Commit | Line | Data |
---|---|---|
22d4760e | 1 | #ifndef lint |
6821e9c5 | 2 | static char *sccsid = "@(#)login.c 4.35 (Berkeley) 85/01/08"; |
22d4760e SL |
3 | #endif |
4 | ||
88a01c09 BJ |
5 | /* |
6 | * login [ name ] | |
3b8dd95e SL |
7 | * login -r hostname (for rlogind) |
8 | * login -h hostname (for telnetd, etc.) | |
88a01c09 BJ |
9 | */ |
10 | ||
7a625b73 | 11 | #include <sys/param.h> |
3b8dd95e SL |
12 | #include <sys/quota.h> |
13 | #include <sys/stat.h> | |
14 | #include <sys/time.h> | |
15 | #include <sys/resource.h> | |
9479aa87 | 16 | #include <sys/file.h> |
3b8dd95e | 17 | |
88a01c09 BJ |
18 | #include <sgtty.h> |
19 | #include <utmp.h> | |
20 | #include <signal.h> | |
21 | #include <pwd.h> | |
22 | #include <stdio.h> | |
88a01c09 | 23 | #include <lastlog.h> |
22d4760e | 24 | #include <errno.h> |
9479aa87 BJ |
25 | #include <ttyent.h> |
26 | #include <syslog.h> | |
f570e1ff | 27 | |
9479aa87 | 28 | #define SCMPN(a, b) strncmp(a, b, sizeof(a)) |
f570e1ff | 29 | #define SCPYN(a, b) strncpy(a, b, sizeof(a)) |
88a01c09 | 30 | |
b4389814 | 31 | #define NMAX sizeof(utmp.ut_name) |
88a01c09 | 32 | |
f570e1ff BJ |
33 | #define FALSE 0 |
34 | #define TRUE -1 | |
35 | ||
36 | char nolog[] = "/etc/nologin"; | |
37 | char qlog[] = ".hushlogin"; | |
88a01c09 BJ |
38 | char maildir[30] = "/usr/spool/mail/"; |
39 | char lastlog[] = "/usr/adm/lastlog"; | |
3479a16a | 40 | struct passwd nouser = {"", "nope", -1, -1, -1, "", "", "", "" }; |
88a01c09 BJ |
41 | struct sgttyb ttyb; |
42 | struct utmp utmp; | |
43 | char minusnam[16] = "-"; | |
3b8dd95e SL |
44 | /* |
45 | * This bounds the time given to login. We initialize it here | |
46 | * so it can be patched on machines where it's too small. | |
47 | */ | |
48 | int timeout = 60; | |
86eb6c9e | 49 | |
88a01c09 BJ |
50 | char homedir[64] = "HOME="; |
51 | char shell[64] = "SHELL="; | |
52 | char term[64] = "TERM="; | |
f570e1ff | 53 | char user[20] = "USER="; |
86eb6c9e BJ |
54 | |
55 | char *envinit[] = | |
3b8dd95e | 56 | { homedir, shell, "PATH=:/usr/ucb:/bin:/usr/bin", term, user, 0 }; |
88a01c09 | 57 | |
86eb6c9e | 58 | struct passwd *pwd; |
86eb6c9e | 59 | char *strcat(), *rindex(), *index(); |
3b8dd95e | 60 | int timedout(); |
88a01c09 BJ |
61 | char *ttyname(); |
62 | char *crypt(); | |
63 | char *getpass(); | |
88a01c09 BJ |
64 | char *stypeof(); |
65 | extern char **environ; | |
22d4760e | 66 | extern int errno; |
88a01c09 | 67 | |
714accc5 SL |
68 | struct tchars tc = { |
69 | CINTR, CQUIT, CSTART, CSTOP, CEOT, CBRK | |
70 | }; | |
71 | struct ltchars ltc = { | |
72 | CSUSP, CDSUSP, CRPRNT, CFLUSH, CWERASE, CLNEXT | |
841d84b0 BJ |
73 | }; |
74 | ||
86eb6c9e | 75 | int rflag; |
b4389814 | 76 | char rusername[NMAX+1], lusername[NMAX+1]; |
86eb6c9e | 77 | char rpassword[NMAX+1]; |
e5321f7b | 78 | char name[NMAX+1]; |
b4389814 | 79 | char *rhost; |
86eb6c9e | 80 | |
88a01c09 | 81 | main(argc, argv) |
3b8dd95e | 82 | char *argv[]; |
88a01c09 BJ |
83 | { |
84 | register char *namep; | |
9479aa87 | 85 | int t, f, c; |
3b8dd95e | 86 | int invalid, quietlog; |
f570e1ff | 87 | FILE *nlfd; |
9479aa87 | 88 | char *ttyn, *tty; |
b4389814 | 89 | int ldisc = 0, zero = 0; |
88a01c09 | 90 | |
3b8dd95e SL |
91 | signal(SIGALRM, timedout); |
92 | alarm(timeout); | |
88a01c09 BJ |
93 | signal(SIGQUIT, SIG_IGN); |
94 | signal(SIGINT, SIG_IGN); | |
3b8dd95e | 95 | setpriority(PRIO_PROCESS, 0, 0); |
22d4760e | 96 | quota(Q_SETUID, 0, 0, 0); |
3b8dd95e SL |
97 | /* |
98 | * -r is used by rlogind to cause the autologin protocol; | |
99 | * -h is used by other servers to pass the name of the | |
100 | * remote host to login so that it may be placed in utmp and wtmp | |
101 | */ | |
102 | if (argc > 1) { | |
103 | if (strcmp(argv[1], "-r") == 0) { | |
104 | rflag = doremotelogin(argv[2]); | |
105 | SCPYN(utmp.ut_host, argv[2]); | |
106 | argc = 0; | |
b4389814 | 107 | } |
3b8dd95e SL |
108 | if (strcmp(argv[1], "-h") == 0 && getuid() == 0) { |
109 | SCPYN(utmp.ut_host, argv[2]); | |
110 | argc = 0; | |
b4389814 | 111 | } |
86eb6c9e | 112 | } |
714accc5 | 113 | ioctl(0, TIOCLSET, &zero); |
c95ed2b2 | 114 | ioctl(0, TIOCNXCL, 0); |
4f8d3876 BJ |
115 | ioctl(0, FIONBIO, &zero); |
116 | ioctl(0, FIOASYNC, &zero); | |
714accc5 | 117 | ioctl(0, TIOCGETP, &ttyb); |
3b8dd95e SL |
118 | /* |
119 | * If talking to an rlogin process, | |
120 | * propagate the terminal type and | |
121 | * baud rate across the network. | |
122 | */ | |
123 | if (rflag) | |
124 | doremoteterm(term, &ttyb); | |
714accc5 SL |
125 | ioctl(0, TIOCSLTC, <c); |
126 | ioctl(0, TIOCSETC, &tc); | |
127 | ioctl(0, TIOCSETP, &ttyb); | |
3b8dd95e | 128 | for (t = getdtablesize(); t > 3; t--) |
88a01c09 BJ |
129 | close(t); |
130 | ttyn = ttyname(0); | |
9479aa87 | 131 | if (ttyn == (char *)0) |
88a01c09 | 132 | ttyn = "/dev/tty??"; |
9479aa87 BJ |
133 | tty = rindex(ttyn, '/'); |
134 | if (tty == NULL) | |
135 | tty = ttyn; | |
136 | else | |
137 | tty++; | |
138 | openlog("login", 0, 0); | |
139 | t = 0; | |
f570e1ff BJ |
140 | do { |
141 | ldisc = 0; | |
c95ed2b2 | 142 | ioctl(0, TIOCSETD, &ldisc); |
f570e1ff BJ |
143 | invalid = FALSE; |
144 | SCPYN(utmp.ut_name, ""); | |
3b8dd95e SL |
145 | /* |
146 | * Name specified, take it. | |
147 | */ | |
148 | if (argc > 1) { | |
f570e1ff BJ |
149 | SCPYN(utmp.ut_name, argv[1]); |
150 | argc = 0; | |
151 | } | |
3b8dd95e SL |
152 | /* |
153 | * If remote login take given name, | |
154 | * otherwise prompt user for something. | |
155 | */ | |
4f8d3876 | 156 | if (rflag) { |
3479a16a | 157 | SCPYN(utmp.ut_name, lusername); |
3b8dd95e | 158 | /* autologin failed, prompt for passwd */ |
4f8d3876 BJ |
159 | if (rflag == -1) |
160 | rflag = 0; | |
4cf9fc9e | 161 | } else |
3b8dd95e | 162 | getloginname(&utmp); |
f570e1ff BJ |
163 | if (!strcmp(pwd->pw_shell, "/bin/csh")) { |
164 | ldisc = NTTYDISC; | |
165 | ioctl(0, TIOCSETD, &ldisc); | |
166 | } | |
3b8dd95e SL |
167 | /* |
168 | * If no remote login authentication and | |
169 | * a password exists for this user, prompt | |
170 | * for one and verify it. | |
171 | */ | |
172 | if (!rflag && *pwd->pw_passwd != '\0') { | |
173 | char *pp; | |
174 | ||
175 | setpriority(PRIO_PROCESS, 0, -4); | |
176 | pp = getpass("Password:"); | |
177 | namep = crypt(pp, pwd->pw_passwd); | |
178 | setpriority(PRIO_PROCESS, 0, 0); | |
179 | if (strcmp(namep, pwd->pw_passwd)) | |
180 | invalid = TRUE; | |
f570e1ff | 181 | } |
3b8dd95e SL |
182 | /* |
183 | * If user not super-user, check for logins disabled. | |
184 | */ | |
f570e1ff | 185 | if (pwd->pw_uid != 0 && (nlfd = fopen(nolog, "r")) > 0) { |
f570e1ff BJ |
186 | while ((c = getc(nlfd)) != EOF) |
187 | putchar(c); | |
188 | fflush(stdout); | |
189 | sleep(5); | |
190 | exit(0); | |
191 | } | |
3b8dd95e SL |
192 | /* |
193 | * If valid so far and root is logging in, | |
194 | * see if root logins on this terminal are permitted. | |
195 | */ | |
9479aa87 BJ |
196 | if (!invalid && pwd->pw_uid == 0 && !rootterm(tty)) { |
197 | syslog(LOG_INFO, "ROOT LOGIN REFUSED %s", tty); | |
f570e1ff BJ |
198 | invalid = TRUE; |
199 | } | |
200 | if (invalid) { | |
88a01c09 | 201 | printf("Login incorrect\n"); |
9479aa87 BJ |
202 | if (++t >= 5) { |
203 | syslog(LOG_INFO, | |
204 | "REPEATED LOGIN FAILURES %s, %s", | |
205 | tty, utmp.ut_name); | |
206 | ioctl(0, TIOCHPCL, (struct sgttyb *) 0); | |
207 | close(0); | |
208 | close(1); | |
209 | close(2); | |
210 | sleep(10); | |
211 | exit(1); | |
212 | } | |
88a01c09 | 213 | } |
f570e1ff BJ |
214 | if (*pwd->pw_shell == '\0') |
215 | pwd->pw_shell = "/bin/sh"; | |
f570e1ff BJ |
216 | if (chdir(pwd->pw_dir) < 0 && !invalid ) { |
217 | if (chdir("/") < 0) { | |
218 | printf("No directory!\n"); | |
219 | invalid = TRUE; | |
220 | } else { | |
3b8dd95e SL |
221 | printf("No directory! %s\n", |
222 | "Logging in with home=/"); | |
f570e1ff BJ |
223 | pwd->pw_dir = "/"; |
224 | } | |
88a01c09 | 225 | } |
3b8dd95e SL |
226 | /* |
227 | * Remote login invalid must have been because | |
228 | * of a restriction of some sort, no extra chances. | |
229 | */ | |
86eb6c9e BJ |
230 | if (rflag && invalid) |
231 | exit(1); | |
f570e1ff | 232 | } while (invalid); |
3b8dd95e SL |
233 | /* committed to login turn off timeout */ |
234 | alarm(0); | |
88a01c09 | 235 | |
22d4760e SL |
236 | if (quota(Q_SETUID, pwd->pw_uid, 0, 0) < 0) { |
237 | if (errno == EUSERS) | |
238 | printf("%s.\n%s.\n", | |
239 | "Too many users logged on already", | |
240 | "Try again later"); | |
241 | else if (errno == EPROCLIM) | |
242 | printf("You have too many processes running.\n"); | |
243 | else | |
6821e9c5 | 244 | perror("quota (Q_SETUID)"); |
22d4760e SL |
245 | sleep(5); |
246 | exit(0); | |
247 | } | |
88a01c09 BJ |
248 | time(&utmp.ut_time); |
249 | t = ttyslot(); | |
9479aa87 | 250 | if (t > 0 && (f = open("/etc/utmp", O_WRONLY)) >= 0) { |
88a01c09 | 251 | lseek(f, (long)(t*sizeof(utmp)), 0); |
9479aa87 | 252 | SCPYN(utmp.ut_line, tty); |
88a01c09 BJ |
253 | write(f, (char *)&utmp, sizeof(utmp)); |
254 | close(f); | |
255 | } | |
9479aa87 | 256 | if ((f = open("/usr/adm/wtmp", O_WRONLY|O_APPEND)) >= 0) { |
88a01c09 BJ |
257 | write(f, (char *)&utmp, sizeof(utmp)); |
258 | close(f); | |
259 | } | |
9479aa87 BJ |
260 | quietlog = access(qlog, F_OK) == 0; |
261 | if ((f = open(lastlog, O_RDWR)) >= 0) { | |
f570e1ff BJ |
262 | struct lastlog ll; |
263 | ||
264 | lseek(f, (long)pwd->pw_uid * sizeof (struct lastlog), 0); | |
265 | if (read(f, (char *) &ll, sizeof ll) == sizeof ll && | |
3b8dd95e SL |
266 | ll.ll_time != 0 && !quietlog) { |
267 | printf("Last login: %.*s ", | |
268 | 24-5, (char *)ctime(&ll.ll_time)); | |
269 | if (*ll.ll_host != '\0') | |
270 | printf("from %.*s\n", | |
271 | sizeof (ll.ll_host), ll.ll_host); | |
272 | else | |
273 | printf("on %.*s\n", | |
274 | sizeof (ll.ll_line), ll.ll_line); | |
f570e1ff BJ |
275 | } |
276 | lseek(f, (long)pwd->pw_uid * sizeof (struct lastlog), 0); | |
277 | time(&ll.ll_time); | |
9479aa87 | 278 | SCPYN(ll.ll_line, tty); |
3b8dd95e | 279 | SCPYN(ll.ll_host, utmp.ut_host); |
f570e1ff BJ |
280 | write(f, (char *) &ll, sizeof ll); |
281 | close(f); | |
282 | } | |
88a01c09 | 283 | chown(ttyn, pwd->pw_uid, pwd->pw_gid); |
3479a16a | 284 | chmod(ttyn, 0622); |
88a01c09 | 285 | setgid(pwd->pw_gid); |
e5321f7b KM |
286 | strncpy(name, utmp.ut_name, NMAX); |
287 | name[NMAX] = '\0'; | |
b1198826 | 288 | initgroups(name, pwd->pw_gid); |
22d4760e | 289 | quota(Q_DOWARN, pwd->pw_uid, (dev_t)-1, 0); |
88a01c09 | 290 | setuid(pwd->pw_uid); |
88a01c09 BJ |
291 | environ = envinit; |
292 | strncat(homedir, pwd->pw_dir, sizeof(homedir)-6); | |
293 | strncat(shell, pwd->pw_shell, sizeof(shell)-7); | |
6821e9c5 | 294 | if (term[sizeof("TERM=")-1] == 0) |
9479aa87 | 295 | strncat(term, stypeof(tty), sizeof(term)-6); |
f570e1ff | 296 | strncat(user, pwd->pw_name, sizeof(user)-6); |
88a01c09 BJ |
297 | if ((namep = rindex(pwd->pw_shell, '/')) == NULL) |
298 | namep = pwd->pw_shell; | |
299 | else | |
300 | namep++; | |
301 | strcat(minusnam, namep); | |
9479aa87 BJ |
302 | if (tty[sizeof("tty")-1] == 'd') |
303 | syslog(LOG_INFO, "DIALUP %s %s", tty, pwd->pw_name); | |
4f8d3876 | 304 | if (!quietlog) { |
6821e9c5 | 305 | struct stat st; |
f570e1ff BJ |
306 | showmotd(); |
307 | strcat(maildir, pwd->pw_name); | |
6821e9c5 S |
308 | if (stat(maildir, &st) == 0 && st.st_size != 0) |
309 | printf("You have %smail.\n", | |
310 | (st.st_mtime > st.st_atime) ? "new" : ""); | |
f570e1ff | 311 | } |
3b8dd95e | 312 | signal(SIGALRM, SIG_DFL); |
88a01c09 BJ |
313 | signal(SIGQUIT, SIG_DFL); |
314 | signal(SIGINT, SIG_DFL); | |
5f87416f | 315 | signal(SIGTSTP, SIG_IGN); |
88a01c09 | 316 | execlp(pwd->pw_shell, minusnam, 0); |
f570e1ff | 317 | perror(pwd->pw_shell); |
88a01c09 BJ |
318 | printf("No shell\n"); |
319 | exit(0); | |
320 | } | |
321 | ||
3b8dd95e SL |
322 | getloginname(up) |
323 | register struct utmp *up; | |
324 | { | |
325 | register char *namep; | |
5a786176 | 326 | char c; |
3b8dd95e | 327 | |
3b8dd95e | 328 | while (up->ut_name[0] == '\0') { |
d910ab7f | 329 | namep = up->ut_name; |
5a786176 | 330 | printf("login: "); |
3b8dd95e SL |
331 | while ((c = getchar()) != '\n') { |
332 | if (c == ' ') | |
333 | c = '_'; | |
334 | if (c == EOF) | |
335 | exit(0); | |
336 | if (namep < up->ut_name+NMAX) | |
337 | *namep++ = c; | |
338 | } | |
339 | } | |
d910ab7f EW |
340 | strncpy(lusername, up->ut_name, NMAX); |
341 | lusername[NMAX] = 0; | |
d910ab7f | 342 | if ((pwd = getpwnam(lusername)) == NULL) |
3b8dd95e | 343 | pwd = &nouser; |
3b8dd95e SL |
344 | } |
345 | ||
346 | timedout() | |
347 | { | |
348 | ||
349 | printf("Login timed out after %d seconds\n", timeout); | |
350 | exit(0); | |
351 | } | |
352 | ||
88a01c09 BJ |
353 | int stopmotd; |
354 | catch() | |
355 | { | |
1886582e | 356 | |
88a01c09 BJ |
357 | signal(SIGINT, SIG_IGN); |
358 | stopmotd++; | |
359 | } | |
360 | ||
f570e1ff | 361 | rootterm(tty) |
1886582e | 362 | char *tty; |
f570e1ff | 363 | { |
9479aa87 BJ |
364 | register struct ttyent *t; |
365 | ||
366 | if ((t = getttynam(tty)) != NULL) { | |
367 | if (t->ty_status & TTY_SECURE) | |
368 | return (1); | |
f570e1ff | 369 | } |
9479aa87 | 370 | return (0); |
f570e1ff BJ |
371 | } |
372 | ||
88a01c09 BJ |
373 | showmotd() |
374 | { | |
375 | FILE *mf; | |
376 | register c; | |
377 | ||
378 | signal(SIGINT, catch); | |
9479aa87 | 379 | if ((mf = fopen("/etc/motd", "r")) != NULL) { |
f570e1ff | 380 | while ((c = getc(mf)) != EOF && stopmotd == 0) |
88a01c09 BJ |
381 | putchar(c); |
382 | fclose(mf); | |
383 | } | |
384 | signal(SIGINT, SIG_IGN); | |
385 | } | |
386 | ||
f570e1ff | 387 | #undef UNKNOWN |
88a01c09 BJ |
388 | #define UNKNOWN "su" |
389 | ||
390 | char * | |
391 | stypeof(ttyid) | |
3b8dd95e | 392 | char *ttyid; |
88a01c09 | 393 | { |
9479aa87 | 394 | register struct ttyent *t; |
88a01c09 | 395 | |
9479aa87 | 396 | if (ttyid == NULL || (t = getttynam(ttyid)) == NULL) |
88a01c09 | 397 | return (UNKNOWN); |
9479aa87 | 398 | return (t->ty_type); |
88a01c09 | 399 | } |
86eb6c9e | 400 | |
3b8dd95e SL |
401 | doremotelogin(host) |
402 | char *host; | |
403 | { | |
404 | FILE *hostf; | |
405 | int first = 1; | |
406 | ||
407 | getstr(rusername, sizeof (rusername), "remuser"); | |
408 | getstr(lusername, sizeof (lusername), "locuser"); | |
409 | getstr(term+5, sizeof(term)-5, "Terminal type"); | |
4cf9fc9e SL |
410 | if (getuid()) { |
411 | pwd = &nouser; | |
3b8dd95e | 412 | goto bad; |
4cf9fc9e | 413 | } |
3b8dd95e | 414 | pwd = getpwnam(lusername); |
4cf9fc9e SL |
415 | if (pwd == NULL) { |
416 | pwd = &nouser; | |
3b8dd95e | 417 | goto bad; |
4cf9fc9e | 418 | } |
3b8dd95e SL |
419 | hostf = pwd->pw_uid ? fopen("/etc/hosts.equiv", "r") : 0; |
420 | again: | |
421 | if (hostf) { | |
422 | char ahost[32]; | |
423 | ||
424 | while (fgets(ahost, sizeof (ahost), hostf)) { | |
425 | char *user; | |
426 | ||
427 | if ((user = index(ahost, '\n')) != 0) | |
428 | *user++ = '\0'; | |
429 | if ((user = index(ahost, ' ')) != 0) | |
430 | *user++ = '\0'; | |
431 | if (!strcmp(host, ahost) && | |
432 | !strcmp(rusername, user ? user : lusername)) { | |
433 | fclose(hostf); | |
434 | return (1); | |
435 | } | |
436 | } | |
437 | fclose(hostf); | |
438 | } | |
439 | if (first == 1) { | |
440 | char *rhosts = ".rhosts"; | |
441 | struct stat sbuf; | |
442 | ||
443 | first = 0; | |
444 | if (chdir(pwd->pw_dir) < 0) | |
445 | goto again; | |
446 | if (lstat(rhosts, &sbuf) < 0) | |
447 | goto again; | |
448 | if ((sbuf.st_mode & S_IFMT) == S_IFLNK) { | |
449 | printf("login: .rhosts is a soft link.\r\n"); | |
450 | goto bad; | |
451 | } | |
452 | hostf = fopen(rhosts, "r"); | |
453 | fstat(fileno(hostf), &sbuf); | |
454 | if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid) { | |
455 | printf("login: Bad .rhosts ownership.\r\n"); | |
456 | fclose(hostf); | |
457 | goto bad; | |
458 | } | |
459 | goto again; | |
460 | } | |
461 | bad: | |
462 | return (-1); | |
463 | } | |
464 | ||
86eb6c9e BJ |
465 | getstr(buf, cnt, err) |
466 | char *buf; | |
467 | int cnt; | |
468 | char *err; | |
469 | { | |
470 | char c; | |
471 | ||
472 | do { | |
473 | if (read(0, &c, 1) != 1) | |
474 | exit(1); | |
475 | if (--cnt < 0) { | |
476 | printf("%s too long\r\n", err); | |
477 | exit(1); | |
478 | } | |
479 | *buf++ = c; | |
480 | } while (c != 0); | |
481 | } | |
4f8d3876 | 482 | |
3b8dd95e SL |
483 | char *speeds[] = |
484 | { "0", "50", "75", "110", "134", "150", "200", "300", | |
485 | "600", "1200", "1800", "2400", "4800", "9600", "19200", "38400" }; | |
486 | #define NSPEEDS (sizeof (speeds) / sizeof (speeds[0])) | |
487 | ||
488 | doremoteterm(term, tp) | |
489 | char *term; | |
490 | struct sgttyb *tp; | |
491 | { | |
492 | char *cp = index(term, '/'); | |
493 | register int i; | |
494 | ||
495 | if (cp) { | |
496 | *cp++ = 0; | |
497 | for (i = 0; i < NSPEEDS; i++) | |
498 | if (!strcmp(speeds[i], cp)) { | |
499 | tp->sg_ispeed = tp->sg_ospeed = i; | |
500 | break; | |
501 | } | |
502 | } | |
503 | tp->sg_flags = ECHO|CRMOD|ANYP|XTABS; | |
504 | } |