projects / unix-history / blobdiff
? search:
summary | tags | clone url | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
move Kerberos code into klogin.c; CFLUSH -> CDISCARD; errno.h declares
[unix-history] / usr / src / usr.bin / login / login.c.1
diff --git a/usr/src/usr.bin/login/login.c.1 b/usr/src/usr.bin/login/login.c.1
index 425afea..920ea40 100644 (file)
--- a/usr/src/usr.bin/login/login.c.1
+++ b/usr/src/usr.bin/login/login.c.1
@@ -22,7 +22,7 @@ char copyright[] =
 #endif /* not lint */
 
 #ifndef lint
 #endif /* not lint */
 
 #ifndef lint
-static char sccsid[] = "@(#)login.c.1  5.26 (Berkeley) %G%";
+static char sccsid[] = "@(#)login.c.1  5.34 (Berkeley) %G%";
 #endif /* not lint */
 
 /*
 #endif /* not lint */
 
 /*
@@ -66,31 +66,38 @@ static char sccsid[] = "@(#)login.c.1       5.26 (Berkeley) %G%";
  */
 int    timeout = 300;
 
  */
 int    timeout = 300;
 
-struct passwd *pwd;
-char term[64], *hostname, *username;
+struct passwd *pwd;
+int    failures;
+char   term[64], *hostname, *username, *tty;
 
 
-struct sgttyb sgttyb;
-struct tchars tc = {
+struct sgttyb sgttyb;
+struct tchars tc = {
        CINTR, CQUIT, CSTART, CSTOP, CEOT, CBRK
 };
        CINTR, CQUIT, CSTART, CSTOP, CEOT, CBRK
 };
-struct ltchars ltc = {
+struct ltchars ltc = {
        CSUSP, CDSUSP, CRPRNT, CFLUSH, CWERASE, CLNEXT
 };
 
        CSUSP, CDSUSP, CRPRNT, CFLUSH, CWERASE, CLNEXT
 };
 
+char *months[] =
+       { "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug",
+         "Sep", "Oct", "Nov", "Dec" };
+
 main(argc, argv)
        int argc;
        char **argv;
 {
        extern int errno, optind;
        extern char *optarg, **environ;
 main(argc, argv)
        int argc;
        char **argv;
 {
        extern int errno, optind;
        extern char *optarg, **environ;
+       struct timeval tp;
+       struct tm *ttp;
        struct group *gr;
        register int ch;
        register char *p;
        struct group *gr;
        register int ch;
        register char *p;
-       int fflag, hflag, pflag, cnt;
+       int ask, fflag, hflag, pflag, cnt;
        int quietlog, passwd_req, ioctlval, timedout();
        int quietlog, passwd_req, ioctlval, timedout();
-       char *domain, *salt, *envinit[1], *ttyn, *tty;
+       char *domain, *salt, *envinit[1], *ttyn, *pp;
        char tbuf[MAXPATHLEN + 2];
        char tbuf[MAXPATHLEN + 2];
-       char *ttyname(), *stypeof(), *crypt(), *getpass();
+       char *ctime(), *ttyname(), *stypeof(), *crypt(), *getpass();
        time_t time();
        off_t lseek();
 
        time_t time();
        off_t lseek();
 
@@ -125,7 +132,7 @@ main(argc, argv)
                        }
                        hflag = 1;
                        if (domain && (p = index(optarg, '.')) &&
                        }
                        hflag = 1;
                        if (domain && (p = index(optarg, '.')) &&
-                           strcmp(p, domain) == 0)
+                           strcasecmp(p, domain) == 0)
                                *p = 0;
                        hostname = optarg;
                        break;
                                *p = 0;
                        hostname = optarg;
                        break;
@@ -139,8 +146,11 @@ main(argc, argv)
                }
        argc -= optind;
        argv += optind;
                }
        argc -= optind;
        argv += optind;
-       if (*argv)
+       if (*argv) {
                username = *argv;
                username = *argv;
+               ask = 0;
+       } else
+               ask = 1;
 
        ioctlval = 0;
        (void)ioctl(0, TIOCLSET, &ioctlval);
 
        ioctlval = 0;
        (void)ioctl(0, TIOCLSET, &ioctlval);
@@ -166,14 +176,26 @@ main(argc, argv)
 
        openlog("login", LOG_ODELAY, LOG_AUTH);
 
 
        openlog("login", LOG_ODELAY, LOG_AUTH);
 
-       for (cnt = 0;; username = NULL) {
+       for (cnt = 0;; ask = 1) {
                ioctlval = 0;
                (void)ioctl(0, TIOCSETD, &ioctlval);
 
                ioctlval = 0;
                (void)ioctl(0, TIOCSETD, &ioctlval);
 
-               if (username == NULL) {
+               if (ask) {
                        fflag = 0;
                        getloginname();
                }
                        fflag = 0;
                        getloginname();
                }
+               /*
+                * Note if trying multiple user names;
+                * log failures for previous user name,
+                * but don't bother logging one failure
+                * for nonexistent name (mistyped username).
+                */
+               if (failures && strcmp(tbuf, username)) {
+                       if (failures > (pwd ? 0 : 1))
+                               badlogin(tbuf);
+                       failures = 0;
+               }
+               (void)strcpy(tbuf, username);
                if (pwd = getpwnam(username))
                        salt = pwd->pw_passwd;
                else
                if (pwd = getpwnam(username))
                        salt = pwd->pw_passwd;
                else
@@ -198,28 +220,28 @@ main(argc, argv)
                 * If no pre-authentication and a password exists
                 * for this user, prompt for one and verify it.
                 */
                 * If no pre-authentication and a password exists
                 * for this user, prompt for one and verify it.
                 */
-               if (!passwd_req || pwd && !*pwd->pw_passwd)
+               if (!passwd_req || (pwd && !*pwd->pw_passwd))
                        break;
 
                setpriority(PRIO_PROCESS, 0, -4);
                        break;
 
                setpriority(PRIO_PROCESS, 0, -4);
-               p = crypt(getpass("Password:"), salt);
+               pp = getpass("Password:");
+               p = crypt(pp, salt);
                setpriority(PRIO_PROCESS, 0, 0);
                setpriority(PRIO_PROCESS, 0, 0);
+
+               (void) bzero(pp, strlen(pp));
                if (pwd && !strcmp(p, pwd->pw_passwd))
                        break;
 
                printf("Login incorrect\n");
                if (pwd && !strcmp(p, pwd->pw_passwd))
                        break;
 
                printf("Login incorrect\n");
-               if (++cnt >= 5) {
-                       if (hostname)
-                           syslog(LOG_ERR,
-                               "REPEATED LOGIN FAILURES ON %s FROM %.*s, %.*s",
-                               tty, UT_HOSTSIZE, hostname, UT_NAMESIZE,
-                               username);
-                       else
-                           syslog(LOG_ERR,
-                               "REPEATED LOGIN FAILURES ON %s, %.*s",
-                               tty, UT_NAMESIZE, username);
-                       (void)ioctl(0, TIOCHPCL, (struct sgttyb *)NULL);
-                       sleepexit(1);
+               failures++;
+               /* we allow 10 tries, but after 3 we start backing off */
+               if (++cnt > 3) {
+                       if (cnt >= 10) {
+                               badlogin(username);
+                               (void)ioctl(0, TIOCHPCL, (struct sgttyb *)NULL);
+                               sleepexit(1);
+                       }
+                       sleep((u_int)((cnt - 3) * 5));
                }
        }
 
                }
        }
 
@@ -232,10 +254,10 @@ main(argc, argv)
         */
        if (pwd->pw_uid == 0 && !rootterm(tty)) {
                if (hostname)
         */
        if (pwd->pw_uid == 0 && !rootterm(tty)) {
                if (hostname)
-                       syslog(LOG_ERR, "ROOT LOGIN REFUSED ON %s FROM %.*s",
-                           tty, UT_HOSTSIZE, hostname);
+                       syslog(LOG_NOTICE, "ROOT LOGIN REFUSED FROM %s",
+                           hostname);
                else
                else
-                       syslog(LOG_ERR, "ROOT LOGIN REFUSED ON %s", tty);
+                       syslog(LOG_NOTICE, "ROOT LOGIN REFUSED ON %s", tty);
                printf("Login incorrect\n");
                sleepexit(1);
        }
                printf("Login incorrect\n");
                sleepexit(1);
        }
@@ -264,19 +286,45 @@ main(argc, argv)
                printf("Logging in with home = \"/\".\n");
        }
 
                printf("Logging in with home = \"/\".\n");
        }
 
+#define        TWOWEEKS        (14*24*60*60)
+       if (pwd->pw_change || pwd->pw_expire)
+               (void)gettimeofday(&tp, (struct timezone *)NULL);
+       if (pwd->pw_change)
+               if (tp.tv_sec >= pwd->pw_change) {
+                       printf("Sorry -- your password has expired.\n");
+                       sleepexit(1);
+               }
+               else if (tp.tv_sec - pwd->pw_change < TWOWEEKS) {
+                       ttp = localtime(&pwd->pw_change);
+                       printf("Warning: your password expires on %s %d, 19%d\n",
+                           months[ttp->tm_mon], ttp->tm_mday, ttp->tm_year);
+               }
+       if (pwd->pw_expire)
+               if (tp.tv_sec >= pwd->pw_expire) {
+                       printf("Sorry -- your account has expired.\n");
+                       sleepexit(1);
+               }
+               else if (tp.tv_sec - pwd->pw_expire < TWOWEEKS) {
+                       ttp = localtime(&pwd->pw_expire);
+                       printf("Warning: your account expires on %s %d, 19%d\n",
+                           months[ttp->tm_mon], ttp->tm_mday, ttp->tm_year);
+               }
+
        /* nothing else left to fail -- really log in */
        {
                struct utmp utmp;
 
        /* nothing else left to fail -- really log in */
        {
                struct utmp utmp;
 
+               bzero((char *)&utmp, sizeof(utmp));
                (void)time(&utmp.ut_time);
                strncpy(utmp.ut_name, username, sizeof(utmp.ut_name));
                (void)time(&utmp.ut_time);
                strncpy(utmp.ut_name, username, sizeof(utmp.ut_name));
-               strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
+               if (hostname)
+                       strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
                strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
                login(&utmp);
        }
 
        quietlog = access(HUSHLOGIN, F_OK) == 0;
                strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
                login(&utmp);
        }
 
        quietlog = access(HUSHLOGIN, F_OK) == 0;
-       dolastlog(quietlog, tty);
+       dolastlog(quietlog);
 
        if (!hflag) {                                   /* XXX */
                static struct winsize win = { 0, 0, 0, 0 };
 
        if (!hflag) {                                   /* XXX */
                static struct winsize win = { 0, 0, 0, 0 };
@@ -317,10 +365,10 @@ main(argc, argv)
                syslog(LOG_INFO, "DIALUP %s, %s", tty, pwd->pw_name);
        if (pwd->pw_uid == 0)
                if (hostname)
                syslog(LOG_INFO, "DIALUP %s, %s", tty, pwd->pw_name);
        if (pwd->pw_uid == 0)
                if (hostname)
-                       syslog(LOG_NOTICE, "ROOT LOGIN %s FROM %.*s",
-                           tty, UT_HOSTSIZE, hostname);
+                       syslog(LOG_NOTICE, "ROOT LOGIN ON %s FROM %s",
+                           tty, hostname);
                else
                else
-                       syslog(LOG_NOTICE, "ROOT LOGIN %s", tty);
+                       syslog(LOG_NOTICE, "ROOT LOGIN ON %s", tty);
 
        if (!quietlog) {
                struct stat st;
 
        if (!quietlog) {
                struct stat st;
@@ -355,8 +403,10 @@ getloginname()
        for (;;) {
                printf("login: ");
                for (p = nbuf; (ch = getchar()) != '\n'; ) {
        for (;;) {
                printf("login: ");
                for (p = nbuf; (ch = getchar()) != '\n'; ) {
-                       if (ch == EOF)
+                       if (ch == EOF) {
+                               badlogin(username);
                                exit(0);
                                exit(0);
+                       }
                        if (p < nbuf + UT_NAMESIZE)
                                *p++ = ch;
                }
                        if (p < nbuf + UT_NAMESIZE)
                                *p++ = ch;
                }
@@ -378,12 +428,12 @@ timedout()
        exit(0);
 }
 
        exit(0);
 }
 
-rootterm(tty)
-       char *tty;
+rootterm(ttyn)
+       char *ttyn;
 {
        struct ttyent *t;
 
 {
        struct ttyent *t;
 
-       return((t = getttynam(tty)) && t->ty_status&TTY_SECURE);
+       return((t = getttynam(ttyn)) && t->ty_status&TTY_SECURE);
 }
 
 jmp_buf motdinterrupt;
 }
 
 jmp_buf motdinterrupt;
@@ -421,12 +471,12 @@ checknologin()
        }
 }
 
        }
 }
 
-dolastlog(quiet, tty)
+dolastlog(quiet)
        int quiet;
        int quiet;
-       char *tty;
 {
        struct lastlog ll;
        int fd;
 {
        struct lastlog ll;
        int fd;
+       char *ctime();
 
        if ((fd = open(LASTLOG, O_RDWR, 0)) >= 0) {
                (void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), L_SET);
 
        if ((fd = open(LASTLOG, O_RDWR, 0)) >= 0) {
                (void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), L_SET);
@@ -444,14 +494,29 @@ dolastlog(quiet, tty)
                        }
                        (void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), L_SET);
                }
                        }
                        (void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), L_SET);
                }
+               bzero((char *)&ll, sizeof(ll));
                (void)time(&ll.ll_time);
                strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
                (void)time(&ll.ll_time);
                strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
-               strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));
+               if (hostname)
+                       strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));
                (void)write(fd, (char *)&ll, sizeof(ll));
                (void)close(fd);
        }
 }
 
                (void)write(fd, (char *)&ll, sizeof(ll));
                (void)close(fd);
        }
 }
 
+badlogin(name)
+       char *name;
+{
+       if (failures == 0)
+               return;
+       if (hostname)
+               syslog(LOG_NOTICE, "%d LOGIN FAILURE%s FROM %s, %s",
+                   failures, failures > 1 ? "S" : "", hostname, name);
+       else
+               syslog(LOG_NOTICE, "%d LOGIN FAILURE%s ON %s, %s",
+                   failures, failures > 1 ? "S" : "", tty, name);
+}
+
 #undef UNKNOWN
 #define        UNKNOWN "su"
 
 #undef UNKNOWN
 #define        UNKNOWN "su"
 
Continuous source code history from original PDP-7 UNIX to FreeBSD 2, the first fully unencumbered FreeBSD release.