+/*
+ * Copyright (c) 1980,1987 Regents of the University of California.
+ * All rights reserved. The Berkeley software License Agreement
+ * specifies the terms and conditions for redistribution.
+ */
+
#ifndef lint
-static char *sccsid = "@(#)login.c 4.33 (Berkeley) 83/09/02";
-#endif
+char copyright[] =
+"@(#) Copyright (c) 1980 Regents of the University of California.\n\
+ All rights reserved.\n";
+#endif not lint
+
+#ifndef lint
+static char sccsid[] = "@(#)login.c 5.23 (Berkeley) %G%";
+#endif not lint
/*
* login [ name ]
- * login -r hostname (for rlogind)
- * login -h hostname (for telnetd, etc.)
+ * login -r hostname (for rlogind)
+ * login -h hostname (for telnetd, etc.)
+ * login -f name (for pre-authenticated login: datakit, xterm, etc.)
*/
#include <sys/param.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <sys/resource.h>
+#include <sys/file.h>
#include <sgtty.h>
#include <utmp.h>
#include <stdio.h>
#include <lastlog.h>
#include <errno.h>
+#include <ttyent.h>
+#include <syslog.h>
+#include <grp.h>
+
+#define TTYGRPNAME "tty" /* name of group to own ttys */
+#define TTYGID(gid) tty_gid(gid) /* gid that owns all ttys */
+#define SCMPN(a, b) strncmp(a, b, sizeof(a))
#define SCPYN(a, b) strncpy(a, b, sizeof(a))
#define NMAX sizeof(utmp.ut_name)
+#define HMAX sizeof(utmp.ut_host)
#define FALSE 0
#define TRUE -1
char nolog[] = "/etc/nologin";
char qlog[] = ".hushlogin";
-char securetty[] = "/etc/securetty";
char maildir[30] = "/usr/spool/mail/";
char lastlog[] = "/usr/adm/lastlog";
struct passwd nouser = {"", "nope", -1, -1, -1, "", "", "", "" };
struct sgttyb ttyb;
struct utmp utmp;
char minusnam[16] = "-";
+char *envinit[1]; /* now set by setenv calls */
/*
* This bounds the time given to login. We initialize it here
* so it can be patched on machines where it's too small.
*/
-int timeout = 60;
-
-char homedir[64] = "HOME=";
-char shell[64] = "SHELL=";
-char term[64] = "TERM=";
-char user[20] = "USER=";
+int timeout = 300;
-char *envinit[] =
- { homedir, shell, "PATH=:/usr/ucb:/bin:/usr/bin", term, user, 0 };
+char term[64];
struct passwd *pwd;
-struct passwd *getpwnam();
char *strcat(), *rindex(), *index();
-int setpwent();
int timedout();
char *ttyname();
char *crypt();
char *getpass();
char *stypeof();
-extern char **environ;
extern int errno;
struct tchars tc = {
CSUSP, CDSUSP, CRPRNT, CFLUSH, CWERASE, CLNEXT
};
+struct winsize win = { 0, 0, 0, 0 };
+
int rflag;
+int usererr = -1;
char rusername[NMAX+1], lusername[NMAX+1];
char rpassword[NMAX+1];
char name[NMAX+1];
+char me[MAXHOSTNAMELEN];
char *rhost;
main(argc, argv)
char *argv[];
{
+ extern char **environ;
register char *namep;
- int t, f, c, i;
+ int pflag = 0, hflag = 0, fflag = 0, t, f, c;
int invalid, quietlog;
FILE *nlfd;
- char *ttyn;
+ char *ttyn, *tty;
int ldisc = 0, zero = 0;
+ char *p, *domain, *index();
signal(SIGALRM, timedout);
alarm(timeout);
setpriority(PRIO_PROCESS, 0, 0);
quota(Q_SETUID, 0, 0, 0);
/*
+ * -p is used by getty to tell login not to destroy the environment
* -r is used by rlogind to cause the autologin protocol;
+ * -f is used to skip a second login authentication
* -h is used by other servers to pass the name of the
* remote host to login so that it may be placed in utmp and wtmp
*/
- if (argc > 1) {
+ (void) gethostname(me, sizeof(me));
+ domain = index(me, '.');
+ while (argc > 1) {
if (strcmp(argv[1], "-r") == 0) {
- rflag = doremotelogin(argv[2]);
+ if (rflag || hflag || fflag) {
+ printf("Other options not allowed with -r\n");
+ exit(1);
+ }
+ if (argv[2] == 0)
+ exit(1);
+ rflag = 1;
+ usererr = doremotelogin(argv[2]);
+ if ((p = index(argv[2], '.')) && strcmp(p, domain) == 0)
+ *p = 0;
SCPYN(utmp.ut_host, argv[2]);
- argc = 0;
+ argc -= 2;
+ argv += 2;
+ continue;
}
- if (strcmp(argv[1], "-h") == 0 && getuid() == 0) {
- SCPYN(utmp.ut_host, argv[2]);
- argc = 0;
+ if (strcmp(argv[1], "-h") == 0) {
+ if (getuid() == 0) {
+ if (rflag || hflag) {
+ printf("Only one of -r and -h allowed\n");
+ exit(1);
+ }
+ hflag = 1;
+ if ((p = index(argv[2], '.')) &&
+ strcmp(p, domain) == 0)
+ *p = 0;
+ SCPYN(utmp.ut_host, argv[2]);
+ }
+ argc -= 2;
+ argv += 2;
+ continue;
}
+ if (strcmp(argv[1], "-f") == 0 && argc > 2) {
+ if (rflag) {
+ printf("Only one of -r and -f allowed\n");
+ exit(1);
+ }
+ fflag = 1;
+ SCPYN(utmp.ut_name, argv[2]);
+ argc -= 2;
+ argv += 2;
+ continue;
+ }
+ if (strcmp(argv[1], "-p") == 0) {
+ argc--;
+ argv++;
+ pflag = 1;
+ continue;
+ }
+ break;
}
ioctl(0, TIOCLSET, &zero);
ioctl(0, TIOCNXCL, 0);
*/
if (rflag)
doremoteterm(term, &ttyb);
+ ttyb.sg_erase = CERASE;
+ ttyb.sg_kill = CKILL;
ioctl(0, TIOCSLTC, <c);
ioctl(0, TIOCSETC, &tc);
ioctl(0, TIOCSETP, &ttyb);
- for (t = getdtablesize(); t > 3; t--)
+ for (t = getdtablesize(); t > 2; t--)
close(t);
ttyn = ttyname(0);
- if (ttyn==(char *)0)
+ if (ttyn == (char *)0 || *ttyn == '\0')
ttyn = "/dev/tty??";
+ tty = rindex(ttyn, '/');
+ if (tty == NULL)
+ tty = ttyn;
+ else
+ tty++;
+ openlog("login", LOG_ODELAY, LOG_AUTH);
+ t = 0;
+ invalid = FALSE;
do {
ldisc = 0;
ioctl(0, TIOCSETD, &ldisc);
- invalid = FALSE;
- SCPYN(utmp.ut_name, "");
+ if (fflag == 0)
+ SCPYN(utmp.ut_name, "");
/*
* Name specified, take it.
*/
* If remote login take given name,
* otherwise prompt user for something.
*/
- if (rflag) {
+ if (rflag && !invalid)
SCPYN(utmp.ut_name, lusername);
- /* autologin failed, prompt for passwd */
- if (rflag == -1)
- rflag = 0;
- } else
+ else {
getloginname(&utmp);
+ if (utmp.ut_name[0] == '-') {
+ puts("login names may not start with '-'.");
+ invalid = TRUE;
+ continue;
+ }
+ }
+ invalid = FALSE;
if (!strcmp(pwd->pw_shell, "/bin/csh")) {
ldisc = NTTYDISC;
ioctl(0, TIOCSETD, &ldisc);
}
+ if (fflag) {
+ int uid = getuid();
+
+ if (uid != 0 && uid != pwd->pw_uid)
+ fflag = 0;
+ /*
+ * Disallow automatic login for root.
+ */
+ if (pwd->pw_uid == 0)
+ fflag = 0;
+ }
/*
* If no remote login authentication and
* a password exists for this user, prompt
* for one and verify it.
*/
- if (!rflag && *pwd->pw_passwd != '\0') {
+ if (usererr == -1 && fflag == 0 && *pwd->pw_passwd != '\0') {
char *pp;
setpriority(PRIO_PROCESS, 0, -4);
/*
* If user not super-user, check for logins disabled.
*/
- if (pwd->pw_uid != 0 && (nlfd = fopen(nolog, "r")) > 0) {
+ if (pwd->pw_uid != 0 && (nlfd = fopen(nolog, "r"))) {
while ((c = getc(nlfd)) != EOF)
putchar(c);
fflush(stdout);
* If valid so far and root is logging in,
* see if root logins on this terminal are permitted.
*/
- if (!invalid && pwd->pw_uid == 0 &&
- !rootterm(ttyn+sizeof("/dev/")-1)) {
- logerr("ROOT LOGIN REFUSED %s",
- ttyn+sizeof("/dev/")-1);
+ if (!invalid && pwd->pw_uid == 0 && !rootterm(tty)) {
+ if (utmp.ut_host[0])
+ syslog(LOG_CRIT,
+ "ROOT LOGIN REFUSED ON %s FROM %.*s",
+ tty, HMAX, utmp.ut_host);
+ else
+ syslog(LOG_CRIT,
+ "ROOT LOGIN REFUSED ON %s", tty);
invalid = TRUE;
}
if (invalid) {
printf("Login incorrect\n");
- if (ttyn[sizeof("/dev/tty")-1] == 'd')
- logerr("BADDIALUP %s %s",
- ttyn+sizeof("/dev/")-1, utmp.ut_name);
+ if (++t >= 5) {
+ if (utmp.ut_host[0])
+ syslog(LOG_ERR,
+ "REPEATED LOGIN FAILURES ON %s FROM %.*s, %.*s",
+ tty, HMAX, utmp.ut_host,
+ NMAX, utmp.ut_name);
+ else
+ syslog(LOG_ERR,
+ "REPEATED LOGIN FAILURES ON %s, %.*s",
+ tty, NMAX, utmp.ut_name);
+ ioctl(0, TIOCHPCL, (struct sgttyb *) 0);
+ close(0), close(1), close(2);
+ sleep(10);
+ exit(1);
+ }
}
if (*pwd->pw_shell == '\0')
pwd->pw_shell = "/bin/sh";
- i = strlen(pwd->pw_shell);
if (chdir(pwd->pw_dir) < 0 && !invalid ) {
if (chdir("/") < 0) {
printf("No directory!\n");
* Remote login invalid must have been because
* of a restriction of some sort, no extra chances.
*/
- if (rflag && invalid)
+ if (!usererr && invalid)
exit(1);
} while (invalid);
/* committed to login turn off timeout */
alarm(0);
- if (quota(Q_SETUID, pwd->pw_uid, 0, 0) < 0) {
+ if (quota(Q_SETUID, pwd->pw_uid, 0, 0) < 0 && errno != EINVAL) {
if (errno == EUSERS)
printf("%s.\n%s.\n",
"Too many users logged on already",
else if (errno == EPROCLIM)
printf("You have too many processes running.\n");
else
- perror("setuid");
+ perror("quota (Q_SETUID)");
sleep(5);
exit(0);
}
time(&utmp.ut_time);
- t = ttyslot();
- if (t > 0 && (f = open("/etc/utmp", 1)) >= 0) {
- lseek(f, (long)(t*sizeof(utmp)), 0);
- SCPYN(utmp.ut_line, rindex(ttyn, '/')+1);
- write(f, (char *)&utmp, sizeof(utmp));
- close(f);
- }
- if (t > 0 && (f = open("/usr/adm/wtmp", 1)) >= 0) {
- lseek(f, 0L, 2);
- write(f, (char *)&utmp, sizeof(utmp));
- close(f);
- }
- quietlog = access(qlog, 0) == 0;
- if ((f = open(lastlog, 2)) >= 0) {
+ SCPYN(utmp.ut_line, tty);
+ login(&utmp);
+ quietlog = access(qlog, F_OK) == 0;
+ if ((f = open(lastlog, O_RDWR)) >= 0) {
struct lastlog ll;
lseek(f, (long)pwd->pw_uid * sizeof (struct lastlog), 0);
}
lseek(f, (long)pwd->pw_uid * sizeof (struct lastlog), 0);
time(&ll.ll_time);
- SCPYN(ll.ll_line, rindex(ttyn, '/')+1);
+ SCPYN(ll.ll_line, tty);
SCPYN(ll.ll_host, utmp.ut_host);
write(f, (char *) &ll, sizeof ll);
close(f);
}
- chown(ttyn, pwd->pw_uid, pwd->pw_gid);
- chmod(ttyn, 0622);
+ chown(ttyn, pwd->pw_uid, TTYGID(pwd->pw_gid));
+ if (!hflag && !rflag) /* XXX */
+ ioctl(0, TIOCSWINSZ, &win);
+ chmod(ttyn, 0620);
setgid(pwd->pw_gid);
strncpy(name, utmp.ut_name, NMAX);
name[NMAX] = '\0';
initgroups(name, pwd->pw_gid);
quota(Q_DOWARN, pwd->pw_uid, (dev_t)-1, 0);
setuid(pwd->pw_uid);
- environ = envinit;
- strncat(homedir, pwd->pw_dir, sizeof(homedir)-6);
- strncat(shell, pwd->pw_shell, sizeof(shell)-7);
- if (term[strlen("TERM=")] == 0)
- strncat(term, stypeof(ttyn), sizeof(term)-6);
- strncat(user, pwd->pw_name, sizeof(user)-6);
+
+ /* destroy environment unless user has asked to preserve it */
+ if (!pflag)
+ environ = envinit;
+ setenv("HOME", pwd->pw_dir, 1);
+ setenv("SHELL", pwd->pw_shell, 1);
+ if (term[0] == '\0')
+ strncpy(term, stypeof(tty), sizeof(term));
+ setenv("TERM", term, 0);
+ setenv("USER", pwd->pw_name, 1);
+ setenv("PATH", ":/usr/ucb:/bin:/usr/bin", 0);
+
if ((namep = rindex(pwd->pw_shell, '/')) == NULL)
namep = pwd->pw_shell;
else
namep++;
strcat(minusnam, namep);
- umask(022);
- if (ttyn[sizeof("/dev/tty")-1] == 'd')
- logerr("DIALUP %s %s",
- ttyn+sizeof("/dev/")-1, pwd->pw_name);
+ if (tty[sizeof("tty")-1] == 'd')
+ syslog(LOG_INFO, "DIALUP %s, %s", tty, pwd->pw_name);
+ if (pwd->pw_uid == 0)
+ if (utmp.ut_host[0])
+ syslog(LOG_NOTICE, "ROOT LOGIN %s FROM %.*s",
+ tty, HMAX, utmp.ut_host);
+ else
+ syslog(LOG_NOTICE, "ROOT LOGIN %s", tty);
if (!quietlog) {
+ struct stat st;
+
showmotd();
strcat(maildir, pwd->pw_name);
- if (access(maildir,4)==0) {
- struct stat statb;
- stat(maildir, &statb);
- if (statb.st_size)
- printf("You have mail.\n");
- }
+ if (stat(maildir, &st) == 0 && st.st_size != 0)
+ printf("You have %smail.\n",
+ (st.st_mtime > st.st_atime) ? "new " : "");
}
signal(SIGALRM, SIG_DFL);
signal(SIGQUIT, SIG_DFL);
char c;
while (up->ut_name[0] == '\0') {
- namep = utmp.ut_name;
+ namep = up->ut_name;
printf("login: ");
while ((c = getchar()) != '\n') {
if (c == ' ')
*namep++ = c;
}
}
- setpwent();
- if ((pwd = getpwnam(utmp.ut_name)) == NULL)
+ strncpy(lusername, up->ut_name, NMAX);
+ lusername[NMAX] = 0;
+ if ((pwd = getpwnam(lusername)) == NULL)
pwd = &nouser;
- endpwent();
}
timedout()
rootterm(tty)
char *tty;
{
- register FILE *fd;
- char buf[100];
-
- if ((fd = fopen(securetty, "r")) == NULL)
- return(1);
- while (fgets(buf, sizeof buf, fd) != NULL) {
- buf[strlen(buf)-1] = '\0';
- if (strcmp(tty, buf) == 0) {
- fclose(fd);
- return(1);
- }
+ register struct ttyent *t;
+
+ if ((t = getttynam(tty)) != NULL) {
+ if (t->ty_status & TTY_SECURE)
+ return (1);
}
- fclose(fd);
- return(0);
+ return (0);
}
showmotd()
register c;
signal(SIGINT, catch);
- if ((mf = fopen("/etc/motd","r")) != NULL) {
+ if ((mf = fopen("/etc/motd", "r")) != NULL) {
while ((c = getc(mf)) != EOF && stopmotd == 0)
putchar(c);
fclose(mf);
stypeof(ttyid)
char *ttyid;
{
- static char typebuf[16];
- char buf[50];
- register FILE *f;
- register char *p, *t, *q;
+ register struct ttyent *t;
- if (ttyid == NULL)
- return (UNKNOWN);
- f = fopen("/etc/ttytype", "r");
- if (f == NULL)
+ if (ttyid == NULL || (t = getttynam(ttyid)) == NULL)
return (UNKNOWN);
- /* split off end of name */
- for (p = q = ttyid; *p != 0; p++)
- if (*p == '/')
- q = p + 1;
-
- /* scan the file */
- while (fgets(buf, sizeof buf, f) != NULL) {
- for (t = buf; *t != ' ' && *t != '\t'; t++)
- ;
- *t++ = 0;
- while (*t == ' ' || *t == '\t')
- t++;
- for (p = t; *p > ' '; p++)
- ;
- *p = 0;
- if (strcmp(q,t) == 0) {
- strcpy(typebuf, buf);
- fclose(f);
- return (typebuf);
- }
- }
- fclose (f);
- return (UNKNOWN);
+ return (t->ty_type);
}
doremotelogin(host)
char *host;
{
- FILE *hostf;
- int first = 1;
-
getstr(rusername, sizeof (rusername), "remuser");
getstr(lusername, sizeof (lusername), "locuser");
- getstr(term+5, sizeof(term)-5, "Terminal type");
+ getstr(term, sizeof(term), "Terminal type");
if (getuid()) {
pwd = &nouser;
- goto bad;
+ return(-1);
}
- setpwent();
pwd = getpwnam(lusername);
- endpwent();
if (pwd == NULL) {
pwd = &nouser;
- goto bad;
- }
- hostf = pwd->pw_uid ? fopen("/etc/hosts.equiv", "r") : 0;
-again:
- if (hostf) {
- char ahost[32];
-
- while (fgets(ahost, sizeof (ahost), hostf)) {
- char *user;
-
- if ((user = index(ahost, '\n')) != 0)
- *user++ = '\0';
- if ((user = index(ahost, ' ')) != 0)
- *user++ = '\0';
- if (!strcmp(host, ahost) &&
- !strcmp(rusername, user ? user : lusername)) {
- fclose(hostf);
- return (1);
- }
- }
- fclose(hostf);
+ return(-1);
}
- if (first == 1) {
- char *rhosts = ".rhosts";
- struct stat sbuf;
-
- first = 0;
- if (chdir(pwd->pw_dir) < 0)
- goto again;
- if (lstat(rhosts, &sbuf) < 0)
- goto again;
- if ((sbuf.st_mode & S_IFMT) == S_IFLNK) {
- printf("login: .rhosts is a soft link.\r\n");
- goto bad;
- }
- hostf = fopen(rhosts, "r");
- fstat(fileno(hostf), &sbuf);
- if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid) {
- printf("login: Bad .rhosts ownership.\r\n");
- fclose(hostf);
- goto bad;
- }
- goto again;
- }
-bad:
- return (-1);
+ return(ruserok(host, (pwd->pw_uid == 0), rusername, lusername));
}
getstr(buf, cnt, err)
char *term;
struct sgttyb *tp;
{
- char *cp = index(term, '/');
- register int i;
+ register char *cp = index(term, '/'), **cpp;
+ char *speed;
if (cp) {
- *cp++ = 0;
- for (i = 0; i < NSPEEDS; i++)
- if (!strcmp(speeds[i], cp)) {
- tp->sg_ispeed = tp->sg_ospeed = i;
+ *cp++ = '\0';
+ speed = cp;
+ cp = index(speed, '/');
+ if (cp)
+ *cp++ = '\0';
+ for (cpp = speeds; cpp < &speeds[NSPEEDS]; cpp++)
+ if (strcmp(*cpp, speed) == 0) {
+ tp->sg_ispeed = tp->sg_ospeed = cpp-speeds;
break;
}
}
tp->sg_flags = ECHO|CRMOD|ANYP|XTABS;
}
-logerr(fmt, a1, a2, a3)
- char *fmt, *a1, *a2, *a3;
+tty_gid(default_gid)
+ int default_gid;
{
-#ifdef LOGERR
- FILE *cons = fopen("/dev/console", "w");
+ struct group *getgrnam(), *gr;
+ int gid = default_gid;
- if (cons != NULL) {
- fprintf(cons, fmt, a1, a2, a3);
- fprintf(cons, "\n\r");
- fclose(cons);
- }
-#endif
+ gr = getgrnam(TTYGRPNAME);
+ if (gr != (struct group *) 0)
+ gid = gr->gr_gid;
+
+ endgrent();
+
+ return (gid);
}