![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to login.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDTahoe / bin|
Return to login.c CVS log | Up to [CSRG BSD Unix] / 43BSDTahoe / bin |
1.1 root 1: /*
2: * Copyright (c) 1980,1987 Regents of the University of California.
3: * All rights reserved. The Berkeley software License Agreement
4: * specifies the terms and conditions for redistribution.
5: */
6:
7: #ifndef lint
8: char copyright[] =
9: "@(#) Copyright (c) 1980 Regents of the University of California.\n\
10: All rights reserved.\n";
11: #endif not lint
12:
13: #ifndef lint
14: static char sccsid[] = "@(#)login.c 5.20 (Berkeley) 10/1/87";
15: #endif not lint
16:
17: /*
18: * login [ name ]
19: * login -r hostname (for rlogind)
20: * login -h hostname (for telnetd, etc.)
21: * login -f name (for pre-authenticated login: datakit, xterm, etc.)
22: */
23:
24: #include <sys/param.h>
25: #include <sys/quota.h>
26: #include <sys/stat.h>
27: #include <sys/time.h>
28: #include <sys/resource.h>
29: #include <sys/file.h>
30:
31: #include <sgtty.h>
32: #include <utmp.h>
33: #include <signal.h>
34: #include <pwd.h>
35: #include <stdio.h>
36: #include <lastlog.h>
37: #include <errno.h>
38: #include <ttyent.h>
39: #include <syslog.h>
40: #include <grp.h>
41:
42: #define TTYGRPNAME "tty" /* name of group to own ttys */
43: #define TTYGID(gid) tty_gid(gid) /* gid that owns all ttys */
44:
45: #define SCMPN(a, b) strncmp(a, b, sizeof(a))
46: #define SCPYN(a, b) strncpy(a, b, sizeof(a))
47:
48: #define NMAX sizeof(utmp.ut_name)
49: #define HMAX sizeof(utmp.ut_host)
50:
51: #define FALSE 0
52: #define TRUE -1
53:
54: char nolog[] = "/etc/nologin";
55: char qlog[] = ".hushlogin";
56: char maildir[30] = "/usr/spool/mail/";
57: char lastlog[] = "/usr/adm/lastlog";
58: struct passwd nouser = {"", "nope", -1, -1, -1, "", "", "", "" };
59: struct sgttyb ttyb;
60: struct utmp utmp;
61: char minusnam[16] = "-";
62: char *envinit[1]; /* now set by setenv calls */
63: /*
64: * This bounds the time given to login. We initialize it here
65: * so it can be patched on machines where it's too small.
66: */
67: int timeout = 300;
68:
69: char term[64];
70:
71: struct passwd *pwd;
72: char *strcat(), *rindex(), *index();
73: int timedout();
74: char *ttyname();
75: char *crypt();
76: char *getpass();
77: char *stypeof();
78: extern int errno;
79:
80: struct tchars tc = {
81: CINTR, CQUIT, CSTART, CSTOP, CEOT, CBRK
82: };
83: struct ltchars ltc = {
84: CSUSP, CDSUSP, CRPRNT, CFLUSH, CWERASE, CLNEXT
85: };
86:
87: struct winsize win = { 0, 0, 0, 0 };
88:
89: int rflag;
90: int usererr = -1;
91: char rusername[NMAX+1], lusername[NMAX+1];
92: char rpassword[NMAX+1];
93: char name[NMAX+1];
94: char me[MAXHOSTNAMELEN];
95: char *rhost;
96:
97: main(argc, argv)
98: char *argv[];
99: {
100: extern char **environ;
101: register char *namep;
102: int pflag = 0, hflag = 0, fflag = 0, t, f, c;
103: int invalid, quietlog;
104: FILE *nlfd;
105: char *ttyn, *tty;
106: int ldisc = 0, zero = 0, i;
107: char *p, *domain, *index();
108:
109: signal(SIGALRM, timedout);
110: alarm(timeout);
111: signal(SIGQUIT, SIG_IGN);
112: signal(SIGINT, SIG_IGN);
113: setpriority(PRIO_PROCESS, 0, 0);
114: quota(Q_SETUID, 0, 0, 0);
115: /*
116: * -p is used by getty to tell login not to destroy the environment
117: * -r is used by rlogind to cause the autologin protocol;
118: * -f is used to skip a second login authentication
119: * -h is used by other servers to pass the name of the
120: * remote host to login so that it may be placed in utmp and wtmp
121: */
122: (void) gethostname(me, sizeof(me));
123: domain = index(me, '.');
124: while (argc > 1) {
125: if (strcmp(argv[1], "-r") == 0) {
126: if (rflag || hflag || fflag) {
127: printf("Other options not allowed with -r\n");
128: exit(1);
129: }
130: if (argv[2] == 0)
131: exit(1);
132: rflag = 1;
133: usererr = doremotelogin(argv[2]);
134: if ((p = index(argv[2], '.')) && strcmp(p, domain) == 0)
135: *p = 0;
136: SCPYN(utmp.ut_host, argv[2]);
137: argc -= 2;
138: argv += 2;
139: continue;
140: }
141: if (strcmp(argv[1], "-h") == 0) {
142: if (getuid() == 0) {
143: if (rflag || hflag) {
144: printf("Only one of -r and -h allowed\n");
145: exit(1);
146: }
147: hflag = 1;
148: if ((p = index(argv[2], '.')) &&
149: strcmp(p, domain) == 0)
150: *p = 0;
151: SCPYN(utmp.ut_host, argv[2]);
152: }
153: argc -= 2;
154: argv += 2;
155: continue;
156: }
157: if (strcmp(argv[1], "-f") == 0 && argc > 2) {
158: if (rflag) {
159: printf("Only one of -r and -f allowed\n");
160: exit(1);
161: }
162: fflag = 1;
163: SCPYN(utmp.ut_name, argv[2]);
164: argc -= 2;
165: argv += 2;
166: continue;
167: }
168: if (strcmp(argv[1], "-p") == 0) {
169: argc--;
170: argv++;
171: pflag = 1;
172: continue;
173: }
174: break;
175: }
176: ioctl(0, TIOCLSET, &zero);
177: ioctl(0, TIOCNXCL, 0);
178: ioctl(0, FIONBIO, &zero);
179: ioctl(0, FIOASYNC, &zero);
180: ioctl(0, TIOCGETP, &ttyb);
181: /*
182: * If talking to an rlogin process,
183: * propagate the terminal type and
184: * baud rate across the network.
185: */
186: if (rflag)
187: doremoteterm(term, &ttyb);
188: ttyb.sg_erase = CERASE;
189: ttyb.sg_kill = CKILL;
190: ioctl(0, TIOCSLTC, <c);
191: ioctl(0, TIOCSETC, &tc);
192: ioctl(0, TIOCSETP, &ttyb);
193: for (t = getdtablesize(); t > 2; t--)
194: close(t);
195: ttyn = ttyname(0);
196: if (ttyn == (char *)0 || *ttyn == '\0')
197: ttyn = "/dev/tty??";
198: tty = rindex(ttyn, '/');
199: if (tty == NULL)
200: tty = ttyn;
201: else
202: tty++;
203: openlog("login", LOG_ODELAY, LOG_AUTH);
204: t = 0;
205: invalid = FALSE;
206: do {
207: ldisc = 0;
208: ioctl(0, TIOCSETD, &ldisc);
209: if (fflag == 0)
210: SCPYN(utmp.ut_name, "");
211: /*
212: * Name specified, take it.
213: */
214: if (argc > 1) {
215: SCPYN(utmp.ut_name, argv[1]);
216: argc = 0;
217: }
218: /*
219: * If remote login take given name,
220: * otherwise prompt user for something.
221: */
222: if (rflag && !invalid)
223: SCPYN(utmp.ut_name, lusername);
224: else {
225: getloginname(&utmp);
226: if (utmp.ut_name[0] == '-') {
227: puts("login names may not start with '-'.");
228: invalid = TRUE;
229: continue;
230: }
231: }
232: invalid = FALSE;
233: if (!strcmp(pwd->pw_shell, "/bin/csh")) {
234: ldisc = NTTYDISC;
235: ioctl(0, TIOCSETD, &ldisc);
236: }
237: if (fflag) {
238: int uid = getuid();
239:
240: if (uid != 0 && uid != pwd->pw_uid)
241: fflag = 0;
242: /*
243: * Disallow automatic login for root.
244: */
245: if (pwd->pw_uid == 0)
246: fflag = 0;
247: }
248: /*
249: * If no remote login authentication and
250: * a password exists for this user, prompt
251: * for one and verify it.
252: */
253: if (usererr == -1 && fflag == 0 && *pwd->pw_passwd != '\0') {
254: char *pp;
255:
256: setpriority(PRIO_PROCESS, 0, -4);
257: pp = getpass("Password:");
258: namep = crypt(pp, pwd->pw_passwd);
259: setpriority(PRIO_PROCESS, 0, 0);
260: if (strcmp(namep, pwd->pw_passwd))
261: invalid = TRUE;
262: }
263: /*
264: * If user not super-user, check for logins disabled.
265: */
266: if (pwd->pw_uid != 0 && (nlfd = fopen(nolog, "r")) > 0) {
267: while ((c = getc(nlfd)) != EOF)
268: putchar(c);
269: fflush(stdout);
270: sleep(5);
271: exit(0);
272: }
273: /*
274: * If valid so far and root is logging in,
275: * see if root logins on this terminal are permitted.
276: */
277: if (!invalid && pwd->pw_uid == 0 && !rootterm(tty)) {
278: if (utmp.ut_host[0])
279: syslog(LOG_CRIT,
280: "ROOT LOGIN REFUSED ON %s FROM %.*s",
281: tty, HMAX, utmp.ut_host);
282: else
283: syslog(LOG_CRIT,
284: "ROOT LOGIN REFUSED ON %s", tty);
285: invalid = TRUE;
286: }
287: if (invalid) {
288: printf("Login incorrect\n");
289: if (++t >= 5) {
290: if (utmp.ut_host[0])
291: syslog(LOG_ERR,
292: "REPEATED LOGIN FAILURES ON %s FROM %.*s, %.*s",
293: tty, HMAX, utmp.ut_host,
294: NMAX, utmp.ut_name);
295: else
296: syslog(LOG_ERR,
297: "REPEATED LOGIN FAILURES ON %s, %.*s",
298: tty, NMAX, utmp.ut_name);
299: ioctl(0, TIOCHPCL, (struct sgttyb *) 0);
300: close(0), close(1), close(2);
301: sleep(10);
302: exit(1);
303: }
304: }
305: if (*pwd->pw_shell == '\0')
306: pwd->pw_shell = "/bin/sh";
307: if (chdir(pwd->pw_dir) < 0 && !invalid ) {
308: if (chdir("/") < 0) {
309: printf("No directory!\n");
310: invalid = TRUE;
311: } else {
312: printf("No directory! %s\n",
313: "Logging in with home=/");
314: pwd->pw_dir = "/";
315: }
316: }
317: /*
318: * Remote login invalid must have been because
319: * of a restriction of some sort, no extra chances.
320: */
321: if (!usererr && invalid)
322: exit(1);
323: } while (invalid);
324: /* committed to login turn off timeout */
325: alarm(0);
326:
327: if (quota(Q_SETUID, pwd->pw_uid, 0, 0) < 0 && errno != EINVAL) {
328: if (errno == EUSERS)
329: printf("%s.\n%s.\n",
330: "Too many users logged on already",
331: "Try again later");
332: else if (errno == EPROCLIM)
333: printf("You have too many processes running.\n");
334: else
335: perror("quota (Q_SETUID)");
336: sleep(5);
337: exit(0);
338: }
339: time(&utmp.ut_time);
340: t = ttyslot();
341: if (t > 0 && (f = open("/etc/utmp", O_WRONLY)) >= 0) {
342: lseek(f, (long)(t*sizeof(utmp)), 0);
343: SCPYN(utmp.ut_line, tty);
344: write(f, (char *)&utmp, sizeof(utmp));
345: close(f);
346: }
347: if ((f = open("/usr/adm/wtmp", O_WRONLY|O_APPEND)) >= 0) {
348: write(f, (char *)&utmp, sizeof(utmp));
349: close(f);
350: }
351: quietlog = access(qlog, F_OK) == 0;
352: if ((f = open(lastlog, O_RDWR)) >= 0) {
353: struct lastlog ll;
354:
355: lseek(f, (long)pwd->pw_uid * sizeof (struct lastlog), 0);
356: if (read(f, (char *) &ll, sizeof ll) == sizeof ll &&
357: ll.ll_time != 0 && !quietlog) {
358: printf("Last login: %.*s ",
359: 24-5, (char *)ctime(&ll.ll_time));
360: if (*ll.ll_host != '\0')
361: printf("from %.*s\n",
362: sizeof (ll.ll_host), ll.ll_host);
363: else
364: printf("on %.*s\n",
365: sizeof (ll.ll_line), ll.ll_line);
366: }
367: lseek(f, (long)pwd->pw_uid * sizeof (struct lastlog), 0);
368: time(&ll.ll_time);
369: SCPYN(ll.ll_line, tty);
370: SCPYN(ll.ll_host, utmp.ut_host);
371: write(f, (char *) &ll, sizeof ll);
372: close(f);
373: }
374: chown(ttyn, pwd->pw_uid, TTYGID(pwd->pw_gid));
375: if (!hflag && !rflag) /* XXX */
376: ioctl(0, TIOCSWINSZ, &win);
377: chmod(ttyn, 0620);
378: setgid(pwd->pw_gid);
379: strncpy(name, utmp.ut_name, NMAX);
380: name[NMAX] = '\0';
381: initgroups(name, pwd->pw_gid);
382: quota(Q_DOWARN, pwd->pw_uid, (dev_t)-1, 0);
383: setuid(pwd->pw_uid);
384:
385: /* destroy environment unless user has asked to preserve it */
386: if (!pflag)
387: environ = envinit;
388: setenv("HOME", pwd->pw_dir, 1);
389: setenv("SHELL", pwd->pw_shell, 1);
390: if (term[0] == '\0')
391: strncpy(term, stypeof(tty), sizeof(term));
392: setenv("TERM", term, 0);
393: setenv("USER", pwd->pw_name, 1);
394: setenv("PATH", ":/usr/ucb:/bin:/usr/bin", 0);
395:
396: if ((namep = rindex(pwd->pw_shell, '/')) == NULL)
397: namep = pwd->pw_shell;
398: else
399: namep++;
400: strcat(minusnam, namep);
401: if (tty[sizeof("tty")-1] == 'd')
402: syslog(LOG_INFO, "DIALUP %s, %s", tty, pwd->pw_name);
403: if (pwd->pw_uid == 0)
404: if (utmp.ut_host[0])
405: syslog(LOG_NOTICE, "ROOT LOGIN %s FROM %.*s",
406: tty, HMAX, utmp.ut_host);
407: else
408: syslog(LOG_NOTICE, "ROOT LOGIN %s", tty);
409: if (!quietlog) {
410: struct stat st;
411:
412: showmotd();
413: strcat(maildir, pwd->pw_name);
414: if (stat(maildir, &st) == 0 && st.st_size != 0)
415: printf("You have %smail.\n",
416: (st.st_mtime > st.st_atime) ? "new " : "");
417: }
418: signal(SIGALRM, SIG_DFL);
419: signal(SIGQUIT, SIG_DFL);
420: signal(SIGINT, SIG_DFL);
421: signal(SIGTSTP, SIG_IGN);
422: execlp(pwd->pw_shell, minusnam, 0);
423: perror(pwd->pw_shell);
424: printf("No shell\n");
425: exit(0);
426: }
427:
428: getloginname(up)
429: register struct utmp *up;
430: {
431: register char *namep;
432: char c;
433:
434: while (up->ut_name[0] == '\0') {
435: namep = up->ut_name;
436: printf("login: ");
437: while ((c = getchar()) != '\n') {
438: if (c == ' ')
439: c = '_';
440: if (c == EOF)
441: exit(0);
442: if (namep < up->ut_name+NMAX)
443: *namep++ = c;
444: }
445: }
446: strncpy(lusername, up->ut_name, NMAX);
447: lusername[NMAX] = 0;
448: if ((pwd = getpwnam(lusername)) == NULL)
449: pwd = &nouser;
450: }
451:
452: timedout()
453: {
454:
455: printf("Login timed out after %d seconds\n", timeout);
456: exit(0);
457: }
458:
459: int stopmotd;
460: catch()
461: {
462:
463: signal(SIGINT, SIG_IGN);
464: stopmotd++;
465: }
466:
467: rootterm(tty)
468: char *tty;
469: {
470: register struct ttyent *t;
471:
472: if ((t = getttynam(tty)) != NULL) {
473: if (t->ty_status & TTY_SECURE)
474: return (1);
475: }
476: return (0);
477: }
478:
479: showmotd()
480: {
481: FILE *mf;
482: register c;
483:
484: signal(SIGINT, catch);
485: if ((mf = fopen("/etc/motd", "r")) != NULL) {
486: while ((c = getc(mf)) != EOF && stopmotd == 0)
487: putchar(c);
488: fclose(mf);
489: }
490: signal(SIGINT, SIG_IGN);
491: }
492:
493: #undef UNKNOWN
494: #define UNKNOWN "su"
495:
496: char *
497: stypeof(ttyid)
498: char *ttyid;
499: {
500: register struct ttyent *t;
501:
502: if (ttyid == NULL || (t = getttynam(ttyid)) == NULL)
503: return (UNKNOWN);
504: return (t->ty_type);
505: }
506:
507: doremotelogin(host)
508: char *host;
509: {
510: getstr(rusername, sizeof (rusername), "remuser");
511: getstr(lusername, sizeof (lusername), "locuser");
512: getstr(term, sizeof(term), "Terminal type");
513: if (getuid()) {
514: pwd = &nouser;
515: return(-1);
516: }
517: pwd = getpwnam(lusername);
518: if (pwd == NULL) {
519: pwd = &nouser;
520: return(-1);
521: }
522: return(ruserok(host, (pwd->pw_uid == 0), rusername, lusername));
523: }
524:
525: getstr(buf, cnt, err)
526: char *buf;
527: int cnt;
528: char *err;
529: {
530: char c;
531:
532: do {
533: if (read(0, &c, 1) != 1)
534: exit(1);
535: if (--cnt < 0) {
536: printf("%s too long\r\n", err);
537: exit(1);
538: }
539: *buf++ = c;
540: } while (c != 0);
541: }
542:
543: char *speeds[] =
544: { "0", "50", "75", "110", "134", "150", "200", "300",
545: "600", "1200", "1800", "2400", "4800", "9600", "19200", "38400" };
546: #define NSPEEDS (sizeof (speeds) / sizeof (speeds[0]))
547:
548: doremoteterm(term, tp)
549: char *term;
550: struct sgttyb *tp;
551: {
552: register char *cp = index(term, '/'), **cpp;
553: char *speed;
554:
555: if (cp) {
556: *cp++ = '\0';
557: speed = cp;
558: cp = index(speed, '/');
559: if (cp)
560: *cp++ = '\0';
561: for (cpp = speeds; cpp < &speeds[NSPEEDS]; cpp++)
562: if (strcmp(*cpp, speed) == 0) {
563: tp->sg_ispeed = tp->sg_ospeed = cpp-speeds;
564: break;
565: }
566: }
567: tp->sg_flags = ECHO|CRMOD|ANYP|XTABS;
568: }
569:
570: tty_gid(default_gid)
571: int default_gid;
572: {
573: struct group *getgrnam(), *gr;
574: int gid = default_gid;
575:
576: gr = getgrnam(TTYGRPNAME);
577: if (gr != (struct group *) 0)
578: gid = gr->gr_gid;
579:
580: endgrent();
581:
582: return (gid);
583: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.