projects / unix-history / blobdiff
? search:
summary | tags | clone url | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
/etc/securetty is checked, even when root logins across the net.
[unix-history] / usr / src / usr.bin / login / login.c.1
diff --git a/usr/src/usr.bin/login/login.c.1 b/usr/src/usr.bin/login/login.c.1
index dd7b33f..19ad807 100644 (file)
--- a/usr/src/usr.bin/login/login.c.1
+++ b/usr/src/usr.bin/login/login.c.1
@@ -1,4 +1,4 @@
-static char *sccsid = "@(#)login.c.1   4.20 82/12/21";
+static char *sccsid = "@(#)login.c.1   4.23 83/05/19";
 /*
  * login [ name ]
  * login -r
 /*
  * login [ name ]
  * login -r
@@ -50,7 +50,6 @@ int   setpwent();
 char   *ttyname();
 char   *crypt();
 char   *getpass();
 char   *ttyname();
 char   *crypt();
 char   *getpass();
-char   *rindex();
 char   *stypeof();
 extern char **environ;
 
 char   *stypeof();
 extern char **environ;
 
@@ -97,36 +96,51 @@ char **argv;
                setpwent();
                pwd = getpwnam(lusername);
                endpwent();
                setpwent();
                pwd = getpwnam(lusername);
                endpwent();
-               if (pwd == NULL) {
-                       if (strcmp(rusername, lusername))
-                               printf("%s: No such user\r\n", lusername);
+               if (pwd == NULL)
                        goto abnormal;
                        goto abnormal;
-               }
                hostf = pwd->pw_uid ? fopen("/etc/hosts.equiv", "r") : 0;
        again:
                if (hostf) {
                hostf = pwd->pw_uid ? fopen("/etc/hosts.equiv", "r") : 0;
        again:
                if (hostf) {
-                 char ahost[32];
-                 while (fgets(ahost, sizeof (ahost), hostf)) {
-                       char *user;
-                       if (index(ahost, '\n'))
-                               *index(ahost, '\n') = 0;
-                       user = index(ahost, ' ');
-                       if (user)
-                               *user++ = 0;
-                       if (!strcmp(rhost, ahost) &&
-                           !strcmp(rusername, user ? user : lusername)) {
-                               fclose(hostf);
-                               goto normal;
+                       char ahost[32];
+
+                       while (fgets(ahost, sizeof (ahost), hostf)) {
+                               char *user;
+
+                               if ((user = index(ahost, '\n')) != 0)
+                                       *user++ = '\0';
+                               if ((user = index(ahost, ' ')) != 0)
+                                       *user++ = '\0';
+                               if (!strcmp(rhost, ahost) &&
+                                   !strcmp(rusername, user ?
+                                   user : lusername)) {
+                                       fclose(hostf);
+                                       goto normal;
+                               }
                        }
                        }
-                 }
-                 fclose(hostf);
+                       fclose(hostf);
                }
                if (first == 1) {
                }
                if (first == 1) {
+                       char *rhosts = ".rhosts";
+                       struct stat sbuf;
+
                        first = 0;
                        if (chdir(pwd->pw_dir) < 0)
                                goto again;
                        first = 0;
                        if (chdir(pwd->pw_dir) < 0)
                                goto again;
-                       hostf = fopen(".rhosts", "r");
-                       goto again;
+                       if (lstat(rhosts, &sbuf) < 0)
+                               goto again;
+                       if ((sbuf.st_mode & S_IFMT) == S_IFLNK) {
+                               printf("login: .rhosts is a soft link.\r\n");
+                               goto abnormal;
+                       }
+                       hostf = fopen(rhosts, "r");
+                       fstat(fileno(hostf), &sbuf);
+                       if ((int) sbuf.st_uid != pwd->pw_uid &&
+                           (int) sbuf.st_uid != 0) {
+                               printf("login: Bad .rhosts ownership.\r\n");
+                               fclose(hostf);
+                               goto abnormal;
+                       }
+               goto again;
                }
 abnormal:
                rhost = 0;
                }
 abnormal:
                rhost = 0;
@@ -339,8 +353,6 @@ rootterm(tty)
        register FILE *fd;
        char buf[100];
 
        register FILE *fd;
        char buf[100];
 
-       if (rflag)
-               return(1);
        if ((fd = fopen(securetty, "r")) == NULL)
                return(1);
        while (fgets(buf, sizeof buf, fd) != NULL) {
        if ((fd = fopen(securetty, "r")) == NULL)
                return(1);
        while (fgets(buf, sizeof buf, fd) != NULL) {
Continuous source code history from original PDP-7 UNIX to FreeBSD 2, the first fully unencumbered FreeBSD release.