freebsd-dev/libexec/uucpd/uucpd.c
Eivind Eklund 5bd9ff610a Log username with password failure.
This has proved useful in real life installations.
1999-11-06 20:58:44 +00:00

268 lines
6.8 KiB
C

/*
* Copyright (c) 1985, 1993
* The Regents of the University of California. All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Rick Adams.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef lint
static const char copyright[] =
"@(#) Copyright (c) 1985, 1993\n\
The Regents of the University of California. All rights reserved.\n";
#endif /* not lint */
#ifndef lint
#if 0
static char sccsid[] = "@(#)uucpd.c 8.1 (Berkeley) 6/4/93";
#endif
static const char rcsid[] =
"$FreeBSD$";
#endif /* not lint */
/*
* 4.2BSD TCP/IP server for uucico
* uucico's TCP channel causes this server to be run at the remote end.
*/
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
#include <sys/param.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <errno.h>
#include <fcntl.h>
#include <netdb.h>
#include <pwd.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <syslog.h>
#include <time.h>
#include <unistd.h>
#include <utmp.h>
#include <sys/param.h>
#include "pathnames.h"
#if (MAXLOGNAME-1) > UT_NAMESIZE
#define LOGNAMESIZE UT_NAMESIZE
#else
#define LOGNAMESIZE (MAXLOGNAME-1)
#endif
#define SCPYN(a, b) strncpy(a, b, sizeof (a))
struct sockaddr_in hisctladdr;
int hisaddrlen = sizeof hisctladdr;
struct sockaddr_in myctladdr;
int mypid;
char Username[64], Logname[64];
char *nenv[] = {
Username,
Logname,
NULL,
};
extern char **environ;
extern void logwtmp(char *line, char *name, char *host);
void doit(struct sockaddr_in *sinp);
void dologout(void);
int readline(char start[], int num, int passw);
void dologin(struct passwd *pw, struct sockaddr_in *sin);
int main(int argc, char **argv)
{
environ = nenv;
close(1); close(2);
dup(0); dup(0);
hisaddrlen = sizeof (hisctladdr);
openlog("uucpd", LOG_PID, LOG_DAEMON);
if (getpeername(0, (struct sockaddr *)&hisctladdr, &hisaddrlen) < 0) {
syslog(LOG_ERR, "getpeername: %m");
_exit(1);
}
doit(&hisctladdr);
dologout();
exit(0);
}
void badlogin(char *name, struct sockaddr_in *sin)
{
char remotehost[MAXHOSTNAMELEN];
realhostname(remotehost, sizeof(remotehost) - 1, &sin->sin_addr);
remotehost[sizeof(remotehost) - 1] = '\0';
syslog(LOG_NOTICE, "LOGIN FAILURE FROM %s", remotehost);
syslog(LOG_AUTHPRIV|LOG_NOTICE,
"LOGIN FAILURE FROM %s, %s", remotehost, name);
fprintf(stderr, "Login incorrect.\n");
exit(1);
}
void doit(struct sockaddr_in *sinp)
{
char user[64], passwd[64];
char *xpasswd, *crypt();
struct passwd *pw;
pid_t s;
int pwdok =0;
alarm(60);
do {
printf("login: "); fflush(stdout);
errno = 0;
if (readline(user, sizeof user, 0) < 0) {
syslog(LOG_WARNING, "login read: %m");
_exit(1);
}
} while (user[0] == '\0');
/* truncate username to LOGNAMESIZE characters */
user[LOGNAMESIZE] = '\0';
pw = getpwnam(user);
/*
* Fail after password if:
* 1. Invalid user
* 2. Shell is not uucico
* 3. Account has expired
* 4. Password is incorrect
*/
if (pw != NULL && strcmp(pw->pw_shell, _PATH_UUCICO) == 0 &&
(!pw->pw_expire || time(NULL) >= pw->pw_expire))
pwdok = 1;
/* always ask for passwords to deter account guessing */
if (!pwdok || (pw->pw_passwd && *pw->pw_passwd != '\0')) {
printf("Password: "); fflush(stdout);
errno = 0;
if (readline(passwd, sizeof passwd, 1) < 0) {
syslog(LOG_WARNING, "passwd for '%s' read: %m", user);
_exit(1);
}
if (pwdok) {
xpasswd = crypt(passwd, pw->pw_passwd);
if (strcmp(xpasswd, pw->pw_passwd))
pwdok = 0;
}
if (!pwdok)
badlogin(user, sinp);
}
alarm(0);
sprintf(Username, "USER=%s", pw->pw_name);
sprintf(Logname, "LOGNAME=%s", pw->pw_name);
if ((s = fork()) < 0) {
syslog(LOG_ERR, "fork: %m");
_exit(1);
} else if (s == 0) {
dologin(pw, sinp);
setgid(pw->pw_gid);
initgroups(pw->pw_name, pw->pw_gid);
chdir(pw->pw_dir);
setuid(pw->pw_uid);
execl(pw->pw_shell, "uucico", NULL);
syslog(LOG_ERR, "execl: %m");
_exit(1);
}
}
int readline(char start[], int num, int passw)
{
char c;
register char *p = start;
register int n = num;
while (n-- > 0) {
if (read(0, &c, 1) <= 0)
return(-1);
c &= 0177;
if (c == '\n' || c == '\r' || c == '\0') {
if (p == start && passw) {
n++;
continue;
}
*p = '\0';
return(0);
}
if (c == 025) {
n = num;
p = start;
continue;
}
*p++ = c;
}
return(-1);
}
void dologout(void)
{
union wait status;
pid_t pid;
char line[32];
while ((pid=wait((int *)&status)) > 0) {
sprintf(line, "uucp%ld", (long)pid);
logwtmp(line, "", "");
}
}
/*
* Record login in wtmp file.
*/
void dologin(struct passwd *pw, struct sockaddr_in *sin)
{
char line[32];
char remotehost[UT_HOSTSIZE + 1];
int f;
time_t cur_time;
realhostname(remotehost, sizeof remotehost - 1, &sin->sin_addr);
remotehost[sizeof remotehost - 1] = '\0';
/* hack, but must be unique and no tty line */
sprintf(line, "uucp%ld", (long)getpid());
time(&cur_time);
if ((f = open(_PATH_LASTLOG, O_RDWR)) >= 0) {
struct lastlog ll;
ll.ll_time = cur_time;
lseek(f, (off_t)pw->pw_uid * sizeof(struct lastlog), L_SET);
SCPYN(ll.ll_line, line);
SCPYN(ll.ll_host, remotehost);
(void) write(f, (char *) &ll, sizeof ll);
(void) close(f);
}
logwtmp(line, pw->pw_name, remotehost);
}