authentication session.
* Options are not cleared so we need to clear any
* we might set below.
*/
auth_clean(as);
auth_clroption(as, "style");
auth_clroption(as, "lastchance");
lastchance = 0;
if (ask) {
fflag = 0;
getloginname();
}
if (needto) {
needto = 0;
alarm(timeout);
}
if ((style = strchr(username, ':')) != NULL)
*style++ = '\0';
if (fullname)
free(fullname);
if (auth_setitem(as, AUTHV_NAME, username) < 0 ||
(fullname = strdup(username)) == NULL) {
syslog(LOG_ERR, "%m");
warn(NULL);
quickexit(1);
}
rootlogin = 0;
if ((instance = strchr(username, '/')) != NULL) {
if (strncmp(instance + 1, "root", 4) == 0)
rootlogin = 1;
*instance++ = '\0';
} else
instance = "";
if (strlen(username) > UT_NAMESIZE)
username[UT_NAMESIZE] = '\0';
/*
* Note if trying multiple user names; log failures for
* previous user name, but don't bother logging one failure
* for nonexistent name (mistyped username).
*/
if (failures && strcmp(tbuf, username)) {
if (failures > (pwd ? 0 : 1))
badlogin(tbuf);
failures = 0;
}
(void)strlcpy(tbuf, username, sizeof(tbuf));
if ((pwd = getpwnam(username)) != NULL &&
auth_setpwd(as, pwd) < 0) {
syslog(LOG_ERR, "%m");
warn(NULL);
quickexit(1);
}
lc = login_getclass(pwd ? pwd->pw_class : NULL);
if (!lc)
goto failed;
style = login_getstyle(lc, style, type);
if (!style)
goto failed;
/*
* We allow "login-tries" attempts to login but start
* slowing down after "login-backoff" attempts.
*/
tries = (int)login_getcapnum(lc, "login-tries", 10, 10);
backoff = (int)login_getcapnum(lc, "login-backoff", 3, 3);
/*
* Turn off the fflag if we have an invalid user
* or we are not root and we are trying to change uids.
*/
if (!pwd || (uid && uid != pwd->pw_uid))
fflag = 0;
if (pwd && pwd->pw_uid == 0)
rootlogin = 1;
/*
* If we do not have the force flag authenticate the user
*/
if (!fflag) {
lastchance =
login_getcaptime(lc, "password-dead", 0, 0) != 0;
if (lastchance)
auth_setoption(as, "lastchance", "yes");
/*
* Once we start asking for a password
* we want to log a failure on a hup.
*/
signal(SIGHUP, sighup);
auth_verify(as, style, NULL, lc->lc_class, NULL);
authok = auth_getstate(as);
/*
* If their password expired and it has not been
* too long since then, give the user one last
* chance to change their password
*/
if ((authok & AUTH_PWEXPIRED) && lastchance) {
authok = AUTH_OKAY;
} else
lastchance = 0;
if ((authok & AUTH_ALLOW) == 0)
goto failed;
if (auth_setoption(as, "style", style) < 0) {
syslog(LOG_ERR, "%m");
warn(NULL);
quickexit(1);
}
}
/*
* explicitly reject users without password file entries
*/
if (pwd == NULL)
goto failed;
/*
* If trying to log in as root on an insecure terminal,
* refuse the login attempt unless the authentication
* style explicitly says a root login is okay.
*/
if (pwd && rootlogin && !rootterm(tty))
goto failed;
if (fflag) {
type = 0;
style = "forced";
}
break;
failed:
if (authok & AUTH_SILENT)
quickexit(0);
if (rootlogin && !rootterm(tty)) {
warnx("%s login refused on this terminal.",
fullname);
if (hostname)
syslog(LOG_NOTICE,
"LOGIN %s REFUSED FROM %s%s%s ON TTY %s",
fullname, rusername ? rusername : "",
rusername ? "@" : "", hostname, tty);
else
syslog(LOG_NOTICE,
"LOGIN %s REFUSED ON TTY %s",
fullname, tty);
} else {
if (!as || (p = auth_getvalue(as, "errormsg")) == NULL)
p = "Login incorrect";
(void)printf("%s\n", p);
}
failures++;
if (pwd)
log_failedlogin(pwd->pw_uid, hostname, rusername, tty);
/*
* By default, we allow 10 tries, but after 3 we start
* backing off to slow down password guessers.
*/
if (++cnt > backoff) {
if (cnt >= tries) {
badlogin(username);
sleepexit(1);
}
sleep((u_int)((cnt - backoff) * tries / 2));
}
}
/* committed to login -- turn off timeout */
(void)alarm(0);
endpwent();
shell = login_getcapstr(lc, "shell", pwd->pw_shell, pwd->pw_shell);
if (*shell == '\0')
shell = _PATH_BSHELL;
else if (strlen(shell) >= MAXPATHLEN) {
syslog(LOG_ERR, "shell path too long: %s", shell);
warnx("invalid shell");
quickexit(1);
}
/* Destroy environment unless user has requested its preservation. */
if (!pflag) {
if ((environ = calloc(1, sizeof (char *))) == NULL)
err(1, "calloc");
} else {
char **cpp, **cpp2;
for (cpp2 = cpp = environ; *cpp; cpp++) {
if (strncmp(*cpp, "LD_", 3) &&
strncmp(*cpp, "ENV=", 4) &&
strncmp(*cpp, "BASH_ENV=", 9) &&
strncmp(*cpp, "IFS=", 4))
*cpp2++ = *cpp;
}
*cpp2 = 0;
}
/* Note: setusercontext(3) will set PATH */
if (setenv("HOME", pwd->pw_dir, 1) == -1 ||
setenv("SHELL", pwd->pw_shell, 1) == -1) {
warn("unable to setenv()");
quickexit(1);
}
if (term[0] == '\0')
(void)strlcpy(term, stypeof(tty), sizeof(term));
(void)snprintf(mail, sizeof(mail), "%s/%s", _PATH_MAILDIR,
pwd->pw_name);
if (setenv("TERM", term, 0) == -1 ||
setenv("LOGNAME", pwd->pw_name, 1) == -1 ||
setenv("USER", pwd->pw_name, 1) == -1 ||
setenv("MAIL", mail, 1) == -1) {
warn("unable to setenv()");
quickexit(1);
}
if (hostname) {
if (setenv("REMOTEHOST", hostname, 1) == -1) {
warn("unable to setenv()");
quickexit(1);
}
}
if (rusername) {
if (setenv("REMOTEUSER", rusername, 1) == -1) {
warn("unable to setenv()");
quickexit(1);
}
}
if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETPATH)) {
warn("unable to set user context");
quickexit(1);
}
auth_setenv(as);
/* if user not super-user, check for disabled logins */
if (!rootlogin)
auth_checknologin(lc);
setegid(pwd->pw_gid);
seteuid(pwd->pw_uid);
homeless = chdir(pwd->pw_dir);
if (homeless) {
if (login_getcapbool(lc, "requirehome", 0)) {
(void)printf("No home directory %s!\n", pwd->pw_dir);
quickexit(1);
}
if (chdir("/"))
quickexit(0);
}
quietlog = ((strcmp(pwd->pw_shell, "/sbin/nologin") == 0) ||
login_getcapbool(lc, "hushlogin", 0) ||
(access(_PATH_HUSHLOGIN, F_OK) == 0));
seteuid(0);
setegid(0); /* XXX use a saved gid instead? */
if ((p = auth_getvalue(as, "warnmsg")) != NULL)
(void)printf("WARNING: %s\n\n", p);
expire = auth_check_expire(as);
if (expire < 0) {
(void)printf("Sorry -- your account has expired.\n");
quickexit(1);
} else if (expire > 0 && !quietlog) {
warning = login_getcaptime(lc, "expire-warn",
2 * DAYSPERWEEK * SECSPERDAY, 2 * DAYSPERWEEK * SECSPERDAY);
if (expire < warning)
(void)printf("Warning: your account expires on %s",
ctime(&pwd->pw_expire));
}
/* Nothing else left to fail -- really log in. */
(void)signal(SIGHUP, SIG_DFL);
memset(&utmp, 0, sizeof(utmp));
(void)time(&utmp.ut_time);
(void)strncpy(utmp.ut_name, username, sizeof(utmp.ut_name));
if (hostname)
(void)strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
(void)strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
login(&utmp);
if (!quietlog)
(void)check_failedlogin(pwd->pw_uid);
dolastlog(quietlog);
login_fbtab(tty, pwd->pw_uid, pwd->pw_gid);
(void)chown(ttyn, pwd->pw_uid,
(gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid);
/* If fflag is on, assume caller/authenticator has logged root login. */
if (rootlogin && fflag == 0) {
if (hostname)
syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s FROM %s%s%s",
username, tty, rusername ? rusername : "",
rusername ? "@" : "", hostname);
else
syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s", username, tty);
}
if (!quietlog) {
if ((copyright =
login_getcapstr(lc, "copyright", NULL, NULL)) != NULL)
auth_cat(copyright);
motd();
if (stat(mail, &st) == 0 && st.st_size != 0)
(void)printf("You have %smail.\n",
(st.st_mtime > st.st_atime) ? "new " : "");
}
(void)signal(SIGALRM, SIG_DFL);
(void)signal(SIGQUIT, SIG_DFL);
(void)signal(SIGHUP, SIG_DFL);
(void)signal(SIGINT, SIG_DFL);
(void)signal(SIGTSTP, SIG_IGN);
tbuf[0] = '-';
(void)strlcpy(tbuf + 1, (p = strrchr(shell, '/')) ?
p + 1 : shell, sizeof(tbuf) - 1);
if ((scds.rlim_cur != QUAD_MIN || scds.rlim_max != QUAD_MIN) &&
setrlimit(RLIMIT_CORE, &scds) < 0)
syslog(LOG_ERR, "couldn't reset core dump size: %m");
if (lastchance)
(void)printf("WARNING: Your password has expired."
" You must change your password, now!\n");
if (setusercontext(lc, pwd, rootlogin ? 0 : pwd->pw_uid,
LOGIN_SETALL & ~LOGIN_SETPATH) < 0) {
warn("unable to set user context");
quickexit(1);
}
if (homeless) {
(void)printf("No home directory %s!\n", pwd->pw_dir);
(void)printf("Logging in with home = \"/\".\n");
(void)setenv("HOME", "/", 1);
}
if (auth_approval(as, lc, NULL, "login") == 0) {
if (auth_getstate(as) & AUTH_EXPIRED)
(void)printf("Sorry -- your account has expired.\n");
else
(void)printf("approval failure\n");
quickexit(1);
}
/*
* The last thing we do is discard all of the open file descriptors.
* Last because the C library may have some open.
*/
closefrom(STDERR_FILENO + 1);
/*
* Close the authentication session, make sure it is marked
* as okay so no files are removed.
*/
auth_setstate(as, AUTH_OKAY);
auth_close(as);
execlp(shell, tbuf, (char *)NULL);
err(1, "%s", shell);
}
