const char *tty_name; /* tty_path without /dev prefix */
const char *tty_number; /* end of the tty_path */
+ char *username; /* from command line or PAM */
+
#ifdef LOGIN_CHOWN_VCS
char vcsn[VCS_PATH_MAX]; /* virtual console name */
char vcsan[VCS_PATH_MAX];
struct passwd *pwd;
static struct passwd pwdcopy;
-static char *username;
static void timedout(int);
static void sigint(int);
* The most common login failure is to give password instead of username.
*/
static void
-logbtmp(struct login_context *cxt, const char *username)
+logbtmp(struct login_context *cxt)
{
struct utmp ut;
struct timeval tv;
memset(&ut, 0, sizeof(ut));
- strncpy(ut.ut_user, username ? username : "(unknown)",
+ strncpy(ut.ut_user,
+ cxt->username ? cxt->username : "(unknown)",
sizeof(ut.ut_user));
if (cxt->tty_number)
gethostname(tbuf, sizeof(tbuf));
domain = strchr(tbuf, '.');
- username = NULL;
fflag = hflag = pflag = 0;
passwd_req = 1;
if (*argv) {
char *p = *argv;
- username = strdup(p);
+ cxt.username = strdup(p);
/* wipe name - some people mistype their password here */
/* (of course we are too late, but perhaps this helps a little ..) */
* Therefore, we are safe not setting it to anything
*/
- retcode = pam_start(hflag ? "remote" : "login", username, &conv, &pamh);
+ retcode = pam_start(hflag ? "remote" : "login", cxt.username, &conv, &pamh);
if (retcode != PAM_SUCCESS) {
warnx(_("PAM failure, aborting: %s"),
pam_strerror(pamh, retcode));
if (is_pam_failure(retcode))
loginpam_err(pamh, retcode);
- if (username) {
- /* we need't the original username. We have to follow PAM. */
- free(username);
- username = NULL;
- }
+ /* we need't the original username. We have to follow PAM. */
+ free(cxt.username);
+ cxt.username = NULL;
/* if fflag == 1, then the user has already been authenticated */
if (fflag && (getuid() == 0))
int failcount = 0;
/* if we didn't get a user on the command line, set it to NULL */
- loginpam_get_username(pamh, &username);
+ loginpam_get_username(pamh, &cxt.username);
/* there may be better ways to deal with some of these
conditions, but at least this way I don't think we'll
(retcode == PAM_USER_UNKNOWN) ||
(retcode == PAM_CRED_INSUFFICIENT) ||
(retcode == PAM_AUTHINFO_UNAVAIL))) {
- loginpam_get_username(pamh, &username);
+ loginpam_get_username(pamh, &cxt.username);
syslog(LOG_NOTICE,
_("FAILED LOGIN %d FROM %s FOR %s, %s"),
- failcount, cxt.hostname, username, pam_strerror(pamh,
+ failcount, cxt.hostname, cxt.username, pam_strerror(pamh,
retcode));
- logbtmp(&cxt, username);
- logaudit(cxt.tty_name, username, cxt.hostname, NULL, 0);
+ logbtmp(&cxt);
+ logaudit(cxt.tty_name, cxt.username, cxt.hostname, NULL, 0);
fprintf(stderr, _("Login incorrect\n\n"));
pam_set_item(pamh, PAM_USER, NULL);
}
if (is_pam_failure(retcode)) {
- loginpam_get_username(pamh, &username);
+ loginpam_get_username(pamh, &cxt.username);
if (retcode == PAM_MAXTRIES)
syslog(LOG_NOTICE,
_
("TOO MANY LOGIN TRIES (%d) FROM %s FOR "
"%s, %s"), failcount, cxt.hostname,
- username, pam_strerror(pamh, retcode));
+ cxt.username, pam_strerror(pamh, retcode));
else
syslog(LOG_NOTICE,
_
("FAILED LOGIN SESSION FROM %s FOR %s, %s"),
- cxt.hostname, username, pam_strerror(pamh,
+ cxt.hostname, cxt.username, pam_strerror(pamh,
retcode));
- logbtmp(&cxt, username);
- logaudit(cxt.tty_name, username, cxt.hostname, NULL, 0);
+ logbtmp(&cxt);
+ logaudit(cxt.tty_name, cxt.username, cxt.hostname, NULL, 0);
fprintf(stderr, _("\nLogin incorrect\n"));
pam_end(pamh, retcode);
* Grab the user information out of the password file for future usage
* First get the username that we are actually using, though.
*/
- retcode = loginpam_get_username(pamh, &username);
+ retcode = loginpam_get_username(pamh, &cxt.username);
if (is_pam_failure(retcode))
loginpam_err(pamh, retcode);
- if (!username || !*username) {
+ if (!cxt.username || !*cxt.username) {
warnx(_("\nSession setup problem, abort."));
syslog(LOG_ERR, _("NULL user name in %s:%d. Abort."),
__FUNCTION__, __LINE__);
pam_end(pamh, PAM_SYSTEM_ERR);
exit(EXIT_FAILURE);
}
- if (!(pwd = getpwnam(username))) {
+ if (!(pwd = getpwnam(cxt.username))) {
warnx(_("\nSession setup problem, abort."));
syslog(LOG_ERR, _("Invalid user name \"%s\" in %s:%d. Abort."),
- username, __FUNCTION__, __LINE__);
+ cxt.username, __FUNCTION__, __LINE__);
pam_end(pamh, PAM_SYSTEM_ERR);
exit(EXIT_FAILURE);
}
pam_end(pamh, PAM_SYSTEM_ERR);
exit(EXIT_FAILURE);
}
- username = pwd->pw_name;
+ cxt.username = pwd->pw_name;
/*
* Initialize the supplementary group list.
* This should be done before pam_setcred because
* the PAM modules might add groups during pam_setcred.
*/
- if (initgroups(username, pwd->pw_gid) < 0) {
+ if (initgroups(cxt.username, pwd->pw_gid) < 0) {
syslog(LOG_ERR, "initgroups: %m");
warnx(_("\nSession setup problem, abort."));
pam_end(pamh, PAM_SYSTEM_ERR);
if (ut.ut_id[0] == 0)
strncpy(ut.ut_id, cxt.tty_number, sizeof(ut.ut_id));
- strncpy(ut.ut_user, username, sizeof(ut.ut_user));
+ strncpy(ut.ut_user, cxt.username, sizeof(ut.ut_user));
xstrncpy(ut.ut_line, cxt.tty_name, sizeof(ut.ut_line));
#ifdef _HAVE_UT_TV /* in <utmpbits.h> included by <utmp.h> */
gettimeofday(&tv, NULL);
#endif
}
- logaudit(cxt.tty_name, username, cxt.hostname, pwd, 1);
+ logaudit(cxt.tty_name, cxt.username, cxt.hostname, pwd, 1);
dolastlog(&cxt, quietlog);
if (fchown(0, pwd->pw_uid,
}
}
- setproctitle("login", username);
+ setproctitle("login", cxt.username);
if (!strncmp(cxt.tty_name, "ttyS", 4))
syslog(LOG_INFO, _("DIALUP AT %s BY %s"), cxt.tty_name,
projects / thirdparty / util-linux.git / commitdiff
