/* Export env variables declared by PAM modules. */
static void
export_pamenv (void)
{
char **env;
/* This is a copy but don't care to free as we exec later anyways. */
env = pam_getenvlist (pamh);
while (env && *env)
{
if (putenv (*env) != 0)
err (EXIT_FAILURE, NULL);
env++;
}
}
/*
* Export any environment variables PAM modules may have set
*/
static void
export_pam_environment(void)
{
char **pam_env;
char **pp;
pam_env = pam_getenvlist(pamh);
if (pam_env != NULL) {
for (pp = pam_env; *pp != NULL; pp++) {
export(*pp);
free(*pp);
}
}
}
void lxdm_auth_print_env(LXDM_AUTH *a)
{
int i;
char **penv;
if(!a->handle) return;
penv=pam_getenvlist(a->handle);
if(!penv) return;
for(i=0;penv[i]!=NULL;i++)
{
if(i!=0) printf(" ");
printf("%s",penv[i]);
}
free(penv);
}
/*
* Initialize $TERM, $HOME, ...
*/
static void init_environ(struct login_context *cxt)
{
struct passwd *pwd = cxt->pwd;
char *termenv, **env;
char tmp[PATH_MAX];
int len, i;
termenv = getenv("TERM");
if (termenv)
termenv = xstrdup(termenv);
/* destroy environment unless user has requested preservation (-p) */
if (!cxt->keep_env) {
environ = xmalloc(sizeof(char *));
memset(environ, 0, sizeof(char *));
}
xsetenv("HOME", pwd->pw_dir, 0); /* legal to override */
xsetenv("USER", pwd->pw_name, 1);
xsetenv("SHELL", pwd->pw_shell, 1);
xsetenv("TERM", termenv ? termenv : "dumb", 1);
free(termenv);
if (pwd->pw_uid) {
if (logindefs_setenv("PATH", "ENV_PATH", _PATH_DEFPATH) != 0)
err(EXIT_FAILURE, _("failed to set the %s environment variable"), "PATH");
} else if (logindefs_setenv("PATH", "ENV_ROOTPATH", NULL) != 0 &&
logindefs_setenv("PATH", "ENV_SUPATH", _PATH_DEFPATH_ROOT) != 0) {
err(EXIT_FAILURE, _("failed to set the %s environment variable"), "PATH");
}
/* mailx will give a funny error msg if you forget this one */
len = snprintf(tmp, sizeof(tmp), "%s/%s", _PATH_MAILDIR, pwd->pw_name);
if (len > 0 && (size_t) len < sizeof(tmp))
xsetenv("MAIL", tmp, 0);
/* LOGNAME is not documented in login(1) but HP-UX 6.5 does it. We'll
* not allow modifying it.
*/
xsetenv("LOGNAME", pwd->pw_name, 1);
env = pam_getenvlist(cxt->pamh);
for (i = 0; env && env[i]; i++)
putenv(env[i]);
}
static void execute_kwallet(pam_handle_t *pamh, struct passwd *userInfo, int toWalletPipe[2], int envSocket)
{
//In the child pam_syslog does not work, using syslog directly
int x = 2;
//Close fd that are not of interest of kwallet
for (; x < 64; ++x) {
if (x != toWalletPipe[0] && x != envSocket) {
close (x);
}
}
//This is the side of the pipe PAM will send the hash to
close (toWalletPipe[1]);
/* When dropping privileges from root, the `setgroups` call will
* remove any extraneous groups. If we don't call this, then
* even though our uid has dropped, we may still have groups
* that enable us to do super-user things. This will fail if we
* aren't root, so don't bother checking the return value, this
* is just done as an optimistic privilege dropping function.
*/
setgroups(0, NULL);
//Change to the user in case we are not it yet
if (setgid (userInfo->pw_gid) < 0 || setuid (userInfo->pw_uid) < 0 ||
setegid (userInfo->pw_gid) < 0 || seteuid (userInfo->pw_uid) < 0) {
syslog(LOG_ERR, "pam_kwallet: could not set gid/uid/euid/egit for kwalletd");
goto cleanup;
}
//TODO use a pam argument for full path kwalletd
char pipeInt[4];
sprintf(pipeInt, "%d", toWalletPipe[0]);
char sockIn[4];
sprintf(sockIn, "%d", envSocket);
char *args[] = {strdup(kwalletd), "--pam-login", pipeInt, sockIn, NULL};
execve(args[0], args, pam_getenvlist(pamh));
syslog(LOG_ERR, "pam_kwallet: could not execute kwalletd");
cleanup:
exit(EXIT_FAILURE);
}
/* used in pam */
gboolean
mdm_verify_setup_env (MdmDisplay *d)
{
gchar **pamenv;
if (pamh == NULL)
return FALSE;
/* Migrate any PAM env. variables to the user's environment */
/* This leaks, oh well */
if ((pamenv = pam_getenvlist (pamh))) {
gint i;
for (i = 0 ; pamenv[i] ; i++) {
putenv (g_strdup (pamenv[i]));
}
}
return TRUE;
}
void pam_export_environ()
{
if (!pam_h) return;
#if HAVE_PAM_GETENVLIST
/* XXX should we really prevent MAIL, PATH set through PAM? */
static char* banned_env[] = {"SHELL", "HOME", "LOGNAME", "MAIL", "CDPATH",
"IFS", "PATH", "LD_", 0 };
char **pam_env = pam_getenvlist(pam_h), **env;
if (!pam_env) { debug("pam_getenvlist() failed"); return; }
for (env = pam_env; *env; ++env) {
char** banp;
for (banp = banned_env; *banp; ++banp)
if (strncmp(*env, *banp, strlen(*banp)) == 0)
{ free(*env); continue; }
putenv(*env);
}
free(pam_env);
#endif
}
int
main (void)
{
const char *service = "dummy";
const char *user = "******";
struct pam_conv conv;
pam_handle_t *pamh;
int retval;
char **ptr;
char *temp;
int var, i;
/* 1: Call with NULL as pam handle */
ptr = pam_getenvlist (NULL);
if (ptr != NULL)
{
fprintf (stderr, "pam_getenvlist (NULL) does not return NULL\n");
return 1;
}
/* setup pam handle */
retval = pam_start (service, user, &conv, &pamh);
if (retval != PAM_SUCCESS)
{
fprintf (stderr, "pam_start (%s, %s, &conv, &pamh) returned %d\n",
service, user, retval);
return 1;
}
/* 2: Call with pam handle, but no environment set */
ptr = pam_getenvlist (pamh);
if (ptr == NULL || *ptr != NULL)
{
fprintf (stderr,
"pam_getenvlist (pamh) does not return pointer to NULL\n");
temp = *ptr;
var = 0;
while (temp)
{
printf ("%s\n", temp);
var++;
temp = *(ptr + var);
}
return 1;
}
free (ptr);
/* set environment variable */
for (i = 0; i < 3; i++)
{
retval = pam_putenv (pamh, envvals[i]);
if (retval != PAM_SUCCESS)
{
fprintf (stderr, "pam_putenv (pamh, \"%s\") returned %d\n",
envvals[i], retval);
return 1;
}
}
/* 3: Call with pam handle and environment set */
ptr = pam_getenvlist (pamh);
if (ptr == NULL)
{
fprintf (stderr, "pam_getenvlist (pamh) returned NULL\n");
return 1;
}
else
{
temp = *ptr;
var = 0;
while (temp)
{
if (strcmp (temp, envvals[var]) != 0)
{
fprintf (stderr,
"pam_getenvlist returns wrong value:\n"
"expected: %s\n"
"got: %s\n", envvals[var], temp);
return 1;
}
free (temp);
var++;
temp = *(ptr + var);
}
free (ptr);
}
return 0;
}
int main(int argc, char **argv)
{
pam_handle_t *pamh=NULL;
char *username=NULL;
int retcode;
/* did the user call with a username as an argument ? */
if (argc > 2) {
fprintf(stderr,"usage: %s [username]\n",argv[0]);
} else if (argc == 2) {
username = argv[1];
}
/* initialize the Linux-PAM library */
retcode = pam_start("blank", username, &conv, &pamh);
bail_out(pamh,1,retcode,"pam_start");
/* test the environment stuff */
{
#define MAXENV 15
const char *greek[MAXENV] = {
"a=alpha", "b=beta", "c=gamma", "d=delta", "e=epsilon",
"f=phi", "g=psi", "h=eta", "i=iota", "j=mu", "k=nu",
"l=zeta", "h=", "d", "k=xi"
};
char **env;
int i;
for (i=0; i<MAXENV; ++i) {
retcode = pam_putenv(pamh,greek[i]);
bail_out(pamh,0,retcode,"pam_putenv");
}
env = pam_getenvlist(pamh);
if (env)
env = pam_misc_drop_env(env);
else
fprintf(stderr,"???\n");
fprintf(stderr,"a test: c=[%s], j=[%s]\n"
, pam_getenv(pamh, "c"), pam_getenv(pamh, "j"));
}
/* to avoid using goto we abuse a loop here */
for (;;) {
/* authenticate the user --- `0' here, could have been PAM_SILENT
* | PAM_DISALLOW_NULL_AUTHTOK */
retcode = pam_authenticate(pamh, 0);
bail_out(pamh,0,retcode,"pam_authenticate");
/* has the user proved themself valid? */
if (retcode != PAM_SUCCESS) {
fprintf(stderr,"%s: invalid request\n",argv[0]);
break;
}
/* the user is valid, but should they have access at this
time? */
retcode = pam_acct_mgmt(pamh, 0); /* `0' could be as above */
bail_out(pamh,0,retcode,"pam_acct_mgmt");
if (retcode == PAM_NEW_AUTHTOK_REQD) {
fprintf(stderr,"Application must request new password...\n");
retcode = pam_chauthtok(pamh,PAM_CHANGE_EXPIRED_AUTHTOK);
bail_out(pamh,0,retcode,"pam_chauthtok");
}
if (retcode != PAM_SUCCESS) {
fprintf(stderr,"%s: invalid request\n",argv[0]);
break;
}
/* `0' could be as above */
retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED);
bail_out(pamh,0,retcode,"pam_setcred1");
if (retcode != PAM_SUCCESS) {
fprintf(stderr,"%s: problem setting user credentials\n"
,argv[0]);
break;
}
/* open a session for the user --- `0' could be PAM_SILENT */
retcode = pam_open_session(pamh,0);
bail_out(pamh,0,retcode,"pam_open_session");
if (retcode != PAM_SUCCESS) {
fprintf(stderr,"%s: problem opening a session\n",argv[0]);
break;
}
fprintf(stderr,"The user has been authenticated and `logged in'\n");
/* close a session for the user --- `0' could be PAM_SILENT
* it is possible that this pam_close_call is in another program..
*/
retcode = pam_close_session(pamh,0);
bail_out(pamh,0,retcode,"pam_close_session");
if (retcode != PAM_SUCCESS) {
fprintf(stderr,"%s: problem closing a session\n",argv[0]);
break;
}
retcode = pam_setcred(pamh, PAM_DELETE_CRED);
bail_out(pamh,0,retcode,"pam_setcred2");
break; /* don't go on for ever! */
}
/* close the Linux-PAM library */
retcode = pam_end(pamh, PAM_SUCCESS);
pamh = NULL;
bail_out(pamh,1,retcode,"pam_end");
exit(0);
}
int
sudo_pam_begin_session(struct passwd *pw, char **user_envp[], sudo_auth *auth)
{
int status = PAM_SUCCESS;
debug_decl(sudo_pam_begin_session, SUDO_DEBUG_AUTH)
/*
* If there is no valid user we cannot open a PAM session.
* This is not an error as sudo can run commands with arbitrary
* uids, it just means we are done from a session management standpoint.
*/
if (pw == NULL) {
if (pamh != NULL) {
(void) pam_end(pamh, PAM_SUCCESS | PAM_DATA_SILENT);
pamh = NULL;
}
goto done;
}
/*
* Update PAM_USER to reference the user we are running the command
* as, as opposed to the user we authenticated as.
*/
(void) pam_set_item(pamh, PAM_USER, pw->pw_name);
/*
* Set credentials (may include resource limits, device ownership, etc).
* We don't check the return value here because in Linux-PAM 0.75
* it returns the last saved return code, not the return code
* for the setcred module. Because we haven't called pam_authenticate(),
* this is not set and so pam_setcred() returns PAM_PERM_DENIED.
* We can't call pam_acct_mgmt() with Linux-PAM for a similar reason.
*/
(void) pam_setcred(pamh, PAM_ESTABLISH_CRED);
#ifdef HAVE_PAM_GETENVLIST
/*
* Update environment based on what is stored in pamh.
* If no authentication is done we will only have environment
* variables if pam_env is called via session.
*/
if (user_envp != NULL) {
char **pam_envp = pam_getenvlist(pamh);
if (pam_envp != NULL) {
/* Merge pam env with user env but do not overwrite. */
env_init(*user_envp);
env_merge(pam_envp, false);
*user_envp = env_get();
env_init(NULL);
efree(pam_envp);
/* XXX - we leak any duplicates that were in pam_envp */
}
}
#endif /* HAVE_PAM_GETENVLIST */
#ifndef NO_PAM_SESSION
status = pam_open_session(pamh, 0);
if (status != PAM_SUCCESS) {
(void) pam_end(pamh, status | PAM_DATA_SILENT);
pamh = NULL;
}
#endif
done:
debug_return_int(status == PAM_SUCCESS ? AUTH_SUCCESS : AUTH_FAILURE);
}
static void child_process(char *exec, char **argv)
{
RC_STRINGLIST *env_list;
RC_STRING *env;
int i;
char *p;
char *token;
size_t len;
char *newpath;
char *np;
char **c;
char cmdline[PATH_MAX];
#ifdef HAVE_PAM
pam_handle_t *pamh = NULL;
int pamr;
const char *const *pamenv = NULL;
#endif
setsid();
if (nicelevel) {
if (setpriority(PRIO_PROCESS, getpid(), nicelevel) == -1)
eerrorx("%s: setpriority %d: %s", applet, nicelevel,
strerror(errno));
}
if (ionicec != -1 && ioprio_set(1, getpid(), ionicec | ioniced) == -1)
eerrorx("%s: ioprio_set %d %d: %s", applet, ionicec, ioniced,
strerror(errno));
if (ch_root && chroot(ch_root) < 0)
eerrorx("%s: chroot `%s': %s", applet, ch_root, strerror(errno));
if (ch_dir && chdir(ch_dir) < 0)
eerrorx("%s: chdir `%s': %s", applet, ch_dir, strerror(errno));
#ifdef HAVE_PAM
if (changeuser != NULL) {
pamr = pam_start("supervise-daemon",
changeuser, &conv, &pamh);
if (pamr == PAM_SUCCESS)
pamr = pam_acct_mgmt(pamh, PAM_SILENT);
if (pamr == PAM_SUCCESS)
pamr = pam_open_session(pamh, PAM_SILENT);
if (pamr != PAM_SUCCESS)
eerrorx("%s: pam error: %s", applet, pam_strerror(pamh, pamr));
}
#endif
if (gid && setgid(gid))
eerrorx("%s: unable to set groupid to %d", applet, gid);
if (changeuser && initgroups(changeuser, gid))
eerrorx("%s: initgroups (%s, %d)", applet, changeuser, gid);
if (uid && setuid(uid))
eerrorx ("%s: unable to set userid to %d", applet, uid);
/* Close any fd's to the passwd database */
endpwent();
#ifdef TIOCNOTTY
ioctl(tty_fd, TIOCNOTTY, 0);
close(tty_fd);
#endif
/* Clean the environment of any RC_ variables */
env_list = rc_stringlist_new();
i = 0;
while (environ[i])
rc_stringlist_add(env_list, environ[i++]);
#ifdef HAVE_PAM
if (changeuser != NULL) {
pamenv = (const char *const *)pam_getenvlist(pamh);
if (pamenv) {
while (*pamenv) {
/* Don't add strings unless they set a var */
if (strchr(*pamenv, '='))
putenv(xstrdup(*pamenv));
else
unsetenv(*pamenv);
pamenv++;
}
}
}
#endif
TAILQ_FOREACH(env, env_list, entries) {
if ((strncmp(env->value, "RC_", 3) == 0 &&
strncmp(env->value, "RC_SERVICE=", 10) != 0 &&
strncmp(env->value, "RC_SVCNAME=", 10) != 0) ||
strncmp(env->value, "SSD_NICELEVEL=", 14) == 0)
{
p = strchr(env->value, '=');
*p = '\0';
unsetenv(env->value);
continue;
}
}
rc_stringlist_free(env_list);
/* For the path, remove the rcscript bin dir from it */
if ((token = getenv("PATH"))) {
len = strlen(token);
newpath = np = xmalloc(len + 1);
while (token && *token) {
p = strchr(token, ':');
if (p) {
*p++ = '\0';
while (*p == ':')
p++;
}
if (strcmp(token, RC_LIBEXECDIR "/bin") != 0 &&
strcmp(token, RC_LIBEXECDIR "/sbin") != 0)
{
len = strlen(token);
if (np != newpath)
*np++ = ':';
memcpy(np, token, len);
np += len;
}
token = p;
}
*np = '\0';
unsetenv("PATH");
setenv("PATH", newpath, 1);
}
stdin_fd = devnull_fd;
stdout_fd = devnull_fd;
stderr_fd = devnull_fd;
if (redirect_stdout) {
if ((stdout_fd = open(redirect_stdout,
O_WRONLY | O_CREAT | O_APPEND,
S_IRUSR | S_IWUSR)) == -1)
eerrorx("%s: unable to open the logfile"
" for stdout `%s': %s",
applet, redirect_stdout, strerror(errno));
}
if (redirect_stderr) {
if ((stderr_fd = open(redirect_stderr,
O_WRONLY | O_CREAT | O_APPEND,
S_IRUSR | S_IWUSR)) == -1)
eerrorx("%s: unable to open the logfile"
" for stderr `%s': %s",
applet, redirect_stderr, strerror(errno));
}
dup2(stdin_fd, STDIN_FILENO);
if (redirect_stdout || rc_yesno(getenv("EINFO_QUIET")))
dup2(stdout_fd, STDOUT_FILENO);
if (redirect_stderr || rc_yesno(getenv("EINFO_QUIET")))
dup2(stderr_fd, STDERR_FILENO);
for (i = getdtablesize() - 1; i >= 3; --i)
close(i);
*cmdline = '\0';
c = argv;
while (*c) {
strcat(cmdline, *c);
strcat(cmdline, " ");
c++;
}
syslog(LOG_INFO, "Running command line: %s", cmdline);
execvp(exec, argv);
#ifdef HAVE_PAM
if (changeuser != NULL && pamr == PAM_SUCCESS)
pam_close_session(pamh, PAM_SILENT);
#endif
eerrorx("%s: failed to exec `%s': %s", applet, exec,strerror(errno));
}
int main(int argc, char **argv) {
hardened_shadow_openlog("su");
if (!hardened_shadow_get_current_username(¤t_username))
errx(EXIT_FAILURE, "Cannot determine your user name.");
parse_args(argc, argv);
uid_t my_uid = getuid();
bool is_root = (my_uid == 0);
if (!is_root && (!isatty(STDIN_FILENO) || !ttyname(STDIN_FILENO)))
errx(EXIT_FAILURE, "must be run from a terminal");
const struct pam_conv pam_conversation = {
misc_conv,
NULL
};
pam_handle_t *pam_handle = NULL;
int pam_rv = pam_start("su", target_username, &pam_conversation, &pam_handle);
if (pam_rv != PAM_SUCCESS) {
hardened_shadow_syslog(LOG_ERR, "pam_start: error %d", pam_rv);
su_fatal();
}
pam_rv = pam_set_item(pam_handle, PAM_TTY, ttyname(STDIN_FILENO));
if (pam_rv != PAM_SUCCESS) {
hardened_shadow_syslog(LOG_ERR, "pam_set_item: %s",
pam_strerror(pam_handle, pam_rv));
goto pam_cleanup;
}
pam_rv = pam_set_item(pam_handle, PAM_RUSER, current_username);
if (pam_rv != PAM_SUCCESS) {
hardened_shadow_syslog(LOG_ERR, "pam_set_item: %s",
pam_strerror(pam_handle, pam_rv));
goto pam_cleanup;
}
pam_rv = pam_fail_delay(pam_handle, 1000000);
if (pam_rv != PAM_SUCCESS) {
hardened_shadow_syslog(LOG_ERR, "pam_fail_delay: %s",
pam_strerror(pam_handle, pam_rv));
goto pam_cleanup;
}
pam_rv = pam_authenticate(pam_handle, 0);
if (pam_rv != PAM_SUCCESS) {
hardened_shadow_syslog(LOG_ERR, "pam_authenticate: %s",
pam_strerror(pam_handle, pam_rv));
goto pam_cleanup;
}
pam_rv = pam_acct_mgmt(pam_handle, 0);
if (pam_rv != PAM_SUCCESS) {
if (is_root) {
warnx("%s (ignored)", pam_strerror(pam_handle, pam_rv));
} else if (pam_rv == PAM_NEW_AUTHTOK_REQD) {
pam_rv = pam_chauthtok(pam_handle, PAM_CHANGE_EXPIRED_AUTHTOK);
if (pam_rv != PAM_SUCCESS) {
hardened_shadow_syslog(LOG_ERR, "pam_chauthtok: %s",
pam_strerror(pam_handle, pam_rv));
goto pam_cleanup;
}
} else {
hardened_shadow_syslog(LOG_ERR, "pam_acct_mgmt: %s",
pam_strerror(pam_handle, pam_rv));
goto pam_cleanup;
}
}
if (setgid(target_gid) != 0) {
hardened_shadow_syslog(LOG_ERR, "bad group ID `%d' for user `%s': %s",
target_gid, target_username, strerror(errno));
pam_rv = PAM_ABORT;
goto pam_cleanup;
}
if (initgroups(target_username, target_gid) != 0) {
hardened_shadow_syslog(LOG_ERR, "initgroups failed for user `%s': %s",
target_username, strerror(errno));
pam_rv = PAM_ABORT;
goto pam_cleanup;
}
pam_rv = pam_setcred(pam_handle, PAM_ESTABLISH_CRED);
if (pam_rv != PAM_SUCCESS) {
hardened_shadow_syslog(LOG_ERR, "pam_setcred: %s",
pam_strerror(pam_handle, pam_rv));
goto pam_cleanup;
}
pam_rv = pam_open_session(pam_handle, 0);
if (pam_rv != PAM_SUCCESS) {
hardened_shadow_syslog(LOG_ERR, "pam_open_session: %s",
pam_strerror(pam_handle, pam_rv));
goto pam_cred_cleanup;
}
char **pam_env = pam_getenvlist(pam_handle);
if (!pam_env)
errx(EXIT_FAILURE, "pam_getenvlist returned NULL");
struct environment_options environment_options = {
.pam_environment = pam_env,
.preserve_environment = preserve_environment,
.login_shell = login_shell,
.target_username = target_username,
.target_homedir = target_homedir,
.target_shell = shell,
};
if (!hardened_shadow_prepare_environment(&environment_options)) {
pam_rv = PAM_ABORT;
goto pam_session_cleanup;
}
if (setuid(target_uid) != 0) {
hardened_shadow_syslog(LOG_ERR, "bad user ID `%d' for user `%s': %s",
target_uid, target_username, strerror(errno));
goto pam_session_cleanup;
}
int shell_argc = command ? 4 : 2;
char **shell_argv = calloc(shell_argc, sizeof(*shell_argv));
if (!shell_argv) {
hardened_shadow_syslog(LOG_ERR, "memory allocation failure");
goto pam_session_cleanup;
}
/* When argv[0] starts with a dash ("-"), bash will recognize
* it as a login shell. This is what shadow-utils does. */
shell_argv[0] = login_shell ? "-su" : shell;
if (command) {
shell_argv[1] = "-c";
shell_argv[2] = command;
}
shell_argv[shell_argc - 1] = NULL;
int status;
if (!run_shell(shell, shell_argv, &status)) {
pam_rv = PAM_ABORT;
goto pam_session_cleanup;
}
free(shell_argv);
pam_rv = pam_setcred(pam_handle, PAM_DELETE_CRED);
if (pam_rv != PAM_SUCCESS) {
hardened_shadow_syslog(LOG_ERR, "pam_setcred: %s",
pam_strerror(pam_handle, pam_rv));
pam_close_session(pam_handle, 0);
pam_end(pam_handle, pam_rv);
errx(EXIT_FAILURE, "pam_setcred");
}
pam_rv = pam_close_session(pam_handle, 0);
if (pam_rv != PAM_SUCCESS) {
hardened_shadow_syslog(LOG_ERR, "pam_close_session: %s",
pam_strerror(pam_handle, pam_rv));
pam_end(pam_handle, pam_rv);
errx(EXIT_FAILURE, "pam_close_session");
}
pam_end(pam_handle, pam_rv);
free(shell);
free(current_username);
free(target_username);
free(target_homedir);
hardened_shadow_closelog();
if (WIFEXITED(status))
return WEXITSTATUS(status);
return WTERMSIG(status) + 128;
pam_session_cleanup:
pam_close_session(pam_handle, 0);
pam_cred_cleanup:
pam_setcred(pam_handle, PAM_DELETE_CRED);
pam_cleanup:
pam_end(pam_handle, pam_rv);
su_fatal();
}
/*
* Authentication thread.
*/
static void *
sshpam_thread(void *ctxtp)
{
struct pam_ctxt *ctxt = ctxtp;
Buffer buffer;
struct pam_conv sshpam_conv;
int flags = (options.permit_empty_passwd == 0 ?
PAM_DISALLOW_NULL_AUTHTOK : 0);
#ifndef UNSUPPORTED_POSIX_THREADS_HACK
extern char **environ;
char **env_from_pam;
u_int i;
const char *pam_user;
const char **ptr_pam_user = &pam_user;
char *tz = getenv("TZ");
sshpam_err = pam_get_item(sshpam_handle, PAM_USER,
(sshpam_const void **)ptr_pam_user);
if (sshpam_err != PAM_SUCCESS)
goto auth_fail;
environ[0] = NULL;
if (tz != NULL)
if (setenv("TZ", tz, 1) == -1)
error("PAM: could not set TZ environment: %s",
strerror(errno));
if (sshpam_authctxt != NULL) {
setproctitle("%s [pam]",
sshpam_authctxt->valid ? pam_user : "******");
}
#endif
sshpam_conv.conv = sshpam_thread_conv;
sshpam_conv.appdata_ptr = ctxt;
if (sshpam_authctxt == NULL)
fatal("%s: PAM authctxt not initialized", __func__);
buffer_init(&buffer);
sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
(const void *)&sshpam_conv);
if (sshpam_err != PAM_SUCCESS)
goto auth_fail;
sshpam_err = pam_authenticate(sshpam_handle, flags);
if (sshpam_err != PAM_SUCCESS)
goto auth_fail;
if (compat20) {
if (!do_pam_account()) {
sshpam_err = PAM_ACCT_EXPIRED;
goto auth_fail;
}
if (sshpam_authctxt->force_pwchange) {
sshpam_err = pam_chauthtok(sshpam_handle,
PAM_CHANGE_EXPIRED_AUTHTOK);
if (sshpam_err != PAM_SUCCESS)
goto auth_fail;
sshpam_password_change_required(0);
}
}
buffer_put_cstring(&buffer, "OK");
#ifndef UNSUPPORTED_POSIX_THREADS_HACK
/* Export variables set by do_pam_account */
buffer_put_int(&buffer, sshpam_account_status);
buffer_put_int(&buffer, sshpam_authctxt->force_pwchange);
/* Export any environment strings set in child */
for(i = 0; environ[i] != NULL; i++)
; /* Count */
buffer_put_int(&buffer, i);
for(i = 0; environ[i] != NULL; i++)
buffer_put_cstring(&buffer, environ[i]);
/* Export any environment strings set by PAM in child */
env_from_pam = pam_getenvlist(sshpam_handle);
for(i = 0; env_from_pam != NULL && env_from_pam[i] != NULL; i++)
; /* Count */
buffer_put_int(&buffer, i);
for(i = 0; env_from_pam != NULL && env_from_pam[i] != NULL; i++)
buffer_put_cstring(&buffer, env_from_pam[i]);
#endif /* UNSUPPORTED_POSIX_THREADS_HACK */
/* XXX - can't do much about an error here */
ssh_msg_send(ctxt->pam_csock, sshpam_err, &buffer);
buffer_free(&buffer);
pthread_exit(NULL);
auth_fail:
buffer_put_cstring(&buffer,
pam_strerror(sshpam_handle, sshpam_err));
/* XXX - can't do much about an error here */
if (sshpam_err == PAM_ACCT_EXPIRED)
ssh_msg_send(ctxt->pam_csock, PAM_ACCT_EXPIRED, &buffer);
else
ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer);
buffer_free(&buffer);
pthread_exit(NULL);
return (NULL); /* Avoid warning for non-pthread case */
}
void
doit(struct sockaddr *fromp)
{
extern char *__rcmd_errstr; /* syslog hook from libc/net/rcmd.c. */
struct passwd *pwd;
u_short port;
fd_set ready, readfrom;
int cc, fd, nfd, pv[2], pid, s;
int one = 1;
const char *cp, *errorstr;
char sig, buf[BUFSIZ];
char *cmdbuf, luser[16], ruser[16];
char rhost[2 * MAXHOSTNAMELEN + 1];
char numericname[INET6_ADDRSTRLEN];
int af, srcport;
int maxcmdlen;
#ifndef __APPLE__
login_cap_t *lc;
#else
struct hostent *hp;
char *hostname, *errorhost = NULL;
#endif
maxcmdlen = (int)sysconf(_SC_ARG_MAX);
if (maxcmdlen <= 0 || (cmdbuf = malloc(maxcmdlen)) == NULL)
exit(1);
#if defined(KERBEROS)
AUTH_DAT *kdata = (AUTH_DAT *) NULL;
KTEXT ticket = (KTEXT) NULL;
char instance[INST_SZ], version[VERSION_SIZE];
struct sockaddr_in fromaddr;
int rc;
long authopts;
int pv1[2], pv2[2];
fd_set wready, writeto;
fromaddr = *fromp;
#endif /* KERBEROS */
(void) signal(SIGINT, SIG_DFL);
(void) signal(SIGQUIT, SIG_DFL);
(void) signal(SIGTERM, SIG_DFL);
af = fromp->sa_family;
srcport = ntohs(*((in_port_t *)&fromp->sa_data));
if (af == AF_INET) {
inet_ntop(af, &((struct sockaddr_in *)fromp)->sin_addr,
numericname, sizeof numericname);
} else if (af == AF_INET6) {
inet_ntop(af, &((struct sockaddr_in6 *)fromp)->sin6_addr,
numericname, sizeof numericname);
} else {
syslog(LOG_ERR, "malformed \"from\" address (af %d)", af);
exit(1);
}
#ifdef IP_OPTIONS
if (af == AF_INET) {
u_char optbuf[BUFSIZ/3];
socklen_t optsize = sizeof(optbuf), ipproto, i;
struct protoent *ip;
if ((ip = getprotobyname("ip")) != NULL)
ipproto = ip->p_proto;
else
ipproto = IPPROTO_IP;
if (!getsockopt(0, ipproto, IP_OPTIONS, optbuf, &optsize) &&
optsize != 0) {
for (i = 0; i < optsize; ) {
u_char c = optbuf[i];
if (c == IPOPT_LSRR || c == IPOPT_SSRR) {
syslog(LOG_NOTICE,
"connection refused from %s with IP option %s",
numericname,
c == IPOPT_LSRR ? "LSRR" : "SSRR");
exit(1);
}
if (c == IPOPT_EOL)
break;
i += (c == IPOPT_NOP) ? 1 : optbuf[i+1];
}
}
}
#endif
#if defined(KERBEROS)
if (!use_kerberos)
#endif
if (srcport >= IPPORT_RESERVED ||
srcport < IPPORT_RESERVED/2) {
syslog(LOG_NOTICE|LOG_AUTH,
"connection from %s on illegal port %u",
numericname,
srcport);
exit(1);
}
(void) alarm(60);
port = 0;
s = 0; /* not set or used if port == 0 */
for (;;) {
char c;
if ((cc = read(STDIN_FILENO, &c, 1)) != 1) {
if (cc < 0)
syslog(LOG_NOTICE, "read: %m");
shutdown(0, SHUT_RDWR);
exit(1);
}
if (c == 0)
break;
port = port * 10 + c - '0';
}
(void) alarm(0);
if (port != 0) {
int lport = IPPORT_RESERVED - 1;
s = rresvport_af(&lport, af);
if (s < 0) {
syslog(LOG_ERR, "can't get stderr port: %m");
exit(1);
}
#if defined(KERBEROS)
if (!use_kerberos)
#endif
if (port >= IPPORT_RESERVED ||
port < IPPORT_RESERVED/2) {
syslog(LOG_NOTICE|LOG_AUTH,
"2nd socket from %s on unreserved port %u",
numericname,
port);
exit(1);
}
*((in_port_t *)&fromp->sa_data) = htons(port);
if (connect(s, fromp, fromp->sa_len) < 0) {
syslog(LOG_INFO, "connect second port %d: %m", port);
exit(1);
}
}
#if defined(KERBEROS)
if (vacuous) {
error("rshd: remote host requires Kerberos authentication\n");
exit(1);
}
#endif
errorstr = NULL;
#ifndef __APPLE__
realhostname_sa(rhost, sizeof(rhost) - 1, fromp, fromp->sa_len);
rhost[sizeof(rhost) - 1] = '\0';
/* XXX truncation! */
#else
errorstr = NULL;
hp = gethostbyaddr((char *)&((struct sockaddr_in *)fromp)->sin_addr, sizeof (struct in_addr),
((struct sockaddr_in *)fromp)->sin_family);
if (hp) {
/*
* If name returned by gethostbyaddr is in our domain,
* attempt to verify that we haven't been fooled by someone
* in a remote net; look up the name and check that this
* address corresponds to the name.
*/
hostname = hp->h_name;
#if defined(KERBEROS)
if (!use_kerberos)
#endif
if (check_all || local_domain(hp->h_name)) {
strncpy(rhost, hp->h_name, sizeof(rhost) - 1);
rhost[sizeof(rhost) - 1] = 0;
errorhost = rhost;
hp = gethostbyname(rhost);
if (hp == NULL) {
syslog(LOG_INFO,
"Couldn't look up address for %s",
rhost);
errorstr =
"Couldn't look up address for your host (%s)\n";
hostname = inet_ntoa(((struct sockaddr_in *)fromp)->sin_addr);
} else for (; ; hp->h_addr_list++) {
if (hp->h_addr_list[0] == NULL) {
syslog(LOG_NOTICE,
"Host addr %s not listed for host %s",
inet_ntoa(((struct sockaddr_in *)fromp)->sin_addr),
hp->h_name);
errorstr =
"Host address mismatch for %s\n";
hostname = inet_ntoa(((struct sockaddr_in *)fromp)->sin_addr);
break;
}
if (!bcmp(hp->h_addr_list[0],
(caddr_t)&((struct sockaddr_in *)fromp)->sin_addr,
sizeof(((struct sockaddr_in *)fromp)->sin_addr))) {
hostname = hp->h_name;
break;
}
}
}
} else
errorhost = hostname = inet_ntoa(((struct sockaddr_in *)fromp)->sin_addr);
#if defined(KERBEROS)
if (use_kerberos) {
kdata = (AUTH_DAT *) authbuf;
ticket = (KTEXT) tickbuf;
authopts = 0L;
strcpy(instance, "*");
version[VERSION_SIZE - 1] = '\0';
#if defined(CRYPT)
if (doencrypt) {
struct sockaddr_in local_addr;
rc = sizeof(local_addr);
if (getsockname(0, (struct sockaddr *)&local_addr,
&rc) < 0) {
syslog(LOG_ERR, "getsockname: %m");
error("rshd: getsockname: %m");
exit(1);
}
authopts = KOPT_DO_MUTUAL;
rc = krb_recvauth(authopts, 0, ticket,
"rcmd", instance, &fromaddr,
&local_addr, kdata, "", schedule,
version);
des_set_key(kdata->session, schedule);
} else
#endif /* CRYPT */
rc = krb_recvauth(authopts, 0, ticket, "rcmd",
instance, &fromaddr,
(struct sockaddr_in *) 0,
kdata, "", (bit_64 *) 0, version);
if (rc != KSUCCESS) {
error("Kerberos authentication failure: %s\n",
krb_err_txt[rc]);
exit(1);
}
} else
#endif /* KERBEROS */
#endif
(void) alarm(60);
getstr(ruser, sizeof(ruser), "ruser");
getstr(luser, sizeof(luser), "luser");
getstr(cmdbuf, maxcmdlen, "command");
(void) alarm(0);
#if !TARGET_OS_EMBEDDED
pam_err = pam_start("rshd", luser, &pamc, &pamh);
if (pam_err != PAM_SUCCESS) {
syslog(LOG_ERR|LOG_AUTH, "pam_start(): %s",
pam_strerror(pamh, pam_err));
rshd_errx(1, "Login incorrect.");
}
if ((pam_err = pam_set_item(pamh, PAM_RUSER, ruser)) != PAM_SUCCESS ||
(pam_err = pam_set_item(pamh, PAM_RHOST, rhost) != PAM_SUCCESS)) {
syslog(LOG_ERR|LOG_AUTH, "pam_set_item(): %s",
pam_strerror(pamh, pam_err));
rshd_errx(1, "Login incorrect.");
}
pam_err = pam_authenticate(pamh, 0);
if (pam_err == PAM_SUCCESS) {
if ((pam_err = pam_get_user(pamh, &cp, NULL)) == PAM_SUCCESS) {
strncpy(luser, cp, sizeof(luser));
luser[sizeof(luser) - 1] = '\0';
/* XXX truncation! */
}
pam_err = pam_acct_mgmt(pamh, 0);
}
if (pam_err != PAM_SUCCESS) {
syslog(LOG_INFO|LOG_AUTH,
"%s@%s as %s: permission denied (%s). cmd='%.80s'",
ruser, rhost, luser, pam_strerror(pamh, pam_err), cmdbuf);
rshd_errx(1, "Login incorrect.");
}
#endif
setpwent();
pwd = getpwnam(luser);
if (pwd == NULL) {
syslog(LOG_INFO|LOG_AUTH,
"%s@%s as %s: unknown login. cmd='%.80s'",
ruser, rhost, luser, cmdbuf);
if (errorstr == NULL)
errorstr = "Login incorrect.";
rshd_errx(1, errorstr, rhost);
}
#ifndef __APPLE__
lc = login_getpwclass(pwd);
if (pwd->pw_uid)
auth_checknologin(lc);
#endif
if (chdir(pwd->pw_dir) < 0) {
if (chdir("/") < 0 ||
#ifndef __APPLE__
login_getcapbool(lc, "requirehome", !!pwd->pw_uid)) {
#else
0) {
#endif /* __APPLE__ */
#ifdef notdef
syslog(LOG_INFO|LOG_AUTH,
"%s@%s as %s: no home directory. cmd='%.80s'",
ruser, rhost, luser, cmdbuf);
rshd_errx(0, "No remote home directory.");
#endif
}
pwd->pw_dir = slash;
}
#if defined(KERBEROS)
if (use_kerberos) {
if (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0') {
if (kuserok(kdata, luser) != 0) {
syslog(LOG_INFO|LOG_AUTH,
"Kerberos rsh denied to %s.%s@%s",
kdata->pname, kdata->pinst, kdata->prealm);
error("Permission denied.\n");
exit(1);
}
}
} else
#endif
#ifdef __APPLE__
if (errorstr ||
(pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' &&
iruserok(((struct sockaddr_in *)fromp)->sin_addr.s_addr,
#if TARGET_OS_EMBEDDED
// rdar://problem/5381734
0,
#else
pwd->pw_uid == 0,
#endif
ruser, luser) < 0)) {
if (__rcmd_errstr)
syslog(LOG_INFO|LOG_AUTH,
"%s@%s as %s: permission denied (%s). cmd='%.80s'",
ruser, rhost, luser, __rcmd_errstr,
cmdbuf);
else
syslog(LOG_INFO|LOG_AUTH,
"%s@%s as %s: permission denied. cmd='%.80s'",
ruser, rhost, luser, cmdbuf);
if (errorstr == NULL)
errorstr = "Permission denied.";
rshd_errx(1, errorstr, errorhost);
}
if (pwd->pw_uid && !access(_PATH_NOLOGIN, F_OK)) {
rshd_errx(1, "Logins currently disabled.");
}
#else
if (lc != NULL && fromp->sa_family == AF_INET) { /*XXX*/
char remote_ip[MAXHOSTNAMELEN];
strncpy(remote_ip, numericname,
sizeof(remote_ip) - 1);
remote_ip[sizeof(remote_ip) - 1] = 0;
/* XXX truncation! */
if (!auth_hostok(lc, rhost, remote_ip)) {
syslog(LOG_INFO|LOG_AUTH,
"%s@%s as %s: permission denied (%s). cmd='%.80s'",
ruser, rhost, luser, __rcmd_errstr,
cmdbuf);
rshd_errx(1, "Login incorrect.");
}
if (!auth_timeok(lc, time(NULL)))
rshd_errx(1, "Logins not available right now");
}
/*
* PAM modules might add supplementary groups in
* pam_setcred(), so initialize them first.
* But we need to open the session as root.
*/
if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETGROUP) != 0) {
syslog(LOG_ERR, "setusercontext: %m");
exit(1);
}
#endif /* !__APPLE__ */
#if !TARGET_OS_EMBEDDED
if ((pam_err = pam_open_session(pamh, 0)) != PAM_SUCCESS) {
syslog(LOG_ERR, "pam_open_session: %s", pam_strerror(pamh, pam_err));
} else if ((pam_err = pam_setcred(pamh, PAM_ESTABLISH_CRED)) != PAM_SUCCESS) {
syslog(LOG_ERR, "pam_setcred: %s", pam_strerror(pamh, pam_err));
}
#endif
(void) write(STDERR_FILENO, "\0", 1);
sent_null = 1;
if (port) {
if (pipe(pv) < 0)
rshd_errx(1, "Can't make pipe.");
#if defined(KERBEROS) && defined(CRYPT)
if (doencrypt) {
if (pipe(pv1) < 0)
rshd_errx(1, "Can't make 2nd pipe.");
if (pipe(pv2) < 0)
rshd_errx(1, "Can't make 3rd pipe.");
}
#endif /* KERBEROS && CRYPT */
pid = fork();
if (pid == -1)
rshd_errx(1, "Can't fork; try again.");
if (pid) {
#if defined(KERBEROS) && defined(CRYPT)
if (doencrypt) {
static char msg[] = SECURE_MESSAGE;
(void) close(pv1[1]);
(void) close(pv2[1]);
des_write(s, msg, sizeof(msg) - 1);
} else
#endif /* KERBEROS && CRYPT */
(void) close(0);
(void) close(1);
(void) close(2);
(void) close(pv[1]);
FD_ZERO(&readfrom);
FD_SET(s, &readfrom);
FD_SET(pv[0], &readfrom);
if (pv[0] > s)
nfd = pv[0];
else
nfd = s;
#if defined(KERBEROS) && defined(CRYPT)
if (doencrypt) {
FD_ZERO(&writeto);
FD_SET(pv2[0], &writeto);
FD_SET(pv1[0], &readfrom);
nfd = MAX(nfd, pv2[0]);
nfd = MAX(nfd, pv1[0]);
} else
#endif /* KERBEROS && CRYPT */
ioctl(pv[0], FIONBIO, (char *)&one);
/* should set s nbio! */
nfd++;
do {
ready = readfrom;
#if defined(KERBEROS) && defined(CRYPT)
if (doencrypt) {
wready = writeto;
if (select(nfd, &ready,
&wready, (fd_set *) 0,
(struct timeval *) 0) < 0)
break;
} else
#endif /* KERBEROS && CRYPT */
if (select(nfd, &ready, (fd_set *)0,
(fd_set *)0, (struct timeval *)0) < 0)
break;
if (FD_ISSET(s, &ready)) {
int ret;
#if defined(KERBEROS) && defined(CRYPT)
if (doencrypt)
ret = des_read(s, &sig, 1);
else
#endif /* KERBEROS && CRYPT */
ret = read(s, &sig, 1);
if (ret <= 0)
FD_CLR(s, &readfrom);
else
killpg(pid, sig);
}
if (FD_ISSET(pv[0], &ready)) {
errno = 0;
cc = read(pv[0], buf, sizeof(buf));
if (cc <= 0) {
shutdown(s, SHUT_RDWR);
FD_CLR(pv[0], &readfrom);
} else {
#if defined(KERBEROS) && defined(CRYPT)
if (doencrypt)
(void)
des_write(s, buf, cc);
else
#endif /* KERBEROS && CRYPT */
(void)write(s, buf, cc);
}
}
#if defined(KERBEROS) && defined(CRYPT)
if (doencrypt && FD_ISSET(pv1[0], &ready)) {
errno = 0;
cc = read(pv1[0], buf, sizeof(buf));
if (cc <= 0) {
shutdown(pv1[0], 1+1);
FD_CLR(pv1[0], &readfrom);
} else
(void) des_write(STDOUT_FILENO,
buf, cc);
}
if (doencrypt && FD_ISSET(pv2[0], &wready)) {
errno = 0;
cc = des_read(STDIN_FILENO,
buf, sizeof(buf));
if (cc <= 0) {
shutdown(pv2[0], 1+1);
FD_CLR(pv2[0], &writeto);
} else
(void) write(pv2[0], buf, cc);
}
#endif /* KERBEROS && CRYPT */
} while (FD_ISSET(s, &readfrom) ||
#if defined(KERBEROS) && defined(CRYPT)
(doencrypt && FD_ISSET(pv1[0], &readfrom)) ||
#endif /* KERBEROS && CRYPT */
FD_ISSET(pv[0], &readfrom));
#if !TARGET_OS_EMBEDDED
PAM_END;
#endif
exit(0);
}
#ifdef __APPLE__
// rdar://problem/4485794
setpgid(0, getpid());
#endif
(void) close(s);
(void) close(pv[0]);
#if defined(KERBEROS) && defined(CRYPT)
if (doencrypt) {
close(pv1[0]); close(pv2[0]);
dup2(pv1[1], 1);
dup2(pv2[1], 0);
close(pv1[1]);
close(pv2[1]);
}
#endif /* KERBEROS && CRYPT */
dup2(pv[1], 2);
close(pv[1]);
}
#ifndef __APPLE__
else {
pid = fork();
if (pid == -1)
rshd_errx(1, "Can't fork; try again.");
if (pid) {
/* Parent. */
while (wait(NULL) > 0 || errno == EINTR)
/* nothing */ ;
PAM_END;
exit(0);
}
}
#endif
for (fd = getdtablesize(); fd > 2; fd--) {
#ifdef __APPLE__
(void) fcntl(fd, F_SETFD, FD_CLOEXEC);
#else
(void) close(fd);
#endif
}
if (setsid() == -1)
syslog(LOG_ERR, "setsid() failed: %m");
if (setlogin(pwd->pw_name) < 0)
syslog(LOG_ERR, "setlogin() failed: %m");
if (*pwd->pw_shell == '\0')
pwd->pw_shell = bshell;
#ifdef __APPLE__
(void) setgid((gid_t)pwd->pw_gid);
initgroups(pwd->pw_name, pwd->pw_gid);
(void) setuid((uid_t)pwd->pw_uid);
environ = envinit;
strncat(homedir, pwd->pw_dir, sizeof(homedir)-6);
strcat(path, _PATH_DEFPATH);
strncat(shell, pwd->pw_shell, sizeof(shell)-7);
strncat(username, pwd->pw_name, sizeof(username)-6);
#endif
#if !TARGET_OS_EMBEDDED
(void) pam_setenv(pamh, "HOME", pwd->pw_dir, 1);
(void) pam_setenv(pamh, "SHELL", pwd->pw_shell, 1);
(void) pam_setenv(pamh, "USER", pwd->pw_name, 1);
(void) pam_setenv(pamh, "PATH", _PATH_DEFPATH, 1);
environ = pam_getenvlist(pamh);
(void) pam_end(pamh, pam_err);
#endif
cp = strrchr(pwd->pw_shell, '/');
if (cp)
cp++;
else
cp = pwd->pw_shell;
#ifndef __APPLE__
if (setusercontext(lc, pwd, pwd->pw_uid,
LOGIN_SETALL & ~LOGIN_SETGROUP) < 0) {
syslog(LOG_ERR, "setusercontext(): %m");
exit(1);
}
login_close(lc);
#endif
endpwent();
if (log_success || pwd->pw_uid == 0) {
#if defined(KERBEROS)
if (use_kerberos)
syslog(LOG_INFO|LOG_AUTH,
"Kerberos shell from %s.%s@%s on %s as %s, cmd='%.80s'",
kdata->pname, kdata->pinst, kdata->prealm,
hostname, luser, cmdbuf);
else
#endif /* KERBEROS */
syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: cmd='%.80s'",
ruser, rhost, luser, cmdbuf);
}
execl(pwd->pw_shell, cp, "-c", cmdbuf, (char *)NULL);
err(1, "%s", pwd->pw_shell);
exit(1);
}
int main(int argc, char **argv)
{
int devnull_fd = -1;
#ifdef TIOCNOTTY
int tty_fd = -1;
#endif
#ifdef HAVE_PAM
pam_handle_t *pamh = NULL;
int pamr;
const char *const *pamenv = NULL;
#endif
int opt;
bool start = false;
bool stop = false;
bool oknodo = false;
bool test = false;
char *exec = NULL;
char *startas = NULL;
char *name = NULL;
char *pidfile = NULL;
char *retry = NULL;
int sig = -1;
int nicelevel = 0, ionicec = -1, ioniced = 0;
bool background = false;
bool makepidfile = false;
bool interpreted = false;
bool progress = false;
uid_t uid = 0;
gid_t gid = 0;
char *home = NULL;
int tid = 0;
char *redirect_stderr = NULL;
char *redirect_stdout = NULL;
int stdin_fd;
int stdout_fd;
int stderr_fd;
pid_t pid, spid;
int i;
char *svcname = getenv("RC_SVCNAME");
RC_STRINGLIST *env_list;
RC_STRING *env;
char *tmp, *newpath, *np;
char *p;
char *token;
char exec_file[PATH_MAX];
struct passwd *pw;
struct group *gr;
char line[130];
FILE *fp;
size_t len;
mode_t numask = 022;
char **margv;
unsigned int start_wait = 0;
applet = basename_c(argv[0]);
TAILQ_INIT(&schedule);
#ifdef DEBUG_MEMORY
atexit(cleanup);
#endif
signal_setup(SIGINT, handle_signal);
signal_setup(SIGQUIT, handle_signal);
signal_setup(SIGTERM, handle_signal);
if ((tmp = getenv("SSD_NICELEVEL")))
if (sscanf(tmp, "%d", &nicelevel) != 1)
eerror("%s: invalid nice level `%s' (SSD_NICELEVEL)",
applet, tmp);
/* Get our user name and initial dir */
p = getenv("USER");
home = getenv("HOME");
if (home == NULL || p == NULL) {
pw = getpwuid(getuid());
if (pw != NULL) {
if (p == NULL)
setenv("USER", pw->pw_name, 1);
if (home == NULL) {
setenv("HOME", pw->pw_dir, 1);
home = pw->pw_dir;
}
}
}
while ((opt = getopt_long(argc, argv, getoptstring, longopts,
(int *) 0)) != -1)
switch (opt) {
case 'I': /* --ionice */
if (sscanf(optarg, "%d:%d", &ionicec, &ioniced) == 0)
eerrorx("%s: invalid ionice `%s'",
applet, optarg);
if (ionicec == 0)
ioniced = 0;
else if (ionicec == 3)
ioniced = 7;
ionicec <<= 13; /* class shift */
break;
case 'K': /* --stop */
stop = true;
break;
case 'N': /* --nice */
if (sscanf(optarg, "%d", &nicelevel) != 1)
eerrorx("%s: invalid nice level `%s'",
applet, optarg);
break;
case 'P': /* --progress */
progress = true;
break;
case 'R': /* --retry <schedule>|<timeout> */
retry = optarg;
break;
case 'S': /* --start */
start = true;
break;
case 'b': /* --background */
background = true;
break;
case 'c': /* --chuid <username>|<uid> */
/* DEPRECATED */
ewarn("WARNING: -c/--chuid is deprecated and will be removed in the future, please use -u/--user instead");
case 'u': /* --user <username>|<uid> */
{
p = optarg;
tmp = strsep(&p, ":");
changeuser = xstrdup(tmp);
if (sscanf(tmp, "%d", &tid) != 1)
pw = getpwnam(tmp);
else
pw = getpwuid((uid_t)tid);
if (pw == NULL)
eerrorx("%s: user `%s' not found",
applet, tmp);
uid = pw->pw_uid;
home = pw->pw_dir;
unsetenv("HOME");
if (pw->pw_dir)
setenv("HOME", pw->pw_dir, 1);
unsetenv("USER");
if (pw->pw_name)
setenv("USER", pw->pw_name, 1);
if (gid == 0)
gid = pw->pw_gid;
if (p) {
tmp = strsep (&p, ":");
if (sscanf(tmp, "%d", &tid) != 1)
gr = getgrnam(tmp);
else
gr = getgrgid((gid_t) tid);
if (gr == NULL)
eerrorx("%s: group `%s'"
" not found",
applet, tmp);
gid = gr->gr_gid;
}
}
break;
case 'd': /* --chdir /new/dir */
ch_dir = optarg;
break;
case 'e': /* --env */
putenv(optarg);
break;
case 'g': /* --group <group>|<gid> */
if (sscanf(optarg, "%d", &tid) != 1)
gr = getgrnam(optarg);
else
gr = getgrgid((gid_t)tid);
if (gr == NULL)
eerrorx("%s: group `%s' not found",
applet, optarg);
gid = gr->gr_gid;
break;
case 'i': /* --interpreted */
interpreted = true;
break;
case 'k':
if (parse_mode(&numask, optarg))
eerrorx("%s: invalid mode `%s'",
applet, optarg);
break;
case 'm': /* --make-pidfile */
makepidfile = true;
break;
case 'n': /* --name <process-name> */
name = optarg;
break;
case 'o': /* --oknodo */
/* DEPRECATED */
ewarn("WARNING: -o/--oknodo is deprecated and will be removed in the future");
oknodo = true;
break;
case 'p': /* --pidfile <pid-file> */
pidfile = optarg;
break;
case 's': /* --signal <signal> */
sig = parse_signal(optarg);
break;
case 't': /* --test */
test = true;
break;
case 'r': /* --chroot /new/root */
ch_root = optarg;
break;
case 'a': /* --startas <name> */
/* DEPRECATED */
ewarn("WARNING: -a/--startas is deprecated and will be removed in the future, please use -x/--exec or -n/--name instead");
startas = optarg;
break;
case 'w':
if (sscanf(optarg, "%d", &start_wait) != 1)
eerrorx("%s: `%s' not a number",
applet, optarg);
break;
case 'x': /* --exec <executable> */
exec = optarg;
break;
case '1': /* --stdout /path/to/stdout.lgfile */
redirect_stdout = optarg;
break;
case '2': /* --stderr /path/to/stderr.logfile */
redirect_stderr = optarg;
break;
case_RC_COMMON_GETOPT
}
endpwent();
argc -= optind;
argv += optind;
/* Allow start-stop-daemon --signal HUP --exec /usr/sbin/dnsmasq
* instead of forcing --stop --oknodo as well */
if (!start &&
!stop &&
sig != SIGINT &&
sig != SIGTERM &&
sig != SIGQUIT &&
sig != SIGKILL)
oknodo = true;
if (!exec)
exec = startas;
else if (!name)
name = startas;
if (!exec) {
exec = *argv;
if (!exec)
exec = name;
if (name && start)
*argv = name;
} else if (name) {
*--argv = name;
++argc;
} else if (exec) {
*--argv = exec;
++argc;
};
if (stop || sig != -1) {
if (sig == -1)
sig = SIGTERM;
if (!*argv && !pidfile && !name && !uid)
eerrorx("%s: --stop needs --exec, --pidfile,"
" --name or --user", applet);
if (background)
eerrorx("%s: --background is only relevant with"
" --start", applet);
if (makepidfile)
eerrorx("%s: --make-pidfile is only relevant with"
" --start", applet);
if (redirect_stdout || redirect_stderr)
eerrorx("%s: --stdout and --stderr are only relevant"
" with --start", applet);
} else {
if (!exec)
eerrorx("%s: nothing to start", applet);
if (makepidfile && !pidfile)
eerrorx("%s: --make-pidfile is only relevant with"
" --pidfile", applet);
if ((redirect_stdout || redirect_stderr) && !background)
eerrorx("%s: --stdout and --stderr are only relevant"
" with --background", applet);
}
/* Expand ~ */
if (ch_dir && *ch_dir == '~')
ch_dir = expand_home(home, ch_dir);
if (ch_root && *ch_root == '~')
ch_root = expand_home(home, ch_root);
if (exec) {
if (*exec == '~')
exec = expand_home(home, exec);
/* Validate that the binary exists if we are starting */
if (*exec == '/' || *exec == '.') {
/* Full or relative path */
if (ch_root)
snprintf(exec_file, sizeof(exec_file),
"%s/%s", ch_root, exec);
else
snprintf(exec_file, sizeof(exec_file),
"%s", exec);
} else {
/* Something in $PATH */
p = tmp = xstrdup(getenv("PATH"));
*exec_file = '\0';
while ((token = strsep(&p, ":"))) {
if (ch_root)
snprintf(exec_file, sizeof(exec_file),
"%s/%s/%s",
ch_root, token, exec);
else
snprintf(exec_file, sizeof(exec_file),
"%s/%s", token, exec);
if (exists(exec_file))
break;
*exec_file = '\0';
}
free(tmp);
}
}
if (start && !exists(exec_file)) {
eerror("%s: %s does not exist", applet,
*exec_file ? exec_file : exec);
exit(EXIT_FAILURE);
}
/* If we don't have a pidfile we should check if it's interpreted
* or not. If it we, we need to pass the interpreter through
* to our daemon calls to find it correctly. */
if (interpreted && !pidfile) {
fp = fopen(exec_file, "r");
if (fp) {
p = fgets(line, sizeof(line), fp);
fclose(fp);
if (p != NULL && line[0] == '#' && line[1] == '!') {
p = line + 2;
/* Strip leading spaces */
while (*p == ' ' || *p == '\t')
p++;
/* Remove the trailing newline */
len = strlen(p) - 1;
if (p[len] == '\n')
p[len] = '\0';
token = strsep(&p, " ");
strncpy(exec_file, token, sizeof(exec_file));
opt = 0;
for (nav = argv; *nav; nav++)
opt++;
nav = xmalloc(sizeof(char *) * (opt + 3));
nav[0] = exec_file;
len = 1;
if (p)
nav[len++] = p;
for (i = 0; i < opt; i++)
nav[i + len] = argv[i];
nav[i + len] = '\0';
}
}
}
margv = nav ? nav : argv;
if (stop || sig != -1) {
if (sig == -1)
sig = SIGTERM;
if (!stop)
oknodo = true;
if (retry)
parse_schedule(retry, sig);
else if (test || oknodo)
parse_schedule("0", sig);
else
parse_schedule(NULL, sig);
i = run_stop_schedule(exec, (const char *const *)margv,
pidfile, uid, test, progress);
if (i < 0)
/* We failed to stop something */
exit(EXIT_FAILURE);
if (test || oknodo)
return i > 0 ? EXIT_SUCCESS : EXIT_FAILURE;
/* Even if we have not actually killed anything, we should
* remove information about it as it may have unexpectedly
* crashed out. We should also return success as the end
* result would be the same. */
if (pidfile && exists(pidfile))
unlink(pidfile);
if (svcname)
rc_service_daemon_set(svcname, exec,
(const char *const *)argv,
pidfile, false);
exit(EXIT_SUCCESS);
}
if (pidfile)
pid = get_pid(pidfile);
else
pid = 0;
if (do_stop(exec, (const char * const *)margv, pid, uid,
0, test) > 0)
eerrorx("%s: %s is already running", applet, exec);
if (test) {
if (rc_yesno(getenv("EINFO_QUIET")))
exit (EXIT_SUCCESS);
einfon("Would start");
while (argc-- > 0)
printf(" %s", *argv++);
printf("\n");
eindent();
if (uid != 0)
einfo("as user id %d", uid);
if (gid != 0)
einfo("as group id %d", gid);
if (ch_root)
einfo("in root `%s'", ch_root);
if (ch_dir)
einfo("in dir `%s'", ch_dir);
if (nicelevel != 0)
einfo("with a priority of %d", nicelevel);
if (name)
einfo ("with a process name of %s", name);
eoutdent();
exit(EXIT_SUCCESS);
}
ebeginv("Detaching to start `%s'", exec);
eindentv();
/* Remove existing pidfile */
if (pidfile)
unlink(pidfile);
if (background)
signal_setup(SIGCHLD, handle_signal);
if ((pid = fork()) == -1)
eerrorx("%s: fork: %s", applet, strerror(errno));
/* Child process - lets go! */
if (pid == 0) {
pid_t mypid = getpid();
umask(numask);
#ifdef TIOCNOTTY
tty_fd = open("/dev/tty", O_RDWR);
#endif
devnull_fd = open("/dev/null", O_RDWR);
if (nicelevel) {
if (setpriority(PRIO_PROCESS, mypid, nicelevel) == -1)
eerrorx("%s: setpritory %d: %s",
applet, nicelevel,
strerror(errno));
}
if (ionicec != -1 &&
ioprio_set(1, mypid, ionicec | ioniced) == -1)
eerrorx("%s: ioprio_set %d %d: %s", applet,
ionicec, ioniced, strerror(errno));
if (ch_root && chroot(ch_root) < 0)
eerrorx("%s: chroot `%s': %s",
applet, ch_root, strerror(errno));
if (ch_dir && chdir(ch_dir) < 0)
eerrorx("%s: chdir `%s': %s",
applet, ch_dir, strerror(errno));
if (makepidfile && pidfile) {
fp = fopen(pidfile, "w");
if (! fp)
eerrorx("%s: fopen `%s': %s", applet, pidfile,
strerror(errno));
fprintf(fp, "%d\n", mypid);
fclose(fp);
}
#ifdef HAVE_PAM
if (changeuser != NULL) {
pamr = pam_start("start-stop-daemon",
changeuser, &conv, &pamh);
if (pamr == PAM_SUCCESS)
pamr = pam_acct_mgmt(pamh, PAM_SILENT);
if (pamr == PAM_SUCCESS)
pamr = pam_open_session(pamh, PAM_SILENT);
if (pamr != PAM_SUCCESS)
eerrorx("%s: pam error: %s",
applet, pam_strerror(pamh, pamr));
}
#endif
if (gid && setgid(gid))
eerrorx("%s: unable to set groupid to %d",
applet, gid);
if (changeuser && initgroups(changeuser, gid))
eerrorx("%s: initgroups (%s, %d)",
applet, changeuser, gid);
if (uid && setuid(uid))
eerrorx ("%s: unable to set userid to %d",
applet, uid);
/* Close any fd's to the passwd database */
endpwent();
#ifdef TIOCNOTTY
ioctl(tty_fd, TIOCNOTTY, 0);
close(tty_fd);
#endif
/* Clean the environment of any RC_ variables */
env_list = rc_stringlist_new();
i = 0;
while (environ[i])
rc_stringlist_add(env_list, environ[i++]);
#ifdef HAVE_PAM
if (changeuser != NULL) {
pamenv = (const char *const *)pam_getenvlist(pamh);
if (pamenv) {
while (*pamenv) {
/* Don't add strings unless they set a var */
if (strchr(*pamenv, '='))
putenv(xstrdup(*pamenv));
else
unsetenv(*pamenv);
pamenv++;
}
}
}
#endif
TAILQ_FOREACH(env, env_list, entries) {
if ((strncmp(env->value, "RC_", 3) == 0 &&
strncmp(env->value, "RC_SERVICE=", 10) != 0 &&
strncmp(env->value, "RC_SVCNAME=", 10) != 0) ||
strncmp(env->value, "SSD_NICELEVEL=", 14) == 0)
{
p = strchr(env->value, '=');
*p = '\0';
unsetenv(env->value);
continue;
}
}
rc_stringlist_free(env_list);
/* For the path, remove the rcscript bin dir from it */
if ((token = getenv("PATH"))) {
len = strlen(token);
newpath = np = xmalloc(len + 1);
while (token && *token) {
p = strchr(token, ':');
if (p) {
*p++ = '\0';
while (*p == ':')
p++;
}
if (strcmp(token, RC_LIBEXECDIR "/bin") != 0 &&
strcmp(token, RC_LIBEXECDIR "/sbin") != 0)
{
len = strlen(token);
if (np != newpath)
*np++ = ':';
memcpy(np, token, len);
np += len;
}
token = p;
}
*np = '\0';
unsetenv("PATH");
setenv("PATH", newpath, 1);
}
stdin_fd = devnull_fd;
stdout_fd = devnull_fd;
stderr_fd = devnull_fd;
if (redirect_stdout) {
if ((stdout_fd = open(redirect_stdout,
O_WRONLY | O_CREAT | O_APPEND,
S_IRUSR | S_IWUSR)) == -1)
eerrorx("%s: unable to open the logfile"
" for stdout `%s': %s",
applet, redirect_stdout, strerror(errno));
}
if (redirect_stderr) {
if ((stderr_fd = open(redirect_stderr,
O_WRONLY | O_CREAT | O_APPEND,
S_IRUSR | S_IWUSR)) == -1)
eerrorx("%s: unable to open the logfile"
" for stderr `%s': %s",
applet, redirect_stderr, strerror(errno));
}
if (background)
dup2(stdin_fd, STDIN_FILENO);
if (background || redirect_stdout || rc_yesno(getenv("EINFO_QUIET")))
dup2(stdout_fd, STDOUT_FILENO);
if (background || redirect_stderr || rc_yesno(getenv("EINFO_QUIET")))
dup2(stderr_fd, STDERR_FILENO);
for (i = getdtablesize() - 1; i >= 3; --i)
close(i);
setsid();
execvp(exec, argv);
#ifdef HAVE_PAM
if (changeuser != NULL && pamr == PAM_SUCCESS)
pam_close_session(pamh, PAM_SILENT);
#endif
eerrorx("%s: failed to exec `%s': %s",
applet, exec,strerror(errno));
}
void
doit(struct sockaddr *fromp)
{
extern char *__rcmd_errstr; /* syslog hook from libc/net/rcmd.c. */
struct passwd *pwd;
u_short port;
fd_set ready, readfrom;
int cc, fd, nfd, pv[2], pid, s;
int one = 1;
const char *cp, *errorstr;
char sig, buf[BUFSIZ];
char *cmdbuf, luser[16], ruser[16];
char rhost[2 * MAXHOSTNAMELEN + 1];
char numericname[INET6_ADDRSTRLEN];
int af, srcport;
int maxcmdlen;
login_cap_t *lc;
maxcmdlen = (int)sysconf(_SC_ARG_MAX);
if (maxcmdlen <= 0 || (cmdbuf = malloc(maxcmdlen)) == NULL)
exit(1);
(void) signal(SIGINT, SIG_DFL);
(void) signal(SIGQUIT, SIG_DFL);
(void) signal(SIGTERM, SIG_DFL);
af = fromp->sa_family;
srcport = ntohs(*((in_port_t *)&fromp->sa_data));
if (af == AF_INET) {
inet_ntop(af, &((struct sockaddr_in *)fromp)->sin_addr,
numericname, sizeof numericname);
} else if (af == AF_INET6) {
inet_ntop(af, &((struct sockaddr_in6 *)fromp)->sin6_addr,
numericname, sizeof numericname);
} else {
syslog(LOG_ERR, "malformed \"from\" address (af %d)", af);
exit(1);
}
#ifdef IP_OPTIONS
if (af == AF_INET) {
u_char optbuf[BUFSIZ/3];
socklen_t optsize = sizeof(optbuf), ipproto, i;
struct protoent *ip;
if ((ip = getprotobyname("ip")) != NULL)
ipproto = ip->p_proto;
else
ipproto = IPPROTO_IP;
if (!getsockopt(0, ipproto, IP_OPTIONS, optbuf, &optsize) &&
optsize != 0) {
for (i = 0; i < optsize; ) {
u_char c = optbuf[i];
if (c == IPOPT_LSRR || c == IPOPT_SSRR) {
syslog(LOG_NOTICE,
"connection refused from %s with IP option %s",
numericname,
c == IPOPT_LSRR ? "LSRR" : "SSRR");
exit(1);
}
if (c == IPOPT_EOL)
break;
i += (c == IPOPT_NOP) ? 1 : optbuf[i+1];
}
}
}
#endif
if (srcport >= IPPORT_RESERVED ||
srcport < IPPORT_RESERVED/2) {
syslog(LOG_NOTICE|LOG_AUTH,
"connection from %s on illegal port %u",
numericname,
srcport);
exit(1);
}
(void) alarm(60);
port = 0;
s = 0; /* not set or used if port == 0 */
for (;;) {
char c;
if ((cc = read(STDIN_FILENO, &c, 1)) != 1) {
if (cc < 0)
syslog(LOG_NOTICE, "read: %m");
shutdown(0, SHUT_RDWR);
exit(1);
}
if (c == 0)
break;
port = port * 10 + c - '0';
}
(void) alarm(0);
if (port != 0) {
int lport = IPPORT_RESERVED - 1;
s = rresvport_af(&lport, af);
if (s < 0) {
syslog(LOG_ERR, "can't get stderr port: %m");
exit(1);
}
if (port >= IPPORT_RESERVED ||
port < IPPORT_RESERVED/2) {
syslog(LOG_NOTICE|LOG_AUTH,
"2nd socket from %s on unreserved port %u",
numericname,
port);
exit(1);
}
*((in_port_t *)&fromp->sa_data) = htons(port);
if (connect(s, fromp, fromp->sa_len) < 0) {
syslog(LOG_INFO, "connect second port %d: %m", port);
exit(1);
}
}
errorstr = NULL;
realhostname_sa(rhost, sizeof(rhost) - 1, fromp, fromp->sa_len);
rhost[sizeof(rhost) - 1] = '\0';
/* XXX truncation! */
(void) alarm(60);
getstr(ruser, sizeof(ruser), "ruser");
getstr(luser, sizeof(luser), "luser");
getstr(cmdbuf, maxcmdlen, "command");
(void) alarm(0);
pam_err = pam_start("rsh", luser, &pamc, &pamh);
if (pam_err != PAM_SUCCESS) {
syslog(LOG_ERR|LOG_AUTH, "pam_start(): %s",
pam_strerror(pamh, pam_err));
rshd_errx(1, "Login incorrect.");
}
if ((pam_err = pam_set_item(pamh, PAM_RUSER, ruser)) != PAM_SUCCESS ||
(pam_err = pam_set_item(pamh, PAM_RHOST, rhost)) != PAM_SUCCESS) {
syslog(LOG_ERR|LOG_AUTH, "pam_set_item(): %s",
pam_strerror(pamh, pam_err));
rshd_errx(1, "Login incorrect.");
}
pam_err = pam_authenticate(pamh, 0);
if (pam_err == PAM_SUCCESS) {
if ((pam_err = pam_get_user(pamh, &cp, NULL)) == PAM_SUCCESS) {
strncpy(luser, cp, sizeof(luser));
luser[sizeof(luser) - 1] = '\0';
/* XXX truncation! */
}
pam_err = pam_acct_mgmt(pamh, 0);
}
if (pam_err != PAM_SUCCESS) {
syslog(LOG_INFO|LOG_AUTH,
"%s@%s as %s: permission denied (%s). cmd='%.80s'",
ruser, rhost, luser, pam_strerror(pamh, pam_err), cmdbuf);
rshd_errx(1, "Login incorrect.");
}
setpwent();
pwd = getpwnam(luser);
if (pwd == NULL) {
syslog(LOG_INFO|LOG_AUTH,
"%s@%s as %s: unknown login. cmd='%.80s'",
ruser, rhost, luser, cmdbuf);
if (errorstr == NULL)
errorstr = "Login incorrect.";
rshd_errx(1, errorstr, rhost);
}
lc = login_getpwclass(pwd);
if (pwd->pw_uid)
auth_checknologin(lc);
if (chdir(pwd->pw_dir) < 0) {
if (chdir("/") < 0 ||
login_getcapbool(lc, "requirehome", !!pwd->pw_uid)) {
syslog(LOG_INFO|LOG_AUTH,
"%s@%s as %s: no home directory. cmd='%.80s'",
ruser, rhost, luser, cmdbuf);
rshd_errx(0, "No remote home directory.");
}
pwd->pw_dir = slash;
}
if (lc != NULL && fromp->sa_family == AF_INET) { /*XXX*/
char remote_ip[MAXHOSTNAMELEN];
strncpy(remote_ip, numericname,
sizeof(remote_ip) - 1);
remote_ip[sizeof(remote_ip) - 1] = 0;
/* XXX truncation! */
if (!auth_hostok(lc, rhost, remote_ip)) {
syslog(LOG_INFO|LOG_AUTH,
"%s@%s as %s: permission denied (%s). cmd='%.80s'",
ruser, rhost, luser, __rcmd_errstr,
cmdbuf);
rshd_errx(1, "Login incorrect.");
}
if (!auth_timeok(lc, time(NULL)))
rshd_errx(1, "Logins not available right now");
}
/*
* PAM modules might add supplementary groups in
* pam_setcred(), so initialize them first.
* But we need to open the session as root.
*/
if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETGROUP) != 0) {
syslog(LOG_ERR, "setusercontext: %m");
exit(1);
}
if ((pam_err = pam_open_session(pamh, 0)) != PAM_SUCCESS) {
syslog(LOG_ERR, "pam_open_session: %s", pam_strerror(pamh, pam_err));
} else if ((pam_err = pam_setcred(pamh, PAM_ESTABLISH_CRED)) != PAM_SUCCESS) {
syslog(LOG_ERR, "pam_setcred: %s", pam_strerror(pamh, pam_err));
}
(void) write(STDERR_FILENO, "\0", 1);
sent_null = 1;
if (port) {
if (pipe(pv) < 0)
rshd_errx(1, "Can't make pipe.");
pid = fork();
if (pid == -1)
rshd_errx(1, "Can't fork; try again.");
if (pid) {
(void) close(0);
(void) close(1);
(void) close(2);
(void) close(pv[1]);
FD_ZERO(&readfrom);
FD_SET(s, &readfrom);
FD_SET(pv[0], &readfrom);
if (pv[0] > s)
nfd = pv[0];
else
nfd = s;
ioctl(pv[0], FIONBIO, (char *)&one);
/* should set s nbio! */
nfd++;
do {
ready = readfrom;
if (select(nfd, &ready, (fd_set *)0,
(fd_set *)0, (struct timeval *)0) < 0)
break;
if (FD_ISSET(s, &ready)) {
int ret;
ret = read(s, &sig, 1);
if (ret <= 0)
FD_CLR(s, &readfrom);
else
killpg(pid, sig);
}
if (FD_ISSET(pv[0], &ready)) {
errno = 0;
cc = read(pv[0], buf, sizeof(buf));
if (cc <= 0) {
shutdown(s, SHUT_RDWR);
FD_CLR(pv[0], &readfrom);
} else {
(void)write(s, buf, cc);
}
}
} while (FD_ISSET(s, &readfrom) ||
FD_ISSET(pv[0], &readfrom));
PAM_END;
exit(0);
}
(void) close(s);
(void) close(pv[0]);
dup2(pv[1], 2);
close(pv[1]);
}
else {
pid = fork();
if (pid == -1)
rshd_errx(1, "Can't fork; try again.");
if (pid) {
/* Parent. */
while (wait(NULL) > 0 || errno == EINTR)
/* nothing */ ;
PAM_END;
exit(0);
}
}
for (fd = getdtablesize(); fd > 2; fd--)
(void) close(fd);
if (setsid() == -1)
syslog(LOG_ERR, "setsid() failed: %m");
if (setlogin(pwd->pw_name) < 0)
syslog(LOG_ERR, "setlogin() failed: %m");
if (*pwd->pw_shell == '\0')
pwd->pw_shell = bshell;
(void) pam_setenv(pamh, "HOME", pwd->pw_dir, 1);
(void) pam_setenv(pamh, "SHELL", pwd->pw_shell, 1);
(void) pam_setenv(pamh, "USER", pwd->pw_name, 1);
(void) pam_setenv(pamh, "PATH", _PATH_DEFPATH, 1);
environ = pam_getenvlist(pamh);
(void) pam_end(pamh, pam_err);
cp = strrchr(pwd->pw_shell, '/');
if (cp)
cp++;
else
cp = pwd->pw_shell;
if (setusercontext(lc, pwd, pwd->pw_uid,
LOGIN_SETALL & ~LOGIN_SETGROUP) < 0) {
syslog(LOG_ERR, "setusercontext(): %m");
exit(1);
}
login_close(lc);
endpwent();
if (log_success || pwd->pw_uid == 0) {
syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: cmd='%.80s'",
ruser, rhost, luser, cmdbuf);
}
execl(pwd->pw_shell, cp, "-c", cmdbuf, (char *)NULL);
err(1, "%s", pwd->pw_shell);
exit(1);
}
int
main(int argc, char **argv)
{
int i, ret, abi_flag, pargc;
const char *user, *service, *authtok, *old_authtok, **pargv;
char **envlist;
struct passwd *pwd;
struct pam_conv conv;
pam_handle_t *pamh;
if (argc < 2) {
fprintf(stderr, "Usage: %s [flags]\n"
"\t--debug\n"
"\t--toggle-abi\n"
"\t--setservice SERVICE\n"
"\t--setuser USER\n"
"\t--setauthtok AUTHTOK\n"
"\t--setoldauthtok OLD_AUTHTOK\n"
"\t--restart\n"
"\t--run [cmd]\n"
"\t--auth [args...]\n"
"\t--open-session [args...]\n"
"\t--setcred-establish [args...]\n"
"\t--setcred-reinitialize [args...]\n"
"\t--setcred-delete [args...]\n"
"\t--close-session [args...]\n"
"\t--acct-mgmt [args...]\n"
"\t--chauthtok-prelim [args...]\n"
"\t--chauthtok-update [args...]\n",
argv[0]);
return 1;
}
pwd = getpwuid(getuid());
if (pwd == NULL) {
fprintf(stderr, "Unable to determine name of current user!\n");
return 1;
}
user = pwd->pw_name;
service = "login";
authtok = NULL;
old_authtok = NULL;
ret = 0;
pamh = NULL;
memset(&conv, 0, sizeof(conv));
conv.conv = local_conv;
abi_flag = 0;
conv.appdata_ptr = &abi_flag;
pargc = 0;
pargv = NULL;
for (i = 1; i < argc; i++) {
fflush(stdout);
if (strcmp(argv[i], "--debug") == 0) {
log_options.debug++;
continue;
}
if (strcmp(argv[i], "--toggle-abi") == 0) {
abi_flag = !abi_flag;
continue;
}
if (strcmp(argv[i], "--setservice") == 0) {
service = argv[i + 1];
i++;
continue;
}
if (strcmp(argv[i], "--setuser") == 0) {
user = argv[i + 1];
i++;
continue;
}
if (strcmp(argv[i], "--setauthtok") == 0) {
authtok = argv[i + 1];
i++;
continue;
}
if (strcmp(argv[i], "--setoldauthtok") == 0) {
old_authtok = argv[i + 1];
i++;
continue;
}
if (pamh == NULL) {
ret = pam_start(service, user, &conv, &pamh);
printf("start: %d\n", ret);
#ifdef __LINUX_PAM__
/* Linux-PAM *actively* tries to break us. */
((struct linux_pam_handle*)pamh)->caller = 1;
#endif
if (authtok != NULL) {
ret = pam_set_item(pamh, PAM_AUTHTOK, authtok);
printf("set authtok: %d%s %s\n", ret,
ret ? ":" : "",
ret ? pam_strerror(pamh, ret) : "");
}
if (old_authtok != NULL) {
ret = pam_set_item(pamh, PAM_OLDAUTHTOK,
old_authtok);
printf("set old authtok: %d%s %s\n", ret,
ret ? ":" : "",
ret ? pam_strerror(pamh, ret) : "");
}
}
if (strcmp(argv[i], "--restart") == 0) {
#ifdef __LINUX_PAM__
/* Linux-PAM *actively* tries to break us. */
((struct linux_pam_handle*)pamh)->caller = 2;
#endif
ret = pam_end(pamh, 0);
printf("end: %d\n", ret);
pamh = NULL;
ret = pam_start(service, user, &conv, &pamh);
printf("start: %d\n", ret);
#ifdef __LINUX_PAM__
/* Linux-PAM *actively* tries to break us. */
((struct linux_pam_handle*)pamh)->caller = 1;
#endif
continue;
}
if (strcmp(argv[i], "--auth") == 0) {
i += gather_args(argc, argv, i + 1, &pargc, &pargv);
ret = pam_sm_authenticate(pamh, 0, pargc, pargv);
free_args(&pargc, &pargv);
printf("authenticate: %d%s %s\n", ret,
ret ? ":" : "",
ret ? pam_strerror(pamh, ret) : "");
continue;
}
if (strcmp(argv[i], "--run") == 0) {
envlist = pam_getenvlist(pamh);
if (envlist != NULL) {
while (*envlist != NULL) {
putenv(*envlist);
envlist++;
}
}
ret = system(argv[i + 1]);
printf("run(\"%s\"): %d%s %s\n", argv[i + 1],
WEXITSTATUS(ret),
WEXITSTATUS(ret) ? ":" : "",
WEXITSTATUS(ret) ?
strerror(WEXITSTATUS(ret)) :
"");
i++;
continue;
}
if (strcmp(argv[i], "--open-session") == 0) {
i += gather_args(argc, argv, i + 1, &pargc, &pargv);
ret = pam_sm_open_session(pamh, 0, pargc, pargv);
free_args(&pargc, &pargv);
printf("open session: %d%s %s\n", ret,
ret ? ":" : "",
ret ? pam_strerror(pamh, ret) : "");
continue;
}
if (strcmp(argv[i], "--setcred-establish") == 0) {
i += gather_args(argc, argv, i + 1, &pargc, &pargv);
ret = pam_sm_setcred(pamh, PAM_ESTABLISH_CRED,
pargc, pargv);
free_args(&pargc, &pargv);
printf("setcred: %d%s %s\n", ret,
ret ? ":" : "",
ret ? pam_strerror(pamh, ret) : "");
continue;
}
if (strcmp(argv[i], "--setcred-reinitialize") == 0) {
i += gather_args(argc, argv, i + 1, &pargc, &pargv);
ret = pam_sm_setcred(pamh, PAM_REINITIALIZE_CRED,
pargc, pargv);
free_args(&pargc, &pargv);
printf("setcred: %d%s %s\n", ret,
ret ? ":" : "",
ret ? pam_strerror(pamh, ret) : "");
continue;
}
if (strcmp(argv[i], "--setcred-delete") == 0) {
i += gather_args(argc, argv, i + 1, &pargc, &pargv);
ret = pam_sm_setcred(pamh, PAM_DELETE_CRED,
pargc, pargv);
free_args(&pargc, &pargv);
printf("setcred: %d%s %s\n", ret,
ret ? ":" : "",
ret ? pam_strerror(pamh, ret) : "");
continue;
}
if (strcmp(argv[i], "--close-session") == 0) {
i += gather_args(argc, argv, i + 1, &pargc, &pargv);
ret = pam_sm_close_session(pamh, 0, pargc, pargv);
free_args(&pargc, &pargv);
printf("close session: %d%s %s\n", ret,
ret ? ":" : "",
ret ? pam_strerror(pamh, ret) : "");
continue;
}
if (strcmp(argv[i], "--acct-mgmt") == 0) {
i += gather_args(argc, argv, i + 1, &pargc, &pargv);
ret = pam_sm_acct_mgmt(pamh, 0, pargc, pargv);
free_args(&pargc, &pargv);
printf("acct mgmt: %d%s %s\n", ret,
ret ? ":" : "",
ret ? pam_strerror(pamh, ret) : "");
continue;
}
if (strcmp(argv[i], "--chauthtok-prelim") == 0) {
i += gather_args(argc, argv, i + 1, &pargc, &pargv);
ret = pam_sm_chauthtok(pamh, PAM_PRELIM_CHECK,
pargc, pargv);
free_args(&pargc, &pargv);
printf("chauthtok-prelim: %d%s %s\n", ret,
ret ? ":" : "",
ret ? pam_strerror(pamh, ret) : "");
continue;
}
if (strcmp(argv[i], "--chauthtok-update") == 0) {
i += gather_args(argc, argv, i + 1, &pargc, &pargv);
ret = pam_sm_chauthtok(pamh, PAM_UPDATE_AUTHTOK,
pargc, pargv);
free_args(&pargc, &pargv);
printf("chauthtok-update: %d%s %s\n", ret,
ret ? ":" : "",
ret ? pam_strerror(pamh, ret) : "");
continue;
}
fprintf(stderr, "Unrecognized argument: %s\n", argv[i]);
break;
}
if (pamh != NULL) {
#ifdef __LINUX_PAM__
/* Linux-PAM *actively* tries to break us. */
((struct linux_pam_handle*)pamh)->caller = 2;
#endif
ret = pam_end(pamh, 0);
printf("end: %d\n", ret);
pamh = NULL;
}
return ret;
}
int
startClient( volatile int *pid )
{
const char *home, *sessargs, *desksess;
char **env, *xma;
char **argv, *fname, *str;
#ifdef USE_PAM
char ** volatile pam_env;
# ifndef HAVE_PAM_GETENVLIST
char **saved_env;
# endif
int pretc;
#else
# ifdef _AIX
char *msg;
char **theenv;
extern char **newenv; /* from libs.a, this is set up by setpenv */
# endif
#endif
#ifdef HAVE_SETUSERCONTEXT
extern char **environ;
#endif
char *failsafeArgv[2];
char *buf, *buf2;
int i;
if (strCmp( dmrcuser, curuser )) {
if (curdmrc) { free( curdmrc ); curdmrc = 0; }
if (dmrcuser) { free( dmrcuser ); dmrcuser = 0; }
}
#if defined(USE_PAM) || defined(_AIX)
if (!(p = getpwnam( curuser ))) {
logError( "getpwnam(%s) failed.\n", curuser );
pError:
displayStr( V_MSG_ERR, 0 );
return 0;
}
#endif
#ifndef USE_PAM
# ifdef _AIX
msg = NULL;
loginsuccess( curuser, hostname, tty, &msg );
if (msg) {
debug( "loginsuccess() - %s\n", msg );
free( (void *)msg );
}
# else /* _AIX */
# if defined(KERBEROS) && defined(AFS)
if (krbtkfile[0] != '\0') {
if (k_hasafs()) {
int fail = 0;
if (k_setpag() == -1) {
logError( "setpag() for %s failed\n", curuser );
fail = 1;
}
if ((ret = k_afsklog( NULL, NULL )) != KSUCCESS) {
logError( "AFS Warning: %s\n", krb_get_err_text( ret ) );
fail = 1;
}
if (fail)
displayMsg( V_MSG_ERR,
"Warning: Problems during Kerberos4/AFS setup." );
}
}
# endif /* KERBEROS && AFS */
# endif /* _AIX */
#endif /* !PAM */
curuid = p->pw_uid;
curgid = p->pw_gid;
env = baseEnv( curuser );
xma = 0;
strApp( &xma, "method=", curtype, (char *)0 );
if (td_setup)
strApp( &xma, ",auto", (char *)0 );
if (xma) {
env = setEnv( env, "XDM_MANAGED", xma );
free( xma );
}
if (td->autoLock && cursource == PWSRC_AUTOLOGIN)
env = setEnv( env, "DESKTOP_LOCKED", "true" );
env = setEnv( env, "PATH", curuid ? td->userPath : td->systemPath );
env = setEnv( env, "SHELL", p->pw_shell );
env = setEnv( env, "HOME", p->pw_dir );
#if !defined(USE_PAM) && !defined(_AIX) && defined(KERBEROS)
if (krbtkfile[0] != '\0')
env = setEnv( env, "KRBTKFILE", krbtkfile );
#endif
userEnviron = inheritEnv( env, envvars );
env = systemEnv( curuser );
systemEnviron = setEnv( env, "HOME", p->pw_dir );
debug( "user environment:\n%[|''>'\n's"
"system environment:\n%[|''>'\n's"
"end of environments\n",
userEnviron,
systemEnviron );
/*
* for user-based authorization schemes,
* add the user to the server's allowed "hosts" list.
*/
for (i = 0; i < td->authNum; i++) {
#ifdef SECURE_RPC
if (td->authorizations[i]->name_length == 9 &&
!memcmp( td->authorizations[i]->name, "SUN-DES-1", 9 ))
{
XHostAddress addr;
char netname[MAXNETNAMELEN+1];
char domainname[MAXNETNAMELEN+1];
getdomainname( domainname, sizeof(domainname) );
user2netname( netname, curuid, domainname );
addr.family = FamilyNetname;
addr.length = strlen( netname );
addr.address = netname;
XAddHost( dpy, &addr );
}
#endif
#ifdef K5AUTH
if (td->authorizations[i]->name_length == 14 &&
!memcmp( td->authorizations[i]->name, "MIT-KERBEROS-5", 14 ))
{
/* Update server's auth file with user-specific info.
* Don't need to AddHost because X server will do that
* automatically when it reads the cache we are about
* to point it at.
*/
XauDisposeAuth( td->authorizations[i] );
td->authorizations[i] =
krb5GetAuthFor( 14, "MIT-KERBEROS-5", td->name );
saveServerAuthorizations( td, td->authorizations, td->authNum );
}
#endif
}
if (*dmrcDir)
mergeSessionArgs( TRUE );
debug( "now starting the session\n" );
#ifdef USE_PAM
# ifdef HAVE_SETUSERCONTEXT
if (setusercontext( lc, p, p->pw_uid, LOGIN_SETGROUP )) {
logError( "setusercontext(groups) for %s failed: %m\n",
curuser );
goto pError;
}
# else
if (!setGid( curuser, curgid ))
goto pError;
# endif
# ifndef HAVE_PAM_GETENVLIST
if (!(pam_env = initStrArr( 0 ))) {
resetGids();
goto pError;
}
saved_env = environ;
environ = pam_env;
# endif
removeCreds = 1; /* set it first - i don't trust PAM's rollback */
pretc = pam_setcred( pamh, 0 );
reInitErrorLog();
# ifndef HAVE_PAM_GETENVLIST
pam_env = environ;
environ = saved_env;
# endif
# ifdef HAVE_INITGROUPS
/* This seems to be a strange place for it, but do it:
- after the initial groups are set
- after pam_setcred might have set something, even in the error case
- before pam_setcred(DELETE_CRED) might need it
*/
if (!saveGids())
goto pError;
# endif
if (pretc != PAM_SUCCESS) {
logError( "pam_setcred() for %s failed: %s\n",
curuser, pam_strerror( pamh, pretc ) );
resetGids();
return 0;
}
removeSession = 1; /* set it first - same as above */
pretc = pam_open_session( pamh, 0 );
reInitErrorLog();
if (pretc != PAM_SUCCESS) {
logError( "pam_open_session() for %s failed: %s\n",
curuser, pam_strerror( pamh, pretc ) );
resetGids();
return 0;
}
/* we don't want sessreg and the startup/reset scripts run with user
credentials. unfortunately, we can reset only the gids. */
resetGids();
# define D_LOGIN_SETGROUP LOGIN_SETGROUP
#else /* USE_PAM */
# define D_LOGIN_SETGROUP 0
#endif /* USE_PAM */
removeAuth = 1;
chownCtrl( &td->ctrl, curuid );
endpwent();
#if !defined(USE_PAM) && defined(USESHADOW) && !defined(_AIX)
endspent();
#endif
ctltalk.pipe = &ctlpipe;
ASPrintf( &buf, "sub-daemon for display %s", td->name );
ASPrintf( &buf2, "client for display %s", td->name );
switch (gFork( &ctlpipe, buf, buf2, 0, 0, mstrtalk.pipe, pid )) {
case 0:
gCloseOnExec( ctltalk.pipe );
if (Setjmp( ctltalk.errjmp ))
exit( 1 );
gCloseOnExec( mstrtalk.pipe );
if (Setjmp( mstrtalk.errjmp ))
goto cError;
#ifndef NOXDMTITLE
setproctitle( "%s'", td->name );
#endif
strApp( &prog, " '", (char *)0 );
reInitErrorLog();
setsid();
sessreg( td, getpid(), curuser, curuid );
/* We do this here, as we want to have the session as parent. */
switch (source( systemEnviron, td->startup, td_setup )) {
case 0:
break;
case wcCompose( 0, 0, 127 ):
goto cError;
default: /* Explicit failure => message already displayed. */
logError( "Startup script returned non-zero exit code\n" );
exit( 1 );
}
/* Memory leaks are ok here as we exec() soon. */
#if defined(USE_PAM) || !defined(_AIX)
# ifdef USE_PAM
/* pass in environment variables set by libpam and modules it called */
# ifdef HAVE_PAM_GETENVLIST
pam_env = pam_getenvlist( pamh );
reInitErrorLog();
# endif
if (pam_env)
for (; *pam_env; pam_env++)
userEnviron = putEnv( *pam_env, userEnviron );
# endif
# ifdef HAVE_SETLOGIN
if (setlogin( curuser ) < 0) {
logError( "setlogin for %s failed: %m\n", curuser );
goto cError;
}
# define D_LOGIN_SETLOGIN LOGIN_SETLOGIN
# else
# define D_LOGIN_SETLOGIN 0
# endif
# if defined(USE_PAM) && defined(HAVE_INITGROUPS)
if (!restoreGids())
goto cError;
# endif
# ifndef HAVE_SETUSERCONTEXT
# ifdef USE_PAM
if (!setUid( curuser, curuid ))
goto cError;
# else
if (!setUser( curuser, curuid, curgid ))
goto cError;
# endif
# else /* !HAVE_SETUSERCONTEXT */
/*
* Destroy environment.
* We need to do this before setusercontext() because that may
* set or reset some environment variables.
*/
if (!(environ = initStrArr( 0 )))
goto cError;
/*
* Set the user's credentials: uid, gid, groups,
* environment variables, resource limits, and umask.
*/
if (setusercontext( lc, p, p->pw_uid,
LOGIN_SETALL & ~(D_LOGIN_SETGROUP|D_LOGIN_SETLOGIN) ) < 0)
{
logError( "setusercontext for %s failed: %m\n", curuser );
goto cError;
}
for (i = 0; environ[i]; i++)
userEnviron = putEnv( environ[i], userEnviron );
# endif /* !HAVE_SETUSERCONTEXT */
#else /* PAM || !_AIX */
/*
* Set the user's credentials: uid, gid, groups,
* audit classes, user limits, and umask.
*/
if (setpcred( curuser, NULL ) == -1) {
logError( "setpcred for %s failed: %m\n", curuser );
goto cError;
}
/*
* Set the users process environment. Store protected variables and
* obtain updated user environment list. This call will initialize
* global 'newenv'.
*/
if (setpenv( curuser, PENV_INIT | PENV_ARGV | PENV_NOEXEC,
userEnviron, NULL ) != 0)
{
logError( "Cannot set %s's process environment\n", curuser );
goto cError;
}
userEnviron = newenv;
#endif /* _AIX */
/*
* for user-based authorization schemes,
* use the password to get the user's credentials.
*/
#ifdef SECURE_RPC
/* do like "keylogin" program */
if (!curpass[0])
logInfo( "No password for NIS provided.\n" );
else {
char netname[MAXNETNAMELEN+1], secretkey[HEXKEYBYTES+1];
int nameret, keyret;
int len;
int key_set_ok = 0;
struct key_netstarg netst;
nameret = getnetname( netname );
debug( "user netname: %s\n", netname );
len = strlen( curpass );
if (len > 8)
bzero( curpass + 8, len - 8 );
keyret = getsecretkey( netname, secretkey, curpass );
debug( "getsecretkey returns %d, key length %d\n",
keyret, strlen( secretkey ) );
netst.st_netname = netname;
memcpy( netst.st_priv_key, secretkey, HEXKEYBYTES );
memset( netst.st_pub_key, 0, HEXKEYBYTES );
if (key_setnet( &netst ) < 0)
debug( "Could not set secret key.\n" );
/* is there a key, and do we have the right password? */
if (keyret == 1) {
if (*secretkey) {
keyret = key_setsecret( secretkey );
debug( "key_setsecret returns %d\n", keyret );
if (keyret == -1)
logError( "Failed to set NIS secret key\n" );
else
key_set_ok = 1;
} else {
/* found a key, but couldn't interpret it */
logError( "Password incorrect for NIS principal %s\n",
nameret ? netname : curuser );
}
}
if (!key_set_ok)
nukeAuth( 9, "SUN-DES-1" );
bzero( secretkey, strlen( secretkey ) );
}
#endif
#ifdef K5AUTH
/* do like "kinit" program */
if (!curpass[0])
logInfo( "No password for Kerberos5 provided.\n" );
else
if ((str = krb5Init( curuser, curpass, td->name )))
userEnviron = setEnv( userEnviron, "KRB5CCNAME", str );
else
nukeAuth( 14, "MIT-KERBEROS-5" );
#endif /* K5AUTH */
if (td->autoReLogin) {
gSet( &mstrtalk );
gSendInt( D_ReLogin );
gSendStr( curuser );
gSendStr( curpass );
gSendStr( newdmrc );
}
if (curpass)
bzero( curpass, strlen( curpass ) );
setUserAuthorization( td );
home = getEnv( userEnviron, "HOME" );
if (home && chdir( home ) < 0) {
logError( "Cannot chdir to %s's home %s: %m\n", curuser, home );
sendStr( V_MSG_ERR, "Cannot enter home directory. Using /.\n" );
chdir( "/" );
userEnviron = setEnv( userEnviron, "HOME", "/" );
home = 0;
}
if (home || td->clientLogFile[0] == '/') {
if (!createClientLog( td->clientLogFile )) {
logWarn( "Session log file according to %s cannot be created: %m\n",
td->clientLogFile );
goto tmperr;
}
} else {
tmperr:
if (!createClientLog( td->clientLogFallback ))
logError( "Fallback session log file according to %s cannot be created: %m\n",
td->clientLogFallback );
/* Could inform the user, but I guess this is only confusing. */
}
if (!*dmrcDir)
mergeSessionArgs( home != 0 );
if (!(desksess = iniEntry( curdmrc, "Desktop", "Session", 0 )))
desksess = "failsafe"; /* only due to OOM */
gSet( &mstrtalk );
gSendInt( D_User );
gSendInt( curuid );
gSendStr( curuser );
gSendStr( desksess );
close( mstrtalk.pipe->fd.w );
userEnviron = setEnv( userEnviron, "DESKTOP_SESSION", desksess );
for (i = 0; td->sessionsDirs[i]; i++) {
fname = 0;
if (strApp( &fname, td->sessionsDirs[i], "/", desksess, ".desktop", (char *)0 )) {
if ((str = iniLoad( fname ))) {
if (!strCmp( iniEntry( str, "Desktop Entry", "Hidden", 0 ), "true" ) ||
!(sessargs = iniEntry( str, "Desktop Entry", "Exec", 0 )))
sessargs = "";
free( str );
free( fname );
goto gotit;
}
free( fname );
}
}
if (!strcmp( desksess, "failsafe" ) ||
!strcmp( desksess, "default" ) ||
!strcmp( desksess, "custom" ))
sessargs = desksess;
else
sessargs = "";
gotit:
if (!(argv = parseArgs( (char **)0, td->session )) ||
!(argv = addStrArr( argv, sessargs, -1 )))
exit( 1 );
if (argv[0] && *argv[0]) {
debug( "executing session %\"[s\n", argv );
execute( argv, userEnviron );
logError( "Session %\"s execution failed: %m\n", argv[0] );
} else
logError( "Session has no command/arguments\n" );
failsafeArgv[0] = td->failsafeClient;
failsafeArgv[1] = 0;
execute( failsafeArgv, userEnviron );
logError( "Failsafe client %\"s execution failed: %m\n",
failsafeArgv[0] );
cError:
sendStr( V_MSG_ERR, 0 );
exit( 1 );
case -1:
free( buf );
return 0;
}
debug( "StartSession, fork succeeded %d\n", *pid );
free( buf );
gSet( &ctltalk );
if (!Setjmp( ctltalk.errjmp ))
while (gRecvCmd( &i )) {
buf = gRecvStr();
displayStr( i, buf );
free( buf );
gSet( &ctltalk );
gSendInt( 0 );
}
gClosen( ctltalk.pipe );
finishGreet();
return 1;
}
static Bool StartClient(struct verify_info *verify, struct display *d, int *pidp, char *name, char *passwd
#ifdef WITH_CONSOLE_KIT
, char *ck_session_cookie
#endif
)
{
char **f;
const char *home;
char *failsafeArgv[2];
int pid;
#ifdef HAS_SETUSERCONTEXT
struct passwd *pwd;
#endif
#ifdef USE_PAM
pam_handle_t *pamh = thepamh();
#endif
if (verify->argv) {
WDMDebug("StartSession %s: ", verify->argv[0]);
for (f = verify->argv; *f; f++)
WDMDebug("%s ", *f);
WDMDebug("; ");
}
if (verify->userEnviron) {
for (f = verify->userEnviron; *f; f++)
WDMDebug("%s ", *f);
WDMDebug("\n");
}
/* Do system-dependent login setup here */
if (setgid(verify->gid) < 0) {
WDMError("setgid %d (user \"%s\") failed, errno=%d\n", verify->gid, name, errno);
return (0);
}
#if defined(BSD) && (BSD >= 199103)
if (setlogin(name) < 0) {
WDMError("setlogin for \"%s\" failed, errno=%d", name, errno);
return (0);
}
#endif
if (initgroups(name, verify->gid) < 0) {
WDMError("initgroups for \"%s\" failed, errno=%d\n", name, errno);
return (0);
}
#ifdef USE_PAM
if (pamh) {
if (pam_setcred(pamh, PAM_ESTABLISH_CRED) != PAM_SUCCESS) {
WDMError("pam_setcred failed, errno=%d\n", errno);
log_to_audit_system(0);
pam_end(pamh, PAM_SUCCESS);
pamh = NULL;
return 0;
}
pam_open_session(pamh, 0);
log_to_audit_system(1);
/* pass in environment variables set by libpam and modules it called */
{
long i;
char **pam_env = pam_getenvlist(pamh);
for (i = 0; pam_env && pam_env[i]; i++) {
verify->userEnviron = WDMPutEnv(verify->userEnviron, pam_env[i]);
}
}
}
#endif
switch (pid = fork()) {
case 0:
CleanUpChild();
#ifdef XDMCP
/* The chooser socket is not closed by CleanUpChild() */
DestroyWellKnownSockets();
#endif
if (setuid(verify->uid) < 0) {
WDMError("setuid %d (user \"%s\") failed, errno=%d\n", verify->uid, name, errno);
return (0);
}
/*
* for Security Enhanced Linux,
* set the default security context for this user.
*/
#ifdef WITH_SELINUX
if (is_selinux_enabled()) {
security_context_t scontext;
if (get_default_context(name, NULL, &scontext))
WDMError("Failed to get default security context" " for %s.", name);
WDMDebug("setting security context to %s", scontext);
if (setexeccon(scontext)) {
freecon(scontext);
WDMError("Failed to set exec security context %s " "for %s.", scontext, name);
}
freecon(scontext);
}
#endif
/*
* for user-based authorization schemes,
* use the password to get the user's credentials.
*/
bzero(passwd, strlen(passwd));
#ifdef WITH_CONSOLE_KIT
if (ck_session_cookie != NULL) {
verify->userEnviron = WDMSetEnv(verify->userEnviron, "XDG_SESSION_COOKIE", ck_session_cookie);
}
#endif
SetUserAuthorization(d, verify);
home = WDMGetEnv(verify->userEnviron, "HOME");
if (home)
if (chdir(home) == -1) {
WDMError("user \"%s\": cannot chdir to home \"%s\" (err %d), using \"/\"\n",
WDMGetEnv(verify->userEnviron, "USER"), home, errno);
chdir("/");
verify->userEnviron = WDMSetEnv(verify->userEnviron, "HOME", "/");
}
if (verify->argv) {
WDMDebug("executing session %s\n", verify->argv[0]);
execute(verify->argv, verify->userEnviron);
WDMError("Session \"%s\" execution failed (err %d)\n", verify->argv[0], errno);
} else {
WDMError("Session has no command/arguments\n");
}
failsafeArgv[0] = d->failsafeClient;
failsafeArgv[1] = 0;
execute(failsafeArgv, verify->userEnviron);
exit(1);
case -1:
bzero(passwd, strlen(passwd));
WDMDebug("StartSession, fork failed\n");
WDMError("can't start session on \"%s\", fork failed, errno=%d\n", d->name, errno);
return 0;
default:
bzero(passwd, strlen(passwd));
WDMDebug("StartSession, fork succeeded %d\n", pid);
*pidp = pid;
return 1;
}
}
int
main(int argc, char **argv)
{
extern int optind;
extern char *optarg, **environ;
struct group *gr;
register int ch;
register char *p;
int ask, fflag, hflag, pflag, cnt, errsv;
int quietlog, passwd_req;
char *domain, *ttyn;
char tbuf[MAXPATHLEN + 2], tname[sizeof(_PATH_TTY) + 10];
char *termenv;
char *childArgv[10];
char *buff;
int childArgc = 0;
#ifdef HAVE_SECURITY_PAM_MISC_H
int retcode;
pam_handle_t *pamh = NULL;
struct pam_conv conv = { misc_conv, NULL };
pid_t childPid;
#else
char *salt, *pp;
#endif
#ifdef LOGIN_CHOWN_VCS
char vcsn[20], vcsan[20];
#endif
pid = getpid();
signal(SIGALRM, timedout);
alarm((unsigned int)timeout);
signal(SIGQUIT, SIG_IGN);
signal(SIGINT, SIG_IGN);
setlocale(LC_ALL, "");
bindtextdomain(PACKAGE, LOCALEDIR);
textdomain(PACKAGE);
setpriority(PRIO_PROCESS, 0, 0);
initproctitle(argc, argv);
/*
* -p is used by getty to tell login not to destroy the environment
* -f is used to skip a second login authentication
* -h is used by other servers to pass the name of the remote
* host to login so that it may be placed in utmp and wtmp
*/
gethostname(tbuf, sizeof(tbuf));
xstrncpy(thishost, tbuf, sizeof(thishost));
domain = index(tbuf, '.');
username = tty_name = hostname = NULL;
fflag = hflag = pflag = 0;
passwd_req = 1;
while ((ch = getopt(argc, argv, "fh:p")) != -1)
switch (ch) {
case 'f':
fflag = 1;
break;
case 'h':
if (getuid()) {
fprintf(stderr,
_("login: -h for super-user only.\n"));
exit(1);
}
hflag = 1;
if (domain && (p = index(optarg, '.')) &&
strcasecmp(p, domain) == 0)
*p = 0;
hostname = strdup(optarg); /* strdup: Ambrose C. Li */
{
struct hostent *he = gethostbyname(hostname);
/* he points to static storage; copy the part we use */
hostaddress[0] = 0;
if (he && he->h_addr_list && he->h_addr_list[0])
memcpy(hostaddress, he->h_addr_list[0],
sizeof(hostaddress));
}
break;
case 'p':
pflag = 1;
break;
case '?':
default:
fprintf(stderr,
_("usage: login [-fp] [username]\n"));
exit(1);
}
argc -= optind;
argv += optind;
if (*argv) {
char *p = *argv;
username = strdup(p);
ask = 0;
/* wipe name - some people mistype their password here */
/* (of course we are too late, but perhaps this helps a little ..) */
while(*p)
*p++ = ' ';
} else
ask = 1;
for (cnt = getdtablesize(); cnt > 2; cnt--)
close(cnt);
ttyn = ttyname(0);
if (ttyn == NULL || *ttyn == '\0') {
/* no snprintf required - see definition of tname */
sprintf(tname, "%s??", _PATH_TTY);
ttyn = tname;
}
check_ttyname(ttyn);
if (strncmp(ttyn, "/dev/", 5) == 0)
tty_name = ttyn+5;
else
tty_name = ttyn;
if (strncmp(ttyn, "/dev/tty", 8) == 0)
tty_number = ttyn+8;
else {
char *p = ttyn;
while (*p && !isdigit(*p)) p++;
tty_number = p;
}
#ifdef LOGIN_CHOWN_VCS
/* find names of Virtual Console devices, for later mode change */
snprintf(vcsn, sizeof(vcsn), "/dev/vcs%s", tty_number);
snprintf(vcsan, sizeof(vcsan), "/dev/vcsa%s", tty_number);
#endif
/* set pgid to pid */
setpgrp();
/* this means that setsid() will fail */
{
struct termios tt, ttt;
tcgetattr(0, &tt);
ttt = tt;
ttt.c_cflag &= ~HUPCL;
/* These can fail, e.g. with ttyn on a read-only filesystem */
chown(ttyn, 0, 0);
chmod(ttyn, TTY_MODE);
/* Kill processes left on this tty */
tcsetattr(0,TCSAFLUSH,&ttt);
signal(SIGHUP, SIG_IGN); /* so vhangup() wont kill us */
vhangup();
signal(SIGHUP, SIG_DFL);
/* open stdin,stdout,stderr to the tty */
opentty(ttyn);
/* restore tty modes */
tcsetattr(0,TCSAFLUSH,&tt);
}
openlog("login", LOG_ODELAY, LOG_AUTHPRIV);
#if 0
/* other than iso-8859-1 */
printf("\033(K");
fprintf(stderr,"\033(K");
#endif
#ifdef HAVE_SECURITY_PAM_MISC_H
/*
* username is initialized to NULL
* and if specified on the command line it is set.
* Therefore, we are safe not setting it to anything
*/
retcode = pam_start("login",username, &conv, &pamh);
if(retcode != PAM_SUCCESS) {
fprintf(stderr, _("login: PAM Failure, aborting: %s\n"),
pam_strerror(pamh, retcode));
syslog(LOG_ERR, _("Couldn't initialize PAM: %s"),
pam_strerror(pamh, retcode));
exit(99);
}
/* hostname & tty are either set to NULL or their correct values,
depending on how much we know */
retcode = pam_set_item(pamh, PAM_RHOST, hostname);
PAM_FAIL_CHECK;
retcode = pam_set_item(pamh, PAM_TTY, tty_name);
PAM_FAIL_CHECK;
/*
* [email protected]: Provide a user prompt to PAM
* so that the "login: "******"Password: "******"login: "******"\033(K");
fprintf(stderr,"\033(K");
#endif
/* if fflag == 1, then the user has already been authenticated */
if (fflag && (getuid() == 0))
passwd_req = 0;
else
passwd_req = 1;
if(passwd_req == 1) {
int failcount=0;
/* if we didn't get a user on the command line, set it to NULL */
pam_get_item(pamh, PAM_USER, (const void **) &username);
if (!username)
pam_set_item(pamh, PAM_USER, NULL);
/* there may be better ways to deal with some of these
conditions, but at least this way I don't think we'll
be giving away information... */
/* Perhaps someday we can trust that all PAM modules will
pay attention to failure count and get rid of MAX_LOGIN_TRIES? */
retcode = pam_authenticate(pamh, 0);
while((failcount++ < PAM_MAX_LOGIN_TRIES) &&
((retcode == PAM_AUTH_ERR) ||
(retcode == PAM_USER_UNKNOWN) ||
(retcode == PAM_CRED_INSUFFICIENT) ||
(retcode == PAM_AUTHINFO_UNAVAIL))) {
pam_get_item(pamh, PAM_USER, (const void **) &username);
syslog(LOG_NOTICE,_("FAILED LOGIN %d FROM %s FOR %s, %s"),
failcount, hostname, username, pam_strerror(pamh, retcode));
logbtmp(tty_name, username, hostname);
fprintf(stderr,_("Login incorrect\n\n"));
pam_set_item(pamh,PAM_USER,NULL);
retcode = pam_authenticate(pamh, 0);
}
if (retcode != PAM_SUCCESS) {
pam_get_item(pamh, PAM_USER, (const void **) &username);
if (retcode == PAM_MAXTRIES)
syslog(LOG_NOTICE,_("TOO MANY LOGIN TRIES (%d) FROM %s FOR "
"%s, %s"), failcount, hostname, username,
pam_strerror(pamh, retcode));
else
syslog(LOG_NOTICE,_("FAILED LOGIN SESSION FROM %s FOR %s, %s"),
hostname, username, pam_strerror(pamh, retcode));
logbtmp(tty_name, username, hostname);
fprintf(stderr,_("\nLogin incorrect\n"));
pam_end(pamh, retcode);
exit(0);
}
retcode = pam_acct_mgmt(pamh, 0);
if(retcode == PAM_NEW_AUTHTOK_REQD) {
retcode = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
}
PAM_FAIL_CHECK;
}
/*
* Grab the user information out of the password file for future usage
* First get the username that we are actually using, though.
*/
retcode = pam_get_item(pamh, PAM_USER, (const void **) &username);
PAM_FAIL_CHECK;
if (!username || !*username) {
fprintf(stderr, _("\nSession setup problem, abort.\n"));
syslog(LOG_ERR, _("NULL user name in %s:%d. Abort."),
__FUNCTION__, __LINE__);
pam_end(pamh, PAM_SYSTEM_ERR);
exit(1);
}
if (!(pwd = getpwnam(username))) {
fprintf(stderr, _("\nSession setup problem, abort.\n"));
syslog(LOG_ERR, _("Invalid user name \"%s\" in %s:%d. Abort."),
username, __FUNCTION__, __LINE__);
pam_end(pamh, PAM_SYSTEM_ERR);
exit(1);
}
/*
* Create a copy of the pwd struct - otherwise it may get
* clobbered by PAM
*/
memcpy(&pwdcopy, pwd, sizeof(*pwd));
pwd = &pwdcopy;
pwd->pw_name = strdup(pwd->pw_name);
pwd->pw_passwd = strdup(pwd->pw_passwd);
pwd->pw_gecos = strdup(pwd->pw_gecos);
pwd->pw_dir = strdup(pwd->pw_dir);
pwd->pw_shell = strdup(pwd->pw_shell);
if (!pwd->pw_name || !pwd->pw_passwd || !pwd->pw_gecos ||
!pwd->pw_dir || !pwd->pw_shell) {
fprintf(stderr, _("login: Out of memory\n"));
syslog(LOG_ERR, "Out of memory");
pam_end(pamh, PAM_SYSTEM_ERR);
exit(1);
}
username = pwd->pw_name;
/*
* Initialize the supplementary group list.
* This should be done before pam_setcred because
* the PAM modules might add groups during pam_setcred.
*/
if (initgroups(username, pwd->pw_gid) < 0) {
syslog(LOG_ERR, "initgroups: %m");
fprintf(stderr, _("\nSession setup problem, abort.\n"));
pam_end(pamh, PAM_SYSTEM_ERR);
exit(1);
}
retcode = pam_open_session(pamh, 0);
PAM_FAIL_CHECK;
retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED);
PAM_FAIL_CHECK;
#else /* ! HAVE_SECURITY_PAM_MISC_H */
for (cnt = 0;; ask = 1) {
if (ask) {
fflag = 0;
getloginname();
}
/* Dirty patch to fix a gigantic security hole when using
yellow pages. This problem should be solved by the
libraries, and not by programs, but this must be fixed
urgently! If the first char of the username is '+', we
avoid login success.
Feb 95 <*****@*****.**> */
if (username[0] == '+') {
puts(_("Illegal username"));
badlogin(username);
sleepexit(1);
}
/* (void)strcpy(tbuf, username); why was this here? */
if ((pwd = getpwnam(username))) {
# ifdef SHADOW_PWD
struct spwd *sp;
if ((sp = getspnam(username)))
pwd->pw_passwd = sp->sp_pwdp;
# endif
salt = pwd->pw_passwd;
} else
salt = "xx";
if (pwd) {
initgroups(username, pwd->pw_gid);
checktty(username, tty_name, pwd); /* in checktty.c */
}
/* if user not super-user, check for disabled logins */
if (pwd == NULL || pwd->pw_uid)
checknologin();
/*
* Disallow automatic login to root; if not invoked by
* root, disallow if the uid's differ.
*/
if (fflag && pwd) {
int uid = getuid();
passwd_req = pwd->pw_uid == 0 ||
(uid && uid != pwd->pw_uid);
}
/*
* If trying to log in as root, but with insecure terminal,
* refuse the login attempt.
*/
if (pwd && pwd->pw_uid == 0 && !rootterm(tty_name)) {
fprintf(stderr,
_("%s login refused on this terminal.\n"),
pwd->pw_name);
if (hostname)
syslog(LOG_NOTICE,
_("LOGIN %s REFUSED FROM %s ON TTY %s"),
pwd->pw_name, hostname, tty_name);
else
syslog(LOG_NOTICE,
_("LOGIN %s REFUSED ON TTY %s"),
pwd->pw_name, tty_name);
continue;
}
/*
* If no pre-authentication and a password exists
* for this user, prompt for one and verify it.
*/
if (!passwd_req || (pwd && !*pwd->pw_passwd))
break;
setpriority(PRIO_PROCESS, 0, -4);
pp = getpass(_("Password: "******"CRYPTO", 6) == 0) {
if (pwd && cryptocard()) break;
}
# endif /* CRYPTOCARD */
p = crypt(pp, salt);
setpriority(PRIO_PROCESS, 0, 0);
# ifdef KERBEROS
/*
* If not present in pw file, act as we normally would.
* If we aren't Kerberos-authenticated, try the normal
* pw file for a password. If that's ok, log the user
* in without issueing any tickets.
*/
if (pwd && !krb_get_lrealm(realm,1)) {
/*
* get TGT for local realm; be careful about uid's
* here for ticket file ownership
*/
setreuid(geteuid(),pwd->pw_uid);
kerror = krb_get_pw_in_tkt(pwd->pw_name, "", realm,
"krbtgt", realm, DEFAULT_TKT_LIFE, pp);
setuid(0);
if (kerror == INTK_OK) {
memset(pp, 0, strlen(pp));
notickets = 0; /* user got ticket */
break;
}
}
# endif /* KERBEROS */
memset(pp, 0, strlen(pp));
if (pwd && !strcmp(p, pwd->pw_passwd))
break;
printf(_("Login incorrect\n"));
badlogin(username); /* log ALL bad logins */
failures++;
/* we allow 10 tries, but after 3 we start backing off */
if (++cnt > 3) {
if (cnt >= 10) {
sleepexit(1);
}
sleep((unsigned int)((cnt - 3) * 5));
}
}
#endif /* !HAVE_SECURITY_PAM_MISC_H */
/* committed to login -- turn off timeout */
alarm((unsigned int)0);
endpwent();
/* This requires some explanation: As root we may not be able to
read the directory of the user if it is on an NFS mounted
filesystem. We temporarily set our effective uid to the user-uid
making sure that we keep root privs. in the real uid.
A portable solution would require a fork(), but we rely on Linux
having the BSD setreuid() */
{
char tmpstr[MAXPATHLEN];
uid_t ruid = getuid();
gid_t egid = getegid();
/* avoid snprintf - old systems do not have it, or worse,
have a libc in which snprintf is the same as sprintf */
if (strlen(pwd->pw_dir) + sizeof(_PATH_HUSHLOGIN) + 2 > MAXPATHLEN)
quietlog = 0;
else {
sprintf(tmpstr, "%s/%s", pwd->pw_dir, _PATH_HUSHLOGIN);
setregid(-1, pwd->pw_gid);
setreuid(0, pwd->pw_uid);
quietlog = (access(tmpstr, R_OK) == 0);
setuid(0); /* setreuid doesn't do it alone! */
setreuid(ruid, 0);
setregid(-1, egid);
}
}
/* for linux, write entries in utmp and wtmp */
{
struct utmp ut;
struct utmp *utp;
utmpname(_PATH_UTMP);
setutent();
/* Find pid in utmp.
login sometimes overwrites the runlevel entry in /var/run/utmp,
confusing sysvinit. I added a test for the entry type, and the problem
was gone. (In a runlevel entry, st_pid is not really a pid but some number
calculated from the previous and current runlevel).
Michael Riepe <*****@*****.**>
*/
while ((utp = getutent()))
if (utp->ut_pid == pid
&& utp->ut_type >= INIT_PROCESS
&& utp->ut_type <= DEAD_PROCESS)
break;
/* If we can't find a pre-existing entry by pid, try by line.
BSD network daemons may rely on this. (anonymous) */
if (utp == NULL) {
setutent();
ut.ut_type = LOGIN_PROCESS;
strncpy(ut.ut_line, tty_name, sizeof(ut.ut_line));
utp = getutline(&ut);
}
if (utp) {
memcpy(&ut, utp, sizeof(ut));
} else {
/* some gettys/telnetds don't initialize utmp... */
memset(&ut, 0, sizeof(ut));
}
if (ut.ut_id[0] == 0)
strncpy(ut.ut_id, tty_number, sizeof(ut.ut_id));
strncpy(ut.ut_user, username, sizeof(ut.ut_user));
xstrncpy(ut.ut_line, tty_name, sizeof(ut.ut_line));
#ifdef _HAVE_UT_TV /* in <utmpbits.h> included by <utmp.h> */
gettimeofday(&ut.ut_tv, NULL);
#else
{
time_t t;
time(&t);
ut.ut_time = t; /* ut_time is not always a time_t */
/* glibc2 #defines it as ut_tv.tv_sec */
}
#endif
ut.ut_type = USER_PROCESS;
ut.ut_pid = pid;
if (hostname) {
xstrncpy(ut.ut_host, hostname, sizeof(ut.ut_host));
if (hostaddress[0])
memcpy(&ut.ut_addr, hostaddress, sizeof(ut.ut_addr));
}
pututline(&ut);
endutent();
#if HAVE_UPDWTMP
updwtmp(_PATH_WTMP, &ut);
#else
#if 0
/* The O_APPEND open() flag should be enough to guarantee
atomic writes at end of file. */
{
int wtmp;
if((wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY)) >= 0) {
write(wtmp, (char *)&ut, sizeof(ut));
close(wtmp);
}
}
#else
/* Probably all this locking below is just nonsense,
and the short version is OK as well. */
{
int lf, wtmp;
if ((lf = open(_PATH_WTMPLOCK, O_CREAT|O_WRONLY, 0660)) >= 0) {
flock(lf, LOCK_EX);
if ((wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY)) >= 0) {
write(wtmp, (char *)&ut, sizeof(ut));
close(wtmp);
}
flock(lf, LOCK_UN);
close(lf);
}
}
#endif
#endif
}
dolastlog(quietlog);
chown(ttyn, pwd->pw_uid,
(gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid);
chmod(ttyn, TTY_MODE);
#ifdef LOGIN_CHOWN_VCS
/* if tty is one of the VC's then change owner and mode of the
special /dev/vcs devices as well */
if (consoletty(0)) {
chown(vcsn, pwd->pw_uid, (gr ? gr->gr_gid : pwd->pw_gid));
chown(vcsan, pwd->pw_uid, (gr ? gr->gr_gid : pwd->pw_gid));
chmod(vcsn, TTY_MODE);
chmod(vcsan, TTY_MODE);
}
#endif
setgid(pwd->pw_gid);
if (*pwd->pw_shell == '\0')
pwd->pw_shell = _PATH_BSHELL;
/* preserve TERM even without -p flag */
{
char *ep;
if(!((ep = getenv("TERM")) && (termenv = strdup(ep))))
termenv = "dumb";
}
/* destroy environment unless user has requested preservation */
if (!pflag)
{
environ = (char**)malloc(sizeof(char*));
memset(environ, 0, sizeof(char*));
}
setenv("HOME", pwd->pw_dir, 0); /* legal to override */
if(pwd->pw_uid)
setenv("PATH", _PATH_DEFPATH, 1);
else
setenv("PATH", _PATH_DEFPATH_ROOT, 1);
setenv("SHELL", pwd->pw_shell, 1);
setenv("TERM", termenv, 1);
/* mailx will give a funny error msg if you forget this one */
{
char tmp[MAXPATHLEN];
/* avoid snprintf */
if (sizeof(_PATH_MAILDIR) + strlen(pwd->pw_name) + 1 < MAXPATHLEN) {
sprintf(tmp, "%s/%s", _PATH_MAILDIR, pwd->pw_name);
setenv("MAIL",tmp,0);
}
}
/* LOGNAME is not documented in login(1) but
HP-UX 6.5 does it. We'll not allow modifying it.
*/
setenv("LOGNAME", pwd->pw_name, 1);
#ifdef HAVE_SECURITY_PAM_MISC_H
{
int i;
char ** env = pam_getenvlist(pamh);
if (env != NULL) {
for (i=0; env[i]; i++) {
putenv(env[i]);
/* D(("env[%d] = %s", i,env[i])); */
}
}
}
#endif
setproctitle("login", username);
if (!strncmp(tty_name, "ttyS", 4))
syslog(LOG_INFO, _("DIALUP AT %s BY %s"), tty_name, pwd->pw_name);
/* allow tracking of good logins.
-steve philp ([email protected]) */
if (pwd->pw_uid == 0) {
if (hostname)
syslog(LOG_NOTICE, _("ROOT LOGIN ON %s FROM %s"),
tty_name, hostname);
else
syslog(LOG_NOTICE, _("ROOT LOGIN ON %s"), tty_name);
} else {
if (hostname)
syslog(LOG_INFO, _("LOGIN ON %s BY %s FROM %s"), tty_name,
pwd->pw_name, hostname);
else
syslog(LOG_INFO, _("LOGIN ON %s BY %s"), tty_name,
pwd->pw_name);
}
if (!quietlog) {
motd();
#ifdef LOGIN_STAT_MAIL
/*
* This turns out to be a bad idea: when the mail spool
* is NFS mounted, and the NFS connection hangs, the
* login hangs, even root cannot login.
* Checking for mail should be done from the shell.
*/
{
struct stat st;
char *mail;
mail = getenv("MAIL");
if (mail && stat(mail, &st) == 0 && st.st_size != 0) {
if (st.st_mtime > st.st_atime)
printf(_("You have new mail.\n"));
else
printf(_("You have mail.\n"));
}
}
#endif
}
signal(SIGALRM, SIG_DFL);
signal(SIGQUIT, SIG_DFL);
signal(SIGTSTP, SIG_IGN);
#ifdef HAVE_SECURITY_PAM_MISC_H
/*
* We must fork before setuid() because we need to call
* pam_close_session() as root.
*/
childPid = fork();
if (childPid < 0) {
int errsv = errno;
/* error in fork() */
fprintf(stderr, _("login: failure forking: %s"), strerror(errsv));
PAM_END;
exit(0);
}
if (childPid) {
/* parent - wait for child to finish, then cleanup session */
signal(SIGHUP, SIG_IGN);
signal(SIGINT, SIG_IGN);
signal(SIGQUIT, SIG_IGN);
signal(SIGTSTP, SIG_IGN);
signal(SIGTTIN, SIG_IGN);
signal(SIGTTOU, SIG_IGN);
wait(NULL);
PAM_END;
exit(0);
}
/* child */
/*
* Problem: if the user's shell is a shell like ash that doesnt do
* setsid() or setpgrp(), then a ctrl-\, sending SIGQUIT to every
* process in the pgrp, will kill us.
*/
/* start new session */
setsid();
/* make sure we have a controlling tty */
opentty(ttyn);
openlog("login", LOG_ODELAY, LOG_AUTHPRIV); /* reopen */
/*
* TIOCSCTTY: steal tty from other process group.
*/
if (ioctl(0, TIOCSCTTY, 1))
syslog(LOG_ERR, _("TIOCSCTTY failed: %m"));
#endif
signal(SIGINT, SIG_DFL);
/* discard permissions last so can't get killed and drop core */
if(setuid(pwd->pw_uid) < 0 && pwd->pw_uid) {
syslog(LOG_ALERT, _("setuid() failed"));
exit(1);
}
/* wait until here to change directory! */
if (chdir(pwd->pw_dir) < 0) {
printf(_("No directory %s!\n"), pwd->pw_dir);
if (chdir("/"))
exit(0);
pwd->pw_dir = "/";
printf(_("Logging in with home = \"/\".\n"));
}
/* if the shell field has a space: treat it like a shell script */
if (strchr(pwd->pw_shell, ' ')) {
buff = malloc(strlen(pwd->pw_shell) + 6);
if (!buff) {
fprintf(stderr, _("login: no memory for shell script.\n"));
exit(0);
}
strcpy(buff, "exec ");
strcat(buff, pwd->pw_shell);
childArgv[childArgc++] = "/bin/sh";
childArgv[childArgc++] = "-sh";
childArgv[childArgc++] = "-c";
childArgv[childArgc++] = buff;
} else {
tbuf[0] = '-';
xstrncpy(tbuf + 1, ((p = rindex(pwd->pw_shell, '/')) ?
p + 1 : pwd->pw_shell),
sizeof(tbuf)-1);
childArgv[childArgc++] = pwd->pw_shell;
childArgv[childArgc++] = tbuf;
}
childArgv[childArgc++] = NULL;
execvp(childArgv[0], childArgv + 1);
errsv = errno;
if (!strcmp(childArgv[0], "/bin/sh"))
fprintf(stderr, _("login: couldn't exec shell script: %s.\n"),
strerror(errsv));
else
fprintf(stderr, _("login: no shell: %s.\n"), strerror(errsv));
exit(0);
}
static void
setup_child (int inp[2], int outp[2], int errp[2], pam_handle_t *ph, struct passwd *pwd)
{
const char* display;
int i, ret;
#ifdef VALGRIND
char *args[] = { VALGRIND, VALGRIND_ARG, MATE_KEYRING_DAEMON, "--daemonize", "--login", NULL};
#else
char *args[] = { MATE_KEYRING_DAEMON, "--daemonize", "--login", NULL};
#endif
assert (pwd);
assert (pwd->pw_dir);
/* Fix up our end of the pipes */
if (dup2 (inp[READ_END], STDIN) < 0 ||
dup2 (outp[WRITE_END], STDOUT) < 0 ||
dup2 (errp[WRITE_END], STDERR) < 0) {
syslog (GKR_LOG_ERR, "gkr-pam: couldn't setup pipes: %s",
strerror (errno));
exit (EXIT_FAILURE);
}
/* Try valiantly to close unnecessary file descriptors */
for (i = STDERR; i < 64; ++i)
close (i);
/* Close unnecessary file descriptors */
close (inp[READ_END]);
close (inp[WRITE_END]);
close (outp[READ_END]);
close (outp[WRITE_END]);
close (errp[READ_END]);
close (errp[WRITE_END]);
/* We may be running effective as another user, revert that */
seteuid (getuid ());
setegid (getgid ());
/* Setup process credentials */
if (setgid (pwd->pw_gid) < 0 || setuid (pwd->pw_uid) < 0 ||
setegid (pwd->pw_gid) < 0 || seteuid (pwd->pw_uid) < 0) {
syslog (GKR_LOG_ERR, "gkr-pam: couldn't setup credentials: %s",
strerror (errno));
exit (EXIT_FAILURE);
}
/* Setup environment variables */
ret = setup_pam_env (ph, "HOME", pwd->pw_dir);
if (ret == PAM_SUCCESS && !pam_getenv (ph, "DISPLAY")) {
display = getenv ("DISPLAY");
if (display)
ret = setup_pam_env (ph, "DISPLAY", display);
}
/* Make sure that worked */
if (ret != PAM_SUCCESS) {
syslog (GKR_LOG_ERR, "gkr-pam: couldn't setup environment: %s",
pam_strerror (ph, ret));
exit (EXIT_FAILURE);
}
/* Now actually execute the process */
execve (args[0], args, pam_getenvlist (ph));
syslog (GKR_LOG_ERR, "gkr-pam: couldn't run mate-keyring-daemon: %s",
strerror (errno));
exit (EXIT_FAILURE);
}
void
setup_user_and_env(struct cl_t *cl, struct passwd *pas,
char ***sendmailenv, char ***jobenv, char **curshell,
char **curhome, char **content_type, char **encoding)
/* Check PAM authorization, and setup the environment variables
* to run sendmail and to run the job itself. Change dir to HOME and check if SHELL is ok */
/* (*curshell) and (*curhome) will be allocated and should thus be freed
* if curshell and curhome are not NULL. */
/* Return the the two env var sets, the shell to use to execle() commands and the home dir */
{
env_list_t *env_list = env_list_init();
env_t *e = NULL;
char *path = NULL;
char *myshell = NULL;
#ifdef HAVE_LIBPAM
int retcode = 0;
char **env;
#endif
if (pas == NULL)
die("setup_user_and_env() called with a NULL struct passwd");
env_list_setenv(env_list, "USER", pas->pw_name, 1);
env_list_setenv(env_list, "LOGNAME", pas->pw_name, 1);
env_list_setenv(env_list, "HOME", pas->pw_dir, 1);
/* inherit fcron's PATH for sendmail. We will later change it to DEFAULT_JOB_PATH
* or a user defined PATH for the job itself */
path = getenv("PATH");
env_list_setenv(env_list, "PATH", (path != NULL) ? path : DEFAULT_JOB_PATH,
1);
if (cl->cl_tz != NULL)
env_list_setenv(env_list, "TZ", cl->cl_tz, 1);
/* To ensure compatibility with Vixie cron, we don't use the shell defined
* in /etc/passwd by default, but the default value from fcron.conf instead: */
if (shell != NULL && shell[0] != '\0')
/* default: use value from fcron.conf */
env_list_setenv(env_list, "SHELL", shell, 1);
else
/* shell is empty, ie. not defined: fail back to /etc/passwd's value */
env_list_setenv(env_list, "SHELL", pas->pw_shell, 1);
#if ( ! defined(RUN_NON_PRIVILEGED)) && defined(HAVE_LIBPAM)
/* Open PAM session for the user and obtain any security
* credentials we might need */
retcode = pam_start("fcron", pas->pw_name, &apamconv, &pamh);
if (retcode != PAM_SUCCESS)
die_pame(pamh, retcode, "Could not start PAM for '%s'", cl->cl_shell);
/* Some system seem to need that pam_authenticate() call.
* Anyway, we have no way to authentificate the user :
* we must set auth to pam_permit. */
retcode = pam_authenticate(pamh, PAM_SILENT);
if (retcode != PAM_SUCCESS)
die_mail_pame(cl, retcode, pas,
"Could not authenticate PAM user", env_list);
retcode = pam_acct_mgmt(pamh, PAM_SILENT); /* permitted access? */
if (retcode != PAM_SUCCESS)
die_mail_pame(cl, retcode, pas,
"Could not init PAM account management", env_list);
retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT);
if (retcode != PAM_SUCCESS)
die_mail_pame(cl, retcode, pas, "Could not set PAM credentials",
env_list);
retcode = pam_open_session(pamh, PAM_SILENT);
if (retcode != PAM_SUCCESS)
die_mail_pame(cl, retcode, pas, "Could not open PAM session", env_list);
for (env = pam_getenvlist(pamh); env && *env; env++) {
env_list_putenv(env_list, *env, 1);
}
/* Close the log here, because PAM calls openlog(3) and
* our log messages could go to the wrong facility */
xcloselog();
#endif /* ( ! defined(RUN_NON_PRIVILEGED)) && defined(HAVE_LIBPAM) */
/* export the environment for sendmail before we apply user customization */
if (sendmailenv != NULL)
*sendmailenv = env_list_export_envp(env_list);
/* Now add user customizations to the environment to form jobenv */
if (jobenv != NULL) {
/* Make sure we don't keep fcron daemon's PATH (which we used for sendmail) */
env_list_setenv(env_list, "PATH", DEFAULT_JOB_PATH, 1);
for (e = env_list_first(cl->cl_file->cf_env_list); e != NULL;
e = env_list_next(cl->cl_file->cf_env_list)) {
env_list_putenv(env_list, e->e_envvar, 1);
}
/* make sure HOME is defined */
env_list_putenv(env_list, "HOME=/", 0); /* don't overwrite if already defined */
if (curhome != NULL) {
(*curhome) = strdup2(env_list_getenv(env_list, "HOME"));
}
/* check that SHELL is valid */
myshell = env_list_getenv(env_list, "SHELL");
if (myshell == NULL || myshell[0] == '\0') {
myshell = shell;
}
else if (access(myshell, X_OK) != 0) {
if (errno == ENOENT)
error("shell \"%s\" : no file or directory. SHELL set to %s",
myshell, shell);
else
error_e("shell \"%s\" not valid : SHELL set to %s", myshell,
shell);
myshell = shell;
}
env_list_setenv(env_list, "SHELL", myshell, 1);
if (curshell != NULL)
*curshell = strdup2(myshell);
*jobenv = env_list_export_envp(env_list);
}
if (content_type != NULL) {
(*content_type) = strdup2(env_list_getenv(env_list, "CONTENT_TYPE"));
}
if (encoding != NULL) {
(*encoding) =
strdup2(env_list_getenv(env_list, "CONTENT_TRANSFER_ENCODING"));
}
env_list_destroy(env_list);
}
int
sudo_pam_begin_session(struct passwd *pw, char **user_envp[], sudo_auth *auth)
{
int status = AUTH_SUCCESS;
int *pam_status = (int *) auth->data;
debug_decl(sudo_pam_begin_session, SUDO_DEBUG_AUTH)
/*
* If there is no valid user we cannot open a PAM session.
* This is not an error as sudo can run commands with arbitrary
* uids, it just means we are done from a session management standpoint.
*/
if (pw == NULL) {
if (pamh != NULL) {
(void) pam_end(pamh, PAM_SUCCESS | PAM_DATA_SILENT);
pamh = NULL;
}
goto done;
}
/*
* Update PAM_USER to reference the user we are running the command
* as, as opposed to the user we authenticated as.
*/
(void) pam_set_item(pamh, PAM_USER, pw->pw_name);
/*
* Reinitialize credentials when changing the user.
* We don't worry about a failure from pam_setcred() since with
* stacked PAM auth modules a failure from one module may override
* PAM_SUCCESS from another. For example, given a non-local user,
* pam_unix will fail but pam_ldap or pam_sss may succeed, but if
* pam_unix is first in the stack, pam_setcred() will fail.
*/
if (def_pam_setcred)
(void) pam_setcred(pamh, PAM_REINITIALIZE_CRED);
if (def_pam_session) {
*pam_status = pam_open_session(pamh, 0);
if (*pam_status != PAM_SUCCESS) {
(void) pam_end(pamh, *pam_status | PAM_DATA_SILENT);
pamh = NULL;
status = AUTH_FAILURE;
goto done;
}
}
#ifdef HAVE_PAM_GETENVLIST
/*
* Update environment based on what is stored in pamh.
* If no authentication is done we will only have environment
* variables if pam_env is called via session.
*/
if (user_envp != NULL) {
char **pam_envp = pam_getenvlist(pamh);
if (pam_envp != NULL) {
/* Merge pam env with user env. */
env_init(*user_envp);
env_merge(pam_envp);
*user_envp = env_get();
env_init(NULL);
efree(pam_envp);
/* XXX - we leak any duplicates that were in pam_envp */
}
}
#endif /* HAVE_PAM_GETENVLIST */
done:
debug_return_int(status);
}
/*
* login - create a new login session for a user
*
* login is typically called by getty as the second step of a
* new user session. getty is responsible for setting the line
* characteristics to a reasonable set of values and getting
* the name of the user to be logged in. login may also be
* called to create a new user session on a pty for a variety
* of reasons, such as X servers or network logins.
*
* the flags which login supports are
*
* -p - preserve the environment
* -r - perform autologin protocol for rlogin
* -f - do not perform authentication, user is preauthenticated
* -h - the name of the remote host
*/
int main (int argc, char **argv)
{
const char *tmptty;
char tty[BUFSIZ];
#ifdef RLOGIN
char term[128] = "";
#endif /* RLOGIN */
#if defined(HAVE_STRFTIME) && !defined(USE_PAM)
char ptime[80];
#endif
unsigned int delay;
unsigned int retries;
bool failed;
bool subroot = false;
#ifndef USE_PAM
bool is_console;
#endif
int err;
const char *cp;
char *tmp;
char fromhost[512];
struct passwd *pwd = NULL;
char **envp = environ;
const char *failent_user;
/*@null@*/struct utmp *utent;
#ifdef USE_PAM
int retcode;
pid_t child;
char *pam_user = NULL;
#else
struct spwd *spwd = NULL;
#endif
/*
* Some quick initialization.
*/
sanitize_env ();
(void) setlocale (LC_ALL, "");
(void) bindtextdomain (PACKAGE, LOCALEDIR);
(void) textdomain (PACKAGE);
initenv ();
amroot = (getuid () == 0);
Prog = Basename (argv[0]);
if (geteuid() != 0) {
fprintf (stderr, _("%s: Cannot possibly work without effective root\n"), Prog);
exit (1);
}
process_flags (argc, argv);
if ((isatty (0) == 0) || (isatty (1) == 0) || (isatty (2) == 0)) {
exit (1); /* must be a terminal */
}
utent = get_current_utmp ();
/*
* Be picky if run by normal users (possible if installed setuid
* root), but not if run by root. This way it still allows logins
* even if your getty is broken, or if something corrupts utmp,
* but users must "exec login" which will use the existing utmp
* entry (will not overwrite remote hostname). --marekm
*/
if (!amroot && (NULL == utent)) {
(void) puts (_("No utmp entry. You must exec \"login\" from the lowest level \"sh\""));
exit (1);
}
/* NOTE: utent might be NULL afterwards */
tmptty = ttyname (0);
if (NULL == tmptty) {
tmptty = "UNKNOWN";
}
STRFCPY (tty, tmptty);
#ifndef USE_PAM
is_console = console (tty);
#endif
if (rflg || hflg) {
/*
* Add remote hostname to the environment. I think
* (not sure) I saw it once on Irix. --marekm
*/
addenv ("REMOTEHOST", hostname);
}
if (fflg) {
preauth_flag = true;
}
if (hflg) {
reason = PW_RLOGIN;
}
#ifdef RLOGIN
if (rflg) {
assert (NULL == username);
username = xmalloc (USER_NAME_MAX_LENGTH + 1);
username[USER_NAME_MAX_LENGTH] = '\0';
if (do_rlogin (hostname, username, USER_NAME_MAX_LENGTH, term, sizeof term)) {
preauth_flag = true;
} else {
free (username);
username = NULL;
}
}
#endif /* RLOGIN */
OPENLOG ("login");
setup_tty ();
#ifndef USE_PAM
(void) umask (getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
{
/*
* Use the ULIMIT in the login.defs file, and if
* there isn't one, use the default value. The
* user may have one for themselves, but otherwise,
* just take what you get.
*/
long limit = getdef_long ("ULIMIT", -1L);
if (limit != -1) {
set_filesize_limit (limit);
}
}
#endif
/*
* The entire environment will be preserved if the -p flag
* is used.
*/
if (pflg) {
while (NULL != *envp) { /* add inherited environment, */
addenv (*envp, NULL); /* some variables change later */
envp++;
}
}
#ifdef RLOGIN
if (term[0] != '\0') {
addenv ("TERM", term);
} else
#endif /* RLOGIN */
{
/* preserve TERM from getty */
if (!pflg) {
tmp = getenv ("TERM");
if (NULL != tmp) {
addenv ("TERM", tmp);
}
}
}
init_env ();
if (optind < argc) { /* now set command line variables */
set_env (argc - optind, &argv[optind]);
}
if (rflg || hflg) {
cp = hostname;
#ifdef HAVE_STRUCT_UTMP_UT_HOST
} else if ((NULL != utent) && ('\0' != utent->ut_host[0])) {
cp = utent->ut_host;
#endif /* HAVE_STRUCT_UTMP_UT_HOST */
} else {
cp = "";
}
if ('\0' != *cp) {
snprintf (fromhost, sizeof fromhost,
" on '%.100s' from '%.200s'", tty, cp);
} else {
snprintf (fromhost, sizeof fromhost,
" on '%.100s'", tty);
}
top:
/* only allow ALARM sec. for login */
(void) signal (SIGALRM, alarm_handler);
timeout = getdef_unum ("LOGIN_TIMEOUT", ALARM);
if (timeout > 0) {
(void) alarm (timeout);
}
environ = newenvp; /* make new environment active */
delay = getdef_unum ("FAIL_DELAY", 1);
retries = getdef_unum ("LOGIN_RETRIES", RETRIES);
#ifdef USE_PAM
retcode = pam_start ("login", username, &conv, &pamh);
if (retcode != PAM_SUCCESS) {
fprintf (stderr,
_("login: PAM Failure, aborting: %s\n"),
pam_strerror (pamh, retcode));
SYSLOG ((LOG_ERR, "Couldn't initialize PAM: %s",
pam_strerror (pamh, retcode)));
exit (99);
}
/*
* hostname & tty are either set to NULL or their correct values,
* depending on how much we know. We also set PAM's fail delay to
* ours.
*
* PAM_RHOST and PAM_TTY are used for authentication, only use
* information coming from login or from the caller (e.g. no utmp)
*/
retcode = pam_set_item (pamh, PAM_RHOST, hostname);
PAM_FAIL_CHECK;
retcode = pam_set_item (pamh, PAM_TTY, tty);
PAM_FAIL_CHECK;
#ifdef HAS_PAM_FAIL_DELAY
retcode = pam_fail_delay (pamh, 1000000 * delay);
PAM_FAIL_CHECK;
#endif
/* if fflg, then the user has already been authenticated */
if (!fflg) {
unsigned int failcount = 0;
char hostn[256];
char loginprompt[256]; /* That's one hell of a prompt :) */
/* Make the login prompt look like we want it */
if (gethostname (hostn, sizeof (hostn)) == 0) {
snprintf (loginprompt,
sizeof (loginprompt),
_("%s login: "******"login: "******"TOO MANY LOGIN TRIES (%u)%s FOR '%s'",
failcount, fromhost, failent_user));
fprintf(stderr,
_("Maximum number of tries exceeded (%u)\n"),
failcount);
PAM_END;
exit(0);
} else if (retcode == PAM_ABORT) {
/* Serious problems, quit now */
(void) fputs (_("login: abort requested by PAM\n"), stderr);
SYSLOG ((LOG_ERR,"PAM_ABORT returned from pam_authenticate()"));
PAM_END;
exit(99);
} else if (retcode != PAM_SUCCESS) {
SYSLOG ((LOG_NOTICE,"FAILED LOGIN (%u)%s FOR '%s', %s",
failcount, fromhost, failent_user,
pam_strerror (pamh, retcode)));
failed = true;
}
if (!failed) {
break;
}
#ifdef WITH_AUDIT
audit_fd = audit_open ();
audit_log_acct_message (audit_fd,
AUDIT_USER_LOGIN,
NULL, /* Prog. name */
"login",
failent_user,
AUDIT_NO_ID,
hostname,
NULL, /* addr */
tty,
0); /* result */
close (audit_fd);
#endif /* WITH_AUDIT */
(void) puts ("");
(void) puts (_("Login incorrect"));
if (failcount >= retries) {
SYSLOG ((LOG_NOTICE,
"TOO MANY LOGIN TRIES (%u)%s FOR '%s'",
failcount, fromhost, failent_user));
fprintf(stderr,
_("Maximum number of tries exceeded (%u)\n"),
failcount);
PAM_END;
exit(0);
}
/*
* Let's give it another go around.
* Even if a username was given on the command
* line, prompt again for the username.
*/
retcode = pam_set_item (pamh, PAM_USER, NULL);
PAM_FAIL_CHECK;
}
/* We don't get here unless they were authenticated above */
(void) alarm (0);
}
/* Check the account validity */
retcode = pam_acct_mgmt (pamh, 0);
if (retcode == PAM_NEW_AUTHTOK_REQD) {
retcode = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
}
PAM_FAIL_CHECK;
/* Open the PAM session */
get_pam_user (&pam_user);
retcode = pam_open_session (pamh, hushed (pam_user) ? PAM_SILENT : 0);
PAM_FAIL_CHECK;
/* Grab the user information out of the password file for future usage
* First get the username that we are actually using, though.
*
* From now on, we will discard changes of the user (PAM_USER) by
* PAM APIs.
*/
get_pam_user (&pam_user);
if (NULL != username) {
free (username);
}
username = pam_user;
failent_user = get_failent_user (username);
pwd = xgetpwnam (username);
if (NULL == pwd) {
SYSLOG ((LOG_ERR, "cannot find user %s", failent_user));
exit (1);
}
/* This set up the process credential (group) and initialize the
* supplementary group access list.
* This has to be done before pam_setcred
*/
if (setup_groups (pwd) != 0) {
exit (1);
}
retcode = pam_setcred (pamh, PAM_ESTABLISH_CRED);
PAM_FAIL_CHECK;
/* NOTE: If pam_setcred changes PAM_USER, this will not be taken
* into account.
*/
#else /* ! USE_PAM */
while (true) { /* repeatedly get login/password pairs */
/* user_passwd is always a pointer to this constant string
* or a passwd or shadow password that will be memzero by
* pw_free / spw_free.
* Do not free() user_passwd. */
const char *user_passwd = "!";
/* Do some cleanup to avoid keeping entries we do not need
* anymore. */
if (NULL != pwd) {
pw_free (pwd);
pwd = NULL;
}
if (NULL != spwd) {
spw_free (spwd);
spwd = NULL;
}
failed = false; /* haven't failed authentication yet */
if (NULL == username) { /* need to get a login id */
if (subroot) {
closelog ();
exit (1);
}
preauth_flag = false;
username = xmalloc (USER_NAME_MAX_LENGTH + 1);
username[USER_NAME_MAX_LENGTH] = '\0';
login_prompt (_("\n%s login: "******"!",
* the account is locked and the user cannot
* login, even if they have been
* "pre-authenticated."
*/
if ( ('!' == user_passwd[0])
|| ('*' == user_passwd[0])) {
failed = true;
}
}
if (strcmp (user_passwd, SHADOW_PASSWD_STRING) == 0) {
spwd = xgetspnam (username);
if (NULL != spwd) {
user_passwd = spwd->sp_pwdp;
} else {
/* The user exists in passwd, but not in
* shadow. SHADOW_PASSWD_STRING indicates
* that the password shall be in shadow.
*/
SYSLOG ((LOG_WARN,
"no shadow password for '%s'%s",
username, fromhost));
}
}
/*
* The -r and -f flags provide a name which has already
* been authenticated by some server.
*/
if (preauth_flag) {
goto auth_ok;
}
if (pw_auth (user_passwd, username, reason, (char *) 0) == 0) {
goto auth_ok;
}
SYSLOG ((LOG_WARN, "invalid password for '%s' %s",
failent_user, fromhost));
failed = true;
auth_ok:
/*
* This is the point where all authenticated users wind up.
* If you reach this far, your password has been
* authenticated and so on.
*/
if ( !failed
&& (NULL != pwd)
&& (0 == pwd->pw_uid)
&& !is_console) {
SYSLOG ((LOG_CRIT, "ILLEGAL ROOT LOGIN %s", fromhost));
failed = true;
}
if ( !failed
&& !login_access (username, ('\0' != *hostname) ? hostname : tty)) {
SYSLOG ((LOG_WARN, "LOGIN '%s' REFUSED %s",
username, fromhost));
failed = true;
}
if ( (NULL != pwd)
&& getdef_bool ("FAILLOG_ENAB")
&& !failcheck (pwd->pw_uid, &faillog, failed)) {
SYSLOG ((LOG_CRIT,
"exceeded failure limit for '%s' %s",
username, fromhost));
failed = true;
}
if (!failed) {
break;
}
/* don't log non-existent users */
if ((NULL != pwd) && getdef_bool ("FAILLOG_ENAB")) {
failure (pwd->pw_uid, tty, &faillog);
}
if (getdef_str ("FTMP_FILE") != NULL) {
#ifdef USE_UTMPX
struct utmpx *failent =
prepare_utmpx (failent_user,
tty,
/* FIXME: or fromhost? */hostname,
utent);
#else /* !USE_UTMPX */
struct utmp *failent =
prepare_utmp (failent_user,
tty,
hostname,
utent);
#endif /* !USE_UTMPX */
failtmp (failent_user, failent);
free (failent);
}
retries--;
if (retries <= 0) {
SYSLOG ((LOG_CRIT, "REPEATED login failures%s",
fromhost));
}
/*
* If this was a passwordless account and we get here, login
* was denied (securetty, faillog, etc.). There was no
* password prompt, so do it now (will always fail - the bad
* guys won't see that the passwordless account exists at
* all). --marekm
*/
if (user_passwd[0] == '\0') {
pw_auth ("!", username, reason, (char *) 0);
}
/*
* Authentication of this user failed.
* The username must be confirmed in the next try.
*/
free (username);
username = NULL;
/*
* Wait a while (a la SVR4 /usr/bin/login) before attempting
* to login the user again. If the earlier alarm occurs
* before the sleep() below completes, login will exit.
*/
if (delay > 0) {
(void) sleep (delay);
}
(void) puts (_("Login incorrect"));
/* allow only one attempt with -r or -f */
if (rflg || fflg || (retries <= 0)) {
closelog ();
exit (1);
}
} /* while (true) */
#endif /* ! USE_PAM */
assert (NULL != username);
assert (NULL != pwd);
(void) alarm (0); /* turn off alarm clock */
#ifndef USE_PAM /* PAM does this */
/*
* porttime checks moved here, after the user has been
* authenticated. now prints a message, as suggested
* by Ivan Nejgebauer <*****@*****.**>. --marekm
*/
if ( getdef_bool ("PORTTIME_CHECKS_ENAB")
&& !isttytime (username, tty, time ((time_t *) 0))) {
SYSLOG ((LOG_WARN, "invalid login time for '%s'%s",
username, fromhost));
closelog ();
bad_time_notify ();
exit (1);
}
check_nologin (pwd->pw_uid == 0);
#endif
if (getenv ("IFS")) { /* don't export user IFS ... */
addenv ("IFS= \t\n", NULL); /* ... instead, set a safe IFS */
}
if (pwd->pw_shell[0] == '*') { /* subsystem root */
pwd->pw_shell++; /* skip the '*' */
subsystem (pwd); /* figure out what to execute */
subroot = true; /* say I was here again */
endpwent (); /* close all of the file which were */
endgrent (); /* open in the original rooted file */
endspent (); /* system. they will be re-opened */
#ifdef SHADOWGRP
endsgent (); /* in the new rooted file system */
#endif
goto top; /* go do all this all over again */
}
#ifdef WITH_AUDIT
audit_fd = audit_open ();
audit_log_acct_message (audit_fd,
AUDIT_USER_LOGIN,
NULL, /* Prog. name */
"login",
username,
AUDIT_NO_ID,
hostname,
NULL, /* addr */
tty,
1); /* result */
close (audit_fd);
#endif /* WITH_AUDIT */
#ifndef USE_PAM /* pam_lastlog handles this */
if (getdef_bool ("LASTLOG_ENAB")) { /* give last login and log this one */
dolastlog (&ll, pwd, tty, hostname);
}
#endif
#ifndef USE_PAM /* PAM handles this as well */
/*
* Have to do this while we still have root privileges, otherwise we
* don't have access to /etc/shadow.
*/
if (NULL != spwd) { /* check for age of password */
if (expire (pwd, spwd)) {
/* The user updated her password, get the new
* entries.
* Use the x variants because we need to keep the
* entry for a long time, and there might be other
* getxxyy in between.
*/
pw_free (pwd);
pwd = xgetpwnam (username);
if (NULL == pwd) {
SYSLOG ((LOG_ERR,
"cannot find user %s after update of expired password",
username));
exit (1);
}
spw_free (spwd);
spwd = xgetspnam (username);
}
}
setup_limits (pwd); /* nice, ulimit etc. */
#endif /* ! USE_PAM */
chown_tty (pwd);
#ifdef USE_PAM
/*
* We must fork before setuid() because we need to call
* pam_close_session() as root.
*/
(void) signal (SIGINT, SIG_IGN);
child = fork ();
if (child < 0) {
/* error in fork() */
fprintf (stderr, _("%s: failure forking: %s"),
Prog, strerror (errno));
PAM_END;
exit (0);
} else if (child != 0) {
/*
* parent - wait for child to finish, then cleanup
* session
*/
wait (NULL);
PAM_END;
exit (0);
}
/* child */
#endif
/* If we were init, we need to start a new session */
if (getppid() == 1) {
setsid();
if (ioctl(0, TIOCSCTTY, 1) != 0) {
fprintf (stderr, _("TIOCSCTTY failed on %s"), tty);
}
}
/*
* The utmp entry needs to be updated to indicate the new status
* of the session, the new PID and SID.
*/
update_utmp (username, tty, hostname, utent);
/* The pwd and spwd entries for the user have been copied.
*
* Close all the files so that unauthorized access won't occur.
*/
endpwent (); /* stop access to password file */
endgrent (); /* stop access to group file */
endspent (); /* stop access to shadow passwd file */
#ifdef SHADOWGRP
endsgent (); /* stop access to shadow group file */
#endif
/* Drop root privileges */
#ifndef USE_PAM
if (setup_uid_gid (pwd, is_console))
#else
/* The group privileges were already dropped.
* See setup_groups() above.
*/
if (change_uid (pwd))
#endif
{
exit (1);
}
setup_env (pwd); /* set env vars, cd to the home dir */
#ifdef USE_PAM
{
const char *const *env;
env = (const char *const *) pam_getenvlist (pamh);
while ((NULL != env) && (NULL != *env)) {
addenv (*env, NULL);
env++;
}
}
#endif
(void) setlocale (LC_ALL, "");
(void) bindtextdomain (PACKAGE, LOCALEDIR);
(void) textdomain (PACKAGE);
if (!hushed (username)) {
addenv ("HUSHLOGIN=FALSE", NULL);
/*
* pam_unix, pam_mail and pam_lastlog should take care of
* this
*/
#ifndef USE_PAM
motd (); /* print the message of the day */
if ( getdef_bool ("FAILLOG_ENAB")
&& (0 != faillog.fail_cnt)) {
failprint (&faillog);
/* Reset the lockout times if logged in */
if ( (0 != faillog.fail_max)
&& (faillog.fail_cnt >= faillog.fail_max)) {
(void) puts (_("Warning: login re-enabled after temporary lockout."));
SYSLOG ((LOG_WARN,
"login '%s' re-enabled after temporary lockout (%d failures)",
username, (int) faillog.fail_cnt));
}
}
if ( getdef_bool ("LASTLOG_ENAB")
&& (ll.ll_time != 0)) {
time_t ll_time = ll.ll_time;
#ifdef HAVE_STRFTIME
(void) strftime (ptime, sizeof (ptime),
"%a %b %e %H:%M:%S %z %Y",
localtime (&ll_time));
printf (_("Last login: %s on %s"),
ptime, ll.ll_line);
#else
printf (_("Last login: %.19s on %s"),
ctime (&ll_time), ll.ll_line);
#endif
#ifdef HAVE_LL_HOST /* __linux__ || SUN4 */
if ('\0' != ll.ll_host[0]) {
printf (_(" from %.*s"),
(int) sizeof ll.ll_host, ll.ll_host);
}
#endif
printf (".\n");
}
agecheck (spwd);
mailcheck (); /* report on the status of mail */
#endif /* !USE_PAM */
} else {
addenv ("HUSHLOGIN=TRUE", NULL);
}
ttytype (tty);
(void) signal (SIGQUIT, SIG_DFL); /* default quit signal */
(void) signal (SIGTERM, SIG_DFL); /* default terminate signal */
(void) signal (SIGALRM, SIG_DFL); /* default alarm signal */
(void) signal (SIGHUP, SIG_DFL); /* added this. --marekm */
(void) signal (SIGINT, SIG_DFL); /* default interrupt signal */
if (0 == pwd->pw_uid) {
SYSLOG ((LOG_NOTICE, "ROOT LOGIN %s", fromhost));
} else if (getdef_bool ("LOG_OK_LOGINS")) {
SYSLOG ((LOG_INFO, "'%s' logged in %s", username, fromhost));
}
closelog ();
tmp = getdef_str ("FAKE_SHELL");
if (NULL != tmp) {
err = shell (tmp, pwd->pw_shell, newenvp); /* fake shell */
} else {
/* exec the shell finally */
err = shell (pwd->pw_shell, (char *) 0, newenvp);
}
return ((err == ENOENT) ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
}
static Bool
StartClient (
struct verify_info *verify,
struct display *d,
int *pidp,
char *name,
char *passwd)
{
char **f, *home;
char *failsafeArgv[2];
int pid;
#ifdef HAS_SETUSERCONTEXT
struct passwd* pwd;
#endif
#ifdef USE_PAM
pam_handle_t *pamh = thepamh();
#endif
if (verify->argv) {
Debug ("StartSession %s: ", verify->argv[0]);
for (f = verify->argv; *f; f++)
Debug ("%s ", *f);
Debug ("; ");
}
if (verify->userEnviron) {
for (f = verify->userEnviron; *f; f++)
Debug ("%s ", *f);
Debug ("\n");
}
#ifdef USE_PAM
if (pamh) pam_open_session(pamh, 0);
#endif
switch (pid = fork ()) {
case 0:
CleanUpChild ();
#ifdef XDMCP
/* The chooser socket is not closed by CleanUpChild() */
DestroyWellKnownSockets();
#endif
/* Do system-dependent login setup here */
#ifdef USE_PAM
/* pass in environment variables set by libpam and modules it called */
if (pamh) {
long i;
char **pam_env = pam_getenvlist(pamh);
for(i = 0; pam_env && pam_env[i]; i++) {
verify->userEnviron = putEnv(pam_env[i], verify->userEnviron);
}
}
#endif
#ifndef AIXV3
#ifndef HAS_SETUSERCONTEXT
if (setgid(verify->gid) < 0)
{
LogError("setgid %d (user \"%s\") failed, errno=%d\n",
verify->gid, name, errno);
return (0);
}
#if defined(BSD) && (BSD >= 199103)
if (setlogin(name) < 0)
{
LogError("setlogin for \"%s\" failed, errno=%d", name, errno);
return(0);
}
#endif
#ifndef QNX4
if (initgroups(name, verify->gid) < 0)
{
LogError("initgroups for \"%s\" failed, errno=%d\n", name, errno);
return (0);
}
#endif /* QNX4 doesn't support multi-groups, no initgroups() */
#ifdef USE_PAM
if (thepamh()) {
pam_setcred(thepamh(), PAM_ESTABLISH_CRED);
}
#endif
if (setuid(verify->uid) < 0)
{
LogError("setuid %d (user \"%s\") failed, errno=%d\n",
verify->uid, name, errno);
return (0);
}
#else /* HAS_SETUSERCONTEXT */
/*
* Set the user's credentials: uid, gid, groups,
* environment variables, resource limits, and umask.
*/
pwd = getpwnam(name);
if (pwd)
{
if (setusercontext(NULL, pwd, pwd->pw_uid, LOGIN_SETALL) < 0)
{
LogError("setusercontext for \"%s\" failed, errno=%d\n", name,
errno);
return (0);
}
endpwent();
}
else
{
LogError("getpwnam for \"%s\" failed, errno=%d\n", name, errno);
return (0);
}
#endif /* HAS_SETUSERCONTEXT */
#else /* AIXV3 */
/*
* Set the user's credentials: uid, gid, groups,
* audit classes, user limits, and umask.
*/
if (setpcred(name, NULL) == -1)
{
LogError("setpcred for \"%s\" failed, errno=%d\n", name, errno);
return (0);
}
#endif /* AIXV3 */
/*
* for user-based authorization schemes,
* use the password to get the user's credentials.
*/
#ifdef SECURE_RPC
/* do like "keylogin" program */
{
char netname[MAXNETNAMELEN+1], secretkey[HEXKEYBYTES+1];
int nameret, keyret;
int len;
int key_set_ok = 0;
nameret = getnetname (netname);
Debug ("User netname: %s\n", netname);
len = strlen (passwd);
if (len > 8)
bzero (passwd + 8, len - 8);
keyret = getsecretkey(netname,secretkey,passwd);
Debug ("getsecretkey returns %d, key length %d\n",
keyret, strlen (secretkey));
/* is there a key, and do we have the right password? */
if (keyret == 1)
{
if (*secretkey)
{
keyret = key_setsecret(secretkey);
Debug ("key_setsecret returns %d\n", keyret);
if (keyret == -1)
LogError ("failed to set NIS secret key\n");
else
key_set_ok = 1;
}
else
{
/* found a key, but couldn't interpret it */
LogError ("password incorrect for NIS principal \"%s\"\n",
nameret ? netname : name);
}
}
if (!key_set_ok)
{
/* remove SUN-DES-1 from authorizations list */
int i, j;
for (i = 0; i < d->authNum; i++)
{
if (d->authorizations[i]->name_length == 9 &&
memcmp(d->authorizations[i]->name, "SUN-DES-1", 9) == 0)
{
for (j = i+1; j < d->authNum; j++)
d->authorizations[j-1] = d->authorizations[j];
d->authNum--;
break;
}
}
}
bzero(secretkey, strlen(secretkey));
}
#endif
#ifdef K5AUTH
/* do like "kinit" program */
{
int i, j;
int result;
extern char *Krb5CCacheName();
result = Krb5Init(name, passwd, d);
if (result == 0) {
/* point session clients at the Kerberos credentials cache */
verify->userEnviron =
setEnv(verify->userEnviron,
"KRB5CCNAME", Krb5CCacheName(d->name));
} else {
for (i = 0; i < d->authNum; i++)
{
if (d->authorizations[i]->name_length == 14 &&
memcmp(d->authorizations[i]->name, "MIT-KERBEROS-5", 14) == 0)
{
/* remove Kerberos from authorizations list */
for (j = i+1; j < d->authNum; j++)
d->authorizations[j-1] = d->authorizations[j];
d->authNum--;
break;
}
}
}
}
#endif /* K5AUTH */
bzero(passwd, strlen(passwd));
SetUserAuthorization (d, verify);
home = getEnv (verify->userEnviron, "HOME");
if (home)
if (chdir (home) == -1) {
LogError ("user \"%s\": cannot chdir to home \"%s\" (err %d), using \"/\"\n",
getEnv (verify->userEnviron, "USER"), home, errno);
chdir ("/");
verify->userEnviron = setEnv(verify->userEnviron, "HOME", "/");
}
if (verify->argv) {
Debug ("executing session %s\n", verify->argv[0]);
execute (verify->argv, verify->userEnviron);
LogError ("Session \"%s\" execution failed (err %d)\n", verify->argv[0], errno);
} else {
LogError ("Session has no command/arguments\n");
}
failsafeArgv[0] = d->failsafeClient;
failsafeArgv[1] = 0;
execute (failsafeArgv, verify->userEnviron);
exit (1);
case -1:
bzero(passwd, strlen(passwd));
Debug ("StartSession, fork failed\n");
LogError ("can't start session on \"%s\", fork failed, errno=%d\n",
d->name, errno);
return 0;
default:
bzero(passwd, strlen(passwd));
Debug ("StartSession, fork succeeded %d\n", pid);
*pidp = pid;
return 1;
}
}
int
main (int argc,
char **argv)
{
pam_handle_t *pamh = NULL;
const char *auth;
char **env;
int status;
int flags;
int res;
int i;
if (isatty (0))
errx (2, "this command is not meant to be run from the console");
if (argc != 3)
errx (2, "invalid arguments to cockpit-session");
save_environment ();
/* When setuid root, make sure our group is also root */
if (geteuid () == 0)
{
/* Never trust the environment when running setuid() */
if (getuid() != 0)
{
if (clearenv () != 0)
err (1, "couldn't clear environment");
}
/* set a minimal environment */
setenv ("PATH", "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", 1);
if (setgid (0) != 0 || setuid (0) != 0)
err (1, "couldn't switch permissions correctly");
}
/* We should never leak our auth fd to other processes */
flags = fcntl (AUTH_FD, F_GETFD);
if (flags < 0 || fcntl (AUTH_FD, F_SETFD, flags | FD_CLOEXEC))
err (1, "couldn't set auth fd flags");
auth = argv[1];
rhost = argv[2];
signal (SIGALRM, SIG_DFL);
signal (SIGQUIT, SIG_DFL);
signal (SIGTSTP, SIG_IGN);
signal (SIGHUP, SIG_IGN);
signal (SIGPIPE, SIG_IGN);
/* Switch namespaces if we've been requested to do so */
maybe_nsenter ();
if (strcmp (auth, "basic") == 0)
pamh = perform_basic ();
else if (strcmp (auth, "negotiate") == 0)
pamh = perform_gssapi ();
else
errx (2, "unrecognized authentication method: %s", auth);
for (i = 0; env_saved[i] != NULL; i++)
pam_putenv (pamh, env_saved[i]);
env = pam_getenvlist (pamh);
if (env == NULL)
errx (EX, "get pam environment failed");
if (want_session)
{
assert (pwd != NULL);
if (initgroups (pwd->pw_name, pwd->pw_gid) < 0)
err (EX, "%s: can't init groups", pwd->pw_name);
signal (SIGTERM, pass_to_child);
signal (SIGINT, pass_to_child);
signal (SIGQUIT, pass_to_child);
utmp_log (1);
status = fork_session (env);
utmp_log (0);
signal (SIGTERM, SIG_DFL);
signal (SIGINT, SIG_DFL);
signal (SIGQUIT, SIG_DFL);
res = pam_setcred (pamh, PAM_DELETE_CRED);
if (res != PAM_SUCCESS)
err (EX, "%s: couldn't delete creds: %s", pwd->pw_name, pam_strerror (pamh, res));
res = pam_close_session (pamh, 0);
if (res != PAM_SUCCESS)
err (EX, "%s: couldn't close session: %s", pwd->pw_name, pam_strerror (pamh, res));
}
else
{
status = session (env);
}
pam_end (pamh, PAM_SUCCESS);
if (WIFEXITED(status))
exit (WEXITSTATUS(status));
else if (WIFSIGNALED(status))
raise (WTERMSIG(status));
else
exit (127);
}
int
main(void)
{
pam_handle_t *pamh;
struct pam_conv conv = { NULL, NULL };
char **env;
size_t i;
/*
* Skip this test if the native PAM library doesn't support a PAM
* environment, since we "break" pam_putenv to mirror the native behavior
* in that case.
*/
#ifndef HAVE_PAM_GETENV
skip_all("system doesn't support PAM environment");
#endif
plan(33);
/* Basic environment manipulation. */
if (pam_start("test", NULL, &conv, &pamh) != PAM_SUCCESS)
sysbail("Fake PAM initialization failed");
is_int(PAM_BAD_ITEM, pam_putenv(pamh, "TEST"), "delete when NULL");
ok(pam_getenv(pamh, "TEST") == NULL, "getenv when NULL");
env = pam_getenvlist(pamh);
ok(env != NULL, "getenvlist when NULL returns non-NULL");
is_string(NULL, env[0], "...but first element is NULL");
for (i = 0; env[i] != NULL; i++)
free(env[i]);
free(env);
/* putenv and getenv. */
is_int(PAM_SUCCESS, pam_putenv(pamh, "TEST=foo"), "putenv TEST");
is_string("foo", pam_getenv(pamh, "TEST"), "getenv TEST");
is_int(PAM_SUCCESS, pam_putenv(pamh, "FOO=bar"), "putenv FOO");
is_int(PAM_SUCCESS, pam_putenv(pamh, "BAR=baz"), "putenv BAR");
is_string("foo", pam_getenv(pamh, "TEST"), "getenv TEST");
is_string("bar", pam_getenv(pamh, "FOO"), "getenv FOO");
is_string("baz", pam_getenv(pamh, "BAR"), "getenv BAR");
ok(pam_getenv(pamh, "BAZ") == NULL, "getenv BAZ is NULL");
/* Replacing and deleting environment variables. */
is_int(PAM_BAD_ITEM, pam_putenv(pamh, "BAZ"), "putenv nonexistent delete");
is_int(PAM_SUCCESS, pam_putenv(pamh, "FOO=foo"), "putenv replace");
is_int(PAM_SUCCESS, pam_putenv(pamh, "FOON=bar=n"), "putenv prefix");
is_string("foo", pam_getenv(pamh, "FOO"), "getenv FOO");
is_string("bar=n", pam_getenv(pamh, "FOON"), "getenv FOON");
is_int(PAM_BAD_ITEM, pam_putenv(pamh, "FO"), "putenv delete FO");
is_int(PAM_SUCCESS, pam_putenv(pamh, "FOO"), "putenv delete FOO");
ok(pam_getenv(pamh, "FOO") == NULL, "getenv FOO is NULL");
is_string("bar=n", pam_getenv(pamh, "FOON"), "getenv FOON");
is_string("baz", pam_getenv(pamh, "BAR"), "getenv BAR");
/* pam_getenvlist. */
env = pam_getenvlist(pamh);
ok(env != NULL, "getenvlist not NULL");
is_string("TEST=foo", env[0], "getenvlist TEST");
is_string("BAR=baz", env[1], "getenvlist BAR");
is_string("FOON=bar=n", env[2], "getenvlist FOON");
ok(env[3] == NULL, "getenvlist length");
for (i = 0; env[i] != NULL; i++)
free(env[i]);
free(env);
is_int(PAM_SUCCESS, pam_putenv(pamh, "FOO=foo"), "putenv FOO");
is_string("TEST=foo", pamh->environ[0], "pamh environ TEST");
is_string("BAR=baz", pamh->environ[1], "pamh environ BAR");
is_string("FOON=bar=n", pamh->environ[2], "pamh environ FOON");
is_string("FOO=foo", pamh->environ[3], "pamh environ FOO");
ok(pamh->environ[4] == NULL, "pamh environ length");
pam_end(pamh, 0);
return 0;
}
int
main(int argc, char *argv[])
{
char hostname[MAXHOSTNAMELEN];
const char *user, *tty;
const void *item;
char **args, **pam_envlist, **pam_env;
struct passwd *pwd;
int o, pam_err, status;
pid_t pid;
while ((o = getopt(argc, argv, "")) != -1)
switch (o) {
default:
usage();
}
argc -= optind;
argv += optind;
if (argc > 0) {
user = *argv;
--argc;
++argv;
} else {
user = "******";
}
/* initialize PAM */
pamc.conv = &openpam_ttyconv;
pam_start("su", user, &pamc, &pamh);
/* set some items */
gethostname(hostname, sizeof(hostname));
if ((pam_err = pam_set_item(pamh, PAM_RHOST, hostname)) != PAM_SUCCESS)
goto pamerr;
user = getlogin();
if ((pam_err = pam_set_item(pamh, PAM_RUSER, user)) != PAM_SUCCESS)
goto pamerr;
tty = ttyname(STDERR_FILENO);
if ((pam_err = pam_set_item(pamh, PAM_TTY, tty)) != PAM_SUCCESS)
goto pamerr;
/* authenticate the applicant */
if ((pam_err = pam_authenticate(pamh, 0)) != PAM_SUCCESS)
goto pamerr;
if ((pam_err = pam_acct_mgmt(pamh, 0)) == PAM_NEW_AUTHTOK_REQD)
pam_err = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
if (pam_err != PAM_SUCCESS)
goto pamerr;
/* establish the requested credentials */
if ((pam_err = pam_setcred(pamh, PAM_ESTABLISH_CRED)) != PAM_SUCCESS)
goto pamerr;
/* authentication succeeded; open a session */
if ((pam_err = pam_open_session(pamh, 0)) != PAM_SUCCESS)
goto pamerr;
/* get mapped user name; PAM may have changed it */
pam_err = pam_get_item(pamh, PAM_USER, &item);
if (pam_err != PAM_SUCCESS || (pwd = getpwnam(user = item)) == NULL)
goto pamerr;
/* export PAM environment */
if ((pam_envlist = pam_getenvlist(pamh)) != NULL) {
for (pam_env = pam_envlist; *pam_env != NULL; ++pam_env) {
putenv(*pam_env);
free(*pam_env);
}
free(pam_envlist);
}
/* build argument list */
if ((args = calloc(argc + 2, sizeof *args)) == NULL) {
warn("calloc()");
goto err;
}
*args = pwd->pw_shell;
memcpy(args + 1, argv, argc * sizeof *args);
/* fork and exec */
switch ((pid = fork())) {
case -1:
warn("fork()");
goto err;
case 0:
/* child: give up privs and start a shell */
/* set uid and groups */
if (initgroups(pwd->pw_name, pwd->pw_gid) == -1) {
warn("initgroups()");
_exit(1);
}
if (setgid(pwd->pw_gid) == -1) {
warn("setgid()");
_exit(1);
}
if (setuid(pwd->pw_uid) == -1) {
warn("setuid()");
_exit(1);
}
execve(*args, args, environ);
warn("execve()");
_exit(1);
default:
/* parent: wait for child to exit */
waitpid(pid, &status, 0);
/* close the session and release PAM resources */
pam_err = pam_close_session(pamh, 0);
pam_end(pamh, pam_err);
exit(WEXITSTATUS(status));
}
pamerr:
fprintf(stderr, "Sorry\n");
err:
pam_end(pamh, pam_err);
exit(1);
}
int
main (int argc,
char **argv)
{
pam_handle_t *pamh = NULL;
struct passwd *pw;
const char *auth;
int status;
int flags;
int res;
if (isatty (0))
errx (2, "this command is not meant to be run from the console");
if (argc != 3)
errx (2, "invalid arguments to cockpit-session");
/* When setuid root, make sure our group is also root */
if (geteuid () == 0)
{
/* Never trust the environment when running setuid() */
if (getuid() != 0)
{
if (clearenv () != 0)
err (1, "couldn't clear environment");
/* set a minimal environment */
setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
}
if (setgid (0) != 0 || setuid (0) != 0)
err (1, "couldn't switch permissions correctly");
}
/* We should never leak our auth fd to other processes */
flags = fcntl (AUTH_FD, F_GETFD);
if (flags < 0 || fcntl (AUTH_FD, F_SETFD, flags | FD_CLOEXEC))
err (1, "couldn't set auth fd flags");
auth = argv[1];
rhost = argv[2];
signal (SIGALRM, SIG_DFL);
signal (SIGQUIT, SIG_DFL);
signal (SIGTSTP, SIG_IGN);
signal (SIGHUP, SIG_IGN);
signal (SIGPIPE, SIG_IGN);
snprintf (line, UT_LINESIZE, "cockpit-%d", getpid ());
line[UT_LINESIZE] = '\0';
if (strcmp (auth, "basic") == 0)
pamh = perform_basic ();
else if (strcmp (auth, "negotiate") == 0)
pamh = perform_gssapi ();
else
errx (2, "unrecognized authentication method: %s", auth);
if (want_session)
{
/* Let the G_MESSAGES_DEBUG leak through from parent as a default */
transfer_pam_env (pamh, "G_DEBUG", "G_MESSAGES_DEBUG", NULL);
env = pam_getenvlist (pamh);
if (env == NULL)
errx (EX, "get pam environment failed");
pw = getpwnam (user);
if (pw == NULL)
errx (EX, "%s: invalid user", user);
if (initgroups (user, pw->pw_gid) < 0)
err (EX, "%s: can't init groups", user);
signal (SIGTERM, pass_to_child);
signal (SIGINT, pass_to_child);
signal (SIGQUIT, pass_to_child);
utmp_log (1);
status = fork_session (pw, session);
utmp_log (0);
signal (SIGTERM, SIG_DFL);
signal (SIGINT, SIG_DFL);
signal (SIGQUIT, SIG_DFL);
res = pam_setcred (pamh, PAM_DELETE_CRED);
if (res != PAM_SUCCESS)
err (EX, "%s: couldn't delete creds: %s", user, pam_strerror (pamh, res));
res = pam_close_session (pamh, 0);
if (res != PAM_SUCCESS)
err (EX, "%s: couldn't close session: %s", user, pam_strerror (pamh, res));
}
else
{
status = session ();
}
pam_end (pamh, PAM_SUCCESS);
if (WIFEXITED(status))
exit (WEXITSTATUS(status));
else if (WIFSIGNALED(status))
raise (WTERMSIG(status));
else
exit (127);
}
int
main(int argc, char **argv)
{
#ifdef HAVE_LIBPAM
int retcode = 0;
const char * const * env;
#endif
#ifdef USE_SETE_ID
struct passwd *pass;
#endif
memset(buf, 0, sizeof(buf));
memset(file, 0, sizeof(file));
if (strrchr(argv[0],'/')==NULL) prog_name = argv[0];
else prog_name = strrchr(argv[0],'/')+1;
uid = getuid();
/* get current dir */
if ( getcwd(orig_dir, sizeof(orig_dir)) == NULL )
die_e("getcwd");
/* interpret command line options */
parseopt(argc, argv);
#ifdef USE_SETE_ID
if ( ! (pass = getpwnam(USERNAME)) )
die("user \"%s\" is not in passwd file. Aborting.", USERNAME);
fcrontab_uid = pass->pw_uid;
fcrontab_gid = pass->pw_gid;
#ifdef HAVE_LIBPAM
/* Open PAM session for the user and obtain any security
credentials we might need */
debug("username: %s", user);
retcode = pam_start("fcrontab", user, &apamconv, &pamh);
if (retcode != PAM_SUCCESS) die_pame(pamh, retcode, "Could not start PAM");
retcode = pam_authenticate(pamh, 0); /* is user really user? */
if (retcode != PAM_SUCCESS)
die_pame(pamh, retcode, "Could not authenticate user using PAM (%d)", retcode);
retcode = pam_acct_mgmt(pamh, 0); /* permitted access? */
if (retcode != PAM_SUCCESS)
die_pame(pamh, retcode, "Could not init PAM account management (%d)", retcode);
retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED);
if (retcode != PAM_SUCCESS) die_pame(pamh, retcode, "Could not set PAM credentials");
retcode = pam_open_session(pamh, 0);
if (retcode != PAM_SUCCESS) die_pame(pamh, retcode, "Could not open PAM session");
env = (const char * const *) pam_getenvlist(pamh);
while (env && *env) {
if (putenv((char*) *env)) die_e("Could not copy PAM environment");
env++;
}
/* Close the log here, because PAM calls openlog(3) and
our log messages could go to the wrong facility */
xcloselog();
#endif /* USE_PAM */
if (uid != fcrontab_uid)
if (seteuid(fcrontab_uid) != 0)
die_e("Couldn't change euid to fcrontab_uid[%d]",fcrontab_uid);
/* change directory */
if (chdir(fcrontabs) != 0) {
error_e("Could not chdir to %s", fcrontabs);
xexit (EXIT_ERR);
}
/* get user's permissions */
if (seteuid(uid) != 0)
die_e("Could not change euid to %d", uid);
if (setegid(fcrontab_gid) != 0)
die_e("Could not change egid to " GROUPNAME "[%d]", fcrontab_gid);
#else /* USE_SETE_ID */
if (setuid(ROOTUID) != 0 )
die_e("Could not change uid to ROOTUID");
if (setgid(ROOTGID) != 0)
die_e("Could not change gid to ROOTGID");
/* change directory */
if (chdir(fcrontabs) != 0) {
error_e("Could not chdir to %s", fcrontabs);
xexit (EXIT_ERR);
}
#endif /* USE_SETE_ID */
/* this program is seteuid : we set default permission mode
* to 640 for a normal user, 600 for root, for security reasons */
if ( asuid == ROOTUID )
umask(066); /* octal : '0' + number in octal notation */
else
umask(026);
snprintf(buf, sizeof(buf), "%s.orig", user);
/* determine what action should be taken */
if ( file_opt ) {
if ( strcmp(argv[file_opt], "-") == 0 )
xexit(install_stdin());
else {
if ( *argv[file_opt] != '/' )
/* this is just the file name, not the path : complete it */
snprintf(file, sizeof(file), "%s/%s", orig_dir, argv[file_opt]);
else {
strncpy(file, argv[file_opt], sizeof(file) - 1);
file[sizeof(file)-1] = '\0';
}
if (make_file(file) == OK)
xexit(EXIT_OK);
else
xexit(EXIT_ERR);
}
}
/* remove user's entries */
if ( rm_opt == 1 ) {
if ( remove_fcrontab(1) == ENOENT )
fprintf(stderr, "no fcrontab for %s\n", user);
xexit (EXIT_OK);
}
/* list user's entries */
if ( list_opt == 1 ) {
list_file(buf);
xexit(EXIT_OK);
}
/* edit user's entries */
if ( edit_opt == 1 ) {
edit_file(buf);
xexit(EXIT_OK);
}
/* reinstall user's entries */
if ( reinstall_opt == 1 ) {
reinstall(buf);
xexit(EXIT_OK);
}
/* never reached */
return EXIT_OK;
}
