mirror of
https://github.com/sheumann/hush.git
synced 2024-11-05 06:07:00 +00:00
484 lines
10 KiB
C
484 lines
10 KiB
C
/* vi: set sw=4 ts=4: */
|
|
#include <fcntl.h>
|
|
#include <signal.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <syslog.h>
|
|
#include <termios.h>
|
|
#include <unistd.h>
|
|
#include <utmp.h>
|
|
#include <sys/resource.h>
|
|
#include <sys/stat.h>
|
|
#include <sys/time.h>
|
|
#include <sys/types.h>
|
|
#include <ctype.h>
|
|
#include <time.h>
|
|
|
|
#include "busybox.h"
|
|
#ifdef CONFIG_SELINUX
|
|
#include <flask_util.h>
|
|
#include <get_sid_list.h>
|
|
#include <proc_secure.h>
|
|
#include <fs_secure.h>
|
|
#endif
|
|
|
|
#ifdef CONFIG_FEATURE_U_W_TMP
|
|
// import from utmp.c
|
|
static void checkutmp(int picky);
|
|
static void setutmp(const char *name, const char *line);
|
|
/* Stuff global to this file */
|
|
struct utmp utent;
|
|
#endif
|
|
|
|
// login defines
|
|
#define TIMEOUT 60
|
|
#define EMPTY_USERNAME_COUNT 10
|
|
#define USERNAME_SIZE 32
|
|
|
|
|
|
static int check_nologin ( int amroot );
|
|
|
|
#if defined CONFIG_FEATURE_SECURETTY
|
|
static int check_tty ( const char *tty );
|
|
|
|
#else
|
|
static inline int check_tty ( const char *tty ) { return 1; }
|
|
|
|
#endif
|
|
|
|
static int is_my_tty ( const char *tty );
|
|
static int login_prompt ( char *buf_name );
|
|
static void motd ( void );
|
|
|
|
|
|
static void alarm_handler ( int sig )
|
|
{
|
|
fprintf (stderr, "\nLogin timed out after %d seconds.\n", TIMEOUT );
|
|
exit ( EXIT_SUCCESS );
|
|
}
|
|
|
|
|
|
extern int login_main(int argc, char **argv)
|
|
{
|
|
char tty[BUFSIZ];
|
|
char full_tty[200];
|
|
char fromhost[512];
|
|
char username[USERNAME_SIZE];
|
|
const char *tmp;
|
|
int amroot;
|
|
int flag;
|
|
int failed;
|
|
int count=0;
|
|
struct passwd *pw, pw_copy;
|
|
#ifdef CONFIG_WHEEL_GROUP
|
|
struct group *grp;
|
|
#endif
|
|
int opt_preserve = 0;
|
|
int opt_fflag = 0;
|
|
char *opt_host = 0;
|
|
int alarmstarted = 0;
|
|
#ifdef CONFIG_SELINUX
|
|
int flask_enabled = is_flask_enabled();
|
|
security_id_t sid = 0, old_tty_sid, new_tty_sid;
|
|
#endif
|
|
|
|
username[0]=0;
|
|
amroot = ( getuid ( ) == 0 );
|
|
signal ( SIGALRM, alarm_handler );
|
|
alarm ( TIMEOUT );
|
|
alarmstarted = 1;
|
|
|
|
while (( flag = getopt(argc, argv, "f:h:p")) != EOF ) {
|
|
switch ( flag ) {
|
|
case 'p':
|
|
opt_preserve = 1;
|
|
break;
|
|
case 'f':
|
|
/*
|
|
* username must be a seperate token
|
|
* (-f root, *NOT* -froot). --marekm
|
|
*/
|
|
if ( optarg != argv[optind-1] )
|
|
bb_show_usage( );
|
|
|
|
if ( !amroot ) /* Auth bypass only if real UID is zero */
|
|
bb_error_msg_and_die ( "-f permission denied" );
|
|
|
|
safe_strncpy(username, optarg, USERNAME_SIZE);
|
|
opt_fflag = 1;
|
|
break;
|
|
case 'h':
|
|
opt_host = optarg;
|
|
break;
|
|
default:
|
|
bb_show_usage( );
|
|
}
|
|
}
|
|
|
|
if (optind < argc) // user from command line (getty)
|
|
safe_strncpy(username, argv[optind], USERNAME_SIZE);
|
|
|
|
if ( !isatty ( 0 ) || !isatty ( 1 ) || !isatty ( 2 ))
|
|
return EXIT_FAILURE; /* Must be a terminal */
|
|
|
|
#ifdef CONFIG_FEATURE_U_W_TMP
|
|
checkutmp ( !amroot );
|
|
#endif
|
|
|
|
tmp = ttyname ( 0 );
|
|
if ( tmp )
|
|
safe_strncpy ( tty, tmp, sizeof( tty ));
|
|
else
|
|
safe_strncpy ( tty, "UNKNOWN", sizeof( tty ));
|
|
|
|
#ifdef CONFIG_FEATURE_U_W_TMP
|
|
if ( amroot )
|
|
memset ( utent.ut_host, 0, sizeof utent.ut_host );
|
|
#endif
|
|
|
|
if ( opt_host ) {
|
|
#ifdef CONFIG_FEATURE_U_W_TMP
|
|
safe_strncpy ( utent.ut_host, opt_host, sizeof( utent. ut_host ));
|
|
#endif
|
|
snprintf ( fromhost, sizeof( fromhost ) - 1, " on `%.100s' from `%.200s'", tty, opt_host );
|
|
}
|
|
else
|
|
snprintf ( fromhost, sizeof( fromhost ) - 1, " on `%.100s'", tty );
|
|
|
|
setpgrp();
|
|
|
|
openlog ( "login", LOG_PID | LOG_CONS | LOG_NOWAIT, LOG_AUTH );
|
|
|
|
while ( 1 ) {
|
|
failed = 0;
|
|
|
|
if ( !username[0] )
|
|
if(!login_prompt ( username ))
|
|
return EXIT_FAILURE;
|
|
|
|
if ( !alarmstarted && ( TIMEOUT > 0 )) {
|
|
alarm ( TIMEOUT );
|
|
alarmstarted = 1;
|
|
}
|
|
|
|
if (!( pw = getpwnam ( username ))) {
|
|
pw_copy.pw_name = "UNKNOWN";
|
|
pw_copy.pw_passwd = "!";
|
|
opt_fflag = 0;
|
|
failed = 1;
|
|
} else
|
|
pw_copy = *pw;
|
|
|
|
pw = &pw_copy;
|
|
|
|
if (( pw-> pw_passwd [0] == '!' ) || ( pw-> pw_passwd[0] == '*' ))
|
|
failed = 1;
|
|
|
|
if ( opt_fflag ) {
|
|
opt_fflag = 0;
|
|
goto auth_ok;
|
|
}
|
|
|
|
if (!failed && ( pw-> pw_uid == 0 ) && ( !check_tty ( tty )))
|
|
failed = 1;
|
|
|
|
/* Don't check the password if password entry is empty (!) */
|
|
if ( !pw-> pw_passwd[0] )
|
|
goto auth_ok;
|
|
|
|
/* authorization takes place here */
|
|
if ( correct_password ( pw ))
|
|
goto auth_ok;
|
|
|
|
failed = 1;
|
|
|
|
auth_ok:
|
|
if ( !failed)
|
|
break;
|
|
|
|
{ // delay next try
|
|
time_t start, now;
|
|
|
|
time ( &start );
|
|
now = start;
|
|
while ( difftime ( now, start ) < FAIL_DELAY) {
|
|
sleep ( FAIL_DELAY );
|
|
time ( &now );
|
|
}
|
|
}
|
|
|
|
puts("Login incorrect");
|
|
username[0] = 0;
|
|
if ( ++count == 3 ) {
|
|
syslog ( LOG_WARNING, "invalid password for `%s'%s\n", pw->pw_name, fromhost);
|
|
return EXIT_FAILURE;
|
|
}
|
|
}
|
|
|
|
alarm ( 0 );
|
|
if ( check_nologin ( pw-> pw_uid == 0 ))
|
|
return EXIT_FAILURE;
|
|
|
|
#ifdef CONFIG_FEATURE_U_W_TMP
|
|
setutmp ( username, tty );
|
|
#endif
|
|
#ifdef CONFIG_SELINUX
|
|
if (flask_enabled)
|
|
{
|
|
struct stat st;
|
|
|
|
if (get_default_sid(username, 0, &sid))
|
|
{
|
|
fprintf(stderr, "Unable to get SID for %s\n", username);
|
|
exit(1);
|
|
}
|
|
if (stat_secure(tty, &st, &old_tty_sid))
|
|
{
|
|
fprintf(stderr, "stat_secure(%.100s) failed: %.100s\n", tty, strerror(errno));
|
|
return EXIT_FAILURE;
|
|
}
|
|
if (security_change_sid (sid, old_tty_sid, SECCLASS_CHR_FILE, &new_tty_sid) != 0)
|
|
{
|
|
fprintf(stderr, "security_change_sid(%.100s) failed: %.100s\n", tty, strerror(errno));
|
|
return EXIT_FAILURE;
|
|
}
|
|
if(chsid(tty, new_tty_sid) != 0)
|
|
{
|
|
fprintf(stderr, "chsid(%.100s, %d) failed: %.100s\n", tty, new_tty_sid, strerror(errno));
|
|
return EXIT_FAILURE;
|
|
}
|
|
}
|
|
else
|
|
sid = 0;
|
|
#endif
|
|
|
|
if ( *tty != '/' )
|
|
snprintf ( full_tty, sizeof( full_tty ) - 1, "/dev/%s", tty);
|
|
else
|
|
safe_strncpy ( full_tty, tty, sizeof( full_tty ) - 1 );
|
|
|
|
if ( !is_my_tty ( full_tty ))
|
|
syslog ( LOG_ERR, "unable to determine TTY name, got %s\n", full_tty );
|
|
|
|
/* Try these, but don't complain if they fail
|
|
* (for example when the root fs is read only) */
|
|
chown ( full_tty, pw-> pw_uid, pw-> pw_gid );
|
|
chmod ( full_tty, 0600 );
|
|
|
|
change_identity ( pw );
|
|
tmp = pw-> pw_shell;
|
|
if(!tmp || !*tmp)
|
|
tmp = DEFAULT_SHELL;
|
|
setup_environment ( tmp, 1, !opt_preserve, pw );
|
|
|
|
motd ( );
|
|
signal ( SIGALRM, SIG_DFL ); /* default alarm signal */
|
|
|
|
if ( pw-> pw_uid == 0 )
|
|
syslog ( LOG_INFO, "root login %s\n", fromhost );
|
|
run_shell ( tmp, 1, 0, 0
|
|
#ifdef CONFIG_SELINUX
|
|
, sid
|
|
#endif
|
|
); /* exec the shell finally. */
|
|
|
|
return EXIT_FAILURE;
|
|
}
|
|
|
|
|
|
|
|
static int login_prompt ( char *buf_name )
|
|
{
|
|
char buf [1024];
|
|
char *sp, *ep;
|
|
int i;
|
|
|
|
for(i=0; i<EMPTY_USERNAME_COUNT; i++) {
|
|
print_login_prompt();
|
|
|
|
if ( !fgets ( buf, sizeof( buf ) - 1, stdin ))
|
|
return 0;
|
|
|
|
if ( !strchr ( buf, '\n' ))
|
|
return 0;
|
|
|
|
for ( sp = buf; isspace ( *sp ); sp++ ) { }
|
|
for ( ep = sp; isgraph ( *ep ); ep++ ) { }
|
|
|
|
*ep = 0;
|
|
safe_strncpy(buf_name, sp, USERNAME_SIZE);
|
|
if(buf_name[0])
|
|
return 1;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
|
|
static int check_nologin ( int amroot )
|
|
{
|
|
if ( access ( bb_path_nologin_file, F_OK ) == 0 ) {
|
|
FILE *fp;
|
|
int c;
|
|
|
|
if (( fp = fopen ( bb_path_nologin_file, "r" ))) {
|
|
while (( c = getc ( fp )) != EOF )
|
|
putchar (( c == '\n' ) ? '\r' : c );
|
|
|
|
fflush ( stdout );
|
|
fclose ( fp );
|
|
} else {
|
|
puts ( "\r\nSystem closed for routine maintenance.\r" );
|
|
}
|
|
if ( !amroot )
|
|
return 1;
|
|
|
|
puts ( "\r\n[Disconnect bypassed -- root login allowed.]\r" );
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
#ifdef CONFIG_FEATURE_SECURETTY
|
|
|
|
static int check_tty ( const char *tty )
|
|
{
|
|
FILE *fp;
|
|
int i;
|
|
char buf[BUFSIZ];
|
|
|
|
if (( fp = fopen ( bb_path_securetty_file, "r" ))) {
|
|
while ( fgets ( buf, sizeof( buf ) - 1, fp )) {
|
|
for ( i = bb_strlen( buf ) - 1; i >= 0; --i ) {
|
|
if ( !isspace ( buf[i] ))
|
|
break;
|
|
}
|
|
buf[++i] = '\0';
|
|
if (( buf [0] == '\0' ) || ( buf [0] == '#' ))
|
|
continue;
|
|
|
|
if ( strcmp ( buf, tty ) == 0 ) {
|
|
fclose ( fp );
|
|
return 1;
|
|
}
|
|
}
|
|
fclose(fp);
|
|
return 0;
|
|
}
|
|
/* A missing securetty file is not an error. */
|
|
return 1;
|
|
}
|
|
|
|
#endif
|
|
|
|
/* returns 1 if true */
|
|
static int is_my_tty ( const char *tty )
|
|
{
|
|
struct stat by_name, by_fd;
|
|
|
|
if ( stat ( tty, &by_name ) || fstat ( 0, &by_fd ))
|
|
return 0;
|
|
|
|
if ( by_name. st_rdev != by_fd. st_rdev )
|
|
return 0;
|
|
else
|
|
return 1;
|
|
}
|
|
|
|
|
|
static void motd ( )
|
|
{
|
|
FILE *fp;
|
|
register int c;
|
|
|
|
if (( fp = fopen ( bb_path_motd_file, "r" ))) {
|
|
while (( c = getc ( fp )) != EOF )
|
|
putchar ( c );
|
|
fclose ( fp );
|
|
}
|
|
}
|
|
|
|
|
|
#ifdef CONFIG_FEATURE_U_W_TMP
|
|
// vv Taken from tinylogin utmp.c vv
|
|
|
|
#define _WTMP_FILE "/var/log/wtmp"
|
|
|
|
#define NO_UTENT \
|
|
"No utmp entry. You must exec \"login\" from the lowest level \"sh\""
|
|
#define NO_TTY \
|
|
"Unable to determine your tty name."
|
|
|
|
/*
|
|
* checkutmp - see if utmp file is correct for this process
|
|
*
|
|
* System V is very picky about the contents of the utmp file
|
|
* and requires that a slot for the current process exist.
|
|
* The utmp file is scanned for an entry with the same process
|
|
* ID. If no entry exists the process exits with a message.
|
|
*
|
|
* The "picky" flag is for network and other logins that may
|
|
* use special flags. It allows the pid checks to be overridden.
|
|
* This means that getty should never invoke login with any
|
|
* command line flags.
|
|
*/
|
|
|
|
static void checkutmp(int picky)
|
|
{
|
|
char *line;
|
|
struct utmp *ut;
|
|
pid_t pid = getpid();
|
|
|
|
setutent();
|
|
|
|
/* First, try to find a valid utmp entry for this process. */
|
|
while ((ut = getutent()))
|
|
if (ut->ut_pid == pid && ut->ut_line[0] && ut->ut_id[0] &&
|
|
(ut->ut_type == LOGIN_PROCESS || ut->ut_type == USER_PROCESS))
|
|
break;
|
|
|
|
/* If there is one, just use it, otherwise create a new one. */
|
|
if (ut) {
|
|
utent = *ut;
|
|
} else {
|
|
if (picky) {
|
|
puts(NO_UTENT);
|
|
exit(1);
|
|
}
|
|
line = ttyname(0);
|
|
if (!line) {
|
|
puts(NO_TTY);
|
|
exit(1);
|
|
}
|
|
if (strncmp(line, "/dev/", 5) == 0)
|
|
line += 5;
|
|
memset((void *) &utent, 0, sizeof utent);
|
|
utent.ut_type = LOGIN_PROCESS;
|
|
utent.ut_pid = pid;
|
|
strncpy(utent.ut_line, line, sizeof utent.ut_line);
|
|
/* XXX - assumes /dev/tty?? */
|
|
strncpy(utent.ut_id, utent.ut_line + 3, sizeof utent.ut_id);
|
|
strncpy(utent.ut_user, "LOGIN", sizeof utent.ut_user);
|
|
time(&utent.ut_time);
|
|
}
|
|
}
|
|
|
|
/*
|
|
* setutmp - put a USER_PROCESS entry in the utmp file
|
|
*
|
|
* setutmp changes the type of the current utmp entry to
|
|
* USER_PROCESS. the wtmp file will be updated as well.
|
|
*/
|
|
|
|
static void setutmp(const char *name, const char *line)
|
|
{
|
|
utent.ut_type = USER_PROCESS;
|
|
strncpy(utent.ut_user, name, sizeof utent.ut_user);
|
|
time(&utent.ut_time);
|
|
/* other fields already filled in by checkutmp above */
|
|
setutent();
|
|
pututline(&utent);
|
|
endutent();
|
|
updwtmp(_WTMP_FILE, &utent);
|
|
}
|
|
#endif /* CONFIG_FEATURE_U_W_TMP */
|