Index: head/libexec/getty/main.c =================================================================== --- head/libexec/getty/main.c (revision 270110) +++ head/libexec/getty/main.c (revision 270111) @@ -1,814 +1,814 @@ /*- * Copyright (c) 1980, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifndef lint static const char copyright[] = "@(#) Copyright (c) 1980, 1993\n\ The Regents of the University of California. All rights reserved.\n"; #endif /* not lint */ #ifndef lint #if 0 static char sccsid[] = "@(#)from: main.c 8.1 (Berkeley) 6/20/93"; #endif #endif /* not lint */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "gettytab.h" #include "extern.h" #include "pathnames.h" /* * Set the amount of running time that getty should accumulate * before deciding that something is wrong and exit. */ #define GETTY_TIMEOUT 60 /* seconds */ #undef CTRL #define CTRL(x) (x&037) /* defines for auto detection of incoming PPP calls (->PAP/CHAP) */ #define PPP_FRAME 0x7e /* PPP Framing character */ #define PPP_STATION 0xff /* "All Station" character */ #define PPP_ESCAPE 0x7d /* Escape Character */ #define PPP_CONTROL 0x03 /* PPP Control Field */ #define PPP_CONTROL_ESCAPED 0x23 /* PPP Control Field, escaped */ #define PPP_LCP_HI 0xc0 /* LCP protocol - high byte */ #define PPP_LCP_LOW 0x21 /* LCP protocol - low byte */ /* original mode; flags've been reset using values from */ struct termios omode; /* current mode */ struct termios tmode; int crmod, digit, lower, upper; char hostname[MAXHOSTNAMELEN]; char name[MAXLOGNAME*3]; char dev[] = _PATH_DEV; char ttyn[32]; #define OBUFSIZ 128 #define TABBUFSIZ 512 char defent[TABBUFSIZ]; char tabent[TABBUFSIZ]; const char *tname; char *env[128]; char partab[] = { 0001,0201,0201,0001,0201,0001,0001,0201, 0202,0004,0003,0205,0005,0206,0201,0001, 0201,0001,0001,0201,0001,0201,0201,0001, 0001,0201,0201,0001,0201,0001,0001,0201, 0200,0000,0000,0200,0000,0200,0200,0000, 0000,0200,0200,0000,0200,0000,0000,0200, 0000,0200,0200,0000,0200,0000,0000,0200, 0200,0000,0000,0200,0000,0200,0200,0000, 0200,0000,0000,0200,0000,0200,0200,0000, 0000,0200,0200,0000,0200,0000,0000,0200, 0000,0200,0200,0000,0200,0000,0000,0200, 0200,0000,0000,0200,0000,0200,0200,0000, 0000,0200,0200,0000,0200,0000,0000,0200, 0200,0000,0000,0200,0000,0200,0200,0000, 0200,0000,0000,0200,0000,0200,0200,0000, 0000,0200,0200,0000,0200,0000,0000,0201 }; #define ERASE tmode.c_cc[VERASE] #define KILL tmode.c_cc[VKILL] #define EOT tmode.c_cc[VEOF] #define puts Gputs static void defttymode(void); static void dingdong(int); static void dogettytab(void); static int getname(void); static void interrupt(int); static void oflush(void); static void prompt(void); static void putchr(int); static void putf(const char *); static void putpad(const char *); static void puts(const char *); static void timeoverrun(int); static char *getline(int); static void setttymode(int); static int opentty(const char *, int); jmp_buf timeout; static void dingdong(int signo __unused) { alarm(0); longjmp(timeout, 1); } jmp_buf intrupt; static void interrupt(int signo __unused) { longjmp(intrupt, 1); } /* * Action to take when getty is running too long. */ static void timeoverrun(int signo __unused) { syslog(LOG_ERR, "getty exiting due to excessive running time"); exit(1); } int main(int argc, char *argv[]) { extern char **environ; int first_sleep = 1, first_time = 1; struct rlimit limit; int rval; signal(SIGINT, SIG_IGN); signal(SIGQUIT, SIG_IGN); - openlog("getty", LOG_ODELAY|LOG_CONS|LOG_PID, LOG_AUTH); + openlog("getty", LOG_CONS|LOG_PID, LOG_AUTH); gethostname(hostname, sizeof(hostname) - 1); hostname[sizeof(hostname) - 1] = '\0'; if (hostname[0] == '\0') strcpy(hostname, "Amnesiac"); /* * Limit running time to deal with broken or dead lines. */ (void)signal(SIGXCPU, timeoverrun); limit.rlim_max = RLIM_INFINITY; limit.rlim_cur = GETTY_TIMEOUT; (void)setrlimit(RLIMIT_CPU, &limit); gettable("default", defent); gendefaults(); tname = "default"; if (argc > 1) tname = argv[1]; /* * The following is a work around for vhangup interactions * which cause great problems getting window systems started. * If the tty line is "-", we do the old style getty presuming * that the file descriptors are already set up for us. * J. Gettys - MIT Project Athena. */ if (argc <= 2 || strcmp(argv[2], "-") == 0) strcpy(ttyn, ttyname(STDIN_FILENO)); else { strcpy(ttyn, dev); strncat(ttyn, argv[2], sizeof(ttyn)-sizeof(dev)); if (strcmp(argv[0], "+") != 0) { chown(ttyn, 0, 0); chmod(ttyn, 0600); revoke(ttyn); /* * Do the first scan through gettytab. * Terminal mode parameters will be wrong until * defttymode() called, but they're irrelevant for * the initial setup of the terminal device. */ dogettytab(); /* * Init or answer modem sequence has been specified. */ if (IC || AC) { if (!opentty(ttyn, O_RDWR|O_NONBLOCK)) exit(1); defttymode(); setttymode(1); } if (IC) { if (getty_chat(IC, CT, DC) > 0) { syslog(LOG_ERR, "modem init problem on %s", ttyn); (void)tcsetattr(STDIN_FILENO, TCSANOW, &tmode); exit(1); } } if (AC) { int i, rfds; struct timeval to; rfds = 1 << 0; /* FD_SET */ to.tv_sec = RT; to.tv_usec = 0; i = select(32, (fd_set*)&rfds, (fd_set*)NULL, (fd_set*)NULL, RT ? &to : NULL); if (i < 0) { syslog(LOG_ERR, "select %s: %m", ttyn); } else if (i == 0) { syslog(LOG_NOTICE, "recycle tty %s", ttyn); (void)tcsetattr(STDIN_FILENO, TCSANOW, &tmode); exit(0); /* recycle for init */ } i = getty_chat(AC, CT, DC); if (i > 0) { syslog(LOG_ERR, "modem answer problem on %s", ttyn); (void)tcsetattr(STDIN_FILENO, TCSANOW, &tmode); exit(1); } } else { /* maybe blocking open */ if (!opentty(ttyn, O_RDWR | (NC ? O_NONBLOCK : 0 ))) exit(1); } } } defttymode(); for (;;) { /* * if a delay was specified then sleep for that * number of seconds before writing the initial prompt */ if (first_sleep && DE) { sleep(DE); /* remove any noise */ (void)tcflush(STDIN_FILENO, TCIOFLUSH); } first_sleep = 0; setttymode(0); if (AB) { tname = autobaud(); dogettytab(); continue; } if (PS) { tname = portselector(); dogettytab(); continue; } if (CL && *CL) putpad(CL); edithost(HE); /* if this is the first time through this, and an issue file has been given, then send it */ if (first_time && IF) { int fd; if ((fd = open(IF, O_RDONLY)) != -1) { char * cp; while ((cp = getline(fd)) != NULL) { putf(cp); } close(fd); } } first_time = 0; if (IM && *IM && !(PL && PP)) putf(IM); if (setjmp(timeout)) { cfsetispeed(&tmode, B0); cfsetospeed(&tmode, B0); (void)tcsetattr(STDIN_FILENO, TCSANOW, &tmode); exit(1); } if (TO) { signal(SIGALRM, dingdong); alarm(TO); } rval = 0; if (AL) { const char *p = AL; char *q = name; while (*p && q < &name[sizeof name - 1]) { if (isupper(*p)) upper = 1; else if (islower(*p)) lower = 1; else if (isdigit(*p)) digit = 1; *q++ = *p++; } } else if (!(PL && PP)) rval = getname(); if (rval == 2 || (PL && PP)) { oflush(); alarm(0); limit.rlim_max = RLIM_INFINITY; limit.rlim_cur = RLIM_INFINITY; (void)setrlimit(RLIMIT_CPU, &limit); execle(PP, "ppplogin", ttyn, (char *) 0, env); syslog(LOG_ERR, "%s: %m", PP); exit(1); } else if (rval || AL) { int i; oflush(); alarm(0); signal(SIGALRM, SIG_DFL); if (name[0] == '\0') continue; if (name[0] == '-') { puts("user names may not start with '-'."); continue; } if (!(upper || lower || digit)) { if (AL) { syslog(LOG_ERR, "invalid auto-login name: %s", AL); exit(1); } else continue; } set_flags(2); if (crmod) { tmode.c_iflag |= ICRNL; tmode.c_oflag |= ONLCR; } #if REALLY_OLD_TTYS if (upper || UC) tmode.sg_flags |= LCASE; if (lower || LC) tmode.sg_flags &= ~LCASE; #endif if (tcsetattr(STDIN_FILENO, TCSANOW, &tmode) < 0) { syslog(LOG_ERR, "tcsetattr %s: %m", ttyn); exit(1); } signal(SIGINT, SIG_DFL); for (i = 0; environ[i] != (char *)0; i++) env[i] = environ[i]; makeenv(&env[i]); limit.rlim_max = RLIM_INFINITY; limit.rlim_cur = RLIM_INFINITY; (void)setrlimit(RLIMIT_CPU, &limit); execle(LO, "login", AL ? "-fp" : "-p", name, (char *) 0, env); syslog(LOG_ERR, "%s: %m", LO); exit(1); } alarm(0); signal(SIGALRM, SIG_DFL); signal(SIGINT, SIG_IGN); if (NX && *NX) { tname = NX; dogettytab(); } } } static int opentty(const char *tty, int flags) { int i; int failopenlogged = 0; while ((i = open(tty, flags)) == -1) { if (!failopenlogged) { syslog(LOG_ERR, "open %s: %m", tty); failopenlogged = 1; } sleep(60); } if (login_tty(i) < 0) { if (daemon(0,0) < 0) { syslog(LOG_ERR,"daemon: %m"); close(i); return 0; } if (login_tty(i) < 0) { syslog(LOG_ERR, "login_tty %s: %m", tty); close(i); return 0; } } return 1; } static void defttymode(void) { struct termios def; /* Start with default tty settings. */ if (tcgetattr(STDIN_FILENO, &tmode) < 0) { syslog(LOG_ERR, "tcgetattr %s: %m", ttyn); exit(1); } omode = tmode; /* fill c_cc for dogettytab() */ dogettytab(); /* * Don't rely on the driver too much, and initialize crucial * things according to . Avoid clobbering * the c_cc[] settings however, the console drivers might wish * to leave their idea of the preferred VERASE key value * there. */ cfmakesane(&def); tmode.c_iflag = def.c_iflag; tmode.c_oflag = def.c_oflag; tmode.c_lflag = def.c_lflag; tmode.c_cflag = def.c_cflag; if (NC) tmode.c_cflag |= CLOCAL; omode = tmode; } static void setttymode(int raw) { int off = 0; (void)tcflush(STDIN_FILENO, TCIOFLUSH); /* clear out the crap */ ioctl(STDIN_FILENO, FIONBIO, &off); /* turn off non-blocking mode */ ioctl(STDIN_FILENO, FIOASYNC, &off); /* ditto for async mode */ if (IS) cfsetispeed(&tmode, speed(IS)); else if (SP) cfsetispeed(&tmode, speed(SP)); if (OS) cfsetospeed(&tmode, speed(OS)); else if (SP) cfsetospeed(&tmode, speed(SP)); set_flags(0); setchars(); if (raw) cfmakeraw(&tmode); if (tcsetattr(STDIN_FILENO, TCSANOW, &tmode) < 0) { syslog(LOG_ERR, "tcsetattr %s: %m", ttyn); exit(1); } } static int getname(void) { int c; char *np; unsigned char cs; int ppp_state = 0; int ppp_connection = 0; /* * Interrupt may happen if we use CBREAK mode */ if (setjmp(intrupt)) { signal(SIGINT, SIG_IGN); return (0); } signal(SIGINT, interrupt); set_flags(1); prompt(); oflush(); if (PF > 0) { sleep(PF); PF = 0; } if (tcsetattr(STDIN_FILENO, TCSANOW, &tmode) < 0) { syslog(LOG_ERR, "%s: %m", ttyn); exit(1); } crmod = digit = lower = upper = 0; np = name; for (;;) { oflush(); if (read(STDIN_FILENO, &cs, 1) <= 0) exit(0); if ((c = cs&0177) == 0) return (0); /* PPP detection state machine.. Look for sequences: PPP_FRAME, PPP_STATION, PPP_ESCAPE, PPP_CONTROL_ESCAPED or PPP_FRAME, PPP_STATION, PPP_CONTROL (deviant from RFC) See RFC1662. Derived from code from Michael Hancock, and Erik 'PPP' Olson, */ if (PP && (cs == PPP_FRAME)) { ppp_state = 1; } else if (ppp_state == 1 && cs == PPP_STATION) { ppp_state = 2; } else if (ppp_state == 2 && cs == PPP_ESCAPE) { ppp_state = 3; } else if ((ppp_state == 2 && cs == PPP_CONTROL) || (ppp_state == 3 && cs == PPP_CONTROL_ESCAPED)) { ppp_state = 4; } else if (ppp_state == 4 && cs == PPP_LCP_HI) { ppp_state = 5; } else if (ppp_state == 5 && cs == PPP_LCP_LOW) { ppp_connection = 1; break; } else { ppp_state = 0; } if (c == EOT || c == CTRL('d')) exit(0); if (c == '\r' || c == '\n' || np >= &name[sizeof name-1]) { putf("\r\n"); break; } if (islower(c)) lower = 1; else if (isupper(c)) upper = 1; else if (c == ERASE || c == '\b' || c == 0177) { if (np > name) { np--; if (cfgetospeed(&tmode) >= 1200) puts("\b \b"); else putchr(cs); } continue; } else if (c == KILL || c == CTRL('u')) { putchr('\r'); if (cfgetospeed(&tmode) < 1200) putchr('\n'); /* this is the way they do it down under ... */ else if (np > name) puts(" \r"); prompt(); digit = lower = upper = 0; np = name; continue; } else if (isdigit(c)) digit = 1; if (IG && (c <= ' ' || c > 0176)) continue; *np++ = c; putchr(cs); } signal(SIGINT, SIG_IGN); *np = 0; if (c == '\r') crmod = 1; if ((upper && !lower && !LC) || UC) for (np = name; *np; np++) if (isupper(*np)) *np = tolower(*np); return (1 + ppp_connection); } static void putpad(const char *s) { int pad = 0; speed_t ospeed = cfgetospeed(&tmode); if (isdigit(*s)) { while (isdigit(*s)) { pad *= 10; pad += *s++ - '0'; } pad *= 10; if (*s == '.' && isdigit(s[1])) { pad += s[1] - '0'; s += 2; } } puts(s); /* * If no delay needed, or output speed is * not comprehensible, then don't try to delay. */ if (pad == 0 || ospeed <= 0) return; /* * Round up by a half a character frame, and then do the delay. * Too bad there are no user program accessible programmed delays. * Transmitting pad characters slows many terminals down and also * loads the system. */ pad = (pad * ospeed + 50000) / 100000; while (pad--) putchr(*PC); } static void puts(const char *s) { while (*s) putchr(*s++); } char outbuf[OBUFSIZ]; int obufcnt = 0; static void putchr(int cc) { char c; c = cc; if (!NP) { c |= partab[c&0177] & 0200; if (OP) c ^= 0200; } if (!UB) { outbuf[obufcnt++] = c; if (obufcnt >= OBUFSIZ) oflush(); } else write(STDOUT_FILENO, &c, 1); } static void oflush(void) { if (obufcnt) write(STDOUT_FILENO, outbuf, obufcnt); obufcnt = 0; } static void prompt(void) { putf(LM); if (CO) putchr('\n'); } static char * getline(int fd) { int i = 0; static char linebuf[512]; /* * This is certainly slow, but it avoids having to include * stdio.h unnecessarily. Issue files should be small anyway. */ while (i < (sizeof linebuf - 3) && read(fd, linebuf+i, 1)==1) { if (linebuf[i] == '\n') { /* Don't rely on newline mode, assume raw */ linebuf[i++] = '\r'; linebuf[i++] = '\n'; linebuf[i] = '\0'; return linebuf; } ++i; } linebuf[i] = '\0'; return i ? linebuf : 0; } static void putf(const char *cp) { extern char editedhost[]; time_t t; char *slash, db[100]; static struct utsname kerninfo; if (!*kerninfo.sysname) uname(&kerninfo); while (*cp) { if (*cp != '%') { putchr(*cp++); continue; } switch (*++cp) { case 't': slash = strrchr(ttyn, '/'); if (slash == (char *) 0) puts(ttyn); else puts(&slash[1]); break; case 'h': puts(editedhost); break; case 'd': { t = (time_t)0; (void)time(&t); if (Lo) (void)setlocale(LC_TIME, Lo); (void)strftime(db, sizeof(db), DF, localtime(&t)); puts(db); break; case 's': puts(kerninfo.sysname); break; case 'm': puts(kerninfo.machine); break; case 'r': puts(kerninfo.release); break; case 'v': puts(kerninfo.version); break; } case '%': putchr('%'); break; } cp++; } } /* * Read a gettytab database entry and perform necessary quirks. */ static void dogettytab(void) { /* Read the database entry. */ gettable(tname, tabent); /* * Avoid inheriting the parity values from the default entry * if any of them is set in the current entry. * Mixing different parity settings is unreasonable. */ if (OPset || EPset || APset || NPset) OPset = EPset = APset = NPset = 1; /* Fill in default values for unset capabilities. */ setdefaults(); } Index: head/libexec/rshd/rshd.c =================================================================== --- head/libexec/rshd/rshd.c (revision 270110) +++ head/libexec/rshd/rshd.c (revision 270111) @@ -1,589 +1,589 @@ /*- * Copyright (c) 1988, 1989, 1992, 1993, 1994 * The Regents of the University of California. All rights reserved. * Copyright (c) 2002 Networks Associates Technology, Inc. * All rights reserved. * * Portions of this software were developed for the FreeBSD Project by * ThinkSec AS and NAI Labs, the Security Research Division of Network * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifndef lint static const char copyright[] = "@(#) Copyright (c) 1988, 1989, 1992, 1993, 1994\n\ The Regents of the University of California. All rights reserved.\n"; #endif /* not lint */ #ifndef lint #if 0 static const char sccsid[] = "@(#)rshd.c 8.2 (Berkeley) 4/6/94"; #endif #endif /* not lint */ #include __FBSDID("$FreeBSD$"); /* * remote shell server: * [port]\0 * ruser\0 * luser\0 * command\0 * data */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static struct pam_conv pamc = { openpam_nullconv, NULL }; static pam_handle_t *pamh; static int pam_err; #define PAM_END { \ if ((pam_err = pam_setcred(pamh, PAM_DELETE_CRED)) != PAM_SUCCESS) \ syslog(LOG_ERR|LOG_AUTH, "pam_setcred(): %s", pam_strerror(pamh, pam_err)); \ if ((pam_err = pam_close_session(pamh,0)) != PAM_SUCCESS) \ syslog(LOG_ERR|LOG_AUTH, "pam_close_session(): %s", pam_strerror(pamh, pam_err)); \ if ((pam_err = pam_end(pamh, pam_err)) != PAM_SUCCESS) \ syslog(LOG_ERR|LOG_AUTH, "pam_end(): %s", pam_strerror(pamh, pam_err)); \ } int keepalive = 1; int log_success; /* If TRUE, log all successful accesses */ int sent_null; int no_delay; void doit(struct sockaddr *); static void rshd_errx(int, const char *, ...) __printf0like(2, 3); void getstr(char *, int, const char *); int local_domain(char *); char *topdomain(char *); void usage(void); char slash[] = "/"; char bshell[] = _PATH_BSHELL; #define OPTIONS "aDLln" int main(int argc, char *argv[]) { extern int __check_rhosts_file; struct linger linger; socklen_t fromlen; int ch, on = 1; struct sockaddr_storage from; - openlog("rshd", LOG_PID | LOG_ODELAY, LOG_DAEMON); + openlog("rshd", LOG_PID, LOG_DAEMON); opterr = 0; while ((ch = getopt(argc, argv, OPTIONS)) != -1) switch (ch) { case 'a': /* ignored for compatibility */ break; case 'l': __check_rhosts_file = 0; break; case 'n': keepalive = 0; break; case 'D': no_delay = 1; break; case 'L': log_success = 1; break; case '?': default: usage(); break; } argc -= optind; argv += optind; fromlen = sizeof (from); if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) { syslog(LOG_ERR, "getpeername: %m"); exit(1); } if (keepalive && setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (char *)&on, sizeof(on)) < 0) syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m"); linger.l_onoff = 1; linger.l_linger = 60; /* XXX */ if (setsockopt(0, SOL_SOCKET, SO_LINGER, (char *)&linger, sizeof (linger)) < 0) syslog(LOG_WARNING, "setsockopt (SO_LINGER): %m"); if (no_delay && setsockopt(0, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on)) < 0) syslog(LOG_WARNING, "setsockopt (TCP_NODELAY): %m"); doit((struct sockaddr *)&from); /* NOTREACHED */ return(0); } extern char **environ; void doit(struct sockaddr *fromp) { extern char *__rcmd_errstr; /* syslog hook from libc/net/rcmd.c. */ struct passwd *pwd; u_short port; fd_set ready, readfrom; int cc, fd, nfd, pv[2], pid, s; int one = 1; const char *cp, *errorstr; char sig, buf[BUFSIZ]; char *cmdbuf, luser[16], ruser[16]; char rhost[2 * MAXHOSTNAMELEN + 1]; char numericname[INET6_ADDRSTRLEN]; int af, srcport; int maxcmdlen; login_cap_t *lc; maxcmdlen = (int)sysconf(_SC_ARG_MAX); if (maxcmdlen <= 0 || (cmdbuf = malloc(maxcmdlen)) == NULL) exit(1); (void) signal(SIGINT, SIG_DFL); (void) signal(SIGQUIT, SIG_DFL); (void) signal(SIGTERM, SIG_DFL); af = fromp->sa_family; srcport = ntohs(*((in_port_t *)&fromp->sa_data)); if (af == AF_INET) { inet_ntop(af, &((struct sockaddr_in *)fromp)->sin_addr, numericname, sizeof numericname); } else if (af == AF_INET6) { inet_ntop(af, &((struct sockaddr_in6 *)fromp)->sin6_addr, numericname, sizeof numericname); } else { syslog(LOG_ERR, "malformed \"from\" address (af %d)", af); exit(1); } #ifdef IP_OPTIONS if (af == AF_INET) { u_char optbuf[BUFSIZ/3]; socklen_t optsize = sizeof(optbuf), ipproto, i; struct protoent *ip; if ((ip = getprotobyname("ip")) != NULL) ipproto = ip->p_proto; else ipproto = IPPROTO_IP; if (!getsockopt(0, ipproto, IP_OPTIONS, optbuf, &optsize) && optsize != 0) { for (i = 0; i < optsize; ) { u_char c = optbuf[i]; if (c == IPOPT_LSRR || c == IPOPT_SSRR) { syslog(LOG_NOTICE, "connection refused from %s with IP option %s", numericname, c == IPOPT_LSRR ? "LSRR" : "SSRR"); exit(1); } if (c == IPOPT_EOL) break; i += (c == IPOPT_NOP) ? 1 : optbuf[i+1]; } } } #endif if (srcport >= IPPORT_RESERVED || srcport < IPPORT_RESERVED/2) { syslog(LOG_NOTICE|LOG_AUTH, "connection from %s on illegal port %u", numericname, srcport); exit(1); } (void) alarm(60); port = 0; s = 0; /* not set or used if port == 0 */ for (;;) { char c; if ((cc = read(STDIN_FILENO, &c, 1)) != 1) { if (cc < 0) syslog(LOG_NOTICE, "read: %m"); shutdown(0, SHUT_RDWR); exit(1); } if (c == 0) break; port = port * 10 + c - '0'; } (void) alarm(0); if (port != 0) { int lport = IPPORT_RESERVED - 1; s = rresvport_af(&lport, af); if (s < 0) { syslog(LOG_ERR, "can't get stderr port: %m"); exit(1); } if (port >= IPPORT_RESERVED || port < IPPORT_RESERVED/2) { syslog(LOG_NOTICE|LOG_AUTH, "2nd socket from %s on unreserved port %u", numericname, port); exit(1); } *((in_port_t *)&fromp->sa_data) = htons(port); if (connect(s, fromp, fromp->sa_len) < 0) { syslog(LOG_INFO, "connect second port %d: %m", port); exit(1); } } errorstr = NULL; realhostname_sa(rhost, sizeof(rhost) - 1, fromp, fromp->sa_len); rhost[sizeof(rhost) - 1] = '\0'; /* XXX truncation! */ (void) alarm(60); getstr(ruser, sizeof(ruser), "ruser"); getstr(luser, sizeof(luser), "luser"); getstr(cmdbuf, maxcmdlen, "command"); (void) alarm(0); pam_err = pam_start("rsh", luser, &pamc, &pamh); if (pam_err != PAM_SUCCESS) { syslog(LOG_ERR|LOG_AUTH, "pam_start(): %s", pam_strerror(pamh, pam_err)); rshd_errx(1, "Login incorrect."); } if ((pam_err = pam_set_item(pamh, PAM_RUSER, ruser)) != PAM_SUCCESS || (pam_err = pam_set_item(pamh, PAM_RHOST, rhost)) != PAM_SUCCESS) { syslog(LOG_ERR|LOG_AUTH, "pam_set_item(): %s", pam_strerror(pamh, pam_err)); rshd_errx(1, "Login incorrect."); } pam_err = pam_authenticate(pamh, 0); if (pam_err == PAM_SUCCESS) { if ((pam_err = pam_get_user(pamh, &cp, NULL)) == PAM_SUCCESS) { strncpy(luser, cp, sizeof(luser)); luser[sizeof(luser) - 1] = '\0'; /* XXX truncation! */ } pam_err = pam_acct_mgmt(pamh, 0); } if (pam_err != PAM_SUCCESS) { syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: permission denied (%s). cmd='%.80s'", ruser, rhost, luser, pam_strerror(pamh, pam_err), cmdbuf); rshd_errx(1, "Login incorrect."); } setpwent(); pwd = getpwnam(luser); if (pwd == NULL) { syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: unknown login. cmd='%.80s'", ruser, rhost, luser, cmdbuf); if (errorstr == NULL) errorstr = "Login incorrect."; rshd_errx(1, errorstr, rhost); } lc = login_getpwclass(pwd); if (pwd->pw_uid) auth_checknologin(lc); if (chdir(pwd->pw_dir) < 0) { if (chdir("/") < 0 || login_getcapbool(lc, "requirehome", !!pwd->pw_uid)) { syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: no home directory. cmd='%.80s'", ruser, rhost, luser, cmdbuf); rshd_errx(0, "No remote home directory."); } pwd->pw_dir = slash; } if (lc != NULL && fromp->sa_family == AF_INET) { /*XXX*/ char remote_ip[MAXHOSTNAMELEN]; strncpy(remote_ip, numericname, sizeof(remote_ip) - 1); remote_ip[sizeof(remote_ip) - 1] = 0; /* XXX truncation! */ if (!auth_hostok(lc, rhost, remote_ip)) { syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: permission denied (%s). cmd='%.80s'", ruser, rhost, luser, __rcmd_errstr, cmdbuf); rshd_errx(1, "Login incorrect."); } if (!auth_timeok(lc, time(NULL))) rshd_errx(1, "Logins not available right now"); } /* * PAM modules might add supplementary groups in * pam_setcred(), so initialize them first. * But we need to open the session as root. */ if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETGROUP) != 0) { syslog(LOG_ERR, "setusercontext: %m"); exit(1); } if ((pam_err = pam_open_session(pamh, 0)) != PAM_SUCCESS) { syslog(LOG_ERR, "pam_open_session: %s", pam_strerror(pamh, pam_err)); } else if ((pam_err = pam_setcred(pamh, PAM_ESTABLISH_CRED)) != PAM_SUCCESS) { syslog(LOG_ERR, "pam_setcred: %s", pam_strerror(pamh, pam_err)); } (void) write(STDERR_FILENO, "\0", 1); sent_null = 1; if (port) { if (pipe(pv) < 0) rshd_errx(1, "Can't make pipe."); pid = fork(); if (pid == -1) rshd_errx(1, "Can't fork; try again."); if (pid) { (void) close(0); (void) close(1); (void) close(2); (void) close(pv[1]); FD_ZERO(&readfrom); FD_SET(s, &readfrom); FD_SET(pv[0], &readfrom); if (pv[0] > s) nfd = pv[0]; else nfd = s; ioctl(pv[0], FIONBIO, (char *)&one); /* should set s nbio! */ nfd++; do { ready = readfrom; if (select(nfd, &ready, (fd_set *)0, (fd_set *)0, (struct timeval *)0) < 0) break; if (FD_ISSET(s, &ready)) { int ret; ret = read(s, &sig, 1); if (ret <= 0) FD_CLR(s, &readfrom); else killpg(pid, sig); } if (FD_ISSET(pv[0], &ready)) { errno = 0; cc = read(pv[0], buf, sizeof(buf)); if (cc <= 0) { shutdown(s, SHUT_RDWR); FD_CLR(pv[0], &readfrom); } else { (void)write(s, buf, cc); } } } while (FD_ISSET(s, &readfrom) || FD_ISSET(pv[0], &readfrom)); PAM_END; exit(0); } (void) close(s); (void) close(pv[0]); dup2(pv[1], 2); close(pv[1]); } else { pid = fork(); if (pid == -1) rshd_errx(1, "Can't fork; try again."); if (pid) { /* Parent. */ while (wait(NULL) > 0 || errno == EINTR) /* nothing */ ; PAM_END; exit(0); } } for (fd = getdtablesize(); fd > 2; fd--) (void) close(fd); if (setsid() == -1) syslog(LOG_ERR, "setsid() failed: %m"); if (setlogin(pwd->pw_name) < 0) syslog(LOG_ERR, "setlogin() failed: %m"); if (*pwd->pw_shell == '\0') pwd->pw_shell = bshell; (void) pam_setenv(pamh, "HOME", pwd->pw_dir, 1); (void) pam_setenv(pamh, "SHELL", pwd->pw_shell, 1); (void) pam_setenv(pamh, "USER", pwd->pw_name, 1); (void) pam_setenv(pamh, "PATH", _PATH_DEFPATH, 1); environ = pam_getenvlist(pamh); (void) pam_end(pamh, pam_err); cp = strrchr(pwd->pw_shell, '/'); if (cp) cp++; else cp = pwd->pw_shell; if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETALL & ~LOGIN_SETGROUP) < 0) { syslog(LOG_ERR, "setusercontext(): %m"); exit(1); } login_close(lc); endpwent(); if (log_success || pwd->pw_uid == 0) { syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: cmd='%.80s'", ruser, rhost, luser, cmdbuf); } execl(pwd->pw_shell, cp, "-c", cmdbuf, (char *)NULL); err(1, "%s", pwd->pw_shell); exit(1); } /* * Report error to client. Note: can't be used until second socket has * connected to client, or older clients will hang waiting for that * connection first. */ static void rshd_errx(int errcode, const char *fmt, ...) { va_list ap; va_start(ap, fmt); if (sent_null == 0) write(STDERR_FILENO, "\1", 1); verrx(errcode, fmt, ap); /* NOTREACHED */ } void getstr(char *buf, int cnt, const char *error) { char c; do { if (read(STDIN_FILENO, &c, 1) != 1) exit(1); *buf++ = c; if (--cnt == 0) rshd_errx(1, "%s too long", error); } while (c != 0); } /* * Check whether host h is in our local domain, * defined as sharing the last two components of the domain part, * or the entire domain part if the local domain has only one component. * If either name is unqualified (contains no '.'), * assume that the host is local, as it will be * interpreted as such. */ int local_domain(char *h) { char localhost[MAXHOSTNAMELEN]; char *p1, *p2; localhost[0] = 0; (void) gethostname(localhost, sizeof(localhost) - 1); localhost[sizeof(localhost) - 1] = '\0'; /* XXX truncation! */ p1 = topdomain(localhost); p2 = topdomain(h); if (p1 == NULL || p2 == NULL || !strcasecmp(p1, p2)) return (1); return (0); } char * topdomain(char *h) { char *p, *maybe = NULL; int dots = 0; for (p = h + strlen(h); p >= h; p--) { if (*p == '.') { if (++dots == 2) return (p); maybe = p; } } return (maybe); } void usage(void) { syslog(LOG_ERR, "usage: rshd [-%s]", OPTIONS); exit(2); } Index: head/sbin/init/init.c =================================================================== --- head/sbin/init/init.c (revision 270110) +++ head/sbin/init/init.c (revision 270111) @@ -1,1725 +1,1725 @@ /*- * Copyright (c) 1991, 1993 * The Regents of the University of California. All rights reserved. * * This code is derived from software contributed to Berkeley by * Donn Seeley at Berkeley Software Design, Inc. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifndef lint static const char copyright[] = "@(#) Copyright (c) 1991, 1993\n\ The Regents of the University of California. All rights reserved.\n"; #endif /* not lint */ #ifndef lint #if 0 static char sccsid[] = "@(#)init.c 8.1 (Berkeley) 7/15/93"; #endif static const char rcsid[] = "$FreeBSD$"; #endif /* not lint */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifdef SECURE #include #endif #ifdef LOGIN_CAP #include #endif #include "pathnames.h" /* * Sleep times; used to prevent thrashing. */ #define GETTY_SPACING 5 /* N secs minimum getty spacing */ #define GETTY_SLEEP 30 /* sleep N secs after spacing problem */ #define GETTY_NSPACE 3 /* max. spacing count to bring reaction */ #define WINDOW_WAIT 3 /* wait N secs after starting window */ #define STALL_TIMEOUT 30 /* wait N secs after warning */ #define DEATH_WATCH 10 /* wait N secs for procs to die */ #define DEATH_SCRIPT 120 /* wait for 2min for /etc/rc.shutdown */ #define RESOURCE_RC "daemon" #define RESOURCE_WINDOW "default" #define RESOURCE_GETTY "default" static void handle(sig_t, ...); static void delset(sigset_t *, ...); static void stall(const char *, ...) __printflike(1, 2); static void warning(const char *, ...) __printflike(1, 2); static void emergency(const char *, ...) __printflike(1, 2); static void disaster(int); static void badsys(int); static int runshutdown(void); static char *strk(char *); /* * We really need a recursive typedef... * The following at least guarantees that the return type of (*state_t)() * is sufficiently wide to hold a function pointer. */ typedef long (*state_func_t)(void); typedef state_func_t (*state_t)(void); static state_func_t single_user(void); static state_func_t runcom(void); static state_func_t read_ttys(void); static state_func_t multi_user(void); static state_func_t clean_ttys(void); static state_func_t catatonia(void); static state_func_t death(void); static state_func_t death_single(void); static state_func_t run_script(const char *); static enum { AUTOBOOT, FASTBOOT } runcom_mode = AUTOBOOT; #define FALSE 0 #define TRUE 1 static int Reboot = FALSE; static int howto = RB_AUTOBOOT; static int devfs; static void transition(state_t); static state_t requested_transition; static state_t current_state = death_single; static void open_console(void); static const char *get_shell(void); static void write_stderr(const char *message); typedef struct init_session { pid_t se_process; /* controlling process */ time_t se_started; /* used to avoid thrashing */ int se_flags; /* status of session */ #define SE_SHUTDOWN 0x1 /* session won't be restarted */ #define SE_PRESENT 0x2 /* session is in /etc/ttys */ int se_nspace; /* spacing count */ char *se_device; /* filename of port */ char *se_getty; /* what to run on that port */ char *se_getty_argv_space; /* pre-parsed argument array space */ char **se_getty_argv; /* pre-parsed argument array */ char *se_window; /* window system (started only once) */ char *se_window_argv_space; /* pre-parsed argument array space */ char **se_window_argv; /* pre-parsed argument array */ char *se_type; /* default terminal type */ struct init_session *se_prev; struct init_session *se_next; } session_t; static void free_session(session_t *); static session_t *new_session(session_t *, struct ttyent *); static session_t *sessions; static char **construct_argv(char *); static void start_window_system(session_t *); static void collect_child(pid_t); static pid_t start_getty(session_t *); static void transition_handler(int); static void alrm_handler(int); static void setsecuritylevel(int); static int getsecuritylevel(void); static int setupargv(session_t *, struct ttyent *); #ifdef LOGIN_CAP static void setprocresources(const char *); #endif static int clang; static int start_session_db(void); static void add_session(session_t *); static void del_session(session_t *); static session_t *find_session(pid_t); static DB *session_db; /* * The mother of all processes. */ int main(int argc, char *argv[]) { state_t initial_transition = runcom; char kenv_value[PATH_MAX]; int c; struct sigaction sa; sigset_t mask; /* Dispose of random users. */ if (getuid() != 0) errx(1, "%s", strerror(EPERM)); /* System V users like to reexec init. */ if (getpid() != 1) { #ifdef COMPAT_SYSV_INIT /* So give them what they want */ if (argc > 1) { if (strlen(argv[1]) == 1) { char runlevel = *argv[1]; int sig; switch (runlevel) { case '0': /* halt + poweroff */ sig = SIGUSR2; break; case '1': /* single-user */ sig = SIGTERM; break; case '6': /* reboot */ sig = SIGINT; break; case 'c': /* block further logins */ sig = SIGTSTP; break; case 'q': /* rescan /etc/ttys */ sig = SIGHUP; break; default: goto invalid; } kill(1, sig); _exit(0); } else invalid: errx(1, "invalid run-level ``%s''", argv[1]); } else #endif errx(1, "already running"); } /* * Note that this does NOT open a file... * Does 'init' deserve its own facility number? */ - openlog("init", LOG_CONS|LOG_ODELAY, LOG_AUTH); + openlog("init", LOG_CONS, LOG_AUTH); /* * Create an initial session. */ if (setsid() < 0) warning("initial setsid() failed: %m"); /* * Establish an initial user so that programs running * single user do not freak out and die (like passwd). */ if (setlogin("root") < 0) warning("setlogin() failed: %m"); /* * This code assumes that we always get arguments through flags, * never through bits set in some random machine register. */ while ((c = getopt(argc, argv, "dsf")) != -1) switch (c) { case 'd': devfs = 1; break; case 's': initial_transition = single_user; break; case 'f': runcom_mode = FASTBOOT; break; default: warning("unrecognized flag '-%c'", c); break; } if (optind != argc) warning("ignoring excess arguments"); /* * We catch or block signals rather than ignore them, * so that they get reset on exec. */ handle(badsys, SIGSYS, 0); handle(disaster, SIGABRT, SIGFPE, SIGILL, SIGSEGV, SIGBUS, SIGXCPU, SIGXFSZ, 0); handle(transition_handler, SIGHUP, SIGINT, SIGTERM, SIGTSTP, SIGUSR1, SIGUSR2, 0); handle(alrm_handler, SIGALRM, 0); sigfillset(&mask); delset(&mask, SIGABRT, SIGFPE, SIGILL, SIGSEGV, SIGBUS, SIGSYS, SIGXCPU, SIGXFSZ, SIGHUP, SIGINT, SIGTERM, SIGTSTP, SIGALRM, SIGUSR1, SIGUSR2, 0); sigprocmask(SIG_SETMASK, &mask, (sigset_t *) 0); sigemptyset(&sa.sa_mask); sa.sa_flags = 0; sa.sa_handler = SIG_IGN; sigaction(SIGTTIN, &sa, (struct sigaction *)0); sigaction(SIGTTOU, &sa, (struct sigaction *)0); /* * Paranoia. */ close(0); close(1); close(2); if (kenv(KENV_GET, "init_script", kenv_value, sizeof(kenv_value)) > 0) { state_func_t next_transition; if ((next_transition = run_script(kenv_value)) != 0) initial_transition = (state_t) next_transition; } if (kenv(KENV_GET, "init_chroot", kenv_value, sizeof(kenv_value)) > 0) { if (chdir(kenv_value) != 0 || chroot(".") != 0) warning("Can't chroot to %s: %m", kenv_value); } /* * Additional check if devfs needs to be mounted: * If "/" and "/dev" have the same device number, * then it hasn't been mounted yet. */ if (!devfs) { struct stat stst; dev_t root_devno; stat("/", &stst); root_devno = stst.st_dev; if (stat("/dev", &stst) != 0) warning("Can't stat /dev: %m"); else if (stst.st_dev == root_devno) devfs++; } if (devfs) { struct iovec iov[4]; char *s; int i; char _fstype[] = "fstype"; char _devfs[] = "devfs"; char _fspath[] = "fspath"; char _path_dev[]= _PATH_DEV; iov[0].iov_base = _fstype; iov[0].iov_len = sizeof(_fstype); iov[1].iov_base = _devfs; iov[1].iov_len = sizeof(_devfs); iov[2].iov_base = _fspath; iov[2].iov_len = sizeof(_fspath); /* * Try to avoid the trailing slash in _PATH_DEV. * Be *very* defensive. */ s = strdup(_PATH_DEV); if (s != NULL) { i = strlen(s); if (i > 0 && s[i - 1] == '/') s[i - 1] = '\0'; iov[3].iov_base = s; iov[3].iov_len = strlen(s) + 1; } else { iov[3].iov_base = _path_dev; iov[3].iov_len = sizeof(_path_dev); } nmount(iov, 4, 0); if (s != NULL) free(s); } /* * Start the state machine. */ transition(initial_transition); /* * Should never reach here. */ return 1; } /* * Associate a function with a signal handler. */ static void handle(sig_t handler, ...) { int sig; struct sigaction sa; sigset_t mask_everything; va_list ap; va_start(ap, handler); sa.sa_handler = handler; sigfillset(&mask_everything); while ((sig = va_arg(ap, int)) != 0) { sa.sa_mask = mask_everything; /* XXX SA_RESTART? */ sa.sa_flags = sig == SIGCHLD ? SA_NOCLDSTOP : 0; sigaction(sig, &sa, (struct sigaction *) 0); } va_end(ap); } /* * Delete a set of signals from a mask. */ static void delset(sigset_t *maskp, ...) { int sig; va_list ap; va_start(ap, maskp); while ((sig = va_arg(ap, int)) != 0) sigdelset(maskp, sig); va_end(ap); } /* * Log a message and sleep for a while (to give someone an opportunity * to read it and to save log or hardcopy output if the problem is chronic). * NB: should send a message to the session logger to avoid blocking. */ static void stall(const char *message, ...) { va_list ap; va_start(ap, message); vsyslog(LOG_ALERT, message, ap); va_end(ap); sleep(STALL_TIMEOUT); } /* * Like stall(), but doesn't sleep. * If cpp had variadic macros, the two functions could be #defines for another. * NB: should send a message to the session logger to avoid blocking. */ static void warning(const char *message, ...) { va_list ap; va_start(ap, message); vsyslog(LOG_ALERT, message, ap); va_end(ap); } /* * Log an emergency message. * NB: should send a message to the session logger to avoid blocking. */ static void emergency(const char *message, ...) { va_list ap; va_start(ap, message); vsyslog(LOG_EMERG, message, ap); va_end(ap); } /* * Catch a SIGSYS signal. * * These may arise if a system does not support sysctl. * We tolerate up to 25 of these, then throw in the towel. */ static void badsys(int sig) { static int badcount = 0; if (badcount++ < 25) return; disaster(sig); } /* * Catch an unexpected signal. */ static void disaster(int sig) { emergency("fatal signal: %s", (unsigned)sig < NSIG ? sys_siglist[sig] : "unknown signal"); sleep(STALL_TIMEOUT); _exit(sig); /* reboot */ } /* * Get the security level of the kernel. */ static int getsecuritylevel(void) { #ifdef KERN_SECURELVL int name[2], curlevel; size_t len; name[0] = CTL_KERN; name[1] = KERN_SECURELVL; len = sizeof curlevel; if (sysctl(name, 2, &curlevel, &len, NULL, 0) == -1) { emergency("cannot get kernel security level: %s", strerror(errno)); return (-1); } return (curlevel); #else return (-1); #endif } /* * Set the security level of the kernel. */ static void setsecuritylevel(int newlevel) { #ifdef KERN_SECURELVL int name[2], curlevel; curlevel = getsecuritylevel(); if (newlevel == curlevel) return; name[0] = CTL_KERN; name[1] = KERN_SECURELVL; if (sysctl(name, 2, NULL, NULL, &newlevel, sizeof newlevel) == -1) { emergency( "cannot change kernel security level from %d to %d: %s", curlevel, newlevel, strerror(errno)); return; } #ifdef SECURE warning("kernel security level changed from %d to %d", curlevel, newlevel); #endif #endif } /* * Change states in the finite state machine. * The initial state is passed as an argument. */ static void transition(state_t s) { current_state = s; for (;;) current_state = (state_t) (*current_state)(); } /* * Start a session and allocate a controlling terminal. * Only called by children of init after forking. */ static void open_console(void) { int fd; /* * Try to open /dev/console. Open the device with O_NONBLOCK to * prevent potential blocking on a carrier. */ revoke(_PATH_CONSOLE); if ((fd = open(_PATH_CONSOLE, O_RDWR | O_NONBLOCK)) != -1) { (void)fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) & ~O_NONBLOCK); if (login_tty(fd) == 0) return; close(fd); } /* No luck. Log output to file if possible. */ if ((fd = open(_PATH_DEVNULL, O_RDWR)) == -1) { stall("cannot open null device."); _exit(1); } if (fd != STDIN_FILENO) { dup2(fd, STDIN_FILENO); close(fd); } fd = open(_PATH_INITLOG, O_WRONLY | O_APPEND | O_CREAT, 0644); if (fd == -1) dup2(STDIN_FILENO, STDOUT_FILENO); else if (fd != STDOUT_FILENO) { dup2(fd, STDOUT_FILENO); close(fd); } dup2(STDOUT_FILENO, STDERR_FILENO); } static const char * get_shell(void) { static char kenv_value[PATH_MAX]; if (kenv(KENV_GET, "init_shell", kenv_value, sizeof(kenv_value)) > 0) return kenv_value; else return _PATH_BSHELL; } static void write_stderr(const char *message) { write(STDERR_FILENO, message, strlen(message)); } /* * Bring the system up single user. */ static state_func_t single_user(void) { pid_t pid, wpid; int status; sigset_t mask; const char *shell; char *argv[2]; #ifdef SECURE struct ttyent *typ; struct passwd *pp; static const char banner[] = "Enter root password, or ^D to go multi-user\n"; char *clear, *password; #endif #ifdef DEBUGSHELL char altshell[128]; #endif if (Reboot) { /* Instead of going single user, let's reboot the machine */ sync(); reboot(howto); _exit(0); } shell = get_shell(); if ((pid = fork()) == 0) { /* * Start the single user session. */ open_console(); #ifdef SECURE /* * Check the root password. * We don't care if the console is 'on' by default; * it's the only tty that can be 'off' and 'secure'. */ typ = getttynam("console"); pp = getpwnam("root"); if (typ && (typ->ty_status & TTY_SECURE) == 0 && pp && *pp->pw_passwd) { write_stderr(banner); for (;;) { clear = getpass("Password:"); if (clear == 0 || *clear == '\0') _exit(0); password = crypt(clear, pp->pw_passwd); bzero(clear, _PASSWORD_LEN); if (password == NULL || strcmp(password, pp->pw_passwd) == 0) break; warning("single-user login failed\n"); } } endttyent(); endpwent(); #endif /* SECURE */ #ifdef DEBUGSHELL { char *cp = altshell; int num; #define SHREQUEST "Enter full pathname of shell or RETURN for " write_stderr(SHREQUEST); write_stderr(shell); write_stderr(": "); while ((num = read(STDIN_FILENO, cp, 1)) != -1 && num != 0 && *cp != '\n' && cp < &altshell[127]) cp++; *cp = '\0'; if (altshell[0] != '\0') shell = altshell; } #endif /* DEBUGSHELL */ /* * Unblock signals. * We catch all the interesting ones, * and those are reset to SIG_DFL on exec. */ sigemptyset(&mask); sigprocmask(SIG_SETMASK, &mask, (sigset_t *) 0); /* * Fire off a shell. * If the default one doesn't work, try the Bourne shell. */ char name[] = "-sh"; argv[0] = name; argv[1] = 0; execv(shell, argv); emergency("can't exec %s for single user: %m", shell); execv(_PATH_BSHELL, argv); emergency("can't exec %s for single user: %m", _PATH_BSHELL); sleep(STALL_TIMEOUT); _exit(1); } if (pid == -1) { /* * We are seriously hosed. Do our best. */ emergency("can't fork single-user shell, trying again"); while (waitpid(-1, (int *) 0, WNOHANG) > 0) continue; return (state_func_t) single_user; } requested_transition = 0; do { if ((wpid = waitpid(-1, &status, WUNTRACED)) != -1) collect_child(wpid); if (wpid == -1) { if (errno == EINTR) continue; warning("wait for single-user shell failed: %m; restarting"); return (state_func_t) single_user; } if (wpid == pid && WIFSTOPPED(status)) { warning("init: shell stopped, restarting\n"); kill(pid, SIGCONT); wpid = -1; } } while (wpid != pid && !requested_transition); if (requested_transition) return (state_func_t) requested_transition; if (!WIFEXITED(status)) { if (WTERMSIG(status) == SIGKILL) { /* * reboot(8) killed shell? */ warning("single user shell terminated."); sleep(STALL_TIMEOUT); _exit(0); } else { warning("single user shell terminated, restarting"); return (state_func_t) single_user; } } runcom_mode = FASTBOOT; return (state_func_t) runcom; } /* * Run the system startup script. */ static state_func_t runcom(void) { state_func_t next_transition; if ((next_transition = run_script(_PATH_RUNCOM)) != 0) return next_transition; runcom_mode = AUTOBOOT; /* the default */ return (state_func_t) read_ttys; } /* * Run a shell script. * Returns 0 on success, otherwise the next transition to enter: * - single_user if fork/execv/waitpid failed, or if the script * terminated with a signal or exit code != 0. * - death_single if a SIGTERM was delivered to init(8). */ static state_func_t run_script(const char *script) { pid_t pid, wpid; int status; char *argv[4]; const char *shell; struct sigaction sa; shell = get_shell(); if ((pid = fork()) == 0) { sigemptyset(&sa.sa_mask); sa.sa_flags = 0; sa.sa_handler = SIG_IGN; sigaction(SIGTSTP, &sa, (struct sigaction *)0); sigaction(SIGHUP, &sa, (struct sigaction *)0); open_console(); char _sh[] = "sh"; char _autoboot[] = "autoboot"; argv[0] = _sh; argv[1] = __DECONST(char *, script); argv[2] = runcom_mode == AUTOBOOT ? _autoboot : 0; argv[3] = 0; sigprocmask(SIG_SETMASK, &sa.sa_mask, (sigset_t *) 0); #ifdef LOGIN_CAP setprocresources(RESOURCE_RC); #endif execv(shell, argv); stall("can't exec %s for %s: %m", shell, script); _exit(1); /* force single user mode */ } if (pid == -1) { emergency("can't fork for %s on %s: %m", shell, script); while (waitpid(-1, (int *) 0, WNOHANG) > 0) continue; sleep(STALL_TIMEOUT); return (state_func_t) single_user; } /* * Copied from single_user(). This is a bit paranoid. */ requested_transition = 0; do { if ((wpid = waitpid(-1, &status, WUNTRACED)) != -1) collect_child(wpid); if (wpid == -1) { if (requested_transition == death_single) return (state_func_t) death_single; if (errno == EINTR) continue; warning("wait for %s on %s failed: %m; going to " "single user mode", shell, script); return (state_func_t) single_user; } if (wpid == pid && WIFSTOPPED(status)) { warning("init: %s on %s stopped, restarting\n", shell, script); kill(pid, SIGCONT); wpid = -1; } } while (wpid != pid); if (WIFSIGNALED(status) && WTERMSIG(status) == SIGTERM && requested_transition == catatonia) { /* /etc/rc executed /sbin/reboot; wait for the end quietly */ sigset_t s; sigfillset(&s); for (;;) sigsuspend(&s); } if (!WIFEXITED(status)) { warning("%s on %s terminated abnormally, going to single " "user mode", shell, script); return (state_func_t) single_user; } if (WEXITSTATUS(status)) return (state_func_t) single_user; return (state_func_t) 0; } /* * Open the session database. * * NB: We could pass in the size here; is it necessary? */ static int start_session_db(void) { if (session_db && (*session_db->close)(session_db)) emergency("session database close: %s", strerror(errno)); if ((session_db = dbopen(NULL, O_RDWR, 0, DB_HASH, NULL)) == 0) { emergency("session database open: %s", strerror(errno)); return (1); } return (0); } /* * Add a new login session. */ static void add_session(session_t *sp) { DBT key; DBT data; key.data = &sp->se_process; key.size = sizeof sp->se_process; data.data = &sp; data.size = sizeof sp; if ((*session_db->put)(session_db, &key, &data, 0)) emergency("insert %d: %s", sp->se_process, strerror(errno)); } /* * Delete an old login session. */ static void del_session(session_t *sp) { DBT key; key.data = &sp->se_process; key.size = sizeof sp->se_process; if ((*session_db->del)(session_db, &key, 0)) emergency("delete %d: %s", sp->se_process, strerror(errno)); } /* * Look up a login session by pid. */ static session_t * find_session(pid_t pid) { DBT key; DBT data; session_t *ret; key.data = &pid; key.size = sizeof pid; if ((*session_db->get)(session_db, &key, &data, 0) != 0) return 0; bcopy(data.data, (char *)&ret, sizeof(ret)); return ret; } /* * Construct an argument vector from a command line. */ static char ** construct_argv(char *command) { int argc = 0; char **argv = (char **) malloc(((strlen(command) + 1) / 2 + 1) * sizeof (char *)); if ((argv[argc++] = strk(command)) == 0) { free(argv); return (NULL); } while ((argv[argc++] = strk((char *) 0)) != NULL) continue; return argv; } /* * Deallocate a session descriptor. */ static void free_session(session_t *sp) { free(sp->se_device); if (sp->se_getty) { free(sp->se_getty); free(sp->se_getty_argv_space); free(sp->se_getty_argv); } if (sp->se_window) { free(sp->se_window); free(sp->se_window_argv_space); free(sp->se_window_argv); } if (sp->se_type) free(sp->se_type); free(sp); } /* * Allocate a new session descriptor. * Mark it SE_PRESENT. */ static session_t * new_session(session_t *sprev, struct ttyent *typ) { session_t *sp; int fd; if ((typ->ty_status & TTY_ON) == 0 || typ->ty_name == 0 || typ->ty_getty == 0) return 0; sp = (session_t *) calloc(1, sizeof (session_t)); sp->se_flags |= SE_PRESENT; sp->se_device = malloc(sizeof(_PATH_DEV) + strlen(typ->ty_name)); sprintf(sp->se_device, "%s%s", _PATH_DEV, typ->ty_name); /* * Attempt to open the device, if we get "device not configured" * then don't add the device to the session list. */ if ((fd = open(sp->se_device, O_RDONLY | O_NONBLOCK, 0)) < 0) { if (errno == ENXIO) { free_session(sp); return (0); } } else close(fd); if (setupargv(sp, typ) == 0) { free_session(sp); return (0); } sp->se_next = 0; if (sprev == 0) { sessions = sp; sp->se_prev = 0; } else { sprev->se_next = sp; sp->se_prev = sprev; } return sp; } /* * Calculate getty and if useful window argv vectors. */ static int setupargv(session_t *sp, struct ttyent *typ) { if (sp->se_getty) { free(sp->se_getty); free(sp->se_getty_argv_space); free(sp->se_getty_argv); } sp->se_getty = malloc(strlen(typ->ty_getty) + strlen(typ->ty_name) + 2); sprintf(sp->se_getty, "%s %s", typ->ty_getty, typ->ty_name); sp->se_getty_argv_space = strdup(sp->se_getty); sp->se_getty_argv = construct_argv(sp->se_getty_argv_space); if (sp->se_getty_argv == 0) { warning("can't parse getty for port %s", sp->se_device); free(sp->se_getty); free(sp->se_getty_argv_space); sp->se_getty = sp->se_getty_argv_space = 0; return (0); } if (sp->se_window) { free(sp->se_window); free(sp->se_window_argv_space); free(sp->se_window_argv); } sp->se_window = sp->se_window_argv_space = 0; sp->se_window_argv = 0; if (typ->ty_window) { sp->se_window = strdup(typ->ty_window); sp->se_window_argv_space = strdup(sp->se_window); sp->se_window_argv = construct_argv(sp->se_window_argv_space); if (sp->se_window_argv == 0) { warning("can't parse window for port %s", sp->se_device); free(sp->se_window_argv_space); free(sp->se_window); sp->se_window = sp->se_window_argv_space = 0; return (0); } } if (sp->se_type) free(sp->se_type); sp->se_type = typ->ty_type ? strdup(typ->ty_type) : 0; return (1); } /* * Walk the list of ttys and create sessions for each active line. */ static state_func_t read_ttys(void) { session_t *sp, *snext; struct ttyent *typ; /* * Destroy any previous session state. * There shouldn't be any, but just in case... */ for (sp = sessions; sp; sp = snext) { snext = sp->se_next; free_session(sp); } sessions = 0; if (start_session_db()) return (state_func_t) single_user; /* * Allocate a session entry for each active port. * Note that sp starts at 0. */ while ((typ = getttyent()) != NULL) if ((snext = new_session(sp, typ)) != NULL) sp = snext; endttyent(); return (state_func_t) multi_user; } /* * Start a window system running. */ static void start_window_system(session_t *sp) { pid_t pid; sigset_t mask; char term[64], *env[2]; int status; if ((pid = fork()) == -1) { emergency("can't fork for window system on port %s: %m", sp->se_device); /* hope that getty fails and we can try again */ return; } if (pid) { waitpid(-1, &status, 0); return; } /* reparent window process to the init to not make a zombie on exit */ if ((pid = fork()) == -1) { emergency("can't fork for window system on port %s: %m", sp->se_device); _exit(1); } if (pid) _exit(0); sigemptyset(&mask); sigprocmask(SIG_SETMASK, &mask, (sigset_t *) 0); if (setsid() < 0) emergency("setsid failed (window) %m"); #ifdef LOGIN_CAP setprocresources(RESOURCE_WINDOW); #endif if (sp->se_type) { /* Don't use malloc after fork */ strcpy(term, "TERM="); strncat(term, sp->se_type, sizeof(term) - 6); env[0] = term; env[1] = 0; } else env[0] = 0; execve(sp->se_window_argv[0], sp->se_window_argv, env); stall("can't exec window system '%s' for port %s: %m", sp->se_window_argv[0], sp->se_device); _exit(1); } /* * Start a login session running. */ static pid_t start_getty(session_t *sp) { pid_t pid; sigset_t mask; time_t current_time = time((time_t *) 0); int too_quick = 0; char term[64], *env[2]; if (current_time >= sp->se_started && current_time - sp->se_started < GETTY_SPACING) { if (++sp->se_nspace > GETTY_NSPACE) { sp->se_nspace = 0; too_quick = 1; } } else sp->se_nspace = 0; /* * fork(), not vfork() -- we can't afford to block. */ if ((pid = fork()) == -1) { emergency("can't fork for getty on port %s: %m", sp->se_device); return -1; } if (pid) return pid; if (too_quick) { warning("getty repeating too quickly on port %s, sleeping %d secs", sp->se_device, GETTY_SLEEP); sleep((unsigned) GETTY_SLEEP); } if (sp->se_window) { start_window_system(sp); sleep(WINDOW_WAIT); } sigemptyset(&mask); sigprocmask(SIG_SETMASK, &mask, (sigset_t *) 0); #ifdef LOGIN_CAP setprocresources(RESOURCE_GETTY); #endif if (sp->se_type) { /* Don't use malloc after fork */ strcpy(term, "TERM="); strncat(term, sp->se_type, sizeof(term) - 6); env[0] = term; env[1] = 0; } else env[0] = 0; execve(sp->se_getty_argv[0], sp->se_getty_argv, env); stall("can't exec getty '%s' for port %s: %m", sp->se_getty_argv[0], sp->se_device); _exit(1); } /* * Collect exit status for a child. * If an exiting login, start a new login running. */ static void collect_child(pid_t pid) { session_t *sp, *sprev, *snext; if (! sessions) return; if (! (sp = find_session(pid))) return; del_session(sp); sp->se_process = 0; if (sp->se_flags & SE_SHUTDOWN) { if ((sprev = sp->se_prev) != NULL) sprev->se_next = sp->se_next; else sessions = sp->se_next; if ((snext = sp->se_next) != NULL) snext->se_prev = sp->se_prev; free_session(sp); return; } if ((pid = start_getty(sp)) == -1) { /* serious trouble */ requested_transition = clean_ttys; return; } sp->se_process = pid; sp->se_started = time((time_t *) 0); add_session(sp); } /* * Catch a signal and request a state transition. */ static void transition_handler(int sig) { switch (sig) { case SIGHUP: if (current_state == read_ttys || current_state == multi_user || current_state == clean_ttys || current_state == catatonia) requested_transition = clean_ttys; break; case SIGUSR2: howto = RB_POWEROFF; case SIGUSR1: howto |= RB_HALT; case SIGINT: Reboot = TRUE; case SIGTERM: if (current_state == read_ttys || current_state == multi_user || current_state == clean_ttys || current_state == catatonia) requested_transition = death; else requested_transition = death_single; break; case SIGTSTP: if (current_state == runcom || current_state == read_ttys || current_state == clean_ttys || current_state == multi_user || current_state == catatonia) requested_transition = catatonia; break; default: requested_transition = 0; break; } } /* * Take the system multiuser. */ static state_func_t multi_user(void) { pid_t pid; session_t *sp; requested_transition = 0; /* * If the administrator has not set the security level to -1 * to indicate that the kernel should not run multiuser in secure * mode, and the run script has not set a higher level of security * than level 1, then put the kernel into secure mode. */ if (getsecuritylevel() == 0) setsecuritylevel(1); for (sp = sessions; sp; sp = sp->se_next) { if (sp->se_process) continue; if ((pid = start_getty(sp)) == -1) { /* serious trouble */ requested_transition = clean_ttys; break; } sp->se_process = pid; sp->se_started = time((time_t *) 0); add_session(sp); } while (!requested_transition) if ((pid = waitpid(-1, (int *) 0, 0)) != -1) collect_child(pid); return (state_func_t) requested_transition; } /* * This is an (n*2)+(n^2) algorithm. We hope it isn't run often... */ static state_func_t clean_ttys(void) { session_t *sp, *sprev; struct ttyent *typ; int devlen; char *old_getty, *old_window, *old_type; /* * mark all sessions for death, (!SE_PRESENT) * as we find or create new ones they'll be marked as keepers, * we'll later nuke all the ones not found in /etc/ttys */ for (sp = sessions; sp != NULL; sp = sp->se_next) sp->se_flags &= ~SE_PRESENT; devlen = sizeof(_PATH_DEV) - 1; while ((typ = getttyent()) != NULL) { for (sprev = 0, sp = sessions; sp; sprev = sp, sp = sp->se_next) if (strcmp(typ->ty_name, sp->se_device + devlen) == 0) break; if (sp) { /* we want this one to live */ sp->se_flags |= SE_PRESENT; if ((typ->ty_status & TTY_ON) == 0 || typ->ty_getty == 0) { sp->se_flags |= SE_SHUTDOWN; kill(sp->se_process, SIGHUP); continue; } sp->se_flags &= ~SE_SHUTDOWN; old_getty = sp->se_getty ? strdup(sp->se_getty) : 0; old_window = sp->se_window ? strdup(sp->se_window) : 0; old_type = sp->se_type ? strdup(sp->se_type) : 0; if (setupargv(sp, typ) == 0) { warning("can't parse getty for port %s", sp->se_device); sp->se_flags |= SE_SHUTDOWN; kill(sp->se_process, SIGHUP); } else if ( !old_getty || (!old_type && sp->se_type) || (old_type && !sp->se_type) || (!old_window && sp->se_window) || (old_window && !sp->se_window) || (strcmp(old_getty, sp->se_getty) != 0) || (old_window && strcmp(old_window, sp->se_window) != 0) || (old_type && strcmp(old_type, sp->se_type) != 0) ) { /* Don't set SE_SHUTDOWN here */ sp->se_nspace = 0; sp->se_started = 0; kill(sp->se_process, SIGHUP); } if (old_getty) free(old_getty); if (old_window) free(old_window); if (old_type) free(old_type); continue; } new_session(sprev, typ); } endttyent(); /* * sweep through and kill all deleted sessions * ones who's /etc/ttys line was deleted (SE_PRESENT unset) */ for (sp = sessions; sp != NULL; sp = sp->se_next) { if ((sp->se_flags & SE_PRESENT) == 0) { sp->se_flags |= SE_SHUTDOWN; kill(sp->se_process, SIGHUP); } } return (state_func_t) multi_user; } /* * Block further logins. */ static state_func_t catatonia(void) { session_t *sp; for (sp = sessions; sp; sp = sp->se_next) sp->se_flags |= SE_SHUTDOWN; return (state_func_t) multi_user; } /* * Note SIGALRM. */ static void alrm_handler(int sig) { (void)sig; clang = 1; } /* * Bring the system down to single user. */ static state_func_t death(void) { session_t *sp; /* * Also revoke the TTY here. Because runshutdown() may reopen * the TTY whose getty we're killing here, there is no guarantee * runshutdown() will perform the initial open() call, causing * the terminal attributes to be misconfigured. */ for (sp = sessions; sp; sp = sp->se_next) { sp->se_flags |= SE_SHUTDOWN; kill(sp->se_process, SIGHUP); revoke(sp->se_device); } /* Try to run the rc.shutdown script within a period of time */ runshutdown(); return (state_func_t) death_single; } /* * Do what is necessary to reinitialize single user mode or reboot * from an incomplete state. */ static state_func_t death_single(void) { int i; pid_t pid; static const int death_sigs[2] = { SIGTERM, SIGKILL }; revoke(_PATH_CONSOLE); for (i = 0; i < 2; ++i) { if (kill(-1, death_sigs[i]) == -1 && errno == ESRCH) return (state_func_t) single_user; clang = 0; alarm(DEATH_WATCH); do if ((pid = waitpid(-1, (int *)0, 0)) != -1) collect_child(pid); while (clang == 0 && errno != ECHILD); if (errno == ECHILD) return (state_func_t) single_user; } warning("some processes would not die; ps axl advised"); return (state_func_t) single_user; } /* * Run the system shutdown script. * * Exit codes: XXX I should document more * -2 shutdown script terminated abnormally * -1 fatal error - can't run script * 0 good. * >0 some error (exit code) */ static int runshutdown(void) { pid_t pid, wpid; int status; int shutdowntimeout; size_t len; char *argv[4]; const char *shell; struct sigaction sa; struct stat sb; /* * rc.shutdown is optional, so to prevent any unnecessary * complaints from the shell we simply don't run it if the * file does not exist. If the stat() here fails for other * reasons, we'll let the shell complain. */ if (stat(_PATH_RUNDOWN, &sb) == -1 && errno == ENOENT) return 0; shell = get_shell(); if ((pid = fork()) == 0) { sigemptyset(&sa.sa_mask); sa.sa_flags = 0; sa.sa_handler = SIG_IGN; sigaction(SIGTSTP, &sa, (struct sigaction *)0); sigaction(SIGHUP, &sa, (struct sigaction *)0); open_console(); char _sh[] = "sh"; char _reboot[] = "reboot"; char _single[] = "single"; char _path_rundown[] = _PATH_RUNDOWN; argv[0] = _sh; argv[1] = _path_rundown; argv[2] = Reboot ? _reboot : _single; argv[3] = 0; sigprocmask(SIG_SETMASK, &sa.sa_mask, (sigset_t *) 0); #ifdef LOGIN_CAP setprocresources(RESOURCE_RC); #endif execv(shell, argv); warning("can't exec %s for %s: %m", shell, _PATH_RUNDOWN); _exit(1); /* force single user mode */ } if (pid == -1) { emergency("can't fork for %s on %s: %m", shell, _PATH_RUNDOWN); while (waitpid(-1, (int *) 0, WNOHANG) > 0) continue; sleep(STALL_TIMEOUT); return -1; } len = sizeof(shutdowntimeout); if (sysctlbyname("kern.init_shutdown_timeout", &shutdowntimeout, &len, NULL, 0) == -1 || shutdowntimeout < 2) shutdowntimeout = DEATH_SCRIPT; alarm(shutdowntimeout); clang = 0; /* * Copied from single_user(). This is a bit paranoid. * Use the same ALRM handler. */ do { if ((wpid = waitpid(-1, &status, WUNTRACED)) != -1) collect_child(wpid); if (clang == 1) { /* we were waiting for the sub-shell */ kill(wpid, SIGTERM); warning("timeout expired for %s on %s: %m; going to " "single user mode", shell, _PATH_RUNDOWN); return -1; } if (wpid == -1) { if (errno == EINTR) continue; warning("wait for %s on %s failed: %m; going to " "single user mode", shell, _PATH_RUNDOWN); return -1; } if (wpid == pid && WIFSTOPPED(status)) { warning("init: %s on %s stopped, restarting\n", shell, _PATH_RUNDOWN); kill(pid, SIGCONT); wpid = -1; } } while (wpid != pid && !clang); /* Turn off the alarm */ alarm(0); if (WIFSIGNALED(status) && WTERMSIG(status) == SIGTERM && requested_transition == catatonia) { /* * /etc/rc.shutdown executed /sbin/reboot; * wait for the end quietly */ sigset_t s; sigfillset(&s); for (;;) sigsuspend(&s); } if (!WIFEXITED(status)) { warning("%s on %s terminated abnormally, going to " "single user mode", shell, _PATH_RUNDOWN); return -2; } if ((status = WEXITSTATUS(status)) != 0) warning("%s returned status %d", _PATH_RUNDOWN, status); return status; } static char * strk(char *p) { static char *t; char *q; int c; if (p) t = p; if (!t) return 0; c = *t; while (c == ' ' || c == '\t' ) c = *++t; if (!c) { t = 0; return 0; } q = t; if (c == '\'') { c = *++t; q = t; while (c && c != '\'') c = *++t; if (!c) /* unterminated string */ q = t = 0; else *t++ = 0; } else { while (c && c != ' ' && c != '\t' ) c = *++t; *t++ = 0; if (!c) t = 0; } return q; } #ifdef LOGIN_CAP static void setprocresources(const char *cname) { login_cap_t *lc; if ((lc = login_getclassbyname(cname, NULL)) != NULL) { setusercontext(lc, (struct passwd*)NULL, 0, LOGIN_SETPRIORITY | LOGIN_SETRESOURCES | LOGIN_SETLOGINCLASS | LOGIN_SETCPUMASK); login_close(lc); } } #endif Index: head/usr.bin/lock/lock.c =================================================================== --- head/usr.bin/lock/lock.c (revision 270110) +++ head/usr.bin/lock/lock.c (revision 270111) @@ -1,292 +1,292 @@ /* * Copyright (c) 1980, 1987, 1993 * The Regents of the University of California. All rights reserved. * * This code is derived from software contributed to Berkeley by * Bob Toxen. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifndef lint static const char copyright[] = "@(#) Copyright (c) 1980, 1987, 1993\n\ The Regents of the University of California. All rights reserved.\n"; #endif /* not lint */ #ifndef lint #if 0 static char sccsid[] = "@(#)lock.c 8.1 (Berkeley) 6/6/93"; #endif #endif /* not lint */ #include __FBSDID("$FreeBSD$"); /* * Lock a terminal up until the given key is entered or the given * interval times out. * * Timeout interval is by default TIMEOUT, it can be changed with * an argument of the form -time where time is in minutes */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #define TIMEOUT 15 static void quit(int); static void bye(int); static void hi(int); static void usage(void); static struct timeval timeout; static struct timeval zerotime; static struct termios tty, ntty; static long nexttime; /* keep the timeout time */ static int no_timeout; /* lock terminal forever */ static int vtyunlock; /* Unlock flag and code. */ /*ARGSUSED*/ int main(int argc, char **argv) { struct passwd *pw; struct itimerval ntimer, otimer; struct tm *timp; time_t timval; int ch, failures, sectimeout, usemine, vtylock; char *ap, *cryptpw, *mypw, *ttynam, *tzn; char hostname[MAXHOSTNAMELEN], s[BUFSIZ], s1[BUFSIZ]; - openlog("lock", LOG_ODELAY, LOG_AUTH); + openlog("lock", 0, LOG_AUTH); sectimeout = TIMEOUT; pw = NULL; mypw = NULL; usemine = 0; no_timeout = 0; vtylock = 0; while ((ch = getopt(argc, argv, "npt:v")) != -1) switch((char)ch) { case 't': if ((sectimeout = atoi(optarg)) <= 0) errx(1, "illegal timeout value"); break; case 'p': usemine = 1; if (!(pw = getpwuid(getuid()))) errx(1, "unknown uid %d", getuid()); mypw = strdup(pw->pw_passwd); break; case 'n': no_timeout = 1; break; case 'v': vtylock = 1; break; case '?': default: usage(); } timeout.tv_sec = sectimeout * 60; /* discard privs */ if (setuid(getuid()) != 0) errx(1, "setuid failed"); if (tcgetattr(0, &tty)) /* get information for header */ exit(1); gethostname(hostname, sizeof(hostname)); if (!(ttynam = ttyname(0))) errx(1, "not a terminal?"); if (strncmp(ttynam, _PATH_DEV, strlen(_PATH_DEV)) == 0) ttynam += strlen(_PATH_DEV); timval = time(NULL); nexttime = timval + (sectimeout * 60); timp = localtime(&timval); ap = asctime(timp); tzn = timp->tm_zone; (void)signal(SIGINT, quit); (void)signal(SIGQUIT, quit); ntty = tty; ntty.c_lflag &= ~ECHO; (void)tcsetattr(0, TCSADRAIN|TCSASOFT, &ntty); if (!mypw) { /* get key and check again */ (void)printf("Key: "); if (!fgets(s, sizeof(s), stdin) || *s == '\n') quit(0); (void)printf("\nAgain: "); /* * Don't need EOF test here, if we get EOF, then s1 != s * and the right things will happen. */ (void)fgets(s1, sizeof(s1), stdin); (void)putchar('\n'); if (strcmp(s1, s)) { (void)printf("\07lock: passwords didn't match.\n"); (void)tcsetattr(0, TCSADRAIN|TCSASOFT, &tty); exit(1); } s[0] = '\0'; mypw = s1; } /* set signal handlers */ (void)signal(SIGINT, hi); (void)signal(SIGQUIT, hi); (void)signal(SIGTSTP, hi); (void)signal(SIGALRM, bye); ntimer.it_interval = zerotime; ntimer.it_value = timeout; if (!no_timeout) setitimer(ITIMER_REAL, &ntimer, &otimer); if (vtylock) { /* * If this failed, we want to err out; warn isn't good * enough, since we don't want the user to think that * everything is nice and locked because they got a * "Key:" prompt. */ if (ioctl(0, VT_LOCKSWITCH, &vtylock) == -1) { (void)tcsetattr(0, TCSADRAIN|TCSASOFT, &tty); err(1, "locking vty"); } vtyunlock = 0x2; } /* header info */ if (pw != NULL) (void)printf("lock: %s using %s on %s.", pw->pw_name, ttynam, hostname); else (void)printf("lock: %s on %s.", ttynam, hostname); if (no_timeout) (void)printf(" no timeout."); else (void)printf(" timeout in %d minute%s.", sectimeout, sectimeout != 1 ? "s" : ""); if (vtylock) (void)printf(" vty locked."); (void)printf("\ntime now is %.20s%s%s", ap, tzn, ap + 19); failures = 0; for (;;) { (void)printf("Key: "); if (!fgets(s, sizeof(s), stdin)) { clearerr(stdin); hi(0); goto tryagain; } if (usemine) { s[strlen(s) - 1] = '\0'; cryptpw = crypt(s, mypw); if (cryptpw == NULL || !strcmp(mypw, cryptpw)) break; } else if (!strcmp(s, s1)) break; (void)printf("\07\n"); failures++; if (getuid() == 0) syslog(LOG_NOTICE, "%d ROOT UNLOCK FAILURE%s (%s on %s)", failures, failures > 1 ? "S": "", ttynam, hostname); tryagain: if (tcgetattr(0, &ntty) && (errno != EINTR)) exit(1); sleep(1); /* to discourage guessing */ } if (getuid() == 0) syslog(LOG_NOTICE, "ROOT UNLOCK ON hostname %s port %s", hostname, ttynam); quit(0); return(0); /* not reached */ } static void usage(void) { (void)fprintf(stderr, "usage: lock [-npv] [-t timeout]\n"); exit(1); } static void hi(int signo __unused) { time_t timval; timval = time(NULL); (void)printf("lock: type in the unlock key. "); if (no_timeout) { (void)putchar('\n'); } else { (void)printf("timeout in %jd:%jd minutes\n", (intmax_t)(nexttime - timval) / 60, (intmax_t)(nexttime - timval) % 60); } } static void quit(int signo __unused) { (void)putchar('\n'); (void)tcsetattr(0, TCSADRAIN|TCSASOFT, &tty); if (vtyunlock) (void)ioctl(0, VT_LOCKSWITCH, &vtyunlock); exit(0); } static void bye(int signo __unused) { if (!no_timeout) { (void)tcsetattr(0, TCSADRAIN|TCSASOFT, &tty); if (vtyunlock) (void)ioctl(0, VT_LOCKSWITCH, &vtyunlock); (void)printf("lock: timeout\n"); exit(1); } } Index: head/usr.bin/login/login.c =================================================================== --- head/usr.bin/login/login.c (revision 270110) +++ head/usr.bin/login/login.c (revision 270111) @@ -1,1034 +1,1034 @@ /*- * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994 * The Regents of the University of California. All rights reserved. * Copyright (c) 2002 Networks Associates Technologies, Inc. * All rights reserved. * * Portions of this software were developed for the FreeBSD Project by * ThinkSec AS and NAI Labs, the Security Research Division of Network * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #if 0 #ifndef lint static char sccsid[] = "@(#)login.c 8.4 (Berkeley) 4/2/94"; #endif #endif #include __FBSDID("$FreeBSD$"); /* * login [ name ] * login -h hostname (for telnetd, etc.) * login -f name (for pre-authenticated login: datakit, xterm, etc.) */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "login.h" #include "pathnames.h" static int auth_pam(void); static void bail(int, int); static void bail_internal(int, int, int); static int export(const char *); static void export_pam_environment(void); static int motd(const char *); static void badlogin(char *); static char *getloginname(void); static void pam_syslog(const char *); static void pam_cleanup(void); static void refused(const char *, const char *, int); static const char *stypeof(char *); static void sigint(int); static void timedout(int); static void bail_sig(int); static void usage(void); #define TTYGRPNAME "tty" /* group to own ttys */ #define DEFAULT_BACKOFF 3 #define DEFAULT_RETRIES 10 #define DEFAULT_PROMPT "login: " #define DEFAULT_PASSWD_PROMPT "Password:" #define TERM_UNKNOWN "su" #define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */ #define NO_SLEEP_EXIT 0 #define SLEEP_EXIT 5 /* * This bounds the time given to login. Not a define so it can * be patched on machines where it's too small. */ static u_int timeout = 300; /* Buffer for signal handling of timeout */ static jmp_buf timeout_buf; struct passwd *pwd; static int failures; static char *envinit[1]; /* empty environment list */ /* * Command line flags and arguments */ static int fflag; /* -f: do not perform authentication */ static int hflag; /* -h: login from remote host */ static char *hostname; /* hostname from command line */ static int pflag; /* -p: preserve environment */ /* * User name */ static char *username; /* user name */ static char *olduser; /* previous user name */ /* * Prompts */ static char default_prompt[] = DEFAULT_PROMPT; static const char *prompt; static char default_passwd_prompt[] = DEFAULT_PASSWD_PROMPT; static const char *passwd_prompt; static char *tty; /* * PAM data */ static pam_handle_t *pamh = NULL; static struct pam_conv pamc = { openpam_ttyconv, NULL }; static int pam_err; static int pam_silent = PAM_SILENT; static int pam_cred_established; static int pam_session_established; int main(int argc, char *argv[]) { struct group *gr; struct stat st; int retries, backoff; int ask, ch, cnt, quietlog, rootlogin, rval; uid_t uid, euid; gid_t egid; char *term; char *p, *ttyn; char tname[sizeof(_PATH_TTY) + 10]; char *arg0; const char *tp; const char *shell = NULL; login_cap_t *lc = NULL; login_cap_t *lc_user = NULL; pid_t pid; sigset_t mask, omask; struct sigaction sa; #ifdef USE_BSM_AUDIT char auditsuccess = 1; #endif sa.sa_flags = SA_RESTART; (void)sigfillset(&sa.sa_mask); sa.sa_handler = SIG_IGN; (void)sigaction(SIGQUIT, &sa, NULL); (void)sigaction(SIGINT, &sa, NULL); (void)sigaction(SIGHUP, &sa, NULL); if (setjmp(timeout_buf)) { if (failures) badlogin(username); (void)fprintf(stderr, "Login timed out after %d seconds\n", timeout); bail(NO_SLEEP_EXIT, 0); } sa.sa_handler = timedout; (void)sigaction(SIGALRM, &sa, NULL); (void)alarm(timeout); (void)setpriority(PRIO_PROCESS, 0, 0); - openlog("login", LOG_ODELAY, LOG_AUTH); + openlog("login", 0, LOG_AUTH); uid = getuid(); euid = geteuid(); egid = getegid(); while ((ch = getopt(argc, argv, "fh:p")) != -1) switch (ch) { case 'f': fflag = 1; break; case 'h': if (uid != 0) errx(1, "-h option: %s", strerror(EPERM)); if (strlen(optarg) >= MAXHOSTNAMELEN) errx(1, "-h option: %s: exceeds maximum " "hostname size", optarg); hflag = 1; hostname = optarg; break; case 'p': pflag = 1; break; case '?': default: if (uid == 0) syslog(LOG_ERR, "invalid flag %c", ch); usage(); } argc -= optind; argv += optind; if (argc > 0) { username = strdup(*argv); if (username == NULL) err(1, "strdup()"); ask = 0; } else { ask = 1; } setproctitle("-%s", getprogname()); closefrom(3); /* * Get current TTY */ ttyn = ttyname(STDIN_FILENO); if (ttyn == NULL || *ttyn == '\0') { (void)snprintf(tname, sizeof(tname), "%s??", _PATH_TTY); ttyn = tname; } if (strncmp(ttyn, _PATH_DEV, sizeof _PATH_DEV - 1) == 0) tty = ttyn + sizeof _PATH_DEV - 1; else tty = ttyn; /* * Get "login-retries" & "login-backoff" from default class */ lc = login_getclass(NULL); prompt = login_getcapstr(lc, "login_prompt", default_prompt, default_prompt); passwd_prompt = login_getcapstr(lc, "passwd_prompt", default_passwd_prompt, default_passwd_prompt); retries = login_getcapnum(lc, "login-retries", DEFAULT_RETRIES, DEFAULT_RETRIES); backoff = login_getcapnum(lc, "login-backoff", DEFAULT_BACKOFF, DEFAULT_BACKOFF); login_close(lc); lc = NULL; /* * Try to authenticate the user until we succeed or time out. */ for (cnt = 0;; ask = 1) { if (ask) { fflag = 0; if (olduser != NULL) free(olduser); olduser = username; username = getloginname(); } rootlogin = 0; /* * Note if trying multiple user names; log failures for * previous user name, but don't bother logging one failure * for nonexistent name (mistyped username). */ if (failures && strcmp(olduser, username) != 0) { if (failures > (pwd ? 0 : 1)) badlogin(olduser); } /* * Load the PAM policy and set some variables */ pam_err = pam_start("login", username, &pamc, &pamh); if (pam_err != PAM_SUCCESS) { pam_syslog("pam_start()"); #ifdef USE_BSM_AUDIT au_login_fail("PAM Error", 1); #endif bail(NO_SLEEP_EXIT, 1); } pam_err = pam_set_item(pamh, PAM_TTY, tty); if (pam_err != PAM_SUCCESS) { pam_syslog("pam_set_item(PAM_TTY)"); #ifdef USE_BSM_AUDIT au_login_fail("PAM Error", 1); #endif bail(NO_SLEEP_EXIT, 1); } pam_err = pam_set_item(pamh, PAM_RHOST, hostname); if (pam_err != PAM_SUCCESS) { pam_syslog("pam_set_item(PAM_RHOST)"); #ifdef USE_BSM_AUDIT au_login_fail("PAM Error", 1); #endif bail(NO_SLEEP_EXIT, 1); } pwd = getpwnam(username); if (pwd != NULL && pwd->pw_uid == 0) rootlogin = 1; /* * If the -f option was specified and the caller is * root or the caller isn't changing their uid, don't * authenticate. */ if (pwd != NULL && fflag && (uid == (uid_t)0 || uid == (uid_t)pwd->pw_uid)) { /* already authenticated */ rval = 0; #ifdef USE_BSM_AUDIT auditsuccess = 0; /* opened a terminal window only */ #endif } else { fflag = 0; (void)setpriority(PRIO_PROCESS, 0, -4); rval = auth_pam(); (void)setpriority(PRIO_PROCESS, 0, 0); } if (pwd && rval == 0) break; pam_cleanup(); /* * We are not exiting here, but this corresponds to a failed * login event, so set exitstatus to 1. */ #ifdef USE_BSM_AUDIT au_login_fail("Login incorrect", 1); #endif (void)printf("Login incorrect\n"); failures++; pwd = NULL; /* * Allow up to 'retry' (10) attempts, but start * backing off after 'backoff' (3) attempts. */ if (++cnt > backoff) { if (cnt >= retries) { badlogin(username); bail(SLEEP_EXIT, 1); } sleep((u_int)((cnt - backoff) * 5)); } } /* committed to login -- turn off timeout */ (void)alarm((u_int)0); (void)sigemptyset(&mask); (void)sigaddset(&mask, SIGHUP); (void)sigaddset(&mask, SIGTERM); (void)sigprocmask(SIG_BLOCK, &mask, &omask); sa.sa_handler = bail_sig; (void)sigaction(SIGHUP, &sa, NULL); (void)sigaction(SIGTERM, &sa, NULL); endpwent(); #ifdef USE_BSM_AUDIT /* Audit successful login. */ if (auditsuccess) au_login_success(); #endif /* * This needs to happen before login_getpwclass to support * home directories on GSS-API authenticated NFS where the * kerberos credentials need to be saved so that the kernel * can authenticate to the NFS server. */ pam_err = pam_setcred(pamh, pam_silent|PAM_ESTABLISH_CRED); if (pam_err != PAM_SUCCESS) { pam_syslog("pam_setcred()"); bail(NO_SLEEP_EXIT, 1); } pam_cred_established = 1; /* * Establish the login class. */ lc = login_getpwclass(pwd); lc_user = login_getuserclass(pwd); if (!(quietlog = login_getcapbool(lc_user, "hushlogin", 0))) quietlog = login_getcapbool(lc, "hushlogin", 0); /* * Switching needed for NFS with root access disabled. * * XXX: This change fails to modify the additional groups for the * process, and as such, may restrict rights normally granted * through those groups. */ (void)setegid(pwd->pw_gid); (void)seteuid(rootlogin ? 0 : pwd->pw_uid); if (!*pwd->pw_dir || chdir(pwd->pw_dir) < 0) { if (login_getcapbool(lc, "requirehome", 0)) refused("Home directory not available", "HOMEDIR", 1); if (chdir("/") < 0) refused("Cannot find root directory", "ROOTDIR", 1); if (!quietlog || *pwd->pw_dir) printf("No home directory.\nLogging in with home = \"/\".\n"); pwd->pw_dir = strdup("/"); if (pwd->pw_dir == NULL) { syslog(LOG_NOTICE, "strdup(): %m"); bail(SLEEP_EXIT, 1); } } (void)seteuid(euid); (void)setegid(egid); if (!quietlog) { quietlog = access(_PATH_HUSHLOGIN, F_OK) == 0; if (!quietlog) pam_silent = 0; } shell = login_getcapstr(lc, "shell", pwd->pw_shell, pwd->pw_shell); if (*pwd->pw_shell == '\0') pwd->pw_shell = strdup(_PATH_BSHELL); if (pwd->pw_shell == NULL) { syslog(LOG_NOTICE, "strdup(): %m"); bail(SLEEP_EXIT, 1); } if (*shell == '\0') /* Not overridden */ shell = pwd->pw_shell; if ((shell = strdup(shell)) == NULL) { syslog(LOG_NOTICE, "strdup(): %m"); bail(SLEEP_EXIT, 1); } /* * Set device protections, depending on what terminal the * user is logged in. This feature is used on Suns to give * console users better privacy. */ login_fbtab(tty, pwd->pw_uid, pwd->pw_gid); /* * Clear flags of the tty. None should be set, and when the * user sets them otherwise, this can cause the chown to fail. * Since it isn't clear that flags are useful on character * devices, we just clear them. * * We don't log in the case of EOPNOTSUPP because dev might be * on NFS, which doesn't support chflags. * * We don't log in the EROFS because that means that /dev is on * a read only file system and we assume that the permissions there * are sane. */ if (ttyn != tname && chflags(ttyn, 0)) if (errno != EOPNOTSUPP && errno != EROFS) syslog(LOG_ERR, "chflags(%s): %m", ttyn); if (ttyn != tname && chown(ttyn, pwd->pw_uid, (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid)) if (errno != EROFS) syslog(LOG_ERR, "chown(%s): %m", ttyn); #ifdef LOGALL /* * Syslog each successful login, so we don't have to watch * hundreds of wtmp or lastlogin files. */ if (hflag) syslog(LOG_INFO, "login from %s on %s as %s", hostname, tty, pwd->pw_name); else syslog(LOG_INFO, "login on %s as %s", tty, pwd->pw_name); #endif /* * If fflag is on, assume caller/authenticator has logged root * login. */ if (rootlogin && fflag == 0) { if (hflag) syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s FROM %s", username, tty, hostname); else syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s", username, tty); } /* * Destroy environment unless user has requested its * preservation - but preserve TERM in all cases */ term = getenv("TERM"); if (!pflag) environ = envinit; if (term != NULL) setenv("TERM", term, 0); /* * PAM modules might add supplementary groups during pam_setcred(). */ if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETGROUP) != 0) { syslog(LOG_ERR, "setusercontext() failed - exiting"); bail(NO_SLEEP_EXIT, 1); } pam_err = pam_setcred(pamh, pam_silent|PAM_REINITIALIZE_CRED); if (pam_err != PAM_SUCCESS) { pam_syslog("pam_setcred()"); bail(NO_SLEEP_EXIT, 1); } pam_err = pam_open_session(pamh, pam_silent); if (pam_err != PAM_SUCCESS) { pam_syslog("pam_open_session()"); bail(NO_SLEEP_EXIT, 1); } pam_session_established = 1; /* * We must fork() before setuid() because we need to call * pam_close_session() as root. */ pid = fork(); if (pid < 0) { err(1, "fork"); } else if (pid != 0) { /* * Parent: wait for child to finish, then clean up * session. * * If we get SIGHUP or SIGTERM, clean up the session * and exit right away. This will make the terminal * inaccessible and send SIGHUP to the foreground * process group. */ int status; setproctitle("-%s [pam]", getprogname()); (void)sigprocmask(SIG_SETMASK, &omask, NULL); waitpid(pid, &status, 0); (void)sigprocmask(SIG_BLOCK, &mask, NULL); bail(NO_SLEEP_EXIT, 0); } /* * NOTICE: We are now in the child process! */ /* * Add any environment variables the PAM modules may have set. */ export_pam_environment(); /* * We're done with PAM now; our parent will deal with the rest. */ pam_end(pamh, 0); pamh = NULL; /* * We don't need to be root anymore, so set the login name and * the UID. */ if (setlogin(username) != 0) { syslog(LOG_ERR, "setlogin(%s): %m - exiting", username); bail(NO_SLEEP_EXIT, 1); } if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETALL & ~(LOGIN_SETLOGIN|LOGIN_SETGROUP)) != 0) { syslog(LOG_ERR, "setusercontext() failed - exiting"); exit(1); } (void)setenv("SHELL", pwd->pw_shell, 1); (void)setenv("HOME", pwd->pw_dir, 1); /* Overwrite "term" from login.conf(5) for any known TERM */ if (term == NULL && (tp = stypeof(tty)) != NULL) (void)setenv("TERM", tp, 1); else (void)setenv("TERM", TERM_UNKNOWN, 0); (void)setenv("LOGNAME", username, 1); (void)setenv("USER", username, 1); (void)setenv("PATH", rootlogin ? _PATH_STDPATH : _PATH_DEFPATH, 0); if (!quietlog) { const char *cw; cw = login_getcapstr(lc, "welcome", NULL, NULL); if (cw != NULL && access(cw, F_OK) == 0) motd(cw); else motd(_PATH_MOTDFILE); if (login_getcapbool(lc_user, "nocheckmail", 0) == 0 && login_getcapbool(lc, "nocheckmail", 0) == 0) { char *cx; /* $MAIL may have been set by class. */ cx = getenv("MAIL"); if (cx == NULL) { asprintf(&cx, "%s/%s", _PATH_MAILDIR, pwd->pw_name); } if (cx && stat(cx, &st) == 0 && st.st_size != 0) (void)printf("You have %smail.\n", (st.st_mtime > st.st_atime) ? "new " : ""); if (getenv("MAIL") == NULL) free(cx); } } login_close(lc_user); login_close(lc); sa.sa_handler = SIG_DFL; (void)sigaction(SIGALRM, &sa, NULL); (void)sigaction(SIGQUIT, &sa, NULL); (void)sigaction(SIGINT, &sa, NULL); (void)sigaction(SIGTERM, &sa, NULL); (void)sigaction(SIGHUP, &sa, NULL); sa.sa_handler = SIG_IGN; (void)sigaction(SIGTSTP, &sa, NULL); (void)sigprocmask(SIG_SETMASK, &omask, NULL); /* * Login shells have a leading '-' in front of argv[0] */ p = strrchr(pwd->pw_shell, '/'); if (asprintf(&arg0, "-%s", p ? p + 1 : pwd->pw_shell) >= MAXPATHLEN) { syslog(LOG_ERR, "user: %s: shell exceeds maximum pathname size", username); errx(1, "shell exceeds maximum pathname size"); } else if (arg0 == NULL) { err(1, "asprintf()"); } execlp(shell, arg0, (char *)0); err(1, "%s", shell); /* * That's it, folks! */ } /* * Attempt to authenticate the user using PAM. Returns 0 if the user is * authenticated, or 1 if not authenticated. If some sort of PAM system * error occurs (e.g., the "/etc/pam.conf" file is missing) then this * function returns -1. This can be used as an indication that we should * fall back to a different authentication mechanism. */ static int auth_pam(void) { const char *tmpl_user; const void *item; int rval; pam_err = pam_authenticate(pamh, pam_silent); switch (pam_err) { case PAM_SUCCESS: /* * With PAM we support the concept of a "template" * user. The user enters a login name which is * authenticated by PAM, usually via a remote service * such as RADIUS or TACACS+. If authentication * succeeds, a different but related "template" name * is used for setting the credentials, shell, and * home directory. The name the user enters need only * exist on the remote authentication server, but the * template name must be present in the local password * database. * * This is supported by two various mechanisms in the * individual modules. However, from the application's * point of view, the template user is always passed * back as a changed value of the PAM_USER item. */ pam_err = pam_get_item(pamh, PAM_USER, &item); if (pam_err == PAM_SUCCESS) { tmpl_user = (const char *)item; if (strcmp(username, tmpl_user) != 0) pwd = getpwnam(tmpl_user); } else { pam_syslog("pam_get_item(PAM_USER)"); } rval = 0; break; case PAM_AUTH_ERR: case PAM_USER_UNKNOWN: case PAM_MAXTRIES: rval = 1; break; default: pam_syslog("pam_authenticate()"); rval = -1; break; } if (rval == 0) { pam_err = pam_acct_mgmt(pamh, pam_silent); switch (pam_err) { case PAM_SUCCESS: break; case PAM_NEW_AUTHTOK_REQD: pam_err = pam_chauthtok(pamh, pam_silent|PAM_CHANGE_EXPIRED_AUTHTOK); if (pam_err != PAM_SUCCESS) { pam_syslog("pam_chauthtok()"); rval = 1; } break; default: pam_syslog("pam_acct_mgmt()"); rval = 1; break; } } if (rval != 0) { pam_end(pamh, pam_err); pamh = NULL; } return (rval); } /* * Export any environment variables PAM modules may have set */ static void export_pam_environment(void) { char **pam_env; char **pp; pam_env = pam_getenvlist(pamh); if (pam_env != NULL) { for (pp = pam_env; *pp != NULL; pp++) { (void)export(*pp); free(*pp); } } } /* * Perform sanity checks on an environment variable: * - Make sure there is an '=' in the string. * - Make sure the string doesn't run on too long. * - Do not export certain variables. This list was taken from the * Solaris pam_putenv(3) man page. * Then export it. */ static int export(const char *s) { static const char *noexport[] = { "SHELL", "HOME", "LOGNAME", "MAIL", "CDPATH", "IFS", "PATH", NULL }; char *p; const char **pp; size_t n; if (strlen(s) > 1024 || (p = strchr(s, '=')) == NULL) return (0); if (strncmp(s, "LD_", 3) == 0) return (0); for (pp = noexport; *pp != NULL; pp++) { n = strlen(*pp); if (s[n] == '=' && strncmp(s, *pp, n) == 0) return (0); } *p = '\0'; (void)setenv(s, p + 1, 1); *p = '='; return (1); } static void usage(void) { (void)fprintf(stderr, "usage: login [-fp] [-h hostname] [username]\n"); exit(1); } /* * Prompt user and read login name from stdin. */ static char * getloginname(void) { char *nbuf, *p; int ch; nbuf = malloc(MAXLOGNAME); if (nbuf == NULL) err(1, "malloc()"); do { (void)printf("%s", prompt); for (p = nbuf; (ch = getchar()) != '\n'; ) { if (ch == EOF) { badlogin(username); bail(NO_SLEEP_EXIT, 0); } if (p < nbuf + MAXLOGNAME - 1) *p++ = ch; } } while (p == nbuf); *p = '\0'; if (nbuf[0] == '-') { pam_silent = 0; memmove(nbuf, nbuf + 1, strlen(nbuf)); } else { pam_silent = PAM_SILENT; } return nbuf; } /* * SIGINT handler for motd(). */ static volatile int motdinterrupt; static void sigint(int signo __unused) { motdinterrupt = 1; } /* * Display the contents of a file (such as /etc/motd). */ static int motd(const char *motdfile) { struct sigaction newint, oldint; FILE *f; int ch; if ((f = fopen(motdfile, "r")) == NULL) return (-1); motdinterrupt = 0; newint.sa_handler = sigint; newint.sa_flags = 0; sigfillset(&newint.sa_mask); sigaction(SIGINT, &newint, &oldint); while ((ch = fgetc(f)) != EOF && !motdinterrupt) putchar(ch); sigaction(SIGINT, &oldint, NULL); if (ch != EOF || ferror(f)) { fclose(f); return (-1); } fclose(f); return (0); } /* * SIGALRM handler, to enforce login prompt timeout. * * XXX This can potentially confuse the hell out of PAM. We should * XXX instead implement a conversation function that returns * XXX PAM_CONV_ERR when interrupted by a signal, and have the signal * XXX handler just set a flag. */ static void timedout(int signo __unused) { longjmp(timeout_buf, signo); } static void badlogin(char *name) { if (failures == 0) return; if (hflag) { syslog(LOG_NOTICE, "%d LOGIN FAILURE%s FROM %s", failures, failures > 1 ? "S" : "", hostname); syslog(LOG_AUTHPRIV|LOG_NOTICE, "%d LOGIN FAILURE%s FROM %s, %s", failures, failures > 1 ? "S" : "", hostname, name); } else { syslog(LOG_NOTICE, "%d LOGIN FAILURE%s ON %s", failures, failures > 1 ? "S" : "", tty); syslog(LOG_AUTHPRIV|LOG_NOTICE, "%d LOGIN FAILURE%s ON %s, %s", failures, failures > 1 ? "S" : "", tty, name); } failures = 0; } const char * stypeof(char *ttyid) { struct ttyent *t; if (ttyid != NULL && *ttyid != '\0') { t = getttynam(ttyid); if (t != NULL && t->ty_type != NULL) return (t->ty_type); } return (NULL); } static void refused(const char *msg, const char *rtype, int lout) { if (msg != NULL) printf("%s.\n", msg); if (hflag) syslog(LOG_NOTICE, "LOGIN %s REFUSED (%s) FROM %s ON TTY %s", pwd->pw_name, rtype, hostname, tty); else syslog(LOG_NOTICE, "LOGIN %s REFUSED (%s) ON TTY %s", pwd->pw_name, rtype, tty); if (lout) bail(SLEEP_EXIT, 1); } /* * Log a PAM error */ static void pam_syslog(const char *msg) { syslog(LOG_ERR, "%s: %s", msg, pam_strerror(pamh, pam_err)); } /* * Shut down PAM */ static void pam_cleanup(void) { if (pamh != NULL) { if (pam_session_established) { pam_err = pam_close_session(pamh, 0); if (pam_err != PAM_SUCCESS) pam_syslog("pam_close_session()"); } pam_session_established = 0; if (pam_cred_established) { pam_err = pam_setcred(pamh, pam_silent|PAM_DELETE_CRED); if (pam_err != PAM_SUCCESS) pam_syslog("pam_setcred()"); } pam_cred_established = 0; pam_end(pamh, pam_err); pamh = NULL; } } static void bail_internal(int sec, int eval, int signo) { struct sigaction sa; pam_cleanup(); #ifdef USE_BSM_AUDIT if (pwd != NULL) audit_logout(); #endif (void)sleep(sec); if (signo == 0) exit(eval); else { sa.sa_handler = SIG_DFL; sa.sa_flags = 0; (void)sigemptyset(&sa.sa_mask); (void)sigaction(signo, &sa, NULL); (void)sigaddset(&sa.sa_mask, signo); (void)sigprocmask(SIG_UNBLOCK, &sa.sa_mask, NULL); raise(signo); exit(128 + signo); } } /* * Exit, optionally after sleeping a few seconds */ static void bail(int sec, int eval) { bail_internal(sec, eval, 0); } /* * Exit because of a signal. * This is not async-signal safe, so only call async-signal safe functions * while the signal is unmasked. */ static void bail_sig(int signo) { bail_internal(NO_SLEEP_EXIT, 0, signo); } Index: head/usr.sbin/timed/timedc/timedc.c =================================================================== --- head/usr.sbin/timed/timedc/timedc.c (revision 270110) +++ head/usr.sbin/timed/timedc/timedc.c (revision 270111) @@ -1,252 +1,252 @@ /*- * Copyright (c) 1985, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifndef lint static const char copyright[] = "@(#) Copyright (c) 1985, 1993\n\ The Regents of the University of California. All rights reserved.\n"; #endif /* not lint */ #ifndef lint #if 0 static char sccsid[] = "@(#)timedc.c 8.1 (Berkeley) 6/6/93"; #endif static const char rcsid[] = "$FreeBSD$"; #endif /* not lint */ #include "timedc.h" #include #include #include #include #include #include #include #include int trace = 0; FILE *fd = 0; int margc; int fromatty; #define MAX_MARGV 20 char *margv[MAX_MARGV]; char cmdline[200]; jmp_buf toplevel; static struct cmd *getcmd(char *); int main(int argc, char *argv[]) { register struct cmd *c; - openlog("timedc", LOG_ODELAY, LOG_AUTH); + openlog("timedc", 0, LOG_AUTH); /* * security dictates! */ if (priv_resources() < 0) errx(1, "could not get privileged resources"); if (setuid(getuid()) != 0) err(1, "setuid()"); if (--argc > 0) { c = getcmd(*++argv); if (c == (struct cmd *)-1) { printf("?Ambiguous command\n"); exit(1); } if (c == 0) { printf("?Invalid command\n"); exit(1); } if (c->c_priv && getuid()) { printf("?Privileged command\n"); exit(1); } (*c->c_handler)(argc, argv); exit(0); } fromatty = isatty(fileno(stdin)); if (setjmp(toplevel)) putchar('\n'); (void) signal(SIGINT, intr); for (;;) { if (fromatty) { printf("timedc> "); (void) fflush(stdout); } if (fgets(cmdline, sizeof(cmdline), stdin) == NULL) quit(); if (cmdline[0] == 0) break; makeargv(); if (margv[0] == 0) continue; c = getcmd(margv[0]); if (c == (struct cmd *)-1) { printf("?Ambiguous command\n"); continue; } if (c == 0) { printf("?Invalid command\n"); continue; } if (c->c_priv && getuid()) { printf("?Privileged command\n"); continue; } (*c->c_handler)(margc, margv); } return 0; } void intr(int signo __unused) { if (!fromatty) exit(0); longjmp(toplevel, 1); } static struct cmd * getcmd(char *name) { register char *p, *q; register struct cmd *c, *found; register int nmatches, longest; extern int NCMDS; longest = 0; nmatches = 0; found = 0; for (c = cmdtab; c < &cmdtab[NCMDS]; c++) { p = c->c_name; for (q = name; *q == *p++; q++) if (*q == 0) /* exact match? */ return(c); if (!*q) { /* the name was a prefix */ if (q - name > longest) { longest = q - name; nmatches = 1; found = c; } else if (q - name == longest) nmatches++; } } if (nmatches > 1) return((struct cmd *)-1); return(found); } /* * Slice a string up into argc/argv. */ void makeargv(void) { register char *cp; register char **argp = margv; margc = 0; for (cp = cmdline; margc < MAX_MARGV - 1 && *cp; ) { while (isspace(*cp)) cp++; if (*cp == '\0') break; *argp++ = cp; margc += 1; while (*cp != '\0' && !isspace(*cp)) cp++; if (*cp == '\0') break; *cp++ = '\0'; } *argp++ = 0; } #define HELPINDENT (sizeof ("directory")) /* * Help command. */ void help(int argc, char *argv[]) { register struct cmd *c; if (argc == 1) { register int i, j, w; int columns, width = 0, lines; extern int NCMDS; printf("Commands may be abbreviated. Commands are:\n\n"); for (c = cmdtab; c < &cmdtab[NCMDS]; c++) { int len = strlen(c->c_name); if (len > width) width = len; } width = (width + 8) &~ 7; columns = 80 / width; if (columns == 0) columns = 1; lines = (NCMDS + columns - 1) / columns; for (i = 0; i < lines; i++) { for (j = 0; j < columns; j++) { c = cmdtab + j * lines + i; printf("%s", c->c_name); if (c + lines >= &cmdtab[NCMDS]) { printf("\n"); break; } w = strlen(c->c_name); while (w < width) { w = (w + 8) &~ 7; putchar('\t'); } } } return; } while (--argc > 0) { register char *arg; arg = *++argv; c = getcmd(arg); if (c == (struct cmd *)-1) printf("?Ambiguous help command %s\n", arg); else if (c == (struct cmd *)0) printf("?Invalid help command %s\n", arg); else printf("%-*s\t%s\n", (int)HELPINDENT, c->c_name, c->c_help); } }