diff --git a/.gitignore b/.gitignore index b4c71d5f5..51513a83f 100644 --- a/.gitignore +++ b/.gitignore @@ -101,8 +101,6 @@ asn1_*.[cx] /appl/kx/rxtelnet /appl/kx/rxterm /appl/kx/tenletxr -/appl/login/login -/appl/login/login-protos.h /appl/otp/otp /appl/otp/otpprint /appl/popper/pop_debug @@ -110,13 +108,7 @@ asn1_*.[cx] /appl/push/pfrom /appl/push/push /appl/rcp/rcp -/appl/rsh/limits_conf.c -/appl/rsh/login_access.c -/appl/rsh/rsh -/appl/rsh/rshd /appl/su/su -/appl/telnet/telnet/telnet -/appl/telnet/telnetd/telnetd /appl/test/gssapi_client /appl/test/gssapi_server /appl/test/http_client diff --git a/appl/Makefile.am b/appl/Makefile.am index dd96d8cca..6e8f9c84c 100644 --- a/appl/Makefile.am +++ b/appl/Makefile.am @@ -14,7 +14,6 @@ endif SUBDIRS = \ $(dir_afsutil) \ dbutils \ - login \ $(dir_otp) \ gssmask \ push \ diff --git a/appl/login/ChangeLog b/appl/login/ChangeLog deleted file mode 100644 index 68ab1d120..000000000 --- a/appl/login/ChangeLog +++ /dev/null @@ -1,366 +0,0 @@ -2008-04-15 Love Hörnquist Åstrand - - * utmp_login.c: Reorder to avoid prototype. - - * login_locl.h: If cygwin doesnt have WTMPX_FILE, it uses wtmp for - wtmpx http://www.cygwin.com/ml/cygwin/2006-12/msg00630.html - -2008-04-10 Love Hörnquist Åstrand - - * utmp_login.c: Remove utmp warning on mac os x - -2006-12-05 Love Hörnquist Åstrand - - * limits_conf.c: Clear errno before calling the strtol - functions. From Paul Stoeber to OpenBSD by Ray Lai and Björn - Sandell. - - * limits_conf.c: Report to syslog strings that start with NUL; - prevents negative index array access. Ray Lai of OpenBSD via Björn - Sandell. - -2006-10-07 Love Hörnquist Åstrand - - * Makefile.am: Add man_MANS to EXTRA_DIST - -2006-09-22 Love Hörnquist Åstrand - - * read_string.c: try to not call signaction for signal 0 and use - NSIG if it exists to determin how many signals there exists, also, - only restore those signalhandlers that we got out. - -2006-04-27 Love Hörnquist Åstrand - - * login_locl.h: Include "loginpaths.h" - - * loginpaths.h: Shared paths between login and rshd. - -2006-01-09 Johan Danielsson - - * login.c: log successful logins - -2005-08-08 Love Hörnquist Åstrand - - * login.c (do_login): only do krb4_get_afs_tokens if we have done - v4 authentication or done a 5to4 conversion of tickets. This is to - avoid delays on a realm that only support Kerberos 5 and drop - Kerberos 4 requests. - -2005-05-10 Dave Love - - * login.c: Include . - -2005-05-02 Dave Love - - * limits_conf.c: Check RLIMIT_MEMLOCK, not RLIMIT_LOCK. - -2005-04-28 Dave Love - - * limits_conf.c: Maybe include sys/resource.h. Use various - RLIMIT_ macros conditionally. For Solaris, Irix and Tru64. - -2005-04-22 Johan Danielsson - - * login.1: document limits.conf - - * Makefile.am: limits_conf.c - - * login_locl.h: template for limits.conf - - * login.c: read limits.conf (from /etc/security by default, - overridable in login.conf) - - * limits_conf.c: implement a parser for limits.conf - -2004-09-08 Johan Danielsson - - * login.c: use krb5_appdefault_boolean instead of - krb5_config_get_bool - -2003-09-03 Love Hörnquist Åstrand - - * login.c (krb5_to4): set client princ of the mcred - -2003-07-07 Love Hörnquist Åstrand - - * login.c (krb5_to4): use krb5_cc_clear_mcred - -2003-03-24 Johan Danielsson - - * Makefile.am: install man pages - - * login.1: manpage for login - - * login.c: allow "welcome" as well as "motd" in login.conf - - * login.access.5: login.access manual page - -2003-03-18 Love Hörnquist Åstrand - - * login.c: also need pag_set - * login.c: if there is kerberos 5, call krb5_afslog\* - -2002-08-23 Johan Danielsson - - * login.c: if motd is set in login.conf, output its contents - before starting the shell - -2002-02-27 Johan Danielsson - - * login.c: reset signals to default, needed on solaris 8 - -2002-02-19 Johan Danielsson - - * login_locl.h: include netgroup.h and rpcsvc/ypclnt.h - - * login.c: make this build without krb5 - -2001-09-22 Assar Westerlund - - * login_locl.h: kludge: use absolute path to find prot.h so we do - not get confused by athena's prot.h - -2001-09-17 Assar Westerlund - - * login.c (do_login): add setpcred - -2001-07-06 Assar Westerlund - - * login.c: move osf2c magic earlier. from Mark Davies - - -2001-06-19 Assar Westerlund - - * login.c (krb5_to4): dereference result from krb5_princ_realm. - noted by Thomas Nystrom - -2001-06-04 Assar Westerlund - - * update copyright messages on Wietse Venema's code. - -2001-05-31 Assar Westerlund - - * login.c (krb5_to4): look for [realms]krb4_get_tickets to - decide whether to get kerberos 4 tickets - -2001-02-08 Assar Westerlund - - * utmp_login.c, utmpx_login.c: try to write a useful string as - host in utmp, using the same algoritm as telnetd - -2001-01-29 Assar Westerlund - - * login.c: remove some krb5_free_context that might happen at - unappropriate times - -2000-12-31 Assar Westerlund - - * login.c (main): handle krb5_init_context failure consistently - -2000-12-11 Assar Westerlund - - * login.c (do_login): set the group on the tty. - (r_flag): comment out - * login.c (krb5_to4): always return a value - -2000-10-15 Assar Westerlund - - * login.c (krb5_to4): check another return code - -2000-08-22 Johan Danielsson - - * login.c (do_login): set PATH to something sane; - (start_logout_process): avoid getting signals sent to the parent - - * login_locl.h: _PATH_DEFPATH - -2000-07-01 Assar Westerlund - - * login.c (login_timeout): add back - -2000-06-28 Johan Danielsson - - * env.c: new file for environment related functions - - * login.c: move environment stuff to separate file, allow - specifying list of environment files via login.conf - -2000-06-21 Assar Westerlund - - * Makefile.am (LDADD): add otp - * login.c: add reading of /etc/environment. From Ake Sandgren - - add otp support. From Daniel Kouril - -2000-06-09 Assar Westerlund - - * login.c (do_login): work-around for setuid and capabilities bug - fixed in Linux 2.2.16 - -2000-04-09 Assar Westerlund - - * login.c: allow conversion of v5 -> v4 tickets when logging in - with forwarded tickets - -1999-11-09 Johan Danielsson - - * conf.c: remove case for not having cgetent, since it's in roken - -1999-11-05 Assar Westerlund - - * login.c (do_login): conditionalize shadow stuff on getspnam - -1999-10-30 Assar Westerlund - - * Makefile.am (login_DEPENDENCIES): remove, it's not entirely - correct and was causing problems with non-GNU make - -1999-10-28 Assar Westerlund - - * login.c (start_logout_proceess): don't examine `prog' before - setting it. - -1999-10-27 Assar Westerlund - - * login.c (do_login): chown and chmod the tty. some clean-up. - -1999-10-03 Assar Westerlund - - * login.c (krb5_start_session): correct the ccache to - krb524_convert_creds_kdc - -1999-09-28 Assar Westerlund - - * login.c (krb5_verify): use krb5_verify_user_lrealm - -1999-09-01 Johan Danielsson - - * login.c: SGI capability mumbo-jumbo - -1999-08-09 Johan Danielsson - - * login.c (start_logout_process): call setproctitle - - * login_locl.h: declare struct spwd - - * login.c: add support for starting extra processes at login and - logout; always preserve TERM and TZ - - * conf.c: add configuration file support - -1999-08-07 Assar Westerlund - - * shadow.c (check_shadow): check for a NULL sp - -1999-08-05 Assar Westerlund - - * login.c (main): move down login incorrect to disallow account - guessing - -1999-08-04 Assar Westerlund - - * utmpx_login.c (utmpx_login): fix for Solaris. From Miroslav - Ruda - - * login_locl.h: add and some prototypes - - * login.c: fixes with v4 and shadow support. From Miroslav Ruda - - - * shadow.c: new file with functions for handling shadow passwords - - * Makefile.am: add shadow - -1999-07-22 Assar Westerlund - - * login.c (main): generate a better tty name - -1999-05-25 Johan Danielsson - - * login.c (do_login): set $SHELL - -1999-05-18 Assar Westerlund - - * add login-access - -1999-05-11 Assar Westerlund - - * login.c: copy the v5 ccache to a file after having done setuid - -1999-05-09 Assar Westerlund - - * login.c (krb5_verify): check seteuid for errors - -Mon Apr 19 22:30:55 1999 Assar Westerlund - - * login.c: conditionalize the kafs calls on KRB4 - - * Makefile.am (LDADD): add kafs - - * login.c: add support for getting afs tokens with v4 and v5 - -Sun Apr 18 14:12:28 1999 Johan Danielsson - - * login.c: check _PATH_NOLOGIN - - * login_locl.h: _PATH_NOLOGIN - -1999-04-11 Assar Westerlund - - * login.c (main): use print_version - -Thu Apr 8 15:03:55 1999 Johan Danielsson - - * login.c: remove definition of KRB_VERIFY_USER et.al. (moved to - config.h) - - * login_locl.h: include udb.h, sys/resource.h, and sys/category.h - -Sat Mar 27 17:58:37 1999 Johan Danielsson - - * Makefile.am: osfc2.c - - * login.c: magic for OSF C2, and Crays - - * login_locl.h: do_osfc2_magic proto - - * osfc2.c: bsd_locl -> login_locl - - * osfc2.c: OSF C2 magic - -Tue Mar 23 14:17:40 1999 Johan Danielsson - - * login_locl.h: _PATH_UTMP - -Sun Mar 21 15:02:31 1999 Johan Danielsson - - * login.c: `-h' is host, not help - -Sat Mar 20 00:11:13 1999 Assar Westerlund - - * login_locl.h: krb.h: add - - * login.c: static-size - (krb4_verify): add - -Thu Mar 18 11:36:10 1999 Johan Danielsson - - * Makefile.am: include Makefile.am.common - -Thu Mar 11 17:53:36 1999 Johan Danielsson - - * utmpx_login.c: add some consts - - * utmp_login.c: add some consts - - * login.c: staticize - - * login_locl.h: add prototypes, and defaults for - _PATH_* - -Mon Mar 1 10:49:14 1999 Johan Danielsson - - * utmpx_login.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_* - - * utmp_login.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_* - diff --git a/appl/login/Makefile.am b/appl/login/Makefile.am deleted file mode 100644 index 05da1db72..000000000 --- a/appl/login/Makefile.am +++ /dev/null @@ -1,41 +0,0 @@ -# $Id$ - -include $(top_srcdir)/Makefile.am.common - -man_MANS = login.1 login.access.5 - -bin_PROGRAMS = login - -login_SOURCES = \ - conf.c \ - env.c \ - login.c \ - login_access.c \ - login_locl.h \ - loginpaths.h \ - limits_conf.c \ - osfc2.c \ - read_string.c \ - shadow.c \ - stty_default.c \ - tty.c \ - utmp_login.c \ - utmpx_login.c - -noinst_HEADERS = $(srcdir)/login-protos.h - -LDADD = $(LIB_otp) \ - $(LIB_kafs) \ - $(top_builddir)/lib/krb5/libkrb5.la \ - $(LIB_hcrypto) \ - $(top_builddir)/lib/asn1/libasn1.la \ - $(LIB_roken) \ - $(LIB_security) \ - $(DB3LIB) $(DB1LIB) $(LMDBLIB) $(NDBMLIB) - -$(srcdir)/login-protos.h: $(login_SOURCES) - cd $(srcdir); perl ../../cf/make-proto.pl -o login-protos.h -q -P comment $(login_SOURCES) || rm -f login-protos.h - -$(login_OBJECTS): $(srcdir)/login-protos.h - -EXTRA_DIST = NTMakefile $(man_MANS) diff --git a/appl/login/NTMakefile b/appl/login/NTMakefile deleted file mode 100644 index b19ecfa8b..000000000 --- a/appl/login/NTMakefile +++ /dev/null @@ -1,35 +0,0 @@ -######################################################################## -# -# Copyright (c) 2009, Secure Endpoints Inc. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# - Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# - Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in -# the documentation and/or other materials provided with the -# distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, -# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN -# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# - -RELDIR=appl\login - -!include ../../windows/NTMakefile.w32 - diff --git a/appl/login/conf.c b/appl/login/conf.c deleted file mode 100644 index bf186d9b6..000000000 --- a/appl/login/conf.c +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of KTH nor the names of its contributors may be - * used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY - * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - -#include "login_locl.h" - -RCSID("$Id$"); - -static char *confbuf; - -static int -login_conf_init(void) -{ - char *files[] = { _PATH_LOGIN_CONF, NULL }; - return cgetent(&confbuf, (void *)files, "default"); -} - -char * -login_conf_get_string(const char *str) -{ - char *value; - if(login_conf_init() != 0) - return NULL; - if(cgetstr(confbuf, (char *)str, &value) < 0) - return NULL; - return value; -} diff --git a/appl/login/env.c b/appl/login/env.c deleted file mode 100644 index fc2e8b826..000000000 --- a/appl/login/env.c +++ /dev/null @@ -1,106 +0,0 @@ -/* - * Copyright (c) 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "login_locl.h" -RCSID("$Id$"); - -/* - * the environment we will send to execle and the shell. - */ - -char **env; -int num_env; - -void -extend_env(char *str) -{ - env = realloc(env, (num_env + 1) * sizeof(*env)); - if(env == NULL) - errx(1, "Out of memory!"); - env[num_env++] = str; -} - -void -add_env(const char *var, const char *value) -{ - int aret; - int i; - char *str; - aret = asprintf(&str, "%s=%s", var, value); - if(aret == -1) - errx(1, "Out of memory!"); - for(i = 0; i < num_env; i++) - if(strncmp(env[i], var, strlen(var)) == 0 && - env[i][strlen(var)] == '='){ - free(env[i]); - env[i] = str; - return; - } - - extend_env(str); -} - -#if !HAVE_DECL_ENVIRON -extern char **environ; -#endif - - -void -copy_env(void) -{ - char **p; - for(p = environ; *p; p++) - extend_env(*p); -} - -void -login_read_env(const char *file) -{ - char **newenv; - char *p; - int i, j; - - newenv = NULL; - i = read_environment(file, &newenv); - for (j = 0; j < i; j++) { - p = strchr(newenv[j], '='); - if (p == NULL) - errx(1, "%s: missing = in string %s", - file, newenv[j]); - *p++ = 0; - add_env(newenv[j], p); - *--p = '='; - free(newenv[j]); - } - free(newenv); -} diff --git a/appl/login/limits_conf.c b/appl/login/limits_conf.c deleted file mode 100644 index 492b14de7..000000000 --- a/appl/login/limits_conf.c +++ /dev/null @@ -1,214 +0,0 @@ -/* - * Copyright (c) 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "login_locl.h" - -RCSID("$Id$"); - -#include -#include -#ifdef HAVE_SYS_RESOURCE_H -#include -#endif - -struct limit { - const char *name; - int resource; - int scale; - int has_limit; - struct rlimit limit; -} limits[] = { -#define LIM(X, S) { #X, RLIMIT_##X, S, 0, {0, 0} } - LIM(CORE, 1024), - LIM(CPU, 60), - LIM(DATA, 1024), - LIM(FSIZE, 1024), -#ifdef RLIMIT_MEMLOCK - LIM(MEMLOCK, 1024), -#endif - LIM(NOFILE, 1), -#ifdef RLIMIT_NPROC - LIM(NPROC, 1), -#endif -#ifdef RLIMIT_RSS - LIM(RSS, 1024), -#endif - LIM(STACK, 1024), - -#ifdef RLIMIT_AS - LIM(AS, 1024), -#endif -#ifdef RLIMIT_LOCKS - LIM(LOCKS, 1), -#endif - /* - maxlogins - priority - */ - { NULL, 0, 0, 0, {0, 0} } -}; - -static struct limit * -find_limit(const char *name) -{ - struct limit *l; - for(l = limits; l->name != NULL; l++) - if(strcasecmp(name, l->name) == 0) - return l; - return NULL; -} - -/* this function reads limits.conf files similar to pam_limits - unimplemented features include: - % maxlogins - "-" no limits, - priorities etc that are not set via setrlimit - XXX uses static storage, and clobbers getgr* -*/ - -int -read_limits_conf(const char *file, const struct passwd *pwd) -{ - FILE *f; - char *args[4]; - int lineno = 0; - char buf[1024]; - struct limit *l; - rlim_t value; - - f = fopen(file, "r"); - if(f == NULL) { - if(errno != ENOENT && errno != ENOTDIR) - syslog(LOG_ERR, "%s: %m", file); - return -1; - } - - while(fgets(buf, sizeof(buf), f) != NULL) { - char *last = NULL; - char *end = NULL; - int level; - - lineno++; - - if(buf[0] == '\0') { - syslog(LOG_ERR, "%s: line %d: NUL character", file, lineno); - continue; - } - if(buf[strlen(buf) - 1] != '\n') { - /* file did not end with a newline, figure out if we're at - the EOF, or if our buffer was too small */ - int eof = 1; - int c; - while((c = fgetc(f)) != EOF) { - eof = 0; - if(c == '\n') - break; - } - if(!eof) { - syslog(LOG_ERR, "%s: line %d: line too long", file, lineno); - continue; - } - } - buf[strcspn(buf, "#\r\n")] = '\0'; - if((args[0] = strtok_r(buf, " \t", &last)) == NULL || - (args[1] = strtok_r(NULL, " \t", &last)) == NULL || - (args[2] = strtok_r(NULL, " \t", &last)) == NULL || - (args[3] = strtok_r(NULL, " \t", &last)) == NULL) { - if(args[0] != NULL) /* this would include comment lines */ - syslog(LOG_ERR, "%s: line %d: malformed line", file, lineno); - continue; - } - - l = find_limit(args[2]); - if(l == NULL) { - syslog(LOG_ERR, "%s: line %d: unknown limit %s", file, lineno, args[2]); - continue; - } - if(strcmp(args[3], "-") == 0) { - value = RLIM_INFINITY; - } else { - errno = 0; - value = strtol(args[3], &end, 10); - if(*end != '\0') { - syslog(LOG_ERR, "%s: line %d: bad value %s", file, lineno, args[3]); - continue; - } - if((value == LONG_MIN || value == LONG_MAX) && errno == ERANGE) { - syslog(LOG_ERR, "%s: line %d: bad value %s", file, lineno, args[3]); - continue; - } - if(value * l->scale < value) - value = RLIM_INFINITY; - else - value *= l->scale; - } - level = 0; - /* XXX unclear: if you set group hard and user soft limit, - should the hard limit still apply? this code doesn't. */ - if(strcmp(args[0], pwd->pw_name) == 0) - level = 3; - if(*args[0] == '@') { - struct group *gr; - gr = getgrnam(args[0] + 1); - if(gr != NULL && gr->gr_gid == pwd->pw_gid) - level = 2; - } - if(strcmp(args[0], "*") == 0) - level = 1; - if(level == 0 || level < l->has_limit) /* not for us */ - continue; - if(l->has_limit < level) { - if(getrlimit(l->resource, &l->limit) < 0) - continue; - l->has_limit = level; - } - - /* XXX unclear: if you soft to more than default hard, should - we set hard to soft? this code doesn't. */ - if(strcasecmp(args[1], "soft") == 0 || strcmp(args[1], "-") == 0) - l->limit.rlim_cur = value; - if(strcasecmp(args[1], "hard") == 0 || strcmp(args[1], "-") == 0) - l->limit.rlim_max = value; - } - fclose(f); - for(l = limits; l->name != NULL; l++) { - if(l->has_limit) { - if(l->limit.rlim_cur > l->limit.rlim_max) - l->limit.rlim_cur = l->limit.rlim_max; - if(setrlimit(l->resource, &l->limit) != 0) - syslog(LOG_ERR, "setrlimit RLIM_%s failed: %m", l->name); - } - l->has_limit = 0; - } - return 0; -} diff --git a/appl/login/login.1 b/appl/login/login.1 deleted file mode 100644 index 91d262cc9..000000000 --- a/appl/login/login.1 +++ /dev/null @@ -1,248 +0,0 @@ -.\" $Id$ -.\" -.Dd April 22, 2005 -.Dt LOGIN 1 -.Os HEIMDAL -.Sh NAME -.Nm login -.Nd authenticate a user and start new session -.Sh SYNOPSIS -.Nm -.Op Fl fp -.Op Fl a Ar level -.Op Fl h Ar hostname -.Ar [username] -.Sh DESCRIPTION -This manual page documents the -.Nm login -program distributed with the Heimdal Kerberos 5 implementation, it may -differ in important ways from your system version. -.Pp -The -.Nm login -programs logs users into the system. It is intended to be run by -system daemons like -.Xr getty 8 -or -.Xr telnetd 8 . -If you are already logged in, but want to change to another user, you -should use -.Xr su 1 . -.Pp -A username can be given on the command line, else one will be prompted -for. -.Pp -A password is required to login, unless the -.Fl f -option is given (indicating that the calling program has already done -proper authentication). With -.Fl f -the user will be logged in without further questions. -.Pp -For password authentication Kerberos 5, OTP (if compiled in) and local -.No ( Pa /etc/passwd ) -passwords are supported. OTP will be used if the the user is -registered to use it, and -.Nm login -is given the option -.Fl a Li otp . -When using OTP, a challenge is shown to the user. -.Pp -Further options are: -.Bl -tag -width Ds -.It Fl a Ar string -Which authentication mode to use, the only supported value is -currently -.Dq otp . -.It Fl f -Indicates that the user is already authenticated. This happens, for -instance, when login is started by telnetd, and the user has proved -authentic via Kerberos. -.It Fl h Ar hostname -Indicates which host the user is logging in from. This is passed from -telnetd, and is entered into the login database. -.It Fl p -This tells -.Nm login -to preserve all environment variables. If not given, only the -.Dv TERM -and -.Dv TZ -variables are preserved. It could be a security risk to pass random -variables to -.Nm login -or the user shell, so the calling daemon should make sure it only -passes -.Dq safe -variables. -.El -.Pp -The process of logging user in proceeds as follows. -.Pp -First a check is made that logins are allowed at all. This usually -means checking -.Pa /etc/nologin . -If it exists, and the user trying to login is not root, the contents -is printed, and then login exits. -.Pp -Then various system parameters are set up, like changing the owner of -the tty to the user, setting up signals, setting the group list, and -user and group id. Also various machine specific tasks are performed. -.Pp -Next -.Nm login -changes to the users home directory, or if that fails, to -.Pa / . -The environment is setup, by adding some required variables (such as -.Dv PATH ) , -and also authentication related ones (such as -.Dv KRB5CCNAME ) . -If an environment file exists -.No ( Pa /etc/environment ) , -variables are set according to -it. -.Pp -If one or more login message files are configured, their contents is -printed to the terminal. -.Pp -If a login time command is configured, it is executed. A logout time -command can also be configured, which makes -.Nm login -fork, and wait for the user shell to exit, and then run the command. -This can be used to clean up user credentials. -.Pp -Finally, the user's shell is executed. If the user logging in is root, -and root's login shell does not exist, a default shell (usually -.Pa /bin/sh ) -is also tried before giving up. -.Sh ENVIRONMENT -These environment variables are set by login (not including ones set by -.Pa /etc/environment ) : -.Pp -.Bl -tag -compact -width USERXXLOGNAME -.It Dv PATH -the default system path -.It Dv HOME -the user's home directory (or possibly -.Pa / ) -.It Dv USER , Dv LOGNAME -both set to the username -.It Dv SHELL -the user's shell -.It Dv TERM , Dv TZ -set to whatever is passed to -.Nm login -.It Dv KRB5CCNAME -if the password is verified via Kerberos 5, this will point to the -credentials cache file -.El -.Sh FILES -.Bl -tag -compact -width Ds -.It Pa /etc/environment -Contains a set of environment variables that should be set in addition -to the ones above. It should contain sh-style assignments like -.Dq VARIABLE=value . -Note that they are not parsed the way a shell would. No variable -expansion is performed, and all strings are literal, and quotation -marks should not be used. Everything after a hash mark is considered a -comment. The following are all different (the last will set the -variable -.Dv BAR , -not -.Dv FOO ) . -.Bd -literal -offset indent -FOO=this is a string -FOO="this is a string" -BAR= FOO='this is a string' -.Ed -.It Pa /etc/login.access -See -.Xr login.access 5 . -.It Pa /etc/login.conf -This is a termcap style configuration file, that contains various -settings used by -.Nm login . -Currently only the -.Dq default -capability record is used. The possible capability strings include: -.Pp -.Bl -tag -compact -width Ds -.It Li environment -This is a comma separated list of environment files that are read in -the order specified. If this is missing the default -.Pa /etc/environment -is used. -.It Li login_program -This program will be executed just before the user's shell is started. -It will be called without arguments. -.It Li logout_program -This program will be executed just after the user's shell has -terminated. It will be called without arguments. This program will be -the parent process of the spawned shell. -.It Li motd -A comma separated list of text files that will be printed to the -user's terminal before starting the shell. The string -.Li welcome -works similarly, but points to a single file. -.It Li limits -Points to a file containing ulimit settings for various users. Syntax -is inspired by what pam_limits uses, and the default is -.Pa /etc/security/limits.conf . -.El -.It Pa /etc/nologin -If it exists, login is denied to all but root. The contents of this -file is printed before login exits. -.El -.Pp -Other -.Nm login -programs typically print all sorts of information by default, such as -last time you logged in, if you have mail, and system message files. -This version of -.Nm login -does not, so there is no reason for -.Pa .hushlogin -files or similar. We feel that these tasks are best left to the user's -shell, but the -.Li login_program -facility allows for a shell independent solution, if that is desired. -.Sh EXAMPLES -A -.Pa login.conf -file could look like: -.Bd -literal -offset indent -default:\\ - :motd=/etc/motd,/etc/motd.local:\\ - :limits=/etc/limits.conf: -.Ed -.Pp -The -.Pa limits.conf -file consists of a table with four whitespace separated fields. First -field is a username or a groupname (prefixed with -.Sq @ ) , -or -.Sq * . -Second field is -.Sq soft , -.Sq hard , -or -.Sq - -(the last meaning both soft and hard). -Third field is a limit name (such as -.Sq cpu -or -.Sq core ) . -Last field is the limit value (a number or -.Sq - -for unlimited). In the case of data sizes, the value is in kilobytes, -and cputime is in minutes. -.Sh SEE ALSO -.Xr su 1 , -.Xr login.access 5 , -.Xr getty 8 , -.Xr telnetd 8 -.Sh AUTHORS -This login program was written for the Heimdal Kerberos 5 -implementation. The login.access code was written by Wietse Venema. -.\".Sh BUGS diff --git a/appl/login/login.access.5 b/appl/login/login.access.5 deleted file mode 100644 index 7b9aa151f..000000000 --- a/appl/login/login.access.5 +++ /dev/null @@ -1,55 +0,0 @@ -.\" $Id$ -.\" -.Dd March 21, 2003 -.Dt LOGIN.ACCESS 5 -.Os HEIMDAL -.Sh NAME -.Nm login.access -.Nd login access control table -.Sh DESCRIPTION -The -.Nm login.access -file specifies on which ttys or from which hosts certain users are -allowed to login. -.Pp -At login, the -.Pa /etc/login.access -file is checked for the first entry that matches a specific user/host -or user/tty combination. That entry can either allow or deny login -access to that user. -.Pp -Each entry have three fields separated by colon: -.Bl -bullet -.It -The first field indicates the permission given if the entry matches. -It can be either -.Dq + -(allow access) -or -.Dq - -(deny access) . -.It -The second field is a comma separated list of users or groups for -which the current entry applies. NIS netgroups can used (if -configured) if preceded by @. The magic string ALL matches all users. -A group will match if the user is a member of that group, or it is the -user's primary group. -.It -The third field is a list of ttys, or network names. A network name -can be either a hostname, a domain (indicated by a starting period), -or a netgroup. As with the user list, ALL matches anything. LOCAL -matches a string not containing a period. -.El -.Pp -If the string EXCEPT is found in either the user or from list, the -rest of the list are exceptions to the list before EXCEPT. -.Sh BUGS -If there's a user and a group with the same name, there is no way to -make the group match if the user also matches. -.Sh SEE ALSO -.Xr login 1 -.Sh AUTHORS -The -.Fn login_access -function was written by -Wietse Venema. This manual page was written for Heimdal. diff --git a/appl/login/login.c b/appl/login/login.c deleted file mode 100644 index 3f6924179..000000000 --- a/appl/login/login.c +++ /dev/null @@ -1,734 +0,0 @@ -/* - * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "login_locl.h" -#ifdef HAVE_CAPABILITY_H -#include -#endif -#ifdef HAVE_SYS_CAPABILITY_H -#include -#endif -#ifdef HAVE_CRYPT_H -#include -#endif - -RCSID("$Id$"); - -static int login_timeout = 60; - -static int -start_login_process(void) -{ - char *prog, *argv0; - prog = login_conf_get_string("login_program"); - if(prog == NULL) - return 0; - argv0 = strrchr(prog, '/'); - - if(argv0) - argv0++; - else - argv0 = prog; - - return simple_execle(prog, argv0, NULL, env); -} - -static int -start_logout_process(void) -{ - char *prog, *argv0; - pid_t pid; - - prog = login_conf_get_string("logout_program"); - if(prog == NULL) - return 0; - argv0 = strrchr(prog, '/'); - - if(argv0) - argv0++; - else - argv0 = prog; - - pid = fork(); - if(pid == 0) { - /* avoid getting signals sent to the shell */ - setpgid(0, getpid()); - return 0; - } - if(pid == -1) - err(1, "fork"); - /* wait for the real login process to exit */ -#ifdef HAVE_SETPROCTITLE - setproctitle("waitpid %d", pid); -#endif - while(1) { - int status; - int ret; - ret = waitpid(pid, &status, 0); - if(ret > 0) { - if(WIFEXITED(status) || WIFSIGNALED(status)) { - execle(prog, argv0, NULL, env); - err(1, "exec %s", prog); - } - } else if(ret < 0) - err(1, "waitpid"); - } -} - -static void -exec_shell(const char *shell, int fallback) -{ - char *sh; - const char *p; - - extend_env(NULL); - if(start_login_process() < 0) - warn("login process"); - start_logout_process(); - - p = strrchr(shell, '/'); - if(p) - p++; - else - p = shell; - if (asprintf(&sh, "-%s", p) == -1) - errx(1, "Out of memory"); - execle(shell, sh, NULL, env); - if(fallback){ - warnx("Can't exec %s, trying %s", - shell, _PATH_BSHELL); - execle(_PATH_BSHELL, "-sh", NULL, env); - err(1, "%s", _PATH_BSHELL); - } - err(1, "%s", shell); -} - -static enum { NONE = 0, AUTH_KRB5 = 2, AUTH_OTP = 3 } auth; - -#ifdef OTP -static OtpContext otp_ctx; - -static int -otp_verify(struct passwd *pwd, const char *password) -{ - return (otp_verify_user (&otp_ctx, password)); -} -#endif /* OTP */ - -#ifdef KRB5 -static krb5_context context; -static krb5_ccache id, id2; - -static int -krb5_verify(struct passwd *pwd, const char *password) -{ - krb5_error_code ret; - krb5_principal princ; - - ret = krb5_parse_name(context, pwd->pw_name, &princ); - if(ret) - return 1; - ret = krb5_cc_new_unique(context, krb5_cc_type_memory, NULL, &id); - if(ret) { - krb5_free_principal(context, princ); - return 1; - } - ret = krb5_verify_user_lrealm(context, - princ, - id, - password, - 1, - NULL); - krb5_free_principal(context, princ); - return ret; -} - -static int -krb5_start_session (const struct passwd *pwd) -{ - krb5_error_code ret; - char residual[64]; - - /* copy credentials to file cache */ - snprintf(residual, sizeof(residual), "FILE:/tmp/krb5cc_%u", - (unsigned)pwd->pw_uid); - krb5_cc_resolve(context, residual, &id2); - ret = krb5_cc_copy_cache(context, id, id2); - if (ret == 0) - add_env("KRB5CCNAME", residual); - else { - krb5_cc_destroy (context, id2); - return ret; - } - krb5_cc_close(context, id2); - krb5_cc_destroy(context, id); - return 0; -} - -static void -krb5_finish (void) -{ - krb5_free_context(context); -} - -static void -krb5_get_afs_tokens (const struct passwd *pwd) -{ -#ifndef NO_AFS - static int pag_set = 0; - char cell[64]; - char *pw_dir; - krb5_error_code ret; - - if (!k_hasafs ()) - return; - - ret = krb5_cc_default(context, &id2); - - if (ret == 0) { - pw_dir = pwd->pw_dir; - - if (!pag_set) { - k_setpag(); - pag_set = 1; - } - - if(k_afs_cell_of_file(pw_dir, cell, sizeof(cell)) == 0) - krb5_afslog_uid_home (context, id2, - cell, NULL, pwd->pw_uid, pwd->pw_dir); - krb5_afslog_uid_home (context, id2, NULL, NULL, - pwd->pw_uid, pwd->pw_dir); - krb5_cc_close (context, id2); - } -#endif -} - -#endif /* KRB5 */ - -static int f_flag; -static int p_flag; -#if 0 -static int r_flag; -#endif -static int version_flag; -static int help_flag; -static char *remote_host; -static char *auth_level = NULL; - -struct getargs args[] = { - { NULL, 'a', arg_string, &auth_level, "authentication mode", NULL }, -#if 0 - { NULL, 'd', NULL, NULL, NULL, NULL }, -#endif - { NULL, 'f', arg_flag, &f_flag, "pre-authenticated", NULL }, - { NULL, 'h', arg_string, &remote_host, "remote host", "hostname" }, - { NULL, 'p', arg_flag, &p_flag, "don't purge environment", - NULL }, -#if 0 - { NULL, 'r', arg_flag, &r_flag, "rlogin protocol", NULL }, -#endif - { "version", 0, arg_flag, &version_flag, NULL, NULL }, - { "help", 0, arg_flag,&help_flag, NULL, NULL } -}; - -int nargs = sizeof(args) / sizeof(args[0]); - -static void -update_utmp(const char *username, const char *hostname, - char *tty, char *ttyn) -{ - /* - * Update the utmp files, both BSD and SYSV style. - */ - if (utmpx_login(tty, username, hostname) != 0 && !f_flag) { - printf("No utmpx entry. You must exec \"login\" from the " - "lowest level shell.\n"); - exit(1); - } - utmp_login(ttyn, username, hostname); -} - -static void -checknologin(void) -{ - FILE *f; - char buf[1024]; - - f = fopen(_PATH_NOLOGIN, "r"); - if(f == NULL) - return; - while(fgets(buf, sizeof(buf), f)) - fputs(buf, stdout); - fclose(f); - exit(0); -} - -/* print contents of a file */ -static void -show_file(const char *file) -{ - FILE *f; - char buf[BUFSIZ]; - if((f = fopen(file, "r")) == NULL) - return; - while (fgets(buf, sizeof(buf), f)) - fputs(buf, stdout); - fclose(f); -} - -/* - * Actually log in the user. `pwd' contains all the relevant - * information about the user. `ttyn' is the complete name of the tty - * and `tty' the short name. - */ - -static void -do_login(const struct passwd *pwd, char *tty, char *ttyn) -{ -#ifdef HAVE_GETSPNAM - struct spwd *sp; -#endif - int rootlogin = (pwd->pw_uid == 0); - gid_t tty_gid; - struct group *gr; - const char *home_dir; - int i; - - if(!rootlogin) - checknologin(); - -#ifdef HAVE_GETSPNAM - sp = getspnam(pwd->pw_name); -#endif - - update_utmp(pwd->pw_name, remote_host ? remote_host : "", - tty, ttyn); - - gr = getgrnam ("tty"); - if (gr != NULL) - tty_gid = gr->gr_gid; - else - tty_gid = pwd->pw_gid; - - if (chown (ttyn, pwd->pw_uid, tty_gid) < 0) { - warn("chown %s", ttyn); - if (rootlogin == 0) - exit (1); - } - - if (chmod (ttyn, S_IRUSR | S_IWUSR | S_IWGRP) < 0) { - warn("chmod %s", ttyn); - if (rootlogin == 0) - exit (1); - } - -#ifdef HAVE_SETLOGIN - if(setlogin(pwd->pw_name)){ - warn("setlogin(%s)", pwd->pw_name); - if(rootlogin == 0) - exit(1); - } -#endif - if(rootlogin == 0) { - const char *file = login_conf_get_string("limits"); - if(file == NULL) - file = _PATH_LIMITS_CONF; - - read_limits_conf(file, pwd); - } - -#ifdef HAVE_SETPCRED - if (setpcred (pwd->pw_name, NULL) == -1) - warn("setpcred(%s)", pwd->pw_name); -#endif /* HAVE_SETPCRED */ -#ifdef HAVE_INITGROUPS - if(initgroups(pwd->pw_name, pwd->pw_gid)){ - warn("initgroups(%s, %u)", pwd->pw_name, (unsigned)pwd->pw_gid); - if(rootlogin == 0) - exit(1); - } -#endif - if(do_osfc2_magic(pwd->pw_uid)) - exit(1); - if(setgid(pwd->pw_gid)){ - warn("setgid(%u)", (unsigned)pwd->pw_gid); - if(rootlogin == 0) - exit(1); - } - if(setuid(pwd->pw_uid) || (pwd->pw_uid != 0 && setuid(0) == 0)) { - warn("setuid(%u)", (unsigned)pwd->pw_uid); - if(rootlogin == 0) - exit(1); - } - - /* make sure signals are set to default actions, apparently some - OS:es like to ignore SIGINT, which is not very convenient */ - - for (i = 1; i < NSIG; ++i) - signal(i, SIG_DFL); - - /* all kinds of different magic */ - -#ifdef HAVE_GETSPNAM - check_shadow(pwd, sp); -#endif - -#if defined(HAVE_GETUDBNAM) && defined(HAVE_SETLIM) - { - struct udb *udb; - long t; - const long maxcpu = 46116860184; /* some random constant */ - udb = getudbnam(pwd->pw_name); - if(udb == UDB_NULL) - errx(1, "Failed to get UDB entry."); - t = udb->ue_pcpulim[UDBRC_INTER]; - if(t == 0 || t > maxcpu) - t = CPUUNLIM; - else - t *= 100 * CLOCKS_PER_SEC; - - if(limit(C_PROC, 0, L_CPU, t) < 0) - warn("limit C_PROC"); - - t = udb->ue_jcpulim[UDBRC_INTER]; - if(t == 0 || t > maxcpu) - t = CPUUNLIM; - else - t *= 100 * CLOCKS_PER_SEC; - - if(limit(C_JOBPROCS, 0, L_CPU, t) < 0) - warn("limit C_JOBPROCS"); - - nice(udb->ue_nice[UDBRC_INTER]); - } -#endif -#if defined(HAVE_SGI_GETCAPABILITYBYNAME) && defined(HAVE_CAP_SET_PROC) - /* XXX SGI capability hack IRIX 6.x (x >= 0?) has something - called capabilities, that allow you to give away - permissions (such as chown) to specific processes. From 6.5 - this is default on, and the default capability set seems to - not always be the empty set. The problem is that the - runtime linker refuses to do just about anything if the - process has *any* capabilities set, so we have to remove - them here (unless otherwise instructed by /etc/capability). - In IRIX < 6.5, these functions was called sgi_cap_setproc, - etc, but we ignore this fact (it works anyway). */ - { - struct user_cap *ucap = sgi_getcapabilitybyname(pwd->pw_name); - cap_t cap; - if(ucap == NULL) - cap = cap_from_text("all="); - else - cap = cap_from_text(ucap->ca_default); - if(cap == NULL) - err(1, "cap_from_text"); - if(cap_set_proc(cap) < 0) - err(1, "cap_set_proc"); - cap_free(cap); - free(ucap); - } -#endif - home_dir = pwd->pw_dir; - if (chdir(home_dir) < 0) { - fprintf(stderr, "No home directory \"%s\"!\n", pwd->pw_dir); - if (chdir("/")) - exit(0); - home_dir = "/"; - fprintf(stderr, "Logging in with home = \"/\".\n"); - } -#ifdef KRB5 - if (auth == AUTH_KRB5) { - krb5_start_session (pwd); - } - - krb5_get_afs_tokens (pwd); - - krb5_finish (); -#endif /* KRB5 */ - - add_env("PATH", _PATH_DEFPATH); - - { - const char *str = login_conf_get_string("environment"); - char buf[MAXPATHLEN]; - - if(str == NULL) { - login_read_env(_PATH_ETC_ENVIRONMENT); - } else { - while(strsep_copy(&str, ",", buf, sizeof(buf)) != -1) { - if(buf[0] == '\0') - continue; - login_read_env(buf); - } - } - } - { - const char *str = login_conf_get_string("motd"); - char buf[MAXPATHLEN]; - - if(str != NULL) { - while(strsep_copy(&str, ",", buf, sizeof(buf)) != -1) { - if(buf[0] == '\0') - continue; - show_file(buf); - } - } else { - str = login_conf_get_string("welcome"); - if(str != NULL) - show_file(str); - } - } - add_env("HOME", home_dir); - add_env("USER", pwd->pw_name); - add_env("LOGNAME", pwd->pw_name); - add_env("SHELL", pwd->pw_shell); - exec_shell(pwd->pw_shell, rootlogin); -} - -static int -check_password(struct passwd *pwd, const char *password) -{ - if(pwd->pw_passwd == NULL) - return 1; - if(pwd->pw_passwd[0] == '\0'){ -#ifdef ALLOW_NULL_PASSWORD - return password[0] != '\0'; -#else - return 1; -#endif - } - if(strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) == 0) - return 0; -#ifdef KRB5 - if(krb5_verify(pwd, password) == 0) { - auth = AUTH_KRB5; - return 0; - } -#endif -#ifdef OTP - if (otp_verify (pwd, password) == 0) { - auth = AUTH_OTP; - return 0; - } -#endif - return 1; -} - -static void -usage(int status) -{ - arg_printusage(args, nargs, NULL, "[username]"); - exit(status); -} - -static RETSIGTYPE -sig_handler(int sig) -{ - if (sig == SIGALRM) - fprintf(stderr, "Login timed out after %d seconds\n", - login_timeout); - else - fprintf(stderr, "Login received signal, exiting\n"); - exit(0); -} - -int -main(int argc, char **argv) -{ - int max_tries = 5; - int try; - - char username[32]; - int optidx = 0; - - int ask = 1; - struct sigaction sa; - - setprogname(argv[0]); - -#ifdef KRB5 - { - krb5_error_code ret; - - ret = krb5_init_context(&context); - if (ret) - errx (1, "krb5_init_context failed: %d", ret); - } -#endif - - openlog("login", LOG_ODELAY | LOG_PID, LOG_AUTH); - - if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv, - &optidx)) - usage (1); - argc -= optidx; - argv += optidx; - - if(help_flag) - usage(0); - if (version_flag) { - print_version (NULL); - return 0; - } - - if (geteuid() != 0) - errx(1, "only root may use login, use su"); - - /* Default tty settings. */ - stty_default(); - - if(p_flag) - copy_env(); - else { - /* this set of variables is always preserved by BSD login */ - if(getenv("TERM")) - add_env("TERM", getenv("TERM")); - if(getenv("TZ")) - add_env("TZ", getenv("TZ")); - } - - if(*argv){ - if(strchr(*argv, '=') == NULL && strcmp(*argv, "-") != 0){ - strlcpy (username, *argv, sizeof(username)); - ask = 0; - } - } - -#if defined(DCE) && defined(AIX) - esetenv("AUTHSTATE", "DCE", 1); -#endif - - /* XXX should we care about environment on the command line? */ - - memset(&sa, 0, sizeof(sa)); - sa.sa_handler = sig_handler; - sigemptyset(&sa.sa_mask); - sa.sa_flags = 0; - sigaction(SIGALRM, &sa, NULL); - alarm(login_timeout); - - for(try = 0; try < max_tries; try++){ - struct passwd *pwd; - char password[128]; - int ret; - char ttname[32]; - char *tty, *ttyn; - char prompt[128]; -#ifdef OTP - char otp_str[256]; -#endif - - if(ask){ - f_flag = 0; -#if 0 - r_flag = 0; -#endif - ret = read_string("login: ", username, sizeof(username), 1); - if(ret == -3) - exit(0); - if(ret == -2) - sig_handler(0); /* exit */ - } - pwd = k_getpwnam(username); -#ifdef ALLOW_NULL_PASSWORD - if (pwd != NULL && (pwd->pw_passwd[0] == '\0')) { - strcpy(password,""); - } - else -#endif - - { -#ifdef OTP - if(auth_level && strcmp(auth_level, "otp") == 0 && - otp_challenge(&otp_ctx, username, - otp_str, sizeof(otp_str)) == 0) - snprintf (prompt, sizeof(prompt), "%s's %s Password: ", - username, otp_str); - else -#endif - strncpy(prompt, "Password: ", sizeof(prompt)); - - if (f_flag == 0) { - ret = read_string(prompt, password, sizeof(password), 0); - if (ret == -3) { - ask = 1; - continue; - } - if (ret == -2) - sig_handler(0); - } - } - - if(pwd == NULL){ - fprintf(stderr, "Login incorrect.\n"); - ask = 1; - continue; - } - - if(f_flag == 0 && check_password(pwd, password)){ - fprintf(stderr, "Login incorrect.\n"); - ask = 1; - continue; - } - ttyn = ttyname(STDIN_FILENO); - if(ttyn == NULL){ - snprintf(ttname, sizeof(ttname), "%s??", _PATH_TTY); - ttyn = ttname; - } - if (strncmp (ttyn, _PATH_DEV, strlen(_PATH_DEV)) == 0) - tty = ttyn + strlen(_PATH_DEV); - else - tty = ttyn; - - if (login_access (pwd, remote_host ? remote_host : tty) == 0) { - fprintf(stderr, "Permission denied\n"); - if (remote_host) - syslog(LOG_NOTICE, "%s LOGIN REFUSED FROM %s", - pwd->pw_name, remote_host); - else - syslog(LOG_NOTICE, "%s LOGIN REFUSED ON %s", - pwd->pw_name, tty); - exit (1); - } else { - if (remote_host) - syslog(LOG_NOTICE, "%s LOGIN ACCEPTED FROM %s ppid=%d", - pwd->pw_name, remote_host, (int) getppid()); - else - syslog(LOG_NOTICE, "%s LOGIN ACCEPTED ON %s ppid=%d", - pwd->pw_name, tty, (int) getppid()); - } - alarm(0); - do_login(pwd, tty, ttyn); - } - exit(1); -} diff --git a/appl/login/login_access.c b/appl/login/login_access.c deleted file mode 100644 index 71b1fb1aa..000000000 --- a/appl/login/login_access.c +++ /dev/null @@ -1,277 +0,0 @@ -/************************************************************************ -* Copyright 1995 by Wietse Venema. All rights reserved. Some individual -* files may be covered by other copyrights. -* -* This material was originally written and compiled by Wietse Venema at -* Eindhoven University of Technology, The Netherlands, in 1990, 1991, -* 1992, 1993, 1994 and 1995. -* -* Redistribution and use in source and binary forms, with or without -* modification, are permitted provided that this entire copyright notice -* is duplicated in all such copies. -* -* This software is provided "as is" and without any expressed or implied -* warranties, including, without limitation, the implied warranties of -* merchantibility and fitness for any particular purpose. -************************************************************************/ - /* - * This module implements a simple but effective form of login access - * control based on login names and on host (or domain) names, internet - * addresses (or network numbers), or on terminal line names in case of - * non-networked logins. Diagnostics are reported through syslog(3). - * - * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. - */ - -#include "login_locl.h" - -RCSID("$Id$"); - - /* Delimiters for fields and for lists of users, ttys or hosts. */ - -static char fs[] = ":"; /* field separator */ -static char sep[] = ", \t"; /* list-element separator */ - - /* Constants to be used in assignments only, not in comparisons... */ - -#define YES 1 -#define NO 0 - - /* - * A structure to bundle up all login-related information to keep the - * functional interfaces as generic as possible. - */ -struct login_info { - struct passwd *user; - char *from; -}; - -static int list_match(char *list, struct login_info *item, - int (*match_fn)(char *, struct login_info *)); -static int user_match(char *tok, struct login_info *item); -static int from_match(char *tok, struct login_info *item); -static int string_match(char *tok, char *string); - -/* login_access - match username/group and host/tty with access control file */ - -int login_access(struct passwd *user, char *from) -{ - struct login_info item; - FILE *fp; - char line[BUFSIZ]; - char *perm; /* becomes permission field */ - char *users; /* becomes list of login names */ - char *froms; /* becomes list of terminals or hosts */ - int match = NO; - int end; - int lineno = 0; /* for diagnostics */ - char *foo; - - /* - * Bundle up the arguments to avoid unnecessary clumsiness lateron. - */ - item.user = user; - item.from = from; - - /* - * Process the table one line at a time and stop at the first match. - * Blank lines and lines that begin with a '#' character are ignored. - * Non-comment lines are broken at the ':' character. All fields are - * mandatory. The first field should be a "+" or "-" character. A - * non-existing table means no access control. - */ - - if ((fp = fopen(_PATH_LOGACCESS, "r")) != 0) { - while (!match && fgets(line, sizeof(line), fp)) { - lineno++; - if (line[end = strlen(line) - 1] != '\n') { - syslog(LOG_ERR, "%s: line %d: missing newline or line too long", - _PATH_LOGACCESS, lineno); - continue; - } - if (line[0] == '#') - continue; /* comment line */ - while (end > 0 && isspace((unsigned char)line[end - 1])) - end--; - line[end] = 0; /* strip trailing whitespace */ - if (line[0] == 0) /* skip blank lines */ - continue; - foo = NULL; - if (!(perm = strtok_r(line, fs, &foo)) - || !(users = strtok_r(NULL, fs, &foo)) - || !(froms = strtok_r(NULL, fs, &foo)) - || strtok_r(NULL, fs, &foo)) { - syslog(LOG_ERR, "%s: line %d: bad field count", - _PATH_LOGACCESS, - lineno); - continue; - } - if (perm[0] != '+' && perm[0] != '-') { - syslog(LOG_ERR, "%s: line %d: bad first field", - _PATH_LOGACCESS, - lineno); - continue; - } - match = (list_match(froms, &item, from_match) - && list_match(users, &item, user_match)); - } - fclose(fp); - } else if (errno != ENOENT) { - syslog(LOG_ERR, "cannot open %s: %m", _PATH_LOGACCESS); - } - return (match == 0 || (line[0] == '+')); -} - -/* list_match - match an item against a list of tokens with exceptions */ - -static int -list_match(char *list, - struct login_info *item, - int (*match_fn)(char *, struct login_info *)) -{ - char *tok; - int match = NO; - char *foo = NULL; - - /* - * Process tokens one at a time. We have exhausted all possible matches - * when we reach an "EXCEPT" token or the end of the list. If we do find - * a match, look for an "EXCEPT" list and recurse to determine whether - * the match is affected by any exceptions. - */ - - for (tok = strtok_r(list, sep, &foo); - tok != NULL; - tok = strtok_r(NULL, sep, &foo)) { - if (strcasecmp(tok, "EXCEPT") == 0) /* EXCEPT: give up */ - break; - if ((match = (*match_fn) (tok, item)) != 0) /* YES */ - break; - } - /* Process exceptions to matches. */ - - if (match != NO) { - while ((tok = strtok_r(NULL, sep, &foo)) && strcasecmp(tok, "EXCEPT")) - /* VOID */ ; - if (tok == 0 || list_match(NULL, item, match_fn) == NO) - return (match); - } - return (NO); -} - -/* myhostname - figure out local machine name */ - -static char *myhostname(void) -{ - static char name[MAXHOSTNAMELEN + 1] = ""; - - if (name[0] == 0) { - gethostname(name, sizeof(name)); - name[MAXHOSTNAMELEN] = 0; - } - return (name); -} - -/* netgroup_match - match group against machine or user */ - -static int netgroup_match(char *group, char *machine, char *user) -{ -#ifdef HAVE_YP_GET_DEFAULT_DOMAIN - static char *mydomain = 0; - - if (mydomain == 0) - yp_get_default_domain(&mydomain); - return (innetgr(group, machine, user, mydomain)); -#else - syslog(LOG_ERR, "NIS netgroup support not configured"); - return 0; -#endif -} - -/* user_match - match a username against one token */ - -static int user_match(char *tok, struct login_info *item) -{ - char *string = item->user->pw_name; - struct login_info fake_item; - struct group *group; - int i; - char *at; - - /* - * If a token has the magic value "ALL" the match always succeeds. - * Otherwise, return YES if the token fully matches the username, if the - * token is a group that contains the username, or if the token is the - * name of the user's primary group. - */ - - if ((at = strchr(tok + 1, '@')) != 0) { /* split user@host pattern */ - *at = 0; - fake_item.from = myhostname(); - return (user_match(tok, item) && from_match(at + 1, &fake_item)); - } else if (tok[0] == '@') { /* netgroup */ - return (netgroup_match(tok + 1, (char *) 0, string)); - } else if (string_match(tok, string)) { /* ALL or exact match */ - return (YES); - } else if ((group = getgrnam(tok)) != 0) { /* try group membership */ - if (item->user->pw_gid == group->gr_gid) - return (YES); - for (i = 0; group->gr_mem[i]; i++) - if (strcasecmp(string, group->gr_mem[i]) == 0) - return (YES); - } - return (NO); -} - -/* from_match - match a host or tty against a list of tokens */ - -static int from_match(char *tok, struct login_info *item) -{ - char *string = item->from; - int tok_len; - int str_len; - - /* - * If a token has the magic value "ALL" the match always succeeds. Return - * YES if the token fully matches the string. If the token is a domain - * name, return YES if it matches the last fields of the string. If the - * token has the magic value "LOCAL", return YES if the string does not - * contain a "." character. If the token is a network number, return YES - * if it matches the head of the string. - */ - - if (tok[0] == '@') { /* netgroup */ - return (netgroup_match(tok + 1, string, (char *) 0)); - } else if (string_match(tok, string)) { /* ALL or exact match */ - return (YES); - } else if (tok[0] == '.') { /* domain: match last fields */ - if ((str_len = strlen(string)) > (tok_len = strlen(tok)) - && strcasecmp(tok, string + str_len - tok_len) == 0) - return (YES); - } else if (strcasecmp(tok, "LOCAL") == 0) { /* local: no dots */ - if (strchr(string, '.') == 0) - return (YES); - } else if (tok[(tok_len = strlen(tok)) - 1] == '.' /* network */ - && strncmp(tok, string, tok_len) == 0) { - return (YES); - } - return (NO); -} - -/* string_match - match a string against one token */ - -static int string_match(char *tok, char *string) -{ - - /* - * If the token has the magic value "ALL" the match always succeeds. - * Otherwise, return YES if the token fully matches the string. - */ - - if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */ - return (YES); - } else if (strcasecmp(tok, string) == 0) { /* try exact match */ - return (YES); - } - return (NO); -} diff --git a/appl/login/login_locl.h b/appl/login/login_locl.h deleted file mode 100644 index c0899f64d..000000000 --- a/appl/login/login_locl.h +++ /dev/null @@ -1,157 +0,0 @@ -/* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $Id$ */ - -#ifndef __LOGIN_LOCL_H__ -#define __LOGIN_LOCL_H__ - -#ifdef HAVE_CONFIG_H -#include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifdef HAVE_NETDB_H -#include -#endif -#ifdef HAVE_PATHS_H -#include -#endif -#ifdef HAVE_UTMP_H -#include -#endif -#ifdef HAVE_UTMPX_H -#include -#endif -#ifdef HAVE_UDB_H -#include -#endif -#ifdef HAVE_SYS_RESOURCE_H -#include -#endif -#ifdef HAVE_SYS_CATEGORY_H -#include -#endif -#ifdef HAVE_SYS_WAIT_H -#include -#endif -#ifdef HAVE_SHADOW_H -#include -#endif -#ifdef HAVE_NETGROUP_H -#include -#endif -#ifdef HAVE_RPCSVC_YPCLNT_H -#include -#endif -#ifdef KRB5 -#include -#endif -#ifndef NO_AFS -#include -#endif - -#ifdef OTP -#include -#endif - -#ifdef HAVE_OSFC2 -#define getargs OSFgetargs -#include "/usr/include/prot.h" -#undef getargs -#endif - -#ifndef _PATH_BSHELL -#define _PATH_BSHELL "/bin/sh" -#endif -#ifndef _PATH_TTY -#define _PATH_TTY "/dev/tty" -#endif -#ifndef _PATH_DEV -#define _PATH_DEV "/dev/" -#endif -#ifndef _PATH_WTMP -#ifdef WTMP_FILE -#define _PATH_WTMP WTMP_FILE -#else -#define _PATH_WTMP "/var/adm/wtmp" -#endif -#endif -#ifndef _PATH_UTMP -#ifdef UTMP_FILE -#define _PATH_UTMP UTMP_FILE -#else -#define _PATH_UTMP "/var/adm/utmp" -#endif -#endif - -/* if cygwin doesnt have WTMPX_FILE, it uses wtmp for wtmpx - * http://www.cygwin.com/ml/cygwin/2006-12/msg00630.html */ -#ifdef __CYGWIN__ -#ifndef WTMPX_FILE -#define WTMPX_FILE WTMP_FILE -#endif -#endif - -#ifndef _PATH_LOGACCESS -#define _PATH_LOGACCESS SYSCONFDIR "/login.access" -#endif /* _PATH_LOGACCESS */ - -#ifndef _PATH_LOGIN_CONF -#define _PATH_LOGIN_CONF SYSCONFDIR "/login.conf" -#endif /* _PATH_LOGIN_CONF */ - -#ifndef _PATH_DEFPATH -#define _PATH_DEFPATH "/usr/bin:/bin" -#endif - -#include "loginpaths.h" - -struct spwd; - -extern char **env; -extern int num_env; - -#include "login-protos.h" - -#endif /* __LOGIN_LOCL_H__ */ diff --git a/appl/login/loginpaths.h b/appl/login/loginpaths.h deleted file mode 100644 index 24ba2c036..000000000 --- a/appl/login/loginpaths.h +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $Id$ */ - -#ifndef __LOGIN_PATH_H -#define __LOGIN_PATH_H - -#ifndef _PATH_NOLOGIN -#define _PATH_NOLOGIN "/etc/nologin" -#endif - -#ifndef _PATH_ETC_ENVIRONMENT -#define _PATH_ETC_ENVIRONMENT SYSCONFDIR "/environment" -#endif - -#ifndef _PATH_LIMITS_CONF -#define _PATH_LIMITS_CONF "/etc/security/limits.conf" -#endif - - -#endif /* __LOGIN_PATH_H */ diff --git a/appl/login/osfc2.c b/appl/login/osfc2.c deleted file mode 100644 index d08b282e6..000000000 --- a/appl/login/osfc2.c +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Copyright (c) 1998 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "login_locl.h" -RCSID("$Id$"); - -int -do_osfc2_magic(uid_t uid) -{ -#ifdef HAVE_OSFC2 - struct es_passwd *epw; - char *argv[2]; - - /* fake */ - argv[0] = (char*)getprogname(); - argv[1] = NULL; - set_auth_parameters(1, argv); - - epw = getespwuid(uid); - if(epw == NULL) { - syslog(LOG_AUTHPRIV|LOG_NOTICE, - "getespwuid failed for %d", uid); - printf("Sorry.\n"); - return 1; - } - /* We don't check for auto-retired, foo-retired, - bar-retired, or any other kind of retired accounts - here; neither do we check for time-locked accounts, or - any other kind of serious C2 mumbo-jumbo. We do, - however, call setluid, since failing to do so is not - very good (take my word for it). */ - - if(!epw->uflg->fg_uid) { - syslog(LOG_AUTHPRIV|LOG_NOTICE, - "attempted login by %s (has no uid)", epw->ufld->fd_name); - printf("Sorry.\n"); - return 1; - } - setluid(epw->ufld->fd_uid); - if(getluid() != epw->ufld->fd_uid) { - syslog(LOG_AUTHPRIV|LOG_NOTICE, - "failed to set LUID for %s (%d)", - epw->ufld->fd_name, epw->ufld->fd_uid); - printf("Sorry.\n"); - return 1; - } -#endif /* HAVE_OSFC2 */ - return 0; -} diff --git a/appl/login/read_string.c b/appl/login/read_string.c deleted file mode 100644 index eb61621a3..000000000 --- a/appl/login/read_string.c +++ /dev/null @@ -1,137 +0,0 @@ -/* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "login_locl.h" - -RCSID("$Id$"); - -static sig_atomic_t intr_flag; - -static void -intr(int sig) -{ - intr_flag++; -} - -#ifndef NSIG -#define NSIG 47 -#endif - -int -read_string(const char *prompt, char *buf, size_t len, int echo) -{ - struct sigaction sigs[NSIG]; - int oksigs[NSIG]; - struct sigaction sa; - FILE *tty; - int ret = 0; - int of = 0; - int i; - int c; - char *p; - - struct termios t_new, t_old; - - memset(&oksigs, 0, sizeof(oksigs)); - - memset(&sa, 0, sizeof(sa)); - sa.sa_handler = intr; - sigemptyset(&sa.sa_mask); - sa.sa_flags = 0; - for(i = 1; i < sizeof(sigs) / sizeof(sigs[0]); i++) - if (i != SIGALRM) - if (sigaction(i, &sa, &sigs[i]) == 0) - oksigs[i] = 1; - - if((tty = fopen("/dev/tty", "r")) == NULL) - tty = stdin; - - fprintf(stderr, "%s", prompt); - fflush(stderr); - - if(echo == 0){ - tcgetattr(fileno(tty), &t_old); - memcpy(&t_new, &t_old, sizeof(t_new)); - t_new.c_lflag &= ~ECHO; - tcsetattr(fileno(tty), TCSANOW, &t_new); - } - intr_flag = 0; - p = buf; - while(intr_flag == 0){ - c = getc(tty); - if(c == EOF){ - if(!ferror(tty)) - ret = 1; - break; - } - if(c == '\n') - break; - if(of == 0) - *p++ = c; - of = (p == buf + len); - } - if(of) - p--; - *p = 0; - - if(echo == 0){ - printf("\n"); - tcsetattr(fileno(tty), TCSANOW, &t_old); - } - - if(tty != stdin) - fclose(tty); - - for(i = 1; i < sizeof(sigs) / sizeof(sigs[0]); i++) - if (oksigs[i]) - sigaction(i, &sigs[i], NULL); - - if(ret) - return -3; - if(intr_flag) - return -2; - if(of) - return -1; - return 0; -} - - -#if 0 -int main() -{ - char s[128]; - int ret; - ret = read_string("foo: ", s, sizeof(s), 0); - printf("%d ->%s<-\n", ret, s); -} -#endif diff --git a/appl/login/shadow.c b/appl/login/shadow.c deleted file mode 100644 index f8fb892ee..000000000 --- a/appl/login/shadow.c +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "login_locl.h" - -RCSID("$Id$"); - -#ifdef HAVE_SHADOW_H - -#ifndef _PATH_CHPASS -#define _PATH_CHPASS "/usr/bin/passwd" -#endif - -static int -change_passwd(const struct passwd *who) -{ - int status; - pid_t pid; - - switch (pid = fork()) { - case -1: - printf("fork /bin/passwd"); - exit(1); - case 0: - execlp(_PATH_CHPASS, "passwd", who->pw_name, (char *) 0); - exit(1); - default: - waitpid(pid, &status, 0); - return (status); - } -} - -void -check_shadow(const struct passwd *pw, const struct spwd *sp) -{ - long today; - - today = time(0)/(24L * 60 * 60); - - if (sp == NULL) - return; - - if (sp->sp_expire > 0) { - if (today >= sp->sp_expire) { - printf("Your account has expired.\n"); - sleep(1); - exit(0); - } else if (sp->sp_expire - today < 14) { - printf("Your account will expire in %d days.\n", - (int)(sp->sp_expire - today)); - } - } - - if (sp->sp_max > 0) { - if (today >= (sp->sp_lstchg + sp->sp_max)) { - printf("Your password has expired. Choose a new one.\n"); - change_passwd(pw); - } else if (sp->sp_warn > 0 - && (today > (sp->sp_lstchg + sp->sp_max - sp->sp_warn))) { - printf("Your password will expire in %d days.\n", - (int)(sp->sp_lstchg + sp->sp_max - today)); - } - } -} -#endif /* HAVE_SHADOW_H */ diff --git a/appl/login/stty_default.c b/appl/login/stty_default.c deleted file mode 100644 index 286903f99..000000000 --- a/appl/login/stty_default.c +++ /dev/null @@ -1,100 +0,0 @@ -/* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "login_locl.h" - -RCSID("$Id$"); - -#include - -/* HP-UX 9.0 termios doesn't define these */ -#ifndef FLUSHO -#define FLUSHO 0 -#endif - -#ifndef XTABS -#define XTABS 0 -#endif - -#ifndef OXTABS -#define OXTABS XTABS -#endif - -/* Ultrix... */ -#ifndef ECHOPRT -#define ECHOPRT 0 -#endif - -#ifndef ECHOCTL -#define ECHOCTL 0 -#endif - -#ifndef ECHOKE -#define ECHOKE 0 -#endif - -#ifndef IMAXBEL -#define IMAXBEL 0 -#endif - -#define Ctl(x) ((x) ^ 0100) - -void -stty_default(void) -{ - struct termios termios; - - /* - * Finalize the terminal settings. Some systems default to 8 bits, - * others to 7, so we should leave that alone. - */ - tcgetattr(0, &termios); - - termios.c_iflag |= (BRKINT|IGNPAR|ICRNL|IXON|IMAXBEL); - termios.c_iflag &= ~IXANY; - - termios.c_lflag |= (ISIG|IEXTEN|ICANON|ECHO|ECHOE|ECHOK|ECHOCTL|ECHOKE); - termios.c_lflag &= ~(ECHOPRT|TOSTOP|FLUSHO); - - termios.c_oflag |= (OPOST|ONLCR); - termios.c_oflag &= ~OXTABS; - - termios.c_cc[VINTR] = Ctl('C'); - termios.c_cc[VERASE] = Ctl('H'); - termios.c_cc[VKILL] = Ctl('U'); - termios.c_cc[VEOF] = Ctl('D'); - - termios.c_cc[VSUSP] = Ctl('Z'); - - tcsetattr(0, TCSANOW, &termios); -} diff --git a/appl/login/tty.c b/appl/login/tty.c deleted file mode 100644 index 91873ec4f..000000000 --- a/appl/login/tty.c +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "login_locl.h" - -RCSID("$Id$"); - -/* - * Clean the tty name. Return a pointer to the cleaned version. - */ - -char * -clean_ttyname (char *tty) -{ - char *res = tty; - - if (strncmp (res, _PATH_DEV, strlen(_PATH_DEV)) == 0) - res += strlen(_PATH_DEV); - if (strncmp (res, "pty/", 4) == 0) - res += 4; - if (strncmp (res, "ptym/", 5) == 0) - res += 5; - return res; -} - -/* - * Generate a name usable as an `ut_id', typically without `tty'. - */ - -char * -make_id (char *tty) -{ - char *res = tty; - - if (strncmp (res, "pts/", 4) == 0) - res += 4; - if (strncmp (res, "tty", 3) == 0) - res += 3; - return res; -} diff --git a/appl/login/utmp_login.c b/appl/login/utmp_login.c deleted file mode 100644 index da3d726da..000000000 --- a/appl/login/utmp_login.c +++ /dev/null @@ -1,166 +0,0 @@ -/* - * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "login_locl.h" - -RCSID("$Id$"); - -/* try to put something useful from hostname into dst, dst_sz: - * full name, first component or address */ - -void -shrink_hostname (const char *hostname, - char *dst, size_t dst_sz) -{ - char local_hostname[MaxHostNameLen]; - char *ld, *hd; - int ret; - struct addrinfo *ai; - - if (strlen(hostname) < dst_sz) { - strlcpy (dst, hostname, dst_sz); - return; - } - gethostname (local_hostname, sizeof(local_hostname)); - hd = strchr (hostname, '.'); - ld = strchr (local_hostname, '.'); - if (hd != NULL && ld != NULL && strcmp(hd, ld) == 0 - && hd - hostname < dst_sz) { - strlcpy (dst, hostname, dst_sz); - dst[hd - hostname] = '\0'; - return; - } - - ret = getaddrinfo (hostname, NULL, NULL, &ai); - if (ret) { - strncpy (dst, hostname, dst_sz); - return; - } - ret = getnameinfo (ai->ai_addr, ai->ai_addrlen, - dst, dst_sz, - NULL, 0, - NI_NUMERICHOST); - freeaddrinfo (ai); - if (ret) { - strncpy (dst, hostname, dst_sz); - return; - } -} - -/* update utmp and wtmp - the BSD way */ - -#if !defined(HAVE_UTMPX_H) || (defined(WTMP_FILE) && !defined(WTMPX_FILE)) - -void -prepare_utmp (struct utmp *utmp, char *tty, - const char *username, const char *hostname) -{ - char *ttyx = clean_ttyname (tty); - - memset(utmp, 0, sizeof(*utmp)); - utmp->ut_time = time(NULL); - strncpy(utmp->ut_line, ttyx, sizeof(utmp->ut_line)); - strncpy(utmp->ut_name, username, sizeof(utmp->ut_name)); - -# ifdef HAVE_STRUCT_UTMP_UT_USER - strncpy(utmp->ut_user, username, sizeof(utmp->ut_user)); -# endif - -# ifdef HAVE_STRUCT_UTMP_UT_ADDR - if (hostname[0]) { - struct hostent *he; - if ((he = gethostbyname(hostname))) - memcpy(&utmp->ut_addr, he->h_addr_list[0], - sizeof(utmp->ut_addr)); - } -# endif - -# ifdef HAVE_STRUCT_UTMP_UT_HOST - shrink_hostname (hostname, utmp->ut_host, sizeof(utmp->ut_host)); -# endif - -# ifdef HAVE_STRUCT_UTMP_UT_TYPE - utmp->ut_type = USER_PROCESS; -# endif - -# ifdef HAVE_STRUCT_UTMP_UT_PID - utmp->ut_pid = getpid(); -# endif - -# ifdef HAVE_STRUCT_UTMP_UT_ID - strncpy(utmp->ut_id, make_id(ttyx), sizeof(utmp->ut_id)); -# endif -} -#endif - -#ifdef HAVE_UTMPX_H -void utmp_login(char *tty, const char *username, const char *hostname) -{ - return; -} -#else - -void utmp_login(char *tty, const char *username, const char *hostname) -{ - struct utmp utmp; - int fd; - - prepare_utmp (&utmp, tty, username, hostname); - -#ifdef HAVE_SETUTENT - utmpname(_PATH_UTMP); - setutent(); - pututline(&utmp); - endutent(); -#else - -#ifdef HAVE_TTYSLOT - { - int ttyno; - ttyno = ttyslot(); - if (ttyno > 0 && (fd = open(_PATH_UTMP, O_WRONLY, 0)) >= 0) { - lseek(fd, (long)(ttyno * sizeof(struct utmp)), SEEK_SET); - write(fd, &utmp, sizeof(struct utmp)); - close(fd); - } - } -#endif /* HAVE_TTYSLOT */ -#endif /* HAVE_SETUTENT */ - - if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) { - write(fd, &utmp, sizeof(struct utmp)); - close(fd); - } -} - -#endif /* !HAVE_UTMPX_H */ diff --git a/appl/login/utmpx_login.c b/appl/login/utmpx_login.c deleted file mode 100644 index 8a3f88b60..000000000 --- a/appl/login/utmpx_login.c +++ /dev/null @@ -1,105 +0,0 @@ -/************************************************************************ -* Copyright 1995 by Wietse Venema. All rights reserved. Some individual -* files may be covered by other copyrights. -* -* This material was originally written and compiled by Wietse Venema at -* Eindhoven University of Technology, The Netherlands, in 1990, 1991, -* 1992, 1993, 1994 and 1995. -* -* Redistribution and use in source and binary forms, with or without -* modification, are permitted provided that this entire copyright notice -* is duplicated in all such copies. -* -* This software is provided "as is" and without any expressed or implied -* warranties, including, without limitation, the implied warranties of -* merchantibility and fitness for any particular purpose. -************************************************************************/ -/* Author: Wietse Venema */ - -#include "login_locl.h" - -RCSID("$Id$"); - -/* utmpx_login - update utmp and wtmp after login */ - -#ifndef HAVE_UTMPX_H -int utmpx_login(char *line, const char *user, const char *host) { return 0; } -#else - -static void -utmpx_update(struct utmpx *ut, char *line, const char *user, const char *host) -{ - struct timeval tmp; - char *clean_tty = clean_ttyname(line); - - strncpy(ut->ut_line, clean_tty, sizeof(ut->ut_line)); -#ifdef HAVE_STRUCT_UTMPX_UT_ID - strncpy(ut->ut_id, make_id(clean_tty), sizeof(ut->ut_id)); -#endif - strncpy(ut->ut_user, user, sizeof(ut->ut_user)); - shrink_hostname (host, ut->ut_host, sizeof(ut->ut_host)); -#ifdef HAVE_STRUCT_UTMPX_UT_SYSLEN - ut->ut_syslen = strlen(host) + 1; - if (ut->ut_syslen > sizeof(ut->ut_host)) - ut->ut_syslen = sizeof(ut->ut_host); -#endif - ut->ut_type = USER_PROCESS; - gettimeofday (&tmp, 0); - ut->ut_tv.tv_sec = tmp.tv_sec; - ut->ut_tv.tv_usec = tmp.tv_usec; - pututxline(ut); -#ifdef WTMPX_FILE - updwtmpx(WTMPX_FILE, ut); -#elif defined(WTMP_FILE) - { /* XXX should be removed, just drop wtmp support */ - struct utmp utmp; - int fd; - - prepare_utmp (&utmp, line, user, host); - if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) { - write(fd, &utmp, sizeof(struct utmp)); - close(fd); - } - } -#endif -} - -int -utmpx_login(char *line, const char *user, const char *host) -{ - struct utmpx *ut, save_ut; - pid_t mypid = getpid(); - int ret = (-1); - - /* - * SYSV4 ttymon and login use tty port names with the "/dev/" prefix - * stripped off. Rlogind and telnetd, on the other hand, make utmpx - * entries with device names like /dev/pts/nnn. We therefore cannot use - * getutxline(). Return nonzero if no utmp entry was found with our own - * process ID for a login or user process. - */ - - while ((ut = getutxent())) { - /* Try to find a reusable entry */ - if (ut->ut_pid == mypid - && ( ut->ut_type == INIT_PROCESS - || ut->ut_type == LOGIN_PROCESS - || ut->ut_type == USER_PROCESS)) { - save_ut = *ut; - utmpx_update(&save_ut, line, user, host); - ret = 0; - break; - } - } - if (ret == -1) { - /* Grow utmpx file by one record. */ - struct utmpx newut; - memset(&newut, 0, sizeof(newut)); - newut.ut_pid = mypid; - utmpx_update(&newut, line, user, host); - ret = 0; - } - endutxent(); - return (ret); -} -#endif /* HAVE_UTMPX_H */ diff --git a/cf/pthreads.m4 b/cf/pthreads.m4 index be5317b8e..4d8439585 100644 --- a/cf/pthreads.m4 +++ b/cf/pthreads.m4 @@ -63,6 +63,17 @@ case "$host" in *-*-aix*) dnl AIX is disabled since we don't handle the utmp/utmpx dnl problems that aix causes when compiling with pthread support + dnl (2016-11-14, we longer use utmp). Original logic was: + dnl if test "$GCC" = yes; then + dnl native_pthread_support=yes + dnl PTHREADS_LIBS="-pthread" + dnl elif expr "$CC" : ".*_r" > /dev/null ; then + dnl native_pthread_support=yes + dnl PTHREADS_CFLAGS="" + dnl PTHREADS_LIBS="" + dnl else + dnl native_pthread_support=no + dnl fi native_pthread_support=no ;; mips-sgi-irix6.[[5-9]]) # maybe works for earlier versions too diff --git a/configure.ac b/configure.ac index e48603d29..aeb07b7b7 100644 --- a/configure.ac +++ b/configure.ac @@ -387,8 +387,6 @@ AC_CHECK_HEADERS([\ tmpdir.h \ udb.h \ util.h \ - utmp.h \ - utmpx.h \ ]) dnl On Solaris 8 there's a compilation warning for term.h because @@ -549,26 +547,6 @@ AC_CHECK_FUNCS(getudbnam setlim) dnl AC_KRB_FUNC_GETCWD_BROKEN -dnl -dnl Check for fields in struct utmp -dnl - -AC_HAVE_STRUCT_FIELD(struct utmp, ut_addr, [#include ]) -AC_HAVE_STRUCT_FIELD(struct utmp, ut_host, [#include ]) -AC_HAVE_STRUCT_FIELD(struct utmp, ut_id, [#include ]) -AC_HAVE_STRUCT_FIELD(struct utmp, ut_pid, [#include ]) -AC_HAVE_STRUCT_FIELD(struct utmp, ut_type, [#include ]) -AC_HAVE_STRUCT_FIELD(struct utmp, ut_user, [#include ]) -AC_HAVE_STRUCT_FIELD(struct utmpx, ut_host, [#include ]) -AC_HAVE_STRUCT_FIELD(struct utmpx, ut_id, [#include ]) -AC_HAVE_STRUCT_FIELD(struct utmpx, ut_line, [#include ]) -AC_HAVE_STRUCT_FIELD(struct utmpx, ut_pid, [#include ]) -AC_HAVE_STRUCT_FIELD(struct utmpx, ut_tv, [#include ]) -AC_HAVE_STRUCT_FIELD(struct utmpx, ut_type, [#include ]) -AC_HAVE_STRUCT_FIELD(struct utmpx, ut_user, [#include ]) -AC_HAVE_STRUCT_FIELD(struct utmpx, ut_exit, [#include ]) -AC_HAVE_STRUCT_FIELD(struct utmpx, ut_syslen, [#include ]) - AC_CHECK_TYPES([int8_t, int16_t, int32_t, int64_t, u_int8_t, u_int16_t, u_int32_t, u_int64_t, uint8_t, uint16_t, uint32_t, uint64_t],,,[ @@ -655,7 +633,6 @@ AC_CONFIG_FILES(Makefile \ appl/afsutil/Makefile \ appl/dbutils/Makefile \ appl/gssmask/Makefile \ - appl/login/Makefile \ appl/otp/Makefile \ appl/push/Makefile \ appl/su/Makefile \ diff --git a/include/config.h.w32 b/include/config.h.w32 index 6d3a11181..48f9f5f56 100644 --- a/include/config.h.w32 +++ b/include/config.h.w32 @@ -918,30 +918,6 @@ static const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define if struct tm has field tm_zone. */ /* #undef HAVE_STRUCT_TM_TM_ZONE */ -/* Define if struct utmpx has field ut_exit. */ -/* #undef HAVE_STRUCT_UTMPX_UT_EXIT */ - -/* Define if struct utmpx has field ut_syslen. */ -/* #undef HAVE_STRUCT_UTMPX_UT_SYSLEN */ - -/* Define if struct utmp has field ut_addr. */ -/* #define HAVE_STRUCT_UTMP_UT_ADDR 1 */ - -/* Define if struct utmp has field ut_host. */ -/* #define HAVE_STRUCT_UTMP_UT_HOST 1 */ - -/* Define if struct utmp has field ut_id. */ -/* #define HAVE_STRUCT_UTMP_UT_ID 1 */ - -/* Define if struct utmp has field ut_pid. */ -/* #define HAVE_STRUCT_UTMP_UT_PID 1 */ - -/* Define if struct utmp has field ut_type. */ -/* #define HAVE_STRUCT_UTMP_UT_TYPE 1 */ - -/* Define if struct utmp has field ut_user. */ -/* #define HAVE_STRUCT_UTMP_UT_USER 1 */ - /* define if struct winsize is declared in sys/termios.h */ /* #define HAVE_STRUCT_WINSIZE 1 */ @@ -1163,12 +1139,6 @@ static const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to 1 if you have the header file. */ /* #undef HAVE_UTIL_H */ -/* Define to 1 if you have the header file. */ -/* #define HAVE_UTMPX_H 1 */ - -/* Define to 1 if you have the header file. */ -/* #define HAVE_UTMP_H 1 */ - /* Define to 1 if the system has the type `u_int16_t'. */ /* #define HAVE_U_INT16_T 1 */