]>
git.ipfire.org Git - thirdparty/util-linux.git/blob - login-utils/logindefs.c
07a977660bbbc5e85a0d9ba6bb7e7c2b85c1d75e
2 * Copyright (C) 2003, 2004, 2005 Thorsten Kukuk
3 * Author: Thorsten Kukuk <kukuk@suse.de>
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain any existing copyright
10 * notice, and this entire permission notice in its entirety,
11 * including the disclaimer of warranties.
13 * 2. Redistributions in binary form must reproduce all prior and current
14 * copyright notices, this list of conditions, and the following
15 * disclaimer in the documentation and/or other materials provided
16 * with the distribution.
18 * 3. The name of any author may not be used to endorse or promote
19 * products derived from this software without their specific prior
29 #include <sys/syslog.h>
31 #include <sys/types.h>
35 #include "closestream.h"
36 #include "logindefs.h"
38 #include "pathnames.h"
42 char *name
; /* name of the option. */
43 char *value
; /* value of the option. */
44 char *path
; /* name of config file for this option. */
46 struct item
*next
; /* pointer to next option. */
49 static struct item
*list
= NULL
;
51 static void (*logindefs_loader
)(void *) = NULL
;
52 static void *logindefs_loader_data
= NULL
;
54 void free_getlogindefs_data(void)
60 struct item
*tmp
= ptr
->next
;
72 static void store(const char *name
, const char *value
, const char *path
)
74 struct item
*new = xmalloc(sizeof(struct item
));
79 new->name
= xstrdup(name
);
80 new->value
= value
&& *value
? xstrdup(value
) : NULL
;
81 new->path
= xstrdup(path
);
86 void logindefs_load_file(const char *filename
)
91 f
= fopen(filename
, "r");
95 while (fgets(buf
, sizeof(buf
), f
)) {
97 char *p
, *name
, *data
= NULL
;
99 if (*buf
== '#' || *buf
== '\n')
100 continue; /* only comment or empty line */
102 p
= strchr(buf
, '#');
106 size_t n
= strlen(buf
);
107 if (n
&& *(buf
+ n
- 1) == '\n')
108 *(buf
+ n
- 1) = '\0';
112 continue; /* empty line */
114 /* ignore space at begin of the line */
116 while (*name
&& isspace((unsigned)*name
))
119 /* go to the end of the name */
121 while (*data
&& !(isspace((unsigned)*data
) || *data
== '='))
123 if (data
> name
&& *data
)
126 if (!*name
|| data
== name
)
129 /* go to the begin of the value */
131 && (isspace((unsigned)*data
) || *data
== '='
135 /* remove space at the end of the value */
136 p
= data
+ strlen(data
);
139 while (p
> data
&& (isspace((unsigned)*p
) || *p
== '"'))
142 store(name
, data
, filename
);
148 void logindefs_set_loader(void (*loader
)(void *data
), void *data
)
150 logindefs_loader
= loader
;
151 logindefs_loader_data
= data
;
154 static void load_defaults(void)
156 if (logindefs_loader
)
157 logindefs_loader(logindefs_loader_data
);
159 logindefs_load_file(_PATH_LOGINDEFS
);
162 static struct item
*search(const char *name
)
170 while (ptr
!= NULL
) {
171 if (strcasecmp(name
, ptr
->name
) == 0)
179 static const char *search_config(const char *name
)
184 while (ptr
!= NULL
) {
185 if (strcasecmp(name
, ptr
->name
) == 0)
193 int getlogindefs_bool(const char *name
, int dflt
)
195 struct item
*ptr
= search(name
);
196 return ptr
&& ptr
->value
? (strcasecmp(ptr
->value
, "yes") == 0) : dflt
;
199 unsigned long getlogindefs_num(const char *name
, unsigned long dflt
)
201 struct item
*ptr
= search(name
);
203 unsigned long retval
;
205 if (!ptr
|| !ptr
->value
)
209 retval
= strtoul(ptr
->value
, &end
, 0);
210 if (end
&& *end
== '\0' && !errno
)
213 syslog(LOG_NOTICE
, _("%s: %s contains invalid numerical value: %s"),
214 search_config(name
), name
, ptr
->value
);
220 * @dflt if @name not found
221 * "" (empty string) if found, but value not defined
224 const char *getlogindefs_str(const char *name
, const char *dflt
)
226 struct item
*ptr
= search(name
);
236 * For compatibility with shadow-utils we have to support additional
237 * syntax for environment variables in login.defs(5) file. The standard
242 * but shadow-utils supports also
246 * the FOO= prefix has to be remove before we call setenv().
248 int logindefs_setenv(const char *name
, const char *conf
, const char *dflt
)
250 const char *val
= getlogindefs_str(conf
, dflt
);
256 p
= strchr(val
, '=');
258 size_t sz
= strlen(name
);
260 if (strncmp(val
, name
, sz
) == 0 && *(p
+ 1)) {
269 return val
? setenv(name
, val
, 1) : -1;
273 * We need to check the effective UID/GID. For example, $HOME could be on a
274 * root-squashed NFS or on an NFS with UID mapping, and access(2) uses the
275 * real UID/GID. Then open(2) seems as the surest solution.
276 * -- kzak@redhat.com (10-Apr-2009)
278 int effective_access(const char *path
, int mode
)
280 int fd
= open(path
, mode
);
283 return fd
== -1 ? -1 : 0;
288 * Check the per-account or the global hush-login setting.
290 * Hushed mode is enabled:
292 * a) if a global (e.g. /etc/hushlogins) hush file exists:
293 * 1) for ALL ACCOUNTS if the file is empty
294 * 2) for the current user if the username or shell is found in the file
296 * b) if a ~/.hushlogin file exists
298 * The ~/.hushlogin file is ignored if the global hush file exists.
300 * The HUSHLOGIN_FILE login.def variable overrides the default hush filename.
302 * Note that shadow-utils login(1) does not support "a1)". The "a1)" is
303 * necessary if you want to use PAM for "Last login" message.
305 * -- Karel Zak <kzak@redhat.com> (26-Aug-2011)
308 * The per-account check requires some explanation: As root we may not be able
309 * to read the directory of the user if it is on an NFS-mounted filesystem. We
310 * temporarily set our effective uid to the user-uid, making sure that we keep
311 * root privileges in the real uid.
313 * A portable solution would require a fork(), but we rely on Linux having the
317 int get_hushlogin_status(struct passwd
*pwd
, int force_check
)
319 const char *files
[] = { _PATH_HUSHLOGINS
, _PATH_HUSHLOGIN
, NULL
};
324 file
= getlogindefs_str("HUSHLOGIN_FILE", NULL
);
327 return 0; /* empty HUSHLOGIN_FILE defined */
333 for (i
= 0; files
[i
]; i
++) {
338 /* global hush-file */
343 if (stat(file
, &st
) != 0)
344 continue; /* file does not exist */
347 return 1; /* for all accounts */
349 f
= fopen(file
, "r");
351 continue; /* ignore errors... */
353 while (ok
== 0 && fgets(buf
, sizeof(buf
), f
)) {
355 buf
[strlen(buf
) - 1] = '\0';
356 ok
= !strcmp(buf
, *buf
== '/' ? pwd
->pw_shell
:
361 return 1; /* found username/shell */
363 return 0; /* ignore per-account files */
366 /* per-account setting */
367 if (strlen(pwd
->pw_dir
) + sizeof(file
) + 2 > sizeof(buf
))
370 sprintf(buf
, "%s/%s", pwd
->pw_dir
, file
);
373 uid_t ruid
= getuid();
374 gid_t egid
= getegid();
376 if (setregid(-1, pwd
->pw_gid
) == 0 &&
377 setreuid(0, pwd
->pw_uid
) == 0)
378 ok
= effective_access(buf
, O_RDONLY
) == 0;
380 if (setuid(0) != 0 ||
381 setreuid(ruid
, 0) != 0 ||
382 setregid(-1, egid
) != 0) {
383 syslog(LOG_ALERT
, _("hush login status: restore original IDs failed"));
387 return 1; /* enabled by user */
391 rc
= effective_access(buf
, O_RDONLY
);
394 else if (rc
== -1 && errno
== EACCES
)
403 int main(int argc
, char *argv
[])
406 atexit(close_stdout
);
409 errx(EXIT_FAILURE
, "usage: %s <filename> "
410 "[<str|num|bool> <valname>]", argv
[0]);
412 logindefs_load_file(argv
[1]);
414 if (argc
!= 4) { /* list all */
417 for (ptr
= list
; ptr
; ptr
= ptr
->next
)
418 printf("%s: $%s: '%s'\n", ptr
->path
, ptr
->name
,
427 if (strcmp(type
, "str") == 0)
428 printf("$%s: '%s'\n", name
, getlogindefs_str(name
, "DEFAULT"));
429 else if (strcmp(type
, "num") == 0)
430 printf("$%s: '%ld'\n", name
, getlogindefs_num(name
, 0));
431 else if (strcmp(type
, "bool") == 0)
432 printf("$%s: '%s'\n", name
,
433 getlogindefs_bool(name
, 0) ? "Y" : "N");