oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Goodbye login

Browse Source
This commit is contained in:
Viktor Dukhovni
2016-11-14 02:59:12 -05:00
parent 63d2935c4f
commit b77e701a22
24 changed files with 11 additions and 3154 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
appl/Makefile.am
View File

@@ -14,7 +14,6 @@ endif
SUBDIRS = \
$(dir_afsutil) \
dbutils \
login \
$(dir_otp) \
gssmask \
push \

366
appl/login/ChangeLog
View File

@@ -1,366 +0,0 @@
2008-04-15 Love Hörnquist Åstrand <lha@it.su.se>
* utmp_login.c: Reorder to avoid prototype.
* login_locl.h: If cygwin doesnt have WTMPX_FILE, it uses wtmp for
wtmpx http://www.cygwin.com/ml/cygwin/2006-12/msg00630.html
2008-04-10 Love Hörnquist Åstrand <lha@it.su.se>
* utmp_login.c: Remove utmp warning on mac os x
2006-12-05 Love Hörnquist Åstrand <lha@it.su.se>
* limits_conf.c: Clear errno before calling the strtol
functions. From Paul Stoeber to OpenBSD by Ray Lai and Björn
Sandell.
* limits_conf.c: Report to syslog strings that start with NUL;
prevents negative index array access. Ray Lai of OpenBSD via Björn
Sandell.
2006-10-07 Love Hörnquist Åstrand <lha@it.su.se>
* Makefile.am: Add man_MANS to EXTRA_DIST
2006-09-22 Love Hörnquist Åstrand <lha@it.su.se>
* read_string.c: try to not call signaction for signal 0 and use
NSIG if it exists to determin how many signals there exists, also,
only restore those signalhandlers that we got out.
2006-04-27 Love Hörnquist Åstrand <lha@it.su.se>
* login_locl.h: Include "loginpaths.h"
* loginpaths.h: Shared paths between login and rshd.
2006-01-09 Johan Danielsson <joda@blubb.pdc.kth.se>
* login.c: log successful logins
2005-08-08 Love Hörnquist Åstrand <lha@it.su.se>
* login.c (do_login): only do krb4_get_afs_tokens if we have done
v4 authentication or done a 5to4 conversion of tickets. This is to
avoid delays on a realm that only support Kerberos 5 and drop
Kerberos 4 requests.
2005-05-10 Dave Love <fx@gnu.org>
* login.c: Include <crypt.h>.
2005-05-02 Dave Love <fx@gnu.org>
* limits_conf.c: Check RLIMIT_MEMLOCK, not RLIMIT_LOCK.
2005-04-28 Dave Love <fx@gnu.org>
* limits_conf.c: Maybe include sys/resource.h. Use various
RLIMIT_ macros conditionally. For Solaris, Irix and Tru64.
2005-04-22 Johan Danielsson <joda@pdc.kth.se>
* login.1: document limits.conf
* Makefile.am: limits_conf.c
* login_locl.h: template for limits.conf
* login.c: read limits.conf (from /etc/security by default,
overridable in login.conf)
* limits_conf.c: implement a parser for limits.conf
2004-09-08 Johan Danielsson <joda@pdc.kth.se>
* login.c: use krb5_appdefault_boolean instead of
krb5_config_get_bool
2003-09-03 Love Hörnquist Åstrand <lha@it.su.se>
* login.c (krb5_to4): set client princ of the mcred
2003-07-07 Love Hörnquist Åstrand <lha@it.su.se>
* login.c (krb5_to4): use krb5_cc_clear_mcred
2003-03-24 Johan Danielsson <joda@pdc.kth.se>
* Makefile.am: install man pages
* login.1: manpage for login
* login.c: allow "welcome" as well as "motd" in login.conf
* login.access.5: login.access manual page
2003-03-18 Love Hörnquist Åstrand <lha@it.su.se>
* login.c: also need pag_set
* login.c: if there is kerberos 5, call krb5_afslog\*
2002-08-23 Johan Danielsson <joda@pdc.kth.se>
* login.c: if motd is set in login.conf, output its contents
before starting the shell
2002-02-27 Johan Danielsson <joda@pdc.kth.se>
* login.c: reset signals to default, needed on solaris 8
2002-02-19 Johan Danielsson <joda@pdc.kth.se>
* login_locl.h: include netgroup.h and rpcsvc/ypclnt.h
* login.c: make this build without krb5
2001-09-22 Assar Westerlund <assar@sics.se>
* login_locl.h: kludge: use absolute path to find prot.h so we do
not get confused by athena's prot.h
2001-09-17 Assar Westerlund <assar@sics.se>
* login.c (do_login): add setpcred
2001-07-06 Assar Westerlund <assar@sics.se>
* login.c: move osf2c magic earlier. from Mark Davies
<mark@MCS.VUW.AC.NZ>
2001-06-19 Assar Westerlund <assar@sics.se>
* login.c (krb5_to4): dereference result from krb5_princ_realm.
noted by Thomas Nystrom <thn@saeab.se>
2001-06-04 Assar Westerlund <assar@sics.se>
* update copyright messages on Wietse Venema's code.
2001-05-31 Assar Westerlund <assar@sics.se>
* login.c (krb5_to4): look for [realms]<realm>krb4_get_tickets to
decide whether to get kerberos 4 tickets
2001-02-08 Assar Westerlund <assar@sics.se>
* utmp_login.c, utmpx_login.c: try to write a useful string as
host in utmp, using the same algoritm as telnetd
2001-01-29 Assar Westerlund <assar@sics.se>
* login.c: remove some krb5_free_context that might happen at
unappropriate times
2000-12-31 Assar Westerlund <assar@sics.se>
* login.c (main): handle krb5_init_context failure consistently
2000-12-11 Assar Westerlund <assar@sics.se>
* login.c (do_login): set the group on the tty.
(r_flag): comment out
* login.c (krb5_to4): always return a value
2000-10-15 Assar Westerlund <assar@sics.se>
* login.c (krb5_to4): check another return code
2000-08-22 Johan Danielsson <joda@pdc.kth.se>
* login.c (do_login): set PATH to something sane;
(start_logout_process): avoid getting signals sent to the parent
* login_locl.h: _PATH_DEFPATH
2000-07-01 Assar Westerlund <assar@sics.se>
* login.c (login_timeout): add back
2000-06-28 Johan Danielsson <joda@pdc.kth.se>
* env.c: new file for environment related functions
* login.c: move environment stuff to separate file, allow
specifying list of environment files via login.conf
2000-06-21 Assar Westerlund <assar@sics.se>
* Makefile.am (LDADD): add otp
* login.c: add reading of /etc/environment. From Ake Sandgren
<ake@cs.umu.se>
add otp support. From Daniel Kouril <kouril@ics.muni.cz>
2000-06-09 Assar Westerlund <assar@sics.se>
* login.c (do_login): work-around for setuid and capabilities bug
fixed in Linux 2.2.16
2000-04-09 Assar Westerlund <assar@sics.se>
* login.c: allow conversion of v5 -> v4 tickets when logging in
with forwarded tickets
1999-11-09 Johan Danielsson <joda@pdc.kth.se>
* conf.c: remove case for not having cgetent, since it's in roken
1999-11-05 Assar Westerlund <assar@sics.se>
* login.c (do_login): conditionalize shadow stuff on getspnam
1999-10-30 Assar Westerlund <assar@sics.se>
* Makefile.am (login_DEPENDENCIES): remove, it's not entirely
correct and was causing problems with non-GNU make
1999-10-28 Assar Westerlund <assar@sics.se>
* login.c (start_logout_proceess): don't examine `prog' before
setting it.
1999-10-27 Assar Westerlund <assar@sics.se>
* login.c (do_login): chown and chmod the tty. some clean-up.
1999-10-03 Assar Westerlund <assar@sics.se>
* login.c (krb5_start_session): correct the ccache to
krb524_convert_creds_kdc
1999-09-28 Assar Westerlund <assar@sics.se>
* login.c (krb5_verify): use krb5_verify_user_lrealm
1999-09-01 Johan Danielsson <joda@pdc.kth.se>
* login.c: SGI capability mumbo-jumbo
1999-08-09 Johan Danielsson <joda@pdc.kth.se>
* login.c (start_logout_process): call setproctitle
* login_locl.h: declare struct spwd
* login.c: add support for starting extra processes at login and
logout; always preserve TERM and TZ
* conf.c: add configuration file support
1999-08-07 Assar Westerlund <assar@sics.se>
* shadow.c (check_shadow): check for a NULL sp
1999-08-05 Assar Westerlund <assar@sics.se>
* login.c (main): move down login incorrect to disallow account
guessing
1999-08-04 Assar Westerlund <assar@sics.se>
* utmpx_login.c (utmpx_login): fix for Solaris. From Miroslav
Ruda <ruda@ics.muni.cz>
* login_locl.h: add <shadow.h> and some prototypes
* login.c: fixes with v4 and shadow support. From Miroslav Ruda
<ruda@ics.muni.cz>
* shadow.c: new file with functions for handling shadow passwords
* Makefile.am: add shadow
1999-07-22 Assar Westerlund <assar@sics.se>
* login.c (main): generate a better tty name
1999-05-25 Johan Danielsson <joda@pdc.kth.se>
* login.c (do_login): set $SHELL
1999-05-18 Assar Westerlund <assar@sics.se>
* add login-access
1999-05-11 Assar Westerlund <assar@sics.se>
* login.c: copy the v5 ccache to a file after having done setuid
1999-05-09 Assar Westerlund <assar@sics.se>
* login.c (krb5_verify): check seteuid for errors
Mon Apr 19 22:30:55 1999 Assar Westerlund <assar@sics.se>
* login.c: conditionalize the kafs calls on KRB4
* Makefile.am (LDADD): add kafs
* login.c: add support for getting afs tokens with v4 and v5
Sun Apr 18 14:12:28 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* login.c: check _PATH_NOLOGIN
* login_locl.h: _PATH_NOLOGIN
1999-04-11 Assar Westerlund <assar@sics.se>
* login.c (main): use print_version
Thu Apr 8 15:03:55 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* login.c: remove definition of KRB_VERIFY_USER et.al. (moved to
config.h)
* login_locl.h: include udb.h, sys/resource.h, and sys/category.h
Sat Mar 27 17:58:37 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* Makefile.am: osfc2.c
* login.c: magic for OSF C2, and Crays
* login_locl.h: do_osfc2_magic proto
* osfc2.c: bsd_locl -> login_locl
* osfc2.c: OSF C2 magic
Tue Mar 23 14:17:40 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* login_locl.h: _PATH_UTMP
Sun Mar 21 15:02:31 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
* login.c: `-h' is host, not help
Sat Mar 20 00:11:13 1999 Assar Westerlund <assar@sics.se>
* login_locl.h: krb.h: add
* login.c: static-size
(krb4_verify): add
Thu Mar 18 11:36:10 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* Makefile.am: include Makefile.am.common
Thu Mar 11 17:53:36 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* utmpx_login.c: add some consts
* utmp_login.c: add some consts
* login.c: staticize
* login_locl.h: add prototypes, and defaults for
_PATH_*
Mon Mar 1 10:49:14 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* utmpx_login.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_*
* utmp_login.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_*

41
appl/login/Makefile.am
View File

@@ -1,41 +0,0 @@
# $Id$
include $(top_srcdir)/Makefile.am.common
man_MANS = login.1 login.access.5
bin_PROGRAMS = login
login_SOURCES = \
conf.c \
env.c \
login.c \
login_access.c \
login_locl.h \
loginpaths.h \
limits_conf.c \
osfc2.c \
read_string.c \
shadow.c \
stty_default.c \
tty.c \
utmp_login.c \
utmpx_login.c
noinst_HEADERS = $(srcdir)/login-protos.h
LDADD = $(LIB_otp) \
$(LIB_kafs) \
$(top_builddir)/lib/krb5/libkrb5.la \
$(LIB_hcrypto) \
$(top_builddir)/lib/asn1/libasn1.la \
$(LIB_roken) \
$(LIB_security) \
$(DB3LIB) $(DB1LIB) $(LMDBLIB) $(NDBMLIB)
$(srcdir)/login-protos.h: $(login_SOURCES)
cd $(srcdir); perl ../../cf/make-proto.pl -o login-protos.h -q -P comment $(login_SOURCES) || rm -f login-protos.h
$(login_OBJECTS): $(srcdir)/login-protos.h
EXTRA_DIST = NTMakefile $(man_MANS)

35
appl/login/NTMakefile
View File

@@ -1,35 +0,0 @@
########################################################################
#
# Copyright (c) 2009, Secure Endpoints Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
#
# - Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# - Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#
RELDIR=appl\login
!include ../../windows/NTMakefile.w32

55
appl/login/conf.c
View File

@@ -1,55 +0,0 @@
/*
* Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of KTH nor the names of its contributors may be
* used to endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
#include "login_locl.h"
RCSID("$Id$");
static char *confbuf;
static int
login_conf_init(void)
{
char *files[] = { _PATH_LOGIN_CONF, NULL };
return cgetent(&confbuf, (void *)files, "default");
}
char *
login_conf_get_string(const char *str)
{
char *value;
if(login_conf_init() != 0)
return NULL;
if(cgetstr(confbuf, (char *)str, &value) < 0)
return NULL;
return value;
}

106
appl/login/env.c
View File

@@ -1,106 +0,0 @@
/*
* Copyright (c) 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "login_locl.h"
RCSID("$Id$");
/*
* the environment we will send to execle and the shell.
*/
char **env;
int num_env;
void
extend_env(char *str)
{
env = realloc(env, (num_env + 1) * sizeof(*env));
if(env == NULL)
errx(1, "Out of memory!");
env[num_env++] = str;
}
void
add_env(const char *var, const char *value)
{
int aret;
int i;
char *str;
aret = asprintf(&str, "%s=%s", var, value);
if(aret == -1)
errx(1, "Out of memory!");
for(i = 0; i < num_env; i++)
if(strncmp(env[i], var, strlen(var)) == 0 &&
env[i][strlen(var)] == '='){
free(env[i]);
env[i] = str;
return;
}
extend_env(str);
}
#if !HAVE_DECL_ENVIRON
extern char **environ;
#endif
void
copy_env(void)
{
char **p;
for(p = environ; *p; p++)
extend_env(*p);
}
void
login_read_env(const char *file)
{
char **newenv;
char *p;
int i, j;
newenv = NULL;
i = read_environment(file, &newenv);
for (j = 0; j < i; j++) {
p = strchr(newenv[j], '=');
if (p == NULL)
errx(1, "%s: missing = in string %s",
file, newenv[j]);
*p++ = 0;
add_env(newenv[j], p);
*--p = '=';
free(newenv[j]);
}
free(newenv);
}

214
appl/login/limits_conf.c
View File

@@ -1,214 +0,0 @@
/*
* Copyright (c) 2005 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "login_locl.h"
RCSID("$Id$");
#include <errno.h>
#include <limits.h>
#ifdef HAVE_SYS_RESOURCE_H
#include <sys/resource.h>
#endif
struct limit {
const char *name;
int resource;
int scale;
int has_limit;
struct rlimit limit;
} limits[] = {
#define LIM(X, S) { #X, RLIMIT_##X, S, 0, {0, 0} }
LIM(CORE, 1024),
LIM(CPU, 60),
LIM(DATA, 1024),
LIM(FSIZE, 1024),
#ifdef RLIMIT_MEMLOCK
LIM(MEMLOCK, 1024),
#endif
LIM(NOFILE, 1),
#ifdef RLIMIT_NPROC
LIM(NPROC, 1),
#endif
#ifdef RLIMIT_RSS
LIM(RSS, 1024),
#endif
LIM(STACK, 1024),
#ifdef RLIMIT_AS
LIM(AS, 1024),
#endif
#ifdef RLIMIT_LOCKS
LIM(LOCKS, 1),
#endif
/*
maxlogins
priority
*/
{ NULL, 0, 0, 0, {0, 0} }
};
static struct limit *
find_limit(const char *name)
{
struct limit *l;
for(l = limits; l->name != NULL; l++)
if(strcasecmp(name, l->name) == 0)
return l;
return NULL;
}
/* this function reads limits.conf files similar to pam_limits
unimplemented features include:
% maxlogins
"-" no limits,
priorities etc that are not set via setrlimit
XXX uses static storage, and clobbers getgr*
*/
int
read_limits_conf(const char *file, const struct passwd *pwd)
{
FILE *f;
char *args[4];
int lineno = 0;
char buf[1024];
struct limit *l;
rlim_t value;
f = fopen(file, "r");
if(f == NULL) {
if(errno != ENOENT && errno != ENOTDIR)
syslog(LOG_ERR, "%s: %m", file);
return -1;
}
while(fgets(buf, sizeof(buf), f) != NULL) {
char *last = NULL;
char *end = NULL;
int level;
lineno++;
if(buf[0] == '\0') {
syslog(LOG_ERR, "%s: line %d: NUL character", file, lineno);
continue;
}
if(buf[strlen(buf) - 1] != '\n') {
/* file did not end with a newline, figure out if we're at
the EOF, or if our buffer was too small */
int eof = 1;
int c;
while((c = fgetc(f)) != EOF) {
eof = 0;
if(c == '\n')
break;
}
if(!eof) {
syslog(LOG_ERR, "%s: line %d: line too long", file, lineno);
continue;
}
}
buf[strcspn(buf, "#\r\n")] = '\0';
if((args[0] = strtok_r(buf, " \t", &last)) == NULL ||
(args[1] = strtok_r(NULL, " \t", &last)) == NULL ||
(args[2] = strtok_r(NULL, " \t", &last)) == NULL ||
(args[3] = strtok_r(NULL, " \t", &last)) == NULL) {
if(args[0] != NULL) /* this would include comment lines */
syslog(LOG_ERR, "%s: line %d: malformed line", file, lineno);
continue;
}
l = find_limit(args[2]);
if(l == NULL) {
syslog(LOG_ERR, "%s: line %d: unknown limit %s", file, lineno, args[2]);
continue;
}
if(strcmp(args[3], "-") == 0) {
value = RLIM_INFINITY;
} else {
errno = 0;
value = strtol(args[3], &end, 10);
if(*end != '\0') {
syslog(LOG_ERR, "%s: line %d: bad value %s", file, lineno, args[3]);
continue;
}
if((value == LONG_MIN || value == LONG_MAX) && errno == ERANGE) {
syslog(LOG_ERR, "%s: line %d: bad value %s", file, lineno, args[3]);
continue;
}
if(value * l->scale < value)
value = RLIM_INFINITY;
else
value *= l->scale;
}
level = 0;
/* XXX unclear: if you set group hard and user soft limit,
should the hard limit still apply? this code doesn't. */
if(strcmp(args[0], pwd->pw_name) == 0)
level = 3;
if(*args[0] == '@') {
struct group *gr;
gr = getgrnam(args[0] + 1);
if(gr != NULL && gr->gr_gid == pwd->pw_gid)
level = 2;
}
if(strcmp(args[0], "*") == 0)
level = 1;
if(level == 0 || level < l->has_limit) /* not for us */
continue;
if(l->has_limit < level) {
if(getrlimit(l->resource, &l->limit) < 0)
continue;
l->has_limit = level;
}
/* XXX unclear: if you soft to more than default hard, should
we set hard to soft? this code doesn't. */
if(strcasecmp(args[1], "soft") == 0 || strcmp(args[1], "-") == 0)
l->limit.rlim_cur = value;
if(strcasecmp(args[1], "hard") == 0 || strcmp(args[1], "-") == 0)
l->limit.rlim_max = value;
}
fclose(f);
for(l = limits; l->name != NULL; l++) {
if(l->has_limit) {
if(l->limit.rlim_cur > l->limit.rlim_max)
l->limit.rlim_cur = l->limit.rlim_max;
if(setrlimit(l->resource, &l->limit) != 0)
syslog(LOG_ERR, "setrlimit RLIM_%s failed: %m", l->name);
}
l->has_limit = 0;
}
return 0;
}

248
appl/login/login.1
View File

@@ -1,248 +0,0 @@
.\" $Id$
.\"
.Dd April 22, 2005
.Dt LOGIN 1
.Os HEIMDAL
.Sh NAME
.Nm login
.Nd authenticate a user and start new session
.Sh SYNOPSIS
.Nm
.Op Fl fp
.Op Fl a Ar level
.Op Fl h Ar hostname
.Ar [username]
.Sh DESCRIPTION
This manual page documents the
.Nm login
program distributed with the Heimdal Kerberos 5 implementation, it may
differ in important ways from your system version.
.Pp
The
.Nm login
programs logs users into the system. It is intended to be run by
system daemons like
.Xr getty 8
or
.Xr telnetd 8 .
If you are already logged in, but want to change to another user, you
should use
.Xr su 1 .
.Pp
A username can be given on the command line, else one will be prompted
for.
.Pp
A password is required to login, unless the
.Fl f
option is given (indicating that the calling program has already done
proper authentication). With
.Fl f
the user will be logged in without further questions.
.Pp
For password authentication Kerberos 5, OTP (if compiled in) and local
.No ( Pa /etc/passwd )
passwords are supported. OTP will be used if the the user is
registered to use it, and
.Nm login
is given the option
.Fl a Li otp .
When using OTP, a challenge is shown to the user.
.Pp
Further options are:
.Bl -tag -width Ds
.It Fl a Ar string
Which authentication mode to use, the only supported value is
currently
.Dq otp .
.It Fl f
Indicates that the user is already authenticated. This happens, for
instance, when login is started by telnetd, and the user has proved
authentic via Kerberos.
.It Fl h Ar hostname
Indicates which host the user is logging in from. This is passed from
telnetd, and is entered into the login database.
.It Fl p
This tells
.Nm login
to preserve all environment variables. If not given, only the
.Dv TERM
and
.Dv TZ
variables are preserved. It could be a security risk to pass random
variables to
.Nm login
or the user shell, so the calling daemon should make sure it only
passes
.Dq safe
variables.
.El
.Pp
The process of logging user in proceeds as follows.
.Pp
First a check is made that logins are allowed at all. This usually
means checking
.Pa /etc/nologin .
If it exists, and the user trying to login is not root, the contents
is printed, and then login exits.
.Pp
Then various system parameters are set up, like changing the owner of
the tty to the user, setting up signals, setting the group list, and
user and group id. Also various machine specific tasks are performed.
.Pp
Next
.Nm login
changes to the users home directory, or if that fails, to
.Pa / .
The environment is setup, by adding some required variables (such as
.Dv PATH ) ,
and also authentication related ones (such as
.Dv KRB5CCNAME ) .
If an environment file exists
.No ( Pa /etc/environment ) ,
variables are set according to
it.
.Pp
If one or more login message files are configured, their contents is
printed to the terminal.
.Pp
If a login time command is configured, it is executed. A logout time
command can also be configured, which makes
.Nm login
fork, and wait for the user shell to exit, and then run the command.
This can be used to clean up user credentials.
.Pp
Finally, the user's shell is executed. If the user logging in is root,
and root's login shell does not exist, a default shell (usually
.Pa /bin/sh )
is also tried before giving up.
.Sh ENVIRONMENT
These environment variables are set by login (not including ones set by
.Pa /etc/environment ) :
.Pp
.Bl -tag -compact -width USERXXLOGNAME
.It Dv PATH
the default system path
.It Dv HOME
the user's home directory (or possibly
.Pa / )
.It Dv USER , Dv LOGNAME
both set to the username
.It Dv SHELL
the user's shell
.It Dv TERM , Dv TZ
set to whatever is passed to
.Nm login
.It Dv KRB5CCNAME
if the password is verified via Kerberos 5, this will point to the
credentials cache file
.El
.Sh FILES
.Bl -tag -compact -width Ds
.It Pa /etc/environment
Contains a set of environment variables that should be set in addition
to the ones above. It should contain sh-style assignments like
.Dq VARIABLE=value .
Note that they are not parsed the way a shell would. No variable
expansion is performed, and all strings are literal, and quotation
marks should not be used. Everything after a hash mark is considered a
comment. The following are all different (the last will set the
variable
.Dv BAR ,
not
.Dv FOO ) .
.Bd -literal -offset indent
FOO=this is a string
FOO="this is a string"
BAR= FOO='this is a string'
.Ed
.It Pa /etc/login.access
See
.Xr login.access 5 .
.It Pa /etc/login.conf
This is a termcap style configuration file, that contains various
settings used by
.Nm login .
Currently only the
.Dq default
capability record is used. The possible capability strings include:
.Pp
.Bl -tag -compact -width Ds
.It Li environment
This is a comma separated list of environment files that are read in
the order specified. If this is missing the default
.Pa /etc/environment
is used.
.It Li login_program
This program will be executed just before the user's shell is started.
It will be called without arguments.
.It Li logout_program
This program will be executed just after the user's shell has
terminated. It will be called without arguments. This program will be
the parent process of the spawned shell.
.It Li motd
A comma separated list of text files that will be printed to the
user's terminal before starting the shell. The string
.Li welcome
works similarly, but points to a single file.
.It Li limits
Points to a file containing ulimit settings for various users. Syntax
is inspired by what pam_limits uses, and the default is
.Pa /etc/security/limits.conf .
.El
.It Pa /etc/nologin
If it exists, login is denied to all but root. The contents of this
file is printed before login exits.
.El
.Pp
Other
.Nm login
programs typically print all sorts of information by default, such as
last time you logged in, if you have mail, and system message files.
This version of
.Nm login
does not, so there is no reason for
.Pa .hushlogin
files or similar. We feel that these tasks are best left to the user's
shell, but the
.Li login_program
facility allows for a shell independent solution, if that is desired.
.Sh EXAMPLES
A
.Pa login.conf
file could look like:
.Bd -literal -offset indent
default:\\
:motd=/etc/motd,/etc/motd.local:\\
:limits=/etc/limits.conf:
.Ed
.Pp
The
.Pa limits.conf
file consists of a table with four whitespace separated fields. First
field is a username or a groupname (prefixed with
.Sq @ ) ,
or
.Sq * .
Second field is
.Sq soft ,
.Sq hard ,
or
.Sq -
(the last meaning both soft and hard).
Third field is a limit name (such as
.Sq cpu
or
.Sq core ) .
Last field is the limit value (a number or
.Sq -
for unlimited). In the case of data sizes, the value is in kilobytes,
and cputime is in minutes.
.Sh SEE ALSO
.Xr su 1 ,
.Xr login.access 5 ,
.Xr getty 8 ,
.Xr telnetd 8
.Sh AUTHORS
This login program was written for the Heimdal Kerberos 5
implementation. The login.access code was written by Wietse Venema.
.\".Sh BUGS

55
appl/login/login.access.5
View File

@@ -1,55 +0,0 @@
.\" $Id$
.\"
.Dd March 21, 2003
.Dt LOGIN.ACCESS 5
.Os HEIMDAL
.Sh NAME
.Nm login.access
.Nd login access control table
.Sh DESCRIPTION
The
.Nm login.access
file specifies on which ttys or from which hosts certain users are
allowed to login.
.Pp
At login, the
.Pa /etc/login.access
file is checked for the first entry that matches a specific user/host
or user/tty combination. That entry can either allow or deny login
access to that user.
.Pp
Each entry have three fields separated by colon:
.Bl -bullet
.It
The first field indicates the permission given if the entry matches.
It can be either
.Dq +
(allow access)
or
.Dq -
(deny access) .
.It
The second field is a comma separated list of users or groups for
which the current entry applies. NIS netgroups can used (if
configured) if preceded by @. The magic string ALL matches all users.
A group will match if the user is a member of that group, or it is the
user's primary group.
.It
The third field is a list of ttys, or network names. A network name
can be either a hostname, a domain (indicated by a starting period),
or a netgroup. As with the user list, ALL matches anything. LOCAL
matches a string not containing a period.
.El
.Pp
If the string EXCEPT is found in either the user or from list, the
rest of the list are exceptions to the list before EXCEPT.
.Sh BUGS
If there's a user and a group with the same name, there is no way to
make the group match if the user also matches.
.Sh SEE ALSO
.Xr login 1
.Sh AUTHORS
The
.Fn login_access
function was written by
Wietse Venema. This manual page was written for Heimdal.

734
appl/login/login.c
View File

@@ -1,734 +0,0 @@
/*
* Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "login_locl.h"
#ifdef HAVE_CAPABILITY_H
#include <capability.h>
#endif
#ifdef HAVE_SYS_CAPABILITY_H
#include <sys/capability.h>
#endif
#ifdef HAVE_CRYPT_H
#include <crypt.h>
#endif
RCSID("$Id$");
static int login_timeout = 60;
static int
start_login_process(void)
{
char *prog, *argv0;
prog = login_conf_get_string("login_program");
if(prog == NULL)
return 0;
argv0 = strrchr(prog, '/');
if(argv0)
argv0++;
else
argv0 = prog;
return simple_execle(prog, argv0, NULL, env);
}
static int
start_logout_process(void)
{
char *prog, *argv0;
pid_t pid;
prog = login_conf_get_string("logout_program");
if(prog == NULL)
return 0;
argv0 = strrchr(prog, '/');
if(argv0)
argv0++;
else
argv0 = prog;
pid = fork();
if(pid == 0) {
/* avoid getting signals sent to the shell */
setpgid(0, getpid());
return 0;
}
if(pid == -1)
err(1, "fork");
/* wait for the real login process to exit */
#ifdef HAVE_SETPROCTITLE
setproctitle("waitpid %d", pid);
#endif
while(1) {
int status;
int ret;
ret = waitpid(pid, &status, 0);
if(ret > 0) {
if(WIFEXITED(status) || WIFSIGNALED(status)) {
execle(prog, argv0, NULL, env);
err(1, "exec %s", prog);
}
} else if(ret < 0)
err(1, "waitpid");
}
}
static void
exec_shell(const char *shell, int fallback)
{
char *sh;
const char *p;
extend_env(NULL);
if(start_login_process() < 0)
warn("login process");
start_logout_process();
p = strrchr(shell, '/');
if(p)
p++;
else
p = shell;
if (asprintf(&sh, "-%s", p) == -1)
errx(1, "Out of memory");
execle(shell, sh, NULL, env);
if(fallback){
warnx("Can't exec %s, trying %s",
shell, _PATH_BSHELL);
execle(_PATH_BSHELL, "-sh", NULL, env);
err(1, "%s", _PATH_BSHELL);
}
err(1, "%s", shell);
}
static enum { NONE = 0, AUTH_KRB5 = 2, AUTH_OTP = 3 } auth;
#ifdef OTP
static OtpContext otp_ctx;
static int
otp_verify(struct passwd *pwd, const char *password)
{
return (otp_verify_user (&otp_ctx, password));
}
#endif /* OTP */
#ifdef KRB5
static krb5_context context;
static krb5_ccache id, id2;
static int
krb5_verify(struct passwd *pwd, const char *password)
{
krb5_error_code ret;
krb5_principal princ;
ret = krb5_parse_name(context, pwd->pw_name, &princ);
if(ret)
return 1;
ret = krb5_cc_new_unique(context, krb5_cc_type_memory, NULL, &id);
if(ret) {
krb5_free_principal(context, princ);
return 1;
}
ret = krb5_verify_user_lrealm(context,
princ,
id,
password,
1,
NULL);
krb5_free_principal(context, princ);
return ret;
}
static int
krb5_start_session (const struct passwd *pwd)
{
krb5_error_code ret;
char residual[64];
/* copy credentials to file cache */
snprintf(residual, sizeof(residual), "FILE:/tmp/krb5cc_%u",
(unsigned)pwd->pw_uid);
krb5_cc_resolve(context, residual, &id2);
ret = krb5_cc_copy_cache(context, id, id2);
if (ret == 0)
add_env("KRB5CCNAME", residual);
else {
krb5_cc_destroy (context, id2);
return ret;
}
krb5_cc_close(context, id2);
krb5_cc_destroy(context, id);
return 0;
}
static void
krb5_finish (void)
{
krb5_free_context(context);
}
static void
krb5_get_afs_tokens (const struct passwd *pwd)
{
#ifndef NO_AFS
static int pag_set = 0;
char cell[64];
char *pw_dir;
krb5_error_code ret;
if (!k_hasafs ())
return;
ret = krb5_cc_default(context, &id2);
if (ret == 0) {
pw_dir = pwd->pw_dir;
if (!pag_set) {
k_setpag();
pag_set = 1;
}
if(k_afs_cell_of_file(pw_dir, cell, sizeof(cell)) == 0)
krb5_afslog_uid_home (context, id2,
cell, NULL, pwd->pw_uid, pwd->pw_dir);
krb5_afslog_uid_home (context, id2, NULL, NULL,
pwd->pw_uid, pwd->pw_dir);
krb5_cc_close (context, id2);
}
#endif
}
#endif /* KRB5 */
static int f_flag;
static int p_flag;
#if 0
static int r_flag;
#endif
static int version_flag;
static int help_flag;
static char *remote_host;
static char *auth_level = NULL;
struct getargs args[] = {
{ NULL, 'a', arg_string, &auth_level, "authentication mode", NULL },
#if 0
{ NULL, 'd', NULL, NULL, NULL, NULL },
#endif
{ NULL, 'f', arg_flag, &f_flag, "pre-authenticated", NULL },
{ NULL, 'h', arg_string, &remote_host, "remote host", "hostname" },
{ NULL, 'p', arg_flag, &p_flag, "don't purge environment",
NULL },
#if 0
{ NULL, 'r', arg_flag, &r_flag, "rlogin protocol", NULL },
#endif
{ "version", 0, arg_flag, &version_flag, NULL, NULL },
{ "help", 0, arg_flag,&help_flag, NULL, NULL }
};
int nargs = sizeof(args) / sizeof(args[0]);
static void
update_utmp(const char *username, const char *hostname,
char *tty, char *ttyn)
{
/*
* Update the utmp files, both BSD and SYSV style.
*/
if (utmpx_login(tty, username, hostname) != 0 && !f_flag) {
printf("No utmpx entry. You must exec \"login\" from the "
"lowest level shell.\n");
exit(1);
}
utmp_login(ttyn, username, hostname);
}
static void
checknologin(void)
{
FILE *f;
char buf[1024];
f = fopen(_PATH_NOLOGIN, "r");
if(f == NULL)
return;
while(fgets(buf, sizeof(buf), f))
fputs(buf, stdout);
fclose(f);
exit(0);
}
/* print contents of a file */
static void
show_file(const char *file)
{
FILE *f;
char buf[BUFSIZ];
if((f = fopen(file, "r")) == NULL)
return;
while (fgets(buf, sizeof(buf), f))
fputs(buf, stdout);
fclose(f);
}
/*
* Actually log in the user. `pwd' contains all the relevant
* information about the user. `ttyn' is the complete name of the tty
* and `tty' the short name.
*/
static void
do_login(const struct passwd *pwd, char *tty, char *ttyn)
{
#ifdef HAVE_GETSPNAM
struct spwd *sp;
#endif
int rootlogin = (pwd->pw_uid == 0);
gid_t tty_gid;
struct group *gr;
const char *home_dir;
int i;
if(!rootlogin)
checknologin();
#ifdef HAVE_GETSPNAM
sp = getspnam(pwd->pw_name);
#endif
update_utmp(pwd->pw_name, remote_host ? remote_host : "",
tty, ttyn);
gr = getgrnam ("tty");
if (gr != NULL)
tty_gid = gr->gr_gid;
else
tty_gid = pwd->pw_gid;
if (chown (ttyn, pwd->pw_uid, tty_gid) < 0) {
warn("chown %s", ttyn);
if (rootlogin == 0)
exit (1);
}
if (chmod (ttyn, S_IRUSR | S_IWUSR | S_IWGRP) < 0) {
warn("chmod %s", ttyn);
if (rootlogin == 0)
exit (1);
}
#ifdef HAVE_SETLOGIN
if(setlogin(pwd->pw_name)){
warn("setlogin(%s)", pwd->pw_name);
if(rootlogin == 0)
exit(1);
}
#endif
if(rootlogin == 0) {
const char *file = login_conf_get_string("limits");
if(file == NULL)
file = _PATH_LIMITS_CONF;
read_limits_conf(file, pwd);
}
#ifdef HAVE_SETPCRED
if (setpcred (pwd->pw_name, NULL) == -1)
warn("setpcred(%s)", pwd->pw_name);
#endif /* HAVE_SETPCRED */
#ifdef HAVE_INITGROUPS
if(initgroups(pwd->pw_name, pwd->pw_gid)){
warn("initgroups(%s, %u)", pwd->pw_name, (unsigned)pwd->pw_gid);
if(rootlogin == 0)
exit(1);
}
#endif
if(do_osfc2_magic(pwd->pw_uid))
exit(1);
if(setgid(pwd->pw_gid)){
warn("setgid(%u)", (unsigned)pwd->pw_gid);
if(rootlogin == 0)
exit(1);
}
if(setuid(pwd->pw_uid) || (pwd->pw_uid != 0 && setuid(0) == 0)) {
warn("setuid(%u)", (unsigned)pwd->pw_uid);
if(rootlogin == 0)
exit(1);
}
/* make sure signals are set to default actions, apparently some
OS:es like to ignore SIGINT, which is not very convenient */
for (i = 1; i < NSIG; ++i)
signal(i, SIG_DFL);
/* all kinds of different magic */
#ifdef HAVE_GETSPNAM
check_shadow(pwd, sp);
#endif
#if defined(HAVE_GETUDBNAM) && defined(HAVE_SETLIM)
{
struct udb *udb;
long t;
const long maxcpu = 46116860184; /* some random constant */
udb = getudbnam(pwd->pw_name);
if(udb == UDB_NULL)
errx(1, "Failed to get UDB entry.");
t = udb->ue_pcpulim[UDBRC_INTER];
if(t == 0 || t > maxcpu)
t = CPUUNLIM;
else
t *= 100 * CLOCKS_PER_SEC;
if(limit(C_PROC, 0, L_CPU, t) < 0)
warn("limit C_PROC");
t = udb->ue_jcpulim[UDBRC_INTER];
if(t == 0 || t > maxcpu)
t = CPUUNLIM;
else
t *= 100 * CLOCKS_PER_SEC;
if(limit(C_JOBPROCS, 0, L_CPU, t) < 0)
warn("limit C_JOBPROCS");
nice(udb->ue_nice[UDBRC_INTER]);
}
#endif
#if defined(HAVE_SGI_GETCAPABILITYBYNAME) && defined(HAVE_CAP_SET_PROC)
/* XXX SGI capability hack IRIX 6.x (x >= 0?) has something
called capabilities, that allow you to give away
permissions (such as chown) to specific processes. From 6.5
this is default on, and the default capability set seems to
not always be the empty set. The problem is that the
runtime linker refuses to do just about anything if the
process has *any* capabilities set, so we have to remove
them here (unless otherwise instructed by /etc/capability).
In IRIX < 6.5, these functions was called sgi_cap_setproc,
etc, but we ignore this fact (it works anyway). */
{
struct user_cap *ucap = sgi_getcapabilitybyname(pwd->pw_name);
cap_t cap;
if(ucap == NULL)
cap = cap_from_text("all=");
else
cap = cap_from_text(ucap->ca_default);
if(cap == NULL)
err(1, "cap_from_text");
if(cap_set_proc(cap) < 0)
err(1, "cap_set_proc");
cap_free(cap);
free(ucap);
}
#endif
home_dir = pwd->pw_dir;
if (chdir(home_dir) < 0) {
fprintf(stderr, "No home directory \"%s\"!\n", pwd->pw_dir);
if (chdir("/"))
exit(0);
home_dir = "/";
fprintf(stderr, "Logging in with home = \"/\".\n");
}
#ifdef KRB5
if (auth == AUTH_KRB5) {
krb5_start_session (pwd);
}
krb5_get_afs_tokens (pwd);
krb5_finish ();
#endif /* KRB5 */
add_env("PATH", _PATH_DEFPATH);
{
const char *str = login_conf_get_string("environment");
char buf[MAXPATHLEN];
if(str == NULL) {
login_read_env(_PATH_ETC_ENVIRONMENT);
} else {
while(strsep_copy(&str, ",", buf, sizeof(buf)) != -1) {
if(buf[0] == '\0')
continue;
login_read_env(buf);
}
}
}
{
const char *str = login_conf_get_string("motd");
char buf[MAXPATHLEN];
if(str != NULL) {
while(strsep_copy(&str, ",", buf, sizeof(buf)) != -1) {
if(buf[0] == '\0')
continue;
show_file(buf);
}
} else {
str = login_conf_get_string("welcome");
if(str != NULL)
show_file(str);
}
}
add_env("HOME", home_dir);
add_env("USER", pwd->pw_name);
add_env("LOGNAME", pwd->pw_name);
add_env("SHELL", pwd->pw_shell);
exec_shell(pwd->pw_shell, rootlogin);
}
static int
check_password(struct passwd *pwd, const char *password)
{
if(pwd->pw_passwd == NULL)
return 1;
if(pwd->pw_passwd[0] == '\0'){
#ifdef ALLOW_NULL_PASSWORD
return password[0] != '\0';
#else
return 1;
#endif
}
if(strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) == 0)
return 0;
#ifdef KRB5
if(krb5_verify(pwd, password) == 0) {
auth = AUTH_KRB5;
return 0;
}
#endif
#ifdef OTP
if (otp_verify (pwd, password) == 0) {
auth = AUTH_OTP;
return 0;
}
#endif
return 1;
}
static void
usage(int status)
{
arg_printusage(args, nargs, NULL, "[username]");
exit(status);
}
static RETSIGTYPE
sig_handler(int sig)
{
if (sig == SIGALRM)
fprintf(stderr, "Login timed out after %d seconds\n",
login_timeout);
else
fprintf(stderr, "Login received signal, exiting\n");
exit(0);
}
int
main(int argc, char **argv)
{
int max_tries = 5;
int try;
char username[32];
int optidx = 0;
int ask = 1;
struct sigaction sa;
setprogname(argv[0]);
#ifdef KRB5
{
krb5_error_code ret;
ret = krb5_init_context(&context);
if (ret)
errx (1, "krb5_init_context failed: %d", ret);
}
#endif
openlog("login", LOG_ODELAY | LOG_PID, LOG_AUTH);
if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
&optidx))
usage (1);
argc -= optidx;
argv += optidx;
if(help_flag)
usage(0);
if (version_flag) {
print_version (NULL);
return 0;
}
if (geteuid() != 0)
errx(1, "only root may use login, use su");
/* Default tty settings. */
stty_default();
if(p_flag)
copy_env();
else {
/* this set of variables is always preserved by BSD login */
if(getenv("TERM"))
add_env("TERM", getenv("TERM"));
if(getenv("TZ"))
add_env("TZ", getenv("TZ"));
}
if(*argv){
if(strchr(*argv, '=') == NULL && strcmp(*argv, "-") != 0){
strlcpy (username, *argv, sizeof(username));
ask = 0;
}
}
#if defined(DCE) && defined(AIX)
esetenv("AUTHSTATE", "DCE", 1);
#endif
/* XXX should we care about environment on the command line? */
memset(&sa, 0, sizeof(sa));
sa.sa_handler = sig_handler;
sigemptyset(&sa.sa_mask);
sa.sa_flags = 0;
sigaction(SIGALRM, &sa, NULL);
alarm(login_timeout);
for(try = 0; try < max_tries; try++){
struct passwd *pwd;
char password[128];
int ret;
char ttname[32];
char *tty, *ttyn;
char prompt[128];
#ifdef OTP
char otp_str[256];
#endif
if(ask){
f_flag = 0;
#if 0
r_flag = 0;
#endif
ret = read_string("login: ", username, sizeof(username), 1);
if(ret == -3)
exit(0);
if(ret == -2)
sig_handler(0); /* exit */
}
pwd = k_getpwnam(username);
#ifdef ALLOW_NULL_PASSWORD
if (pwd != NULL && (pwd->pw_passwd[0] == '\0')) {
strcpy(password,"");
}
else
#endif
{
#ifdef OTP
if(auth_level && strcmp(auth_level, "otp") == 0 &&
otp_challenge(&otp_ctx, username,
otp_str, sizeof(otp_str)) == 0)
snprintf (prompt, sizeof(prompt), "%s's %s Password: ",
username, otp_str);
else
#endif
strncpy(prompt, "Password: ", sizeof(prompt));
if (f_flag == 0) {
ret = read_string(prompt, password, sizeof(password), 0);
if (ret == -3) {
ask = 1;
continue;
}
if (ret == -2)
sig_handler(0);
}
}
if(pwd == NULL){
fprintf(stderr, "Login incorrect.\n");
ask = 1;
continue;
}
if(f_flag == 0 && check_password(pwd, password)){
fprintf(stderr, "Login incorrect.\n");
ask = 1;
continue;
}
ttyn = ttyname(STDIN_FILENO);
if(ttyn == NULL){
snprintf(ttname, sizeof(ttname), "%s??", _PATH_TTY);
ttyn = ttname;
}
if (strncmp (ttyn, _PATH_DEV, strlen(_PATH_DEV)) == 0)
tty = ttyn + strlen(_PATH_DEV);
else
tty = ttyn;
if (login_access (pwd, remote_host ? remote_host : tty) == 0) {
fprintf(stderr, "Permission denied\n");
if (remote_host)
syslog(LOG_NOTICE, "%s LOGIN REFUSED FROM %s",
pwd->pw_name, remote_host);
else
syslog(LOG_NOTICE, "%s LOGIN REFUSED ON %s",
pwd->pw_name, tty);
exit (1);
} else {
if (remote_host)
syslog(LOG_NOTICE, "%s LOGIN ACCEPTED FROM %s ppid=%d",
pwd->pw_name, remote_host, (int) getppid());
else
syslog(LOG_NOTICE, "%s LOGIN ACCEPTED ON %s ppid=%d",
pwd->pw_name, tty, (int) getppid());
}
alarm(0);
do_login(pwd, tty, ttyn);
}
exit(1);
}

277
appl/login/login_access.c
View File

@@ -1,277 +0,0 @@
/************************************************************************
* Copyright 1995 by Wietse Venema. All rights reserved. Some individual
* files may be covered by other copyrights.
*
* This material was originally written and compiled by Wietse Venema at
* Eindhoven University of Technology, The Netherlands, in 1990, 1991,
* 1992, 1993, 1994 and 1995.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that this entire copyright notice
* is duplicated in all such copies.
*
* This software is provided "as is" and without any expressed or implied
* warranties, including, without limitation, the implied warranties of
* merchantibility and fitness for any particular purpose.
************************************************************************/
/*
* This module implements a simple but effective form of login access
* control based on login names and on host (or domain) names, internet
* addresses (or network numbers), or on terminal line names in case of
* non-networked logins. Diagnostics are reported through syslog(3).
*
* Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
*/
#include "login_locl.h"
RCSID("$Id$");
/* Delimiters for fields and for lists of users, ttys or hosts. */
static char fs[] = ":"; /* field separator */
static char sep[] = ", \t"; /* list-element separator */
/* Constants to be used in assignments only, not in comparisons... */
#define YES 1
#define NO 0
/*
* A structure to bundle up all login-related information to keep the
* functional interfaces as generic as possible.
*/
struct login_info {
struct passwd *user;
char *from;
};
static int list_match(char *list, struct login_info *item,
int (*match_fn)(char *, struct login_info *));
static int user_match(char *tok, struct login_info *item);
static int from_match(char *tok, struct login_info *item);
static int string_match(char *tok, char *string);
/* login_access - match username/group and host/tty with access control file */
int login_access(struct passwd *user, char *from)
{
struct login_info item;
FILE *fp;
char line[BUFSIZ];
char *perm; /* becomes permission field */
char *users; /* becomes list of login names */
char *froms; /* becomes list of terminals or hosts */
int match = NO;
int end;
int lineno = 0; /* for diagnostics */
char *foo;
/*
* Bundle up the arguments to avoid unnecessary clumsiness lateron.
*/
item.user = user;
item.from = from;
/*
* Process the table one line at a time and stop at the first match.
* Blank lines and lines that begin with a '#' character are ignored.
* Non-comment lines are broken at the ':' character. All fields are
* mandatory. The first field should be a "+" or "-" character. A
* non-existing table means no access control.
*/
if ((fp = fopen(_PATH_LOGACCESS, "r")) != 0) {
while (!match && fgets(line, sizeof(line), fp)) {
lineno++;
if (line[end = strlen(line) - 1] != '\n') {
syslog(LOG_ERR, "%s: line %d: missing newline or line too long",
_PATH_LOGACCESS, lineno);
continue;
}
if (line[0] == '#')
continue; /* comment line */
while (end > 0 && isspace((unsigned char)line[end - 1]))
end--;
line[end] = 0; /* strip trailing whitespace */
if (line[0] == 0) /* skip blank lines */
continue;
foo = NULL;
if (!(perm = strtok_r(line, fs, &foo))
|| !(users = strtok_r(NULL, fs, &foo))
|| !(froms = strtok_r(NULL, fs, &foo))
|| strtok_r(NULL, fs, &foo)) {
syslog(LOG_ERR, "%s: line %d: bad field count",
_PATH_LOGACCESS,
lineno);
continue;
}
if (perm[0] != '+' && perm[0] != '-') {
syslog(LOG_ERR, "%s: line %d: bad first field",
_PATH_LOGACCESS,
lineno);
continue;
}
match = (list_match(froms, &item, from_match)
&& list_match(users, &item, user_match));
}
fclose(fp);
} else if (errno != ENOENT) {
syslog(LOG_ERR, "cannot open %s: %m", _PATH_LOGACCESS);
}
return (match == 0 || (line[0] == '+'));
}
/* list_match - match an item against a list of tokens with exceptions */
static int
list_match(char *list,
struct login_info *item,
int (*match_fn)(char *, struct login_info *))
{
char *tok;
int match = NO;
char *foo = NULL;
/*
* Process tokens one at a time. We have exhausted all possible matches
* when we reach an "EXCEPT" token or the end of the list. If we do find
* a match, look for an "EXCEPT" list and recurse to determine whether
* the match is affected by any exceptions.
*/
for (tok = strtok_r(list, sep, &foo);
tok != NULL;
tok = strtok_r(NULL, sep, &foo)) {
if (strcasecmp(tok, "EXCEPT") == 0) /* EXCEPT: give up */
break;
if ((match = (*match_fn) (tok, item)) != 0) /* YES */
break;
}
/* Process exceptions to matches. */
if (match != NO) {
while ((tok = strtok_r(NULL, sep, &foo)) && strcasecmp(tok, "EXCEPT"))
/* VOID */ ;
if (tok == 0 || list_match(NULL, item, match_fn) == NO)
return (match);
}
return (NO);
}
/* myhostname - figure out local machine name */
static char *myhostname(void)
{
static char name[MAXHOSTNAMELEN + 1] = "";
if (name[0] == 0) {
gethostname(name, sizeof(name));
name[MAXHOSTNAMELEN] = 0;
}
return (name);
}
/* netgroup_match - match group against machine or user */
static int netgroup_match(char *group, char *machine, char *user)
{
#ifdef HAVE_YP_GET_DEFAULT_DOMAIN
static char *mydomain = 0;
if (mydomain == 0)
yp_get_default_domain(&mydomain);
return (innetgr(group, machine, user, mydomain));
#else
syslog(LOG_ERR, "NIS netgroup support not configured");
return 0;
#endif
}
/* user_match - match a username against one token */
static int user_match(char *tok, struct login_info *item)
{
char *string = item->user->pw_name;
struct login_info fake_item;
struct group *group;
int i;
char *at;
/*
* If a token has the magic value "ALL" the match always succeeds.
* Otherwise, return YES if the token fully matches the username, if the
* token is a group that contains the username, or if the token is the
* name of the user's primary group.
*/
if ((at = strchr(tok + 1, '@')) != 0) { /* split user@host pattern */
*at = 0;
fake_item.from = myhostname();
return (user_match(tok, item) && from_match(at + 1, &fake_item));
} else if (tok[0] == '@') { /* netgroup */
return (netgroup_match(tok + 1, (char *) 0, string));
} else if (string_match(tok, string)) { /* ALL or exact match */
return (YES);
} else if ((group = getgrnam(tok)) != 0) { /* try group membership */
if (item->user->pw_gid == group->gr_gid)
return (YES);
for (i = 0; group->gr_mem[i]; i++)
if (strcasecmp(string, group->gr_mem[i]) == 0)
return (YES);
}
return (NO);
}
/* from_match - match a host or tty against a list of tokens */
static int from_match(char *tok, struct login_info *item)
{
char *string = item->from;
int tok_len;
int str_len;
/*
* If a token has the magic value "ALL" the match always succeeds. Return
* YES if the token fully matches the string. If the token is a domain
* name, return YES if it matches the last fields of the string. If the
* token has the magic value "LOCAL", return YES if the string does not
* contain a "." character. If the token is a network number, return YES
* if it matches the head of the string.
*/
if (tok[0] == '@') { /* netgroup */
return (netgroup_match(tok + 1, string, (char *) 0));
} else if (string_match(tok, string)) { /* ALL or exact match */
return (YES);
} else if (tok[0] == '.') { /* domain: match last fields */
if ((str_len = strlen(string)) > (tok_len = strlen(tok))
&& strcasecmp(tok, string + str_len - tok_len) == 0)
return (YES);
} else if (strcasecmp(tok, "LOCAL") == 0) { /* local: no dots */
if (strchr(string, '.') == 0)
return (YES);
} else if (tok[(tok_len = strlen(tok)) - 1] == '.' /* network */
&& strncmp(tok, string, tok_len) == 0) {
return (YES);
}
return (NO);
}
/* string_match - match a string against one token */
static int string_match(char *tok, char *string)
{
/*
* If the token has the magic value "ALL" the match always succeeds.
* Otherwise, return YES if the token fully matches the string.
*/
if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */
return (YES);
} else if (strcasecmp(tok, string) == 0) { /* try exact match */
return (YES);
}
return (NO);
}

157
appl/login/login_locl.h
View File

@@ -1,157 +0,0 @@
/*
* Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id$ */
#ifndef __LOGIN_LOCL_H__
#define __LOGIN_LOCL_H__
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <unistd.h>
#include <syslog.h>
#include <signal.h>
#include <termios.h>
#include <err.h>
#include <pwd.h>
#include <roken.h>
#include <getarg.h>
#ifdef HAVE_NETDB_H
#include <netdb.h>
#endif
#ifdef HAVE_PATHS_H
#include <paths.h>
#endif
#ifdef HAVE_UTMP_H
#include <utmp.h>
#endif
#ifdef HAVE_UTMPX_H
#include <utmpx.h>
#endif
#ifdef HAVE_UDB_H
#include <udb.h>
#endif
#ifdef HAVE_SYS_RESOURCE_H
#include <sys/resource.h>
#endif
#ifdef HAVE_SYS_CATEGORY_H
#include <sys/category.h>
#endif
#ifdef HAVE_SYS_WAIT_H
#include <sys/wait.h>
#endif
#ifdef HAVE_SHADOW_H
#include <shadow.h>
#endif
#ifdef HAVE_NETGROUP_H
#include <netgroup.h>
#endif
#ifdef HAVE_RPCSVC_YPCLNT_H
#include <rpcsvc/ypclnt.h>
#endif
#ifdef KRB5
#include <krb5.h>
#endif
#ifndef NO_AFS
#include <kafs.h>
#endif
#ifdef OTP
#include <otp.h>
#endif
#ifdef HAVE_OSFC2
#define getargs OSFgetargs
#include "/usr/include/prot.h"
#undef getargs
#endif
#ifndef _PATH_BSHELL
#define _PATH_BSHELL "/bin/sh"
#endif
#ifndef _PATH_TTY
#define _PATH_TTY "/dev/tty"
#endif
#ifndef _PATH_DEV
#define _PATH_DEV "/dev/"
#endif
#ifndef _PATH_WTMP
#ifdef WTMP_FILE
#define _PATH_WTMP WTMP_FILE
#else
#define _PATH_WTMP "/var/adm/wtmp"
#endif
#endif
#ifndef _PATH_UTMP
#ifdef UTMP_FILE
#define _PATH_UTMP UTMP_FILE
#else
#define _PATH_UTMP "/var/adm/utmp"
#endif
#endif
/* if cygwin doesnt have WTMPX_FILE, it uses wtmp for wtmpx
* http://www.cygwin.com/ml/cygwin/2006-12/msg00630.html */
#ifdef __CYGWIN__
#ifndef WTMPX_FILE
#define WTMPX_FILE WTMP_FILE
#endif
#endif
#ifndef _PATH_LOGACCESS
#define _PATH_LOGACCESS SYSCONFDIR "/login.access"
#endif /* _PATH_LOGACCESS */
#ifndef _PATH_LOGIN_CONF
#define _PATH_LOGIN_CONF SYSCONFDIR "/login.conf"
#endif /* _PATH_LOGIN_CONF */
#ifndef _PATH_DEFPATH
#define _PATH_DEFPATH "/usr/bin:/bin"
#endif
#include "loginpaths.h"
struct spwd;
extern char **env;
extern int num_env;
#include "login-protos.h"
#endif /* __LOGIN_LOCL_H__ */

52
appl/login/loginpaths.h
View File

@@ -1,52 +0,0 @@
/*
* Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id$ */
#ifndef __LOGIN_PATH_H
#define __LOGIN_PATH_H
#ifndef _PATH_NOLOGIN
#define _PATH_NOLOGIN "/etc/nologin"
#endif
#ifndef _PATH_ETC_ENVIRONMENT
#define _PATH_ETC_ENVIRONMENT SYSCONFDIR "/environment"
#endif
#ifndef _PATH_LIMITS_CONF
#define _PATH_LIMITS_CONF "/etc/security/limits.conf"
#endif
#endif /* __LOGIN_PATH_H */

79
appl/login/osfc2.c
View File

@@ -1,79 +0,0 @@
/*
* Copyright (c) 1998 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "login_locl.h"
RCSID("$Id$");
int
do_osfc2_magic(uid_t uid)
{
#ifdef HAVE_OSFC2
struct es_passwd *epw;
char *argv[2];
/* fake */
argv[0] = (char*)getprogname();
argv[1] = NULL;
set_auth_parameters(1, argv);
epw = getespwuid(uid);
if(epw == NULL) {
syslog(LOG_AUTHPRIV|LOG_NOTICE,
"getespwuid failed for %d", uid);
printf("Sorry.\n");
return 1;
}
/* We don't check for auto-retired, foo-retired,
bar-retired, or any other kind of retired accounts
here; neither do we check for time-locked accounts, or
any other kind of serious C2 mumbo-jumbo. We do,
however, call setluid, since failing to do so is not
very good (take my word for it). */
if(!epw->uflg->fg_uid) {
syslog(LOG_AUTHPRIV|LOG_NOTICE,
"attempted login by %s (has no uid)", epw->ufld->fd_name);
printf("Sorry.\n");
return 1;
}
setluid(epw->ufld->fd_uid);
if(getluid() != epw->ufld->fd_uid) {
syslog(LOG_AUTHPRIV|LOG_NOTICE,
"failed to set LUID for %s (%d)",
epw->ufld->fd_name, epw->ufld->fd_uid);
printf("Sorry.\n");
return 1;
}
#endif /* HAVE_OSFC2 */
return 0;
}

137
appl/login/read_string.c
View File

@@ -1,137 +0,0 @@
/*
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "login_locl.h"
RCSID("$Id$");
static sig_atomic_t intr_flag;
static void
intr(int sig)
{
intr_flag++;
}
#ifndef NSIG
#define NSIG 47
#endif
int
read_string(const char *prompt, char *buf, size_t len, int echo)
{
struct sigaction sigs[NSIG];
int oksigs[NSIG];
struct sigaction sa;
FILE *tty;
int ret = 0;
int of = 0;
int i;
int c;
char *p;
struct termios t_new, t_old;
memset(&oksigs, 0, sizeof(oksigs));
memset(&sa, 0, sizeof(sa));
sa.sa_handler = intr;
sigemptyset(&sa.sa_mask);
sa.sa_flags = 0;
for(i = 1; i < sizeof(sigs) / sizeof(sigs[0]); i++)
if (i != SIGALRM)
if (sigaction(i, &sa, &sigs[i]) == 0)
oksigs[i] = 1;
if((tty = fopen("/dev/tty", "r")) == NULL)
tty = stdin;
fprintf(stderr, "%s", prompt);
fflush(stderr);
if(echo == 0){
tcgetattr(fileno(tty), &t_old);
memcpy(&t_new, &t_old, sizeof(t_new));
t_new.c_lflag &= ~ECHO;
tcsetattr(fileno(tty), TCSANOW, &t_new);
}
intr_flag = 0;
p = buf;
while(intr_flag == 0){
c = getc(tty);
if(c == EOF){
if(!ferror(tty))
ret = 1;
break;
}
if(c == '\n')
break;
if(of == 0)
*p++ = c;
of = (p == buf + len);
}
if(of)
p--;
*p = 0;
if(echo == 0){
printf("\n");
tcsetattr(fileno(tty), TCSANOW, &t_old);
}
if(tty != stdin)
fclose(tty);
for(i = 1; i < sizeof(sigs) / sizeof(sigs[0]); i++)
if (oksigs[i])
sigaction(i, &sigs[i], NULL);
if(ret)
return -3;
if(intr_flag)
return -2;
if(of)
return -1;
return 0;
}
#if 0
int main()
{
char s[128];
int ret;
ret = read_string("foo: ", s, sizeof(s), 0);
printf("%d ->%s<-\n", ret, s);
}
#endif

95
appl/login/shadow.c
View File

@@ -1,95 +0,0 @@
/*
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "login_locl.h"
RCSID("$Id$");
#ifdef HAVE_SHADOW_H
#ifndef _PATH_CHPASS
#define _PATH_CHPASS "/usr/bin/passwd"
#endif
static int
change_passwd(const struct passwd *who)
{
int status;
pid_t pid;
switch (pid = fork()) {
case -1:
printf("fork /bin/passwd");
exit(1);
case 0:
execlp(_PATH_CHPASS, "passwd", who->pw_name, (char *) 0);
exit(1);
default:
waitpid(pid, &status, 0);
return (status);
}
}
void
check_shadow(const struct passwd *pw, const struct spwd *sp)
{
long today;
today = time(0)/(24L * 60 * 60);
if (sp == NULL)
return;
if (sp->sp_expire > 0) {
if (today >= sp->sp_expire) {
printf("Your account has expired.\n");
sleep(1);
exit(0);
} else if (sp->sp_expire - today < 14) {
printf("Your account will expire in %d days.\n",
(int)(sp->sp_expire - today));
}
}
if (sp->sp_max > 0) {
if (today >= (sp->sp_lstchg + sp->sp_max)) {
printf("Your password has expired. Choose a new one.\n");
change_passwd(pw);
} else if (sp->sp_warn > 0
&& (today > (sp->sp_lstchg + sp->sp_max - sp->sp_warn))) {
printf("Your password will expire in %d days.\n",
(int)(sp->sp_lstchg + sp->sp_max - today));
}
}
}
#endif /* HAVE_SHADOW_H */

100
appl/login/stty_default.c
View File

@@ -1,100 +0,0 @@
/*
* Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "login_locl.h"
RCSID("$Id$");
#include <termios.h>
/* HP-UX 9.0 termios doesn't define these */
#ifndef FLUSHO
#define FLUSHO 0
#endif
#ifndef XTABS
#define XTABS 0
#endif
#ifndef OXTABS
#define OXTABS XTABS
#endif
/* Ultrix... */
#ifndef ECHOPRT
#define ECHOPRT 0
#endif
#ifndef ECHOCTL
#define ECHOCTL 0
#endif
#ifndef ECHOKE
#define ECHOKE 0
#endif
#ifndef IMAXBEL
#define IMAXBEL 0
#endif
#define Ctl(x) ((x) ^ 0100)
void
stty_default(void)
{
struct termios termios;
/*
* Finalize the terminal settings. Some systems default to 8 bits,
* others to 7, so we should leave that alone.
*/
tcgetattr(0, &termios);
termios.c_iflag |= (BRKINT|IGNPAR|ICRNL|IXON|IMAXBEL);
termios.c_iflag &= ~IXANY;
termios.c_lflag |= (ISIG|IEXTEN|ICANON|ECHO|ECHOE|ECHOK|ECHOCTL|ECHOKE);
termios.c_lflag &= ~(ECHOPRT|TOSTOP|FLUSHO);
termios.c_oflag |= (OPOST|ONLCR);
termios.c_oflag &= ~OXTABS;
termios.c_cc[VINTR] = Ctl('C');
termios.c_cc[VERASE] = Ctl('H');
termios.c_cc[VKILL] = Ctl('U');
termios.c_cc[VEOF] = Ctl('D');
termios.c_cc[VSUSP] = Ctl('Z');
tcsetattr(0, TCSANOW, &termios);
}

70
appl/login/tty.c
View File

@@ -1,70 +0,0 @@
/*
* Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "login_locl.h"
RCSID("$Id$");
/*
* Clean the tty name. Return a pointer to the cleaned version.
*/
char *
clean_ttyname (char *tty)
{
char *res = tty;
if (strncmp (res, _PATH_DEV, strlen(_PATH_DEV)) == 0)
res += strlen(_PATH_DEV);
if (strncmp (res, "pty/", 4) == 0)
res += 4;
if (strncmp (res, "ptym/", 5) == 0)
res += 5;
return res;
}
/*
* Generate a name usable as an `ut_id', typically without `tty'.
*/
char *
make_id (char *tty)
{
char *res = tty;
if (strncmp (res, "pts/", 4) == 0)
res += 4;
if (strncmp (res, "tty", 3) == 0)
res += 3;
return res;
}

166
appl/login/utmp_login.c
View File

@@ -1,166 +0,0 @@
/*
* Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "login_locl.h"
RCSID("$Id$");
/* try to put something useful from hostname into dst, dst_sz:
* full name, first component or address */
void
shrink_hostname (const char *hostname,
char *dst, size_t dst_sz)
{
char local_hostname[MaxHostNameLen];
char *ld, *hd;
int ret;
struct addrinfo *ai;
if (strlen(hostname) < dst_sz) {
strlcpy (dst, hostname, dst_sz);
return;
}
gethostname (local_hostname, sizeof(local_hostname));
hd = strchr (hostname, '.');
ld = strchr (local_hostname, '.');
if (hd != NULL && ld != NULL && strcmp(hd, ld) == 0
&& hd - hostname < dst_sz) {
strlcpy (dst, hostname, dst_sz);
dst[hd - hostname] = '\0';
return;
}
ret = getaddrinfo (hostname, NULL, NULL, &ai);
if (ret) {
strncpy (dst, hostname, dst_sz);
return;
}
ret = getnameinfo (ai->ai_addr, ai->ai_addrlen,
dst, dst_sz,
NULL, 0,
NI_NUMERICHOST);
freeaddrinfo (ai);
if (ret) {
strncpy (dst, hostname, dst_sz);
return;
}
}
/* update utmp and wtmp - the BSD way */
#if !defined(HAVE_UTMPX_H) || (defined(WTMP_FILE) && !defined(WTMPX_FILE))
void
prepare_utmp (struct utmp *utmp, char *tty,
const char *username, const char *hostname)
{
char *ttyx = clean_ttyname (tty);
memset(utmp, 0, sizeof(*utmp));
utmp->ut_time = time(NULL);
strncpy(utmp->ut_line, ttyx, sizeof(utmp->ut_line));
strncpy(utmp->ut_name, username, sizeof(utmp->ut_name));
# ifdef HAVE_STRUCT_UTMP_UT_USER
strncpy(utmp->ut_user, username, sizeof(utmp->ut_user));
# endif
# ifdef HAVE_STRUCT_UTMP_UT_ADDR
if (hostname[0]) {
struct hostent *he;
if ((he = gethostbyname(hostname)))
memcpy(&utmp->ut_addr, he->h_addr_list[0],
sizeof(utmp->ut_addr));
}
# endif
# ifdef HAVE_STRUCT_UTMP_UT_HOST
shrink_hostname (hostname, utmp->ut_host, sizeof(utmp->ut_host));
# endif
# ifdef HAVE_STRUCT_UTMP_UT_TYPE
utmp->ut_type = USER_PROCESS;
# endif
# ifdef HAVE_STRUCT_UTMP_UT_PID
utmp->ut_pid = getpid();
# endif
# ifdef HAVE_STRUCT_UTMP_UT_ID
strncpy(utmp->ut_id, make_id(ttyx), sizeof(utmp->ut_id));
# endif
}
#endif
#ifdef HAVE_UTMPX_H
void utmp_login(char *tty, const char *username, const char *hostname)
{
return;
}
#else
void utmp_login(char *tty, const char *username, const char *hostname)
{
struct utmp utmp;
int fd;
prepare_utmp (&utmp, tty, username, hostname);
#ifdef HAVE_SETUTENT
utmpname(_PATH_UTMP);
setutent();
pututline(&utmp);
endutent();
#else
#ifdef HAVE_TTYSLOT
{
int ttyno;
ttyno = ttyslot();
if (ttyno > 0 && (fd = open(_PATH_UTMP, O_WRONLY, 0)) >= 0) {
lseek(fd, (long)(ttyno * sizeof(struct utmp)), SEEK_SET);
write(fd, &utmp, sizeof(struct utmp));
close(fd);
}
}
#endif /* HAVE_TTYSLOT */
#endif /* HAVE_SETUTENT */
if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) {
write(fd, &utmp, sizeof(struct utmp));
close(fd);
}
}
#endif /* !HAVE_UTMPX_H */

105
appl/login/utmpx_login.c
View File

@@ -1,105 +0,0 @@
/************************************************************************
* Copyright 1995 by Wietse Venema. All rights reserved. Some individual
* files may be covered by other copyrights.
*
* This material was originally written and compiled by Wietse Venema at
* Eindhoven University of Technology, The Netherlands, in 1990, 1991,
* 1992, 1993, 1994 and 1995.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that this entire copyright notice
* is duplicated in all such copies.
*
* This software is provided "as is" and without any expressed or implied
* warranties, including, without limitation, the implied warranties of
* merchantibility and fitness for any particular purpose.
************************************************************************/
/* Author: Wietse Venema <wietse@wzv.win.tue.nl> */
#include "login_locl.h"
RCSID("$Id$");
/* utmpx_login - update utmp and wtmp after login */
#ifndef HAVE_UTMPX_H
int utmpx_login(char *line, const char *user, const char *host) { return 0; }
#else
static void
utmpx_update(struct utmpx *ut, char *line, const char *user, const char *host)
{
struct timeval tmp;
char *clean_tty = clean_ttyname(line);
strncpy(ut->ut_line, clean_tty, sizeof(ut->ut_line));
#ifdef HAVE_STRUCT_UTMPX_UT_ID
strncpy(ut->ut_id, make_id(clean_tty), sizeof(ut->ut_id));
#endif
strncpy(ut->ut_user, user, sizeof(ut->ut_user));
shrink_hostname (host, ut->ut_host, sizeof(ut->ut_host));
#ifdef HAVE_STRUCT_UTMPX_UT_SYSLEN
ut->ut_syslen = strlen(host) + 1;
if (ut->ut_syslen > sizeof(ut->ut_host))
ut->ut_syslen = sizeof(ut->ut_host);
#endif
ut->ut_type = USER_PROCESS;
gettimeofday (&tmp, 0);
ut->ut_tv.tv_sec = tmp.tv_sec;
ut->ut_tv.tv_usec = tmp.tv_usec;
pututxline(ut);
#ifdef WTMPX_FILE
updwtmpx(WTMPX_FILE, ut);
#elif defined(WTMP_FILE)
{ /* XXX should be removed, just drop wtmp support */
struct utmp utmp;
int fd;
prepare_utmp (&utmp, line, user, host);
if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) {
write(fd, &utmp, sizeof(struct utmp));
close(fd);
}
}
#endif
}
int
utmpx_login(char *line, const char *user, const char *host)
{
struct utmpx *ut, save_ut;
pid_t mypid = getpid();
int ret = (-1);
/*
* SYSV4 ttymon and login use tty port names with the "/dev/" prefix
* stripped off. Rlogind and telnetd, on the other hand, make utmpx
* entries with device names like /dev/pts/nnn. We therefore cannot use
* getutxline(). Return nonzero if no utmp entry was found with our own
* process ID for a login or user process.
*/
while ((ut = getutxent())) {
/* Try to find a reusable entry */
if (ut->ut_pid == mypid
&& ( ut->ut_type == INIT_PROCESS
|| ut->ut_type == LOGIN_PROCESS
|| ut->ut_type == USER_PROCESS)) {
save_ut = *ut;
utmpx_update(&save_ut, line, user, host);
ret = 0;
break;
}
}
if (ret == -1) {
/* Grow utmpx file by one record. */
struct utmpx newut;
memset(&newut, 0, sizeof(newut));
newut.ut_pid = mypid;
utmpx_update(&newut, line, user, host);
ret = 0;
}
endutxent();
return (ret);
}
#endif /* HAVE_UTMPX_H */