Mercurial > hg > toybox
comparison toys/login.c @ 572:8a88a9e3c30b
Adding initial version of login.c
author | Elie De Brauwer <eliedebrauwer@gmail.com> |
---|---|
date | Tue, 24 Apr 2012 23:09:27 +0200 |
parents | |
children | 98bde84a888c |
comparison
equal
deleted
inserted
replaced
571:1a06fcaa1775 | 572:8a88a9e3c30b |
---|---|
1 /* vi: set sw=4 ts=4: | |
2 * | |
3 * login.c - Start a session on the system. | |
4 * | |
5 * Copyright 2012 Elie De Brauwer <eliedebrauwer@gmail.com> | |
6 * | |
7 * Not in SUSv4. | |
8 * No support for PAM/securetty/selinux/login script/issue/utmp | |
9 * Relies on libcrypt for hash calculation. | |
10 | |
11 USE_LOGIN(NEWTOY(login, ">1fph:", TOYFLAG_BIN)) | |
12 | |
13 config LOGIN | |
14 bool "login" | |
15 default y | |
16 help | |
17 usage: login [-p] [-h host] [[-f] username] | |
18 | |
19 Establish a new session with the system. | |
20 -p Preserve environment | |
21 -h The name of the remote host for this login | |
22 -f Do not perform authentication | |
23 */ | |
24 | |
25 #include "toys.h" | |
26 | |
27 #define LOGIN_TIMEOUT 60 | |
28 #define LOGIN_FAIL_TIMEOUT 3 | |
29 #define USER_NAME_MAX_SIZE 32 | |
30 #define HOSTNAME_SIZE 32 | |
31 | |
32 DEFINE_GLOBALS( | |
33 char * hostname; | |
34 ) | |
35 #define TT this.login | |
36 | |
37 static void login_timeout_handler(int sig __attribute__((unused))) | |
38 { | |
39 printf("\nLogin timed out after %d seconds.\n", LOGIN_TIMEOUT); | |
40 exit(0); | |
41 } | |
42 | |
43 static const char *forbid[] = { | |
44 "BASH_ENV", | |
45 "ENV", | |
46 "HOME", | |
47 "IFS", | |
48 "LD_LIBRARY_PATH", | |
49 "LD_PRELOAD", | |
50 "LD_TRACE_LOADED_OBJECTS", | |
51 "LD_BIND_NOW", | |
52 "LD_AOUT_LIBRARY_PATH", | |
53 "LD_AOUT_PRELOAD", | |
54 "LD_NOWARN", | |
55 "LD_KEEPDIR", | |
56 "SHELL", | |
57 NULL | |
58 }; | |
59 | |
60 // Unset dangerous environment variables. | |
61 void sanitize_env() | |
62 { | |
63 const char **p = forbid; | |
64 do { | |
65 unsetenv(*p); | |
66 p++; | |
67 } while (*p); | |
68 } | |
69 | |
70 int read_password(char * buff, int buflen) | |
71 { | |
72 int i = 0; | |
73 struct termios termio, oldtermio; | |
74 tcgetattr(0, &oldtermio); | |
75 tcflush(0, TCIFLUSH); | |
76 termio = oldtermio; | |
77 | |
78 termio.c_iflag &= ~(IUCLC|IXON|IXOFF|IXANY); | |
79 termio.c_lflag &= ~(ECHO|ECHOE|ECHOK|ECHONL|TOSTOP); | |
80 tcsetattr(0, TCSANOW, &termio); | |
81 | |
82 fputs("Password: ", stdout); | |
83 fflush(stdout); | |
84 | |
85 while (1) { | |
86 int ret = read(0, &buff[i], 1); | |
87 if ( ret < 0 ) | |
88 { | |
89 buff[0] = 0; | |
90 tcsetattr(0, TCSANOW, &oldtermio); | |
91 return 1; | |
92 } | |
93 else if ( ret == 0 || buff[i] == '\n' || | |
94 buff[i] == '\r' || buflen == i+1) | |
95 { | |
96 buff[i] = '\0'; | |
97 break; | |
98 } | |
99 i++; | |
100 } | |
101 | |
102 tcsetattr(0, TCSANOW, &oldtermio); | |
103 puts("\n"); | |
104 fflush(stdout); | |
105 return 0; | |
106 } | |
107 | |
108 int verify_password(char * pwd) | |
109 { | |
110 char * pass; | |
111 | |
112 if (read_password(toybuf, sizeof(toybuf))) | |
113 return 1; | |
114 if (!pwd) | |
115 return 1; | |
116 if (pwd[0] == '!' || pwd[0] == '*') | |
117 return 1; | |
118 | |
119 pass = crypt(toybuf, pwd); | |
120 if (pass != NULL && strcmp(pass, pwd)==0) | |
121 return 0; | |
122 | |
123 return 1; | |
124 } | |
125 | |
126 void read_user(char * buff, int size) | |
127 { | |
128 char hostname[HOSTNAME_SIZE+1]; | |
129 int i = 0; | |
130 hostname[HOSTNAME_SIZE] = 0; | |
131 if(!gethostname(hostname, HOSTNAME_SIZE)) | |
132 fputs(hostname, stdout); | |
133 | |
134 fputs(" login: ", stdout); | |
135 fflush(stdout); | |
136 | |
137 do { | |
138 buff[0] = getchar(); | |
139 if (buff[0] == EOF) | |
140 exit(EXIT_FAILURE); | |
141 } while (isblank(buff[0])); | |
142 | |
143 if (buff[0] != '\n') | |
144 if(!fgets(&buff[1], HOSTNAME_SIZE-1, stdin)) | |
145 _exit(1); | |
146 | |
147 while(i<HOSTNAME_SIZE-1 && isgraph(buff[i])) | |
148 { | |
149 i++; | |
150 } | |
151 buff[i] = 0; | |
152 } | |
153 | |
154 void handle_nologin(void) | |
155 { | |
156 int fd = open("/etc/nologin", O_RDONLY); | |
157 int size; | |
158 if (fd == -1) | |
159 return; | |
160 | |
161 size = readall(fd, toybuf,sizeof(toybuf)-1); | |
162 toybuf[size] = 0; | |
163 if (!size) | |
164 puts("System closed for routine maintenance\n"); | |
165 else | |
166 puts(toybuf); | |
167 | |
168 close(fd); | |
169 fflush(stdout); | |
170 exit(EXIT_FAILURE); | |
171 } | |
172 | |
173 void handle_motd(void) | |
174 { | |
175 int fd = open("/etc/motd", O_RDONLY); | |
176 int size; | |
177 if (fd == -1) | |
178 return; | |
179 | |
180 size = readall(fd, toybuf,sizeof(toybuf)-1); | |
181 toybuf[size] = 0; | |
182 puts(toybuf); | |
183 | |
184 close(fd); | |
185 fflush(stdout); | |
186 } | |
187 | |
188 int change_identity(const struct passwd *pwd) | |
189 { | |
190 if (initgroups(pwd->pw_name,pwd->pw_gid)) | |
191 return 1; | |
192 if (setgid(pwd->pw_uid)) | |
193 return 1; | |
194 if (setuid(pwd->pw_uid)) | |
195 return 1; | |
196 | |
197 return 0; | |
198 } | |
199 | |
200 void spawn_shell(const char *shell) | |
201 { | |
202 const char * exec_name = strrchr(shell,'/'); | |
203 if (exec_name) | |
204 exec_name++; | |
205 else | |
206 exec_name = shell; | |
207 | |
208 snprintf(toybuf,sizeof(toybuf)-1, "-%s", shell); | |
209 execl(shell, toybuf, NULL); | |
210 error_exit("Failed to spawn shell"); | |
211 } | |
212 | |
213 void setup_environment(const struct passwd *pwd, int clear_env) | |
214 { | |
215 if (chdir(pwd->pw_dir)) | |
216 printf("can't chdir to home directory: %s\n", pwd->pw_dir); | |
217 | |
218 if (clear_env) | |
219 { | |
220 const char * term = getenv("TERM"); | |
221 clearenv(); | |
222 if (term) setenv("TERM", term, 1); | |
223 } | |
224 | |
225 setenv("USER", pwd->pw_name, 1); | |
226 setenv("LOGNAME", pwd->pw_name, 1); | |
227 setenv("HOME", pwd->pw_dir, 1); | |
228 setenv("SHELL", pwd->pw_shell, 1); | |
229 } | |
230 | |
231 void login_main(void) | |
232 { | |
233 int f_flag = (toys.optflags & 4) >> 2; | |
234 int p_flag = (toys.optflags & 2) >> 1; | |
235 int h_flag = toys.optflags & 1; | |
236 char username[USER_NAME_MAX_SIZE+1]; | |
237 struct passwd * pwd = NULL; | |
238 struct spwd * spwd = NULL; | |
239 char *pass = NULL; | |
240 int auth_fail_cnt = 0; | |
241 | |
242 if (f_flag && toys.optc != 1) | |
243 error_exit("-f requires username"); | |
244 | |
245 if (geteuid() != 0 ) | |
246 error_exit("Cannot possibly work without effective root"); | |
247 | |
248 if (!isatty(0) || !isatty(1) || !isatty(2)) | |
249 error_exit("Not connected to a tty"); | |
250 | |
251 openlog("login", LOG_PID | LOG_CONS, LOG_AUTH); | |
252 signal(SIGALRM, login_timeout_handler); | |
253 alarm(LOGIN_TIMEOUT); | |
254 sanitize_env(); | |
255 | |
256 while (1) { | |
257 tcflush(0, TCIFLUSH); | |
258 | |
259 username[USER_NAME_MAX_SIZE] = 0; | |
260 if (toys.optargs[0]) | |
261 strncpy(username, toys.optargs[0], USER_NAME_MAX_SIZE); | |
262 else { | |
263 read_user(username, USER_NAME_MAX_SIZE+1); | |
264 if (username[0] == 0) | |
265 continue; | |
266 } | |
267 | |
268 pwd = getpwnam(username); | |
269 if (!pwd) | |
270 goto query_pass; // Non-existing user | |
271 | |
272 if (pwd->pw_passwd[0] == '!' || pwd->pw_passwd[0] == '*') | |
273 goto query_pass; // Locked account | |
274 | |
275 if (f_flag) | |
276 break; // Pre-authenticated | |
277 | |
278 if (pwd->pw_passwd[0] == '\0') | |
279 break; // Password-less account | |
280 | |
281 pass = pwd->pw_passwd; | |
282 if (pwd->pw_passwd[0] == 'x') { | |
283 spwd = getspnam (username); | |
284 if (spwd) | |
285 pass = spwd->sp_pwdp; | |
286 } | |
287 | |
288 query_pass: | |
289 if (!verify_password(pass)) | |
290 break; | |
291 | |
292 f_flag = 0; | |
293 syslog(LOG_WARNING, "invalid password for '%s' on %s %s %s", username, | |
294 ttyname(0), | |
295 (h_flag)?"from":"", | |
296 (h_flag)?TT.hostname:""); | |
297 | |
298 sleep(LOGIN_FAIL_TIMEOUT); | |
299 puts("Login incorrect"); | |
300 | |
301 if (++auth_fail_cnt == 3) | |
302 { | |
303 error_exit("Maximum number of tries exceeded (%d)\n", auth_fail_cnt); | |
304 } | |
305 | |
306 username[0] = 0; | |
307 pwd = NULL; | |
308 spwd = NULL; | |
309 } | |
310 | |
311 alarm(0); | |
312 | |
313 if (pwd->pw_uid) | |
314 handle_nologin(); | |
315 | |
316 if (change_identity(pwd)) | |
317 error_exit("Failed to change identity"); | |
318 | |
319 setup_environment(pwd, !p_flag); | |
320 | |
321 handle_motd(); | |
322 | |
323 syslog(LOG_INFO, "%s logged in on %s %s %s", pwd->pw_name, | |
324 ttyname(0), | |
325 (h_flag)?"from":"", | |
326 (h_flag)?TT.hostname:""); | |
327 | |
328 spawn_shell(pwd->pw_shell); | |
329 } |