1 /* opielogin.c: The infamous /bin/login
3 %%% portions-copyright-cmetz-96
4 Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
5 Reserved. The Inner Net License Version 2 applies to these portions of
7 You should have received a copy of the license with this software. If
8 you didn't get a copy, you may request one from <license@inner.net>.
10 Portions of this software are Copyright 1995 by Randall Atkinson and Dan
11 McDonald, All Rights Reserved. All Rights under this copyright are assigned
12 to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
13 License Agreement applies to this software.
17 Modified by cmetz for OPIE 2.4. Omit "/dev/" in lastlog entry.
18 Don't chdir for invalid users. Fixed bug where getloginname()
19 didn't actually change spaces to underscores. Use struct
20 opie_key for key blocks. Do the home directory chdir() after
21 doing the setuid() in case we're on superuser-mapped NFS.
22 Initialize some variables explicitly. Call opieverify() if
23 login times out. Use opiestrncpy().
24 Modified by cmetz for OPIE 2.32. Partially handle environment
25 variables on the command line (a better implementation is
26 coming soon). Handle failure to issue a challenge more
28 Modified by cmetz for OPIE 2.31. Use _PATH_NOLOGIN. Move Solaris
29 drain bamage kluge after rflag check; it breaks rlogin.
30 Use TCSAFLUSH instead of TCSANOW (except where it flushes
31 data we need). Sleep before kluging for Solaris.
32 Modified by cmetz for OPIE 2.3. Process login environment files.
33 Made logindevperm/fbtab handling more generic. Kluge around
34 Solaris drain bamage differently (maybe better?). Maybe
35 allow cleartext logins even when opiechallenge() fails.
36 Changed the conditions on when time.h and sys/time.h are
37 included. Send debug info to syslog. Use opielogin() instead
38 of dealing with utmp/setlogin() here.
39 Modified by cmetz for OPIE 2.22. Call setlogin(). Decreased default
40 timeout to two minutes. Use opiereadpass() flags to get
41 around Solaris drain bamage.
42 Modified by cmetz for OPIE 2.21. Took the sizeof() the wrong thing.
43 Modified by cmetz for OPIE 2.2. Changed prompts to ask for OTP
44 response where appropriate. Simple though small speed-up.
45 Don't allow cleartext if echo on. Don't try to clear
46 non-blocking I/O. Use opiereadpass(). Don't mess with
47 termios (as much, at least) -- that's opiereadpass()'s
48 job. Change opiereadpass() calls to add echo arg. Fixed
49 CONTROL macro. Don't modify argv (at least, unless
50 we have a reason to). Allow user in if ruserok() says
51 so. Removed useless strings (I don't think that
52 removing the ucb copyright one is a problem -- please
53 let me know if I'm wrong). Use FUNCTION declaration et
54 al. Moved definition of TRUE here. Ifdef around more
55 headers. Make everything static. Removed support for
56 omitting domain name if same domain -- it generally
57 didn't work and it would be a big portability problem.
58 Use opiereadpass() in getloginname() and then post-
59 process. Added code to grab hpux time zone from
60 /etc/src.sh. Renamed MAIL_DIR to PATH_MAIL. Removed
61 dupe catchexit and extraneous closelog. openlog() as
62 soon as possible because SunOS syslog is broken.
63 Don't print an extra blank line before a new Response
65 Modified at NRL for OPIE 2.2. Changed strip_crlf to stripcrlf.
66 Do opiebackspace() on entries.
67 Modified at NRL for OPIE 2.1. Since we don't seem to use the
68 result of opiechallenge() anymore, discard it. Changed
69 BSD4_3 to HAVE_GETTTYNAM. Other symbol changes for
70 autoconf. Removed obselete usage comment. Removed
71 des_crypt.h. File renamed to opielogin.c. Added bletch
72 for setpriority. Added slash between MAIL_DIR and name.
73 Modified at NRL for OPIE 2.02. Flush stdio after printing login
74 prompt. Fixed Solaris shadow password problem introduced
75 in OPIE 2.01 (the shadow password structure is spwd, not
77 Modified at NRL for OPIE 2.01. Changed password lookup handling
78 to use a static structure to avoid problems with drain-
79 bamaged shadow password packages. Make sure to close
80 syslog by function to avoid problems with drain bamaged
81 syslog implementations. Log a few interesting errors.
82 Modified at NRL for OPIE 2.0.
83 Modified at Bellcore for the Bellcore S/Key Version 1 software
88 * Portions of this software are
89 * Copyright (c) 1980,1987 Regents of the University of California.
90 * All rights reserved. The Berkeley software License Agreement
91 * specifies the terms and conditions for redistribution.
94 #include "opie_cfg.h" /* OPIE: defines symbols for filenames & pathnames */
96 #include <sys/param.h>
97 #endif /* HAVE_SYS_PARAM_H */
99 #include <sys/types.h>
101 #if HAVE_SETPRIORITY && HAVE_SYS_RESOURCE_H
102 #include <sys/resource.h>
103 #endif /* HAVE_SETPRIORITY && HAVE_SYS_RESOURCE_H */
105 #if TIME_WITH_SYS_TIME
106 # include <sys/time.h>
108 #else /* TIME_WITH_SYS_TIME */
110 #include <sys/time.h>
111 #else /* HAVE_SYS_TIME_H */
113 #endif /* HAVE_SYS_TIME_H */
114 #endif /* TIME_WITH_SYS_TIME */
117 #include <sys/file.h>
118 #endif /* HAVE_SYS_FILE_H */
121 #include <pwd.h> /* POSIX Password routines */
122 #endif /* HAVE_PWD_H */
126 #include <unistd.h> /* Basic POSIX macros and functions */
127 #endif /* HAVE_UNISTD_H */
128 #include <termios.h> /* POSIX terminal I/O */
130 #include <string.h> /* ANSI C string functions */
131 #endif /* HAVE_STRING_H */
132 #include <fcntl.h> /* File I/O functions */
136 #include <netinet/in.h> /* contains types needed for next include file */
137 #include <arpa/inet.h> /* Inet addr<-->ascii functions */
140 #endif /* HAVE_STDLIB_H */
141 #if HAVE_SYS_SELECT_H
142 #include <sys/select.h>
143 #endif /* HAVE_SYS_SELECT_H */
146 #include <sys/quota.h>
150 #include <sys/ioctl.h> /* non-portable routines used only a few places */
152 #endif /* HAVE_GETTTYNAM */
156 #define TTYGID(gid) tty_gid(gid) /* gid that owns all ttys */
163 #endif /* HAVE_LASTLOG_H */
165 static int rflag = 0;
166 static int usererr = -1;
167 static int stopmotd = 0;
168 static char rusername[NMAX + 1];
169 static char name[NMAX + 1] = "";
170 static char minusnam[16] = "-";
171 static char *envinit[1]; /* now set by setenv calls */
172 static char term[64] = ""; /* important to initialise to a NULL string */
173 static char host[HMAX + 1] = "";
174 static struct passwd nouser;
175 static struct passwd thisuser;
179 #endif /* HAVE_SHADOW_H */
181 static char *ttyprompt;
185 #endif /* PERMSFILE */
187 static struct termios attr;
191 static int ouroptind;
192 static char *ouroptarg;
195 #ifndef _PATH_LASTLOG
196 #define _PATH_LASTLOG "/var/adm/lastlog"
197 #endif /* _PATH_LASTLOG */
199 static char lastlog[] = _PATH_LASTLOG;
200 #endif /* HAVE_LASTLOG_H */
203 * The "timeout" variable bounds the time given to login.
204 * We initialize it here for safety and so that it can be
205 * patched on machines where the default value is not appropriate.
207 static int timeout = 120;
209 static void getstr __P((char *, int, char *));
213 #endif /* HAVE_CRYPT_H */
218 static int need_opieverify = 0;
219 static struct opie opie;
222 /* Windowing variable relating to JWINSIZE/TIOCSWINSZ/TIOCGWINSZ. This is
223 available on BSDish systems and at least Solaris 2.x, but portability to
224 other systems is questionable. Use within this source code module is
225 protected by suitable defines.
227 I'd be interested in hearing about a more portable approach. rja */
229 static struct winsize win = {0, 0, 0, 0};
233 /*------------------ BEGIN REAL CODE --------------------------------*/
235 /* We allow the malloc()s to potentially leak data out because we can
236 only call this routine about four times in the lifetime of this process
237 and the kernel will free all heap memory when we exit or exec. */
238 static int lookupuser FUNCTION_NOARGS
243 #endif /* HAVE_SHADOW */
245 memcpy(&thisuser, &nouser, sizeof(thisuser));
247 if (!(pwd = getpwnam(name)))
250 thisuser.pw_uid = pwd->pw_uid;
251 thisuser.pw_gid = pwd->pw_gid;
253 if (!(thisuser.pw_name = malloc(strlen(pwd->pw_name) + 1)))
255 strcpy(thisuser.pw_name, pwd->pw_name);
257 if (!(thisuser.pw_dir = malloc(strlen(pwd->pw_dir) + 1)))
259 strcpy(thisuser.pw_dir, pwd->pw_dir);
261 if (!(thisuser.pw_shell = malloc(strlen(pwd->pw_shell) + 1)))
263 strcpy(thisuser.pw_shell, pwd->pw_shell);
266 if (!(spwd = getspnam(name)))
269 pwd->pw_passwd = spwd->sp_pwdp;
272 #endif /* HAVE_SHADOW */
274 if (!(thisuser.pw_passwd = malloc(strlen(pwd->pw_passwd) + 1)))
276 strcpy(thisuser.pw_passwd, pwd->pw_passwd);
280 return ((thisuser.pw_passwd[0] == '*') || (thisuser.pw_passwd[0] == '#'));
283 memcpy(&thisuser, &nouser, sizeof(thisuser));
287 static VOIDRET getloginname FUNCTION_NOARGS
291 static int first = 1;
293 memset(name, 0, sizeof(name));
296 while (name[0] == '\0') {
309 if (!opiereadpass(name, sizeof(name)-1, flags)) {
310 syslog(LOG_CRIT, "End-of-file (or other error?) on stdin!");
313 for (namep = name; *namep; namep++) {
320 static VOIDRET timedout FUNCTION((i), int i)
322 /* input variable declared just to keep the compiler quiet */
323 printf("Login timed out after %d seconds\n", timeout);
324 syslog(LOG_CRIT, "Login timed out after %d seconds!", timeout);
327 opieverify(&opie, NULL);
332 #if !HAVE_MOTD_IN_PROFILE
333 static VOIDRET catch FUNCTION((i), int i)
335 /* the input variable is declared to keep the compiler quiet */
336 signal(SIGINT, SIG_IGN);
339 #endif /* !HAVE_MOTD_IN_PROFILE */
341 static VOIDRET catchexit FUNCTION_NOARGS
344 tcsetattr(STDIN_FILENO, TCSAFLUSH, &attr);
347 for (i = sysconf(_SC_OPEN_MAX); i > 2; i--)
351 static int rootterm FUNCTION((ttyn), char *ttyn)
354 /* The getttynam() call and the ttyent structure first appeared in 4.3 BSD and
355 are not portable to System V systems such as Solaris 2.x. or modern versions
357 register struct ttyent *t;
360 tty = strrchr(ttyn, '/');
367 if ((t = getttynam(tty)) != NULL)
368 return (t->ty_status & TTY_SECURE);
370 return (1); /* when in doubt, allow root logins */
372 #elif HAVE_ETC_DEFAULT_LOGIN
378 /* SVR4 only permits two security modes for root logins: 1) only from CONSOLE,
379 if the string "CONSOLE=/dev/console" exists and is not commented out with "#"
380 characters, or 2) from anywhere.
382 So we open /etc/default/login file grab the file contents one line at a time
383 verify that the line being tested isn't commented out check for the substring
384 "CONSOLE" and decide whether to permit this attempted root login/su. */
386 if ((filno = fopen("/etc/default/login", "r")) != NULL) {
387 while (fgets(line, 128, filno) != NULL) {
390 if ((line[0] != '#') && (next = strstr(line, "CONSOLE"))) {
391 next += 7; /* get past the string "CONSOLE" */
393 while (*next && (*next == ' ') || (*next == '\t'))
396 if (*(next++) != '=')
397 break; /* some weird character, get next line */
400 while (*next2 && (*next2 != '\t') && (*next2 != ' ') &&
405 return !strcmp(ttyn, next); /* Allow the login if and only if the
406 user's terminal line matches the
407 setting for CONSOLE */
409 } /* end while another line could be obtained */
410 } /* end if could open file */
411 return (1); /* when no CONSOLE line exists, root can login from anywhere */
415 char buffer[1024], *c;
418 if (!(f = fopen("/etc/securetty", "r")))
421 if (c = strstr(ttyn, "/dev/"))
424 if (c = strrchr(ttyn, '/'))
427 while (fgets(buffer, sizeof(buffer), f)) {
428 if (c = strrchr(buffer, '\n'))
431 if (!(c = strrchr(buffer, '/')))
436 if (!strcmp(c, ttyn))
444 return (1); /* when in doubt, allow root logins */
448 static int doremotelogin FUNCTION((host), char *host)
452 getstr(rusername, sizeof(rusername), "remuser");
453 getstr(name, sizeof(name), "locuser");
454 getstr(term, sizeof(term), "Terminal type");
456 memcpy(&thisuser, &nouser, sizeof(thisuser));
457 syslog(LOG_ERR, "getuid() failed");
461 syslog(LOG_ERR, "lookup failed for user %s", name);
464 rc = ruserok(host, !thisuser.pw_uid, rusername, name);
467 "ruserok failed, host=%s, uid=%d, remote username=%s, local username=%s",
468 host, thisuser.pw_uid, rusername, name);
474 static VOIDRET getstr FUNCTION((buf, cnt, err), char *buf AND int cnt AND char *err)
479 if (read(0, &c, 1) != 1)
482 printf("%s too long\r\n", err);
483 syslog(LOG_CRIT, "%s too long", err);
488 while ((c != 0) && (c != '~'));
611 static VOIDRET doremoteterm FUNCTION((term), char *term)
613 register char *cp = strchr(term, '/');
615 struct speed_xlat *x;
620 cp = strchr(speed, '/');
623 for (x = speeds; x->c != NULL; x++)
624 if (strcmp(x->c, speed) == 0) {
625 cfsetispeed(&attr, x->i);
626 cfsetospeed(&attr, x->i);
632 static int tty_gid FUNCTION((default_gid), int default_gid)
635 int gid = default_gid;
637 gr = getgrnam(TTYGRPNAME);
638 if (gr != (struct group *) 0)
644 int main FUNCTION((argc, argv), int argc AND char *argv[])
646 extern char **environ;
647 register char *namep;
649 int invalid, quietlog;
651 char *tty, host[256];
652 int pflag = 0, hflag = 0, fflag = 0;
656 char opieprompt[OPIE_CHALLENGE_MAX + 1];
666 fprintf(stderr, "This program requires super-user privileges.\n");
671 for (t = sysconf(_SC_OPEN_MAX); t > 2; t--)
674 openlog("login", LOG_ODELAY, LOG_AUTH);
678 opieprompt[0] = '\0';
680 if (p = getenv("TERM")) {
682 syslog(LOG_DEBUG, "environment TERM=%s", p);
684 opiestrncpy(term, p, sizeof(term));
687 memset(&nouser, 0, sizeof(nouser));
690 nouser.pw_passwd = "#nope";
691 nouser.pw_name = nouser.pw_gecos = nouser.pw_dir = nouser.pw_shell = "";
693 #if HAVE_SETPRIORITY && HAVE_SYS_RESOURCE_H
694 setpriority(PRIO_PROCESS, 0, 0);
695 #endif /* HAVE_SETPRIORITY && HAVE_SYS_RESOURCE_H */
697 signal(SIGALRM, timedout);
699 signal(SIGQUIT, SIG_IGN);
700 signal(SIGINT, SIG_IGN);
703 ttyprompt = (char *) getenv("TTYPROMPT");
704 #endif /* TTYPROMPT */
707 quota(Q_SETUID, 0, 0, 0);
711 syslog(LOG_DEBUG, "my args are: (argc=%d)", i = argc);
713 syslog(LOG_DEBUG, "%d: %s", i, argv[i]);
716 /* Implement our own getopt()-like functionality, but do so in a much more
717 strict manner to prevent security problems. */
718 for (ouroptind = 1; ouroptind < argc; ouroptind++) {
719 if (!argv[ouroptind])
722 if (argv[ouroptind][0] == '-') {
723 char *c = argv[ouroptind] + 1;
728 if (*c || (++ouroptind == argc))
731 /* The '-d' option is apparently a performance hack to get around
732 ttyname() being slow. The potential does exist for it to be used
733 for malice, and it does not seem to be strictly necessary, so we
738 if (rflag || hflag || fflag) {
739 fprintf(stderr, "Other options not allowed with -r\n");
743 if (*c || (++ouroptind == argc))
746 if (!(ouroptarg = argv[ouroptind]))
750 if (!doremotelogin(ouroptarg))
753 opiestrncpy(host, ouroptarg, sizeof(host));
758 if (rflag || hflag || fflag) {
759 fprintf(stderr, "Other options not allowed with -h\n");
764 if (*c || (++ouroptind == argc))
767 if (!(ouroptarg = argv[ouroptind]))
770 opiestrncpy(host, ouroptarg, sizeof(host));
776 fprintf(stderr, "Only one of -r and -f allowed\n");
781 if (*c || (++ouroptind == argc))
784 if (!(ouroptarg = argv[ouroptind]))
787 opiestrncpy(name, ouroptarg, sizeof(name));
797 if (strchr(argv[ouroptind], '=')) {
798 if (!strncmp(argv[ouroptind], "TERM=", 5)) {
799 opiestrncpy(term, &(argv[ouroptind][5]), sizeof(term));
802 syslog(LOG_DEBUG, "passed TERM=%s, ouroptind = %d", term, ouroptind);
806 syslog(LOG_DEBUG, "eating %s, ouroptind = %d", argv[ouroptind], ouroptind);
812 opiestrncpy(name, argv[ouroptind], sizeof(name));
816 /* BSDism: not sure how to rewrite for POSIX. rja */
817 ioctl(0, TIOCNXCL, 0); /* set non-exclusive use of tty */
820 /* get original termio attributes */
821 if (tcgetattr(STDIN_FILENO, &attr) != 0)
824 /* If talking to an rlogin process, propagate the terminal type and baud rate
825 across the network. */
829 struct termios termios;
831 struct timeval timeval;
833 memset(&timeval, 0, sizeof(struct timeval));
840 #endif /* HAVE_USLEEP */
842 if (select(1, &fds, NULL, NULL, &timeval)) {
844 syslog(LOG_DEBUG, "reading user name from tty buffer");
847 if (tcgetattr(0, &termios)) {
849 syslog(LOG_DEBUG, "tcgetattr(0, &termios) failed");
854 termios.c_lflag &= ~ECHO;
856 if (tcsetattr(0, TCSANOW, &termios)) {
858 syslog(LOG_DEBUG, "tcsetattr(0, &termios) failed");
863 if ((i = read(0, name, sizeof(name)-1)) > 0)
865 if ((p = strchr(name, '\r')))
867 if ((p = strchr(name, '\n')))
872 /* Force termios portable control characters to the system default values as
873 specified in termios.h. This should help the one-time password login feel the
874 same as the vendor-supplied login. Common extensions are also set for
875 completeness, but these are set within appropriate defines for portability. */
877 #define CONTROL(x) (x - 64)
881 attr.c_cc[VEOF] = CEOF;
883 attr.c_cc[VEOF] = CONTROL('D');
888 attr.c_cc[VEOL] = CEOL;
890 attr.c_cc[VEOL] = CONTROL('J');
895 attr.c_cc[VERASE] = CERASE;
897 attr.c_cc[VERASE] = CONTROL('H');
902 attr.c_cc[VINTR] = CINTR;
904 attr.c_cc[VINTR] = CONTROL('C');
909 attr.c_cc[VKILL] = CKILL;
911 attr.c_cc[VKILL] = CONTROL('U');
916 attr.c_cc[VQUIT] = CQUIT;
918 attr.c_cc[VQUIT] = CONTROL('\\');
923 attr.c_cc[VSUSP] = CSUSP;
925 attr.c_cc[VSUSP] = CONTROL('Z');
930 attr.c_cc[VSTOP] = CSTOP;
932 attr.c_cc[VSTOP] = CONTROL('S');
937 attr.c_cc[VSTART] = CSTART;
939 attr.c_cc[VSTART] = CONTROL('Q');
944 attr.c_cc[VDSUSP] = CDSUSP;
946 attr.c_cc[VDSUSP] = 0;
951 attr.c_cc[VEOL2] = CEOL2;
953 attr.c_cc[VEOL2] = 0;
958 attr.c_cc[VREPRINT] = CRPRNT;
960 attr.c_cc[VREPRINT] = 0;
962 #endif /* VREPRINT */
965 attr.c_cc[VWERASE] = CWERASE;
967 attr.c_cc[VWERASE] = 0;
972 attr.c_cc[VLNEXT] = CLNEXT;
974 attr.c_cc[VLNEXT] = 0;
978 attr.c_lflag |= ICANON; /* enable canonical input processing */
979 attr.c_lflag &= ~ISIG; /* disable INTR, QUIT,& SUSP signals */
980 attr.c_lflag |= (ECHO | ECHOE); /* enable echo and erase */
982 /* POSIX does not specify any output processing flags, but the usage below
983 is SVID compliant and is generally portable to modern versions of UNIX. */
984 attr.c_oflag |= ONLCR; /* map CR to CRNL on output */
987 attr.c_iflag |= ICRNL;
990 attr.c_oflag |= OPOST;
991 attr.c_lflag |= ICANON; /* enable canonical input */
992 attr.c_lflag |= ECHO;
993 attr.c_lflag |= ECHOE; /* enable ERASE character */
994 attr.c_lflag |= ECHOK; /* enable KILL to delete line */
995 attr.c_cflag |= HUPCL; /* hangup on close */
997 /* Set revised termio attributes */
998 if (tcsetattr(STDIN_FILENO, TCSAFLUSH, &attr))
1005 if (tty == (char *) 0 || *tty == '\0')
1006 tty = "UNKNOWN"; /* was: "/dev/tty??" */
1008 #if HAVE_SETVBUF && defined(_IONBF)
1009 #if SETVBUF_REVERSED
1010 setvbuf(stdout, _IONBF, NULL, 0);
1011 setvbuf(stderr, _IONBF, NULL, 0);
1012 #else /* SETVBUF_REVERSED */
1013 setvbuf(stdout, NULL, _IONBF, 0);
1014 setvbuf(stderr, NULL, _IONBF, 0);
1015 #endif /* SETVBUF_REVERSED */
1016 #endif /* HAVE_SETVBUF && defined(_IONBF) */
1019 syslog(LOG_DEBUG, "tty = %s", tty);
1022 #ifdef HAVE_LOGIN_ENVFILE
1026 if (f = fopen(HAVE_LOGIN_ENVFILE, "r")) {
1027 char line[128], *c, *c2;
1029 while(fgets(line, sizeof(line)-1, f)) {
1031 while(*c && (isalnum(*c) || (*c == '_'))) c++;
1034 if (c2 = strchr(c, ';'))
1036 if (c2 = strchr(c, '\n'))
1038 if (c2 = strchr(c, ' '))
1040 if (c2 = strchr(c, '\t'))
1042 if (!strcmp(line, "TZ"))
1044 if (setenv(line, c, 1) < 0) {
1045 fprintf(stderr, "setenv() failed -- environment full?\n");
1053 #endif /* HAVE_LOGIN_ENVFILE */
1057 af_pwok = opieaccessfile(host);
1060 if (name[0] == '-') {
1061 fprintf(stderr, "User names can't start with '-'.\n");
1062 syslog(LOG_AUTH, "Attempt to use invalid username: %s.", name);
1065 invalid = lookupuser();
1068 /* If remote login take given name, otherwise prompt user for something. */
1069 if (invalid && !name[0]) {
1071 invalid = lookupuser();
1075 syslog(LOG_DEBUG, "login name is +%s+, of length %d, [0] = %d", name, strlen(name), name[0]);
1081 if (uid != 0 && uid != thisuser.pw_uid)
1083 /* Disallow automatic login for root. */
1084 if (thisuser.pw_uid == 0)
1090 /* If no remote login authentication and a password exists for this user,
1091 prompt for and verify a password. */
1092 if (!fflag && (rflag < 1) && *thisuser.pw_passwd) {
1094 syslog(LOG_DEBUG, "login name is +%s+, of length %d, [0] = %d\n", name, strlen(name), name[0]);
1097 /* Attempt a one-time password challenge */
1098 i = opiechallenge(&opie, name, opieprompt);
1099 need_opieverify = TRUE;
1101 if ((i < 0) || (i > 1)) {
1102 syslog(LOG_ERR, "error: opiechallenge() returned %d, errno=%d!\n", i, errno);
1104 printf("%s\n", opieprompt);
1108 if (!memcmp(&thisuser, &nouser, sizeof(thisuser)))
1110 syslog(LOG_WARNING, "Invalid login attempt for %s on %s from %s.",
1113 syslog(LOG_WARNING, "Invalid login attempt for %s on %s.",
1116 if (af_pwok && opiealways(thisuser.pw_dir))
1120 syslog(LOG_DEBUG, "af_pwok = %d, authsok = %d", af_pwok, authsok);
1124 syslog(LOG_ERR, "no authentication methods are available for %s!", name);
1127 if ((authsok & 1) || !authsok)
1129 if (((authsok & 3) == 3) || !authsok)
1131 if ((authsok & 2) || !authsok)
1135 if (!opiereadpass(buf, sizeof(buf), !(authsok & 2)))
1137 #else /* NEW_PROMPTS */
1138 if ((authsok & 3) == 1)
1139 printf("(OTP response required)\n");
1140 printf("Password:");
1142 if (!opiereadpass(buf, sizeof(buf), 0))
1144 #endif /* NEW_PROMPTS */
1146 if (!buf[0] && (authsok & 1)) {
1148 /* Null line entered, so display appropriate prompt & flush current
1151 printf("Response: ");
1152 #else /* NEW_PROMPTS */
1153 printf(" (echo on)\nPassword:");
1154 #endif /* NEW_PROMPTS */
1155 if (!opiereadpass(buf, sizeof(buf), 1))
1160 i = opiegetsequence(&opie);
1161 opiepassed = !opieverify(&opie, buf);
1162 need_opieverify = 0;
1165 syslog(LOG_DEBUG, "opiepassed = %d", opiepassed);
1170 if ((authsok & 1) && opiepassed) {
1172 printf("Warning: Re-initialize your OTP information");
1179 pp = crypt(buf, thisuser.pw_passwd);
1180 invalid = strcmp(pp, thisuser.pw_passwd);
1187 /* If user not super-user, check for logins disabled. */
1188 if (thisuser.pw_uid) {
1189 if (nlfd = fopen(_PATH_NOLOGIN, "r")) {
1190 while ((c = getc(nlfd)) != EOF)
1197 /* If valid so far and root is logging in, see if root logins on this
1198 terminal are permitted. */
1199 if (!invalid && !thisuser.pw_uid && !rootterm(tty)) {
1201 syslog(LOG_CRIT, "ROOT LOGIN REFUSED ON %s FROM %.*s",
1204 syslog(LOG_CRIT, "ROOT LOGIN REFUSED ON %s", tty);
1207 /* If invalid, then log failure attempt data to appropriate system
1208 logfiles and close the connection. */
1210 printf("Login incorrect\n");
1212 syslog(LOG_ERR, "LOGIN FAILURE ON %s FROM %.*s, %.*s",
1213 tty, HMAX, host, sizeof(name), name);
1215 syslog(LOG_ERR, "LOGIN FAILURE ON %s, %.*s",
1216 tty, sizeof(name), name);
1220 if (*thisuser.pw_shell == '\0')
1221 thisuser.pw_shell = "/bin/sh";
1222 /* Remote login invalid must have been because of a restriction of some
1223 sort, no extra chances. */
1231 /* Committed to login -- turn off timeout */
1235 if (quota(Q_SETUID, thisuser.pw_uid, 0, 0) < 0 && errno != EINVAL) {
1236 if (errno == EUSERS)
1237 printf("%s.\n%s.\n", "Too many users logged on already",
1240 if (errno == EPROCLIM)
1241 printf("You have too many processes running.\n");
1243 perror("quota (Q_SETUID)");
1249 if (opielogin(tty, name, host))
1250 syslog(LOG_ERR, "can't record login: tty %s, name %s, host %s", tty, name, host);
1252 quietlog = !access(QUIET_LOGIN_FILE, F_OK);
1258 if ((f = open(lastlog, O_RDWR)) >= 0) {
1261 lseek(f, (long)thisuser.pw_uid * sizeof(struct lastlog), 0);
1263 if ((sizeof(ll) == read(f, (char *) &ll, sizeof(ll))) &&
1264 (ll.ll_time != 0) && (!quietlog)) {
1265 printf("Last login: %.*s ",
1266 24 - 5, (char *) ctime(&ll.ll_time));
1267 if (*ll.ll_host != '\0')
1268 printf("from %.*s\n", sizeof(ll.ll_host), ll.ll_host);
1270 printf("on %.*s\n", sizeof(ll.ll_line), ll.ll_line);
1272 lseek(f, (long)thisuser.pw_uid * sizeof(struct lastlog), 0);
1275 if (!strncmp(tty, "/dev/", 5))
1276 opiestrncpy(ll.ll_line, tty + 5, sizeof(ll.ll_line));
1278 opiestrncpy(ll.ll_line, tty, sizeof(ll.ll_line));
1279 opiestrncpy(ll.ll_host, host, sizeof(ll.ll_host));
1280 write(f, (char *) &ll, sizeof ll);
1284 #endif /* HAVE_LASTLOG_H */
1286 chown(tty, thisuser.pw_uid, TTYGID(thisuser.pw_gid));
1289 /* POSIX does not specify any interface to set/get window sizes, so this is
1290 not portable. It should work on most recent BSDish systems and the defines
1291 should protect it on older System Vish systems. It does work under Solaris
1292 2.4, though it isn't clear how many other SVR4 systems support it. I'd be
1293 interested in hearing of a more portable approach. rja */
1294 if (!hflag && !rflag)
1295 ioctl(0, TIOCSWINSZ, &win); /* set window size to 0,0,0,0 */
1299 setgid(thisuser.pw_gid);
1300 initgroups(name, thisuser.pw_gid);
1303 quota(Q_DOWARN, thisuser.pw_uid, (dev_t) - 1, 0);
1307 home = thisuser.pw_dir;
1308 permsfile(name, tty, thisuser.pw_uid, thisuser.pw_gid);
1310 #endif /* PERMSFILE */
1312 setuid(thisuser.pw_uid);
1314 /* destroy environment unless user has asked to preserve it */
1317 setenv("HOME", thisuser.pw_dir, 1);
1318 setenv("SHELL", thisuser.pw_shell, 1);
1320 if (chdir(thisuser.pw_dir) < 0) {
1322 syslog(LOG_DEBUG, "chdir(%s): %s(%d)", thisuser.pw_dir, strerror(errno),
1325 if (chdir("/") < 0) {
1326 printf("No directory!\n");
1329 printf("No directory! %s\n", "Logging in with HOME=/");
1330 strcpy(thisuser.pw_dir, "/");
1337 * The getttynam() call and the ttyent structure first appeared in 4.3 BSD.
1338 * They are not portable to System V systems such as Solaris 2.x.
1341 register struct ttyent *t;
1344 if (c = strrchr(tty, '/'))
1349 if (t = getttynam(c))
1350 opiestrncpy(term, t->ty_type, sizeof(term));
1352 #endif /* HAVE_GETTTYNAM */
1353 strcpy(term, "unknown");
1356 setenv("USER", name, 1);
1357 setenv("LOGNAME", name, 1);
1358 setenv("PATH", DEFAULT_PATH, 0);
1361 syslog(LOG_DEBUG, "setting TERM=%s", term);
1363 setenv("TERM", term, 1);
1366 #ifdef HAVE_LOGIN_ENVFILE
1370 if (f = fopen(HAVE_LOGIN_ENVFILE, "r")) {
1371 char line[128], *c, *c2;
1373 while(fgets(line, sizeof(line)-1, f)) {
1375 while(*c && (isalnum(*c) || (*c == '_'))) c++;
1378 if (c2 = strchr(c, ';'))
1380 if (c2 = strchr(c, '\n'))
1382 if (c2 = strchr(c, ' '))
1384 if (c2 = strchr(c, '\t'))
1386 if (setenv(line, c, 0) < 0) {
1387 fprintf(stderr, "setenv() failed -- environment full?\n");
1395 #endif /* HAVE_LOGIN_ENVFILE */
1397 if ((namep = strrchr(thisuser.pw_shell, '/')) == NULL)
1398 namep = thisuser.pw_shell;
1401 strcat(minusnam, namep);
1402 if (tty[sizeof("tty") - 1] == 'd')
1403 syslog(LOG_INFO, "DIALUP %s, %s", tty, name);
1404 if (!thisuser.pw_uid)
1406 syslog(LOG_NOTICE, "ROOT LOGIN %s FROM %.*s", tty, HMAX, host);
1408 syslog(LOG_NOTICE, "ROOT LOGIN %s", tty);
1409 #if !HAVE_MOTD_IN_PROFILE
1414 signal(SIGINT, catch);
1415 if ((mf = fopen(MOTD_FILE, "r")) != NULL) {
1416 while ((c = getc(mf)) != EOF && !stopmotd)
1420 signal(SIGINT, SIG_IGN);
1422 #endif /* !HAVE_MOTD_IN_PROFILE */
1423 #if !HAVE_MAILCHECK_IN_PROFILE
1429 opiestrncpy(buf, PATH_MAIL, sizeof(buf) - 2);
1432 if (*(buf + len - 1) != '/') {
1434 *(buf + len + 1) = 0;
1439 syslog(LOG_DEBUG, "statting %s", buf);
1441 if (!stat(buf, &st) && st.st_size)
1442 printf("You have %smail.\n",
1443 (st.st_mtime > st.st_atime) ? "new " : "");
1445 #endif /* !HAVE_MAILCHECK_IN_PROFILE */
1446 signal(SIGALRM, SIG_DFL);
1447 signal(SIGQUIT, SIG_DFL);
1448 signal(SIGINT, SIG_DFL);
1449 signal(SIGTSTP, SIG_IGN);
1451 attr.c_lflag |= (ISIG | IEXTEN);
1454 execlp(thisuser.pw_shell, minusnam, 0);
1455 perror(thisuser.pw_shell);
1456 printf("No shell\n");
projects / dragonfly.git / blob