]>
Commit | Line | Data |
---|---|---|
6dbe3af9 | 1 | /* |
0d28a157 KZ |
2 | * login(1) |
3 | * | |
4 | * This program is derived from 4.3 BSD software and is subject to the | |
5 | * copyright notice below. | |
6 | * | |
ee74f262 KZ |
7 | * Copyright (C) 2011 Karel Zak <kzak@redhat.com> |
8 | * Rewritten to PAM-only version. | |
9 | * | |
0d28a157 KZ |
10 | * Michael Glad (glad@daimi.dk) |
11 | * Computer Science Department, Aarhus University, Denmark | |
12 | * 1990-07-04 | |
13 | * | |
6dbe3af9 KZ |
14 | * Copyright (c) 1980, 1987, 1988 The Regents of the University of California. |
15 | * All rights reserved. | |
16 | * | |
17 | * Redistribution and use in source and binary forms are permitted | |
18 | * provided that the above copyright notice and this paragraph are | |
19 | * duplicated in all such forms and that any documentation, | |
20 | * advertising materials, and other materials related to such | |
21 | * distribution and use acknowledge that the software was developed | |
22 | * by the University of California, Berkeley. The name of the | |
23 | * University may not be used to endorse or promote products derived | |
24 | * from this software without specific prior written permission. | |
25 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR | |
26 | * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED | |
27 | * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. | |
28 | */ | |
6dbe3af9 | 29 | #include <sys/param.h> |
fd6b7a7f | 30 | #include <stdio.h> |
6dbe3af9 KZ |
31 | #include <ctype.h> |
32 | #include <unistd.h> | |
33 | #include <getopt.h> | |
34 | #include <memory.h> | |
fd6b7a7f | 35 | #include <time.h> |
6dbe3af9 KZ |
36 | #include <sys/stat.h> |
37 | #include <sys/time.h> | |
38 | #include <sys/resource.h> | |
39 | #include <sys/file.h> | |
40 | #include <termios.h> | |
41 | #include <string.h> | |
6dbe3af9 | 42 | #include <sys/ioctl.h> |
fd6b7a7f | 43 | #include <sys/wait.h> |
6dbe3af9 KZ |
44 | #include <signal.h> |
45 | #include <errno.h> | |
46 | #include <grp.h> | |
47 | #include <pwd.h> | |
fd6b7a7f | 48 | #include <utmp.h> |
6dbe3af9 | 49 | #include <stdlib.h> |
6dbe3af9 KZ |
50 | #include <sys/syslog.h> |
51 | #include <sys/sysmacros.h> | |
5476bf9b | 52 | #include <linux/major.h> |
6dbe3af9 | 53 | #include <netdb.h> |
cb5acd69 | 54 | #include <lastlog.h> |
905045d4 KZ |
55 | #include <security/pam_appl.h> |
56 | #include <security/pam_misc.h> | |
4d8fc09c | 57 | #include <sys/sendfile.h> |
ab71156c | 58 | |
f8bdba2f KZ |
59 | #ifdef HAVE_LIBAUDIT |
60 | # include <libaudit.h> | |
61 | #endif | |
0aeb57ac | 62 | |
cb5acd69 KZ |
63 | #include "c.h" |
64 | #include "setproctitle.h" | |
66ee8158 | 65 | #include "pathnames.h" |
8abcf290 | 66 | #include "strutils.h" |
7eda085c | 67 | #include "nls.h" |
3e31a2df | 68 | #include "xalloc.h" |
3761d0bb | 69 | #include "writeall.h" |
6dbe3af9 | 70 | |
4d8fc09c KZ |
71 | #include "logindefs.h" |
72 | ||
905045d4 | 73 | #define is_pam_failure(_rc) ((_rc) != PAM_SUCCESS) |
fd6b7a7f | 74 | |
48f09788 KZ |
75 | #define LOGIN_MAX_TRIES 3 |
76 | #define LOGIN_EXIT_TIMEOUT 5 | |
77 | #define LOGIN_TIMEOUT 60 | |
fd6b7a7f | 78 | |
fd6b7a7f | 79 | #ifdef USE_TTY_GROUP |
ab71156c | 80 | # define TTY_MODE 0620 |
fd6b7a7f | 81 | #else |
ab71156c | 82 | # define TTY_MODE 0600 |
fd6b7a7f KZ |
83 | #endif |
84 | ||
ab71156c | 85 | #define TTYGRPNAME "tty" /* name of group to own ttys */ |
99f7c131 KZ |
86 | #define VCS_PATH_MAX 64 |
87 | ||
88 | /* | |
89 | * Login control struct | |
90 | */ | |
91 | struct login_context { | |
92 | const char *tty_path; /* ttyname() return value */ | |
93 | const char *tty_name; /* tty_path without /dev prefix */ | |
94 | const char *tty_number; /* end of the tty_path */ | |
738246ed | 95 | mode_t tty_mode; /* chmod() mode */ |
99f7c131 | 96 | |
3eb8b797 KZ |
97 | char *username; /* from command line or PAM */ |
98 | ||
67e70761 KZ |
99 | struct passwd *pwd; /* user info */ |
100 | ||
eab72c4e KZ |
101 | pam_handle_t *pamh; /* PAM handler */ |
102 | struct pam_conv conv; /* PAM conversation */ | |
103 | ||
99f7c131 KZ |
104 | #ifdef LOGIN_CHOWN_VCS |
105 | char vcsn[VCS_PATH_MAX]; /* virtual console name */ | |
106 | char vcsan[VCS_PATH_MAX]; | |
107 | #endif | |
d20337ed | 108 | |
92e386ca KZ |
109 | char thishost[MAXHOSTNAMELEN + 1]; /* this machine */ |
110 | char *thisdomain; /* this machine domain */ | |
111 | char *hostname; /* remote machine */ | |
112 | char hostaddress[16]; /* remote address */ | |
0180264f KZ |
113 | |
114 | pid_t pid; | |
3761d0bb | 115 | int quiet; /* 1 is hush file exists */ |
eab72c4e | 116 | |
a2de6177 | 117 | unsigned int remote:1, /* login -h */ |
92e386ca | 118 | nohost:1, /* login -H */ |
241e4565 KZ |
119 | noauth:1, /* login -f */ |
120 | keep_env:1; /* login -p */ | |
99f7c131 | 121 | }; |
726f69e2 | 122 | |
6dbe3af9 KZ |
123 | /* |
124 | * This bounds the time given to login. Not a define so it can | |
125 | * be patched on machines where it's too small. | |
126 | */ | |
a169a454 KZ |
127 | static int timeout = LOGIN_TIMEOUT; |
128 | static int child_pid = 0; | |
129 | static volatile int got_sig = 0; | |
6dbe3af9 | 130 | |
9abc9dab KZ |
131 | /* |
132 | * Robert Ambrose writes: | |
133 | * A couple of my users have a problem with login processes hanging around | |
134 | * soaking up pts's. What they seem to hung up on is trying to write out the | |
135 | * message 'Login timed out after %d seconds' when the connection has already | |
136 | * been dropped. | |
137 | * What I did was add a second timeout while trying to write the message so | |
138 | * the process just exits if the second timeout expires. | |
139 | */ | |
a40f08ef KZ |
140 | static void __attribute__ ((__noreturn__)) |
141 | timedout2(int sig __attribute__ ((__unused__))) | |
9abc9dab KZ |
142 | { |
143 | struct termios ti; | |
144 | ||
145 | /* reset echo */ | |
146 | tcgetattr(0, &ti); | |
147 | ti.c_lflag |= ECHO; | |
148 | tcsetattr(0, TCSANOW, &ti); | |
149 | exit(EXIT_SUCCESS); /* %% */ | |
150 | } | |
151 | ||
152 | static void timedout(int sig __attribute__ ((__unused__))) | |
153 | { | |
154 | signal(SIGALRM, timedout2); | |
155 | alarm(10); | |
156 | /* TRANSLATORS: The standard value for %d is 60. */ | |
157 | warnx(_("timed out after %d seconds"), timeout); | |
158 | signal(SIGALRM, SIG_IGN); | |
159 | alarm(0); | |
160 | timedout2(0); | |
161 | } | |
162 | ||
163 | /* | |
164 | * This handler allows to inform a shell about signals to login. If you have | |
165 | * (root) permissions you can kill all login childrent by one signal to login | |
166 | * process. | |
167 | * | |
168 | * Also, parent who is session leader is able (before setsid() in child) to | |
169 | * inform child when controlling tty goes away (e.g. modem hangup, SIGHUP). | |
170 | */ | |
171 | static void sig_handler(int signal) | |
172 | { | |
173 | if (child_pid) | |
174 | kill(-child_pid, signal); | |
175 | else | |
176 | got_sig = 1; | |
177 | if (signal == SIGTERM) | |
178 | kill(-child_pid, SIGHUP); /* because the shell often ignores SIGTERM */ | |
179 | } | |
180 | ||
f950752b KZ |
181 | /* |
182 | * Let use delay for all exit() calls when user is not authenticated or | |
183 | * session fully initialized (loginpam_session()). | |
184 | */ | |
a40f08ef | 185 | static void __attribute__ ((__noreturn__)) sleepexit(int eval) |
9abc9dab | 186 | { |
ca5ee2a8 | 187 | sleep(getlogindefs_num("FAIL_DELAY", LOGIN_EXIT_TIMEOUT)); |
9abc9dab KZ |
188 | exit(eval); |
189 | } | |
190 | ||
92e386ca KZ |
191 | static const char *get_thishost(struct login_context *cxt, const char **domain) |
192 | { | |
193 | if (!*cxt->thishost) { | |
194 | if (gethostname(cxt->thishost, sizeof(cxt->thishost))) { | |
195 | if (domain) | |
196 | *domain = NULL; | |
197 | return NULL; | |
198 | } | |
199 | cxt->thishost[sizeof(cxt->thishost) -1] = '\0'; | |
200 | cxt->thisdomain = strchr(cxt->thishost, '.'); | |
201 | if (cxt->thisdomain) | |
202 | *cxt->thisdomain++ = '\0'; | |
203 | } | |
204 | ||
205 | if (domain) | |
206 | *domain = cxt->thisdomain; | |
207 | return cxt->thishost; | |
208 | } | |
209 | ||
4d8fc09c KZ |
210 | /* |
211 | * Output the /etc/motd file | |
212 | * | |
213 | * motd() determines the name of a login announcement file and outputs it to | |
214 | * the user's terminal at login time. The MOTD_FILE configuration option is a | |
215 | * colon-delimited list of filenames. The empty MOTD_FILE option disables motd | |
216 | * printing at all. | |
217 | */ | |
9abc9dab KZ |
218 | static void motd(void) |
219 | { | |
34bb8eea | 220 | char *motdlist, *motdfile; |
4d8fc09c | 221 | const char *mb; |
9abc9dab | 222 | |
4d8fc09c KZ |
223 | mb = getlogindefs_str("MOTD_FILE", _PATH_MOTDFILE); |
224 | if (!mb || !*mb) | |
9abc9dab | 225 | return; |
4d8fc09c KZ |
226 | |
227 | motdlist = xstrdup(mb); | |
228 | ||
34bb8eea KZ |
229 | for (motdfile = strtok(motdlist, ":"); motdfile; |
230 | motdfile = strtok(NULL, ":")) { | |
231 | ||
4d8fc09c KZ |
232 | struct stat st; |
233 | int fd; | |
234 | ||
235 | if (stat(motdfile, &st) || !st.st_size) | |
236 | continue; | |
237 | fd = open(motdfile, O_RDONLY, 0); | |
238 | if (fd < 0) | |
239 | continue; | |
240 | ||
241 | sendfile(fileno(stdout), fd, NULL, st.st_size); | |
242 | close(fd); | |
243 | } | |
34bb8eea KZ |
244 | |
245 | free(motdlist); | |
9abc9dab | 246 | } |
99f7c131 KZ |
247 | |
248 | /* | |
249 | * Nice and simple code provided by Linus Torvalds 16-Feb-93 | |
250 | * Nonblocking stuff by Maciej W. Rozycki, macro@ds2.pg.gda.pl, 1999. | |
251 | * | |
252 | * He writes: "Login performs open() on a tty in a blocking mode. | |
253 | * In some cases it may make login wait in open() for carrier infinitely, | |
254 | * for example if the line is a simplistic case of a three-wire serial | |
255 | * connection. I believe login should open the line in the non-blocking mode | |
256 | * leaving the decision to make a connection to getty (where it actually | |
257 | * belongs). | |
258 | */ | |
259 | static void open_tty(const char *tty) | |
ab71156c | 260 | { |
1d4ad1de KZ |
261 | int i, fd, flags; |
262 | ||
263 | fd = open(tty, O_RDWR | O_NONBLOCK); | |
264 | if (fd == -1) { | |
960cf573 | 265 | syslog(LOG_ERR, _("FATAL: can't reopen tty: %m")); |
66020e56 | 266 | sleepexit(EXIT_FAILURE); |
1d4ad1de | 267 | } |
eb63b9b8 | 268 | |
8bee984a KZ |
269 | if (!isatty(fd)) { |
270 | close(fd); | |
271 | syslog(LOG_ERR, _("FATAL: %s is not a terminal"), tty); | |
66020e56 | 272 | sleepexit(EXIT_FAILURE); |
8bee984a KZ |
273 | } |
274 | ||
1d4ad1de KZ |
275 | flags = fcntl(fd, F_GETFL); |
276 | flags &= ~O_NONBLOCK; | |
277 | fcntl(fd, F_SETFL, flags); | |
e09947b5 | 278 | |
1d4ad1de KZ |
279 | for (i = 0; i < fd; i++) |
280 | close(i); | |
281 | for (i = 0; i < 3; i++) | |
282 | if (fd != i) | |
283 | dup2(fd, i); | |
284 | if (fd >= 3) | |
285 | close(fd); | |
6dbe3af9 KZ |
286 | } |
287 | ||
ff0392a0 KZ |
288 | #define chown_err(_what, _uid, _gid) \ |
289 | syslog(LOG_ERR, _("chown (%s, %lu, %lu) failed: %m"), \ | |
290 | (_what), (unsigned long) (_uid), (unsigned long) (_gid)) | |
291 | ||
292 | #define chmod_err(_what, _mode) \ | |
293 | syslog(LOG_ERR, _("chmod (%s, %u) failed: %m"), (_what), (_mode)) | |
294 | ||
295 | static void chown_tty(struct login_context *cxt) | |
296 | { | |
45d0a30e | 297 | const char *grname; |
ff0392a0 KZ |
298 | uid_t uid = cxt->pwd->pw_uid; |
299 | gid_t gid = cxt->pwd->pw_gid; | |
300 | ||
45d0a30e KZ |
301 | grname = getlogindefs_str("TTYGROUP", TTYGRPNAME); |
302 | if (grname && *grname) { | |
303 | if (*grname >= 0 && *grname <= 9) /* group by ID */ | |
304 | gid = getlogindefs_num("TTYGROUP", gid); | |
305 | else { /* group by name */ | |
306 | struct group *gr = getgrnam(grname); | |
307 | if (gr) | |
308 | gid = gr->gr_gid; | |
309 | } | |
310 | } | |
ff0392a0 KZ |
311 | |
312 | if (fchown(0, uid, gid)) /* tty */ | |
313 | chown_err(cxt->tty_name, uid, gid); | |
738246ed KZ |
314 | if (fchmod(0, cxt->tty_mode)) |
315 | chmod_err(cxt->tty_name, cxt->tty_mode); | |
ff0392a0 KZ |
316 | |
317 | #ifdef LOGIN_CHOWN_VCS | |
318 | if (is_consoletty(0)) { | |
319 | if (chown(cxt->vcs, uid, gid)) /* vcs */ | |
320 | chown_err(cxt->vcs, uid, gid); | |
738246ed KZ |
321 | if (chmod(cxt->vcs, cxt->tty_mode)) |
322 | chmod_err(cxt->vcs, cxt->tty_mode); | |
ff0392a0 KZ |
323 | |
324 | if (chown(cxt->vcsa, uid, gid)) /* vcsa */ | |
325 | chown_err(cxt->vcsa, uid, gid); | |
738246ed KZ |
326 | if (chmod(cxt->vcsa, cxt->tty_mode)) |
327 | chmod_err(cxt->vcsa, cxt->tty_mode); | |
ff0392a0 KZ |
328 | } |
329 | #endif | |
330 | } | |
331 | ||
99f7c131 KZ |
332 | /* |
333 | * Reads the currect terminal path and initialize cxt->tty_* variables. | |
334 | */ | |
335 | static void init_tty(struct login_context *cxt) | |
ab71156c | 336 | { |
99f7c131 KZ |
337 | const char *p; |
338 | struct stat st; | |
339 | struct termios tt, ttt; | |
340 | ||
738246ed KZ |
341 | cxt->tty_mode = (mode_t) getlogindefs_num("TTYPERM", TTY_MODE); |
342 | ||
99f7c131 | 343 | cxt->tty_path = ttyname(0); /* libc calls istty() here */ |
24f4bbff | 344 | |
99f7c131 KZ |
345 | /* |
346 | * In case login is suid it was possible to use a hardlink as stdin | |
347 | * and exploit races for a local root exploit. (Wojciech Purczynski). | |
348 | * | |
349 | * More precisely, the problem is ttyn := ttyname(0); ...; chown(ttyn); | |
350 | * here ttyname() might return "/tmp/x", a hardlink to a pseudotty. | |
351 | * All of this is a problem only when login is suid, which it isnt. | |
352 | */ | |
353 | if (!cxt->tty_path || !*cxt->tty_path || | |
354 | lstat(cxt->tty_path, &st) != 0 || !S_ISCHR(st.st_mode) || | |
355 | (st.st_nlink > 1 && strncmp(cxt->tty_path, "/dev/", 5)) || | |
356 | access(cxt->tty_path, R_OK | W_OK) != 0) { | |
66020e56 | 357 | |
24f4bbff | 358 | syslog(LOG_ERR, _("FATAL: bad tty")); |
66020e56 | 359 | sleepexit(EXIT_FAILURE); |
24f4bbff | 360 | } |
99f7c131 KZ |
361 | |
362 | if (strncmp(cxt->tty_path, "/dev/", 5) == 0) | |
363 | cxt->tty_name = cxt->tty_path + 5; | |
364 | else | |
365 | cxt->tty_name = cxt->tty_path; | |
366 | ||
367 | for (p = cxt->tty_name; p && *p; p++) { | |
368 | if (isdigit(*p)) { | |
369 | cxt->tty_number = p; | |
370 | break; | |
371 | } | |
372 | } | |
373 | ||
374 | #ifdef LOGIN_CHOWN_VCS | |
375 | /* find names of Virtual Console devices, for later mode change */ | |
376 | snprintf(cxt->vcsn, sizeof(cxt->vcsn), "/dev/vcs%s", cxt->tty_number); | |
377 | snprintf(cxt->vcsan, sizeof(cxt->vcsan), "/dev/vcsa%s", cxt->tty_number); | |
378 | #endif | |
379 | ||
380 | tcgetattr(0, &tt); | |
381 | ttt = tt; | |
382 | ttt.c_cflag &= ~HUPCL; | |
383 | ||
738246ed | 384 | if ((fchown(0, 0, 0) || fchmod(0, cxt->tty_mode)) && errno != EROFS) { |
99f7c131 KZ |
385 | |
386 | syslog(LOG_ERR, _("FATAL: %s: change permissions failed: %m"), | |
387 | cxt->tty_path); | |
388 | sleepexit(EXIT_FAILURE); | |
389 | } | |
390 | ||
391 | /* Kill processes left on this tty */ | |
392 | tcsetattr(0, TCSAFLUSH, &ttt); | |
393 | ||
394 | signal(SIGHUP, SIG_IGN); /* so vhangup() wont kill us */ | |
395 | vhangup(); | |
396 | signal(SIGHUP, SIG_DFL); | |
397 | ||
398 | /* open stdin,stdout,stderr to the tty */ | |
399 | open_tty(cxt->tty_path); | |
400 | ||
401 | /* restore tty modes */ | |
402 | tcsetattr(0, TCSAFLUSH, &tt); | |
24f4bbff KZ |
403 | } |
404 | ||
99f7c131 | 405 | |
48d7b13a | 406 | #ifdef LOGIN_CHOWN_VCS |
fd6b7a7f | 407 | /* true if the filedescriptor fd is a console tty, very Linux specific */ |
99f7c131 | 408 | static int is_consoletty(int fd) |
ab71156c KZ |
409 | { |
410 | struct stat stb; | |
411 | ||
412 | if ((fstat(fd, &stb) >= 0) | |
413 | && (major(stb.st_rdev) == TTY_MAJOR) | |
414 | && (minor(stb.st_rdev) < 64)) { | |
415 | return 1; | |
416 | } | |
417 | return 0; | |
fd6b7a7f | 418 | } |
48d7b13a | 419 | #endif |
fd6b7a7f | 420 | |
364cda48 KZ |
421 | /* |
422 | * Log failed login attempts in _PATH_BTMP if that exists. | |
423 | * Must be called only with username the name of an actual user. | |
424 | * The most common login failure is to give password instead of username. | |
425 | */ | |
a2de6177 | 426 | static void log_btmp(struct login_context *cxt) |
ab71156c | 427 | { |
364cda48 | 428 | struct utmp ut; |
75d4dbb0 | 429 | struct timeval tv; |
364cda48 KZ |
430 | |
431 | memset(&ut, 0, sizeof(ut)); | |
432 | ||
3eb8b797 KZ |
433 | strncpy(ut.ut_user, |
434 | cxt->username ? cxt->username : "(unknown)", | |
364cda48 KZ |
435 | sizeof(ut.ut_user)); |
436 | ||
d20337ed KZ |
437 | if (cxt->tty_number) |
438 | strncpy(ut.ut_id, cxt->tty_number, sizeof(ut.ut_id)); | |
439 | if (cxt->tty_name) | |
440 | xstrncpy(ut.ut_line, cxt->tty_name, sizeof(ut.ut_line)); | |
364cda48 | 441 | |
ab71156c | 442 | #if defined(_HAVE_UT_TV) /* in <utmpbits.h> included by <utmp.h> */ |
75d4dbb0 KZ |
443 | gettimeofday(&tv, NULL); |
444 | ut.ut_tv.tv_sec = tv.tv_sec; | |
445 | ut.ut_tv.tv_usec = tv.tv_usec; | |
364cda48 KZ |
446 | #else |
447 | { | |
448 | time_t t; | |
449 | time(&t); | |
ab71156c | 450 | ut.ut_time = t; /* ut_time is not always a time_t */ |
364cda48 KZ |
451 | } |
452 | #endif | |
453 | ||
ab71156c | 454 | ut.ut_type = LOGIN_PROCESS; /* XXX doesn't matter */ |
0180264f | 455 | ut.ut_pid = cxt->pid; |
c3f974a1 | 456 | |
d20337ed KZ |
457 | if (cxt->hostname) { |
458 | xstrncpy(ut.ut_host, cxt->hostname, sizeof(ut.ut_host)); | |
0468860d | 459 | if (*cxt->hostaddress) |
d20337ed | 460 | memcpy(&ut.ut_addr_v6, cxt->hostaddress, |
ab71156c | 461 | sizeof(ut.ut_addr_v6)); |
364cda48 | 462 | } |
6e3bc8a6 | 463 | |
364cda48 | 464 | updwtmp(_PATH_BTMP, &ut); |
364cda48 | 465 | } |
b2452358 | 466 | |
b2452358 | 467 | |
f8bdba2f | 468 | #ifdef HAVE_LIBAUDIT |
67e70761 | 469 | static void log_audit(struct login_context *cxt, int status) |
f8bdba2f | 470 | { |
f8bdba2f | 471 | int audit_fd; |
67e70761 | 472 | struct passwd *pwd = cxt->pwd; |
f8bdba2f KZ |
473 | |
474 | audit_fd = audit_open(); | |
475 | if (audit_fd == -1) | |
476 | return; | |
c3f974a1 KZ |
477 | if (!pwd && cxt->username) |
478 | pwd = getpwnam(cxt->username); | |
479 | ||
480 | audit_log_acct_message(audit_fd, | |
481 | AUDIT_USER_LOGIN, | |
482 | NULL, | |
483 | "login", | |
484 | cxt->username ? cxt->username : "(unknown)", | |
485 | pwd ? pwd->pw_uid : (unsigned int) -1, | |
486 | cxt->hostname, | |
487 | NULL, | |
488 | cxt->tty_name, | |
489 | status); | |
f8bdba2f KZ |
490 | |
491 | close(audit_fd); | |
492 | } | |
67e70761 KZ |
493 | #else /* !HAVE_LIBAUDIT */ |
494 | # define log_audit(cxt, status) | |
ab71156c | 495 | #endif /* HAVE_LIBAUDIT */ |
f8bdba2f | 496 | |
3761d0bb KZ |
497 | static void log_lastlog(struct login_context *cxt) |
498 | { | |
499 | struct lastlog ll; | |
500 | time_t t; | |
501 | int fd; | |
502 | ||
67e70761 KZ |
503 | if (!cxt->pwd) |
504 | return; | |
505 | ||
3761d0bb KZ |
506 | fd = open(_PATH_LASTLOG, O_RDWR, 0); |
507 | if (fd < 0) | |
508 | return; | |
509 | ||
67e70761 | 510 | lseek(fd, (off_t) cxt->pwd->pw_uid * sizeof(ll), SEEK_SET); |
3761d0bb KZ |
511 | |
512 | /* | |
513 | * Print last log message | |
514 | */ | |
515 | if (!cxt->quiet) { | |
516 | if (read(fd, (char *)&ll, sizeof(ll)) == sizeof(ll) && | |
517 | ll.ll_time != 0) { | |
518 | time_t ll_time = (time_t) ll.ll_time; | |
519 | ||
520 | printf(_("Last login: %.*s "), 24 - 5, ctime(&ll_time)); | |
521 | if (*ll.ll_host != '\0') | |
522 | printf(_("from %.*s\n"), | |
523 | (int)sizeof(ll.ll_host), ll.ll_host); | |
524 | else | |
525 | printf(_("on %.*s\n"), | |
526 | (int)sizeof(ll.ll_line), ll.ll_line); | |
527 | } | |
67e70761 | 528 | lseek(fd, (off_t) cxt->pwd->pw_uid * sizeof(ll), SEEK_SET); |
3761d0bb KZ |
529 | } |
530 | ||
531 | memset((char *)&ll, 0, sizeof(ll)); | |
532 | ||
533 | time(&t); | |
534 | ll.ll_time = t; /* ll_time is always 32bit */ | |
535 | ||
536 | if (cxt->tty_name) | |
537 | xstrncpy(ll.ll_line, cxt->tty_name, sizeof(ll.ll_line)); | |
538 | if (cxt->hostname) | |
539 | xstrncpy(ll.ll_host, cxt->hostname, sizeof(ll.ll_host)); | |
540 | ||
541 | if (write_all(fd, (char *)&ll, sizeof(ll))) | |
542 | warn(_("write lastlog failed")); | |
543 | ||
544 | close(fd); | |
545 | } | |
546 | ||
6e3bc8a6 KZ |
547 | /* |
548 | * Update wtmp and utmp logs | |
549 | */ | |
550 | static void log_utmp(struct login_context *cxt) | |
551 | { | |
552 | struct utmp ut; | |
553 | struct utmp *utp; | |
554 | struct timeval tv; | |
555 | ||
556 | utmpname(_PATH_UTMP); | |
557 | setutent(); | |
558 | ||
559 | /* Find pid in utmp. | |
560 | * | |
561 | * login sometimes overwrites the runlevel entry in /var/run/utmp, | |
562 | * confusing sysvinit. I added a test for the entry type, and the | |
563 | * problem was gone. (In a runlevel entry, st_pid is not really a pid | |
564 | * but some number calculated from the previous and current runlevel). | |
565 | * -- Michael Riepe <michael@stud.uni-hannover.de> | |
566 | */ | |
567 | while ((utp = getutent())) | |
568 | if (utp->ut_pid == cxt->pid | |
569 | && utp->ut_type >= INIT_PROCESS | |
570 | && utp->ut_type <= DEAD_PROCESS) | |
571 | break; | |
572 | ||
573 | /* If we can't find a pre-existing entry by pid, try by line. | |
574 | * BSD network daemons may rely on this. | |
575 | */ | |
576 | if (utp == NULL) { | |
577 | setutent(); | |
578 | ut.ut_type = LOGIN_PROCESS; | |
579 | strncpy(ut.ut_line, cxt->tty_name, sizeof(ut.ut_line)); | |
580 | utp = getutline(&ut); | |
581 | } | |
582 | ||
583 | if (utp) | |
584 | memcpy(&ut, utp, sizeof(ut)); | |
585 | else | |
586 | /* some gettys/telnetds don't initialize utmp... */ | |
587 | memset(&ut, 0, sizeof(ut)); | |
588 | ||
589 | if (ut.ut_id[0] == 0) | |
590 | strncpy(ut.ut_id, cxt->tty_number, sizeof(ut.ut_id)); | |
591 | ||
592 | strncpy(ut.ut_user, cxt->username, sizeof(ut.ut_user)); | |
593 | xstrncpy(ut.ut_line, cxt->tty_name, sizeof(ut.ut_line)); | |
594 | ||
595 | #ifdef _HAVE_UT_TV /* in <utmpbits.h> included by <utmp.h> */ | |
596 | gettimeofday(&tv, NULL); | |
597 | ut.ut_tv.tv_sec = tv.tv_sec; | |
598 | ut.ut_tv.tv_usec = tv.tv_usec; | |
599 | #else | |
600 | { | |
601 | time_t t; | |
602 | time(&t); | |
603 | ut.ut_time = t; /* ut_time is not always a time_t */ | |
604 | /* glibc2 #defines it as ut_tv.tv_sec */ | |
605 | } | |
606 | #endif | |
607 | ut.ut_type = USER_PROCESS; | |
608 | ut.ut_pid = cxt->pid; | |
609 | if (cxt->hostname) { | |
610 | xstrncpy(ut.ut_host, cxt->hostname, sizeof(ut.ut_host)); | |
0468860d | 611 | if (*cxt->hostaddress) |
6e3bc8a6 KZ |
612 | memcpy(&ut.ut_addr_v6, cxt->hostaddress, |
613 | sizeof(ut.ut_addr_v6)); | |
614 | } | |
615 | ||
616 | pututline(&ut); | |
617 | endutent(); | |
618 | ||
619 | updwtmp(_PATH_WTMP, &ut); | |
620 | } | |
621 | ||
516b00c4 KZ |
622 | static void log_syslog(struct login_context *cxt) |
623 | { | |
624 | struct passwd *pwd = cxt->pwd; | |
625 | ||
626 | if (!strncmp(cxt->tty_name, "ttyS", 4)) | |
627 | syslog(LOG_INFO, _("DIALUP AT %s BY %s"), | |
628 | cxt->tty_name, pwd->pw_name); | |
629 | ||
630 | if (!pwd->pw_uid) { | |
631 | if (cxt->hostname) | |
632 | syslog(LOG_NOTICE, _("ROOT LOGIN ON %s FROM %s"), | |
633 | cxt->tty_name, cxt->hostname); | |
634 | else | |
635 | syslog(LOG_NOTICE, _("ROOT LOGIN ON %s"), cxt->tty_name); | |
636 | } else { | |
637 | if (cxt->hostname) | |
638 | syslog(LOG_INFO, _("LOGIN ON %s BY %s FROM %s"), | |
639 | cxt->tty_name, pwd->pw_name, cxt->hostname); | |
640 | else | |
641 | syslog(LOG_INFO, _("LOGIN ON %s BY %s"), cxt->tty_name, | |
642 | pwd->pw_name); | |
643 | } | |
644 | } | |
645 | ||
67e70761 KZ |
646 | static struct passwd *get_passwd_entry(const char *username, |
647 | char **pwdbuf, | |
648 | struct passwd *pwd) | |
649 | { | |
650 | struct passwd *res = NULL; | |
fc01644d | 651 | size_t sz = 16384; |
67e70761 KZ |
652 | int x; |
653 | ||
654 | if (!pwdbuf || !username) | |
655 | return NULL; | |
656 | ||
657 | #ifdef _SC_GETPW_R_SIZE_MAX | |
fc01644d KZ |
658 | { |
659 | long xsz = sysconf(_SC_GETPW_R_SIZE_MAX); | |
660 | if (xsz > 0) | |
661 | sz = (size_t) xsz; | |
662 | } | |
67e70761 | 663 | #endif |
a2e84c7d | 664 | *pwdbuf = xrealloc(*pwdbuf, sz); |
67e70761 KZ |
665 | |
666 | x = getpwnam_r(username, pwd, *pwdbuf, sz, &res); | |
667 | if (!res) { | |
668 | errno = x; | |
669 | return NULL; | |
670 | } | |
671 | return res; | |
672 | } | |
673 | ||
53e9eda3 | 674 | /* encapsulate stupid "void **" pam_get_item() API */ |
eab72c4e | 675 | static int loginpam_get_username(pam_handle_t *pamh, char **name) |
53e9eda3 | 676 | { |
ab71156c | 677 | const void *item = (void *)*name; |
53e9eda3 KZ |
678 | int rc; |
679 | rc = pam_get_item(pamh, PAM_USER, &item); | |
ab71156c | 680 | *name = (char *)item; |
53e9eda3 KZ |
681 | return rc; |
682 | } | |
53e9eda3 | 683 | |
a40f08ef | 684 | static void loginpam_err(pam_handle_t *pamh, int retcode) |
905045d4 KZ |
685 | { |
686 | const char *msg = pam_strerror(pamh, retcode); | |
687 | ||
688 | if (msg) { | |
689 | fprintf(stderr, "\n%s\n", msg); | |
690 | syslog(LOG_ERR, "%s", msg); | |
691 | } | |
692 | pam_end(pamh, retcode); | |
f950752b | 693 | sleepexit(EXIT_FAILURE); |
905045d4 KZ |
694 | } |
695 | ||
92e386ca KZ |
696 | /* |
697 | * Composes "<host> login: " string; or returns "login: " is -H is given | |
698 | */ | |
699 | static const char *loginpam_get_prompt(struct login_context *cxt) | |
700 | { | |
701 | const char *host; | |
702 | char *prompt, *dflt_prompt = _("login: "); | |
703 | size_t sz; | |
704 | ||
705 | if (cxt->nohost || !(host = get_thishost(cxt, NULL))) | |
706 | return dflt_prompt; | |
707 | ||
708 | sz = strlen(host) + 1 + strlen(dflt_prompt) + 1; | |
709 | ||
710 | prompt = xmalloc(sz); | |
711 | snprintf(prompt, sz, "%s %s", host, dflt_prompt); | |
712 | ||
713 | return prompt; | |
714 | } | |
715 | ||
eab72c4e KZ |
716 | static pam_handle_t *init_loginpam(struct login_context *cxt) |
717 | { | |
718 | pam_handle_t *pamh = NULL; | |
719 | int rc; | |
720 | ||
721 | /* | |
722 | * username is initialized to NULL and if specified on the command line | |
723 | * it is set. Therefore, we are safe not setting it to anything | |
724 | */ | |
725 | rc = pam_start(cxt->remote ? "remote" : "login", | |
726 | cxt->username, &cxt->conv, &pamh); | |
727 | if (rc != PAM_SUCCESS) { | |
728 | warnx(_("PAM failure, aborting: %s"), pam_strerror(pamh, rc)); | |
729 | syslog(LOG_ERR, _("Couldn't initialize PAM: %s"), | |
730 | pam_strerror(pamh, rc)); | |
f950752b | 731 | sleepexit(EXIT_FAILURE); |
eab72c4e KZ |
732 | } |
733 | ||
734 | /* hostname & tty are either set to NULL or their correct values, | |
735 | * depending on how much we know | |
736 | */ | |
737 | rc = pam_set_item(pamh, PAM_RHOST, cxt->hostname); | |
738 | if (is_pam_failure(rc)) | |
739 | loginpam_err(pamh, rc); | |
740 | ||
741 | rc = pam_set_item(pamh, PAM_TTY, cxt->tty_name); | |
742 | if (is_pam_failure(rc)) | |
743 | loginpam_err(pamh, rc); | |
744 | ||
745 | /* | |
746 | * Andrew.Taylor@cal.montage.ca: Provide a user prompt to PAM so that | |
747 | * the "login: " prompt gets localized. Unfortunately, PAM doesn't have | |
748 | * an interface to specify the "Password: " string (yet). | |
749 | */ | |
92e386ca | 750 | rc = pam_set_item(pamh, PAM_USER_PROMPT, loginpam_get_prompt(cxt)); |
eab72c4e KZ |
751 | if (is_pam_failure(rc)) |
752 | loginpam_err(pamh, rc); | |
753 | ||
754 | /* we need't the original username. We have to follow PAM. */ | |
755 | free(cxt->username); | |
756 | cxt->username = NULL; | |
757 | cxt->pamh = pamh; | |
758 | ||
759 | return pamh; | |
760 | } | |
761 | ||
a2de6177 KZ |
762 | static void loginpam_auth(struct login_context *cxt) |
763 | { | |
fab1f671 | 764 | int rc, failcount = 0, show_unknown, retries; |
cea8ec53 KZ |
765 | const char *hostname = cxt->hostname ? cxt->hostname : |
766 | cxt->tty_name ? cxt->tty_name : "<unknown>"; | |
a2de6177 KZ |
767 | pam_handle_t *pamh = cxt->pamh; |
768 | ||
769 | /* if we didn't get a user on the command line, set it to NULL */ | |
770 | loginpam_get_username(pamh, &cxt->username); | |
771 | ||
cea8ec53 | 772 | show_unknown = getlogindefs_bool("LOG_UNKFAIL_ENAB", 0); |
fab1f671 | 773 | retries = getlogindefs_num("LOGIN_RETRIES", LOGIN_MAX_TRIES); |
cea8ec53 | 774 | |
a2de6177 KZ |
775 | /* |
776 | * There may be better ways to deal with some of these conditions, but | |
777 | * at least this way I don't think we'll be giving away information... | |
778 | * | |
779 | * Perhaps someday we can trust that all PAM modules will pay attention | |
fab1f671 | 780 | * to failure count and get rid of LOGIN_MAX_TRIES? |
a2de6177 KZ |
781 | */ |
782 | rc = pam_authenticate(pamh, 0); | |
783 | ||
fab1f671 | 784 | while ((++failcount < retries) && |
a2de6177 KZ |
785 | ((rc == PAM_AUTH_ERR) || |
786 | (rc == PAM_USER_UNKNOWN) || | |
787 | (rc == PAM_CRED_INSUFFICIENT) || | |
788 | (rc == PAM_AUTHINFO_UNAVAIL))) { | |
789 | ||
cea8ec53 KZ |
790 | if (rc == PAM_USER_UNKNOWN && !show_unknown) |
791 | /* | |
792 | * logging unknown usernames may be a security issue if | |
793 | * an user enter her password instead of her login name | |
794 | */ | |
795 | cxt->username = NULL; | |
796 | else | |
797 | loginpam_get_username(pamh, &cxt->username); | |
a2de6177 KZ |
798 | |
799 | syslog(LOG_NOTICE, | |
800 | _("FAILED LOGIN %d FROM %s FOR %s, %s"), | |
cea8ec53 KZ |
801 | failcount, hostname, |
802 | cxt->username ? cxt->username : "(unknown)", | |
a2de6177 KZ |
803 | pam_strerror(pamh, rc)); |
804 | ||
805 | log_btmp(cxt); | |
806 | log_audit(cxt, 0); | |
807 | ||
808 | fprintf(stderr, _("Login incorrect\n\n")); | |
809 | ||
810 | pam_set_item(pamh, PAM_USER, NULL); | |
811 | rc = pam_authenticate(pamh, 0); | |
812 | } | |
813 | ||
814 | if (is_pam_failure(rc)) { | |
815 | ||
cea8ec53 KZ |
816 | if (rc == PAM_USER_UNKNOWN && !show_unknown) |
817 | cxt->username = NULL; | |
818 | else | |
819 | loginpam_get_username(pamh, &cxt->username); | |
a2de6177 KZ |
820 | |
821 | if (rc == PAM_MAXTRIES) | |
822 | syslog(LOG_NOTICE, | |
823 | _("TOO MANY LOGIN TRIES (%d) FROM %s FOR %s, %s"), | |
cea8ec53 KZ |
824 | failcount, hostname, |
825 | cxt->username ? cxt->username : "(unknown)", | |
a2de6177 KZ |
826 | pam_strerror(pamh, rc)); |
827 | else | |
828 | syslog(LOG_NOTICE, | |
829 | _("FAILED LOGIN SESSION FROM %s FOR %s, %s"), | |
cea8ec53 KZ |
830 | hostname, |
831 | cxt->username ? cxt->username : "(unknown)", | |
a2de6177 KZ |
832 | pam_strerror(pamh, rc)); |
833 | ||
834 | log_btmp(cxt); | |
835 | log_audit(cxt, 0); | |
836 | ||
837 | fprintf(stderr, _("\nLogin incorrect\n")); | |
838 | pam_end(pamh, rc); | |
f950752b | 839 | sleepexit(EXIT_SUCCESS); |
a2de6177 KZ |
840 | } |
841 | } | |
842 | ||
98306fc5 KZ |
843 | static void loginpam_acct(struct login_context *cxt) |
844 | { | |
845 | int rc; | |
846 | pam_handle_t *pamh = cxt->pamh; | |
847 | ||
848 | rc = pam_acct_mgmt(pamh, 0); | |
849 | ||
850 | if (rc == PAM_NEW_AUTHTOK_REQD) | |
851 | rc = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK); | |
852 | ||
853 | if (is_pam_failure(rc)) | |
854 | loginpam_err(pamh, rc); | |
855 | ||
856 | /* | |
857 | * Grab the user information out of the password file for future usage | |
858 | * First get the username that we are actually using, though. | |
859 | */ | |
860 | rc = loginpam_get_username(pamh, &cxt->username); | |
861 | if (is_pam_failure(rc)) | |
862 | loginpam_err(pamh, rc); | |
863 | ||
864 | if (!cxt->username || !*cxt->username) { | |
865 | warnx(_("\nSession setup problem, abort.")); | |
866 | syslog(LOG_ERR, _("NULL user name in %s:%d. Abort."), | |
867 | __FUNCTION__, __LINE__); | |
868 | pam_end(pamh, PAM_SYSTEM_ERR); | |
f950752b | 869 | sleepexit(EXIT_FAILURE); |
98306fc5 KZ |
870 | } |
871 | } | |
872 | ||
34f7ea15 KZ |
873 | /* |
874 | * Note that position of the pam_setcred() call is discussable: | |
875 | * | |
876 | * - the PAM docs recommends pam_setcred() before pam_open_session() | |
877 | * - but the original RFC http://www.opengroup.org/rfc/mirror-rfc/rfc86.0.txt | |
878 | * uses pam_setcred() after pam_open_session() | |
879 | * | |
880 | * The old login versions (before year 2011) followed the RFC. This is probably | |
881 | * not optimal, because there could be dependence between some session modules | |
882 | * and user's credentials. | |
883 | * | |
884 | * The best is probably to follow openssh and call pam_setcred() before and | |
885 | * after pam_open_session(). -- kzak@redhat.com (18-Nov-2011) | |
886 | * | |
887 | */ | |
59a184d9 KZ |
888 | static void loginpam_session(struct login_context *cxt) |
889 | { | |
890 | int rc; | |
891 | pam_handle_t *pamh = cxt->pamh; | |
892 | ||
34f7ea15 | 893 | rc = pam_setcred(pamh, PAM_ESTABLISH_CRED); |
59a184d9 KZ |
894 | if (is_pam_failure(rc)) |
895 | loginpam_err(pamh, rc); | |
896 | ||
34f7ea15 KZ |
897 | rc = pam_open_session(pamh, 0); |
898 | if (is_pam_failure(rc)) { | |
899 | pam_setcred(cxt->pamh, PAM_DELETE_CRED); | |
900 | loginpam_err(pamh, rc); | |
901 | } | |
902 | ||
903 | rc = pam_setcred(pamh, PAM_REINITIALIZE_CRED); | |
59a184d9 KZ |
904 | if (is_pam_failure(rc)) { |
905 | pam_close_session(pamh, 0); | |
906 | loginpam_err(pamh, rc); | |
907 | } | |
908 | } | |
909 | ||
3c0e680c KZ |
910 | /* |
911 | * We need to check effective UID/GID. For example $HOME could be on root | |
912 | * squashed NFS or on NFS with UID mapping and access(2) uses real UID/GID. | |
913 | * The open(2) seems as the surest solution. | |
914 | * -- kzak@redhat.com (10-Apr-2009) | |
915 | */ | |
918b1a9d | 916 | static int effective_access(const char *path, int mode) |
3c0e680c KZ |
917 | { |
918 | int fd = open(path, mode); | |
919 | if (fd != -1) | |
920 | close(fd); | |
921 | return fd == -1 ? -1 : 0; | |
922 | } | |
923 | ||
918b1a9d KZ |
924 | /* |
925 | * Check per accout or global hush-login setting. | |
926 | * | |
927 | * Hushed mode is enabled: | |
928 | * | |
929 | * a) if global (e.g. /etc/hushlogins) hush file exists: | |
930 | * 1) for ALL ACCOUNTS if the file is empty | |
931 | * 2) for the current user if the username or shell are found in the file | |
932 | * | |
933 | * b) if ~/.hushlogin file exists | |
934 | * | |
935 | * The ~/.hushlogin is ignored if the global hush file exists. | |
936 | * | |
84d3c9ff KZ |
937 | * The HUSHLOGIN_FILE login.def variable overwrites the default hush filename. |
938 | * | |
918b1a9d KZ |
939 | * Note that shadow-utils login(1) does not support "a1)". The "a1)" is |
940 | * necessary if you want to use PAM for "Last login" message. | |
941 | * | |
942 | * -- Karel Zak <kzak@redhat.com> (26-Aug-2011) | |
943 | * | |
944 | * | |
945 | * Per-account check requires some explanation: As root we may not be able to | |
946 | * read the directory of the user if it is on an NFS mounted filesystem. We | |
947 | * temporarily set our effective uid to the user-uid making sure that we keep | |
948 | * root privs. in the real uid. | |
949 | * | |
950 | * A portable solution would require a fork(), but we rely on Linux having the | |
951 | * BSD setreuid() | |
952 | */ | |
953 | static int get_hushlogin_status(struct passwd *pwd) | |
954 | { | |
955 | const char *files[] = { _PATH_HUSHLOGINS, _PATH_HUSHLOGIN, NULL }; | |
84d3c9ff | 956 | const char *file; |
918b1a9d KZ |
957 | char buf[BUFSIZ]; |
958 | int i; | |
959 | ||
84d3c9ff KZ |
960 | file = getlogindefs_str("HUSHLOGIN_FILE", NULL); |
961 | if (file) { | |
962 | if (!*file) | |
963 | return 0; /* empty HUSHLOGIN_FILE defined */ | |
964 | ||
965 | files[0] = file; | |
966 | files[1] = NULL; | |
967 | } | |
968 | ||
918b1a9d | 969 | for (i = 0; files[i]; i++) { |
918b1a9d KZ |
970 | int ok = 0; |
971 | ||
84d3c9ff KZ |
972 | file = files[i]; |
973 | ||
918b1a9d KZ |
974 | /* Global hush-file*/ |
975 | if (*file == '/') { | |
976 | struct stat st; | |
977 | FILE *f; | |
978 | ||
979 | if (stat(file, &st) != 0) | |
980 | continue; /* file does not exist */ | |
981 | ||
982 | if (st.st_size == 0) | |
983 | return 1; /* for all accounts */ | |
984 | ||
985 | f = fopen(file, "r"); | |
986 | if (!f) | |
987 | continue; /* ignore errors... */ | |
988 | ||
989 | while (ok == 0 && fgets(buf, sizeof(buf), f)) { | |
990 | buf[strlen(buf) - 1] = '\0'; | |
991 | ok = !strcmp(buf, *buf == '/' ? pwd->pw_shell : | |
992 | pwd->pw_name); | |
993 | } | |
994 | fclose(f); | |
995 | if (ok) | |
996 | return 1; /* found username/shell */ | |
997 | ||
998 | return 0; /* ignore per-account files */ | |
999 | } | |
1000 | ||
1001 | /* Per-account setting */ | |
1002 | if (strlen(pwd->pw_dir) + sizeof(file) + 2 > sizeof(buf)) | |
1003 | continue; | |
1004 | else { | |
1005 | uid_t ruid = getuid(); | |
1006 | gid_t egid = getegid(); | |
1007 | ||
1008 | sprintf(buf, "%s/%s", pwd->pw_dir, file); | |
1009 | setregid(-1, pwd->pw_gid); | |
1010 | setreuid(0, pwd->pw_uid); | |
1011 | ok = effective_access(buf, O_RDONLY) == 0; | |
1012 | setuid(0); /* setreuid doesn't do it alone! */ | |
1013 | setreuid(ruid, 0); | |
1014 | setregid(-1, egid); | |
1015 | ||
1016 | if (ok) | |
1017 | return 1; /* enabled by user */ | |
1018 | } | |
1019 | } | |
1020 | ||
1021 | return 0; | |
1022 | } | |
1023 | ||
a169a454 KZ |
1024 | /* |
1025 | * Detach the controlling terminal, fork, restore syslog stuff and create a new | |
1026 | * session. | |
1027 | */ | |
1028 | static void fork_session(struct login_context *cxt) | |
1029 | { | |
1030 | struct sigaction sa, oldsa_hup, oldsa_term; | |
1031 | ||
1032 | signal(SIGALRM, SIG_DFL); | |
1033 | signal(SIGQUIT, SIG_DFL); | |
1034 | signal(SIGTSTP, SIG_IGN); | |
1035 | ||
1036 | memset(&sa, 0, sizeof(sa)); | |
1037 | sa.sa_handler = SIG_IGN; | |
1038 | sigaction(SIGINT, &sa, NULL); | |
1039 | ||
1040 | sigaction(SIGHUP, &sa, &oldsa_hup); /* ignore when TIOCNOTTY */ | |
1041 | ||
1042 | /* | |
1043 | * detach the controlling tty | |
1044 | * -- we needn't the tty in parent who waits for child only. | |
1045 | * The child calls setsid() that detach from the tty as well. | |
1046 | */ | |
1047 | ioctl(0, TIOCNOTTY, NULL); | |
1048 | ||
1049 | /* | |
1050 | * We have care about SIGTERM, because leave PAM session without | |
1051 | * pam_close_session() is pretty bad thing. | |
1052 | */ | |
1053 | sa.sa_handler = sig_handler; | |
1054 | sigaction(SIGHUP, &sa, NULL); | |
1055 | sigaction(SIGTERM, &sa, &oldsa_term); | |
1056 | ||
1057 | closelog(); | |
1058 | ||
1059 | /* | |
1060 | * We must fork before setuid() because we need to call | |
1061 | * pam_close_session() as root. | |
1062 | */ | |
1063 | child_pid = fork(); | |
1064 | if (child_pid < 0) { | |
1065 | /* | |
1066 | * fork() error | |
1067 | */ | |
1068 | warn(_("fork failed")); | |
1069 | ||
1070 | pam_setcred(cxt->pamh, PAM_DELETE_CRED); | |
1071 | pam_end(cxt->pamh, pam_close_session(cxt->pamh, 0)); | |
f950752b | 1072 | sleepexit(EXIT_FAILURE); |
a169a454 KZ |
1073 | } |
1074 | ||
1075 | if (child_pid) { | |
1076 | /* | |
1077 | * parent - wait for child to finish, then cleanup session | |
1078 | */ | |
1079 | close(0); | |
1080 | close(1); | |
1081 | close(2); | |
1082 | sa.sa_handler = SIG_IGN; | |
1083 | sigaction(SIGQUIT, &sa, NULL); | |
1084 | sigaction(SIGINT, &sa, NULL); | |
1085 | ||
1086 | /* wait as long as any child is there */ | |
1087 | while (wait(NULL) == -1 && errno == EINTR) ; | |
1088 | openlog("login", LOG_ODELAY, LOG_AUTHPRIV); | |
1089 | ||
1090 | pam_setcred(cxt->pamh, PAM_DELETE_CRED); | |
1091 | pam_end(cxt->pamh, pam_close_session(cxt->pamh, 0)); | |
1092 | exit(EXIT_SUCCESS); | |
1093 | } | |
1094 | ||
1095 | /* | |
1096 | * child | |
1097 | */ | |
1098 | sigaction(SIGHUP, &oldsa_hup, NULL); /* restore old state */ | |
1099 | sigaction(SIGTERM, &oldsa_term, NULL); | |
1100 | if (got_sig) | |
1101 | exit(EXIT_FAILURE); | |
1102 | ||
1103 | /* | |
1104 | * Problem: if the user's shell is a shell like ash that doesnt do | |
1105 | * setsid() or setpgrp(), then a ctrl-\, sending SIGQUIT to every | |
1106 | * process in the pgrp, will kill us. | |
1107 | */ | |
1108 | ||
1109 | /* start new session */ | |
1110 | setsid(); | |
1111 | ||
1112 | /* make sure we have a controlling tty */ | |
1113 | open_tty(cxt->tty_path); | |
1114 | openlog("login", LOG_ODELAY, LOG_AUTHPRIV); /* reopen */ | |
1115 | ||
1116 | /* | |
1117 | * TIOCSCTTY: steal tty from other process group. | |
1118 | */ | |
1119 | if (ioctl(0, TIOCSCTTY, 1)) | |
1120 | syslog(LOG_ERR, _("TIOCSCTTY failed: %m")); | |
1121 | signal(SIGINT, SIG_DFL); | |
1122 | } | |
1123 | ||
241e4565 KZ |
1124 | /* |
1125 | * Initialize $TERM, $HOME, ... | |
1126 | */ | |
1127 | static void init_environ(struct login_context *cxt) | |
1128 | { | |
1129 | struct passwd *pwd = cxt->pwd; | |
1130 | char *termenv = NULL, **env; | |
1131 | char tmp[PATH_MAX]; | |
1132 | int len, i; | |
1133 | ||
1134 | termenv = getenv("TERM"); | |
a2e84c7d | 1135 | termenv = termenv ? xstrdup(termenv) : "dumb"; |
241e4565 KZ |
1136 | |
1137 | /* destroy environment unless user has requested preservation (-p) */ | |
1138 | if (!cxt->keep_env) { | |
a2e84c7d | 1139 | environ = (char **) xmalloc(sizeof(char *)); |
241e4565 KZ |
1140 | memset(environ, 0, sizeof(char *)); |
1141 | } | |
1142 | ||
1143 | setenv("HOME", pwd->pw_dir, 0); /* legal to override */ | |
241e4565 KZ |
1144 | setenv("SHELL", pwd->pw_shell, 1); |
1145 | setenv("TERM", termenv, 1); | |
1146 | ||
9f7293ea | 1147 | if (pwd->pw_uid) |
607e6b7c KZ |
1148 | logindefs_setenv("PATH", "ENV_PATH", _PATH_DEFPATH); |
1149 | ||
1150 | else if (logindefs_setenv("PATH", "ENV_ROOTPATH", NULL) != 0) | |
1151 | logindefs_setenv("PATH", "ENV_SUPATH", _PATH_DEFPATH_ROOT); | |
9f7293ea | 1152 | |
241e4565 KZ |
1153 | /* mailx will give a funny error msg if you forget this one */ |
1154 | len = snprintf(tmp, sizeof(tmp), "%s/%s", _PATH_MAILDIR, pwd->pw_name); | |
1155 | if (len > 0 && (size_t) len + 1 <= sizeof(tmp)) | |
1156 | setenv("MAIL", tmp, 0); | |
1157 | ||
1158 | /* LOGNAME is not documented in login(1) but HP-UX 6.5 does it. We'll | |
1159 | * not allow modifying it. | |
1160 | */ | |
1161 | setenv("LOGNAME", pwd->pw_name, 1); | |
1162 | ||
1163 | env = pam_getenvlist(cxt->pamh); | |
1164 | for (i = 0; env && env[i]; i++) | |
1165 | putenv(env[i]); | |
1166 | } | |
1167 | ||
cbbd5185 KZ |
1168 | /* |
1169 | * Called for -h option, initialize cxt->{hostname,hostaddress} | |
1170 | */ | |
1171 | static void init_remote_info(struct login_context *cxt, char *remotehost) | |
1172 | { | |
92e386ca KZ |
1173 | const char *domain; |
1174 | char *p; | |
cbbd5185 KZ |
1175 | struct addrinfo hints, *info = NULL; |
1176 | ||
1177 | cxt->remote = 1; | |
1178 | ||
92e386ca | 1179 | get_thishost(cxt, &domain); |
cbbd5185 | 1180 | |
92e386ca KZ |
1181 | if (domain && (p = strchr(remotehost, '.')) && |
1182 | strcasecmp(p + 1, domain) == 0) | |
cbbd5185 KZ |
1183 | *p = '\0'; |
1184 | ||
1185 | cxt->hostname = xstrdup(remotehost); | |
1186 | ||
1187 | memset(&hints, 0, sizeof(hints)); | |
1188 | hints.ai_flags = AI_ADDRCONFIG; | |
1189 | cxt->hostaddress[0] = 0; | |
1190 | ||
1191 | if (getaddrinfo(cxt->hostname, NULL, &hints, &info) == 0 && info) { | |
1192 | if (info->ai_family == AF_INET) { | |
1193 | struct sockaddr_in *sa = | |
1194 | (struct sockaddr_in *) info->ai_addr; | |
1195 | ||
1196 | memcpy(cxt->hostaddress, &(sa->sin_addr), sizeof(sa->sin_addr)); | |
1197 | ||
1198 | } else if (info->ai_family == AF_INET6) { | |
1199 | struct sockaddr_in6 *sa = | |
1200 | (struct sockaddr_in6 *) info->ai_addr; | |
1201 | ||
1202 | memcpy(cxt->hostaddress, &(sa->sin6_addr), sizeof(sa->sin6_addr)); | |
1203 | } | |
1204 | freeaddrinfo(info); | |
1205 | } | |
1206 | } | |
1207 | ||
ab71156c | 1208 | int main(int argc, char **argv) |
6dbe3af9 | 1209 | { |
fc32d43e | 1210 | int c; |
241e4565 | 1211 | int cnt; |
ab71156c KZ |
1212 | char *childArgv[10]; |
1213 | char *buff; | |
1214 | int childArgc = 0; | |
1215 | int retcode; | |
6dbe3af9 | 1216 | |
67e70761 KZ |
1217 | char *pwdbuf = NULL; |
1218 | struct passwd *pwd = NULL, _pwd; | |
1219 | ||
0180264f | 1220 | struct login_context cxt = { |
738246ed | 1221 | .tty_mode = TTY_MODE, /* tty chmod() */ |
eab72c4e KZ |
1222 | .pid = getpid(), /* PID */ |
1223 | .conv = { misc_conv, NULL } /* PAM conversation function */ | |
0180264f | 1224 | }; |
ab71156c | 1225 | |
9abd9cde KZ |
1226 | timeout = getlogindefs_num("LOGIN_TIMEOUT", LOGIN_TIMEOUT); |
1227 | ||
ab71156c KZ |
1228 | signal(SIGALRM, timedout); |
1229 | siginterrupt(SIGALRM, 1); /* we have to interrupt syscalls like ioclt() */ | |
1230 | alarm((unsigned int)timeout); | |
1231 | signal(SIGQUIT, SIG_IGN); | |
1232 | signal(SIGINT, SIG_IGN); | |
1233 | ||
1234 | setlocale(LC_ALL, ""); | |
1235 | bindtextdomain(PACKAGE, LOCALEDIR); | |
1236 | textdomain(PACKAGE); | |
1237 | ||
1238 | setpriority(PRIO_PROCESS, 0, 0); | |
1239 | initproctitle(argc, argv); | |
1240 | ||
1241 | /* | |
1242 | * -p is used by getty to tell login not to destroy the environment | |
1243 | * -f is used to skip a second login authentication | |
1244 | * -h is used by other servers to pass the name of the remote | |
1245 | * host to login so that it may be placed in utmp and wtmp | |
1246 | */ | |
0effd19e | 1247 | while ((c = getopt(argc, argv, "fHh:pV")) != -1) |
fc32d43e | 1248 | switch (c) { |
ab71156c | 1249 | case 'f': |
a2de6177 | 1250 | cxt.noauth = 1; |
ab71156c KZ |
1251 | break; |
1252 | ||
92e386ca KZ |
1253 | case 'H': |
1254 | cxt.nohost = 1; | |
1255 | break; | |
1256 | ||
ab71156c KZ |
1257 | case 'h': |
1258 | if (getuid()) { | |
1259 | fprintf(stderr, | |
1260 | _("login: -h for super-user only.\n")); | |
1261 | exit(EXIT_FAILURE); | |
ea6c190a | 1262 | } |
cbbd5185 | 1263 | init_remote_info(&cxt, optarg); |
ab71156c KZ |
1264 | break; |
1265 | ||
1266 | case 'p': | |
241e4565 | 1267 | cxt.keep_env = 1; |
ab71156c KZ |
1268 | break; |
1269 | ||
0effd19e SK |
1270 | case 'V': |
1271 | printf(UTIL_LINUX_VERSION); | |
1272 | return EXIT_SUCCESS; | |
ab71156c KZ |
1273 | case '?': |
1274 | default: | |
92e386ca | 1275 | fprintf(stderr, _("usage: login [ -p ] [ -h host ] [ -H ] [ -f username | username ]\n")); |
ab71156c | 1276 | exit(EXIT_FAILURE); |
ea6c190a | 1277 | } |
ab71156c KZ |
1278 | argc -= optind; |
1279 | argv += optind; | |
1280 | ||
1281 | if (*argv) { | |
1282 | char *p = *argv; | |
a2e84c7d | 1283 | cxt.username = xstrdup(p); |
ab71156c KZ |
1284 | |
1285 | /* wipe name - some people mistype their password here */ | |
1286 | /* (of course we are too late, but perhaps this helps a little ..) */ | |
1287 | while (*p) | |
1288 | *p++ = ' '; | |
1289 | } | |
1290 | ||
1291 | for (cnt = getdtablesize(); cnt > 2; cnt--) | |
1292 | close(cnt); | |
1293 | ||
99f7c131 | 1294 | setpgrp(); /* set pgid to pid this means that setsid() will fail */ |
11784a84 | 1295 | |
ab71156c | 1296 | openlog("login", LOG_ODELAY, LOG_AUTHPRIV); |
364cda48 | 1297 | |
99f7c131 | 1298 | init_tty(&cxt); |
4ab0df0a | 1299 | init_loginpam(&cxt); |
fd6b7a7f | 1300 | |
a2de6177 KZ |
1301 | /* login -f, then the user has already been authenticated */ |
1302 | cxt.noauth = cxt.noauth && getuid() == 0 ? 1 : 0; | |
ab71156c | 1303 | |
a2de6177 KZ |
1304 | if (!cxt.noauth) |
1305 | loginpam_auth(&cxt); | |
6dbe3af9 | 1306 | |
ab71156c | 1307 | /* |
98306fc5 KZ |
1308 | * Authentication may be skipped (for example, during krlogin, rlogin, |
1309 | * etc...), but it doesn't mean that we can skip other account checks. | |
1310 | * The account could be disabled or password expired (althought | |
1311 | * kerberos ticket is valid). -- kzak@redhat.com (22-Feb-2006) | |
ab71156c | 1312 | */ |
98306fc5 | 1313 | loginpam_acct(&cxt); |
a7507436 | 1314 | |
67e70761 | 1315 | if (!(cxt.pwd = get_passwd_entry(cxt.username, &pwdbuf, &_pwd))) { |
ab71156c KZ |
1316 | warnx(_("\nSession setup problem, abort.")); |
1317 | syslog(LOG_ERR, _("Invalid user name \"%s\" in %s:%d. Abort."), | |
3eb8b797 | 1318 | cxt.username, __FUNCTION__, __LINE__); |
4ab0df0a | 1319 | pam_end(cxt.pamh, PAM_SYSTEM_ERR); |
f950752b | 1320 | sleepexit(EXIT_FAILURE); |
2b6fc908 | 1321 | } |
e09947b5 | 1322 | |
67e70761 | 1323 | pwd = cxt.pwd; |
3eb8b797 | 1324 | cxt.username = pwd->pw_name; |
e09947b5 | 1325 | |
ab71156c | 1326 | /* |
a7507436 KZ |
1327 | * Initialize the supplementary group list. This should be done before |
1328 | * pam_setcred because the PAM modules might add groups during | |
1329 | * pam_setcred. | |
1330 | * | |
1331 | * For root we don't call initgroups, instead we call setgroups with | |
1332 | * group 0. This avoids the need to step through the whole group file, | |
1333 | * which can cause problems if NIS, NIS+, LDAP or something similar | |
1334 | * is used and the machine has network problems. | |
ab71156c | 1335 | */ |
a7507436 KZ |
1336 | retcode = pwd->pw_uid ? initgroups(cxt.username, pwd->pw_gid) : /* user */ |
1337 | setgroups(0, NULL); /* root */ | |
1338 | if (retcode < 0) { | |
1339 | syslog(LOG_ERR, _("groups initialization failed: %m")); | |
ab71156c | 1340 | warnx(_("\nSession setup problem, abort.")); |
4ab0df0a | 1341 | pam_end(cxt.pamh, PAM_SYSTEM_ERR); |
f950752b | 1342 | sleepexit(EXIT_FAILURE); |
ab71156c KZ |
1343 | } |
1344 | ||
59a184d9 KZ |
1345 | /* |
1346 | * Open PAM session (after successful authentication and account check) | |
1347 | */ | |
1348 | loginpam_session(&cxt); | |
e09947b5 | 1349 | |
ab71156c KZ |
1350 | /* committed to login -- turn off timeout */ |
1351 | alarm((unsigned int)0); | |
1352 | ||
1353 | endpwent(); | |
1354 | ||
918b1a9d | 1355 | cxt.quiet = get_hushlogin_status(pwd); |
e09947b5 | 1356 | |
6e3bc8a6 | 1357 | log_utmp(&cxt); |
67e70761 | 1358 | log_audit(&cxt, 1); |
3761d0bb | 1359 | log_lastlog(&cxt); |
e09947b5 | 1360 | |
ff0392a0 | 1361 | chown_tty(&cxt); |
ab71156c | 1362 | |
ab71156c KZ |
1363 | if (setgid(pwd->pw_gid) < 0 && pwd->pw_gid) { |
1364 | syslog(LOG_ALERT, _("setgid() failed")); | |
1365 | exit(EXIT_FAILURE); | |
6dbe3af9 | 1366 | } |
5c36a0eb | 1367 | |
c6f23b3b | 1368 | if (pwd->pw_shell == NULL || *pwd->pw_shell == '\0') |
ab71156c | 1369 | pwd->pw_shell = _PATH_BSHELL; |
e09947b5 | 1370 | |
516b00c4 | 1371 | init_environ(&cxt); /* init $HOME, $TERM ... */ |
ab71156c | 1372 | |
3eb8b797 | 1373 | setproctitle("login", cxt.username); |
ab71156c | 1374 | |
516b00c4 | 1375 | log_syslog(&cxt); |
ab71156c | 1376 | |
3761d0bb | 1377 | if (!cxt.quiet) { |
ab71156c KZ |
1378 | motd(); |
1379 | ||
1380 | #ifdef LOGIN_STAT_MAIL | |
1381 | /* | |
1382 | * This turns out to be a bad idea: when the mail spool | |
1383 | * is NFS mounted, and the NFS connection hangs, the | |
1384 | * login hangs, even root cannot login. | |
1385 | * Checking for mail should be done from the shell. | |
1386 | */ | |
1387 | { | |
1388 | struct stat st; | |
1389 | char *mail; | |
1390 | ||
1391 | mail = getenv("MAIL"); | |
1392 | if (mail && stat(mail, &st) == 0 && st.st_size != 0) { | |
1393 | if (st.st_mtime > st.st_atime) | |
1394 | printf(_("You have new mail.\n")); | |
1395 | else | |
1396 | printf(_("You have mail.\n")); | |
1397 | } | |
1398 | } | |
d162fcb5 | 1399 | #endif |
ab71156c KZ |
1400 | } |
1401 | ||
ab71156c | 1402 | /* |
a169a454 KZ |
1403 | * Detach the controlling terminal, fork() and create, new session |
1404 | * and reinilizalize syslog stuff. | |
ab71156c | 1405 | */ |
a169a454 | 1406 | fork_session(&cxt); |
ab71156c KZ |
1407 | |
1408 | /* discard permissions last so can't get killed and drop core */ | |
1409 | if (setuid(pwd->pw_uid) < 0 && pwd->pw_uid) { | |
1410 | syslog(LOG_ALERT, _("setuid() failed")); | |
1411 | exit(EXIT_FAILURE); | |
1412 | } | |
1413 | ||
1414 | /* wait until here to change directory! */ | |
1415 | if (chdir(pwd->pw_dir) < 0) { | |
1416 | warn(_("%s: change directory failed"), pwd->pw_dir); | |
91d0a913 KZ |
1417 | |
1418 | if (!getlogindefs_bool("DEFAULT_HOME", 1)) | |
1419 | exit(0); | |
ab71156c KZ |
1420 | if (chdir("/")) |
1421 | exit(EXIT_FAILURE); | |
1422 | pwd->pw_dir = "/"; | |
1423 | printf(_("Logging in with home = \"/\".\n")); | |
1424 | } | |
1425 | ||
1426 | /* if the shell field has a space: treat it like a shell script */ | |
1427 | if (strchr(pwd->pw_shell, ' ')) { | |
1428 | buff = xmalloc(strlen(pwd->pw_shell) + 6); | |
1429 | ||
1430 | strcpy(buff, "exec "); | |
1431 | strcat(buff, pwd->pw_shell); | |
1432 | childArgv[childArgc++] = "/bin/sh"; | |
1433 | childArgv[childArgc++] = "-sh"; | |
1434 | childArgv[childArgc++] = "-c"; | |
1435 | childArgv[childArgc++] = buff; | |
1436 | } else { | |
cbbd5185 KZ |
1437 | char tbuf[PATH_MAX + 2], *p; |
1438 | ||
ab71156c KZ |
1439 | tbuf[0] = '-'; |
1440 | xstrncpy(tbuf + 1, ((p = strrchr(pwd->pw_shell, '/')) ? | |
1441 | p + 1 : pwd->pw_shell), sizeof(tbuf) - 1); | |
1442 | ||
1443 | childArgv[childArgc++] = pwd->pw_shell; | |
2f228f8c | 1444 | childArgv[childArgc++] = xstrdup(tbuf); |
ab71156c KZ |
1445 | } |
1446 | ||
1447 | childArgv[childArgc++] = NULL; | |
1448 | ||
1449 | execvp(childArgv[0], childArgv + 1); | |
1450 | ||
1451 | if (!strcmp(childArgv[0], "/bin/sh")) | |
1452 | warn(_("couldn't exec shell script")); | |
1453 | else | |
1454 | warn(_("no shell")); | |
1455 | ||
1456 | exit(EXIT_SUCCESS); | |
6dbe3af9 KZ |
1457 | } |
1458 | ||
df1dddf9 | 1459 |