no more interaction with quotas

[unix-history] / usr / src / usr.bin / login / login.c

diff --git a/usr/src/usr.bin/login/login.c b/usr/src/usr.bin/login/login.c
index 7e9b8c9..6c181ab 100644 (file)
--- a/usr/src/usr.bin/login/login.c
+++ b/usr/src/usr.bin/login/login.c
@@ -22,7 +22,7 @@ char copyright[] =
 #endif /* not lint */
 
 #ifndef lint
 #endif /* not lint */
 
 #ifndef lint

-static char sccsid[] = "@(#)login.c    5.45 (Berkeley) %G%";
+static char sccsid[] = "@(#)login.c    5.52 (Berkeley) %G%";

 #endif /* not lint */
 
 /*
 #endif /* not lint */
 
 /*


@@ -33,12 +33,11 @@ static char sccsid[] = "@(#)login.c 5.45 (Berkeley) %G%";
  */
 
 #include <sys/param.h>
  */
 
 #include <sys/param.h>

-#include <ufs/quota.h>

 #include <sys/stat.h>
 #include <sys/time.h>
 #include <sys/resource.h>
 #include <sys/file.h>
 #include <sys/stat.h>
 #include <sys/time.h>
 #include <sys/resource.h>
 #include <sys/file.h>

-#include <sys/ioctl.h>
+#include <sgtty.h>

 
 #include <utmp.h>
 #include <signal.h>
 
 #include <utmp.h>
 #include <signal.h>


@@ -63,7 +62,7 @@ int   timeout = 300;
 
 struct passwd *pwd;
 int    failures;
 
 struct passwd *pwd;
 int    failures;

-char   term[64], *hostname, *username, *tty;
+char   term[64], *envinit[1], *hostname, *username, *tty;

 
 struct sgttyb sgttyb;
 struct tchars tc = {
 
 struct sgttyb sgttyb;
 struct tchars tc = {


@@ -96,7 +95,7 @@ main(argc, argv)
        register char *p;
        int ask, fflag, hflag, pflag, rflag, cnt;
        int quietlog, passwd_req, ioctlval, timedout();
        register char *p;
        int ask, fflag, hflag, pflag, rflag, cnt;
        int quietlog, passwd_req, ioctlval, timedout();

-       char *domain, *salt, *envinit[1], *ttyn, *pp;
+       char *domain, *salt, *ttyn, *pp;

        char tbuf[MAXPATHLEN + 2], tname[sizeof(_PATH_TTY) + 10];
        char localhost[MAXHOSTNAMELEN];
        char *ctime(), *ttyname(), *stypeof(), *crypt(), *getpass();
        char tbuf[MAXPATHLEN + 2], tname[sizeof(_PATH_TTY) + 10];
        char localhost[MAXHOSTNAMELEN];
        char *ctime(), *ttyname(), *stypeof(), *crypt(), *getpass();


@@ -108,7 +107,6 @@ main(argc, argv)
        (void)signal(SIGQUIT, SIG_IGN);
        (void)signal(SIGINT, SIG_IGN);
        (void)setpriority(PRIO_PROCESS, 0, 0);
        (void)signal(SIGQUIT, SIG_IGN);
        (void)signal(SIGINT, SIG_IGN);
        (void)setpriority(PRIO_PROCESS, 0, 0);

-       (void)quota(Q_SETUID, 0, 0, 0);

 
        /*
         * -p is used by getty to tell login not to destroy the environment
 
        /*
         * -p is used by getty to tell login not to destroy the environment


@@ -123,8 +121,11 @@ main(argc, argv)
        else
                domain = index(localhost, '.');
 
        else
                domain = index(localhost, '.');
 

+       openlog("login", LOG_ODELAY, LOG_AUTH);
+

        fflag = hflag = pflag = rflag = 0;
        passwd_req = 1;
        fflag = hflag = pflag = rflag = 0;
        passwd_req = 1;

+       uid = getuid();

        while ((ch = getopt(argc, argv, "fh:pr:")) != EOF)
                switch (ch) {
                case 'f':
        while ((ch = getopt(argc, argv, "fh:pr:")) != EOF)
                switch (ch) {
                case 'f':


@@ -136,7 +137,7 @@ main(argc, argv)
                        fflag = 1;
                        break;
                case 'h':
                        fflag = 1;
                        break;
                case 'h':

-                       if (getuid()) {
+                       if (uid) {

                                (void)fprintf(stderr,
                                    "login: -h for super-user only.\n");
                                exit(1);
                                (void)fprintf(stderr,
                                    "login: -h for super-user only.\n");
                                exit(1);


@@ -180,7 +181,8 @@ main(argc, argv)
                        break;
                case '?':
                default:
                        break;
                case '?':
                default:

-                       syslog(LOG_ERR, "invalid flag");
+                       if (!uid)
+                               syslog(LOG_ERR, "invalid flag %c", ch);

                        (void)fprintf(stderr,
                            "usage: login [-fp] [username]\n");
                        exit(1);
                        (void)fprintf(stderr,
                            "usage: login [-fp] [username]\n");
                        exit(1);


@@ -226,8 +228,6 @@ main(argc, argv)
        else
                tty = ttyn;
 
        else
                tty = ttyn;
 

-       openlog("login", LOG_ODELAY, LOG_AUTH);
-

        for (cnt = 0;; ask = 1) {
                ioctlval = TTYDISC;
                (void)ioctl(0, TIOCSETD, &ioctlval);
        for (cnt = 0;; ask = 1) {
                ioctlval = TTYDISC;
                (void)ioctl(0, TIOCSETD, &ioctlval);


@@ -237,9 +237,8 @@ main(argc, argv)
                        getloginname();
                }
                /*
                        getloginname();
                }
                /*

-                * Note if trying multiple user names;
-                * log failures for previous user name,
-                * but don't bother logging one failure
+                * Note if trying multiple user names; log failures for
+                * previous user name, but don't bother logging one failure

                 * for nonexistent name (mistyped username).
                 */
                if (failures && strcmp(tbuf, username)) {
                 * for nonexistent name (mistyped username).
                 */
                if (failures && strcmp(tbuf, username)) {


@@ -262,8 +261,6 @@ main(argc, argv)
                 * root, disallow if the uid's differ.
                 */
                if (fflag && pwd) {
                 * root, disallow if the uid's differ.
                 */
                if (fflag && pwd) {

-                       int uid = getuid();
-

                        passwd_req =
 #ifndef        KERBEROS
                             pwd->pw_uid == 0 ||
                        passwd_req =
 #ifndef        KERBEROS
                             pwd->pw_uid == 0 ||


@@ -278,6 +275,25 @@ main(argc, argv)
                if (!passwd_req || (pwd && !*pwd->pw_passwd))
                        break;
 
                if (!passwd_req || (pwd && !*pwd->pw_passwd))
                        break;
 

+               /*
+                * If trying to log in as root, but with insecure terminal,
+                * refuse the login attempt.
+                */
+               if (pwd->pw_uid == 0 && !rootterm(tty)) {
+                       (void)fprintf(stderr,
+                           "%s login refused on this terminal.\n",
+                           pwd->pw_name);
+                       if (hostname)
+                               syslog(LOG_NOTICE,
+                                   "LOGIN %s REFUSED FROM %s ON TTY %s",
+                                   pwd->pw_name, hostname, tty);
+                       else
+                               syslog(LOG_NOTICE,
+                                   "LOGIN %s REFUSED ON TTY %s",
+                                    pwd->pw_name, tty);
+                       continue;
+               }
+

                setpriority(PRIO_PROCESS, 0, -4);
                pp = getpass("Password:");
                p = crypt(pp, salt);
                setpriority(PRIO_PROCESS, 0, -4);
                pp = getpass("Password:");
                p = crypt(pp, salt);


@@ -306,36 +322,6 @@ main(argc, argv)
        /* paranoia... */
        endpwent();
 
        /* paranoia... */
        endpwent();
 

-       /*
-        * If valid so far and root is logging in, see if root logins on
-        * this terminal are permitted.
-        */
-       if (pwd->pw_uid == 0 && !rootterm(tty)) {
-               if (hostname)
-                       syslog(LOG_NOTICE, "ROOT LOGIN REFUSED FROM %s",
-                           hostname);
-               else
-                       syslog(LOG_NOTICE, "ROOT LOGIN REFUSED ON %s", tty);
-               (void)printf("Login incorrect\n");
-               sleepexit(1);
-       }
-
-       if (quota(Q_SETUID, pwd->pw_uid, 0, 0) < 0 && errno != EINVAL) {
-               switch(errno) {
-               case EUSERS:
-                       (void)fprintf(stderr,
-               "Too many users logged on already.\nTry again later.\n");
-                       break;
-               case EPROCLIM:
-                       (void)fprintf(stderr,
-                           "You have too many processes running.\n");
-                       break;
-               default:
-                       perror("quota (Q_SETUID)");
-               }
-               sleepexit(0);
-       }
-

        if (chdir(pwd->pw_dir) < 0) {
                (void)printf("No directory %s!\n", pwd->pw_dir);
                if (chdir("/"))
        if (chdir(pwd->pw_dir) < 0) {
                (void)printf("No directory %s!\n", pwd->pw_dir);
                if (chdir("/"))


@@ -423,8 +409,6 @@ main(argc, argv)
 
        initgroups(username, pwd->pw_gid);
 
 
        initgroups(username, pwd->pw_gid);
 

-       quota(Q_DOWARN, pwd->pw_uid, (dev_t)-1, 0);
-

        if (*pwd->pw_shell == '\0')
                pwd->pw_shell = _PATH_BSHELL;
 
        if (*pwd->pw_shell == '\0')
                pwd->pw_shell = _PATH_BSHELL;
 


@@ -467,8 +451,8 @@ main(argc, argv)
        strcpy(tbuf + 1, (p = rindex(pwd->pw_shell, '/')) ?
            p + 1 : pwd->pw_shell);
 
        strcpy(tbuf + 1, (p = rindex(pwd->pw_shell, '/')) ?
            p + 1 : pwd->pw_shell);
 

-       if (setlogname(pwd->pw_name, strlen(pwd->pw_name)) < 0)
-               syslog(LOG_ERR, "setlogname() failure: %m");
+       if (setlogin(pwd->pw_name) < 0)
+               syslog(LOG_ERR, "setlogin() failure: %m");

 
        /* discard permissions last so can't get killed and drop core */
        (void)setuid(pwd->pw_uid);
 
        /* discard permissions last so can't get killed and drop core */
        (void)setuid(pwd->pw_uid);