login.c (157215) | login.c (165152) |
---|---|
1/*- 2 * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994 3 * The Regents of the University of California. All rights reserved. 4 * Copyright (c) 2002 Networks Associates Technologies, Inc. 5 * All rights reserved. 6 * 7 * Portions of this software were developed for the FreeBSD Project by 8 * ThinkSec AS and NAI Labs, the Security Research Division of Network --- 31 unchanged lines hidden (view full) --- 40 41#if 0 42#ifndef lint 43static char sccsid[] = "@(#)login.c 8.4 (Berkeley) 4/2/94"; 44#endif 45#endif 46 47#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994 3 * The Regents of the University of California. All rights reserved. 4 * Copyright (c) 2002 Networks Associates Technologies, Inc. 5 * All rights reserved. 6 * 7 * Portions of this software were developed for the FreeBSD Project by 8 * ThinkSec AS and NAI Labs, the Security Research Division of Network --- 31 unchanged lines hidden (view full) --- 40 41#if 0 42#ifndef lint 43static char sccsid[] = "@(#)login.c 8.4 (Berkeley) 4/2/94"; 44#endif 45#endif 46 47#include <sys/cdefs.h> |
48__FBSDID("$FreeBSD: head/usr.bin/login/login.c 157215 2006-03-28 15:30:42Z cognet $"); | 48__FBSDID("$FreeBSD: head/usr.bin/login/login.c 165152 2006-12-13 06:13:32Z csjp $"); |
49 50/* 51 * login [ name ] 52 * login -h hostname (for telnetd, etc.) 53 * login -f name (for pre-authenticated login: datakit, xterm, etc.) 54 */ 55 56#include <sys/copyright.h> --- 111 unchanged lines hidden (view full) --- 168 char *p, *ttyn; 169 char tname[sizeof(_PATH_TTY) + 10]; 170 char *arg0; 171 const char *tp; 172 const char *shell = NULL; 173 login_cap_t *lc = NULL; 174 login_cap_t *lc_user = NULL; 175 pid_t pid; | 49 50/* 51 * login [ name ] 52 * login -h hostname (for telnetd, etc.) 53 * login -f name (for pre-authenticated login: datakit, xterm, etc.) 54 */ 55 56#include <sys/copyright.h> --- 111 unchanged lines hidden (view full) --- 168 char *p, *ttyn; 169 char tname[sizeof(_PATH_TTY) + 10]; 170 char *arg0; 171 const char *tp; 172 const char *shell = NULL; 173 login_cap_t *lc = NULL; 174 login_cap_t *lc_user = NULL; 175 pid_t pid; |
176#ifdef USE_BSM_AUDIT |
|
176 char auditsuccess = 1; | 177 char auditsuccess = 1; |
178#endif |
|
177 178 (void)signal(SIGQUIT, SIG_IGN); 179 (void)signal(SIGINT, SIG_IGN); 180 (void)signal(SIGHUP, SIG_IGN); 181 if (setjmp(timeout_buf)) { 182 if (failures) 183 badlogin(username); 184 (void)fprintf(stderr, "Login timed out after %d seconds\n", --- 102 unchanged lines hidden (view full) --- 287 } 288 289 /* 290 * Load the PAM policy and set some variables 291 */ 292 pam_err = pam_start("login", username, &pamc, &pamh); 293 if (pam_err != PAM_SUCCESS) { 294 pam_syslog("pam_start()"); | 179 180 (void)signal(SIGQUIT, SIG_IGN); 181 (void)signal(SIGINT, SIG_IGN); 182 (void)signal(SIGHUP, SIG_IGN); 183 if (setjmp(timeout_buf)) { 184 if (failures) 185 badlogin(username); 186 (void)fprintf(stderr, "Login timed out after %d seconds\n", --- 102 unchanged lines hidden (view full) --- 289 } 290 291 /* 292 * Load the PAM policy and set some variables 293 */ 294 pam_err = pam_start("login", username, &pamc, &pamh); 295 if (pam_err != PAM_SUCCESS) { 296 pam_syslog("pam_start()"); |
297#ifdef USE_BSM_AUDIT |
|
295 au_login_fail("PAM Error", 1); | 298 au_login_fail("PAM Error", 1); |
299#endif |
|
296 bail(NO_SLEEP_EXIT, 1); 297 } 298 pam_err = pam_set_item(pamh, PAM_TTY, tty); 299 if (pam_err != PAM_SUCCESS) { 300 pam_syslog("pam_set_item(PAM_TTY)"); | 300 bail(NO_SLEEP_EXIT, 1); 301 } 302 pam_err = pam_set_item(pamh, PAM_TTY, tty); 303 if (pam_err != PAM_SUCCESS) { 304 pam_syslog("pam_set_item(PAM_TTY)"); |
305#ifdef USE_BSM_AUDIT |
|
301 au_login_fail("PAM Error", 1); | 306 au_login_fail("PAM Error", 1); |
307#endif |
|
302 bail(NO_SLEEP_EXIT, 1); 303 } 304 pam_err = pam_set_item(pamh, PAM_RHOST, hostname); 305 if (pam_err != PAM_SUCCESS) { 306 pam_syslog("pam_set_item(PAM_RHOST)"); | 308 bail(NO_SLEEP_EXIT, 1); 309 } 310 pam_err = pam_set_item(pamh, PAM_RHOST, hostname); 311 if (pam_err != PAM_SUCCESS) { 312 pam_syslog("pam_set_item(PAM_RHOST)"); |
313#ifdef USE_BSM_AUDIT |
|
307 au_login_fail("PAM Error", 1); | 314 au_login_fail("PAM Error", 1); |
315#endif |
|
308 bail(NO_SLEEP_EXIT, 1); 309 } 310 311 pwd = getpwnam(username); 312 if (pwd != NULL && pwd->pw_uid == 0) 313 rootlogin = 1; 314 315 /* 316 * If the -f option was specified and the caller is 317 * root or the caller isn't changing their uid, don't 318 * authenticate. 319 */ 320 if (pwd != NULL && fflag && 321 (uid == (uid_t)0 || uid == (uid_t)pwd->pw_uid)) { 322 /* already authenticated */ 323 rval = 0; | 316 bail(NO_SLEEP_EXIT, 1); 317 } 318 319 pwd = getpwnam(username); 320 if (pwd != NULL && pwd->pw_uid == 0) 321 rootlogin = 1; 322 323 /* 324 * If the -f option was specified and the caller is 325 * root or the caller isn't changing their uid, don't 326 * authenticate. 327 */ 328 if (pwd != NULL && fflag && 329 (uid == (uid_t)0 || uid == (uid_t)pwd->pw_uid)) { 330 /* already authenticated */ 331 rval = 0; |
332#ifdef USE_BSM_AUDIT |
|
324 auditsuccess = 0; /* opened a terminal window only */ | 333 auditsuccess = 0; /* opened a terminal window only */ |
334#endif |
|
325 } else { 326 fflag = 0; 327 (void)setpriority(PRIO_PROCESS, 0, -4); 328 rval = auth_pam(); 329 (void)setpriority(PRIO_PROCESS, 0, 0); 330 } 331 332 if (pwd && rval == 0) 333 break; 334 335 pam_cleanup(); 336 337 /* 338 * We are not exiting here, but this corresponds to a failed 339 * login event, so set exitstatus to 1. 340 */ | 335 } else { 336 fflag = 0; 337 (void)setpriority(PRIO_PROCESS, 0, -4); 338 rval = auth_pam(); 339 (void)setpriority(PRIO_PROCESS, 0, 0); 340 } 341 342 if (pwd && rval == 0) 343 break; 344 345 pam_cleanup(); 346 347 /* 348 * We are not exiting here, but this corresponds to a failed 349 * login event, so set exitstatus to 1. 350 */ |
351#ifdef USE_BSM_AUDIT |
|
341 au_login_fail("Login incorrect", 1); | 352 au_login_fail("Login incorrect", 1); |
353#endif |
|
342 343 (void)printf("Login incorrect\n"); 344 failures++; 345 346 pwd = NULL; 347 348 /* 349 * Allow up to 'retry' (10) attempts, but start --- 9 unchanged lines hidden (view full) --- 359 } 360 361 /* committed to login -- turn off timeout */ 362 (void)alarm((u_int)0); 363 (void)signal(SIGHUP, SIG_DFL); 364 365 endpwent(); 366 | 354 355 (void)printf("Login incorrect\n"); 356 failures++; 357 358 pwd = NULL; 359 360 /* 361 * Allow up to 'retry' (10) attempts, but start --- 9 unchanged lines hidden (view full) --- 371 } 372 373 /* committed to login -- turn off timeout */ 374 (void)alarm((u_int)0); 375 (void)signal(SIGHUP, SIG_DFL); 376 377 endpwent(); 378 |
379#ifdef USE_BSM_AUDIT |
|
367 /* Audit successful login. */ 368 if (auditsuccess) 369 au_login_success(); | 380 /* Audit successful login. */ 381 if (auditsuccess) 382 au_login_success(); |
383#endif |
|
370 371 /* 372 * Establish the login class. 373 */ 374 lc = login_getpwclass(pwd); 375 lc_user = login_getuserclass(pwd); 376 377 if (!(quietlog = login_getcapbool(lc_user, "hushlogin", 0))) --- 570 unchanged lines hidden (view full) --- 948/* 949 * Exit, optionally after sleeping a few seconds 950 */ 951void 952bail(int sec, int eval) 953{ 954 955 pam_cleanup(); | 384 385 /* 386 * Establish the login class. 387 */ 388 lc = login_getpwclass(pwd); 389 lc_user = login_getuserclass(pwd); 390 391 if (!(quietlog = login_getcapbool(lc_user, "hushlogin", 0))) --- 570 unchanged lines hidden (view full) --- 962/* 963 * Exit, optionally after sleeping a few seconds 964 */ 965void 966bail(int sec, int eval) 967{ 968 969 pam_cleanup(); |
970#ifdef USE_BSM_AUDIT |
|
956 if (pwd != NULL) 957 audit_logout(); | 971 if (pwd != NULL) 972 audit_logout(); |
973#endif |
|
958 (void)sleep(sec); 959 exit(eval); 960} | 974 (void)sleep(sec); 975 exit(eval); 976} |