694
1 /* login.c  Start a session on the system. 
2 * 
3 * Copyright 2012 Elie De Brauwer <eliedebrauwer@gmail.com> 
4 * 
5 * No support for PAM/securetty/selinux/login script/issue/utmp 
6 * Relies on libcrypt for hash calculation. 
7 
8 USE_LOGIN(NEWTOY(login, ">1fph:", TOYFLAG_BIN)) 
9 
10 config LOGIN 
11 bool "login" 
12 default y 
13 depends on TOYBOX_SHADOW 
14 help 
15 usage: login [p] [h host] [[f] username] 
16 
17 Establish a new session with the system. 
18 
19 p Preserve environment 
20 h The name of the remote host for this login 
21 f Do not perform authentication 
22 */ 
23 
24 #define FOR_login 
25 #include "toys.h" 
26 
27 #define USER_NAME_MAX_SIZE 32 
28 #define HOSTNAME_SIZE 32 
29 
30 GLOBALS( 
31 char *hostname; 
1354  32 
33 int login_timeout, login_fail_timeout;  
34 ) 
35 
36 static void login_timeout_handler(int sig __attribute__((unused))) 
37 { 
1354  38 printf("\nLogin timed out after %d seconds.\n", TT.login_timeout); 
39 exit(0); 
40 } 
41 
42 static char *forbid[] = { 
43 "BASH_ENV", "ENV", "HOME", "IFS", "LD_LIBRARY_PATH", "LD_PRELOAD", 
44 "LD_TRACE_LOADED_OBJECTS", "LD_BIND_NOW", "LD_AOUT_LIBRARY_PATH", 
45 "LD_AOUT_PRELOAD", "LD_NOWARN", "LD_KEEPDIR", "SHELL", NULL 
46 }; 
47 
48 int verify_password(char * pwd) 
49 { 
50 char *pass; 
51 
52 if (read_password(toybuf, sizeof(toybuf), "Password: ")) return 1; 
53 if (!pwd) return 1; 
54 if (pwd[0] == '!'  pwd[0] == '*') return 1; 
55 
56 pass = crypt(toybuf, pwd); 
57 if (pass && !strcmp(pass, pwd)) return 0; 
58 
59 return 1; 
60 } 
61 
62 void read_user(char * buff, int size) 
63 { 
64 char hostname[HOSTNAME_SIZE+1]; 
65 int i = 0; 
1354  66 
67 hostname[HOSTNAME_SIZE] = 0; 
1354  68 if (!gethostname(hostname, HOSTNAME_SIZE)) fputs(hostname, stdout); 
69 
70 fputs(" login: ", stdout); 
71 fflush(stdout); 
72 
73 do { 
74 int c = getchar(); 
75 if (c == EOF) exit(EXIT_FAILURE); 
1354  76 *buff = c; 
77 } while (isblank(*buff));  
78 
1354  79 if (*buff != '\n') if(!fgets(&buff[1], HOSTNAME_SIZE1, stdin)) _exit(1); 
80 
81 while(i<HOSTNAME_SIZE1 && isgraph(buff[i])) i++; 
82 buff[i] = 0; 
83 } 
84 
85 void handle_nologin(void) 
86 { 
87 int fd = open("/etc/nologin", O_RDONLY); 
88 int size; 
1354  89 
90 if (fd == 1) return; 
91 
92 size = readall(fd, toybuf,sizeof(toybuf)1); 
93 toybuf[size] = 0; 
94 if (!size) puts("System closed for routine maintenance\n"); 
95 else puts(toybuf); 
96 
97 close(fd); 
98 fflush(stdout); 
1354  99 exit(1); 
100 } 
101 
102 void handle_motd(void) 
103 { 
104 int fd = open("/etc/motd", O_RDONLY); 
105 int size; 
106 if (fd == 1) return; 
107 
108 size = readall(fd, toybuf,sizeof(toybuf)1); 
109 toybuf[size] = 0; 
110 puts(toybuf); 
111 
112 close(fd); 
113 fflush(stdout); 
114 } 
115 
116 void spawn_shell(const char *shell) 
117 { 
118 const char * exec_name = strrchr(shell,'/'); 
119 if (exec_name) exec_name++; 
120 else exec_name = shell; 
121 
122 snprintf(toybuf,sizeof(toybuf)1, "%s", shell); 
123 execl(shell, toybuf, NULL); 
124 error_exit("Failed to spawn shell"); 
125 } 
126 
127 void setup_environment(const struct passwd *pwd, int clear_env) 
128 { 
129 if (chdir(pwd>pw_dir)) printf("bad home dir: %s\n", pwd>pw_dir); 
130 
131 if (clear_env) { 
1354  132 const char *term = getenv("TERM"); 
133 clearenv(); 
134 if (term) setenv("TERM", term, 1); 
135 } 
136 
137 setenv("USER", pwd>pw_name, 1); 
138 setenv("LOGNAME", pwd>pw_name, 1); 
139 setenv("HOME", pwd>pw_dir, 1); 
140 setenv("SHELL", pwd>pw_shell, 1); 
141 } 
142 
143 void login_main(void) 
144 { 
145 int f_flag = toys.optflags & FLAG_f; 
146 int h_flag = toys.optflags & FLAG_h; 
1354  147 char username[33], *pass = NULL, **ss; 
148 struct passwd * pwd = NULL; 
149 struct spwd * spwd = NULL; 
150 int auth_fail_cnt = 0; 
151 
152 if (f_flag && toys.optc != 1) error_exit("f requires username"); 
153 
154 if (geteuid()) error_exit("not root"); 
155 
156 if (!isatty(0)  !isatty(1)  !isatty(2)) error_exit("no tty"); 
157 
158 openlog("login", LOG_PID  LOG_CONS, LOG_AUTH); 
159 xsignal(SIGALRM, login_timeout_handler); 
1354  160 alarm(TT.login_timeout = 60); 
161 
162 for (ss = forbid; *ss; ss++) unsetenv(*ss); 
163 
164 while (1) { 
165 tcflush(0, TCIFLUSH); 
166 
1354  167 username[sizeof(username)1] = 0; 
168 if (*toys.optargs) xstrncpy(username, *toys.optargs, sizeof(username)); 
169 else { 
1354  170 read_user(username, sizeof(username)); 
171 if (!*username) continue;  
172 } 
173 
174 pwd = getpwnam(username); 
175 if (!pwd) goto query_pass; // Nonexisting user 
176 
177 if (pwd>pw_passwd[0] == '!'  pwd>pw_passwd[0] == '*') 
178 goto query_pass; // Locked account 
179 
180 if (f_flag) break; // Preauthenticated 
181 
182 if (!pwd>pw_passwd[0]) break; // Passwordless account 
183 
184 pass = pwd>pw_passwd; 
185 if (pwd>pw_passwd[0] == 'x') { 
186 spwd = getspnam (username); 
187 if (spwd) pass = spwd>sp_pwdp; 
188 } 
189 
190 query_pass: 
191 if (!verify_password(pass)) break; 
192 
193 f_flag = 0; 
194 syslog(LOG_WARNING, "invalid password for '%s' on %s %s %s", username, 
195 ttyname(0), h_flag?"from":"", h_flag?TT.hostname:""); 
196 
1354  197 sleep(3); 
198 puts("Login incorrect"); 
199 
200 if (++auth_fail_cnt == 3) 
1354  201 error_exit("Maximum number of tries exceeded (3)\n"); 
202 
1354  203 *username = 0; 
204 pwd = 0;  
205 spwd = 0;  
206 } 
207 
208 alarm(0); 
209 
210 if (pwd>pw_uid) handle_nologin(); 
211 
212 xsetuser(pwd); 
213 
214 setup_environment(pwd, !(toys.optflags & FLAG_p)); 
215 
216 handle_motd(); 
217 
218 syslog(LOG_INFO, "%s logged in on %s %s %s", pwd>pw_name, 
219 ttyname(0), h_flag?"from":"", h_flag?TT.hostname:""); 
220 
221 spawn_shell(pwd>pw_shell); 
222 } 