mirror of
https://github.com/sheumann/hush.git
synced 2025-01-20 05:30:25 +00:00
Several login cleanups from vodz
This commit is contained in:
parent
b0c39a8a8d
commit
0fbff134f4
@ -34,15 +34,15 @@ extern char *pw_encrypt(const char *clear, const char *salt);
|
|||||||
|
|
||||||
|
|
||||||
// login defines
|
// login defines
|
||||||
#define DEFAULT_USER "UNKNOWN"
|
|
||||||
#define DEFAULT_PWD "!"
|
|
||||||
#define DEFAULT_SHELL "/bin/sh"
|
|
||||||
#define TIMEOUT 60
|
#define TIMEOUT 60
|
||||||
#define FAIL_DELAY 3
|
#define FAIL_DELAY 3
|
||||||
|
#define EMPTY_USERNAME_COUNT 10
|
||||||
#define MOTD_FILE "/etc/motd"
|
#define MOTD_FILE "/etc/motd"
|
||||||
#define NOLOGIN_FILE "/etc/nologin"
|
#define NOLOGIN_FILE "/etc/nologin"
|
||||||
#define SECURETTY_FILE "/etc/securetty"
|
#define SECURETTY_FILE "/etc/securetty"
|
||||||
|
|
||||||
|
#define USERNAME_SIZE 32
|
||||||
|
|
||||||
/* Stuff global to this file */
|
/* Stuff global to this file */
|
||||||
struct utmp utent;
|
struct utmp utent;
|
||||||
|
|
||||||
@ -58,14 +58,13 @@ static inline int check_tty ( const char *tty ) { return 1; }
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
static int is_my_tty ( const char *tty );
|
static int is_my_tty ( const char *tty );
|
||||||
static const char *login_prompt ( void );
|
static int login_prompt ( char *buf_name );
|
||||||
static void motd ( void );
|
static void motd ( void );
|
||||||
static void set_env(int argc, char *const *argv);
|
|
||||||
|
|
||||||
|
|
||||||
static void alarm_handler ( int sig )
|
static void alarm_handler ( int sig )
|
||||||
{
|
{
|
||||||
error_msg ( "\nLogin timed out after %d seconds.\n", TIMEOUT );
|
fprintf (stderr, "\nLogin timed out after %d seconds.\n", TIMEOUT );
|
||||||
exit ( EXIT_SUCCESS );
|
exit ( EXIT_SUCCESS );
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -75,6 +74,7 @@ extern int login_main(int argc, char **argv)
|
|||||||
char tty[BUFSIZ];
|
char tty[BUFSIZ];
|
||||||
char full_tty[200];
|
char full_tty[200];
|
||||||
char fromhost[512];
|
char fromhost[512];
|
||||||
|
char username[USERNAME_SIZE];
|
||||||
char *tmp;
|
char *tmp;
|
||||||
int amroot;
|
int amroot;
|
||||||
int flag;
|
int flag;
|
||||||
@ -85,9 +85,9 @@ extern int login_main(int argc, char **argv)
|
|||||||
int opt_preserve = 0;
|
int opt_preserve = 0;
|
||||||
int opt_fflag = 0;
|
int opt_fflag = 0;
|
||||||
char *opt_host = 0;
|
char *opt_host = 0;
|
||||||
const char *username = 0;
|
|
||||||
int alarmstarted = 0;
|
int alarmstarted = 0;
|
||||||
|
|
||||||
|
username[0]=0;
|
||||||
amroot = ( getuid ( ) == 0 );
|
amroot = ( getuid ( ) == 0 );
|
||||||
signal ( SIGALRM, alarm_handler );
|
signal ( SIGALRM, alarm_handler );
|
||||||
|
|
||||||
@ -99,7 +99,6 @@ extern int login_main(int argc, char **argv)
|
|||||||
while (( flag = getopt(argc, argv, "f:h:p")) != EOF ) {
|
while (( flag = getopt(argc, argv, "f:h:p")) != EOF ) {
|
||||||
switch ( flag ) {
|
switch ( flag ) {
|
||||||
case 'p':
|
case 'p':
|
||||||
printf ( "PRESERVE\n" );
|
|
||||||
opt_preserve = 1;
|
opt_preserve = 1;
|
||||||
break;
|
break;
|
||||||
case 'f':
|
case 'f':
|
||||||
@ -111,11 +110,9 @@ extern int login_main(int argc, char **argv)
|
|||||||
show_usage ( );
|
show_usage ( );
|
||||||
|
|
||||||
if ( !amroot ) /* Auth bypass only if real UID is zero */
|
if ( !amroot ) /* Auth bypass only if real UID is zero */
|
||||||
error_msg_and_die ( "login: -f permission denied\n" );
|
error_msg_and_die ( "-f permission denied" );
|
||||||
|
|
||||||
printf ( "USERNAME: %s\n", optarg );
|
safe_strncpy(username, optarg, USERNAME_SIZE);
|
||||||
|
|
||||||
username = optarg;
|
|
||||||
opt_fflag = 1;
|
opt_fflag = 1;
|
||||||
break;
|
break;
|
||||||
case 'h':
|
case 'h':
|
||||||
@ -126,8 +123,8 @@ extern int login_main(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( optind < argc ) // got a username
|
if (optind < argc) // user from command line (getty)
|
||||||
username = argv [optind++];
|
safe_strncpy(username, argv[optind], USERNAME_SIZE);
|
||||||
|
|
||||||
if ( !isatty ( 0 ) || !isatty ( 1 ) || !isatty ( 2 ))
|
if ( !isatty ( 0 ) || !isatty ( 1 ) || !isatty ( 2 ))
|
||||||
return EXIT_FAILURE; /* Must be a terminal */
|
return EXIT_FAILURE; /* Must be a terminal */
|
||||||
@ -151,13 +148,16 @@ extern int login_main(int argc, char **argv)
|
|||||||
else
|
else
|
||||||
snprintf ( fromhost, sizeof( fromhost ) - 1, " on `%.100s'", tty );
|
snprintf ( fromhost, sizeof( fromhost ) - 1, " on `%.100s'", tty );
|
||||||
|
|
||||||
|
setpgrp();
|
||||||
|
|
||||||
openlog ( "login", LOG_PID | LOG_CONS | LOG_NOWAIT, LOG_AUTH );
|
openlog ( "login", LOG_PID | LOG_CONS | LOG_NOWAIT, LOG_AUTH );
|
||||||
|
|
||||||
while ( 1 ) {
|
while ( 1 ) {
|
||||||
failed = 0;
|
failed = 0;
|
||||||
|
|
||||||
if ( !username || !username[0] )
|
if ( !username[0] )
|
||||||
username = login_prompt ( );
|
if(!login_prompt ( username ))
|
||||||
|
return EXIT_FAILURE;
|
||||||
|
|
||||||
if ( !alarmstarted && ( TIMEOUT > 0 )) {
|
if ( !alarmstarted && ( TIMEOUT > 0 )) {
|
||||||
alarm ( TIMEOUT );
|
alarm ( TIMEOUT );
|
||||||
@ -165,9 +165,8 @@ extern int login_main(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (!( pw = getpwnam ( username ))) {
|
if (!( pw = getpwnam ( username ))) {
|
||||||
pw_copy. pw_name = DEFAULT_USER;
|
pw_copy.pw_name = "UNKNOWN";
|
||||||
pw_copy. pw_passwd = DEFAULT_PWD;
|
pw_copy.pw_passwd = "!";
|
||||||
pw_copy. pw_shell = DEFAULT_SHELL;
|
|
||||||
opt_fflag = 0;
|
opt_fflag = 0;
|
||||||
failed = 1;
|
failed = 1;
|
||||||
} else
|
} else
|
||||||
@ -183,7 +182,7 @@ extern int login_main(int argc, char **argv)
|
|||||||
goto auth_ok;
|
goto auth_ok;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (( pw-> pw_uid == 0 ) && ( !check_tty ( tty )))
|
if (!failed && ( pw-> pw_uid == 0 ) && ( !check_tty ( tty )))
|
||||||
failed = 1;
|
failed = 1;
|
||||||
|
|
||||||
/* Don't check the password if password entry is empty (!) */
|
/* Don't check the password if password entry is empty (!) */
|
||||||
@ -194,7 +193,6 @@ extern int login_main(int argc, char **argv)
|
|||||||
if ( correct_password ( pw ))
|
if ( correct_password ( pw ))
|
||||||
goto auth_ok;
|
goto auth_ok;
|
||||||
|
|
||||||
syslog ( LOG_WARNING, "invalid password for `%s'%s\n", pw-> pw_name, fromhost);
|
|
||||||
failed = 1;
|
failed = 1;
|
||||||
|
|
||||||
auth_ok:
|
auth_ok:
|
||||||
@ -213,9 +211,12 @@ auth_ok:
|
|||||||
}
|
}
|
||||||
|
|
||||||
puts("Login incorrect");
|
puts("Login incorrect");
|
||||||
if ( ++count == 3 )
|
username[0] = 0;
|
||||||
|
if ( ++count == 3 ) {
|
||||||
|
syslog ( LOG_WARNING, "invalid password for `%s'%s\n", pw->pw_name, fromhost);
|
||||||
return EXIT_FAILURE;
|
return EXIT_FAILURE;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
alarm ( 0 );
|
alarm ( 0 );
|
||||||
if ( check_nologin ( pw-> pw_uid == 0 ))
|
if ( check_nologin ( pw-> pw_uid == 0 ))
|
||||||
@ -251,11 +252,13 @@ auth_ok:
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
static const char *login_prompt ( void )
|
static int login_prompt ( char *buf_name )
|
||||||
{
|
{
|
||||||
char buf [1024];
|
char buf [1024];
|
||||||
char *sp, *ep;
|
char *sp, *ep;
|
||||||
|
int i;
|
||||||
|
|
||||||
|
for(i=0; i<EMPTY_USERNAME_COUNT; i++) {
|
||||||
gethostname ( buf, sizeof( buf ));
|
gethostname ( buf, sizeof( buf ));
|
||||||
printf ( "\nBusyBox on %s login: ", buf );
|
printf ( "\nBusyBox on %s login: ", buf );
|
||||||
fflush ( stdout );
|
fflush ( stdout );
|
||||||
@ -263,14 +266,18 @@ static const char *login_prompt ( void )
|
|||||||
if ( !fgets ( buf, sizeof( buf ) - 1, stdin ))
|
if ( !fgets ( buf, sizeof( buf ) - 1, stdin ))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if ( !strchr ( buf, '\n' ));
|
if ( !strchr ( buf, '\n' ))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
for ( sp = buf; isspace ( *sp ); sp++ ) { }
|
for ( sp = buf; isspace ( *sp ); sp++ ) { }
|
||||||
for ( ep = sp; isgraph ( *ep ); ep++ ) { }
|
for ( ep = sp; isgraph ( *ep ); ep++ ) { }
|
||||||
|
|
||||||
*ep = 0;
|
*ep = 0;
|
||||||
return sp;
|
safe_strncpy(buf_name, sp, USERNAME_SIZE);
|
||||||
|
if(buf_name[0])
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user