File: | src/usr.bin/login/login.c |
Warning: | line 638, column 2 The return value from the call to 'seteuid' is not checked. If an error occurs in 'seteuid', the following code may execute with unexpected privileges |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* $OpenBSD: login.c,v 1.74 2023/03/08 04:43:11 guenther Exp $ */ |
2 | /* $NetBSD: login.c,v 1.13 1996/05/15 23:50:16 jtc Exp $ */ |
3 | |
4 | /*- |
5 | * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994 |
6 | * The Regents of the University of California. All rights reserved. |
7 | * |
8 | * Redistribution and use in source and binary forms, with or without |
9 | * modification, are permitted provided that the following conditions |
10 | * are met: |
11 | * 1. Redistributions of source code must retain the above copyright |
12 | * notice, this list of conditions and the following disclaimer. |
13 | * 2. Redistributions in binary form must reproduce the above copyright |
14 | * notice, this list of conditions and the following disclaimer in the |
15 | * documentation and/or other materials provided with the distribution. |
16 | * 3. Neither the name of the University nor the names of its contributors |
17 | * may be used to endorse or promote products derived from this software |
18 | * without specific prior written permission. |
19 | * |
20 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
21 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
22 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
23 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
24 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
25 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
26 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
27 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
28 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
29 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
30 | * SUCH DAMAGE. |
31 | */ |
32 | /*- |
33 | * Copyright (c) 1995 Berkeley Software Design, Inc. All rights reserved. |
34 | * |
35 | * Redistribution and use in source and binary forms, with or without |
36 | * modification, are permitted provided that the following conditions |
37 | * are met: |
38 | * 1. Redistributions of source code must retain the above copyright |
39 | * notice, this list of conditions and the following disclaimer. |
40 | * 2. Redistributions in binary form must reproduce the above copyright |
41 | * notice, this list of conditions and the following disclaimer in the |
42 | * documentation and/or other materials provided with the distribution. |
43 | * 3. All advertising materials mentioning features or use of this software |
44 | * must display the following acknowledgement: |
45 | * This product includes software developed by Berkeley Software Design, |
46 | * Inc. |
47 | * 4. The name of Berkeley Software Design, Inc. may not be used to endorse |
48 | * or promote products derived from this software without specific prior |
49 | * written permission. |
50 | * |
51 | * THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND |
52 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
53 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
54 | * ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE |
55 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
56 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
57 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
58 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
59 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
60 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
61 | * SUCH DAMAGE. |
62 | * |
63 | * BSDI $From: login.c,v 2.28 1999/09/08 22:35:36 prb Exp $ |
64 | */ |
65 | |
66 | /* |
67 | * login [ name ] |
68 | * login -h hostname (for telnetd, etc.) |
69 | * login -f name (for pre-authenticated login: datakit, xterm, etc.) |
70 | * login -p (preserve existing environment; for getty) |
71 | */ |
72 | |
73 | #include <sys/socket.h> |
74 | #include <sys/stat.h> |
75 | #include <sys/time.h> |
76 | #include <sys/resource.h> |
77 | #include <sys/wait.h> |
78 | |
79 | #include <err.h> |
80 | #include <errno(*__errno()).h> |
81 | #include <fcntl.h> |
82 | #include <grp.h> |
83 | #include <login_cap.h> |
84 | #include <netdb.h> |
85 | #include <pwd.h> |
86 | #include <signal.h> |
87 | #include <stdarg.h> |
88 | #include <stdio.h> |
89 | #include <stdlib.h> |
90 | #include <string.h> |
91 | #include <syslog.h> |
92 | #include <ttyent.h> |
93 | #include <unistd.h> |
94 | #include <limits.h> |
95 | #include <utmp.h> |
96 | #include <util.h> |
97 | #include <bsd_auth.h> |
98 | |
99 | #include "pathnames.h" |
100 | |
101 | void badlogin(char *); |
102 | void dolastlog(int); |
103 | void getloginname(void); |
104 | void motd(void); |
105 | void quickexit(int); |
106 | int rootterm(char *); |
107 | void sigint(int); |
108 | void sighup(int); |
109 | void sleepexit(int); |
110 | char *stypeof(char *); |
111 | void timedout(int); |
112 | int main(int, char **); |
113 | |
114 | extern int check_failedlogin(uid_t); |
115 | extern void log_failedlogin(uid_t, char *, char *, char *); |
116 | |
117 | #define TTYGRPNAME"tty" "tty" /* name of group to own ttys */ |
118 | |
119 | #define SECSPERDAY(24 * 60 * 60) (24 * 60 * 60) |
120 | #define TWOWEEKS(2 * 7 * (24 * 60 * 60)) (2 * 7 * SECSPERDAY(24 * 60 * 60)) |
121 | |
122 | /* |
123 | * This bounds the time given to login; may be overridden by /etc/login.conf. |
124 | */ |
125 | u_int timeout = 300; |
126 | |
127 | struct passwd *pwd; |
128 | login_cap_t *lc = NULL((void *)0); |
129 | auth_session_t *as = NULL((void *)0); |
130 | int failures; |
131 | int needbanner = 1; |
132 | char term[64], *hostname, *tty; |
133 | char *style; |
134 | char *username = NULL((void *)0), *rusername = NULL((void *)0); |
135 | |
136 | extern char **environ; |
137 | |
138 | int |
139 | main(int argc, char *argv[]) |
140 | { |
141 | char *domain, *p, *ttyn, *shell, *fullname, *instance; |
142 | char *lipaddr, *script, *ripaddr, *style, *type, *fqdn; |
143 | char tbuf[PATH_MAX1024 + 2], tname[sizeof(_PATH_TTY"/dev/tty") + 10]; |
144 | char localhost[HOST_NAME_MAX255+1], *copyright; |
145 | char mail[sizeof(_PATH_MAILDIR"/var/mail") + 1 + NAME_MAX255]; |
146 | int ask, ch, cnt, fflag, pflag, quietlog, rootlogin, lastchance; |
147 | int error, homeless, needto, authok, tries, backoff; |
148 | struct addrinfo *ai, hints; |
149 | struct rlimit cds, scds; |
150 | quad_t expire, warning; |
151 | struct utmp utmp; |
152 | struct group *gr; |
153 | struct stat st; |
154 | uid_t uid; |
155 | |
156 | openlog("login", LOG_ODELAY0x04, LOG_AUTH(4<<3)); |
157 | |
158 | fqdn = lipaddr = ripaddr = fullname = type = NULL((void *)0); |
159 | authok = 0; |
160 | tries = 10; |
161 | backoff = 3; |
162 | |
163 | domain = NULL((void *)0); |
164 | if (gethostname(localhost, sizeof(localhost)) == -1) { |
165 | syslog(LOG_ERR3, "couldn't get local hostname: %m"); |
166 | strlcpy(localhost, "localhost", sizeof(localhost)); |
167 | } else if ((domain = strchr(localhost, '.'))) { |
168 | domain++; |
169 | if (*domain && strchr(domain, '.') == NULL((void *)0)) |
170 | domain = localhost; |
171 | } |
172 | |
173 | if ((as = auth_open()) == NULL((void *)0)) { |
174 | syslog(LOG_ERR3, "auth_open: %m"); |
175 | err(1, "unable to initialize BSD authentication"); |
176 | } |
177 | auth_setoption(as, "login", "yes"); |
178 | |
179 | /* |
180 | * -p is used by getty to tell login not to destroy the environment |
181 | * -f is used to skip a second login authentication |
182 | * -h is used by other servers to pass the name of the remote |
183 | * host to login so that it may be placed in utmp and wtmp |
184 | */ |
185 | fflag = pflag = 0; |
186 | uid = getuid(); |
187 | while ((ch = getopt(argc, argv, "fh:pu:L:R:")) != -1) |
188 | switch (ch) { |
189 | case 'f': |
190 | fflag = 1; |
191 | break; |
192 | case 'h': |
193 | if (uid) { |
194 | warnc(EPERM1, "-h option"); |
195 | quickexit(1); |
196 | } |
197 | free(fqdn); |
198 | if ((fqdn = strdup(optarg)) == NULL((void *)0)) { |
199 | warn(NULL((void *)0)); |
200 | quickexit(1); |
201 | } |
202 | auth_setoption(as, "fqdn", fqdn); |
203 | if (domain && (p = strchr(optarg, '.')) && |
204 | strcasecmp(p+1, domain) == 0) |
205 | *p = 0; |
206 | hostname = optarg; |
207 | auth_setoption(as, "hostname", hostname); |
208 | break; |
209 | case 'L': |
210 | if (uid) { |
211 | warnc(EPERM1, "-L option"); |
212 | quickexit(1); |
213 | } |
214 | if (lipaddr) { |
215 | warnx("duplicate -L option"); |
216 | quickexit(1); |
217 | } |
218 | lipaddr = optarg; |
219 | memset(&hints, 0, sizeof(hints)); |
220 | hints.ai_family = PF_UNSPEC0; |
221 | hints.ai_flags = AI_CANONNAME2; |
222 | error = getaddrinfo(lipaddr, NULL((void *)0), &hints, &ai); |
223 | if (!error) { |
224 | strlcpy(localhost, ai->ai_canonname, |
225 | sizeof(localhost)); |
226 | freeaddrinfo(ai); |
227 | } else |
228 | strlcpy(localhost, lipaddr, sizeof(localhost)); |
229 | auth_setoption(as, "local_addr", lipaddr); |
230 | break; |
231 | case 'p': |
232 | pflag = 1; |
233 | break; |
234 | case 'R': |
235 | if (uid) { |
236 | warnc(EPERM1, "-R option"); |
237 | quickexit(1); |
238 | } |
239 | if (ripaddr) { |
240 | warnx("duplicate -R option"); |
241 | quickexit(1); |
242 | } |
243 | ripaddr = optarg; |
244 | auth_setoption(as, "remote_addr", ripaddr); |
245 | break; |
246 | case 'u': |
247 | if (uid) { |
248 | warnc(EPERM1, "-u option"); |
249 | quickexit(1); |
250 | } |
251 | rusername = optarg; |
252 | break; |
253 | default: |
254 | if (!uid) |
255 | syslog(LOG_ERR3, "invalid flag %c", ch); |
256 | (void)fprintf(stderr(&__sF[2]), |
257 | "usage: login [-fp] [-h hostname] [-L local-addr] " |
258 | "[-R remote-addr] [-u username]\n\t[user]\n"); |
259 | quickexit(1); |
260 | } |
261 | argc -= optind; |
262 | argv += optind; |
263 | |
264 | if (*argv) { |
265 | username = *argv; |
266 | ask = 0; |
267 | } else |
268 | ask = 1; |
269 | |
270 | /* |
271 | * If effective user is not root, just run su(1) to emulate login(1). |
272 | */ |
273 | if (geteuid() != 0) { |
274 | char *av[5], **ap; |
275 | |
276 | auth_close(as); |
277 | closelog(); |
278 | closefrom(STDERR_FILENO2 + 1); |
279 | |
280 | ap = av; |
281 | *ap++ = _PATH_SU"/usr/bin/su"; |
282 | *ap++ = "-L"; |
283 | if (!pflag) |
284 | *ap++ = "-l"; |
285 | if (!ask) |
286 | *ap++ = username; |
287 | *ap = NULL((void *)0); |
288 | execv(_PATH_SU"/usr/bin/su", av); |
289 | warn("unable to exec %s", _PATH_SU"/usr/bin/su"); |
290 | _exit(1); |
291 | } |
292 | |
293 | ttyn = ttyname(STDIN_FILENO0); |
294 | if (ttyn == NULL((void *)0) || *ttyn == '\0') { |
295 | (void)snprintf(tname, sizeof(tname), "%s??", _PATH_TTY"/dev/tty"); |
296 | ttyn = tname; |
297 | } |
298 | if ((tty = strrchr(ttyn, '/'))) |
299 | ++tty; |
300 | else |
301 | tty = ttyn; |
302 | |
303 | /* |
304 | * Since login deals with sensitive information, turn off coredumps. |
305 | */ |
306 | if (getrlimit(RLIMIT_CORE4, &scds) == -1) { |
307 | syslog(LOG_ERR3, "couldn't get core dump size: %m"); |
308 | scds.rlim_cur = scds.rlim_max = QUAD_MIN(-0x7fffffffffffffffLL-1); |
309 | } |
310 | cds.rlim_cur = cds.rlim_max = 0; |
311 | if (setrlimit(RLIMIT_CORE4, &cds) == -1) { |
312 | syslog(LOG_ERR3, "couldn't set core dump size to 0: %m"); |
313 | scds.rlim_cur = scds.rlim_max = QUAD_MIN(-0x7fffffffffffffffLL-1); |
314 | } |
315 | |
316 | (void)signal(SIGALRM14, timedout); |
317 | if (argc > 1) { |
318 | needto = 0; |
319 | (void)alarm(timeout); |
320 | } else |
321 | needto = 1; |
322 | (void)signal(SIGQUIT3, SIG_IGN(void (*)(int))1); |
323 | (void)signal(SIGINT2, SIG_IGN(void (*)(int))1); |
324 | (void)signal(SIGHUP1, SIG_IGN(void (*)(int))1); |
325 | (void)setpriority(PRIO_PROCESS0, 0, 0); |
326 | |
327 | /* get the default login class */ |
328 | if ((lc = login_getclass(0)) == NULL((void *)0)) { /* get the default class */ |
329 | warnx("Failure to retrieve default class"); |
330 | quickexit(1); |
331 | } |
332 | timeout = (u_int)login_getcapnum(lc, "login-timeout", 300, 300); |
333 | if ((script = login_getcapstr(lc, "classify", NULL((void *)0), NULL((void *)0))) != NULL((void *)0)) { |
334 | unsetenv("AUTH_TYPE"); |
335 | unsetenv("REMOTE_NAME"); |
336 | if (script[0] != '/') { |
337 | syslog(LOG_ERR3, "Invalid classify script: %s", script); |
338 | warnx("Classification failure"); |
339 | quickexit(1); |
340 | } |
341 | shell = strrchr(script, '/') + 1; |
342 | auth_setstate(as, AUTH_OKAY0x01); |
343 | if (fflag) { |
344 | auth_call(as, script, shell, "-f", "--", username, |
345 | (char *)NULL((void *)0)); |
346 | } else { |
347 | auth_call(as, script, shell, "--", username, |
348 | (char *)NULL((void *)0)); |
349 | } |
350 | if (!(auth_getstate(as) & AUTH_ALLOW(0x01 | 0x02 | 0x04))) |
351 | quickexit(1); |
352 | auth_setenv(as); |
353 | if ((p = getenv("AUTH_TYPE")) != NULL((void *)0) && |
354 | strncmp(p, "auth-", 5) == 0) |
355 | type = p; |
356 | if ((p = getenv("REMOTE_NAME")) != NULL((void *)0)) |
357 | hostname = p; |
358 | /* |
359 | * we may have changed some values, reset them |
360 | */ |
361 | auth_clroptions(as); |
362 | if (type) |
363 | auth_setoption(as, "auth_type", type); |
364 | if (fqdn) |
365 | auth_setoption(as, "fqdn", fqdn); |
366 | if (hostname) |
367 | auth_setoption(as, "hostname", hostname); |
368 | if (lipaddr) |
369 | auth_setoption(as, "local_addr", lipaddr); |
370 | if (ripaddr) |
371 | auth_setoption(as, "remote_addr", ripaddr); |
372 | } |
373 | |
374 | /* |
375 | * Request that things like the approval script print things |
376 | * to stdout (in particular, the nologins files) |
377 | */ |
378 | auth_setitem(as, AUTHV_INTERACTIVE, "True"); |
379 | |
380 | for (cnt = 0;; ask = 1) { |
381 | /* |
382 | * Clean up our current authentication session. |
383 | * Options are not cleared so we need to clear any |
384 | * we might set below. |
385 | */ |
386 | auth_clean(as); |
387 | auth_clroption(as, "style"); |
388 | auth_clroption(as, "lastchance"); |
389 | |
390 | lastchance = 0; |
391 | |
392 | if (ask) { |
393 | fflag = 0; |
394 | getloginname(); |
395 | } |
396 | if (needto) { |
397 | needto = 0; |
398 | alarm(timeout); |
399 | } |
400 | if ((style = strchr(username, ':')) != NULL((void *)0)) |
401 | *style++ = '\0'; |
402 | free(fullname); |
403 | if (auth_setitem(as, AUTHV_NAME, username) < 0 || |
404 | (fullname = strdup(username)) == NULL((void *)0)) { |
405 | syslog(LOG_ERR3, "%m"); |
406 | warn(NULL((void *)0)); |
407 | quickexit(1); |
408 | } |
409 | rootlogin = 0; |
410 | if ((instance = strchr(username, '/')) != NULL((void *)0)) { |
411 | if (strncmp(instance + 1, "root", 4) == 0) |
412 | rootlogin = 1; |
413 | *instance = '\0'; |
414 | } |
415 | |
416 | if (strlen(username) > UT_NAMESIZE32) |
417 | username[UT_NAMESIZE32] = '\0'; |
418 | |
419 | /* |
420 | * Note if trying multiple user names; log failures for |
421 | * previous user name, but don't bother logging one failure |
422 | * for nonexistent name (mistyped username). |
423 | */ |
424 | if (failures && strcmp(tbuf, username)) { |
425 | if (failures > (pwd ? 0 : 1)) |
426 | badlogin(tbuf); |
427 | failures = 0; |
428 | } |
429 | (void)strlcpy(tbuf, username, sizeof(tbuf)); |
430 | |
431 | if ((pwd = getpwnam(username)) != NULL((void *)0) && |
432 | auth_setpwd(as, pwd) < 0) { |
433 | syslog(LOG_ERR3, "%m"); |
434 | warn(NULL((void *)0)); |
435 | quickexit(1); |
436 | } |
437 | |
438 | lc = login_getclass(pwd ? pwd->pw_class : NULL((void *)0)); |
439 | if (!lc) |
440 | goto failed; |
441 | |
442 | style = login_getstyle(lc, style, type); |
443 | if (!style) |
444 | goto failed; |
445 | |
446 | /* |
447 | * We allow "login-tries" attempts to login but start |
448 | * slowing down after "login-backoff" attempts. |
449 | */ |
450 | tries = (int)login_getcapnum(lc, "login-tries", 10, 10); |
451 | backoff = (int)login_getcapnum(lc, "login-backoff", 3, 3); |
452 | |
453 | /* |
454 | * Turn off the fflag if we have an invalid user |
455 | * or we are not root and we are trying to change uids. |
456 | */ |
457 | if (!pwd || (uid && uid != pwd->pw_uid)) |
458 | fflag = 0; |
459 | |
460 | if (pwd && pwd->pw_uid == 0) |
461 | rootlogin = 1; |
462 | |
463 | /* |
464 | * If we do not have the force flag authenticate the user |
465 | */ |
466 | if (!fflag) { |
467 | lastchance = |
468 | login_getcaptime(lc, "password-dead", 0, 0) != 0; |
469 | if (lastchance) |
470 | auth_setoption(as, "lastchance", "yes"); |
471 | /* |
472 | * Once we start asking for a password |
473 | * we want to log a failure on a hup. |
474 | */ |
475 | signal(SIGHUP1, sighup); |
476 | auth_verify(as, style, NULL((void *)0), lc->lc_class, NULL((void *)0)); |
477 | authok = auth_getstate(as); |
478 | /* |
479 | * If their password expired and it has not been |
480 | * too long since then, give the user one last |
481 | * chance to change their password |
482 | */ |
483 | if ((authok & AUTH_PWEXPIRED0x40) && lastchance) { |
484 | authok = AUTH_OKAY0x01; |
485 | } else |
486 | lastchance = 0; |
487 | if ((authok & AUTH_ALLOW(0x01 | 0x02 | 0x04)) == 0) |
488 | goto failed; |
489 | if (auth_setoption(as, "style", style) < 0) { |
490 | syslog(LOG_ERR3, "%m"); |
491 | warn(NULL((void *)0)); |
492 | quickexit(1); |
493 | } |
494 | } |
495 | /* |
496 | * explicitly reject users without password file entries |
497 | */ |
498 | if (pwd == NULL((void *)0)) |
499 | goto failed; |
500 | |
501 | /* |
502 | * If trying to log in as root on an insecure terminal, |
503 | * refuse the login attempt unless the authentication |
504 | * style explicitly says a root login is okay. |
505 | */ |
506 | if (pwd && rootlogin && !rootterm(tty)) |
507 | goto failed; |
508 | |
509 | if (fflag) { |
510 | type = 0; |
511 | style = "forced"; |
512 | } |
513 | break; |
514 | |
515 | failed: |
516 | if (authok & AUTH_SILENT0x08) |
517 | quickexit(0); |
518 | if (rootlogin && !rootterm(tty)) { |
519 | warnx("%s login refused on this terminal.", |
520 | fullname); |
521 | if (hostname) |
522 | syslog(LOG_NOTICE5, |
523 | "LOGIN %s REFUSED FROM %s%s%s ON TTY %s", |
524 | fullname, rusername ? rusername : "", |
525 | rusername ? "@" : "", hostname, tty); |
526 | else |
527 | syslog(LOG_NOTICE5, |
528 | "LOGIN %s REFUSED ON TTY %s", |
529 | fullname, tty); |
530 | } else { |
531 | if (!as || (p = auth_getvalue(as, "errormsg")) == NULL((void *)0)) |
532 | p = "Login incorrect"; |
533 | (void)printf("%s\n", p); |
534 | } |
535 | failures++; |
536 | if (pwd) |
537 | log_failedlogin(pwd->pw_uid, hostname, rusername, tty); |
538 | /* |
539 | * By default, we allow 10 tries, but after 3 we start |
540 | * backing off to slow down password guessers. |
541 | */ |
542 | if (++cnt > backoff) { |
543 | if (cnt >= tries) { |
544 | badlogin(username); |
545 | sleepexit(1); |
546 | } |
547 | sleep(1); |
548 | } |
549 | } |
550 | |
551 | /* committed to login -- turn off timeout */ |
552 | (void)alarm(0); |
553 | |
554 | endpwent(); |
555 | |
556 | shell = login_getcapstr(lc, "shell", pwd->pw_shell, pwd->pw_shell); |
557 | if (*shell == '\0') |
558 | shell = _PATH_BSHELL"/bin/sh"; |
559 | else if (strlen(shell) >= PATH_MAX1024) { |
560 | syslog(LOG_ERR3, "shell path too long: %s", shell); |
561 | warnx("invalid shell"); |
562 | quickexit(1); |
563 | } |
564 | |
565 | /* Destroy environment unless user has requested its preservation. */ |
566 | if (!pflag) { |
567 | if ((environ = calloc(1, sizeof (char *))) == NULL((void *)0)) |
568 | err(1, "calloc"); |
569 | } else { |
570 | char **cpp, **cpp2; |
571 | |
572 | for (cpp2 = cpp = environ; *cpp; cpp++) { |
573 | if (strncmp(*cpp, "LD_", 3) && |
574 | strncmp(*cpp, "ENV=", 4) && |
575 | strncmp(*cpp, "BASH_ENV=", 9) && |
576 | strncmp(*cpp, "IFS=", 4)) |
577 | *cpp2++ = *cpp; |
578 | } |
579 | *cpp2 = 0; |
580 | } |
581 | /* Note: setusercontext(3) will set PATH */ |
582 | if (setenv("HOME", pwd->pw_dir, 1) == -1 || |
583 | setenv("SHELL", pwd->pw_shell, 1) == -1) { |
584 | warn("unable to setenv()"); |
585 | quickexit(1); |
586 | } |
587 | if (term[0] == '\0') |
588 | (void)strlcpy(term, stypeof(tty), sizeof(term)); |
589 | (void)snprintf(mail, sizeof(mail), "%s/%s", _PATH_MAILDIR"/var/mail", |
590 | pwd->pw_name); |
591 | if (setenv("TERM", term, 0) == -1 || |
592 | setenv("LOGNAME", pwd->pw_name, 1) == -1 || |
593 | setenv("USER", pwd->pw_name, 1) == -1 || |
594 | setenv("MAIL", mail, 1) == -1) { |
595 | warn("unable to setenv()"); |
596 | quickexit(1); |
597 | } |
598 | if (hostname) { |
599 | if (setenv("REMOTEHOST", hostname, 1) == -1) { |
600 | warn("unable to setenv()"); |
601 | quickexit(1); |
602 | } |
603 | } |
604 | if (rusername) { |
605 | if (setenv("REMOTEUSER", rusername, 1) == -1) { |
606 | warn("unable to setenv()"); |
607 | quickexit(1); |
608 | } |
609 | } |
610 | |
611 | if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETPATH0x0004)) { |
612 | warn("unable to set user context"); |
613 | quickexit(1); |
614 | } |
615 | auth_setenv(as); |
616 | |
617 | /* if user not super-user, check for disabled logins */ |
618 | if (!rootlogin) |
619 | auth_checknologin(lc); |
620 | |
621 | setegid(pwd->pw_gid); |
622 | seteuid(pwd->pw_uid); |
623 | |
624 | homeless = chdir(pwd->pw_dir); |
625 | if (homeless) { |
626 | if (login_getcapbool(lc, "requirehome", 0)) { |
627 | (void)printf("No home directory %s!\n", pwd->pw_dir); |
628 | quickexit(1); |
629 | } |
630 | if (chdir("/")) |
631 | quickexit(0); |
632 | } |
633 | |
634 | quietlog = ((strcmp(pwd->pw_shell, "/sbin/nologin") == 0) || |
635 | login_getcapbool(lc, "hushlogin", 0) || |
636 | (access(_PATH_HUSHLOGIN".hushlogin", F_OK0) == 0)); |
637 | |
638 | seteuid(0); |
The return value from the call to 'seteuid' is not checked. If an error occurs in 'seteuid', the following code may execute with unexpected privileges | |
639 | setegid(0); /* XXX use a saved gid instead? */ |
640 | |
641 | if ((p = auth_getvalue(as, "warnmsg")) != NULL((void *)0)) |
642 | (void)printf("WARNING: %s\n\n", p); |
643 | |
644 | expire = auth_check_expire(as); |
645 | if (expire < 0) { |
646 | (void)printf("Sorry -- your account has expired.\n"); |
647 | quickexit(1); |
648 | } else if (expire > 0 && !quietlog) { |
649 | warning = login_getcaptime(lc, "expire-warn", |
650 | TWOWEEKS(2 * 7 * (24 * 60 * 60)), TWOWEEKS(2 * 7 * (24 * 60 * 60))); |
651 | if (expire < warning) |
652 | (void)printf("Warning: your account expires on %s", |
653 | ctime(&pwd->pw_expire)); |
654 | } |
655 | |
656 | /* Nothing else left to fail -- really log in. */ |
657 | (void)signal(SIGHUP1, SIG_DFL(void (*)(int))0); |
658 | memset(&utmp, 0, sizeof(utmp)); |
659 | (void)time(&utmp.ut_time); |
660 | (void)strncpy(utmp.ut_name, username, sizeof(utmp.ut_name)); |
661 | if (hostname) |
662 | (void)strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host)); |
663 | (void)strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line)); |
664 | login(&utmp); |
665 | |
666 | if (!quietlog) |
667 | (void)check_failedlogin(pwd->pw_uid); |
668 | dolastlog(quietlog); |
669 | |
670 | login_fbtab(tty, pwd->pw_uid, pwd->pw_gid); |
671 | |
672 | (void)chown(ttyn, pwd->pw_uid, |
673 | (gr = getgrnam(TTYGRPNAME"tty")) ? gr->gr_gid : pwd->pw_gid); |
674 | |
675 | /* If fflag is on, assume caller/authenticator has logged root login. */ |
676 | if (rootlogin && fflag == 0) { |
677 | if (hostname) |
678 | syslog(LOG_NOTICE5, "ROOT LOGIN (%s) ON %s FROM %s%s%s", |
679 | username, tty, rusername ? rusername : "", |
680 | rusername ? "@" : "", hostname); |
681 | else |
682 | syslog(LOG_NOTICE5, "ROOT LOGIN (%s) ON %s", username, tty); |
683 | } |
684 | |
685 | if (!quietlog) { |
686 | if ((copyright = |
687 | login_getcapstr(lc, "copyright", NULL((void *)0), NULL((void *)0))) != NULL((void *)0)) |
688 | auth_cat(copyright); |
689 | motd(); |
690 | if (stat(mail, &st) == 0 && st.st_size != 0) |
691 | (void)printf("You have %smail.\n", |
692 | (st.st_mtimest_mtim.tv_sec > st.st_atimest_atim.tv_sec) ? "new " : ""); |
693 | } |
694 | |
695 | (void)signal(SIGALRM14, SIG_DFL(void (*)(int))0); |
696 | (void)signal(SIGQUIT3, SIG_DFL(void (*)(int))0); |
697 | (void)signal(SIGHUP1, SIG_DFL(void (*)(int))0); |
698 | (void)signal(SIGINT2, SIG_DFL(void (*)(int))0); |
699 | (void)signal(SIGTSTP18, SIG_IGN(void (*)(int))1); |
700 | |
701 | tbuf[0] = '-'; |
702 | (void)strlcpy(tbuf + 1, (p = strrchr(shell, '/')) ? |
703 | p + 1 : shell, sizeof(tbuf) - 1); |
704 | |
705 | if ((scds.rlim_cur != QUAD_MIN(-0x7fffffffffffffffLL-1) || scds.rlim_max != QUAD_MIN(-0x7fffffffffffffffLL-1)) && |
706 | setrlimit(RLIMIT_CORE4, &scds) == -1) |
707 | syslog(LOG_ERR3, "couldn't reset core dump size: %m"); |
708 | |
709 | if (lastchance) |
710 | (void)printf("WARNING: Your password has expired." |
711 | " You must change your password, now!\n"); |
712 | |
713 | if (setusercontext(lc, pwd, rootlogin ? 0 : pwd->pw_uid, |
714 | LOGIN_SETALL0x01ff & ~LOGIN_SETPATH0x0004) < 0) { |
715 | warn("unable to set user context"); |
716 | quickexit(1); |
717 | } |
718 | |
719 | if (homeless) { |
720 | (void)printf("No home directory %s!\n", pwd->pw_dir); |
721 | (void)printf("Logging in with home = \"/\".\n"); |
722 | (void)setenv("HOME", "/", 1); |
723 | } |
724 | |
725 | if (auth_approval(as, lc, NULL((void *)0), "login") == 0) { |
726 | if (auth_getstate(as) & AUTH_EXPIRED0x20) |
727 | (void)printf("Sorry -- your account has expired.\n"); |
728 | else |
729 | (void)printf("approval failure\n"); |
730 | quickexit(1); |
731 | } |
732 | |
733 | /* |
734 | * The last thing we do is discard all of the open file descriptors. |
735 | * Last because the C library may have some open. |
736 | */ |
737 | closefrom(STDERR_FILENO2 + 1); |
738 | |
739 | /* |
740 | * Close the authentication session, make sure it is marked |
741 | * as okay so no files are removed. |
742 | */ |
743 | auth_setstate(as, AUTH_OKAY0x01); |
744 | auth_close(as); |
745 | |
746 | execlp(shell, tbuf, (char *)NULL((void *)0)); |
747 | err(1, "%s", shell); |
748 | } |
749 | |
750 | /* |
751 | * Allow for a '.' and 16 characters for any instance as well as |
752 | * space for a ':' and 16 characters defining the authentication type. |
753 | */ |
754 | #define NBUFSIZ(32 + 1 + 16 + 1 + 16) (UT_NAMESIZE32 + 1 + 16 + 1 + 16) |
755 | |
756 | void |
757 | getloginname(void) |
758 | { |
759 | static char nbuf[NBUFSIZ(32 + 1 + 16 + 1 + 16)], *p; |
760 | int ch; |
761 | |
762 | for (;;) { |
763 | (void)printf("login: "); |
764 | for (p = nbuf; (ch = getchar()(!__isthreaded ? (--((&__sF[0]))->_r < 0 ? __srget( (&__sF[0])) : (int)(*((&__sF[0]))->_p++)) : (getc) ((&__sF[0])))) != '\n'; ) { |
765 | if (ch == EOF(-1)) { |
766 | badlogin(username); |
767 | quickexit(0); |
768 | } |
769 | if (p < nbuf + (NBUFSIZ(32 + 1 + 16 + 1 + 16) - 1)) |
770 | *p++ = ch; |
771 | } |
772 | if (p > nbuf) { |
773 | if (nbuf[0] == '-') |
774 | (void)fprintf(stderr(&__sF[2]), |
775 | "login names may not start with '-'.\n"); |
776 | else { |
777 | *p = '\0'; |
778 | username = nbuf; |
779 | break; |
780 | } |
781 | } |
782 | } |
783 | } |
784 | |
785 | int |
786 | rootterm(char *ttyn) |
787 | { |
788 | struct ttyent *t; |
789 | |
790 | /* XXX - stash output of getttynam() elsewhere */ |
791 | return ((t = getttynam(ttyn)) && t->ty_status & TTY_SECURE0x02); |
792 | } |
793 | |
794 | void |
795 | motd(void) |
796 | { |
797 | char tbuf[8192], *motd; |
798 | int fd, nchars; |
799 | struct sigaction sa, osa; |
800 | |
801 | motd = login_getcapstr(lc, "welcome", _PATH_MOTDFILE"/etc/motd", _PATH_MOTDFILE"/etc/motd"); |
802 | |
803 | if ((fd = open(motd, O_RDONLY0x0000)) == -1) |
804 | return; |
805 | |
806 | memset(&sa, 0, sizeof(sa)); |
807 | sa.sa_handler__sigaction_u.__sa_handler = sigint; |
808 | sigemptyset(&sa.sa_mask); |
809 | sa.sa_flags = 0; /* don't set SA_RESTART */ |
810 | (void)sigaction(SIGINT2, &sa, &osa); |
811 | |
812 | /* read and spew motd until EOF, error, or SIGINT */ |
813 | while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0 && |
814 | write(STDOUT_FILENO1, tbuf, nchars) == nchars) |
815 | ; |
816 | |
817 | (void)sigaction(SIGINT2, &osa, NULL((void *)0)); |
818 | (void)close(fd); |
819 | } |
820 | |
821 | void |
822 | sigint(int signo) |
823 | { |
824 | return; /* just interrupt syscall */ |
825 | } |
826 | |
827 | void |
828 | timedout(int signo) |
829 | { |
830 | dprintf(STDERR_FILENO2, |
831 | "Login timed out after %d seconds\n", timeout); |
832 | if (username) |
833 | badlogin(username); |
834 | _exit(0); |
835 | } |
836 | |
837 | void |
838 | dolastlog(int quiet) |
839 | { |
840 | struct lastlog ll; |
841 | off_t pos; |
842 | int fd; |
843 | |
844 | if ((fd = open(_PATH_LASTLOG"/var/log/lastlog", O_RDWR0x0002)) >= 0) { |
845 | pos = (off_t)pwd->pw_uid * sizeof(ll); |
846 | if (!quiet) { |
847 | if (pread(fd, &ll, sizeof(ll), pos) == sizeof(ll) && |
848 | ll.ll_time != 0) { |
849 | (void)printf("Last login: %.*s ", |
850 | 24-5, (char *)ctime(&ll.ll_time)); |
851 | (void)printf("on %.*s", |
852 | (int)sizeof(ll.ll_line), |
853 | ll.ll_line); |
854 | if (*ll.ll_host != '\0') |
855 | (void)printf(" from %.*s", |
856 | (int)sizeof(ll.ll_host), |
857 | ll.ll_host); |
858 | (void)putchar('\n')(!__isthreaded ? __sputc('\n', (&__sF[1])) : (putc)('\n', (&__sF[1]))); |
859 | } |
860 | } |
861 | memset(&ll, 0, sizeof(ll)); |
862 | (void)time(&ll.ll_time); |
863 | (void)strncpy(ll.ll_line, tty, sizeof(ll.ll_line)); |
864 | if (hostname) |
865 | (void)strncpy(ll.ll_host, hostname, sizeof(ll.ll_host)); |
866 | (void)pwrite(fd, &ll, sizeof(ll), pos); |
867 | (void)close(fd); |
868 | } |
869 | } |
870 | |
871 | void |
872 | badlogin(char *name) |
873 | { |
874 | struct syslog_data sdata = SYSLOG_DATA_INIT{0, (const char *)0, (1<<3), 0xff}; |
875 | |
876 | if (failures == 0) |
877 | return; |
878 | if (hostname) { |
879 | syslog_r(LOG_NOTICE5, &sdata, |
880 | "%d LOGIN FAILURE%s FROM %s%s%s", |
881 | failures, failures > 1 ? "S" : "", |
882 | rusername ? rusername : "", rusername ? "@" : "", hostname); |
883 | syslog_r(LOG_AUTHPRIV(10<<3)|LOG_NOTICE5, &sdata, |
884 | "%d LOGIN FAILURE%s FROM %s%s%s, %s", |
885 | failures, failures > 1 ? "S" : "", |
886 | rusername ? rusername : "", rusername ? "@" : "", |
887 | hostname, name); |
888 | } else { |
889 | syslog_r(LOG_NOTICE5, &sdata, |
890 | "%d LOGIN FAILURE%s ON %s", |
891 | failures, failures > 1 ? "S" : "", tty); |
892 | syslog_r(LOG_AUTHPRIV(10<<3)|LOG_NOTICE5, &sdata, |
893 | "%d LOGIN FAILURE%s ON %s, %s", |
894 | failures, failures > 1 ? "S" : "", tty, name); |
895 | } |
896 | } |
897 | |
898 | #undef UNKNOWN"su" |
899 | #define UNKNOWN"su" "su" |
900 | |
901 | char * |
902 | stypeof(char *ttyid) |
903 | { |
904 | struct ttyent *t; |
905 | |
906 | return (ttyid && (t = getttynam(ttyid)) ? t->ty_type : |
907 | login_getcapstr(lc, "term", UNKNOWN"su", UNKNOWN"su")); |
908 | } |
909 | |
910 | void |
911 | sleepexit(int eval) |
912 | { |
913 | auth_close(as); |
914 | (void)sleep(5); |
915 | exit(eval); |
916 | } |
917 | |
918 | void |
919 | quickexit(int eval) |
920 | { |
921 | if (as) |
922 | auth_close(as); |
923 | exit(eval); |
924 | } |
925 | |
926 | |
927 | void |
928 | sighup(int signum) |
929 | { |
930 | if (username) |
931 | badlogin(username); |
932 | _exit(0); |
933 | } |