![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to login.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / usr.bin / login|
Return to login.c CVS log | Up to [CSRG BSD Unix] / 43BSDReno / usr.bin / login |
1.1 ! root 1: /*- ! 2: * Copyright (c) 1980, 1987, 1988 The Regents of the University of California. ! 3: * All rights reserved. ! 4: * ! 5: * Redistribution and use in source and binary forms are permitted provided ! 6: * that: (1) source distributions retain this entire copyright notice and ! 7: * comment, and (2) distributions including binaries display the following ! 8: * acknowledgement: ``This product includes software developed by the ! 9: * University of California, Berkeley and its contributors'' in the ! 10: * documentation or other materials provided with the distribution and in ! 11: * all advertising materials mentioning features or use of this software. ! 12: * Neither the name of the University nor the names of its contributors may ! 13: * be used to endorse or promote products derived from this software without ! 14: * specific prior written permission. ! 15: * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED ! 16: * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF ! 17: * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. ! 18: */ ! 19: ! 20: #ifndef lint ! 21: char copyright[] = ! 22: "@(#) Copyright (c) 1980, 1987, 1988 The Regents of the University of California.\n\ ! 23: All rights reserved.\n"; ! 24: #endif /* not lint */ ! 25: ! 26: #ifndef lint ! 27: static char sccsid[] = "@(#)login.c 5.63 (Berkeley) 6/29/90"; ! 28: #endif /* not lint */ ! 29: ! 30: /* ! 31: * login [ name ] ! 32: * login -h hostname (for telnetd, etc.) ! 33: * login -f name (for pre-authenticated login: datakit, xterm, etc.) ! 34: */ ! 35: ! 36: #include <sys/param.h> ! 37: #include <sys/stat.h> ! 38: #include <sys/time.h> ! 39: #include <sys/resource.h> ! 40: #include <sys/file.h> ! 41: #include <sgtty.h> ! 42: ! 43: #include <utmp.h> ! 44: #include <signal.h> ! 45: #include <errno.h> ! 46: #include <ttyent.h> ! 47: #include <syslog.h> ! 48: #include <grp.h> ! 49: #include <pwd.h> ! 50: #include <setjmp.h> ! 51: #include <stdio.h> ! 52: #include <string.h> ! 53: #include <tzfile.h> ! 54: #include "pathnames.h" ! 55: ! 56: #define TTYGRPNAME "tty" /* name of group to own ttys */ ! 57: ! 58: /* ! 59: * This bounds the time given to login. Not a define so it can ! 60: * be patched on machines where it's too small. ! 61: */ ! 62: int timeout = 300; ! 63: #ifdef KERBEROS ! 64: int notickets = 1; ! 65: #endif ! 66: ! 67: struct passwd *pwd; ! 68: int failures; ! 69: char term[64], *envinit[1], *hostname, *username, *tty; ! 70: ! 71: main(argc, argv) ! 72: int argc; ! 73: char **argv; ! 74: { ! 75: extern int optind; ! 76: extern char *optarg, **environ; ! 77: struct timeval tp; ! 78: struct group *gr; ! 79: register int ch; ! 80: register char *p; ! 81: int ask, fflag, hflag, pflag, cnt, uid; ! 82: int quietlog, rval; ! 83: char *domain, *salt, *ttyn; ! 84: char tbuf[MAXPATHLEN + 2], tname[sizeof(_PATH_TTY) + 10]; ! 85: char localhost[MAXHOSTNAMELEN]; ! 86: char *ctime(), *ttyname(), *stypeof(), *crypt(), *getpass(); ! 87: time_t time(); ! 88: off_t lseek(); ! 89: void timedout(); ! 90: ! 91: (void)signal(SIGALRM, timedout); ! 92: (void)alarm((u_int)timeout); ! 93: (void)signal(SIGQUIT, SIG_IGN); ! 94: (void)signal(SIGINT, SIG_IGN); ! 95: (void)setpriority(PRIO_PROCESS, 0, 0); ! 96: ! 97: openlog("login", LOG_ODELAY, LOG_AUTH); ! 98: ! 99: /* ! 100: * -p is used by getty to tell login not to destroy the environment ! 101: * -f is used to skip a second login authentication ! 102: * -h is used by other servers to pass the name of the remote ! 103: * host to login so that it may be placed in utmp and wtmp ! 104: */ ! 105: domain = NULL; ! 106: if (gethostname(localhost, sizeof(localhost)) < 0) ! 107: syslog(LOG_ERR, "couldn't get local hostname: %m"); ! 108: else ! 109: domain = index(localhost, '.'); ! 110: ! 111: fflag = hflag = pflag = 0; ! 112: uid = getuid(); ! 113: while ((ch = getopt(argc, argv, "fh:p")) != EOF) ! 114: switch (ch) { ! 115: case 'f': ! 116: fflag = 1; ! 117: break; ! 118: case 'h': ! 119: if (uid) { ! 120: (void)fprintf(stderr, ! 121: "login: -h for super-user only.\n"); ! 122: exit(1); ! 123: } ! 124: hflag = 1; ! 125: if (domain && (p = index(optarg, '.')) && ! 126: strcasecmp(p, domain) == 0) ! 127: *p = 0; ! 128: hostname = optarg; ! 129: break; ! 130: case 'p': ! 131: pflag = 1; ! 132: break; ! 133: case '?': ! 134: default: ! 135: if (!uid) ! 136: syslog(LOG_ERR, "invalid flag %c", ch); ! 137: (void)fprintf(stderr, ! 138: "usage: login [-fp] [username]\n"); ! 139: exit(1); ! 140: } ! 141: argc -= optind; ! 142: argv += optind; ! 143: if (*argv) { ! 144: username = *argv; ! 145: if (strlen(username) > UT_NAMESIZE) ! 146: username[UT_NAMESIZE] = '\0'; ! 147: ask = 0; ! 148: } else ! 149: ask = 1; ! 150: ! 151: for (cnt = getdtablesize(); cnt > 2; cnt--) ! 152: close(cnt); ! 153: ! 154: ttyn = ttyname(0); ! 155: if (ttyn == NULL || *ttyn == '\0') { ! 156: (void)sprintf(tname, "%s??", _PATH_TTY); ! 157: ttyn = tname; ! 158: } ! 159: if (tty = rindex(ttyn, '/')) ! 160: ++tty; ! 161: else ! 162: tty = ttyn; ! 163: ! 164: for (cnt = 0;; ask = 1) { ! 165: if (ask) { ! 166: fflag = 0; ! 167: getloginname(); ! 168: } ! 169: /* ! 170: * Note if trying multiple user names; log failures for ! 171: * previous user name, but don't bother logging one failure ! 172: * for nonexistent name (mistyped username). ! 173: */ ! 174: if (failures && strcmp(tbuf, username)) { ! 175: if (failures > (pwd ? 0 : 1)) ! 176: badlogin(tbuf); ! 177: failures = 0; ! 178: } ! 179: (void)strcpy(tbuf, username); ! 180: ! 181: if (pwd = getpwnam(username)) ! 182: salt = pwd->pw_passwd; ! 183: else ! 184: salt = "xx"; ! 185: ! 186: /* ! 187: * if we have a valid account name, and it doesn't have a ! 188: * password, or the -f option was specified and the caller ! 189: * is root or the caller isn't changing their uid, don't ! 190: * authenticate. ! 191: */ ! 192: if (pwd && (*pwd->pw_passwd == '\0' || ! 193: fflag && (uid == 0 || uid == pwd->pw_uid))) ! 194: break; ! 195: fflag = 0; ! 196: ! 197: /* ! 198: * If trying to log in as root, but with insecure terminal, ! 199: * refuse the login attempt. ! 200: */ ! 201: if (pwd && pwd->pw_uid == 0 && !rootterm(tty)) { ! 202: (void)fprintf(stderr, ! 203: "%s login refused on this terminal.\n", ! 204: pwd->pw_name); ! 205: if (hostname) ! 206: syslog(LOG_NOTICE, ! 207: "LOGIN %s REFUSED FROM %s ON TTY %s", ! 208: pwd->pw_name, hostname, tty); ! 209: else ! 210: syslog(LOG_NOTICE, ! 211: "LOGIN %s REFUSED ON TTY %s", ! 212: pwd->pw_name, tty); ! 213: continue; ! 214: } ! 215: ! 216: (void)setpriority(PRIO_PROCESS, 0, -4); ! 217: ! 218: p = getpass("Password:"); ! 219: ! 220: if (pwd) { ! 221: #ifdef KERBEROS ! 222: rval = klogin(pwd, localhost, p); ! 223: if (rval == 1) ! 224: rval = strcmp(crypt(p, salt), pwd->pw_passwd); ! 225: #else ! 226: rval = strcmp(crypt(p, salt), pwd->pw_passwd); ! 227: #endif ! 228: } ! 229: bzero(p, strlen(p)); ! 230: ! 231: (void)setpriority(PRIO_PROCESS, 0, 0); ! 232: ! 233: if (pwd && !rval) ! 234: break; ! 235: ! 236: (void)printf("Login incorrect\n"); ! 237: failures++; ! 238: /* we allow 10 tries, but after 3 we start backing off */ ! 239: if (++cnt > 3) { ! 240: if (cnt >= 10) { ! 241: badlogin(username); ! 242: sleepexit(1); ! 243: } ! 244: sleep((u_int)((cnt - 3) * 5)); ! 245: } ! 246: } ! 247: ! 248: /* committed to login -- turn off timeout */ ! 249: (void)alarm((u_int)0); ! 250: ! 251: /* paranoia... */ ! 252: endpwent(); ! 253: ! 254: /* if user not super-user, check for disabled logins */ ! 255: if (pwd->pw_uid) ! 256: checknologin(); ! 257: ! 258: if (chdir(pwd->pw_dir) < 0) { ! 259: (void)printf("No directory %s!\n", pwd->pw_dir); ! 260: if (chdir("/")) ! 261: exit(0); ! 262: pwd->pw_dir = "/"; ! 263: (void)printf("Logging in with home = \"/\".\n"); ! 264: } ! 265: ! 266: quietlog = access(_PATH_HUSHLOGIN, F_OK) == 0; ! 267: ! 268: if (pwd->pw_change || pwd->pw_expire) ! 269: (void)gettimeofday(&tp, (struct timezone *)NULL); ! 270: if (pwd->pw_change) ! 271: if (tp.tv_sec >= pwd->pw_change) { ! 272: (void)printf("Sorry -- your password has expired.\n"); ! 273: sleepexit(1); ! 274: } ! 275: else if (pwd->pw_change - tp.tv_sec < ! 276: 2 * DAYSPERWEEK * SECSPERDAY && !quietlog) ! 277: (void)printf("Warning: your password expires on %s", ! 278: ctime(&pwd->pw_expire)); ! 279: if (pwd->pw_expire) ! 280: if (tp.tv_sec >= pwd->pw_expire) { ! 281: (void)printf("Sorry -- your account has expired.\n"); ! 282: sleepexit(1); ! 283: } ! 284: else if (pwd->pw_expire - tp.tv_sec < ! 285: 2 * DAYSPERWEEK * SECSPERDAY && !quietlog) ! 286: (void)printf("Warning: your account expires on %s", ! 287: ctime(&pwd->pw_expire)); ! 288: ! 289: /* nothing else left to fail -- really log in */ ! 290: { ! 291: struct utmp utmp; ! 292: ! 293: bzero((void *)&utmp, sizeof(utmp)); ! 294: (void)time(&utmp.ut_time); ! 295: strncpy(utmp.ut_name, username, sizeof(utmp.ut_name)); ! 296: if (hostname) ! 297: strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host)); ! 298: strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line)); ! 299: login(&utmp); ! 300: } ! 301: ! 302: dolastlog(quietlog); ! 303: ! 304: (void)chown(ttyn, pwd->pw_uid, ! 305: (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid); ! 306: (void)chmod(ttyn, 0620); ! 307: (void)setgid(pwd->pw_gid); ! 308: ! 309: initgroups(username, pwd->pw_gid); ! 310: ! 311: if (*pwd->pw_shell == '\0') ! 312: pwd->pw_shell = _PATH_BSHELL; ! 313: ! 314: /* destroy environment unless user has requested preservation */ ! 315: if (!pflag) ! 316: environ = envinit; ! 317: (void)setenv("HOME", pwd->pw_dir, 1); ! 318: (void)setenv("SHELL", pwd->pw_shell, 1); ! 319: if (term[0] == '\0') ! 320: strncpy(term, stypeof(tty), sizeof(term)); ! 321: (void)setenv("TERM", term, 0); ! 322: (void)setenv("USER", pwd->pw_name, 1); ! 323: (void)setenv("PATH", _PATH_DEFPATH, 0); ! 324: ! 325: if (tty[sizeof("tty")-1] == 'd') ! 326: syslog(LOG_INFO, "DIALUP %s, %s", tty, pwd->pw_name); ! 327: /* if fflag is on, assume caller/authenticator has logged root login */ ! 328: if (pwd->pw_uid == 0 && fflag == 0) ! 329: if (hostname) ! 330: syslog(LOG_NOTICE, "ROOT LOGIN ON %s FROM %s", ! 331: tty, hostname); ! 332: else ! 333: syslog(LOG_NOTICE, "ROOT LOGIN ON %s", tty); ! 334: ! 335: #ifdef KERBEROS ! 336: if (!quietlog && notickets == 1) ! 337: (void)printf("Warning: no Kerberos tickets issued.\n"); ! 338: #endif ! 339: ! 340: if (!quietlog) { ! 341: struct stat st; ! 342: ! 343: motd(); ! 344: (void)sprintf(tbuf, "%s/%s", _PATH_MAILDIR, pwd->pw_name); ! 345: if (stat(tbuf, &st) == 0 && st.st_size != 0) ! 346: (void)printf("You have %smail.\n", ! 347: (st.st_mtime > st.st_atime) ? "new " : ""); ! 348: } ! 349: ! 350: (void)signal(SIGALRM, SIG_DFL); ! 351: (void)signal(SIGQUIT, SIG_DFL); ! 352: (void)signal(SIGINT, SIG_DFL); ! 353: (void)signal(SIGTSTP, SIG_IGN); ! 354: ! 355: tbuf[0] = '-'; ! 356: strcpy(tbuf + 1, (p = rindex(pwd->pw_shell, '/')) ? ! 357: p + 1 : pwd->pw_shell); ! 358: ! 359: if (setlogin(pwd->pw_name) < 0) ! 360: syslog(LOG_ERR, "setlogin() failure: %m"); ! 361: ! 362: /* discard permissions last so can't get killed and drop core */ ! 363: (void)setuid(pwd->pw_uid); ! 364: ! 365: execlp(pwd->pw_shell, tbuf, 0); ! 366: (void)fprintf(stderr, "login: no shell: %s.\n", strerror(errno)); ! 367: exit(0); ! 368: } ! 369: ! 370: getloginname() ! 371: { ! 372: register int ch; ! 373: register char *p; ! 374: static char nbuf[UT_NAMESIZE + 1]; ! 375: ! 376: for (;;) { ! 377: (void)printf("login: "); ! 378: for (p = nbuf; (ch = getchar()) != '\n'; ) { ! 379: if (ch == EOF) { ! 380: badlogin(username); ! 381: exit(0); ! 382: } ! 383: if (p < nbuf + UT_NAMESIZE) ! 384: *p++ = ch; ! 385: } ! 386: if (p > nbuf) ! 387: if (nbuf[0] == '-') ! 388: (void)fprintf(stderr, ! 389: "login names may not start with '-'.\n"); ! 390: else { ! 391: *p = '\0'; ! 392: username = nbuf; ! 393: break; ! 394: } ! 395: } ! 396: } ! 397: ! 398: void ! 399: timedout() ! 400: { ! 401: (void)fprintf(stderr, "Login timed out after %d seconds\n", timeout); ! 402: exit(0); ! 403: } ! 404: ! 405: rootterm(ttyn) ! 406: char *ttyn; ! 407: { ! 408: struct ttyent *t; ! 409: ! 410: return((t = getttynam(ttyn)) && t->ty_status&TTY_SECURE); ! 411: } ! 412: ! 413: jmp_buf motdinterrupt; ! 414: ! 415: motd() ! 416: { ! 417: register int fd, nchars; ! 418: sig_t oldint; ! 419: int sigint(); ! 420: char tbuf[8192]; ! 421: ! 422: if ((fd = open(_PATH_MOTDFILE, O_RDONLY, 0)) < 0) ! 423: return; ! 424: oldint = signal(SIGINT, sigint); ! 425: if (setjmp(motdinterrupt) == 0) ! 426: while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0) ! 427: (void)write(fileno(stdout), tbuf, nchars); ! 428: (void)signal(SIGINT, oldint); ! 429: (void)close(fd); ! 430: } ! 431: ! 432: sigint() ! 433: { ! 434: longjmp(motdinterrupt, 1); ! 435: } ! 436: ! 437: checknologin() ! 438: { ! 439: register int fd, nchars; ! 440: char tbuf[8192]; ! 441: ! 442: if ((fd = open(_PATH_NOLOGIN, O_RDONLY, 0)) >= 0) { ! 443: while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0) ! 444: (void)write(fileno(stdout), tbuf, nchars); ! 445: sleepexit(0); ! 446: } ! 447: } ! 448: ! 449: dolastlog(quiet) ! 450: int quiet; ! 451: { ! 452: struct lastlog ll; ! 453: int fd; ! 454: char *ctime(); ! 455: ! 456: if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) { ! 457: (void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), L_SET); ! 458: if (!quiet) { ! 459: if (read(fd, (char *)&ll, sizeof(ll)) == sizeof(ll) && ! 460: ll.ll_time != 0) { ! 461: (void)printf("Last login: %.*s ", ! 462: 24-5, (char *)ctime(&ll.ll_time)); ! 463: if (*ll.ll_host != '\0') ! 464: (void)printf("from %.*s\n", ! 465: sizeof(ll.ll_host), ll.ll_host); ! 466: else ! 467: (void)printf("on %.*s\n", ! 468: sizeof(ll.ll_line), ll.ll_line); ! 469: } ! 470: (void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), L_SET); ! 471: } ! 472: bzero((void *)&ll, sizeof(ll)); ! 473: (void)time(&ll.ll_time); ! 474: strncpy(ll.ll_line, tty, sizeof(ll.ll_line)); ! 475: if (hostname) ! 476: strncpy(ll.ll_host, hostname, sizeof(ll.ll_host)); ! 477: (void)write(fd, (char *)&ll, sizeof(ll)); ! 478: (void)close(fd); ! 479: } ! 480: } ! 481: ! 482: badlogin(name) ! 483: char *name; ! 484: { ! 485: if (failures == 0) ! 486: return; ! 487: if (hostname) ! 488: syslog(LOG_NOTICE, "%d LOGIN FAILURE%s FROM %s, %s", ! 489: failures, failures > 1 ? "S" : "", hostname, name); ! 490: else ! 491: syslog(LOG_NOTICE, "%d LOGIN FAILURE%s ON %s, %s", ! 492: failures, failures > 1 ? "S" : "", tty, name); ! 493: } ! 494: ! 495: #undef UNKNOWN ! 496: #define UNKNOWN "su" ! 497: ! 498: char * ! 499: stypeof(ttyid) ! 500: char *ttyid; ! 501: { ! 502: struct ttyent *t; ! 503: ! 504: return(ttyid && (t = getttynam(ttyid)) ? t->ty_type : UNKNOWN); ! 505: } ! 506: ! 507: sleepexit(eval) ! 508: int eval; ! 509: { ! 510: sleep((u_int)5); ! 511: exit(eval); ! 512: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.