usr/src/usr.bin/login/login.c

/*
 * Copyright (c) 1980, 1987, 1988 The Regents of the University of California.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms are permitted
 * provided that the above copyright notice and this paragraph are
 * duplicated in all such forms and that any documentation,
 * advertising materials, and other materials related to such
 * distribution and use acknowledge that the software was developed
 * by the University of California, Berkeley.  The name of the
 * University may not be used to endorse or promote products derived
 * from this software without specific prior written permission.
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 */

#ifndef lint
char copyright[] =
"@(#) Copyright (c) 1980, 1987, 1988 The Regents of the University of California.\n\
 All rights reserved.\n";
#endif /* not lint */

#ifndef lint
static char sccsid[] = "@(#)login.c	5.32.1.3 (Berkeley) %G%";
#endif /* not lint */

/*
 * login [ name ]
 * login -r hostname	(for rlogind)
 * login -h hostname	(for telnetd, etc.)
 * login -f name	(for pre-authenticated login: datakit, xterm, etc.)
 */

#include <sys/param.h>
#include <sys/quota.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <sys/resource.h>
#include <sys/file.h>
#include <sys/ioctl.h>

#include <utmp.h>
#include <signal.h>
#include <lastlog.h>
#include <errno.h>
#include <ttyent.h>
#include <syslog.h>
#include <grp.h>
#include <pwd.h>
#include <setjmp.h>
#include <stdio.h>
#include <strings.h>
#include "pathnames.h"

#define	TTYGRPNAME	"tty"		/* name of group to own ttys */

/*
 * This bounds the time given to login.  Not a define so it can
 * be patched on machines where it's too small.
 */
int	timeout = 300;

struct	passwd *pwd;
int	failures;
char	term[64], *hostname, *username, *tty;

struct	sgttyb sgttyb;
struct	tchars tc = {
	CINTR, CQUIT, CSTART, CSTOP, CEOT, CBRK
};
struct	ltchars ltc = {
	CSUSP, CDSUSP, CRPRNT, CFLUSH, CWERASE, CLNEXT
};

char *months[] =
	{ "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug",
	  "Sep", "Oct", "Nov", "Dec" };

char *months[] =
	{ "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug",
	  "Sep", "Oct", "Nov", "Dec" };

main(argc, argv)
	int argc;
	char **argv;
{
	extern int errno, optind;
	extern char *optarg, **environ;
	struct timeval tp;
	struct tm *ttp;
	struct timeval tp;
	struct tm *ttp;
	struct group *gr;
	register int ch;
	register char *p;
	int ask, fflag, hflag, pflag, rflag, cnt;
	int quietlog, passwd_req, ioctlval, timedout();
	char *domain, *salt, *envinit[1], *ttyn, *pp;
	char tbuf[MAXPATHLEN + 2];
	char *ctime(), *ttyname(), *stypeof(), *crypt(), *getpass();
	time_t time();
	off_t lseek();

	(void)signal(SIGALRM, timedout);
	(void)alarm((u_int)timeout);
	(void)signal(SIGQUIT, SIG_IGN);
	(void)signal(SIGINT, SIG_IGN);
	(void)setpriority(PRIO_PROCESS, 0, 0);
	(void)quota(Q_SETUID, 0, 0, 0);

	/*
	 * -p is used by getty to tell login not to destroy the environment
	 * -r is used by rlogind to cause the autologin protocol;
 	 * -f is used to skip a second login authentication
	 * -h is used by other servers to pass the name of the remote
	 *    host to login so that it may be placed in utmp and wtmp
	 */
	(void)gethostname(tbuf, sizeof(tbuf));
	domain = index(tbuf, '.');

	fflag = hflag = pflag = rflag = 0;
	passwd_req = 1;
	while ((ch = getopt(argc, argv, "fh:pr:")) != EOF)
		switch (ch) {
		case 'f':
			if (rflag) {
				fprintf(stderr,
				    "login: only one of -r and -f allowed.\n");
				exit(1);
			}
			fflag = 1;
			break;
		case 'h':
			if (getuid()) {
				fprintf(stderr,
				    "login: -h for super-user only.\n");
				exit(1);
			}
			if (rflag) {
				fprintf(stderr,
				    "login: only one of -r and -h allowed.\n");
				exit(1);
			}
			hflag = 1;
			if (domain && (p = index(optarg, '.')) &&
			    strcasecmp(p, domain) == 0)
				*p = 0;
			hostname = optarg;
			break;
		case 'p':
			pflag = 1;
			break;
		case 'r':
			if (hflag || fflag) {
				fprintf(stderr,
				    "login: -f and -h not allowed with -r.\n");
				exit(1);
			}
			if (getuid()) {
				fprintf(stderr,
				    "login: -r for super-user only.\n");
				exit(1);
			}
			/* "-r hostname" must be last args */
			if (optind != argc) {
				fprintf(stderr, "Syntax error.\n");
				exit(1);
			}
			rflag = 1;
			passwd_req = (doremotelogin(optarg) == -1);
			if (domain && (p = index(optarg, '.')) &&
			    !strcmp(p, domain))
				*p = '\0';
			hostname = optarg;
			break;
		case '?':
		default:
			fprintf(stderr, "usage: login [-fp] [username]\n");
			exit(1);
		}
	argc -= optind;
	argv += optind;
	if (*argv) {
		username = *argv;
		ask = 0;
	} else
		ask = 1;
	if (rflag)
		ask = 0;

	ioctlval = 0;
	(void)ioctl(0, TIOCLSET, &ioctlval);
	(void)ioctl(0, TIOCNXCL, 0);
	(void)fcntl(0, F_SETFL, ioctlval);
	(void)ioctl(0, TIOCGETP, &sgttyb);

	/*
	 * If talking to an rlogin process, propagate the terminal type and
	 * baud rate across the network.
	 */
	if (rflag)
		doremoteterm(&sgttyb);
	sgttyb.sg_erase = CERASE;
	sgttyb.sg_kill = CKILL;
	(void)ioctl(0, TIOCSLTC, &ltc);
	(void)ioctl(0, TIOCSETC, &tc);
	(void)ioctl(0, TIOCSETP, &sgttyb);

	for (cnt = getdtablesize(); cnt > 2; cnt--)
		close(cnt);

	ttyn = ttyname(0);
	if (ttyn == NULL || *ttyn == '\0')
		ttyn = "/dev/tty??";
	if (tty = rindex(ttyn, '/'))
		++tty;
	else
		tty = ttyn;

	openlog("login", LOG_ODELAY, LOG_AUTH);

	for (cnt = 0;; ask = 1) {
		ioctlval = 0;
		(void)ioctl(0, TIOCSETD, &ioctlval);

		if (ask) {
			fflag = 0;
			getloginname();
		}
		/*
		 * Note if trying multiple user names;
		 * log failures for previous user name,
		 * but don't bother logging one failure
		 * for nonexistent name (mistyped username).
		 */
		if (failures && strcmp(tbuf, username)) {
			if (failures > (pwd ? 0 : 1))
				badlogin(tbuf);
			failures = 0;
		}
		(void)strcpy(tbuf, username);
		if (pwd = getpwnam(username))
			salt = pwd->pw_passwd;
		else
			salt = "xx";

		/* if user not super-user, check for disabled logins */
		if (pwd == NULL || pwd->pw_uid)
			checknologin();

		/*
		 * Disallow automatic login to root; if not invoked by
		 * root, disallow if the uid's differ.
		 */
		if (fflag && pwd) {
			int uid = getuid();

			passwd_req = pwd->pw_uid == 0 ||
			    (uid && uid != pwd->pw_uid);
		}

		/*
		 * If no pre-authentication and a password exists
		 * for this user, prompt for one and verify it.
		 */
		if (!passwd_req || (pwd && !*pwd->pw_passwd))
			break;

		setpriority(PRIO_PROCESS, 0, -4);
		pp = getpass("Password:");
		p = crypt(pp, salt);
		setpriority(PRIO_PROCESS, 0, 0);

		(void) bzero(pp, strlen(pp));
		if (pwd && !strcmp(p, pwd->pw_passwd))
			break;

		printf("Login incorrect\n");
		failures++;
		/* we allow 10 tries, but after 3 we start backing off */
		if (++cnt > 3) {
			if (cnt >= 10) {
				badlogin(username);
				(void)ioctl(0, TIOCHPCL, (struct sgttyb *)NULL);
				sleepexit(1);
			}
			sleep((u_int)((cnt - 3) * 5));
		}
	}

	/* committed to login -- turn off timeout */
	(void)alarm((u_int)0);

	/*
	 * If valid so far and root is logging in, see if root logins on
	 * this terminal are permitted.
	 */
	if (pwd->pw_uid == 0 && !rootterm(tty)) {
		if (hostname)
			syslog(LOG_NOTICE, "ROOT LOGIN REFUSED FROM %s",
			    hostname);
		else
			syslog(LOG_NOTICE, "ROOT LOGIN REFUSED ON %s", tty);
		printf("Login incorrect\n");
		sleepexit(1);
	}

	if (quota(Q_SETUID, pwd->pw_uid, 0, 0) < 0 && errno != EINVAL) {
		switch(errno) {
		case EUSERS:
			fprintf(stderr,
		"Too many users logged on already.\nTry again later.\n");
			break;
		case EPROCLIM:
			fprintf(stderr,
			    "You have too many processes running.\n");
			break;
		default:
			perror("quota (Q_SETUID)");
		}
		sleepexit(0);
	}

	if (chdir(pwd->pw_dir) < 0) {
		printf("No directory %s!\n", pwd->pw_dir);
		if (chdir("/"))
			exit(0);
		pwd->pw_dir = "/";
		printf("Logging in with home = \"/\".\n");
	}

#define	TWOWEEKS	(14*24*60*60)
	if (pwd->pw_change || pwd->pw_expire)
		(void)gettimeofday(&tp, (struct timezone *)NULL);
	if (pwd->pw_change)
		if (tp.tv_sec >= pwd->pw_change) {
			printf("Sorry -- your password has expired.\n");
			sleepexit(1);
		}
		else if (tp.tv_sec - pwd->pw_change < TWOWEEKS) {
			ttp = localtime(&pwd->pw_change);
			printf("Warning: your password expires on %s %d, 19%d\n",
			    months[ttp->tm_mon], ttp->tm_mday, ttp->tm_year);
		}
	if (pwd->pw_expire)
		if (tp.tv_sec >= pwd->pw_expire) {
			printf("Sorry -- your account has expired.\n");
			sleepexit(1);
		}
		else if (tp.tv_sec - pwd->pw_expire < TWOWEEKS) {
			ttp = localtime(&pwd->pw_expire);
			printf("Warning: your account expires on %s %d, 19%d\n",
			    months[ttp->tm_mon], ttp->tm_mday, ttp->tm_year);
		}

#define	TWOWEEKS	(14*24*60*60)
	if (pwd->pw_change || pwd->pw_expire)
		(void)gettimeofday(&tp, (struct timezone *)NULL);
	if (pwd->pw_change)
		if (tp.tv_sec >= pwd->pw_change) {
			printf("Sorry -- your password has expired.\n");
			sleepexit(1);
		}
		else if (tp.tv_sec - pwd->pw_change < TWOWEEKS && !quietlog) {
			ttp = localtime(&pwd->pw_change);
			printf("Warning: your password expires on %s %d, 19%d\n",
			    months[ttp->tm_mon], ttp->tm_mday, ttp->tm_year);
		}
	if (pwd->pw_expire)
		if (tp.tv_sec >= pwd->pw_expire) {
			printf("Sorry -- your account has expired.\n");
			sleepexit(1);
		}
		else if (tp.tv_sec - pwd->pw_expire < TWOWEEKS && !quietlog) {
			ttp = localtime(&pwd->pw_expire);
			printf("Warning: your account expires on %s %d, 19%d\n",
			    months[ttp->tm_mon], ttp->tm_mday, ttp->tm_year);
		}

	/* nothing else left to fail -- really log in */
	{
		struct utmp utmp;

		bzero((char *)&utmp, sizeof(utmp));
		(void)time(&utmp.ut_time);
		strncpy(utmp.ut_name, username, sizeof(utmp.ut_name));
		if (hostname)
			strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
		strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
		login(&utmp);
	}

	dolastlog(quietlog);

	if (!hflag && !rflag) {					/* XXX */
		static struct winsize win = { 0, 0, 0, 0 };

		(void)ioctl(0, TIOCSWINSZ, &win);
	}

	(void)chown(ttyn, pwd->pw_uid,
	    (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid);
	(void)chmod(ttyn, 0620);
	(void)setgid(pwd->pw_gid);

	initgroups(username, pwd->pw_gid);

	quota(Q_DOWARN, pwd->pw_uid, (dev_t)-1, 0);
	(void)setuid(pwd->pw_uid);

	if (*pwd->pw_shell == '\0')
		pwd->pw_shell = _PATH_BSHELL;
	/* turn on new line discipline for the csh */
	else if (!strcmp(pwd->pw_shell, _PATH_CSHELL)) {
		ioctlval = NTTYDISC;
		(void)ioctl(0, TIOCSETD, &ioctlval);
	}

	/* destroy environment unless user has requested preservation */
	if (!pflag)
		environ = envinit;
	(void)setenv("HOME", pwd->pw_dir, 1);
	(void)setenv("SHELL", pwd->pw_shell, 1);
	if (term[0] == '\0')
		strncpy(term, stypeof(tty), sizeof(term));
	(void)setenv("TERM", term, 0);
	(void)setenv("USER", pwd->pw_name, 1);
	(void)setenv("PATH", "/usr/ucb:/bin:/usr/bin:", 0);

	if (tty[sizeof("tty")-1] == 'd')
		syslog(LOG_INFO, "DIALUP %s, %s", tty, pwd->pw_name);
	if (pwd->pw_uid == 0)
		if (hostname)
			syslog(LOG_NOTICE, "ROOT LOGIN ON %s FROM %s",
			    tty, hostname);
		else
			syslog(LOG_NOTICE, "ROOT LOGIN ON %s", tty);

	if (!quietlog) {
		struct stat st;

		motd();
		(void)sprintf(tbuf, "%s/%s", _PATH_MAILDIR, pwd->pw_name);
		if (stat(tbuf, &st) == 0 && st.st_size != 0)
			printf("You have %smail.\n",
			    (st.st_mtime > st.st_atime) ? "new " : "");
	}

	(void)signal(SIGALRM, SIG_DFL);
	(void)signal(SIGQUIT, SIG_DFL);
	(void)signal(SIGINT, SIG_DFL);
	(void)signal(SIGTSTP, SIG_IGN);

	tbuf[0] = '-';
	strcpy(tbuf + 1, (p = rindex(pwd->pw_shell, '/')) ?
	    p + 1 : pwd->pw_shell);
	execlp(pwd->pw_shell, tbuf, 0);
	fprintf(stderr, "login: no shell: ");
	perror(pwd->pw_shell);
	exit(0);
}

getloginname()
{
	register int ch;
	register char *p;
	static char nbuf[UT_NAMESIZE + 1];

	for (;;) {
		printf("login: ");
		for (p = nbuf; (ch = getchar()) != '\n'; ) {
			if (ch == EOF) {
				badlogin(username);
				exit(0);
			}
			if (p < nbuf + UT_NAMESIZE)
				*p++ = ch;
		}
		if (p > nbuf)
			if (nbuf[0] == '-')
				fprintf(stderr,
				    "login names may not start with '-'.\n");
			else {
				*p = '\0';
				username = nbuf;
				break;
			}
	}
}

timedout()
{
	fprintf(stderr, "Login timed out after %d seconds\n", timeout);
	exit(0);
}

rootterm(ttyn)
	char *ttyn;
{
	struct ttyent *t;

	return((t = getttynam(ttyn)) && t->ty_status&TTY_SECURE);
}

jmp_buf motdinterrupt;

motd()
{
	register int fd, nchars;
	int (*oldint)(), sigint();
	char tbuf[8192];

	if ((fd = open(_PATH_MOTDFILE, O_RDONLY, 0)) < 0)
		return;
	oldint = signal(SIGINT, sigint);
	if (setjmp(motdinterrupt) == 0)
		while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0)
			(void)write(fileno(stdout), tbuf, nchars);
	(void)signal(SIGINT, oldint);
	(void)close(fd);
}

sigint()
{
	longjmp(motdinterrupt, 1);
}

checknologin()
{
	register int fd, nchars;
	char tbuf[8192];

	if ((fd = open(_PATH_NOLOGIN, O_RDONLY, 0)) >= 0) {
		while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0)
			(void)write(fileno(stdout), tbuf, nchars);
		sleepexit(0);
	}
}

dolastlog(quiet)
	int quiet;
{
	struct lastlog ll;
	int fd;
	char *ctime();
	char *ctime();

	if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) {
		(void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), L_SET);
		if (!quiet) {
			if (read(fd, (char *)&ll, sizeof(ll)) == sizeof(ll) &&
			    ll.ll_time != 0) {
				printf("Last login: %.*s ",
				    24-5, (char *)ctime(&ll.ll_time));
				if (*ll.ll_host != '\0')
					printf("from %.*s\n",
					    sizeof(ll.ll_host), ll.ll_host);
				else
					printf("on %.*s\n",
					    sizeof(ll.ll_line), ll.ll_line);
			}
			(void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), L_SET);
		}
		bzero((char *)&ll, sizeof(ll));
		(void)time(&ll.ll_time);
		strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
		if (hostname)
			strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));
		(void)write(fd, (char *)&ll, sizeof(ll));
		(void)close(fd);
	}
}

badlogin(name)
	char *name;
{
	if (failures == 0)
		return;
	if (hostname)
		syslog(LOG_NOTICE, "%d LOGIN FAILURE%s FROM %s, %s",
		    failures, failures > 1 ? "S" : "", hostname, name);
	else
		syslog(LOG_NOTICE, "%d LOGIN FAILURE%s ON %s, %s",
		    failures, failures > 1 ? "S" : "", tty, name);
}

#undef	UNKNOWN
#define	UNKNOWN	"su"

char *
stypeof(ttyid)
	char *ttyid;
{
	struct ttyent *t;

	return(ttyid && (t = getttynam(ttyid)) ? t->ty_type : UNKNOWN);
}

getstr(buf, cnt, err)
	char *buf, *err;
	int cnt;
{
	char ch;

	do {
		if (read(0, &ch, sizeof(ch)) != sizeof(ch))
			exit(1);
		if (--cnt < 0) {
			fprintf(stderr, "%s too long\r\n", err);
			sleepexit(1);
		}
		*buf++ = ch;
	} while (ch);
}

sleepexit(eval)
	int eval;
{
	sleep((u_int)5);
	exit(eval);
}

doremotelogin(host)
	char *host;
{
	static char lusername[UT_NAMESIZE+1];
	char rusername[UT_NAMESIZE+1];

	getstr(rusername, sizeof(rusername), "remuser");
	getstr(lusername, sizeof(lusername), "locuser");
	getstr(term, sizeof(term), "Terminal type");
	username = lusername;
	pwd = getpwnam(username);
	if (pwd == NULL)
		return(-1);
	return(ruserok(host, (pwd->pw_uid == 0), rusername, username));
}

char *speeds[] = {
	"0", "50", "75", "110", "134", "150", "200", "300", "600",
	"1200", "1800", "2400", "4800", "9600", "19200", "38400",
};
#define	NSPEEDS	(sizeof(speeds) / sizeof(speeds[0]))

doremoteterm(tp)
	struct sgttyb *tp;
{
	register char *cp = index(term, '/'), **cpp;
	char *speed;

	if (cp) {
		*cp++ = '\0';
		speed = cp;
		cp = index(speed, '/');
		if (cp)
			*cp++ = '\0';
		for (cpp = speeds; cpp < &speeds[NSPEEDS]; cpp++)
			if (strcmp(*cpp, speed) == 0) {
				tp->sg_ispeed = tp->sg_ospeed = cpp-speeds;
				break;
			}
	}
	tp->sg_flags = ECHO|CRMOD|ANYP|XTABS;
}
Commit	Line	Data
	1	/*
	2	* Copyright (c) 1980, 1987, 1988 The Regents of the University of California.
	3	* All rights reserved.
	4	*
	5	* Redistribution and use in source and binary forms are permitted
	6	* provided that the above copyright notice and this paragraph are
	7	* duplicated in all such forms and that any documentation,
	8	* advertising materials, and other materials related to such
	9	* distribution and use acknowledge that the software was developed
	10	* by the University of California, Berkeley. The name of the
	11	* University may not be used to endorse or promote products derived
	12	* from this software without specific prior written permission.
	13	* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
	14	* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
	15	* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
	16	*/
	17
	18	#ifndef lint
	19	char copyright[] =
	20	"@(#) Copyright (c) 1980, 1987, 1988 The Regents of the University of California.\n\
	21	All rights reserved.\n";
	22	#endif /* not lint */
	23
	24	#ifndef lint
	25	static char sccsid[] = "@(#)login.c 5.32.1.3 (Berkeley) %G%";
	26	#endif /* not lint */
	27
	28	/*
	29	* login [ name ]
	30	* login -r hostname (for rlogind)
	31	* login -h hostname (for telnetd, etc.)
	32	* login -f name (for pre-authenticated login: datakit, xterm, etc.)
	33	*/
	34
	35	#include <sys/param.h>
	36	#include <sys/quota.h>
	37	#include <sys/stat.h>
	38	#include <sys/time.h>
	39	#include <sys/resource.h>
	40	#include <sys/file.h>
	41	#include <sys/ioctl.h>
	42
	43	#include <utmp.h>
	44	#include <signal.h>
	45	#include <lastlog.h>
	46	#include <errno.h>
	47	#include <ttyent.h>
	48	#include <syslog.h>
	49	#include <grp.h>
	50	#include <pwd.h>
	51	#include <setjmp.h>
	52	#include <stdio.h>
	53	#include <strings.h>
	54	#include "pathnames.h"
	55
	56	#define TTYGRPNAME "tty" /* name of group to own ttys */
	57
	58	/*
	59	* This bounds the time given to login. Not a define so it can
	60	* be patched on machines where it's too small.
	61	*/
	62	int timeout = 300;
	63
	64	struct passwd *pwd;
	65	int failures;
	66	char term[64], hostname, username, *tty;
	67
	68	struct sgttyb sgttyb;
	69	struct tchars tc = {
	70	CINTR, CQUIT, CSTART, CSTOP, CEOT, CBRK
	71	};
	72	struct ltchars ltc = {
	73	CSUSP, CDSUSP, CRPRNT, CFLUSH, CWERASE, CLNEXT
	74	};
	75
	76	char *months[] =
	77	{ "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug",
	78	"Sep", "Oct", "Nov", "Dec" };
	79
	80	char *months[] =
	81	{ "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug",
	82	"Sep", "Oct", "Nov", "Dec" };
	83
	84	main(argc, argv)
	85	int argc;
	86	char **argv;
	87	{
	88	extern int errno, optind;
	89	extern char optarg, *environ;
	90	struct timeval tp;
	91	struct tm *ttp;
	92	struct timeval tp;
	93	struct tm *ttp;
	94	struct group *gr;
	95	register int ch;
	96	register char *p;
	97	int ask, fflag, hflag, pflag, rflag, cnt;
	98	int quietlog, passwd_req, ioctlval, timedout();
	99	char domain, salt, envinit[1], ttyn, *pp;
	100	char tbuf[MAXPATHLEN + 2];
	101	char ctime(), ttyname(), stypeof(), crypt(), *getpass();
	102	time_t time();
	103	off_t lseek();
	104
	105	(void)signal(SIGALRM, timedout);
	106	(void)alarm((u_int)timeout);
	107	(void)signal(SIGQUIT, SIG_IGN);
	108	(void)signal(SIGINT, SIG_IGN);
	109	(void)setpriority(PRIO_PROCESS, 0, 0);
	110	(void)quota(Q_SETUID, 0, 0, 0);
	111
	112	/*
	113	* -p is used by getty to tell login not to destroy the environment
	114	* -r is used by rlogind to cause the autologin protocol;
	115	* -f is used to skip a second login authentication
	116	* -h is used by other servers to pass the name of the remote
	117	* host to login so that it may be placed in utmp and wtmp
	118	*/
	119	(void)gethostname(tbuf, sizeof(tbuf));
	120	domain = index(tbuf, '.');
	121
	122	fflag = hflag = pflag = rflag = 0;
	123	passwd_req = 1;
	124	while ((ch = getopt(argc, argv, "fh:pr:")) != EOF)
	125	switch (ch) {
	126	case 'f':
	127	if (rflag) {
	128	fprintf(stderr,
	129	"login: only one of -r and -f allowed.\n");
	130	exit(1);
	131	}
	132	fflag = 1;
	133	break;
	134	case 'h':
	135	if (getuid()) {
	136	fprintf(stderr,
	137	"login: -h for super-user only.\n");
	138	exit(1);
	139	}
	140	if (rflag) {
	141	fprintf(stderr,
	142	"login: only one of -r and -h allowed.\n");
	143	exit(1);
	144	}
	145	hflag = 1;
	146	if (domain && (p = index(optarg, '.')) &&
	147	strcasecmp(p, domain) == 0)
	148	*p = 0;
	149	hostname = optarg;
	150	break;
	151	case 'p':
	152	pflag = 1;
	153	break;
	154	case 'r':
	155	if (hflag \|\| fflag) {
	156	fprintf(stderr,
	157	"login: -f and -h not allowed with -r.\n");
	158	exit(1);
	159	}
	160	if (getuid()) {
	161	fprintf(stderr,
	162	"login: -r for super-user only.\n");
	163	exit(1);
	164	}
	165	/* "-r hostname" must be last args */
	166	if (optind != argc) {
	167	fprintf(stderr, "Syntax error.\n");
	168	exit(1);
	169	}
	170	rflag = 1;
	171	passwd_req = (doremotelogin(optarg) == -1);
	172	if (domain && (p = index(optarg, '.')) &&
	173	!strcmp(p, domain))
	174	*p = '\0';
	175	hostname = optarg;
	176	break;
	177	case '?':
	178	default:
	179	fprintf(stderr, "usage: login [-fp] [username]\n");
	180	exit(1);
	181	}
	182	argc -= optind;
	183	argv += optind;
	184	if (*argv) {
	185	username = *argv;
	186	ask = 0;
	187	} else
	188	ask = 1;
	189	if (rflag)
	190	ask = 0;
	191
	192	ioctlval = 0;
	193	(void)ioctl(0, TIOCLSET, &ioctlval);
	194	(void)ioctl(0, TIOCNXCL, 0);
	195	(void)fcntl(0, F_SETFL, ioctlval);
	196	(void)ioctl(0, TIOCGETP, &sgttyb);
	197
	198	/*
	199	* If talking to an rlogin process, propagate the terminal type and
	200	* baud rate across the network.
	201	*/
	202	if (rflag)
	203	doremoteterm(&sgttyb);
	204	sgttyb.sg_erase = CERASE;
	205	sgttyb.sg_kill = CKILL;
	206	(void)ioctl(0, TIOCSLTC, &ltc);
	207	(void)ioctl(0, TIOCSETC, &tc);
	208	(void)ioctl(0, TIOCSETP, &sgttyb);
	209
	210	for (cnt = getdtablesize(); cnt > 2; cnt--)
	211	close(cnt);
	212
	213	ttyn = ttyname(0);
	214	if (ttyn == NULL \|\| *ttyn == '\0')
	215	ttyn = "/dev/tty??";
	216	if (tty = rindex(ttyn, '/'))
	217	++tty;
	218	else
	219	tty = ttyn;
	220
	221	openlog("login", LOG_ODELAY, LOG_AUTH);
	222
	223	for (cnt = 0;; ask = 1) {
	224	ioctlval = 0;
	225	(void)ioctl(0, TIOCSETD, &ioctlval);
	226
	227	if (ask) {
	228	fflag = 0;
	229	getloginname();
	230	}
	231	/*
	232	* Note if trying multiple user names;
	233	* log failures for previous user name,
	234	* but don't bother logging one failure
	235	* for nonexistent name (mistyped username).
	236	*/
	237	if (failures && strcmp(tbuf, username)) {
	238	if (failures > (pwd ? 0 : 1))
	239	badlogin(tbuf);
	240	failures = 0;
	241	}
	242	(void)strcpy(tbuf, username);
	243	if (pwd = getpwnam(username))
	244	salt = pwd->pw_passwd;
	245	else
	246	salt = "xx";
	247
	248	/* if user not super-user, check for disabled logins */
	249	if (pwd == NULL \|\| pwd->pw_uid)
	250	checknologin();
	251
	252	/*
	253	* Disallow automatic login to root; if not invoked by
	254	* root, disallow if the uid's differ.
	255	*/
	256	if (fflag && pwd) {
	257	int uid = getuid();
	258
	259	passwd_req = pwd->pw_uid == 0 \|\|
	260	(uid && uid != pwd->pw_uid);
	261	}
	262
	263	/*
	264	* If no pre-authentication and a password exists
	265	* for this user, prompt for one and verify it.
	266	*/
	267	if (!passwd_req \|\| (pwd && !*pwd->pw_passwd))
	268	break;
	269
	270	setpriority(PRIO_PROCESS, 0, -4);
	271	pp = getpass("Password:");
	272	p = crypt(pp, salt);
	273	setpriority(PRIO_PROCESS, 0, 0);
	274
	275	(void) bzero(pp, strlen(pp));
	276	if (pwd && !strcmp(p, pwd->pw_passwd))
	277	break;
	278
	279	printf("Login incorrect\n");
	280	failures++;
	281	/* we allow 10 tries, but after 3 we start backing off */
	282	if (++cnt > 3) {
	283	if (cnt >= 10) {
	284	badlogin(username);
	285	(void)ioctl(0, TIOCHPCL, (struct sgttyb *)NULL);
	286	sleepexit(1);
	287	}
	288	sleep((u_int)((cnt - 3) * 5));
	289	}
	290	}
	291
	292	/* committed to login -- turn off timeout */
	293	(void)alarm((u_int)0);
	294
	295	/*
	296	* If valid so far and root is logging in, see if root logins on
	297	* this terminal are permitted.
	298	*/
	299	if (pwd->pw_uid == 0 && !rootterm(tty)) {
	300	if (hostname)
	301	syslog(LOG_NOTICE, "ROOT LOGIN REFUSED FROM %s",
	302	hostname);
	303	else
	304	syslog(LOG_NOTICE, "ROOT LOGIN REFUSED ON %s", tty);
	305	printf("Login incorrect\n");
	306	sleepexit(1);
	307	}
	308
	309	if (quota(Q_SETUID, pwd->pw_uid, 0, 0) < 0 && errno != EINVAL) {
	310	switch(errno) {
	311	case EUSERS:
	312	fprintf(stderr,
	313	"Too many users logged on already.\nTry again later.\n");
	314	break;
	315	case EPROCLIM:
	316	fprintf(stderr,
	317	"You have too many processes running.\n");
	318	break;
	319	default:
	320	perror("quota (Q_SETUID)");
	321	}
	322	sleepexit(0);
	323	}
	324
	325	if (chdir(pwd->pw_dir) < 0) {
	326	printf("No directory %s!\n", pwd->pw_dir);
	327	if (chdir("/"))
	328	exit(0);
	329	pwd->pw_dir = "/";
	330	printf("Logging in with home = \"/\".\n");
	331	}
	332
	333	#define TWOWEEKS (142460*60)
	334	if (pwd->pw_change \|\| pwd->pw_expire)
	335	(void)gettimeofday(&tp, (struct timezone *)NULL);
	336	if (pwd->pw_change)
	337	if (tp.tv_sec >= pwd->pw_change) {
	338	printf("Sorry -- your password has expired.\n");
	339	sleepexit(1);
	340	}
	341	else if (tp.tv_sec - pwd->pw_change < TWOWEEKS) {
	342	ttp = localtime(&pwd->pw_change);
	343	printf("Warning: your password expires on %s %d, 19%d\n",
	344	months[ttp->tm_mon], ttp->tm_mday, ttp->tm_year);
	345	}
	346	if (pwd->pw_expire)
	347	if (tp.tv_sec >= pwd->pw_expire) {
	348	printf("Sorry -- your account has expired.\n");
	349	sleepexit(1);
	350	}
	351	else if (tp.tv_sec - pwd->pw_expire < TWOWEEKS) {
	352	ttp = localtime(&pwd->pw_expire);
	353	printf("Warning: your account expires on %s %d, 19%d\n",
	354	months[ttp->tm_mon], ttp->tm_mday, ttp->tm_year);
	355	}
	356
	357	#define TWOWEEKS (142460*60)
	358	if (pwd->pw_change \|\| pwd->pw_expire)
	359	(void)gettimeofday(&tp, (struct timezone *)NULL);
	360	if (pwd->pw_change)
	361	if (tp.tv_sec >= pwd->pw_change) {
	362	printf("Sorry -- your password has expired.\n");
	363	sleepexit(1);
	364	}
	365	else if (tp.tv_sec - pwd->pw_change < TWOWEEKS && !quietlog) {
	366	ttp = localtime(&pwd->pw_change);
	367	printf("Warning: your password expires on %s %d, 19%d\n",
	368	months[ttp->tm_mon], ttp->tm_mday, ttp->tm_year);
	369	}
	370	if (pwd->pw_expire)
	371	if (tp.tv_sec >= pwd->pw_expire) {
	372	printf("Sorry -- your account has expired.\n");
	373	sleepexit(1);
	374	}
	375	else if (tp.tv_sec - pwd->pw_expire < TWOWEEKS && !quietlog) {
	376	ttp = localtime(&pwd->pw_expire);
	377	printf("Warning: your account expires on %s %d, 19%d\n",
	378	months[ttp->tm_mon], ttp->tm_mday, ttp->tm_year);
	379	}
	380
	381	/* nothing else left to fail -- really log in */
	382	{
	383	struct utmp utmp;
	384
	385	bzero((char *)&utmp, sizeof(utmp));
	386	(void)time(&utmp.ut_time);
	387	strncpy(utmp.ut_name, username, sizeof(utmp.ut_name));
	388	if (hostname)
	389	strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
	390	strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
	391	login(&utmp);
	392	}
	393
	394	dolastlog(quietlog);
	395
	396	if (!hflag && !rflag) { /* XXX */
	397	static struct winsize win = { 0, 0, 0, 0 };
	398
	399	(void)ioctl(0, TIOCSWINSZ, &win);
	400	}
	401
	402	(void)chown(ttyn, pwd->pw_uid,
	403	(gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid);
	404	(void)chmod(ttyn, 0620);
	405	(void)setgid(pwd->pw_gid);
	406
	407	initgroups(username, pwd->pw_gid);
	408
	409	quota(Q_DOWARN, pwd->pw_uid, (dev_t)-1, 0);
	410	(void)setuid(pwd->pw_uid);
	411
	412	if (*pwd->pw_shell == '\0')
	413	pwd->pw_shell = _PATH_BSHELL;
	414	/* turn on new line discipline for the csh */
	415	else if (!strcmp(pwd->pw_shell, _PATH_CSHELL)) {
	416	ioctlval = NTTYDISC;
	417	(void)ioctl(0, TIOCSETD, &ioctlval);
	418	}
	419
	420	/* destroy environment unless user has requested preservation */
	421	if (!pflag)
	422	environ = envinit;
	423	(void)setenv("HOME", pwd->pw_dir, 1);
	424	(void)setenv("SHELL", pwd->pw_shell, 1);
	425	if (term[0] == '\0')
	426	strncpy(term, stypeof(tty), sizeof(term));
	427	(void)setenv("TERM", term, 0);
	428	(void)setenv("USER", pwd->pw_name, 1);
	429	(void)setenv("PATH", "/usr/ucb:/bin:/usr/bin:", 0);
	430
	431	if (tty[sizeof("tty")-1] == 'd')
	432	syslog(LOG_INFO, "DIALUP %s, %s", tty, pwd->pw_name);
	433	if (pwd->pw_uid == 0)
	434	if (hostname)
	435	syslog(LOG_NOTICE, "ROOT LOGIN ON %s FROM %s",
	436	tty, hostname);
	437	else
	438	syslog(LOG_NOTICE, "ROOT LOGIN ON %s", tty);
	439
	440	if (!quietlog) {
	441	struct stat st;
	442
	443	motd();
	444	(void)sprintf(tbuf, "%s/%s", _PATH_MAILDIR, pwd->pw_name);
	445	if (stat(tbuf, &st) == 0 && st.st_size != 0)
	446	printf("You have %smail.\n",
	447	(st.st_mtime > st.st_atime) ? "new " : "");
	448	}
	449
	450	(void)signal(SIGALRM, SIG_DFL);
	451	(void)signal(SIGQUIT, SIG_DFL);
	452	(void)signal(SIGINT, SIG_DFL);
	453	(void)signal(SIGTSTP, SIG_IGN);
	454
	455	tbuf[0] = '-';
	456	strcpy(tbuf + 1, (p = rindex(pwd->pw_shell, '/')) ?
	457	p + 1 : pwd->pw_shell);
	458	execlp(pwd->pw_shell, tbuf, 0);
	459	fprintf(stderr, "login: no shell: ");
	460	perror(pwd->pw_shell);
	461	exit(0);
	462	}
	463
	464	getloginname()
	465	{
	466	register int ch;
	467	register char *p;
	468	static char nbuf[UT_NAMESIZE + 1];
	469
	470	for (;;) {
	471	printf("login: ");
	472	for (p = nbuf; (ch = getchar()) != '\n'; ) {
	473	if (ch == EOF) {
	474	badlogin(username);
	475	exit(0);
	476	}
	477	if (p < nbuf + UT_NAMESIZE)
	478	*p++ = ch;
	479	}
	480	if (p > nbuf)
	481	if (nbuf[0] == '-')
	482	fprintf(stderr,
	483	"login names may not start with '-'.\n");
	484	else {
	485	*p = '\0';
	486	username = nbuf;
	487	break;
	488	}
	489	}
	490	}
	491
	492	timedout()
	493	{
	494	fprintf(stderr, "Login timed out after %d seconds\n", timeout);
	495	exit(0);
	496	}
	497
	498	rootterm(ttyn)
	499	char *ttyn;
	500	{
	501	struct ttyent *t;
	502
	503	return((t = getttynam(ttyn)) && t->ty_status&TTY_SECURE);
	504	}
	505
	506	jmp_buf motdinterrupt;
	507
	508	motd()
	509	{
	510	register int fd, nchars;
	511	int (*oldint)(), sigint();
	512	char tbuf[8192];
	513
	514	if ((fd = open(_PATH_MOTDFILE, O_RDONLY, 0)) < 0)
	515	return;
	516	oldint = signal(SIGINT, sigint);
	517	if (setjmp(motdinterrupt) == 0)
	518	while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0)
	519	(void)write(fileno(stdout), tbuf, nchars);
	520	(void)signal(SIGINT, oldint);
	521	(void)close(fd);
	522	}
	523
	524	sigint()
	525	{
	526	longjmp(motdinterrupt, 1);
	527	}
	528
	529	checknologin()
	530	{
	531	register int fd, nchars;
	532	char tbuf[8192];
	533
	534	if ((fd = open(_PATH_NOLOGIN, O_RDONLY, 0)) >= 0) {
	535	while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0)
	536	(void)write(fileno(stdout), tbuf, nchars);
	537	sleepexit(0);
	538	}
	539	}
	540
	541	dolastlog(quiet)
	542	int quiet;
	543	{
	544	struct lastlog ll;
	545	int fd;
	546	char *ctime();
	547	char *ctime();
	548
	549	if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) {
	550	(void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), L_SET);
	551	if (!quiet) {
	552	if (read(fd, (char *)&ll, sizeof(ll)) == sizeof(ll) &&
	553	ll.ll_time != 0) {
	554	printf("Last login: %.*s ",
	555	24-5, (char *)ctime(&ll.ll_time));
	556	if (*ll.ll_host != '\0')
	557	printf("from %.*s\n",
	558	sizeof(ll.ll_host), ll.ll_host);
	559	else
	560	printf("on %.*s\n",
	561	sizeof(ll.ll_line), ll.ll_line);
	562	}
	563	(void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), L_SET);
	564	}
	565	bzero((char *)&ll, sizeof(ll));
	566	(void)time(&ll.ll_time);
	567	strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
	568	if (hostname)
	569	strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));
	570	(void)write(fd, (char *)&ll, sizeof(ll));
	571	(void)close(fd);
	572	}
	573	}
	574
	575	badlogin(name)
	576	char *name;
	577	{
	578	if (failures == 0)
	579	return;
	580	if (hostname)
	581	syslog(LOG_NOTICE, "%d LOGIN FAILURE%s FROM %s, %s",
	582	failures, failures > 1 ? "S" : "", hostname, name);
	583	else
	584	syslog(LOG_NOTICE, "%d LOGIN FAILURE%s ON %s, %s",
	585	failures, failures > 1 ? "S" : "", tty, name);
	586	}
	587
	588	#undef UNKNOWN
	589	#define UNKNOWN "su"
	590
	591	char *
	592	stypeof(ttyid)
	593	char *ttyid;
	594	{
	595	struct ttyent *t;
	596
	597	return(ttyid && (t = getttynam(ttyid)) ? t->ty_type : UNKNOWN);
	598	}
	599
	600	getstr(buf, cnt, err)
	601	char buf, err;
	602	int cnt;
	603	{
	604	char ch;
	605
	606	do {
	607	if (read(0, &ch, sizeof(ch)) != sizeof(ch))
	608	exit(1);
	609	if (--cnt < 0) {
	610	fprintf(stderr, "%s too long\r\n", err);
	611	sleepexit(1);
	612	}
	613	*buf++ = ch;
	614	} while (ch);
	615	}
	616
	617	sleepexit(eval)
	618	int eval;
	619	{
	620	sleep((u_int)5);
	621	exit(eval);
	622	}
	623
	624	doremotelogin(host)
	625	char *host;
	626	{
	627	static char lusername[UT_NAMESIZE+1];
	628	char rusername[UT_NAMESIZE+1];
	629
	630	getstr(rusername, sizeof(rusername), "remuser");
	631	getstr(lusername, sizeof(lusername), "locuser");
	632	getstr(term, sizeof(term), "Terminal type");
	633	username = lusername;
	634	pwd = getpwnam(username);
	635	if (pwd == NULL)
	636	return(-1);
	637	return(ruserok(host, (pwd->pw_uid == 0), rusername, username));
	638	}
	639
	640	char *speeds[] = {
	641	"0", "50", "75", "110", "134", "150", "200", "300", "600",
	642	"1200", "1800", "2400", "4800", "9600", "19200", "38400",
	643	};
	644	#define NSPEEDS (sizeof(speeds) / sizeof(speeds[0]))
	645
	646	doremoteterm(tp)
	647	struct sgttyb *tp;
	648	{
	649	register char cp = index(term, '/'), *cpp;
	650	char *speed;
	651
	652	if (cp) {
	653	*cp++ = '\0';
	654	speed = cp;
	655	cp = index(speed, '/');
	656	if (cp)
	657	*cp++ = '\0';
	658	for (cpp = speeds; cpp < &speeds[NSPEEDS]; cpp++)
	659	if (strcmp(*cpp, speed) == 0) {
	660	tp->sg_ispeed = tp->sg_ospeed = cpp-speeds;
	661	break;
	662	}
	663	}
	664	tp->sg_flags = ECHO\|CRMOD\|ANYP\|XTABS;
	665	}