[unix-history] / usr / src / usr.bin / login / login.c.1

/*
 * Copyright (c) 1980, 1987 Regents of the University of California.
 * All rights reserved.  The Berkeley software License Agreement
 * specifies the terms and conditions for redistribution.
 */

#ifndef lint
char copyright[] =
"@(#) Copyright (c) 1980 Regents of the University of California.\n\
 All rights reserved.\n";
#endif not lint

#ifndef lint
static char sccsid[] = "@(#)login.c.1	5.24 (Berkeley) %G%";
#endif not lint

/*
 * login [ name ]
 * login -r hostname	(for rlogind)
 * login -h hostname	(for telnetd, etc.)
 * login -f name	(for pre-authenticated login: datakit, xterm, etc.)
 */

#include <sys/param.h>
#include <sys/quota.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <sys/resource.h>
#include <sys/file.h>
#include <sys/termios.h>
#include <sys/ioctl.h>

#include <utmp.h>
#include <signal.h>
#include <lastlog.h>
#include <errno.h>
#include <ttyent.h>
#include <syslog.h>
#include <grp.h>
#include <pwd.h>
#include <stdio.h>
#include <strings.h>

#define	TTYGRPNAME	"tty"		/* name of group to own ttys */

#define	MOTDFILE	"/etc/motd"
#define	MAILDIR		"/usr/spool/mail"
#define	NOLOGIN		"/etc/nologin"
#define	HUSHLOGIN	".hushlogin"
#define	LASTLOG		"/usr/adm/lastlog"
#define	BSHELL		"/bin/sh"

/*
 * This bounds the time given to login.  Not a define so it can
 * be patched on machines where it's too small.
 */
int	timeout = 300;

struct passwd nouser = {"", "NOLOGIN", -1, -1, -1, "", "", "", "" };
struct sgttyb ttyb;
struct passwd *pwd;
char term[64], *hostname, *username;

struct tchars tc = {
	CINTR, CQUIT, CSTART, CSTOP, CEOT, CBRK
};
struct ltchars ltc = {
	CSUSP, CDSUSP, CRPRNT, CFLUSH, CWERASE, CLNEXT
};

main(argc, argv)
	int argc;
	char **argv;
{
	extern int errno, optind;
	extern char *optarg, **environ;
	struct group *gr;
	register int ch;
	register char *p;
	int fflag, hflag, pflag, rflag, cnt;
	int quietlog, passwd_req, ioctlval, timedout();
	char *domain, *envinit[1], *ttyn, *tty;
	char tbuf[MAXPATHLEN + 2];
	char *ttyname(), *stypeof(), *crypt(), *getpass();
	time_t time();
	off_t lseek();

	(void)signal(SIGALRM, timedout);
	(void)alarm((u_int)timeout);
	(void)signal(SIGQUIT, SIG_IGN);
	(void)signal(SIGINT, SIG_IGN);
	(void)setpriority(PRIO_PROCESS, 0, 0);
	(void)quota(Q_SETUID, 0, 0, 0);

	/*
	 * -p is used by getty to tell login not to destroy the environment
	 * -r is used by rlogind to cause the autologin protocol;
 	 * -f is used to skip a second login authentication 
	 * -h is used by other servers to pass the name of the
	 * remote host to login so that it may be placed in utmp and wtmp
	 */
	(void)gethostname(tbuf, sizeof(tbuf));
	domain = index(tbuf, '.');

	fflag = hflag = pflag = rflag = 0;
	passwd_req = 1;
	while ((ch = getopt(argc, argv, "f:h:pr:")) != EOF)
		switch(ch) {
		case 'f':
			if (rflag) {
				fprintf(stderr,
				    "login: only one of -r and -f allowed.\n");
				exit(1);
			}
			fflag = 1;
			username = optarg;
			break;
		case 'h':
			if (getuid()) {
				fprintf(stderr,
				    "login: -h for super-user only.\n");
				exit(1);
			}
			if (rflag) {
				fprintf(stderr,
				    "login: only one of -r and -h allowed.\n");
				exit(1);
			}
			hflag = 1;
			if (domain && (p = index(optarg, '.')) &&
			    strcmp(p, domain) == 0)
				*p = 0;
			hostname = optarg;
			break;
		case 'p':
			pflag = 1;
			break;
		case 'r':
			if (hflag || fflag) {
				fprintf(stderr,
				    "login: -f and -h not allowed with -r.\n");
				exit(1);
			}
			rflag = 1;
			passwd_req = doremotelogin(optarg);
			if (domain && (p = index(optarg, '.')) &&
			    !strcmp(p, domain))
				*p = '\0';
			hostname = optarg;
			break;
		case '?':
		default:
			fprintf(stderr, "usage: login [-p] [username]\n");
			exit(1);
		}
	argc -= optind;
	argv += optind;
	if (*argv)
		username = *argv;

	ioctlval = 0;
	(void)ioctl(0, TIOCLSET, &ioctlval);
	(void)ioctl(0, TIOCNXCL, 0);
	(void)ioctl(0, FIONBIO, &ioctlval);
	(void)ioctl(0, FIOASYNC, &ioctlval);
	(void)ioctl(0, TIOCGETP, &ttyb);

	/*
	 * If talking to an rlogin process, propagate the terminal type and
	 * baud rate across the network.
	 */
	if (rflag)
		doremoteterm(&ttyb);
	ttyb.sg_erase = CERASE;
	ttyb.sg_kill = CKILL;
	(void)ioctl(0, TIOCSLTC, &ltc);
	(void)ioctl(0, TIOCSETC, &tc);
	(void)ioctl(0, TIOCSETP, &ttyb);

	for (cnt = getdtablesize(); cnt > 2; cnt--)
		close(cnt);

	ttyn = ttyname(0);
	if (ttyn == NULL || *ttyn == '\0')
		ttyn = "/dev/tty??";
	if (tty = rindex(ttyn, '/'))
		++tty;
	else
		tty = ttyn;

	openlog("login", LOG_ODELAY, LOG_AUTH);

	for (cnt = 0;; username = NULL) {
		ioctlval = 0;
		(void)ioctl(0, TIOCSETD, &ioctlval);

		if (!username)
			getloginname();
		if ((pwd = getpwnam(username)) == NULL)
			pwd = &nouser;

		/* if user not super-user, check for disabled logins */
		if (pwd->pw_uid)
			checknologin();

		if (!strcmp(pwd->pw_shell, "/bin/csh")) {
			ioctlval = NTTYDISC;
			(void)ioctl(0, TIOCSETD, &ioctlval);
		}

		/*
		 * disallow automatic login to root, or if not root
		 * and the uid's differ
		 */
		if (fflag) {
			int uid = getuid();

			passwd_req = !pwd->pw_uid || uid && uid != pwd->pw_uid;
		}

		/*
		 * If no remote login authentication and a password exists
		 * for this user, prompt for one and verify it.
		 */
		if (!passwd_req || !*pwd->pw_passwd)
			break;

		setpriority(PRIO_PROCESS, 0, -4);
		p = getpass("Password:");
		p = crypt(p, pwd->pw_passwd);
		setpriority(PRIO_PROCESS, 0, 0);
		if (!strcmp(p, pwd->pw_passwd))
			break;

		printf("Login incorrect\n");
		if (++cnt >= 5) {
			if (hostname)
			    syslog(LOG_ERR,
				"REPEATED LOGIN FAILURES ON %s FROM %.*s, %.*s",
				tty, UT_HOSTSIZE, hostname, UT_NAMESIZE,
				username);
			else
			    syslog(LOG_ERR,
				"REPEATED LOGIN FAILURES ON %s, %.*s",
				tty, UT_NAMESIZE, username);
			(void)ioctl(0, TIOCHPCL, (struct sgttyb *)NULL);
			sleepexit(1);
		}
	}

	/* committed to login -- turn off timeout */
	(void)alarm((u_int)0);

	/*
	 * If valid so far and root is logging in, see if root logins on
	 * this terminal are permitted.
	 */
	if (!pwd->pw_uid && !rootterm(tty)) {
		if (hostname)
			syslog(LOG_CRIT, "ROOT LOGIN REFUSED ON %s FROM %.*s",
			    tty, UT_HOSTSIZE, hostname);
		else
			syslog(LOG_CRIT, "ROOT LOGIN REFUSED ON %s", tty);
		printf("Login incorrect\n");
		sleepexit(1);
	}

	if (*pwd->pw_shell == '\0')
		pwd->pw_shell = BSHELL;

	if (chdir(pwd->pw_dir) < 0) {
		printf("No directory %s!\n", pwd->pw_dir);
		if (chdir("/"))
			exit(0);
		pwd->pw_dir = "/";
		printf("Logging in with home = \"/\".\n");
	}

	if (quota(Q_SETUID, pwd->pw_uid, 0, 0) < 0 && errno != EINVAL) {
		switch(errno) {
		case EUSERS:
			fprintf(stderr,
		"Too many users logged on already.\nTry again later.\n");
			break;
		case EPROCLIM:
			fprintf(stderr,
			    "You have too many processes running.\n");
			break;
		default:
			perror("quota (Q_SETUID)");
		}
		sleepexit(0);
	}

	{
		struct utmp utmp;

		(void)time(&utmp.ut_time);
		strncpy(utmp.ut_name, username, sizeof(utmp.ut_name));
		strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
		strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
		login(&utmp);
	}

	quietlog = access(HUSHLOGIN, F_OK) == 0;
	dolastlog(quietlog, tty);

	if (!hflag && !rflag) {					/* XXX */
		static struct winsize win = { 0, 0, 0, 0 };

		(void)ioctl(0, TIOCSWINSZ, &win);
	}

	(void)chown(ttyn, pwd->pw_uid,
	    (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid);
	(void)chmod(ttyn, 0620);
	(void)setgid(pwd->pw_gid);

	initgroups(username, pwd->pw_gid);

	quota(Q_DOWARN, pwd->pw_uid, (dev_t)-1, 0);
	(void)setuid(pwd->pw_uid);

	/* destroy environment unless user has requested preservation */
	if (!pflag)
		environ = envinit;
	setenv("HOME", pwd->pw_dir, 1);
	setenv("SHELL", pwd->pw_shell, 1);
	if (term[0] == '\0')
		strncpy(term, stypeof(tty), sizeof(term));
	setenv("TERM", term, 0);
	setenv("USER", pwd->pw_name, 1);
	setenv("PATH", ":/usr/ucb:/bin:/usr/bin", 0);

	if (tty[sizeof("tty")-1] == 'd')
		syslog(LOG_INFO, "DIALUP %s, %s", tty, pwd->pw_name);
	if (pwd->pw_uid == 0)
		if (hostname)
			syslog(LOG_NOTICE, "ROOT LOGIN %s FROM %.*s",
			    tty, UT_HOSTSIZE, hostname);
		else
			syslog(LOG_NOTICE, "ROOT LOGIN %s", tty);

	if (!quietlog) {
		struct stat st;

		motd();
		(void)sprintf(tbuf, "%s/%s", MAILDIR, pwd->pw_name);
		if (stat(tbuf, &st) == 0 && st.st_size != 0)
			printf("You have %smail.\n",
			    (st.st_mtime > st.st_atime) ? "new " : "");
	}

	(void)signal(SIGALRM, SIG_DFL);
	(void)signal(SIGQUIT, SIG_DFL);
	(void)signal(SIGINT, SIG_DFL);
	(void)signal(SIGTSTP, SIG_IGN);

	tbuf[0] = '-';
	strcpy(tbuf + 1, (p = rindex(pwd->pw_shell, '/')) ?
	    p + 1 : pwd->pw_shell);
	execlp(pwd->pw_shell, tbuf, 0);
	perror(pwd->pw_shell);
	fprintf(stderr, "login: no shell\n");
	exit(0);
}

getloginname()
{
	register int ch;
	register char *p;
	static char nbuf[UT_NAMESIZE + 1];

	for (;;) {
		p = nbuf;
		printf("login: ");
		while ((ch = getchar()) != '\n') {
			if (ch == ' ')
				ch = '_';
			if (ch == EOF)
				exit(0);
			if (p < nbuf+UT_NAMESIZE)
				*p++ = ch;
		}
		if (p > nbuf)
			if (nbuf[0] == '-')
				fprintf(stderr,
				    "login names may not start with '-'.\n");
			else {
				*p = '\0';
				username = nbuf;
				return;
			}
	}
	/* NOTREACHED */
}

timedout()
{
	fprintf(stderr, "Login timed out after %d seconds\n", timeout);
	exit(0);
}

rootterm(tty)
	char *tty;
{
	struct ttyent *t;

	return((t = getttynam(tty)) && t->ty_status&TTY_SECURE);
}

int motdinterrupt;
motd()
{
	register int ch;
	FILE *fp;
	int (*oldint)(), sigint();

	if ((fp = fopen(MOTDFILE, "r")) == NULL)
		return;
	oldint = signal(SIGINT, sigint);
	while ((ch = getc(fp)) != EOF && !motdinterrupt)
		(void)putchar(ch);
	(void)signal(SIGINT, oldint);
	if (motdinterrupt)
		fpurge(fp);
	(void)fclose(fp);
}

sigint()
{
	motdinterrupt = 1;
}

checknologin()
{
	register int fd, nchars;
	char tbuf[1024];

	if ((fd = open(NOLOGIN, O_RDONLY, 0)) >= 0) {
		while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0)
			(void)write(fileno(stdout), tbuf, nchars);
		sleepexit(0);
	}
}

dolastlog(quiet, tty)
	int quiet;
	char *tty;
{
	struct lastlog ll;
	int fd;

	if ((fd = open(LASTLOG, O_RDWR, 0)) >= 0) {
		(void)lseek(fd, (long)pwd->pw_uid * sizeof(ll), L_SET);
		if (!quiet) {
			if (read(fd, (char *)&ll, sizeof(ll)) == sizeof(ll) &&
			    ll.ll_time != 0) {
				printf("Last login: %.*s ",
				    24-5, (char *)ctime(&ll.ll_time));
				if (*ll.ll_host != '\0')
					printf("from %.*s\n",
					    sizeof(ll.ll_host), ll.ll_host);
				else
					printf("on %.*s\n",
					    sizeof(ll.ll_line), ll.ll_line);
			}
			(void)lseek(fd, (long)pwd->pw_uid * sizeof(ll), L_SET);
		}
		(void)time(&ll.ll_time);
		strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
		strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));
		(void)write(fd, (char *)&ll, sizeof(ll));
		(void)close(fd);
	}
}

#undef	UNKNOWN
#define	UNKNOWN	"su"

char *
stypeof(ttyid)
	char *ttyid;
{
	struct ttyent *t;

	return(ttyid && (t = getttynam(ttyid)) ? t->ty_type : UNKNOWN);
}

doremotelogin(host)
	char *host;
{
	static char lusername[UT_NAMESIZE+1];
	char rusername[UT_NAMESIZE+1];

	getstr(rusername, sizeof(rusername), "remuser");
	getstr(lusername, sizeof(lusername), "locuser");
	getstr(term, sizeof(term), "Terminal type");
	username = lusername;
	if (getuid()) {
		pwd = &nouser;
		return(-1);
	}
	pwd = getpwnam(username);
	if (pwd == NULL) {
		pwd = &nouser;
		return(-1);
	}
	return(ruserok(host, (pwd->pw_uid == 0), rusername, username));
}

getstr(buf, cnt, err)
	char *buf, *err;
	int cnt;
{
	char ch;

	do {
		if (read(0, &ch, sizeof(ch)) != sizeof(ch))
			exit(1);
		if (--cnt < 0) {
			fprintf(stderr, "%s too long\r\n", err);
			sleepexit(1);
		}
		*buf++ = ch;
	} while (ch);
}

char *speeds[] = {
	"0", "50", "75", "110", "134", "150", "200", "300", "600",
	"1200", "1800", "2400", "4800", "9600", "19200", "38400",
};
#define	NSPEEDS	(sizeof(speeds) / sizeof(speeds[0]))

doremoteterm(tp)
	struct sgttyb *tp;
{
	register char *cp = index(term, '/'), **cpp;
	char *speed;

	if (cp) {
		*cp++ = '\0';
		speed = cp;
		cp = index(speed, '/');
		if (cp)
			*cp++ = '\0';
		for (cpp = speeds; cpp < &speeds[NSPEEDS]; cpp++)
			if (strcmp(*cpp, speed) == 0) {
				tp->sg_ispeed = tp->sg_ospeed = cpp-speeds;
				break;
			}
	}
	tp->sg_flags = ECHO|CRMOD|ANYP|XTABS;
}

sleepexit(eval)
	int eval;
{
	sleep((u_int)5);
	exit(eval);
}
Commit	Line	Data
bcf1365c	1	/*
80f91e3f	2	* Copyright (c) 1980, 1987 Regents of the University of California.
bcf1365c DF	3	* All rights reserved. The Berkeley software License Agreement
	4	* specifies the terms and conditions for redistribution.
	5	*/
	6
	7	#ifndef lint
	8	char copyright[] =
	9	"@(#) Copyright (c) 1980 Regents of the University of California.\n\
	10	All rights reserved.\n";
	11	#endif not lint
	12
22d4760e	13	#ifndef lint
80f91e3f	14	static char sccsid[] = "@(#)login.c.1 5.24 (Berkeley) %G%";
bcf1365c	15	#endif not lint
22d4760e	16
88a01c09 BJ	17	/*
88a01c09 BJ	18	* login [ name ]
5dbe2745 MK	19	* login -r hostname (for rlogind)
	20	* login -h hostname (for telnetd, etc.)
	21	* login -f name (for pre-authenticated login: datakit, xterm, etc.)
88a01c09 BJ	22	*/
88a01c09 BJ	23
7a625b73	24	#include <sys/param.h>
3b8dd95e SL	25	#include <sys/quota.h>
	26	#include <sys/stat.h>
	27	#include <sys/time.h>
	28	#include <sys/resource.h>
9479aa87	29	#include <sys/file.h>
80f91e3f KB	30	#include <sys/termios.h>
80f91e3f KB	31	#include <sys/ioctl.h>
3b8dd95e	32
88a01c09 BJ	33	#include <utmp.h>
88a01c09 BJ	34	#include <signal.h>
88a01c09	35	#include <lastlog.h>
22d4760e	36	#include <errno.h>
9479aa87 BJ	37	#include <ttyent.h>
9479aa87 BJ	38	#include <syslog.h>
c89291e2	39	#include <grp.h>
80f91e3f KB	40	#include <pwd.h>
	41	#include <stdio.h>
	42	#include <strings.h>
c89291e2	43
80f91e3f	44	#define TTYGRPNAME "tty" /* name of group to own ttys */
88a01c09	45
80f91e3f KB	46	#define MOTDFILE "/etc/motd"
	47	#define MAILDIR "/usr/spool/mail"
	48	#define NOLOGIN "/etc/nologin"
	49	#define HUSHLOGIN ".hushlogin"
	50	#define LASTLOG "/usr/adm/lastlog"
	51	#define BSHELL "/bin/sh"
f570e1ff	52
3b8dd95e	53	/*
80f91e3f KB	54	* This bounds the time given to login. Not a define so it can
80f91e3f KB	55	* be patched on machines where it's too small.
3b8dd95e	56	*/
a9b031fe	57	int timeout = 300;
86eb6c9e	58
80f91e3f KB	59	struct passwd nouser = {"", "NOLOGIN", -1, -1, -1, "", "", "", "" };
	60	struct sgttyb ttyb;
	61	struct passwd *pwd;
	62	char term[64], hostname, username;
88a01c09	63
80f91e3f	64	struct tchars tc = {
714accc5 SL	65	CINTR, CQUIT, CSTART, CSTOP, CEOT, CBRK
714accc5 SL	66	};
80f91e3f	67	struct ltchars ltc = {
714accc5	68	CSUSP, CDSUSP, CRPRNT, CFLUSH, CWERASE, CLNEXT
841d84b0 BJ	69	};
841d84b0 BJ	70
88a01c09	71	main(argc, argv)
80f91e3f KB	72	int argc;
80f91e3f KB	73	char **argv;
88a01c09	74	{
80f91e3f KB	75	extern int errno, optind;
	76	extern char optarg, *environ;
	77	struct group *gr;
	78	register int ch;
	79	register char *p;
	80	int fflag, hflag, pflag, rflag, cnt;
	81	int quietlog, passwd_req, ioctlval, timedout();
	82	char domain, envinit[1], ttyn, tty;
	83	char tbuf[MAXPATHLEN + 2];
	84	char ttyname(), stypeof(), crypt(), getpass();
	85	time_t time();
	86	off_t lseek();
	87
	88	(void)signal(SIGALRM, timedout);
	89	(void)alarm((u_int)timeout);
	90	(void)signal(SIGQUIT, SIG_IGN);
	91	(void)signal(SIGINT, SIG_IGN);
	92	(void)setpriority(PRIO_PROCESS, 0, 0);
	93	(void)quota(Q_SETUID, 0, 0, 0);
	94
3b8dd95e	95	/*
d3737d51	96	* -p is used by getty to tell login not to destroy the environment
3b8dd95e	97	* -r is used by rlogind to cause the autologin protocol;
5dbe2745	98	* -f is used to skip a second login authentication
3b8dd95e SL	99	* -h is used by other servers to pass the name of the
	100	* remote host to login so that it may be placed in utmp and wtmp
	101	*/
80f91e3f KB	102	(void)gethostname(tbuf, sizeof(tbuf));
	103	domain = index(tbuf, '.');
	104
	105	fflag = hflag = pflag = rflag = 0;
	106	passwd_req = 1;
	107	while ((ch = getopt(argc, argv, "f:h:pr:")) != EOF)
	108	switch(ch) {
	109	case 'f':
	110	if (rflag) {
	111	fprintf(stderr,
	112	"login: only one of -r and -f allowed.\n");
95a2c263 JB	113	exit(1);
95a2c263 JB	114	}
80f91e3f KB	115	fflag = 1;
	116	username = optarg;
	117	break;
	118	case 'h':
	119	if (getuid()) {
	120	fprintf(stderr,
	121	"login: -h for super-user only.\n");
b6f7cade	122	exit(1);
5dbe2745	123	}
5dbe2745	124	if (rflag) {
80f91e3f KB	125	fprintf(stderr,
80f91e3f KB	126	"login: only one of -r and -h allowed.\n");
95a2c263 JB	127	exit(1);
95a2c263 JB	128	}
80f91e3f KB	129	hflag = 1;
	130	if (domain && (p = index(optarg, '.')) &&
	131	strcmp(p, domain) == 0)
	132	*p = 0;
	133	hostname = optarg;
	134	break;
	135	case 'p':
d3737d51	136	pflag = 1;
80f91e3f KB	137	break;
	138	case 'r':
	139	if (hflag \|\| fflag) {
	140	fprintf(stderr,
	141	"login: -f and -h not allowed with -r.\n");
	142	exit(1);
	143	}
	144	rflag = 1;
	145	passwd_req = doremotelogin(optarg);
	146	if (domain && (p = index(optarg, '.')) &&
	147	!strcmp(p, domain))
	148	*p = '\0';
	149	hostname = optarg;
	150	break;
	151	case '?':
	152	default:
	153	fprintf(stderr, "usage: login [-p] [username]\n");
	154	exit(1);
d3737d51	155	}
80f91e3f KB	156	argc -= optind;
	157	argv += optind;
	158	if (*argv)
	159	username = *argv;
	160
	161	ioctlval = 0;
	162	(void)ioctl(0, TIOCLSET, &ioctlval);
	163	(void)ioctl(0, TIOCNXCL, 0);
	164	(void)ioctl(0, FIONBIO, &ioctlval);
	165	(void)ioctl(0, FIOASYNC, &ioctlval);
	166	(void)ioctl(0, TIOCGETP, &ttyb);
	167
3b8dd95e	168	/*
80f91e3f	169	* If talking to an rlogin process, propagate the terminal type and
3b8dd95e SL	170	* baud rate across the network.
	171	*/
	172	if (rflag)
80f91e3f	173	doremoteterm(&ttyb);
568353d4 MK	174	ttyb.sg_erase = CERASE;
568353d4 MK	175	ttyb.sg_kill = CKILL;
80f91e3f KB	176	(void)ioctl(0, TIOCSLTC, &ltc);
	177	(void)ioctl(0, TIOCSETC, &tc);
	178	(void)ioctl(0, TIOCSETP, &ttyb);
	179
	180	for (cnt = getdtablesize(); cnt > 2; cnt--)
	181	close(cnt);
	182
88a01c09	183	ttyn = ttyname(0);
80f91e3f	184	if (ttyn == NULL \|\| *ttyn == '\0')
88a01c09	185	ttyn = "/dev/tty??";
80f91e3f KB	186	if (tty = rindex(ttyn, '/'))
80f91e3f KB	187	++tty;
9479aa87	188	else
80f91e3f KB	189	tty = ttyn;
80f91e3f KB	190
076ae92c	191	openlog("login", LOG_ODELAY, LOG_AUTH);
80f91e3f KB	192
	193	for (cnt = 0;; username = NULL) {
	194	ioctlval = 0;
	195	(void)ioctl(0, TIOCSETD, &ioctlval);
	196
	197	if (!username)
	198	getloginname();
	199	if ((pwd = getpwnam(username)) == NULL)
	200	pwd = &nouser;
	201
	202	/* if user not super-user, check for disabled logins */
	203	if (pwd->pw_uid)
	204	checknologin();
	205
	206	if (!strcmp(pwd->pw_shell, "/bin/csh")) {
	207	ioctlval = NTTYDISC;
	208	(void)ioctl(0, TIOCSETD, &ioctlval);
f570e1ff	209	}
80f91e3f	210
3b8dd95e	211	/*
80f91e3f KB	212	* disallow automatic login to root, or if not root
80f91e3f KB	213	* and the uid's differ
3b8dd95e	214	*/
5dbe2745 MK	215	if (fflag) {
	216	int uid = getuid();
	217
80f91e3f	218	passwd_req = !pwd->pw_uid \|\| uid && uid != pwd->pw_uid;
f570e1ff	219	}
80f91e3f	220
3b8dd95e	221	/*
80f91e3f KB	222	* If no remote login authentication and a password exists
80f91e3f KB	223	* for this user, prompt for one and verify it.
3b8dd95e	224	*/
80f91e3f KB	225	if (!passwd_req \|\| !*pwd->pw_passwd)
	226	break;
	227
	228	setpriority(PRIO_PROCESS, 0, -4);
	229	p = getpass("Password:");
	230	p = crypt(p, pwd->pw_passwd);
	231	setpriority(PRIO_PROCESS, 0, 0);
	232	if (!strcmp(p, pwd->pw_passwd))
	233	break;
	234
	235	printf("Login incorrect\n");
	236	if (++cnt >= 5) {
	237	if (hostname)
	238	syslog(LOG_ERR,
	239	"REPEATED LOGIN FAILURES ON %s FROM %.s, %.s",
	240	tty, UT_HOSTSIZE, hostname, UT_NAMESIZE,
	241	username);
df9d9536	242	else
80f91e3f KB	243	syslog(LOG_ERR,
	244	"REPEATED LOGIN FAILURES ON %s, %.*s",
	245	tty, UT_NAMESIZE, username);
	246	(void)ioctl(0, TIOCHPCL, (struct sgttyb *)NULL);
	247	sleepexit(1);
f570e1ff	248	}
80f91e3f	249	}
88a01c09	250
80f91e3f KB	251	/* committed to login -- turn off timeout */
	252	(void)alarm((u_int)0);
	253
	254	/*
	255	* If valid so far and root is logging in, see if root logins on
	256	* this terminal are permitted.
	257	*/
	258	if (!pwd->pw_uid && !rootterm(tty)) {
	259	if (hostname)
	260	syslog(LOG_CRIT, "ROOT LOGIN REFUSED ON %s FROM %.*s",
	261	tty, UT_HOSTSIZE, hostname);
22d4760e	262	else
80f91e3f KB	263	syslog(LOG_CRIT, "ROOT LOGIN REFUSED ON %s", tty);
	264	printf("Login incorrect\n");
	265	sleepexit(1);
22d4760e	266	}
80f91e3f KB	267
	268	if (*pwd->pw_shell == '\0')
	269	pwd->pw_shell = BSHELL;
	270
	271	if (chdir(pwd->pw_dir) < 0) {
	272	printf("No directory %s!\n", pwd->pw_dir);
	273	if (chdir("/"))
	274	exit(0);
	275	pwd->pw_dir = "/";
	276	printf("Logging in with home = \"/\".\n");
	277	}
	278
	279	if (quota(Q_SETUID, pwd->pw_uid, 0, 0) < 0 && errno != EINVAL) {
	280	switch(errno) {
	281	case EUSERS:
	282	fprintf(stderr,
	283	"Too many users logged on already.\nTry again later.\n");
	284	break;
	285	case EPROCLIM:
	286	fprintf(stderr,
	287	"You have too many processes running.\n");
	288	break;
	289	default:
	290	perror("quota (Q_SETUID)");
f570e1ff	291	}
80f91e3f KB	292	sleepexit(0);
	293	}
	294
	295	{
	296	struct utmp utmp;
	297
	298	(void)time(&utmp.ut_time);
	299	strncpy(utmp.ut_name, username, sizeof(utmp.ut_name));
	300	strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
	301	strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
	302	login(&utmp);
f570e1ff	303	}
80f91e3f KB	304
	305	quietlog = access(HUSHLOGIN, F_OK) == 0;
	306	dolastlog(quietlog, tty);
	307
	308	if (!hflag && !rflag) { /* XXX */
	309	static struct winsize win = { 0, 0, 0, 0 };
	310
	311	(void)ioctl(0, TIOCSWINSZ, &win);
	312	}
	313
	314	(void)chown(ttyn, pwd->pw_uid,
	315	(gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid);
	316	(void)chmod(ttyn, 0620);
	317	(void)setgid(pwd->pw_gid);
	318
	319	initgroups(username, pwd->pw_gid);
	320
22d4760e	321	quota(Q_DOWARN, pwd->pw_uid, (dev_t)-1, 0);
80f91e3f	322	(void)setuid(pwd->pw_uid);
3daca631	323
80f91e3f	324	/* destroy environment unless user has requested preservation */
d3737d51 SL	325	if (!pflag)
d3737d51 SL	326	environ = envinit;
3daca631 KB	327	setenv("HOME", pwd->pw_dir, 1);
3daca631 KB	328	setenv("SHELL", pwd->pw_shell, 1);
d3737d51 SL	329	if (term[0] == '\0')
d3737d51 SL	330	strncpy(term, stypeof(tty), sizeof(term));
3daca631 KB	331	setenv("TERM", term, 0);
	332	setenv("USER", pwd->pw_name, 1);
	333	setenv("PATH", ":/usr/ucb:/bin:/usr/bin", 0);
d3737d51	334
9479aa87	335	if (tty[sizeof("tty")-1] == 'd')
d3737d51 SL	336	syslog(LOG_INFO, "DIALUP %s, %s", tty, pwd->pw_name);
d3737d51 SL	337	if (pwd->pw_uid == 0)
80f91e3f	338	if (hostname)
df9d9536	339	syslog(LOG_NOTICE, "ROOT LOGIN %s FROM %.*s",
80f91e3f	340	tty, UT_HOSTSIZE, hostname);
df9d9536 KM	341	else
df9d9536 KM	342	syslog(LOG_NOTICE, "ROOT LOGIN %s", tty);
80f91e3f	343
4f8d3876	344	if (!quietlog) {
6821e9c5	345	struct stat st;
d3737d51	346
80f91e3f KB	347	motd();
	348	(void)sprintf(tbuf, "%s/%s", MAILDIR, pwd->pw_name);
	349	if (stat(tbuf, &st) == 0 && st.st_size != 0)
6821e9c5	350	printf("You have %smail.\n",
80f91e3f	351	(st.st_mtime > st.st_atime) ? "new " : "");
f570e1ff	352	}
80f91e3f KB	353
	354	(void)signal(SIGALRM, SIG_DFL);
	355	(void)signal(SIGQUIT, SIG_DFL);
	356	(void)signal(SIGINT, SIG_DFL);
	357	(void)signal(SIGTSTP, SIG_IGN);
	358
	359	tbuf[0] = '-';
	360	strcpy(tbuf + 1, (p = rindex(pwd->pw_shell, '/')) ?
	361	p + 1 : pwd->pw_shell);
	362	execlp(pwd->pw_shell, tbuf, 0);
f570e1ff	363	perror(pwd->pw_shell);
80f91e3f	364	fprintf(stderr, "login: no shell\n");
88a01c09 BJ	365	exit(0);
	366	}
	367
80f91e3f	368	getloginname()
3b8dd95e	369	{
80f91e3f KB	370	register int ch;
	371	register char *p;
	372	static char nbuf[UT_NAMESIZE + 1];
3b8dd95e	373
80f91e3f KB	374	for (;;) {
80f91e3f KB	375	p = nbuf;
5a786176	376	printf("login: ");
80f91e3f KB	377	while ((ch = getchar()) != '\n') {
	378	if (ch == ' ')
	379	ch = '_';
	380	if (ch == EOF)
3b8dd95e	381	exit(0);
80f91e3f KB	382	if (p < nbuf+UT_NAMESIZE)
80f91e3f KB	383	*p++ = ch;
3b8dd95e	384	}
80f91e3f KB	385	if (p > nbuf)
	386	if (nbuf[0] == '-')
	387	fprintf(stderr,
	388	"login names may not start with '-'.\n");
	389	else {
	390	*p = '\0';
	391	username = nbuf;
	392	return;
	393	}
3b8dd95e	394	}
80f91e3f	395	/* NOTREACHED */
3b8dd95e SL	396	}
	397
	398	timedout()
	399	{
80f91e3f	400	fprintf(stderr, "Login timed out after %d seconds\n", timeout);
3b8dd95e SL	401	exit(0);
	402	}
	403
80f91e3f KB	404	rootterm(tty)
80f91e3f KB	405	char *tty;
88a01c09	406	{
80f91e3f	407	struct ttyent *t;
1886582e	408
80f91e3f	409	return((t = getttynam(tty)) && t->ty_status&TTY_SECURE);
88a01c09 BJ	410	}
88a01c09 BJ	411
80f91e3f KB	412	int motdinterrupt;
80f91e3f KB	413	motd()
f570e1ff	414	{
80f91e3f KB	415	register int ch;
	416	FILE *fp;
	417	int (*oldint)(), sigint();
	418
	419	if ((fp = fopen(MOTDFILE, "r")) == NULL)
	420	return;
	421	oldint = signal(SIGINT, sigint);
	422	while ((ch = getc(fp)) != EOF && !motdinterrupt)
	423	(void)putchar(ch);
	424	(void)signal(SIGINT, oldint);
	425	if (motdinterrupt)
	426	fpurge(fp);
	427	(void)fclose(fp);
	428	}
9479aa87	429
80f91e3f KB	430	sigint()
	431	{
	432	motdinterrupt = 1;
	433	}
	434
	435	checknologin()
	436	{
	437	register int fd, nchars;
	438	char tbuf[1024];
	439
	440	if ((fd = open(NOLOGIN, O_RDONLY, 0)) >= 0) {
	441	while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0)
	442	(void)write(fileno(stdout), tbuf, nchars);
	443	sleepexit(0);
f570e1ff	444	}
f570e1ff BJ	445	}
f570e1ff BJ	446
80f91e3f KB	447	dolastlog(quiet, tty)
	448	int quiet;
	449	char *tty;
88a01c09	450	{
80f91e3f KB	451	struct lastlog ll;
	452	int fd;
	453
	454	if ((fd = open(LASTLOG, O_RDWR, 0)) >= 0) {
	455	(void)lseek(fd, (long)pwd->pw_uid * sizeof(ll), L_SET);
	456	if (!quiet) {
	457	if (read(fd, (char *)&ll, sizeof(ll)) == sizeof(ll) &&
	458	ll.ll_time != 0) {
	459	printf("Last login: %.*s ",
	460	24-5, (char *)ctime(&ll.ll_time));
	461	if (*ll.ll_host != '\0')
	462	printf("from %.*s\n",
	463	sizeof(ll.ll_host), ll.ll_host);
	464	else
	465	printf("on %.*s\n",
	466	sizeof(ll.ll_line), ll.ll_line);
	467	}
	468	(void)lseek(fd, (long)pwd->pw_uid * sizeof(ll), L_SET);
	469	}
	470	(void)time(&ll.ll_time);
	471	strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
	472	strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));
	473	(void)write(fd, (char *)&ll, sizeof(ll));
	474	(void)close(fd);
88a01c09	475	}
88a01c09 BJ	476	}
88a01c09 BJ	477
f570e1ff	478	#undef UNKNOWN
80f91e3f	479	#define UNKNOWN "su"
88a01c09 BJ	480
	481	char *
	482	stypeof(ttyid)
3b8dd95e	483	char *ttyid;
88a01c09	484	{
80f91e3f	485	struct ttyent *t;
88a01c09	486
80f91e3f	487	return(ttyid && (t = getttynam(ttyid)) ? t->ty_type : UNKNOWN);
88a01c09	488	}
86eb6c9e	489
3b8dd95e SL	490	doremotelogin(host)
	491	char *host;
	492	{
80f91e3f KB	493	static char lusername[UT_NAMESIZE+1];
	494	char rusername[UT_NAMESIZE+1];
	495
	496	getstr(rusername, sizeof(rusername), "remuser");
	497	getstr(lusername, sizeof(lusername), "locuser");
d3737d51	498	getstr(term, sizeof(term), "Terminal type");
80f91e3f	499	username = lusername;
4cf9fc9e SL	500	if (getuid()) {
4cf9fc9e SL	501	pwd = &nouser;
95a2c263	502	return(-1);
4cf9fc9e	503	}
80f91e3f	504	pwd = getpwnam(username);
4cf9fc9e SL	505	if (pwd == NULL) {
4cf9fc9e SL	506	pwd = &nouser;
95a2c263	507	return(-1);
3b8dd95e	508	}
80f91e3f	509	return(ruserok(host, (pwd->pw_uid == 0), rusername, username));
3b8dd95e SL	510	}
3b8dd95e SL	511
86eb6c9e	512	getstr(buf, cnt, err)
80f91e3f	513	char buf, err;
86eb6c9e	514	int cnt;
86eb6c9e	515	{
80f91e3f	516	char ch;
86eb6c9e BJ	517
86eb6c9e BJ	518	do {
80f91e3f	519	if (read(0, &ch, sizeof(ch)) != sizeof(ch))
86eb6c9e BJ	520	exit(1);
86eb6c9e BJ	521	if (--cnt < 0) {
80f91e3f KB	522	fprintf(stderr, "%s too long\r\n", err);
80f91e3f KB	523	sleepexit(1);
86eb6c9e	524	}
80f91e3f KB	525	*buf++ = ch;
80f91e3f KB	526	} while (ch);
86eb6c9e	527	}
4f8d3876	528
80f91e3f KB	529	char *speeds[] = {
	530	"0", "50", "75", "110", "134", "150", "200", "300", "600",
	531	"1200", "1800", "2400", "4800", "9600", "19200", "38400",
	532	};
	533	#define NSPEEDS (sizeof(speeds) / sizeof(speeds[0]))
3b8dd95e	534
80f91e3f	535	doremoteterm(tp)
3b8dd95e SL	536	struct sgttyb *tp;
3b8dd95e SL	537	{
d3737d51 SL	538	register char cp = index(term, '/'), *cpp;
d3737d51 SL	539	char *speed;
3b8dd95e SL	540
3b8dd95e SL	541	if (cp) {
d3737d51 SL	542	*cp++ = '\0';
	543	speed = cp;
	544	cp = index(speed, '/');
	545	if (cp)
	546	*cp++ = '\0';
	547	for (cpp = speeds; cpp < &speeds[NSPEEDS]; cpp++)
	548	if (strcmp(*cpp, speed) == 0) {
	549	tp->sg_ispeed = tp->sg_ospeed = cpp-speeds;
3b8dd95e SL	550	break;
	551	}
	552	}
	553	tp->sg_flags = ECHO\|CRMOD\|ANYP\|XTABS;
	554	}
d3737d51	555
80f91e3f KB	556	sleepexit(eval)
80f91e3f KB	557	int eval;
c89291e2	558	{
80f91e3f KB	559	sleep((u_int)5);
80f91e3f KB	560	exit(eval);
c89291e2	561	}