X-Git-Url: https://git.subgeniuskitty.com/unix-history/.git/blobdiff_plain/53b3a5b27d432e7d4cc4793b62be680701efbcd2..0e08a2b3386a9f94ec7e5105670a436fae699c72:/usr/src/usr.bin/login/login.c diff --git a/usr/src/usr.bin/login/login.c b/usr/src/usr.bin/login/login.c index 8df6e185a5..76339b0233 100644 --- a/usr/src/usr.bin/login/login.c +++ b/usr/src/usr.bin/login/login.c @@ -1,23 +1,35 @@ /* - * Copyright (c) 1980 Regents of the University of California. - * All rights reserved. The Berkeley software License Agreement - * specifies the terms and conditions for redistribution. + * Copyright (c) 1980, 1987, 1988 The Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms are permitted + * provided that the above copyright notice and this paragraph are + * duplicated in all such forms and that any documentation, + * advertising materials, and other materials related to such + * distribution and use acknowledge that the software was developed + * by the University of California, Berkeley. The name of the + * University may not be used to endorse or promote products derived + * from this software without specific prior written permission. + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #ifndef lint char copyright[] = -"@(#) Copyright (c) 1980 Regents of the University of California.\n\ +"@(#) Copyright (c) 1980, 1987, 1988 The Regents of the University of California.\n\ All rights reserved.\n"; -#endif not lint +#endif /* not lint */ #ifndef lint -static char sccsid[] = "@(#)login.c 5.16 (Berkeley) %G%"; -#endif not lint +static char sccsid[] = "@(#)login.c 5.38 (Berkeley) %G%"; +#endif /* not lint */ /* * login [ name ] - * login -r hostname (for rlogind) - * login -h hostname (for telnetd, etc.) + * login -r hostname (for rlogind) + * login -h hostname (for telnetd, etc.) + * login -f name (for pre-authenticated login: datakit, xterm, etc.) */ #include @@ -26,57 +38,35 @@ static char sccsid[] = "@(#)login.c 5.16 (Berkeley) %G%"; #include #include #include +#include -#include #include #include -#include -#include #include #include #include #include #include +#include +#include +#include +#include +#include +#include "pathnames.h" -#define TTYGRPNAME "tty" /* name of group to own ttys */ -#define TTYGID(gid) tty_gid(gid) /* gid that owns all ttys */ - -#define SCMPN(a, b) strncmp(a, b, sizeof(a)) -#define SCPYN(a, b) strncpy(a, b, sizeof(a)) - -#define NMAX sizeof(utmp.ut_name) -#define HMAX sizeof(utmp.ut_host) - -#define FALSE 0 -#define TRUE -1 +#define TTYGRPNAME "tty" /* name of group to own ttys */ -char nolog[] = "/etc/nologin"; -char qlog[] = ".hushlogin"; -char maildir[30] = "/usr/spool/mail/"; -char lastlog[] = "/usr/adm/lastlog"; -struct passwd nouser = {"", "nope", -1, -1, -1, "", "", "", "" }; -struct sgttyb ttyb; -struct utmp utmp; -char minusnam[16] = "-"; -char *envinit[] = { 0 }; /* now set by setenv calls */ /* - * This bounds the time given to login. We initialize it here - * so it can be patched on machines where it's too small. + * This bounds the time given to login. Not a define so it can + * be patched on machines where it's too small. */ -int timeout = 60; - -char term[64]; +int timeout = 300; struct passwd *pwd; -char *strcat(), *rindex(), *index(), *malloc(), *realloc(); -int timedout(); -char *ttyname(); -char *crypt(); -char *getpass(); -char *stypeof(); -extern char **environ; -extern int errno; +int failures; +char term[64], *hostname, *username, *tty; +struct sgttyb sgttyb; struct tchars tc = { CINTR, CQUIT, CSTART, CSTOP, CEOT, CBRK }; @@ -84,444 +74,580 @@ struct ltchars ltc = { CSUSP, CDSUSP, CRPRNT, CFLUSH, CWERASE, CLNEXT }; -struct winsize win = { 0, 0, 0, 0 }; +char *months[] = + { "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", + "Sep", "Oct", "Nov", "Dec" }; -int rflag; -int usererr = -1; -char rusername[NMAX+1], lusername[NMAX+1]; -char rpassword[NMAX+1]; -char name[NMAX+1]; -char me[MAXHOSTNAMELEN]; -char *rhost; +char *months[] = + { "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", + "Sep", "Oct", "Nov", "Dec" }; main(argc, argv) - char *argv[]; + int argc; + char **argv; { - register char *namep; - int pflag = 0, hflag = 0, t, f, c; - int invalid, quietlog; - FILE *nlfd; - char *ttyn, *tty; - int ldisc = 0, zero = 0, i; - char **envnew; - char *p, *domain, *index(); - - signal(SIGALRM, timedout); - alarm(timeout); - signal(SIGQUIT, SIG_IGN); - signal(SIGINT, SIG_IGN); - setpriority(PRIO_PROCESS, 0, 0); - quota(Q_SETUID, 0, 0, 0); + extern int errno, optind; + extern char *optarg, **environ; + struct timeval tp; + struct tm *ttp; + struct timeval tp; + struct tm *ttp; + struct group *gr; + register int ch; + register char *p; + int ask, fflag, hflag, pflag, rflag, cnt; + int quietlog, passwd_req, ioctlval, timedout(); + char *domain, *salt, *envinit[1], *ttyn, *pp; + char tbuf[MAXPATHLEN + 2]; + char *ctime(), *ttyname(), *stypeof(), *crypt(), *getpass(); + time_t time(); + off_t lseek(); + + (void)signal(SIGALRM, timedout); + (void)alarm((u_int)timeout); + (void)signal(SIGQUIT, SIG_IGN); + (void)signal(SIGINT, SIG_IGN); + (void)setpriority(PRIO_PROCESS, 0, 0); + (void)quota(Q_SETUID, 0, 0, 0); + /* * -p is used by getty to tell login not to destroy the environment * -r is used by rlogind to cause the autologin protocol; - * -h is used by other servers to pass the name of the - * remote host to login so that it may be placed in utmp and wtmp + * -f is used to skip a second login authentication + * -h is used by other servers to pass the name of the remote + * host to login so that it may be placed in utmp and wtmp */ - (void) gethostname(me, sizeof(me)); - domain = index(me, '.'); - while (argc > 1) { - if (strcmp(argv[1], "-r") == 0) { - if (rflag || hflag) { - printf("Only one of -r and -h allowed\n"); + (void)gethostname(tbuf, sizeof(tbuf)); + domain = index(tbuf, '.'); + + fflag = hflag = pflag = rflag = 0; + passwd_req = 1; + while ((ch = getopt(argc, argv, "fh:pr:")) != EOF) + switch (ch) { + case 'f': + if (rflag) { + fprintf(stderr, + "login: only one of -r and -f allowed.\n"); exit(1); } - rflag = 1; - usererr = doremotelogin(argv[2]); - if ((p = index(argv[2], '.')) && strcmp(p, domain) == 0) - *p = 0; - SCPYN(utmp.ut_host, argv[2]); - argc -= 2; - argv += 2; - continue; - } - if (strcmp(argv[1], "-h") == 0 && getuid() == 0) { - if (rflag || hflag) { - printf("Only one of -r and -h allowed\n"); + fflag = 1; + break; + case 'h': + if (getuid()) { + (void)fprintf(stderr, + "login: -h for super-user only.\n"); + exit(1); + } + if (rflag) { + fprintf(stderr, + "login: only one of -r and -h allowed.\n"); exit(1); } hflag = 1; - if ((p = index(argv[2], '.')) && strcmp(p, domain) == 0) + if (domain && (p = index(optarg, '.')) && + strcasecmp(p, domain) == 0) *p = 0; - SCPYN(utmp.ut_host, argv[2]); - argc -= 2; - argv += 2; - continue; - } - if (strcmp(argv[1], "-p") == 0) { - argc--; - argv++; + hostname = optarg; + break; + case 'p': pflag = 1; - continue; + break; + case 'r': + if (hflag || fflag) { + fprintf(stderr, + "login: -f and -h not allowed with -r.\n"); + exit(1); + } + if (getuid()) { + fprintf(stderr, + "login: -r for super-user only.\n"); + exit(1); + } + /* "-r hostname" must be last args */ + if (optind != argc) { + fprintf(stderr, "Syntax error.\n"); + exit(1); + } + rflag = 1; + passwd_req = (doremotelogin(optarg) == -1); + if (domain && (p = index(optarg, '.')) && + !strcmp(p, domain)) + *p = '\0'; + hostname = optarg; + break; + case '?': + default: + (void)fprintf(stderr, + "usage: login [-fp] [username]\n"); + exit(1); } - break; - } - ioctl(0, TIOCLSET, &zero); - ioctl(0, TIOCNXCL, 0); - ioctl(0, FIONBIO, &zero); - ioctl(0, FIOASYNC, &zero); - ioctl(0, TIOCGETP, &ttyb); + argc -= optind; + argv += optind; + if (*argv) { + username = *argv; + ask = 0; + } else + ask = 1; + if (rflag) + ask = 0; + + ioctlval = 0; + (void)ioctl(0, TIOCLSET, &ioctlval); + (void)ioctl(0, TIOCNXCL, 0); + (void)fcntl(0, F_SETFL, ioctlval); + (void)ioctl(0, TIOCGETP, &sgttyb); + /* - * If talking to an rlogin process, - * propagate the terminal type and + * If talking to an rlogin process, propagate the terminal type and * baud rate across the network. */ if (rflag) - doremoteterm(term, &ttyb); - ttyb.sg_erase = CERASE; - ttyb.sg_kill = CKILL; - ioctl(0, TIOCSLTC, <c); - ioctl(0, TIOCSETC, &tc); - ioctl(0, TIOCSETP, &ttyb); - for (t = getdtablesize(); t > 2; t--) - close(t); + doremoteterm(&sgttyb); + sgttyb.sg_erase = CERASE; + sgttyb.sg_kill = CKILL; + (void)ioctl(0, TIOCSLTC, <c); + (void)ioctl(0, TIOCSETC, &tc); + (void)ioctl(0, TIOCSETP, &sgttyb); + + for (cnt = getdtablesize(); cnt > 2; cnt--) + close(cnt); + ttyn = ttyname(0); - if (ttyn == (char *)0 || *ttyn == '\0') + if (ttyn == NULL || *ttyn == '\0') ttyn = "/dev/tty??"; - tty = rindex(ttyn, '/'); - if (tty == NULL) - tty = ttyn; + if (tty = rindex(ttyn, '/')) + ++tty; else - tty++; + tty = ttyn; + openlog("login", LOG_ODELAY, LOG_AUTH); - t = 0; - invalid = FALSE; - do { - ldisc = 0; - ioctl(0, TIOCSETD, &ldisc); - SCPYN(utmp.ut_name, ""); - /* - * Name specified, take it. - */ - if (argc > 1) { - SCPYN(utmp.ut_name, argv[1]); - argc = 0; - } - /* - * If remote login take given name, - * otherwise prompt user for something. - */ - if (rflag && !invalid) - SCPYN(utmp.ut_name, lusername); - else - getloginname(&utmp); - invalid = FALSE; - if (!strcmp(pwd->pw_shell, "/bin/csh")) { - ldisc = NTTYDISC; - ioctl(0, TIOCSETD, &ldisc); + + for (cnt = 0;; ask = 1) { + ioctlval = 0; + (void)ioctl(0, TIOCSETD, &ioctlval); + + if (ask) { + fflag = 0; + getloginname(); } /* - * If no remote login authentication and - * a password exists for this user, prompt - * for one and verify it. + * Note if trying multiple user names; + * log failures for previous user name, + * but don't bother logging one failure + * for nonexistent name (mistyped username). */ - if (usererr == -1 && *pwd->pw_passwd != '\0') { - char *pp; - - setpriority(PRIO_PROCESS, 0, -4); - pp = getpass("Password:"); - namep = crypt(pp, pwd->pw_passwd); - setpriority(PRIO_PROCESS, 0, 0); - if (strcmp(namep, pwd->pw_passwd)) - invalid = TRUE; + if (failures && strcmp(tbuf, username)) { + if (failures > (pwd ? 0 : 1)) + badlogin(tbuf); + failures = 0; } + (void)strcpy(tbuf, username); + if (pwd = getpwnam(username)) + salt = pwd->pw_passwd; + else + salt = "xx"; + + /* if user not super-user, check for disabled logins */ + if (pwd == NULL || pwd->pw_uid) + checknologin(); + /* - * If user not super-user, check for logins disabled. + * Disallow automatic login to root; if not invoked by + * root, disallow if the uid's differ. */ - if (pwd->pw_uid != 0 && (nlfd = fopen(nolog, "r")) > 0) { - while ((c = getc(nlfd)) != EOF) - putchar(c); - fflush(stdout); - sleep(5); - exit(0); + if (fflag && pwd) { + int uid = getuid(); + + passwd_req = pwd->pw_uid == 0 || + (uid && uid != pwd->pw_uid); } + /* - * If valid so far and root is logging in, - * see if root logins on this terminal are permitted. + * If no pre-authentication and a password exists + * for this user, prompt for one and verify it. */ - if (!invalid && pwd->pw_uid == 0 && !rootterm(tty)) { - if (utmp.ut_host[0]) - syslog(LOG_CRIT, - "ROOT LOGIN REFUSED ON %s FROM %.*s", - tty, HMAX, utmp.ut_host); - else - syslog(LOG_CRIT, - "ROOT LOGIN REFUSED ON %s", tty); - invalid = TRUE; - } - if (invalid) { - printf("Login incorrect\n"); - if (++t >= 5) { - if (utmp.ut_host[0]) - syslog(LOG_CRIT, - "REPEATED LOGIN FAILURES ON %s FROM %.*s, %.*s", - tty, HMAX, utmp.ut_host, - NMAX, utmp.ut_name); - else - syslog(LOG_CRIT, - "REPEATED LOGIN FAILURES ON %s, %.*s", - tty, NMAX, utmp.ut_name); - ioctl(0, TIOCHPCL, (struct sgttyb *) 0); - close(0), close(1), close(2); - sleep(10); - exit(1); + if (!passwd_req || (pwd && !*pwd->pw_passwd)) + break; + + setpriority(PRIO_PROCESS, 0, -4); + pp = getpass("Password:"); + p = crypt(pp, salt); + setpriority(PRIO_PROCESS, 0, 0); + + (void) bzero(pp, strlen(pp)); + if (pwd && !strcmp(p, pwd->pw_passwd)) + break; + + (void)printf("Login incorrect\n"); + failures++; + /* we allow 10 tries, but after 3 we start backing off */ + if (++cnt > 3) { + if (cnt >= 10) { + badlogin(username); + (void)ioctl(0, TIOCHPCL, (struct sgttyb *)NULL); + sleepexit(1); } + sleep((u_int)((cnt - 3) * 5)); } - if (*pwd->pw_shell == '\0') - pwd->pw_shell = "/bin/sh"; - if (chdir(pwd->pw_dir) < 0 && !invalid ) { - if (chdir("/") < 0) { - printf("No directory!\n"); - invalid = TRUE; - } else { - printf("No directory! %s\n", - "Logging in with home=/"); - pwd->pw_dir = "/"; - } - } - /* - * Remote login invalid must have been because - * of a restriction of some sort, no extra chances. - */ - if (!usererr && invalid) - exit(1); - } while (invalid); -/* committed to login turn off timeout */ - alarm(0); + } - if (quota(Q_SETUID, pwd->pw_uid, 0, 0) < 0 && errno != EINVAL) { - if (errno == EUSERS) - printf("%s.\n%s.\n", - "Too many users logged on already", - "Try again later"); - else if (errno == EPROCLIM) - printf("You have too many processes running.\n"); + /* committed to login -- turn off timeout */ + (void)alarm((u_int)0); + + /* + * If valid so far and root is logging in, see if root logins on + * this terminal are permitted. + */ + if (pwd->pw_uid == 0 && !rootterm(tty)) { + if (hostname) + syslog(LOG_NOTICE, "ROOT LOGIN REFUSED FROM %s", + hostname); else - perror("quota (Q_SETUID)"); - sleep(5); - exit(0); + syslog(LOG_NOTICE, "ROOT LOGIN REFUSED ON %s", tty); + (void)printf("Login incorrect\n"); + sleepexit(1); } - time(&utmp.ut_time); - t = ttyslot(); - if (t > 0 && (f = open("/etc/utmp", O_WRONLY)) >= 0) { - lseek(f, (long)(t*sizeof(utmp)), 0); - SCPYN(utmp.ut_line, tty); - write(f, (char *)&utmp, sizeof(utmp)); - close(f); + + if (quota(Q_SETUID, pwd->pw_uid, 0, 0) < 0 && errno != EINVAL) { + switch(errno) { + case EUSERS: + (void)fprintf(stderr, + "Too many users logged on already.\nTry again later.\n"); + break; + case EPROCLIM: + (void)fprintf(stderr, + "You have too many processes running.\n"); + break; + default: + perror("quota (Q_SETUID)"); + } + sleepexit(0); } - if ((f = open("/usr/adm/wtmp", O_WRONLY|O_APPEND)) >= 0) { - write(f, (char *)&utmp, sizeof(utmp)); - close(f); + + if (chdir(pwd->pw_dir) < 0) { + (void)printf("No directory %s!\n", pwd->pw_dir); + if (chdir("/")) + exit(0); + pwd->pw_dir = "/"; + (void)printf("Logging in with home = \"/\".\n"); } - quietlog = access(qlog, F_OK) == 0; - if ((f = open(lastlog, O_RDWR)) >= 0) { - struct lastlog ll; - - lseek(f, (long)pwd->pw_uid * sizeof (struct lastlog), 0); - if (read(f, (char *) &ll, sizeof ll) == sizeof ll && - ll.ll_time != 0 && !quietlog) { - printf("Last login: %.*s ", - 24-5, (char *)ctime(&ll.ll_time)); - if (*ll.ll_host != '\0') - printf("from %.*s\n", - sizeof (ll.ll_host), ll.ll_host); - else - printf("on %.*s\n", - sizeof (ll.ll_line), ll.ll_line); + +#define TWOWEEKS (14*24*60*60) + if (pwd->pw_change || pwd->pw_expire) + (void)gettimeofday(&tp, (struct timezone *)NULL); + if (pwd->pw_change) + if (tp.tv_sec >= pwd->pw_change) { + printf("Sorry -- your password has expired.\n"); + sleepexit(1); + } + else if (tp.tv_sec - pwd->pw_change < TWOWEEKS) { + ttp = localtime(&pwd->pw_change); + printf("Warning: your password expires on %s %d, 19%d\n", + months[ttp->tm_mon], ttp->tm_mday, ttp->tm_year); + } + if (pwd->pw_expire) + if (tp.tv_sec >= pwd->pw_expire) { + printf("Sorry -- your account has expired.\n"); + sleepexit(1); + } + else if (tp.tv_sec - pwd->pw_expire < TWOWEEKS) { + ttp = localtime(&pwd->pw_expire); + printf("Warning: your account expires on %s %d, 19%d\n", + months[ttp->tm_mon], ttp->tm_mday, ttp->tm_year); + } + +#define TWOWEEKS (14*24*60*60) + if (pwd->pw_change || pwd->pw_expire) + (void)gettimeofday(&tp, (struct timezone *)NULL); + if (pwd->pw_change) + if (tp.tv_sec >= pwd->pw_change) { + (void)printf("Sorry -- your password has expired.\n"); + sleepexit(1); + } + else if (tp.tv_sec - pwd->pw_change < TWOWEEKS && !quietlog) { + ttp = localtime(&pwd->pw_change); + (void)printf("Warning: your password expires on %s %d, %d\n", + months[ttp->tm_mon], ttp->tm_mday, TM_YEAR_BASE + ttp->tm_year); + } + if (pwd->pw_expire) + if (tp.tv_sec >= pwd->pw_expire) { + (void)printf("Sorry -- your account has expired.\n"); + sleepexit(1); } - lseek(f, (long)pwd->pw_uid * sizeof (struct lastlog), 0); - time(&ll.ll_time); - SCPYN(ll.ll_line, tty); - SCPYN(ll.ll_host, utmp.ut_host); - write(f, (char *) &ll, sizeof ll); - close(f); + else if (tp.tv_sec - pwd->pw_expire < TWOWEEKS && !quietlog) { + ttp = localtime(&pwd->pw_expire); + (void)printf("Warning: your account expires on %s %d, %d\n", + months[ttp->tm_mon], ttp->tm_mday, TM_YEAR_BASE + ttp->tm_year); + } + + /* nothing else left to fail -- really log in */ + { + struct utmp utmp; + + bzero((char *)&utmp, sizeof(utmp)); + (void)time(&utmp.ut_time); + strncpy(utmp.ut_name, username, sizeof(utmp.ut_name)); + if (hostname) + strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host)); + strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line)); + login(&utmp); + } + + dolastlog(quietlog); + + if (!hflag && !rflag) { /* XXX */ + static struct winsize win = { 0, 0, 0, 0 }; + + (void)ioctl(0, TIOCSWINSZ, &win); } - chown(ttyn, pwd->pw_uid, TTYGID(pwd->pw_gid)); - if (!hflag && !rflag) /* XXX */ - ioctl(0, TIOCSWINSZ, &win); - chmod(ttyn, 0620); - setgid(pwd->pw_gid); - strncpy(name, utmp.ut_name, NMAX); - name[NMAX] = '\0'; - initgroups(name, pwd->pw_gid); + + (void)chown(ttyn, pwd->pw_uid, + (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid); + (void)chmod(ttyn, 0620); + (void)setgid(pwd->pw_gid); + + initgroups(username, pwd->pw_gid); + quota(Q_DOWARN, pwd->pw_uid, (dev_t)-1, 0); - setuid(pwd->pw_uid); - /* destroy environment unless user has asked to preserve it */ + + if (*pwd->pw_shell == '\0') + pwd->pw_shell = _PATH_BSHELL; + /* turn on new line discipline for the csh */ + else if (!strcmp(pwd->pw_shell, _PATH_CSHELL)) { + ioctlval = NTTYDISC; + (void)ioctl(0, TIOCSETD, &ioctlval); + } + + /* destroy environment unless user has requested preservation */ if (!pflag) environ = envinit; - - /* set up environment, this time without destruction */ - /* copy the environment before setenving */ - i = 0; - while (environ[i] != NULL) - i++; - envnew = (char **) malloc(sizeof (char *) * (i + 1)); - for (; i >= 0; i--) - envnew[i] = environ[i]; - environ = envnew; - - setenv("HOME=", pwd->pw_dir, 1); - setenv("SHELL=", pwd->pw_shell, 1); + (void)setenv("HOME", pwd->pw_dir, 1); + (void)setenv("SHELL", pwd->pw_shell, 1); if (term[0] == '\0') strncpy(term, stypeof(tty), sizeof(term)); - setenv("TERM=", term, 0); - setenv("USER=", pwd->pw_name, 1); - setenv("PATH=", ":/usr/ucb:/bin:/usr/bin", 0); + (void)setenv("TERM", term, 0); + (void)setenv("USER", pwd->pw_name, 1); + (void)setenv("PATH", "/usr/ucb:/bin:/usr/bin:", 0); - if ((namep = rindex(pwd->pw_shell, '/')) == NULL) - namep = pwd->pw_shell; - else - namep++; - strcat(minusnam, namep); if (tty[sizeof("tty")-1] == 'd') syslog(LOG_INFO, "DIALUP %s, %s", tty, pwd->pw_name); if (pwd->pw_uid == 0) - if (utmp.ut_host[0]) - syslog(LOG_NOTICE, "ROOT LOGIN %s FROM %.*s", - tty, HMAX, utmp.ut_host); + if (hostname) + syslog(LOG_NOTICE, "ROOT LOGIN ON %s FROM %s", + tty, hostname); else - syslog(LOG_NOTICE, "ROOT LOGIN %s", tty); + syslog(LOG_NOTICE, "ROOT LOGIN ON %s", tty); + if (!quietlog) { struct stat st; - showmotd(); - strcat(maildir, pwd->pw_name); - if (stat(maildir, &st) == 0 && st.st_size != 0) - printf("You have %smail.\n", - (st.st_mtime > st.st_atime) ? "new " : ""); + motd(); + (void)sprintf(tbuf, "%s/%s", _PATH_MAILDIR, pwd->pw_name); + if (stat(tbuf, &st) == 0 && st.st_size != 0) + (void)printf("You have %smail.\n", + (st.st_mtime > st.st_atime) ? "new " : ""); } - signal(SIGALRM, SIG_DFL); - signal(SIGQUIT, SIG_DFL); - signal(SIGINT, SIG_DFL); - signal(SIGTSTP, SIG_IGN); - execlp(pwd->pw_shell, minusnam, 0); - perror(pwd->pw_shell); - printf("No shell\n"); + + (void)signal(SIGALRM, SIG_DFL); + (void)signal(SIGQUIT, SIG_DFL); + (void)signal(SIGINT, SIG_DFL); + (void)signal(SIGTSTP, SIG_IGN); + + tbuf[0] = '-'; + strcpy(tbuf + 1, (p = rindex(pwd->pw_shell, '/')) ? + p + 1 : pwd->pw_shell); + + /* discard permissions last so can't get killed and drop core */ + (void)setuid(pwd->pw_uid); + + execlp(pwd->pw_shell, tbuf, 0); + (void)fprintf(stderr, "login: no shell: %s.\n", strerror(errno)); exit(0); } -getloginname(up) - register struct utmp *up; +getloginname() { - register char *namep; - char c; - - while (up->ut_name[0] == '\0') { - namep = up->ut_name; - printf("login: "); - while ((c = getchar()) != '\n') { - if (c == ' ') - c = '_'; - if (c == EOF) + register int ch; + register char *p; + static char nbuf[UT_NAMESIZE + 1]; + + for (;;) { + (void)printf("login: "); + for (p = nbuf; (ch = getchar()) != '\n'; ) { + if (ch == EOF) { + badlogin(username); exit(0); - if (namep < up->ut_name+NMAX) - *namep++ = c; + } + if (p < nbuf + UT_NAMESIZE) + *p++ = ch; } + if (p > nbuf) + if (nbuf[0] == '-') + (void)fprintf(stderr, + "login names may not start with '-'.\n"); + else { + *p = '\0'; + username = nbuf; + break; + } } - strncpy(lusername, up->ut_name, NMAX); - lusername[NMAX] = 0; - if ((pwd = getpwnam(lusername)) == NULL) - pwd = &nouser; } timedout() { - - printf("Login timed out after %d seconds\n", timeout); + (void)fprintf(stderr, "Login timed out after %d seconds\n", timeout); exit(0); } -int stopmotd; -catch() +rootterm(ttyn) + char *ttyn; +{ + struct ttyent *t; + + return((t = getttynam(ttyn)) && t->ty_status&TTY_SECURE); +} + +jmp_buf motdinterrupt; + +motd() { + register int fd, nchars; + int (*oldint)(), sigint(); + char tbuf[8192]; + + if ((fd = open(_PATH_MOTDFILE, O_RDONLY, 0)) < 0) + return; + oldint = signal(SIGINT, sigint); + if (setjmp(motdinterrupt) == 0) + while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0) + (void)write(fileno(stdout), tbuf, nchars); + (void)signal(SIGINT, oldint); + (void)close(fd); +} - signal(SIGINT, SIG_IGN); - stopmotd++; +sigint() +{ + longjmp(motdinterrupt, 1); } -rootterm(tty) - char *tty; +checknologin() { - register struct ttyent *t; + register int fd, nchars; + char tbuf[8192]; - if ((t = getttynam(tty)) != NULL) { - if (t->ty_status & TTY_SECURE) - return (1); + if ((fd = open(_PATH_NOLOGIN, O_RDONLY, 0)) >= 0) { + while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0) + (void)write(fileno(stdout), tbuf, nchars); + sleepexit(0); } - return (0); } -showmotd() +dolastlog(quiet) + int quiet; { - FILE *mf; - register c; - - signal(SIGINT, catch); - if ((mf = fopen("/etc/motd", "r")) != NULL) { - while ((c = getc(mf)) != EOF && stopmotd == 0) - putchar(c); - fclose(mf); + struct lastlog ll; + int fd; + char *ctime(); + char *ctime(); + + if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) { + (void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), L_SET); + if (!quiet) { + if (read(fd, (char *)&ll, sizeof(ll)) == sizeof(ll) && + ll.ll_time != 0) { + (void)printf("Last login: %.*s ", + 24-5, (char *)ctime(&ll.ll_time)); + if (*ll.ll_host != '\0') + (void)printf("from %.*s\n", + sizeof(ll.ll_host), ll.ll_host); + else + (void)printf("on %.*s\n", + sizeof(ll.ll_line), ll.ll_line); + } + (void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), L_SET); + } + bzero((char *)&ll, sizeof(ll)); + (void)time(&ll.ll_time); + strncpy(ll.ll_line, tty, sizeof(ll.ll_line)); + if (hostname) + strncpy(ll.ll_host, hostname, sizeof(ll.ll_host)); + (void)write(fd, (char *)&ll, sizeof(ll)); + (void)close(fd); } - signal(SIGINT, SIG_IGN); +} + +badlogin(name) + char *name; +{ + if (failures == 0) + return; + if (hostname) + syslog(LOG_NOTICE, "%d LOGIN FAILURE%s FROM %s, %s", + failures, failures > 1 ? "S" : "", hostname, name); + else + syslog(LOG_NOTICE, "%d LOGIN FAILURE%s ON %s, %s", + failures, failures > 1 ? "S" : "", tty, name); } #undef UNKNOWN -#define UNKNOWN "su" +#define UNKNOWN "su" char * stypeof(ttyid) char *ttyid; { - register struct ttyent *t; + struct ttyent *t; - if (ttyid == NULL || (t = getttynam(ttyid)) == NULL) - return (UNKNOWN); - return (t->ty_type); -} - -doremotelogin(host) - char *host; -{ - getstr(rusername, sizeof (rusername), "remuser"); - getstr(lusername, sizeof (lusername), "locuser"); - getstr(term, sizeof(term), "Terminal type"); - if (getuid()) { - pwd = &nouser; - return(-1); - } - pwd = getpwnam(lusername); - if (pwd == NULL) { - pwd = &nouser; - return(-1); - } - return(ruserok(host, (pwd->pw_uid == 0), rusername, lusername)); + return(ttyid && (t = getttynam(ttyid)) ? t->ty_type : UNKNOWN); } getstr(buf, cnt, err) - char *buf; + char *buf, *err; int cnt; - char *err; { - char c; + char ch; do { - if (read(0, &c, 1) != 1) + if (read(0, &ch, sizeof(ch)) != sizeof(ch)) exit(1); if (--cnt < 0) { - printf("%s too long\r\n", err); - exit(1); + (void)fprintf(stderr, "%s too long\r\n", err); + sleepexit(1); } - *buf++ = c; - } while (c != 0); + *buf++ = ch; + } while (ch); } -char *speeds[] = - { "0", "50", "75", "110", "134", "150", "200", "300", - "600", "1200", "1800", "2400", "4800", "9600", "19200", "38400" }; -#define NSPEEDS (sizeof (speeds) / sizeof (speeds[0])) +sleepexit(eval) + int eval; +{ + sleep((u_int)5); + exit(eval); +} -doremoteterm(term, tp) - char *term; +doremotelogin(host) + char *host; +{ + static char lusername[UT_NAMESIZE+1]; + char rusername[UT_NAMESIZE+1]; + + getstr(rusername, sizeof(rusername), "remuser"); + getstr(lusername, sizeof(lusername), "locuser"); + getstr(term, sizeof(term), "Terminal type"); + username = lusername; + pwd = getpwnam(username); + if (pwd == NULL) + return(-1); + return(ruserok(host, (pwd->pw_uid == 0), rusername, username)); +} + +char *speeds[] = { + "0", "50", "75", "110", "134", "150", "200", "300", "600", + "1200", "1800", "2400", "4800", "9600", "19200", "38400", +}; +#define NSPEEDS (sizeof(speeds) / sizeof(speeds[0])) + +doremoteterm(tp) struct sgttyb *tp; { register char *cp = index(term, '/'), **cpp; @@ -541,55 +667,3 @@ doremoteterm(term, tp) } tp->sg_flags = ECHO|CRMOD|ANYP|XTABS; } - -/* - * Set the value of var to be arg in the Unix 4.2 BSD environment env. - * Var should end with '='. - * (bindings are of the form "var=value") - * This procedure assumes the memory for the first level of environ - * was allocated using malloc. - */ -setenv(var, value, clobber) - char *var, *value; -{ - extern char **environ; - int index = 0; - int varlen = strlen(var); - int vallen = strlen(value); - - for (index = 0; environ[index] != NULL; index++) { - if (strncmp(environ[index], var, varlen) == 0) { - /* found it */ - if (!clobber) - return; - environ[index] = malloc(varlen + vallen + 1); - strcpy(environ[index], var); - strcat(environ[index], value); - return; - } - } - environ = (char **) realloc(environ, sizeof (char *) * (index + 2)); - if (environ == NULL) { - fprintf(stderr, "login: malloc out of memory\n"); - exit(1); - } - environ[index] = malloc(varlen + vallen + 1); - strcpy(environ[index], var); - strcat(environ[index], value); - environ[++index] = NULL; -} - -tty_gid(default_gid) - int default_gid; -{ - struct group *getgrnam(), *gr; - int gid = default_gid; - - gr = getgrnam(TTYGRPNAME); - if (gr != (struct group *) 0) - gid = gr->gr_gid; - - endgrent(); - - return (gid); -}