/*
* Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
*/
-
#include "libbb.h"
#include <syslog.h>
-#include <utmp.h>
+#if ENABLE_FEATURE_UTMP
+# include <utmp.h> /* USER_PROCESS */
+#endif
#include <sys/resource.h>
#if ENABLE_SELINUX
-#include <selinux/selinux.h> /* for is_selinux_enabled() */
-#include <selinux/get_context_list.h> /* for get_default_context() */
-#include <selinux/flask.h> /* for security class definitions */
+# include <selinux/selinux.h> /* for is_selinux_enabled() */
+# include <selinux/get_context_list.h> /* for get_default_context() */
+# include <selinux/flask.h> /* for security class definitions */
#endif
#if ENABLE_PAM
/* PAM may include <locale.h>. We may need to undefine bbox's stub define: */
-#undef setlocale
+# undef setlocale
/* For some obscure reason, PAM is not in pam/xxx, but in security/xxx.
* Apparently they like to confuse people. */
-#include <security/pam_appl.h>
-#include <security/pam_misc.h>
+# include <security/pam_appl.h>
+# include <security/pam_misc.h>
static const struct pam_conv conv = {
misc_conv,
NULL
static char* short_tty;
-#if ENABLE_FEATURE_UTMP
-/* vv Taken from tinylogin utmp.c vv */
-/*
- * read_or_build_utent - see if utmp file is correct for this process
- *
- * System V is very picky about the contents of the utmp file
- * and requires that a slot for the current process exist.
- * The utmp file is scanned for an entry with the same process
- * ID. If no entry exists the process exits with a message.
- *
- * The "picky" flag is for network and other logins that may
- * use special flags. It allows the pid checks to be overridden.
- * This means that getty should never invoke login with any
- * command line flags.
- */
-
-static void read_or_build_utent(struct utmp *utptr, int run_by_root)
-{
- struct utmp *ut;
- pid_t pid = getpid();
-
- setutent();
-
- /* First, try to find a valid utmp entry for this process. */
- /* If there is one, just use it. */
- while ((ut = getutent()) != NULL)
- if (ut->ut_pid == pid && ut->ut_line[0] && ut->ut_id[0]
- && (ut->ut_type == LOGIN_PROCESS || ut->ut_type == USER_PROCESS)
- ) {
- *utptr = *ut; /* struct copy */
- if (run_by_root) /* why only for root? */
- memset(utptr->ut_host, 0, sizeof(utptr->ut_host));
- return;
- }
-
-// Why? Do we require non-root to exec login from another
-// former login process (e.g. login shell)? Some login's have
-// login shells as children, so it won't work...
-// if (!run_by_root)
-// bb_error_msg_and_die("no utmp entry found");
-
- /* Otherwise create a new one. */
- memset(utptr, 0, sizeof(*utptr));
- utptr->ut_type = LOGIN_PROCESS;
- utptr->ut_pid = pid;
- strncpy(utptr->ut_line, short_tty, sizeof(utptr->ut_line));
- /* This one is only 4 chars wide. Try to fit something
- * remotely meaningful by skipping "tty"... */
- strncpy(utptr->ut_id, short_tty + 3, sizeof(utptr->ut_id));
- strncpy(utptr->ut_user, "LOGIN", sizeof(utptr->ut_user));
- utptr->ut_tv.tv_sec = time(NULL);
-}
-
-/*
- * write_utent - put a USER_PROCESS entry in the utmp file
- *
- * write_utent changes the type of the current utmp entry to
- * USER_PROCESS. the wtmp file will be updated as well.
- */
-static void write_utent(struct utmp *utptr, const char *username)
-{
- utptr->ut_type = USER_PROCESS;
- strncpy(utptr->ut_user, username, sizeof(utptr->ut_user));
- utptr->ut_tv.tv_sec = time(NULL);
- /* other fields already filled in by read_or_build_utent above */
- setutent();
- pututline(utptr);
- endutent();
-#if ENABLE_FEATURE_WTMP
- if (access(bb_path_wtmp_file, R_OK|W_OK) == -1) {
- close(creat(bb_path_wtmp_file, 0664));
- }
- updwtmp(bb_path_wtmp_file, utptr);
-#endif
-}
-#else /* !ENABLE_FEATURE_UTMP */
-#define read_or_build_utent(utptr, run_by_root) ((void)0)
-#define write_utent(utptr, username) ((void)0)
-#endif /* !ENABLE_FEATURE_UTMP */
-
#if ENABLE_FEATURE_NOLOGIN
static void die_if_nologin(void)
{
puts("\r\nSystem closed for routine maintenance\r");
fclose(fp);
- fflush(NULL);
+ fflush_all();
/* Users say that they do need this prior to exit: */
tcdrain(STDOUT_FILENO);
exit(EXIT_FAILURE);
}
#else
-static ALWAYS_INLINE void die_if_nologin(void) {}
+# define die_if_nologin() ((void)0)
#endif
#if ENABLE_FEATURE_SECURETTY && !ENABLE_PAM
return;
if (get_default_context(username, NULL, user_sid)) {
- bb_error_msg_and_die("cannot get SID for %s", username);
+ bb_error_msg_and_die("can't get SID for %s", username);
}
if (getfilecon(full_tty, &old_tty_sid) < 0) {
bb_perror_msg_and_die("getfilecon(%s) failed", full_tty);
/* skip whitespace */
do {
c = getchar();
- if (c == EOF) exit(EXIT_FAILURE);
+ if (c == EOF)
+ exit(EXIT_FAILURE);
if (c == '\n') {
- if (!--cntdown) exit(EXIT_FAILURE);
+ if (!--cntdown)
+ exit(EXIT_FAILURE);
goto prompt;
}
- } while (isspace(c));
+ } while (isspace(c)); /* maybe isblank? */
*buf++ = c;
if (!fgets(buf, size_buf-2, stdin))
exit(EXIT_FAILURE);
if (!strchr(buf, '\n'))
exit(EXIT_FAILURE);
- while (isgraph(*buf)) buf++;
+ while ((unsigned char)*buf > ' ')
+ buf++;
*buf = '\0';
}
fd = open(bb_path_motd_file, O_RDONLY);
if (fd >= 0) {
- fflush(stdout);
+ fflush_all();
bb_copyfd_eof(fd, STDOUT_FILENO);
close(fd);
}
* We don't want to block here */
ndelay_on(1);
printf("\r\nLogin timed out after %d seconds\r\n", TIMEOUT);
- fflush(stdout);
+ fflush_all();
/* unix API is brain damaged regarding O_NONBLOCK,
* we should undo it, or else we can affect other processes */
ndelay_off(1);
unsigned opt;
int count = 0;
struct passwd *pw;
- char *opt_host = opt_host; /* for compiler */
+ char *opt_host = NULL;
char *opt_user = opt_user; /* for compiler */
char *full_tty;
- USE_SELINUX(security_context_t user_sid = NULL;)
- USE_FEATURE_UTMP(struct utmp utent;)
+ IF_SELINUX(security_context_t user_sid = NULL;)
#if ENABLE_PAM
int pamret;
pam_handle_t *pamh;
if (strncmp(full_tty, "/dev/", 5) == 0)
short_tty += 5;
- read_or_build_utent(&utent, run_by_root);
-
- if (opt & LOGIN_OPT_h) {
- USE_FEATURE_UTMP(safe_strncpy(utent.ut_host, opt_host, sizeof(utent.ut_host));)
+ if (opt_host) {
fromhost = xasprintf(" on '%s' from '%s'", short_tty, opt_host);
} else {
fromhost = xasprintf(" on '%s'", short_tty);
break; /* success, continue login process */
pam_auth_failed:
- bb_error_msg("pam_%s call failed: %s (%d)", failed_msg,
+ /* syslog, because we don't want potential attacker
+ * to know _why_ login failed */
+ syslog(LOG_WARNING, "pam_%s call failed: %s (%d)", failed_msg,
pam_strerror(pamh, pamret), pamret);
safe_strncpy(username, "UNKNOWN", sizeof(username));
#else /* not PAM */
if (pw->pw_uid != 0)
die_if_nologin();
- write_utent(&utent, username);
-
- USE_SELINUX(initselinux(username, full_tty, &user_sid));
+ IF_SELINUX(initselinux(username, full_tty, &user_sid));
/* Try these, but don't complain if they fail.
* _f_chown is safe wrt race t=ttyname(0);...;chown(t); */
fchown(0, pw->pw_uid, pw->pw_gid);
fchmod(0, 0600);
+ update_utmp(getpid(), USER_PROCESS, short_tty, username, run_by_root ? opt_host : NULL);
+
/* We trust environment only if we run by root */
- if (ENABLE_LOGIN_SCRIPTS && run_by_root)
+ if (ENABLE_LOGIN_SCRIPTS && run_by_root)
run_login_script(pw, full_tty);
change_identity(pw);
tmp = pw->pw_shell;
if (!tmp || !*tmp)
tmp = DEFAULT_SHELL;
- /* setup_environment params: shell, clear_env, change_env, pw */
- setup_environment(tmp, !(opt & LOGIN_OPT_p), 1, pw);
+ setup_environment(tmp,
+ (!(opt & LOGIN_OPT_p) * SETUP_ENV_CLEARENV) + SETUP_ENV_CHANGEENV,
+ pw);
motd();
/* well, a simple setexeccon() here would do the job as well,
* but let's play the game for now */
- USE_SELINUX(set_current_security_context(user_sid);)
+ IF_SELINUX(set_current_security_context(user_sid);)
// util-linux login also does:
// /* start new session */