/* * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "login_locl.h" #ifdef HAVE_CAPABILITY_H #include #endif #ifdef HAVE_SYS_CAPABILITY_H #include #endif RCSID("$Id: login.c,v 1.59 2003/03/24 15:57:10 joda Exp $"); static int login_timeout = 60; static int start_login_process(void) { char *prog, *argv0; prog = login_conf_get_string("login_program"); if(prog == NULL) return 0; argv0 = strrchr(prog, '/'); if(argv0) argv0++; else argv0 = prog; return simple_execle(prog, argv0, NULL, env); } static int start_logout_process(void) { char *prog, *argv0; pid_t pid; prog = login_conf_get_string("logout_program"); if(prog == NULL) return 0; argv0 = strrchr(prog, '/'); if(argv0) argv0++; else argv0 = prog; pid = fork(); if(pid == 0) { /* avoid getting signals sent to the shell */ setpgid(0, getpid()); return 0; } if(pid == -1) err(1, "fork"); /* wait for the real login process to exit */ #ifdef HAVE_SETPROCTITLE setproctitle("waitpid %d", pid); #endif while(1) { int status; int ret; ret = waitpid(pid, &status, 0); if(ret > 0) { if(WIFEXITED(status) || WIFSIGNALED(status)) { execle(prog, argv0, NULL, env); err(1, "exec %s", prog); } } else if(ret < 0) err(1, "waitpid"); } } static void exec_shell(const char *shell, int fallback) { char *sh; const char *p; extend_env(NULL); if(start_login_process() < 0) warn("login process"); start_logout_process(); p = strrchr(shell, '/'); if(p) p++; else p = shell; asprintf(&sh, "-%s", p); execle(shell, sh, NULL, env); if(fallback){ warnx("Can't exec %s, trying %s", shell, _PATH_BSHELL); execle(_PATH_BSHELL, "-sh", NULL, env); err(1, "%s", _PATH_BSHELL); } err(1, "%s", shell); } static enum { NONE = 0, AUTH_KRB4 = 1, AUTH_KRB5 = 2, AUTH_OTP = 3 } auth; #ifdef OTP static OtpContext otp_ctx; static int otp_verify(struct passwd *pwd, const char *password) { return (otp_verify_user (&otp_ctx, password)); } #endif /* OTP */ static int pag_set = 0; #ifdef KRB5 static krb5_context context; static krb5_ccache id, id2; static int krb5_verify(struct passwd *pwd, const char *password) { krb5_error_code ret; krb5_principal princ; ret = krb5_parse_name(context, pwd->pw_name, &princ); if(ret) return 1; ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &id); if(ret) { krb5_free_principal(context, princ); return 1; } ret = krb5_verify_user_lrealm(context, princ, id, password, 1, NULL); krb5_free_principal(context, princ); return ret; } #ifdef KRB4 static krb5_error_code krb5_to4 (krb5_ccache id) { krb5_error_code ret; krb5_principal princ; int get_v4_tgt; get_v4_tgt = krb5_config_get_bool(context, NULL, "libdefaults", "krb4_get_tickets", NULL); ret = krb5_cc_get_principal(context, id, &princ); if (ret == 0) { get_v4_tgt = krb5_config_get_bool_default(context, NULL, get_v4_tgt, "realms", *krb5_princ_realm(context, princ), "krb4_get_tickets", NULL); krb5_free_principal(context, princ); } if (get_v4_tgt) { CREDENTIALS c; krb5_creds mcred, cred; char krb4tkfile[MAXPATHLEN]; krb5_error_code ret; krb5_principal princ; ret = krb5_cc_get_principal (context, id, &princ); if (ret) return ret; ret = krb5_make_principal(context, &mcred.server, princ->realm, "krbtgt", princ->realm, NULL); krb5_free_principal (context, princ); if (ret) return ret; ret = krb5_cc_retrieve_cred(context, id, 0, &mcred, &cred); if(ret == 0) { ret = krb524_convert_creds_kdc_ccache(context, id, &cred, &c); if(ret == 0) { snprintf(krb4tkfile,sizeof(krb4tkfile),"%s%d",TKT_ROOT, getuid()); krb_set_tkt_string(krb4tkfile); tf_setup(&c, c.pname, c.pinst); } memset(&c, 0, sizeof(c)); krb5_free_creds_contents(context, &cred); } krb5_free_principal(context, mcred.server); } return 0; } #endif /* KRB4 */ static int krb5_start_session (const struct passwd *pwd) { krb5_error_code ret; char residual[64]; /* copy credentials to file cache */ snprintf(residual, sizeof(residual), "FILE:/tmp/krb5cc_%u", (unsigned)pwd->pw_uid); krb5_cc_resolve(context, residual, &id2); ret = krb5_cc_copy_cache(context, id, id2); if (ret == 0) add_env("KRB5CCNAME", residual); else { krb5_cc_destroy (context, id2); return ret; } #ifdef KRB4 krb5_to4 (id2); #endif krb5_cc_close(context, id2); krb5_cc_destroy(context, id); return 0; } static void krb5_finish (void) { krb5_free_context(context); } static void krb5_get_afs_tokens (const struct passwd *pwd) { char cell[64]; char *pw_dir; krb5_error_code ret; if (!k_hasafs ()) return; ret = krb5_cc_default(context, &id2); if (ret == 0) { pw_dir = pwd->pw_dir; if (!pag_set) { k_setpag(); pag_set = 1; } if(k_afs_cell_of_file(pw_dir, cell, sizeof(cell)) == 0) krb5_afslog_uid_home (context, id2, cell, NULL, pwd->pw_uid, pwd->pw_dir); krb5_afslog_uid_home (context, id2, NULL, NULL, pwd->pw_uid, pwd->pw_dir); krb5_cc_close (context, id2); } } #endif /* KRB5 */ #ifdef KRB4 static int krb4_verify(struct passwd *pwd, const char *password) { char lrealm[REALM_SZ]; int ret; char ticket_file[MaxPathLen]; ret = krb_get_lrealm (lrealm, 1); if (ret) return 1; snprintf (ticket_file, sizeof(ticket_file), "%s%u_%u", TKT_ROOT, (unsigned)pwd->pw_uid, (unsigned)getpid()); krb_set_tkt_string (ticket_file); ret = krb_verify_user (pwd->pw_name, "", lrealm, (char *)password, KRB_VERIFY_SECURE_FAIL, NULL); if (ret) return 1; if (chown (ticket_file, pwd->pw_uid, pwd->pw_gid) < 0) { dest_tkt(); return 1; } add_env ("KRBTKFILE", ticket_file); return 0; } static void krb4_get_afs_tokens (const struct passwd *pwd) { char cell[64]; char *pw_dir; if (!k_hasafs ()) return; pw_dir = pwd->pw_dir; if (!pag_set) { k_setpag(); pag_set = 1; } if(k_afs_cell_of_file(pw_dir, cell, sizeof(cell)) == 0) krb_afslog_uid_home (cell, NULL, pwd->pw_uid, pwd->pw_dir); krb_afslog_uid_home (NULL, NULL, pwd->pw_uid, pwd->pw_dir); } #endif /* KRB4 */ static int f_flag; static int p_flag; #if 0 static int r_flag; #endif static int version_flag; static int help_flag; static char *remote_host; static char *auth_level = NULL; struct getargs args[] = { { NULL, 'a', arg_string, &auth_level, "authentication mode" }, #if 0 { NULL, 'd' }, #endif { NULL, 'f', arg_flag, &f_flag, "pre-authenticated" }, { NULL, 'h', arg_string, &remote_host, "remote host", "hostname" }, { NULL, 'p', arg_flag, &p_flag, "don't purge environment" }, #if 0 { NULL, 'r', arg_flag, &r_flag, "rlogin protocol" }, #endif { "version", 0, arg_flag, &version_flag }, { "help", 0, arg_flag,&help_flag, } }; int nargs = sizeof(args) / sizeof(args[0]); static void update_utmp(const char *username, const char *hostname, char *tty, char *ttyn) { /* * Update the utmp files, both BSD and SYSV style. */ if (utmpx_login(tty, username, hostname) != 0 && !f_flag) { printf("No utmpx entry. You must exec \"login\" from the " "lowest level shell.\n"); exit(1); } utmp_login(ttyn, username, hostname); } static void checknologin(void) { FILE *f; char buf[1024]; f = fopen(_PATH_NOLOGIN, "r"); if(f == NULL) return; while(fgets(buf, sizeof(buf), f)) fputs(buf, stdout); fclose(f); exit(0); } /* print contents of a file */ static void show_file(const char *file) { FILE *f; char buf[BUFSIZ]; if((f = fopen(file, "r")) == NULL) return; while (fgets(buf, sizeof(buf), f)) fputs(buf, stdout); fclose(f); } /* * Actually log in the user. `pwd' contains all the relevant * information about the user. `ttyn' is the complete name of the tty * and `tty' the short name. */ static void do_login(const struct passwd *pwd, char *tty, char *ttyn) { #ifdef HAVE_GETSPNAM struct spwd *sp; #endif int rootlogin = (pwd->pw_uid == 0); gid_t tty_gid; struct group *gr; const char *home_dir; int i; if(!rootlogin) checknologin(); #ifdef HAVE_GETSPNAM sp = getspnam(pwd->pw_name); #endif update_utmp(pwd->pw_name, remote_host ? remote_host : "", tty, ttyn); gr = getgrnam ("tty"); if (gr != NULL) tty_gid = gr->gr_gid; else tty_gid = pwd->pw_gid; if (chown (ttyn, pwd->pw_uid, tty_gid) < 0) { warn("chown %s", ttyn); if (rootlogin == 0) exit (1); } if (chmod (ttyn, S_IRUSR | S_IWUSR | S_IWGRP) < 0) { warn("chmod %s", ttyn); if (rootlogin == 0) exit (1); } #ifdef HAVE_SETLOGIN if(setlogin(pwd->pw_name)){ warn("setlogin(%s)", pwd->pw_name); if(rootlogin == 0) exit(1); } #endif #ifdef HAVE_SETPCRED if (setpcred (pwd->pw_name, NULL) == -1) warn("setpcred(%s)", pwd->pw_name); #endif /* HAVE_SETPCRED */ #ifdef HAVE_INITGROUPS if(initgroups(pwd->pw_name, pwd->pw_gid)){ warn("initgroups(%s, %u)", pwd->pw_name, (unsigned)pwd->pw_gid); if(rootlogin == 0) exit(1); } #endif if(do_osfc2_magic(pwd->pw_uid)) exit(1); if(setgid(pwd->pw_gid)){ warn("setgid(%u)", (unsigned)pwd->pw_gid); if(rootlogin == 0) exit(1); } if(setuid(pwd->pw_uid) || (pwd->pw_uid != 0 && setuid(0) == 0)) { warn("setuid(%u)", (unsigned)pwd->pw_uid); if(rootlogin == 0) exit(1); } /* make sure signals are set to default actions, apparently some OS:es like to ignore SIGINT, which is not very convenient */ for (i = 1; i < NSIG; ++i) signal(i, SIG_DFL); /* all kinds of different magic */ #ifdef HAVE_GETSPNAM check_shadow(pwd, sp); #endif #if defined(HAVE_GETUDBNAM) && defined(HAVE_SETLIM) { struct udb *udb; long t; const long maxcpu = 46116860184; /* some random constant */ udb = getudbnam(pwd->pw_name); if(udb == UDB_NULL) errx(1, "Failed to get UDB entry."); t = udb->ue_pcpulim[UDBRC_INTER]; if(t == 0 || t > maxcpu) t = CPUUNLIM; else t *= 100 * CLOCKS_PER_SEC; if(limit(C_PROC, 0, L_CPU, t) < 0) warn("limit C_PROC"); t = udb->ue_jcpulim[UDBRC_INTER]; if(t == 0 || t > maxcpu) t = CPUUNLIM; else t *= 100 * CLOCKS_PER_SEC; if(limit(C_JOBPROCS, 0, L_CPU, t) < 0) warn("limit C_JOBPROCS"); nice(udb->ue_nice[UDBRC_INTER]); } #endif #if defined(HAVE_SGI_GETCAPABILITYBYNAME) && defined(HAVE_CAP_SET_PROC) /* XXX SGI capability hack IRIX 6.x (x >= 0?) has something called capabilities, that allow you to give away permissions (such as chown) to specific processes. From 6.5 this is default on, and the default capability set seems to not always be the empty set. The problem is that the runtime linker refuses to do just about anything if the process has *any* capabilities set, so we have to remove them here (unless otherwise instructed by /etc/capability). In IRIX < 6.5, these functions was called sgi_cap_setproc, etc, but we ignore this fact (it works anyway). */ { struct user_cap *ucap = sgi_getcapabilitybyname(pwd->pw_name); cap_t cap; if(ucap == NULL) cap = cap_from_text("all="); else cap = cap_from_text(ucap->ca_default); if(cap == NULL) err(1, "cap_from_text"); if(cap_set_proc(cap) < 0) err(1, "cap_set_proc"); cap_free(cap); free(ucap); } #endif home_dir = pwd->pw_dir; if (chdir(home_dir) < 0) { fprintf(stderr, "No home directory \"%s\"!\n", pwd->pw_dir); if (chdir("/")) exit(0); home_dir = "/"; fprintf(stderr, "Logging in with home = \"/\".\n"); } #ifdef KRB5 if (auth == AUTH_KRB5) { krb5_start_session (pwd); } #ifdef KRB4 else if (auth == 0) { krb5_error_code ret; krb5_ccache id; ret = krb5_cc_default (context, &id); if (ret == 0) { krb5_to4 (id); krb5_cc_close (context, id); } } #endif /* KRB4 */ krb5_get_afs_tokens (pwd); krb5_finish (); #endif /* KRB5 */ #ifdef KRB4 krb4_get_afs_tokens (pwd); #endif /* KRB4 */ add_env("PATH", _PATH_DEFPATH); { const char *str = login_conf_get_string("environment"); char buf[MAXPATHLEN]; if(str == NULL) { login_read_env(_PATH_ETC_ENVIRONMENT); } else { while(strsep_copy(&str, ",", buf, sizeof(buf)) != -1) { if(buf[0] == '\0') continue; login_read_env(buf); } } } { const char *str = login_conf_get_string("motd"); char buf[MAXPATHLEN]; if(str != NULL) { while(strsep_copy(&str, ",", buf, sizeof(buf)) != -1) { if(buf[0] == '\0') continue; show_file(buf); } } else { str = login_conf_get_string("welcome"); if(str != NULL) show_file(str); } } add_env("HOME", home_dir); add_env("USER", pwd->pw_name); add_env("LOGNAME", pwd->pw_name); add_env("SHELL", pwd->pw_shell); exec_shell(pwd->pw_shell, rootlogin); } static int check_password(struct passwd *pwd, const char *password) { if(pwd->pw_passwd == NULL) return 1; if(pwd->pw_passwd[0] == '\0'){ #ifdef ALLOW_NULL_PASSWORD return password[0] != '\0'; #else return 1; #endif } if(strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) == 0) return 0; #ifdef KRB5 if(krb5_verify(pwd, password) == 0) { auth = AUTH_KRB5; return 0; } #endif #ifdef KRB4 if (krb4_verify (pwd, password) == 0) { auth = AUTH_KRB4; return 0; } #endif #ifdef OTP if (otp_verify (pwd, password) == 0) { auth = AUTH_OTP; return 0; } #endif return 1; } static void usage(int status) { arg_printusage(args, nargs, NULL, "[username]"); exit(status); } static RETSIGTYPE sig_handler(int sig) { if (sig == SIGALRM) fprintf(stderr, "Login timed out after %d seconds\n", login_timeout); else fprintf(stderr, "Login received signal, exiting\n"); exit(0); } int main(int argc, char **argv) { int max_tries = 5; int try; char username[32]; int optind = 0; int ask = 1; struct sigaction sa; setprogname(argv[0]); #ifdef KRB5 { krb5_error_code ret; ret = krb5_init_context(&context); if (ret) errx (1, "krb5_init_context failed: %d", ret); } #endif openlog("login", LOG_ODELAY, LOG_AUTH); if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv, &optind)) usage (1); argc -= optind; argv += optind; if(help_flag) usage(0); if (version_flag) { print_version (NULL); return 0; } if (geteuid() != 0) errx(1, "only root may use login, use su"); /* Default tty settings. */ stty_default(); if(p_flag) copy_env(); else { /* this set of variables is always preserved by BSD login */ if(getenv("TERM")) add_env("TERM", getenv("TERM")); if(getenv("TZ")) add_env("TZ", getenv("TZ")); } if(*argv){ if(strchr(*argv, '=') == NULL && strcmp(*argv, "-") != 0){ strlcpy (username, *argv, sizeof(username)); ask = 0; } } #if defined(DCE) && defined(AIX) esetenv("AUTHSTATE", "DCE", 1); #endif /* XXX should we care about environment on the command line? */ memset(&sa, 0, sizeof(sa)); sa.sa_handler = sig_handler; sigemptyset(&sa.sa_mask); sa.sa_flags = 0; sigaction(SIGALRM, &sa, NULL); alarm(login_timeout); for(try = 0; try < max_tries; try++){ struct passwd *pwd; char password[128]; int ret; char ttname[32]; char *tty, *ttyn; char prompt[128]; #ifdef OTP char otp_str[256]; #endif if(ask){ f_flag = 0; #if 0 r_flag = 0; #endif ret = read_string("login: ", username, sizeof(username), 1); if(ret == -3) exit(0); if(ret == -2) sig_handler(0); /* exit */ } pwd = k_getpwnam(username); #ifdef ALLOW_NULL_PASSWORD if (pwd != NULL && (pwd->pw_passwd[0] == '\0')) { strcpy(password,""); } else #endif { #ifdef OTP if(auth_level && strcmp(auth_level, "otp") == 0 && otp_challenge(&otp_ctx, username, otp_str, sizeof(otp_str)) == 0) snprintf (prompt, sizeof(prompt), "%s's %s Password: ", username, otp_str); else #endif strncpy(prompt, "Password: ", sizeof(prompt)); if (f_flag == 0) { ret = read_string(prompt, password, sizeof(password), 0); if (ret == -3) { ask = 1; continue; } if (ret == -2) sig_handler(0); } } if(pwd == NULL){ fprintf(stderr, "Login incorrect.\n"); ask = 1; continue; } if(f_flag == 0 && check_password(pwd, password)){ fprintf(stderr, "Login incorrect.\n"); ask = 1; continue; } ttyn = ttyname(STDIN_FILENO); if(ttyn == NULL){ snprintf(ttname, sizeof(ttname), "%s??", _PATH_TTY); ttyn = ttname; } if (strncmp (ttyn, _PATH_DEV, strlen(_PATH_DEV)) == 0) tty = ttyn + strlen(_PATH_DEV); else tty = ttyn; if (login_access (pwd, remote_host ? remote_host : tty) == 0) { fprintf(stderr, "Permission denied\n"); if (remote_host) syslog(LOG_NOTICE, "%s LOGIN REFUSED FROM %s", pwd->pw_name, remote_host); else syslog(LOG_NOTICE, "%s LOGIN REFUSED ON %s", pwd->pw_name, tty); exit (1); } alarm(0); do_login(pwd, tty, ttyn); } exit(1); }