USE_FEATURE_UTMP(
safe_strncpy(utent.ut_host, opt_host, sizeof(utent.ut_host));
)
- snprintf(fromhost, sizeof(fromhost)-1, " on `%.100s' from "
- "`%.200s'", short_tty, opt_host);
+ snprintf(fromhost, sizeof(fromhost)-1, " on '%.100s' from "
+ "'%.200s'", short_tty, opt_host);
}
else
- snprintf(fromhost, sizeof(fromhost)-1, " on `%.100s'", short_tty);
+ snprintf(fromhost, sizeof(fromhost)-1, " on '%.100s'", short_tty);
bb_setpgrp;
bb_do_delay(FAIL_DELAY);
puts("Login incorrect");
if (++count == 3) {
- syslog(LOG_WARNING, "invalid password for `%s'%s",
+ syslog(LOG_WARNING, "invalid password for '%s'%s",
username, fromhost);
return EXIT_FAILURE;
}
security_context_t old_tty_sid, new_tty_sid;
if (get_default_context(username, NULL, &user_sid)) {
- bb_error_msg_and_die("unable to get SID for %s",
+ bb_error_msg_and_die("cannot get SID for %s",
username);
}
if (getfilecon(full_tty, &old_tty_sid) < 0) {
- bb_perror_msg_and_die("getfilecon(%.100s) failed",
+ bb_perror_msg_and_die("getfilecon(%s) failed",
full_tty);
}
if (security_compute_relabel(user_sid, old_tty_sid,
SECCLASS_CHR_FILE, &new_tty_sid) != 0) {
- bb_perror_msg_and_die("security_change_sid(%.100s) failed",
+ bb_perror_msg_and_die("security_change_sid(%s) failed",
full_tty);
}
if (setfilecon(full_tty, new_tty_sid) != 0) {
- bb_perror_msg_and_die("chsid(%.100s, %s) failed",
+ bb_perror_msg_and_die("chsid(%s, %s) failed",
full_tty, new_tty_sid);
}
}
fchown(0, pw->pw_uid, pw->pw_gid);
fchmod(0, 0600);
+ /* TODO: be nommu-friendly, use spawn? */
if (ENABLE_LOGIN_SCRIPTS) {
char *script = getenv("LOGIN_PRE_SUID_SCRIPT");
if (script) {
setup_environment(tmp, 1, !(opt & LOGIN_OPT_p), pw);
motd();
- signal(SIGALRM, SIG_DFL); /* default alarm signal */
if (pw->pw_uid == 0)
syslog(LOG_INFO, "root login%s", fromhost);
* but let's play the game for now */
set_current_security_context(user_sid);
#endif
- run_shell(tmp, 1, 0, 0); /* exec the shell finally. */
+
+ // util-linux login also does:
+ // /* start new session */
+ // setsid();
+ // /* TIOCSCTTY: steal tty from other process group */
+ // if (ioctl(0, TIOCSCTTY, 1)) error_msg...
+
+ /* set signals to defaults */
+ signal(SIGALRM, SIG_DFL);
+ /* Is this correct? This way user can ctrl-c out of /etc/profile,
+ * potentially creating security breach (tested with bash 3.0).
+ * But without this, bash 3.0 will not enable ctrl-c either.
+ * Maybe bash is buggy?
+ * Need to find out what standards say about /bin/login -
+ * should it leave SIGINT etc enabled or disabled? */
+ signal(SIGINT, SIG_DFL);
+
+ run_shell(tmp, 1, 0, 0); /* exec the shell finally */
return EXIT_FAILURE;
}