1 #ifndef lint 2 static char *sccsid = "@(#)login.c 4.28 (Berkeley) 83/05/28"; 3 #endif 4 5 /* 6 * login [ name ] 7 * login -r hostname (for rlogind) 8 * login -h hostname (for telnetd, etc.) 9 */ 10 11 #include <sys/types.h> 12 #include <sys/quota.h> 13 #include <sys/stat.h> 14 #include <sys/time.h> 15 #include <sys/resource.h> 16 17 #include <sgtty.h> 18 #include <utmp.h> 19 #include <signal.h> 20 #include <pwd.h> 21 #include <stdio.h> 22 #include <lastlog.h> 23 #include <errno.h> 24 25 #define SCPYN(a, b) strncpy(a, b, sizeof(a)) 26 27 #define NMAX sizeof(utmp.ut_name) 28 29 #define FALSE 0 30 #define TRUE -1 31 32 char nolog[] = "/etc/nologin"; 33 char qlog[] = ".hushlogin"; 34 char securetty[] = "/etc/securetty"; 35 char maildir[30] = "/usr/spool/mail/"; 36 char lastlog[] = "/usr/adm/lastlog"; 37 struct passwd nouser = {"", "nope", -1, -1, -1, "", "", "", "" }; 38 struct sgttyb ttyb; 39 struct utmp utmp; 40 char minusnam[16] = "-"; 41 /* 42 * This bounds the time given to login. We initialize it here 43 * so it can be patched on machines where it's too small. 44 */ 45 int timeout = 60; 46 47 char homedir[64] = "HOME="; 48 char shell[64] = "SHELL="; 49 char term[64] = "TERM="; 50 char user[20] = "USER="; 51 52 char *envinit[] = 53 { homedir, shell, "PATH=:/usr/ucb:/bin:/usr/bin", term, user, 0 }; 54 55 struct passwd *pwd; 56 struct passwd *getpwnam(); 57 char *strcat(), *rindex(), *index(); 58 int setpwent(); 59 int timedout(); 60 char *ttyname(); 61 char *crypt(); 62 char *getpass(); 63 char *stypeof(); 64 extern char **environ; 65 extern int errno; 66 67 struct ttychars tc = { 68 CERASE, CKILL, CINTR, CQUIT, CSTART, 69 CSTOP, CEOF, CBRK, CSUSP, CDSUSP, 70 CRPRNT, CFLUSH, CWERASE,CLNEXT 71 }; 72 73 int rflag; 74 char rusername[NMAX+1], lusername[NMAX+1]; 75 char rpassword[NMAX+1]; 76 char name[NMAX+1]; 77 char *rhost; 78 79 main(argc, argv) 80 char *argv[]; 81 { 82 register char *namep; 83 int t, f, c, i; 84 int invalid, quietlog; 85 FILE *nlfd; 86 char *ttyn; 87 int ldisc = 0, zero = 0; 88 89 signal(SIGALRM, timedout); 90 alarm(timeout); 91 signal(SIGQUIT, SIG_IGN); 92 signal(SIGINT, SIG_IGN); 93 setpriority(PRIO_PROCESS, 0, 0); 94 quota(Q_SETUID, 0, 0, 0); 95 /* 96 * -r is used by rlogind to cause the autologin protocol; 97 * -h is used by other servers to pass the name of the 98 * remote host to login so that it may be placed in utmp and wtmp 99 */ 100 if (argc > 1) { 101 if (strcmp(argv[1], "-r") == 0) { 102 rflag = doremotelogin(argv[2]); 103 SCPYN(utmp.ut_host, argv[2]); 104 argc = 0; 105 } 106 if (strcmp(argv[1], "-h") == 0 && getuid() == 0) { 107 SCPYN(utmp.ut_host, argv[2]); 108 argc = 0; 109 } 110 } 111 ioctl(0, TIOCLSET, &zero); /* XXX */ 112 ioctl(0, TIOCNXCL, 0); 113 ioctl(0, FIONBIO, &zero); 114 ioctl(0, FIOASYNC, &zero); 115 ioctl(0, TIOCGETP, &ttyb); /* XXX */ 116 /* 117 * If talking to an rlogin process, 118 * propagate the terminal type and 119 * baud rate across the network. 120 */ 121 if (rflag) 122 doremoteterm(term, &ttyb); 123 ioctl(0, TIOCSETP, &ttyb); /* XXX */ 124 ioctl(0, TIOCCSET, &tc); 125 for (t = getdtablesize(); t > 3; t--) 126 close(t); 127 ttyn = ttyname(0); 128 if (ttyn==(char *)0) 129 ttyn = "/dev/tty??"; 130 do { 131 ldisc = 0; 132 ioctl(0, TIOCSETD, &ldisc); 133 invalid = FALSE; 134 SCPYN(utmp.ut_name, ""); 135 /* 136 * Name specified, take it. 137 */ 138 if (argc > 1) { 139 SCPYN(utmp.ut_name, argv[1]); 140 argc = 0; 141 } 142 /* 143 * If remote login take given name, 144 * otherwise prompt user for something. 145 */ 146 if (rflag) { 147 SCPYN(utmp.ut_name, lusername); 148 /* autologin failed, prompt for passwd */ 149 if (rflag == -1) 150 rflag = 0; 151 } else { 152 getloginname(&utmp); 153 } 154 if (!strcmp(pwd->pw_shell, "/bin/csh")) { 155 ldisc = NTTYDISC; 156 ioctl(0, TIOCSETD, &ldisc); 157 } 158 /* 159 * If no remote login authentication and 160 * a password exists for this user, prompt 161 * for one and verify it. 162 */ 163 if (!rflag && *pwd->pw_passwd != '\0') { 164 char *pp; 165 166 setpriority(PRIO_PROCESS, 0, -4); 167 pp = getpass("Password:"); 168 namep = crypt(pp, pwd->pw_passwd); 169 setpriority(PRIO_PROCESS, 0, 0); 170 if (strcmp(namep, pwd->pw_passwd)) 171 invalid = TRUE; 172 } 173 /* 174 * If user not super-user, check for logins disabled. 175 */ 176 if (pwd->pw_uid != 0 && (nlfd = fopen(nolog, "r")) > 0) { 177 while ((c = getc(nlfd)) != EOF) 178 putchar(c); 179 fflush(stdout); 180 sleep(5); 181 exit(0); 182 } 183 /* 184 * If valid so far and root is logging in, 185 * see if root logins on this terminal are permitted. 186 */ 187 if (!invalid && pwd->pw_uid == 0 && 188 !rootterm(ttyn+sizeof("/dev/")-1)) { 189 logerr("ROOT LOGIN REFUSED %s", 190 ttyn+sizeof("/dev/")-1); 191 invalid = TRUE; 192 } 193 if (invalid) { 194 printf("Login incorrect\n"); 195 if (ttyn[sizeof("/dev/tty")-1] == 'd') 196 logerr("BADDIALUP %s %s\n", 197 ttyn+sizeof("/dev/")-1, utmp.ut_name); 198 } 199 if (*pwd->pw_shell == '\0') 200 pwd->pw_shell = "/bin/sh"; 201 i = strlen(pwd->pw_shell); 202 if (chdir(pwd->pw_dir) < 0 && !invalid ) { 203 if (chdir("/") < 0) { 204 printf("No directory!\n"); 205 invalid = TRUE; 206 } else { 207 printf("No directory! %s\n", 208 "Logging in with home=/"); 209 pwd->pw_dir = "/"; 210 } 211 } 212 /* 213 * Remote login invalid must have been because 214 * of a restriction of some sort, no extra chances. 215 */ 216 if (rflag && invalid) 217 exit(1); 218 } while (invalid); 219 /* committed to login turn off timeout */ 220 alarm(0); 221 222 if (quota(Q_SETUID, pwd->pw_uid, 0, 0) < 0) { 223 if (errno == EUSERS) 224 printf("%s.\n%s.\n", 225 "Too many users logged on already", 226 "Try again later"); 227 else if (errno == EPROCLIM) 228 printf("You have too many processes running.\n"); 229 else 230 perror("setuid"); 231 sleep(5); 232 exit(0); 233 } 234 time(&utmp.ut_time); 235 t = ttyslot(); 236 if (t > 0 && (f = open("/etc/utmp", 1)) >= 0) { 237 lseek(f, (long)(t*sizeof(utmp)), 0); 238 SCPYN(utmp.ut_line, rindex(ttyn, '/')+1); 239 write(f, (char *)&utmp, sizeof(utmp)); 240 close(f); 241 } 242 if (t > 0 && (f = open("/usr/adm/wtmp", 1)) >= 0) { 243 lseek(f, 0L, 2); 244 write(f, (char *)&utmp, sizeof(utmp)); 245 close(f); 246 } 247 quietlog = access(qlog, 0) == 0; 248 if ((f = open(lastlog, 2)) >= 0) { 249 struct lastlog ll; 250 251 lseek(f, (long)pwd->pw_uid * sizeof (struct lastlog), 0); 252 if (read(f, (char *) &ll, sizeof ll) == sizeof ll && 253 ll.ll_time != 0 && !quietlog) { 254 printf("Last login: %.*s ", 255 24-5, (char *)ctime(&ll.ll_time)); 256 if (*ll.ll_host != '\0') 257 printf("from %.*s\n", 258 sizeof (ll.ll_host), ll.ll_host); 259 else 260 printf("on %.*s\n", 261 sizeof (ll.ll_line), ll.ll_line); 262 } 263 lseek(f, (long)pwd->pw_uid * sizeof (struct lastlog), 0); 264 time(&ll.ll_time); 265 SCPYN(ll.ll_line, rindex(ttyn, '/')+1); 266 SCPYN(ll.ll_host, utmp.ut_host); 267 write(f, (char *) &ll, sizeof ll); 268 close(f); 269 } 270 chown(ttyn, pwd->pw_uid, pwd->pw_gid); 271 chmod(ttyn, 0622); 272 setgid(pwd->pw_gid); 273 strncpy(name, utmp.ut_name, NMAX); 274 name[NMAX] = '\0'; 275 initgroups(name, pwd->pw_gid); 276 quota(Q_DOWARN, pwd->pw_uid, (dev_t)-1, 0); 277 setuid(pwd->pw_uid); 278 environ = envinit; 279 strncat(homedir, pwd->pw_dir, sizeof(homedir)-6); 280 strncat(shell, pwd->pw_shell, sizeof(shell)-7); 281 if (term[strlen("TERM=")] == 0) 282 strncat(term, stypeof(ttyn), sizeof(term)-6); 283 strncat(user, pwd->pw_name, sizeof(user)-6); 284 if ((namep = rindex(pwd->pw_shell, '/')) == NULL) 285 namep = pwd->pw_shell; 286 else 287 namep++; 288 strcat(minusnam, namep); 289 umask(022); 290 if (ttyn[sizeof("/dev/tty")-1] == 'd') 291 logerr("DIALUP %s %s\n", ttyn+sizeof("/dev/")-1, pwd->pw_name); 292 if (!quietlog) { 293 showmotd(); 294 strcat(maildir, pwd->pw_name); 295 if (access(maildir,4)==0) { 296 struct stat statb; 297 stat(maildir, &statb); 298 if (statb.st_size) 299 printf("You have mail.\n"); 300 } 301 } 302 signal(SIGALRM, SIG_DFL); 303 signal(SIGQUIT, SIG_DFL); 304 signal(SIGINT, SIG_DFL); 305 signal(SIGTSTP, SIG_IGN); 306 execlp(pwd->pw_shell, minusnam, 0); 307 perror(pwd->pw_shell); 308 printf("No shell\n"); 309 exit(0); 310 } 311 312 getloginname(up) 313 register struct utmp *up; 314 { 315 register char *namep; 316 char c; 317 318 while (up->ut_name[0] == '\0') { 319 namep = utmp.ut_name; 320 printf("login: "); 321 while ((c = getchar()) != '\n') { 322 if (c == ' ') 323 c = '_'; 324 if (c == EOF) 325 exit(0); 326 if (namep < up->ut_name+NMAX) 327 *namep++ = c; 328 } 329 } 330 setpwent(); 331 if ((pwd = getpwnam(utmp.ut_name)) == NULL) 332 pwd = &nouser; 333 endpwent(); 334 } 335 336 timedout() 337 { 338 339 printf("Login timed out after %d seconds\n", timeout); 340 exit(0); 341 } 342 343 int stopmotd; 344 catch() 345 { 346 347 signal(SIGINT, SIG_IGN); 348 stopmotd++; 349 } 350 351 rootterm(tty) 352 char *tty; 353 { 354 register FILE *fd; 355 char buf[100]; 356 357 if ((fd = fopen(securetty, "r")) == NULL) 358 return(1); 359 while (fgets(buf, sizeof buf, fd) != NULL) { 360 buf[strlen(buf)-1] = '\0'; 361 if (strcmp(tty, buf) == 0) { 362 fclose(fd); 363 return(1); 364 } 365 } 366 fclose(fd); 367 return(0); 368 } 369 370 showmotd() 371 { 372 FILE *mf; 373 register c; 374 375 signal(SIGINT, catch); 376 if ((mf = fopen("/etc/motd","r")) != NULL) { 377 while ((c = getc(mf)) != EOF && stopmotd == 0) 378 putchar(c); 379 fclose(mf); 380 } 381 signal(SIGINT, SIG_IGN); 382 } 383 384 #undef UNKNOWN 385 #define UNKNOWN "su" 386 387 char * 388 stypeof(ttyid) 389 char *ttyid; 390 { 391 static char typebuf[16]; 392 char buf[50]; 393 register FILE *f; 394 register char *p, *t, *q; 395 396 if (ttyid == NULL) 397 return (UNKNOWN); 398 f = fopen("/etc/ttytype", "r"); 399 if (f == NULL) 400 return (UNKNOWN); 401 /* split off end of name */ 402 for (p = q = ttyid; *p != 0; p++) 403 if (*p == '/') 404 q = p + 1; 405 406 /* scan the file */ 407 while (fgets(buf, sizeof buf, f) != NULL) { 408 for (t = buf; *t != ' ' && *t != '\t'; t++) 409 ; 410 *t++ = 0; 411 while (*t == ' ' || *t == '\t') 412 t++; 413 for (p = t; *p > ' '; p++) 414 ; 415 *p = 0; 416 if (strcmp(q,t) == 0) { 417 strcpy(typebuf, buf); 418 fclose(f); 419 return (typebuf); 420 } 421 } 422 fclose (f); 423 return (UNKNOWN); 424 } 425 426 doremotelogin(host) 427 char *host; 428 { 429 FILE *hostf; 430 int first = 1; 431 432 getstr(rusername, sizeof (rusername), "remuser"); 433 getstr(lusername, sizeof (lusername), "locuser"); 434 getstr(term+5, sizeof(term)-5, "Terminal type"); 435 if (getuid()) 436 goto bad; 437 setpwent(); 438 pwd = getpwnam(lusername); 439 endpwent(); 440 if (pwd == NULL) 441 goto bad; 442 hostf = pwd->pw_uid ? fopen("/etc/hosts.equiv", "r") : 0; 443 again: 444 if (hostf) { 445 char ahost[32]; 446 447 while (fgets(ahost, sizeof (ahost), hostf)) { 448 char *user; 449 450 if ((user = index(ahost, '\n')) != 0) 451 *user++ = '\0'; 452 if ((user = index(ahost, ' ')) != 0) 453 *user++ = '\0'; 454 if (!strcmp(host, ahost) && 455 !strcmp(rusername, user ? user : lusername)) { 456 fclose(hostf); 457 return (1); 458 } 459 } 460 fclose(hostf); 461 } 462 if (first == 1) { 463 char *rhosts = ".rhosts"; 464 struct stat sbuf; 465 466 first = 0; 467 if (chdir(pwd->pw_dir) < 0) 468 goto again; 469 if (lstat(rhosts, &sbuf) < 0) 470 goto again; 471 if ((sbuf.st_mode & S_IFMT) == S_IFLNK) { 472 printf("login: .rhosts is a soft link.\r\n"); 473 goto bad; 474 } 475 hostf = fopen(rhosts, "r"); 476 fstat(fileno(hostf), &sbuf); 477 if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid) { 478 printf("login: Bad .rhosts ownership.\r\n"); 479 fclose(hostf); 480 goto bad; 481 } 482 goto again; 483 } 484 bad: 485 return (-1); 486 } 487 488 getstr(buf, cnt, err) 489 char *buf; 490 int cnt; 491 char *err; 492 { 493 char c; 494 495 do { 496 if (read(0, &c, 1) != 1) 497 exit(1); 498 if (--cnt < 0) { 499 printf("%s too long\r\n", err); 500 exit(1); 501 } 502 *buf++ = c; 503 } while (c != 0); 504 } 505 506 char *speeds[] = 507 { "0", "50", "75", "110", "134", "150", "200", "300", 508 "600", "1200", "1800", "2400", "4800", "9600", "19200", "38400" }; 509 #define NSPEEDS (sizeof (speeds) / sizeof (speeds[0])) 510 511 doremoteterm(term, tp) 512 char *term; 513 struct sgttyb *tp; 514 { 515 char *cp = index(term, '/'); 516 register int i; 517 518 if (cp) { 519 *cp++ = 0; 520 for (i = 0; i < NSPEEDS; i++) 521 if (!strcmp(speeds[i], cp)) { 522 tp->sg_ispeed = tp->sg_ospeed = i; 523 break; 524 } 525 } 526 tp->sg_flags = ECHO|CRMOD|ANYP|XTABS; 527 } 528 529 logerr(fmt, a1, a2, a3) 530 char *fmt, *a1, *a2, *a3; 531 { 532 #ifdef LOGERR 533 FILE *cons = fopen("/dev/console", "w"); 534 535 if (cons != NULL) { 536 fprintf(cons, fmt, a1, a2, a3); 537 fputc('\r', cons); 538 fclose(cons); 539 } 540 #endif 541 } 542