login.c revision 1.26
1 /* $NetBSD: login.c,v 1.26 1997/08/25 19:31:55 kleink Exp $ */ 2 3 /*- 4 * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed by the University of 18 * California, Berkeley and its contributors. 19 * 4. Neither the name of the University nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #include <sys/cdefs.h> 37 #ifndef lint 38 __COPYRIGHT( 39 "@(#) Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994\n\ 40 The Regents of the University of California. All rights reserved.\n"); 41 #endif /* not lint */ 42 43 #ifndef lint 44 #if 0 45 static char sccsid[] = "@(#)login.c 8.4 (Berkeley) 4/2/94"; 46 #endif 47 __RCSID("$NetBSD: login.c,v 1.26 1997/08/25 19:31:55 kleink Exp $"); 48 #endif /* not lint */ 49 50 /* 51 * login [ name ] 52 * login -h hostname (for telnetd, etc.) 53 * login -f name (for pre-authenticated login: datakit, xterm, etc.) 54 */ 55 56 #include <sys/param.h> 57 #include <sys/stat.h> 58 #include <sys/time.h> 59 #include <sys/resource.h> 60 #include <sys/file.h> 61 62 #include <err.h> 63 #include <errno.h> 64 #include <grp.h> 65 #include <pwd.h> 66 #include <setjmp.h> 67 #include <signal.h> 68 #include <stdio.h> 69 #include <skey.h> 70 #include <stdlib.h> 71 #include <string.h> 72 #include <syslog.h> 73 #include <ttyent.h> 74 #include <tzfile.h> 75 #include <unistd.h> 76 #include <utmp.h> 77 #include <util.h> 78 79 #ifdef KERBEROS5 80 #include <krb5.h> /* Solely for definition of kcontext */ 81 #endif 82 83 #include "pathnames.h" 84 85 void badlogin __P((char *)); 86 void checknologin __P((void)); 87 void dolastlog __P((int)); 88 void getloginname __P((void)); 89 int main __P((int, char *[])); 90 void motd __P((void)); 91 int rootterm __P((char *)); 92 void sigint __P((int)); 93 void sleepexit __P((int)); 94 char *stypeof __P((char *)); 95 void timedout __P((int)); 96 int pwcheck __P((char *, char *, char *, char *)); 97 #if defined(KERBEROS) || defined(KERBEROS5) 98 int klogin __P((struct passwd *, char *, char *, char *)); 99 void kdestroy __P((void)); 100 void dofork __P((void)); 101 #endif 102 103 extern void login __P((struct utmp *)); 104 105 #define TTYGRPNAME "tty" /* name of group to own ttys */ 106 107 /* 108 * This bounds the time given to login. Not a define so it can 109 * be patched on machines where it's too small. 110 */ 111 u_int timeout = 300; 112 113 #if defined(KERBEROS) || defined(KERBEROS5) 114 int notickets = 1; 115 char *instance; 116 char *krbtkfile_env; 117 int authok; 118 #endif 119 #ifdef KERBEROS5 120 extern krb5_context kcontext; 121 #endif 122 123 struct passwd *pwd; 124 int failures; 125 char term[64], *envinit[1], *hostname, *username, *tty; 126 #ifdef SKEY 127 int used_skey = 0; 128 int require_skey = 0; 129 char skeypw[] = "s/key"; 130 #endif 131 132 int 133 main(argc, argv) 134 int argc; 135 char *argv[]; 136 { 137 extern char **environ; 138 struct group *gr; 139 struct stat st; 140 struct timeval tp; 141 struct utmp utmp; 142 int ask, ch, cnt, fflag, hflag, pflag, quietlog, rootlogin, rval; 143 uid_t uid; 144 char *domain, *p, *salt, *ttyn, *pwprompt; 145 char tbuf[MAXPATHLEN + 2], tname[sizeof(_PATH_TTY) + 10]; 146 char localhost[MAXHOSTNAMELEN]; 147 int need_chpass; 148 #ifdef KERBEROS5 149 krb5_error_code kerror; 150 #endif 151 152 tbuf[0] = '\0'; 153 rval = 0; 154 pwprompt = NULL; 155 need_chpass = 0; 156 157 (void)signal(SIGALRM, timedout); 158 (void)alarm(timeout); 159 (void)signal(SIGQUIT, SIG_IGN); 160 (void)signal(SIGINT, SIG_IGN); 161 (void)setpriority(PRIO_PROCESS, 0, 0); 162 163 openlog("login", LOG_ODELAY, LOG_AUTH); 164 165 /* 166 * -p is used by getty to tell login not to destroy the environment 167 * -f is used to skip a second login authentication 168 * -h is used by other servers to pass the name of the remote 169 * host to login so that it may be placed in utmp and wtmp 170 * -s is used to force use of S/Key or equivalent. 171 */ 172 domain = NULL; 173 if (gethostname(localhost, sizeof(localhost)) < 0) 174 syslog(LOG_ERR, "couldn't get local hostname: %m"); 175 else 176 domain = strchr(localhost, '.'); 177 178 fflag = hflag = pflag = 0; 179 uid = getuid(); 180 while ((ch = getopt(argc, argv, "fh:ps")) != -1) 181 switch (ch) { 182 case 'f': 183 fflag = 1; 184 break; 185 case 'h': 186 if (uid) 187 errx(1, "-h option: %s", strerror(EPERM)); 188 hflag = 1; 189 if (domain && (p = strchr(optarg, '.')) != NULL && 190 strcasecmp(p, domain) == 0) 191 *p = 0; 192 hostname = optarg; 193 break; 194 case 'p': 195 pflag = 1; 196 break; 197 case 's': 198 #ifdef SKEY 199 /* 200 * If -s given twice, use S/Key or no login 201 * otherwise just insist on S/Key if user has one. 202 */ 203 require_skey++; 204 #endif 205 break; 206 case '?': 207 default: 208 if (!uid) 209 syslog(LOG_ERR, "invalid flag %c", ch); 210 (void)fprintf(stderr, 211 "usage: login [-fp] [-h hostname] [username]\n"); 212 exit(1); 213 } 214 argc -= optind; 215 argv += optind; 216 217 if (*argv) { 218 username = *argv; 219 ask = 0; 220 } else 221 ask = 1; 222 223 for (cnt = getdtablesize(); cnt > 2; cnt--) 224 (void)close(cnt); 225 226 ttyn = ttyname(STDIN_FILENO); 227 if (ttyn == NULL || *ttyn == '\0') { 228 (void)snprintf(tname, sizeof(tname), "%s??", _PATH_TTY); 229 ttyn = tname; 230 } 231 if ((tty = strrchr(ttyn, '/')) != NULL) 232 ++tty; 233 else 234 tty = ttyn; 235 236 #ifdef KERBEROS5 237 kerror = krb5_init_context(&kcontext); 238 if (kerror) { 239 syslog(LOG_NOTICE, "%s when initializing Kerberos context", 240 error_message(kerror)); 241 exit(1); 242 } 243 #endif KERBEROS5 244 245 for (cnt = 0;; ask = 1) { 246 #ifdef SKEY 247 used_skey = 0; 248 #endif 249 #if defined(KERBEROS) || defined(KERBEROS5) 250 kdestroy(); 251 #endif 252 if (ask) { 253 fflag = 0; 254 getloginname(); 255 } 256 rootlogin = 0; 257 #ifdef KERBEROS 258 if ((instance = strchr(username, '.')) != NULL) { 259 if (strncmp(instance, ".root", 5) == 0) 260 rootlogin = 1; 261 *instance++ = '\0'; 262 } else 263 instance = ""; 264 #endif 265 #ifdef KERBEROS5 266 if ((instance = strchr(username, '/')) != NULL) { 267 if (strncmp(instance, "/root", 5) == 0) 268 rootlogin = 1; 269 *instance++ = '\0'; 270 } else 271 instance = ""; 272 #endif 273 if (strlen(username) > MAXLOGNAME) 274 username[MAXLOGNAME] = '\0'; 275 276 /* 277 * Note if trying multiple user names; log failures for 278 * previous user name, but don't bother logging one failure 279 * for nonexistent name (mistyped username). 280 */ 281 if (failures && strcmp(tbuf, username)) { 282 if (failures > (pwd ? 0 : 1)) 283 badlogin(tbuf); 284 failures = 0; 285 } 286 (void)strncpy(tbuf, username, sizeof(tbuf) - 1); 287 288 if ((pwd = getpwnam(username)) != NULL) 289 salt = pwd->pw_passwd; 290 else 291 salt = "xx"; 292 293 /* 294 * if we have a valid account name, and it doesn't have a 295 * password, or the -f option was specified and the caller 296 * is root or the caller isn't changing their uid, don't 297 * authenticate. 298 */ 299 if (pwd) { 300 if (pwd->pw_uid == 0) 301 rootlogin = 1; 302 303 if (fflag && (uid == 0 || uid == pwd->pw_uid)) { 304 /* already authenticated */ 305 break; 306 } else if (pwd->pw_passwd[0] == '\0') { 307 /* pretend password okay */ 308 rval = 0; 309 goto ttycheck; 310 } 311 } 312 313 fflag = 0; 314 315 (void)setpriority(PRIO_PROCESS, 0, -4); 316 317 #ifdef SKEY 318 p = NULL; 319 pwprompt = "Password:"; 320 321 if (require_skey > 1) /* -s -s */ 322 p = skeypw; 323 else if (skey_haskey(username) == 0) { 324 if (require_skey > 0) /* -s */ 325 p = skeypw; 326 else { 327 static char skprompt[80]; 328 char *skinfo = skey_keyinfo(username); 329 330 (void)snprintf(skprompt, sizeof(skprompt)-1, 331 "Password [%s]:", skinfo); 332 pwprompt = skprompt; 333 } 334 } 335 if (p == NULL) 336 #endif 337 p = getpass(pwprompt); 338 339 if (pwd) { 340 #if defined(KERBEROS) || defined(KERBEROS5) 341 rval = klogin(pwd, instance, localhost, p); 342 if (rval != 0 && rootlogin && pwd->pw_uid != 0) 343 rootlogin = 0; 344 if (rval == 0) 345 authok = 1; 346 else if (rval == 1) { 347 if (pwd->pw_uid != 0) 348 rootlogin = 0; 349 rval = pwcheck(username, p, salt, pwd->pw_passwd); 350 } 351 #else 352 rval = pwcheck(username, p, salt, pwd->pw_passwd); 353 #endif 354 } 355 #ifdef SKEY 356 if (used_skey == 0 && p != skeypw) 357 #endif 358 memset(p, 0, strlen(p)); 359 360 (void)setpriority(PRIO_PROCESS, 0, 0); 361 362 ttycheck: 363 /* 364 * If trying to log in as root without Kerberos, 365 * but with insecure terminal, refuse the login attempt. 366 */ 367 #if defined(KERBEROS) || defined(KERBEROS5) 368 if (authok == 0) 369 #endif 370 if (pwd && !rval && rootlogin && !rootterm(tty)) { 371 (void)fprintf(stderr, 372 "%s login refused on this terminal.\n", 373 pwd->pw_name); 374 if (hostname) 375 syslog(LOG_NOTICE, 376 "LOGIN %s REFUSED FROM %s ON TTY %s", 377 pwd->pw_name, hostname, tty); 378 else 379 syslog(LOG_NOTICE, 380 "LOGIN %s REFUSED ON TTY %s", 381 pwd->pw_name, tty); 382 continue; 383 } 384 385 if (pwd && !rval) 386 break; 387 388 (void)printf("Login incorrect\n"); 389 failures++; 390 /* we allow 10 tries, but after 3 we start backing off */ 391 if (++cnt > 3) { 392 if (cnt >= 10) { 393 badlogin(username); 394 sleepexit(1); 395 } 396 sleep((u_int)((cnt - 3) * 5)); 397 } 398 } 399 400 /* committed to login -- turn off timeout */ 401 (void)alarm((u_int)0); 402 403 endpwent(); 404 405 /* if user not super-user, check for disabled logins */ 406 if (!rootlogin) 407 checknologin(); 408 409 if (chdir(pwd->pw_dir) < 0) { 410 (void)printf("No home directory %s!\n", pwd->pw_dir); 411 if (chdir("/")) 412 exit(0); 413 pwd->pw_dir = "/"; 414 (void)printf("Logging in with home = \"/\".\n"); 415 } 416 417 quietlog = access(_PATH_HUSHLOGIN, F_OK) == 0; 418 419 if (pwd->pw_change || pwd->pw_expire) 420 (void)gettimeofday(&tp, (struct timezone *)NULL); 421 if (pwd->pw_change) 422 if (pwd->pw_change == _PASSWORD_CHGNOW) 423 need_chpass = 1; 424 else if (tp.tv_sec >= pwd->pw_change) { 425 (void)printf("Sorry -- your password has expired.\n"); 426 sleepexit(1); 427 } else if (pwd->pw_change - tp.tv_sec < 428 _PASSWORD_WARNDAYS * SECSPERDAY && !quietlog) 429 (void)printf("Warning: your password expires on %s", 430 ctime(&pwd->pw_change)); 431 if (pwd->pw_expire) 432 if (tp.tv_sec >= pwd->pw_expire) { 433 (void)printf("Sorry -- your account has expired.\n"); 434 sleepexit(1); 435 } else if (pwd->pw_expire - tp.tv_sec < 436 _PASSWORD_WARNDAYS * SECSPERDAY && !quietlog) 437 (void)printf("Warning: your account expires on %s", 438 ctime(&pwd->pw_expire)); 439 440 /* Nothing else left to fail -- really log in. */ 441 memset((void *)&utmp, 0, sizeof(utmp)); 442 (void)time(&utmp.ut_time); 443 (void)strncpy(utmp.ut_name, username, sizeof(utmp.ut_name)); 444 if (hostname) 445 (void)strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host)); 446 (void)strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line)); 447 login(&utmp); 448 449 dolastlog(quietlog); 450 451 (void)chown(ttyn, pwd->pw_uid, 452 (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid); 453 454 if (ttyaction(ttyn, "login", pwd->pw_name)) 455 (void)printf("Warning: ttyaction failed.\n"); 456 457 #if defined(KERBEROS) || defined(KERBEROS5) 458 /* Fork so that we can call kdestroy */ 459 if (krbtkfile_env) 460 dofork(); 461 #endif 462 (void)setgid(pwd->pw_gid); 463 464 initgroups(username, pwd->pw_gid); 465 466 if (*pwd->pw_shell == '\0') 467 pwd->pw_shell = _PATH_BSHELL; 468 469 /* Destroy environment unless user has requested its preservation. */ 470 if (!pflag) 471 environ = envinit; 472 (void)setenv("HOME", pwd->pw_dir, 1); 473 (void)setenv("SHELL", pwd->pw_shell, 1); 474 if (term[0] == '\0') 475 (void)strncpy(term, stypeof(tty), sizeof(term)); 476 (void)setenv("TERM", term, 0); 477 (void)setenv("LOGNAME", pwd->pw_name, 1); 478 (void)setenv("USER", pwd->pw_name, 1); 479 (void)setenv("PATH", _PATH_DEFPATH, 0); 480 #ifdef KERBEROS 481 if (krbtkfile_env) 482 (void)setenv("KRBTKFILE", krbtkfile_env, 1); 483 #endif 484 #ifdef KERBEROS5 485 if (krbtkfile_env) 486 (void)setenv("KRB5CCNAME", krbtkfile_env, 1); 487 #endif 488 489 if (tty[sizeof("tty")-1] == 'd') 490 syslog(LOG_INFO, "DIALUP %s, %s", tty, pwd->pw_name); 491 492 /* If fflag is on, assume caller/authenticator has logged root login. */ 493 if (rootlogin && fflag == 0) 494 if (hostname) 495 syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s FROM %s", 496 username, tty, hostname); 497 else 498 syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s", username, tty); 499 500 #if defined(KERBEROS) || defined(KERBEROS5) 501 if (!quietlog && notickets == 1) 502 (void)printf("Warning: no Kerberos tickets issued.\n"); 503 #endif 504 505 if (!quietlog) { 506 (void)printf("%s\n\t%s %s\n\n", 507 "Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994", 508 "The Regents of the University of California. ", 509 "All rights reserved."); 510 motd(); 511 (void)snprintf(tbuf, 512 sizeof(tbuf), "%s/%s", _PATH_MAILDIR, pwd->pw_name); 513 if (stat(tbuf, &st) == 0 && st.st_size != 0) 514 (void)printf("You have %smail.\n", 515 (st.st_mtime > st.st_atime) ? "new " : ""); 516 } 517 518 (void)signal(SIGALRM, SIG_DFL); 519 (void)signal(SIGQUIT, SIG_DFL); 520 (void)signal(SIGINT, SIG_DFL); 521 (void)signal(SIGTSTP, SIG_IGN); 522 523 tbuf[0] = '-'; 524 (void)strncpy(tbuf + 1, (p = strrchr(pwd->pw_shell, '/')) ? 525 p + 1 : pwd->pw_shell, sizeof(tbuf) - 2); 526 527 if (setlogin(pwd->pw_name) < 0) 528 syslog(LOG_ERR, "setlogin() failure: %m"); 529 530 /* Discard permissions last so can't get killed and drop core. */ 531 if (rootlogin) 532 (void)setuid(0); 533 else 534 (void)setuid(pwd->pw_uid); 535 536 /* Wait to change password until we're unprivileged */ 537 if (need_chpass) { 538 #ifdef SKEY 539 /* If the user logged on using S/Key, don't force 540 * a password change 541 */ 542 if (used_skey) { 543 (void)printf( 544 "Warning: your password has expired. Please change it as soon as possible.\n"); 545 } else 546 #endif 547 (void)printf( 548 "Your password has expired. Please choose a new one.\n"); 549 if (system(_PATH_BINPASSWD) != 0) 550 sleepexit(1); 551 } 552 553 execlp(pwd->pw_shell, tbuf, 0); 554 err(1, "%s", pwd->pw_shell); 555 } 556 557 int 558 pwcheck(user, p, salt, passwd) 559 char *user, *p, *salt, *passwd; 560 { 561 int sts = strcmp(crypt(p, salt), passwd); 562 563 #ifdef SKEY 564 if (sts) { /* wasn't passwd */ 565 if (skey_haskey(user)) { 566 if (strcasecmp(p, skeypw) == 0) 567 return 1; 568 } else { 569 if (strcasecmp(p, skeypw) == 0) { 570 sts = skey_authenticate(user); 571 } else { 572 if ((sts = skey_passcheck(user, p)) != -1) { 573 sts = 0; /* ok */ 574 } 575 } 576 } 577 if (sts == 0) 578 used_skey = 1; 579 } 580 #endif 581 return sts; 582 } 583 584 #if defined(KERBEROS) || defined(KERBEROS5) 585 #define NBUFSIZ (MAXLOGNAME + 1 + 5) /* .root suffix */ 586 #else 587 #define NBUFSIZ (MAXLOGNAME + 1) 588 #endif 589 590 #if defined(KERBEROS) || defined(KERBEROS5) 591 /* 592 * This routine handles cleanup stuff, and the like. 593 * It exists only in the child process. 594 */ 595 #include <sys/wait.h> 596 void 597 dofork() 598 { 599 int child; 600 601 if (!(child = fork())) 602 return; /* Child process */ 603 604 /* Setup stuff? This would be things we could do in parallel with login */ 605 (void) chdir("/"); /* Let's not keep the fs busy... */ 606 607 /* If we're the parent, watch the child until it dies */ 608 while (wait(0) != child) 609 ; 610 611 /* Cleanup stuff */ 612 /* Run kdestroy to destroy tickets */ 613 kdestroy(); 614 615 /* Leave */ 616 exit(0); 617 } 618 #endif 619 620 void 621 getloginname() 622 { 623 int ch; 624 char *p; 625 static char nbuf[NBUFSIZ]; 626 627 for (;;) { 628 (void)printf("login: "); 629 for (p = nbuf; (ch = getchar()) != '\n'; ) { 630 if (ch == EOF) { 631 badlogin(username); 632 exit(0); 633 } 634 if (p < nbuf + (NBUFSIZ - 1)) 635 *p++ = ch; 636 } 637 if (p > nbuf) 638 if (nbuf[0] == '-') 639 (void)fprintf(stderr, 640 "login names may not start with '-'.\n"); 641 else { 642 *p = '\0'; 643 username = nbuf; 644 break; 645 } 646 } 647 } 648 649 int 650 rootterm(ttyn) 651 char *ttyn; 652 { 653 struct ttyent *t; 654 655 return ((t = getttynam(ttyn)) && t->ty_status & TTY_SECURE); 656 } 657 658 jmp_buf motdinterrupt; 659 660 void 661 motd() 662 { 663 int fd, nchars; 664 sig_t oldint; 665 char tbuf[8192]; 666 667 if ((fd = open(_PATH_MOTDFILE, O_RDONLY, 0)) < 0) 668 return; 669 oldint = signal(SIGINT, sigint); 670 if (setjmp(motdinterrupt) == 0) 671 while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0) 672 (void)write(fileno(stdout), tbuf, nchars); 673 (void)signal(SIGINT, oldint); 674 (void)close(fd); 675 } 676 677 /* ARGSUSED */ 678 void 679 sigint(signo) 680 int signo; 681 { 682 longjmp(motdinterrupt, 1); 683 } 684 685 /* ARGSUSED */ 686 void 687 timedout(signo) 688 int signo; 689 { 690 (void)fprintf(stderr, "Login timed out after %d seconds\n", timeout); 691 exit(0); 692 } 693 694 void 695 checknologin() 696 { 697 int fd, nchars; 698 char tbuf[8192]; 699 700 if ((fd = open(_PATH_NOLOGIN, O_RDONLY, 0)) >= 0) { 701 while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0) 702 (void)write(fileno(stdout), tbuf, nchars); 703 sleepexit(0); 704 } 705 } 706 707 void 708 dolastlog(quiet) 709 int quiet; 710 { 711 struct lastlog ll; 712 int fd; 713 714 if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) { 715 (void)lseek(fd, (off_t)(pwd->pw_uid * sizeof(ll)), SEEK_SET); 716 if (!quiet) { 717 if (read(fd, (char *)&ll, sizeof(ll)) == sizeof(ll) && 718 ll.ll_time != 0) { 719 (void)printf("Last login: %.*s ", 720 24-5, (char *)ctime(&ll.ll_time)); 721 if (*ll.ll_host != '\0') 722 (void)printf("from %.*s\n", 723 (int)sizeof(ll.ll_host), 724 ll.ll_host); 725 else 726 (void)printf("on %.*s\n", 727 (int)sizeof(ll.ll_line), 728 ll.ll_line); 729 } 730 (void)lseek(fd, (off_t)(pwd->pw_uid * sizeof(ll)), 731 SEEK_SET); 732 } 733 memset((void *)&ll, 0, sizeof(ll)); 734 (void)time(&ll.ll_time); 735 (void)strncpy(ll.ll_line, tty, sizeof(ll.ll_line)); 736 if (hostname) 737 (void)strncpy(ll.ll_host, hostname, sizeof(ll.ll_host)); 738 (void)write(fd, (char *)&ll, sizeof(ll)); 739 (void)close(fd); 740 } 741 } 742 743 void 744 badlogin(name) 745 char *name; 746 { 747 if (failures == 0) 748 return; 749 if (hostname) { 750 syslog(LOG_NOTICE, "%d LOGIN FAILURE%s FROM %s", 751 failures, failures > 1 ? "S" : "", hostname); 752 syslog(LOG_AUTHPRIV|LOG_NOTICE, 753 "%d LOGIN FAILURE%s FROM %s, %s", 754 failures, failures > 1 ? "S" : "", hostname, name); 755 } else { 756 syslog(LOG_NOTICE, "%d LOGIN FAILURE%s ON %s", 757 failures, failures > 1 ? "S" : "", tty); 758 syslog(LOG_AUTHPRIV|LOG_NOTICE, 759 "%d LOGIN FAILURE%s ON %s, %s", 760 failures, failures > 1 ? "S" : "", tty, name); 761 } 762 } 763 764 #undef UNKNOWN 765 #define UNKNOWN "su" 766 767 char * 768 stypeof(ttyid) 769 char *ttyid; 770 { 771 struct ttyent *t; 772 773 return (ttyid && (t = getttynam(ttyid)) ? t->ty_type : UNKNOWN); 774 } 775 776 void 777 sleepexit(eval) 778 int eval; 779 { 780 (void)sleep(5); 781 exit(eval); 782 } 783
Indexes created Wed Oct 01 07:09:59 GMT 2025