X-Git-Url: https://git.subgeniuskitty.com/unix-history/.git/blobdiff_plain/276d0f34278df8fd161962cab9d74610e9ab018b..f5576df6fd6c54ac0836b6cc9634f63a156f325a:/usr/src/usr.bin/login/login.c?ds=inline diff --git a/usr/src/usr.bin/login/login.c b/usr/src/usr.bin/login/login.c index 9f1dffc5af..e0955381ec 100644 --- a/usr/src/usr.bin/login/login.c +++ b/usr/src/usr.bin/login/login.c @@ -1,421 +1,582 @@ -static char *sccsid = "@(#)login.c 4.13 (Berkeley) 4.13"; +/*- + * Copyright (c) 1980, 1987, 1988, 1991 The Regents of the University + * of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +char copyright[] = +"@(#) Copyright (c) 1980, 1987, 1988, 1991 The Regents of the University of California.\n\ + All rights reserved.\n"; +#endif /* not lint */ + +#ifndef lint +static char sccsid[] = "@(#)login.c 5.73 (Berkeley) 6/29/91"; +#endif /* not lint */ + /* * login [ name ] - * login -r + * login -h hostname (for telnetd, etc.) + * login -f name (for pre-authenticated login: datakit, xterm, etc.) */ -#include -#include +#include +#include +#include +#include +#include + #include #include +#include +#include +#include +#include #include +#include #include -#include -#include -#include -#ifdef UNAME -#include -#endif +#include +#include +#include "pathnames.h" -#define SCPYN(a, b) strncpy(a, b, sizeof(a)) +#define TTYGRPNAME "tty" /* name of group to own ttys */ -#define NMAX sizeof(utmp.ut_name) -#define LMAX sizeof(utmp.ut_line) +/* + * This bounds the time given to login. Not a define so it can + * be patched on machines where it's too small. + */ +int timeout = 300; +int rootlogin; +#ifdef KERBEROS +int notickets = 1; +char *instance; +char *krbtkfile_env; +int authok; +#endif -#define FALSE 0 -#define TRUE -1 +struct passwd *pwd; +int failures; +char term[64], *envinit[1], *hostname, *username, *tty; -char nolog[] = "/etc/nologin"; -char qlog[] = ".hushlogin"; -char securetty[] = "/etc/securetty"; -char maildir[30] = "/usr/spool/mail/"; -char lastlog[] = "/usr/adm/lastlog"; -struct passwd nouser = {"", "nope"}; -struct sgttyb ttyb; -struct utmp utmp; -char minusnam[16] = "-"; +main(argc, argv) + int argc; + char **argv; +{ + extern int optind; + extern char *optarg, **environ; + struct timeval tp; + struct group *gr; + register int ch; + register char *p; + int ask, fflag, hflag, pflag, cnt, uid; + int quietlog, rval; + char *domain, *salt, *ttyn; + char tbuf[MAXPATHLEN + 2], tname[sizeof(_PATH_TTY) + 10]; + char localhost[MAXHOSTNAMELEN]; + char *ctime(), *ttyname(), *stypeof(), *crypt(), *getpass(); + time_t time(); + off_t lseek(); + void timedout(); -char homedir[64] = "HOME="; -char shell[64] = "SHELL="; -char term[64] = "TERM="; -char user[20] = "USER="; -char *speeds[] = - { "0", "50", "75", "110", "134", "150", "200", "300", - "600", "1200", "1800", "2400", "4800", "9600", "19200", "38400" }; -#define NSPEEDS (sizeof (speeds) / sizeof (speeds[0])) + (void)signal(SIGALRM, timedout); + (void)alarm((u_int)timeout); + (void)signal(SIGQUIT, SIG_IGN); + (void)signal(SIGINT, SIG_IGN); + (void)setpriority(PRIO_PROCESS, 0, 0); -char *envinit[] = - {homedir, shell, "PATH=:/usr/ucb:/bin:/usr/bin", term, user, 0}; + openlog("login", LOG_ODELAY, LOG_AUTH); -struct passwd *pwd; -struct passwd *getpwnam(); -char *strcat(), *rindex(), *index(); -int setpwent(); -char *ttyname(); -char *crypt(); -char *getpass(); -char *rindex(); -char *stypeof(); -extern char **environ; - -#define CTRL(c) ('c'&037) -#define CERASE '#' -#define CEOT CTRL(d) -#define CKILL '@' -#define CQUIT 034 /* FS, cntl shift L */ -#define CINTR 0177 /* DEL */ -#define CSTOP CTRL(s) -#define CSTART CTRL(q) -#define CBRK 0377 -struct tchars tc = { - CINTR, CQUIT, CSTART, CSTOP, CEOT, CBRK -}; -#ifdef TIOCLSET -struct ltchars ltc = { - CTRL(z), CTRL(y), CTRL(r), CTRL(o), CTRL(w), CTRL(v) -}; -#endif + /* + * -p is used by getty to tell login not to destroy the environment + * -f is used to skip a second login authentication + * -h is used by other servers to pass the name of the remote + * host to login so that it may be placed in utmp and wtmp + */ + domain = NULL; + if (gethostname(localhost, sizeof(localhost)) < 0) + syslog(LOG_ERR, "couldn't get local hostname: %m"); + else + domain = index(localhost, '.'); -int rflag; -char rusername[NMAX+1]; -char rpassword[NMAX+1]; + fflag = hflag = pflag = 0; + uid = getuid(); + while ((ch = getopt(argc, argv, "fh:p")) != EOF) + switch (ch) { + case 'f': + fflag = 1; + break; + case 'h': + if (uid) { + (void)fprintf(stderr, + "login: -h option: %s\n", strerror(EPERM)); + exit(1); + } + hflag = 1; + if (domain && (p = index(optarg, '.')) && + strcasecmp(p, domain) == 0) + *p = 0; + hostname = optarg; + break; + case 'p': + pflag = 1; + break; + case '?': + default: + if (!uid) + syslog(LOG_ERR, "invalid flag %c", ch); + (void)fprintf(stderr, + "usage: login [-fp] [-h hostname] [username]\n"); + exit(1); + } + argc -= optind; + argv += optind; + if (*argv) { + username = *argv; + ask = 0; + } else + ask = 1; -main(argc, argv) -char **argv; -{ - register char *namep; - int t, f, c; - int invalid; - int quietlog; - int i; - FILE *nlfd; - char *ttyn; - int ldisc = 0; -#ifdef UNAME - struct utsname uts; -#endif + for (cnt = getdtablesize(); cnt > 2; cnt--) + close(cnt); - alarm(60); - signal(SIGQUIT, SIG_IGN); - signal(SIGINT, SIG_IGN); - nice(-100); - nice(20); - nice(0); - if (argc > 0 && !strcmp(argv[1], "-r")) { - rflag++; - getstr(rusername, sizeof (rusername), "Username"); - getstr(rpassword, sizeof (rpassword), "Password"); - getstr(term+5, sizeof(term)-5, "Terminal type"); + ttyn = ttyname(0); + if (ttyn == NULL || *ttyn == '\0') { + (void)sprintf(tname, "%s??", _PATH_TTY); + ttyn = tname; } -#ifdef TIOCLSET - ioctl(0, TIOCLSET, 0); -#endif - ioctl(0, TIOCNXCL, 0); - gtty(0, &ttyb); - if (rflag) { - char *cp = index(term, '/'); - if (cp) { - int i; - *cp++ = 0; - for (i = 0; i < NSPEEDS; i++) - if (!strcmp(speeds[i], cp)) { - ttyb.sg_ispeed = ttyb.sg_ospeed = i; - break; - } + if (tty = rindex(ttyn, '/')) + ++tty; + else + tty = ttyn; + + for (cnt = 0;; ask = 1) { + if (ask) { + fflag = 0; + getloginname(); } - ttyb.sg_flags = ECHO|CRMOD|ANYP|XTABS; - } - ttyb.sg_erase = CERASE; - ttyb.sg_kill = CKILL; - stty(0, &ttyb); - ioctl(0, TIOCSETC, &tc); -#ifdef TIOCLSET - ioctl(0, TIOCSLTC, <c); +#ifdef KERBEROS + if ((instance = index(username, '.')) != NULL) { + if (strncmp(instance, ".root", 5) == 0) + rootlogin++; + *instance++ = '\0'; + } else { + rootlogin = 0; + instance = ""; + } +#else + rootlogin = 0; #endif - for (t=3; t<20; t++) - close(t); - ttyn = ttyname(0); - if (ttyn==(char *)0) - ttyn = "/dev/tty??"; - do { - ldisc = 0; - ioctl(0, TIOCSETD, &ldisc); - invalid = FALSE; - SCPYN(utmp.ut_name, ""); - if (argc>1) { - SCPYN(utmp.ut_name, argv[1]); - argc = 0; + if (strlen(username) > UT_NAMESIZE) + username[UT_NAMESIZE] = '\0'; + + /* + * Note if trying multiple user names; log failures for + * previous user name, but don't bother logging one failure + * for nonexistent name (mistyped username). + */ + if (failures && strcmp(tbuf, username)) { + if (failures > (pwd ? 0 : 1)) + badlogin(tbuf); + failures = 0; } - if (rflag) - strcpy(utmp.ut_name, rusername); + (void)strcpy(tbuf, username); + + if (pwd = getpwnam(username)) + salt = pwd->pw_passwd; else - while (utmp.ut_name[0] == '\0') { - namep = utmp.ut_name; - printf("%s login: ", sysname); - while ((c = getchar()) != '\n') { - if (c == ' ') - c = '_'; - if (c == EOF) - exit(0); - if (namep < utmp.ut_name+NMAX) - *namep++ = c; + salt = "xx"; + + /* + * if we have a valid account name, and it doesn't have a + * password, or the -f option was specified and the caller + * is root or the caller isn't changing their uid, don't + * authenticate. + */ + if (pwd && (*pwd->pw_passwd == '\0' || + fflag && (uid == 0 || uid == pwd->pw_uid))) + break; + fflag = 0; + if (pwd && pwd->pw_uid == 0) + rootlogin = 1; + + (void)setpriority(PRIO_PROCESS, 0, -4); + + p = getpass("Password:"); + + if (pwd) { +#ifdef KERBEROS + rval = klogin(pwd, instance, localhost, p); + if (rval == 0) + authok = 1; + else if (rval == 1) { + if (pwd->pw_uid != 0) + rootlogin = 0; + rval = strcmp(crypt(p, salt), pwd->pw_passwd); } +#else + if (pwd->pw_uid != 0) + rootlogin = 0; +#ifdef DES + rval = strcmp(crypt(p, salt), pwd->pw_passwd); +#else + rval = strcmp(p, pwd->pw_passwd); +#endif +#endif } - setpwent(); - if ((pwd = getpwnam(utmp.ut_name)) == NULL) - pwd = &nouser; - endpwent(); - if (!strcmp(pwd->pw_shell, "/bin/csh")) { - ldisc = NTTYDISC; - ioctl(0, TIOCSETD, &ldisc); - } - if (*pwd->pw_passwd != '\0') { - char *pp; - nice(-4); - if (rflag == 0) - pp = getpass("Password:"); + bzero(p, strlen(p)); + + (void)setpriority(PRIO_PROCESS, 0, 0); + + /* + * If trying to log in as root without Kerberos, + * but with insecure terminal, refuse the login attempt. + */ +#ifdef KERBEROS + if (authok == 0) +#endif + if (pwd && rootlogin && !rootterm(tty)) { + (void)fprintf(stderr, + "%s login refused on this terminal.\n", + pwd->pw_name); + if (hostname) + syslog(LOG_NOTICE, + "LOGIN %s REFUSED FROM %s ON TTY %s", + pwd->pw_name, hostname, tty); else - pp = rpassword; - namep = crypt(pp,pwd->pw_passwd); - nice(4); - if (strcmp(namep, pwd->pw_passwd)) - invalid = TRUE; - } - if (pwd->pw_uid != 0 && (nlfd = fopen(nolog, "r")) > 0) { - /* logins are disabled except for root */ - while ((c = getc(nlfd)) != EOF) - putchar(c); - fflush(stdout); - sleep(5); - exit(0); + syslog(LOG_NOTICE, + "LOGIN %s REFUSED ON TTY %s", + pwd->pw_name, tty); + continue; } - if (!invalid && pwd->pw_uid == 0 && - !rootterm(ttyn+sizeof("/dev/")-1)) { - FILE *console = fopen("/dev/console", "w"); - if (console != NULL) { - fprintf(console, "\r\nROOT LOGIN REFUSED %s\r\n" - , ttyn+sizeof("/dev/")-1 - ); - fclose(console); - } - invalid = TRUE; - } - if (invalid) { - printf("Login incorrect\n"); - if (ttyn[sizeof("/dev/tty")-1] == 'd') { - FILE *console = fopen("/dev/console", "w"); - if (console != NULL) { - fprintf(console, "\r\nBADDIALUP %s %s\r\n" - , ttyn+sizeof("/dev/")-1 - , utmp.ut_name); - fclose(console); - } - } - } - if (*pwd->pw_shell == '\0') - pwd->pw_shell = "/bin/sh"; - i = strlen(pwd->pw_shell); - if (chdir(pwd->pw_dir) < 0 && !invalid ) { - if (chdir("/") < 0) { - printf("No directory!\n"); - invalid = TRUE; - } else { - printf("No directory! Logging in with home=/\n"); - pwd->pw_dir = "/"; + + if (pwd && !rval) + break; + + (void)printf("Login incorrect\n"); + failures++; + /* we allow 10 tries, but after 3 we start backing off */ + if (++cnt > 3) { + if (cnt >= 10) { + badlogin(username); + sleepexit(1); } + sleep((u_int)((cnt - 3) * 5)); } - if (rflag && invalid) - exit(1); - } while (invalid); + } + /* committed to login -- turn off timeout */ + (void)alarm((u_int)0); - time(&utmp.ut_time); - t = ttyslot(); - if (t>0 && (f = open("/etc/utmp", 1)) >= 0) { - lseek(f, (long)(t*sizeof(utmp)), 0); - SCPYN(utmp.ut_line, rindex(ttyn, '/')+1); - write(f, (char *)&utmp, sizeof(utmp)); - close(f); + endpwent(); + + /* if user not super-user, check for disabled logins */ + if (!rootlogin) + checknologin(); + + if (chdir(pwd->pw_dir) < 0) { + (void)printf("No home directory %s!\n", pwd->pw_dir); + if (chdir("/")) + exit(0); + pwd->pw_dir = "/"; + (void)printf("Logging in with home = \"/\".\n"); } - if (t>0 && (f = open("/usr/adm/wtmp", 1)) >= 0) { - lseek(f, 0L, 2); - write(f, (char *)&utmp, sizeof(utmp)); - close(f); + + quietlog = access(_PATH_HUSHLOGIN, F_OK) == 0; + + if (pwd->pw_change || pwd->pw_expire) + (void)gettimeofday(&tp, (struct timezone *)NULL); + if (pwd->pw_change) + if (tp.tv_sec >= pwd->pw_change) { + (void)printf("Sorry -- your password has expired.\n"); + sleepexit(1); + } else if (pwd->pw_change - tp.tv_sec < + 2 * DAYSPERWEEK * SECSPERDAY && !quietlog) + (void)printf("Warning: your password expires on %s", + ctime(&pwd->pw_expire)); + if (pwd->pw_expire) + if (tp.tv_sec >= pwd->pw_expire) { + (void)printf("Sorry -- your account has expired.\n"); + sleepexit(1); + } else if (pwd->pw_expire - tp.tv_sec < + 2 * DAYSPERWEEK * SECSPERDAY && !quietlog) + (void)printf("Warning: your account expires on %s", + ctime(&pwd->pw_expire)); + + /* nothing else left to fail -- really log in */ + { + struct utmp utmp; + + bzero((void *)&utmp, sizeof(utmp)); + (void)time(&utmp.ut_time); + strncpy(utmp.ut_name, username, sizeof(utmp.ut_name)); + if (hostname) + strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host)); + strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line)); + login(&utmp); } - quietlog = FALSE; - if (access(qlog, 0) == 0) - quietlog = TRUE; - if ( !quietlog && (f = open(lastlog, 2)) >= 0 ) { - struct lastlog ll; - - lseek(f, (long)pwd->pw_uid * sizeof (struct lastlog), 0); - if (read(f, (char *) &ll, sizeof ll) == sizeof ll && - ll.ll_time != 0) { - printf("Last login: %.*s on %.*s\n" - , 24-5 - , (char *) ctime(&ll.ll_time) - , sizeof(ll.ll_line) - , ll.ll_line - ); - } - lseek(f, (long)pwd->pw_uid * sizeof (struct lastlog), 0); - time(&ll.ll_time); - SCPYN(ll.ll_line, rindex(ttyn, '/')+1); - write(f, (char *) &ll, sizeof ll); - close(f); + + dolastlog(quietlog); + + (void)chown(ttyn, pwd->pw_uid, + (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid); + (void)setgid(pwd->pw_gid); + + initgroups(username, pwd->pw_gid); + + if (*pwd->pw_shell == '\0') + pwd->pw_shell = _PATH_BSHELL; + + /* destroy environment unless user has requested preservation */ + if (!pflag) + environ = envinit; + (void)setenv("HOME", pwd->pw_dir, 1); + (void)setenv("SHELL", pwd->pw_shell, 1); + if (term[0] == '\0') + strncpy(term, stypeof(tty), sizeof(term)); + (void)setenv("TERM", term, 0); + (void)setenv("LOGNAME", pwd->pw_name, 1); + (void)setenv("USER", pwd->pw_name, 1); + (void)setenv("PATH", _PATH_DEFPATH, 0); +#ifdef KERBEROS + if (krbtkfile_env) + (void)setenv("KRBTKFILE", krbtkfile_env, 1); +#endif + + if (tty[sizeof("tty")-1] == 'd') + syslog(LOG_INFO, "DIALUP %s, %s", tty, pwd->pw_name); + /* if fflag is on, assume caller/authenticator has logged root login */ + if (rootlogin && fflag == 0) + if (hostname) + syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s FROM %s", + username, tty, hostname); + else + syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s", username, tty); + +#ifdef KERBEROS + if (!quietlog && notickets == 1) + (void)printf("Warning: no Kerberos tickets issued.\n"); +#endif + + if (!quietlog) { + struct stat st; + + printf("%s%s", + "386BSD Release 0.1 by William and Lynne Jolitz.\n", +"Copyright (c) 1989,1990,1991,1992 William F. Jolitz. All rights reserved.\n\ +Based in part on work by the 386BSD User Community and the\n\ +BSD Networking Software, Release 2 by UCB EECS Department.\n"); + + motd(); + (void)sprintf(tbuf, "%s/%s", _PATH_MAILDIR, pwd->pw_name); + if (stat(tbuf, &st) == 0 && st.st_size != 0) + (void)printf("You have %smail.\n", + (st.st_mtime > st.st_atime) ? "new " : ""); } - chown(ttyn, pwd->pw_uid, pwd->pw_gid); - setgid(pwd->pw_gid); - inigrp(utmp.ut_name, pwd->pw_gid); - setuid(pwd->pw_uid); - environ = envinit; - strncat(homedir, pwd->pw_dir, sizeof(homedir)-6); - strncat(shell, pwd->pw_shell, sizeof(shell)-7); - if (rflag == 0) - strncat(term, stypeof(ttyn), sizeof(term)-6); - strncat(user, pwd->pw_name, sizeof(user)-6); - if ((namep = rindex(pwd->pw_shell, '/')) == NULL) - namep = pwd->pw_shell; - else - namep++; - strcat(minusnam, namep); - alarm(0); -#ifdef ARPAVAX - if (pwd->pw_gid == 27) /* UGLY ! */ - umask(2); + + (void)signal(SIGALRM, SIG_DFL); + (void)signal(SIGQUIT, SIG_DFL); + (void)signal(SIGINT, SIG_DFL); + (void)signal(SIGTSTP, SIG_IGN); + + tbuf[0] = '-'; + strcpy(tbuf + 1, (p = rindex(pwd->pw_shell, '/')) ? + p + 1 : pwd->pw_shell); + + if (setlogin(pwd->pw_name) < 0) + syslog(LOG_ERR, "setlogin() failure: %m"); + + /* discard permissions last so can't get killed and drop core */ + if (rootlogin) + (void) setuid(0); else + (void) setuid(pwd->pw_uid); + + execlp(pwd->pw_shell, tbuf, 0); + (void)fprintf(stderr, "%s: %s\n", pwd->pw_shell, strerror(errno)); + exit(1); +} + +#ifdef KERBEROS +#define NBUFSIZ (UT_NAMESIZE + 1 + 5) /* .root suffix */ +#else +#define NBUFSIZ (UT_NAMESIZE + 1) #endif - umask(022); - if (ttyn[sizeof("/dev/tty")-1] == 'd') { - FILE *console = fopen("/dev/console", "w"); - if (console != NULL) { - fprintf(console, "\r\nDIALUP %s %s\r\n" - , ttyn+sizeof("/dev/")-1 - , pwd->pw_name - ); - fclose(console); - } - } - if ( !quietlog ) { - showmotd(); - strcat(maildir, pwd->pw_name); - if (access(maildir,4)==0) { - struct stat statb; - stat(maildir, &statb); - if (statb.st_size) - printf("You have mail.\n"); + +getloginname() +{ + register int ch; + register char *p; + static char nbuf[NBUFSIZ]; + + for (;;) { + (void)printf("login: "); + for (p = nbuf; (ch = getchar()) != '\n'; ) { + if (ch == EOF) { + badlogin(username); + exit(0); + } + if (p < nbuf + (NBUFSIZ - 1)) + *p++ = ch; } + if (p > nbuf) + if (nbuf[0] == '-') + (void)fprintf(stderr, + "login names may not start with '-'.\n"); + else { + *p = '\0'; + username = nbuf; + break; + } } - - signal(SIGQUIT, SIG_DFL); - signal(SIGINT, SIG_DFL); - signal(SIGTSTP, SIG_IGN); - execlp(pwd->pw_shell, minusnam, 0); - perror(pwd->pw_shell); - printf("No shell\n"); +} + +void +timedout() +{ + (void)fprintf(stderr, "Login timed out after %d seconds\n", timeout); exit(0); } -int stopmotd; -catch() +rootterm(ttyn) + char *ttyn; { - signal(SIGINT, SIG_IGN); - stopmotd++; + struct ttyent *t; + + return((t = getttynam(ttyn)) && t->ty_status&TTY_SECURE); } -/* - * return true if OK for root to login on this terminal - */ -rootterm(tty) - char *tty; +jmp_buf motdinterrupt; + +motd() +{ + register int fd, nchars; + sig_t oldint; + void sigint(); + char tbuf[8192]; + + if ((fd = open(_PATH_MOTDFILE, O_RDONLY, 0)) < 0) + return; + oldint = signal(SIGINT, sigint); + if (setjmp(motdinterrupt) == 0) + while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0) + (void)write(fileno(stdout), tbuf, nchars); + (void)signal(SIGINT, oldint); + (void)close(fd); +} + +void +sigint() +{ + longjmp(motdinterrupt, 1); +} + +checknologin() { - register FILE *fd; - char buf[100]; - - if ((fd = fopen(securetty, "r")) == NULL) - return(1); - while (fgets(buf, sizeof buf, fd) != NULL) { - buf[strlen(buf)-1] = '\0'; - if (strcmp(tty, buf) == 0) { - fclose(fd); - return(1); + register int fd, nchars; + char tbuf[8192]; + + if ((fd = open(_PATH_NOLOGIN, O_RDONLY, 0)) >= 0) { + while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0) + (void)write(fileno(stdout), tbuf, nchars); + sleepexit(0); + } +} + +dolastlog(quiet) + int quiet; +{ + struct lastlog ll; + int fd; + char *ctime(); + + if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) { + (void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), L_SET); + if (!quiet) { + if (read(fd, (char *)&ll, sizeof(ll)) == sizeof(ll) && + ll.ll_time != 0) { + (void)printf("Last login: %.*s ", + 24-5, (char *)ctime(&ll.ll_time)); + if (*ll.ll_host != '\0') + (void)printf("from %.*s\n", + sizeof(ll.ll_host), ll.ll_host); + else + (void)printf("on %.*s\n", + sizeof(ll.ll_line), ll.ll_line); + } + (void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), L_SET); } + bzero((void *)&ll, sizeof(ll)); + (void)time(&ll.ll_time); + strncpy(ll.ll_line, tty, sizeof(ll.ll_line)); + if (hostname) + strncpy(ll.ll_host, hostname, sizeof(ll.ll_host)); + (void)write(fd, (char *)&ll, sizeof(ll)); + (void)close(fd); } - fclose(fd); - return(0); } -showmotd() +badlogin(name) + char *name; { - FILE *mf; - register c; - - signal(SIGINT, catch); - if ((mf = fopen("/etc/motd","r")) != NULL) { - while ((c = getc(mf)) != EOF && stopmotd == 0) - putchar(c); - fclose(mf); + if (failures == 0) + return; + if (hostname) { + syslog(LOG_NOTICE, "%d LOGIN FAILURE%s FROM %s", + failures, failures > 1 ? "S" : "", hostname); + syslog(LOG_AUTHPRIV|LOG_NOTICE, + "%d LOGIN FAILURE%s FROM %s, %s", + failures, failures > 1 ? "S" : "", hostname, name); + } else { + syslog(LOG_NOTICE, "%d LOGIN FAILURE%s ON %s", + failures, failures > 1 ? "S" : "", tty); + syslog(LOG_AUTHPRIV|LOG_NOTICE, + "%d LOGIN FAILURE%s ON %s, %s", + failures, failures > 1 ? "S" : "", tty, name); } - signal(SIGINT, SIG_IGN); } #undef UNKNOWN -#define UNKNOWN "su" +#define UNKNOWN "su" char * stypeof(ttyid) -char *ttyid; + char *ttyid; { - static char typebuf[16]; - char buf[50]; - register FILE *f; - register char *p, *t, *q; - - if (ttyid == NULL) - return (UNKNOWN); - f = fopen("/etc/ttytype", "r"); - if (f == NULL) - return (UNKNOWN); - /* split off end of name */ - for (p = q = ttyid; *p != 0; p++) - if (*p == '/') - q = p + 1; - - /* scan the file */ - while (fgets(buf, sizeof buf, f) != NULL) - { - for (t=buf; *t!=' ' && *t != '\t'; t++) - ; - *t++ = 0; - while (*t == ' ' || *t == '\t') - t++; - for (p=t; *p>' '; p++) - ; - *p = 0; - if (strcmp(q,t)==0) { - strcpy(typebuf, buf); - fclose(f); - return (typebuf); - } - } - fclose (f); - return (UNKNOWN); + struct ttyent *t; + + return(ttyid && (t = getttynam(ttyid)) ? t->ty_type : UNKNOWN); } -getstr(buf, cnt, err) - char *buf; - int cnt; - char *err; +sleepexit(eval) + int eval; { - char c; - - do { - if (read(0, &c, 1) != 1) - exit(1); - if (--cnt < 0) { - printf("%s too long\r\n", err); - exit(1); - } - *buf++ = c; - } while (c != 0); + sleep((u_int)5); + exit(eval); }